experiment: index recursor_rules by constructor index

This PR adds and expands `grind` related docstrings.

.gitattributes

@@ -4,3 +4,9 @@ RELEASES.md merge=union
 stage0/** binary linguist-generated
 # The following file is often manually edited, so do show it in diffs
 stage0/src/stdlib_flags.h -binary -linguist-generated
+# These files should not have line endings translated on Windows, because
+# it throws off parser tests. Later lines override earlier ones, so the
+# runner code is still treated as ordinary text.
+tests/lean/docparse/* eol=lf
+tests/lean/docparse/*.lean eol=auto
+tests/lean/docparse/*.sh eol=auto

.github/workflows/actionlint.yml

@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: actionlint
       uses: raven-actions/actionlint@v2
       with:

.github/workflows/build-template.yml

@@ -36,7 +36,7 @@ jobs:
         include: ${{fromJson(inputs.config)}}
       # complete all jobs
       fail-fast: false
-    runs-on: ${{ matrix.os }}
+    runs-on: ${{ endsWith(matrix.os, '-with-cache') && fromJSON(format('["{0}", "nscloud-git-mirror-1gb"]', matrix.os)) || matrix.os }}
     defaults:
       run:
         shell: ${{ matrix.shell || 'nix develop -c bash -euxo pipefail {0}' }}
@@ -69,10 +69,16 @@ jobs:
           brew install ccache tree zstd coreutils gmp libuv
         if: runner.os == 'macOS'
       - name: Checkout
-        uses: actions/checkout@v4
+        if: (!endsWith(matrix.os, '-with-cache'))
+        uses: actions/checkout@v5
         with:
           # the default is to use a virtual merge commit between the PR and master: just use the PR
           ref: ${{ github.event.pull_request.head.sha }}
+      - name: Namespace Checkout
+        if: endsWith(matrix.os, '-with-cache')
+        uses: namespacelabs/nscloud-checkout-action@v7
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
       - name: Open Nix shell once
         run: true
         if: runner.os == 'Linux'
@@ -104,7 +110,7 @@ jobs:
           # NOTE: must be in sync with `save` below and with `restore-cache` in `update-stage0.yml`
           path: |
             .ccache
-            ${{ matrix.name == 'Linux Lake (cached)' && 'build/stage1/**/*.trace
+            ${{ matrix.name == 'Linux Lake' && 'build/stage1/**/*.trace
             build/stage1/**/*.olean*
             build/stage1/**/*.ilean
             build/stage1/**/*.ir
@@ -166,6 +172,24 @@ jobs:
           # contortion to support empty OPTIONS with old macOS bash
           cmake .. --preset ${{ matrix.CMAKE_PRESET || 'release' }} -B . ${{ matrix.CMAKE_OPTIONS }} ${OPTIONS[@]+"${OPTIONS[@]}"} -DLEAN_INSTALL_PREFIX=$PWD/..
           time make $TARGET_STAGE -j$NPROC
+      # Should be done as early as possible and in particular *before* "Check rebootstrap" which
+      # changes the state of stage1/
+      - name: Save Cache
+        # Caching on cancellation created some mysterious issues perhaps related to improper build
+        # shutdown
+        if: steps.restore-cache.outputs.cache-hit != 'true' && !cancelled()
+        uses: actions/cache/save@v4
+        with:
+          # NOTE: must be in sync with `restore` above
+          path: |
+            .ccache
+            ${{ matrix.name == 'Linux Lake' && 'build/stage1/**/*.trace
+            build/stage1/**/*.olean*
+            build/stage1/**/*.ilean
+            build/stage1/**/*.ir
+            build/stage1/**/*.c
+            build/stage1/**/*.c.o*' || '' }}
+          key: ${{ steps.restore-cache.outputs.cache-primary-key }}
       - name: Install
         run: |
           make -C build/$TARGET_STAGE install
@@ -199,13 +223,13 @@ jobs:
           path: pack/*
       - name: Lean stats
         run: |
-          build/stage1/bin/lean --stats src/Lean.lean -Dexperimental.module=true
+          build/$TARGET_STAGE/bin/lean --stats src/Lean.lean -Dexperimental.module=true
         if: ${{ !matrix.cross }}
       - name: Test
         id: test
         run: |
           ulimit -c unlimited  # coredumps
-          time ctest --preset ${{ matrix.CMAKE_PRESET || 'release' }} --test-dir build/$TARGET_STAGE -j$NPROC --output-junit test-results.xml
+          time ctest --preset ${{ matrix.CMAKE_PRESET || 'release' }} --test-dir build/$TARGET_STAGE -j$NPROC --output-junit test-results.xml ${{ matrix.CTEST_OPTIONS }}
         if: (matrix.wasm || !matrix.cross) && (inputs.check-level >= 1 || matrix.test)
       - name: Test Summary
         uses: test-summary/action@v2
@@ -253,22 +277,3 @@ jobs:
             progbin="$(file $c | sed "s/.*execfn: '\([^']*\)'.*/\1/")"
             echo bt | $GDB/bin/gdb -q $progbin $c || true
           done
-      - name: Save Cache
-        if: always() && steps.restore-cache.outputs.cache-hit != 'true'
-        uses: actions/cache/save@v4
-        with:
-          # NOTE: must be in sync with `restore` above
-          path: |
-            .ccache
-            ${{ matrix.name == 'Linux Lake (cached)' && 'build/stage1/**/*.trace
-            build/stage1/**/*.olean*
-            build/stage1/**/*.ilean
-            build/stage1/**/*.ir
-            build/stage1/**/*.c
-            build/stage1/**/*.c.o*' || '' }}
-          key: ${{ steps.restore-cache.outputs.cache-primary-key }}
-      - name: Upload Build Artifact
-        if: always() && matrix.name == 'Linux Lake (cached)'
-        uses: actions/upload-artifact@v4
-        with:
-          path: build

.github/workflows/check-prelude.yml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           # the default is to use a virtual merge commit between the PR and master: just use the PR
           ref: ${{ github.event.pull_request.head.sha }}

.github/workflows/check-stage0.yml

@@ -8,7 +8,7 @@ jobs:
   check-stage0-on-queue:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
       with:
         ref: ${{ github.event.pull_request.head.sha }}
         filter: blob:none

.github/workflows/ci.yml

@@ -54,7 +54,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         # don't schedule nightlies on forks
         if: github.event_name == 'schedule' && github.repository == 'leanprover/lean4' || inputs.action == 'release nightly'
       - name: Set Nightly
@@ -181,24 +181,18 @@ jobs:
                 "prepare-llvm": "../script/prepare-llvm-linux.sh lean-llvm*",
                 "binary-check": "ldd -v",
                 // foreign code may be linked against more recent glibc
-                "CTEST_OPTIONS": "-E 'foreign'"
+                "CTEST_OPTIONS": "-E 'foreign'",
               },
               {
                 "name": "Linux Lake",
-                "os": large ? "nscloud-ubuntu-22.04-amd64-8x16" : "ubuntu-latest",
+                "os": large ? "nscloud-ubuntu-22.04-amd64-8x16-with-cache" : "ubuntu-latest",
                 "check-level": 0,
                 "test": true,
                 "check-rebootstrap": level >= 1,
                 "check-stage3": level >= 2,
                 // NOTE: `test-speedcenter` currently seems to be broken on `ubuntu-latest`
                 "test-speedcenter": large && level >= 2,
-                "CMAKE_OPTIONS": "-DUSE_LAKE=ON",
-              },
-              {
-                "name": "Linux Lake (cached)",
-                "os": "ubuntu-latest",
-                "check-level": (isPr || isPushToMaster) ? 0 : 2,
-                "secondary": true,
+                // made explicit until it can be assumed to have propagated to PRs
                 "CMAKE_OPTIONS": "-DUSE_LAKE=ON",
               },
               {
@@ -206,8 +200,6 @@ jobs:
                 "os": "ubuntu-latest",
                 "check-level": 2,
                 "CMAKE_PRESET": "reldebug",
-                // exclude seriously slow/stackoverflowing tests
-                "CTEST_OPTIONS": "-E 'interactivetest|leanpkgtest|laketest|benchtest|bv_bitblast_stress|3807'"
               },
               // TODO: suddenly started failing in CI
               /*{
@@ -228,7 +220,8 @@ jobs:
                 "llvm-url": "https://github.com/leanprover/lean-llvm/releases/download/19.1.2/lean-llvm-x86_64-apple-darwin.tar.zst",
                 "prepare-llvm": "../script/prepare-llvm-macos.sh lean-llvm*",
                 "binary-check": "otool -L",
-                "tar": "gtar" // https://github.com/actions/runner-images/issues/2619
+                "tar": "gtar", // https://github.com/actions/runner-images/issues/2619
+                "CTEST_OPTIONS": "-E 'leanlaketest_hello'", // started failing from unpack
               },
               {
                 "name": "macOS aarch64",
@@ -252,11 +245,9 @@ jobs:
                 "check-level": 2,
                 "shell": "msys2 {0}",
                 "CMAKE_OPTIONS": "-G \"Unix Makefiles\"",
-                // for reasons unknown, interactivetests are flaky on Windows
-                "CTEST_OPTIONS": "--repeat until-pass:2",
                 "llvm-url": "https://github.com/leanprover/lean-llvm/releases/download/19.1.2/lean-llvm-x86_64-w64-windows-gnu.tar.zst",
                 "prepare-llvm": "../script/prepare-llvm-mingw.sh lean-llvm*",
-                "binary-check": "ldd"
+                "binary-check": "ldd",
               },
               {
                 "name": "Linux aarch64",
@@ -266,7 +257,7 @@ jobs:
                 "check-level": 2,
                 "shell": "nix develop .#oldGlibcAArch -c bash -euxo pipefail {0}",
                 "llvm-url": "https://github.com/leanprover/lean-llvm/releases/download/19.1.2/lean-llvm-aarch64-linux-gnu.tar.zst",
-                "prepare-llvm": "../script/prepare-llvm-linux.sh lean-llvm*"
+                "prepare-llvm": "../script/prepare-llvm-linux.sh lean-llvm*",
               },
               // Started running out of memory building expensive modules, a 2GB heap is just not that much even before fragmentation
               //{
@@ -295,6 +286,12 @@ jobs:
               //   "CTEST_OPTIONS": "-R \"leantest_1007\\.lean|leantest_Format\\.lean|leanruntest\\_1037.lean|leanruntest_ac_rfl\\.lean|leanruntest_tempfile.lean\\.|leanruntest_libuv\\.lean\""
               // }
             ];
+            for (const job of matrix) {
+              if (job["prepare-llvm"]) {
+                // `USE_LAKE` is not compatible with `prepare-llvm` currently
+                job["CMAKE_OPTIONS"] = (job["CMAKE_OPTIONS"] ? job["CMAKE_OPTIONS"] + " " : "") + "-DUSE_LAKE=OFF";
+              }
+            }
             console.log(`matrix:\n${JSON.stringify(matrix, null, 2)}`);
             matrix = matrix.filter((job) => level >= job["check-level"]);
             core.setOutput('matrix', matrix.filter((job) => !job["secondary"]));
@@ -366,7 +363,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: build
     steps:
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v5
         with:
           path: artifacts
       - name: Release
@@ -391,12 +388,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           # needed for tagging
           fetch-depth: 0
           token: ${{ secrets.PUSH_NIGHTLY_TOKEN }}
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v5
         with:
           path: artifacts
       - name: Prepare Nightly Release

.github/workflows/copyright-header.yml

@@ -6,7 +6,7 @@ jobs:
   check-lean-files:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
 
     - name: Verify .lean files start with a copyright header.
       run: |

.github/workflows/pr-release.yml

@@ -395,7 +395,7 @@ jobs:
       # Checkout the Batteries repository with all branches
       - name: Checkout Batteries repository
         if: steps.workflow-info.outputs.pullRequestNumber != '' && steps.ready.outputs.mathlib_ready == 'true'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           repository: leanprover-community/batteries
           token: ${{ secrets.MATHLIB4_BOT }}
@@ -454,7 +454,7 @@ jobs:
       # Checkout the mathlib4 repository with all branches
       - name: Checkout mathlib4 repository
         if: steps.workflow-info.outputs.pullRequestNumber != '' && steps.ready.outputs.mathlib_ready == 'true'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           repository: leanprover-community/mathlib4-nightly-testing
           token: ${{ secrets.MATHLIB4_BOT }}
@@ -524,7 +524,7 @@ jobs:
       # Checkout the reference manual repository with all branches
       - name: Checkout mathlib4 repository
         if: steps.workflow-info.outputs.pullRequestNumber != '' && steps.reference-manual-ready.outputs.manual_ready == 'true'
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           repository: leanprover/reference-manual
           token: ${{ secrets.MANUAL_PR_BOT }}

.github/workflows/update-stage0.yml

@@ -19,11 +19,15 @@ concurrency:
 jobs:
   update-stage0:
     runs-on: nscloud-ubuntu-22.04-amd64-8x16
+    env:
+      CCACHE_DIR: ${{ github.workspace }}/.ccache
+      CCACHE_COMPRESS: true
+      CCACHE_MAXSIZE: 400M
     steps:
     # This action should push to an otherwise protected branch, so it
     # uses a deploy key with write permissions, as suggested at
     # https://stackoverflow.com/a/76135647/946226
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
       with:
         ssh-key: ${{secrets.STAGE0_SSH_KEY}}
     - run: echo "should_update_stage0=yes" >> "$GITHUB_ENV"
@@ -57,18 +61,27 @@ jobs:
       uses: actions/cache/restore@v4
       with:
         # NOTE: must be in sync with `restore-cache` in `build-template.yml`
-        # TODO: actually switch to USE_LAKE once it caches more; for now it just caches more often than any other build type so let's use its cache
         path: |
           .ccache
+          build/stage1/**/*.trace
+          build/stage1/**/*.olean*
+          build/stage1/**/*.ilean
+          build/stage1/**/*.ir
+          build/stage1/**/*.c
+          build/stage1/**/*.c.o*
         key: Linux Lake-build-v3-${{ github.sha }}
         # fall back to (latest) previous cache
         restore-keys: |
           Linux Lake-build-v3
     - if: env.should_update_stage0 == 'yes'
-      run: cmake --preset release
+      # sync options with `Linux Lake` to ensure cache reuse
+      run: |
+        mkdir -p build
+        cmake --preset release -B build -DLEAN_EXTRA_MAKE_OPTS=-DwarningAsError=true
       shell: 'nix develop -c bash -euxo pipefail {0}'
     - if: env.should_update_stage0 == 'yes'
-      run: make -j$NPROC -C build/release  update-stage0-commit
+      run: |
+        make -j$NPROC -C build update-stage0-commit
       shell: 'nix develop -c bash -euxo pipefail {0}'
     - if: env.should_update_stage0 == 'yes'
       run: git show --stat

CMakeLists.txt

@@ -147,6 +147,10 @@ add_custom_target(test
   COMMAND $(MAKE) -C stage1 test
   DEPENDS stage1)
 
+add_custom_target(clean-stdlib
+  COMMAND $(MAKE) -C stage1 clean-stdlib
+  DEPENDS stage1)
+
 install(CODE "execute_process(COMMAND make -C stage1 install)")
 
 add_custom_target(check-stage3

README.md

@@ -2,19 +2,19 @@ This is the repository for **Lean 4**.
 
 # About
 
-- [Quickstart](https://lean-lang.org/documentation/setup/)
+- [Quickstart](https://lean-lang.org/install/)
 - [Homepage](https://lean-lang.org)
 - [Theorem Proving Tutorial](https://lean-lang.org/theorem_proving_in_lean4/)
 - [Functional Programming in Lean](https://lean-lang.org/functional_programming_in_lean/)
-- [Documentation Overview](https://lean-lang.org/documentation/)
+- [Documentation Overview](https://lean-lang.org/learn/)
 - [Language Reference](https://lean-lang.org/doc/reference/latest/)
 - [Release notes](RELEASES.md) starting at v4.0.0-m3
-- [Examples](https://lean-lang.org/documentation/examples/)
+- [Examples](https://lean-lang.org/examples/)
 - [External Contribution Guidelines](CONTRIBUTING.md)
 
 # Installation
 
-See [Setting Up Lean](https://lean-lang.org/documentation/setup/).
+See [Install Lean](https://lean-lang.org/install/).
 
 # Contributing
 

doc/dev/bootstrap.md

@@ -1,6 +1,6 @@
 # Lean Build Bootstrapping
 
-Since version 4, Lean is a partially bootstrapped program: most parts of the
+Lean is a bootstrapped program: the
 frontend and compiler are written in Lean itself and thus need to be built before
 building Lean itself - which is needed to again build those parts. This cycle is
 broken by using pre-built C files checked into the repository (which ultimately
@@ -73,6 +73,11 @@ update the archived C source code of the stage 0 compiler in `stage0/src`.
 The github repository will automatically update stage0 on `master` once
 `src/stdlib_flags.h` and `stage0/src/stdlib_flags.h` are out of sync.
 
+NOTE: A full rebuild of stage 1 will only be triggered when the *committed* contents of `stage0/` are changed.
+Thus if you change files in it manually instead of through `update-stage0-commit` (see below) or fetching updates from git, you either need to commit those changes first or run `make -C build/release clean-stdlib`.
+The same is true for further stages except that a rebuild of them is retriggered on any committed change, not just to a specific directory.
+Thus when debugging e.g. stage 2 failures, you can resume the build from these failures on but may want to explicitly call `clean-stdlib` to either observe changes from `.olean` files of modules that built successfully or to check that you did not break modules that built successfully at some prior point.
+
 If you have write access to the lean4 repository, you can also manually
 trigger that process, for example to be able to use new features in the compiler itself.
 You can do that on <https://github.com/leanprover/lean4/actions/workflows/update-stage0.yml>
@@ -82,13 +87,13 @@ gh workflow run update-stage0.yml
 ```
 
 Leaving stage0 updates to the CI automation is preferable, but should you need
-to do it locally, you can use `make update-stage0-commit` in `build/release` to
-update `stage0` from `stage1` or `make -C stageN update-stage0-commit` to
+to do it locally, you can use `make -C build/release update-stage0-commit` to
+update `stage0` from `stage1` or `make -C build/release/stageN update-stage0-commit` to
 update from another stage. This command will automatically stage the updated files
-and introduce a commit,so make sure to commit your work before that.
+and introduce a commit, so make sure to commit your work before that.
 
 If you rebased the branch (either onto a newer version of `master`, or fixing
-up some commits prior to the stage0 update, recreate the stage0 update commits.
+up some commits prior to the stage0 update), recreate the stage0 update commits.
 The script `script/rebase-stage0.sh` can be used for that.
 
 The CI should prevent PRs with changes to stage0 (besides `stdlib_flags.h`)

doc/dev/index.md

@@ -8,8 +8,8 @@ You should not edit the `stage0` directory except using the commands described i
 
 ## Development Setup
 
-You can use any of the [supported editors](../setup.md) for editing the Lean source code.
-If you set up `elan` as below, opening `src/` as a *workspace folder* should ensure that stage 0 (i.e. the stage that first compiles `src/`) will be used for files in that directory.
+You can use any of the [supported editors](https://lean-lang.org/install/manual/) for editing the Lean source code.
+Please see below for specific instructions for VS Code.
 
 ### Dev setup using elan
 
@@ -68,6 +68,10 @@ code lean.code-workspace
 ```
 on the command line.
 
+You can use the `Refresh File Dependencies` command as in other projects to rebuild modules from inside VS Code but be aware that this does not trigger any non-Lake build targets.
+In particular, after updating `stage0/` (or fetching an update to it), you will want to invoke `make` directly to rebuild `stage0/bin/lean` as described in [building Lean](../make/index.md).
+You should then run the `Restart Server` command to update all open files and the server watchdog process as well.
+
 ### `ccache`
 
 Lean's build process uses [`ccache`](https://ccache.dev/) if it is
@@ -95,3 +99,19 @@ on to `nightly-with-manual` branch. (It is fine to force push after rebasing.)
 CI will generate a branch of the reference manual called `lean-pr-testing-NNNN`
 in `leanprover/reference-manual`. This branch uses the toolchain for your PR,
 and will report back to the Lean PR with results from Mathlib CI.
+
+### Avoiding rebuilds for downstream projects
+
+If you want to test changes to Lean on downstream projects and would like to avoid rebuilding modules you have already built/fetched using the project's configured Lean toolchain, you can often do so as long as your build of Lean is close enough to that Lean toolchain (compatible .olean format including structure of all relevant environment extensions).
+
+To override the toolchain without rebuilding for a single command, for example `lake build` or `lake lean`, you can use the prefix
+```
+LEAN_GITHASH=$(lean --githash) lake +lean4 ...
+```
+Alternatively, use
+```
+export LEAN_GITHASH=$(lean --githash)
+export ELAN_TOOLCHAIN=lean4
+```
+to persist these changes for the lifetime of the current shell, which will affect any processes spawned from it such as VS Code started via `code .`.
+If you use a setup where you cannot directly start your editor from the command line, such as VS Code Remote, you might want to consider using [direnv](https://direnv.net/) together with an editor extension for it instead so that you can put the lines above into `.envrc`.

doc/examples/bintree.lean

@@ -282,7 +282,7 @@ theorem BinTree.find_insert_of_ne (b : BinTree β) (ne : k ≠ k') (v : β)
   let ⟨t, h⟩ := b; simp
   induction t with simp
   | leaf =>
-    intros le
+    intro le
     exact Nat.lt_of_le_of_ne le ne
   | node left key value right ihl ihr =>
     let .node hl hr bl br := h

doc/make/index.md

@@ -1,6 +1,6 @@
 These are instructions to set up a working development environment for those who wish to make changes to Lean itself. It is part of the [Development Guide](../dev/index.md).
 
-We strongly suggest that new users instead follow the [Quickstart](../quickstart.md) to get started using Lean, since this sets up an environment that can automatically manage multiple Lean toolchain versions, which is necessary when working within the Lean ecosystem.
+We strongly suggest that new users instead follow the [Installation Instructions](https://lean-lang.org/install/) to get started using Lean, since this sets up an environment that can automatically manage multiple Lean toolchain versions, which is necessary when working within the Lean ecosystem.
 
 Requirements
 ------------
@@ -53,11 +53,6 @@ There are also two alternative presets that combine some of these options you ca
   Select the C/C++ compilers to use. Official Lean releases currently use Clang;
   see also `.github/workflows/ci.yml` for the CI config.
 
-* `-DUSE_LAKE=ON`\
-  Experimental option to build the core libraries using Lake instead of `lean.mk`.  Caveats:
-  * As native code compilation is still handled by cmake, changes to stage0/ (such as from `git pull`) are picked up only when invoking the build via `make`, not via `Refresh Dependencies` in the editor.
-  * `USE_LAKE` is not yet compatible with `LAKE_ARTIFACT_CACHE`
-
 Lean will automatically use [CCache](https://ccache.dev/) if available to avoid
 redundant builds, especially after stage 0 has been updated.
 

lean.code-workspace

@@ -37,6 +37,15 @@
 					"isDefault": true
 				}
 			},
+			{
+				"label": "build-old",
+				"type": "shell",
+				"command": "make -C build/release -j$(nproc 2>/dev/null || sysctl -n hw.logicalcpu 2>/dev/null || echo 4) LAKE_EXTRA_ARGS=--old",
+				"problemMatcher": [],
+				"group": {
+					"kind": "build"
+				}
+			},
 			{
 				"label": "test",
 				"type": "shell",

script/AnalyzeGrindAnnotations.lean

@@ -6,6 +6,8 @@ Authors: Leonardo de Moura
 import Lean
 
 namespace Lean.Meta.Grind.Analyzer
+
+
 /-!
 A simple E-matching annotation analyzer.
 For each theorem annotated as an E-matching candidate, it creates an artificial goal, executes `grind` and shows the
@@ -72,16 +74,59 @@ def analyzeEMatchTheorem (declName : Name) (c : Config) : MetaM Unit := do
   if s > c.detailed then
     logInfo m!"{declName}\n{← thmsToMessageData thms}"
 
+-- Not sure why this is failing: `down_pure` perhaps has an unnecessary universe parameter?
+run_meta analyzeEMatchTheorem ``Std.Do.SPred.down_pure {}
+
 /-- Analyzes all theorems in the standard library marked as E-matching theorems. -/
 def analyzeEMatchTheorems (c : Config := {}) : MetaM Unit := do
   let origins := (← getEMatchTheorems).getOrigins
-  for o in origins do
-    let .decl declName := o | pure ()
-    analyzeEMatchTheorem declName c
+  let decls := origins.filterMap fun | .decl declName => some declName | _ => none
+  for declName in decls.mergeSort Name.lt do
+    try
+      analyzeEMatchTheorem declName c
+    catch e =>
+      logError m!"{declName} failed with {e.toMessageData}"
+  logInfo m!"Finished analyzing {decls.length} theorems"
 
-set_option maxHeartbeats 5000000
-run_meta analyzeEMatchTheorems
+/-- Macro for analyzing E-match theorems with unlimited heartbeats -/
+macro "#analyzeEMatchTheorems" : command => `(
+  set_option maxHeartbeats 0 in
+  run_meta analyzeEMatchTheorems
+)
 
--- We can analyze specific theorems using commands such as
-set_option trace.grind.ematch.instance true in
-run_meta analyzeEMatchTheorem ``List.filterMap_some {}
+#analyzeEMatchTheorems
+
+-- -- We can analyze specific theorems using commands such as
+set_option trace.grind.ematch.instance true
+
+-- 1. grind immediately sees `(#[] : Array α) = ([] : List α).toArray` but probably this should be hidden.
+-- 2. `Vector.toArray_empty` keys on `Array.mk []` rather than `#v[].toArray`
+-- I guess we could add `(#[].extract _ _).extract _ _` as a stop pattern.
+run_meta analyzeEMatchTheorem ``Array.extract_empty {}
+
+-- Neither `Option.bind_some` nor `Option.bind_fun_some` fire, because the terms appear inside
+-- lambdas. So we get crazy things like:
+-- `fun x => ((some x).bind some).bind fun x => (some x).bind fun x => (some x).bind some`
+-- We could consider replacing `filterMap_some` with
+-- `filterMap g (filterMap f xs) = filterMap (f >=> g) xs`
+-- to avoid the lambda that `grind` struggles with, but this would require more API around the fish.
+run_meta analyzeEMatchTheorem ``Array.filterMap_some {}
+
+-- Not entirely certain what is wrong here, but certainly
+-- `eq_empty_of_append_eq_empty` is firing too often.
+-- Ideally we could instantiate this is we fine `xs ++ ys` in the same equivalence class,
+-- note just as soon as we see `xs ++ ys`.
+-- I've tried removing this in https://github.com/leanprover/lean4/pull/10162
+run_meta analyzeEMatchTheorem ``Array.range'_succ {}
+
+-- Perhaps the same story here.
+run_meta analyzeEMatchTheorem ``Array.range_succ {}
+
+-- `zip_map_left` and `zip_map_right` are bad grind lemmas,
+-- checking if they can be removed in https://github.com/leanprover/lean4/pull/10163
+run_meta analyzeEMatchTheorem ``Array.zip_map {}
+
+-- It seems crazy to me that as soon as we have `0 >>> n = 0`, we instantiate based on the
+-- pattern `0 >>> n >>> m` by substituting `0` into `0 >>> n` to produce the `0 >>> n >>> n`.
+-- I don't think any forbidden subterms can help us here. I don't know what to do. :-(
+run_meta analyzeEMatchTheorem ``Int.zero_shiftRight {}

script/bench.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -euxo pipefail
 
-cmake --preset release -DUSE_LAKE=ON 1>&2
+cmake --preset release 1>&2
 
 # We benchmark against stage2/bin to test new optimizations.
 timeout -s KILL 1h time make -C build/release -j$(nproc) stage3 1>&2

script/merge_remote.py

@@ -5,6 +5,7 @@ Merge a tag into a branch on a GitHub repository.
 
 This script checks if a specified tag can be merged cleanly into a branch and performs
 the merge if possible. If the merge cannot be done cleanly, it prints a helpful message.
+Merge conflicts in the lean-toolchain file are automatically resolved by accepting the incoming changes.
 
 Usage:
     python3 merge_remote.py <org/repo> <branch> <tag>
@@ -58,6 +59,32 @@ def clone_repo(repo, temp_dir):
     return True
 
 
+def get_conflicted_files():
+    """Get list of files with merge conflicts."""
+    result = run_command("git diff --name-only --diff-filter=U", check=False)
+    if result.returncode == 0:
+        return result.stdout.strip().split('\n') if result.stdout.strip() else []
+    return []
+
+
+def resolve_lean_toolchain_conflict(tag):
+    """Resolve lean-toolchain conflict by accepting incoming (tag) changes."""
+    print("Resolving lean-toolchain conflict by accepting incoming changes...")
+    # Accept theirs (incoming) version for lean-toolchain
+    result = run_command(f"git checkout --theirs lean-toolchain", check=False)
+    if result.returncode != 0:
+        print("Failed to resolve lean-toolchain conflict")
+        return False
+
+    # Add the resolved file
+    add_result = run_command("git add lean-toolchain", check=False)
+    if add_result.returncode != 0:
+        print("Failed to stage resolved lean-toolchain")
+        return False
+
+    return True
+
+
 def check_and_merge(repo, branch, tag, temp_dir):
     """Check if tag can be merged into branch and perform the merge if possible."""
     # Change to the temporary directory
@@ -98,12 +125,37 @@ def check_and_merge(repo, branch, tag, temp_dir):
     # Try merging the tag directly
     print(f"Merging {tag} into {branch}...")
     merge_result = run_command(f"git merge {tag} --no-edit", check=False)
-    
+
     if merge_result.returncode != 0:
-        print(f"Cannot merge {tag} cleanly into {branch}.")
-        print("Merge conflicts would occur. Aborting merge.")
-        run_command("git merge --abort")
-        return False
+        # Check which files have conflicts
+        conflicted_files = get_conflicted_files()
+
+        if conflicted_files == ['lean-toolchain']:
+            # Only lean-toolchain has conflicts, resolve it
+            print("Merge conflict detected only in lean-toolchain.")
+            if resolve_lean_toolchain_conflict(tag):
+                # Continue the merge with the resolved conflict
+                print("Continuing merge with resolved lean-toolchain...")
+                continue_result = run_command(f"git commit --no-edit", check=False)
+                if continue_result.returncode != 0:
+                    print("Failed to complete merge after resolving lean-toolchain")
+                    run_command("git merge --abort")
+                    return False
+            else:
+                print("Failed to resolve lean-toolchain conflict")
+                run_command("git merge --abort")
+                return False
+        else:
+            # Other files have conflicts, or unable to determine
+            if conflicted_files:
+                print(f"Cannot merge {tag} cleanly into {branch}.")
+                print(f"Merge conflicts in: {', '.join(conflicted_files)}")
+            else:
+                print(f"Cannot merge {tag} cleanly into {branch}.")
+                print("Merge conflicts would occur.")
+            print("Aborting merge.")
+            run_command("git merge --abort")
+            return False
     
     print(f"Pushing changes to remote...")
     push_result = run_command(f"git push origin {branch}")

script/release_notes.py

@@ -52,6 +52,7 @@ def sort_sections_order():
     return [
         "Language",
         "Library",
+        "Tactics",
         "Compiler",
         "Pretty Printing",
         "Documentation",

script/release_repos.yml

@@ -1,4 +1,11 @@
 repositories:
+  - name: lean4-cli
+    url: https://github.com/leanprover/lean4-cli
+    toolchain-tag: true
+    stable-branch: false
+    branch: main
+    dependencies: []
+
   - name: batteries
     url: https://github.com/leanprover-community/batteries
     toolchain-tag: true
@@ -7,6 +14,13 @@ repositories:
     bump-branch: true
     dependencies: []
 
+  - name: verso
+    url: https://github.com/leanprover/verso
+    toolchain-tag: true
+    stable-branch: false
+    branch: main
+    dependencies: []
+
   - name: lean4checker
     url: https://github.com/leanprover/lean4checker
     toolchain-tag: true
@@ -21,20 +35,6 @@ repositories:
     branch: master
     dependencies: []
 
-  - name: lean4-cli
-    url: https://github.com/leanprover/lean4-cli
-    toolchain-tag: true
-    stable-branch: false
-    branch: main
-    dependencies: []
-
-  - name: verso
-    url: https://github.com/leanprover/verso
-    toolchain-tag: true
-    stable-branch: false
-    branch: main
-    dependencies: []
-
   - name: plausible
     url: https://github.com/leanprover-community/plausible
     toolchain-tag: true
@@ -96,6 +96,15 @@ repositories:
       - import-graph
       - plausible
 
+  - name: cslib
+    url: https://github.com/leanprover/cslib
+    toolchain-tag: true
+    stable-branch: true
+    branch: main
+    bump-branch: true
+    dependencies:
+      - mathlib4
+
   - name: repl
     url: https://github.com/leanprover-community/repl
     toolchain-tag: true
@@ -103,3 +112,11 @@ repositories:
     branch: master
     dependencies:
       - mathlib4
+
+  - name: lean-fro.org
+    url: https://github.com/leanprover/lean-fro.org
+    toolchain-tag: false
+    stable-branch: false
+    branch: master
+    dependencies:
+      - verso

script/release_steps.py

@@ -377,6 +377,33 @@ def execute_release_steps(repo, version, config):
         except subprocess.CalledProcessError as e:
             print(red("Tests failed, but continuing with PR creation..."))
             print(red(f"Test error: {e}"))
+    elif repo_name == "lean-fro.org":
+        # Update lean-toolchain in examples/hero
+        print(blue("Updating examples/hero/lean-toolchain..."))
+        docs_toolchain = repo_path / "examples" / "hero" / "lean-toolchain"
+        with open(docs_toolchain, "w") as f:
+            f.write(f"leanprover/lean4:{version}\n")
+        print(green(f"Updated examples/hero/lean-toolchain to leanprover/lean4:{version}"))
+
+        print(blue("Running `lake update`..."))
+        run_command("lake update", cwd=repo_path, stream_output=True)
+        print(blue("Running `lake update` in examples/hero..."))
+        run_command("lake update", cwd=repo_path / "examples" / "hero", stream_output=True)
+    elif repo_name == "cslib":
+        print(blue("Updating lakefile.toml..."))
+        run_command(f'perl -pi -e \'s/"v4\\.[0-9]+(\\.[0-9]+)?(-rc[0-9]+)?"/"' + version + '"/g\' lakefile.*', cwd=repo_path)
+        
+        print(blue("Updating docs/lakefile.toml..."))
+        run_command(f'perl -pi -e \'s/"v4\\.[0-9]+(\\.[0-9]+)?(-rc[0-9]+)?"/"' + version + '"/g\' lakefile.*', cwd=repo_path / "docs")
+
+        # Update lean-toolchain in docs
+        print(blue("Updating docs/lean-toolchain..."))
+        docs_toolchain = repo_path / "docs" / "lean-toolchain"
+        with open(docs_toolchain, "w") as f:
+            f.write(f"leanprover/lean4:{version}\n")
+        print(green(f"Updated docs/lean-toolchain to leanprover/lean4:{version}"))
+
+        run_command("lake update", cwd=repo_path, stream_output=True)
     elif dependencies:
         run_command(f'perl -pi -e \'s/"v4\\.[0-9]+(\\.[0-9]+)?(-rc[0-9]+)?"/"' + version + '"/g\' lakefile.*', cwd=repo_path)
         run_command("lake update", cwd=repo_path, stream_output=True)

src/CMakeLists.txt

@@ -10,7 +10,7 @@ endif()
 include(ExternalProject)
 project(LEAN CXX C)
 set(LEAN_VERSION_MAJOR 4)
-set(LEAN_VERSION_MINOR 23)
+set(LEAN_VERSION_MINOR 25)
 set(LEAN_VERSION_PATCH 0)
 set(LEAN_VERSION_IS_RELEASE 0)  # This number is 1 in the release revision, and 0 otherwise.
 set(LEAN_SPECIAL_VERSION_DESC "" CACHE STRING "Additional version description like 'nightly-2018-03-11'")
@@ -81,7 +81,7 @@ option(USE_MIMALLOC "use mimalloc" ON)
 
 # development-specific options
 option(CHECK_OLEAN_VERSION "Only load .olean files compiled with the current version of Lean" OFF)
-option(USE_LAKE "Use Lake instead of lean.mk for building core libs from language server" OFF)
+option(USE_LAKE "Use Lake instead of lean.mk for building core libs from language server" ON)
 
 set(LEAN_EXTRA_MAKE_OPTS  ""                           CACHE STRING "extra options to lean --make")
 set(LEANC_CC              ${CMAKE_C_COMPILER}          CACHE STRING "C compiler to use in `leanc`")
@@ -469,6 +469,7 @@ elseif(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
   string(APPEND CMAKE_CXX_FLAGS " -ftls-model=initial-exec")
   string(APPEND INIT_SHARED_LINKER_FLAGS " -install_name @rpath/libInit_shared.dylib")
   string(APPEND LEANSHARED_1_LINKER_FLAGS " -install_name @rpath/libleanshared_1.dylib")
+  string(APPEND LEANSHARED_2_LINKER_FLAGS " -install_name @rpath/libleanshared_2.dylib")
   string(APPEND LEANSHARED_LINKER_FLAGS " -install_name @rpath/libleanshared.dylib")
   string(APPEND LAKESHARED_LINKER_FLAGS " -Wl,-force_load,${CMAKE_BINARY_DIR}/lib/lean/libLake.a.export -install_name @rpath/libLake_shared.dylib")
   string(APPEND CMAKE_EXE_LINKER_FLAGS " -Wl,-rpath,@executable_path/../lib -Wl,-rpath,@executable_path/../lib/lean")
@@ -502,7 +503,7 @@ endif()
 # are already loaded) and probably fail unless we set up LD_LIBRARY_PATH.
 if(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
   # import libraries created by the stdlib.make targets
-  string(APPEND LEANC_SHARED_LINKER_FLAGS " -lInit_shared -lleanshared_1 -lleanshared")
+  string(APPEND LEANC_SHARED_LINKER_FLAGS " -lInit_shared -lleanshared_2 -lleanshared_1 -lleanshared")
 elseif("${CMAKE_SYSTEM_NAME}" MATCHES "Darwin")
   # The second flag is necessary to even *load* dylibs without resolved symbols, as can happen
   # if a Lake `extern_lib` depends on a symbols defined by the Lean library but is loaded even
@@ -589,7 +590,7 @@ endif()
 
 add_subdirectory(initialize)
 add_subdirectory(shell)
-# to be included in `leanshared` but not the smaller `leanshared_1` (as it would pull
+# to be included in `leanshared` but not the smaller `leanshared_*` (as it would pull
 # in the world)
 add_library(leaninitialize STATIC $<TARGET_OBJECTS:initialize>)
 set_target_properties(leaninitialize PROPERTIES
@@ -714,6 +715,7 @@ if(${CMAKE_SYSTEM_NAME} MATCHES "Emscripten")
   )
   add_custom_target(leanshared ALL
     DEPENDS Init_shared leancpp
+    COMMAND touch ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/libleanshared_2${CMAKE_SHARED_LIBRARY_SUFFIX}
     COMMAND touch ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/libleanshared_1${CMAKE_SHARED_LIBRARY_SUFFIX}
     COMMAND touch ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/libleanshared${CMAKE_SHARED_LIBRARY_SUFFIX}
   )
@@ -734,7 +736,7 @@ else()
     COMMAND $(MAKE) -f ${CMAKE_BINARY_DIR}/stdlib.make leanshared
     VERBATIM)
 
-  string(APPEND CMAKE_EXE_LINKER_FLAGS " -lInit_shared -lleanshared_1 -lleanshared")
+  string(APPEND CMAKE_EXE_LINKER_FLAGS " -lInit_shared -lleanshared_2 -lleanshared_1 -lleanshared")
 endif()
 
 if(NOT ${CMAKE_SYSTEM_NAME} MATCHES "Emscripten")

src/Init.lean

@@ -42,5 +42,8 @@ public import Init.While
 public import Init.Syntax
 public import Init.Internal
 public import Init.Try
+public meta import Init.Try  -- make sure `Try.Config` can be evaluated anywhere
 public import Init.BinderNameHint
 public import Init.Task
+public import Init.MethodSpecsSimp
+public import Init.LawfulBEqTactics

src/Init/Control/EState.lean

@@ -19,8 +19,8 @@ variable {ε σ α : Type u}
 
 instance [ToString ε] [ToString α] : ToString (Result ε σ α) where
   toString
-    | Result.ok a _    => "ok: " ++ toString a
-    | Result.error e _ => "error: " ++ toString e
+    | Result.ok a _    => String.Internal.append "ok: " (toString a)
+    | Result.error e _ => String.Internal.append "error: " (toString e)
 
 instance [Repr ε] [Repr α] : Repr (Result ε σ α) where
   reprPrec

src/Init/Control/Lawful/Basic.lean

@@ -147,7 +147,7 @@ class LawfulMonad (m : Type u → Type v) [Monad m] : Prop extends LawfulApplica
 
 export LawfulMonad (bind_pure_comp bind_map pure_bind bind_assoc)
 attribute [simp] pure_bind bind_assoc bind_pure_comp
-attribute [grind] pure_bind
+attribute [grind <=] pure_bind
 
 @[simp] theorem bind_pure [Monad m] [LawfulMonad m] (x : m α) : x >>= pure = x := by
   change x >>= (fun a => pure (id a)) = x

src/Init/Control/Lawful/Instances.lean

@@ -7,8 +7,10 @@ module
 
 prelude
 public import Init.Control.Lawful.Basic
-public import all Init.Control.Except
-public import all Init.Control.State
+public import Init.Control.Except
+import all Init.Control.Except
+public import Init.Control.State
+import all Init.Control.State
 public import Init.Control.StateRef
 public import Init.Ext
 
@@ -20,23 +22,24 @@ open Function
 
 namespace ExceptT
 
-@[ext] theorem ext {x y : ExceptT ε m α} (h : x.run = y.run) : x = y := by
+@[ext, grind ext] theorem ext {x y : ExceptT ε m α} (h : x.run = y.run) : x = y := by
   simp [run] at h
   assumption
 
-@[simp] theorem run_pure [Monad m] (x : α) : run (pure x : ExceptT ε m α) = pure (Except.ok x) := rfl
+@[simp, grind =] theorem run_pure [Monad m] (x : α) : run (pure x : ExceptT ε m α) = pure (Except.ok x) := rfl
 
-@[simp] theorem run_lift  [Monad.{u, v} m] (x : m α) : run (ExceptT.lift x : ExceptT ε m α) = (Except.ok <$> x : m (Except ε α)) := rfl
+@[simp, grind =] theorem run_lift  [Monad.{u, v} m] (x : m α) : run (ExceptT.lift x : ExceptT ε m α) = (Except.ok <$> x : m (Except ε α)) := rfl
 
-@[simp] theorem run_throw [Monad m] : run (throw e : ExceptT ε m β) = pure (Except.error e) := rfl
+@[simp, grind =] theorem run_throw [Monad m] : run (throw e : ExceptT ε m β) = pure (Except.error e) := rfl
 
-@[simp] theorem run_bind_lift [Monad m] [LawfulMonad m] (x : m α) (f : α → ExceptT ε m β) : run (ExceptT.lift x >>= f : ExceptT ε m β) = x >>= fun a => run (f a) := by
+@[simp, grind =] theorem run_bind_lift [Monad m] [LawfulMonad m] (x : m α) (f : α → ExceptT ε m β) : run (ExceptT.lift x >>= f : ExceptT ε m β) = x >>= fun a => run (f a) := by
   simp [ExceptT.run, ExceptT.lift, bind, ExceptT.bind, ExceptT.mk, ExceptT.bindCont]
 
-@[simp] theorem bind_throw [Monad m] [LawfulMonad m] (f : α → ExceptT ε m β) : (throw e >>= f) = throw e := by
+@[simp, grind =] theorem bind_throw [Monad m] [LawfulMonad m] (f : α → ExceptT ε m β) : (throw e >>= f) = throw e := by
   simp [throw, throwThe, MonadExceptOf.throw, bind, ExceptT.bind, ExceptT.bindCont, ExceptT.mk]
 
-theorem run_bind [Monad m] (x : ExceptT ε m α)
+@[grind =]
+theorem run_bind [Monad m] (x : ExceptT ε m α) (f : α → ExceptT ε m β)
         : run (x >>= f : ExceptT ε m β)
           =
           run x >>= fun
@@ -44,10 +47,10 @@ theorem run_bind [Monad m] (x : ExceptT ε m α)
                      | Except.error e => pure (Except.error e) :=
   rfl
 
-@[simp] theorem lift_pure [Monad m] [LawfulMonad m] (a : α) : ExceptT.lift (pure a) = (pure a : ExceptT ε m α) := by
+@[simp, grind =] theorem lift_pure [Monad m] [LawfulMonad m] (a : α) : ExceptT.lift (pure a) = (pure a : ExceptT ε m α) := by
   simp [ExceptT.lift, pure, ExceptT.pure]
 
-@[simp] theorem run_map [Monad m] [LawfulMonad m] (f : α → β) (x : ExceptT ε m α)
+@[simp, grind =] theorem run_map [Monad m] [LawfulMonad m] (f : α → β) (x : ExceptT ε m α)
     : (f <$> x).run = Except.map f <$> x.run := by
   simp [Functor.map, ExceptT.map, ←bind_pure_comp]
   apply bind_congr
@@ -111,28 +114,28 @@ instance : LawfulFunctor (Except ε) := inferInstance
 
 namespace ReaderT
 
-@[ext] theorem ext {x y : ReaderT ρ m α} (h : ∀ ctx, x.run ctx = y.run ctx) : x = y := by
+@[ext, grind ext] theorem ext {x y : ReaderT ρ m α} (h : ∀ ctx, x.run ctx = y.run ctx) : x = y := by
   simp [run] at h
   exact funext h
 
-@[simp] theorem run_pure [Monad m] (a : α) (ctx : ρ) : (pure a : ReaderT ρ m α).run ctx = pure a := rfl
+@[simp, grind =] theorem run_pure [Monad m] (a : α) (ctx : ρ) : (pure a : ReaderT ρ m α).run ctx = pure a := rfl
 
-@[simp] theorem run_bind [Monad m] (x : ReaderT ρ m α) (f : α → ReaderT ρ m β) (ctx : ρ)
+@[simp, grind =] theorem run_bind [Monad m] (x : ReaderT ρ m α) (f : α → ReaderT ρ m β) (ctx : ρ)
     : (x >>= f).run ctx = x.run ctx >>= λ a => (f a).run ctx := rfl
 
-@[simp] theorem run_mapConst [Monad m] (a : α) (x : ReaderT ρ m β) (ctx : ρ)
+@[simp, grind =] theorem run_mapConst [Monad m] (a : α) (x : ReaderT ρ m β) (ctx : ρ)
     : (Functor.mapConst a x).run ctx = Functor.mapConst a (x.run ctx) := rfl
 
-@[simp] theorem run_map [Monad m] (f : α → β) (x : ReaderT ρ m α) (ctx : ρ)
+@[simp, grind =] theorem run_map [Monad m] (f : α → β) (x : ReaderT ρ m α) (ctx : ρ)
     : (f <$> x).run ctx = f <$> x.run ctx := rfl
 
-@[simp] theorem run_monadLift [MonadLiftT n m] (x : n α) (ctx : ρ)
+@[simp, grind =] theorem run_monadLift [MonadLiftT n m] (x : n α) (ctx : ρ)
     : (monadLift x : ReaderT ρ m α).run ctx = (monadLift x : m α) := rfl
 
-@[simp] theorem run_monadMap [MonadFunctorT n m] (f : {β : Type u} → n β → n β) (x : ReaderT ρ m α) (ctx : ρ)
+@[simp, grind =] theorem run_monadMap [MonadFunctorT n m] (f : {β : Type u} → n β → n β) (x : ReaderT ρ m α) (ctx : ρ)
     : (monadMap @f x : ReaderT ρ m α).run ctx = monadMap @f (x.run ctx) := rfl
 
-@[simp] theorem run_read [Monad m] (ctx : ρ) : (ReaderT.read : ReaderT ρ m ρ).run ctx = pure ctx := rfl
+@[simp, grind =] theorem run_read [Monad m] (ctx : ρ) : (ReaderT.read : ReaderT ρ m ρ).run ctx = pure ctx := rfl
 
 @[simp] theorem run_seq {α β : Type u} [Monad m] (f : ReaderT ρ m (α → β)) (x : ReaderT ρ m α) (ctx : ρ)
     : (f <*> x).run ctx = (f.run ctx <*> x.run ctx) := rfl
@@ -173,38 +176,39 @@ instance [Monad m] [LawfulMonad m] : LawfulMonad (StateRefT' ω σ m) :=
 
 namespace StateT
 
-@[ext] theorem ext {x y : StateT σ m α} (h : ∀ s, x.run s = y.run s) : x = y :=
+@[ext, grind ext] theorem ext {x y : StateT σ m α} (h : ∀ s, x.run s = y.run s) : x = y :=
   funext h
 
-@[simp] theorem run'_eq [Monad m] (x : StateT σ m α) (s : σ) : run' x s = (·.1) <$> run x s :=
+@[simp, grind =] theorem run'_eq [Monad m] (x : StateT σ m α) (s : σ) : run' x s = (·.1) <$> run x s :=
   rfl
 
-@[simp] theorem run_pure [Monad m] (a : α) (s : σ) : (pure a : StateT σ m α).run s = pure (a, s) := rfl
+@[simp, grind =] theorem run_pure [Monad m] (a : α) (s : σ) : (pure a : StateT σ m α).run s = pure (a, s) := rfl
 
-@[simp] theorem run_bind [Monad m] (x : StateT σ m α) (f : α → StateT σ m β) (s : σ)
+@[simp, grind =] theorem run_bind [Monad m] (x : StateT σ m α) (f : α → StateT σ m β) (s : σ)
     : (x >>= f).run s = x.run s >>= λ p => (f p.1).run p.2 := by
   simp [bind, StateT.bind, run]
 
-@[simp] theorem run_map {α β σ : Type u} [Monad m] [LawfulMonad m] (f : α → β) (x : StateT σ m α) (s : σ) : (f <$> x).run s = (fun (p : α × σ) => (f p.1, p.2)) <$> x.run s := by
+@[simp, grind =] theorem run_map {α β σ : Type u} [Monad m] [LawfulMonad m] (f : α → β) (x : StateT σ m α) (s : σ) : (f <$> x).run s = (fun (p : α × σ) => (f p.1, p.2)) <$> x.run s := by
   simp [Functor.map, StateT.map, run, ←bind_pure_comp]
 
-@[simp] theorem run_get [Monad m] (s : σ)    : (get : StateT σ m σ).run s = pure (s, s) := rfl
+@[simp, grind =] theorem run_get [Monad m] (s : σ)    : (get : StateT σ m σ).run s = pure (s, s) := rfl
 
-@[simp] theorem run_set [Monad m] (s s' : σ) : (set s' : StateT σ m PUnit).run s = pure (⟨⟩, s') := rfl
+@[simp, grind =] theorem run_set [Monad m] (s s' : σ) : (set s' : StateT σ m PUnit).run s = pure (⟨⟩, s') := rfl
 
-@[simp] theorem run_modify [Monad m] (f : σ → σ) (s : σ) : (modify f : StateT σ m PUnit).run s = pure (⟨⟩, f s) := rfl
+@[simp, grind =] theorem run_modify [Monad m] (f : σ → σ) (s : σ) : (modify f : StateT σ m PUnit).run s = pure (⟨⟩, f s) := rfl
 
-@[simp] theorem run_modifyGet [Monad m] (f : σ → α × σ) (s : σ) : (modifyGet f : StateT σ m α).run s = pure ((f s).1, (f s).2) := by
+@[simp, grind =] theorem run_modifyGet [Monad m] (f : σ → α × σ) (s : σ) : (modifyGet f : StateT σ m α).run s = pure ((f s).1, (f s).2) := by
   simp [modifyGet, MonadStateOf.modifyGet, StateT.modifyGet, run]
 
-@[simp] theorem run_lift {α σ : Type u} [Monad m] (x : m α) (s : σ) : (StateT.lift x : StateT σ m α).run s = x >>= fun a => pure (a, s) := rfl
+@[simp, grind =] theorem run_lift {α σ : Type u} [Monad m] (x : m α) (s : σ) : (StateT.lift x : StateT σ m α).run s = x >>= fun a => pure (a, s) := rfl
 
+@[grind =]
 theorem run_bind_lift {α σ : Type u} [Monad m] [LawfulMonad m] (x : m α) (f : α → StateT σ m β) (s : σ) : (StateT.lift x >>= f).run s = x >>= fun a => (f a).run s := by
   simp [StateT.lift, StateT.run, bind, StateT.bind]
 
-@[simp] theorem run_monadLift {α σ : Type u} [Monad m] [MonadLiftT n m] (x : n α) (s : σ) : (monadLift x : StateT σ m α).run s = (monadLift x : m α) >>= fun a => pure (a, s) := rfl
+@[simp, grind =] theorem run_monadLift {α σ : Type u} [Monad m] [MonadLiftT n m] (x : n α) (s : σ) : (monadLift x : StateT σ m α).run s = (monadLift x : m α) >>= fun a => pure (a, s) := rfl
 
-@[simp] theorem run_monadMap [MonadFunctorT n m] (f : {β : Type u} → n β → n β) (x : StateT σ m α) (s : σ) :
+@[simp, grind =] theorem run_monadMap [MonadFunctorT n m] (f : {β : Type u} → n β → n β) (x : StateT σ m α) (s : σ) :
     (monadMap @f x : StateT σ m α).run s = monadMap @f (x.run s) := rfl
 
 @[simp] theorem run_seq {α β σ : Type u} [Monad m] [LawfulMonad m] (f : StateT σ m (α → β)) (x : StateT σ m α) (s : σ) : (f <*> x).run s = (f.run s >>= fun fs => (fun (p : α × σ) => (fs.1 p.1, p.2)) <$> x.run fs.2) := by

src/Init/Control/Lawful/MonadLift/Instances.lean

@@ -6,12 +6,18 @@ Authors: Quang Dao, Paul Reichert
 module
 
 prelude
-public import all Init.Control.Option
-public import all Init.Control.Except
-public import all Init.Control.ExceptCps
-public import all Init.Control.StateRef
-public import all Init.Control.StateCps
-public import all Init.Control.Id
+public import Init.Control.Option
+import all Init.Control.Option
+public import Init.Control.Except
+import all Init.Control.Except
+public import Init.Control.ExceptCps
+import all Init.Control.ExceptCps
+public import Init.Control.StateRef
+import all Init.Control.StateRef
+public import Init.Control.StateCps
+import all Init.Control.StateCps
+public import Init.Control.Id
+import all Init.Control.Id
 public import Init.Control.Lawful.MonadLift.Lemmas
 public import Init.Control.Lawful.Instances
 

src/Init/Conv.lean

@@ -290,13 +290,17 @@ macro "right" : conv => `(conv| rhs)
 /-- `intro` traverses into binders. Synonym for `ext`. -/
 macro "intro" xs:(ppSpace colGt binderIdent)* : conv => `(conv| ext $xs*)
 
-syntax enterArg := binderIdent <|> argArg
+syntax enterPattern := "in " (occs)? term
+
+syntax enterArg := binderIdent <|> argArg <|> enterPattern
 
 /-- `enter [arg, ...]` is a compact way to describe a path to a subterm.
 It is a shorthand for other conv tactics as follows:
 * `enter [i]` is equivalent to `arg i`.
 * `enter [@i]` is equivalent to `arg @i`.
 * `enter [x]` (where `x` is an identifier) is equivalent to `ext x`.
+* `enter [in e]` (where `e` is a term) is equivalent to `pattern e`.
+  Occurrences can be specified with `enter [in (occs := ...) e]`.
 For example, given the target `f (g a (fun x => x b))`, `enter [1, 2, x, 1]`
 will traverse to the subterm `b`. -/
 syntax (name := enter) "enter" " [" withoutPosition(enterArg,+) "]" : conv

src/Init/Core.lean

@@ -1580,6 +1580,7 @@ instance {p q : Prop} [d : Decidable (p ↔ q)] : Decidable (p = q) :=
 
 gen_injective_theorems% Array
 gen_injective_theorems% BitVec
+gen_injective_theorems% ByteArray
 gen_injective_theorems% Char
 gen_injective_theorems% DoResultBC
 gen_injective_theorems% DoResultPR
@@ -2522,12 +2523,17 @@ class Antisymm (r : α → α → Prop) : Prop where
   /-- An antisymmetric relation `r` satisfies `r a b → r b a → a = b`. -/
   antisymm (a b : α) : r a b → r b a → a = b
 
-/-- `Asymm X r` means that the binary relation `r` on `X` is asymmetric, that is,
+/-- `Asymm r` means that the binary relation `r` is asymmetric, that is,
 `r a b → ¬ r b a`. -/
 class Asymm (r : α → α → Prop) : Prop where
   /-- An asymmetric relation satisfies `r a b → ¬ r b a`. -/
   asymm : ∀ a b, r a b → ¬r b a
 
+/-- `Symm r` means that the binary relation `r` is symmetric, that is, `r a b → r b a`.  -/
+class Symm (r : α → α → Prop) : Prop where
+  /-- A symmetric relation satisfies `r a b → r b a`. -/
+  symm : ∀ a b, r a b → r b a
+
 /-- `Total X r` means that the binary relation `r` on `X` is total, that is, that for any
 `x y : X` we have `r x y` or `r y x`. -/
 class Total (r : α → α → Prop) : Prop where
@@ -2541,7 +2547,3 @@ class Irrefl (r : α → α → Prop) : Prop where
   irrefl : ∀ a, ¬r a a
 
 end Std
-
-/-- Deprecated alias for `XorOp`. -/
-@[deprecated XorOp (since := "2025-07-30")]
-abbrev Xor := XorOp

src/Init/Data.lean

@@ -50,5 +50,7 @@ public import Init.Data.Iterators
 public import Init.Data.Range.Polymorphic
 public import Init.Data.Slice
 public import Init.Data.Order
+public import Init.Data.Rat
+public import Init.Data.Dyadic
 
 public section

src/Init/Data/Array/Attach.lean

@@ -9,7 +9,8 @@ prelude
 public import Init.Data.Array.Mem
 public import Init.Data.Array.Lemmas
 public import Init.Data.Array.Count
-public import all Init.Data.List.Attach
+public import Init.Data.List.Attach
+import all Init.Data.List.Attach
 
 public section
 
@@ -120,7 +121,7 @@ theorem pmap_eq_map {p : α → Prop} {f : α → β} {xs : Array α} (H) :
 theorem pmap_congr_left {p q : α → Prop} {f : ∀ a, p a → β} {g : ∀ a, q a → β} (xs : Array α) {H₁ H₂}
     (h : ∀ a ∈ xs, ∀ (h₁ h₂), f a h₁ = g a h₂) : pmap f xs H₁ = pmap g xs H₂ := by
   cases xs
-  simp only [mem_toArray] at h
+  simp only [List.mem_toArray] at h
   simp only [List.pmap_toArray, mk.injEq]
   rw [List.pmap_congr_left _ h]
 
@@ -193,14 +194,14 @@ theorem attachWith_map_subtype_val {p : α → Prop} {xs : Array α} (H : ∀ a
     (xs.attachWith p H).map Subtype.val = xs := by
   cases xs; simp
 
-@[simp, grind]
+@[simp, grind ←]
 theorem mem_attach (xs : Array α) : ∀ x, x ∈ xs.attach
   | ⟨a, h⟩ => by
     have := mem_map.1 (by rw [attach_map_subtype_val] <;> exact h)
     rcases this with ⟨⟨_, _⟩, m, rfl⟩
     exact m
 
-@[simp, grind]
+@[simp, grind =]
 theorem mem_attachWith {xs : Array α} {q : α → Prop} (H) (x : {x // q x}) :
     x ∈ xs.attachWith q H ↔ x.1 ∈ xs := by
   cases xs
@@ -211,12 +212,13 @@ theorem mem_pmap {p : α → Prop} {f : ∀ a, p a → β} {xs H b} :
     b ∈ pmap f xs H ↔ ∃ (a : _) (h : a ∈ xs), f a (H a h) = b := by
   simp only [pmap_eq_map_attach, mem_map, mem_attach, true_and, Subtype.exists, eq_comm]
 
-@[grind]
 theorem mem_pmap_of_mem {p : α → Prop} {f : ∀ a, p a → β} {xs H} {a} (h : a ∈ xs) :
     f a (H a h) ∈ pmap f xs H := by
   rw [mem_pmap]
   exact ⟨a, h, rfl⟩
 
+grind_pattern mem_pmap_of_mem => _ ∈ pmap f xs H, a ∈ xs
+
 @[simp, grind =]
 theorem size_pmap {p : α → Prop} {f : ∀ a, p a → β} {xs H} : (pmap f xs H).size = xs.size := by
   cases xs; simp
@@ -344,7 +346,7 @@ theorem foldl_attach {xs : Array α} {f : β → α → β} {b : β} :
     xs.attach.foldl (fun acc t => f acc t.1) b = xs.foldl f b := by
   rcases xs with ⟨xs⟩
   simp only [List.attach_toArray, List.attachWith_mem_toArray, List.size_toArray,
-    List.foldl_toArray', mem_toArray, List.foldl_subtype]
+    List.foldl_toArray', List.mem_toArray, List.foldl_subtype]
   congr
   ext
   simpa using fun a => List.mem_of_getElem? a
@@ -363,7 +365,7 @@ theorem foldr_attach {xs : Array α} {f : α → β → β} {b : β} :
     xs.attach.foldr (fun t acc => f t.1 acc) b = xs.foldr f b := by
   rcases xs with ⟨xs⟩
   simp only [List.attach_toArray, List.attachWith_mem_toArray, List.size_toArray,
-    List.foldr_toArray', mem_toArray, List.foldr_subtype]
+    List.foldr_toArray', List.mem_toArray, List.foldr_subtype]
   congr
   ext
   simpa using fun a => List.mem_of_getElem? a
@@ -705,7 +707,7 @@ and simplifies these to the function directly taking the value.
     {f : { x // p x } → Array β} {g : α → Array β} (hf : ∀ x h, f ⟨x, h⟩ = g x) :
     (xs.flatMap f) = xs.unattach.flatMap g := by
   cases xs
-  simp only [List.flatMap_toArray, List.unattach_toArray, 
+  simp only [List.flatMap_toArray, List.unattach_toArray,
     mk.injEq]
   rw [List.flatMap_subtype]
   simp [hf]

src/Init/Data/Array/Basic.lean

@@ -10,11 +10,11 @@ public import Init.WFTactics
 public import Init.Data.Nat.Basic
 public import Init.Data.Fin.Basic
 public import Init.Data.UInt.BasicAux
-public import Init.Data.Repr
-public import Init.Data.ToString.Basic
 public import Init.GetElem
-public import all Init.Data.List.ToArrayImpl
-public import all Init.Data.Array.Set
+public import Init.Data.List.ToArrayImpl
+import all Init.Data.List.ToArrayImpl
+public import Init.Data.Array.Set
+import all Init.Data.Array.Set
 
 public section
 
@@ -40,11 +40,11 @@ namespace Array
 
 /-! ### Preliminary theorems -/
 
-@[simp, grind] theorem size_set {xs : Array α} {i : Nat} {v : α} (h : i < xs.size) :
+@[simp, grind =] theorem size_set {xs : Array α} {i : Nat} {v : α} (h : i < xs.size) :
     (set xs i v h).size = xs.size :=
   List.length_set ..
 
-@[simp, grind] theorem size_push {xs : Array α} (v : α) : (push xs v).size = xs.size + 1 :=
+@[simp, grind =] theorem size_push {xs : Array α} (v : α) : (push xs v).size = xs.size + 1 :=
   List.length_concat ..
 
 theorem ext {xs ys : Array α}
@@ -108,13 +108,19 @@ instance : Membership α (Array α) where
 theorem mem_def {a : α} {as : Array α} : a ∈ as ↔ a ∈ as.toList :=
   ⟨fun | .mk h => h, Array.Mem.mk⟩
 
-@[simp, grind =] theorem mem_toArray {a : α} {l : List α} : a ∈ l.toArray ↔ a ∈ l := by
+@[simp, grind =] theorem _root_.List.mem_toArray {a : α} {l : List α} : a ∈ l.toArray ↔ a ∈ l := by
   simp [mem_def]
 
-@[simp, grind] theorem getElem_mem {xs : Array α} {i : Nat} (h : i < xs.size) : xs[i] ∈ xs := by
+@[deprecated List.mem_toArray (since := "2025-09-04")]
+theorem mem_toArray {a : α} {l : List α} : a ∈ l.toArray ↔ a ∈ l :=
+  List.mem_toArray
+
+@[simp] theorem getElem_mem {xs : Array α} {i : Nat} (h : i < xs.size) : xs[i] ∈ xs := by
   rw [Array.mem_def, ← getElem_toList]
   apply List.getElem_mem
 
+grind_pattern getElem_mem => xs[i] ∈ xs
+
 @[simp, grind =] theorem emptyWithCapacity_eq {α n} : @emptyWithCapacity α n = #[] := rfl
 
 @[simp] theorem mkEmpty_eq {α n} : @mkEmpty α n = #[] := rfl
@@ -132,7 +138,7 @@ theorem toList_toArray {as : List α} : as.toArray.toList = as := rfl
 @[deprecated toList_toArray (since := "2025-02-17")]
 abbrev _root_.Array.toList_toArray := @List.toList_toArray
 
-@[simp, grind] theorem size_toArray {as : List α} : as.toArray.size = as.length := by simp [Array.size]
+@[simp, grind =] theorem size_toArray {as : List α} : as.toArray.size = as.length := by simp [Array.size]
 
 @[deprecated size_toArray (since := "2025-02-17")]
 abbrev _root_.Array.size_toArray := @List.size_toArray
@@ -162,8 +168,8 @@ This is a low-level version of `Array.size` that directly queries the runtime sy
 representation of arrays. While this is not provable, `Array.usize` always returns the exact size of
 the array since the implementation only supports arrays of size less than `USize.size`.
 -/
-@[extern "lean_array_size", simp]
-def usize (a : @& Array α) : USize := a.size.toUSize
+@[extern "lean_array_size", simp, expose]
+def usize (xs : @& Array α) : USize := xs.size.toUSize
 
 /--
 Low-level indexing operator which is as fast as a C array read.
@@ -171,8 +177,8 @@ Low-level indexing operator which is as fast as a C array read.
 This avoids overhead due to unboxing a `Nat` used as an index.
 -/
 @[extern "lean_array_uget", simp, expose]
-def uget (a : @& Array α) (i : USize) (h : i.toNat < a.size) : α :=
-  a[i.toNat]
+def uget (xs : @& Array α) (i : USize) (h : i.toNat < xs.size) : α :=
+  xs[i.toNat]
 
 /--
 Low-level modification operator which is as fast as a C array write. The modification is performed
@@ -197,7 +203,7 @@ Examples:
 def pop (xs : Array α) : Array α where
   toList := xs.toList.dropLast
 
-@[simp, grind] theorem size_pop {xs : Array α} : xs.pop.size = xs.size - 1 := by
+@[simp, grind =] theorem size_pop {xs : Array α} : xs.pop.size = xs.size - 1 := by
   match xs with
   | ⟨[]⟩ => rfl
   | ⟨a::as⟩ => simp [pop, Nat.succ_sub_succ_eq_sub, size]
@@ -441,7 +447,7 @@ def swapAt! (xs : Array α) (i : Nat) (v : α) : α × Array α :=
     swapAt xs i v
   else
     have : Inhabited (α × Array α) := ⟨(v, xs)⟩
-    panic! ("index " ++ toString i ++ " out of bounds")
+    panic! String.Internal.append (String.Internal.append "index " (toString i)) " out of bounds"
 
 /--
 Returns the first `n` elements of an array. The resulting array is produced by repeatedly calling
@@ -2167,7 +2173,7 @@ instance {α : Type u} [Repr α] : Repr (Array α) where
   reprPrec xs _ := Array.repr xs
 
 instance [ToString α] : ToString (Array α) where
-  toString xs := "#" ++ toString xs.toList
+  toString xs := String.Internal.append "#" (toString xs.toList)
 
 end Array
 

src/Init/Data/Array/BasicAux.lean

@@ -6,7 +6,8 @@ Authors: Leonardo de Moura
 module
 
 prelude
-public import all Init.Data.Array.Basic
+public import Init.Data.Array.Basic
+import all Init.Data.Array.Basic
 public import Init.Data.Nat.Linear
 public import Init.NotationExtra
 

src/Init/Data/Array/Bootstrap.lean

@@ -8,7 +8,8 @@ module
 
 prelude
 public import Init.Data.List.TakeDrop
-public import all Init.Data.Array.Basic
+public import Init.Data.Array.Basic
+import all Init.Data.Array.Basic
 
 public section
 
@@ -34,8 +35,8 @@ the index is in bounds. This is because the tactic itself needs to look up value
 arrays.
 -/
 @[deprecated "Use indexing notation `as[i]` instead" (since := "2025-02-17")]
-def get {α : Type u} (a : @& Array α) (i : @& Nat) (h : LT.lt i a.size) : α :=
-  a.toList.get ⟨i, h⟩
+def get {α : Type u} (xs : @& Array α) (i : @& Nat) (h : LT.lt i xs.size) : α :=
+  xs.toList.get ⟨i, h⟩
 
 /--
 Use the indexing notation `a[i]!` instead.
@@ -43,8 +44,8 @@ Use the indexing notation `a[i]!` instead.
 Access an element from an array, or panic if the index is out of bounds.
 -/
 @[deprecated "Use indexing notation `as[i]!` instead" (since := "2025-02-17"), expose]
-def get! {α : Type u} [Inhabited α] (a : @& Array α) (i : @& Nat) : α :=
-  Array.getD a i default
+def get! {α : Type u} [Inhabited α] (xs : @& Array α) (i : @& Nat) : α :=
+  Array.getD xs i default
 
 theorem foldlM_toList.aux [Monad m]
     {f : β → α → m β} {xs : Array α} {i j} (H : xs.size ≤ i + j) {b} :

src/Init/Data/Array/Count.lean

@@ -6,7 +6,8 @@ Authors: Kim Morrison
 module
 
 prelude
-public import all Init.Data.Array.Basic
+public import Init.Data.Array.Basic
+import all Init.Data.Array.Basic
 public import Init.Data.Array.Lemmas
 public import Init.Data.List.Nat.Count
 

src/Init/Data/Array/DecidableEq.lean

@@ -6,7 +6,8 @@ Authors: Leonardo de Moura
 module
 
 prelude
-public import all Init.Data.Array.Basic
+public import Init.Data.Array.Basic
+import all Init.Data.Array.Basic
 public import Init.Data.BEq
 public import Init.Data.List.Nat.BEq
 public import Init.ByCases

src/Init/Data/Array/Erase.lean

@@ -6,7 +6,8 @@ Authors: Kim Morrison
 module
 
 prelude
-public import all Init.Data.Array.Basic
+public import Init.Data.Array.Basic
+import all Init.Data.Array.Basic
 public import Init.Data.Array.Lemmas
 public import Init.Data.List.Nat.Erase
 public import Init.Data.List.Nat.Basic
@@ -90,7 +91,7 @@ theorem mem_of_mem_eraseP {xs : Array α} : a ∈ xs.eraseP p → a ∈ xs := by
   rcases xs with ⟨xs⟩
   simpa using List.mem_of_mem_eraseP
 
-@[simp, grind] theorem mem_eraseP_of_neg {xs : Array α} (pa : ¬p a) : a ∈ xs.eraseP p ↔ a ∈ xs := by
+@[simp, grind =] theorem mem_eraseP_of_neg {xs : Array α} (pa : ¬p a) : a ∈ xs.eraseP p ↔ a ∈ xs := by
   rcases xs with ⟨xs⟩
   simpa using List.mem_eraseP_of_neg pa
 
@@ -239,7 +240,7 @@ theorem mem_of_mem_erase {a b : α} {xs : Array α} (h : a ∈ xs.erase b) : a
   rcases xs with ⟨xs⟩
   simpa using List.mem_of_mem_erase (by simpa using h)
 
-@[simp, grind] theorem mem_erase_of_ne [LawfulBEq α] {a b : α} {xs : Array α} (ab : a ≠ b) :
+@[simp, grind =] theorem mem_erase_of_ne [LawfulBEq α] {a b : α} {xs : Array α} (ab : a ≠ b) :
     a ∈ xs.erase b ↔ a ∈ xs :=
   erase_eq_eraseP b xs ▸ mem_eraseP_of_neg (mt eq_of_beq ab.symm)
 
@@ -270,7 +271,7 @@ theorem erase_append [LawfulBEq α] {a : α} {xs ys : Array α} :
     (xs ++ ys).erase a = if a ∈ xs then xs.erase a ++ ys else xs ++ ys.erase a := by
   rcases xs with ⟨xs⟩
   rcases ys with ⟨ys⟩
-  simp only [List.append_toArray, List.erase_toArray, List.erase_append, mem_toArray]
+  simp only [List.append_toArray, List.erase_toArray, List.erase_append, List.mem_toArray]
   split <;> simp
 
 @[grind =]

src/Init/Data/Array/Find.lean

@@ -7,7 +7,8 @@ module
 
 prelude
 public import Init.Data.List.Nat.Find
-public import all Init.Data.Array.Basic
+public import Init.Data.Array.Basic
+import all Init.Data.Array.Basic
 public import Init.Data.Array.Lemmas
 public import Init.Data.Array.Attach
 public import Init.Data.Array.Range
@@ -26,11 +27,11 @@ open Nat
 
 /-! ### findSome? -/
 
-@[simp, grind] theorem findSome?_empty : (#[] : Array α).findSome? f = none := rfl
-@[simp, grind] theorem findSome?_push {xs : Array α} : (xs.push a).findSome? f = (xs.findSome? f).or (f a) := by
+@[simp, grind =] theorem findSome?_empty : (#[] : Array α).findSome? f = none := rfl
+@[simp, grind =] theorem findSome?_push {xs : Array α} : (xs.push a).findSome? f = (xs.findSome? f).or (f a) := by
   cases xs; simp [List.findSome?_append]
 
-@[grind]
+@[grind =]
 theorem findSome?_singleton {a : α} {f : α → Option β} : #[a].findSome? f = f a := by
   simp
 
@@ -227,11 +228,12 @@ theorem mem_of_find?_eq_some {xs : Array α} (h : find? p xs = some a) : a ∈ x
   simp at h
   simpa using List.mem_of_find?_eq_some h
 
-@[grind]
 theorem get_find?_mem {xs : Array α} (h) : (xs.find? p).get h ∈ xs := by
   cases xs
   simp [List.get_find?_mem]
 
+grind_pattern get_find?_mem => (xs.find? p).get h
+
 @[simp, grind =] theorem find?_filter {xs : Array α} (p q : α → Bool) :
     (xs.filter p).find? q = xs.find? (fun a => p a ∧ q a) := by
   cases xs; simp
@@ -394,7 +396,6 @@ theorem findIdx_singleton {a : α} {p : α → Bool} :
     #[a].findIdx p = if p a then 0 else 1 := by
   simp
 
-@[grind →]
 theorem findIdx_of_getElem?_eq_some {xs : Array α} (w : xs[xs.findIdx p]? = some y) : p y := by
   rcases xs with ⟨xs⟩
   exact List.findIdx_of_getElem?_eq_some (by simpa using w)
@@ -727,7 +728,7 @@ theorem isNone_findFinIdx? {xs : Array α} {p : α → Bool} :
   cases xs
   simp only [List.findFinIdx?_toArray, hf, List.findFinIdx?_subtype]
   rw [findFinIdx?_congr List.unattach_toArray]
-  simp only [Option.map_map, Function.comp_def, Fin.cast_trans]
+  simp only [Option.map_map, Function.comp_def, Fin.cast_cast]
   simp [Array.size]
 
 /-! ### idxOf

src/Init/Data/Array/Lex/Lemmas.lean

@@ -70,8 +70,8 @@ private theorem cons_lex_cons [BEq α] {lt : α → α → Bool} {a b : α} {xs
     rw [cons_lex_cons.forIn'_congr_aux Std.PRange.toList_eq_match rfl (fun _ _ _ => rfl)]
     simp only [Std.PRange.SupportsUpperBound.IsSatisfied, bind_pure_comp, map_pure]
     rw [cons_lex_cons.forIn'_congr_aux (if_pos (by omega)) rfl (fun _ _ _ => rfl)]
-  simp only [Std.PRange.toList_open_eq_toList_closed_of_isSome_succ? (lo := 0) (h := rfl),
-    Std.PRange.UpwardEnumerable.succ?, Nat.add_comm 1, Std.PRange.Nat.ClosedOpen.toList_succ_succ,
+  simp only [Std.PRange.toList_Rox_eq_toList_Rcx_of_isSome_succ? (lo := 0) (h := rfl),
+    Std.PRange.UpwardEnumerable.succ?, Nat.add_comm 1, Std.PRange.Nat.toList_Rco_succ_succ,
     Option.get_some, List.forIn'_cons, List.size_toArray, List.length_cons, List.length_nil,
     Nat.lt_add_one, getElem_append_left, List.getElem_toArray, List.getElem_cons_zero]
   cases lt a b

src/Init/Data/Array/MapIdx.lean

@@ -6,11 +6,13 @@ Authors: Mario Carneiro, Kim Morrison
 module
 
 prelude
-public import all Init.Data.Array.Basic
+public import Init.Data.Array.Basic
+import all Init.Data.Array.Basic
 public import Init.Data.Array.Lemmas
 public import Init.Data.Array.Attach
 public import Init.Data.Array.OfFn
-public import all Init.Data.List.MapIdx
+public import Init.Data.List.MapIdx
+import all Init.Data.List.MapIdx
 
 public section
 

src/Init/Data/Array/Monadic.lean

@@ -6,8 +6,10 @@ Authors: Kim Morrison
 module
 
 prelude
-public import all Init.Data.List.Control
-public import all Init.Data.Array.Basic
+public import Init.Data.List.Control
+import all Init.Data.List.Control
+public import Init.Data.Array.Basic
+import all Init.Data.Array.Basic
 public import Init.Data.Array.Lemmas
 public import Init.Data.Array.Attach
 public import Init.Data.List.Monadic
@@ -165,7 +167,7 @@ theorem foldrM_filter [Monad m] [LawfulMonad m] {p : α → Bool} {g : α → β
     (h : ∀ a m b, f a (by simpa [w] using m) b = g a m b) :
     forIn' as b f = forIn' bs b' g := by
   cases as <;> cases bs
-  simp only [mk.injEq, mem_toArray, List.forIn'_toArray] at w h ⊢
+  simp only [mk.injEq, List.mem_toArray, List.forIn'_toArray] at w h ⊢
   exact List.forIn'_congr w hb h
 
 /--

src/Init/Data/Array/OfFn.lean

@@ -6,7 +6,8 @@ Authors: Kim Morrison
 module
 
 prelude
-public import all Init.Data.Array.Basic
+public import Init.Data.Array.Basic
+import all Init.Data.Array.Basic
 public import Init.Data.Array.Lemmas
 public import Init.Data.Array.Monadic
 public import Init.Data.List.OfFn

src/Init/Data/Array/Perm.lean

@@ -7,7 +7,8 @@ module
 
 prelude
 public import Init.Data.List.Nat.Perm
-public import all Init.Data.Array.Basic
+public import Init.Data.Array.Basic
+import all Init.Data.Array.Basic
 public import Init.Data.Array.Lemmas
 
 public section

src/Init/Data/Array/QSort/Basic.lean

@@ -7,7 +7,7 @@ module
 
 prelude
 public import Init.Data.Vector.Basic
-public import Init.Data.Ord
+public import Init.Data.Ord.Basic
 
 public section
 

src/Init/Data/Array/Range.lean

@@ -7,8 +7,10 @@ module
 
 prelude
 public import Init.Data.Array.Lemmas
-public import all Init.Data.Array.Basic
-public import all Init.Data.Array.OfFn
+public import Init.Data.Array.Basic
+import all Init.Data.Array.Basic
+public import Init.Data.Array.OfFn
+import all Init.Data.Array.OfFn
 public import Init.Data.Array.MapIdx
 public import Init.Data.Array.Zip
 public import Init.Data.List.Nat.Range
@@ -114,7 +116,7 @@ theorem range'_eq_append_iff : range' s n = xs ++ ys ↔ ∃ k, k ≤ n ∧ xs =
 @[simp] theorem find?_range'_eq_some {s n : Nat} {i : Nat} {p : Nat → Bool} :
     (range' s n).find? p = some i ↔ p i ∧ i ∈ range' s n ∧ ∀ j, s ≤ j → j < i → !p j := by
   rw [← List.toArray_range']
-  simp only [List.find?_toArray, mem_toArray]
+  simp only [List.find?_toArray, List.mem_toArray]
   simp [List.find?_range'_eq_some]
 
 @[simp] theorem find?_range'_eq_none {s n : Nat} {p : Nat → Bool} :

src/Init/Data/Array/Subarray/Split.lean

@@ -8,7 +8,8 @@ module
 
 prelude
 public import Init.Data.Array.Basic
-public import all Init.Data.Array.Subarray
+public import Init.Data.Array.Subarray
+import all Init.Data.Array.Subarray
 public import Init.Omega
 
 public section

src/Init/Data/Array/TakeDrop.lean

@@ -6,7 +6,8 @@ Authors: Markus Himmel
 module
 
 prelude
-public import all Init.Data.Array.Basic
+public import Init.Data.Array.Basic
+import all Init.Data.Array.Basic
 public import Init.Data.Array.Lemmas
 public import Init.Data.List.Nat.TakeDrop
 

src/Init/Data/Array/Zip.lean

@@ -6,7 +6,8 @@ Authors: Kim Morrison
 module
 
 prelude
-public import all Init.Data.Array.Basic
+public import Init.Data.Array.Basic
+import all Init.Data.Array.Basic
 public import Init.Data.Array.TakeDrop
 public import Init.Data.List.Zip
 
@@ -230,11 +231,9 @@ theorem zip_map {f : α → γ} {g : β → δ} {as : Array α} {bs : Array β}
   cases bs
   simp [List.zip_map]
 
-@[grind _=_]
 theorem zip_map_left {f : α → γ} {as : Array α} {bs : Array β} :
     zip (as.map f) bs = (zip as bs).map (Prod.map f id) := by rw [← zip_map, map_id]
 
-@[grind _=_]
 theorem zip_map_right {f : β → γ} {as : Array α} {bs : Array β} :
     zip as (bs.map f) = (zip as bs).map (Prod.map id f) := by rw [← zip_map, map_id]
 

src/Init/Data/BEq.lean

@@ -23,11 +23,14 @@ class PartialEquivBEq (α) [BEq α] : Prop where
   /-- Transitivity for `BEq`. If `a == b` and `b == c` then `a == c`. -/
   trans : (a : α) == b → b == c → a == c
 
+instance [BEq α] [PartialEquivBEq α] : Std.Symm (α := α) (· == ·) where
+  symm _ _ h := PartialEquivBEq.symm h
+
 /-- `EquivBEq` says that the `BEq` implementation is an equivalence relation. -/
 class EquivBEq (α) [BEq α] : Prop extends PartialEquivBEq α, ReflBEq α
 
-theorem BEq.symm [BEq α] [PartialEquivBEq α] {a b : α} : a == b → b == a :=
-  PartialEquivBEq.symm
+theorem BEq.symm [BEq α] [Std.Symm (α := α) (· == ·)] {a b : α} : a == b → b == a :=
+  Std.Symm.symm a b (r := (· == ·))
 
 theorem BEq.comm [BEq α] [PartialEquivBEq α] {a b : α} : (a == b) = (b == a) :=
   Bool.eq_iff_iff.2 ⟨BEq.symm, BEq.symm⟩

src/Init/Data/BitVec/Basic.lean

@@ -9,7 +9,7 @@ prelude
 public import Init.Data.Fin.Basic
 public import Init.Data.Nat.Bitwise.Lemmas
 public import Init.Data.Nat.Power2
-public import Init.Data.Int.Bitwise
+public import Init.Data.Int.Bitwise.Basic
 public import Init.Data.BitVec.BasicAux
 
 @[expose] public section
@@ -206,10 +206,13 @@ Converts a bitvector into a fixed-width hexadecimal number with enough digits to
 
 If `n` is `0`, then one digit is returned. Otherwise, `⌊(n + 3) / 4⌋` digits are returned.
 -/
+-- If we ever want to prove something about this, we can avoid having to use the opaque
+-- `Internal` string functions by moving this definition out to a separate file that can live
+-- downstream of `Init.Data.String.Basic`.
 protected def toHex {n : Nat} (x : BitVec n) : String :=
   let s := (Nat.toDigits 16 x.toNat).asString
-  let t := (List.replicate ((n+3) / 4 - s.length) '0').asString
-  t ++ s
+  let t := (List.replicate ((n+3) / 4 - String.Internal.length s) '0').asString
+  String.Internal.append t s
 
 /-- `BitVec` representation. -/
 protected def BitVec.repr (a : BitVec n) : Std.Format :=
@@ -871,4 +874,7 @@ def clzAuxRec {w : Nat} (x : BitVec w) (n : Nat) : BitVec w :=
 /-- Count the number of leading zeros. -/
 def clz (x : BitVec w) : BitVec w := clzAuxRec x (w - 1)
 
+/-- Count the number of trailing zeros. -/
+def ctz (x : BitVec w) : BitVec w := (x.reverse).clz
+
 end BitVec

src/Init/Data/BitVec/BasicAux.lean

@@ -21,13 +21,6 @@ namespace BitVec
 
 section Nat
 
-/--
-The bitvector with value `i mod 2^n`.
--/
-@[expose, match_pattern]
-protected def ofNat (n : Nat) (i : Nat) : BitVec n where
-  toFin := Fin.ofNat (2^n) i
-
 instance instOfNat : OfNat (BitVec n) i where ofNat := .ofNat n i
 
 /-- Return the bound in terms of toNat. -/

src/Init/Data/BitVec/Bitblast.lean

@@ -6,11 +6,14 @@ Authors: Harun Khan, Abdalrhman M Mohamed, Joe Hendrix, Siddharth Bhat
 module
 
 prelude
-public import all Init.Data.Nat.Bitwise.Basic
+public import Init.Data.Nat.Bitwise.Basic
+import all Init.Data.Nat.Bitwise.Basic
 public import Init.Data.Nat.Mod
-public import all Init.Data.Int.DivMod
+public import Init.Data.Int.DivMod
+import all Init.Data.Int.DivMod
 public import Init.Data.Int.LemmasAux
-public import all Init.Data.BitVec.Basic
+public import Init.Data.BitVec.Basic
+import all Init.Data.BitVec.Basic
 public import Init.Data.BitVec.Decidable
 public import Init.Data.BitVec.Lemmas
 public import Init.Data.BitVec.Folds
@@ -338,11 +341,11 @@ theorem add_eq_or_of_and_eq_zero {w : Nat} (x y : BitVec w)
   · rfl
   · simp only [adcb, atLeastTwo, Bool.and_false, Bool.or_false, bne_false,
     Prod.mk.injEq, and_eq_false_imp]
-    intros i
+    intro i
     replace h : (x &&& y).getLsbD i = (0#w).getLsbD i := by rw [h]
     simp only [getLsbD_and, getLsbD_zero, and_eq_false_imp] at h
     constructor
-    · intros hx
+    · intro hx
       simp_all
     · by_cases hx : x.getLsbD i <;> simp_all
 
@@ -1666,7 +1669,7 @@ private theorem neg_udiv_eq_intMin_iff_eq_intMin_eq_one_of_msb_eq_true
     {x y : BitVec w} (hx : x.msb = true) (hy : y.msb = false) :
     -x / y = intMin w ↔ (x = intMin w ∧ y = 1#w) := by
   constructor
-  · intros h
+  · intro h
     rcases w with _ | w; decide +revert
     have : (-x / y).msb = true := by simp [h, msb_intMin]
     rw [msb_udiv] at this
@@ -1742,7 +1745,7 @@ theorem msb_sdiv_eq_decide {x y : BitVec w} :
         Bool.and_self, ne_zero_of_msb_true, decide_false, Bool.and_true, Bool.true_and, Bool.not_true,
         Bool.false_and, Bool.or_false, bool_to_prop]
       have : x / -y ≠ intMin (w + 1) := by
-        intros h
+        intro h
         have : (x / -y).msb = (intMin (w + 1)).msb := by simp only [h]
         simp only [msb_udiv, msb_intMin, show 0 < w + 1 by omega, decide_true, and_eq_true, beq_iff_eq] at this
         obtain ⟨hcontra, _⟩ := this
@@ -1871,7 +1874,7 @@ theorem toInt_dvd_toInt_iff {x y : BitVec w} :
     y.toInt ∣ x.toInt ↔ (if x.msb then -x else x) % (if y.msb then -y else y) = 0#w := by
   constructor
   <;> by_cases hxmsb : x.msb <;> by_cases hymsb: y.msb
-  <;> intros h
+  <;> intro h
   <;> simp only [hxmsb, hymsb, reduceIte, false_eq_true, toNat_eq, toNat_umod, toNat_ofNat,
         zero_mod, toInt_eq_neg_toNat_neg_of_msb_true, Int.dvd_neg, Int.neg_dvd,
         toInt_eq_toNat_of_msb] at h
@@ -2141,7 +2144,7 @@ theorem add_shiftLeft_eq_or_shiftLeft {x y : BitVec w} :
   ext i hi
   simp only [shiftLeft_eq', getElem_and, getElem_shiftLeft, getElem_zero, and_eq_false_imp,
     not_eq_eq_eq_not, Bool.not_true, decide_eq_false_iff_not, Nat.not_lt]
-  intros hxi hxval
+  intro hxi hxval
   have : 2^i ≤ x.toNat := two_pow_le_toNat_of_getElem_eq_true hi hxi
   have : i < 2^i := by exact Nat.lt_two_pow_self
   omega
@@ -2152,4 +2155,238 @@ theorem shiftLeft_add_eq_shiftLeft_or {x y : BitVec w} :
     (y <<< x) + x =  (y <<< x) ||| x := by
   rw [BitVec.add_comm, add_shiftLeft_eq_or_shiftLeft, or_comm]
 
+/- ### Fast Circuit For Unsigned Overflow Detection -/
+
+/-!
+# Note [Fast Unsigned Multiplication Overflow Detection]
+
+The fast unsigned multiplication overflow detection circuit is described in
+`Efficient integer multiplication overflow detection circuits` (https://ieeexplore.ieee.org/abstract/document/987767).
+With this circuit, the computation of the overflow flag for the unsigned multiplication of
+two bitvectors `x` and `y` with bitwidth `w` requires:
+· extending the operands by `1` bit and performing the multiplication with the extended operands,
+· computing the preliminary overflow flag, which describes whether `x` and `y` together have at most
+  `w - 2` leading zeros.
+If the most significant bit of the extended operands' multiplication is `true` or if the
+preliminary overflow flag is `true`, overflow happens.
+In particular, the conditions check two different cases:
+· if the most significant bit of the extended operands' multiplication is `true`, the result of the
+  multiplication 2 ^ w ≤ x.toNat * y.toNat < 2 ^ (w + 1),
+· if the preliminary flag is true, then 2 ^ (w + 1) ≤ x.toNat * y.toNat.
+
+The computation of the preliminary overflow flag `resRec` relies on two quantities:
+· `uppcRec`: the unsigned parallel prefix circuit for the bits until a certain `i`,
+· `aandRec`: the conjunction between the parallel prefix circuit at of the first operand until a certain `i`
+  and the `i`-th bit in the second operand.
+-/
+
+/--
+  `uppcRec` is the unsigned parallel prefix, `x.uppcRec s = true` iff `x.toNat` is greater or equal
+  than `2 ^ (w - 1 - (s - 1))`.
+-/
+def uppcRec {w} (x : BitVec w) (s : Nat) (hs : s < w) : Bool :=
+  match s with
+  | 0 => x.msb
+  | i + 1 =>  x[w - 1 - i] || uppcRec x i (by omega)
+
+/-- The unsigned parallel prefix of `x` at `s` is `true` if and only if x interpreted
+  as a natural number is greater or equal than `2 ^ (w - 1 - (s - 1))`. -/
+@[simp]
+theorem uppcRec_true_iff (x : BitVec w) (s : Nat) (h : s < w) :
+    uppcRec x s h ↔ 2 ^ (w - 1 - (s - 1)) ≤ x.toNat := by
+  rcases w with _|w
+  · omega
+  · induction s
+    · case succ.zero =>
+      simp only [uppcRec, msb_eq_true_iff_two_mul_ge, Nat.pow_add, Nat.pow_one,
+        Nat.mul_comm (2 ^ w) 2, ge_iff_le, Nat.add_one_sub_one, zero_le, Nat.sub_eq_zero_of_le,
+        Nat.sub_zero]
+      apply Nat.mul_le_mul_left_iff (by omega)
+    · case succ.succ s ihs =>
+      simp only [uppcRec, or_eq_true, ihs, Nat.add_one_sub_one]
+      have := Nat.pow_le_pow_of_le (a := 2) ( n := (w - s)) (m := (w - (s - 1))) (by omega) (by omega)
+      constructor
+      · intro h'
+        rcases h' with h'|h'
+        · apply ge_two_pow_of_testBit h'
+        · omega
+      · intro h'
+        by_cases hbit: x[w - s]
+        · simp [hbit]
+        · have := BitVec.le_toNat_iff_getLsbD_eq_true (x := x) (i := w - s) (by omega)
+          simp only [h', true_iff] at this
+          obtain ⟨k, hk⟩ := this
+          by_cases hwk : w - s + k < w + 1
+          · by_cases hk' : 0 < k
+            · have hle := ge_two_pow_of_testBit hk
+              have hpowle := Nat.pow_le_pow_of_le (a := 2) ( n := (w - (s - 1))) (m := (w - s + k)) (by omega) (by omega)
+              omega
+            · rw [getLsbD_eq_getElem (by omega)] at hk
+              simp [hbit, show k = 0 by omega] at hk
+          · simp_all
+
+/--
+  Conjunction for fast umulOverflow circuit
+-/
+def aandRec (x y : BitVec w) (s : Nat) (hs : s < w) : Bool :=
+  y[s] && uppcRec x s (by omega)
+
+
+/--
+  Preliminary overflow flag for fast umulOverflow circuit as introduced in
+  `Efficient integer multiplication overflow detection circuits` (https://ieeexplore.ieee.org/abstract/document/987767).
+-/
+def resRec (x y : BitVec w) (s : Nat) (hs : s < w) (hslt : 0 < s) : Bool :=
+  match hs0 : s with
+  | 0 => by omega
+  | s' + 1 =>
+    match hs' : s' with
+    | 0 => aandRec x y 1 (by omega)
+    | s'' + 1 =>
+      (resRec x y s' (by omega) (by omega)) || (aandRec x y s (by omega))
+
+/-- The preliminary overflow flag is true for a certain `s` if and only if the conjunction returns true at
+  any `k` smaller than or equal to `s`. -/
+theorem resRec_true_iff (x y : BitVec w) (s : Nat) (hs : s < w) (hs' : 0 < s) :
+    resRec x y s hs hs' = true ↔ ∃ (k : Nat), ∃ (h : k ≤ s), ∃ (_ : 0 < k), aandRec x y k (by omega) := by
+  unfold resRec
+  rcases s with _|s
+  · omega
+  · rcases s
+    · case zero =>
+      constructor
+      · intro ha
+        exists 1, by omega, by omega
+      · intro hr
+        obtain ⟨k, hk, hk', hk''⟩ := hr
+        simp only [show k = 1 by omega] at hk''
+        exact hk''
+    · case succ s =>
+      induction s
+      · case zero =>
+        unfold resRec
+        simp only [Nat.zero_add, Nat.reduceAdd, or_eq_true]
+        constructor
+        · intro h
+          rcases h with h|h
+          · exists 1, by omega, by omega
+          · exists 2, by omega, by omega
+        · intro h
+          obtain ⟨k, hk, hk', hk''⟩ := h
+          have h : k = 1 ∨ k = 2 := by omega
+          rcases h with h|h
+          <;> simp only [h] at hk''
+          <;> simp [hk'']
+      · case succ s ihs =>
+        specialize ihs (by omega) (by omega)
+        unfold resRec
+        simp only [or_eq_true, ihs]
+        constructor
+        · intro h
+          rcases h with h|h
+          · obtain ⟨k, hk, hk', hk''⟩ := h
+            exists k, by omega, by omega
+          · exists s + 1 + 1 + 1, by omega, by omega
+        · intro h
+          obtain ⟨k, hk, hk', hk''⟩ := h
+          by_cases h' : x.aandRec y (s + 1 + 1 + 1) (by omega) = true
+          · simp [h']
+          · simp only [h', false_eq_true, _root_.or_false]
+            by_cases h'' : k ≤ s + 1 + 1
+            · exists k, h'', by omega
+            · have : k = s + 1 + 1 + 1 := by omega
+              simp_all
+
+/-- If the sum of the leading zeroes of two bitvecs with bitwidth `w` is less than or equal to
+  (`w - 2`), then the preliminary overflow flag is true and their unsigned multiplication overflows.
+  The explanation is in `Efficient integer multiplication overflow detection circuits`
+  https://ieeexplore.ieee.org/abstract/document/987767
+  -/
+theorem resRec_of_clz_le {x y : BitVec w} (hw : 1 < w) (hx : x ≠ 0#w) (hy : y ≠ 0#w):
+    (clz x).toNat + (clz y).toNat ≤ w - 2 → resRec x y (w - 1) (by omega) (by omega) := by
+  intro h
+  rw [resRec_true_iff]
+  exists (w - 1 - y.clz.toNat), by omega, by omega
+  simp only [aandRec]
+  by_cases hw0 : w - 1 - y.clz.toNat = 0
+  · have := clz_lt_iff_ne_zero.mpr (by omega)
+    omega
+  · simp only [and_eq_true, getLsbD_true_clz_of_ne_zero (x := y) (by omega) (by omega),
+    getElem_of_getLsbD_eq_true, uppcRec_true_iff,
+    show w - 1 - (w - 1 - y.clz.toNat - 1) = y.clz.toNat + 1 by omega, _root_.true_and]
+    exact Nat.le_trans (Nat.pow_le_pow_of_le (a := 2) (n := y.clz.toNat + 1)
+          (m := w - 1 - x.clz.toNat) (by omega) (by omega))
+          (BitVec.two_pow_sub_clz_le_toNat_of_ne_zero (x := x) (by omega) (by omega))
+
+/--
+  Complete fast overflow detection circuit for unsigned multiplication.
+-/
+theorem fastUmulOverflow (x y : BitVec w) :
+    umulOverflow x y = if hw : w ≤ 1 then false
+      else (setWidth (w + 1) x * setWidth (w + 1) y)[w] || x.resRec y (w - 1) (by omega) (by omega) := by
+  rcases w with _|_|w
+  · simp [of_length_zero, umulOverflow]
+  · have hx : x.toNat ≤ 1 := by omega
+    have hy : y.toNat ≤ 1 := by omega
+    have := Nat.mul_le_mul (n₁ := x.toNat) (m₁ := y.toNat) (n₂ := 1) (m₂ := 1) hx hy
+    simp [umulOverflow]
+    omega
+  · by_cases h : umulOverflow x y
+    · simp only [h, Nat.reduceLeDiff, reduceDIte, Nat.add_one_sub_one, true_eq, or_eq_true]
+      simp only [umulOverflow, ge_iff_le, decide_eq_true_eq] at h
+      by_cases h' : x.toNat * y.toNat < 2 ^ (w + 1 + 1 + 1)
+      · have hlt := BitVec.getElem_eq_true_of_lt_of_le
+          (x := (setWidth (w + 1 + 1 + 1) x * setWidth (w + 1 + 1 + 1) y))
+          (k := w + 1 + 1)  (by omega)
+        simp only [toNat_mul, toNat_setWidth, Nat.lt_add_one, toNat_mod_cancel_of_lt,
+          Nat.mod_eq_of_lt (a := x.toNat * y.toNat) (b := 2 ^ (w + 1 + 1 + 1)) (by omega), h', h,
+          forall_const] at hlt
+        simp [hlt]
+      · by_cases hsw : (setWidth (w + 1 + 1 + 1) x * setWidth (w + 1 + 1 + 1) y)[w + 1 + 1] = true
+        · simp [hsw]
+        · simp only [hsw, false_eq_true, _root_.false_or]
+          have := Nat.two_pow_pos (w := w + 1 + 1)
+          have hltx := BitVec.toNat_lt_two_pow_sub_clz (x := x)
+          have hlty := BitVec.toNat_lt_two_pow_sub_clz (x := y)
+          have := Nat.mul_ne_zero_iff (m := y.toNat) (n := x.toNat)
+          simp only [ne_eq, show ¬x.toNat * y.toNat = 0 by omega, not_false_eq_true,
+            true_iff] at this
+          obtain ⟨hxz,hyz⟩ := this
+          apply resRec_of_clz_le (x := x) (y := y) (by omega) (by simp [toNat_eq]; exact hxz) (by simp [toNat_eq]; exact hyz)
+          by_cases hzxy : x.clz.toNat + y.clz.toNat ≤ w
+          · omega
+          · by_cases heq : w + 1 - y.clz.toNat = 0
+            · by_cases heq' : w + 1 + 1 - y.clz.toNat = 0
+              · simp [heq', hyz] at hlty
+              · simp only [show y.clz.toNat = w + 1 by omega, Nat.add_sub_cancel_left,
+                  Nat.pow_one] at hlty
+                simp only [show y.toNat = 1 by omega, Nat.mul_one, Nat.not_lt] at h'
+                omega
+            · by_cases w + 1 < y.clz.toNat
+              · omega
+              · simp only [Nat.not_lt] at h'
+                have := Nat.mul_lt_mul'' (a := x.toNat) (b := y.toNat) (c := 2 ^ (w + 1 + 1 - x.clz.toNat)) (d := 2 ^ (w + 1 + 1 - y.clz.toNat)) hltx hlty
+                simp only [← Nat.pow_add] at this
+                have := Nat.pow_le_pow_of_le (a := 2) (n := w + 1 + 1 - x.clz.toNat + (w + 1 + 1 - y.clz.toNat)) (m := w + 1 + 1 + 1)
+                 (by omega) (by omega)
+                omega
+    · simp only [h, Nat.reduceLeDiff, reduceDIte, Nat.add_one_sub_one, false_eq, or_eq_false_iff]
+      simp only [umulOverflow, ge_iff_le, decide_eq_true_eq, Nat.not_le] at h
+      and_intros
+      · simp only [← getLsbD_eq_getElem, getLsbD_eq_getMsbD, Nat.lt_add_one, decide_true,
+          Nat.add_one_sub_one, Nat.sub_self, ← msb_eq_getMsbD_zero, Bool.true_and,
+          msb_eq_false_iff_two_mul_lt, toNat_mul, toNat_setWidth, toNat_mod_cancel_of_lt]
+        rw [Nat.mod_eq_of_lt (by omega),Nat.pow_add (m := w + 1 + 1) (n := 1)]
+        simp [Nat.mul_comm 2 (x.toNat * y.toNat), h]
+      · apply Classical.byContradiction
+        intro hcontra
+        simp only [not_eq_false, resRec_true_iff, exists_prop, exists_and_left] at hcontra
+        obtain ⟨k,hk,hk',hk''⟩ := hcontra
+        simp only [aandRec, and_eq_true, uppcRec_true_iff, Nat.add_one_sub_one] at hk''
+        obtain ⟨hky, hkx⟩ := hk''
+        have hyle := two_pow_le_toNat_of_getElem_eq_true (x := y) (i := k) (by omega) hky
+        have := Nat.mul_le_mul (n₁ := 2 ^ (w + 1 - (k - 1))) (m₁ := 2 ^ k) (n₂ := x.toNat) (m₂ := y.toNat) hkx hyle
+        simp [← Nat.pow_add, show w + 1 - (k - 1) + k = w + 1 + 1 by omega] at this
+        omega
+
 end BitVec

src/Init/Data/BitVec/Bootstrap.lean

@@ -6,7 +6,9 @@ Authors: Joe Hendrix, Harun Khan, Alex Keizer, Abdalrhman M Mohamed, Siddharth B
 module
 
 prelude
-public import all Init.Data.BitVec.Basic
+public import Init.Data.BitVec.Basic
+import all Init.Data.BitVec.Basic
+import Init.Data.Int.Bitwise.Lemmas
 
 public section
 
@@ -17,7 +19,7 @@ theorem testBit_toNat (x : BitVec w) : x.toNat.testBit i = x.getLsbD i := rfl
 @[simp, grind =] theorem getLsbD_ofFin (x : Fin (2^n)) (i : Nat) :
     getLsbD (BitVec.ofFin x) i = x.val.testBit i := rfl
 
-@[simp, grind] theorem getLsbD_of_ge (x : BitVec w) (i : Nat) (ge : w ≤ i) : getLsbD x i = false := by
+@[simp, grind =] theorem getLsbD_of_ge (x : BitVec w) (i : Nat) (ge : w ≤ i) : getLsbD x i = false := by
   let ⟨x, x_lt⟩ := x
   simp only [getLsbD_ofFin]
   apply Nat.testBit_lt_two_pow

src/Init/Data/BitVec/Folds.lean

@@ -6,7 +6,8 @@ Authors: Joe Hendrix, Harun Khan
 module
 
 prelude
-public import all Init.Data.BitVec.Basic
+public import Init.Data.BitVec.Basic
+import all Init.Data.BitVec.Basic
 public import Init.Data.BitVec.Lemmas
 public import Init.Data.Nat.Lemmas
 public import Init.Data.Fin.Iterate

src/Init/Data/BitVec/Lemmas.lean

@@ -7,8 +7,10 @@ module
 
 prelude
 public import Init.Data.Bool
-public import all Init.Data.BitVec.Basic
-public import all Init.Data.BitVec.BasicAux
+public import Init.Data.BitVec.Basic
+import all Init.Data.BitVec.Basic
+public import Init.Data.BitVec.BasicAux
+import all Init.Data.BitVec.BasicAux
 public import Init.Data.Fin.Lemmas
 public import Init.Data.Nat.Lemmas
 public import Init.Data.Nat.Div.Lemmas
@@ -35,7 +37,7 @@ namespace BitVec
 @[simp] theorem getElem_ofFin (x : Fin (2^n)) (i : Nat) (h : i < n) :
     (BitVec.ofFin x)[i] = x.val.testBit i := rfl
 
-@[simp, grind] theorem getMsbD_of_ge (x : BitVec w) (i : Nat) (ge : w ≤ i) : getMsbD x i = false := by
+@[simp, grind =] theorem getMsbD_of_ge (x : BitVec w) (i : Nat) (ge : w ≤ i) : getMsbD x i = false := by
   rw [getMsbD]
   simp only [Bool.and_eq_false_imp, decide_eq_true_eq]
   omega
@@ -120,7 +122,7 @@ theorem getElem_of_getLsbD_eq_true {x : BitVec w} {i : Nat} (h : x.getLsbD i = t
 This normalized a bitvec using `ofFin` to `ofNat`.
 -/
 theorem ofFin_eq_ofNat : @BitVec.ofFin w (Fin.mk x lt) = BitVec.ofNat w x := by
-  simp only [BitVec.ofNat, Fin.ofNat, lt, Nat.mod_eq_of_lt]
+  simp only [BitVec.ofNat, Fin.Internal.ofNat_eq_ofNat, Fin.ofNat, lt, Nat.mod_eq_of_lt]
 
 /-- Prove nonequality of bitvectors in terms of nat operations. -/
 theorem toNat_ne_iff_ne {n} {x y : BitVec n} : x.toNat ≠ y.toNat ↔ x ≠ y := by
@@ -241,11 +243,11 @@ theorem eq_of_getLsbD_eq_iff {w : Nat} {x y : BitVec w} :
     x = y ↔ ∀ (i : Nat), i < w → x.getLsbD i = y.getLsbD i := by
   have iff := @BitVec.eq_of_getElem_eq_iff w x y
   constructor
-  · intros heq i lt
+  · intro heq i lt
     have hext := iff.mp heq i lt
     simp only [← getLsbD_eq_getElem] at hext
     exact hext
-  · intros heq
+  · intro heq
     exact iff.mpr heq
 
 theorem eq_of_getMsbD_eq {x y : BitVec w}
@@ -297,7 +299,7 @@ theorem length_pos_of_ne {x y : BitVec w} (h : x ≠ y) : 0 < w :=
 
 theorem ofFin_ofNat (n : Nat) :
     ofFin (no_index (OfNat.ofNat n : Fin (2^w))) = OfNat.ofNat n := by
-  simp only [OfNat.ofNat, Fin.ofNat, BitVec.ofNat]
+  simp only [OfNat.ofNat, Fin.Internal.ofNat_eq_ofNat, Fin.ofNat, BitVec.ofNat]
 
 -- We use a `grind_pattern` as `@[grind]` will not use the `no_index` term.
 grind_pattern ofFin_ofNat => ofFin (OfNat.ofNat n : Fin (2^w))
@@ -508,6 +510,18 @@ theorem getElem_ofBool {b : Bool} {h : i < 1}: (ofBool b)[i] = b := by
 @[simp] theorem zero_eq_one_iff (w : Nat) : (0#w = 1#w) ↔ (w = 0) := by
   rw [← one_eq_zero_iff, eq_comm]
 
+/-- A bitvector is equal to 0#w if and only if all bits are `false` -/
+theorem zero_iff_eq_false {x: BitVec w} :
+    x = 0#w ↔ ∀ i, x.getLsbD i = false := by
+  rcases w with _|w
+  · simp [of_length_zero]
+  · constructor
+    · intro hzero
+      simp [hzero]
+    · intro hfalse
+      ext j hj
+      simp [← getLsbD_eq_getElem, hfalse]
+
 /-! ### msb -/
 
 @[simp] theorem msb_zero : (0#w).msb = false := by simp [BitVec.msb, getMsbD]
@@ -821,14 +835,14 @@ its most significant bit is true.
 theorem slt_zero_iff_msb_cond {x : BitVec w} : x.slt 0#w ↔ x.msb = true := by
   have := toInt_eq_msb_cond x
   constructor
-  · intros h
+  · intro h
     apply Classical.byContradiction
-    intros hmsb
+    intro hmsb
     simp only [Bool.not_eq_true] at hmsb
     simp only [hmsb, Bool.false_eq_true, ↓reduceIte] at this
     simp only [BitVec.slt, toInt_zero, decide_eq_true_eq] at h
     omega /- Can't have `x.toInt` which is equal to `x.toNat` be strictly less than zero -/
-  · intros h
+  · intro h
     simp only [h, ↓reduceIte] at this
     simp only [BitVec.slt, this, toInt_zero, decide_eq_true_eq]
     omega
@@ -1086,6 +1100,10 @@ theorem toInt_setWidth' {m n : Nat} (p : m ≤ n) {x : BitVec m} :
   rw [setWidth'_eq, toFin_setWidth, Fin.val_ofNat, Fin.coe_castLE, val_toFin,
     Nat.mod_eq_of_lt (by apply BitVec.toNat_lt_twoPow_of_le p)]
 
+theorem toNat_setWidth_of_le {w w' : Nat} {b : BitVec w} (h : w ≤ w') : (b.setWidth w').toNat = b.toNat := by
+  rw [BitVec.toNat_setWidth, Nat.mod_eq_of_lt]
+  exact BitVec.toNat_lt_twoPow_of_le h
+
 /-! ## extractLsb -/
 
 @[simp, grind =]
@@ -1273,6 +1291,17 @@ theorem extractLsb'_eq_zero {x : BitVec w} {start : Nat} :
   ext i hi
   omega
 
+theorem extractLsb'_setWidth_of_le {b : BitVec w} {start len w' : Nat} (h : start + len ≤ w') :
+    (b.setWidth w').extractLsb' start len = b.extractLsb' start len := by
+  ext i h_i
+  simp
+  omega
+
+theorem setWidth_extractLsb'_of_le {c : BitVec w} (h : len₁ ≤ len₂) :
+    (c.extractLsb' start len₂).setWidth len₁ = c.extractLsb' start len₁ := by
+  ext i hi
+  simp [show i < len₂ by omega]
+
 /-! ### allOnes -/
 
 @[simp, grind =] theorem toNat_allOnes : (allOnes v).toNat = 2^v - 1 := by
@@ -1516,6 +1545,12 @@ theorem extractLsb_and {x : BitVec w} {hi lo : Nat} :
 @[simp, grind =] theorem ofNat_and {x y : Nat} : BitVec.ofNat w (x &&& y) = BitVec.ofNat w x &&& BitVec.ofNat w y :=
   eq_of_toNat_eq (by simp [Nat.and_mod_two_pow])
 
+theorem and_or_distrib_left {x y z : BitVec w} : x &&& (y ||| z) = (x &&& y) ||| (x &&& z) :=
+  BitVec.eq_of_getElem_eq (by simp [Bool.and_or_distrib_left])
+
+theorem and_or_distrib_right {x y z : BitVec w} : (x ||| y) &&& z = (x &&& z) ||| (y &&& z) :=
+  BitVec.eq_of_getElem_eq (by simp [Bool.and_or_distrib_right])
+
 /-! ### xor -/
 
 @[simp, grind =] theorem toNat_xor (x y : BitVec v) :
@@ -2097,7 +2132,7 @@ theorem toInt_ushiftRight_of_lt {x : BitVec w} {n : Nat} (hn : 0 < n) :
     (x >>> n).toInt = x.toNat >>> n := by
   rw [toInt_eq_toNat_cond]
   simp only [toNat_ushiftRight, ite_eq_left_iff, Nat.not_lt]
-  intros h
+  intro h
   by_cases hn : n ≤ w
   · have h1 := Nat.mul_lt_mul_of_pos_left (toNat_ushiftRight_lt x n hn) Nat.two_pos
     simp only [toNat_ushiftRight, Nat.zero_lt_succ, Nat.mul_lt_mul_left] at h1
@@ -2166,6 +2201,10 @@ theorem msb_ushiftRight {x : BitVec w} {n : Nat} :
   have := lt_of_getLsbD ha
   omega
 
+theorem setWidth_ushiftRight_eq_extractLsb {b : BitVec w} : (b >>> w').setWidth w'' = b.extractLsb' w' w'' := by
+  ext i hi
+  simp
+
 /-! ### ushiftRight reductions from BitVec to Nat -/
 
 @[simp, grind =]
@@ -2192,8 +2231,7 @@ theorem sshiftRight_eq_of_msb_false {x : BitVec w} {s : Nat} (h : x.msb = false)
   apply BitVec.eq_of_toNat_eq
   rw [BitVec.sshiftRight_eq, BitVec.toInt_eq_toNat_cond]
   have hxbound : 2 * x.toNat < 2 ^ w := BitVec.msb_eq_false_iff_two_mul_lt.mp h
-  simp only [hxbound, ↓reduceIte, Int.natCast_shiftRight, ofInt_natCast,
-    toNat_ofNat, toNat_ushiftRight]
+  simp only [hxbound, ↓reduceIte, toNat_ushiftRight]
   replace hxbound : x.toNat >>> s < 2 ^ w := by
     rw [Nat.shiftRight_eq_div_pow]
     exact Nat.lt_of_le_of_lt (Nat.div_le_self ..) x.isLt
@@ -2235,7 +2273,7 @@ theorem getLsbD_sshiftRight (x : BitVec w) (s i : Nat) :
       omega
     · simp only [hi, decide_false, Bool.not_false, Bool.true_and, Bool.eq_and_self,
         decide_eq_true_eq]
-      intros hlsb
+      intro hlsb
       apply BitVec.lt_of_getLsbD hlsb
   · by_cases hi : i ≥ w
     · simp [hi]
@@ -2289,7 +2327,7 @@ theorem msb_sshiftRight {n : Nat} {x : BitVec w} :
   · simp [hw₀]
   · simp only [show ¬(w ≤ w - 1) by omega, decide_false, Bool.not_false, Bool.true_and,
       ite_eq_right_iff]
-    intros h
+    intro h
     simp [show n = 0 by omega]
 
 @[simp] theorem sshiftRight_zero {x : BitVec w} : x.sshiftRight 0 = x := by
@@ -2777,7 +2815,7 @@ theorem toInt_append {x : BitVec n} {y : BitVec m} :
     (x ++ 0#m).toInt = (2 ^ m) * x.toInt := by
   simp only [toInt_append, beq_iff_eq, toInt_zero, toNat_ofNat, Nat.zero_mod, Int.cast_ofNat_Int, Int.add_zero,
     ite_eq_right_iff]
-  intros h
+  intro h
   subst h
   simp [BitVec.eq_nil x]
 
@@ -2957,11 +2995,10 @@ theorem shiftLeft_eq_concat_of_lt {x : BitVec w} {n : Nat} (hn : n < w) :
 /-- Combine adjacent `extractLsb'` operations into a single `extractLsb'`. -/
 theorem extractLsb'_append_extractLsb'_eq_extractLsb' {x : BitVec w} (h : start₂ = start₁ + len₁) :
     ((x.extractLsb' start₂ len₂) ++ (x.extractLsb' start₁ len₁)) =
-    (x.extractLsb' start₁ (len₁ + len₂)).cast (by omega) := by
+      x.extractLsb' start₁ (len₂ + len₁) := by
   ext i h
-  simp only [getElem_append, getElem_extractLsb', dite_eq_ite, getElem_cast, ite_eq_left_iff,
-    Nat.not_lt]
-  intros hi
+  simp only [getElem_append, getElem_extractLsb', dite_eq_ite, ite_eq_left_iff, Nat.not_lt]
+  intro hi
   congr 1
   omega
 
@@ -2988,7 +3025,7 @@ theorem signExtend_eq_append_extractLsb' {w v : Nat} {x : BitVec w} :
   · simp only [hx, signExtend_eq_setWidth_of_msb_false, getElem_setWidth, Bool.false_eq_true,
       ↓reduceIte, getElem_append, getElem_extractLsb', Nat.zero_add, getElem_zero, dite_eq_ite,
       Bool.if_false_right, Bool.eq_and_self, decide_eq_true_eq]
-    intros hi
+    intro hi
     have hw : i < w := lt_of_getLsbD hi
     omega
   · simp [signExtend_eq_not_setWidth_not_of_msb_true hx, getElem_append, Nat.lt_min, hi]
@@ -3036,7 +3073,7 @@ theorem extractLsb'_append_eq_ite {v w} {xhi : BitVec v} {xlo : BitVec w} {start
     · simp only [hlen, ↓reduceDIte]
       ext i hi
       simp only [getElem_extractLsb', getLsbD_append, ite_eq_left_iff, Nat.not_lt]
-      intros hcontra
+      intro hcontra
       omega
     · simp only [hlen, ↓reduceDIte]
       ext i hi
@@ -3072,6 +3109,51 @@ theorem extractLsb'_append_eq_of_le {v w} {xhi : BitVec v} {xlo : BitVec w}
     extractLsb' start len (xhi ++ xlo) = extractLsb' (start - w) len xhi := by
   simp [extractLsb'_append_eq_ite, show ¬ start < w by omega]
 
+theorem extractLsb'_append_eq_left {a : BitVec w} {b : BitVec w'} : (a ++ b).extractLsb' w' w = a := by
+  simp [BitVec.extractLsb'_append_eq_of_le]
+
+theorem extractLsb'_append_eq_right {a : BitVec w} {b : BitVec w'} : (a ++ b).extractLsb' 0 w' = b := by
+  simp [BitVec.extractLsb'_append_eq_of_add_le]
+
+theorem setWidth_append_eq_right {a : BitVec w} {b : BitVec w'} : (a ++ b).setWidth w' = b := by
+  ext i hi
+  simp [getLsbD_append, hi]
+
+theorem append_left_inj {s₁ s₂ : BitVec w} (t : BitVec w') : s₁ ++ t = s₂ ++ t ↔ s₁ = s₂ := by
+  refine ⟨fun h => ?_, fun h => h ▸ rfl⟩
+  ext i hi
+  simpa [getElem_append, dif_neg] using congrArg (·[i + w']'(by omega)) h
+
+theorem append_right_inj (s : BitVec w) {t₁ t₂ : BitVec w'} : s ++ t₁ = s ++ t₂ ↔ t₁ = t₂ := by
+  refine ⟨fun h => ?_, fun h => h ▸ rfl⟩
+  ext i hi
+  simpa [getElem_append, hi] using congrArg (·[i]) h
+
+theorem setWidth_append_eq_shiftLeft_setWidth_or {b : BitVec w} {b' : BitVec w'} :
+    (b ++ b').setWidth w'' = (b.setWidth w'' <<< w') ||| b'.setWidth w'' := by
+  ext i hi
+  simp only [getElem_setWidth, getElem_or, getElem_shiftLeft]
+  rw [getLsbD_append]
+  split <;> simp_all
+
+theorem setWidth_append_append_eq_shiftLeft_setWidth_or {b : BitVec w} {b' : BitVec w'} {b'' : BitVec w''} :
+    (b ++ b' ++ b'').setWidth w''' = (b.setWidth w''' <<< (w' + w'')) ||| (b'.setWidth w''' <<< w'') ||| b''.setWidth w''' := by
+  rw [BitVec.setWidth_append_eq_shiftLeft_setWidth_or,
+    BitVec.setWidth_append_eq_shiftLeft_setWidth_or,
+    BitVec.shiftLeft_or_distrib, BitVec.shiftLeft_add]
+
+theorem setWidth_append_append_append_eq_shiftLeft_setWidth_or {b : BitVec w} {b' : BitVec w'} {b'' : BitVec w''} {b''' : BitVec w'''} :
+    (b ++ b' ++ b'' ++ b''').setWidth w'''' = (b.setWidth w'''' <<< (w' + w'' + w''')) ||| (b'.setWidth w'''' <<< (w'' + w''')) |||
+      (b''.setWidth w'''' <<< w''') ||| b'''.setWidth w'''' := by
+  simp only [BitVec.setWidth_append_eq_shiftLeft_setWidth_or, BitVec.shiftLeft_or_distrib, BitVec.shiftLeft_add]
+
+theorem and_setWidth_allOnes (w' w : Nat) (b : BitVec (w' + w)) :
+    b &&& (BitVec.allOnes w).setWidth (w' + w) = 0#w' ++ b.setWidth w := by
+  ext i hi
+  simp only [getElem_and, getElem_setWidth, getLsbD_allOnes]
+  rw [BitVec.getElem_append]
+  split <;> simp_all
+
 /-! ### rev -/
 
 @[grind =]
@@ -3483,7 +3565,7 @@ theorem toInt_sub_toInt_lt_twoPow_iff {x y : BitVec w} :
     have := two_mul_toInt_lt (x := y)
     simp only [Nat.add_one_sub_one]
     constructor
-    · intros h
+    · intro h
       rw_mod_cast [← Int.add_bmod_right, Int.bmod_eq_of_le]
       <;> omega
     · have := Int.bmod_neg_iff (x := x.toInt - y.toInt) (m := 2 ^ (w + 1))
@@ -3499,7 +3581,7 @@ theorem twoPow_le_toInt_sub_toInt_iff {x y : BitVec w} :
     have := le_two_mul_toInt (x := y); have := two_mul_toInt_lt (x := y)
     simp only [Nat.add_one_sub_one]
     constructor
-    · intros h
+    · intro h
       simp only [show 0 ≤ x.toInt by omega, show y.toInt < 0 by omega, _root_.true_and]
       rw_mod_cast [← Int.sub_bmod_right, Int.bmod_eq_of_le (by omega) (by omega)]
       omega
@@ -4028,6 +4110,9 @@ instance instLawfulOrderLT : LawfulOrderLT (BitVec n) := by
   apply LawfulOrderLT.of_le
   simpa using fun _ _ => BitVec.lt_asymm
 
+theorem length_pos_of_lt {b b' : BitVec w} (h : b < b') : 0 < w :=
+  length_pos_of_ne (BitVec.ne_of_lt h)
+
 protected theorem umod_lt (x : BitVec n) {y : BitVec n} : 0 < y → x % y < y := by
   simp only [ofNat_eq_ofNat, lt_def, toNat_ofNat, Nat.zero_mod]
   apply Nat.mod_lt
@@ -4099,6 +4184,14 @@ theorem lt_of_msb_false_of_msb_true {x y : BitVec w} (hx : x.msb = false) (hy :
   simp
   omega
 
+theorem lt_add_one {b : BitVec w} (h : b ≠ allOnes w) : b < b + 1 := by
+  simp only [ne_eq, ← toNat_inj, toNat_allOnes] at h
+  simp only [BitVec.lt_def, ofNat_eq_ofNat, toNat_add, toNat_ofNat, Nat.add_mod_mod]
+  rw [Nat.mod_eq_of_lt]
+  · exact Nat.lt_add_one _
+  · have := b.toNat_lt_twoPow_of_le (Nat.le_refl _)
+    omega
+
 /-! ### udiv -/
 
 theorem udiv_def {x y : BitVec n} : x / y = BitVec.ofNat n (x.toNat / y.toNat) := by
@@ -5244,7 +5337,7 @@ theorem replicate_succ' {x : BitVec w} :
     (replicate n x ++ x).cast (by rw [Nat.mul_succ]) := by
   simp [replicate_append_self]
 
-theorem BitVec.setWidth_add_eq_mod {x y : BitVec w} : BitVec.setWidth i (x + y) = (BitVec.setWidth i x + BitVec.setWidth i y) % (BitVec.twoPow i w) := by
+theorem setWidth_add_eq_mod {x y : BitVec w} : BitVec.setWidth i (x + y) = (BitVec.setWidth i x + BitVec.setWidth i y) % (BitVec.twoPow i w) := by
   apply BitVec.eq_of_toNat_eq
   rw [toNat_setWidth]
   simp only [toNat_setWidth, toNat_add, toNat_umod, Nat.add_mod_mod, Nat.mod_add_mod, toNat_twoPow]
@@ -5253,6 +5346,14 @@ theorem BitVec.setWidth_add_eq_mod {x y : BitVec w} : BitVec.setWidth i (x + y)
   · have hk : 2 ^ w < 2 ^ i := Nat.pow_lt_pow_of_lt (by decide) (Nat.lt_of_not_le h)
     rw [Nat.mod_eq_of_lt hk, Nat.mod_mod_eq_mod_mod_of_dvd (Nat.pow_dvd_pow _ (Nat.le_of_not_le h))]
 
+theorem setWidth_setWidth_eq_self {a : BitVec w} {w' : Nat} (h : a < BitVec.twoPow w w') : (a.setWidth w').setWidth w = a := by
+  by_cases hw : w' < w
+  · simp only [toNat_eq, toNat_setWidth]
+    rw [Nat.mod_mod_of_dvd' (Nat.pow_dvd_pow _ (Nat.le_of_lt hw)), Nat.mod_eq_of_lt]
+    rwa [BitVec.lt_def, BitVec.toNat_twoPow_of_lt hw] at h
+  · rw [BitVec.lt_def, BitVec.toNat_twoPow_of_le (by omega)] at h
+    simp at h
+
 /-! ### intMin -/
 
 @[grind =]
@@ -5766,39 +5867,24 @@ theorem msb_replicate {n w : Nat} {x : BitVec w} :
   simp only [BitVec.msb, getMsbD_replicate, Nat.zero_mod]
   cases n <;> cases w <;> simp
 
-/-! ### Count leading zeros -/
-
-theorem clzAuxRec_zero (x : BitVec w) :
-    x.clzAuxRec 0 = if x.getLsbD 0 then BitVec.ofNat w (w - 1) else BitVec.ofNat w w := by rfl
-
-theorem clzAuxRec_succ (x : BitVec w) :
-    x.clzAuxRec (n + 1) = if x.getLsbD (n + 1) then BitVec.ofNat w (w - 1 - (n + 1)) else BitVec.clzAuxRec x n := by rfl
-
-theorem clzAuxRec_eq_clzAuxRec_of_le (x : BitVec w) (h : w - 1 ≤ n) :
-    x.clzAuxRec n = x.clzAuxRec (w - 1) := by
-  let k := n - (w - 1)
-  rw [show n = (w - 1) + k by omega]
-  induction k
-  case zero => simp
-  case succ k ihk =>
-    simp [show w - 1 + (k + 1) = (w - 1 + k) + 1 by omega, clzAuxRec_succ, ihk,
-      show x.getLsbD (w - 1 + k + 1) = false by simp only [show w ≤ w - 1 + k + 1 by omega, getLsbD_of_ge]]
-
-theorem clzAuxRec_eq_clzAuxRec_of_getLsbD_false {x : BitVec w} (h : ∀ i, n < i → x.getLsbD i = false) :
-    x.clzAuxRec n = x.clzAuxRec (n + k) := by
-  induction k
-  case zero => simp
-  case succ k ihk =>
-    simp only [show n + (k + 1) = (n + k) + 1 by omega, clzAuxRec_succ]
-    by_cases hxn : x.getLsbD (n + k + 1)
-    · have : ¬ ∀ (i : Nat), n < i → x.getLsbD i = false := by
-        simp only [Classical.not_forall, Bool.not_eq_false]
-        exists n + k + 1
-        simp [show n < n + k + 1 by omega, hxn]
-      contradiction
-    · simp only [hxn, Bool.false_eq_true, ↓reduceIte]
-      exact ihk
+@[simp]
+theorem reverse_eq_zero_iff {x : BitVec w} :
+    x.reverse = 0#w ↔ x = 0#w := by
+  constructor
+  · intro hrev
+    ext i hi
+    rw [← getLsbD_eq_getElem, getLsbD_eq_getMsbD, ← getLsbD_reverse]
+    simp [hrev]
+  · intro hzero
+    ext i hi
+    rw [← getLsbD_eq_getElem, getLsbD_eq_getMsbD, getMsbD_reverse]
+    simp [hi, hzero]
 
+@[simp]
+theorem reverse_reverse_eq {x : BitVec w} :
+    x.reverse.reverse = x := by
+  ext k hk
+  rw [getElem_reverse, getMsbD_reverse, getLsbD_eq_getElem]
 
 /-! ### Inequalities (le / lt) -/
 
@@ -5848,6 +5934,433 @@ theorem sle_eq_ule {x y : BitVec w} : x.sle y = (x.msb != y.msb ^^ x.ule y) := b
 theorem sle_eq_ule_of_msb_eq {x y : BitVec w} (h : x.msb = y.msb) : x.sle y = x.ule y := by
   simp [BitVec.sle_eq_ule, h]
 
+/-- A bitvector interpreted as a natural number is greater than or equal to `2 ^ i` if and only if
+  there exists at least one bit with `true` value at position `i` or higher. -/
+theorem le_toNat_iff_getLsbD_eq_true {x : BitVec w} (hi : i < w ) :
+    (2 ^ i ≤ x.toNat) ↔ (∃ k, x.getLsbD (i + k) = true) := by
+  rcases w with _|w
+  · simp [of_length_zero]
+  · constructor
+    · intro hle
+      apply Classical.byContradiction
+      intros hcontra
+      let x' := setWidth (i + 1) x
+      have hx' : setWidth (i + 1) x = x' := by rfl
+      have hcast : w - i + (i + 1) = w + 1 := by omega
+      simp only [not_exists, Bool.not_eq_true] at hcontra
+      have hx'' : x = BitVec.cast hcast (0#(w - i) ++ x') := by
+        ext j
+        by_cases hj : j < i + 1
+        · simp only [← hx', getElem_cast, getElem_append, hj, reduceDIte, getElem_setWidth]
+          rw [getLsbD_eq_getElem]
+        · simp only [getElem_cast, getElem_append, hj, reduceDIte, getElem_zero]
+          let j' := j - i
+          simp only [show j = i + j' by omega]
+          apply hcontra
+      have : x'.toNat < 2 ^ i := by
+        apply Nat.lt_pow_two_of_testBit (n := i) x'.toNat
+        intro j hj
+        let j' := j - i
+        specialize hcontra j'
+        have : x'.getLsbD (i + j') = x.getLsbD (i + j') := by
+          subst x'
+          simp [hcontra]
+        simp [show j = i + j' by omega, testBit_toNat, this, hcontra]
+      have : x'.toNat = x.toNat := by
+        have := BitVec.setWidth_eq_append (w := (w + 1)) (v := i + 1) (x := x')
+        specialize this (by omega)
+        rw [toNat_eq, toNat_setWidth, Nat.mod_eq_of_lt (by omega)] at this
+        simp [hx'']
+      omega
+    · intro h
+      obtain ⟨k, hk⟩ := h
+      by_cases hk' : i + k < w + 1
+      · have := Nat.ge_two_pow_of_testBit hk
+        have := Nat.pow_le_pow_of_le (a := 2) (n := i) (m := i + k) (by omega) (by omega)
+        omega
+      · simp [show w + 1 ≤ i + k by omega] at hk
+
+/-- A bitvector interpreted as a natural number is strictly smaller than `2 ^ i` if and only if
+  all bits at position `i` or higher are false. -/
+theorem toNat_lt_iff_getLsbD_eq_false {x : BitVec w} (i : Nat) (hi : i < w) :
+    x.toNat < 2 ^ i ↔ (∀ k, x.getLsbD (i + k) = false) := by
+  constructor
+  · intro h
+    apply Classical.byContradiction
+    intro hcontra
+    simp only [Classical.not_forall, Bool.not_eq_false] at hcontra
+    obtain ⟨k, hk⟩ := hcontra
+    have hle := Nat.ge_two_pow_of_testBit hk
+    by_cases hlt : i + k < w
+    · have := Nat.pow_le_pow_of_le (a := 2) (n := i) (m := i + k) (by omega) (by omega)
+      omega
+    · simp [show w ≤ i + k by omega] at hk
+  · intro h
+    apply Classical.byContradiction
+    intro hcontra
+    simp [BitVec.le_toNat_iff_getLsbD_eq_true (x := x) (i := i) hi, h] at hcontra
+
+/-- If a bitvector interpreted as a natural number is strictly smaller than `2 ^ (k + 1)` and greater than or
+  equal to 2 ^ k, then the bit at position `k` must be `true` -/
+theorem getElem_eq_true_of_lt_of_le {x : BitVec w} (hk' : k < w) (hlt: x.toNat < 2 ^ (k + 1)) (hle : 2 ^ k ≤ x.toNat) :
+    x[k] = true := by
+  have := le_toNat_iff_getLsbD_eq_true (x := x) (i := k) hk'
+  simp only [hle, true_iff] at this
+  obtain ⟨k',hk'⟩ := this
+  by_cases hkk' : k + k' < w
+  · have := Nat.ge_two_pow_of_testBit hk'
+    by_cases hzk' : k' = 0
+    · simp [hzk'] at hk'; exact hk'
+    · have := Nat.pow_lt_pow_of_lt (a := 2) (n := k) (m := k + k') (by omega) (by omega)
+      have := Nat.pow_le_pow_of_le (a := 2) (n := k + 1) (m := k + k') (by omega) (by omega)
+      omega
+  · simp [show w ≤ k + k' by omega] at hk'
+
+theorem not_lt_iff {b : BitVec w} : ~~~b < b ↔ 0 < w ∧ b.msb = true := by
+  refine ⟨fun h => ?_, fun ⟨hw, hb⟩ => ?_⟩
+  · have := length_pos_of_lt h
+    exact ⟨this, by rwa [← ult_iff_lt, ult_eq_msb_of_msb_neq (by simp_all)] at h⟩
+  · rwa [← ult_iff_lt, ult_eq_msb_of_msb_neq (by simp_all)]
+
+/-! ### Count leading zeros -/
+
+theorem clzAuxRec_zero (x : BitVec w) :
+    x.clzAuxRec 0 = if x.getLsbD 0 then BitVec.ofNat w (w - 1) else BitVec.ofNat w w := by rfl
+
+theorem clzAuxRec_succ (x : BitVec w) :
+    x.clzAuxRec (n + 1) = if x.getLsbD (n + 1) then BitVec.ofNat w (w - 1 - (n + 1)) else BitVec.clzAuxRec x n := by rfl
+
+theorem clzAuxRec_eq_clzAuxRec_of_le {x : BitVec w} (h : w - 1 ≤ n) :
+    x.clzAuxRec n = x.clzAuxRec (w - 1) := by
+  let k := n - (w - 1)
+  rw [show n = (w - 1) + k by omega]
+  induction k
+  · case zero => simp
+  · case succ k ihk =>
+    simp [show w - 1 + (k + 1) = (w - 1 + k) + 1 by omega, clzAuxRec_succ, ihk,
+      show x.getLsbD (w - 1 + k + 1) = false by simp only [show w ≤ w - 1 + k + 1 by omega, getLsbD_of_ge]]
+
+theorem clzAuxRec_eq_clzAuxRec_of_getLsbD_false {x : BitVec w} (h : ∀ i, n < i → x.getLsbD i = false) :
+    x.clzAuxRec n = x.clzAuxRec (n + k) := by
+  induction k
+  · case zero => simp
+  · case succ k ihk =>
+    simp only [show n + (k + 1) = (n + k) + 1 by omega, clzAuxRec_succ]
+    by_cases hxn : x.getLsbD (n + k + 1)
+    · have : ¬ ∀ (i : Nat), n < i → x.getLsbD i = false := by
+        simp only [Classical.not_forall, Bool.not_eq_false]
+        exists n + k + 1
+        simp [show n < n + k + 1 by omega, hxn]
+      contradiction
+    · simp only [hxn, Bool.false_eq_true, ↓reduceIte]
+      exact ihk
+
+theorem clzAuxRec_le {x : BitVec w} (n : Nat) :
+    clzAuxRec x n ≤ w := by
+  have := Nat.lt_pow_self (a := 2) (n := w) (by omega)
+  rcases w with _|w
+  · simp [of_length_zero]
+  · induction n
+    · case zero =>
+      simp only  [clzAuxRec_zero]
+      by_cases hx0 : x.getLsbD 0
+      · simp only [hx0, Nat.add_one_sub_one, reduceIte, natCast_eq_ofNat, ofNat_le_ofNat,
+          Nat.mod_two_pow_self, ge_iff_le, Nat.mod_eq_of_lt (a := w) (b := 2 ^ (w + 1)) (by omega)]
+        omega
+      · simp only [hx0, Bool.false_eq_true, reduceIte, natCast_eq_ofNat, BitVec.le_refl]
+    · case succ n ihn =>
+      simp only [clzAuxRec_succ, Nat.add_one_sub_one, natCast_eq_ofNat, ge_iff_le]
+      by_cases hxn : x.getLsbD (n + 1)
+      · simp [hxn, Nat.mod_eq_of_lt (a := w - (n + 1)) (b := 2 ^(w + 1)) (by omega)]
+        omega
+      · simp only [hxn, Bool.false_eq_true, reduceIte]
+        exact ihn
+
+theorem clzAuxRec_eq_iff_of_getLsbD_false {x : BitVec w} (h : ∀ i, n < i → x.getLsbD i = false) :
+    x.clzAuxRec n = BitVec.ofNat w w ↔ ∀ j, j ≤ n → x.getLsbD j = false := by
+  rcases w with _|w
+  · simp [of_length_zero]
+  · have := Nat.lt_pow_self (a := 2) (n := w + 1)
+    induction n
+    · case zero =>
+      simp only [clzAuxRec_zero, Nat.zero_lt_succ, getLsbD_eq_getElem, Nat.add_one_sub_one,
+        ite_eq_right_iff, Nat.le_zero_eq, forall_eq]
+      by_cases hx0 : x.getLsbD 0
+      · simp [hx0, toNat_eq, toNat_ofNat, Nat.mod_eq_of_lt (a := w) (b := 2 ^ (w + 1)) (by omega)]
+      · simp only [Nat.zero_lt_succ, getLsbD_eq_getElem, Bool.not_eq_true] at hx0
+        simp [hx0]
+    · case succ n ihn =>
+      simp only [clzAuxRec_succ, Nat.add_one_sub_one]
+      by_cases hxn : x.getLsbD (n + 1)
+      · simp only [hxn, reduceIte, toNat_eq, toNat_ofNat,
+          Nat.mod_eq_of_lt (a := w - (n + 1)) (b := 2 ^ (w + 1)) (by omega), Nat.mod_two_pow_self,
+          show ¬w - (n + 1) = w + 1 by omega, false_iff, Classical.not_forall,
+          Bool.not_eq_false]
+        exists n + 1, by omega
+      · have : ∀ (i : Nat), n < i → x.getLsbD i = false := by
+          intro i hi
+          by_cases hi' : i = n + 1
+          · simp [hi', hxn]
+          · apply h; omega
+        specialize ihn this
+        simp only [Bool.not_eq_true] at ihn hxn
+        simp only [hxn, Bool.false_eq_true, reduceIte, ihn]
+        constructor
+        <;> intro h' j hj
+        <;> (by_cases hj' : j = n + 1; simp [hj', hxn]; (apply h'; omega))
+
+theorem clz_le {x : BitVec w} :
+    clz x ≤ w := by
+  unfold clz
+  rcases w with _|w
+  · simp [of_length_zero]
+  · exact clzAuxRec_le (n := w)
+
+@[simp]
+theorem clz_eq_iff_eq_zero {x : BitVec w} :
+    clz x = w ↔ x = 0#w := by
+  rcases w with _|w
+  · simp [clz, of_length_zero]
+  · simp only [clz, Nat.add_one_sub_one, natCast_eq_ofNat, zero_iff_eq_false]
+    rw [clzAuxRec_eq_iff_of_getLsbD_false (x := x) (n := w) (w := w + 1) (by intros i hi; simp [show w + 1 ≤ i by omega])]
+    constructor
+    · intro h i
+      by_cases i ≤ w
+      · apply h; omega
+      · simp [show w + 1 ≤ i by omega]
+    · intro h j hj
+      apply h
+
+theorem clzAuxRec_eq_zero_iff {x : BitVec w} (h : ∀ i, n < i → x.getLsbD i = false) (hw : 0 < w) :
+    (x.clzAuxRec n).toNat = 0 ↔ x[w - 1] = true := by
+  have := Nat.lt_pow_self (a := 2) (n := w)
+  induction n
+  · case zero =>
+    simp only [clzAuxRec_zero]
+    by_cases hw1 : w - 1 = 0
+    · by_cases hx0 : x.getLsbD 0
+      · simp [hw1, hx0]
+      · simp [hw1, show ¬ w = 0 by omega, hx0, ← getLsbD_eq_getElem]
+    · by_cases hx0 : x.getLsbD 0
+      · simp only [hx0, ↓reduceIte, toNat_ofNat,
+          Nat.mod_eq_of_lt (a := w - 1) (b := 2 ^ w) (by omega), show ¬w - 1 = 0 by omega, false_iff,
+          Bool.not_eq_true]
+        specialize h (w - 1) (by omega)
+        exact h
+      · simp [hx0, show ¬ w = 0 by omega]
+        specialize h (w - 1) (by omega)
+        exact h
+  · case succ n ihn =>
+    by_cases hxn : x.getLsbD (n + 1)
+    · simp only [clzAuxRec_succ, hxn, reduceIte, toNat_ofNat]
+      rw [Nat.mod_eq_of_lt (by omega)]
+      by_cases hwn : w - 1 - (n + 1) = 0
+      · have := lt_of_getLsbD hxn
+        simp only [show w - 1 = n + 1 by omega, Nat.sub_self, true_iff]
+        exact hxn
+      · simp only [hwn, false_iff, Bool.not_eq_true]
+        specialize h (w - 1) (by omega)
+        exact h
+    · simp only [clzAuxRec_succ, hxn, Bool.false_eq_true, reduceIte]
+      apply ihn
+      intro i hi
+      by_cases hi : i = n + 1
+      · simp [hi, hxn]
+      · apply h; omega
+
+theorem clz_eq_zero_iff {x : BitVec w} (hw : 0 < w) :
+    (clz x).toNat = 0 ↔ 2 ^ (w - 1) ≤ x.toNat := by
+  simp only [clz, clzAuxRec_eq_zero_iff (x := x) (n := w - 1) (by intro i hi; simp [show w ≤ i by omega]) hw]
+  by_cases hxw : x[w - 1]
+  · simp [hxw, two_pow_le_toNat_of_getElem_eq_true (x := x) (i := w - 1) (by omega) hxw]
+  · simp only [hxw, Bool.false_eq_true, false_iff, Nat.not_le]
+    simp only [← getLsbD_eq_getElem, ← msb_eq_getLsbD_last, Bool.not_eq_true] at hxw
+    exact toNat_lt_of_msb_false hxw
+
+/-- The number of leading zeroes is strictly less than the bitwidth iff the bitvector is nonzero. -/
+theorem clz_lt_iff_ne_zero {x : BitVec w} :
+    clz x < w ↔ x ≠ 0#w := by
+  have hle := clz_le (x := x)
+  have heq := clz_eq_iff_eq_zero (x := x)
+  constructor
+  · intro h
+    simp only [natCast_eq_ofNat, BitVec.ne_of_lt (x := x.clz) (y := BitVec.ofNat w w) h,
+      false_iff] at heq
+    simp only [ne_eq, heq, not_false_eq_true]
+  · intro h
+    simp only [natCast_eq_ofNat, h, iff_false] at heq
+    apply BitVec.lt_of_le_ne (x := x.clz) (y := BitVec.ofNat w w) hle heq
+
+theorem getLsbD_false_of_clzAuxRec {x : BitVec w} (h : ∀ i, n < i → x.getLsbD i = false) :
+    ∀ j, x.getLsbD (w - (x.clzAuxRec n).toNat + j) = false := by
+  rcases w with _|w
+  · simp
+  · have := Nat.lt_pow_self (a := 2) (n := w + 1)
+    induction n
+    · case zero =>
+      intro j
+      simp only [clzAuxRec_zero, Nat.zero_lt_succ, getLsbD_eq_getElem, Nat.add_one_sub_one]
+      by_cases hx0 : x[0]
+      · specialize h (1 + j) (by omega)
+        simp [h, hx0, Nat.mod_eq_of_lt (a := w) (b := 2 ^ (w + 1)) (by omega)]
+      · simp only [hx0, Bool.false_eq_true, ↓reduceIte, toNat_ofNat, Nat.mod_two_pow_self,
+          Nat.sub_self, Nat.zero_add]
+        by_cases hj0 : j = 0
+        · simp [hj0, hx0]
+        · specialize h j (by omega)
+          exact h
+    · case succ n ihn =>
+      intro j
+      by_cases hxn : x.getLsbD (n + 1)
+      · have := lt_of_getLsbD hxn
+        specialize h (n + j + 1 + 1) (by omega)
+        simp [h, clzAuxRec_succ, hxn, Nat.mod_eq_of_lt (a := w - (n + 1)) (b := 2 ^ (w + 1)) (by omega),
+          show (w + 1 - (w - (n + 1)) + j) = n + j + 1 + 1 by omega]
+      · simp only [clzAuxRec_succ, hxn, Bool.false_eq_true, reduceIte]
+        apply ihn
+        intro i hi
+        by_cases hin : i = n + 1
+        · simp [hin, hxn]
+        · specialize h i (by omega)
+          exact h
+
+theorem getLsbD_true_of_eq_clzAuxRec_of_ne_zero {x : BitVec w} (hx : ¬ x = 0#w) (hn : ∀ i, n < i → x.getLsbD i = false) :
+    x.getLsbD (w - 1 - (x.clzAuxRec n).toNat) = true := by
+  rcases w with _|w
+  · simp [of_length_zero] at hx
+  · have := Nat.lt_pow_self (a := 2) (n := w + 1)
+    induction n
+    · case zero =>
+      by_cases hx0 : x[0]
+      · simp only [Nat.add_one_sub_one, clzAuxRec_zero, Nat.zero_lt_succ, getLsbD_eq_getElem, hx0,
+          reduceIte, toNat_ofNat, Nat.mod_eq_of_lt (a := w) (b := 2 ^(w + 1)) (by omega), show w - w = 0 by omega]
+      · simp only [zero_iff_eq_false, Classical.not_forall, Bool.not_eq_false] at hx
+        obtain ⟨m,hm⟩ := hx
+        specialize hn m
+        by_cases hm0 : m = 0
+        · simp [hm0, hx0] at hm
+        · simp [show 0 < m by omega, hm] at hn
+    · case succ n ihn =>
+      by_cases hxn : x.getLsbD (n + 1)
+      · have := lt_of_getLsbD hxn
+        simp [clzAuxRec_succ, hxn, toNat_ofNat, Nat.mod_eq_of_lt (a := w - (n + 1)) (b := 2 ^ (w + 1)) (by omega),
+          show w - (w - (n + 1)) = n + 1 by omega]
+      · simp only [Nat.add_one_sub_one, clzAuxRec_succ, hxn, Bool.false_eq_true, reduceIte]
+        simp only [Nat.add_one_sub_one] at ihn
+        apply ihn
+        intro j hj
+        by_cases hjn : j = n + 1
+        · simp [hjn, hxn]
+        · specialize hn j (by omega)
+          exact hn
+
+theorem getLsbD_true_clz_of_ne_zero {x : BitVec w} (hw : 0 < w) (hx : x ≠ 0#w) :
+    x.getLsbD (w - 1 - (clz x).toNat) = true := by
+  unfold clz
+  apply getLsbD_true_of_eq_clzAuxRec_of_ne_zero (x := x) (n := w - 1) (by omega)
+  intro i hi
+  simp [show w ≤ i by omega]
+
+/-- A nonzero bitvector is lower-bounded by its leading zeroes. -/
+theorem two_pow_sub_clz_le_toNat_of_ne_zero {x : BitVec w} (hw : 0 < w) (hx : x ≠ 0#w) :
+    2 ^ (w - 1 - (clz x).toNat) ≤ x.toNat := by
+  by_cases hc0 : x.clz.toNat  = 0
+  · simp [hc0, ← clz_eq_zero_iff (x := x) hw]
+  · have hclz := getLsbD_true_clz_of_ne_zero (x := x) hw hx
+    rw [getLsbD_eq_getElem (by omega)] at hclz
+    have hge := Nat.ge_two_pow_of_testBit hclz
+    push_cast at hge
+    exact hge
+
+/-- A bitvector is upper bounded by the number of leading zeroes. -/
+theorem toNat_lt_two_pow_sub_clz {x : BitVec w} :
+    x.toNat < 2 ^ (w - (clz x).toNat) := by
+  rcases w with _|w
+  · simp [of_length_zero]
+  · unfold clz
+    have hlt := toNat_lt_iff_getLsbD_eq_false (x := x)
+    have hzero := clzAuxRec_eq_zero_iff (x := x) (n := w) (by intro i hi; simp [show w + 1 ≤ i by omega]) (by omega)
+    simp only [Nat.add_one_sub_one] at hzero
+    by_cases hxw : x[w]
+    · simp only [hxw, iff_true] at hzero
+      simp only [Nat.add_one_sub_one, hzero, Nat.sub_zero, gt_iff_lt]
+      omega
+    · simp only [hxw, Bool.false_eq_true, iff_false] at hzero
+      rw [hlt]
+      · intro k
+        apply getLsbD_false_of_clzAuxRec (x := x) (n := w)
+        intro i hi
+        by_cases hiw : i = w
+        · simp [hiw, hxw]
+        · simp [show w + 1 ≤ i by omega]
+      · simp; omega
+
+theorem clz_eq_reverse_ctz {x : BitVec w} :
+    x.clz = (x.reverse).ctz := by
+  simp [ctz]
+
+/-! ### Count trailing zeros -/
+
+theorem ctz_eq_reverse_clz {x : BitVec w} :
+    x.ctz = (x.reverse).clz := by
+  simp [ctz]
+
+/-- The number of trailing zeroes is strictly less than the bitwidth iff the bitvector is nonzero. -/
+@[simp]
+theorem ctz_lt_iff_ne_zero {x : BitVec w} :
+    ctz x < w ↔ x ≠ 0#w := by
+  simp only [ctz_eq_reverse_clz, natCast_eq_ofNat, ne_eq]
+  rw [show BitVec.ofNat w w = w by simp, ← reverse_eq_zero_iff (x := x)]
+  apply clz_lt_iff_ne_zero (x := x.reverse)
+
+/-- If a bitvec is different than zero the bits at indexes lower than `ctz x` are false. -/
+theorem getLsbD_false_of_lt_ctz {x : BitVec w} (hi : i < x.ctz.toNat) :
+    x.getLsbD i = false := by
+  rw [getLsbD_eq_getMsbD, ← getLsbD_reverse]
+  have hiff := ctz_lt_iff_ne_zero (x := x)
+  by_cases hzero : x = 0#w
+  · simp [hzero, getLsbD_reverse]
+  · simp only [ctz_eq_reverse_clz, natCast_eq_ofNat, ne_eq, hzero, not_false_eq_true,
+      iff_true] at hiff
+    simp only [ctz] at hi
+    have hi' : i < w := by simp [BitVec.lt_def] at hiff; omega
+    simp only [hi', decide_true, Bool.true_and]
+    have : (x.reverse.clzAuxRec (w - 1)).toNat ≤ w := by
+      rw [show ((x.reverse.clzAuxRec (w - 1)).toNat ≤ w) =
+            ((x.reverse.clzAuxRec (w - 1)).toNat ≤ (BitVec.ofNat w w).toNat) by simp, ← le_def]
+      apply clzAuxRec_le (x := x.reverse) (n := w - 1)
+    let j := (x.reverse.clzAuxRec (w - 1)).toNat - 1 - i
+    rw [show w - 1 - i = w - (x.reverse.clzAuxRec (w - 1)).toNat + j by
+      subst j
+      rw [Nat.sub_sub (n := (x.reverse.clzAuxRec (w - 1)).toNat),
+        ← Nat.add_sub_assoc (by exact Nat.one_add_le_iff.mpr hi)]
+      omega]
+    have hfalse : ∀ (i : Nat), w - 1 < i → x.reverse.getLsbD i = false := by
+      intros i hj
+      simp [show w ≤ i by omega]
+    exact getLsbD_false_of_clzAuxRec (x := x.reverse) (n := w - 1) hfalse (j := j)
+
+/-- If a bitvec is different than zero, the bit at index `ctz x`, i.e., the first bit after the
+  trailing zeros, is true. -/
+theorem getLsbD_true_ctz_of_ne_zero {x : BitVec w} (hx : x ≠ 0#w) :
+    x.getLsbD (ctz x).toNat = true := by
+  simp only [ctz_eq_reverse_clz, clz]
+  rw [getLsbD_eq_getMsbD, ← getLsbD_reverse]
+  have := ctz_lt_iff_ne_zero (x := x)
+  simp only [ctz_eq_reverse_clz, clz, natCast_eq_ofNat, lt_def, toNat_ofNat, Nat.mod_two_pow_self,
+    ne_eq] at this
+  simp only [this, hx, not_false_eq_true, decide_true, Bool.true_and]
+  have hnotrev : ¬x.reverse = 0#w := by simp [reverse_eq_zero_iff, hx]
+  apply getLsbD_true_of_eq_clzAuxRec_of_ne_zero (x := x.reverse) (n := w - 1) hnotrev
+  intro i hi
+  simp [show w ≤ i by omega]
+
+/-- A nonzero bitvector is lower-bounded by its trailing zeroes. -/
+theorem two_pow_ctz_le_toNat_of_ne_zero {x : BitVec w} (hx : x ≠ 0#w) :
+    2 ^ (ctz x).toNat ≤ x.toNat := by
+  have hclz := getLsbD_true_ctz_of_ne_zero (x := x) hx
+  exact Nat.ge_two_pow_of_testBit hclz
+
 /-! ### Deprecations -/
 
 set_option linter.missingDocs false

src/Init/Data/Bool.lean

@@ -10,7 +10,6 @@ public import Init.NotationExtra
 
 public section
 
-
 namespace Bool
 
 /--

src/Init/Data/ByteArray.lean

@@ -7,5 +7,8 @@ module
 
 prelude
 public import Init.Data.ByteArray.Basic
+public import Init.Data.ByteArray.Bootstrap
+public import Init.Data.ByteArray.Extra
+public import Init.Data.ByteArray.Lemmas
 
 public section

src/Init/Data/ByteArray/Basic.lean

@@ -6,21 +6,16 @@ Author: Leonardo de Moura
 module
 
 prelude
-public import Init.Data.Array.Basic
 public import Init.Data.Array.DecidableEq
 public import Init.Data.UInt.Basic
-public import all Init.Data.UInt.BasicAux
+public import Init.Data.UInt.BasicAux
+import all Init.Data.UInt.BasicAux
 public import Init.Data.Option.Basic
+public import Init.Data.Array.Extract
 
 @[expose] public section
 universe u
 
-structure ByteArray where
-  data : Array UInt8
-
-attribute [extern "lean_byte_array_mk"] ByteArray.mk
-attribute [extern "lean_byte_array_data"] ByteArray.data
-
 namespace ByteArray
 
 deriving instance BEq for ByteArray
@@ -30,29 +25,15 @@ attribute [ext] ByteArray
 instance : DecidableEq ByteArray :=
   fun _ _ => decidable_of_decidable_of_iff ByteArray.ext_iff.symm
 
-@[extern "lean_mk_empty_byte_array"]
-def emptyWithCapacity (c : @& Nat) : ByteArray :=
-  { data := #[] }
-
 @[deprecated emptyWithCapacity (since := "2025-03-12")]
 abbrev mkEmpty := emptyWithCapacity
 
-def empty : ByteArray := emptyWithCapacity 0
-
 instance : Inhabited ByteArray where
   default := empty
 
 instance : EmptyCollection ByteArray where
   emptyCollection := ByteArray.empty
 
-@[extern "lean_byte_array_push"]
-def push : ByteArray → UInt8 → ByteArray
-  | ⟨bs⟩, b => ⟨bs.push b⟩
-
-@[extern "lean_byte_array_size"]
-def size : (@& ByteArray) → Nat
-  | ⟨bs⟩ => bs.size
-
 @[extern "lean_sarray_size", simp]
 def usize (a : @& ByteArray) : USize :=
   a.size.toUSize
@@ -106,11 +87,31 @@ def copySlice (src : @& ByteArray) (srcOff : Nat) (dest : ByteArray) (destOff le
 def extract (a : ByteArray) (b e : Nat) : ByteArray :=
   a.copySlice b empty 0 (e - b)
 
-protected def append (a : ByteArray) (b : ByteArray) : ByteArray :=
+protected def fastAppend (a : ByteArray) (b : ByteArray) : ByteArray :=
   -- we assume that `append`s may be repeated, so use asymptotic growing; use `copySlice` directly to customize
   b.copySlice 0 a a.size b.size false
 
-instance : Append ByteArray := ⟨ByteArray.append⟩
+@[simp]
+theorem size_data {a : ByteArray} :
+  a.data.size = a.size := rfl
+
+@[csimp]
+theorem append_eq_fastAppend : @ByteArray.append = @ByteArray.fastAppend := by
+  funext a b
+  ext1
+  apply Array.ext'
+  simp [ByteArray.fastAppend, copySlice, ← size_data, - Array.append_assoc]
+
+-- Needs to come after the `csimp` lemma
+instance : Append ByteArray where
+  append := ByteArray.append
+
+@[simp]
+theorem append_eq {a b : ByteArray} : a.append b = a ++ b := rfl
+
+@[simp]
+theorem fastAppend_eq {a b : ByteArray} : a.fastAppend b = a ++ b := by
+  simp [← append_eq_fastAppend]
 
 def toList (bs : ByteArray) : List UInt8 :=
   let rec loop (i : Nat) (r : List UInt8) :=
@@ -350,37 +351,4 @@ def prevn : Iterator → Nat → Iterator
 end Iterator
 end ByteArray
 
-/--
-Converts a list of bytes into a `ByteArray`.
--/
-def List.toByteArray (bs : List UInt8) : ByteArray :=
-  let rec loop
-    | [],    r => r
-    | b::bs, r => loop bs (r.push b)
-  loop bs ByteArray.empty
-
 instance : ToString ByteArray := ⟨fun bs => bs.toList.toString⟩
-
-/-- Interpret a `ByteArray` of size 8 as a little-endian `UInt64`. -/
-def ByteArray.toUInt64LE! (bs : ByteArray) : UInt64 :=
-  assert! bs.size == 8
-  (bs.get! 7).toUInt64 <<< 0x38 |||
-  (bs.get! 6).toUInt64 <<< 0x30 |||
-  (bs.get! 5).toUInt64 <<< 0x28 |||
-  (bs.get! 4).toUInt64 <<< 0x20 |||
-  (bs.get! 3).toUInt64 <<< 0x18 |||
-  (bs.get! 2).toUInt64 <<< 0x10 |||
-  (bs.get! 1).toUInt64 <<< 0x8  |||
-  (bs.get! 0).toUInt64
-
-/-- Interpret a `ByteArray` of size 8 as a big-endian `UInt64`. -/
-def ByteArray.toUInt64BE! (bs : ByteArray) : UInt64 :=
-  assert! bs.size == 8
-  (bs.get! 0).toUInt64 <<< 0x38 |||
-  (bs.get! 1).toUInt64 <<< 0x30 |||
-  (bs.get! 2).toUInt64 <<< 0x28 |||
-  (bs.get! 3).toUInt64 <<< 0x20 |||
-  (bs.get! 4).toUInt64 <<< 0x18 |||
-  (bs.get! 5).toUInt64 <<< 0x10 |||
-  (bs.get! 6).toUInt64 <<< 0x8  |||
-  (bs.get! 7).toUInt64

src/Init/Data/ByteArray/Bootstrap.lean

@@ -0,0 +1,53 @@
+/-
+Copyright (c) 2025 Lean FRO, LLC. All rights reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Author: Markus Himmel
+-/
+module
+
+prelude
+public import Init.Prelude
+public import Init.Data.List.Basic
+
+public section
+
+namespace ByteArray
+
+@[simp]
+theorem data_push {a : ByteArray} {b : UInt8} : (a.push b).data = a.data.push b := rfl
+
+@[expose]
+protected def append (a b : ByteArray) : ByteArray :=
+  ⟨⟨a.data.toList ++ b.data.toList⟩⟩
+
+@[simp]
+theorem toList_data_append' {a b : ByteArray} :
+    (a.append b).data.toList = a.data.toList ++ b.data.toList := by
+  have ⟨⟨a⟩⟩ := a
+  have ⟨⟨b⟩⟩ := b
+  rfl
+
+theorem ext : {x y : ByteArray} → x.data = y.data → x = y
+  | ⟨_⟩, ⟨_⟩, rfl => rfl
+
+end ByteArray
+
+@[simp]
+theorem List.toList_data_toByteArray {l : List UInt8} :
+    l.toByteArray.data.toList = l := by
+  rw [List.toByteArray]
+  suffices ∀ a b, (List.toByteArray.loop a b).data.toList = b.data.toList ++ a by
+    simpa using this l ByteArray.empty
+  intro a b
+  fun_induction List.toByteArray.loop a b with simp_all [toList_push]
+where
+  toList_push {xs : Array UInt8} {x : UInt8} : (xs.push x).toList = xs.toList ++ [x] := by
+    have ⟨xs⟩ := xs
+    simp [Array.push, List.concat_eq_append]
+
+theorem List.toByteArray_append' {l l' : List UInt8} :
+    (l ++ l').toByteArray = l.toByteArray.append l'.toByteArray :=
+  ByteArray.ext (ext (by simp))
+where
+  ext : {x y : Array UInt8} → x.toList = y.toList → x = y
+  | ⟨_⟩, ⟨_⟩, rfl => rfl

src/Init/Data/ByteArray/Extra.lean

@@ -0,0 +1,34 @@
+/-
+Copyright (c) 2019 Microsoft Corporation. All rights reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Author: Leonardo de Moura
+-/
+module
+
+prelude
+public import Init.Data.ByteArray.Basic
+import Init.Data.String.Basic
+
+/-- Interpret a `ByteArray` of size 8 as a little-endian `UInt64`. -/
+public def ByteArray.toUInt64LE! (bs : ByteArray) : UInt64 :=
+  assert! bs.size == 8
+  (bs.get! 7).toUInt64 <<< 0x38 |||
+  (bs.get! 6).toUInt64 <<< 0x30 |||
+  (bs.get! 5).toUInt64 <<< 0x28 |||
+  (bs.get! 4).toUInt64 <<< 0x20 |||
+  (bs.get! 3).toUInt64 <<< 0x18 |||
+  (bs.get! 2).toUInt64 <<< 0x10 |||
+  (bs.get! 1).toUInt64 <<< 0x8  |||
+  (bs.get! 0).toUInt64
+
+/-- Interpret a `ByteArray` of size 8 as a big-endian `UInt64`. -/
+public def ByteArray.toUInt64BE! (bs : ByteArray) : UInt64 :=
+  assert! bs.size == 8
+  (bs.get! 0).toUInt64 <<< 0x38 |||
+  (bs.get! 1).toUInt64 <<< 0x30 |||
+  (bs.get! 2).toUInt64 <<< 0x28 |||
+  (bs.get! 3).toUInt64 <<< 0x20 |||
+  (bs.get! 4).toUInt64 <<< 0x18 |||
+  (bs.get! 5).toUInt64 <<< 0x10 |||
+  (bs.get! 6).toUInt64 <<< 0x8  |||
+  (bs.get! 7).toUInt64

src/Init/Data/ByteArray/Lemmas.lean

@@ -0,0 +1,252 @@
+/-
+Copyright (c) 2025 Lean FRO, LLC. All rights reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Author: Markus Himmel
+-/
+module
+
+prelude
+public import Init.Data.ByteArray.Basic
+public import Init.Data.Array.Extract
+
+public section
+
+@[simp]
+theorem ByteArray.data_empty : ByteArray.empty.data = #[] := rfl
+
+@[simp]
+theorem ByteArray.data_extract {a : ByteArray} {b e : Nat} :
+    (a.extract b e).data = a.data.extract b e := by
+  simp [extract, copySlice]
+  by_cases b ≤ e
+  · rw [(by omega : b + (e - b) = e)]
+  · rw [Array.extract_eq_empty_of_le (by omega), Array.extract_eq_empty_of_le (by omega)]
+
+@[simp]
+theorem ByteArray.extract_zero_size {b : ByteArray} : b.extract 0 b.size = b := by
+  ext1
+  simp
+
+@[simp]
+theorem ByteArray.extract_same {b : ByteArray} {i : Nat} : b.extract i i = ByteArray.empty := by
+  ext1
+  simp [Nat.min_le_left]
+
+theorem ByteArray.fastAppend_eq_copySlice {a b : ByteArray} :
+  a.fastAppend b = b.copySlice 0 a a.size b.size false := rfl
+
+@[simp]
+theorem List.toByteArray_append {l l' : List UInt8} :
+    (l ++ l').toByteArray = l.toByteArray ++ l'.toByteArray := by
+  simp [List.toByteArray_append']
+
+@[simp]
+theorem ByteArray.toList_data_append {l l' : ByteArray} :
+    (l ++ l').data.toList = l.data.toList ++ l'.data.toList := by
+  simp [← append_eq]
+
+@[simp]
+theorem ByteArray.data_append {l l' : ByteArray} :
+    (l ++ l').data = l.data ++ l'.data := by
+  simp [← Array.toList_inj]
+
+@[simp]
+theorem ByteArray.size_empty : ByteArray.empty.size = 0 := by
+  simp [← ByteArray.size_data]
+
+@[simp]
+theorem List.data_toByteArray {l : List UInt8} :
+    l.toByteArray.data = l.toArray := by
+  rw [List.toByteArray]
+  suffices ∀ a b, (List.toByteArray.loop a b).data = b.data ++ a.toArray by
+    simpa using this l ByteArray.empty
+  intro a b
+  fun_induction List.toByteArray.loop a b with simp_all
+
+@[simp]
+theorem List.size_toByteArray {l : List UInt8} :
+    l.toByteArray.size = l.length := by
+  simp [← ByteArray.size_data]
+
+@[simp]
+theorem List.toByteArray_nil : List.toByteArray [] = ByteArray.empty := rfl
+
+@[simp]
+theorem ByteArray.empty_append {b : ByteArray} : ByteArray.empty ++ b = b := by
+  ext1
+  simp
+
+@[simp]
+theorem ByteArray.append_empty {b : ByteArray} : b ++ ByteArray.empty = b := by
+  ext1
+  simp
+
+@[simp, grind =]
+theorem ByteArray.size_append {a b : ByteArray} : (a ++ b).size = a.size + b.size := by
+  simp [← size_data]
+
+@[simp]
+theorem ByteArray.size_eq_zero_iff {a : ByteArray} : a.size = 0 ↔ a = ByteArray.empty := by
+  refine ⟨fun h => ?_, fun h => h ▸ ByteArray.size_empty⟩
+  ext1
+  simp [← Array.size_eq_zero_iff, h]
+
+theorem ByteArray.getElem_eq_getElem_data {a : ByteArray} {i : Nat} {h : i < a.size} :
+    a[i] = a.data[i]'(by simpa [← size_data]) := rfl
+
+@[simp]
+theorem ByteArray.getElem_append_left {i : Nat} {a b : ByteArray} {h : i < (a ++ b).size}
+    (hlt : i < a.size) : (a ++ b)[i] = a[i] := by
+  simp only [getElem_eq_getElem_data, data_append]
+  rw [Array.getElem_append_left (by simpa)]
+
+theorem ByteArray.getElem_append_right {i : Nat} {a b : ByteArray} {h : i < (a ++ b).size}
+    (hle : a.size ≤ i) : (a ++ b)[i] = b[i - a.size]'(by simp_all; omega) := by
+  simp only [getElem_eq_getElem_data, data_append]
+  rw [Array.getElem_append_right (by simpa)]
+  simp
+
+@[simp]
+theorem List.getElem_toByteArray {l : List UInt8} {i : Nat} {h : i < l.toByteArray.size} :
+    l.toByteArray[i]'h = l[i]'(by simp_all) := by
+  simp [ByteArray.getElem_eq_getElem_data]
+
+theorem List.getElem_eq_getElem_toByteArray {l : List UInt8} {i : Nat} {h : i < l.length} :
+    l[i]'h = l.toByteArray[i]'(by simp_all) := by
+  simp
+
+@[simp]
+theorem ByteArray.size_extract {a : ByteArray} {b e : Nat} :
+    (a.extract b e).size = min e a.size - b := by
+  simp [← size_data]
+
+@[simp]
+theorem ByteArray.extract_eq_empty_iff {b : ByteArray} {i j : Nat} : b.extract i j = ByteArray.empty ↔ min j b.size ≤ i := by
+  rw [← size_eq_zero_iff, size_extract]
+  omega
+
+@[simp]
+theorem ByteArray.extract_add_left {b : ByteArray} {i j : Nat} : b.extract (i + j) i = ByteArray.empty := by
+  simp only [extract_eq_empty_iff]
+  exact Nat.le_trans (Nat.min_le_left _ _) (by simp)
+
+@[simp]
+theorem ByteArray.append_eq_empty_iff {a b : ByteArray} :
+    a ++ b = ByteArray.empty ↔ a = ByteArray.empty ∧ b = ByteArray.empty := by
+  simp [← size_eq_zero_iff, size_append]
+
+@[simp]
+theorem List.toByteArray_eq_empty {l : List UInt8} :
+    l.toByteArray = ByteArray.empty ↔ l = [] := by
+  simp [← ByteArray.size_eq_zero_iff]
+
+theorem ByteArray.append_right_inj {ys₁ ys₂ : ByteArray} (xs : ByteArray) :
+    xs ++ ys₁ = xs ++ ys₂ ↔ ys₁ = ys₂ := by
+  simp [ByteArray.ext_iff, Array.append_right_inj]
+
+@[simp]
+theorem ByteArray.extract_append_extract {a : ByteArray} {i j k : Nat} :
+    a.extract i j ++ a.extract j k = a.extract (min i j) (max j k) := by
+  ext1
+  simp
+
+theorem ByteArray.extract_eq_extract_append_extract {a : ByteArray} {i k : Nat} (j : Nat)
+    (hi : i ≤ j) (hk : j ≤ k) :
+    a.extract i k = a.extract i j ++ a.extract j k := by
+  simp
+  rw [Nat.min_eq_left hi, Nat.max_eq_right hk]
+
+theorem ByteArray.append_inj_left {xs₁ xs₂ ys₁ ys₂ : ByteArray} (h : xs₁ ++ ys₁ = xs₂ ++ ys₂) (hl : xs₁.size = xs₂.size) : xs₁ = xs₂ := by
+  simp only [ByteArray.ext_iff, ← ByteArray.size_data, ByteArray.data_append] at *
+  exact Array.append_inj_left h hl
+
+theorem ByteArray.extract_append_eq_right {a b : ByteArray} {i : Nat} (hi : i = a.size) :
+    (a ++ b).extract i (a ++ b).size = b := by
+  subst hi
+  ext1
+  simp [← size_data]
+
+theorem ByteArray.extract_append_eq_left {a b : ByteArray} {i : Nat} (hi : i = a.size) :
+    (a ++ b).extract 0 i = a := by
+  subst hi
+  ext1
+  simp
+
+theorem ByteArray.extract_append_size_left {a b : ByteArray} {i : Nat} :
+    (a ++ b).extract i a.size = a.extract i a.size := by
+  ext1
+  simp
+
+theorem ByteArray.extract_append_size_add {a b : ByteArray} {i j : Nat} :
+    (a ++ b).extract (a.size + i) (a.size + j) = b.extract i j := by
+  ext1
+  simp
+
+theorem ByteArray.extract_append  {as bs : ByteArray} {i j : Nat} :
+    (as ++ bs).extract i j = as.extract i j ++ bs.extract (i - as.size) (j - as.size) := by
+  ext1
+  simp
+
+theorem ByteArray.extract_append_size_add' {a b : ByteArray} {i j k : Nat} (h : k = a.size) :
+    (a ++ b).extract (k + i) (k + j) = b.extract i j := by
+  cases h
+  rw [extract_append_size_add]
+
+theorem ByteArray.extract_extract {a : ByteArray} {i j k l : Nat} :
+    (a.extract i j).extract k l = a.extract (i + k) (min (i + l) j) := by
+  ext1
+  simp
+
+theorem ByteArray.getElem_extract_aux {xs : ByteArray} {start stop : Nat} (h : i < (xs.extract start stop).size) :
+    start + i < xs.size := by
+  rw [size_extract] at h; apply Nat.add_lt_of_lt_sub'; apply Nat.lt_of_lt_of_le h
+  apply Nat.sub_le_sub_right; apply Nat.min_le_right
+
+theorem ByteArray.getElem_extract {i : Nat} {b : ByteArray} {start stop : Nat}
+    (h) : (b.extract start stop)[i]'h = b[start + i]'(getElem_extract_aux h) := by
+  simp [getElem_eq_getElem_data]
+
+theorem ByteArray.extract_eq_extract_left {a : ByteArray} {i i' j : Nat} :
+    a.extract i j = a.extract i' j ↔ min j a.size - i = min j a.size - i' := by
+  simp [ByteArray.ext_iff, Array.extract_eq_extract_left]
+
+theorem ByteArray.extract_add_one {a : ByteArray} {i : Nat} (ha : i + 1 ≤ a.size) :
+    a.extract i (i + 1) = [a[i]].toByteArray := by
+  ext
+  · simp
+    omega
+  · rename_i j hj hj'
+    obtain rfl : j = 0 := by simpa using hj'
+    simp [ByteArray.getElem_eq_getElem_data]
+
+theorem ByteArray.extract_add_two {a : ByteArray} {i : Nat} (ha : i + 2 ≤ a.size) :
+    a.extract i (i + 2) = [a[i], a[i + 1]].toByteArray := by
+  rw [extract_eq_extract_append_extract (i + 1) (by simp) (by omega),
+    extract_add_one (by omega), extract_add_one (by omega)]
+  simp [← List.toByteArray_append]
+
+theorem ByteArray.extract_add_three {a : ByteArray} {i : Nat} (ha : i + 3 ≤ a.size) :
+    a.extract i (i + 3) = [a[i], a[i + 1], a[i + 2]].toByteArray := by
+  rw [extract_eq_extract_append_extract (i + 1) (by simp) (by omega),
+    extract_add_one (by omega), extract_add_two (by omega)]
+  simp [← List.toByteArray_append]
+
+theorem ByteArray.extract_add_four {a : ByteArray} {i : Nat} (ha : i + 4 ≤ a.size) :
+    a.extract i (i + 4) = [a[i], a[i + 1], a[i + 2], a[i + 3]].toByteArray := by
+  rw [extract_eq_extract_append_extract (i + 1) (by simp) (by omega),
+    extract_add_one (by omega), extract_add_three (by omega)]
+  simp [← List.toByteArray_append]
+
+theorem ByteArray.append_assoc {a b c : ByteArray} : a ++ b ++ c = a ++ (b ++ c) := by
+  ext1
+  simp
+
+@[simp]
+theorem ByteArray.toList_empty : ByteArray.empty.toList = [] := by
+  simp [ByteArray.toList, ByteArray.toList.loop]
+
+theorem ByteArray.copySlice_eq_append {src : ByteArray} {srcOff : Nat} {dest : ByteArray} {destOff len : Nat} {exact : Bool} :
+    ByteArray.copySlice src srcOff dest destOff len exact =
+      dest.extract 0 destOff ++ src.extract srcOff (srcOff +len) ++ dest.extract (destOff + min len (src.data.size - srcOff)) dest.data.size := by
+  ext1
+  simp [copySlice]

src/Init/Data/Char/Lemmas.lean

@@ -6,7 +6,8 @@ Authors: Leonardo de Moura
 module
 
 prelude
-public import all Init.Data.Char.Basic
+public import Init.Data.Char.Basic
+import all Init.Data.Char.Basic
 public import Init.Data.UInt.Lemmas
 
 public section
@@ -65,11 +66,6 @@ instance leTotal : Std.Total (· ≤ · : Char → Char → Prop) where
 def notLTTotal : Std.Total (¬ · < · : Char → Char → Prop) where
   total := fun x y => by simpa using Char.le_total y x
 
-theorem utf8Size_eq (c : Char) : c.utf8Size = 1 ∨ c.utf8Size = 2 ∨ c.utf8Size = 3 ∨ c.utf8Size = 4 := by
-  have := c.utf8Size_pos
-  have := c.utf8Size_le_four
-  omega
-
 @[simp] theorem ofNat_toNat (c : Char) : Char.ofNat c.toNat = c := by
   rw [Char.ofNat, dif_pos]
   rfl

src/Init/Data/Dyadic.lean

@@ -0,0 +1,12 @@
+/-
+Copyright (c) 2025 Lean FRO, LLC. All rights reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Kim Morrison
+-/
+module
+prelude
+
+public import Init.Data.Dyadic.Basic
+public import Init.Data.Dyadic.Instances
+public import Init.Data.Dyadic.Round
+public import Init.Data.Dyadic.Inv

src/Init/Data/Dyadic/Basic.lean

@@ -0,0 +1,747 @@
+/-
+Copyright (c) 2025 Lean FRO, LLC. All rights reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Kim Morrison, Robin Arnez
+-/
+module
+
+prelude
+public import Init.Data.Rat.Lemmas
+import Init.Data.Int.Bitwise.Lemmas
+import Init.Data.Int.DivMod.Lemmas
+
+/-!
+# The dyadic rationals
+
+Constructs the dyadic rationals as an ordered ring, equipped with a compatible embedding into the rationals.
+-/
+
+set_option linter.missingDocs true
+
+@[expose] public section
+
+open Nat
+
+namespace Int
+
+/-- The number of trailing zeros in the binary representation of `i`. -/
+def trailingZeros (i : Int) : Nat :=
+  if h : i = 0 then 0 else aux i.natAbs i h (Nat.le_refl _) 0
+where
+  aux (k : Nat) (i : Int) (hi : i ≠ 0) (hk : i.natAbs ≤ k) (acc : Nat) : Nat :=
+    match k, (by omega : k ≠ 0) with
+    | k + 1, _ =>
+      if h : i % 2 = 0 then aux k (i / 2) (by omega) (by omega) (acc + 1)
+      else acc
+
+-- TODO: check performance of `trailingZeros` in the kernel and VM.
+
+private theorem trailingZeros_aux_irrel (hi : i ≠ 0) (hk : i.natAbs ≤ k) (hk' : i.natAbs ≤ k') :
+    trailingZeros.aux k i hi hk acc = trailingZeros.aux k' i hi hk' acc := by
+  fun_induction trailingZeros.aux k i hi hk acc generalizing k' <;>
+    fun_cases trailingZeros.aux k' _ _ hk' _
+  · rename_i ih _ _ _ _ _
+    exact ih _
+  · contradiction
+  · contradiction
+  · rfl
+
+private theorem trailingZeros_aux_succ :
+    trailingZeros.aux k i hi hk (acc + 1) = trailingZeros.aux k i hi hk acc + 1 := by
+  fun_induction trailingZeros.aux k i hi hk acc <;> simp_all [trailingZeros.aux]
+
+theorem trailingZeros_zero : trailingZeros 0 = 0 := rfl
+
+theorem trailingZeros_two_mul_add_one (i : Int) :
+    Int.trailingZeros (2 * i + 1) = 0 := by
+  unfold trailingZeros trailingZeros.aux
+  rw [dif_neg (by omega)]
+  split <;> simp_all
+
+theorem trailingZeros_eq_zero_of_mod_eq {i : Int} (h : i % 2 = 1) :
+    Int.trailingZeros i = 0 := by
+  unfold trailingZeros trailingZeros.aux
+  rw [dif_neg (by omega)]
+  split <;> simp_all
+
+theorem trailingZeros_two_mul {i : Int} (h : i ≠ 0) :
+    Int.trailingZeros (2 * i) = Int.trailingZeros i + 1 := by
+  rw [Int.trailingZeros, dif_neg (Int.mul_ne_zero (by decide) h), Int.trailingZeros.aux.eq_def]
+  simp only [ne_eq, mul_emod_right, ↓reduceDIte, Int.reduceEq, not_false_eq_true,
+    mul_ediv_cancel_left, Nat.zero_add]
+  split
+  rw [trailingZeros, trailingZeros_aux_succ, dif_neg h]
+  apply congrArg Nat.succ (trailingZeros_aux_irrel ..) <;> omega
+
+theorem shiftRight_trailingZeros_mod_two {i : Int} (h : i ≠ 0) :
+    (i >>> i.trailingZeros) % 2 = 1 := by
+  rw (occs := .pos [2]) [← Int.emod_add_mul_ediv i 2]
+  rcases i.emod_two_eq with h' | h' <;> rw [h']
+  · rcases Int.dvd_of_emod_eq_zero h' with ⟨a, rfl⟩
+    simp only [ne_eq, Int.mul_eq_zero, Int.reduceEq, false_or] at h
+    rw [Int.zero_add, mul_ediv_cancel_left _ (by decide), trailingZeros_two_mul h, Nat.add_comm,
+      shiftRight_add, shiftRight_eq_div_pow _ 1]
+    simpa using shiftRight_trailingZeros_mod_two h
+  · rwa [Int.add_comm, trailingZeros_two_mul_add_one, shiftRight_zero]
+termination_by i.natAbs
+
+theorem two_pow_trailingZeros_dvd {i : Int} (h : i ≠ 0) :
+    2 ^ i.trailingZeros ∣ i := by
+  rcases i.emod_two_eq with h' | h'
+  · rcases Int.dvd_of_emod_eq_zero h' with ⟨a, rfl⟩
+    simp only [ne_eq, Int.mul_eq_zero, Int.reduceEq, false_or] at h
+    rw [trailingZeros_two_mul h, Int.pow_succ']
+    exact Int.mul_dvd_mul_left _ (two_pow_trailingZeros_dvd h)
+  · rw (occs := .pos [1]) [← Int.emod_add_mul_ediv i 2, h', Int.add_comm, trailingZeros_two_mul_add_one]
+    exact Int.one_dvd _
+termination_by i.natAbs
+
+theorem trailingZeros_shiftLeft {x : Int} (hx : x ≠ 0) (n : Nat) :
+    trailingZeros (x <<< n) = x.trailingZeros + n := by
+  have : NeZero x := ⟨hx⟩
+  induction n <;> simp [Int.shiftLeft_succ', trailingZeros_two_mul (NeZero.ne _), *, Nat.add_assoc]
+
+@[simp]
+theorem trailingZeros_neg (x : Int) : trailingZeros (-x) = x.trailingZeros := by
+  by_cases hx : x = 0
+  · simp [hx]
+  rcases x.emod_two_eq with h | h
+  · rcases Int.dvd_of_emod_eq_zero h with ⟨a, rfl⟩
+    simp only [Int.mul_ne_zero_iff, ne_eq, Int.reduceEq, not_false_eq_true, true_and] at hx
+    rw [← Int.mul_neg, trailingZeros_two_mul hx, trailingZeros_two_mul (Int.neg_ne_zero.mpr hx)]
+    rw [trailingZeros_neg]
+  · simp [trailingZeros_eq_zero_of_mod_eq, h]
+termination_by x.natAbs
+
+end Int
+
+/--
+A dyadic rational is either zero or of the form `n * 2^(-k)` for some (unique) `n k : Int`
+where `n` is odd.
+-/
+inductive Dyadic where
+  /-- The dyadic number `0`. -/
+  | zero
+  /-- The dyadic number `n * 2^(-k)` for some odd `n` and integer `k`. -/
+  | ofOdd (n : Int) (k : Int) (hn : n % 2 = 1)
+deriving DecidableEq
+
+namespace Dyadic
+
+/-- Returns the dyadic number representation of `i * 2 ^ (-exp)`. -/
+def ofIntWithPrec (i : Int) (prec : Int) : Dyadic :=
+  if h : i = 0 then .zero
+  else .ofOdd (i >>> i.trailingZeros) (prec - i.trailingZeros) (Int.shiftRight_trailingZeros_mod_two h)
+
+/-- Convert an integer to a dyadic number (which will necessarily have non-positive precision). -/
+def ofInt (i : Int) : Dyadic :=
+  Dyadic.ofIntWithPrec i 0
+
+instance (n : Nat) : OfNat Dyadic n where
+  ofNat := Dyadic.ofInt n
+
+instance : IntCast Dyadic := ⟨ofInt⟩
+instance : NatCast Dyadic := ⟨fun x => ofInt x⟩
+
+/-- Add two dyadic numbers. -/
+protected def add (x y : Dyadic) : Dyadic :=
+  match x, y with
+  | .zero, y => y
+  | x, .zero => x
+  | .ofOdd n₁ k₁ hn₁, .ofOdd n₂ k₂ hn₂ =>
+    match k₁ - k₂ with
+    | 0 => .ofIntWithPrec (n₁ + n₂) k₁
+    -- TODO: these `simp_all` calls where previously factored out into a `where finally` clause,
+    -- but there is apparently a bad interaction with the module system.
+    | (d@hd:(d' + 1) : Nat) => .ofOdd (n₁ + (n₂ <<< d)) k₁ (by simp_all [Int.shiftLeft_eq, Int.pow_succ, ← Int.mul_assoc])
+    | -(d + 1 : Nat) => .ofOdd (n₁ <<< (d + 1) + n₂) k₂ (by simp_all [Int.shiftLeft_eq, Int.pow_succ, ← Int.mul_assoc])
+
+instance : Add Dyadic := ⟨Dyadic.add⟩
+
+/-- Multiply two dyadic numbers. -/
+protected def mul (x y : Dyadic) : Dyadic :=
+  match x, y with
+  | .zero, _ => .zero
+  | _, .zero => .zero
+  | .ofOdd n₁ k₁ hn₁, .ofOdd n₂ k₂ hn₂ =>
+    .ofOdd (n₁ * n₂) (k₁ + k₂) (by rw [Int.mul_emod, hn₁, hn₂]; rfl)
+
+instance : Mul Dyadic := ⟨Dyadic.mul⟩
+
+/-- Multiply two dyadic numbers. -/
+protected def pow (x : Dyadic) (i : Nat) : Dyadic :=
+  match x with
+  | .zero => if i = 0 then 1 else 0
+  | .ofOdd n k hn =>
+    .ofOdd (n ^ i) (k * i) (by induction i <;> simp [Int.pow_succ, Int.mul_emod, *])
+
+instance : Pow Dyadic Nat := ⟨Dyadic.pow⟩
+
+/-- Negate a dyadic number. -/
+protected def neg (x : Dyadic) : Dyadic :=
+  match x with
+  | .zero => .zero
+  | .ofOdd n k hn => .ofOdd (-n) k (by rwa [Int.neg_emod_two])
+
+instance : Neg Dyadic := ⟨Dyadic.neg⟩
+
+/-- Subtract two dyadic numbers. -/
+protected def sub (x y : Dyadic) : Dyadic := x + (- y)
+
+instance : Sub Dyadic := ⟨Dyadic.sub⟩
+
+/-- Shift a dyadic number left by `i` bits. -/
+protected def shiftLeft (x : Dyadic) (i : Int) : Dyadic :=
+  match x with
+  | .zero => .zero
+  | .ofOdd n k hn => .ofOdd n (k - i) hn
+
+/-- Shift a dyadic number right by `i` bits. -/
+protected def shiftRight (x : Dyadic) (i : Int) : Dyadic :=
+  match x with
+  | .zero => .zero
+  | .ofOdd n k hn => .ofOdd n (k + i) hn
+
+instance : HShiftLeft Dyadic Int Dyadic := ⟨Dyadic.shiftLeft⟩
+instance : HShiftRight Dyadic Int Dyadic := ⟨Dyadic.shiftRight⟩
+
+instance : HShiftLeft Dyadic Nat Dyadic := ⟨fun x y => x <<< (y : Int)⟩
+instance : HShiftRight Dyadic Nat Dyadic := ⟨fun x y => x >>> (y : Int)⟩
+
+-- TODO: move this
+theorem _root_.Int.natAbs_emod_two (i : Int) : i.natAbs % 2 = (i % 2).natAbs := by omega
+
+/-- Convert a dyadic number to a rational number. -/
+def toRat (x : Dyadic) : Rat :=
+  match x with
+  | .zero => 0
+  | .ofOdd n (k : Nat) hn =>
+    have reduced : n.natAbs.Coprime (2 ^ k) := by
+      apply Coprime.pow_right
+      rw [coprime_iff_gcd_eq_one, Nat.gcd_comm, Nat.gcd_def]
+      simp [hn, Int.natAbs_emod_two]
+    ⟨n, 2 ^ k, Nat.ne_of_gt (Nat.pow_pos (by decide)), reduced⟩
+  | .ofOdd n (-((k : Nat) + 1)) hn =>
+    (n * (2 ^ (k + 1) : Nat) : Int)
+
+@[simp] protected theorem zero_eq : Dyadic.zero = 0 := rfl
+@[simp] protected theorem add_zero (x : Dyadic) : x + 0 = x := by cases x <;> rfl
+@[simp] protected theorem zero_add (x : Dyadic) : 0 + x = x := by cases x <;> rfl
+@[simp] protected theorem neg_zero : (-0 : Dyadic) = 0 := rfl
+@[simp] protected theorem mul_zero (x : Dyadic) : x * 0 = 0 := by cases x <;> rfl
+@[simp] protected theorem zero_mul (x : Dyadic) : 0 * x = 0 := by cases x <;> rfl
+
+@[simp] theorem toRat_zero : toRat 0 = 0 := rfl
+
+theorem _root_.Rat.mkRat_one (x : Int) : mkRat x 1 = x := by
+  rw [← Rat.mk_den_one, Rat.mk_eq_mkRat]
+
+theorem toRat_ofOdd_eq_mkRat :
+    toRat (.ofOdd n k hn) = mkRat (n <<< (-k).toNat) (1 <<< k.toNat) := by
+  cases k
+  · simp [toRat, Rat.mk_eq_mkRat, Int.shiftLeft_eq, Nat.shiftLeft_eq]
+  · simp [toRat, Int.neg_negSucc, Rat.mkRat_one, Int.shiftLeft_eq]
+
+theorem toRat_ofIntWithPrec_eq_mkRat :
+    toRat (.ofIntWithPrec n k) = mkRat (n <<< (-k).toNat) (1 <<< k.toNat) := by
+  simp only [ofIntWithPrec]
+  split
+  · simp_all
+  rw [toRat_ofOdd_eq_mkRat, Rat.mkRat_eq_iff (NeZero.ne _) (NeZero.ne _)]
+  simp only [Int.natCast_shiftLeft, Int.cast_ofNat_Int, Int.shiftLeft_mul_shiftLeft, Int.mul_one]
+  have : (-(k - n.trailingZeros) : Int).toNat + k.toNat =
+      n.trailingZeros + ((-k).toNat + (k - n.trailingZeros).toNat) := by omega
+  rw [this, Int.shiftLeft_add, Int.shiftRight_shiftLeft_cancel]
+  exact Int.two_pow_trailingZeros_dvd ‹_›
+
+theorem toRat_ofIntWithPrec_eq_mul_two_pow : toRat (.ofIntWithPrec n k) = n * 2 ^ (-k) := by
+  rw [toRat_ofIntWithPrec_eq_mkRat, Rat.zpow_neg, Int.shiftLeft_eq, Nat.one_shiftLeft]
+  rw [Rat.mkRat_eq_div, Rat.div_def]
+  have : ((2 : Int) : Rat) ≠ 0 := by decide
+  simp only [Rat.intCast_mul, Rat.intCast_pow, ← Rat.zpow_natCast, ← Rat.intCast_natCast,
+    Int.natCast_pow, Int.cast_ofNat_Int, ← Rat.zpow_neg, Rat.mul_assoc, ne_eq,
+    Rat.intCast_eq_zero_iff, Int.reduceEq, not_false_eq_true, ← Rat.zpow_add]
+  rw [Int.add_neg_eq_sub, ← Int.neg_sub, Int.toNat_sub_toNat_neg]
+  rfl
+
+example : ((3 : Dyadic) >>> 2) + ((3 : Dyadic) >>> 2) = ((3 : Dyadic) >>> 1) := rfl -- 3/4 + 3/4 = 3/2
+example : ((7 : Dyadic) >>> 3) + ((1 : Dyadic) >>> 3) = 1 := rfl -- 7/8 + 1/8 = 1
+example : (12 : Dyadic) + ((3 : Dyadic) >>> 1) = (27 : Dyadic) >>> 1 := rfl -- 12 + 3/2 = 27/2 = (2 * 13 + 1)/2^1
+example : ((3 : Dyadic) >>> 1).add 12 =  (27 : Dyadic) >>> 1 := rfl -- 3/2 + 12 = 27/2 = (2 * 13 + 1)/2^1
+example : (12 : Dyadic).add 12 = 24 := rfl -- 12 + 12 = 24
+
+@[simp]
+theorem toRat_add (x y : Dyadic) : toRat (x + y) = toRat x + toRat y := by
+  match x, y with
+  | .zero, _ => simp [toRat, Rat.zero_add]
+  | _, .zero => simp [toRat, Rat.add_zero]
+  | .ofOdd n₁ k₁ hn₁, .ofOdd n₂ k₂ hn₂ =>
+    change (Dyadic.add _ _).toRat = _
+    rw [Dyadic.add, toRat_ofOdd_eq_mkRat, toRat_ofOdd_eq_mkRat]
+    rw [Rat.mkRat_add_mkRat _ _ (NeZero.ne _) (NeZero.ne _)]
+    split
+    · rename_i h
+      cases Int.sub_eq_zero.mp h
+      rw [toRat_ofIntWithPrec_eq_mkRat, Rat.mkRat_eq_iff (NeZero.ne _) (NeZero.ne _)]
+      simp [Int.shiftLeft_mul_shiftLeft, Int.add_shiftLeft, Int.add_mul, Nat.add_assoc]
+    · rename_i h
+      cases Int.sub_eq_iff_eq_add.mp h
+      rw [toRat_ofOdd_eq_mkRat, Rat.mkRat_eq_iff (NeZero.ne _) (NeZero.ne _)]
+      simp only [succ_eq_add_one, Int.ofNat_eq_coe, Int.add_shiftLeft, ← Int.shiftLeft_add,
+        Int.natCast_mul, Int.natCast_shiftLeft, Int.shiftLeft_mul_shiftLeft, Int.add_mul]
+      congr 2 <;> omega
+    · rename_i h
+      cases Int.sub_eq_iff_eq_add.mp h
+      rw [toRat_ofOdd_eq_mkRat, Rat.mkRat_eq_iff (NeZero.ne _) (NeZero.ne _)]
+      simp only [Int.add_shiftLeft, ← Int.shiftLeft_add, Int.natCast_mul, Int.natCast_shiftLeft,
+        Int.cast_ofNat_Int, Int.shiftLeft_mul_shiftLeft, Int.mul_one, Int.add_mul]
+      congr 2 <;> omega
+
+@[simp]
+theorem toRat_neg (x : Dyadic) : toRat (-x) = - toRat x := by
+  change x.neg.toRat = _
+  cases x
+  · rfl
+  · simp [Dyadic.neg, Rat.neg_mkRat, Int.neg_shiftLeft, toRat_ofOdd_eq_mkRat]
+
+@[simp]
+theorem toRat_sub (x y : Dyadic) : toRat (x - y) = toRat x - toRat y := by
+  change toRat (x + -y) = _
+  simp [Rat.sub_eq_add_neg]
+
+@[simp]
+theorem toRat_mul (x y : Dyadic) : toRat (x * y) = toRat x * toRat y := by
+  match x, y with
+  | .zero, _ => simp
+  | _, .zero => simp
+  | .ofOdd n₁ k₁ hn₁, .ofOdd n₂ k₂ hn₂ =>
+    change (Dyadic.mul _ _).toRat = _
+    rw [Dyadic.mul, toRat_ofOdd_eq_mkRat, toRat_ofOdd_eq_mkRat, toRat_ofOdd_eq_mkRat,
+      Rat.mkRat_mul_mkRat, Rat.mkRat_eq_iff (NeZero.ne _) (NeZero.ne _)]
+    simp only [Int.natCast_mul, Int.natCast_shiftLeft, Int.cast_ofNat_Int,
+      Int.shiftLeft_mul_shiftLeft, Int.mul_one]
+    congr 1; omega
+
+@[simp]
+protected theorem pow_zero (x : Dyadic) : x ^ 0 = 1 := by
+  change x.pow 0 = 1
+  cases x <;> simp [Dyadic.pow] <;> rfl
+
+protected theorem pow_succ (x : Dyadic) (n : Nat) : x ^ (n + 1) = x ^ n * x := by
+  change x.pow (n + 1) = x.pow n * x
+  cases x
+  · simp [Dyadic.pow]
+  · change _ = Dyadic.mul _ _
+    simp [Dyadic.pow, Dyadic.mul, Int.pow_succ, Int.mul_add]
+
+@[simp]
+theorem toRat_pow (x : Dyadic) (n : Nat) : toRat (x ^ n) = toRat x ^ n := by
+  induction n with
+  | zero => simp; rfl
+  | succ k ih => simp [Dyadic.pow_succ, Rat.pow_succ, ih]
+
+@[simp]
+theorem toRat_intCast (x : Int) : (x : Dyadic).toRat = x := by
+  change (ofInt x).toRat = x
+  simp [ofInt, toRat_ofIntWithPrec_eq_mul_two_pow]
+
+@[simp]
+theorem toRat_natCast (x : Nat) : (x : Dyadic).toRat = x := by
+  change (ofInt x).toRat = x
+  simp [ofInt, toRat_ofIntWithPrec_eq_mul_two_pow, Rat.intCast_natCast]
+
+@[simp] theorem of_ne_zero : ofOdd n k hn ≠ 0 := Dyadic.noConfusion
+@[simp] theorem zero_ne_of : 0 ≠ ofOdd n k hn := Dyadic.noConfusion
+
+@[simp]
+theorem toRat_eq_zero_iff {x : Dyadic} : x.toRat = 0 ↔ x = 0 := by
+  refine ⟨fun h => ?_, fun h => h ▸ rfl⟩
+  cases x
+  · rfl
+  · simp only [toRat_ofOdd_eq_mkRat, ne_eq, shiftLeft_eq_zero_iff, succ_ne_self, not_false_eq_true,
+      Rat.mkRat_eq_zero, Int.shiftLeft_eq_zero_iff] at h
+    cases h
+    contradiction
+
+theorem ofOdd_eq_ofIntWithPrec : ofOdd n k hn = ofIntWithPrec n k := by
+  simp only [ofIntWithPrec, Dyadic.zero_eq, Int.trailingZeros_eq_zero_of_mod_eq hn,
+    Int.shiftRight_zero, Int.cast_ofNat_Int, Int.sub_zero, right_eq_dite_iff, of_ne_zero, imp_false]
+  intro rfl; contradiction
+
+theorem toRat_ofOdd_eq_mul_two_pow : toRat (.ofOdd n k hn) = n * 2 ^ (-k) := by
+  rw [ofOdd_eq_ofIntWithPrec, toRat_ofIntWithPrec_eq_mul_two_pow]
+
+@[simp]
+theorem ofIntWithPrec_zero {i : Int} : ofIntWithPrec 0 i = 0 := rfl
+
+@[simp]
+theorem neg_ofOdd : -ofOdd n k hn = ofOdd (-n) k (by simpa using hn) := rfl
+
+@[simp]
+theorem neg_ofIntWithPrec {i prec : Int} : -ofIntWithPrec i prec = ofIntWithPrec (-i) prec := by
+  rw [ofIntWithPrec, ofIntWithPrec]
+  simp only [Dyadic.zero_eq, Int.neg_eq_zero, Int.trailingZeros_neg]
+  split
+  · rfl
+  · obtain ⟨a, h⟩ := Int.two_pow_trailingZeros_dvd ‹_›
+    rw [Int.mul_comm, ← Int.shiftLeft_eq] at h
+    conv => enter [1, 1, 1, 1]; rw [h]
+    conv => enter [2, 1, 1]; rw [h]
+    simp only [Int.shiftLeft_shiftRight_cancel, neg_ofOdd, ← Int.neg_shiftLeft]
+
+theorem ofIntWithPrec_shiftLeft_add {n : Nat} :
+    ofIntWithPrec ((x : Int) <<< n) (i + n) = ofIntWithPrec x i := by
+  rw [ofIntWithPrec, ofIntWithPrec]
+  simp only [Int.shiftLeft_eq_zero_iff]
+  split
+  · rfl
+  · simp [Int.trailingZeros_shiftLeft, *, Int.shiftLeft_shiftRight_eq_shiftRight_of_le,
+      Int.add_comm x.trailingZeros n, ← Int.sub_sub]
+
+/-- The "precision" of a dyadic number, i.e. in `n * 2^(-p)` with `n` odd the precision is `p`. -/
+-- TODO: If `WithBot` is upstreamed, replace this with `WithBot Int`.
+def precision : Dyadic → Option Int
+  | .zero => none
+  | .ofOdd _ p _ => some p
+
+theorem precision_ofIntWithPrec_le {i : Int} (h : i ≠ 0) (prec : Int) :
+    (ofIntWithPrec i prec).precision ≤ some prec := by
+  simp [ofIntWithPrec, h, precision]
+  omega
+
+@[simp] theorem precision_zero : (0 : Dyadic).precision = none := rfl
+@[simp] theorem precision_neg {x : Dyadic} : (-x).precision = x.precision :=
+  match x with
+  | .zero => rfl
+  | .ofOdd _ _ _ => rfl
+
+end Dyadic
+
+namespace Rat
+
+open Dyadic
+
+/--
+Convert a rational number `x` to the greatest dyadic number with precision at most `prec`
+which is less than or equal to `x`.
+-/
+def toDyadic (x : Rat) (prec : Int) : Dyadic :=
+  match prec with
+  | (n : Nat) => .ofIntWithPrec ((x.num <<< n) / x.den) prec
+  | -(n + 1 : Nat) => .ofIntWithPrec (x.num / (x.den <<< (n + 1))) prec
+
+theorem toDyadic_mkRat (a : Int) (b : Nat) (prec : Int) :
+    Rat.toDyadic (mkRat a b) prec =
+      .ofIntWithPrec ((a <<< prec.toNat) / (b <<< (-prec).toNat)) prec := by
+  by_cases hb : b = 0
+  · cases prec <;> simp [hb, Rat.toDyadic]
+  rcases h : mkRat a b with ⟨n, d, hnz, hr⟩
+  obtain ⟨m, hm, rfl, rfl⟩ := Rat.mkRat_num_den hb h
+  cases prec
+  · simp only [Rat.toDyadic, Int.ofNat_eq_coe, Int.toNat_natCast, Int.toNat_neg_natCast,
+      shiftLeft_zero, Int.natCast_mul]
+    rw [Int.mul_comm d, ← Int.ediv_ediv (by simp), ← Int.shiftLeft_mul,
+      Int.mul_ediv_cancel _ (by simpa using hm)]
+  · simp only [Rat.toDyadic, Int.natCast_shiftLeft, Int.negSucc_eq, ← Int.natCast_add_one,
+      Int.toNat_neg_natCast, Int.shiftLeft_zero, Int.neg_neg, Int.toNat_natCast, Int.natCast_mul]
+    rw [Int.mul_comm d, ← Int.mul_shiftLeft, ← Int.ediv_ediv (by simp),
+      Int.mul_ediv_cancel _ (by simpa using hm)]
+
+theorem toDyadic_eq_ofIntWithPrec (x : Rat) (prec : Int) :
+    x.toDyadic prec = .ofIntWithPrec ((x.num <<< prec.toNat) / (x.den <<< (-prec).toNat)) prec := by
+  conv => lhs; rw [← Rat.mkRat_self x]
+  rw [Rat.toDyadic_mkRat]
+
+/--
+Converting a rational to a dyadic at a given precision and then back to a rational
+gives the same result as taking the floor of the rational at precision `2 ^ prec`.
+-/
+theorem toRat_toDyadic (x : Rat) (prec : Int) :
+    (x.toDyadic prec).toRat = (x * 2 ^ prec).floor / 2 ^ prec := by
+  rw [Rat.toDyadic_eq_ofIntWithPrec, toRat_ofIntWithPrec_eq_mul_two_pow, Rat.zpow_neg, Rat.div_def]
+  congr 2
+  rw [Rat.floor_def, Int.shiftLeft_eq, Nat.shiftLeft_eq]
+  match prec with
+  | .ofNat prec =>
+    simp only [Int.ofNat_eq_coe, Int.toNat_natCast, Int.toNat_neg_natCast, Nat.pow_zero,
+      Nat.mul_one]
+    have : (2 ^ prec : Rat) = ((2 ^ prec : Nat) : Rat) := by simp
+    rw [Rat.zpow_natCast, this, Rat.mul_def']
+    simp only [Rat.num_mkRat, Rat.den_mkRat]
+    simp only [Rat.natCast_pow, Rat.natCast_ofNat, Rat.num_pow, Rat.num_ofNat, Rat.den_pow,
+      Rat.den_ofNat, Nat.one_pow, Nat.mul_one]
+    split
+    · simp_all
+    · rw [Int.ediv_ediv (Int.ofNat_zero_le _)]
+      congr 1
+      rw [Int.natCast_ediv, Int.mul_ediv_cancel']
+      rw [Int.natCast_dvd_natCast]
+      apply gcd_dvd_left
+  | .negSucc prec =>
+    simp only [Int.toNat_negSucc, Int.pow_zero, Int.mul_one, Int.neg_negSucc, Int.natCast_mul,
+      Int.natCast_pow, Int.cast_ofNat_Int]
+    have : (2 ^ ((prec : Int) + 1)) = ((2 ^ (prec + 1) : Nat) : Rat) := by simp; rfl
+    rw [Int.negSucc_eq, Rat.zpow_neg, this, Rat.mul_def']
+    simp only [Rat.num_mkRat, Rat.den_mkRat]
+    simp only [natCast_pow, natCast_ofNat, den_inv, num_pow, num_ofNat, Int.natAbs_pow,
+      Int.reduceAbs, num_inv, den_pow, den_ofNat, Nat.one_pow, Int.cast_ofNat_Int, Int.mul_one]
+    have : ¬ (2 ^ (prec + 1) : Int) = 0 := NeZero.out
+    simp only [if_neg this]
+    have : (2 ^ (prec + 1) : Int).sign = 1 := by simpa using Int.pow_pos (by decide)
+    simp only [this]
+    have : x.den * 2 ^ (prec + 1) = 0 ↔ x.den = 0 := by
+      rw [Nat.mul_eq_zero]
+      simp_all
+    simp only [this, Int.mul_one]
+    split
+    · simp_all
+    · rw [Int.ediv_ediv (Int.ofNat_zero_le _)]
+      congr 1
+      rw [Int.natCast_ediv, Int.mul_ediv_cancel']
+      · simp
+      · rw [Int.natCast_dvd_natCast]
+        apply gcd_dvd_left
+
+theorem toRat_toDyadic_le {x : Rat} {prec : Int} : (x.toDyadic prec).toRat ≤ x := by
+  rw [toRat_toDyadic]
+  have : (x * 2 ^ prec).floor ≤ x * 2 ^ prec := Rat.floor_le _
+  apply Rat.le_of_mul_le_mul_right (c := 2 ^ prec)
+  rw [Rat.div_mul_cancel]
+  exact this
+  · apply Rat.ne_of_gt (Rat.zpow_pos (by decide))
+  · exact Rat.zpow_pos (by decide)
+
+theorem lt_toRat_toDyadic_add {x : Rat} {prec : Int} :
+    x < (x.toDyadic prec + ofIntWithPrec 1 prec).toRat := by
+  rw [toRat_add, toRat_toDyadic, toRat_ofIntWithPrec_eq_mul_two_pow]
+  have := Rat.lt_floor_add_one (x * 2 ^ prec)
+  rw [Rat.zpow_neg, Rat.div_def, ← Rat.add_mul]
+  apply Rat.lt_of_mul_lt_mul_right (c := 2 ^ prec)
+  rw [Rat.mul_assoc, Rat.inv_mul_cancel, Rat.mul_one]
+  exact mod_cast this
+  · apply Rat.ne_of_gt (Rat.zpow_pos (by decide))
+  · exact Rat.zpow_nonneg (by decide)
+
+-- TODO: `x.toDyadic prec` is the unique dyadic with the given precision satisfying the two inequalities above.
+
+end Rat
+
+namespace Dyadic
+
+/--
+Rounds a dyadic rational `x` down to the greatest dyadic number with precision at most `prec`
+which is less than or equal to `x`.
+-/
+def roundDown (x : Dyadic) (prec : Int) : Dyadic :=
+  match x with
+  | .zero => .zero
+  | .ofOdd n k _ =>
+    match k - prec with
+    | .ofNat l => .ofIntWithPrec (n >>> l) prec
+    | .negSucc _ => x
+
+theorem roundDown_eq_self_of_le {x : Dyadic} {prec : Int} (h : x.precision ≤ some prec) :
+    roundDown x prec = x := by
+  rcases x with _ | ⟨n, k, hn⟩
+  · rfl
+  · simp only [precision] at h
+    obtain ⟨a, rfl⟩ := h.dest
+    rcases a with _ | a
+    · simp [roundDown, ofOdd_eq_ofIntWithPrec]
+    · have : k - (k + (a + 1 : Nat)) = Int.negSucc a := by omega
+      simp only [roundDown, this]
+
+@[simp]
+theorem toDyadic_toRat (x : Dyadic) (prec : Int) :
+    x.toRat.toDyadic prec = x.roundDown prec := by
+  rcases x with _ | ⟨n, k, hn⟩
+  · cases prec <;> simp [Rat.toDyadic, roundDown]
+  · simp only [toRat_ofOdd_eq_mkRat, roundDown]
+    rw [Rat.toDyadic_mkRat]
+    simp only [← Int.shiftLeft_add, Int.natCast_shiftLeft, Int.cast_ofNat_Int]
+    rw [Int.shiftLeft_eq' 1, Int.one_mul, ← Int.shiftRight_eq_div_pow]
+    rw [Int.shiftLeft_shiftRight_eq, ← Int.toNat_sub, ← Int.toNat_sub, ← Int.neg_sub]
+    have : ((k.toNat + (-prec).toNat : Nat) - ((-k).toNat + prec.toNat : Nat) : Int) = k - prec := by
+      omega
+    rw [this]
+    cases h : k - prec
+    · simp
+    · simp only [Int.neg_negSucc, Int.natCast_add, Int.cast_ofNat_Int, Int.toNat_natCast_add_one,
+        Int.toNat_negSucc, Int.shiftRight_zero]
+      rw [Int.negSucc_eq, Int.eq_neg_comm, Int.neg_sub, eq_comm, Int.sub_eq_iff_eq_add] at h
+      simp only [h, ← Int.natCast_add_one, Int.add_comm _ k, ofIntWithPrec_shiftLeft_add,
+        ofOdd_eq_ofIntWithPrec]
+
+theorem toRat_inj {x y : Dyadic} : x.toRat = y.toRat ↔ x = y := by
+  refine ⟨fun h => ?_, fun h => h ▸ rfl⟩
+  cases x <;> cases y
+  · rfl
+  · simp [eq_comm (a := (0 : Rat))] at h
+  · simp at h
+  · rename_i n₁ k₁ hn₁ n₂ k₂ hn₂
+    replace h := congrArg (·.toDyadic (max k₁ k₂)) h
+    simpa [toDyadic_toRat, roundDown_eq_self_of_le, precision, Int.le_max_left, Int.le_max_right]
+      using h
+
+theorem add_comm (x y : Dyadic) : x + y = y + x := by
+  rw [← toRat_inj, toRat_add, toRat_add, Rat.add_comm]
+
+theorem add_assoc (x y z : Dyadic) : (x + y) + z = x + (y + z) := by
+  rw [← toRat_inj, toRat_add, toRat_add, toRat_add, toRat_add, Rat.add_assoc]
+
+theorem mul_comm (x y : Dyadic) : x * y = y * x := by
+  rw [← toRat_inj, toRat_mul, toRat_mul, Rat.mul_comm]
+
+theorem mul_assoc (x y z : Dyadic) : (x * y) * z = x * (y * z) := by
+  rw [← toRat_inj, toRat_mul, toRat_mul, toRat_mul, toRat_mul, Rat.mul_assoc]
+
+theorem mul_one (x : Dyadic) : x * 1 = x := by
+  rw [← toRat_inj, toRat_mul]
+  exact Rat.mul_one x.toRat
+
+theorem one_mul (x : Dyadic) : 1 * x = x := by
+  rw [← toRat_inj, toRat_mul]
+  exact Rat.one_mul x.toRat
+
+theorem add_mul (x y z : Dyadic) : (x + y) * z = x * z + y * z := by
+  simp [← toRat_inj, Rat.add_mul]
+
+theorem mul_add (x y z : Dyadic) : x * (y + z) = x * y + x * z := by
+  simp [← toRat_inj, Rat.mul_add]
+
+theorem neg_add_cancel (x : Dyadic) : -x + x = 0 := by
+  simp [← toRat_inj, Rat.neg_add_cancel]
+
+theorem neg_mul (x y : Dyadic) : -x * y = -(x * y) := by
+  simp [← toRat_inj, Rat.neg_mul]
+
+/-- Determine if a dyadic rational is strictly less than another. -/
+def blt (x y : Dyadic) : Bool :=
+  match x, y with
+  | .zero, .zero => false
+  | .zero, .ofOdd n₂ _ _ => 0 < n₂
+  | .ofOdd n₁ _ _, .zero => n₁ < 0
+  | .ofOdd n₁ k₁ _, .ofOdd n₂ k₂ _ =>
+    match k₂ - k₁ with
+    | (l : Nat) => (n₁ <<< l) < n₂
+    | -((l+1 : Nat)) => n₁ < (n₂ <<< (l + 1))
+
+/-- Determine if a dyadic rational is less than or equal to another. -/
+def ble (x y : Dyadic) : Bool :=
+  match x, y with
+  | .zero, .zero => true
+  | .zero, .ofOdd n₂ _ _ => 0 ≤ n₂
+  | .ofOdd n₁ _ _, .zero => n₁ ≤ 0
+  | .ofOdd n₁ k₁ _, .ofOdd n₂ k₂ _ =>
+    match k₂ - k₁ with
+    | (l : Nat) => (n₁ <<< l) ≤ n₂
+    | -((l+1 : Nat)) => n₁ ≤ (n₂ <<< (l + 1))
+
+theorem blt_iff_toRat {x y : Dyadic} : blt x y ↔ x.toRat < y.toRat := by
+  rcases x with _ | ⟨n₁, k₁, hn₁⟩ <;> rcases y with _ | ⟨n₂, k₂, hn₂⟩
+  · decide
+  · simp only [blt, decide_eq_true_eq, Dyadic.zero_eq, toRat_zero, toRat_ofOdd_eq_mul_two_pow,
+      Rat.mul_pos_iff_of_pos_right (Rat.zpow_pos (by decide : (0 : Rat) < 2)), Rat.intCast_pos]
+  · simp only [blt, decide_eq_true_eq, Dyadic.zero_eq, toRat_zero, toRat_ofOdd_eq_mul_two_pow,
+      Rat.mul_neg_iff_of_pos_right (Rat.zpow_pos (by decide : (0 : Rat) < 2)), Rat.intCast_neg_iff]
+  · simp only [blt, toRat_ofOdd_eq_mul_two_pow,
+      ← Rat.div_lt_iff (Rat.zpow_pos (by decide : (0 : Rat) < 2)), Rat.div_def, ← Rat.zpow_neg,
+      Int.neg_neg, Rat.mul_assoc, ne_eq, Rat.ofNat_eq_ofNat, reduceCtorEq, not_false_eq_true,
+      ← Rat.zpow_add, Int.shiftLeft_eq]
+    rw [Int.add_comm, Int.add_neg_eq_sub]
+    split
+    · simp [decide_eq_true_eq, ← Rat.intCast_lt_intCast, Rat.zpow_natCast, *]
+    · simp only [decide_eq_true_eq, Int.negSucc_eq, *]
+      rw [Rat.zpow_neg, ← Rat.div_def, Rat.div_lt_iff (Rat.zpow_pos (by decide))]
+      simp [← Rat.intCast_lt_intCast, ← Rat.zpow_natCast, *]
+
+theorem blt_eq_false_iff : blt x y = false ↔ ble y x = true := by
+  cases x <;> cases y
+  · simp [ble, blt]
+  · simp [ble, blt]
+  · simp [ble, blt]
+  · rename_i n₁ k₁ hn₁ n₂ k₂ hn₂
+    simp only [blt, ble]
+    rw [← Int.neg_sub]
+    rcases k₁ - k₂ with (_ | _) | _
+    · simp
+    · simp [← Int.negSucc_eq]
+    · simp only [Int.neg_negSucc, decide_eq_false_iff_not, Int.not_lt,
+        decide_eq_true_eq]
+
+theorem ble_iff_toRat : ble x y ↔ x.toRat ≤ y.toRat := by
+  rw [← blt_eq_false_iff, Bool.eq_false_iff]
+  simp only [ne_eq, blt_iff_toRat, Rat.not_lt]
+
+instance : LT Dyadic where
+  lt x y := blt x y
+
+instance : LE Dyadic where
+  le x y := ble x y
+
+instance : DecidableLT Dyadic := fun _ _ => inferInstanceAs (Decidable (_ = true))
+instance : DecidableLE Dyadic := fun _ _ => inferInstanceAs (Decidable (_ = true))
+
+theorem lt_iff_toRat {x y : Dyadic} : x < y ↔ x.toRat < y.toRat := blt_iff_toRat
+
+theorem le_iff_toRat {x y : Dyadic} : x ≤ y ↔ x.toRat ≤ y.toRat := ble_iff_toRat
+
+@[simp]
+protected theorem not_le {x y : Dyadic} : ¬x < y ↔ y ≤ x := by
+  simp only [· ≤ ·, · < ·, Bool.not_eq_true, blt_eq_false_iff]
+
+@[simp]
+protected theorem not_lt {x y : Dyadic} : ¬x ≤ y ↔ y < x := by
+  rw [← Dyadic.not_le, Decidable.not_not]
+
+@[simp]
+protected theorem le_refl (x : Dyadic) : x ≤ x := by
+  rw [le_iff_toRat]
+  exact Rat.le_refl
+
+protected theorem le_trans {x y z : Dyadic} (h : x ≤ y) (h' : y ≤ z) : x ≤ z := by
+  rw [le_iff_toRat] at h h' ⊢
+  exact Rat.le_trans h h'
+
+protected theorem le_antisymm {x y : Dyadic} (h : x ≤ y) (h' : y ≤ x) : x = y := by
+  rw [le_iff_toRat] at h h'
+  rw [← toRat_inj]
+  exact Rat.le_antisymm h h'
+
+protected theorem le_total (x y : Dyadic) : x ≤ y ∨ y ≤ x := by
+  rw [le_iff_toRat, le_iff_toRat]
+  exact Rat.le_total
+
+instance : Std.LawfulOrderLT Dyadic where
+  lt_iff a b := by rw [← Dyadic.not_lt, iff_and_self]; exact (Dyadic.le_total _ _).resolve_left
+
+instance : Std.IsPreorder Dyadic where
+  le_refl := Dyadic.le_refl
+  le_trans _ _ _ := Dyadic.le_trans
+
+instance : Std.IsPartialOrder Dyadic where
+  le_antisymm _ _ := Dyadic.le_antisymm
+
+instance : Std.IsLinearPreorder Dyadic where
+  le_total := Dyadic.le_total
+
+instance : Std.IsLinearOrder Dyadic where
+
+/-- `roundUp x prec` is the least dyadic number with precision at most `prec` which is greater than or equal to `x`. -/
+def roundUp (x : Dyadic) (prec : Int) : Dyadic :=
+  match x with
+  | .zero => .zero
+  | .ofOdd n k _ =>
+    match k - prec with
+    | .ofNat l => .ofIntWithPrec (-((-n) >>> l)) prec
+    | .negSucc _ => x
+
+theorem roundUp_eq_neg_roundDown_neg (x : Dyadic) (prec : Int) :
+    x.roundUp prec = -((-x).roundDown prec) := by
+  rcases x with _ | ⟨n, k, hn⟩
+  · rfl
+  · change _ = -(ofOdd ..).roundDown prec
+    rw [roundDown, roundUp]
+    split <;> simp
+
+end Dyadic

src/Init/Data/Dyadic/Instances.lean

@@ -0,0 +1,60 @@
+/-
+Copyright (c) 2025 Lean FRO, LLC. All rights reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Kim Morrison, Robin Arnez
+-/
+module
+
+prelude
+public import Init.Data.Dyadic.Basic
+public import Init.Grind.Ring.Basic
+public import Init.Grind.Ordered.Ring
+
+/-! # Internal `grind` algebra instances for `Dyadic`. -/
+
+open Lean.Grind
+
+namespace Dyadic
+
+instance : CommRing Dyadic where
+  nsmul := ⟨(· * ·)⟩
+  zsmul := ⟨(· * ·)⟩
+  add_zero := Dyadic.add_zero
+  add_comm := Dyadic.add_comm
+  add_assoc := Dyadic.add_assoc
+  mul_assoc := Dyadic.mul_assoc
+  mul_one := Dyadic.mul_one
+  one_mul := Dyadic.one_mul
+  zero_mul := Dyadic.zero_mul
+  mul_zero := Dyadic.mul_zero
+  mul_comm := Dyadic.mul_comm
+  pow_zero := Dyadic.pow_zero
+  pow_succ := Dyadic.pow_succ
+  sub_eq_add_neg _ _ := rfl
+  neg_add_cancel := Dyadic.neg_add_cancel
+  neg_zsmul i a := by
+    change ((-i : Int) : Dyadic) * a = -(i * a)
+    simp [← toRat_inj, Rat.neg_mul]
+  left_distrib := Dyadic.mul_add
+  right_distrib := Dyadic.add_mul
+  intCast_neg _ := by simp [← toRat_inj]
+  ofNat_succ n := by
+    change ((n + 1 : Int) : Dyadic) = ((n : Int) : Dyadic) + 1
+    simp [← toRat_inj, Rat.intCast_add]; rfl
+
+instance : IsCharP Dyadic 0 := IsCharP.mk' _ _
+  (ofNat_eq_zero_iff := fun x => by change (x : Dyadic) = 0 ↔ _; simp [← toRat_inj])
+
+instance : NoNatZeroDivisors Dyadic where
+  no_nat_zero_divisors k a b h₁ h₂ := by
+    change k * a = k * b at h₂
+    simp only [← toRat_inj, toRat_mul, toRat_natCast] at h₂ ⊢
+    simpa [← Rat.mul_assoc, Rat.inv_mul_cancel, h₁] using congrArg ((k : Rat)⁻¹ * ·) h₂
+
+instance : OrderedRing Dyadic where
+  zero_lt_one := by decide
+  add_le_left_iff _ := by simp [le_iff_toRat, Rat.add_le_add_right]
+  mul_lt_mul_of_pos_left {_ _ _} := by simpa [lt_iff_toRat] using Rat.mul_lt_mul_of_pos_left
+  mul_lt_mul_of_pos_right {_ _ _} := by simpa [lt_iff_toRat] using Rat.mul_lt_mul_of_pos_right
+
+end Dyadic

src/Init/Data/Dyadic/Inv.lean

@@ -0,0 +1,80 @@
+/-
+Copyright (c) 2025 Lean FRO, LLC. All rights reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Kim Morrison
+-/
+module
+prelude
+import Init.Data.Dyadic.Basic
+import Init.Data.Dyadic.Round
+import Init.Grind.Ordered.Ring
+
+/-!
+# Inversion for dyadic numbers
+-/
+
+namespace Dyadic
+
+/--
+Inverts a dyadic number at a given (maximum) precision.
+Returns the greatest dyadic number with precision at most `prec` which is less than or equal to `1/x`.
+For `x = 0`, returns `0`.
+-/
+def invAtPrec (x : Dyadic) (prec : Int) : Dyadic :=
+  match x with
+  | .zero => .zero
+  | _ => x.toRat.inv.toDyadic prec
+
+/-- For a positive dyadic `x`, `invAtPrec x prec * x ≤ 1`. -/
+theorem invAtPrec_mul_le_one {x : Dyadic} (hx : 0 < x) (prec : Int) :
+    invAtPrec x prec * x ≤ 1 := by
+  rw [le_iff_toRat]
+  rw [toRat_mul]
+  rw [show (1 : Dyadic).toRat = (1 : Rat) from rfl]
+  unfold invAtPrec
+  cases x with
+  | zero =>
+    exfalso
+    contradiction
+  | ofOdd n k hn =>
+    simp only
+    have h_le : ((ofOdd n k hn).toRat.inv.toDyadic prec).toRat ≤ (ofOdd n k hn).toRat.inv := Rat.toRat_toDyadic_le
+    have h_pos : 0 ≤ (ofOdd n k hn).toRat := by
+      rw [lt_iff_toRat, toRat_zero] at hx
+      exact Rat.le_of_lt hx
+    calc ((ofOdd n k hn).toRat.inv.toDyadic prec).toRat * (ofOdd n k hn).toRat
+        ≤ (ofOdd n k hn).toRat.inv * (ofOdd n k hn).toRat := Rat.mul_le_mul_of_nonneg_right h_le h_pos
+      _ = 1 := by
+        apply Rat.inv_mul_cancel
+        rw [lt_iff_toRat, toRat_zero] at hx
+        exact Rat.ne_of_gt hx
+
+/-- For a positive dyadic `x`, `1 < (invAtPrec x prec + 2^(-prec)) * x`. -/
+theorem one_lt_invAtPrec_add_inc_mul {x : Dyadic} (hx : 0 < x) (prec : Int) :
+    1 < (invAtPrec x prec + ofIntWithPrec 1 prec) * x := by
+  rw [lt_iff_toRat]
+  rw [toRat_mul]
+  rw [show (1 : Dyadic).toRat = (1 : Rat) from rfl]
+  unfold invAtPrec
+  cases x with
+  | zero =>
+    exfalso
+    contradiction
+  | ofOdd n k hn =>
+    simp only
+    have h_le : (ofOdd n k hn).toRat.inv < ((ofOdd n k hn).toRat.inv.toDyadic prec + ofIntWithPrec 1 prec).toRat :=
+      Rat.lt_toRat_toDyadic_add
+    have h_pos : 0 < (ofOdd n k hn).toRat := by
+      rwa [lt_iff_toRat, toRat_zero] at hx
+    calc
+      1 = (ofOdd n k hn).toRat.inv * (ofOdd n k hn).toRat := by
+        symm
+        apply Rat.inv_mul_cancel
+        rw [lt_iff_toRat, toRat_zero] at hx
+        exact Rat.ne_of_gt hx
+      _ < ((ofOdd n k hn).toRat.inv.toDyadic prec + ofIntWithPrec 1 prec).toRat * (ofOdd n k hn).toRat :=
+           Rat.mul_lt_mul_of_pos_right h_le h_pos
+
+-- TODO: `invAtPrec` is the unique dyadic with the given precision satisfying the two inequalities above.
+
+end Dyadic

src/Init/Data/Dyadic/Round.lean

@@ -0,0 +1,77 @@
+/-
+Copyright (c) 2025 Lean FRO, LLC. All rights reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Kim Morrison
+-/
+module
+
+prelude
+public import Init.Data.Dyadic.Basic
+import all Init.Data.Dyadic.Instances
+import Init.Data.Int.Bitwise.Lemmas
+import Init.Grind.Ordered.Rat
+import Init.Grind.Ordered.Field
+
+namespace Dyadic
+
+/-!
+Theorems about `roundUp` and `roundDown`.
+-/
+
+public section
+
+theorem roundDown_le {x : Dyadic} {prec : Int} : roundDown x prec ≤ x :=
+  match x with
+  | .zero => Dyadic.le_refl _
+  | .ofOdd n k _ => by
+    unfold roundDown
+    dsimp
+    match h : k - prec with
+    | .ofNat l =>
+      dsimp
+      rw [ofOdd_eq_ofIntWithPrec, le_iff_toRat]
+      replace h : k = Int.ofNat l + prec := by omega
+      subst h
+      simp only [toRat_ofIntWithPrec_eq_mul_two_pow]
+      rw [Int.neg_add, Rat.zpow_add (by decide), ← Rat.mul_assoc]
+      refine Lean.Grind.OrderedRing.mul_le_mul_of_nonneg_right ?_ (Rat.zpow_nonneg (by decide))
+      rw [Int.shiftRight_eq_div_pow]
+      rw [← Lean.Grind.Field.IsOrdered.mul_le_mul_iff_of_pos_right (c := 2^(Int.ofNat l)) (Rat.zpow_pos (by decide))]
+      simp only [Int.natCast_pow, Int.cast_ofNat_Int, Int.ofNat_eq_coe]
+      rw [Rat.mul_assoc, ← Rat.zpow_add (by decide), Int.add_left_neg, Rat.zpow_zero, Rat.mul_one]
+      have : (2 : Rat) ^ (l : Int) = (2 ^ l : Int) := by
+        rw [Rat.zpow_natCast, Rat.intCast_pow, Rat.intCast_ofNat]
+      rw [this, ← Rat.intCast_mul, Rat.intCast_le_intCast]
+      exact Int.ediv_mul_le n (Int.pow_ne_zero (by decide))
+    | .negSucc _ =>
+      apply Dyadic.le_refl
+
+theorem precision_roundDown {x : Dyadic} {prec : Int} : (roundDown x prec).precision ≤ some prec := by
+  unfold roundDown
+  match x with
+  | zero => simp [precision]
+  | ofOdd n k hn =>
+    dsimp
+    split
+    · rename_i n' h
+      by_cases h' : n >>> n' = 0
+      · simp [h']
+      · exact precision_ofIntWithPrec_le h' _
+    · simp [precision]
+      omega
+
+-- This theorem would characterize `roundDown` in terms of the order and `precision`.
+-- theorem le_roundDown {x y : Dyadic} {prec : Int} (h : y.precision ≤ some prec) (h' : y ≤ x) :
+--     y ≤ x.roundDown prec := sorry
+
+theorem le_roundUp {x : Dyadic} {prec : Int} : x ≤ roundUp x prec := by
+  rw [roundUp_eq_neg_roundDown_neg, Lean.Grind.OrderedAdd.le_neg_iff]
+  apply roundDown_le
+
+theorem precision_roundUp {x : Dyadic} {prec : Int} : (roundUp x prec).precision ≤ some prec := by
+  rw [roundUp_eq_neg_roundDown_neg, precision_neg]
+  exact precision_roundDown
+
+-- This theorem would characterize `roundUp` in terms of the order and `precision`.
+-- theorem roundUp_le {x y : Dyadic} {prec : Int} (h : y.precision ≤ some prec) (h' : x ≤ y) :
+--    x.roundUp prec ≤ y := sorry

src/Init/Data/Fin/Basic.lean

@@ -51,6 +51,11 @@ The assumption `NeZero n` ensures that `Fin n` is nonempty.
 @[expose] protected def ofNat (n : Nat) [NeZero n] (a : Nat) : Fin n :=
   ⟨a % n, Nat.mod_lt _ (pos_of_neZero n)⟩
 
+@[simp]
+theorem Internal.ofNat_eq_ofNat {n : Nat} {hn} {a : Nat} :
+  letI : NeZero n := ⟨Nat.pos_iff_ne_zero.1 hn⟩
+  Fin.Internal.ofNat n hn a = Fin.ofNat n a := rfl
+
 @[deprecated Fin.ofNat (since := "2025-05-28")]
 protected def ofNat' (n : Nat) [NeZero n] (a : Nat) : Fin n :=
   Fin.ofNat n a

src/Init/Data/Fin/Fold.lean

@@ -122,7 +122,7 @@ private theorem foldlM_loop [Monad m] (f : α → Fin (n+1) → m α) (x) (h : i
     rw [foldlM_loop_lt _ _ h', foldlM_loop]; rfl
   else
     cases Nat.le_antisymm (Nat.le_of_lt_succ h) (Nat.not_lt.1 h')
-    rw [foldlM_loop_lt]
+    rw [foldlM_loop_lt _ _ h]
     congr; funext
     rw [foldlM_loop_eq, foldlM_loop_eq]
 termination_by n - i

src/Init/Data/Fin/Lemmas.lean

@@ -25,12 +25,12 @@ namespace Fin
 
 @[deprecated ofNat_zero (since := "2025-05-28")] abbrev ofNat'_zero := @ofNat_zero
 
-theorem mod_def (a m : Fin n) : a % m = Fin.mk (a % m) (Nat.lt_of_le_of_lt (Nat.mod_le _ _) a.2) :=
+theorem mod_def (a m : Fin n) : a % m = Fin.mk (a.val % m.val) (Nat.lt_of_le_of_lt (Nat.mod_le _ _) a.2) :=
   rfl
 
-theorem mul_def (a b : Fin n) : a * b = Fin.mk ((a * b) % n) (Nat.mod_lt _ a.pos) := rfl
+theorem mul_def (a b : Fin n) : a * b = Fin.mk ((a.val * b.val) % n) (Nat.mod_lt _ a.pos) := rfl
 
-theorem sub_def (a b : Fin n) : a - b = Fin.mk (((n - b) + a) % n) (Nat.mod_lt _ a.pos) := rfl
+theorem sub_def (a b : Fin n) : a - b = Fin.mk (((n - b.val) + a.val) % n) (Nat.mod_lt _ a.pos) := rfl
 
 theorem pos' : ∀ [Nonempty (Fin n)], 0 < n | ⟨i⟩ => i.pos
 
@@ -81,7 +81,7 @@ theorem mk_val (i : Fin n) : (⟨i, i.isLt⟩ : Fin n) = i := Fin.eta ..
 
 @[deprecated ofNat_self (since := "2025-05-28")] abbrev ofNat'_self := @ofNat_self
 
-@[simp] theorem ofNat_val_eq_self [NeZero n] (x : Fin n) : (Fin.ofNat n x) = x := by
+@[simp] theorem ofNat_val_eq_self [NeZero n] (x : Fin n) : (Fin.ofNat n x.val) = x := by
   ext
   rw [val_ofNat, Nat.mod_eq_of_lt]
   exact x.2
@@ -121,8 +121,6 @@ Non-trivial loops lead to undesirable and counterintuitive elaboration behavior.
 For example, for `x : Fin k` and `n : Nat`,
 it causes `x < n` to be elaborated as `x < ↑n` rather than `↑x < n`,
 silently introducing wraparound arithmetic.
-
-Note: as of 2025-06-03, Mathlib has such a coercion for `Fin n` anyway!
 -/
 @[expose]
 def instNatCast (n : Nat) [NeZero n] : NatCast (Fin n) where
@@ -265,7 +263,7 @@ instance : LawfulOrderLT (Fin n) where
   lt_iff := by
     simp [← Fin.not_le, Decidable.imp_iff_not_or, Std.Total.total]
 
-@[simp, grind =] theorem val_rev (i : Fin n) : rev i = n - (i + 1) := rfl
+@[simp, grind =] theorem val_rev (i : Fin n) : (rev i).val = n - (i + 1) := rfl
 
 @[simp] theorem rev_rev (i : Fin n) : rev (rev i) = i := Fin.ext <| by
   rw [val_rev, val_rev, ← Nat.sub_sub, Nat.sub_sub_self (by exact i.2), Nat.add_sub_cancel]
@@ -500,9 +498,11 @@ theorem succ_succ_ne_one (a : Fin n) : Fin.succ (Fin.succ a) ≠ 1 :=
   ext
   simp
 
-@[simp] theorem cast_trans {k : Nat} (h : n = m) (h' : m = k) {i : Fin n} :
+@[simp, grind =] theorem cast_cast {k : Nat} (h : n = m) (h' : m = k) {i : Fin n} :
     (i.cast h).cast h' = i.cast (Eq.trans h h') := rfl
 
+@[deprecated cast_cast (since := "2025-09-03")] abbrev cast_trans := @cast_cast
+
 theorem castLE_of_eq {m n : Nat} (h : m = n) {h' : m ≤ n} : castLE h' = Fin.cast h := rfl
 
 @[simp] theorem coe_castAdd (m : Nat) (i : Fin n) : (castAdd m i : Nat) = i := rfl
@@ -531,7 +531,7 @@ theorem cast_castAdd_left {n n' m : Nat} (i : Fin n') (h : n' + m = n + m) :
     (i.castAdd m').cast h = i.castAdd m := rfl
 
 theorem castAdd_castAdd {m n p : Nat} (i : Fin m) :
-    (i.castAdd n).castAdd p = (i.castAdd (n + p)).cast (Nat.add_assoc ..).symm  := rfl
+    (i.castAdd n).castAdd p = (i.castAdd (n + p)).cast (Nat.add_assoc ..).symm := rfl
 
 /-- The cast of the successor is the successor of the cast. See `Fin.succ_cast_eq` for rewriting in
 the reverse direction. -/

src/Init/Data/Format/Basic.lean

@@ -8,7 +8,7 @@ module
 prelude
 public import Init.Control.State
 public import Init.Data.Int.Basic
-public import Init.Data.String.Basic
+public import Init.Data.String.Bootstrap
 
 public section
 
@@ -168,8 +168,8 @@ private def spaceUptoLine : Format → Bool → Int → Nat → SpaceResult
     else
       { foundLine := true }
   | text s,       flatten, _, _ =>
-    let p := s.posOf '\n'
-    let off := s.offsetOfPos p
+    let p := String.Internal.posOf s '\n'
+    let off := String.Internal.offsetOfPos s p
     { foundLine := p != s.endPos, foundFlattenedHardLine := flatten && p != s.endPos, space := off }
   | append f₁ f₂, flatten, m, w => merge w (spaceUptoLine f₁ flatten m w) (spaceUptoLine f₂ flatten m)
   | nest n f,     flatten, m, w => spaceUptoLine f flatten (m - n) w
@@ -263,15 +263,15 @@ private partial def be (w : Nat) [Monad m] [MonadPrettyFormat m] : List WorkGrou
     | append f₁ f₂ => be w (gs' ({ i with f := f₁, activeTags := 0 }::{ i with f := f₂ }::is))
     | nest n f => be w (gs' ({ i with f, indent := i.indent + n }::is))
     | text s =>
-      let p := s.posOf '\n'
+      let p := String.Internal.posOf s '\n'
       if p == s.endPos then
         pushOutput s
         endTags i.activeTags
         be w (gs' is)
       else
-        pushOutput (s.extract {} p)
+        pushOutput (String.Internal.extract s {} p)
         pushNewline i.indent.toNat
-        let is := { i with f := text (s.extract (s.next p) s.endPos) }::is
+        let is := { i with f := text (String.Internal.extract s (String.Internal.next s p) s.endPos) }::is
         -- after a hard line break, re-evaluate whether to flatten the remaining group
         -- note that we shouldn't start flattening after a hard break outside a group
         if g.fla == .disallow then
@@ -298,7 +298,7 @@ private partial def be (w : Nat) [Monad m] [MonadPrettyFormat m] : List WorkGrou
           pushGroup FlattenBehavior.fill is gs w >>= be w
         -- if preceding fill item fit in a single line, try to fit next one too
         if g.fla.shouldFlatten then
-          let gs'@(g'::_) ← pushGroup FlattenBehavior.fill is gs (w - " ".length)
+          let gs'@(g'::_) ← pushGroup FlattenBehavior.fill is gs (w - String.Internal.length " ")
             | panic "unreachable"
           if g'.fla.shouldFlatten then
             pushOutput " "
@@ -316,7 +316,7 @@ private partial def be (w : Nat) [Monad m] [MonadPrettyFormat m] : List WorkGrou
       else
         let k ← currColumn
         if k < i.indent then
-          pushOutput ("".pushn ' ' (i.indent - k).toNat)
+          pushOutput (String.Internal.pushn "" ' ' (i.indent - k).toNat)
           endTags i.activeTags
           be w (gs' is)
         else
@@ -350,7 +350,7 @@ Creates a format `l ++ f ++ r` with a flattening group, nesting the contents by
 The group's `FlattenBehavior` is `allOrNone`; for `fill` use `Std.Format.bracketFill`.
 -/
 @[inline] def bracket (l : String) (f : Format) (r : String) : Format :=
-  group (nest l.length $ l ++ f ++ r)
+  group (nest (String.Internal.length l) $ l ++ f ++ r)
 
 /--
 Creates the format `"(" ++ f ++ ")"` with a flattening group, nesting by one space.
@@ -372,7 +372,7 @@ Creates a format `l ++ f ++ r` with a flattening group, nesting the contents by
 The group's `FlattenBehavior` is `fill`; for `allOrNone` use `Std.Format.bracketFill`.
 -/
 @[inline] def bracketFill (l : String) (f : Format) (r : String) : Format :=
-  fill (nest l.length $ l ++ f ++ r)
+  fill (nest (String.Internal.length l) $ l ++ f ++ r)
 
 /-- The default indentation level, which is two spaces. -/
 def defIndent  := 2
@@ -397,8 +397,8 @@ private structure State where
 
 private instance : MonadPrettyFormat (StateM State) where
   -- We avoid a structure instance update, and write these functions using pattern matching because of issue #316
-  pushOutput s       := modify fun ⟨out, col⟩ => ⟨out ++ s, col + s.length⟩
-  pushNewline indent := modify fun ⟨out, _⟩ => ⟨out ++ "\n".pushn ' ' indent, indent⟩
+  pushOutput s       := modify fun ⟨out, col⟩ => ⟨String.Internal.append out s, col + (String.Internal.length s)⟩
+  pushNewline indent := modify fun ⟨out, _⟩ => ⟨String.Internal.append out (String.Internal.pushn "\n" ' ' indent), indent⟩
   currColumn         := return (← get).column
   startTag _         := return ()
   endTags _          := return ()

src/Init/Data/Format/Instances.lean

@@ -9,6 +9,7 @@ prelude
 public import Init.Data.Format.Basic
 public import Init.Data.Array.Basic
 public import Init.Data.ToString.Basic
+import Init.Data.String.Basic
 
 public section
 

src/Init/Data/Format/Syntax.lean

@@ -9,6 +9,8 @@ prelude
 public import Init.Data.Format.Macro
 public import Init.Data.Format.Instances
 public import Init.Meta
+import Init.Data.String.Basic
+import Init.Data.ToString.Name
 
 public section
 

src/Init/Data/Function.lean

@@ -3,15 +3,11 @@ Copyright (c) 2024 Lean FRO. All rights reserved.
 Released under Apache 2.0 license as described in the file LICENSE.
 Authors: Kim Morrison
 -/
-
 module
-
 prelude
 public import Init.Core
 public import Init.Grind.Tactics
-
 public section
-
 namespace Function
 
 /--
@@ -34,20 +30,108 @@ Examples:
 @[inline, expose]
 def uncurry : (α → β → φ) → α × β → φ := fun f a => f a.1 a.2
 
-@[simp, grind]
+@[simp, grind =]
 theorem curry_uncurry (f : α → β → φ) : curry (uncurry f) = f :=
   rfl
 
-@[simp, grind]
+@[simp, grind =]
 theorem uncurry_curry (f : α × β → φ) : uncurry (curry f) = f :=
   funext fun ⟨_a, _b⟩ => rfl
 
-@[simp, grind]
+@[simp, grind =]
 theorem uncurry_apply_pair {α β γ} (f : α → β → γ) (x : α) (y : β) : uncurry f (x, y) = f x y :=
   rfl
 
-@[simp, grind]
+@[simp, grind =]
 theorem curry_apply {α β γ} (f : α × β → γ) (x : α) (y : β) : curry f x y = f (x, y) :=
   rfl
 
+/-- A function `f : α → β` is called injective if `f x = f y` implies `x = y`. -/
+@[expose]
+def Injective (f : α → β) : Prop :=
+  ∀ ⦃a₁ a₂⦄, f a₁ = f a₂ → a₁ = a₂
+
+theorem Injective.comp {α β γ} {g : β → γ} {f : α → β} (hg : Injective g) (hf : Injective f) :
+    Injective (g ∘ f) := fun _a₁ _a₂ => fun h => hf (hg h)
+
+/-- A function `f : α → β` is called surjective if every `b : β` is equal to `f a`
+for some `a : α`. -/
+@[expose]
+def Surjective (f : α → β) : Prop :=
+  ∀ b, Exists fun a => f a = b
+
+theorem Surjective.comp {α β γ} {g : β → γ} {f : α → β} (hg : Surjective g) (hf : Surjective f) :
+    Surjective (g ∘ f) := fun c : γ =>
+  Exists.elim (hg c) fun b hb =>
+    Exists.elim (hf b) fun a ha =>
+      Exists.intro a (show g (f a) = c from Eq.trans (congrArg g ha) hb)
+
+/-- `LeftInverse g f` means that `g` is a left inverse to `f`. That is, `g ∘ f = id`. -/
+@[expose, grind]
+def LeftInverse {α β} (g : β → α) (f : α → β) : Prop :=
+  ∀ x, g (f x) = x
+
+/-- `HasLeftInverse f` means that `f` has an unspecified left inverse. -/
+@[expose]
+def HasLeftInverse {α β} (f : α → β) : Prop :=
+  Exists fun finv : β → α => LeftInverse finv f
+
+/-- `RightInverse g f` means that `g` is a right inverse to `f`. That is, `f ∘ g = id`. -/
+@[expose, grind]
+def RightInverse {α β} (g : β → α) (f : α → β) : Prop :=
+  LeftInverse f g
+
+/-- `HasRightInverse f` means that `f` has an unspecified right inverse. -/
+@[expose]
+def HasRightInverse {α β} (f : α → β) : Prop :=
+  Exists fun finv : β → α => RightInverse finv f
+
+theorem LeftInverse.injective {α β} {g : β → α} {f : α → β} : LeftInverse g f → Injective f :=
+  fun h a b faeqfb => ((h a).symm.trans (congrArg g faeqfb)).trans (h b)
+
+theorem HasLeftInverse.injective {α β} {f : α → β} : HasLeftInverse f → Injective f := fun h =>
+  Exists.elim h fun _finv inv => inv.injective
+
+theorem rightInverse_of_injective_of_leftInverse {α β} {f : α → β} {g : β → α} (injf : Injective f)
+    (lfg : LeftInverse f g) : RightInverse f g := fun x =>
+  have h : f (g (f x)) = f x := lfg (f x)
+  injf h
+
+theorem RightInverse.surjective {α β} {f : α → β} {g : β → α} (h : RightInverse g f) : Surjective f :=
+  fun y => ⟨g y, h y⟩
+
+theorem HasRightInverse.surjective {α β} {f : α → β} : HasRightInverse f → Surjective f
+  | ⟨_finv, inv⟩ => inv.surjective
+
+theorem leftInverse_of_surjective_of_rightInverse {α β} {f : α → β} {g : β → α} (surjf : Surjective f)
+    (rfg : RightInverse f g) : LeftInverse f g := fun y =>
+  Exists.elim (surjf y) fun x hx => ((hx ▸ rfl : f (g y) = f (g (f x))).trans (Eq.symm (rfg x) ▸ rfl)).trans hx
+
+theorem injective_id : Injective (@id α) := fun _a₁ _a₂ h => h
+
+theorem surjective_id : Surjective (@id α) := fun a => ⟨a, rfl⟩
+
+variable {f : α → β}
+
+theorem Injective.eq_iff (I : Injective f) {a b : α} : f a = f b ↔ a = b :=
+  ⟨@I _ _, congrArg f⟩
+
+theorem Injective.eq_iff' (I : Injective f) {a b : α} {c : β} (h : f b = c) : f a = c ↔ a = b :=
+  h ▸ I.eq_iff
+
+theorem Injective.ne (hf : Injective f) {a₁ a₂ : α} : a₁ ≠ a₂ → f a₁ ≠ f a₂ :=
+  mt fun h ↦ hf h
+
+theorem Injective.ne_iff (hf : Injective f) {x y : α} : f x ≠ f y ↔ x ≠ y :=
+  ⟨mt <| congrArg f, hf.ne⟩
+
+theorem Injective.ne_iff' (hf : Injective f) {x y : α} {z : β} (h : f y = z) : f x ≠ z ↔ x ≠ y :=
+  h ▸ hf.ne_iff
+
+protected theorem LeftInverse.id {α β} {g : β → α} {f : α → β} (h : LeftInverse g f) : g ∘ f = id :=
+  funext h
+
+protected theorem RightInverse.id {α β} {g : β → α} {f : α → β} (h : RightInverse g f) : f ∘ g = id :=
+  funext h
+
 end Function

src/Init/Data/Int/Basic.lean

@@ -31,6 +31,7 @@ This file defines the `Int` type as well as
 Division and modulus operations are defined in `Init.Data.Int.DivMod.Basic`.
 -/
 
+set_option genCtorIdx false in
 /--
 The integers.
 
@@ -320,6 +321,8 @@ def natAbs (m : @& Int) : Nat :=
   | ofNat m => m
   | -[m +1] => m.succ
 
+attribute [gen_constructor_elims] Int
+
 /-! ## sign -/
 
 /--

src/Init/Data/Int/Bitwise/Basic.lean

@@ -50,4 +50,21 @@ protected def shiftRight : Int → Nat → Int
 
 instance : HShiftRight Int Nat Int := ⟨.shiftRight⟩
 
+/--
+Bitwise left shift, usually accessed via the `<<<` operator.
+
+Examples:
+ * `1 <<< 2 = 4`
+ * `1 <<< 3 = 8`
+ * `0 <<< 3 = 0`
+ * `0xf1 <<< 4 = 0xf10`
+ * `(-1) <<< 3 = -8`
+-/
+@[expose]
+protected def shiftLeft : Int → Nat → Int
+  | Int.ofNat n, s => Int.ofNat (n <<< s)
+  | Int.negSucc n, s => Int.negSucc (((n + 1) <<< s) - 1)
+
+instance : HShiftLeft Int Nat Int := ⟨.shiftLeft⟩
+
 end Int

src/Init/Data/Int/Bitwise/Lemmas.lean

@@ -7,7 +7,8 @@ module
 
 prelude
 public import Init.Data.Nat.Bitwise.Lemmas
-public import all Init.Data.Int.Bitwise.Basic
+public import Init.Data.Int.Bitwise.Basic
+import all Init.Data.Int.Bitwise.Basic
 public import Init.Data.Int.DivMod.Lemmas
 
 public section
@@ -16,8 +17,8 @@ namespace Int
 
 theorem shiftRight_eq (n : Int) (s : Nat) : n >>> s = Int.shiftRight n s := rfl
 
-@[simp]
-theorem natCast_shiftRight (n s : Nat) : (n : Int) >>> s = n >>> s := rfl
+@[simp, norm_cast]
+theorem natCast_shiftRight (n s : Nat) : n >>> s = (n : Int) >>> s := rfl
 
 @[simp]
 theorem negSucc_shiftRight (m n : Nat) :
@@ -37,11 +38,11 @@ theorem shiftRight_eq_div_pow (m : Int) (n : Nat) :
   · rw [negSucc_ediv _ (by norm_cast; exact Nat.pow_pos (Nat.zero_lt_two))]
     rfl
 
-@[simp]
+@[simp, grind =]
 theorem zero_shiftRight (n : Nat) : (0 : Int) >>> n = 0 := by
   simp [Int.shiftRight_eq_div_pow]
 
-@[simp]
+@[simp, grind =]
 theorem shiftRight_zero (n : Int) : n >>> 0 = n := by
   simp [Int.shiftRight_eq_div_pow]
 
@@ -67,7 +68,7 @@ theorem shiftRight_le_of_nonneg {n : Int} {s : Nat} (h : 0 ≤ n) : n >>> s ≤
     by_cases hm : m = 0
     · simp [hm]
     · have := Nat.shiftRight_le m s
-      simp
+      rw [ofNat_eq_coe]
       omega
   case _ _ _ m =>
     omega
@@ -88,4 +89,94 @@ theorem shiftRight_le_of_nonpos {n : Int} {s : Nat} (h : n ≤ 0) : (n >>> s)
     have rl : n / 2 ^ s ≤ 0 := Int.ediv_nonpos_of_nonpos_of_neg (by omega) (by norm_cast at *; omega)
     norm_cast at *
 
+@[simp, norm_cast]
+theorem natCast_shiftLeft (n s : Nat) : n <<< s = (n : Int) <<< s := rfl
+
+@[simp, grind =]
+theorem zero_shiftLeft (n : Nat) : (0 : Int) <<< n = 0 := by
+  change ((0 <<< n : Nat) : Int) = 0
+  simp
+
+@[simp, grind =]
+theorem shiftLeft_zero (n : Int) : n <<< 0 = n := by
+  change Int.shiftLeft _ _ = _
+  match n with
+  | Int.ofNat n
+  | Int.negSucc n => simp [Int.shiftLeft]
+
+theorem shiftLeft_succ (m : Int) (n : Nat) : m <<< (n + 1) = (m <<< n) * 2 := by
+  change Int.shiftLeft _ _ = Int.shiftLeft _ _ * 2
+  match m with
+  | (m : Nat) =>
+    dsimp only [Int.shiftLeft, Int.ofNat_eq_coe]
+    rw [Nat.shiftLeft_succ, Nat.mul_comm, natCast_mul, ofNat_two]
+  | Int.negSucc m =>
+    dsimp only [Int.shiftLeft]
+    rw [Nat.shiftLeft_succ, Nat.mul_comm, Int.negSucc_eq]
+    have := Nat.le_shiftLeft (a := m + 1) (b := n)
+    omega
+
+theorem shiftLeft_succ' (m : Int) (n : Nat) : m <<< (n + 1) = 2 * (m <<< n) := by
+  rw [shiftLeft_succ, Int.mul_comm]
+
+theorem shiftLeft_eq (a : Int) (b : Nat) : a <<< b = a * 2 ^ b := by
+  induction b with
+  | zero => simp
+  | succ b ih =>
+    rw [shiftLeft_succ, ih, Int.pow_succ, Int.mul_assoc]
+
+theorem shiftLeft_eq' (a : Int) (b : Nat) : a <<< b = a * (2 ^ b : Nat) := by
+  simp [shiftLeft_eq]
+
+theorem shiftLeft_add (a : Int) (b c : Nat) : a <<< (b + c) = a <<< b <<< c := by
+  simp [shiftLeft_eq, Int.pow_add, Int.mul_assoc]
+
+@[simp]
+theorem shiftLeft_shiftRight_cancel (a : Int) (b : Nat) : a <<< b >>> b = a := by
+  simp [shiftLeft_eq, shiftRight_eq_div_pow, mul_ediv_cancel _ (NeZero.ne _)]
+
+theorem shiftLeft_shiftRight_eq_shiftLeft_of_le {b c : Nat} (h : c ≤ b) (a : Int) :
+    a <<< b >>> c = a <<< (b - c) := by
+  obtain ⟨b, rfl⟩ := h.dest
+  simp [shiftLeft_eq, Int.pow_add, shiftRight_eq_div_pow, Int.mul_left_comm a,
+    Int.mul_ediv_cancel_left _ (NeZero.ne _)]
+
+theorem shiftLeft_shiftRight_eq_shiftRight_of_le {b c : Nat} (h : b ≤ c) (a : Int) :
+    a <<< b >>> c = a >>> (c - b) := by
+  obtain ⟨c, rfl⟩ := h.dest
+  simp [shiftRight_add]
+
+theorem shiftLeft_shiftRight_eq (a : Int) (b c : Nat) :
+    a <<< b >>> c = a <<< (b - c) >>> (c - b) := by
+  rcases Nat.le_total b c with h | h
+  · simp [shiftLeft_shiftRight_eq_shiftRight_of_le h, Nat.sub_eq_zero_of_le h]
+  · simp [shiftLeft_shiftRight_eq_shiftLeft_of_le h, Nat.sub_eq_zero_of_le h]
+
+@[simp]
+theorem shiftRight_shiftLeft_cancel {a : Int} {b : Nat} (h : 2 ^ b ∣ a) : a >>> b <<< b = a := by
+  simp [shiftLeft_eq, shiftRight_eq_div_pow, Int.ediv_mul_cancel h]
+
+theorem add_shiftLeft (a b : Int) (n : Nat) : (a + b) <<< n = a <<< n + b <<< n := by
+  simp [shiftLeft_eq, Int.add_mul]
+
+theorem neg_shiftLeft (a : Int) (n : Nat) : (-a) <<< n = -a <<< n := by
+  simp [Int.shiftLeft_eq, Int.neg_mul]
+
+theorem shiftLeft_mul (a b : Int) (n : Nat) : a <<< n * b = (a * b) <<< n := by
+  simp [shiftLeft_eq, Int.mul_right_comm]
+
+theorem mul_shiftLeft (a b : Int) (n : Nat) : a * b <<< n = (a * b) <<< n := by
+  simp [shiftLeft_eq, Int.mul_assoc]
+
+theorem shiftLeft_mul_shiftLeft (a b : Int) (m n : Nat) :
+    a <<< m * b <<< n = (a * b) <<< (m + n) := by
+  simp [shiftLeft_mul, mul_shiftLeft, shiftLeft_add]
+
+@[simp]
+theorem shiftLeft_eq_zero_iff {a : Int} {n : Nat} : a <<< n = 0 ↔ a = 0 := by
+  simp [shiftLeft_eq, Int.mul_eq_zero, NeZero.ne]
+
+instance {a : Int} {n : Nat} [NeZero a] : NeZero (a <<< n) :=
+  ⟨mt shiftLeft_eq_zero_iff.mp (NeZero.ne _)⟩
+
 end Int

src/Init/Data/Int/Compare.lean

@@ -6,7 +6,8 @@ Authors: Leonardo de Moura, Jeremy Avigad, Mario Carneiro, Paul Reichert
 module
 
 prelude
-public import all Init.Data.Ord
+public import Init.Data.Ord.Basic
+import all Init.Data.Ord.Basic
 public import Init.Data.Int.Order
 
 public section

src/Init/Data/Int/DivMod/Bootstrap.lean

@@ -97,7 +97,7 @@ theorem ofNat_emod (m n : Nat) : (↑(m % n) : Int) = m % n := natCast_emod m n
 
 /-! ### mod definitions -/
 
-theorem emod_add_ediv : ∀ a b : Int, a % b + b * (a / b) = a
+theorem emod_add_mul_ediv : ∀ a b : Int, a % b + b * (a / b) = a
   | ofNat _, ofNat _ => congrArg ofNat <| Nat.mod_add_div ..
   | ofNat m, -[n+1] => by
     change (m % succ n + -↑(succ n) * -↑(m / succ n) : Int) = m
@@ -111,19 +111,35 @@ where
       ← Int.neg_neg (_-_), Int.neg_sub, Int.sub_sub_self, Int.add_right_comm]
     exact congrArg (fun x => -(ofNat x + 1)) (Nat.mod_add_div ..)
 
-/-- Variant of `emod_add_ediv` with the multiplication written the other way around. -/
-theorem emod_add_ediv' (a b : Int) : a % b + a / b * b = a := by
-  rw [Int.mul_comm]; exact emod_add_ediv ..
+@[deprecated emod_add_mul_ediv (since := "2025-09-01")]
+def emod_add_ediv := @emod_add_mul_ediv
 
-theorem ediv_add_emod (a b : Int) : b * (a / b) + a % b = a := by
-  rw [Int.add_comm]; exact emod_add_ediv ..
+theorem emod_add_ediv_mul (a b : Int) : a % b + a / b * b = a := by
+  rw [Int.mul_comm]; exact emod_add_mul_ediv ..
 
-/-- Variant of `ediv_add_emod` with the multiplication written the other way around. -/
-theorem ediv_add_emod' (a b : Int) : a / b * b + a % b = a := by
-  rw [Int.mul_comm]; exact ediv_add_emod ..
+@[deprecated emod_add_ediv_mul (since := "2025-09-01")]
+def emod_add_ediv' := @emod_add_ediv_mul
+
+theorem mul_ediv_add_emod (a b : Int) : b * (a / b) + a % b = a := by
+  rw [Int.add_comm]; exact emod_add_mul_ediv ..
+
+@[deprecated mul_ediv_add_emod (since := "2025-09-01")]
+def ediv_add_emod := @mul_ediv_add_emod
+
+theorem ediv_mul_add_emod (a b : Int) : a / b * b + a % b = a := by
+  rw [Int.mul_comm]; exact mul_ediv_add_emod ..
+
+@[deprecated ediv_mul_add_emod (since := "2025-09-01")]
+def ediv_add_emod' := @ediv_mul_add_emod
 
 theorem emod_def (a b : Int) : a % b = a - b * (a / b) := by
-  rw [← Int.add_sub_cancel (a % b), emod_add_ediv]
+  rw [← Int.add_sub_cancel (a % b), emod_add_mul_ediv]
+
+theorem mul_ediv_self (a b : Int) : b * (a / b) = a - a % b := by
+  rw [emod_def, Int.sub_sub_self]
+
+theorem ediv_mul_self (a b : Int) : a / b * b = a - a % b := by
+  rw [Int.mul_comm, emod_def, Int.sub_sub_self]
 
 /-! ### `/` ediv -/
 
@@ -226,7 +242,7 @@ theorem add_mul_emod_self {a b c : Int} : (a + b * c) % c = a % c :=
 
 @[simp] theorem emod_add_emod (m n k : Int) : (m % n + k) % n = (m + k) % n := by
   have := (add_mul_emod_self_left (m % n + k) n (m / n)).symm
-  rwa [Int.add_right_comm, emod_add_ediv] at this
+  rwa [Int.add_right_comm, emod_add_mul_ediv] at this
 
 @[simp] theorem add_emod_emod (m n k : Int) : (m + n % k) % k = (m + n) % k := by
   rw [Int.add_comm, emod_add_emod, Int.add_comm]
@@ -252,7 +268,7 @@ theorem emod_add_cancel_right {m n k : Int} (i) : (m + i) % n = (k + i) % n ↔
 
 theorem mul_emod (a b n : Int) : (a * b) % n = (a % n) * (b % n) % n := by
   conv => lhs; rw [
-    ← emod_add_ediv a n, ← emod_add_ediv' b n, Int.add_mul, Int.mul_add, Int.mul_add,
+    ← emod_add_mul_ediv a n, ← emod_add_ediv_mul b n, Int.add_mul, Int.mul_add, Int.mul_add,
     Int.mul_assoc, Int.mul_assoc, ← Int.mul_add n _ _, add_mul_emod_self_left,
     ← Int.mul_assoc, add_mul_emod_self_right]
 
@@ -261,7 +277,7 @@ theorem mul_emod (a b n : Int) : (a * b) % n = (a % n) * (b % n) % n := by
 
 @[simp] theorem emod_emod_of_dvd (n : Int) {m k : Int}
     (h : m ∣ k) : (n % k) % m = n % m := by
-  conv => rhs; rw [← emod_add_ediv n k]
+  conv => rhs; rw [← emod_add_mul_ediv n k]
   match k, h with
   | _, ⟨t, rfl⟩ => rw [Int.mul_assoc, add_mul_emod_self_left]
 
@@ -275,7 +291,7 @@ theorem sub_emod (a b n : Int) : (a - b) % n = (a % n - b % n) % n := by
 /-! ### properties of `/` and `%` -/
 
 theorem mul_ediv_cancel_of_emod_eq_zero {a b : Int} (H : a % b = 0) : b * (a / b) = a := by
-  have := emod_add_ediv a b; rwa [H, Int.zero_add] at this
+  have := emod_add_mul_ediv a b; rwa [H, Int.zero_add] at this
 
 theorem ediv_mul_cancel_of_emod_eq_zero {a b : Int} (H : a % b = 0) : a / b * b = a := by
   rw [Int.mul_comm, mul_ediv_cancel_of_emod_eq_zero H]
@@ -326,11 +342,11 @@ theorem emod_pos_of_not_dvd {a b : Int} (h : ¬ a ∣ b) : a = 0 ∨ 0 < b % a :
 theorem mul_ediv_self_le {x k : Int} (h : k ≠ 0) : k * (x / k) ≤ x :=
   calc k * (x / k)
     _ ≤ k * (x / k) + x % k := Int.le_add_of_nonneg_right (emod_nonneg x h)
-    _ = x                   := ediv_add_emod _ _
+    _ = x                   := mul_ediv_add_emod _ _
 
 theorem lt_mul_ediv_self_add {x k : Int} (h : 0 < k) : x < k * (x / k) + k :=
   calc x
-    _ = k * (x / k) + x % k := (ediv_add_emod _ _).symm
+    _ = k * (x / k) + x % k := (mul_ediv_add_emod _ _).symm
     _ < k * (x / k) + k     := Int.add_lt_add_left (emod_lt_of_pos x h) _
 
 /-! ### bmod -/

src/Init/Data/Int/DivMod/Lemmas.lean

@@ -26,6 +26,10 @@ namespace Int
 
 @[simp high] theorem natCast_eq_zero {n : Nat} : (n : Int) = 0 ↔ n = 0 := by omega
 
+instance {n : Nat} [NeZero n] : NeZero (n : Int) := ⟨mt Int.natCast_eq_zero.mp (NeZero.ne _)⟩
+instance {n : Nat} [NeZero n] : NeZero (no_index (OfNat.ofNat n) : Int) :=
+  ⟨mt Int.natCast_eq_zero.mp (NeZero.ne _)⟩
+
 protected theorem exists_add_of_le {a b : Int} (h : a ≤ b) : ∃ (c : Nat), b = a + c :=
   ⟨(b - a).toNat, by omega⟩
 
@@ -330,7 +334,7 @@ theorem fdiv_eq_ediv_of_dvd {a b : Int} (h : b ∣ a) : a.fdiv b = a / b := by
 
 /-! ### mod definitions -/
 
-theorem tmod_add_tdiv : ∀ a b : Int, tmod a b + b * (a.tdiv b) = a
+theorem tmod_add_mul_tdiv : ∀ a b : Int, tmod a b + b * (a.tdiv b) = a
   | ofNat _, ofNat _ => congrArg ofNat (Nat.mod_add_div ..)
   | ofNat m, -[n+1] => by
     change (m % succ n + -↑(succ n) * -↑(m / succ n) : Int) = m
@@ -347,21 +351,37 @@ theorem tmod_add_tdiv : ∀ a b : Int, tmod a b + b * (a.tdiv b) = a
     rw [Int.neg_mul, ← Int.neg_add]
     exact congrArg (-ofNat ·) (Nat.mod_add_div ..)
 
-theorem tdiv_add_tmod (a b : Int) : b * a.tdiv b + tmod a b = a := by
-  rw [Int.add_comm]; apply tmod_add_tdiv ..
+@[deprecated tmod_add_mul_tdiv (since := "2025-09-01")]
+def tmod_add_tdiv := @tmod_add_mul_tdiv
 
-/-- Variant of `tmod_add_tdiv` with the multiplication written the other way around. -/
-theorem tmod_add_tdiv' (m k : Int) : tmod m k + m.tdiv k * k = m := by
-  rw [Int.mul_comm]; apply tmod_add_tdiv
+theorem mul_tdiv_add_tmod (a b : Int) : b * a.tdiv b + tmod a b = a := by
+  rw [Int.add_comm]; apply tmod_add_mul_tdiv ..
 
-/-- Variant of `tdiv_add_tmod` with the multiplication written the other way around. -/
-theorem tdiv_add_tmod' (m k : Int) : m.tdiv k * k + tmod m k = m := by
-  rw [Int.mul_comm]; apply tdiv_add_tmod
+@[deprecated mul_tdiv_add_tmod (since := "2025-09-01")]
+def tdiv_add_tmod := @mul_tdiv_add_tmod
+
+theorem tmod_add_tdiv_mul (m k : Int) : tmod m k + m.tdiv k * k = m := by
+  rw [Int.mul_comm]; apply tmod_add_mul_tdiv
+
+@[deprecated tmod_add_tdiv_mul (since := "2025-09-01")]
+def tmod_add_tdiv' := @tmod_add_mul_tdiv
+
+theorem tdiv_mul_add_tmod (m k : Int) : m.tdiv k * k + tmod m k = m := by
+  rw [Int.mul_comm]; apply mul_tdiv_add_tmod
+
+@[deprecated tdiv_mul_add_tmod (since := "2025-09-01")]
+def tdiv_add_tmod' := @tdiv_mul_add_tmod
 
 theorem tmod_def (a b : Int) : tmod a b = a - b * a.tdiv b := by
-  rw [← Int.add_sub_cancel (tmod a b), tmod_add_tdiv]
+  rw [← Int.add_sub_cancel (tmod a b), tmod_add_mul_tdiv]
 
-theorem fmod_add_fdiv : ∀ a b : Int, a.fmod b + b * a.fdiv b = a
+theorem mul_tdiv_self (a b : Int) : b * (a.tdiv b) = a - a.tmod b := by
+  rw [tmod_def, Int.sub_sub_self]
+
+theorem tdiv_mul_self (a b : Int) : a.tdiv b * b = a - a.tmod b := by
+  rw [Int.mul_comm, tmod_def, Int.sub_sub_self]
+
+theorem fmod_add_mul_fdiv : ∀ a b : Int, a.fmod b + b * a.fdiv b = a
   | 0, ofNat _ | 0, -[_+1] => congrArg ofNat <| by simp
   | succ _, ofNat _ => congrArg ofNat <| Nat.mod_add_div ..
   | succ m, -[n+1] => by
@@ -378,19 +398,35 @@ theorem fmod_add_fdiv : ∀ a b : Int, a.fmod b + b * a.fdiv b = a
     change -(↑(succ m % succ n) : Int) + -↑(succ n * (succ m / succ n)) = -↑(succ m)
     rw [← Int.neg_add]; exact congrArg (-ofNat ·) <| Nat.mod_add_div ..
 
-/-- Variant of `fmod_add_fdiv` with the multiplication written the other way around. -/
-theorem fmod_add_fdiv' (a b : Int) : a.fmod b + (a.fdiv b) * b = a := by
-  rw [Int.mul_comm]; exact fmod_add_fdiv ..
+@[deprecated fmod_add_mul_fdiv (since := "2025-09-01")]
+def fmod_add_fdiv := @fmod_add_mul_fdiv
 
-theorem fdiv_add_fmod (a b : Int) : b * a.fdiv b + a.fmod b = a := by
-  rw [Int.add_comm]; exact fmod_add_fdiv ..
+theorem fmod_add_fdiv_mul (a b : Int) : a.fmod b + (a.fdiv b) * b = a := by
+  rw [Int.mul_comm]; exact fmod_add_mul_fdiv ..
 
-/-- Variant of `fdiv_add_fmod` with the multiplication written the other way around. -/
-theorem fdiv_add_fmod' (a b : Int) : (a.fdiv b) * b + a.fmod b = a := by
-  rw [Int.mul_comm]; exact fdiv_add_fmod ..
+@[deprecated fmod_add_fdiv_mul (since := "2025-09-01")]
+def fmod_add_fdiv' := @fmod_add_fdiv_mul
+
+theorem mul_fdiv_add_fmod (a b : Int) : b * a.fdiv b + a.fmod b = a := by
+  rw [Int.add_comm]; exact fmod_add_mul_fdiv ..
+
+@[deprecated mul_fdiv_add_fmod (since := "2025-09-01")]
+def fdiv_add_fmod := @mul_fdiv_add_fmod
+
+theorem fdiv_mul_add_fmod (a b : Int) : (a.fdiv b) * b + a.fmod b = a := by
+  rw [Int.mul_comm]; exact mul_fdiv_add_fmod ..
+
+@[deprecated mul_fdiv_add_fmod (since := "2025-09-01")]
+def fdiv_add_fmod' := @mul_fdiv_add_fmod
 
 theorem fmod_def (a b : Int) : a.fmod b = a - b * a.fdiv b := by
-  rw [← Int.add_sub_cancel (a.fmod b), fmod_add_fdiv]
+  rw [← Int.add_sub_cancel (a.fmod b), fmod_add_mul_fdiv]
+
+theorem mul_fdiv_self (a b : Int) : b * (a.fdiv b) = a - a.fmod b := by
+  rw [fmod_def, Int.sub_sub_self]
+
+theorem fdiv_mul_self (a b : Int) : a.fdiv b * b = a - a.fmod b := by
+  rw [Int.mul_comm, fmod_def, Int.sub_sub_self]
 
 /-! ### mod equivalences  -/
 
@@ -769,7 +805,7 @@ protected theorem ediv_emod_unique {a b r q : Int} (h : 0 < b) :
     a / b = q ∧ a % b = r ↔ r + b * q = a ∧ 0 ≤ r ∧ r < b := by
   constructor
   · intro ⟨rfl, rfl⟩
-    exact ⟨emod_add_ediv a b, emod_nonneg _ (Int.ne_of_gt h), emod_lt_of_pos _ h⟩
+    exact ⟨emod_add_mul_ediv a b, emod_nonneg _ (Int.ne_of_gt h), emod_lt_of_pos _ h⟩
   · intro ⟨rfl, hz, hb⟩
     constructor
     · rw [Int.add_mul_ediv_left r q (Int.ne_of_gt h), ediv_eq_zero_of_lt hz hb]
@@ -793,7 +829,7 @@ theorem neg_ediv {a b : Int} : (-a) / b = -(a / b) - if b ∣ a then 0 else b.si
   if hb : b = 0 then
     simp [hb]
   else
-    conv => lhs; rw [← ediv_add_emod a b]
+    conv => lhs; rw [← mul_ediv_add_emod a b]
     rw [Int.neg_add, ← Int.mul_neg, mul_add_ediv_left _ _ hb, Int.add_comm]
     split <;> rename_i h
     · rw [emod_eq_zero_of_dvd h]
@@ -956,6 +992,12 @@ theorem neg_mul_ediv_cancel_left (a b : Int) (h : a ≠ 0) : -(a * b) / a = -b :
 @[simp] theorem emod_one (a : Int) : a % 1 = 0 := by
   simp [emod_def, Int.one_mul, Int.sub_self]
 
+theorem ediv_minus_one (a : Int) : a / (-1) = -a := by
+  simp
+
+theorem emod_minus_one (a : Int) : a % (-1) = 0 := by
+  simp
+
 @[deprecated sub_emod_right (since := "2025-04-11")]
 theorem emod_sub_cancel (x y : Int) : (x - y) % y = x % y :=
   sub_emod_right ..
@@ -1077,6 +1119,10 @@ theorem emod_natAbs_of_neg {x : Int} (h : x < 0) {n : Nat} (w : n ≠ 0) :
 protected theorem ediv_mul_le (a : Int) {b : Int} (H : b ≠ 0) : a / b * b ≤ a :=
   Int.le_of_sub_nonneg <| by rw [Int.mul_comm, ← emod_def]; apply emod_nonneg _ H
 
+protected theorem lt_ediv_mul (a : Int) {b : Int} (H : 0 < b) : a - b < a / b * b := by
+  rw [ediv_mul_self, Int.sub_lt_sub_left_iff]
+  exact emod_lt_of_pos a H
+
 theorem le_of_mul_le_mul_left {a b c : Int} (w : a * b ≤ a * c) (h : 0 < a) : b ≤ c := by
   have w := Int.sub_nonneg_of_le w
   rw [← Int.mul_sub] at w
@@ -1167,9 +1213,9 @@ theorem ediv_eq_iff_of_pos {k x y : Int} (h : 0 < k) : x / k = y ↔ y * k ≤ x
 theorem add_ediv_of_pos {a b c : Int} (h : 0 < c) :
     (a + b) / c = a / c + b / c + if c ≤ a % c + b % c then 1 else 0 := by
   have h' : c ≠ 0 := by omega
-  conv => lhs; rw [← Int.ediv_add_emod a c]
+  conv => lhs; rw [← Int.mul_ediv_add_emod a c]
   rw [Int.add_assoc, Int.mul_add_ediv_left _ _ h']
-  conv => lhs; rw [← Int.ediv_add_emod b c]
+  conv => lhs; rw [← Int.mul_ediv_add_emod b c]
   rw [Int.add_comm (a % c), Int.add_assoc, Int.mul_add_ediv_left _ _ h',
     ← Int.add_assoc, Int.add_comm (b % c)]
   congr
@@ -1200,7 +1246,7 @@ theorem not_dvd_iff_lt_mul_succ (m : Int) (hn : 0 < n) :
     ¬n ∣ m ↔ (∃ k, n * k < m ∧ m < n * (k + 1)) := by
   refine ⟨fun h ↦ ?_, ?_⟩
   · rw [dvd_iff_emod_eq_zero, ← Ne] at h
-    rw [← emod_add_ediv m n]
+    rw [← emod_add_mul_ediv m n]
     refine ⟨m / n, Int.lt_add_of_pos_left _ ?_, ?_⟩
     · have := emod_nonneg m (Int.ne_of_gt hn)
       omega
@@ -1212,6 +1258,26 @@ theorem not_dvd_iff_lt_mul_succ (m : Int) (hn : 0 < n) :
     rw [Int.lt_add_one_iff, ← Int.not_lt] at h2k
     exact h2k h1k
 
+private theorem ediv_ediv_of_pos {x y z : Int} (hy : 0 < y) (hz : 0 < z) :
+    x / y / z = x / (y * z) := by
+  rw [eq_comm, Int.ediv_eq_iff_of_pos (Int.mul_pos hy hz)]
+  constructor
+  · rw [Int.mul_comm y, ← Int.mul_assoc]
+    exact Int.le_trans
+      (Int.mul_le_mul_of_nonneg_right (Int.ediv_mul_le _ (Int.ne_of_gt hz)) (Int.le_of_lt hy))
+      (Int.ediv_mul_le x (Int.ne_of_gt hy))
+  · rw [Int.mul_comm y, ← Int.mul_assoc, ← Int.add_mul, Int.mul_comm _ z]
+    exact Int.lt_mul_of_ediv_lt hy (Int.lt_mul_ediv_self_add hz)
+
+theorem ediv_ediv {x y z : Int} (hy : 0 ≤ y) : x / y / z = x / (y * z) := by
+  rcases y with (_ | a) | a
+  · simp
+  · rcases z with (_ | b) | b
+    · simp
+    · simp [ediv_ediv_of_pos]
+    · simp [Int.negSucc_eq, Int.mul_neg, ediv_ediv_of_pos]
+  · simp at hy
+
 /-! ### tdiv -/
 
 -- `tdiv` analogues of `ediv` lemmas from `Bootstrap.lean`
@@ -1455,7 +1521,7 @@ theorem sign_tmod (a b : Int) : sign (tmod a b) = if b ∣ a then 0 else sign a
 -- Analogues of statements about `ediv` and `emod` from `Bootstrap.lean`
 
 theorem mul_tdiv_cancel_of_tmod_eq_zero {a b : Int} (H : a.tmod b = 0) : b * (a.tdiv b) = a := by
-  have := tmod_add_tdiv a b; rwa [H, Int.zero_add] at this
+  have := tmod_add_mul_tdiv a b; rwa [H, Int.zero_add] at this
 
 theorem tdiv_mul_cancel_of_tmod_eq_zero {a b : Int} (H : a.tmod b = 0) : a.tdiv b * b = a := by
   rw [Int.mul_comm, mul_tdiv_cancel_of_tmod_eq_zero H]
@@ -2180,7 +2246,7 @@ theorem fmod_add_cancel_right {m n k : Int} (i) : (m + i).fmod n = (k + i).fmod
 
 theorem mul_fmod (a b n : Int) : (a * b).fmod n = (a.fmod n * b.fmod n).fmod n := by
   conv => lhs; rw [
-    ← fmod_add_fdiv a n, ← fmod_add_fdiv' b n, Int.add_mul, Int.mul_add, Int.mul_add,
+    ← fmod_add_mul_fdiv a n, ← fmod_add_fdiv_mul b n, Int.add_mul, Int.mul_add, Int.mul_add,
     Int.mul_assoc, Int.mul_assoc, ← Int.mul_add n _ _, add_mul_fmod_self_left,
     ← Int.mul_assoc, add_mul_fmod_self_right]
 
@@ -2189,7 +2255,7 @@ theorem mul_fmod (a b n : Int) : (a * b).fmod n = (a.fmod n * b.fmod n).fmod n :
 
 @[simp] theorem fmod_fmod_of_dvd (n : Int) {m k : Int}
     (h : m ∣ k) : (n.fmod k).fmod m = n.fmod m := by
-  conv => rhs; rw [← fmod_add_fdiv n k]
+  conv => rhs; rw [← fmod_add_mul_fdiv n k]
   match k, h with
   | _, ⟨t, rfl⟩ => rw [Int.mul_assoc, add_mul_fmod_self_left]
 
@@ -2219,7 +2285,7 @@ theorem fmod_eq_of_lt {a b : Int} (H1 : 0 ≤ a) (H2 : a < b) : a.fmod b = a :=
 -- Analogues of properties of `ediv` and `emod` from `Bootstrap.lean`
 
 theorem mul_fdiv_cancel_of_fmod_eq_zero {a b : Int} (H : a.fmod b = 0) : b * (a.fdiv b) = a := by
-  have := fmod_add_fdiv a b; rwa [H, Int.zero_add] at this
+  have := fmod_add_mul_fdiv a b; rwa [H, Int.zero_add] at this
 
 theorem fdiv_mul_cancel_of_fmod_eq_zero {a b : Int} (H : a.fmod b = 0) : (a.fdiv b) * b= a := by
   rw [Int.mul_comm, mul_fdiv_cancel_of_fmod_eq_zero H]
@@ -2461,9 +2527,9 @@ theorem bdiv_add_bmod (x : Int) (m : Nat) : m * bdiv x m + bmod x m = x := by
       ite_self]
   · dsimp only
     split
-    · exact ediv_add_emod x m
+    · exact mul_ediv_add_emod x m
     · rw [Int.mul_add, Int.mul_one, Int.add_assoc, Int.add_comm m, Int.sub_add_cancel]
-      exact ediv_add_emod x m
+      exact mul_ediv_add_emod x m
 
 theorem bmod_add_bdiv (x : Int) (m : Nat) : bmod x m + m * bdiv x m = x := by
   rw [Int.add_comm]; exact bdiv_add_bmod x m
@@ -2720,7 +2786,7 @@ theorem le_bmod {x : Int} {m : Nat} (h : 0 < m) : - (m/2) ≤ Int.bmod x m := by
     · exact Int.ne_of_gt (natCast_pos.mpr h)
   · simp [Int.not_lt] at w
     refine Int.le_trans ?_ (Int.sub_le_sub_right w _)
-    rw [← ediv_add_emod m 2]
+    rw [← mul_ediv_add_emod m 2]
     generalize (m : Int) / 2 = q
     generalize h : (m : Int) % 2 = r at *
     rcases v with rfl | rfl
@@ -2881,7 +2947,7 @@ theorem neg_bmod {a : Int} {b : Nat} :
           simp only [gt_iff_lt, Nat.zero_lt_succ, Nat.mul_pos_iff_of_pos_left, Int.natCast_mul,
             cast_ofNat_Int, Int.not_lt] at *
           rw [Int.mul_dvd_mul_iff_left (by omega)]
-          have := ediv_add_emod a (2 * c)
+          have := mul_ediv_add_emod a (2 * c)
           rw [(by omega : a % (2 * c) = c)] at this
           rw [← this]
           apply Int.dvd_add _ (by simp)

src/Init/Data/Int/Lemmas.lean

@@ -40,7 +40,7 @@ theorem ofNat_succ (n : Nat) : (succ n : Int) = n + 1 := rfl
 
 theorem neg_ofNat_zero : -((0 : Nat) : Int) = 0 := rfl
 theorem neg_ofNat_succ (n : Nat) : -(succ n : Int) = -[n+1] := rfl
-theorem neg_negSucc (n : Nat) : -(-[n+1]) = succ n := rfl
+@[simp] theorem neg_negSucc (n : Nat) : -(-[n+1]) = ((n + 1 : Nat) : Int) := rfl
 
 theorem negOfNat_eq : negOfNat n = -ofNat n := rfl
 
@@ -361,10 +361,10 @@ theorem negSucc_coe' (n : Nat) : -[n+1] = -↑n - 1 := by
 
 protected theorem subNatNat_eq_coe {m n : Nat} : subNatNat m n = ↑m - ↑n := by
   apply subNatNat_elim m n fun m n i => i = m - n
-  · intros i n
+  · intro i n
     rw [Int.natCast_add, Int.sub_eq_add_neg, Int.add_assoc, Int.add_left_comm,
       Int.add_right_neg, Int.add_zero]
-  · intros i n
+  · intro i n
     simp only [negSucc_eq, natCast_add, ofNat_one, Int.sub_eq_add_neg, Int.neg_add, ← Int.add_assoc]
     rw [Int.add_neg_eq_sub (a := n), ← ofNat_sub, Nat.sub_self, ofNat_zero, Int.zero_add]
     apply Nat.le_refl
@@ -566,6 +566,9 @@ protected theorem mul_eq_zero {a b : Int} : a * b = 0 ↔ a = 0 ∨ b = 0 := by
 protected theorem mul_ne_zero {a b : Int} (a0 : a ≠ 0) (b0 : b ≠ 0) : a * b ≠ 0 :=
   Or.rec a0 b0 ∘ Int.mul_eq_zero.mp
 
+instance {a b : Int} [NeZero a] [NeZero b] : NeZero (a * b) :=
+  ⟨Int.mul_ne_zero (NeZero.ne _) (NeZero.ne _)⟩
+
 @[simp] protected theorem mul_ne_zero_iff {a b : Int} : a * b ≠ 0 ↔ a ≠ 0 ∧ b ≠ 0 := by
   rw [ne_eq, Int.mul_eq_zero, not_or, ne_eq]
 

src/Init/Data/Int/Linear.lean

@@ -12,9 +12,12 @@ public import Init.Data.Int.Lemmas
 public import Init.Data.Int.LemmasAux
 public import Init.Data.Int.DivMod.Bootstrap
 public import Init.Data.Int.Cooper
-public import all Init.Data.Int.Gcd
+public import Init.Data.Int.Gcd
+import all Init.Data.Int.Gcd
 public import Init.Data.RArray
-public import all Init.Data.AC
+public import Init.Data.AC
+import all Init.Data.AC
+import Init.LawfulBEqTactics
 
 public section
 
@@ -37,7 +40,7 @@ inductive Expr where
   | neg (a : Expr)
   | mulL (k : Int) (a : Expr)
   | mulR (a : Expr) (k : Int)
-  deriving Inhabited, BEq
+  deriving Inhabited, @[expose] BEq
 
 @[expose]
 def Expr.denote (ctx : Context) : Expr → Int
@@ -52,7 +55,7 @@ def Expr.denote (ctx : Context) : Expr → Int
 inductive Poly where
   | num (k : Int)
   | add (k : Int) (v : Var) (p : Poly)
-  deriving BEq
+  deriving @[expose] BEq, ReflBEq, LawfulBEq
 
 @[expose]
 protected noncomputable def Poly.beq' (p₁ : Poly) : Poly → Bool :=
@@ -245,7 +248,7 @@ def cmod (a b : Int) : Int :=
 
 theorem cdiv_add_cmod (a b : Int) : b*(cdiv a b) + cmod a b = a := by
   unfold cdiv cmod
-  have := Int.ediv_add_emod (-a) b
+  have := Int.mul_ediv_add_emod (-a) b
   have := congrArg (Neg.neg) this
   simp at this
   conv => rhs; rw[← this]
@@ -270,7 +273,7 @@ private abbrev div_mul_cancel_of_mod_zero :=
 theorem cdiv_eq_div_of_divides {a b : Int} (h : a % b = 0) : a/b = cdiv a b := by
   replace h := div_mul_cancel_of_mod_zero h
   have hz : a % b = 0 := by
-    have := Int.ediv_add_emod a b
+    have := Int.mul_ediv_add_emod a b
     conv at this => rhs; rw [← Int.add_zero a]
     rw [Int.mul_comm, h] at this
     exact Int.add_left_cancel this
@@ -377,8 +380,11 @@ def Poly.mul (p : Poly) (k : Int) : Poly :=
       p₁)
     fuel
 
-@[expose] noncomputable def Poly.combine_mul_k (a b : Int) : Poly → Poly → Poly :=
-  combine_mul_k' hugeFuel a b
+@[expose] noncomputable def Poly.combine_mul_k (a b : Int) (p₁ p₂ : Poly) : Poly :=
+  Bool.rec
+    (Bool.rec (combine_mul_k' hugeFuel a b p₁ p₂) (p₁.mul_k a) (Int.beq' b 0))
+    (p₂.mul_k b)
+    (Int.beq' a 0)
 
 @[simp] theorem Poly.denote_mul (ctx : Context) (p : Poly) (k : Int) : (p.mul k).denote ctx = k * p.denote ctx := by
   simp [mul]
@@ -422,34 +428,36 @@ theorem Poly.denote_combine (ctx : Context) (p₁ p₂ : Poly) : (p₁.combine p
 
 theorem Poly.denote_combine_mul_k (ctx : Context) (a b : Int) (p₁ p₂ : Poly) : (p₁.combine_mul_k a b p₂).denote ctx = a * p₁.denote ctx + b * p₂.denote ctx := by
   unfold combine_mul_k
+  cases h₁ : Int.beq' a 0 <;> simp at h₁ <;> simp [*]
+  cases h₂ : Int.beq' b 0 <;> simp at h₂ <;> simp [*]
   generalize hugeFuel = fuel
   induction fuel generalizing p₁ p₂
   next => show ((p₁.mul a).append (p₂.mul b)).denote ctx = _; simp
   next fuel ih =>
-   cases p₁ <;> cases p₂ <;> simp [combine_mul_k']
-   next k₁ k₂ v₂ p₂ =>
-     show _ + (combine_mul_k' fuel a b (.num k₁) p₂).denote ctx = _
-     simp [ih, Int.mul_assoc]
-   next k₁ v₁ p₁ k₂ =>
-     show _ + (combine_mul_k' fuel a b p₁ (.num k₂)).denote ctx = _
-     simp [ih, Int.mul_assoc]
-   next k₁ v₁ p₁ k₂ v₂ p₂ =>
-     cases h₁ : Nat.beq v₁ v₂ <;> simp
-     next =>
-       cases h₂ : Nat.blt v₂ v₁ <;> simp
-       next =>
-         show _ + (combine_mul_k' fuel a b (add k₁ v₁ p₁) p₂).denote ctx = _
-         simp [ih, Int.mul_assoc]
-       next =>
-         show _ + (combine_mul_k' fuel a b p₁ (add k₂ v₂ p₂)).denote ctx = _
-         simp [ih, Int.mul_assoc]
-     next =>
-       simp at h₁; subst v₂
-       cases h₂ : (a * k₁ + b * k₂).beq' 0 <;> simp
-       next =>
+  cases p₁ <;> cases p₂ <;> simp [combine_mul_k']
+  next k₁ k₂ v₂ p₂ =>
+    show _ + (combine_mul_k' fuel a b (.num k₁) p₂).denote ctx = _
+    simp [ih, Int.mul_assoc]
+  next k₁ v₁ p₁ k₂ =>
+    show _ + (combine_mul_k' fuel a b p₁ (.num k₂)).denote ctx = _
+    simp [ih, Int.mul_assoc]
+  next k₁ v₁ p₁ k₂ v₂ p₂ =>
+    cases h₁ : Nat.beq v₁ v₂ <;> simp
+    next =>
+      cases h₂ : Nat.blt v₂ v₁ <;> simp
+      next =>
+        show _ + (combine_mul_k' fuel a b (add k₁ v₁ p₁) p₂).denote ctx = _
+        simp [ih, Int.mul_assoc]
+      next =>
+        show _ + (combine_mul_k' fuel a b p₁ (add k₂ v₂ p₂)).denote ctx = _
+        simp [ih, Int.mul_assoc]
+    next =>
+      simp at h₁; subst v₂
+      cases h₂ : (a * k₁ + b * k₂).beq' 0 <;> simp
+      next =>
         show a * k₁ * v₁.denote ctx + (b * k₂ * v₁.denote ctx + (combine_mul_k' fuel a b p₁ p₂).denote ctx) = _
         simp [ih, Int.mul_assoc]
-       next =>
+      next =>
         simp at h₂
         show (combine_mul_k' fuel a b p₁ p₂).denote ctx = _
         simp [ih, ← Int.mul_assoc, ← Int.add_mul, h₂]
@@ -518,18 +526,6 @@ theorem Expr.denote_norm (ctx : Context) (e : Expr) : e.norm.denote ctx = e.deno
   simp [norm, toPoly', Expr.denote_toPoly'_go]
 
 attribute [local simp] Expr.denote_norm
-
-instance : LawfulBEq Poly where
-  eq_of_beq {a} := by
-    induction a <;> intro b <;> cases b <;> simp_all! [BEq.beq]
-    next ih =>
-      intro _ _ h
-      exact ih h
-  rfl := by
-    intro a
-    induction a <;> simp! [BEq.beq]
-    assumption
-
 attribute [local simp] Poly.denote'_eq_denote
 
 theorem Expr.eq_of_norm_eq (ctx : Context) (e : Expr) (p : Poly) (h : e.norm.beq' p) : e.denote ctx = p.denote' ctx := by
@@ -1280,7 +1276,7 @@ noncomputable def diseq_eq_subst_cert (x : Var) (p₁ : Poly) (p₂ : Poly) (p
 theorem eq_diseq_subst (ctx : Context) (x : Var) (p₁ : Poly) (p₂ : Poly) (p₃ : Poly)
     : diseq_eq_subst_cert x p₁ p₂ p₃ → p₁.denote' ctx = 0 → p₂.denote' ctx ≠ 0 → p₃.denote' ctx ≠ 0 := by
   simp [diseq_eq_subst_cert]
-  intros _ _; subst p₃
+  intro _ _; subst p₃
   intro h₁ h₂
   simp [*]
 
@@ -1751,7 +1747,7 @@ theorem cooper_right_split_dvd (ctx : Context) (p₁ p₂ : Poly) (k : Nat) (b :
   intros; subst b p'; simp; assumption
 
 private theorem one_emod_eq_one {a : Int} (h : a > 1) : 1 % a = 1 := by
-  have aux₁ := Int.ediv_add_emod 1 a
+  have aux₁ := Int.mul_ediv_add_emod 1 a
   have : 1 / a = 0 := Int.ediv_eq_zero_of_lt (by decide) h
   simp [this] at aux₁
   assumption
@@ -1778,7 +1774,7 @@ private theorem ex_of_dvd {α β a b d x : Int}
     rw [Int.mul_emod, aux₁, Int.one_mul, Int.emod_emod] at this
     assumption
   have : x = (x / d)*d + (- α * b) % d := by
-    conv => lhs; rw [← Int.ediv_add_emod x d]
+    conv => lhs; rw [← Int.mul_ediv_add_emod x d]
     rw [Int.mul_comm, this]
   exists x / d
 
@@ -1861,7 +1857,7 @@ theorem cooper_unsat (ctx : Context) (p₁ p₂ p₃ : Poly) (d : Int) (α β :
   exact cooper_unsat' h₁ h₂ h₃ h₄ h₅ h₆
 
 theorem ediv_emod (x y : Int) : -1 * x + y * (x / y) + x % y = 0 := by
-  rw [Int.add_assoc, Int.ediv_add_emod x y, Int.add_comm]
+  rw [Int.add_assoc, Int.mul_ediv_add_emod x y, Int.add_comm]
   simp
   rw [Int.add_neg_eq_sub, Int.sub_self]
 
@@ -2121,6 +2117,84 @@ theorem not_le_of_le (ctx : Context) (p₁ p₂ : Poly) : not_le_of_le_cert p₁
   have := not_le_of_le' ctx p₁ p₂ h 0 h₁; simp at this
   simp [*]
 
+theorem natCast_sub (x y : Nat)
+    : (NatCast.natCast (x - y) : Int)
+      =
+      if (NatCast.natCast y : Int) + (-1)*NatCast.natCast x ≤ 0 then
+        (NatCast.natCast x : Int) + -1*NatCast.natCast y
+      else
+        (0 : Int) := by
+  change (↑(x - y) : Int) = if (↑y : Int) + (-1)*↑x ≤ 0 then (↑x : Int) + (-1)*↑y else 0
+  rw [Int.neg_mul, ← Int.sub_eq_add_neg, Int.one_mul]
+  rw [Int.neg_mul, ← Int.sub_eq_add_neg, Int.one_mul]
+  split
+  next h =>
+    replace h := Int.le_of_sub_nonpos h
+    rw [Int.ofNat_le] at h
+    rw [Int.ofNat_sub h]
+  next h =>
+    have : ¬ (↑y : Int) ≤ ↑x := by
+      intro h
+      replace h := Int.sub_nonpos_of_le h
+      contradiction
+    rw [Int.ofNat_le] at this
+    rw [Lean.Omega.Int.ofNat_sub_eq_zero this]
+
+/-! Helper theorem for linearizing nonlinear terms -/
+
+@[expose] noncomputable def var_eq_cert (x : Var) (k : Int) (p : Poly) : Bool :=
+  Poly.rec (fun _ => false)
+    (fun k₁ x' p' _ => Poly.rec (fun k₂ => k₁ != 0 && x == x' && k == -k₂/k₁) (fun _ _ _ _ => false) p')
+    p
+
+theorem var_eq (ctx : Context) (x : Var) (k : Int) (p : Poly) : var_eq_cert x k p → p.denote' ctx = 0 → x.denote ctx = k := by
+  simp [var_eq_cert]; cases p <;> simp; next k₁ x' p' =>
+  cases p' <;> simp; next k₂ =>
+  intro h₁ _ _; subst x' k; intro h₂
+  replace h₂ := Int.neg_eq_of_add_eq_zero h₂
+  rw [Int.neg_eq_comm] at h₂
+  rw [← h₂]; clear h₂; simp; rw [Int.mul_comm, Int.mul_ediv_cancel]
+  assumption
+
+@[expose] noncomputable def of_var_eq_mul_cert (x : Var) (k : Int) (y : Var) (p : Poly) : Bool :=
+  p.beq' (.add 1 x (.add (-k) y (.num 0)))
+
+theorem of_var_eq_mul (ctx : Context) (x : Var) (k : Int) (y : Var) (p : Poly) : of_var_eq_mul_cert x k y p → x.denote ctx = k * y.denote ctx → p.denote' ctx = 0 := by
+  simp [of_var_eq_mul_cert]; intro _ h; subst p; simp [h]
+  rw [Int.neg_mul, ← Int.sub_eq_add_neg, Int.sub_self]
+
+@[expose] noncomputable def of_var_eq_var_cert (x : Var) (y : Var) (p : Poly) : Bool :=
+  p.beq' (.add 1 x (.add (-1) y (.num 0)))
+
+theorem of_var_eq_var (ctx : Context) (x : Var) (y : Var) (p : Poly) : of_var_eq_var_cert x y p → x.denote ctx = y.denote ctx → p.denote' ctx = 0 := by
+  simp [of_var_eq_var_cert]; intro _ h; subst p; simp [h]
+  rw [← Int.sub_eq_add_neg, Int.sub_self]
+
+@[expose] noncomputable def of_var_eq_cert (x : Var) (k : Int) (p : Poly) : Bool :=
+  p.beq' (.add 1 x (.num (-k)))
+
+theorem of_var_eq (ctx : Context) (x : Var) (k : Int) (p : Poly) : of_var_eq_cert x k p → x.denote ctx = k → p.denote' ctx = 0 := by
+  simp [of_var_eq_cert]; intro _ h; subst p; simp [h]
+  rw [← Int.sub_eq_add_neg, Int.sub_self]
+
+theorem eq_one_mul (a : Int) : a = 1*a := by simp
+theorem mul_eq_kk (a b k₁ k₂ k : Int) (h₁ : a = k₁) (h₂ : b = k₂) (h₃ : k₁*k₂ == k) : a*b = k := by simp_all
+theorem mul_eq_kkx (a b k₁ k₂ c k : Int) (h₁ : a = k₁) (h₂ : b = k₂*c) (h₃ : k₁*k₂ == k) : a*b = k*c := by
+  simp at h₃; rw [h₁, h₂, ← Int.mul_assoc, h₃]
+theorem mul_eq_kxk (a b k₁ c k₂ k : Int) (h₁ : a = k₁*c) (h₂ : b = k₂) (h₃ : k₁*k₂ == k) : a*b = k*c := by
+  simp at h₃; rw [h₁, h₂, Int.mul_comm, ← Int.mul_assoc, Int.mul_comm k₂, h₃]
+theorem mul_eq_zero_left (a b : Int) (h : a = 0) : a*b = 0 := by simp [*]
+theorem mul_eq_zero_right (a b : Int) (h : b = 0) : a*b = 0 := by simp [*]
+
+theorem div_eq (a b k : Int) (h : b = k) : a / b = a / k := by simp [*]
+theorem mod_eq (a b k : Int) (h : b = k) : a % b = a % k := by simp [*]
+
+theorem div_eq' (a b b' k : Int) (h₁ : b = b') (h₂ : k == a/b') : a / b = k := by simp_all
+theorem mod_eq' (a b b' k : Int) (h₁ : b = b') (h₂ : k == a%b') : a % b = k := by simp_all
+
+theorem pow_eq (a : Int) (b : Nat) (a' b' k : Int) (h₁ : a = a') (h₂ : ↑b = b') (h₃ : k == a'^b'.toNat) : a^b = k := by
+  simp [← h₁, ← h₂] at h₃; simp [h₃]
+
 end Int.Linear
 
 theorem Int.not_le_eq (a b : Int) : (¬a ≤ b) = (b + 1 ≤ a) := by

src/Init/Data/Int/Order.lean

@@ -701,10 +701,13 @@ theorem toNat_sub_toNat_neg : ∀ n : Int, ↑n.toNat - ↑(-n).toNat = n
   | (_+1:Nat) => Nat.add_zero _
   | -[_+1] => Nat.zero_add _
 
-@[simp] theorem toNat_neg_nat : ∀ n : Nat, (-(n : Int)).toNat = 0
+@[simp] theorem toNat_neg_natCast : ∀ n : Nat, (-(n : Int)).toNat = 0
   | 0 => rfl
   | _+1 => rfl
 
+@[deprecated toNat_neg_natCast (since := "2025-08-29")]
+theorem toNat_neg_nat : ∀ n : Nat, (-(n : Int)).toNat = 0 := toNat_neg_natCast
+
 /-! ### toNat? -/
 
 theorem mem_toNat? : ∀ {a : Int} {n : Nat}, toNat? a = some n ↔ a = n

src/Init/Data/Int/Pow.lean

@@ -21,6 +21,11 @@ protected theorem pow_succ (b : Int) (e : Nat) : b ^ (e+1) = (b ^ e) * b := rfl
 protected theorem pow_succ' (b : Int) (e : Nat) : b ^ (e+1) = b * (b ^ e) := by
   rw [Int.mul_comm, Int.pow_succ]
 
+protected theorem pow_add (a : Int) (m n : Nat) : a ^ (m + n) = a ^ m * a ^ n := by
+  induction n with
+  | zero => rw [Nat.add_zero, Int.pow_zero, Int.mul_one]
+  | succ _ ih => rw [Nat.add_succ, Int.pow_succ, Int.pow_succ, ih, Int.mul_assoc]
+
 protected theorem zero_pow {n : Nat} (h : n ≠ 0) : (0 : Int) ^ n = 0 := by
   match n, h with
   | n + 1, _ => simp [Int.pow_succ]
@@ -43,6 +48,8 @@ protected theorem pow_ne_zero {n : Int} {m : Nat} : n ≠ 0 → n ^ m ≠ 0 := b
   | zero => simp
   | succ m ih => exact fun h => Int.mul_ne_zero (ih h) h
 
+instance {n : Int} {m : Nat} [NeZero n] : NeZero (n ^ m) := ⟨Int.pow_ne_zero (NeZero.ne _)⟩
+
 @[deprecated Nat.pow_le_pow_left (since := "2025-02-17")]
 abbrev pow_le_pow_of_le_left := @Nat.pow_le_pow_left
 

src/Init/Data/Iterators/Combinators/Monadic/ULift.lean

@@ -19,6 +19,7 @@ universe v u v' u'
 section ULiftT
 
 /-- `ULiftT.{v, u}` shrinks a monad on `Type max u v` to a monad on `Type u`. -/
+@[expose]  -- for codegen
 def ULiftT (n : Type max u v → Type v') (α : Type u) := n (ULift.{v} α)
 
 /-- Returns the underlying `n`-monadic representation of a `ULiftT n α` value. -/

src/Init/Data/Iterators/Consumers/Loop.lean

@@ -139,7 +139,7 @@ def Iter.Partial.fold {α : Type w} {β : Type w} {γ : Type x} [Iterator α Id
     (init : γ) (it : Iter.Partial (α := α) β) : γ :=
   ForIn.forIn (m := Id) it init (fun x acc => ForInStep.yield (f acc x))
 
-@[always_inline, inline, inherit_doc IterM.size]
+@[always_inline, inline, expose, inherit_doc IterM.size]
 def Iter.size {α : Type w} {β : Type w} [Iterator α Id β] [IteratorSize α Id]
     (it : Iter (α := α) β) : Nat :=
   (IteratorSize.size it.toIterM).run.down

src/Init/Data/Iterators/Lemmas/Combinators/Attach.lean

@@ -6,8 +6,10 @@ Authors: Paul Reichert
 module
 
 prelude
-public import all Init.Data.Iterators.Combinators.Attach
-public import all Init.Data.Iterators.Combinators.Monadic.Attach
+public import Init.Data.Iterators.Combinators.Attach
+import all Init.Data.Iterators.Combinators.Attach
+public import Init.Data.Iterators.Combinators.Monadic.Attach
+import all Init.Data.Iterators.Combinators.Monadic.Attach
 public import Init.Data.Iterators.Lemmas.Combinators.Monadic.Attach
 public import Init.Data.Iterators.Lemmas.Consumers.Collect
 public import Init.Data.Array.Attach

src/Init/Data/Iterators/Lemmas/Combinators/Monadic/Attach.lean

@@ -6,7 +6,8 @@ Authors: Paul Reichert
 module
 
 prelude
-public import all Init.Data.Iterators.Combinators.Monadic.Attach
+public import Init.Data.Iterators.Combinators.Monadic.Attach
+import all Init.Data.Iterators.Combinators.Monadic.Attach
 public import Init.Data.Iterators.Lemmas.Consumers.Monadic.Collect
 
 public section
@@ -56,6 +57,6 @@ theorem IterM.map_unattach_toArray_attachWith [Iterator α m β] [Monad m] [Mona
     [LawfulMonad m] [LawfulIteratorCollect α m m] :
     (·.map Subtype.val) <$> (it.attachWith P hP).toArray = it.toArray := by
   rw [← toArray_toList, ← toArray_toList, ← map_unattach_toList_attachWith (it := it) (hP := hP)]
-  simp [-map_unattach_toList_attachWith]
+  simp [-map_unattach_toList_attachWith, -IterM.toArray_toList]
 
 end Std.Iterators

src/Init/Data/Iterators/Lemmas/Combinators/Monadic/FilterMap.lean

@@ -9,7 +9,8 @@ prelude
 public import Init.Data.Iterators.Internal.LawfulMonadLiftFunction
 public import Init.Data.Iterators.Combinators.Monadic.FilterMap
 public import Init.Data.Iterators.Lemmas.Consumers.Monadic
-public import all Init.Data.Iterators.Consumers.Monadic.Collect
+public import Init.Data.Iterators.Consumers.Monadic.Collect
+import all Init.Data.Iterators.Consumers.Monadic.Collect
 
 public section
 

src/Init/Data/Iterators/Lemmas/Combinators/Monadic/ULift.lean

@@ -6,7 +6,8 @@ Authors: Paul Reichert
 module
 
 prelude
-public import all Init.Data.Iterators.Combinators.Monadic.ULift
+public import Init.Data.Iterators.Combinators.Monadic.ULift
+import all Init.Data.Iterators.Combinators.Monadic.ULift
 public import Init.Data.Iterators.Lemmas.Consumers.Monadic.Collect
 
 public section

src/Init/Data/Iterators/Lemmas/Combinators/ULift.lean

@@ -6,7 +6,8 @@ Authors: Paul Reichert
 module
 
 prelude
-public import all Init.Data.Iterators.Combinators.ULift
+public import Init.Data.Iterators.Combinators.ULift
+import all Init.Data.Iterators.Combinators.ULift
 public import Init.Data.Iterators.Lemmas.Combinators.Monadic.ULift
 public import Init.Data.Iterators.Lemmas.Consumers.Collect
 
@@ -52,6 +53,6 @@ theorem Iter.toArray_uLift [Iterator α Id β] {it : Iter (α := α) β}
     [LawfulIteratorCollect α Id Id] :
     it.uLift.toArray = it.toArray.map ULift.up := by
   rw [← toArray_toList, ← toArray_toList, toList_uLift]
-  simp
+  simp [-toArray_toList]
 
 end Std.Iterators

src/Init/Data/Iterators/Lemmas/Consumers/Collect.lean

@@ -8,8 +8,10 @@ module
 prelude
 public import Init.Data.Iterators.Lemmas.Basic
 public import Init.Data.Iterators.Lemmas.Consumers.Monadic.Collect
-public import all Init.Data.Iterators.Consumers.Access
-public import all Init.Data.Iterators.Consumers.Collect
+public import Init.Data.Iterators.Consumers.Access
+import all Init.Data.Iterators.Consumers.Access
+public import Init.Data.Iterators.Consumers.Collect
+import all Init.Data.Iterators.Consumers.Collect
 
 public section
 
@@ -42,11 +44,13 @@ theorem IterM.toListRev_toIter {α β} [Iterator α Id β] [Finite α Id]
     it.toIter.toListRev = it.toListRev.run :=
   (rfl)
 
+@[simp]
 theorem Iter.toList_toArray {α β} [Iterator α Id β] [Finite α Id] [IteratorCollect α Id Id]
     [LawfulIteratorCollect α Id Id] {it : Iter (α := α) β} :
     it.toArray.toList = it.toList := by
   simp [toArray_eq_toArray_toIterM, toList_eq_toList_toIterM, ← IterM.toList_toArray]
 
+@[simp]
 theorem Iter.toArray_toList {α β} [Iterator α Id β] [Finite α Id] [IteratorCollect α Id Id]
     [LawfulIteratorCollect α Id Id] {it : Iter (α := α) β} :
     it.toList.toArray = it.toArray := by

src/Init/Data/Iterators/Lemmas/Consumers/Loop.lean

@@ -8,9 +8,13 @@ module
 prelude
 public import Init.Control.Lawful.MonadLift.Instances
 public import Init.Data.Iterators.Lemmas.Consumers.Collect
-public import all Init.Data.Iterators.Lemmas.Consumers.Monadic.Loop
-public import all Init.Data.Iterators.Consumers.Loop
-public import all Init.Data.Iterators.Consumers.Monadic.Collect
+public import Init.Data.Iterators.Lemmas.Consumers.Monadic.Loop
+import all Init.Data.Iterators.Lemmas.Consumers.Monadic.Loop
+public import Init.Data.Iterators.Consumers.Loop
+import all Init.Data.Iterators.Consumers.Loop
+public import Init.Data.Iterators.Consumers.Monadic.Collect
+import all Init.Data.Iterators.Consumers.Monadic.Collect
+import Init.Data.Array.Monadic
 
 public section
 
@@ -40,6 +44,20 @@ theorem Iter.forIn_eq {α β : Type w} [Iterator α Id β] [Finite α Id]
             f out acc) := by
   simp [ForIn.forIn, forIn'_eq, -forIn'_eq_forIn]
 
+@[congr] theorem Iter.forIn'_congr {α β : Type w}
+    [Iterator α Id β] [Finite α Id] [IteratorLoop α Id Id]
+    {ita itb : Iter (α := α) β} (w : ita = itb)
+    {b b' : γ} (hb : b = b')
+    {f : (a' : β) → _ → γ → Id (ForInStep γ)}
+    {g : (a' : β) → _ → γ → Id (ForInStep γ)}
+    (h : ∀ a m b, f a (by simpa [w] using m) b = g a m b) :
+    letI : ForIn' Id (Iter (α := α) β) β _ := Iter.instForIn'
+    forIn' ita b f = forIn' itb b' g := by
+  subst_eqs
+  simp only [← funext_iff] at h
+  rw [← h]
+  rfl
+
 theorem Iter.forIn'_eq_forIn'_toIterM {α β : Type w} [Iterator α Id β]
     [Finite α Id] {m : Type w → Type w''} [Monad m] [LawfulMonad m]
     [IteratorLoop α Id m] [LawfulIteratorLoop α Id m]
@@ -185,6 +203,13 @@ theorem Iter.mem_toList_iff_isPlausibleIndirectOutput {α β} [Iterator α Id β
         obtain ⟨step, h₁, rfl⟩ := h₁
         simp [heq, IterStep.successor] at h₁
 
+theorem Iter.mem_toArray_iff_isPlausibleIndirectOutput {α β} [Iterator α Id β]
+    [IteratorCollect α Id Id] [Finite α Id]
+    [LawfulIteratorCollect α Id Id] [LawfulDeterministicIterator α Id]
+    {it : Iter (α := α) β} {out : β} :
+    out ∈ it.toArray ↔ it.IsPlausibleIndirectOutput out := by
+  rw [← Iter.toArray_toList, List.mem_toArray, mem_toList_iff_isPlausibleIndirectOutput]
+
 theorem Iter.forIn'_toList {α β : Type w} [Iterator α Id β]
     [Finite α Id] {m : Type x → Type x'} [Monad m] [LawfulMonad m]
     [IteratorLoop α Id m] [LawfulIteratorLoop α Id m]
@@ -219,6 +244,17 @@ theorem Iter.forIn'_toList {α β : Type w} [Iterator α Id β]
     simp only [ihs h (f := fun out h acc => f out (this ▸ h) acc)]
   · simp
 
+theorem Iter.forIn'_toArray {α β : Type w} [Iterator α Id β]
+    [Finite α Id] {m : Type x → Type x'} [Monad m] [LawfulMonad m]
+    [IteratorLoop α Id m] [LawfulIteratorLoop α Id m]
+    [IteratorCollect α Id Id] [LawfulIteratorCollect α Id Id]
+    [LawfulDeterministicIterator α Id]
+    {γ : Type x} {it : Iter (α := α) β} {init : γ}
+    {f : (out : β) → _ → γ → m (ForInStep γ)} :
+    letI : ForIn' m (Iter (α := α) β) β _ := Iter.instForIn'
+    ForIn'.forIn' it.toArray init f = ForIn'.forIn' it init (fun out h acc => f out (Iter.mem_toArray_iff_isPlausibleIndirectOutput.mpr h) acc) := by
+  simp only [← Iter.toArray_toList (it := it), List.forIn'_toArray, Iter.forIn'_toList]
+
 theorem Iter.forIn'_eq_forIn'_toList {α β : Type w} [Iterator α Id β]
     [Finite α Id] {m : Type x → Type x'} [Monad m] [LawfulMonad m]
     [IteratorLoop α Id m] [LawfulIteratorLoop α Id m]
@@ -231,6 +267,18 @@ theorem Iter.forIn'_eq_forIn'_toList {α β : Type w} [Iterator α Id β]
   simp only [forIn'_toList]
   congr
 
+theorem Iter.forIn'_eq_forIn'_toArray {α β : Type w} [Iterator α Id β]
+    [Finite α Id] {m : Type x → Type x'} [Monad m] [LawfulMonad m]
+    [IteratorLoop α Id m] [LawfulIteratorLoop α Id m]
+    [IteratorCollect α Id Id] [LawfulIteratorCollect α Id Id]
+    [LawfulDeterministicIterator α Id]
+    {γ : Type x} {it : Iter (α := α) β} {init : γ}
+    {f : (out : β) → _ → γ → m (ForInStep γ)} :
+    letI : ForIn' m (Iter (α := α) β) β _ := Iter.instForIn'
+    ForIn'.forIn' it init f = ForIn'.forIn' it.toArray init (fun out h acc => f out (Iter.mem_toArray_iff_isPlausibleIndirectOutput.mp h) acc) := by
+  simp only [forIn'_toArray]
+  congr
+
 theorem Iter.forIn_toList {α β : Type w} [Iterator α Id β]
     [Finite α Id] {m : Type x → Type x'} [Monad m] [LawfulMonad m]
     [IteratorLoop α Id m] [LawfulIteratorLoop α Id m]
@@ -257,6 +305,15 @@ theorem Iter.forIn_toList {α β : Type w} [Iterator α Id β]
     rw [ihs h]
   · simp
 
+theorem Iter.forIn_toArray {α β : Type w} [Iterator α Id β]
+    [Finite α Id] {m : Type x → Type x'} [Monad m] [LawfulMonad m]
+    [IteratorLoop α Id m] [LawfulIteratorLoop α Id m]
+    [IteratorCollect α Id Id] [LawfulIteratorCollect α Id Id]
+    {γ : Type x} {it : Iter (α := α) β} {init : γ}
+    {f : β → γ → m (ForInStep γ)} :
+    ForIn.forIn it.toArray init f = ForIn.forIn it init f := by
+  simp only [← Iter.toArray_toList, List.forIn_toArray, forIn_toList]
+
 theorem Iter.foldM_eq_forIn {α β : Type w} {γ : Type x} [Iterator α Id β] [Finite α Id]
     {m : Type x → Type x'} [Monad m] [IteratorLoop α Id m] {f : γ → β → m γ}
     {init : γ} {it : Iter (α := α) β} :
@@ -298,6 +355,14 @@ theorem Iter.foldlM_toList {α β : Type w} {γ : Type x} [Iterator α Id β] [F
   rw [Iter.foldM_eq_forIn, ← Iter.forIn_toList]
   simp only [List.forIn_yield_eq_foldlM, id_map']
 
+theorem Iter.foldlM_toArray {α β : Type w} {γ : Type x} [Iterator α Id β] [Finite α Id]
+    {m : Type x → Type x'} [Monad m] [LawfulMonad m] [IteratorLoop α Id m]
+    [LawfulIteratorLoop α Id m] [IteratorCollect α Id Id] [LawfulIteratorCollect α Id Id]
+    {f : γ → β → m γ} {init : γ} {it : Iter (α := α) β} :
+    it.toArray.foldlM (init := init) f = it.foldM (init := init) f := by
+  rw [Iter.foldM_eq_forIn, ← Iter.forIn_toArray]
+  simp only [Array.forIn_yield_eq_foldlM, id_map']
+
 theorem IterM.forIn_eq_foldM {α β : Type w} [Iterator α Id β]
     [Finite α Id] {m : Type x → Type x'} [Monad m] [LawfulMonad m]
     [IteratorLoop α Id m] [LawfulIteratorLoop α Id m]
@@ -321,6 +386,12 @@ theorem Iter.fold_eq_foldM {α β : Type w} {γ : Type x} [Iterator α Id β]
     it.fold (init := init) f = (it.foldM (m := Id) (init := init) (pure <| f · ·)).run := by
   simp [foldM_eq_forIn, fold_eq_forIn]
 
+theorem Iter.fold_eq_fold_toIterM {α β : Type w} {γ : Type w} [Iterator α Id β]
+    [Finite α Id] [IteratorLoop α Id Id] [LawfulIteratorLoop α Id Id]
+    {f : γ → β → γ} {init : γ} {it : Iter (α := α) β} :
+    it.fold (init := init) f = (it.toIterM.fold (init := init) f).run := by
+  rw [fold_eq_foldM, foldM_eq_foldM_toIterM, IterM.fold_eq_foldM]
+
 @[simp]
 theorem Iter.forIn_pure_yield_eq_fold {α β : Type w} {γ : Type x} [Iterator α Id β]
     [Finite α Id] [IteratorLoop α Id Id] [LawfulIteratorLoop α Id Id] {f : β → γ → γ} {init : γ}
@@ -341,6 +412,38 @@ theorem Iter.fold_eq_match_step {α β : Type w} {γ : Type x} [Iterator α Id
   generalize it.step = step
   cases step using PlausibleIterStep.casesOn <;> simp
 
+-- The argument `f : γ₁ → γ₂` is intentionally explicit, as it is sometimes not found by unification.
+theorem Iter.fold_hom [Iterator α Id β] [Finite α Id]
+    [IteratorLoop α Id Id] [LawfulIteratorLoop α Id Id]
+    {it : Iter (α := α) β}
+    (f : γ₁ → γ₂) {g₁ : γ₁ → β → γ₁} {g₂ : γ₂ → β → γ₂} {init : γ₁}
+    (H : ∀ x y, g₂ (f x) y = f (g₁ x y)) :
+    it.fold g₂ (f init) = f (it.fold g₁ init) := by
+  -- We cannot reduce to `IterM.fold_hom` because `IterM.fold` is necessarily more restrictive
+  -- w.r.t. the universe of the output.
+  induction it using Iter.inductSteps generalizing init with | step it ihy ihs =>
+  rw [fold_eq_match_step, fold_eq_match_step]
+  split
+  · rw [H, ihy ‹_›]
+  · rw [ihs ‹_›]
+  · simp
+
+theorem Iter.toList_eq_fold {α β : Type w} [Iterator α Id β]
+    [Finite α Id] [IteratorLoop α Id Id] [LawfulIteratorLoop α Id Id]
+    [IteratorCollect α Id Id] [LawfulIteratorCollect α Id Id]
+    {it : Iter (α := α) β} :
+    it.toList = it.fold (init := []) (fun l out => l ++ [out]) := by
+  rw [Iter.toList_eq_toList_toIterM, IterM.toList_eq_fold, Iter.fold_eq_fold_toIterM]
+
+theorem Iter.toArray_eq_fold {α β : Type w} [Iterator α Id β]
+    [Finite α Id] [IteratorLoop α Id Id] [LawfulIteratorLoop α Id Id]
+    [IteratorCollect α Id Id] [LawfulIteratorCollect α Id Id]
+    {it : Iter (α := α) β} :
+    it.toArray = it.fold (init := #[]) (fun xs out => xs.push out) := by
+  simp only [← toArray_toList, toList_eq_fold]
+  rw [← fold_hom (List.toArray)]
+  simp
+
 @[simp]
 theorem Iter.foldl_toList {α β : Type w} {γ : Type x} [Iterator α Id β] [Finite α Id]
     [IteratorLoop α Id Id] [LawfulIteratorLoop α Id Id]
@@ -349,6 +452,14 @@ theorem Iter.foldl_toList {α β : Type w} {γ : Type x} [Iterator α Id β] [Fi
     it.toList.foldl (init := init) f = it.fold (init := init) f := by
   rw [fold_eq_foldM, List.foldl_eq_foldlM, ← Iter.foldlM_toList]
 
+@[simp]
+theorem Iter.foldl_toArray {α β : Type w} {γ : Type x} [Iterator α Id β] [Finite α Id]
+    [IteratorLoop α Id Id] [LawfulIteratorLoop α Id Id]
+    [IteratorCollect α Id Id] [LawfulIteratorCollect α Id Id]
+    {f : γ → β → γ} {init : γ} {it : Iter (α := α) β} :
+    it.toArray.foldl (init := init) f = it.fold (init := init) f := by
+  rw [fold_eq_foldM, Array.foldl_eq_foldlM, ← Iter.foldlM_toArray]
+
 @[simp]
 theorem Iter.size_toArray_eq_size {α β : Type w} [Iterator α Id β] [Finite α Id]
     [IteratorCollect α Id Id] [LawfulIteratorCollect α Id Id]

src/Init/Data/Iterators/Lemmas/Consumers/Monadic/Collect.lean

@@ -8,7 +8,8 @@ module
 prelude
 public import Init.Data.Array.Lemmas
 public import Init.Data.Iterators.Lemmas.Monadic.Basic
-public import all Init.Data.Iterators.Consumers.Monadic.Collect
+public import Init.Data.Iterators.Consumers.Monadic.Collect
+import all Init.Data.Iterators.Consumers.Monadic.Collect
 
 public section
 
@@ -66,15 +67,17 @@ theorem IterM.toArray_eq_match_step [Monad m] [LawfulMonad m] [Iterator α m β]
   rw [IterM.DefaultConsumers.toArrayMapped_eq_match_step]
   simp [bind_pure_comp, pure_bind]
 
+@[simp]
 theorem IterM.toList_toArray [Monad m] [Iterator α m β] [Finite α m] [IteratorCollect α m m]
     {it : IterM (α := α) m β} :
     Array.toList <$> it.toArray = it.toList := by
   simp [IterM.toList]
 
+@[simp]
 theorem IterM.toArray_toList [Monad m] [LawfulMonad m] [Iterator α m β] [Finite α m]
     [IteratorCollect α m m] {it : IterM (α := α) m β} :
     List.toArray <$> it.toList = it.toArray := by
-  simp [IterM.toList]
+  simp [IterM.toList, -toList_toArray]
 
 theorem IterM.toList_eq_match_step [Monad m] [LawfulMonad m] [Iterator α m β] [Finite α m]
     [IteratorCollect α m m] [LawfulIteratorCollect α m m] {it : IterM (α := α) m β} :
@@ -152,6 +155,6 @@ theorem LawfulIteratorCollect.toList_eq {α β : Type w} {m : Type w → Type w'
     [hl : LawfulIteratorCollect α m m]
     {it : IterM (α := α) m β} :
     it.toList = (letI : IteratorCollect α m m := .defaultImplementation; it.toList) := by
-  simp [IterM.toList, toArray_eq]
+  simp [IterM.toList, toArray_eq, -IterM.toList_toArray]
 
 end Std.Iterators

src/Init/Data/Iterators/Lemmas/Consumers/Monadic/Loop.lean

@@ -7,7 +7,8 @@ module
 
 prelude
 public import Init.Data.Iterators.Lemmas.Consumers.Monadic.Collect
-public import all Init.Data.Iterators.Consumers.Monadic.Loop
+public import Init.Data.Iterators.Consumers.Monadic.Loop
+import all Init.Data.Iterators.Consumers.Monadic.Loop
 
 public section
 
@@ -59,6 +60,20 @@ theorem IterM.forIn_eq {α β : Type w} {m : Type w → Type w'} [Iterator α m
         IteratorLoop.wellFounded_of_finite it init _ (fun _ => id) (fun out _ acc => (⟨·, .intro⟩) <$> f out acc) := by
   simp only [ForIn.forIn, forIn'_eq]
 
+@[congr] theorem IterM.forIn'_congr {α β : Type w} {m : Type w → Type w'} [Monad m]
+    [Iterator α m β] [Finite α m] [IteratorLoop α m m]
+    {ita itb : IterM (α := α) m β} (w : ita = itb)
+    {b b' : γ} (hb : b = b')
+    {f : (a' : β) → _ → γ → m (ForInStep γ)}
+    {g : (a' : β) → _ → γ → m (ForInStep γ)}
+    (h : ∀ a m b, f a (by simpa [w] using m) b = g a m b) :
+    letI : ForIn' m (IterM (α := α) m β) β _ := IterM.instForIn'
+    forIn' ita b f = forIn' itb b' g := by
+  subst_eqs
+  simp only [← funext_iff] at h
+  rw [← h]
+  rfl
+
 theorem IterM.forIn'_eq_match_step {α β : Type w} {m : Type w → Type w'} [Iterator α m β]
     [Finite α m] {n : Type w → Type w''} [Monad m] [Monad n] [LawfulMonad n]
     [IteratorLoop α m n] [LawfulIteratorLoop α m n]
@@ -199,6 +214,23 @@ theorem IterM.fold_eq_match_step {α β γ : Type w} {m : Type w → Type w'} [I
   intro step
   cases step using PlausibleIterStep.casesOn <;> simp
 
+-- The argument `f : γ₁ → γ₂` is intentionally explicit, as it is sometimes not found by unification.
+theorem IterM.fold_hom {m : Type w → Type w'} [Iterator α m β] [Finite α m]
+    [Monad m] [LawfulMonad m] [IteratorLoop α m m] [LawfulIteratorLoop α m m]
+    {it : IterM (α := α) m β}
+    (f : γ₁ → γ₂) {g₁ : γ₁ → β → γ₁} {g₂ : γ₂ → β → γ₂} {init : γ₁}
+    (H : ∀ x y, g₂ (f x) y = f (g₁ x y)) :
+    it.fold g₂ (f init) = f <$> (it.fold g₁ init) := by
+  induction it using IterM.inductSteps generalizing init with | step it ihy ihs =>
+  rw [fold_eq_match_step, fold_eq_match_step, map_eq_pure_bind, bind_assoc]
+  apply bind_congr
+  intro step
+  rw [bind_pure_comp]
+  split
+  · rw [H, ihy ‹_›]
+  · rw [ihs ‹_›]
+  · simp
+
 theorem IterM.toList_eq_fold {α β : Type w} {m : Type w → Type w'} [Iterator α m β]
     [Finite α m] [Monad m] [LawfulMonad m] [IteratorLoop α m m] [LawfulIteratorLoop α m m]
     [IteratorCollect α m m] [LawfulIteratorCollect α m m]
@@ -222,6 +254,15 @@ theorem IterM.toList_eq_fold {α β : Type w} {m : Type w → Type w'} [Iterator
     simp [ihs h]
   · simp
 
+theorem IterM.toArray_eq_fold {α β : Type w} {m : Type w → Type w'} [Iterator α m β]
+    [Finite α m] [Monad m] [LawfulMonad m] [IteratorLoop α m m] [LawfulIteratorLoop α m m]
+    [IteratorCollect α m m] [LawfulIteratorCollect α m m]
+    {it : IterM (α := α) m β} :
+    it.toArray = it.fold (init := #[]) (fun xs out => xs.push out) := by
+  simp only [← toArray_toList, toList_eq_fold]
+  rw [← fold_hom]
+  simp
+
 theorem IterM.drain_eq_fold {α β : Type w} {m : Type w → Type w'} [Iterator α m β] [Finite α m]
     [Monad m] [IteratorLoop α m m] {it : IterM (α := α) m β} :
     it.drain = it.fold (init := PUnit.unit) (fun _ _ => .unit) :=

src/Init/Data/List/Attach.lean

@@ -6,7 +6,8 @@ Authors: Mario Carneiro
 module
 
 prelude
-public import all Init.Data.List.Lemmas  -- for dsimping with `getElem?_cons_succ`
+public import Init.Data.List.Lemmas  -- for dsimping with `getElem?_cons_succ`
+import all Init.Data.List.Lemmas  -- for dsimping with `getElem?_cons_succ`
 public import Init.Data.List.Count
 public import Init.Data.Subtype.Basic
 public import Init.BinderNameHint
@@ -123,7 +124,7 @@ theorem attachWith_congr {l₁ l₂ : List α} (w : l₁ = l₂) {P : α → Pro
       ⟨x, mem_cons_self⟩ :: xs.attach.map fun ⟨y, h⟩ => ⟨y, mem_cons_of_mem x h⟩ := by
   simp only [attach, attachWith, pmap, map_pmap, cons.injEq, true_and]
   apply pmap_congr_left
-  intros a _ m' _
+  intro a _ m' _
   rfl
 
 @[simp, grind =]
@@ -166,14 +167,14 @@ theorem attachWith_map_subtype_val {p : α → Prop} {l : List α} (H : ∀ a
     (l.attachWith p H).map Subtype.val = l :=
   (attachWith_map_val _).trans (List.map_id _)
 
-@[simp, grind]
+@[simp, grind ←]
 theorem mem_attach (l : List α) : ∀ x, x ∈ l.attach
   | ⟨a, h⟩ => by
     have := mem_map.1 (by rw [attach_map_subtype_val]; exact h)
     rcases this with ⟨⟨_, _⟩, m, rfl⟩
     exact m
 
-@[simp, grind]
+@[simp, grind =]
 theorem mem_attachWith {l : List α} {q : α → Prop} (H) (x : {x // q x}) :
     x ∈ l.attachWith q H ↔ x.1 ∈ l := by
   induction l with
@@ -191,12 +192,13 @@ theorem mem_pmap {p : α → Prop} {f : ∀ a, p a → β} {l H b} :
     b ∈ pmap f l H ↔ ∃ (a : _) (h : a ∈ l), f a (H a h) = b := by
   simp only [pmap_eq_map_attach, mem_map, mem_attach, true_and, Subtype.exists, eq_comm]
 
-@[grind]
 theorem mem_pmap_of_mem {p : α → Prop} {f : ∀ a, p a → β} {l H} {a} (h : a ∈ l) :
     f a (H a h) ∈ pmap f l H := by
   rw [mem_pmap]
   exact ⟨a, h, rfl⟩
 
+grind_pattern mem_pmap_of_mem => _ ∈ pmap f l H, a ∈ l
+
 @[simp, grind =]
 theorem length_pmap {p : α → Prop} {f : ∀ a, p a → β} {l H} : (pmap f l H).length = l.length := by
   induction l
@@ -369,13 +371,13 @@ theorem getElem_attach {xs : List α} {i : Nat} (h : i < xs.attach.length) :
     xs.attach.tail = xs.tail.attach.map (fun ⟨x, h⟩ => ⟨x, mem_of_mem_tail h⟩) := by
   cases xs <;> simp
 
-@[grind]
+@[grind =]
 theorem foldl_pmap {l : List α} {P : α → Prop} {f : (a : α) → P a → β}
     (H : ∀ (a : α), a ∈ l → P a) (g : γ → β → γ) (x : γ) :
     (l.pmap f H).foldl g x = l.attach.foldl (fun acc a => g acc (f a.1 (H _ a.2))) x := by
   rw [pmap_eq_map_attach, foldl_map]
 
-@[grind]
+@[grind =]
 theorem foldr_pmap {l : List α} {P : α → Prop} {f : (a : α) → P a → β}
     (H : ∀ (a : α), a ∈ l → P a) (g : β → γ → γ) (x : γ) :
     (l.pmap f H).foldr g x = l.attach.foldr (fun a acc => g (f a.1 (H _ a.2)) acc) x := by

src/Init/Data/List/Basic.lean

@@ -80,17 +80,17 @@ namespace List
 
 /-! ### length -/
 
-@[simp, grind] theorem length_nil : length ([] : List α) = 0 :=
+@[simp, grind =] theorem length_nil : length ([] : List α) = 0 :=
   rfl
 
 @[simp] theorem length_singleton {a : α} : length [a] = 1 := rfl
 
-@[simp, grind] theorem length_cons {a : α} {as : List α} : (cons a as).length = as.length + 1 :=
+@[simp, grind =] theorem length_cons {a : α} {as : List α} : (cons a as).length = as.length + 1 :=
   rfl
 
 /-! ### set -/
 
-@[simp, grind] theorem length_set {as : List α} {i : Nat} {a : α} : (as.set i a).length = as.length := by
+@[simp, grind =] theorem length_set {as : List α} {i : Nat} {a : α} : (as.set i a).length = as.length := by
   induction as generalizing i with
   | nil => rfl
   | cons x xs ih =>
@@ -101,8 +101,8 @@ namespace List
 /-! ### foldl -/
 
 -- As `List.foldl` is defined in `Init.Prelude`, we write the basic simplification lemmas here.
-@[simp, grind] theorem foldl_nil : [].foldl f b = b := rfl
-@[simp, grind] theorem foldl_cons {l : List α} {f : β → α → β} {b : β} : (a :: l).foldl f b = l.foldl f (f b a) := rfl
+@[simp, grind =] theorem foldl_nil : [].foldl f b = b := rfl
+@[simp, grind =] theorem foldl_cons {l : List α} {f : β → α → β} {b : β} : (a :: l).foldl f b = l.foldl f (f b a) := rfl
 
 /-! ### concat -/
 
@@ -332,7 +332,7 @@ def getLast? : List α → Option α
   | []    => none
   | a::as => some (getLast (a::as) (fun h => List.noConfusion h))
 
-@[simp, grind] theorem getLast?_nil : @getLast? α [] = none := rfl
+@[simp, grind =] theorem getLast?_nil : @getLast? α [] = none := rfl
 
 /-! ### getLastD -/
 
@@ -365,7 +365,7 @@ Returns the first element of a non-empty list.
 def head : (as : List α) → as ≠ [] → α
   | a::_, _ => a
 
-@[simp, grind] theorem head_cons {a : α} {l : List α} {h} : head (a::l) h = a := rfl
+@[simp, grind =] theorem head_cons {a : α} {l : List α} {h} : head (a::l) h = a := rfl
 
 /-! ### head? -/
 
@@ -383,8 +383,8 @@ def head? : List α → Option α
   | []   => none
   | a::_ => some a
 
-@[simp, grind] theorem head?_nil : head? ([] : List α) = none := rfl
-@[simp, grind] theorem head?_cons {a : α} {l : List α} : head? (a::l) = some a := rfl
+@[simp, grind =] theorem head?_nil : head? ([] : List α) = none := rfl
+@[simp, grind =] theorem head?_cons {a : α} {l : List α} : head? (a::l) = some a := rfl
 
 /-! ### headD -/
 
@@ -420,8 +420,8 @@ def tail : List α → List α
   | []    => []
   | _::as => as
 
-@[simp, grind] theorem tail_nil : tail ([] : List α) = [] := rfl
-@[simp, grind] theorem tail_cons {a : α} {as : List α} : tail (a::as) = as := rfl
+@[simp, grind =] theorem tail_nil : tail ([] : List α) = [] := rfl
+@[simp, grind =] theorem tail_cons {a : α} {as : List α} : tail (a::as) = as := rfl
 
 /-! ### tail? -/
 
@@ -441,8 +441,8 @@ def tail? : List α → Option (List α)
   | []    => none
   | _::as => some as
 
-@[simp, grind] theorem tail?_nil : tail? ([] : List α) = none := rfl
-@[simp, grind] theorem tail?_cons {a : α} {l : List α} : tail? (a::l) = some l := rfl
+@[simp, grind =] theorem tail?_nil : tail? ([] : List α) = none := rfl
+@[simp, grind =] theorem tail?_cons {a : α} {l : List α} : tail? (a::l) = some l := rfl
 
 /-! ### tailD -/
 
@@ -475,23 +475,8 @@ We define the basic functional programming operations on `List`:
 
 /-! ### map -/
 
-/--
-Applies a function to each element of the list, returning the resulting list of values.
-
-`O(|l|)`.
-
-Examples:
-* `[a, b, c].map f = [f a, f b, f c]`
-* `[].map Nat.succ = []`
-* `["one", "two", "three"].map (·.length) = [3, 3, 5]`
-* `["one", "two", "three"].map (·.reverse) = ["eno", "owt", "eerht"]`
--/
-@[specialize] def map (f : α → β) : (l : List α) → List β
-  | []    => []
-  | a::as => f a :: map f as
-
-@[simp, grind] theorem map_nil {f : α → β} : map f [] = [] := rfl
-@[simp, grind] theorem map_cons {f : α → β} {a : α} {l : List α} : map f (a :: l) = f a :: map f l := rfl
+@[simp, grind =] theorem map_nil {f : α → β} : map f [] = [] := rfl
+@[simp, grind =] theorem map_cons {f : α → β} {a : α} {l : List α} : map f (a :: l) = f a :: map f l := rfl
 
 /-! ### filter -/
 
@@ -511,7 +496,7 @@ def filter (p : α → Bool) : (l : List α) → List α
     | true => a :: filter p as
     | false => filter p as
 
-@[simp, grind] theorem filter_nil {p : α → Bool} : filter p [] = [] := rfl
+@[simp, grind =] theorem filter_nil {p : α → Bool} : filter p [] = [] := rfl
 
 /-! ### filterMap -/
 
@@ -537,8 +522,8 @@ Example:
     | none   => filterMap f as
     | some b => b :: filterMap f as
 
-@[simp, grind] theorem filterMap_nil {f : α → Option β} : filterMap f [] = [] := rfl
-@[grind] theorem filterMap_cons {f : α → Option β} {a : α} {l : List α} :
+@[simp, grind =] theorem filterMap_nil {f : α → Option β} : filterMap f [] = [] := rfl
+@[grind =] theorem filterMap_cons {f : α → Option β} {a : α} {l : List α} :
     filterMap f (a :: l) =
       match f a with
       | none => filterMap f l
@@ -561,8 +546,8 @@ Examples:
   | []     => init
   | a :: l => f a (foldr f init l)
 
-@[simp, grind] theorem foldr_nil : [].foldr f b = b := rfl
-@[simp, grind] theorem foldr_cons {a} {l : List α} {f : α → β → β} {b} :
+@[simp, grind =] theorem foldr_nil : [].foldr f b = b := rfl
+@[simp, grind =] theorem foldr_cons {a} {l : List α} {f : α → β → β} {b} :
     (a :: l).foldr f b = f a (l.foldr f b) := rfl
 
 /-! ### reverse -/
@@ -591,7 +576,7 @@ Examples:
 @[expose] def reverse (as : List α) : List α :=
   reverseAux as []
 
-@[simp, grind] theorem reverse_nil : reverse ([] : List α) = [] := rfl
+@[simp, grind =] theorem reverse_nil : reverse ([] : List α) = [] := rfl
 
 theorem reverseAux_reverseAux {as bs cs : List α} :
     reverseAux (reverseAux as bs) cs = reverseAux bs (reverseAux (reverseAux as []) cs) := by
@@ -606,20 +591,6 @@ Appends two lists. Normally used via the `++` operator.
 
 Appending lists takes time proportional to the length of the first list: `O(|xs|)`.
 
-Examples:
-  * `[1, 2, 3] ++ [4, 5] = [1, 2, 3, 4, 5]`.
-  * `[] ++ [4, 5] = [4, 5]`.
-  * `[1, 2, 3] ++ [] = [1, 2, 3]`.
--/
-protected def append : (xs ys : List α) → List α
-  | [],    bs => bs
-  | a::as, bs => a :: List.append as bs
-
-/--
-Appends two lists. Normally used via the `++` operator.
-
-Appending lists takes time proportional to the length of the first list: `O(|xs|)`.
-
 This is a tail-recursive version of `List.append`.
 
 Examples:
@@ -645,10 +616,10 @@ instance : Append (List α) := ⟨List.append⟩
 
 @[simp] theorem append_eq {as bs : List α} : List.append as bs = as ++ bs := rfl
 
-@[simp, grind] theorem nil_append (as : List α) : [] ++ as = as := rfl
+@[simp, grind =] theorem nil_append (as : List α) : [] ++ as = as := rfl
 @[simp, grind _=_] theorem cons_append {a : α} {as bs : List α} : (a::as) ++ bs = a::(as ++ bs) := rfl
 
-@[simp, grind] theorem append_nil (as : List α) : as ++ [] = as := by
+@[simp, grind =] theorem append_nil (as : List α) : as ++ [] = as := by
   induction as with
   | nil => rfl
   | cons a as ih =>
@@ -658,7 +629,7 @@ instance : Std.LawfulIdentity (α := List α) (· ++ ·) [] where
   left_id := nil_append
   right_id := append_nil
 
-@[simp, grind] theorem length_append {as bs : List α} : (as ++ bs).length = as.length + bs.length := by
+@[simp, grind =] theorem length_append {as bs : List α} : (as ++ bs).length = as.length + bs.length := by
   induction as with
   | nil => simp
   | cons _ as ih => simp [ih, Nat.succ_add]
@@ -685,27 +656,15 @@ theorem reverseAux_eq_append {as bs : List α} : reverseAux as bs = reverseAux a
     rw [ih (bs := a :: bs), ih (bs := [a]), append_assoc]
     rfl
 
-@[simp, grind] theorem reverse_cons {a : α} {as : List α} : reverse (a :: as) = reverse as ++ [a] := by
+@[simp, grind =] theorem reverse_cons {a : α} {as : List α} : reverse (a :: as) = reverse as ++ [a] := by
   simp [reverse, reverseAux]
   rw [← reverseAux_eq_append]
 
 /-! ### flatten -/
 
-/--
-Concatenates a list of lists into a single list, preserving the order of the elements.
 
-`O(|flatten L|)`.
-
-Examples:
-* `[["a"], ["b", "c"]].flatten = ["a", "b", "c"]`
-* `[["a"], [], ["b", "c"], ["d", "e", "f"]].flatten = ["a", "b", "c", "d", "e", "f"]`
--/
-def flatten : List (List α) → List α
-  | []      => []
-  | l :: L => l ++ flatten L
-
-@[simp, grind] theorem flatten_nil : List.flatten ([] : List (List α)) = [] := rfl
-@[simp, grind] theorem flatten_cons : (l :: L).flatten = l ++ L.flatten := rfl
+@[simp, grind =] theorem flatten_nil : List.flatten ([] : List (List α)) = [] := rfl
+@[simp, grind =] theorem flatten_cons : (l :: L).flatten = l ++ L.flatten := rfl
 
 /-! ### singleton -/
 
@@ -721,20 +680,14 @@ Examples:
 
 /-! ### flatMap -/
 
-/--
-Applies a function that returns a list to each element of a list, and concatenates the resulting
-lists.
-
-Examples:
-* `[2, 3, 2].flatMap List.range = [0, 1, 0, 1, 2, 0, 1]`
-* `["red", "blue"].flatMap String.toList = ['r', 'e', 'd', 'b', 'l', 'u', 'e']`
--/
-@[inline] def flatMap {α : Type u} {β : Type v} (b : α → List β) (as : List α) : List β := flatten (map b as)
-
-@[simp, grind] theorem flatMap_nil {f : α → List β} : List.flatMap f [] = [] := by simp [List.flatMap]
-@[simp, grind] theorem flatMap_cons {x : α} {xs : List α} {f : α → List β} :
+@[simp, grind =] theorem flatMap_nil {f : α → List β} : List.flatMap f [] = [] := by simp [List.flatMap]
+@[simp, grind =] theorem flatMap_cons {x : α} {xs : List α} {f : α → List β} :
   List.flatMap f (x :: xs) = f x ++ List.flatMap f xs := by simp [List.flatMap]
 
+@[simp, grind _=_] theorem flatMap_append {xs ys : List α} {f : α → List β} :
+    (xs ++ ys).flatMap f = xs.flatMap f ++ ys.flatMap f := by
+  induction xs; {rfl}; simp_all [flatMap_cons, append_assoc]
+
 /-! ### replicate -/
 
 /--
@@ -748,10 +701,10 @@ def replicate : (n : Nat) → (a : α) → List α
   | 0,   _ => []
   | n+1, a => a :: replicate n a
 
-@[simp, grind] theorem replicate_zero {a : α} : replicate 0 a = [] := rfl
-@[grind] theorem replicate_succ {a : α} {n : Nat} : replicate (n+1) a = a :: replicate n a := rfl
+@[simp, grind =] theorem replicate_zero {a : α} : replicate 0 a = [] := rfl
+@[grind =] theorem replicate_succ {a : α} {n : Nat} : replicate (n+1) a = a :: replicate n a := rfl
 
-@[simp, grind] theorem length_replicate {n : Nat} {a : α} : (replicate n a).length = n := by
+@[simp, grind =] theorem length_replicate {n : Nat} {a : α} : (replicate n a).length = n := by
   induction n with
   | zero => simp
   | succ n ih => simp only [ih, replicate_succ, length_cons]
@@ -819,8 +772,8 @@ def isEmpty : List α → Bool
   | []     => true
   | _ :: _ => false
 
-@[simp, grind] theorem isEmpty_nil : ([] : List α).isEmpty = true := rfl
-@[simp, grind] theorem isEmpty_cons : (x :: xs : List α).isEmpty = false := rfl
+@[simp, grind =] theorem isEmpty_nil : ([] : List α).isEmpty = true := rfl
+@[simp, grind =] theorem isEmpty_cons : (x :: xs : List α).isEmpty = false := rfl
 
 /-! ### elem -/
 
@@ -842,7 +795,7 @@ def elem [BEq α] (a : α) : (l : List α) → Bool
     | true  => true
     | false => elem a bs
 
-@[simp, grind] theorem elem_nil [BEq α] : ([] : List α).elem a = false := rfl
+@[simp, grind =] theorem elem_nil [BEq α] : ([] : List α).elem a = false := rfl
 theorem elem_cons [BEq α] {a : α} :
     (b::bs).elem a = match a == b with | true => true | false => bs.elem a := rfl
 
@@ -958,9 +911,9 @@ def take : (n : Nat) → (xs : List α) → List α
   | _+1, []    => []
   | n+1, a::as => a :: take n as
 
-@[simp, grind] theorem take_nil {i : Nat} : ([] : List α).take i = [] := by cases i <;> rfl
-@[simp, grind] theorem take_zero {l : List α} : l.take 0 = [] := rfl
-@[simp, grind] theorem take_succ_cons {a : α} {as : List α} {i : Nat} : (a::as).take (i+1) = a :: as.take i := rfl
+@[simp, grind =] theorem take_nil {i : Nat} : ([] : List α).take i = [] := by cases i <;> rfl
+@[simp, grind =] theorem take_zero {l : List α} : l.take 0 = [] := rfl
+@[simp, grind =] theorem take_succ_cons {a : α} {as : List α} {i : Nat} : (a::as).take (i+1) = a :: as.take i := rfl
 
 /-! ### drop -/
 
@@ -980,10 +933,10 @@ def drop : (n : Nat) → (xs : List α) → List α
   | _+1, []    => []
   | n+1, _::as => drop n as
 
-@[simp, grind] theorem drop_nil : ([] : List α).drop i = [] := by
+@[simp, grind =] theorem drop_nil : ([] : List α).drop i = [] := by
   cases i <;> rfl
-@[simp, grind] theorem drop_zero {l : List α} : l.drop 0 = l := rfl
-@[simp, grind] theorem drop_succ_cons {a : α} {l : List α} {i : Nat} : (a :: l).drop (i + 1) = l.drop i := rfl
+@[simp, grind =] theorem drop_zero {l : List α} : l.drop 0 = l := rfl
+@[simp, grind =] theorem drop_succ_cons {a : α} {l : List α} {i : Nat} : (a :: l).drop (i + 1) = l.drop i := rfl
 
 theorem drop_eq_nil_of_le {as : List α} {i : Nat} (h : as.length ≤ i) : as.drop i = [] := by
   match as, i with
@@ -1094,13 +1047,13 @@ def dropLast {α} : List α → List α
   | [_]   => []
   | a::as => a :: dropLast as
 
-@[simp, grind] theorem dropLast_nil : ([] : List α).dropLast = [] := rfl
-@[simp, grind] theorem dropLast_singleton : [x].dropLast = [] := rfl
+@[simp, grind =] theorem dropLast_nil : ([] : List α).dropLast = [] := rfl
+@[simp, grind =] theorem dropLast_singleton : [x].dropLast = [] := rfl
 
 @[deprecated dropLast_singleton (since := "2025-04-16")]
 theorem dropLast_single : [x].dropLast = [] := dropLast_singleton
 
-@[simp, grind] theorem dropLast_cons₂ :
+@[simp, grind =] theorem dropLast_cons₂ :
     (x::y::zs).dropLast = x :: (y::zs).dropLast := rfl
 
 -- Later this can be proved by `simp` via `[List.length_dropLast, List.length_cons, Nat.add_sub_cancel]`,
@@ -1439,8 +1392,8 @@ def replace [BEq α] : (l : List α) → (a : α) → (b : α) → List α
     | true  => c::as
     | false => a :: replace as b c
 
-@[simp, grind] theorem replace_nil [BEq α] : ([] : List α).replace a b = [] := rfl
-@[grind] theorem replace_cons [BEq α] {a : α} :
+@[simp, grind =] theorem replace_nil [BEq α] : ([] : List α).replace a b = [] := rfl
+@[grind =] theorem replace_cons [BEq α] {a : α} :
     (a::as).replace b c = match b == a with | true => c::as | false => a :: replace as b c :=
   rfl
 
@@ -1648,8 +1601,8 @@ def findSome? (f : α → Option β) : List α → Option β
     | some b => some b
     | none   => findSome? f as
 
-@[simp, grind] theorem findSome?_nil : ([] : List α).findSome? f = none := rfl
-@[grind] theorem findSome?_cons {f : α → Option β} :
+@[simp, grind =] theorem findSome?_nil : ([] : List α).findSome? f = none := rfl
+@[grind =] theorem findSome?_cons {f : α → Option β} :
     (a::as).findSome? f = match f a with | some b => some b | none => as.findSome? f :=
   rfl
 
@@ -1906,8 +1859,8 @@ def any : (l : List α) → (p : α → Bool) → Bool
   | [], _ => false
   | h :: t, p => p h || any t p
 
-@[simp, grind] theorem any_nil : [].any f = false := rfl
-@[simp, grind] theorem any_cons : (a::l).any f = (f a || l.any f) := rfl
+@[simp, grind =] theorem any_nil : [].any f = false := rfl
+@[simp, grind =] theorem any_cons : (a::l).any f = (f a || l.any f) := rfl
 
 /-! ### all -/
 
@@ -1925,8 +1878,8 @@ def all : List α → (α → Bool) → Bool
   | [], _ => true
   | h :: t, p => p h && all t p
 
-@[simp, grind] theorem all_nil : [].all f = true := rfl
-@[simp, grind] theorem all_cons : (a::l).all f = (f a && l.all f) := rfl
+@[simp, grind =] theorem all_nil : [].all f = true := rfl
+@[simp, grind =] theorem all_cons : (a::l).all f = (f a && l.all f) := rfl
 
 /-! ### or -/
 
@@ -2066,8 +2019,8 @@ Examples:
 def sum {α} [Add α] [Zero α] : List α → α :=
   foldr (· + ·) 0
 
-@[simp, grind] theorem sum_nil [Add α] [Zero α] : ([] : List α).sum = 0 := rfl
-@[simp, grind] theorem sum_cons [Add α] [Zero α] {a : α} {l : List α} : (a::l).sum = a + l.sum := rfl
+@[simp, grind =] theorem sum_nil [Add α] [Zero α] : ([] : List α).sum = 0 := rfl
+@[simp, grind =] theorem sum_cons [Add α] [Zero α] {a : α} {l : List α} : (a::l).sum = a + l.sum := rfl
 
 /-! ### range -/
 

src/Init/Data/List/Count.lean

@@ -223,7 +223,7 @@ variable [BEq α]
 
 @[simp, grind =] theorem count_nil {a : α} : count a [] = 0 := rfl
 
-@[grind]
+@[grind =]
 theorem count_cons {a b : α} {l : List α} :
     count a (b :: l) = count a l + if b == a then 1 else 0 := by
   simp [count, countP_cons]
@@ -237,7 +237,7 @@ theorem count_eq_countP' {a : α} : count a = countP (· == a) := by
 theorem count_eq_length_filter {a : α} {l : List α} : count a l = (filter (· == a) l).length := by
   simp [count, countP_eq_length_filter]
 
-@[grind]
+@[grind =]
 theorem count_tail : ∀ {l : List α} {a : α},
       l.tail.count a = l.count a - if l.head? == some a then 1 else 0
   | [], a => by simp
@@ -380,7 +380,7 @@ theorem count_filterMap {α} [BEq β] {b : β} {f : α → Option β} {l : List
 theorem count_flatMap {α} [BEq β] {l : List α} {f : α → List β} {x : β} :
     count x (l.flatMap f) = sum (map (count x ∘ f) l) := countP_flatMap
 
-@[grind]
+@[grind =]
 theorem count_erase {a b : α} :
     ∀ {l : List α}, count a (l.erase b) = count a l - if b == a then 1 else 0
   | [] => by simp