use coq-stdpp

Makefile

@@ -32,9 +32,9 @@ Makefile.coq: _CoqProject Makefile awk.Makefile
 build-dep:
 	build/opam-pins.sh < opam.pins
 	opam upgrade $(YFLAG) # it is not nice that we upgrade *all* packages here, but I found no nice way to upgrade only those that we pinned
-	opam pin add coq-iris "$$(pwd)#HEAD" -k git -n -y
-	opam install coq-iris --deps-only $(YFLAG)
-	opam pin remove coq-iris
+	opam pin add opam-builddep-temp "$$(pwd)#HEAD" -k git -n -y
+	opam install opam-builddep-temp --deps-only $(YFLAG)
+	opam pin remove opam-builddep-temp
 
 # Some files that do *not* need to be forwarded to Makefile.coq
 Makefile: ;

README.md

@@ -8,10 +8,11 @@ This version is known to compile with:
 
  - Coq 8.6
  - Ssreflect 1.6.1
+ - A development version of [std++](https://gitlab.mpi-sws.org/robbertkrebbers/coq-stdpp)
 
-The easiest way to install the correct versions of the dependencies is
-through opam. Coq packages are available on the coq-released repository,
-set up by the command:
+The easiest way to install the correct versions of the dependencies is through
+opam.  Coq packages are available on the coq-released repository, set up by the
+command:
 
     opam repo add coq-released https://coq.inria.fr/opam/released
 
@@ -28,8 +29,6 @@ Run `make` to build the full development.
 
 ## Structure
 
-* The folder [prelude](theories/prelude) contains an extended "Standard Library"
-  by [Robbert Krebbers](http://robbertkrebbers.nl/thesis.html).
 * The folder [algebra](theories/algebra) contains the COFE and CMRA
   constructions as well as the solver for recursive domain equations.
 * The folder [base_logic](theories/base_logic) defines the Iris base logic and

_CoqProject

 -Q theories iris
-theories/prelude/option.v
-theories/prelude/fin_map_dom.v
-theories/prelude/bset.v
-theories/prelude/fin_maps.v
-theories/prelude/vector.v
-theories/prelude/pmap.v
-theories/prelude/stringmap.v
-theories/prelude/fin_collections.v
-theories/prelude/mapset.v
-theories/prelude/proof_irrel.v
-theories/prelude/hashset.v
-theories/prelude/pretty.v
-theories/prelude/countable.v
-theories/prelude/orders.v
-theories/prelude/natmap.v
-theories/prelude/strings.v
-theories/prelude/relations.v
-theories/prelude/collections.v
-theories/prelude/listset.v
-theories/prelude/streams.v
-theories/prelude/gmap.v
-theories/prelude/gmultiset.v
-theories/prelude/base.v
-theories/prelude/tactics.v
-theories/prelude/prelude.v
-theories/prelude/listset_nodup.v
-theories/prelude/finite.v
-theories/prelude/numbers.v
-theories/prelude/nmap.v
-theories/prelude/zmap.v
-theories/prelude/coPset.v
-theories/prelude/lexico.v
-theories/prelude/set.v
-theories/prelude/decidable.v
-theories/prelude/list.v
-theories/prelude/functions.v
-theories/prelude/hlist.v
-theories/prelude/sorting.v
 theories/algebra/cmra.v
 theories/algebra/cmra_big_op.v
 theories/algebra/cmra_tactics.v

opam

@@ -15,4 +15,5 @@ remove: [ "sh" "-c" "rm -rf '%{lib}%/coq/user-contrib/iris'" ]
 depends: [
   "coq" { ((>= "8.5.1" & < "8.7~") | (= "dev"))}
   "coq-mathcomp-ssreflect" { ((>= "1.6.1" & < "1.7~") | (= "dev"))}
+  "coq-stdpp"
 ]

opam.pins

+coq-stdpp https://gitlab.mpi-sws.org/robbertkrebbers/coq-stdpp 2c261344225e46042932f248db87fd1cde04b5cd

theories/algebra/base.v

 From mathcomp Require Export ssreflect.
-From iris.prelude Require Export prelude.
+From stdpp Require Export prelude.
 Set Default Proof Using "Type".
 Global Set Bullet Behavior "Strict Subproofs".
 Global Open Scope general_if_scope.
-Ltac done := prelude.tactics.done.
+Ltac done := stdpp.tactics.done.

theories/algebra/cmra_big_op.v

 From iris.algebra Require Export cmra list.
-From iris.prelude Require Import functions gmap gmultiset.
+From stdpp Require Import functions gmap gmultiset.
 Set Default Proof Using "Type".
 
 (** The operator [ [⋅] Ps ] folds [⋅] over the list [Ps]. This operator is not a

theories/algebra/coPset.v

 From iris.algebra Require Export cmra.
 From iris.algebra Require Import updates local_updates.
-From iris.prelude Require Export collections coPset.
+From stdpp Require Export collections coPset.
 Set Default Proof Using "Type".
 (** This is pretty much the same as algebra/gset, but I was not able to
 generalize the construction without breaking canonical structures. *)

theories/algebra/gmap.v

 From iris.algebra Require Export cmra.
-From iris.prelude Require Export gmap.
+From stdpp Require Export gmap.
 From iris.algebra Require Import updates local_updates.
 From iris.base_logic Require Import base_logic.
 Set Default Proof Using "Type".

theories/algebra/gset.v

 From iris.algebra Require Export cmra.
 From iris.algebra Require Import updates local_updates.
-From iris.prelude Require Export collections gmap mapset.
+From stdpp Require Export collections gmap mapset.
 Set Default Proof Using "Type".
 
 (* The union CMRA *)

theories/algebra/iprod.v

 From iris.algebra Require Export cmra.
 From iris.base_logic Require Import base_logic.
-From iris.prelude Require Import finite.
+From stdpp Require Import finite.
 Set Default Proof Using "Type".
 
 (** * Indexed product *)

theories/algebra/list.v

 From iris.algebra Require Export cmra.
-From iris.prelude Require Export list.
+From stdpp Require Export list.
 From iris.base_logic Require Import base_logic.
 From iris.algebra Require Import updates local_updates.
 Set Default Proof Using "Type".

theories/algebra/sts.v

-From iris.prelude Require Export set.
+From stdpp Require Export set.
 From iris.algebra Require Export cmra.
 From iris.algebra Require Import dra.
 Set Default Proof Using "Type".

theories/algebra/vector.v

-From iris.prelude Require Export vector.
+From stdpp Require Export vector.
 From iris.algebra Require Export ofe.
 From iris.algebra Require Import list.
 Set Default Proof Using "Type".

theories/base_logic/big_op.v

 From iris.algebra Require Export list cmra_big_op.
 From iris.base_logic Require Export base_logic.
-From iris.prelude Require Import gmap fin_collections gmultiset functions.
+From stdpp Require Import gmap fin_collections gmultiset functions.
 Set Default Proof Using "Type".
 Import uPred.
 

theories/base_logic/hlist.v

-From iris.prelude Require Export hlist.
+From stdpp Require Export hlist.
 From iris.base_logic Require Export base_logic.
 Set Default Proof Using "Type".
 Import uPred.

theories/base_logic/lib/fancy_updates.v

 From iris.base_logic.lib Require Export own.
-From iris.prelude Require Export coPset.
+From stdpp Require Export coPset.
 From iris.base_logic.lib Require Import wsat.
 From iris.algebra Require Import gmap.
 From iris.base_logic Require Import big_op.

theories/base_logic/lib/fractional.v

-From iris.prelude Require Import gmap gmultiset.
+From stdpp Require Import gmap gmultiset.
 From iris.base_logic Require Export derived.
 From iris.base_logic Require Import big_op.
 From iris.proofmode Require Import classes class_instances.

theories/base_logic/lib/namespaces.v

-From iris.prelude Require Export countable coPset.
+From stdpp Require Export countable coPset.
 From iris.algebra Require Export base.
 Set Default Proof Using "Type".
 

theories/base_logic/lib/saved_prop.v

 From iris.base_logic Require Export own.
 From iris.algebra Require Import agree.
-From iris.prelude Require Import gmap.
+From stdpp Require Import gmap.
 Set Default Proof Using "Type".
 Import uPred.
 

theories/base_logic/lib/wsat.v

 From iris.base_logic.lib Require Export own.
-From iris.prelude Require Export coPset.
+From stdpp Require Export coPset.
 From iris.algebra Require Import gmap auth agree gset coPset.
 From iris.base_logic Require Import big_op.
 From iris.proofmode Require Import tactics.

theories/base_logic/tactics.v

-From iris.prelude Require Import gmap.
+From stdpp Require Import gmap.
 From iris.base_logic Require Export base_logic big_op.
 Set Default Proof Using "Type".
 Import uPred.

theories/heap_lang/lang.v

 From iris.program_logic Require Export ectx_language ectxi_language.
 From iris.algebra Require Export ofe.
-From iris.prelude Require Export strings.
-From iris.prelude Require Import gmap.
+From stdpp Require Export strings.
+From stdpp Require Import gmap.
 Set Default Proof Using "Type".
 
 Module heap_lang.

theories/heap_lang/lib/barrier/proof.v

 From iris.program_logic Require Export weakestpre.
 From iris.heap_lang Require Export lang.
 From iris.heap_lang.lib.barrier Require Export barrier.
-From iris.prelude Require Import functions.
+From stdpp Require Import functions.
 From iris.base_logic Require Import big_op lib.saved_prop lib.sts.
 From iris.heap_lang Require Import proofmode.
 From iris.heap_lang.lib.barrier Require Import protocol.

theories/heap_lang/lib/barrier/protocol.v

 From iris.algebra Require Export sts.
 From iris.base_logic Require Import lib.own.
-From iris.prelude Require Export gmap.
+From stdpp Require Export gmap.
 Set Default Proof Using "Type".
 
 (** The STS describing the main barrier protocol. Every state has an index-set

theories/heap_lang/lifting.v

@@ -4,7 +4,7 @@ From iris.program_logic Require Import ectx_lifting.
 From iris.heap_lang Require Export lang.
 From iris.heap_lang Require Import tactics.
 From iris.proofmode Require Import tactics.
-From iris.prelude Require Import fin_maps.
+From stdpp Require Import fin_maps.
 Set Default Proof Using "Type".
 Import uPred.
 

theories/prelude/bset.v

-(* Copyright (c) 2012-2017, Robbert Krebbers. *)
-(* This file is distributed under the terms of the BSD license. *)
-(** This file implements bsets as functions into Prop. *)
-From iris.prelude Require Export prelude.
-Set Default Proof Using "Type".
-
-Record bset (A : Type) : Type := mkBSet { bset_car : A → bool }.
-Arguments mkBSet {_} _.
-Arguments bset_car {_} _ _.
-Instance bset_top {A} : Top (bset A) := mkBSet (λ _, true).
-Instance bset_empty {A} : Empty (bset A) := mkBSet (λ _, false).
-Instance bset_singleton `{EqDecision A} : Singleton A (bset A) := λ x,
-  mkBSet (λ y, bool_decide (y = x)).
-Instance bset_elem_of {A} : ElemOf A (bset A) := λ x X, bset_car X x.
-Instance bset_union {A} : Union (bset A) := λ X1 X2,
-  mkBSet (λ x, bset_car X1 x || bset_car X2 x).
-Instance bset_intersection {A} : Intersection (bset A) := λ X1 X2,
-  mkBSet (λ x, bset_car X1 x && bset_car X2 x).
-Instance bset_difference {A} : Difference (bset A) := λ X1 X2,
-  mkBSet (λ x, bset_car X1 x && negb (bset_car X2 x)).
-Instance bset_collection `{EqDecision A} : Collection A (bset A).
-Proof.
-  split; [split| |].
-  - by intros x ?.
-  - by intros x y; rewrite <-(bool_decide_spec (x = y)).
-  - split. apply orb_prop_elim. apply orb_prop_intro.
-  - split. apply andb_prop_elim. apply andb_prop_intro.
-  - intros X Y x; unfold elem_of, bset_elem_of; simpl. 
-    destruct (bset_car X x), (bset_car Y x); simpl; tauto.
-Qed.
-Instance bset_elem_of_dec {A} x (X : bset A) : Decision (x ∈ X) := _.
-
-Typeclasses Opaque bset_elem_of.
-Global Opaque bset_empty bset_singleton bset_union
-  bset_intersection bset_difference.

theories/prelude/coPset.v

-(* Copyright (c) 2012-2017, Robbert Krebbers. *)
-(* This file is distributed under the terms of the BSD license. *)
-(** This files implements the type [coPset] of efficient finite/cofinite sets
-of positive binary naturals [positive]. These sets are:
-
-- Closed under union, intersection and set complement.
-- Closed under splitting of cofinite sets.
-
-Also, they enjoy various nice properties, such as decidable equality and set
-membership, as well as extensional equality (i.e. [X = Y ↔ ∀ x, x ∈ X ↔ x ∈ Y]).
-
-Since [positive]s are bitstrings, we encode [coPset]s as trees that correspond
-to the decision function that map bitstrings to bools. *)
-From iris.prelude Require Export collections.
-From iris.prelude Require Import pmap gmap mapset.
-Set Default Proof Using "Type".
-Local Open Scope positive_scope.
-
-(** * The tree data structure *)
-Inductive coPset_raw :=
-  | coPLeaf : bool → coPset_raw
-  | coPNode : bool → coPset_raw → coPset_raw → coPset_raw.
-Instance coPset_raw_eq_dec : EqDecision coPset_raw.
-Proof. solve_decision. Defined.
-
-Fixpoint coPset_wf (t : coPset_raw) : bool :=
-  match t with
-  | coPLeaf _ => true
-  | coPNode true (coPLeaf true) (coPLeaf true) => false
-  | coPNode false (coPLeaf false) (coPLeaf false) => false
-  | coPNode b l r => coPset_wf l && coPset_wf r
-  end.
-Arguments coPset_wf !_ / : simpl nomatch.
-
-Lemma coPNode_wf_l b l r : coPset_wf (coPNode b l r) → coPset_wf l.
-Proof. destruct b, l as [[]|],r as [[]|]; simpl; rewrite ?andb_True; tauto. Qed.
-Lemma coPNode_wf_r b l r : coPset_wf (coPNode b l r) → coPset_wf r.
-Proof. destruct b, l as [[]|],r as [[]|]; simpl; rewrite ?andb_True; tauto. Qed.
-Local Hint Immediate coPNode_wf_l coPNode_wf_r.
-
-Definition coPNode' (b : bool) (l r : coPset_raw) : coPset_raw :=
-  match b, l, r with
-  | true, coPLeaf true, coPLeaf true => coPLeaf true
-  | false, coPLeaf false, coPLeaf false => coPLeaf false
-  | _, _, _ => coPNode b l r
-  end.
-Arguments coPNode' _ _ _ : simpl never.
-Lemma coPNode_wf b l r : coPset_wf l → coPset_wf r → coPset_wf (coPNode' b l r).
-Proof. destruct b, l as [[]|], r as [[]|]; simpl; auto. Qed.
-Hint Resolve coPNode_wf.
-
-Fixpoint coPset_elem_of_raw (p : positive) (t : coPset_raw) {struct t} : bool :=
-  match t, p with
-  | coPLeaf b, _ => b
-  | coPNode b l r, 1 => b
-  | coPNode _ l _, p~0 => coPset_elem_of_raw p l
-  | coPNode _ _ r, p~1 => coPset_elem_of_raw p r
-  end.
-Local Notation e_of := coPset_elem_of_raw.
-Arguments coPset_elem_of_raw _ !_ / : simpl nomatch.
-Lemma coPset_elem_of_node b l r p :
-  e_of p (coPNode' b l r) = e_of p (coPNode b l r).
-Proof. by destruct p, b, l as [[]|], r as [[]|]. Qed.
-
-Lemma coPLeaf_wf t b : (∀ p, e_of p t = b) → coPset_wf t → t = coPLeaf b.
-Proof.
-  induction t as [b'|b' l IHl r IHr]; intros Ht ?; [f_equal; apply (Ht 1)|].
-  assert (b' = b) by (apply (Ht 1)); subst.
-  assert (l = coPLeaf b) as -> by (apply IHl; try apply (λ p, Ht (p~0)); eauto).
-  assert (r = coPLeaf b) as -> by (apply IHr; try apply (λ p, Ht (p~1)); eauto).
-  by destruct b.
-Qed.
-Lemma coPset_eq t1 t2 :
-  (∀ p, e_of p t1 = e_of p t2) → coPset_wf t1 → coPset_wf t2 → t1 = t2.
-Proof.
-  revert t2.
-  induction t1 as [b1|b1 l1 IHl r1 IHr]; intros [b2|b2 l2 r2] Ht ??; simpl in *.
-  - f_equal; apply (Ht 1).
-  - by discriminate (coPLeaf_wf (coPNode b2 l2 r2) b1).
-  - by discriminate (coPLeaf_wf (coPNode b1 l1 r1) b2).
-  - f_equal; [apply (Ht 1)| |].
-    + apply IHl; try apply (λ x, Ht (x~0)); eauto.
-    + apply IHr; try apply (λ x, Ht (x~1)); eauto.
-Qed.
-
-Fixpoint coPset_singleton_raw (p : positive) : coPset_raw :=
-  match p with
-  | 1 => coPNode true (coPLeaf false) (coPLeaf false)
-  | p~0 => coPNode' false (coPset_singleton_raw p) (coPLeaf false)
-  | p~1 => coPNode' false (coPLeaf false) (coPset_singleton_raw p)
-  end.
-Instance coPset_union_raw : Union coPset_raw :=
-  fix go t1 t2 := let _ : Union _ := @go in
-  match t1, t2 with
-  | coPLeaf false, coPLeaf false => coPLeaf false
-  | _, coPLeaf true => coPLeaf true
-  | coPLeaf true, _ => coPLeaf true
-  | coPNode b l r, coPLeaf false => coPNode b l r
-  | coPLeaf false, coPNode b l r => coPNode b l r
-  | coPNode b1 l1 r1, coPNode b2 l2 r2 => coPNode' (b1||b2) (l1 ∪ l2) (r1 ∪ r2)
-  end.
-Local Arguments union _ _!_ !_ /.
-Instance coPset_intersection_raw : Intersection coPset_raw :=
-  fix go t1 t2 := let _ : Intersection _ := @go in
-  match t1, t2 with
-  | coPLeaf true, coPLeaf true => coPLeaf true
-  | _, coPLeaf false => coPLeaf false
-  | coPLeaf false, _ => coPLeaf false
-  | coPNode b l r, coPLeaf true => coPNode b l r
-  | coPLeaf true, coPNode b l r => coPNode b l r
-  | coPNode b1 l1 r1, coPNode b2 l2 r2 => coPNode' (b1&&b2) (l1 ∩ l2) (r1 ∩ r2)
-  end.
-Local Arguments intersection _ _!_ !_ /.
-Fixpoint coPset_opp_raw (t : coPset_raw) : coPset_raw :=
-  match t with
-  | coPLeaf b => coPLeaf (negb b)
-  | coPNode b l r => coPNode' (negb b) (coPset_opp_raw l) (coPset_opp_raw r)
-  end.
-
-Lemma coPset_singleton_wf p : coPset_wf (coPset_singleton_raw p).
-Proof. induction p; simpl; eauto. Qed.
-Lemma coPset_union_wf t1 t2 : coPset_wf t1 → coPset_wf t2 → coPset_wf (t1 ∪ t2).
-Proof. revert t2; induction t1 as [[]|[]]; intros [[]|[] ??]; simpl; eauto. Qed.
-Lemma coPset_intersection_wf t1 t2 :
-  coPset_wf t1 → coPset_wf t2 → coPset_wf (t1 ∩ t2).
-Proof. revert t2; induction t1 as [[]|[]]; intros [[]|[] ??]; simpl; eauto. Qed.
-Lemma coPset_opp_wf t : coPset_wf (coPset_opp_raw t).
-Proof. induction t as [[]|[]]; simpl; eauto. Qed.
-Lemma elem_to_Pset_singleton p q : e_of p (coPset_singleton_raw q) ↔ p = q.
-Proof.
-  split; [|by intros <-; induction p; simpl; rewrite ?coPset_elem_of_node].
-  by revert q; induction p; intros [?|?|]; simpl;
-    rewrite ?coPset_elem_of_node; intros; f_equal/=; auto.
-Qed.
-Lemma elem_to_Pset_union t1 t2 p : e_of p (t1 ∪ t2) = e_of p t1 || e_of p t2.
-Proof.
-  by revert t2 p; induction t1 as [[]|[]]; intros [[]|[] ??] [?|?|]; simpl;
-    rewrite ?coPset_elem_of_node; simpl;
-    rewrite ?orb_true_l, ?orb_false_l, ?orb_true_r, ?orb_false_r.
-Qed.
-Lemma elem_to_Pset_intersection t1 t2 p :
-  e_of p (t1 ∩ t2) = e_of p t1 && e_of p t2.
-Proof.
-  by revert t2 p; induction t1 as [[]|[]]; intros [[]|[] ??] [?|?|]; simpl;
-    rewrite ?coPset_elem_of_node; simpl;
-    rewrite ?andb_true_l, ?andb_false_l, ?andb_true_r, ?andb_false_r.
-Qed.
-Lemma elem_to_Pset_opp t p : e_of p (coPset_opp_raw t) = negb (e_of p t).
-Proof.
-  by revert p; induction t as [[]|[]]; intros [?|?|]; simpl;
-    rewrite ?coPset_elem_of_node; simpl.
-Qed.
-
-(** * Packed together + set operations *)
-Definition coPset := { t | coPset_wf t }.
-
-Instance coPset_singleton : Singleton positive coPset := λ p,
-  coPset_singleton_raw p ↾ coPset_singleton_wf _.
-Instance coPset_elem_of : ElemOf positive coPset := λ p X, e_of p (`X).
-Instance coPset_empty : Empty coPset := coPLeaf false ↾ I.
-Instance coPset_top : Top coPset := coPLeaf true ↾ I.
-Instance coPset_union : Union coPset := λ X Y,
-  let (t1,Ht1) := X in let (t2,Ht2) := Y in
-  (t1 ∪ t2) ↾ coPset_union_wf _ _ Ht1 Ht2.
-Instance coPset_intersection : Intersection coPset := λ X Y,
-  let (t1,Ht1) := X in let (t2,Ht2) := Y in
-  (t1 ∩ t2) ↾ coPset_intersection_wf _ _ Ht1 Ht2.
-Instance coPset_difference : Difference coPset := λ X Y,
-  let (t1,Ht1) := X in let (t2,Ht2) := Y in
-  (t1 ∩ coPset_opp_raw t2) ↾ coPset_intersection_wf _ _ Ht1 (coPset_opp_wf _).
-
-Instance coPset_collection : Collection positive coPset.
-Proof.
-  split; [split| |].
-  - by intros ??.
-  - intros p q. apply elem_to_Pset_singleton.
-  - intros [t] [t'] p; unfold elem_of, coPset_elem_of, coPset_union; simpl.
-    by rewrite elem_to_Pset_union, orb_True.
-  - intros [t] [t'] p; unfold elem_of,coPset_elem_of,coPset_intersection; simpl.
-    by rewrite elem_to_Pset_intersection, andb_True.
-  - intros [t] [t'] p; unfold elem_of, coPset_elem_of, coPset_difference; simpl.
-    by rewrite elem_to_Pset_intersection,
-      elem_to_Pset_opp, andb_True, negb_True.
-Qed.
-
-Instance coPset_leibniz : LeibnizEquiv coPset.
-Proof.
-  intros X Y; rewrite elem_of_equiv; intros HXY.
-  apply (sig_eq_pi _), coPset_eq; try apply proj2_sig.
-  intros p; apply eq_bool_prop_intro, (HXY p).
-Qed.
-
-Instance coPset_elem_of_dec (p : positive) (X : coPset) : Decision (p ∈ X) := _.
-Instance coPset_equiv_dec (X Y : coPset) : Decision (X ≡ Y).
-Proof. refine (cast_if (decide (X = Y))); abstract (by fold_leibniz). Defined.
-Instance mapset_disjoint_dec (X Y : coPset) : Decision (X ⊥ Y).
-Proof.
- refine (cast_if (decide (X ∩ Y = ∅)));
-  abstract (by rewrite disjoint_intersection_L).
-Defined.
-Instance mapset_subseteq_dec (X Y : coPset) : Decision (X ⊆ Y).
-Proof.
- refine (cast_if (decide (X ∪ Y = Y))); abstract (by rewrite subseteq_union_L).
-Defined.
-
-(** * Top *)
-Lemma coPset_top_subseteq (X : coPset) : X ⊆ ⊤.
-Proof. done. Qed.
-Hint Resolve coPset_top_subseteq.
-
-(** * Finite sets *)
-Fixpoint coPset_finite (t : coPset_raw) : bool :=
-  match t with
-  | coPLeaf b => negb b | coPNode b l r => coPset_finite l && coPset_finite r
-  end.
-Lemma coPset_finite_node b l r :
-  coPset_finite (coPNode' b l r) = coPset_finite l && coPset_finite r.
-Proof. by destruct b, l as [[]|], r as [[]|]. Qed.
-Lemma coPset_finite_spec X : set_finite X ↔ coPset_finite (`X).
-Proof.
-  destruct X as [t Ht].
-  unfold set_finite, elem_of at 1, coPset_elem_of; simpl; clear Ht; split.
-  - induction t as [b|b l IHl r IHr]; simpl.
-    { destruct b; simpl; [intros [l Hl]|done].
-      by apply (is_fresh (of_list l : Pset)), elem_of_of_list, Hl. }
-    intros [ll Hll]; rewrite andb_True; split.
-    + apply IHl; exists (omap (maybe (~0)) ll); intros i.
-      rewrite elem_of_list_omap; intros; exists (i~0); auto.
-    + apply IHr; exists (omap (maybe (~1)) ll); intros i.
-      rewrite elem_of_list_omap; intros; exists (i~1); auto.
-  - induction t as [b|b l IHl r IHr]; simpl; [by exists []; destruct b|].
-    rewrite andb_True; intros [??]; destruct IHl as [ll ?], IHr as [rl ?]; auto.