feat: bitvec literal internalization in grind

This PR fixes bitvector literal internalization in `grind`. The fix
ensures theorems indexed by `BitVec.ofNat` are properly activated.

.claude/CLAUDE.md

@@ -1,14 +1,34 @@
+To build Lean you should use `make -j -C build/release`.
+
+To run a test you should use `cd tests/lean/run && ./test_single.sh example_test.lean`.
+
+## New features
+
 When asked to implement new features:
 * begin by reviewing existing relevant code and tests
 * write comprehensive tests first (expecting that these will initially fail)
 * and then iterate on the implementation until the tests pass.
 
-To build Lean you should use `make -j$(nproc) -C build/release`.
+All new tests should go in `tests/lean/run/`. These tests don't have expected output; we just check there are no errors. You should use `#guard_msgs` to check for specific messages.
 
-To run a test you should use `cd tests/lean/run && ./test_single.sh example_test.lean`.
+## Success Criteria
 
-*Never* report success on a task unless you have verified both a clean build without errors, and that the relevant tests pass. You have to keep working until you have verified both of these.
+*Never* report success on a task unless you have verified both a clean build without errors, and that the relevant tests pass.
 
-All new tests should go in `tests/lean/run/`. Note that these tests don't have expected output, and just run on a success or failure basis. So you should use `#guard_msgs` to check for specific messages.
+## Build System Safety
 
-If you are not following best practices specific to this repository and the user expresses frustration, stop and ask them to help update this `.claude/CLAUDE.md` file with the missing guidance.
+**NEVER manually delete build directories** (build/, stage0/, stage1/, etc.) even when builds fail.
+- ONLY use the project's documented build command: `make -j -C build/release`
+- If a build is broken, ask the user before attempting any manual cleanup
+
+## LSP and IDE Diagnostics
+
+After rebuilding, LSP diagnostics may be stale until the user interacts with files. Trust command-line test results over IDE diagnostics.
+
+## Update prompting when the user is frustrated
+
+If the user expresses frustration with you, stop and ask them to help update this `.claude/CLAUDE.md` file with missing guidance.
+
+## Creating pull requests.
+
+All PRs must have a first paragraph starting with "This PR". This paragraph is automatically incorporated into release notes. Read `lean4/doc/dev/commit_convention.md` when making PRs.

.gitattributes

@@ -4,6 +4,7 @@ RELEASES.md merge=union
 stage0/** binary linguist-generated
 # The following file is often manually edited, so do show it in diffs
 stage0/src/stdlib_flags.h -binary -linguist-generated
+doc/std/grove/GroveStdlib/Generated/** linguist-generated
 # These files should not have line endings translated on Windows, because
 # it throws off parser tests. Later lines override earlier ones, so the
 # runner code is still treated as ordinary text.

.github/ISSUE_TEMPLATE/bug_report.md

@@ -9,7 +9,7 @@ assignees: ''
 
 ### Prerequisites
 
-Please put an X between the brackets as you perform the following steps:
+<!-- Please put an X between the brackets as you perform the following steps: -->
 
 * [ ] Check that your issue is not already filed:
       https://github.com/leanprover/lean4/issues

.github/workflows/ci.yml

@@ -106,9 +106,54 @@ jobs:
           TAG_NAME="${GITHUB_REF##*/}"
           echo "RELEASE_TAG=$TAG_NAME" >> "$GITHUB_OUTPUT"
 
+      - name: Validate CMakeLists.txt version matches tag
+        if: steps.set-release.outputs.RELEASE_TAG != ''
+        run: |
+          echo "Validating CMakeLists.txt version matches tag ${{ steps.set-release.outputs.RELEASE_TAG }}"
+
+          # Extract version values from CMakeLists.txt
+          CMAKE_MAJOR=$(grep -E "^set\(LEAN_VERSION_MAJOR " src/CMakeLists.txt | grep -oE '[0-9]+')
+          CMAKE_MINOR=$(grep -E "^set\(LEAN_VERSION_MINOR " src/CMakeLists.txt | grep -oE '[0-9]+')
+          CMAKE_PATCH=$(grep -E "^set\(LEAN_VERSION_PATCH " src/CMakeLists.txt | grep -oE '[0-9]+')
+          CMAKE_IS_RELEASE=$(grep -E "^set\(LEAN_VERSION_IS_RELEASE " src/CMakeLists.txt | grep -oE '[0-9]+')
+
+          # Expected values from tag parsing
+          TAG_MAJOR="${{ steps.set-release.outputs.LEAN_VERSION_MAJOR }}"
+          TAG_MINOR="${{ steps.set-release.outputs.LEAN_VERSION_MINOR }}"
+          TAG_PATCH="${{ steps.set-release.outputs.LEAN_VERSION_PATCH }}"
+
+          ERRORS=""
+
+          if [[ "$CMAKE_MAJOR" != "$TAG_MAJOR" ]]; then
+            ERRORS+="LEAN_VERSION_MAJOR: expected $TAG_MAJOR, found $CMAKE_MAJOR\n"
+          fi
+          if [[ "$CMAKE_MINOR" != "$TAG_MINOR" ]]; then
+            ERRORS+="LEAN_VERSION_MINOR: expected $TAG_MINOR, found $CMAKE_MINOR\n"
+          fi
+          if [[ "$CMAKE_PATCH" != "$TAG_PATCH" ]]; then
+            ERRORS+="LEAN_VERSION_PATCH: expected $TAG_PATCH, found $CMAKE_PATCH\n"
+          fi
+          if [[ "$CMAKE_IS_RELEASE" != "1" ]]; then
+            ERRORS+="LEAN_VERSION_IS_RELEASE: expected 1, found $CMAKE_IS_RELEASE\n"
+          fi
+
+          if [[ -n "$ERRORS" ]]; then
+            echo "::error::Version mismatch between tag and src/CMakeLists.txt"
+            echo ""
+            echo "Tag ${{ steps.set-release.outputs.RELEASE_TAG }} expects version $TAG_MAJOR.$TAG_MINOR.$TAG_PATCH"
+            echo "But src/CMakeLists.txt has mismatched values:"
+            echo -e "$ERRORS"
+            echo ""
+            echo "Fix src/CMakeLists.txt, delete the tag, and re-tag."
+            exit 1
+          fi
+
+          echo "Version validation passed: $TAG_MAJOR.$TAG_MINOR.$TAG_PATCH"
+
       # 0: PRs without special label
       # 1: PRs with `merge-ci` label, merge queue checks, master commits
-      # 2: PRs with `release-ci` label, releases (incl. nightlies)
+      # 2: nightlies
+      # 3: PRs with `release-ci` label, full releases
       - name: Set check level
         id: set-level
         # We do not use github.event.pull_request.labels.*.name here because
@@ -118,14 +163,16 @@ jobs:
           check_level=0
           fast=false
 
-          if [[ -n "${{ steps.set-nightly.outputs.nightly }}" || -n "${{ steps.set-release.outputs.RELEASE_TAG }}" || -n "${{ steps.set-release-custom.outputs.RELEASE_TAG }}" ]]; then
+          if [[ -n "${{ steps.set-release.outputs.RELEASE_TAG }}" || -n "${{ steps.set-release-custom.outputs.RELEASE_TAG }}" ]]; then
+            check_level=3
+          elif [[ -n "${{ steps.set-nightly.outputs.nightly }}" ]]; then
             check_level=2
           elif [[ "${{ github.event_name }}" != "pull_request" ]]; then
             check_level=1
           else
             labels="$(gh api repos/${{ github.repository_owner }}/${{ github.event.repository.name }}/pulls/${{ github.event.pull_request.number }} --jq '.labels')"
             if echo "$labels" | grep -q "release-ci"; then
-              check_level=2
+              check_level=3
             elif echo "$labels" | grep -q "merge-ci"; then
               check_level=1
             fi
@@ -210,17 +257,23 @@ jobs:
                 "test": true,
                 "CMAKE_PRESET": "reldebug",
               },
-              // TODO: suddenly started failing in CI
-              /*{
+              {
                 "name": "Linux fsanitize",
-                "os": "ubuntu-latest",
+                // Always run on large if available, more reliable regarding timeouts
+                "os": large ? "nscloud-ubuntu-22.04-amd64-8x16-with-cache" : "ubuntu-latest",
                 "enabled": level >= 2,
+                // do not fail nightlies on this for now
+                "secondary": level <= 2,
                 "test": true,
                 // turn off custom allocator & symbolic functions to make LSAN do its magic
                 "CMAKE_PRESET": "sanitize",
-                // exclude seriously slow/problematic tests (laketests crash)
-                "CTEST_OPTIONS": "-E 'interactivetest|leanpkgtest|laketest|benchtest'"
-              },*/
+                // `StackOverflow*` correctly triggers ubsan
+                // `reverse-ffi` fails to link in sanitizers
+                // `interactive` and `async_select_channel` fail nondeterministically, would need to
+                // be investigated.
+                // 9366 is too close to timeout
+                "CTEST_OPTIONS": "-E 'StackOverflow|reverse-ffi|interactive|async_select_channel|9366'"
+              },
               {
                 "name": "macOS",
                 "os": "macos-15-intel",
@@ -252,7 +305,7 @@ jobs:
               },
               {
                 "name": "Windows",
-                "os": large && (fast || level == 2) ? "namespace-profile-windows-amd64-4x16" : "windows-2022",
+                "os": large && (fast || level >= 2) ? "namespace-profile-windows-amd64-4x16" : "windows-2022",
                 "release": true,
                 "enabled": level >= 2,
                 "test": true,

.github/workflows/grove.yml

@@ -51,7 +51,7 @@ jobs:
       - name: Fetch upstream invalidated facts
         if: ${{ steps.should-run.outputs.should-run == 'true' && steps.workflow-info.outputs.pullRequestNumber != '' }}
         id: fetch-upstream
-        uses: TwoFx/grove-action/fetch-upstream@v0.4
+        uses: TwoFx/grove-action/fetch-upstream@v0.5
         with:
           artifact-name: grove-invalidated-facts
           base-ref: master
@@ -65,6 +65,7 @@ jobs:
           workflow: ci.yml
           path: artifacts
           name: "build-Linux release"
+          allow_forks: true
           name_is_regexp: true
 
       - name: Unpack toolchain
@@ -95,7 +96,7 @@ jobs:
       - name: Build
         if: ${{ steps.should-run.outputs.should-run == 'true' }}
         id: build
-        uses: TwoFx/grove-action/build@v0.4
+        uses: TwoFx/grove-action/build@v0.5
         with:
           project-path: doc/std/grove
           script-name: grove-stdlib

.github/workflows/pr-release.yml

@@ -127,7 +127,7 @@ jobs:
               description: "${{ github.repository_owner }}/lean4-pr-releases:pr-release-${{ steps.workflow-info.outputs.pullRequestNumber }}-${{ env.SHORT_SHA }}",
             });
 
-      - name: Add label
+      - name: Add toolchain-available label
         if: ${{ steps.workflow-info.outputs.pullRequestNumber != '' }}
         uses: actions/github-script@v8
         with:
@@ -515,6 +515,18 @@ jobs:
         run: |
           git push origin lean-pr-testing-${{ steps.workflow-info.outputs.pullRequestNumber }}
 
+      - name: Add mathlib4-nightly-available label
+        if: steps.workflow-info.outputs.pullRequestNumber != '' && steps.ready.outputs.mathlib_ready == 'true'
+        uses: actions/github-script@v8
+        with:
+          script: |
+            await github.rest.issues.addLabels({
+              issue_number: ${{ steps.workflow-info.outputs.pullRequestNumber }},
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: ['mathlib4-nightly-available']
+            })
+
       # We next automatically create a reference manual branch using this toolchain.
       # Reference manual CI will be responsible for reporting back success or failure
       # to the PR comments asynchronously (and thus transitively SubVerso/Verso).

CMakeLists.txt

@@ -44,7 +44,9 @@ if (NOT ${CMAKE_SYSTEM_NAME} MATCHES "Emscripten")
     set(CADICAL_CXX c++)
     if (CADICAL_USE_CUSTOM_CXX)
       set(CADICAL_CXX ${CMAKE_CXX_COMPILER})
-      set(CADICAL_CXXFLAGS "${LEAN_EXTRA_CXX_FLAGS}")
+      # Use same platform flags as for Lean executables, in particular from `prepare-llvm-linux.sh`,
+      # but not Lean-specific `LEAN_EXTRA_CXX_FLAGS` such as fsanitize.
+      set(CADICAL_CXXFLAGS "${CMAKE_CXX_FLAGS}")
       set(CADICAL_LDFLAGS "-Wl,-rpath=\\$$ORIGIN/../lib")
     endif()
     find_program(CCACHE ccache)

CMakePresets.json

@@ -41,7 +41,7 @@
         "SMALL_ALLOCATOR": "OFF",
         "USE_MIMALLOC": "OFF",
         "BSYMBOLIC": "OFF",
-        "LEAN_TEST_VARS": "MAIN_STACK_SIZE=16000"
+        "LEAN_TEST_VARS": "MAIN_STACK_SIZE=16000 LSAN_OPTIONS=max_leaks=10"
       },
       "generator": "Unix Makefiles",
       "binaryDir": "${sourceDir}/build/sanitize"

doc/dev/bootstrap.md

@@ -72,6 +72,9 @@ update the archived C source code of the stage 0 compiler in `stage0/src`.
 
 The github repository will automatically update stage0 on `master` once
 `src/stdlib_flags.h` and `stage0/src/stdlib_flags.h` are out of sync.
+To trigger this, modify `stage0/src/stdlib_flags.h` (e.g., by adding or changing
+a comment). When `update-stage0` runs, it will overwrite `stage0/src/stdlib_flags.h`
+with the contents of `src/stdlib_flags.h`, bringing them back in sync.
 
 NOTE: A full rebuild of stage 1 will only be triggered when the *committed* contents of `stage0/` are changed.
 Thus if you change files in it manually instead of through `update-stage0-commit` (see below) or fetching updates from git, you either need to commit those changes first or run `make -C build/release clean-stdlib`.

doc/dev/testing.md

@@ -51,6 +51,10 @@ All these tests are included by [src/shell/CMakeLists.txt](https://github.com/le
   codes and do not check the expected output even though output is
   produced, it is ignored.
 
+  **Note:** Tests in this directory run with `-Dlinter.all=false` to reduce noise.
+  If your test needs to verify linter behavior (e.g., deprecation warnings),
+  explicitly enable the relevant linter with `set_option linter.<name> true`.
+
 - [`tests/lean/interactive`](https://github.com/leanprover/lean4/tree/master/tests/lean/interactive/): are designed to test server requests at a
   given position in the input file. Each .lean file contains comments
   that indicate how to simulate a client request at that position.

doc/std/grove/GroveStdlib/Generated.lean

@@ -4,6 +4,7 @@ import GroveStdlib.Generated.«associative-creation-operations»
 import GroveStdlib.Generated.«associative-modification-operations»
 import GroveStdlib.Generated.«associative-create-then-query»
 import GroveStdlib.Generated.«associative-all-operations-covered»
+import GroveStdlib.Generated.«slice-producing»
 
 /-
 This file is autogenerated by grove. You can manually edit it, for example to resolve merge
@@ -20,3 +21,4 @@ def restoreState : RestoreStateM Unit := do
   «associative-modification-operations».restoreState
   «associative-create-then-query».restoreState
   «associative-all-operations-covered».restoreState
+  «slice-producing».restoreState

doc/std/grove/GroveStdlib/Generated/slice-producing.lean

@@ -0,0 +1,459 @@
+import Grove.Framework
+
+/-
+This file is autogenerated by grove. You can manually edit it, for example to resolve merge
+conflicts, but be careful.
+-/
+
+open Grove.Framework Widget
+
+namespace GroveStdlib.Generated.«slice-producing»
+
+def «c8a13d6d-7ed6-4cd1-a386-23e2d55ce6f7» : AssociationTable.Fact .declaration where
+  widgetId := "slice-producing"
+  factId := "c8a13d6d-7ed6-4cd1-a386-23e2d55ce6f7"
+  rowId := "c8a13d6d-7ed6-4cd1-a386-23e2d55ce6f7"
+  rowState := #[⟨"String", "String.slice", Declaration.def {
+    name := `String.slice
+    renderedStatement := "String.slice (s : String) (startInclusive endExclusive : s.Pos)\n  (h : startInclusive ≤ endExclusive) : String.Slice"
+    isDeprecated := false
+  }
+⟩,⟨"String.Slice", "String.Slice.slice", Declaration.def {
+    name := `String.Slice.slice
+    renderedStatement := "String.Slice.slice (s : String.Slice) (newStart newEnd : s.Pos) (h : newStart ≤ newEnd) :\n  String.Slice"
+    isDeprecated := false
+  }
+⟩,⟨"string-pos-forwards", "String.Pos.slice", Declaration.def {
+    name := `String.Pos.slice
+    renderedStatement := "String.Pos.slice {s : String} (pos p₀ p₁ : s.Pos) (h₁ : p₀ ≤ pos) (h₂ : pos ≤ p₁) :\n  (s.slice p₀ p₁ ⋯).Pos"
+    isDeprecated := false
+  }
+⟩,⟨"string-pos-backwards", "String.Pos.ofSlice", Declaration.def {
+    name := `String.Pos.ofSlice
+    renderedStatement := "String.Pos.ofSlice {s : String} {p₀ p₁ : s.Pos} {h : p₀ ≤ p₁} (pos : (s.slice p₀ p₁ h).Pos) : s.Pos"
+    isDeprecated := false
+  }
+⟩,⟨"string-slice-pos-forwards", "String.Slice.Pos.slice", Declaration.def {
+    name := `String.Slice.Pos.slice
+    renderedStatement := "String.Slice.Pos.slice {s : String.Slice} (pos p₀ p₁ : s.Pos) (h₁ : p₀ ≤ pos) (h₂ : pos ≤ p₁) :\n  (s.slice p₀ p₁ ⋯).Pos"
+    isDeprecated := false
+  }
+⟩,⟨"string-slice-pos-backwards", "String.Slice.Pos.ofSlice", Declaration.def {
+    name := `String.Slice.Pos.ofSlice
+    renderedStatement := "String.Slice.Pos.ofSlice {s : String.Slice} {p₀ p₁ : s.Pos} {h : p₀ ≤ p₁}\n  (pos : (s.slice p₀ p₁ h).Pos) : s.Pos"
+    isDeprecated := false
+  }
+⟩,⟨"string-pos-noproof", "String.Pos.sliceOrPanic", Declaration.def {
+    name := `String.Pos.sliceOrPanic
+    renderedStatement := "String.Pos.sliceOrPanic {s : String} (pos p₀ p₁ : s.Pos) {h : p₀ ≤ p₁} : (s.slice p₀ p₁ h).Pos"
+    isDeprecated := false
+  }
+⟩,⟨"string-slice-pos-noproof", "String.Slice.Pos.sliceOrPanic", Declaration.def {
+    name := `String.Slice.Pos.sliceOrPanic
+    renderedStatement := "String.Slice.Pos.sliceOrPanic {s : String.Slice} (pos p₀ p₁ : s.Pos) {h : p₀ ≤ p₁} :\n  (s.slice p₀ p₁ h).Pos"
+    isDeprecated := false
+  }
+⟩,]
+  metadata := {
+    status := .done
+    comment := ""
+  }
+def «21b4fdfd-f8b3-44f5-a59e-57f1dc1d6819» : AssociationTable.Fact .declaration where
+  widgetId := "slice-producing"
+  factId := "21b4fdfd-f8b3-44f5-a59e-57f1dc1d6819"
+  rowId := "21b4fdfd-f8b3-44f5-a59e-57f1dc1d6819"
+  rowState := #[⟨"String", "String.slice?", Declaration.def {
+    name := `String.slice?
+    renderedStatement := "String.slice? (s : String) (startInclusive endExclusive : s.Pos) : Option String.Slice"
+    isDeprecated := false
+  }
+⟩,⟨"String.Slice", "String.Slice.slice?", Declaration.def {
+    name := `String.Slice.slice?
+    renderedStatement := "String.Slice.slice? (s : String.Slice) (newStart newEnd : s.Pos) : Option String.Slice"
+    isDeprecated := false
+  }
+⟩,]
+  metadata := {
+    status := .postponed
+    comment := "Would be good to have better support"
+  }
+def «6f2b6ecb-2f0c-4e45-9da3-eb7f2e15eff0» : AssociationTable.Fact .declaration where
+  widgetId := "slice-producing"
+  factId := "6f2b6ecb-2f0c-4e45-9da3-eb7f2e15eff0"
+  rowId := "6f2b6ecb-2f0c-4e45-9da3-eb7f2e15eff0"
+  rowState := #[⟨"String", "String.slice!", Declaration.def {
+    name := `String.slice!
+    renderedStatement := "String.slice! (s : String) (p₁ p₂ : s.Pos) : String.Slice"
+    isDeprecated := false
+  }
+⟩,⟨"String.Slice", "String.Slice.slice!", Declaration.def {
+    name := `String.Slice.slice!
+    renderedStatement := "String.Slice.slice! (s : String.Slice) (newStart newEnd : s.Pos) : String.Slice"
+    isDeprecated := false
+  }
+⟩,⟨"string-pos-forwards", "String.Pos.slice!", Declaration.def {
+    name := `String.Pos.slice!
+    renderedStatement := "String.Pos.slice! {s : String} (pos p₀ p₁ : s.Pos) : (s.slice! p₀ p₁).Pos"
+    isDeprecated := false
+  }
+⟩,⟨"string-pos-backwards", "String.Pos.ofSlice!", Declaration.def {
+    name := `String.Pos.ofSlice!
+    renderedStatement := "String.Pos.ofSlice! {s : String} {p₀ p₁ : s.Pos} (pos : (s.slice! p₀ p₁).Pos) : s.Pos"
+    isDeprecated := false
+  }
+⟩,⟨"string-slice-pos-forwards", "String.Slice.Pos.slice!", Declaration.def {
+    name := `String.Slice.Pos.slice!
+    renderedStatement := "String.Slice.Pos.slice! {s : String.Slice} (pos p₀ p₁ : s.Pos) : (s.slice! p₀ p₁).Pos"
+    isDeprecated := false
+  }
+⟩,⟨"string-slice-pos-backwards", "String.Slice.Pos.ofSlice!", Declaration.def {
+    name := `String.Slice.Pos.ofSlice!
+    renderedStatement := "String.Slice.Pos.ofSlice! {s : String.Slice} {p₀ p₁ : s.Pos} (pos : (s.slice! p₀ p₁).Pos) : s.Pos"
+    isDeprecated := false
+  }
+⟩,]
+  metadata := {
+    status := .done
+    comment := ""
+  }
+def «a3bdf66d-bc11-4019-aee9-2f1c1701de52» : AssociationTable.Fact .declaration where
+  widgetId := "slice-producing"
+  factId := "a3bdf66d-bc11-4019-aee9-2f1c1701de52"
+  rowId := "a3bdf66d-bc11-4019-aee9-2f1c1701de52"
+  rowState := #[⟨"String", "String.trimAsciiStart", Declaration.def {
+    name := `String.trimAsciiStart
+    renderedStatement := "String.trimAsciiStart (s : String) : String.Slice"
+    isDeprecated := false
+  }
+⟩,⟨"String.Slice", "String.Slice.trimAsciiStart", Declaration.def {
+    name := `String.Slice.trimAsciiStart
+    renderedStatement := "String.Slice.trimAsciiStart (s : String.Slice) : String.Slice"
+    isDeprecated := false
+  }
+⟩,]
+  metadata := {
+    status := .bad
+    comment := "Missing `of` version at least"
+  }
+def «f12b2730-7a4d-465c-8a6d-9d051c300fd5» : AssociationTable.Fact .declaration where
+  widgetId := "slice-producing"
+  factId := "f12b2730-7a4d-465c-8a6d-9d051c300fd5"
+  rowId := "f12b2730-7a4d-465c-8a6d-9d051c300fd5"
+  rowState := #[⟨"String", "String.trimAsciiEnd", Declaration.def {
+    name := `String.trimAsciiEnd
+    renderedStatement := "String.trimAsciiEnd (s : String) : String.Slice"
+    isDeprecated := false
+  }
+⟩,⟨"String.Slice", "String.Slice.trimAsciiEnd", Declaration.def {
+    name := `String.Slice.trimAsciiEnd
+    renderedStatement := "String.Slice.trimAsciiEnd (s : String.Slice) : String.Slice"
+    isDeprecated := false
+  }
+⟩,]
+  metadata := {
+    status := .bad
+    comment := "Missing `of` version at least"
+  }
+def «32307b55-d6d1-4756-a947-dbe4dfde573c» : AssociationTable.Fact .declaration where
+  widgetId := "slice-producing"
+  factId := "32307b55-d6d1-4756-a947-dbe4dfde573c"
+  rowId := "32307b55-d6d1-4756-a947-dbe4dfde573c"
+  rowState := #[⟨"String", "String.trimAscii", Declaration.def {
+    name := `String.trimAscii
+    renderedStatement := "String.trimAscii (s : String) : String.Slice"
+    isDeprecated := false
+  }
+⟩,⟨"String.Slice", "String.Slice.trimAscii", Declaration.def {
+    name := `String.Slice.trimAscii
+    renderedStatement := "String.Slice.trimAscii (s : String.Slice) : String.Slice"
+    isDeprecated := false
+  }
+⟩,]
+  metadata := {
+    status := .bad
+    comment := "Missing `of` version at least\n"
+  }
+def «dce95a38-f55a-4d6a-ae79-078ffe4b5c15» : AssociationTable.Fact .declaration where
+  widgetId := "slice-producing"
+  factId := "dce95a38-f55a-4d6a-ae79-078ffe4b5c15"
+  rowId := "dce95a38-f55a-4d6a-ae79-078ffe4b5c15"
+  rowState := #[⟨"String", "String.toSlice", Declaration.def {
+    name := `String.toSlice
+    renderedStatement := "String.toSlice (s : String) : String.Slice"
+    isDeprecated := false
+  }
+⟩,⟨"string-pos-forwards", "String.Pos.toSlice", Declaration.def {
+    name := `String.Pos.toSlice
+    renderedStatement := "String.Pos.toSlice {s : String} (pos : s.Pos) : s.toSlice.Pos"
+    isDeprecated := false
+  }
+⟩,⟨"string-pos-backwards", "String.Pos.ofToSlice", Declaration.def {
+    name := `String.Pos.ofToSlice
+    renderedStatement := "String.Pos.ofToSlice {s : String} (pos : s.toSlice.Pos) : s.Pos"
+    isDeprecated := false
+  }
+⟩,]
+  metadata := {
+    status := .done
+    comment := ""
+  }
+def «005a3f30-5dab-493f-b168-32c36a2bdf7c» : AssociationTable.Fact .declaration where
+  widgetId := "slice-producing"
+  factId := "005a3f30-5dab-493f-b168-32c36a2bdf7c"
+  rowId := "005a3f30-5dab-493f-b168-32c36a2bdf7c"
+  rowState := #[⟨"String.Slice", "String.Slice.str", Declaration.def {
+    name := `String.Slice.str
+    renderedStatement := "String.Slice.str (self : String.Slice) : String"
+    isDeprecated := false
+  }
+⟩,⟨"string-slice-pos-forwards", "String.Slice.Pos.str", Declaration.def {
+    name := `String.Slice.Pos.str
+    renderedStatement := "String.Slice.Pos.str {s : String.Slice} (pos : s.Pos) : s.str.Pos"
+    isDeprecated := false
+  }
+⟩,⟨"string-slice-pos-backwards", "String.Slice.Pos.ofStr", Declaration.def {
+    name := `String.Slice.Pos.ofStr
+    renderedStatement := "String.Slice.Pos.ofStr {s : String.Slice} (pos : s.str.Pos) (h₁ : s.startInclusive ≤ pos)\n  (h₂ : pos ≤ s.endExclusive) : s.Pos"
+    isDeprecated := false
+  }
+⟩,]
+  metadata := {
+    status := .bad
+    comment := "Missing `no proof` version\n"
+  }
+def «5f1a154c-ae2f-43a1-9409-2ce95b163ef3» : AssociationTable.Fact .declaration where
+  widgetId := "slice-producing"
+  factId := "5f1a154c-ae2f-43a1-9409-2ce95b163ef3"
+  rowId := "5f1a154c-ae2f-43a1-9409-2ce95b163ef3"
+  rowState := #[⟨"String", "String.drop", Declaration.def {
+    name := `String.drop
+    renderedStatement := "String.drop (s : String) (n : Nat) : String.Slice"
+    isDeprecated := false
+  }
+⟩,⟨"String.Slice", "String.Slice.drop", Declaration.def {
+    name := `String.Slice.drop
+    renderedStatement := "String.Slice.drop (s : String.Slice) (n : Nat) : String.Slice"
+    isDeprecated := false
+  }
+⟩,]
+  metadata := {
+    status := .bad
+    comment := "Missing position transformations"
+  }
+def «179518d1-ad07-4b2b-8ffe-3b7616e4c4ab» : AssociationTable.Fact .declaration where
+  widgetId := "slice-producing"
+  factId := "179518d1-ad07-4b2b-8ffe-3b7616e4c4ab"
+  rowId := "179518d1-ad07-4b2b-8ffe-3b7616e4c4ab"
+  rowState := #[⟨"String", "String.take", Declaration.def {
+    name := `String.take
+    renderedStatement := "String.take (s : String) (n : Nat) : String.Slice"
+    isDeprecated := false
+  }
+⟩,⟨"String.Slice", "String.Slice.take", Declaration.def {
+    name := `String.Slice.take
+    renderedStatement := "String.Slice.take (s : String.Slice) (n : Nat) : String.Slice"
+    isDeprecated := false
+  }
+⟩,]
+  metadata := {
+    status := .bad
+    comment := "Missing position transformations"
+  }
+def «55c587fd-a7a8-4633-a4ae-e2c4e768ad28» : AssociationTable.Fact .declaration where
+  widgetId := "slice-producing"
+  factId := "55c587fd-a7a8-4633-a4ae-e2c4e768ad28"
+  rowId := "55c587fd-a7a8-4633-a4ae-e2c4e768ad28"
+  rowState := #[⟨"String", "String.dropWhile", Declaration.def {
+    name := `String.dropWhile
+    renderedStatement := "String.dropWhile {ρ : Type} (s : String) (pat : ρ) [String.Slice.Pattern.ForwardPattern pat] :\n  String.Slice"
+    isDeprecated := false
+  }
+⟩,⟨"String.Slice", "String.Slice.dropWhile", Declaration.def {
+    name := `String.Slice.dropWhile
+    renderedStatement := "String.Slice.dropWhile {ρ : Type} (s : String.Slice) (pat : ρ)\n  [String.Slice.Pattern.ForwardPattern pat] : String.Slice"
+    isDeprecated := false
+  }
+⟩,]
+  metadata := {
+    status := .bad
+    comment := "Missing position transformations"
+  }
+def «d4444684-4279-4400-9be2-561a7cdb32c1» : AssociationTable.Fact .declaration where
+  widgetId := "slice-producing"
+  factId := "d4444684-4279-4400-9be2-561a7cdb32c1"
+  rowId := "d4444684-4279-4400-9be2-561a7cdb32c1"
+  rowState := #[⟨"String", "String.takeWhile", Declaration.def {
+    name := `String.takeWhile
+    renderedStatement := "String.takeWhile {ρ : Type} (s : String) (pat : ρ) [String.Slice.Pattern.ForwardPattern pat] :\n  String.Slice"
+    isDeprecated := false
+  }
+⟩,⟨"String.Slice", "String.Slice.takeWhile", Declaration.def {
+    name := `String.Slice.takeWhile
+    renderedStatement := "String.Slice.takeWhile {ρ : Type} (s : String.Slice) (pat : ρ)\n  [String.Slice.Pattern.ForwardPattern pat] : String.Slice"
+    isDeprecated := false
+  }
+⟩,]
+  metadata := {
+    status := .bad
+    comment := "Missing position transformations"
+  }
+def «1c9e6689-65a0-4d4b-b001-256e83917d98» : AssociationTable.Fact .declaration where
+  widgetId := "slice-producing"
+  factId := "1c9e6689-65a0-4d4b-b001-256e83917d98"
+  rowId := "1c9e6689-65a0-4d4b-b001-256e83917d98"
+  rowState := #[⟨"String", "String.dropEndWhile", Declaration.def {
+    name := `String.dropEndWhile
+    renderedStatement := "String.dropEndWhile {ρ : Type} (s : String) (pat : ρ) [String.Slice.Pattern.BackwardPattern pat] :\n  String.Slice"
+    isDeprecated := false
+  }
+⟩,⟨"String.Slice", "String.Slice.dropEndWhile", Declaration.def {
+    name := `String.Slice.dropEndWhile
+    renderedStatement := "String.Slice.dropEndWhile {ρ : Type} (s : String.Slice) (pat : ρ)\n  [String.Slice.Pattern.BackwardPattern pat] : String.Slice"
+    isDeprecated := false
+  }
+⟩,]
+  metadata := {
+    status := .bad
+    comment := "Missing position transformations"
+  }
+def «b836052b-3470-4a8e-8989-6951c898de37» : AssociationTable.Fact .declaration where
+  widgetId := "slice-producing"
+  factId := "b836052b-3470-4a8e-8989-6951c898de37"
+  rowId := "b836052b-3470-4a8e-8989-6951c898de37"
+  rowState := #[⟨"String", "String.takeEndWhile", Declaration.def {
+    name := `String.takeEndWhile
+    renderedStatement := "String.takeEndWhile {ρ : Type} (s : String) (pat : ρ) [String.Slice.Pattern.BackwardPattern pat] :\n  String.Slice"
+    isDeprecated := false
+  }
+⟩,⟨"String.Slice", "String.Slice.takeEndWhile", Declaration.def {
+    name := `String.Slice.takeEndWhile
+    renderedStatement := "String.Slice.takeEndWhile {ρ : Type} (s : String.Slice) (pat : ρ)\n  [String.Slice.Pattern.BackwardPattern pat] : String.Slice"
+    isDeprecated := false
+  }
+⟩,]
+  metadata := {
+    status := .bad
+    comment := "Missing position transformations"
+  }
+def «5aa777d8-9642-43d8-9e20-30400fb8bb9d» : AssociationTable.Fact .declaration where
+  widgetId := "slice-producing"
+  factId := "5aa777d8-9642-43d8-9e20-30400fb8bb9d"
+  rowId := "5aa777d8-9642-43d8-9e20-30400fb8bb9d"
+  rowState := #[⟨"String", "String.dropPrefix", Declaration.def {
+    name := `String.dropPrefix
+    renderedStatement := "String.dropPrefix {ρ : Type} (s : String) (pat : ρ) [String.Slice.Pattern.ForwardPattern pat] :\n  String.Slice"
+    isDeprecated := false
+  }
+⟩,⟨"String.Slice", "String.Slice.dropPrefix", Declaration.def {
+    name := `String.Slice.dropPrefix
+    renderedStatement := "String.Slice.dropPrefix {ρ : Type} (s : String.Slice) (pat : ρ)\n  [String.Slice.Pattern.ForwardPattern pat] : String.Slice"
+    isDeprecated := false
+  }
+⟩,]
+  metadata := {
+    status := .bad
+    comment := "Missing position transformations"
+  }
+def «80e3869d-fcfe-459d-8433-fe221f7b3c7a» : AssociationTable.Fact .declaration where
+  widgetId := "slice-producing"
+  factId := "80e3869d-fcfe-459d-8433-fe221f7b3c7a"
+  rowId := "80e3869d-fcfe-459d-8433-fe221f7b3c7a"
+  rowState := #[⟨"String", "String.dropSuffix", Declaration.def {
+    name := `String.dropSuffix
+    renderedStatement := "String.dropSuffix {ρ : Type} (s : String) (pat : ρ) [String.Slice.Pattern.BackwardPattern pat] :\n  String.Slice"
+    isDeprecated := false
+  }
+⟩,⟨"String.Slice", "String.Slice.dropSuffix", Declaration.def {
+    name := `String.Slice.dropSuffix
+    renderedStatement := "String.Slice.dropSuffix {ρ : Type} (s : String.Slice) (pat : ρ)\n  [String.Slice.Pattern.BackwardPattern pat] : String.Slice"
+    isDeprecated := false
+  }
+⟩,]
+  metadata := {
+    status := .bad
+    comment := "Missing position transformations"
+  }
+def «4feda3e0-903b-4d52-b34e-0af70f7866e0» : AssociationTable.Fact .declaration where
+  widgetId := "slice-producing"
+  factId := "4feda3e0-903b-4d52-b34e-0af70f7866e0"
+  rowId := "4feda3e0-903b-4d52-b34e-0af70f7866e0"
+  rowState := #[⟨"String", "String.dropPrefix?", Declaration.def {
+    name := `String.dropPrefix?
+    renderedStatement := "String.dropPrefix? {ρ : Type} (s : String) (pat : ρ) [String.Slice.Pattern.ForwardPattern pat] :\n  Option String.Slice"
+    isDeprecated := false
+  }
+⟩,⟨"String.Slice", "String.Slice.dropPrefix?", Declaration.def {
+    name := `String.Slice.dropPrefix?
+    renderedStatement := "String.Slice.dropPrefix? {ρ : Type} (s : String.Slice) (pat : ρ)\n  [String.Slice.Pattern.ForwardPattern pat] : Option String.Slice"
+    isDeprecated := false
+  }
+⟩,]
+  metadata := {
+    status := .postponed
+    comment := "Missing position transformations"
+  }
+def «45ca44c8-fbd5-4400-8297-a60778f302b0» : AssociationTable.Fact .declaration where
+  widgetId := "slice-producing"
+  factId := "45ca44c8-fbd5-4400-8297-a60778f302b0"
+  rowId := "45ca44c8-fbd5-4400-8297-a60778f302b0"
+  rowState := #[⟨"String", "String.dropSuffix?", Declaration.def {
+    name := `String.dropSuffix?
+    renderedStatement := "String.dropSuffix? {ρ : Type} (s : String) (pat : ρ) [String.Slice.Pattern.BackwardPattern pat] :\n  Option String.Slice"
+    isDeprecated := false
+  }
+⟩,⟨"String.Slice", "String.Slice.dropSuffix?", Declaration.def {
+    name := `String.Slice.dropSuffix?
+    renderedStatement := "String.Slice.dropSuffix? {ρ : Type} (s : String.Slice) (pat : ρ)\n  [String.Slice.Pattern.BackwardPattern pat] : Option String.Slice"
+    isDeprecated := false
+  }
+⟩,]
+  metadata := {
+    status := .postponed
+    comment := "Missing position transformations"
+  }
+
+def table : AssociationTable.Data .declaration where
+  widgetId := "slice-producing"
+  rows := #[
+    ⟨"c8a13d6d-7ed6-4cd1-a386-23e2d55ce6f7", "slice", #[⟨"String", "String.slice"⟩,⟨"String.Slice", "String.Slice.slice"⟩,⟨"string-pos-forwards", "String.Pos.slice"⟩,⟨"string-pos-backwards", "String.Pos.ofSlice"⟩,⟨"string-slice-pos-forwards", "String.Slice.Pos.slice"⟩,⟨"string-slice-pos-backwards", "String.Slice.Pos.ofSlice"⟩,⟨"string-pos-noproof", "String.Pos.sliceOrPanic"⟩,⟨"string-slice-pos-noproof", "String.Slice.Pos.sliceOrPanic"⟩,]⟩,
+    ⟨"21b4fdfd-f8b3-44f5-a59e-57f1dc1d6819", "slice?", #[⟨"String", "String.slice?"⟩,⟨"String.Slice", "String.Slice.slice?"⟩,]⟩,
+    ⟨"6f2b6ecb-2f0c-4e45-9da3-eb7f2e15eff0", "slice!", #[⟨"String", "String.slice!"⟩,⟨"String.Slice", "String.Slice.slice!"⟩,⟨"string-pos-forwards", "String.Pos.slice!"⟩,⟨"string-pos-backwards", "String.Pos.ofSlice!"⟩,⟨"string-slice-pos-forwards", "String.Slice.Pos.slice!"⟩,⟨"string-slice-pos-backwards", "String.Slice.Pos.ofSlice!"⟩,]⟩,
+    ⟨"a3bdf66d-bc11-4019-aee9-2f1c1701de52", "trimAsciiStart", #[⟨"String", "String.trimAsciiStart"⟩,⟨"String.Slice", "String.Slice.trimAsciiStart"⟩,]⟩,
+    ⟨"f12b2730-7a4d-465c-8a6d-9d051c300fd5", "trimAsciiEnd", #[⟨"String", "String.trimAsciiEnd"⟩,⟨"String.Slice", "String.Slice.trimAsciiEnd"⟩,]⟩,
+    ⟨"32307b55-d6d1-4756-a947-dbe4dfde573c", "trimAscii", #[⟨"String", "String.trimAscii"⟩,⟨"String.Slice", "String.Slice.trimAscii"⟩,]⟩,
+    ⟨"dce95a38-f55a-4d6a-ae79-078ffe4b5c15", "toSlice", #[⟨"String", "String.toSlice"⟩,⟨"string-pos-forwards", "String.Pos.toSlice"⟩,⟨"string-pos-backwards", "String.Pos.ofToSlice"⟩,]⟩,
+    ⟨"005a3f30-5dab-493f-b168-32c36a2bdf7c", "str", #[⟨"String.Slice", "String.Slice.str"⟩,⟨"string-slice-pos-forwards", "String.Slice.Pos.str"⟩,⟨"string-slice-pos-backwards", "String.Slice.Pos.ofStr"⟩,]⟩,
+    ⟨"5f1a154c-ae2f-43a1-9409-2ce95b163ef3", "drop", #[⟨"String", "String.drop"⟩,⟨"String.Slice", "String.Slice.drop"⟩,]⟩,
+    ⟨"179518d1-ad07-4b2b-8ffe-3b7616e4c4ab", "take", #[⟨"String", "String.take"⟩,⟨"String.Slice", "String.Slice.take"⟩,]⟩,
+    ⟨"55c587fd-a7a8-4633-a4ae-e2c4e768ad28", "dropWhile", #[⟨"String", "String.dropWhile"⟩,⟨"String.Slice", "String.Slice.dropWhile"⟩,]⟩,
+    ⟨"d4444684-4279-4400-9be2-561a7cdb32c1", "takeWhile", #[⟨"String", "String.takeWhile"⟩,⟨"String.Slice", "String.Slice.takeWhile"⟩,]⟩,
+    ⟨"1c9e6689-65a0-4d4b-b001-256e83917d98", "dropEndWhile", #[⟨"String", "String.dropEndWhile"⟩,⟨"String.Slice", "String.Slice.dropEndWhile"⟩,]⟩,
+    ⟨"b836052b-3470-4a8e-8989-6951c898de37", "takeEndWhile", #[⟨"String", "String.takeEndWhile"⟩,⟨"String.Slice", "String.Slice.takeEndWhile"⟩,]⟩,
+    ⟨"5aa777d8-9642-43d8-9e20-30400fb8bb9d", "dropPrefix", #[⟨"String", "String.dropPrefix"⟩,⟨"String.Slice", "String.Slice.dropPrefix"⟩,]⟩,
+    ⟨"80e3869d-fcfe-459d-8433-fe221f7b3c7a", "dropSuffix", #[⟨"String", "String.dropSuffix"⟩,⟨"String.Slice", "String.Slice.dropSuffix"⟩,]⟩,
+    ⟨"4feda3e0-903b-4d52-b34e-0af70f7866e0", "dropPrefix?", #[⟨"String", "String.dropPrefix?"⟩,⟨"String.Slice", "String.Slice.dropPrefix?"⟩,]⟩,
+    ⟨"45ca44c8-fbd5-4400-8297-a60778f302b0", "dropSuffix?", #[⟨"String", "String.dropSuffix?"⟩,⟨"String.Slice", "String.Slice.dropSuffix?"⟩,]⟩,
+  ]
+  facts := #[
+    «c8a13d6d-7ed6-4cd1-a386-23e2d55ce6f7»,
+    «21b4fdfd-f8b3-44f5-a59e-57f1dc1d6819»,
+    «6f2b6ecb-2f0c-4e45-9da3-eb7f2e15eff0»,
+    «a3bdf66d-bc11-4019-aee9-2f1c1701de52»,
+    «f12b2730-7a4d-465c-8a6d-9d051c300fd5»,
+    «32307b55-d6d1-4756-a947-dbe4dfde573c»,
+    «dce95a38-f55a-4d6a-ae79-078ffe4b5c15»,
+    «005a3f30-5dab-493f-b168-32c36a2bdf7c»,
+    «5f1a154c-ae2f-43a1-9409-2ce95b163ef3»,
+    «179518d1-ad07-4b2b-8ffe-3b7616e4c4ab»,
+    «55c587fd-a7a8-4633-a4ae-e2c4e768ad28»,
+    «d4444684-4279-4400-9be2-561a7cdb32c1»,
+    «1c9e6689-65a0-4d4b-b001-256e83917d98»,
+    «b836052b-3470-4a8e-8989-6951c898de37»,
+    «5aa777d8-9642-43d8-9e20-30400fb8bb9d»,
+    «80e3869d-fcfe-459d-8433-fe221f7b3c7a»,
+    «4feda3e0-903b-4d52-b34e-0af70f7866e0»,
+    «45ca44c8-fbd5-4400-8297-a60778f302b0»,
+  ]
+
+def restoreState : RestoreStateM Unit := do
+  addAssociationTable table

doc/std/grove/GroveStdlib/Std.lean

@@ -15,7 +15,7 @@ namespace GroveStdlib
 namespace Std
 
 def introduction : Node :=
-  .text "Welcome to the interactive Lean standard library outline!"
+  .text ⟨"introduction", "Welcome to the interactive Lean standard library outline!"⟩
 
 end Std
 

doc/std/grove/GroveStdlib/Std/CoreTypesAndOperations/StringsAndFormatting.lean

@@ -11,9 +11,87 @@ namespace GroveStdlib.Std.CoreTypesAndOperations
 
 namespace StringsAndFormatting
 
+open Lean Meta
+
+def introduction : Text where
+  id := "string-introduction"
+  content := Grove.Markdown.render [
+    .h1 "The Lean string library",
+    .text "The Lean standard library contains a fully-featured string library, centered around the types `String` and `String.Slice`.",
+    .text "`String` is defined as the subtype of `ByteArray` of valid UTF-8 strings. A `String.Slice` is a `String` together with a start and end position.",
+    .text "`String` is equivalent to `List Char`, but it has a more efficient runtime representation. While the logical model based on `ByteArray` is overwritten in the runtime, the runtime implementation is very similar to the logical model, with the main difference being that the length of a string in Unicode code points is cached in the runtime implementation.",
+    .text "We are considering removing this feature in the future (i.e., deprecating `String.length`), as the number of UTF-8 codepoints in a string is not particularly useful, and if needed it can be computed in linear time using `s.positions.count`."
+  ]
+
+def highLevelStringTypes : List Lean.Name :=
+  [`String, `String.Slice, `String.Pos, `String.Slice.Pos]
+
+def creatingStringsAndSlices : Text where
+  id := "transforming-strings-and-slices"
+  content := Grove.Markdown.render [
+    .h2 "Transforming strings and slices",
+    .text "The Lean standard library contains a number of functions that take one or more strings and slices and return a string or a slice.",
+    .text "If possible, these functions should avoid allocating a new string, and return a slice of their input(s) instead.",
+    .text "Usually, for every operation `f`, there will be functions `String.f` and `String.Slice.f`, where `String.f s` is defined as `String.Slice.f s.toSlice`.",
+    .text "In particular, functions that transform strings and slices should live in the `String` and `String.Slice` namespaces even if they involve a `String.Pos`/`String.Slice.Pos` (like `String.sliceTo`), for reasons that will become clear shortly.",
+
+    .h3 "Transforming positions",
+    .text "Since positions on strings and slices are dependent on the string or slice, whenever users transform a string/slice, they will be interested in interpreting positions on the original string/slice as positions on the result, or vice versa.",
+    .text "Consequently, every operation that transforms a string or slice should come with a corresponding set of transformations between positions, usually in both directions, possibly with one of the directions being conditional.",
+    .text "For example, given a string `s` and a position `p` on `s`, we have the slice `s.sliceFrom p`, which is the slice from `p` to the end of `s`. A position on `s.sliceFrom p` can always be interpreted as a position on `s`. This is the \"backwards\" transformation. Conversely, a position `q` on `s` can be interpreted as a position on `s.sliceFrom p` as long as `p ≤ q`. This is the conditional forwards direction.",
+    .text "The convention for naming these transformations is that the forwards transformation should have the same name as the transformation on strings/slices, but it should be located in the `String.Pos` or `String.Slice.Pos` namespace, depending on the type of the starting position (so that dot notation is possible for the forward direction). The backwards transformation should have the same name as the operation on strings/slices, but with an `of` prefix, and live in the same namespace as the forwards transformation (so in general dot notation will not be available).",
+    .text "So, in the `sliceFrom` example, the forward direction would be called `String.Pos.sliceFrom`, while the backwards direction should be called `String.Pos.ofSliceFrom` (not `String.Slice.Pos.ofSliceFrom`).",
+    .text "If one of the directions is conditional, it should have a corresponding panicking operation that does not require a proof; in our example this would be `String.Pos.sliceFrom!`.",
+    .text "Sometimes there is a name clash for the panicking operations if the operation on strings is already panicking. For example, there are both `String.slice` and `String.slice!`. If the original operation is already panicking, we only provide panicking transformation operations. But now `String.Pos.slice!` could refer both to the panicking forwards transformation associated with `String.slice`, and also to the (only) forwards transformation associated with `String.slice!`. In this situation, we use an `orPanic` suffix to disambiguate. So the panicking forwards operation associated with `String.slice` is called `String.Pos.sliceOrPanic`, and the forwards operation associated with `String.slice!` is called `String.Pos.slice!`."
+  ]
+
+-- TODO: also include the `HAppend` instance(s)
+def sliceProducing : AssociationTable (β := Alias Lean.Name) .declaration
+    [`String, `String.Slice,
+     Alias.mk `String.Pos "string-pos-forwards" "String.Pos (forwards)",
+     Alias.mk `String.Pos "string-pos-backwards" "String.Pos (backwards)",
+     Alias.mk `String.Pos "string-pos-noproof" "String.Pos (no proof)",
+     Alias.mk `String.Slice.Pos "string-slice-pos-forwards" "String.Slice.Pos (forwards)",
+     Alias.mk `String.Slice.Pos "string-slice-pos-backwards" "String.Slice.Pos (backwards)",
+     Alias.mk `String.Slice.Pos "string-slice-pos-noproof" "String.Slice.Pos (no proof)"] where
+  id := "slice-producing"
+  title := "String functions returning strings or slices"
+  description := "Operations on strings and string slices that themselves return a new string slice."
+  dataSources n := DataSource.definitionsInNamespace n.inner
+
+def sliceProducingComplete : Assertion where
+  widgetId := "slice-producing-complete"
+  title := "Slice-producing table is complete"
+  description := "All functions in the `String.**` namespace that return a string or a slice are covered in the table"
+  check := do
+    let mut ans := #[]
+    let covered := Std.HashSet.ofArray (← valuesInAssociationTable sliceProducing)
+    let pred : DataSource.DeclarationPredicate :=
+      DataSource.DeclarationPredicate.all [.isDefinition, .not .isDeprecated,
+        .notInNamespace `String.Pos.Raw, .notInNamespace `String.Legacy,
+        .not .isInstance]
+    let env ← getEnv
+    for name in ← declarationsMatching `String pred do
+      let some c := env.find? name | continue
+      if c.type.getForallBody.getUsedConstants.any (fun n => n == ``String || n == ``String.Slice) then
+        let success : Bool := name.toString ∈ covered
+        ans := ans.push {
+          assertionId := name.toString
+          description := s!"`{name}` should appear in the table."
+          passed := success
+          message := s!"`{name}` was{if success then "" else " not"} found in the table."
+        }
+    return ans
+
 end StringsAndFormatting
 
-def stringsAndFormatting : Node :=
-  .section "strings-and-formatting" "Strings and formatting" #[]
+open StringsAndFormatting
 
-end GroveStdlib.Std.CoreTypesAndOperations
+def stringsAndFormatting : Node :=
+  .section "strings-and-formatting" "Strings and formatting"
+    #[.text introduction,
+      .text creatingStringsAndSlices,
+      .associationTable sliceProducing,
+      .assertion sliceProducingComplete]
+
+end GroveStdlib.Std.CoreTypesAndOperations

doc/std/grove/lake-manifest.json

@@ -5,7 +5,7 @@
    "type": "git",
    "subDir": "backend",
    "scope": "",
-   "rev": "3e8aabdea58c11813c5d3b7eeb187ded44ee9a34",
+   "rev": "c580a425c9b7fa2aebaec2a1d8de16b2e2283c40",
    "name": "grove",
    "manifestFile": "lake-manifest.json",
    "inputRev": "master",
@@ -15,10 +15,10 @@
    "type": "git",
    "subDir": null,
    "scope": "leanprover",
-   "rev": "1604206fcd0462da9a241beeac0e2df471647435",
+   "rev": "d9fc8ae23024be37424a189982c92356e37935c8",
    "name": "Cli",
    "manifestFile": "lake-manifest.json",
-   "inputRev": "main",
+   "inputRev": "nightly-testing",
    "inherited": true,
    "configFile": "lakefile.toml"}],
  "name": "grovestdlib",

releases_drafts/module-system.md

@@ -0,0 +1,54 @@
+This release introduces the Lean module system, which allows files to
+control the visibility of their contents for other files. In previous
+releases, this feature was available as a preview when the option
+`experimental.module` was set to `true`; it is now a fully supported
+feature of Lean.
+
+# Benefits
+
+Because modules reduce the amount of information exposed to other
+code, they speed up rebuilds because irrelevant changes can be
+ignored, they make it possible to be deliberate about API evolution by
+hiding details that may change from clients, they help proofs be
+checked faster by avoiding accidentally unfolding definitions, and
+they lead to smaller executable files through improved dead code
+elimination.
+
+# Visibility
+
+A source file is a module if it begins with the `module` keyword.  By
+default, declarations in a module are private; the `public` modifier
+exports them. Proofs of theorems and bodies of definitions are private
+by default even when their signatures are public; the bodies of
+definitions can be made public by adding the `@[expose]`
+attribute. Theorems and opaque constants never expose their bodies.
+
+`public section` and `@[expose] section` change the default visibility
+of declarations in the section.
+
+# Imports
+
+Modules may only import other modules. By default, `import` adds the
+public information of the imported module to the private scope of the
+current module. Adding the `public` modifier to an import places the
+imported modules's public information in the public scope of the
+current module, exposing it in turn to the current module's clients.
+
+Within a package, `import all` can be used to import another module's
+private scope into the current module; this can be used to separate
+lemmas or tests from definition modules without exposing details to
+downstream clients.
+
+# Meta Code
+
+Code used in metaprograms must be marked `meta`. This ensures that the
+code is compiled and available for execution when it is needed during
+elaboration. Meta code may only reference other meta code. A whole
+module can be made available in the meta phase using `meta import`;
+this allows code to be shared across phases by importing the module in
+each phase. Code that is reachable from public metaprograms must be
+imported via `public meta import`, while local metaprograms can use
+plain `meta import` for their dependencies.
+
+
+The module system is described in detail in [the Lean language reference](https://lean-reference-manual-review.netlify.app/find/?domain=Verso.Genre.Manual.section&name=files).

script/Shake.lean

@@ -3,16 +3,21 @@ Copyright (c) 2023 Mario Carneiro. All rights reserved.
 Released under Apache 2.0 license as described in the file LICENSE.
 Authors: Mario Carneiro, Sebastian Ullrich
 -/
-import Lake.CLI.Main
+module
+
+import Lean.Environment
 import Lean.ExtraModUses
 
-/-! # `lake exe shake` command
+import Lake.CLI.Main
+import Lean.Parser.Module
+import Lake.Load.Workspace
+
+/-! # Shake: A Lean import minimizer
 
 This command will check the current project (or a specified target module) and all dependencies for
 unused imports. This works by looking at generated `.olean` files to deduce required imports and
 ensuring that every import is used to contribute some constant or other elaboration dependency
-recorded by `recordExtraModUse`. Because recompilation is not needed this is quite fast (about 8
-seconds to check `Mathlib` and all dependencies).
+recorded by `recordExtraModUse` and friends.
 -/
 
 /-- help string for the command line interface -/
@@ -28,13 +33,83 @@ Options:
   --force
     Skips the `lake build --no-build` sanity check
 
+  --keep-implied
+    Preserves existing imports that are implied by other imports and thus not technically needed
+    anymore
+
+  --keep-prefix
+    If an import `X` would be replaced in favor of a more specific import `X.Y...` it implies,
+    preserves the original import instead. More generally, prefers inserting `import X` even if it
+    was not part of the original imports as long as it was in the original transitive import closure
+    of the current module.
+
+  --keep-public
+    Preserves all `public` imports to avoid breaking changes for external downstream modules
+
+  --add-public
+    Adds new imports as `public` if they have been in the original public closure of that module.
+    In other words, public imports will not be removed from a module unless they are unused even
+    in the private scope, and those that are removed will be re-added as `public` in downstream
+    modules even if only needed in the private scope there. Unlike `--keep-public`, this may
+    introduce breaking changes but will still limit the number of inserted imports.
+
+  --explain
+    Gives constants explaining why each module is needed
+
   --fix
     Apply the suggested fixes directly. Make sure you have a clean checkout
     before running this, so you can review the changes.
+
+  --gh-style
+    Outputs messages that can be parsed by `gh-problem-matcher-wrap`
+
+Annotations:
+  The following annotations can be added to Lean files in order to configure the behavior of
+  `shake`. Only the substring `shake: ` directly followed by a directive is checked for, so multiple
+  directives can be mixed in one line such as `-- shake: keep-downstream, shake: keep-all`, and they
+  can be surrounded by arbitrary comments such as `-- shake: keep (metaprogram output dependency)`.
+
+  * `module -- shake: keep-downstream`:
+    Preserves this module in all (current) downstream modules, adding new imports of it if needed.
+
+  * `module -- shake: keep-all`:
+    Preserves all existing imports in this module as is. New imports now needed because of upstream
+    changes may still be added.
+
+  * `import X -- shake: keep`:
+    Preserves this specific import in the current module. The most common use case is to preserve a
+    public import that will be needed in downstream modules to make sense of the output of a
+    metaprogram defined in this module. For example, if a tactic is defined that may synthesize a
+    reference to a theorem when run, there is no way for `shake` to detect this by itself and the
+    module of that theorem should be publicly imported and annotated with `keep` in the tactic's
+    module.
+    ```
+    public import X  -- shake: keep (metaprogram output dependency)
+
+    ...
+
+    elab \"my_tactic\" : tactic => do
+      ... mkConst ``f -- `f`, defined in `X`, may appear in the output of this tactic
+    ```
 "
 
 open Lean
 
+/-- The parsed CLI arguments. See `help` for more information -/
+structure Args where
+  help : Bool := false
+  keepImplied : Bool := false
+  keepPrefix : Bool := false
+  keepPublic : Bool := false
+  addPublic : Bool := false
+  force : Bool := false
+  githubStyle : Bool := false
+  explain : Bool := false
+  trace : Bool := false
+  fix : Bool := false
+  /-- `<MODULE>..`: the list of root modules to check -/
+  mods : Array Name := #[]
+
 /-- We use `Nat` as a bitset for doing efficient set operations.
 The bit indexes will usually be a module index. -/
 structure Bitset where
@@ -88,7 +163,7 @@ def ofImport : Lean.Import → NeedsKind
 
 end NeedsKind
 
-/-- Logically, a map `NeedsKind → Bitset`. -/
+/-- Logically, a map `NeedsKind → Set ModuleIdx`, or `Set Import`. -/
 structure Needs where
   pub : Bitset
   priv : Bitset
@@ -124,6 +199,20 @@ def Needs.union (needs : Needs) (k : NeedsKind) (s : Bitset) : Needs :=
 def Needs.sub (needs : Needs) (k : NeedsKind) (s : Bitset) : Needs :=
   needs.modify k (fun s' => s' ^^^ (s' ∩ s))
 
+instance : Union Needs where
+  union a b := {
+    pub := a.pub ∪ b.pub
+    priv := a.priv ∪ b.priv
+    metaPub := a.metaPub ∪ b.metaPub
+    metaPriv := a.metaPriv ∪ b.metaPriv }
+
+/-- The list of edits that will be applied in `--fix`. `edits[i] = (removed, added)` where:
+
+* If `j ∈ removed` then we want to delete module named `j` from the imports of `i`
+* If `j ∈ added` then we want to add module index `j` to the imports of `i`.
+-/
+abbrev Edits := Std.HashMap Name (Array Import × Array Import)
+
 /-- The main state of the checker, containing information on all loaded modules. -/
 structure State where
   env  : Environment
@@ -143,6 +232,10 @@ structure State where
   changes to upstream headers.
   -/
   transDepsOrig : Array Needs := #[]
+  /-- Modules that should always be preserved downstream. -/
+  preserve : Needs := default
+  /-- Edits to be applied to the module imports. -/
+  edits : Edits := {}
 
 def State.mods (s : State) := s.env.header.moduleData
 def State.modNames (s : State) := s.env.header.moduleNames
@@ -185,13 +278,36 @@ def addTransitiveImps (transImps : Needs) (imp : Import) (j : Nat) (impTransImps
 
   transImps
 
+def isDeclMeta' (env : Environment) (declName : Name) : Bool :=
+  -- Matchers are not compiled by themselves but inlined by the compiler, so there is no IR decl
+  -- to be tagged as `meta`.
+  -- TODO: It would be better to base the entire `meta` inference on the IR only and consider module
+  -- references from any other context as compatible with both phases.
+  let inferFor :=
+    if declName.isStr && (declName.getString!.startsWith "match_" || declName.getString! == "_unsafe_rec") then declName.getPrefix else declName
+  isDeclMeta env inferFor
+
+/--
+Given an `Expr` reference, returns the declaration name that should be considered the reference, if
+any.
+-/
+def getDepConstName? (env : Environment) (ref : Name) : Option Name := do
+  -- Ignore references to reserved names, they can be re-generated in-place
+  guard <| !isReservedName env ref
+  -- `_simp_...` constants are similar, use base decl instead
+  return if ref.isStr && ref.getString!.startsWith "_simp_" then
+    ref.getPrefix
+  else
+    ref
+
 /-- Calculates the needs for a given module `mod` from constants and recorded extra uses. -/
-def calcNeeds (env : Environment) (i : ModuleIdx) : Needs := Id.run do
+def calcNeeds (s : State) (i : ModuleIdx) : Needs := Id.run do
+  let env := s.env
   let mut needs := default
   for ci in env.header.moduleData[i]!.constants do
     -- Added guard for cases like `structure` that are still exported even if private
     let pubCI? := guard (!isPrivateName ci.name) *> (env.setExporting true).find? ci.name
-    let k := { isExported := pubCI?.isSome, isMeta := isMeta env ci.name }
+    let k := { isExported := pubCI?.isSome, isMeta := isDeclMeta' env ci.name }
     needs := visitExpr k ci.type needs
     if let some e := ci.value? (allowOpaque := true) then
       -- type and value has identical visibility under `meta`
@@ -206,12 +322,19 @@ def calcNeeds (env : Environment) (i : ModuleIdx) : Needs := Id.run do
   return needs
 where
   /-- Accumulate the results from expression `e` into `deps`. -/
-  visitExpr (k : NeedsKind) e deps :=
-    Lean.Expr.foldConsts e deps fun c deps => match env.getModuleIdxFor? c with
-      | some j =>
-        let k := { k with isMeta := k.isMeta && !isMeta env c }
-        if j != i then deps.union k {j} else deps
-      | _ => deps
+  visitExpr (k : NeedsKind) (e : Expr) (deps : Needs) : Needs :=
+    let env := s.env
+    Lean.Expr.foldConsts e deps fun c deps => Id.run do
+      let mut deps := deps
+      if let some c := getDepConstName? env c then
+        if let some j := env.getModuleIdxFor? c then
+          let k := { k with isMeta := k.isMeta && !isDeclMeta' env c }
+          if j != i then
+            deps := deps.union k {j}
+            for indMod in (indirectModUseExt.getState env)[c]?.getD #[] do
+              if s.transDeps[i]!.has k indMod then
+                deps := deps.union k {indMod}
+      return deps
 
 /--
 Calculates the same as `calcNeeds` but tracing each module to a use-def declaration pair or
@@ -223,7 +346,7 @@ def getExplanations (env : Environment) (i : ModuleIdx) :
   for ci in env.header.moduleData[i]!.constants do
     -- Added guard for cases like `structure` that are still exported even if private
     let pubCI? := guard (!isPrivateName ci.name) *> (env.setExporting true).find? ci.name
-    let k := { isExported := pubCI?.isSome, isMeta := isMeta env ci.name }
+    let k := { isExported := pubCI?.isSome, isMeta := isDeclMeta' env ci.name }
     deps := visitExpr k ci.name ci.type deps
     if let some e := ci.value? (allowOpaque := true) then
       let k := if k.isMeta then k else
@@ -239,18 +362,18 @@ def getExplanations (env : Environment) (i : ModuleIdx) :
 where
   /-- Accumulate the results from expression `e` into `deps`. -/
   visitExpr (k : NeedsKind) name e deps :=
-    Lean.Expr.foldConsts e deps fun c deps => match env.getModuleIdxFor? c with
-      | some i =>
-        let k := { k with isMeta := k.isMeta && !isMeta env c }
-        if
-          if let some (some (name', _)) := deps[(i, k)]? then
-            decide (name.toString.length < name'.toString.length)
-          else true
-        then
-          deps.insert (i, k) (name, c)
-        else
-          deps
-      | _ => deps
+    Lean.Expr.foldConsts e deps fun c deps => Id.run do
+      let mut deps := deps
+      if let some c := getDepConstName? env c then
+        if let some j := env.getModuleIdxFor? c then
+          let k := { k with isMeta := k.isMeta && !isDeclMeta' env c }
+          if
+            if let some (some (name', _)) := deps[(j, k)]? then
+              decide (name.toString.length < name'.toString.length)
+            else true
+          then
+            deps := deps.insert (j, k) (name, c)
+      return deps
 
 partial def initStateFromEnv (env : Environment) : State := Id.run do
   let mut s := { env }
@@ -266,13 +389,6 @@ partial def initStateFromEnv (env : Environment) : State := Id.run do
   s := { s with transDepsOrig := s.transDeps }
   return s
 
-/-- The list of edits that will be applied in `--fix`. `edits[i] = (removed, added)` where:
-
-* If `j ∈ removed` then we want to delete module named `j` from the imports of `i`
-* If `j ∈ added` then we want to add module index `j` to the imports of `i`.
--/
-abbrev Edits := Std.HashMap Name (Array Import × Array Import)
-
 /-- Register that we want to remove `tgt` from the imports of `src`. -/
 def Edits.remove (ed : Edits) (src : Name) (tgt : Import) : Edits :=
   match ed.get? src with
@@ -291,8 +407,8 @@ Returns `(path, inputCtx, imports, endPos)` where `imports` is the `Lean.Parser.
 and `endPos` is the position of the end of the header.
 -/
 def parseHeaderFromString (text path : String) :
-    IO (System.FilePath × Parser.InputContext ×
-      TSyntax ``Parser.Module.header × String.Pos.Raw) := do
+    IO (System.FilePath × (ictx : Parser.InputContext) ×
+      TSyntax ``Parser.Module.header × String.Pos ictx.fileMap.source) := do
   let inputCtx := Parser.mkInputContext text path
   let (header, parserState, msgs) ← Parser.parseHeader inputCtx
   if !msgs.toList.isEmpty then -- skip this file if there are parse errors
@@ -300,8 +416,8 @@ def parseHeaderFromString (text path : String) :
     throw <| .userError "parse errors in file"
   -- the insertion point for `add` is the first newline after the imports
   let insertion := header.raw.getTailPos?.getD parserState.pos
-  let insertion := text.findAux (· == '\n') text.endPos insertion + '\n'
-  pure (path, inputCtx, header, insertion)
+  let insertion := inputCtx.fileMap.source.pos! insertion |>.find (· == '\n') |>.next!
+  pure ⟨path, inputCtx, header, insertion⟩
 
 /-- Parse a source file to extract the location of the import lines, for edits and error messages.
 
@@ -309,8 +425,8 @@ Returns `(path, inputCtx, imports, endPos)` where `imports` is the `Lean.Parser.
 and `endPos` is the position of the end of the header.
 -/
 def parseHeader (srcSearchPath : SearchPath) (mod : Name) :
-    IO (System.FilePath × Parser.InputContext ×
-      TSyntax ``Parser.Module.header × String.Pos.Raw) := do
+    IO (System.FilePath × (ictx : Parser.InputContext) ×
+      TSyntax ``Parser.Module.header × String.Pos ictx.fileMap.source) := do
   -- Parse the input file
   let some path ← srcSearchPath.findModuleWithExt "lean" mod
     | throw <| .userError s!"error: failed to find source file for {mod}"
@@ -320,7 +436,7 @@ def parseHeader (srcSearchPath : SearchPath) (mod : Name) :
 def decodeHeader : TSyntax ``Parser.Module.header → Option (TSyntax `module) × Option (TSyntax `prelude) × TSyntaxArray ``Parser.Module.import
   | `(Parser.Module.header| $[module%$moduleTk?]? $[prelude%$preludeTk?]? $imports*) =>
     (moduleTk?.map .mk, preludeTk?.map .mk, imports)
-  | _ => unreachable!
+  | stx => panic! s!"unexpected header syntax {stx}"
 
 def decodeImport : TSyntax ``Parser.Module.import → Import
   | `(Parser.Module.import| $[public%$pubTk?]? $[meta%$metaTk?]? import $[all%$allTk?]? $id) =>
@@ -329,73 +445,174 @@ def decodeImport : TSyntax ``Parser.Module.import → Import
 
 /-- Analyze and report issues from module `i`. Arguments:
 
+* `pkg`: the first component of the module name
 * `srcSearchPath`: Used to find the path for error reporting purposes
 * `i`: the module index
 * `needs`: the module's calculated needs
-* `pinned`: dependencies that should be preserved even if unused
-* `edits`: accumulates the list of edits to apply if `--fix` is true
 * `addOnly`: if true, only add missing imports, do not remove unused ones
 -/
-def visitModule (srcSearchPath : SearchPath)
-    (i : Nat) (needs : Needs) (preserve : Needs) (edits : Edits) (headerStx : TSyntax ``Parser.Module.header)
-    (addOnly := false) (githubStyle := false) (explain := false) : StateT State IO Edits := do
+def visitModule (pkg : Name) (srcSearchPath : SearchPath)
+    (i : Nat) (needs : Needs) (headerStx : TSyntax ``Parser.Module.header) (args : Args)
+    (addOnly := false) : StateT State IO Unit := do
+  if isExtraRevModUse (← get).env i then
+    modify fun s => { s with preserve := s.preserve.union (if args.addPublic then .pub else .priv) {i} }
+    if args.trace then
+      IO.eprintln s!"Preserving `{(← get).modNames[i]!}` because of recorded extra rev use"
+
+  -- only process modules in the selected package
+  -- TODO: should be after `keep-downstream` but core headers are not found yet?
+  if !pkg.isPrefixOf (← get).modNames[i]! then
+    return
+
+  let (module?, prelude?, imports) := decodeHeader headerStx
+  if module?.any (·.raw.getTrailing?.any (·.toString.contains "shake: keep-downstream")) then
+    modify fun s => { s with preserve := s.preserve.union (if args.addPublic then .pub else .priv) {i} }
+
   let s ← get
-  -- Do transitive reduction of `needs` in `deps`.
+
+  let addOnly := addOnly || module?.any (·.raw.getTrailing?.any (·.toString.contains "shake: keep-all"))
   let mut deps := needs
-  let (_, prelude?, imports) := decodeHeader headerStx
+
+  -- Add additional preserved imports
+  for impStx in imports do
+    let imp := decodeImport impStx
+    let j := s.env.getModuleIdx? imp.module |>.get!
+    let k := NeedsKind.ofImport imp
+    if addOnly ||
+        args.keepPublic && imp.isExported ||
+        impStx.raw.getTrailing?.any (·.toString.contains "shake: keep") then
+      deps := deps.union k {j}
+      if args.trace then
+        IO.eprintln s!"Adding `{imp}` as additional dependency"
+  for j in [0:s.mods.size] do
+    for k in NeedsKind.all do
+      -- Remove `meta` while preserving, no use-case for preserving `meta` so far.
+      -- Downgrade to private unless `--add-public` is used.
+      if s.transDepsOrig[i]!.has k j &&
+          (s.preserve.has { k with isMeta := false, isExported := false } j ||
+           s.preserve.has { k with isMeta := false, isExported := true } j) then
+        deps := deps.union { k with isMeta := false, isExported := k.isExported && args.addPublic } {j}
+
+  -- Do transitive reduction of `needs` in `deps`.
+  if !addOnly then
+    for j in [0:s.mods.size] do
+      let transDeps := s.transDeps[j]!
+      for k in NeedsKind.all do
+        if deps.has k j then
+          let transDeps := addTransitiveImps .empty { k with module := .anonymous } j transDeps
+          for k' in NeedsKind.all do
+            deps := deps.sub k' (transDeps.sub k' {j} |>.get k')
+
   if prelude?.isNone then
     deps := deps.union .pub {s.env.getModuleIdx? `Init |>.get!}
-  for imp in imports do
-    if addOnly || imp.raw.getTrailing?.any (·.toString.toSlice.contains "shake: keep") then
-      let imp := decodeImport imp
-      let j := s.env.getModuleIdx? imp.module |>.get!
-      let k := NeedsKind.ofImport imp
-      deps := deps.union k {j}
-  for j in [0:s.mods.size] do
-    let transDeps := s.transDeps[j]!
-    for k in NeedsKind.all do
-      if s.transDepsOrig[i]!.has k j && preserve.has k j then
-        deps := deps.union k {j}
-      if deps.has k j then
-        let transDeps := addTransitiveImps .empty { k with module := .anonymous } j transDeps
-        for k' in NeedsKind.all do
-          deps := deps.sub k' (transDeps.sub k' {j} |>.get k')
 
-  -- Any import which is not in `transDeps` was unused.
-  -- Also accumulate `newDeps` which is the transitive closure of the remaining imports
-  let mut toRemove : Array Import := #[]
-  let mut newDeps := Needs.empty
+  -- Accumulate `transDeps` which is the non-reflexive transitive closure of the still-live imports
+  let mut transDeps := Needs.empty
+  let mut alwaysAdd : Array Import := #[]  -- to be added even if implied by other imports
   for imp in s.mods[i]!.imports do
     let j := s.env.getModuleIdx? imp.module |>.get!
-    if
-        -- skip folder-nested imports
-        s.modNames[i]!.isPrefixOf imp.module ||
-        imp.importAll then
-      newDeps := addTransitiveImps newDeps imp j s.transDeps[j]!
-    else
-      let k := NeedsKind.ofImport imp
-      -- A private import should also be removed if the public version is needed
-      if !deps.has k j || !k.isExported && deps.has { k with isExported := true } j then
-        toRemove := toRemove.push imp
-      else
-        newDeps := addTransitiveImps newDeps imp j s.transDeps[j]!
+    let k := NeedsKind.ofImport imp
+    if deps.has k j || imp.importAll then
+      transDeps := addTransitiveImps transDeps imp j s.transDeps[j]!
+      deps := deps.union k {j}
+    -- skip folder-nested `public (meta)? import`s but remove `meta`
+    else if s.modNames[i]!.isPrefixOf imp.module then
+      let imp := { imp with isMeta := false }
+      let k := { k with isMeta := false }
+      if args.trace then
+        IO.eprintln s!"`{imp}` is preserved as folder-nested import"
+      transDeps := addTransitiveImps transDeps imp j s.transDeps[j]!
+      deps := deps.union k {j}
+      if !s.mods[i]!.imports.contains imp then
+        alwaysAdd := alwaysAdd.push imp
 
-  -- If `newDeps` does not cover `deps`, then we have to add back some imports until it does.
+  -- If `transDeps` does not cover `deps`, then we have to add back some imports until it does.
   -- To minimize new imports we pick only new imports which are not transitively implied by
-  -- another new import
+  -- another new import, so we visit module indices in descending order.
+  let mut keptPrefix := false
+  let mut newTransDeps := transDeps
   let mut toAdd : Array Import := #[]
-  for j in [0:s.mods.size] do
+  for j in (0...s.mods.size).toArray.reverse do
     for k in NeedsKind.all do
-      if deps.has k j && !newDeps.has k j && !newDeps.has { k with isExported := true } j then
-        let imp := { k with module := s.modNames[j]! }
-        toAdd := toAdd.push imp
-        newDeps := addTransitiveImps newDeps imp j s.transDeps[j]!
+      if deps.has k j && !newTransDeps.has k j && !newTransDeps.has { k with isExported := true } j then
+        -- `add-public/keep-prefix` may change the import and even module we're considering
+        let mut k := k
+        let mut imp : Import := { k with module := s.modNames[j]! }
+        let mut j := j
+        if args.trace then
+          IO.eprintln s!"`{imp}` is needed"
+        if args.addPublic && !k.isExported &&
+            -- also add as public if previously `public meta`, which could be from automatic porting
+            (s.transDepsOrig[i]!.has { k with isExported := true } j || s.transDepsOrig[i]!.has { k with isExported := true, isMeta := true } j) then
+          k := { k with isExported := true }
+          imp := { imp with isExported := true }
+          if args.trace then
+            IO.eprintln s!"* upgrading to `{imp}` because of `--add-public`"
+        if args.keepPrefix then
+          let rec tryPrefix : Name → Option ModuleIdx
+            | .str p _ => tryPrefix p <|> (do
+              let j' ← s.env.getModuleIdx? p
+              -- `j'` must be reachable from `i` (allow downgrading from `meta`)
+              guard <| s.transDepsOrig[i]!.has k j' || s.transDepsOrig[i]!.has { k with isMeta := true } j'
+              let j'transDeps := addTransitiveImps .empty p j' s.transDeps[j']!
+              -- `j` must be reachable from `j'` (now downgrading must be done in the other direction)
+              guard <| j'transDeps.has k j || j'transDeps.has { k with isMeta := false } j
+              return j')
+            | _ => none
+          if let some j' := tryPrefix imp.module then
+            imp := { imp with module := s.modNames[j']! }
+            j := j'
+            keptPrefix := true
+            if args.trace then
+              IO.eprintln s!"* upgrading to `{imp}` because of `--keep-prefix`"
+        if !s.mods[i]!.imports.contains imp then
+          toAdd := toAdd.push imp
+        deps := deps.union k {j}
+        newTransDeps := addTransitiveImps newTransDeps imp j s.transDeps[j]!
+
+  if keptPrefix then
+    -- if an import was replaced by `--keep-prefix`, we did not necessarily visit the modules in
+    -- dependency order anymore and so we have to redo the transitive closure checking
+    newTransDeps := transDeps
+    for j in (0...s.mods.size).toArray.reverse do
+      for k in NeedsKind.all do
+        if deps.has k j then
+          let mut imp : Import := { k with module := s.modNames[j]! }
+          if toAdd.contains imp && (newTransDeps.has k j || newTransDeps.has { k with isExported := true } j) then
+            if args.trace then
+              IO.eprintln s!"Removing `{imp}` from imports to be added because it is now implied"
+            toAdd := toAdd.erase imp
+            deps := deps.sub k {j}
+          else
+            newTransDeps := addTransitiveImps newTransDeps imp j s.transDeps[j]!
+
+  -- now that `toAdd` filtering is done, add `alwaysAdd`
+  toAdd := alwaysAdd ++ toAdd
+
+  -- Any import which is still not in `deps` was unused
+  let mut toRemove : Array Import := #[]
+  for imp in s.mods[i]!.imports do
+    let j := s.env.getModuleIdx? imp.module |>.get!
+    let k := NeedsKind.ofImport imp
+    if args.keepImplied && newTransDeps.has k j then
+      if args.trace && !deps.has k j then
+        IO.eprintln s!"`{imp}` is implied by other imports"
+    else if !deps.has k j then
+      if args.trace then
+        IO.eprintln s!"`{imp}` is now unused"
+      toRemove := toRemove.push imp
+    -- A private import should also be removed if the public version has been added
+    else if !k.isExported && !imp.importAll && newTransDeps.has { k with isExported := true } j then
+      if args.trace then
+        IO.eprintln s!"`{imp}` is already covered by `{ { imp with isExported := true } }`"
+      toRemove := toRemove.push imp
 
   -- mark and report the removals
-  let mut edits := toRemove.foldl (init := edits) fun edits imp =>
-    edits.remove s.modNames[i]! imp
+  modify fun s => { s with
+    edits := toRemove.foldl (init := s.edits) fun edits imp =>
+      edits.remove s.modNames[i]! imp }
 
-  if !toAdd.isEmpty || !toRemove.isEmpty || explain then
+  if !toAdd.isEmpty || !toRemove.isEmpty || args.explain then
     if let some path ← srcSearchPath.findModuleWithExt "lean" s.modNames[i]! then
       println! "{path}:"
     else
@@ -404,9 +621,9 @@ def visitModule (srcSearchPath : SearchPath)
   if !toRemove.isEmpty then
     println! "  remove {toRemove}"
 
-  if githubStyle then
+  if args.githubStyle then
     try
-      let (path, inputCtx, stx, endHeader) ← parseHeader srcSearchPath s.modNames[i]!
+      let ⟨path, inputCtx, stx, endHeader⟩ ← parseHeader srcSearchPath s.modNames[i]!
       let (_, _, imports) := decodeHeader stx
       for stx in imports do
         if toRemove.any fun imp => imp == decodeImport stx then
@@ -415,14 +632,15 @@ def visitModule (srcSearchPath : SearchPath)
             (use `lake exe shake --fix` to fix this, or `lake exe shake --update` to ignore)"
       if !toAdd.isEmpty then
         -- we put the insert message on the beginning of the last import line
-        let pos := inputCtx.fileMap.toPosition endHeader
+        let pos := inputCtx.fileMap.toPosition endHeader.offset
         println! "{path}:{pos.line-1}:1: warning: \
           add {toAdd} instead"
     catch _ => pure ()
 
   -- mark and report the additions
-  edits := toAdd.foldl (init := edits) fun edits imp =>
-    edits.add s.modNames[i]! imp
+  modify fun s => { s with
+    edits := toAdd.foldl (init := s.edits) fun edits imp =>
+      edits.add s.modNames[i]! imp }
 
   if !toAdd.isEmpty then
     println! "  add {toAdd}"
@@ -437,14 +655,15 @@ def visitModule (srcSearchPath : SearchPath)
     let j := s.env.getModuleIdx? imp.module |>.get!
     newTransDepsI := addTransitiveImps newTransDepsI imp j s.transDeps[j]!
 
-  set { s with transDeps := s.transDeps.set! i newTransDepsI }
+  modify fun s => { s with transDeps := s.transDeps.set! i newTransDepsI }
 
-  if explain then
+  if args.explain then
     let explanation := getExplanations s.env i
     let sanitize n := if n.hasMacroScopes then (sanitizeName n).run' { options := {} } else n
     let run (imp : Import) := do
       let j := s.env.getModuleIdx? imp.module |>.get!
-      if let some exp? := explanation[(j, NeedsKind.ofImport imp)]? then
+      let mut k := NeedsKind.ofImport imp
+      if let some exp? := explanation[(j, k)]? <|> guard args.addPublic *> explanation[(j, { k with isExported := false})]? then
         println! "  note: `{imp}` required"
         if let some (n, c) := exp? then
           println! "    because `{sanitize n}` refers to `{sanitize c}`"
@@ -455,8 +674,6 @@ def visitModule (srcSearchPath : SearchPath)
         run j
     for i in toAdd do run i
 
-  return edits
-
 /-- Convert a list of module names to a bitset of module indexes -/
 def toBitset (s : State) (ns : List Name) : Bitset :=
   ns.foldl (init := ∅) fun c name =>
@@ -464,40 +681,26 @@ def toBitset (s : State) (ns : List Name) : Bitset :=
     | some i => c ∪ {i}
     | none => c
 
-/-- The parsed CLI arguments. See `help` for more information -/
-structure Args where
-  /-- `--help`: shows the help -/
-  help : Bool := false
-  /-- `--force`: skips the `lake build --no-build` sanity check -/
-  force : Bool := false
-  /-- `--gh-style`: output messages that can be parsed by `gh-problem-matcher-wrap` -/
-  githubStyle : Bool := false
-  /-- `--explain`: give constants explaining why each module is needed -/
-  explain : Bool := false
-  /-- `--fix`: apply the fixes directly -/
-  fix : Bool := false
-  /-- `<MODULE>..`: the list of root modules to check -/
-  mods : Array Name := #[]
-
 local instance : Ord Import where
-  compare a b :=
-    if a.isExported && !b.isExported then
-      Ordering.lt
-    else if !a.isExported && b.isExported then
-      Ordering.gt
-    else
-      a.module.cmp b.module
+  compare :=
+    let _ := @lexOrd
+    compareOn fun imp => (!imp.isExported, imp.module.toString)
 
 /-- The main entry point. See `help` for more information on arguments. -/
-def main (args : List String) : IO UInt32 := do
+public def main (args : List String) : IO UInt32 := do
   initSearchPath (← findSysroot)
   -- Parse the arguments
   let rec parseArgs (args : Args) : List String → Args
     | [] => args
     | "--help" :: rest => parseArgs { args with help := true } rest
+    | "--keep-implied" :: rest => parseArgs { args with keepImplied := true } rest
+    | "--keep-prefix" :: rest => parseArgs { args with keepPrefix := true } rest
+    | "--keep-public" :: rest => parseArgs { args with keepPublic := true } rest
+    | "--add-public" :: rest => parseArgs { args with addPublic := true } rest
     | "--force" :: rest => parseArgs { args with force := true } rest
     | "--fix" :: rest => parseArgs { args with fix := true } rest
     | "--explain" :: rest => parseArgs { args with explain := true } rest
+    | "--trace" :: rest => parseArgs { args with trace := true } rest
     | "--gh-style" :: rest => parseArgs { args with githubStyle := true } rest
     | "--" :: rest => { args with mods := args.mods ++ rest.map (·.toName) }
     | other :: rest => parseArgs { args with mods := args.mods.push other.toName } rest
@@ -540,69 +743,69 @@ def main (args : List String) : IO UInt32 := do
   let imps := mods.map ({ module := · })
   let (_, s) ← importModulesCore imps (isExported := true) |>.run
   let s := s.markAllExported
-  let env ← finalizeImport s (isModule := true) imps {} (leakEnv := false) (loadExts := false)
+  let mut env ← finalizeImport s (isModule := true) imps {} (leakEnv := false) (loadExts := false)
+  -- the one env ext we want to initialize
+  let is := indirectModUseExt.toEnvExtension.getState env
+  let newState ← indirectModUseExt.addImportedFn is.importedEntries { env := env, opts := {} }
+  env := indirectModUseExt.toEnvExtension.setState (asyncMode := .sync) env { is with state := newState }
 
   StateT.run' (s := initStateFromEnv env) do
 
   let s ← get
-  -- Parse the config file
-
   -- Run the calculation of the `needs` array in parallel
   let needs := s.mods.mapIdx fun i _ =>
-    Task.spawn fun _ => calcNeeds s.env i
+    Task.spawn fun _ => calcNeeds s i
 
   -- Parse headers in parallel
   let headers ← s.mods.mapIdxM fun i _ =>
-    BaseIO.asTask (parseHeader srcSearchPath s.modNames[i]! |>.toBaseIO)
+    if !pkg.isPrefixOf s.modNames[i]! then
+      pure <| Task.pure <| .ok ⟨default, default, default, default⟩
+    else
+      BaseIO.asTask (parseHeader srcSearchPath s.modNames[i]! |>.toBaseIO)
 
   if args.fix then
     println! "The following changes will be made automatically:"
 
   -- Check all selected modules
-  let mut edits : Edits := ∅
-  let mut revNeeds : Needs := default
   for i in [0:s.mods.size], t in needs, header in headers do
     match header.get with
-    | .ok (_, _, stx, _) =>
-      edits ← visitModule (addOnly := !pkg.isPrefixOf s.modNames[i]!)
-        srcSearchPath i t.get revNeeds edits stx args.githubStyle args.explain
-      if isExtraRevModUse s.env i then
-        revNeeds := revNeeds.union .priv {i}
+    | .ok ⟨_, _, stx, _⟩ =>
+      visitModule pkg srcSearchPath i t.get stx args
     | .error e =>
       println! e.toString
 
   if !args.fix then
     -- return error if any issues were found
-    return if edits.isEmpty then 0 else 1
+    return if (← get).edits.isEmpty then 0 else 1
 
   -- Apply the edits to existing files
   let mut count := 0
   for mod in s.modNames, header? in headers do
-    let some (remove, add) := edits[mod]? | continue
+    let some (remove, add) := (← get).edits[mod]? | continue
     let add : Array Import := add.qsortOrd
 
     -- Parse the input file
-    let .ok (path, inputCtx, stx, insertion) := header?.get | continue
+    let .ok ⟨path, inputCtx, stx, insertion⟩ := header?.get | continue
     let (_, _, imports) := decodeHeader stx
     let text := inputCtx.fileMap.source
 
     -- Calculate the edit result
-    let mut pos : String.Pos.Raw := 0
+    let mut pos : String.Pos text := text.startPos
     let mut out : String := ""
     let mut seen : Std.HashSet Import := {}
     for stx in imports do
       let mod := decodeImport stx
       if remove.contains mod || seen.contains mod then
-        out := out ++ text.extract pos stx.raw.getPos?.get!
+        out := out ++ text.extract pos (text.pos! stx.raw.getPos?.get!)
         -- We use the end position of the syntax, but include whitespace up to the first newline
-        pos := text.findAux (· == '\n') text.rawEndPos stx.raw.getTailPos?.get! + '\n'
+        pos := text.pos! stx.raw.getTailPos?.get! |>.find '\n' |>.next!
       seen := seen.insert mod
     out := out ++ text.extract pos insertion
     for mod in add do
       if !seen.contains mod then
         seen := seen.insert mod
         out := out ++ s!"{mod}\n"
-    out := out ++ text.extract insertion text.rawEndPos
+    out := out ++ text.extract insertion text.endPos
 
     IO.FS.writeFile path out
     count := count + 1

script/bench.sh

@@ -1,96 +0,0 @@
-#!/usr/bin/env bash
-set -euxo pipefail
-
-cmake --preset release 1>&2
-
-# We benchmark against stage2/bin to test new optimizations.
-timeout -s KILL 1h time make -C build/release -j$(nproc) stage3 1>&2
-export PATH=$PWD/build/release/stage2/bin:$PATH
-
-# The extra opts used to be passed to the Makefile during benchmarking only but with Lake it is
-# easier to configure them statically.
-cmake -B build/release/stage3 -S src -DLEAN_EXTRA_LAKEFILE_TOML='weakLeanArgs=["-Dprofiler=true", "-Dprofiler.threshold=9999999", "--stats"]' 1>&2
-
-(
-cd tests/bench
-timeout -s KILL 1h time temci exec --config speedcenter.yaml --in speedcenter.exec.velcom.yaml 1>&2
-temci report run_output.yaml --reporter codespeed2
-)
-
-if [ -d .git ]; then
-    DIR="$(git rev-parse @)"
-    BASE_URL="https://speed.lean-lang.org/lean4-out/$DIR"
-    {
-        cat <<'EOF'
-<!DOCTYPE html>
-<html>
-<head>
-  <meta charset="UTF-8">
-  <title>Lakeprof Report</title>
-</head>
-<h1>Lakeprof Report</h1>
-<button type="button" id="btn_fetch">View build trace in Perfetto</button>
-<script type="text/javascript">
-const ORIGIN = 'https://ui.perfetto.dev';
-
-const btnFetch = document.getElementById('btn_fetch');
-
-async function fetchAndOpen(traceUrl) {
-  const resp = await fetch(traceUrl);
-  // Error checking is left as an exercise to the reader.
-  const blob = await resp.blob();
-  const arrayBuffer = await blob.arrayBuffer();
-  openTrace(arrayBuffer, traceUrl);
-}
-
-function openTrace(arrayBuffer, traceUrl) {
-  const win = window.open(ORIGIN);
-  if (!win) {
-    btnFetch.style.background = '#f3ca63';
-  	btnFetch.onclick = () => openTrace(arrayBuffer);
-    btnFetch.innerText = 'Popups blocked, click here to open the trace file';
-    return;
-  }
-
-  const timer = setInterval(() => win.postMessage('PING', ORIGIN), 50);
-
-  const onMessageHandler = (evt) => {
-    if (evt.data !== 'PONG') return;
-
-    // We got a PONG, the UI is ready.
-    window.clearInterval(timer);
-    window.removeEventListener('message', onMessageHandler);
-
-    const reopenUrl = new URL(location.href);
-    reopenUrl.hash = `#reopen=${traceUrl}`;
-    win.postMessage({
-      perfetto: {
-        buffer: arrayBuffer,
-        title: 'Lake Build Trace',
-        url: reopenUrl.toString(),
-    }}, ORIGIN);
-  };
-
-  window.addEventListener('message', onMessageHandler);
-}
-
-// This is triggered when following the link from the Perfetto UI's sidebar.
-if (location.hash.startsWith('#reopen=')) {
- const traceUrl = location.hash.substr(8);
- fetchAndOpen(traceUrl);
-}
-EOF
-        cat <<EOF
-btnFetch.onclick = () => fetchAndOpen("$BASE_URL/lakeprof.trace_event");
-</script>
-EOF
-        echo "<pre><code>"
-        (cd src; lakeprof report -prc)
-        echo "</code></pre>"
-        echo "</body></html>"
-    } | tee index.html
-
-    curl -T index.html $BASE_URL/index.html
-    curl -T src/lakeprof.log $BASE_URL/lakeprof.log
-    curl -T src/lakeprof.trace_event $BASE_URL/lakeprof.trace_event
-fi

script/lakefile.toml

@@ -1,4 +1,5 @@
 name = "scripts"
+leanOptions = { experimental.module = true }
 
 [[lean_exe]]
 name = "modulize"
@@ -7,3 +8,5 @@ root = "Modulize"
 [[lean_exe]]
 name = "shake"
 root = "Shake"
+# needed by `Lake.loadWorkspace`
+supportInterpreter = true

script/prepare-llvm-linux.sh

@@ -58,7 +58,11 @@ OPTIONS=()
 # We build cadical using the custom toolchain on Linux to avoid glibc versioning issues
 echo -n " -DLEAN_STANDALONE=ON -DCADICAL_USE_CUSTOM_CXX=ON"
 echo -n " -DCMAKE_CXX_COMPILER=$PWD/llvm-host/bin/clang++ -DLEAN_CXX_STDLIB='-Wl,-Bstatic -lc++ -lc++abi -Wl,-Bdynamic'"
-echo -n " -DLEAN_EXTRA_CXX_FLAGS='--sysroot $PWD/llvm -idirafter $GLIBC_DEV/include ${EXTRA_FLAGS:-}'"
+# these should also be used for cadical, so do not use `LEAN_EXTRA_CXX_FLAGS` here
+echo -n " -DCMAKE_CXX_FLAGS='--sysroot $PWD/llvm -idirafter $GLIBC_DEV/include ${EXTRA_FLAGS:-}'"
+# the above does not include linker flags which will be added below based on context, so skip the
+# generic check by cmake
+echo -n " -DCMAKE_C_COMPILER_WORKS=1 -DCMAKE_CXX_COMPILER_WORKS=1"
 # use target compiler directly when not cross-compiling
 if [[ -L llvm-host ]]; then
   echo -n " -DCMAKE_C_COMPILER=$PWD/stage1/bin/clang"

script/release_checklist.py

@@ -31,6 +31,8 @@ What this script does:
    - Ensures tags are merged into stable branches (for non-RC releases)
    - Verifies bump branches exist and are configured correctly
    - Special handling for ProofWidgets4 release tags
+   - For mathlib4: runs verify_version_tags.py to validate the release tag
+     (checks git/GitHub consistency, toolchain, elan, cache, and build)
 
 3. Optionally automates missing steps (when not in --dry-run mode):
    - Creates missing release tags using push_repo_release_tag.py
@@ -499,6 +501,57 @@ def check_proofwidgets4_release(repo_url, target_toolchain, github_token):
     print(f"     You will need to create and push a tag v0.0.{next_version}")
     return False
 
+def run_mathlib_verify_version_tags(toolchain, verbose=False):
+    """Run mathlib4's verify_version_tags.py script to validate the release tag.
+
+    This clones mathlib4 to a temp directory and runs the verification script.
+    Returns True if verification passes, False otherwise.
+    """
+    import tempfile
+
+    print(f"  ... Running mathlib4 verify_version_tags.py {toolchain}")
+
+    with tempfile.TemporaryDirectory() as tmpdir:
+        # Clone mathlib4 (shallow clone is sufficient for running the script)
+        clone_result = subprocess.run(
+            ['git', 'clone', '--depth', '1', 'https://github.com/leanprover-community/mathlib4.git', tmpdir],
+            capture_output=True,
+            text=True
+        )
+        if clone_result.returncode != 0:
+            print(f"  ❌ Failed to clone mathlib4: {clone_result.stderr.strip()[:200]}")
+            return False
+
+        # Run the verification script
+        script_path = os.path.join(tmpdir, 'scripts', 'verify_version_tags.py')
+        if not os.path.exists(script_path):
+            print(f"  ❌ verify_version_tags.py not found in mathlib4 (expected at scripts/verify_version_tags.py)")
+            return False
+
+        # Run from the mathlib4 directory so git operations work
+        result = subprocess.run(
+            ['python3', script_path, toolchain],
+            cwd=tmpdir,
+            capture_output=True,
+            text=True,
+            timeout=900  # 15 minutes timeout for cache download etc.
+        )
+
+        # Print output with indentation
+        if result.stdout:
+            for line in result.stdout.strip().split('\n'):
+                print(f"     {line}")
+        if result.stderr:
+            for line in result.stderr.strip().split('\n'):
+                print(f"     {line}")
+
+        if result.returncode != 0:
+            print(f"  ❌ mathlib4 verify_version_tags.py failed")
+            return False
+
+        print(f"  ✅ mathlib4 verify_version_tags.py passed")
+        return True
+
 def main():
     parser = argparse.ArgumentParser(description="Check release status of Lean4 repositories")
     parser.add_argument("toolchain", help="The toolchain version to check (e.g., v4.6.0)")
@@ -763,6 +816,12 @@ def main():
                 repo_status[name] = False
                 continue
 
+        # For mathlib4, run verify_version_tags.py to validate the release tag
+        if name == "mathlib4":
+            if not run_mathlib_verify_version_tags(toolchain, verbose):
+                repo_status[name] = False
+                continue
+
         repo_status[name] = success
 
     # Final check for lean4 master branch

src/CMakeLists.txt

@@ -42,7 +42,7 @@ if(LLD_PATH)
 endif()
 
 set(LEAN_EXTRA_LINKER_FLAGS ${LEAN_EXTRA_LINKER_FLAGS_DEFAULT} CACHE STRING "Additional flags used by the linker")
-set(LEAN_EXTRA_CXX_FLAGS "" CACHE STRING "Additional flags used by the C++ compiler")
+set(LEAN_EXTRA_CXX_FLAGS "" CACHE STRING "Additional flags used by the C++ compiler. Unlike `CMAKE_CXX_FLAGS`, these will not be used to build e.g. cadical.")
 set(LEAN_TEST_VARS "LEAN_CC=${CMAKE_C_COMPILER}" CACHE STRING "Additional environment variables used when running tests")
 
 if (NOT CMAKE_BUILD_TYPE)
@@ -191,7 +191,7 @@ endif()
 set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/Modules")
 
 # Initialize CXXFLAGS.
-set(CMAKE_CXX_FLAGS                "${LEAN_EXTRA_CXX_FLAGS} -DLEAN_BUILD_TYPE=\"${CMAKE_BUILD_TYPE}\" -DLEAN_EXPORTING")
+set(CMAKE_CXX_FLAGS                "${CMAKE_CXX_FLAGS} ${LEAN_EXTRA_CXX_FLAGS} -DLEAN_BUILD_TYPE=\"${CMAKE_BUILD_TYPE}\" -DLEAN_EXPORTING")
 set(CMAKE_CXX_FLAGS_DEBUG          "-DLEAN_DEBUG")
 set(CMAKE_CXX_FLAGS_MINSIZEREL     "-DNDEBUG")
 set(CMAKE_CXX_FLAGS_RELEASE        "-DNDEBUG")
@@ -448,8 +448,8 @@ if(LLVM AND ${STAGE} GREATER 0)
     # - In particular, `host/bin/llvm-config` produces flags like `-Lllvm-host/lib/libLLVM`, while
     #   we need the path to be `-Lllvm/lib/libLLVM`. Thus, we perform this replacement here.
     string(REPLACE "llvm-host" "llvm" LEANSHARED_LINKER_FLAGS ${LEANSHARED_LINKER_FLAGS})
-    string(REPLACE "llvm-host" "llvm" LEAN_EXTRA_CXX_FLAGS ${LEAN_EXTRA_CXX_FLAGS})
-    message(VERBOSE "leanshared linker flags: '${LEANSHARED_LINKER_FLAGS}' | lean extra cxx flags '${LEAN_EXTR_CXX_FLAGS}'")
+    string(REPLACE "llvm-host" "llvm" CMAKE_CXX_FLAGS ${CMAKE_CXX_FLAGS})
+    message(VERBOSE "leanshared linker flags: '${LEANSHARED_LINKER_FLAGS}' | lean extra cxx flags '${CMAKE_CXX_FLAGS}'")
 endif()
 
 # get rid of unused parts of C++ stdlib

src/Init/Coe.lean

@@ -116,7 +116,7 @@ On top of these instances this file defines several auxiliary type classes:
   * `CoeOTC := CoeOut* Coe*`
   * `CoeHTC := CoeHead? CoeOut* Coe*`
   * `CoeHTCT := CoeHead? CoeOut* Coe* CoeTail?`
-  * `CoeDep := CoeHead? CoeOut* Coe* CoeTail? | CoeDep`
+  * `CoeT := CoeHead? CoeOut* Coe* CoeTail? | CoeDep`
 
 -/
 

src/Init/Control/Basic.lean

@@ -25,7 +25,7 @@ instances are provided for the same type.
 instance (priority := 500) instForInOfForIn' [ForIn' m ρ α d] : ForIn m ρ α where
   forIn x b f := forIn' x b fun a _ => f a
 
-@[simp] theorem forIn'_eq_forIn [d : Membership α ρ] [ForIn' m ρ α d] {β} [Monad m] (x : ρ) (b : β)
+@[simp] theorem forIn'_eq_forIn [d : Membership α ρ] [ForIn' m ρ α d] {β} (x : ρ) (b : β)
     (f : (a : α) → a ∈ x → β → m (ForInStep β)) (g : (a : α) → β → m (ForInStep β))
     (h : ∀ a m b, f a m b = g a b) :
     forIn' x b f = forIn x b g := by
@@ -40,7 +40,7 @@ instance (priority := 500) instForInOfForIn' [ForIn' m ρ α d] : ForIn m ρ α
   simp [h]
   rfl
 
-@[wf_preprocess] theorem forIn_eq_forIn' [d : Membership α ρ] [ForIn' m ρ α d] {β} [Monad m]
+@[wf_preprocess] theorem forIn_eq_forIn' [d : Membership α ρ] [ForIn' m ρ α d] {β}
     (x : ρ) (b : β) (f : (a : α) → β → m (ForInStep β)) :
     forIn x b f = forIn' x b (fun x h => binderNameHint x f <| binderNameHint h () <| f x) := by
   rfl
@@ -403,7 +403,7 @@ class ForM (m : Type u → Type v) (γ : Type w₁) (α : outParam (Type w₂))
   /--
   Runs the monadic action `f` on each element of the collection `coll`.
   -/
-  forM [Monad m] (coll : γ) (f : α → m PUnit) : m PUnit
+  forM (coll : γ) (f : α → m PUnit) : m PUnit
 
 export ForM (forM)
 

src/Init/Control/Lawful/Instances.lean

@@ -17,6 +17,9 @@ public section
 
 open Function
 
+@[simp, grind =] theorem monadMap_refl {m : Type _ → Type _} {α} (f : ∀ {α}, m α → m α) :
+    monadMap @f = @f α := rfl
+
 /-! # ExceptT -/
 
 namespace ExceptT
@@ -25,6 +28,8 @@ namespace ExceptT
   simp [run] at h
   assumption
 
+@[simp, grind =] theorem run_mk (x : m (Except ε α)) : run (mk x : ExceptT ε m α) = x := rfl
+
 @[simp, grind =] theorem run_pure [Monad m] (x : α) : run (pure x : ExceptT ε m α) = pure (Except.ok x) := rfl
 
 @[simp, grind =] theorem run_lift  [Monad.{u, v} m] (x : m α) : run (ExceptT.lift x : ExceptT ε m α) = (Except.ok <$> x : m (Except ε α)) := rfl
@@ -55,6 +60,9 @@ theorem run_bind [Monad m] (x : ExceptT ε m α) (f : α → ExceptT ε m β)
   apply bind_congr
   intro a; cases a <;> simp [Except.map]
 
+@[simp, grind =] theorem run_monadMap [MonadFunctorT n m] (f : {β : Type u} → n β → n β) (x : ExceptT ε m α)
+    : (monadMap @f x : ExceptT ε m α).run = monadMap @f (x.run) := rfl
+
 protected theorem seq_eq {α β ε : Type u} [Monad m] (mf : ExceptT ε m (α → β)) (x : ExceptT ε m α) : mf <*> x = mf >>= fun f => f <$> x :=
   rfl
 
@@ -97,6 +105,22 @@ instance [Monad m] [LawfulMonad m] : LawfulMonad (ExceptT ε m) where
   simp only [ExceptT.instMonad, ExceptT.map, ExceptT.mk, throw, throwThe, MonadExceptOf.throw,
     pure_bind]
 
+/-! Note that the `MonadControl` instance for `ExceptT` is not monad-generic. -/
+
+@[simp] theorem run_restoreM [Monad m] (x : stM m (ExceptT ε m) α) :
+    ExceptT.run (restoreM x) = pure x := rfl
+
+@[simp] theorem run_liftWith [Monad m] (f : ({β : Type u} → ExceptT ε m β → m (stM m (ExceptT ε m) β)) → m α) :
+    ExceptT.run (liftWith f) = Except.ok <$> (f fun x => x.run) :=
+  rfl
+
+@[simp] theorem run_controlAt [Monad m] [LawfulMonad m] (f : ({β : Type u} → ExceptT ε m β → m (stM m (ExceptT ε m) β)) → m (stM m (ExceptT ε m) α)) :
+    ExceptT.run (controlAt m f) = f fun x => x.run := by
+  simp [controlAt, run_bind, bind_map_left]
+
+@[simp] theorem run_control [Monad m] [LawfulMonad m] (f : ({β : Type u} → ExceptT ε m β → m (stM m (ExceptT ε m) β)) → m (stM m (ExceptT ε m) α)) :
+    ExceptT.run (control f) = f fun x => x.run := run_controlAt f
+
 end ExceptT
 
 /-! # Except -/
@@ -150,6 +174,9 @@ namespace OptionT
   apply bind_congr
   intro a; cases a <;> simp [OptionT.pure, OptionT.mk]
 
+@[simp, grind =] theorem run_monadMap [MonadFunctorT n m] (f : {β : Type u} → n β → n β) (x : OptionT m α)
+    : (monadMap @f x : OptionT m α).run = monadMap @f (x.run) := rfl
+
 protected theorem seq_eq {α β : Type u} [Monad m] (mf : OptionT m (α → β)) (x : OptionT m α) : mf <*> x = mf >>= fun f => f <$> x :=
   rfl
 
@@ -211,6 +238,24 @@ instance [Monad m] [LawfulMonad m] : LawfulMonad (OptionT m) where
     (x <|> y).run = Option.elimM x.run y.run (fun x => pure (some x)) :=
   bind_congr fun | some _ => by rfl | none => by rfl
 
+/-! Note that the `MonadControl` instance for `OptionT` is not monad-generic. -/
+
+@[simp] theorem run_restoreM [Monad m] (x : stM m (OptionT m) α) :
+    OptionT.run (restoreM x) = pure x := rfl
+
+@[simp] theorem run_liftWith [Monad m] [LawfulMonad m] (f : ({β : Type u} → OptionT m β → m (stM m (OptionT m) β)) → m α) :
+    OptionT.run (liftWith f) = Option.some <$> (f fun x => x.run) := by
+  dsimp [liftWith]
+  rw [← bind_pure_comp]
+  rfl
+
+@[simp] theorem run_controlAt [Monad m] [LawfulMonad m] (f : ({β : Type u} → OptionT m β → m (stM m (OptionT m) β)) → m (stM m (OptionT m) α)) :
+    OptionT.run (controlAt m f) = f fun x => x.run := by
+  simp [controlAt, Option.elimM, Option.elim]
+
+@[simp] theorem run_control [Monad m] [LawfulMonad m] (f : ({β : Type u} → OptionT m β → m (stM m (OptionT m) β)) → m (stM m (OptionT m) α)) :
+    OptionT.run (control f) = f fun x => x.run := run_controlAt f
+
 end OptionT
 
 /-! # Option -/
@@ -232,6 +277,9 @@ namespace ReaderT
   simp [run] at h
   exact funext h
 
+@[simp, grind =] theorem run_mk (x : ρ → m α) (ctx : ρ) : run (.mk x : ReaderT ρ m α) ctx = x ctx :=
+  rfl
+
 @[simp, grind =] theorem run_pure [Monad m] (a : α) (ctx : ρ) : (pure a : ReaderT ρ m α).run ctx = pure a := rfl
 
 @[simp, grind =] theorem run_bind [Monad m] (x : ReaderT ρ m α) (f : α → ReaderT ρ m β) (ctx : ρ)
@@ -279,6 +327,22 @@ instance [Monad m] [LawfulMonad m] : LawfulMonad (ReaderT ρ m) where
   pure_bind      := by intros; apply ext; intros; simp
   bind_assoc     := by intros; apply ext; intros; simp
 
+/-! Note that the `MonadControl` instance for `ReaderT` is not monad-generic. -/
+
+@[simp] theorem run_restoreM [Monad m] (x : stM m (ReaderT ρ m) α) (ctx : ρ) :
+    ReaderT.run (restoreM x) ctx = pure x := rfl
+
+@[simp] theorem run_liftWith [Monad m] (f : ({β : Type u} → ReaderT ρ m β → m (stM m (ReaderT ρ m) β)) → m α) (ctx : ρ) :
+    ReaderT.run (liftWith f) ctx = (f fun x => x.run ctx) :=
+  rfl
+
+@[simp] theorem run_controlAt [Monad m] [LawfulMonad m] (f : ({β : Type u} → ReaderT ρ m β → m (stM m (ReaderT ρ m) β)) → m (stM m (ReaderT ρ m) α)) (ctx : ρ) :
+    ReaderT.run (controlAt m f) ctx = f fun x => x.run ctx := by
+  simp [controlAt]
+
+@[simp] theorem run_control [Monad m] [LawfulMonad m] (f : ({β : Type u} → ReaderT ρ m β → m (stM m (ReaderT ρ m) β)) → m (stM m (ReaderT ρ m) α)) (ctx : ρ) :
+    ReaderT.run (control f) ctx = f fun x => x.run ctx := run_controlAt f ctx
+
 end ReaderT
 
 /-! # StateRefT -/
@@ -293,17 +357,20 @@ namespace StateT
 @[ext, grind ext] theorem ext {x y : StateT σ m α} (h : ∀ s, x.run s = y.run s) : x = y :=
   funext h
 
+@[simp, grind =] theorem run_mk [Monad m] (x : σ → m (α × σ)) (s : σ) : run (.mk x) s = x s :=
+  rfl
+
 @[simp, grind =] theorem run'_eq [Monad m] (x : StateT σ m α) (s : σ) : run' x s = (·.1) <$> run x s :=
   rfl
 
 @[simp, grind =] theorem run_pure [Monad m] (a : α) (s : σ) : (pure a : StateT σ m α).run s = pure (a, s) := rfl
 
 @[simp, grind =] theorem run_bind [Monad m] (x : StateT σ m α) (f : α → StateT σ m β) (s : σ)
-    : (x >>= f).run s = x.run s >>= λ p => (f p.1).run p.2 := by
-  simp [bind, StateT.bind, run]
+    : (x >>= f).run s = x.run s >>= λ p => (f p.1).run p.2 := rfl
 
 @[simp, grind =] theorem run_map {α β σ : Type u} [Monad m] [LawfulMonad m] (f : α → β) (x : StateT σ m α) (s : σ) : (f <$> x).run s = (fun (p : α × σ) => (f p.1, p.2)) <$> x.run s := by
-  simp [Functor.map, StateT.map, run, ←bind_pure_comp]
+  rw [← bind_pure_comp (m := m)]
+  rfl
 
 @[simp, grind =] theorem run_get [Monad m] (s : σ)    : (get : StateT σ m σ).run s = pure (s, s) := rfl
 
@@ -312,13 +379,13 @@ namespace StateT
 @[simp, grind =] theorem run_modify [Monad m] (f : σ → σ) (s : σ) : (modify f : StateT σ m PUnit).run s = pure (⟨⟩, f s) := rfl
 
 @[simp, grind =] theorem run_modifyGet [Monad m] (f : σ → α × σ) (s : σ) : (modifyGet f : StateT σ m α).run s = pure ((f s).1, (f s).2) := by
-  simp [modifyGet, MonadStateOf.modifyGet, StateT.modifyGet, run]
+  rfl
 
 @[simp, grind =] theorem run_lift {α σ : Type u} [Monad m] (x : m α) (s : σ) : (StateT.lift x : StateT σ m α).run s = x >>= fun a => pure (a, s) := rfl
 
 @[grind =]
 theorem run_bind_lift {α σ : Type u} [Monad m] [LawfulMonad m] (x : m α) (f : α → StateT σ m β) (s : σ) : (StateT.lift x >>= f).run s = x >>= fun a => (f a).run s := by
-  simp [StateT.lift, StateT.run, bind, StateT.bind]
+  simp
 
 @[simp, grind =] theorem run_monadLift {α σ : Type u} [Monad m] [MonadLiftT n m] (x : n α) (s : σ) : (monadLift x : StateT σ m α).run s = (monadLift x : m α) >>= fun a => pure (a, s) := rfl
 
@@ -358,10 +425,48 @@ instance [Monad m] [LawfulMonad m] : LawfulMonad (StateT σ m) where
   pure_bind      := by intros; apply ext; intros; simp
   bind_assoc     := by intros; apply ext; intros; simp
 
+/-! Note that the `MonadControl` instance for `StateT` is not monad-generic. -/
+
+@[simp] theorem run_restoreM [Monad m] [LawfulMonad m] (x : stM m (StateT σ m) α) (s : σ) :
+    StateT.run (restoreM x) s = pure x := by
+  simp [restoreM, MonadControl.restoreM]
+  rfl
+
+@[simp] theorem run_liftWith [Monad m] [LawfulMonad m] (f : ({β : Type u} → StateT σ m β → m (stM m (StateT σ m) β)) → m α) (s : σ) :
+    StateT.run (liftWith f) s = ((·, s) <$> f fun x => x.run s) := by
+  simp [liftWith, MonadControl.liftWith, Function.comp_def]
+
+@[simp] theorem run_controlAt [Monad m] [LawfulMonad m] (f : ({β : Type u} → StateT σ m β → m (stM m (StateT σ m) β)) → m (stM m (StateT σ m) α)) (s : σ) :
+    StateT.run (controlAt m f) s = f fun x => x.run s := by
+  simp [controlAt]
+
+@[simp] theorem run_control [Monad m] [LawfulMonad m] (f : ({β : Type u} → StateT σ m β → m (stM m (StateT σ m) β)) → m (stM m (StateT σ m) α)) (s : σ) :
+    StateT.run (control f) s = f fun x => x.run s := run_controlAt f s
+
 end StateT
 
 /-! # EStateM -/
 
+namespace EStateM
+
+@[simp, grind =] theorem run_pure (a : α) (s : σ) :
+    EStateM.run (pure a : EStateM ε σ α) s = .ok a s := rfl
+
+@[simp, grind =] theorem run_get (s : σ) :
+    EStateM.run (get : EStateM ε σ σ) s = .ok s s := rfl
+
+@[simp, grind =] theorem run_set (s₁ s₂ : σ) :
+    EStateM.run (set s₁ : EStateM ε σ PUnit) s₂ = .ok .unit s₁ := rfl
+
+@[simp, grind =] theorem run_modify (f : σ → σ) (s : σ) :
+    EStateM.run (modify f : EStateM ε σ PUnit) s = .ok .unit (f s) := rfl
+
+@[simp, grind =] theorem run_modifyGet (f : σ → α × σ) (s : σ) :
+    EStateM.run (modifyGet f : EStateM ε σ α) s = .ok (f s).1 (f s).2 := rfl
+
+@[simp, grind =] theorem run_throw (e : ε) (s : σ):
+    EStateM.run (throw e : EStateM ε σ PUnit) s = .error e s := rfl
+
 instance : LawfulMonad (EStateM ε σ) := .mk'
   (id_map := fun x => funext <| fun s => by
     dsimp only [EStateM.instMonad, EStateM.map]
@@ -375,3 +480,5 @@ instance : LawfulMonad (EStateM ε σ) := .mk'
     | .ok _ _ => rfl
     | .error _ _ => rfl)
   (map_const := fun _ _ => rfl)
+
+end EStateM

src/Init/Control/State.lean

@@ -25,6 +25,12 @@ of a value and a state.
 @[expose] def StateT (σ : Type u) (m : Type u → Type v) (α : Type u) : Type (max u v) :=
   σ → m (α × σ)
 
+/--
+Interpret `σ → m (α × σ)` as an element of `StateT σ m α`.
+-/
+@[always_inline, inline, expose]
+def StateT.mk {σ : Type u} {m : Type u → Type v} {α : Type u} (x : σ → m (α × σ)) : StateT σ m α := x
+
 /--
 Executes an action from a monad with added state in the underlying monad `m`. Given an initial
 state, it returns a value paired with the final state.

src/Init/Core.lean

@@ -201,6 +201,7 @@ An element of `α ⊕ β` is either an `a : α` wrapped in `Sum.inl` or a `b :
 indication of which of the two types was chosen. The union of a singleton set with itself contains
 one element, while `Unit ⊕ Unit` contains distinct values `inl ()` and `inr ()`.
 -/
+@[suggest_for Either]
 inductive Sum (α : Type u) (β : Type v) where
   /-- Left injection into the sum type `α ⊕ β`. -/
   | inl (val : α) : Sum α β
@@ -377,7 +378,7 @@ class ForIn (m : Type u₁ → Type u₂) (ρ : Type u) (α : outParam (Type v))
   More information about the translation of `for` loops into `ForIn.forIn` is available in [the Lean
   reference manual](lean-manual://section/monad-iteration-syntax).
   -/
-  forIn {β} [Monad m] (xs : ρ) (b : β) (f : α → β → m (ForInStep β)) : m β
+  forIn {β} (xs : ρ) (b : β) (f : α → β → m (ForInStep β)) : m β
 
 export ForIn (forIn)
 
@@ -405,7 +406,7 @@ class ForIn' (m : Type u₁ → Type u₂) (ρ : Type u) (α : outParam (Type v)
   More information about the translation of `for` loops into `ForIn'.forIn'` is available in [the
   Lean reference manual](lean-manual://section/monad-iteration-syntax).
   -/
-  forIn' {β} [Monad m] (x : ρ) (b : β) (f : (a : α) → a ∈ x → β → m (ForInStep β)) : m β
+  forIn' {β} (x : ρ) (b : β) (f : (a : α) → a ∈ x → β → m (ForInStep β)) : m β
 
 export ForIn' (forIn')
 
@@ -939,9 +940,7 @@ theorem HEq.subst {p : (T : Sort u) → T → Prop} (h₁ : a ≍ b) (h₂ : p
 @[symm] theorem HEq.symm (h : a ≍ b) : b ≍ a :=
   h.rec (HEq.refl a)
 
-/-- Propositionally equal terms are also heterogeneously equal. -/
-theorem heq_of_eq (h : a = a') : a ≍ a' :=
-  Eq.subst h (HEq.refl a)
+
 
 /-- Heterogeneous equality is transitive. -/
 theorem HEq.trans (h₁ : a ≍ b) (h₂ : b ≍ c) : a ≍ c :=
@@ -1370,7 +1369,7 @@ instance {α : Type u} {p : α → Prop} [BEq α] [LawfulBEq α] : LawfulBEq {x
 instance {α : Sort u} {p : α → Prop} [DecidableEq α] : DecidableEq {x : α // p x} :=
   fun ⟨a, h₁⟩ ⟨b, h₂⟩ =>
     if h : a = b then isTrue (by subst h; exact rfl)
-    else isFalse (fun h' => Subtype.noConfusion h' (fun h' => absurd h' h))
+    else isFalse (fun h' => Subtype.noConfusion rfl .rfl (heq_of_eq h') (fun h' => absurd (eq_of_heq h') h))
 
 end Subtype
 
@@ -1429,8 +1428,8 @@ instance [DecidableEq α] [DecidableEq β] : DecidableEq (α × β) :=
     | isTrue e₁ =>
       match decEq b b' with
       | isTrue e₂  => isTrue (e₁ ▸ e₂ ▸ rfl)
-      | isFalse n₂ => isFalse fun h => Prod.noConfusion h fun _   e₂' => absurd e₂' n₂
-    | isFalse n₁ => isFalse fun h => Prod.noConfusion h fun e₁' _   => absurd e₁' n₁
+      | isFalse n₂ => isFalse fun h => Prod.noConfusion rfl rfl (heq_of_eq h) fun _   e₂' => absurd (eq_of_heq e₂') n₂
+    | isFalse n₁ => isFalse fun h => Prod.noConfusion rfl rfl (heq_of_eq h) fun e₁' _   => absurd (eq_of_heq e₁') n₁
 
 instance [BEq α] [BEq β] : BEq (α × β) where
   beq := fun (a₁, b₁) (a₂, b₂) => a₁ == a₂ && b₁ == b₂

src/Init/Data/Array/Attach.lean

@@ -572,9 +572,6 @@ def unattach {α : Type _} {p : α → Prop} (xs : Array { x // p x }) : Array
 @[simp] theorem unattach_empty {p : α → Prop} : (#[] : Array { x // p x }).unattach = #[] := by
   simp [unattach]
 
-@[deprecated unattach_empty (since := "2025-05-26")]
-abbrev unattach_nil := @unattach_empty
-
 @[simp] theorem unattach_push {p : α → Prop} {a : { x // p x }} {xs : Array { x // p x }} :
     (xs.push a).unattach = xs.unattach.push a.1 := by
   simp only [unattach, Array.map_push]

src/Init/Data/Array/Basic.lean

@@ -242,7 +242,7 @@ Examples:
 * `#["red", "green", "blue", "brown"].swapIfInBounds 0 4 = #["red", "green", "blue", "brown"]`
 * `#["red", "green", "blue", "brown"].swapIfInBounds 9 2 = #["red", "green", "blue", "brown"]`
 -/
-@[extern "lean_array_swap", grind]
+@[extern "lean_array_swap", expose]
 def swapIfInBounds (xs : Array α) (i j : @& Nat) : Array α :=
   if h₁ : i < xs.size then
   if h₂ : j < xs.size then swap xs i j
@@ -570,7 +570,7 @@ protected def forIn' {α : Type u} {β : Type v} {m : Type v → Type w} [Monad
       | ForInStep.yield b => loop i (Nat.le_of_lt h') b
   loop as.size (Nat.le_refl _) b
 
-instance : ForIn' m (Array α) α inferInstance where
+instance [Monad m] : ForIn' m (Array α) α inferInstance where
   forIn' := Array.forIn'
 
 -- No separate `ForIn` instance is required because it can be derived from `ForIn'`.
@@ -1001,7 +1001,7 @@ unless `start < stop`. By default, the entire array is used.
 protected def forM {α : Type u} {m : Type v → Type w} [Monad m] (f : α → m PUnit) (as : Array α) (start := 0) (stop := as.size) : m PUnit :=
   as.foldlM (fun _ => f) ⟨⟩ start stop
 
-instance : ForM m (Array α) α where
+instance [Monad m] : ForM m (Array α) α where
   forM xs f := Array.forM f xs
 
 -- We simplify `Array.forM` to `forM`.
@@ -1348,7 +1348,7 @@ Examples:
 * `#[2, 4, 5, 6].any (· % 2 = 0) = true`
 * `#[2, 4, 5, 6].any (· % 2 = 1) = true`
 -/
-@[inline, expose]
+@[inline, expose, suggest_for Array.some]
 def any (as : Array α) (p : α → Bool) (start := 0) (stop := as.size) : Bool :=
   Id.run <| as.anyM (pure <| p ·) start stop
 
@@ -1366,7 +1366,7 @@ Examples:
 * `#[2, 4, 6].all (· % 2 = 0) = true`
 * `#[2, 4, 5, 6].all (· % 2 = 0) = false`
 -/
-@[inline]
+@[inline, suggest_for Array.every]
 def all (as : Array α) (p : α → Bool) (start := 0) (stop := as.size) : Bool :=
   Id.run <| as.allM (pure <| p ·) start stop
 

src/Init/Data/Array/Bootstrap.lean

@@ -73,9 +73,6 @@ theorem foldrM_eq_reverse_foldlM_toList [Monad m] {f : α → β → m β} {init
   rcases xs with ⟨xs⟩
   simp [push, List.concat_eq_append]
 
-@[deprecated toList_push (since := "2025-05-26")]
-abbrev push_toList := @toList_push
-
 @[simp, grind =] theorem toListAppend_eq {xs : Array α} {l : List α} : xs.toListAppend l = xs.toList ++ l := by
   simp [toListAppend, ← foldr_toList]
 

src/Init/Data/Array/Count.lean

@@ -62,12 +62,12 @@ theorem size_eq_countP_add_countP {xs : Array α} : xs.size = countP p xs + coun
   rcases xs with ⟨xs⟩
   simp [List.length_eq_countP_add_countP (p := p)]
 
-@[grind =]
 theorem countP_eq_size_filter {xs : Array α} : countP p xs = (filter p xs).size := by
   rcases xs with ⟨xs⟩
   simp [List.countP_eq_length_filter]
 
-@[grind =]
+grind_pattern countP_eq_size_filter => xs.countP p, xs.filter p
+
 theorem countP_eq_size_filter' : countP p = size ∘ filter p := by
   funext xs
   apply countP_eq_size_filter

src/Init/Data/Array/DecidableEq.lean

@@ -99,23 +99,23 @@ instance instDecidableEq [DecidableEq α] : DecidableEq (Array α) := fun xs ys
   | ⟨[]⟩ =>
     match ys with
     | ⟨[]⟩ => isTrue rfl
-    | ⟨_ :: _⟩ => isFalse (Array.noConfusion · (List.noConfusion ·))
+    | ⟨_ :: _⟩ => isFalse (fun h => Array.noConfusion rfl (heq_of_eq h) (fun h => List.noConfusion rfl h))
   | ⟨a :: as⟩ =>
     match ys with
-    | ⟨[]⟩ => isFalse (Array.noConfusion · (List.noConfusion ·))
+    | ⟨[]⟩ => isFalse (fun h => Array.noConfusion rfl (heq_of_eq h) (fun h => List.noConfusion rfl h))
     | ⟨b :: bs⟩ => instDecidableEqImpl ⟨a :: as⟩ ⟨b :: bs⟩
 
 @[csimp]
 theorem instDecidableEq_csimp : @instDecidableEq = @instDecidableEqImpl :=
   Subsingleton.allEq _ _
-  
+
 /--
 Equality with `#[]` is decidable even if the underlying type does not have decidable equality.
 -/
 instance instDecidableEqEmp (xs : Array α) : Decidable (xs = #[]) :=
   match xs with
   | ⟨[]⟩ => isTrue rfl
-  | ⟨_ :: _⟩ => isFalse (Array.noConfusion · (List.noConfusion ·))
+  | ⟨_ :: _⟩ => isFalse (fun h => Array.noConfusion rfl (heq_of_eq h) (fun h => List.noConfusion rfl h))
 
 /--
 Equality with `#[]` is decidable even if the underlying type does not have decidable equality.
@@ -123,7 +123,7 @@ Equality with `#[]` is decidable even if the underlying type does not have decid
 instance instDecidableEmpEq (ys : Array α) : Decidable (#[] = ys) :=
   match ys with
   | ⟨[]⟩ => isTrue rfl
-  | ⟨_ :: _⟩ => isFalse (Array.noConfusion · (List.noConfusion ·))
+  | ⟨_ :: _⟩ => isFalse (fun h => Array.noConfusion rfl (heq_of_eq h) (fun h => List.noConfusion rfl h))
 
 theorem beq_eq_decide [BEq α] (xs ys : Array α) :
     (xs == ys) = if h : xs.size = ys.size then

src/Init/Data/Array/Erase.lean

@@ -389,9 +389,6 @@ theorem eraseIdx_append_of_size_le {xs : Array α} {k : Nat} (hk : xs.size ≤ k
   simp at hk
   simp [List.eraseIdx_append_of_length_le, *]
 
-@[deprecated eraseIdx_append_of_size_le (since := "2025-06-11")]
-abbrev eraseIdx_append_of_length_le := @eraseIdx_append_of_size_le
-
 @[grind =]
 theorem eraseIdx_append {xs ys : Array α} (h : k < (xs ++ ys).size) :
     eraseIdx (xs ++ ys) k =

src/Init/Data/Array/Find.lean

@@ -159,9 +159,6 @@ theorem find?_singleton {a : α} {p : α → Bool} :
     findRev? p (xs.push a) = findRev? p xs := by
   cases xs; simp [h]
 
-@[deprecated findRev?_push_of_neg (since := "2025-06-12")]
-abbrev findRev?_cons_of_neg := @findRev?_push_of_neg
-
 @[grind =]
 theorem finRev?_push {xs : Array α} :
     findRev? p (xs.push a) = (Option.guard p a).or (xs.findRev? p) := by
@@ -171,9 +168,6 @@ theorem finRev?_push {xs : Array α} :
   · rw [findRev?_push_of_pos, Option.guard_eq_some_iff.mpr ⟨rfl, h⟩]
     all_goals simp [h]
 
-@[deprecated finRev?_push (since := "2025-06-12")]
-abbrev findRev?_cons := @finRev?_push
-
 @[simp, grind =] theorem find?_eq_none : find? p xs = none ↔ ∀ x ∈ xs, ¬ p x := by
   cases xs; simp
 

src/Init/Data/Array/InsertIdx.lean

@@ -53,11 +53,6 @@ theorem eraseIdx_insertIdx_self {i : Nat} {xs : Array α} (h : i ≤ xs.size) :
   rcases xs with ⟨xs⟩
   simp_all
 
-@[deprecated eraseIdx_insertIdx_self (since := "2025-06-15")]
-theorem eraseIdx_insertIdx {i : Nat} {xs : Array α} (h : i ≤ xs.size) :
-    (xs.insertIdx i a).eraseIdx i (by simp; omega) = xs := by
-  simp [eraseIdx_insertIdx_self]
-
 theorem insertIdx_eraseIdx_of_ge {as : Array α}
     (w₁ : i < as.size) (w₂ : j ≤ (as.eraseIdx i).size) (h : i ≤ j) :
     (as.eraseIdx i).insertIdx j a =

src/Init/Data/Array/Lemmas.lean

@@ -1758,11 +1758,6 @@ theorem toArray_append {xs : List α} {ys : Array α} :
 
 theorem singleton_eq_toArray_singleton {a : α} : #[a] = [a].toArray := rfl
 
-@[deprecated empty_append (since := "2025-05-26")]
-theorem empty_append_fun : ((#[] : Array α) ++ ·) = id := by
-  funext ⟨l⟩
-  simp
-
 @[simp, grind =] theorem mem_append {a : α} {xs ys : Array α} : a ∈ xs ++ ys ↔ a ∈ xs ∨ a ∈ ys := by
   simp only [mem_def, toList_append, List.mem_append]
 
@@ -3248,14 +3243,6 @@ rather than `(arr.push a).size` as the argument.
     l.foldl (fun xs x => xs.push x) xs = xs ++ l.toArray := by
   simpa using List.foldl_push_eq_append (f := id)
 
-@[deprecated _root_.List.foldl_push_eq_append' (since := "2025-05-18")]
-theorem _root_.List.foldl_push {l : List α} {as : Array α} : l.foldl Array.push as = as ++ l.toArray := by
-  induction l generalizing as <;> simp [*]
-
-@[deprecated _root_.List.foldr_push_eq_append' (since := "2025-05-18")]
-theorem _root_.List.foldr_push {l : List α} {as : Array α} : l.foldr (fun a bs => push bs a) as = as ++ l.reverse.toArray := by
-  rw [List.foldr_eq_foldl_reverse, List.foldl_push_eq_append']
-
 -- TODO: a multi-pattern is being selected there because E-matching does not go inside lambdas.
 @[simp, grind! ←] theorem foldr_append_eq_append {xs : Array α} {f : α → Array β} {ys : Array β} :
     xs.foldr (f · ++ ·) ys = (xs.map f).flatten ++ ys := by
@@ -3966,28 +3953,29 @@ theorem getElem_modify_of_ne {xs : Array α} {i : Nat} (h : i ≠ j)
 
 /-! ### swap -/
 
-@[simp] theorem getElem_swap_right {xs : Array α} {i j : Nat} {hi hj} :
-    (xs.swap i j hi hj)[j]'(by simpa using hj) = xs[i] := by
-  simp [swap_def]
-
-@[simp] theorem getElem_swap_left {xs : Array α} {i j : Nat} {hi hj} :
-    (xs.swap i j hi hj)[i]'(by simpa using hi) = xs[j] := by
-  simp +contextual [swap_def, getElem_set]
-
-@[simp] theorem getElem_swap_of_ne {xs : Array α} {i j : Nat} {hi hj} (hp : k < xs.size)
-    (hi' : k ≠ i) (hj' : k ≠ j) : (xs.swap i j hi hj)[k]'(xs.size_swap .. |>.symm ▸ hp) = xs[k] := by
-  simp [swap_def, getElem_set, hi'.symm, hj'.symm]
-
-theorem getElem_swap' {xs : Array α} {i j : Nat} {hi hj} {k : Nat} (hk : k < xs.size) :
-    (xs.swap i j hi hj)[k]'(by simp_all) = if k = i then xs[j] else if k = j then xs[i] else xs[k] := by
-  split
-  · simp_all only [getElem_swap_left]
-  · split <;> simp_all
-
 @[grind =]
 theorem getElem_swap {xs : Array α} {i j : Nat} (hi hj) {k : Nat} (hk : k < (xs.swap i j hi hj).size) :
     (xs.swap i j hi hj)[k] = if k = i then xs[j] else if k = j then xs[i] else xs[k]'(by simp_all) := by
-  apply getElem_swap'
+  simp only [swap_def, getElem_set, eq_comm (a := k)]
+  split <;> split <;> simp_all
+
+@[simp] theorem getElem_swap_right {xs : Array α} {i j : Nat} {hi hj} :
+    (xs.swap i j hi hj)[j]'(by simpa using hj) = xs[i] := by
+  simp +contextual [getElem_swap]
+
+@[simp] theorem getElem_swap_left {xs : Array α} {i j : Nat} {hi hj} :
+    (xs.swap i j hi hj)[i]'(by simpa using hi) = xs[j] := by
+  simp [getElem_swap]
+
+@[simp] theorem getElem_swap_of_ne {xs : Array α} {i j : Nat} {hi hj}
+    {h : k < (xs.swap i j hi hj).size} (hi' : k ≠ i) (hj' : k ≠ j) :
+    (xs.swap i j hi hj)[k] = xs[k]'(by simp_all) := by
+  simp [getElem_swap, hi', hj']
+
+@[deprecated getElem_swap (since := "2025-10-10")]
+theorem getElem_swap' {xs : Array α} {i j : Nat} {hi hj} {k : Nat} (hk : k < xs.size) :
+    (xs.swap i j hi hj)[k]'(by simp_all) = if k = i then xs[j] else if k = j then xs[i] else xs[k] :=
+  getElem_swap _ _ _
 
 @[simp] theorem swap_swap {xs : Array α} {i j : Nat} (hi hj) :
     (xs.swap i j hi hj).swap i j ((xs.size_swap ..).symm ▸ hi) ((xs.size_swap ..).symm ▸ hj) = xs := by
@@ -4008,8 +3996,66 @@ theorem swap_comm {xs : Array α} {i j : Nat} (hi hj) : xs.swap i j hi hj = xs.s
     · split <;> simp_all
     · split <;> simp_all
 
+/-! ### swapIfInBounds -/
+
+@[grind =] theorem swapIfInBounds_def {xs : Array α} {i j : Nat} :
+    xs.swapIfInBounds i j = if h₁ : i < xs.size then
+  if h₂ : j < xs.size then swap xs i j else xs else xs := rfl
+
 @[simp, grind =] theorem size_swapIfInBounds {xs : Array α} {i j : Nat} :
-    (xs.swapIfInBounds i j).size = xs.size := by unfold swapIfInBounds; split <;> (try split) <;> simp [size_swap]
+    (xs.swapIfInBounds i j).size = xs.size := by
+  unfold swapIfInBounds; split <;> (try split) <;> simp [size_swap]
+
+@[grind =] theorem getElem_swapIfInBounds {xs : Array α} {i j k : Nat}
+    (hk : k < (xs.swapIfInBounds i j).size) :
+    (xs.swapIfInBounds i j)[k] =
+    if h₁ : k = i ∧ j < xs.size then xs[j]'h₁.2 else if h₂ : k = j ∧ i < xs.size then xs[i]'h₂.2
+    else xs[k]'(by simp_all) := by
+  rw [size_swapIfInBounds] at hk
+  unfold swapIfInBounds
+  split <;> rename_i hi
+  · split <;> rename_i hj
+    · simp only [hi, hj, and_true]
+      exact getElem_swap _ _ _
+    · simp only [hi, hj, and_true, and_false, dite_false]
+      split <;> simp_all
+  · simp only [hi, and_false, dite_false]
+    split <;> simp_all
+
+@[simp]
+theorem getElem_swapIfInBounds_of_size_le_left {xs : Array α} {i j k : Nat} (hi : xs.size ≤ i)
+    (hk : k < (xs.swapIfInBounds i j).size) :
+    (xs.swapIfInBounds i j)[k] = xs[k]'(Nat.lt_of_lt_of_eq hk size_swapIfInBounds) := by
+  have h₁ : k ≠ i := Nat.ne_of_lt <| Nat.lt_of_lt_of_le hk <|
+    Nat.le_trans (Nat.le_of_eq (size_swapIfInBounds)) hi
+  have h₂ : ¬ (i < xs.size) := Nat.not_lt_of_le hi
+  simp [getElem_swapIfInBounds, h₁, h₂]
+
+@[simp]
+theorem getElem_swapIfInBounds_of_size_le_right {xs : Array α} {i j k : Nat} (hj : xs.size ≤ j)
+    (hk : k < (xs.swapIfInBounds i j).size) :
+    (xs.swapIfInBounds i j)[k] = xs[k]'(Nat.lt_of_lt_of_eq hk size_swapIfInBounds) := by
+  have h₁ : ¬ (j < xs.size) := Nat.not_lt_of_le hj
+  have h₂ : k ≠ j := Nat.ne_of_lt <| Nat.lt_of_lt_of_le hk <|
+    Nat.le_trans (Nat.le_of_eq (size_swapIfInBounds)) hj
+  simp [getElem_swapIfInBounds, h₁, h₂]
+
+@[simp]
+theorem getElem_swapIfInBounds_left {xs : Array α} {i j : Nat} (hj : j < xs.size)
+    (hi : i < (xs.swapIfInBounds i j).size) : (xs.swapIfInBounds i j)[i] = xs[j] := by
+  simp [getElem_swapIfInBounds, hj]
+
+@[simp]
+theorem getElem_swapIfInBounds_right {xs : Array α} {i j : Nat} (hi : i < xs.size)
+    (hj : j < (xs.swapIfInBounds i j).size) :
+    (xs.swapIfInBounds i j)[j] = xs[i] := by
+  simp +contextual [getElem_swapIfInBounds, hi]
+
+@[simp]
+theorem getElem_swapIfInBounds_of_ne_of_ne {xs : Array α} {i j k : Nat} (hi : k ≠ i) (hj : k ≠ j)
+    (hk : k < (xs.swapIfInBounds i j).size) :
+    (xs.swapIfInBounds i j)[k] = xs[k]'(Nat.lt_of_lt_of_eq hk size_swapIfInBounds) := by
+  simp [getElem_swapIfInBounds, hi, hj]
 
 /-! ### swapAt -/
 
@@ -4271,10 +4317,9 @@ theorem size_uset {xs : Array α} {v : α} {i : USize} (h : i.toNat < xs.size) :
 theorem getElem!_eq_getD [Inhabited α] {xs : Array α} {i} : xs[i]! = xs.getD i default := by
   rfl
 
-/-! # mem -/
-
-@[deprecated mem_toList_iff (since := "2025-05-26")]
-theorem mem_toList {a : α} {xs : Array α} : a ∈ xs.toList ↔ a ∈ xs := mem_def.symm
+theorem getElem_eq_getD {xs : Array α} {i} {h : i < xs.size} (fallback : α) :
+    xs[i]'h = xs.getD i fallback := by
+  rw [getD_eq_getD_getElem?, getElem_eq_getElem?_get, Option.get_eq_getD]
 
 /-! # get lemmas -/
 

src/Init/Data/Array/Lex/Lemmas.lean

@@ -73,19 +73,11 @@ private theorem cons_lex_cons [BEq α] {lt : α → α → Bool} {a b : α} {xs
        (lt a b || a == b && xs.lex ys lt) := by
   simp only [lex, size_append, List.size_toArray, List.length_cons, List.length_nil, Nat.zero_add,
     Nat.add_min_add_left, Nat.add_lt_add_iff_left, Std.Rco.forIn'_eq_forIn'_toList]
-  conv =>
-    lhs; congr; congr
-    rw [cons_lex_cons.forIn'_congr_aux Std.Rco.toList_eq_if_roo rfl (fun _ _ _ => rfl)]
-    simp only [bind_pure_comp, map_pure]
-    rw [cons_lex_cons.forIn'_congr_aux (if_pos (by omega)) rfl (fun _ _ _ => rfl)]
-  simp only [Std.toList_roo_eq_toList_rco_of_isSome_succ? (lo := 0) (h := rfl),
-    Std.PRange.UpwardEnumerable.succ?, Nat.add_comm 1, Std.PRange.Nat.toList_rco_succ_succ,
-    Option.get_some, List.forIn'_cons, List.size_toArray, List.length_cons, List.length_nil,
-    Nat.lt_add_one, getElem_append_left, List.getElem_toArray, List.getElem_cons_zero]
-  cases lt a b
-  · rw [bne]
-    cases a == b <;> simp
-  · simp
+  rw [cons_lex_cons.forIn'_congr_aux (Nat.toList_rco_eq_cons (by omega)) rfl (fun _ _ _ => rfl)]
+  simp only [bind_pure_comp, map_pure, Nat.toList_rco_succ_succ, Nat.add_comm 1]
+  cases h : lt a b
+  · cases h' : a == b <;> simp [bne, *]
+  · simp [*]
 
 @[simp, grind =] theorem _root_.List.lex_toArray [BEq α] {lt : α → α → Bool} {l₁ l₂ : List α} :
     l₁.toArray.lex l₂.toArray lt = l₁.lex l₂ lt := by

src/Init/Data/Array/Monadic.lean

@@ -39,10 +39,6 @@ theorem map_toList_inj [Monad m] [LawfulMonad m]
 @[simp, grind =] theorem idRun_mapM {xs : Array α} {f : α → Id β} : (xs.mapM f).run = xs.map (f · |>.run) :=
   mapM_pure
 
-@[deprecated idRun_mapM (since := "2025-05-21")]
-theorem mapM_id {xs : Array α} {f : α → Id β} : xs.mapM f = xs.map f :=
-  mapM_pure
-
 @[simp, grind =] theorem mapM_map [Monad m] [LawfulMonad m] {f : α → β} {g : β → m γ} {xs : Array α} :
     (xs.map f).mapM g = xs.mapM (g ∘ f) := by
   rcases xs with ⟨xs⟩
@@ -201,13 +197,6 @@ theorem idRun_forIn'_yield_eq_foldl
       xs.attach.foldl (fun b ⟨a, h⟩ => f a h b |>.run) init := by
   simp
 
-@[deprecated idRun_forIn'_yield_eq_foldl (since := "2025-05-21")]
-theorem forIn'_yield_eq_foldl
-    {xs : Array α} (f : (a : α) → a ∈ xs → β → β) (init : β) :
-    forIn' (m := Id) xs init (fun a m b => .yield (f a m b)) =
-      xs.attach.foldl (fun b ⟨a, h⟩ => f a h b) init :=
-  forIn'_pure_yield_eq_foldl _ _
-
 @[simp, grind =] theorem forIn'_map [Monad m] [LawfulMonad m]
     {xs : Array α} (g : α → β) (f : (b : β) → b ∈ xs.map g → γ → m (ForInStep γ)) :
     forIn' (xs.map g) init f = forIn' xs init fun a h y => f (g a) (mem_map_of_mem h) y := by
@@ -249,13 +238,6 @@ theorem idRun_forIn_yield_eq_foldl
       xs.foldl (fun b a => f a b |>.run) init := by
   simp
 
-@[deprecated idRun_forIn_yield_eq_foldl (since := "2025-05-21")]
-theorem forIn_yield_eq_foldl
-    {xs : Array α} (f : α → β → β) (init : β) :
-    forIn (m := Id) xs init (fun a b => .yield (f a b)) =
-      xs.foldl (fun b a => f a b) init :=
-  forIn_pure_yield_eq_foldl _ _
-
 @[simp, grind =] theorem forIn_map [Monad m] [LawfulMonad m]
     {xs : Array α} {g : α → β} {f : β → γ → m (ForInStep γ)} :
     forIn (xs.map g) init f = forIn xs init fun a y => f (g a) y := by

src/Init/Data/Array/Subarray.lean

@@ -280,7 +280,7 @@ Checks whether any of the elements in a subarray satisfy a Boolean predicate.
 The elements are tested starting at the lowest index and moving up. The search terminates as soon as
 an element that satisfies the predicate is found.
 -/
-@[inline]
+@[inline, suggest_for Subarray.some]
 def any {α : Type u} (p : α → Bool) (as : Subarray α) : Bool :=
   Id.run <| as.anyM (pure <| p ·)
 
@@ -290,7 +290,7 @@ Checks whether all of the elements in a subarray satisfy a Boolean predicate.
 The elements are tested starting at the lowest index and moving up. The search terminates as soon as
 an element that does not satisfy the predicate is found.
 -/
-@[inline]
+@[inline, suggest_for Subarray.every]
 def all {α : Type u} (p : α → Bool) (as : Subarray α) : Bool :=
   Id.run <| as.allM (pure <| p ·)
 

src/Init/Data/Array/Zip.lean

@@ -353,14 +353,6 @@ theorem zipWithM_eq_mapM_id_zipWith {m : Type v → Type w} [Monad m] [LawfulMon
 
 /-! ### unzip -/
 
-@[deprecated fst_unzip (since := "2025-05-26")]
-theorem unzip_fst : (unzip l).fst = l.map Prod.fst := by
-  simp
-
-@[deprecated snd_unzip (since := "2025-05-26")]
-theorem unzip_snd : (unzip l).snd = l.map Prod.snd := by
-  simp
-
 @[grind =]
 theorem unzip_eq_map {xs : Array (α × β)} : unzip xs = (xs.map Prod.fst, xs.map Prod.snd) := by
   cases xs

src/Init/Data/BitVec/Basic.lean

@@ -77,9 +77,6 @@ Returns the `i`th least significant bit.
 -/
 @[inline, expose] def getLsb (x : BitVec w) (i : Fin w) : Bool := x.toNat.testBit i
 
-@[deprecated getLsb (since := "2025-06-17"), inherit_doc getLsb]
-abbrev getLsb' := @getLsb
-
 /-- Returns the `i`th least significant bit, or `none` if `i ≥ w`. -/
 @[inline, expose] def getLsb? (x : BitVec w) (i : Nat) : Option Bool :=
   if h : i < w then some (getLsb x ⟨i, h⟩) else none
@@ -89,9 +86,6 @@ Returns the `i`th most significant bit.
 -/
 @[inline] def getMsb (x : BitVec w) (i : Fin w) : Bool := x.getLsb ⟨w-1-i, by omega⟩
 
-@[deprecated getMsb (since := "2025-06-17"), inherit_doc getMsb]
-abbrev getMsb' := @getMsb
-
 /-- Returns the `i`th most significant bit or `none` if `i ≥ w`. -/
 @[inline] def getMsb? (x : BitVec w) (i : Nat) : Option Bool :=
   if h : i < w then some (getMsb x ⟨i, h⟩) else none

src/Init/Data/BitVec/Bitblast.lean

@@ -835,7 +835,7 @@ execution. -/
 structure DivModArgs (w : Nat) where
   /-- the numerator (aka, dividend) -/
   n : BitVec w
-  /-- the denumerator (aka, divisor)-/
+  /-- the denominator (aka, divisor)-/
   d : BitVec w
 
 /-- A `DivModState` is lawful if the remainder width `wr` plus the numerator width `wn` equals `w`,

src/Init/Data/BitVec/Lemmas.lean

@@ -145,10 +145,6 @@ theorem two_pow_le_toNat_of_getElem_eq_true {i : Nat} {x : BitVec w}
 @[grind =] theorem getMsbD_eq_getLsbD (x : BitVec w) (i : Nat) : x.getMsbD i = (decide (i < w) && x.getLsbD (w - 1 - i)) := by
   rw [getMsbD, getLsbD]
 
-@[deprecated getMsb_eq_getLsb (since := "2025-06-17")]
-theorem getMsb'_eq_getLsb' (x : BitVec w) (i : Nat) : x.getMsbD i = (decide (i < w) && x.getLsbD (w - 1 - i)) := by
-  rw [getMsbD, getLsbD]
-
 theorem getLsbD_eq_getMsbD (x : BitVec w) (i : Nat) : x.getLsbD i = (decide (i < w) && x.getMsbD (w - 1 - i)) := by
   rw [getMsbD]
   by_cases h₁ : i < w <;> by_cases h₂ : w - 1 - i < w <;>
@@ -1056,7 +1052,7 @@ theorem toInt_setWidth' {m n : Nat} (p : m ≤ n) {x : BitVec m} :
 @[simp, grind =] theorem toFin_setWidth' {m n : Nat} (p : m ≤ n) (x : BitVec m) :
     (setWidth' p x).toFin = x.toFin.castLE (Nat.pow_le_pow_right (by omega) (by omega)) := by
   ext
-  rw [setWidth'_eq, toFin_setWidth, Fin.val_ofNat, Fin.coe_castLE, val_toFin,
+  rw [setWidth'_eq, toFin_setWidth, Fin.val_ofNat, Fin.val_castLE, val_toFin,
     Nat.mod_eq_of_lt (by apply BitVec.toNat_lt_twoPow_of_le p)]
 
 theorem toNat_setWidth_of_le {w w' : Nat} {b : BitVec w} (h : w ≤ w') : (b.setWidth w').toNat = b.toNat := by
@@ -5601,7 +5597,7 @@ theorem msb_eq_toNat {x : BitVec w}:
   simp only [msb_eq_decide, ge_iff_le]
 
 /-- Negating a bitvector created from a natural number equals
-creating a bitvector from the the negative of that number.
+creating a bitvector from the negative of that number.
 -/
 theorem neg_ofNat_eq_ofInt_neg {w : Nat} {x : Nat} :
     - BitVec.ofNat w x = BitVec.ofInt w (- x) := by

src/Init/Data/Bool.lean

@@ -260,7 +260,7 @@ instance : Std.Associative (· != ·) := ⟨bne_assoc⟩
 
 theorem eq_not_of_ne : ∀ {x y : Bool}, x ≠ y → x = !y := by decide
 
-/-! ### coercision related normal forms -/
+/-! ### coercion related normal forms -/
 
 theorem beq_eq_decide_eq [BEq α] [LawfulBEq α] [DecidableEq α] (a b : α) :
     (a == b) = decide (a = b) := by

src/Init/Data/ByteArray/Basic.lean

@@ -132,6 +132,11 @@ Copies the bytes with indices {name}`b` (inclusive) to {name}`e` (exclusive) to
 def extract (a : ByteArray) (b e : Nat) : ByteArray :=
   a.copySlice b empty 0 (e - b)
 
+/--
+Appends two byte arrays using fast array primitives instead of converting them into lists and back.
+
+In compiled code, this function replaces calls to {name}`ByteArray.append`.
+-/
 @[inline]
 protected def fastAppend (a : ByteArray) (b : ByteArray) : ByteArray :=
   -- we assume that `append`s may be repeated, so use asymptotic growing; use `copySlice` directly to customize
@@ -243,7 +248,7 @@ protected def forIn {β : Type v} {m : Type v → Type w} [Monad m] (as : ByteAr
       | ForInStep.yield b => loop i (Nat.le_of_lt h') b
   loop as.size (Nat.le_refl _) b
 
-instance : ForIn m ByteArray UInt8 where
+instance [Monad m] : ForIn m ByteArray UInt8 where
   forIn := ByteArray.forIn
 
 /--

src/Init/Data/Fin/Basic.lean

@@ -56,10 +56,6 @@ theorem Internal.ofNat_eq_ofNat {n : Nat} {hn} {a : Nat} :
   letI : NeZero n := ⟨Nat.pos_iff_ne_zero.1 hn⟩
   Fin.Internal.ofNat n hn a = Fin.ofNat n a := rfl
 
-@[deprecated Fin.ofNat (since := "2025-05-28")]
-protected def ofNat' (n : Nat) [NeZero n] (a : Nat) : Fin n :=
-  Fin.ofNat n a
-
 -- We provide this because other similar types have a `toNat` function, but `simp` rewrites
 -- `i.toNat` to `i.val`.
 /--
@@ -246,6 +242,11 @@ instance neg (n : Nat) : Neg (Fin n) :=
 
 theorem neg_def (a : Fin n) : -a = ⟨(n - a) % n, Nat.mod_lt _ a.pos⟩ := rfl
 
+-- Later we give another version called `Fin.val_neg` that splits on `a = 0`.
+protected theorem val_neg' (a : Fin n) : ((-a : Fin n) : Nat) = (n - a) % n :=
+  rfl
+
+@[deprecated Fin.val_neg' (since := "2025-11-21")]
 protected theorem coe_neg (a : Fin n) : ((-a : Fin n) : Nat) = (n - a) % n :=
   rfl
 

src/Init/Data/Fin/Lemmas.lean

@@ -16,17 +16,23 @@ open Std
 
 namespace Fin
 
-@[simp] theorem ofNat_zero (n : Nat) [NeZero n] : Fin.ofNat n 0 = 0 := rfl
-
-@[deprecated ofNat_zero (since := "2025-05-28")] abbrev ofNat'_zero := @ofNat_zero
+@[simp, grind =] theorem ofNat_zero (n : Nat) [NeZero n] : Fin.ofNat n 0 = 0 := rfl
 
 theorem mod_def (a m : Fin n) : a % m = Fin.mk (a.val % m.val) (Nat.lt_of_le_of_lt (Nat.mod_le _ _) a.2) :=
   rfl
 
+theorem val_mod (a m : Fin n) : (a % m).val = a.val % m.val := rfl
+
 theorem mul_def (a b : Fin n) : a * b = Fin.mk ((a.val * b.val) % n) (Nat.mod_lt _ a.pos) := rfl
 
+theorem val_mul (a b : Fin n) : (a * b).val = (a.val * b.val) % n := rfl
+
 theorem sub_def (a b : Fin n) : a - b = Fin.mk (((n - b.val) + a.val) % n) (Nat.mod_lt _ a.pos) := rfl
 
+@[grind =]
+theorem val_sub (a b : Fin n) : (a - b).val = ((n - b.val) + a.val) % n := rfl
+
+@[grind →]
 theorem pos' : ∀ [Nonempty (Fin n)], 0 < n | ⟨i⟩ => i.pos
 
 @[simp] theorem is_lt (a : Fin n) : (a : Nat) < n := a.2
@@ -38,7 +44,8 @@ theorem pos_iff_nonempty {n : Nat} : 0 < n ↔ Nonempty (Fin n) :=
 
 @[simp] protected theorem eta (a : Fin n) (h : a < n) : (⟨a, h⟩ : Fin n) = a := rfl
 
-@[ext] protected theorem ext {a b : Fin n} (h : (a : Nat) = b) : a = b := eq_of_val_eq h
+@[ext, grind ext]
+protected theorem ext {a b : Fin n} (h : (a : Nat) = b) : a = b := eq_of_val_eq h
 
 theorem val_ne_iff {a b : Fin n} : a.1 ≠ b.1 ↔ a ≠ b := not_congr val_inj
 
@@ -67,29 +74,23 @@ theorem mk_val (i : Fin n) : (⟨i, i.isLt⟩ : Fin n) = i := Fin.eta ..
 @[simp, grind =] theorem val_ofNat (n : Nat) [NeZero n] (a : Nat) :
   (Fin.ofNat n a).val = a % n := rfl
 
-@[deprecated val_ofNat (since := "2025-05-28")] abbrev val_ofNat' := @val_ofNat
-
-@[simp] theorem ofNat_self {n : Nat} [NeZero n] : Fin.ofNat n n = 0 := by
+@[simp, grind =] theorem ofNat_self {n : Nat} [NeZero n] : Fin.ofNat n n = 0 := by
   ext
   simp
   congr
 
-@[deprecated ofNat_self (since := "2025-05-28")] abbrev ofNat'_self := @ofNat_self
-
 @[simp] theorem ofNat_val_eq_self [NeZero n] (x : Fin n) : (Fin.ofNat n x.val) = x := by
   ext
   rw [val_ofNat, Nat.mod_eq_of_lt]
   exact x.2
 
-@[deprecated ofNat_val_eq_self (since := "2025-05-28")] abbrev ofNat'_val_eq_self := @ofNat_val_eq_self
-
 @[simp] theorem mod_val (a b : Fin n) : (a % b).val = a.val % b.val :=
   rfl
 
 @[simp] theorem div_val (a b : Fin n) : (a / b).val = a.val / b.val :=
   rfl
 
-@[simp] theorem modn_val (a : Fin n) (b : Nat) : (a.modn b).val = a.val % b :=
+@[simp, grind =] theorem modn_val (a : Fin n) (b : Nat) : (a.modn b).val = a.val % b :=
   rfl
 
 @[simp] theorem val_eq_zero (a : Fin 1) : a.val = 0 :=
@@ -259,7 +260,9 @@ instance : LawfulOrderLT (Fin n) where
   lt_iff := by
     simp [← Fin.not_le, Decidable.imp_iff_not_or, Std.Total.total]
 
-@[simp, grind =] theorem val_rev (i : Fin n) : (rev i).val = n - (i + 1) := rfl
+@[simp] theorem val_rev (i : Fin n) : (rev i).val = n - (i + 1) := rfl
+
+grind_pattern val_rev => i.rev
 
 @[simp] theorem rev_rev (i : Fin n) : rev (rev i) = i := Fin.ext <| by
   rw [val_rev, val_rev, ← Nat.sub_sub, Nat.sub_sub_self (by exact i.2), Nat.add_sub_cancel]
@@ -284,6 +287,8 @@ theorem rev_eq {n a : Nat} (i : Fin (n + 1)) (h : n = a + i) :
 
 @[simp] theorem val_last (n : Nat) : (last n).1 = n := rfl
 
+grind_pattern val_last => last n
+
 @[simp] theorem last_zero : (Fin.last 0 : Fin 1) = 0 := by
   ext
   simp
@@ -393,6 +398,8 @@ theorem zero_ne_one : (0 : Fin (n + 2)) ≠ 1 := Fin.ne_of_lt zero_lt_one
 
 @[simp] theorem val_succ (j : Fin n) : (j.succ : Nat) = j + 1 := rfl
 
+grind_pattern val_succ => j.succ
+
 @[simp] theorem succ_pos (a : Fin n) : (0 : Fin (n + 1)) < a.succ := by
   simp [Fin.lt_def]
 
@@ -453,12 +460,18 @@ theorem one_lt_succ_succ (a : Fin n) : (1 : Fin (n + 2)) < a.succ.succ := by
 theorem succ_succ_ne_one (a : Fin n) : Fin.succ (Fin.succ a) ≠ 1 :=
   Fin.ne_of_gt (one_lt_succ_succ a)
 
-@[simp] theorem coe_castLT (i : Fin m) (h : i.1 < n) : (castLT i h : Nat) = i := rfl
+@[simp, grind =] theorem val_castLT (i : Fin m) (h : i.1 < n) : (castLT i h : Nat) = i := rfl
+
+@[deprecated val_castLT (since := "2025-11-21")]
+theorem coe_castLT (i : Fin m) (h : i.1 < n) : (castLT i h : Nat) = i := rfl
 
 @[simp] theorem castLT_mk (i n m : Nat) (hn : i < n) (hm : i < m) : castLT ⟨i, hn⟩ hm = ⟨i, hm⟩ :=
   rfl
 
-@[simp, grind =] theorem coe_castLE (h : n ≤ m) (i : Fin n) : (castLE h i : Nat) = i := rfl
+@[simp, grind =] theorem val_castLE (h : n ≤ m) (i : Fin n) : (castLE h i : Nat) = i := rfl
+
+@[deprecated val_castLE (since := "2025-11-21")]
+theorem coe_castLE (h : n ≤ m) (i : Fin n) : (castLE h i : Nat) = i := rfl
 
 @[simp] theorem castLE_mk (i n m : Nat) (hn : i < n) (h : n ≤ m) :
     castLE h ⟨i, hn⟩ = ⟨i, Nat.lt_of_lt_of_le hn h⟩ := rfl
@@ -470,13 +483,16 @@ theorem succ_succ_ne_one (a : Fin n) : Fin.succ (Fin.succ a) ≠ 1 :=
 
 @[simp] theorem castLE_castLE {k m n} (km : k ≤ m) (mn : m ≤ n) (i : Fin k) :
     Fin.castLE mn (Fin.castLE km i) = Fin.castLE (Nat.le_trans km mn) i :=
-  Fin.ext (by simp only [coe_castLE])
+  Fin.ext (by simp only [val_castLE])
 
 @[simp] theorem castLE_comp_castLE {k m n} (km : k ≤ m) (mn : m ≤ n) :
     Fin.castLE mn ∘ Fin.castLE km = Fin.castLE (Nat.le_trans km mn) :=
   funext (castLE_castLE km mn)
 
-@[simp] theorem coe_cast (h : n = m) (i : Fin n) : (i.cast h : Nat) = i := rfl
+@[simp, grind =] theorem val_cast (h : n = m) (i : Fin n) : (i.cast h : Nat) = i := rfl
+
+@[deprecated val_cast (since := "2025-11-21")]
+theorem coe_cast (h : n = m) (i : Fin n) : (i.cast h : Nat) = i := rfl
 
 @[simp] theorem cast_castLE {k m n} (km : k ≤ m) (mn : m = n) (i : Fin k) :
     Fin.cast mn (i.castLE km) = i.castLE (mn ▸ km) :=
@@ -489,7 +505,7 @@ theorem succ_succ_ne_one (a : Fin n) : Fin.succ (Fin.succ a) ≠ 1 :=
 @[simp] theorem cast_zero [NeZero n] [NeZero m] (h : n = m) : Fin.cast h 0 = 0 := rfl
 
 @[simp] theorem cast_last {n' : Nat} {h : n + 1 = n' + 1} : (last n).cast h  = last n' :=
-  Fin.ext (by rw [coe_cast, val_last, val_last, Nat.succ.inj h])
+  Fin.ext (by rw [val_cast, val_last, val_last, Nat.succ.inj h])
 
 @[simp] theorem cast_mk (h : n = m) (i : Nat) (hn : i < n) : Fin.cast h ⟨i, hn⟩ = ⟨i, h ▸ hn⟩ := rfl
 
@@ -504,7 +520,10 @@ theorem succ_succ_ne_one (a : Fin n) : Fin.succ (Fin.succ a) ≠ 1 :=
 
 theorem castLE_of_eq {m n : Nat} (h : m = n) {h' : m ≤ n} : castLE h' = Fin.cast h := rfl
 
-@[simp] theorem coe_castAdd (m : Nat) (i : Fin n) : (castAdd m i : Nat) = i := rfl
+@[simp, grind =] theorem val_castAdd (m : Nat) (i : Fin n) : (castAdd m i : Nat) = i := rfl
+
+@[deprecated val_castAdd (since := "2025-11-21")]
+theorem coe_castAdd (m : Nat) (i : Fin n) : (castAdd m i : Nat) = i := rfl
 
 @[simp] theorem castAdd_zero : (castAdd 0 : Fin n → Fin (n + 0)) = Fin.cast rfl := rfl
 
@@ -540,7 +559,10 @@ the reverse direction. -/
 theorem succ_cast_eq {n' : Nat} (i : Fin n) (h : n = n') :
     (i.cast h).succ = i.succ.cast (by rw [h]) := rfl
 
-@[simp] theorem coe_castSucc (i : Fin n) : (i.castSucc : Nat) = i := rfl
+@[simp, grind =] theorem val_castSucc (i : Fin n) : (i.castSucc : Nat) = i := rfl
+
+@[deprecated val_castSucc (since := "2025-11-21")]
+theorem coe_castSucc (i : Fin n) : (i.castSucc : Nat) = i := rfl
 
 @[simp] theorem castSucc_mk (n i : Nat) (h : i < n) : castSucc ⟨i, h⟩ = ⟨i, Nat.lt_succ_of_lt h⟩ := rfl
 
@@ -548,7 +570,7 @@ theorem succ_cast_eq {n' : Nat} (i : Fin n) (h : n = n') :
     i.castSucc.cast h = (i.cast (Nat.succ.inj h)).castSucc := rfl
 
 theorem castSucc_lt_succ {i : Fin n} : i.castSucc < i.succ :=
-  lt_def.2 <| by simp only [coe_castSucc, val_succ, Nat.lt_succ_self]
+  lt_def.2 <| by simp only [val_castSucc, val_succ, Nat.lt_succ_self]
 
 theorem le_castSucc_iff {i : Fin (n + 1)} {j : Fin n} : i ≤ j.castSucc ↔ i < j.succ := by
   simpa only [lt_def, le_def] using Nat.add_one_le_add_one_iff.symm
@@ -602,7 +624,7 @@ theorem coeSucc_eq_succ {a : Fin n} : a.castSucc + 1 = a.succ := by
 
 @[deprecated castSucc_lt_succ (since := "2025-10-29")]
 theorem lt_succ {a : Fin n} : a.castSucc < a.succ := by
-  rw [castSucc, lt_def, coe_castAdd, val_succ]; exact Nat.lt_succ_self a.val
+  rw [castSucc, lt_def, val_castAdd, val_succ]; exact Nat.lt_succ_self a.val
 
 theorem exists_castSucc_eq {n : Nat} {i : Fin (n + 1)} : (∃ j, castSucc j = i) ↔ i ≠ last n :=
   ⟨fun ⟨j, hj⟩ => hj ▸ Fin.ne_of_lt j.castSucc_lt_last,
@@ -610,7 +632,10 @@ theorem exists_castSucc_eq {n : Nat} {i : Fin (n + 1)} : (∃ j, castSucc j = i)
 
 theorem succ_castSucc {n : Nat} (i : Fin n) : i.castSucc.succ = i.succ.castSucc := rfl
 
-@[simp] theorem coe_addNat (m : Nat) (i : Fin n) : (addNat i m : Nat) = i + m := rfl
+@[simp, grind =] theorem val_addNat (m : Nat) (i : Fin n) : (addNat i m : Nat) = i + m := rfl
+
+@[deprecated val_addNat (since := "2025-11-21")]
+theorem coe_addNat (m : Nat) (i : Fin n) : (addNat i m : Nat) = i + m := rfl
 
 @[simp] theorem addNat_zero (n : Nat) (i : Fin n) : addNat i 0 = i := by
   ext
@@ -638,7 +663,10 @@ theorem cast_addNat_left {n n' m : Nat} (i : Fin n') (h : n' + m = n + m) :
     (addNat i m').cast h = addNat i m :=
   Fin.ext <| (congrArg ((· + ·) (i : Nat)) (Nat.add_left_cancel h) : _)
 
-@[simp] theorem coe_natAdd (n : Nat) {m : Nat} (i : Fin m) : (natAdd n i : Nat) = n + i := rfl
+@[simp, grind =] theorem val_natAdd (n : Nat) {m : Nat} (i : Fin m) : (natAdd n i : Nat) = n + i := rfl
+
+@[deprecated val_natAdd (since := "2025-11-21")]
+theorem coe_natAdd (n : Nat) {m : Nat} (i : Fin m) : (natAdd n i : Nat) = n + i := rfl
 
 @[simp] theorem natAdd_mk (n i : Nat) (hi : i < m) :
     natAdd n ⟨i, hi⟩ = ⟨n + i, Nat.add_lt_add_left hi n⟩ := rfl
@@ -695,7 +723,7 @@ theorem natAdd_castSucc {m n : Nat} {i : Fin m} : natAdd n (castSucc i) = castSu
   omega
 
 theorem rev_castAdd (k : Fin n) (m : Nat) : rev (castAdd m k) = addNat (rev k) m := Fin.ext <| by
-  rw [val_rev, coe_castAdd, coe_addNat, val_rev, Nat.sub_add_comm (Nat.succ_le_of_lt k.is_lt)]
+  rw [val_rev, val_castAdd, val_addNat, val_rev, Nat.sub_add_comm (Nat.succ_le_of_lt k.is_lt)]
 
 theorem rev_addNat (k : Fin n) (m : Nat) : rev (addNat k m) = castAdd m (rev k) := by
   rw [← rev_rev (castAdd ..), rev_castAdd, rev_rev]
@@ -717,7 +745,12 @@ theorem castSucc_natAdd (n : Nat) (i : Fin k) :
 
 /-! ### pred -/
 
-@[simp] theorem coe_pred (j : Fin (n + 1)) (h : j ≠ 0) : (j.pred h : Nat) = j - 1 := rfl
+@[simp] theorem val_pred (j : Fin (n + 1)) (h : j ≠ 0) : (j.pred h : Nat) = j - 1 := rfl
+
+grind_pattern val_pred => j.pred h
+
+@[deprecated val_pred (since := "2025-11-21")]
+theorem coe_pred (j : Fin (n + 1)) (h : j ≠ 0) : (j.pred h : Nat) = j - 1 := rfl
 
 @[simp] theorem succ_pred : ∀ (i : Fin (n + 1)) (h : i ≠ 0), (i.pred h).succ = i
   | ⟨0, _⟩, hi => by simp only [mk_zero, ne_eq, not_true] at hi
@@ -735,7 +768,7 @@ theorem pred_eq_iff_eq_succ {n : Nat} {i : Fin (n + 1)} (hi : i ≠ 0) {j : Fin
 theorem pred_mk_succ (i : Nat) (h : i < n + 1) :
     Fin.pred ⟨i + 1, Nat.add_lt_add_right h 1⟩ (ne_of_val_ne (Nat.ne_of_gt (mk_succ_pos i h))) =
       ⟨i, h⟩ := by
-  simp only [Fin.ext_iff, coe_pred, Nat.add_sub_cancel]
+  simp only [Fin.ext_iff, val_pred, Nat.add_sub_cancel]
 
 @[simp] theorem pred_mk_succ' (i : Nat) (h₁ : i + 1 < n + 1 + 1) (h₂) :
     Fin.pred ⟨i + 1, h₁⟩ h₂ = ⟨i, Nat.lt_of_succ_lt_succ h₁⟩ := pred_mk_succ i _
@@ -762,10 +795,13 @@ theorem pred_mk {n : Nat} (i : Nat) (h : i < n + 1) (w) : Fin.pred ⟨i, h⟩ w
 
 theorem pred_add_one (i : Fin (n + 2)) (h : (i : Nat) < n + 1) :
     pred (i + 1) (Fin.ne_of_gt (add_one_pos _ (lt_def.2 h))) = castLT i h := by
-  rw [Fin.ext_iff, coe_pred, coe_castLT, val_add, val_one, Nat.mod_eq_of_lt, Nat.add_sub_cancel]
+  rw [Fin.ext_iff, val_pred, val_castLT, val_add, val_one, Nat.mod_eq_of_lt, Nat.add_sub_cancel]
   exact Nat.add_lt_add_right h 1
 
-@[simp] theorem coe_subNat (i : Fin (n + m)) (h : m ≤ i) : (i.subNat m h : Nat) = i - m := rfl
+@[simp, grind =] theorem val_subNat (i : Fin (n + m)) (h : m ≤ i) : (i.subNat m h : Nat) = i - m := rfl
+
+@[deprecated val_subNat (since := "2025-11-21")]
+theorem coe_subNat (i : Fin (n + m)) (h : m ≤ i) : (i.subNat m h : Nat) = i - m := rfl
 
 @[simp] theorem subNat_mk {i : Nat} (h₁ : i < n + m) (h₂ : m ≤ i) :
     subNat m ⟨i, h₁⟩ h₂ = ⟨i - m, Nat.sub_lt_right_of_lt_add h₂ h₁⟩ := rfl
@@ -830,11 +866,11 @@ step. `Fin.succRec` is a version of this induction principle that takes the `Fin
     (zero : ∀ n, motive (n + 1) 0) (succ : ∀ n i, motive n i → motive (Nat.succ n) i.succ) :
     motive n i := i.succRec zero succ
 
-@[simp] theorem succRecOn_zero {motive : ∀ n, Fin n → Sort _} {zero succ} (n) :
+@[simp, grind =] theorem succRecOn_zero {motive : ∀ n, Fin n → Sort _} {zero succ} (n) :
     @Fin.succRecOn (n + 1) 0 motive zero succ = zero n := by
   cases n <;> rfl
 
-@[simp] theorem succRecOn_succ {motive : ∀ n, Fin n → Sort _} {zero succ} {n} (i : Fin n) :
+@[simp, grind =] theorem succRecOn_succ {motive : ∀ n, Fin n → Sort _} {zero succ} {n} (i : Fin n) :
     @Fin.succRecOn (n + 1) i.succ motive zero succ = succ n i (Fin.succRecOn i zero succ) := by
   cases i; rfl
 
@@ -862,11 +898,11 @@ where
   | 0, hi => by rwa [Fin.mk_zero]
   | i+1, hi => succ ⟨i, Nat.lt_of_succ_lt_succ hi⟩ (go i (Nat.lt_of_succ_lt hi))
 
-@[simp] theorem induction_zero {motive : Fin (n + 1) → Sort _} (zero : motive 0)
+@[simp, grind =] theorem induction_zero {motive : Fin (n + 1) → Sort _} (zero : motive 0)
     (hs : ∀ i : Fin n, motive (castSucc i) → motive i.succ) :
     (induction zero hs : ∀ i : Fin (n + 1), motive i) 0 = zero := rfl
 
-@[simp] theorem induction_succ {motive : Fin (n + 1) → Sort _} (zero : motive 0)
+@[simp, grind =] theorem induction_succ {motive : Fin (n + 1) → Sort _} (zero : motive 0)
     (succ : ∀ i : Fin n, motive (castSucc i) → motive i.succ) (i : Fin n) :
     induction (motive := motive) zero succ i.succ = succ i (induction zero succ (castSucc i)) := rfl
 
@@ -898,13 +934,13 @@ The corresponding induction principle is `Fin.induction`.
     (zero : motive 0) (succ : ∀ i : Fin n, motive i.succ) :
     ∀ i : Fin (n + 1), motive i := induction zero fun i _ => succ i
 
-@[simp] theorem cases_zero {n} {motive : Fin (n + 1) → Sort _} {zero succ} :
+@[simp, grind =] theorem cases_zero {n} {motive : Fin (n + 1) → Sort _} {zero succ} :
     @Fin.cases n motive zero succ 0 = zero := rfl
 
-@[simp] theorem cases_succ {n} {motive : Fin (n + 1) → Sort _} {zero succ} (i : Fin n) :
+@[simp, grind =] theorem cases_succ {n} {motive : Fin (n + 1) → Sort _} {zero succ} (i : Fin n) :
     @Fin.cases n motive zero succ i.succ = succ i := rfl
 
-@[simp] theorem cases_succ' {n} {motive : Fin (n + 1) → Sort _} {zero succ}
+@[simp, grind =] theorem cases_succ' {n} {motive : Fin (n + 1) → Sort _} {zero succ}
     {i : Nat} (h : i + 1 < n + 1) :
     @Fin.cases n motive zero succ ⟨i.succ, h⟩ = succ ⟨i, Nat.lt_of_succ_lt_succ h⟩ := rfl
 
@@ -954,7 +990,7 @@ For the induction:
       | j + 1 => go j (by omega) (by omega) (cast ⟨j, by omega⟩ x)
   go _ _ (by omega) last
 
-@[simp] theorem reverseInduction_last {n : Nat} {motive : Fin (n + 1) → Sort _} {zero succ} :
+@[simp, grind =] theorem reverseInduction_last {n : Nat} {motive : Fin (n + 1) → Sort _} {zero succ} :
     (reverseInduction zero succ (Fin.last n) : motive (Fin.last n)) = zero := by
   rw [reverseInduction, reverseInduction.go]; simp
 
@@ -971,7 +1007,7 @@ private theorem reverseInduction_castSucc_aux {n : Nat} {motive : Fin (n + 1)
     dsimp only
     rw [ih _ _ (by omega), eq_comm, reverseInduction.go, dif_neg (by change i.1 + 1 ≠ _; omega)]
 
-@[simp] theorem reverseInduction_castSucc {n : Nat} {motive : Fin (n + 1) → Sort _} {zero succ}
+@[simp, grind =] theorem reverseInduction_castSucc {n : Nat} {motive : Fin (n + 1) → Sort _} {zero succ}
     (i : Fin n) : reverseInduction (motive := motive) zero succ (castSucc i) =
       succ i (reverseInduction zero succ i.succ) := by
   rw [reverseInduction, reverseInduction_castSucc_aux _ _ _ i.isLt, reverseInduction]
@@ -990,11 +1026,11 @@ The corresponding induction principle is `Fin.reverseInduction`.
     (cast : ∀ i : Fin n, motive (castSucc i)) (i : Fin (n + 1)) : motive i :=
   reverseInduction last (fun i _ => cast i) i
 
-@[simp] theorem lastCases_last {n : Nat} {motive : Fin (n + 1) → Sort _} {last cast} :
+@[simp, grind =] theorem lastCases_last {n : Nat} {motive : Fin (n + 1) → Sort _} {last cast} :
     (Fin.lastCases last cast (Fin.last n) : motive (Fin.last n)) = last :=
   reverseInduction_last ..
 
-@[simp] theorem lastCases_castSucc {n : Nat} {motive : Fin (n + 1) → Sort _} {last cast}
+@[simp, grind =] theorem lastCases_castSucc {n : Nat} {motive : Fin (n + 1) → Sort _} {last cast}
     (i : Fin n) : (Fin.lastCases last cast (Fin.castSucc i) : motive (Fin.castSucc i)) = cast i :=
   reverseInduction_castSucc ..
 
@@ -1014,11 +1050,11 @@ as `Fin.natAdd m (j : Fin n)`.
   if hi : (i : Nat) < m then (castAdd_castLT n i hi) ▸ (left (castLT i hi))
   else (natAdd_subNat_cast (Nat.le_of_not_lt hi)) ▸ (right _)
 
-@[simp] theorem addCases_left {m n : Nat} {motive : Fin (m + n) → Sort _} {left right} (i : Fin m) :
+@[simp, grind =] theorem addCases_left {m n : Nat} {motive : Fin (m + n) → Sort _} {left right} (i : Fin m) :
     addCases (motive := motive) left right (Fin.castAdd n i) = left i := by
   rw [addCases, dif_pos (castAdd_lt _ _)]; rfl
 
-@[simp]
+@[simp, grind =]
 theorem addCases_right {m n : Nat} {motive : Fin (m + n) → Sort _} {left right} (i : Fin n) :
     addCases (motive := motive) left right (natAdd m i) = right i := by
   have : ¬(natAdd m i : Nat) < m := Nat.not_lt.2 (le_coe_natAdd ..)
@@ -1040,17 +1076,14 @@ theorem ofNat_add [NeZero n] (x : Nat) (y : Fin n) :
   apply Fin.eq_of_val_eq
   simp [Fin.ofNat, Fin.add_def]
 
-@[deprecated ofNat_add (since := "2025-05-28")] abbrev ofNat_add' := @ofNat_add
-
 theorem add_ofNat [NeZero n] (x : Fin n) (y : Nat) :
     x + Fin.ofNat n y = Fin.ofNat n (x.val + y) := by
   apply Fin.eq_of_val_eq
   simp [Fin.ofNat, Fin.add_def]
 
-@[deprecated add_ofNat (since := "2025-05-28")] abbrev add_ofNat' := @add_ofNat
-
 /-! ### sub -/
 
+@[deprecated val_sub (since := "2025-11-21")]
 protected theorem coe_sub (a b : Fin n) : ((a - b : Fin n) : Nat) = ((n - b) + a) % n := by
   cases a; cases b; rfl
 
@@ -1059,15 +1092,11 @@ theorem ofNat_sub [NeZero n] (x : Nat) (y : Fin n) :
   apply Fin.eq_of_val_eq
   simp [Fin.ofNat, Fin.sub_def]
 
-@[deprecated ofNat_sub (since := "2025-05-28")] abbrev ofNat_sub' := @ofNat_sub
-
 theorem sub_ofNat [NeZero n] (x : Fin n) (y : Nat) :
     x - Fin.ofNat n y = Fin.ofNat n ((n - y % n) + x.val) := by
   apply Fin.eq_of_val_eq
   simp [Fin.ofNat, Fin.sub_def]
 
-@[deprecated sub_ofNat (since := "2025-05-28")] abbrev sub_ofNat' := @sub_ofNat
-
 @[simp] protected theorem sub_self [NeZero n] {x : Fin n} : x - x = 0 := by
   ext
   rw [Fin.sub_def]
@@ -1102,6 +1131,7 @@ theorem coe_sub_iff_lt {a b : Fin n} : (↑(a - b) : Nat) = n + a - b ↔ a < b
 
 /-! ### neg -/
 
+@[grind =]
 theorem val_neg {n : Nat} [NeZero n] (x : Fin n) :
     (-x).val = if x = 0 then 0 else n - x.val := by
   change (n - ↑x) % n = _
@@ -1117,7 +1147,7 @@ protected theorem sub_eq_add_neg {n : Nat} (x y : Fin n) : x - y = x + -y := by
     apply elim0 x
   · replace h : NeZero n := ⟨h⟩
     ext
-    rw [Fin.coe_sub, Fin.val_add, val_neg]
+    rw [Fin.val_sub, Fin.val_add, val_neg]
     split
     · simp_all
     · simp [Nat.add_comm]
@@ -1129,18 +1159,11 @@ theorem ofNat_mul [NeZero n] (x : Nat) (y : Fin n) :
   apply Fin.eq_of_val_eq
   simp [Fin.ofNat, Fin.mul_def]
 
-@[deprecated ofNat_mul (since := "2025-05-28")] abbrev ofNat_mul' := @ofNat_mul
-
 theorem mul_ofNat [NeZero n] (x : Fin n) (y : Nat) :
     x * Fin.ofNat n y = Fin.ofNat n (x.val * y) := by
   apply Fin.eq_of_val_eq
   simp [Fin.ofNat, Fin.mul_def]
 
-@[deprecated mul_ofNat (since := "2025-05-28")] abbrev mul_ofNat' := @mul_ofNat
-
-theorem val_mul {n : Nat} : ∀ a b : Fin n, (a * b).val = a.val * b.val % n
-  | ⟨_, _⟩, ⟨_, _⟩ => rfl
-
 @[deprecated val_mul (since := "2025-10-26")]
 theorem coe_mul {n : Nat} : ∀ a b : Fin n, ((a * b : Fin n) : Nat) = a * b % n
   | ⟨_, _⟩, ⟨_, _⟩ => rfl

src/Init/Data/FloatArray/Basic.lean

@@ -42,7 +42,7 @@ instance : EmptyCollection FloatArray where
 def push : FloatArray → Float → FloatArray
   | ⟨ds⟩, b => ⟨ds.push b⟩
 
-@[extern "lean_float_array_size"]
+@[extern "lean_float_array_size", tagged_return]
 def size : (@& FloatArray) → Nat
   | ⟨ds⟩ => ds.size
 
@@ -129,7 +129,7 @@ protected def forIn {β : Type v} {m : Type v → Type w} [Monad m] (as : FloatA
       | ForInStep.yield b => loop i (Nat.le_of_lt h') b
   loop as.size (Nat.le_refl _) b
 
-instance : ForIn m FloatArray Float where
+instance [Monad m] : ForIn m FloatArray Float where
   forIn := FloatArray.forIn
 
 /-- See comment at `forInUnsafe` -/

src/Init/Data/Int/Basic.lean

@@ -42,6 +42,7 @@ larger numbers use a fast arbitrary-precision arithmetic library (usually
 than the platform's pointer size (i.e. 63 bits on 64-bit architectures and 31 bits on 32-bit
 architectures).
 -/
+@[suggest_for ℤ]
 inductive Int : Type where
   /--
   A natural number is an integer.
@@ -278,7 +279,11 @@ set_option bootstrap.genMatcherCode false in
 def decNonneg (m : @& Int) : Decidable (NonNeg m) :=
   match m with
   | ofNat m => isTrue <| NonNeg.mk m
-  | -[_ +1] => isFalse <| fun h => nomatch h
+  | -[i +1] => isFalse <| fun h =>
+    have : ∀ j, (j = -[i +1]) → NonNeg j → False := fun _ hj hnn =>
+      Int.NonNeg.casesOn (motive := fun j _ => j = -[i +1] → False) hnn
+        (fun _ h => Int.noConfusion h) hj
+    this -[i +1] rfl h
 
 /-- Decides whether `a ≤ b`.
 

src/Init/Data/Int/DivMod/Lemmas.lean

@@ -1781,6 +1781,16 @@ theorem ediv_lt_ediv_iff_of_dvd_of_neg_of_neg {a b c d : Int} (hb : b < 0) (hd :
   obtain ⟨⟨x, rfl⟩, y, rfl⟩ := hba, hdc
   simp [*, Int.ne_of_lt, d.mul_assoc, b.mul_comm]
 
+theorem ediv_lt_ediv_of_lt {a b c : Int} (h : a < b) (hcb : c ∣ b) (hc : 0 < c) :
+    a / c < b / c :=
+  Int.lt_ediv_of_mul_lt (Int.le_of_lt hc) hcb 
+    (Int.lt_of_le_of_lt (Int.ediv_mul_le _ (Int.ne_of_gt hc)) h)
+  
+theorem ediv_lt_ediv_of_lt_of_neg {a b c : Int} (h : b < a) (hca : c ∣ a) (hc : c < 0) :
+    a / c < b / c :=
+  (Int.ediv_lt_iff_of_dvd_of_neg hc hca).2 
+    (Int.lt_of_le_of_lt (Int.mul_ediv_self_le (Int.ne_of_lt hc)) h)
+
 /-! ### `tdiv` and ordering -/
 
 -- Theorems about `tdiv` and ordering, whose `ediv` analogues are in `Bootstrap.lean`.

src/Init/Data/Int/Lemmas.lean

@@ -29,13 +29,6 @@ theorem subNatNat_of_sub_eq_succ {m n k : Nat} (h : n - m = succ k) : subNatNat
 @[norm_cast] theorem natCast_succ (n : Nat) : (succ n : Int) = n + 1 := rfl
 @[norm_cast] theorem natCast_add_one (n : Nat) : ((n + 1 : Nat) : Int) = n + 1 := rfl
 
-@[deprecated natCast_add (since := "2025-04-17")]
-theorem ofNat_add (n m : Nat) : (↑(n + m) : Int) = n + m := rfl
-@[deprecated natCast_mul (since := "2025-04-17")]
-theorem ofNat_mul (n m : Nat) : (↑(n * m) : Int) = n * m := rfl
-@[deprecated natCast_succ (since := "2025-04-17")]
-theorem ofNat_succ (n : Nat) : (succ n : Int) = n + 1 := rfl
-
 theorem neg_ofNat_zero : -((0 : Nat) : Int) = 0 := rfl
 theorem neg_ofNat_succ (n : Nat) : -(succ n : Int) = -[n+1] := rfl
 @[simp] theorem neg_negSucc (n : Nat) : -(-[n+1]) = ((n + 1 : Nat) : Int) := rfl

src/Init/Data/Int/Order.lean

@@ -81,10 +81,7 @@ theorem lt.dest {a b : Int} (h : a < b) : ∃ n : Nat, a + Nat.succ n = b :=
 @[simp, norm_cast] theorem ofNat_lt {n m : Nat} : (↑n : Int) < ↑m ↔ n < m := by
   rw [lt_iff_add_one_le, ← natCast_succ, ofNat_le]; rfl
 
-@[simp, norm_cast] theorem natCast_pos {n : Nat} : (0 : Int) < n ↔ 0 < n := ofNat_lt
-
-@[deprecated natCast_pos (since := "2025-05-13"), simp high]
-theorem ofNat_pos {n : Nat} : 0 < (↑n : Int) ↔ 0 < n := ofNat_lt
+@[simp high, norm_cast] theorem natCast_pos {n : Nat} : (0 : Int) < n ↔ 0 < n := ofNat_lt
 
 @[simp]
 theorem natCast_nonneg (n : Nat) : 0 ≤ (n : Int) := ⟨_⟩
@@ -92,6 +89,8 @@ theorem natCast_nonneg (n : Nat) : 0 ≤ (n : Int) := ⟨_⟩
 @[deprecated natCast_nonneg (since := "2025-10-26")]
 theorem ofNat_zero_le (n : Nat) : 0 ≤ (↑n : Int) := ofNat_le.2 n.zero_le
 
+-- This was still being used in `omega` as of 2025-12-12,
+-- so we're keeping this for another month.
 @[deprecated natCast_nonneg (since := "2025-05-13")]
 theorem ofNat_nonneg (n : Nat) : 0 ≤ (n : Int) := ⟨_⟩
 
@@ -377,6 +376,15 @@ protected theorem le_iff_lt_add_one {a b : Int} : a ≤ b ↔ a < b + 1 := by
 
 @[grind =] protected theorem max_def (n m : Int) : max n m = if n ≤ m then m else n := rfl
 
+end Int
+namespace Lean.Meta.Grind.Lia
+
+scoped grind_pattern Int.min_def => min n m
+scoped grind_pattern Int.max_def => max n m
+
+end Lean.Meta.Grind.Lia
+namespace Int
+
 @[simp] protected theorem neg_min_neg (a b : Int) : min (-a) (-b) = -max a b := by
   rw [Int.min_def, Int.max_def]
   simp

src/Init/Data/Iterators/Basic.lean

@@ -393,6 +393,16 @@ abbrev IterM.Step {α : Type w} {m : Type w → Type w'} {β : Type w} [Iterator
     (it : IterM (α := α) m β) :=
   PlausibleIterStep it.IsPlausibleStep
 
+/--
+Makes a single step with the given iterator `it`, potentially emitting a value and providing a
+succeeding iterator. If this function is used recursively, termination can sometimes be proved with
+the termination measures `it.finitelyManySteps` and `it.finitelyManySkips`.
+-/
+@[always_inline, inline, expose]
+def IterM.step {α : Type w} {m : Type w → Type w'} {β : Type w} [Iterator α m β]
+    (it : IterM (α := α) m β) : m (Shrink it.Step) :=
+  Iterator.step it
+
 /--
 Asserts that a certain output value could plausibly be emitted by the given iterator in its next
 step.
@@ -420,16 +430,6 @@ def IterM.IsPlausibleSkipSuccessorOf {α : Type w} {m : Type w → Type w'} {β
     [Iterator α m β] (it' it : IterM (α := α) m β) : Prop :=
   it.IsPlausibleStep (.skip it')
 
-/--
-Makes a single step with the given iterator `it`, potentially emitting a value and providing a
-succeeding iterator. If this function is used recursively, termination can sometimes be proved with
-the termination measures `it.finitelyManySteps` and `it.finitelyManySkips`.
--/
-@[always_inline, inline, expose]
-def IterM.step {α : Type w} {m : Type w → Type w'} {β : Type w} [Iterator α m β]
-    (it : IterM (α := α) m β) : m (Shrink it.Step) :=
-  Iterator.step it
-
 end Monadic
 
 section Pure
@@ -678,6 +678,7 @@ Given this typeclass, termination proofs for well-founded recursion over an iter
 `it.finitelyManySteps` as a termination measure.
 -/
 class Finite (α : Type w) (m : Type w → Type w') {β : Type w} [Iterator α m β] : Prop where
+  /-- The relation of plausible successors is well-founded. -/
   wf : WellFounded (IterM.IsPlausibleSuccessorOf (α := α) (m := m))
 
 theorem Finite.wf_of_id {α : Type w} {β : Type w} [Iterator α Id β] [Finite α Id] :
@@ -716,6 +717,15 @@ def IterM.finitelyManySteps {α : Type w} {m : Type w → Type w'} {β : Type w}
     [Finite α m] (it : IterM (α := α) m β) : IterM.TerminationMeasures.Finite α m :=
   ⟨it⟩
 
+/--
+Termination measure to be used in well-founded recursive functions recursing over a finite iterator
+(see also `Finite`).
+-/
+@[expose]
+def IterM.finitelyManySteps! {α : Type w} {m : Type w → Type w'} {β : Type w} [Iterator α m β]
+    (it : IterM (α := α) m β) : IterM.TerminationMeasures.Finite α m :=
+  ⟨it⟩
+
 /--
 This theorem is used by a `decreasing_trivial` extension. It powers automatic termination proofs
 with `IterM.finitelyManySteps`.
@@ -797,6 +807,7 @@ Given this typeclass, termination proofs for well-founded recursion over an iter
 `it.finitelyManySkips` as a termination measure.
 -/
 class Productive (α m) {β} [Iterator α m β] : Prop where
+  /-- The relation of plausible successors during skips is well-founded. -/
   wf : WellFounded (IterM.IsPlausibleSkipSuccessorOf (α := α) (m := m))
 
 /--

src/Init/Data/Iterators/Combinators/Monadic/Attach.lean

@@ -91,21 +91,11 @@ instance Attach.instIteratorCollect {α β : Type w} {m : Type w → Type w'} [M
     IteratorCollect (Attach α m P) m n :=
   .defaultImplementation
 
-instance Attach.instIteratorCollectPartial {α β : Type w} {m : Type w → Type w'} [Monad m]
-    [Monad n] {P : β → Prop} [Iterator α m β] :
-    IteratorCollectPartial (Attach α m P) m n :=
-  .defaultImplementation
-
 instance Attach.instIteratorLoop {α β : Type w} {m : Type w → Type w'} [Monad m]
     {n : Type x → Type x'} [Monad n] {P : β → Prop} [Iterator α m β] :
     IteratorLoop (Attach α m P) m n :=
   .defaultImplementation
 
-instance Attach.instIteratorLoopPartial {α β : Type w} {m : Type w → Type w'} [Monad m]
-    {n : Type x → Type x'} [Monad n] {P : β → Prop} [Iterator α m β] :
-    IteratorLoopPartial (Attach α m P) m n :=
-  .defaultImplementation
-
 end Types
 
 /--

src/Init/Data/Iterators/Combinators/Monadic/FilterMap.lean

@@ -221,25 +221,11 @@ instance {α β γ : Type w} {m : Type w → Type w'}
     IteratorCollect (FilterMap α m n lift f) n o :=
   .defaultImplementation
 
-instance {α β γ : Type w} {m : Type w → Type w'}
-    {n : Type w → Type w''} {o : Type w → Type x} [Monad n] [Monad o] [Iterator α m β]
-    {lift : ⦃α : Type w⦄ → m α → n α}
-    {f : β → PostconditionT n (Option γ)} [Finite α m] :
-    IteratorCollectPartial (FilterMap α m n lift f) n o :=
-  .defaultImplementation
-
 instance FilterMap.instIteratorLoop {α β γ : Type w} {m : Type w → Type w'}
-    {n : Type w → Type w''} {o : Type x → Type x'}
-    [Monad n] [Monad o] [Iterator α m β] {lift : ⦃α : Type w⦄ → m α → n α}
-    {f : β → PostconditionT n (Option γ)} [Finite α m] :
-    IteratorLoop (FilterMap α m n lift f) n o :=
-  .defaultImplementation
-
-instance FilterMap.instIteratorLoopPartial {α β γ : Type w} {m : Type w → Type w'}
     {n : Type w → Type w''} {o : Type x → Type x'}
     [Monad n] [Monad o] [Iterator α m β] {lift : ⦃α : Type w⦄ → m α → n α}
     {f : β → PostconditionT n (Option γ)} :
-    IteratorLoopPartial (FilterMap α m n lift f) n o :=
+    IteratorLoop (FilterMap α m n lift f) n o :=
   .defaultImplementation
 
 /--
@@ -249,7 +235,7 @@ instance FilterMap.instIteratorLoopPartial {α β γ : Type w} {m : Type w → T
 instance Map.instIteratorCollect {α β γ : Type w} {m : Type w → Type w'}
     {n : Type w → Type w''} {o : Type w → Type x} [Monad n] [Monad o] [Iterator α m β]
     {lift₁ : ⦃α : Type w⦄ → m α → n α}
-    {f : β → PostconditionT n γ} [IteratorCollect α m o] [Finite α m] :
+    {f : β → PostconditionT n γ} [IteratorCollect α m o] :
     IteratorCollect (Map α m n lift₁ f) n o where
   toArrayMapped lift₂ _ g it :=
     letI : MonadLift m n := ⟨lift₁ (α := _)⟩
@@ -259,18 +245,6 @@ instance Map.instIteratorCollect {α β γ : Type w} {m : Type w → Type w'}
       (fun x => do g (← (f x).operation))
       it.internalState.inner (m := m)
 
-@[no_expose]
-instance Map.instIteratorCollectPartial {α β γ : Type w} {m : Type w → Type w'}
-    {n : Type w → Type w''} {o : Type w → Type x} [Monad n] [Monad o] [Iterator α m β]
-    {lift₁ : ⦃α : Type w⦄ → m α → n α}
-    {f : β → PostconditionT n γ} [IteratorCollectPartial α m o] :
-    IteratorCollectPartial (Map α m n lift₁ f) n o where
-  toArrayMappedPartial lift₂ _ g it :=
-    IteratorCollectPartial.toArrayMappedPartial
-      (lift := fun ⦃_⦄ a => lift₂ (lift₁ a))
-      (fun x => do g (← lift₂ (f x).operation))
-      it.internalState.inner (m := m)
-
 instance Map.instIteratorLoop {α β γ : Type w} {m : Type w → Type w'}
     {n : Type w → Type w''} {o : Type x → Type x'} [Monad n] [Monad o] [Iterator α m β]
     {lift : ⦃α : Type w⦄ → m α → n α}
@@ -278,13 +252,6 @@ instance Map.instIteratorLoop {α β γ : Type w} {m : Type w → Type w'}
     IteratorLoop (Map α m n lift f) n o :=
   .defaultImplementation
 
-instance Map.instIteratorLoopPartial {α β γ : Type w} {m : Type w → Type w'}
-    {n : Type w → Type w''} {o : Type x → Type x'} [Monad n] [Monad o] [Iterator α m β]
-    {lift : ⦃α : Type w⦄ → m α → n α}
-    {f : β → PostconditionT n γ} :
-    IteratorLoopPartial (Map α m n lift f) n o :=
-  .defaultImplementation
-
 /--
 *Note: This is a very general combinator that requires an advanced understanding of monads, dependent
 types and termination proofs. The variants `map` and `mapM` are easier to use and sufficient

src/Init/Data/Iterators/Combinators/Monadic/FlatMap.lean

@@ -33,7 +33,7 @@ public structure Flatten (α α₂ β : Type w) (m) where
 /--
 Internal iterator combinator that is used to implement all `flatMap` variants
 -/
-@[always_inline]
+@[always_inline, inline]
 def IterM.flattenAfter {α α₂ β : Type w} {m : Type w → Type w'} [Monad m]
     [Iterator α m (IterM (α := α₂) m β)] [Iterator α₂ m β]
     (it₁ : IterM (α := α) m (IterM (α := α₂) m β)) (it₂ : Option (IterM (α := α₂) m β)) :=
@@ -75,7 +75,7 @@ iterator.
 
 For each value emitted by the outer iterator `it₁`, this combinator calls `f`.
 -/
-@[always_inline]
+@[always_inline, inline]
 public def IterM.flatMapAfterM {α : Type w} {β : Type w} {α₂ : Type w}
     {γ : Type w} {m : Type w → Type w'} [Monad m] [Iterator α m β] [Iterator α₂ m γ]
     (f : β → m (IterM (α := α₂) m γ)) (it₁ : IterM (α := α) m β) (it₂ : Option (IterM (α := α₂) m γ)) :=
@@ -114,7 +114,7 @@ This combinator incurs an additional O(1) cost with each output of `it` or an in
 
 For each value emitted by the outer iterator `it`, this combinator calls `f`.
 -/
-@[always_inline, expose]
+@[always_inline, inline, expose]
 public def IterM.flatMapM {α : Type w} {β : Type w} {α₂ : Type w}
     {γ : Type w} {m : Type w → Type w'} [Monad m] [Iterator α m β] [Iterator α₂ m γ]
     (f : β → m (IterM (α := α₂) m γ)) (it : IterM (α := α) m β) :=
@@ -156,7 +156,7 @@ iterator.
 
 For each value emitted by the outer iterator `it₁`, this combinator calls `f`.
 -/
-@[always_inline]
+@[always_inline, inline]
 public def IterM.flatMapAfter {α : Type w} {β : Type w} {α₂ : Type w}
     {γ : Type w} {m : Type w → Type w'} [Monad m] [Iterator α m β] [Iterator α₂ m γ]
     (f : β → IterM (α := α₂) m γ) (it₁ : IterM (α := α) m β) (it₂ : Option (IterM (α := α₂) m γ)) :=
@@ -195,7 +195,7 @@ This combinator incurs an additional O(1) cost with each output of `it` or an in
 
 For each value emitted by the outer iterator `it`, this combinator calls `f`.
 -/
-@[always_inline, expose]
+@[always_inline, inline, expose]
 public def IterM.flatMap {α : Type w} {β : Type w} {α₂ : Type w}
     {γ : Type w} {m : Type w → Type w'} [Monad m] [Iterator α m β] [Iterator α₂ m γ]
     (f : β → IterM (α := α₂) m γ) (it : IterM (α := α) m β) :=
@@ -370,16 +370,8 @@ public instance Flatten.instIteratorCollect [Monad m] [Monad n] [Iterator α m (
     [Iterator α₂ m β] : IteratorCollect (Flatten α α₂ β m) m n :=
   .defaultImplementation
 
-public instance Flatten.instIteratorCollectPartial [Monad m] [Monad n] [Iterator α m (IterM (α := α₂) m β)]
-    [Iterator α₂ m β] : IteratorCollectPartial (Flatten α α₂ β m) m n :=
-  .defaultImplementation
-
 public instance Flatten.instIteratorLoop [Monad m] [Monad n] [Iterator α m (IterM (α := α₂) m β)]
     [Iterator α₂ m β] : IteratorLoop (Flatten α α₂ β m) m n :=
   .defaultImplementation
 
-public instance Flatten.instIteratorLoopPartial [Monad m] [Monad n] [Iterator α m (IterM (α := α₂) m β)]
-    [Iterator α₂ m β] : IteratorLoopPartial (Flatten α α₂ β m) m n :=
-  .defaultImplementation
-
 end Std.Iterators

src/Init/Data/Iterators/Combinators/Monadic/Take.lean

@@ -208,16 +208,8 @@ instance Take.instIteratorCollect {n : Type w → Type w'} [Monad m] [Monad n] [
     IteratorCollect (Take α m) m n :=
   .defaultImplementation
 
-instance Take.instIteratorCollectPartial {n : Type w → Type w'} [Monad m] [Monad n] [Iterator α m β] :
-    IteratorCollectPartial (Take α m) m n :=
-  .defaultImplementation
-
 instance Take.instIteratorLoop {n : Type x → Type x'} [Monad m] [Monad n] [Iterator α m β] :
     IteratorLoop (Take α m) m n :=
   .defaultImplementation
 
-instance Take.instIteratorLoopPartial [Monad m] [Monad n] [Iterator α m β] :
-    IteratorLoopPartial (Take α m) m n :=
-  .defaultImplementation
-
 end Std.Iterators

src/Init/Data/Iterators/Combinators/Monadic/ULift.lean

@@ -128,18 +128,10 @@ instance Types.ULiftIterator.instIteratorLoop {o : Type x → Type x'} [Monad n]
     IteratorLoop (ULiftIterator α m n β lift) n o :=
   .defaultImplementation
 
-instance Types.ULiftIterator.instIteratorLoopPartial {o : Type x → Type x'} [Monad n] [Monad o] [Iterator α m β] :
-    IteratorLoopPartial (ULiftIterator α m n β lift) n o :=
-  .defaultImplementation
-
 instance Types.ULiftIterator.instIteratorCollect [Monad n] [Monad o] [Iterator α m β] :
     IteratorCollect (ULiftIterator α m n β lift) n o :=
   .defaultImplementation
 
-instance Types.ULiftIterator.instIteratorCollectPartial {o} [Monad n] [Monad o] [Iterator α m β] :
-    IteratorCollectPartial (ULiftIterator α m n β lift) n o :=
-  .defaultImplementation
-
 /--
 Transforms an `m`-monadic iterator with values in `β` into an `n`-monadic iterator with
 values in `ULift β`. Requires a `MonadLift m (ULiftT n)` instance.

src/Init/Data/Iterators/Consumers.lean

@@ -11,5 +11,6 @@ public import Init.Data.Iterators.Consumers.Access
 public import Init.Data.Iterators.Consumers.Collect
 public import Init.Data.Iterators.Consumers.Loop
 public import Init.Data.Iterators.Consumers.Partial
+public import Init.Data.Iterators.Consumers.Total
 
 public import Init.Data.Iterators.Consumers.Stream

src/Init/Data/Iterators/Consumers/Collect.lean

@@ -7,6 +7,7 @@ module
 
 prelude
 public import Init.Data.Iterators.Consumers.Partial
+public import Init.Data.Iterators.Consumers.Total
 public import Init.Data.Iterators.Consumers.Monadic.Collect
 
 @[expose] public section
@@ -21,40 +22,113 @@ Concretely, the following operations are provided:
 * `Iter.toListRev`, collecting the values in a list in reverse order but more efficiently
 * `Iter.toArray`, collecting the values in an array
 
-Some operations are implemented using the `IteratorCollect` and `IteratorCollectPartial`
-typeclasses.
+Some operations are implemented using the `IteratorCollect` type class.
 -/
 
 namespace Std.Iterators
 
-@[always_inline, inline, inherit_doc IterM.toArray]
+/--
+Traverses the given iterator and stores the emitted values in an array.
+
+If the iterator is not finite, this function might run forever. The variant
+`it.ensureTermination.toArray` always terminates after finitely many steps.
+-/
+@[always_inline, inline]
 def Iter.toArray {α : Type w} {β : Type w}
-    [Iterator α Id β] [Finite α Id] [IteratorCollect α Id Id] (it : Iter (α := α) β) : Array β :=
+    [Iterator α Id β] [IteratorCollect α Id Id] (it : Iter (α := α) β) : Array β :=
   it.toIterM.toArray.run
 
-@[always_inline, inline, inherit_doc IterM.Partial.toArray]
-def Iter.Partial.toArray {α : Type w} {β : Type w}
-    [Iterator α Id β] [IteratorCollectPartial α Id Id] (it : Iter.Partial (α := α) β) : Array β :=
-  it.it.toIterM.allowNontermination.toArray.run
+/--
+Traverses the given iterator and stores the emitted values in an array.
 
-@[always_inline, inline, inherit_doc IterM.toListRev]
+This function is deprecated. Instead of `it.allowNontermination.toArray`, use `it.toArray`.
+-/
+@[always_inline, inline, deprecated Iter.toArray (since := "2025-12-04")]
+def Iter.Partial.toArray {α : Type w} {β : Type w}
+    [Iterator α Id β] [IteratorCollect α Id Id] (it : Iter.Partial (α := α) β) : Array β :=
+  it.it.toArray
+
+/--
+Traverses the given iterator and stores the emitted values in an array.
+
+This variant terminates after finitely many steps and requires a proof that the iterator is
+finite. If such a proof is not available, consider using `Iter.toArray`.
+-/
+@[always_inline, inline]
+def Iter.Total.toArray {α : Type w} {β : Type w}
+    [Iterator α Id β] [Finite α Id] [IteratorCollect α Id Id] (it : Iter.Total (α := α) β) :
+    Array β :=
+  it.it.toArray
+
+/--
+Traverses the given iterator and stores the emitted values in reverse order in a list. Because
+lists are prepend-only, this `toListRev` is usually more efficient that `toList`.
+
+If the iterator is not finite, this function might run forever. The variant
+`it.ensureTermination.toListRev` always terminates after finitely many steps.
+-/
+@[always_inline, inline]
 def Iter.toListRev {α : Type w} {β : Type w}
-    [Iterator α Id β] [Finite α Id] (it : Iter (α := α) β) : List β :=
+    [Iterator α Id β] (it : Iter (α := α) β) : List β :=
   it.toIterM.toListRev.run
 
-@[always_inline, inline, inherit_doc IterM.Partial.toListRev]
+/--
+Traverses the given iterator and stores the emitted values in reverse order in a list. Because
+lists are prepend-only, this `toListRev` is usually more efficient that `toList`.
+
+This function is deprecated. Instead of `it.allowNontermination.toListRev`, use `it.toListRev`.
+-/
+@[always_inline, inline, deprecated Iter.toListRev (since := "2025-12-04")]
 def Iter.Partial.toListRev {α : Type w} {β : Type w}
     [Iterator α Id β] (it : Iter.Partial (α := α) β) : List β :=
-  it.it.toIterM.allowNontermination.toListRev.run
+  it.it.toListRev
 
-@[always_inline, inline, inherit_doc IterM.toList]
+/--
+Traverses the given iterator and stores the emitted values in reverse order in a list. Because
+lists are prepend-only, this `toListRev` is usually more efficient that `toList`.
+
+This variant terminates after finitely many steps and requires a proof that the iterator is
+finite. If such a proof is not available, consider using `Iter.toListRev`.
+-/
+@[always_inline, inline]
+def Iter.Total.toListRev {α : Type w} {β : Type w}
+    [Iterator α Id β] [Finite α Id] (it : Iter.Total (α := α) β) : List β :=
+  it.it.toListRev
+
+/--
+Traverses the given iterator and stores the emitted values in a list. Because
+lists are prepend-only, `toListRev` is usually more efficient that `toList`.
+
+If the iterator is not finite, this function might run forever. The variant
+`it.ensureTermination.toList` always terminates after finitely many steps.
+-/
+@[always_inline, inline]
 def Iter.toList {α : Type w} {β : Type w}
-    [Iterator α Id β] [Finite α Id] [IteratorCollect α Id Id] (it : Iter (α := α) β) : List β :=
+    [Iterator α Id β] [IteratorCollect α Id Id] (it : Iter (α := α) β) : List β :=
   it.toIterM.toList.run
 
-@[always_inline, inline, inherit_doc IterM.Partial.toList]
+/--
+Traverses the given iterator and stores the emitted values in a list. Because
+lists are prepend-only, `toListRev` is usually more efficient that `toList`.
+
+This function is deprecated. Instead of `it.allowNontermination.toList`, use `it.toList`.
+-/
+@[always_inline, deprecated Iter.toList (since := "2025-12-04")]
 def Iter.Partial.toList {α : Type w} {β : Type w}
-    [Iterator α Id β] [IteratorCollectPartial α Id Id] (it : Iter.Partial (α := α) β) : List β :=
-  it.it.toIterM.allowNontermination.toList.run
+    [Iterator α Id β] [IteratorCollect α Id Id] (it : Iter.Partial (α := α) β) : List β :=
+  it.it.toList
+
+/--
+Traverses the given iterator and stores the emitted values in a list. Because
+lists are prepend-only, `toListRev` is usually more efficient that `toList`.
+
+This variant terminates after finitely many steps and requires a proof that the iterator is
+finite. If such a proof is not available, consider using `Iter.toList`.
+-/
+@[always_inline, inline]
+def Iter.Total.toList {α : Type w} {β : Type w}
+    [Iterator α Id β] [Finite α Id] [IteratorCollect α Id Id] (it : Iter.Total (α := α) β) :
+    List β :=
+  it.it.toList
 
 end Std.Iterators

src/Init/Data/Iterators/Consumers/Loop.lean

@@ -9,6 +9,8 @@ prelude
 public import Init.Data.Iterators.Consumers.Collect
 public import Init.Data.Iterators.Consumers.Monadic.Loop
 
+set_option linter.missingDocs true
+
 public section
 
 /-!
@@ -21,7 +23,7 @@ function in every iteration. Concretely, the following operations are provided:
 * `Iter.fold`, the analogue of `List.foldl`
 * `Iter.foldM`, the analogue of `List.foldlM`
 
-These operations are implemented using the `IteratorLoop` and `IteratorLoopPartial` typeclasses.
+These operations are implemented using the `IteratorLoop` type class.
 -/
 
 namespace Std.Iterators
@@ -33,7 +35,7 @@ or future library improvements will make it more comfortable.
 -/
 @[always_inline, inline]
 def Iter.instForIn' {α : Type w} {β : Type w} {n : Type x → Type x'} [Monad n]
-    [Iterator α Id β] [Finite α Id] [IteratorLoop α Id n] :
+    [Iterator α Id β] [IteratorLoop α Id n] :
     ForIn' n (Iter (α := α) β) β ⟨fun it out => it.IsPlausibleIndirectOutput out⟩ where
   forIn' it init f :=
     IteratorLoop.finiteForIn' (fun _ _ f c => f c.run) |>.forIn' it.toIterM init
@@ -41,51 +43,68 @@ def Iter.instForIn' {α : Type w} {β : Type w} {n : Type x → Type x'} [Monad
           f out (Iter.isPlausibleIndirectOutput_iff_isPlausibleIndirectOutput_toIterM.mpr h) acc
 
 instance (α : Type w) (β : Type w) (n : Type x → Type x') [Monad n]
-    [Iterator α Id β] [Finite α Id] [IteratorLoop α Id n] :
+    [Iterator α Id β] [IteratorLoop α Id n] :
     ForIn n (Iter (α := α) β) β :=
   haveI : ForIn' n (Iter (α := α) β) β _ := Iter.instForIn'
   instForInOfForIn'
 
+/--
+An implementation of `for h : ... in ... do ...` notation for partial iterators.
+-/
 @[always_inline, inline]
 def Iter.Partial.instForIn' {α : Type w} {β : Type w} {n : Type x → Type x'} [Monad n]
-    [Iterator α Id β] [IteratorLoopPartial α Id n] :
+    [Iterator α Id β] [IteratorLoop α Id n] :
     ForIn' n (Iter.Partial (α := α) β) β ⟨fun it out => it.it.IsPlausibleIndirectOutput out⟩ where
   forIn' it init f :=
-    IteratorLoopPartial.forInPartial (α := α) (m := Id) (n := n) (fun _ _ f c => f c.run)
-      it.it.toIterM init
-      fun out h acc =>
-        f out (Iter.isPlausibleIndirectOutput_iff_isPlausibleIndirectOutput_toIterM.mpr h) acc
+    haveI := @Iter.instForIn'
+    forIn' it.it init f
 
 instance (α : Type w) (β : Type w) (n : Type x → Type x') [Monad n]
-    [Iterator α Id β] [IteratorLoopPartial α Id n] :
+    [Iterator α Id β] [IteratorLoop α Id n] :
     ForIn n (Iter.Partial (α := α) β) β :=
   haveI : ForIn' n (Iter.Partial (α := α) β) β _ := Iter.Partial.instForIn'
   instForInOfForIn'
 
+/--
+A `ForIn'` instance for iterators that is guaranteed to terminate after finitely many steps.
+It is not marked as an instance because the membership predicate is difficult to work with.
+-/
+@[always_inline, inline]
+def Iter.Total.instForIn' {α : Type w} {β : Type w} {n : Type x → Type x'} [Monad n]
+    [Iterator α Id β] [IteratorLoop α Id n] [Finite α Id] :
+    ForIn' n (Iter.Total (α := α) β) β ⟨fun it out => it.it.IsPlausibleIndirectOutput out⟩ where
+  forIn' it init f := Iter.instForIn'.forIn' it.it init f
+
+instance (α : Type w) (β : Type w) (n : Type x → Type x') [Monad n]
+    [Iterator α Id β] [IteratorLoop α Id n] [Finite α Id] :
+    ForIn n (Iter.Total (α := α) β) β :=
+  haveI : ForIn' n (Iter.Total (α := α) β) β _ := Iter.Total.instForIn'
+  instForInOfForIn'
+
 instance {m : Type x → Type x'}
-    {α : Type w} {β : Type w} [Iterator α Id β] [Finite α Id] [IteratorLoop α Id m] :
+    {α : Type w} {β : Type w} [Iterator α Id β] [IteratorLoop α Id m] [Monad m] :
     ForM m (Iter (α := α) β) β where
   forM it f := forIn it PUnit.unit (fun out _ => do f out; return .yield .unit)
 
 instance {m : Type x → Type x'}
-    {α : Type w} {β : Type w} [Iterator α Id β] [Finite α Id] [IteratorLoopPartial α Id m] :
+    {α : Type w} {β : Type w} [Iterator α Id β] [IteratorLoop α Id m] [Monad m] :
     ForM m (Iter.Partial (α := α) β) β where
   forM it f := forIn it PUnit.unit (fun out _ => do f out; return .yield .unit)
 
+instance {m : Type x → Type x'}
+    {α : Type w} {β : Type w} [Monad m] [Iterator α Id β] [IteratorLoop α Id m] [Finite α Id] :
+    ForM m (Iter.Total (α := α) β) β where
+  forM it f := forIn it PUnit.unit (fun out _ => do f out; return .yield .unit)
+
 /--
 Folds a monadic function over an iterator from the left, accumulating a value starting with `init`.
 The accumulated value is combined with the each element of the list in order, using `f`.
 
 It is equivalent to `it.toList.foldlM`.
-
-This function requires a `Finite` instance proving that the iterator will finish after a finite
-number of steps. If the iterator is not finite or such an instance is not available, consider using
-`it.allowNontermination.foldM` instead of `it.foldM`. However, it is not possible to formally
-verify the behavior of the partial variant.
 -/
 @[always_inline, inline]
 def Iter.foldM {m : Type x → Type x'} [Monad m]
-    {α : Type w} {β : Type w} {γ : Type x} [Iterator α Id β] [Finite α Id]
+    {α : Type w} {β : Type w} {γ : Type x} [Iterator α Id β]
     [IteratorLoop α Id m] (f : γ → β → m γ)
     (init : γ) (it : Iter (α := α) β) : m γ :=
   ForIn.forIn it init (fun x acc => ForInStep.yield <$> f acc x)
@@ -96,29 +115,39 @@ The accumulated value is combined with the each element of the list in order, us
 
 It is equivalent to `it.toList.foldlM`.
 
-This is a partial, potentially nonterminating, function. It is not possible to formally verify
-its behavior. If the iterator has a `Finite` instance, consider using `IterM.foldM` instead.
+This function is deprecated. Instead of `it.allowNontermination.foldM`, use `it.foldM`.
 -/
-@[always_inline, inline]
+@[always_inline, inline, deprecated Iter.foldM (since := "2025-12-04")]
 def Iter.Partial.foldM {m : Type x → Type x'} [Monad m]
     {α : Type w} {β : Type w} {γ : Type x} [Iterator α Id β]
-    [IteratorLoopPartial α Id m] (f : γ → β → m γ)
+    [IteratorLoop α Id m] (f : γ → β → m γ)
     (init : γ) (it : Iter.Partial (α := α) β) : m γ :=
-  ForIn.forIn it init (fun x acc => ForInStep.yield <$> f acc x)
+  it.it.foldM (init := init) f
+
+/--
+Folds a monadic function over an iterator from the left, accumulating a value starting with `init`.
+The accumulated value is combined with the each element of the list in order, using `f`.
+
+It is equivalent to `it.toList.foldlM`.
+
+This variant terminates after finitely many steps and requires a proof that the iterator is
+finite. If such a proof is not available, consider using `Iter.foldM`.
+-/
+@[always_inline, inline]
+def Iter.Total.foldM {m : Type x → Type x'} [Monad m]
+    {α : Type w} {β : Type w} {γ : Type x} [Iterator α Id β]
+    [IteratorLoop α Id m] [Finite α Id] (f : γ → β → m γ)
+    (init : γ) (it : Iter.Total (α := α) β) : m γ :=
+  it.it.foldM (init := init) f
 
 /--
 Folds a function over an iterator from the left, accumulating a value starting with `init`.
 The accumulated value is combined with the each element of the list in order, using `f`.
 
 It is equivalent to `it.toList.foldl`.
-
-This function requires a `Finite` instance proving that the iterator will finish after a finite
-number of steps. If the iterator is not finite or such an instance is not available, consider using
-`it.allowNontermination.fold` instead of `it.fold`. However, it is not possible to formally
-verify the behavior of the partial variant.
 -/
 @[always_inline, inline]
-def Iter.fold {α : Type w} {β : Type w} {γ : Type x} [Iterator α Id β] [Finite α Id]
+def Iter.fold {α : Type w} {β : Type w} {γ : Type x} [Iterator α Id β]
     [IteratorLoop α Id Id] (f : γ → β → γ)
     (init : γ) (it : Iter (α := α) β) : γ :=
   ForIn.forIn (m := Id) it init (fun x acc => ForInStep.yield (f acc x))
@@ -129,14 +158,28 @@ The accumulated value is combined with the each element of the list in order, us
 
 It is equivalent to `it.toList.foldl`.
 
-This is a partial, potentially nonterminating, function. It is not possible to formally verify
-its behavior. If the iterator has a `Finite` instance, consider using `IterM.fold` instead.
+This function is deprecated. Instead of `it.allowNontermination.fold`, use `it.fold`.
+-/
+@[always_inline, inline, deprecated Iter.fold (since := "2025-12-04")]
+def Iter.Partial.fold {α : Type w} {β : Type w} {γ : Type x} [Iterator α Id β]
+    [IteratorLoop α Id Id] (f : γ → β → γ)
+    (init : γ) (it : Iter.Partial (α := α) β) : γ :=
+  it.it.fold (init := init) f
+
+/--
+Folds a function over an iterator from the left, accumulating a value starting with `init`.
+The accumulated value is combined with the each element of the list in order, using `f`.
+
+It is equivalent to `it.toList.foldl`.
+
+This variant terminates after finitely many steps and requires a proof that the iterator is
+finite. If such a proof is not available, consider using `Iter.fold`.
 -/
 @[always_inline, inline]
-def Iter.Partial.fold {α : Type w} {β : Type w} {γ : Type x} [Iterator α Id β]
-    [IteratorLoopPartial α Id Id] (f : γ → β → γ)
-    (init : γ) (it : Iter.Partial (α := α) β) : γ :=
-  ForIn.forIn (m := Id) it init (fun x acc => ForInStep.yield (f acc x))
+def Iter.Total.fold {α : Type w} {β : Type w} {γ : Type x} [Iterator α Id β]
+    [IteratorLoop α Id Id] [Finite α Id] (f : γ → β → γ)
+    (init : γ) (it : Iter.Total (α := α) β) : γ :=
+  it.it.fold (init := init) f
 
 set_option doc.verso true in
 /--
@@ -146,9 +189,9 @@ any element emitted by the iterator {name}`it`.
 {lit}`O(|xs|)`. Short-circuits upon encountering the first match. The elements in {name}`it` are
 examined in order of iteration.
 -/
-@[specialize]
+@[always_inline]
 def Iter.anyM {α β : Type w} {m : Type → Type w'} [Monad m]
-    [Iterator α Id β] [IteratorLoop α Id m] [Finite α Id]
+    [Iterator α Id β] [IteratorLoop α Id m]
     (p : β → m Bool) (it : Iter (α := α) β) : m Bool :=
   ForIn.forIn it false (fun x _ => do
     if ← p x then
@@ -156,6 +199,23 @@ def Iter.anyM {α β : Type w} {m : Type → Type w'} [Monad m]
     else
       return .yield false)
 
+set_option doc.verso true in
+/--
+Returns {lean}`true` if the monadic predicate {name}`p` returns {lean}`true` for
+any element emitted by the iterator {name}`it`.
+
+{lit}`O(|xs|)`. Short-circuits upon encountering the first match. The elements in {name}`it` are
+examined in order of iteration.
+
+This variant terminates after finitely many steps and requires a proof that the iterator is
+finite. If such a proof is not available, consider using {name}`Iter.anyM`.
+-/
+@[always_inline, inline]
+def Iter.Total.anyM {α β : Type w} {m : Type → Type w'} [Monad m]
+    [Iterator α Id β] [IteratorLoop α Id m] [Finite α Id]
+    (p : β → m Bool) (it : Iter.Total (α := α) β) : m Bool :=
+  it.it.anyM p
+
 set_option doc.verso true in
 /--
 Returns {lean}`true` if the pure predicate {name}`p` returns {lean}`true` for
@@ -166,21 +226,38 @@ examined in order of iteration.
 -/
 @[inline]
 def Iter.any {α β : Type w}
-    [Iterator α Id β] [IteratorLoop α Id Id] [Finite α Id]
+    [Iterator α Id β] [IteratorLoop α Id Id]
     (p : β → Bool) (it : Iter (α := α) β) : Bool :=
   (it.anyM (fun x => pure (f := Id) (p x))).run
 
 set_option doc.verso true in
 /--
-Returns {lean}`true` if the monadic predicate {name}`p` returns {lean}`true` for
-all elements emitted by the iterator {name}`it`.
+Returns {lean}`true` if the pure predicate {name}`p` returns {lean}`true` for
+any element emitted by the iterator {name}`it`.
 
-{lit}`O(|xs|)`. Short-circuits upon encountering the first mismatch. The elements in {name}`it` are
+{lit}`O(|xs|)`. Short-circuits upon encountering the first match. The elements in {name}`it` are
+examined in order of iteration.
+
+This variant terminates after finitely many steps and requires a proof that the iterator is
+finite. If such a proof is not available, consider using {name}`Iter.any`.
+-/
+@[inline]
+def Iter.Total.any {α β : Type w}
+    [Iterator α Id β] [IteratorLoop α Id Id] [Finite α Id]
+    (p : β → Bool) (it : Iter.Total (α := α) β) : Bool :=
+  it.it.any p
+
+set_option doc.verso true in
+/--
+Returns {lean}`true` if the monadic predicate {name}`p` returns {lean}`true` for
+all element emitted by the iterator {name}`it`.
+
+{lit}`O(|xs|)`. Short-circuits upon encountering the first match. The elements in {name}`it` are
 examined in order of iteration.
 -/
-@[specialize]
+@[always_inline, inline]
 def Iter.allM {α β : Type w} {m : Type → Type w'} [Monad m]
-    [Iterator α Id β] [IteratorLoop α Id m] [Finite α Id]
+    [Iterator α Id β] [IteratorLoop α Id m]
     (p : β → m Bool) (it : Iter (α := α) β) : m Bool :=
   ForIn.forIn it true (fun x _ => do
     if ← p x then
@@ -190,70 +267,367 @@ def Iter.allM {α β : Type w} {m : Type → Type w'} [Monad m]
 
 set_option doc.verso true in
 /--
-Returns {lean}`true` if the pure predicate {name}`p` returns {lean}`true` for
-all elements emitted by the iterator {name}`it`.
+Returns {lean}`true` if the monadic predicate {name}`p` returns {lean}`true` for
+all element emitted by the iterator {name}`it`.
 
-{lit}`O(|xs|)`. Short-circuits upon encountering the first mismatch. The elements in {name}`it` are
+{lit}`O(|xs|)`. Short-circuits upon encountering the first match. The elements in {name}`it` are
+examined in order of iteration.
+
+This variant terminates after finitely mall steps and requires a proof that the iterator is
+finite. If such a proof is not available, consider using {name}`Iter.allM`.
+-/
+@[always_inline, inline]
+def Iter.Total.allM {α β : Type w} {m : Type → Type w'} [Monad m]
+    [Iterator α Id β] [IteratorLoop α Id m] [Finite α Id]
+    (p : β → m Bool) (it : Iter.Total (α := α) β) : m Bool :=
+  it.it.allM p
+
+set_option doc.verso true in
+/--
+Returns {lean}`true` if the pure predicate {name}`p` returns {lean}`true` for
+all element emitted by the iterator {name}`it`.
+
+{lit}`O(|xs|)`. Short-circuits upon encountering the first match. The elements in {name}`it` are
 examined in order of iteration.
 -/
 @[inline]
 def Iter.all {α β : Type w}
-    [Iterator α Id β] [IteratorLoop α Id Id] [Finite α Id]
+    [Iterator α Id β] [IteratorLoop α Id Id]
     (p : β → Bool) (it : Iter (α := α) β) : Bool :=
   (it.allM (fun x => pure (f := Id) (p x))).run
 
+set_option doc.verso true in
+/--
+Returns {lean}`true` if the pure predicate {name}`p` returns {lean}`true` for
+all element emitted by the iterator {name}`it`.
+
+{lit}`O(|xs|)`. Short-circuits upon encountering the first match. The elements in {name}`it` are
+examined in order of iteration.
+
+This variant terminates after finitely mall steps and requires a proof that the iterator is
+finite. If such a proof is not available, consider using {name}`Iter.all`.
+-/
+@[inline]
+def Iter.Total.all {α β : Type w}
+    [Iterator α Id β] [IteratorLoop α Id Id] [Finite α Id]
+    (p : β → Bool) (it : Iter.Total (α := α) β) : Bool :=
+  it.it.all p
+
+/--
+Returns the first non-`none` result of applying the monadic function `f` to each output
+of the iterator, in order. Returns `none` if `f` returns `none` for all outputs.
+
+`O(|it|)`. Short-circuits when `f` returns `some _`. The outputs of `it` are
+examined in order of iteration.
+
+If the iterator is not finite, this function might run forever. The variant
+`it.ensureTermination.findSomeM?` always terminates after finitely many steps.
+
+Example:
+```lean example
+#eval [7, 6, 5, 8, 1, 2, 6].iter.findSomeM? fun i => do
+  if i < 5 then
+    return some (i * 10)
+  if i ≤ 6 then
+    IO.println s!"Almost! {i}"
+  return none
+```
+```output
+Almost! 6
+Almost! 5
+```
+```output
+some 10
+```
+-/
 @[inline]
 def Iter.findSomeM? {α β : Type w} {γ : Type x} {m : Type x → Type w'} [Monad m] [Iterator α Id β]
-    [IteratorLoop α Id m] [Finite α Id] (it : Iter (α := α) β) (f : β → m (Option γ)) :
+    [IteratorLoop α Id m] (it : Iter (α := α) β) (f : β → m (Option γ)) :
     m (Option γ) :=
   ForIn.forIn it none (fun x _ => do
     match ← f x with
     | none => return .yield none
     | some fx => return .done (some fx))
 
-@[inline]
+/--
+Returns the first non-`none` result of applying the monadic function `f` to each output
+of the iterator, in order. Returns `none` if `f` returns `none` for all outputs.
+
+`O(|it|)`. Short-circuits when `f` returns `some _`. The outputs of `it` are
+examined in order of iteration.
+
+This function is deprecated. Instead of `it.allowNontermination.findSomeM?`, use `it.findSomeM?`.
+
+Example:
+```lean example
+#eval [7, 6, 5, 8, 1, 2, 6].iter.findSomeM? fun i => do
+  if i < 5 then
+    return some (i * 10)
+  if i ≤ 6 then
+    IO.println s!"Almost! {i}"
+  return none
+```
+```output
+Almost! 6
+Almost! 5
+```
+```output
+some 10
+```
+-/
+@[inline, deprecated Iter.findSomeM? (since := "2025-12-04")]
 def Iter.Partial.findSomeM? {α β : Type w} {γ : Type x} {m : Type x → Type w'} [Monad m]
-    [Iterator α Id β] [IteratorLoopPartial α Id m] (it : Iter.Partial (α := α) β)
+    [Iterator α Id β] [IteratorLoop α Id m] (it : Iter.Partial (α := α) β)
     (f : β → m (Option γ)) :
     m (Option γ) :=
-  ForIn.forIn it none (fun x _ => do
-    match ← f x with
-    | none => return .yield none
-    | some fx => return .done (some fx))
+  it.it.findSomeM? f
 
+/--
+Returns the first non-`none` result of applying the monadic function `f` to each output
+of the iterator, in order. Returns `none` if `f` returns `none` for all outputs.
+
+`O(|it|)`. Short-circuits when `f` returns `some _`. The outputs of `it` are
+examined in order of iteration.
+
+This variant terminates after finitely many steps and requires a proof that the iterator is
+finite. If such a proof is not available, consider using `Iter.findSomeM?`.
+
+Example:
+```lean example
+#eval [7, 6, 5, 8, 1, 2, 6].iter.findSomeM? fun i => do
+  if i < 5 then
+    return some (i * 10)
+  if i ≤ 6 then
+    IO.println s!"Almost! {i}"
+  return none
+```
+```output
+Almost! 6
+Almost! 5
+```
+```output
+some 10
+```
+-/
+@[inline]
+def Iter.Total.findSomeM? {α β : Type w} {γ : Type x} {m : Type x → Type w'} [Monad m]
+    [Iterator α Id β] [IteratorLoop α Id m] [Finite α Id] (it : Iter.Total (α := α) β)
+    (f : β → m (Option γ)) :
+    m (Option γ) :=
+  it.it.findSomeM? f
+
+/--
+Returns the first non-`none` result of applying `f` to each output of the iterator, in order.
+Returns `none` if `f` returns `none` for all outputs.
+
+`O(|it|)`. Short-circuits when `f` returns `some _`.The outputs of `it` are examined in order of
+iteration.
+
+If the iterator is not finite, this function might run forever. The variant
+`it.ensureTermination.findSome?` always terminates after finitely many steps.
+
+Examples:
+ * `[7, 6, 5, 8, 1, 2, 6].iter.findSome? (fun x => if x < 5 then some (10 * x) else none) = some 10`
+ * `[7, 6, 5, 8, 1, 2, 6].iter.findSome? (fun x => if x < 1 then some (10 * x) else none) = none`
+-/
 @[inline]
 def Iter.findSome? {α β : Type w} {γ : Type x} [Iterator α Id β]
-    [IteratorLoop α Id Id] [Finite α Id] (it : Iter (α := α) β) (f : β → Option γ) :
+    [IteratorLoop α Id Id] (it : Iter (α := α) β) (f : β → Option γ) :
     Option γ :=
   Id.run (it.findSomeM? (pure <| f ·))
 
-@[inline]
+/--
+Returns the first non-`none` result of applying `f` to each output of the iterator, in order.
+Returns `none` if `f` returns `none` for all outputs.
+
+`O(|it|)`. Short-circuits when `f` returns `some _`.The outputs of `it` are examined in order of
+iteration.
+
+This function is deprecated. Instead of `it.allowNontermination.findSome?`, use `it.findSome?`.
+
+Examples:
+ * `[7, 6, 5, 8, 1, 2, 6].iter.allowNontermination.findSome? (fun x => if x < 5 then some (10 * x) else none) = some 10`
+ * `[7, 6, 5, 8, 1, 2, 6].iter.allowNontermination.findSome? (fun x => if x < 1 then some (10 * x) else none) = none`
+-/
+@[inline, deprecated Iter.findSome? (since := "2025-12-04")]
 def Iter.Partial.findSome? {α β : Type w} {γ : Type x} [Iterator α Id β]
-    [IteratorLoopPartial α Id Id] (it : Iter.Partial (α := α) β) (f : β → Option γ) :
+    [IteratorLoop α Id Id] (it : Iter.Partial (α := α) β) (f : β → Option γ) :
     Option γ :=
-  Id.run (it.findSomeM? (pure <| f ·))
+  it.it.findSome? f
 
+/--
+Returns the first non-`none` result of applying `f` to each output of the iterator, in order.
+Returns `none` if `f` returns `none` for all outputs.
+
+`O(|it|)`. Short-circuits when `f` returns `some _`.The outputs of `it` are examined in order of
+iteration.
+
+This variant terminates after finitely many steps and requires a proof that the iterator is
+finite. If such a proof is not available, consider using `Iter.findSome?`.
+
+Examples:
+ * `[7, 6, 5, 8, 1, 2, 6].iter.ensureTermination.findSome? (fun x => if x < 5 then some (10 * x) else none) = some 10`
+ * `[7, 6, 5, 8, 1, 2, 6].iter.ensureTermination.findSome? (fun x => if x < 1 then some (10 * x) else none) = none`
+-/
+@[inline]
+def Iter.Total.findSome? {α β : Type w} {γ : Type x} [Iterator α Id β]
+    [IteratorLoop α Id Id] [Finite α Id] (it : Iter.Total (α := α) β) (f : β → Option γ) :
+    Option γ :=
+  it.it.findSome? f
+
+/--
+Returns the first output of the iterator for which the monadic predicate `p` returns `true`, or
+`none` if no such element is found.
+
+`O(|it|)`. Short-circuits when `f` returns `true`. The outputs of `it` are examined in order of
+iteration.
+
+If the iterator is not finite, this function might run forever. The variant
+`it.ensureTermination.findM?` always terminates after finitely many steps.
+
+Example:
+```lean example
+#eval [7, 6, 5, 8, 1, 2, 6].iter.findM? fun i => do
+  if i < 5 then
+    return true
+  if i ≤ 6 then
+    IO.println s!"Almost! {i}"
+  return false
+```
+```output
+Almost! 6
+Almost! 5
+```
+```output
+some 1
+```
+-/
 @[inline]
 def Iter.findM? {α β : Type w} {m : Type w → Type w'} [Monad m] [Iterator α Id β]
-    [IteratorLoop α Id m] [Finite α Id] (it : Iter (α := α) β) (f : β → m (ULift Bool)) :
+    [IteratorLoop α Id m] (it : Iter (α := α) β) (f : β → m (ULift Bool)) :
     m (Option β) :=
   it.findSomeM? (fun x => return if (← f x).down then some x else none)
 
-@[inline]
+/--
+Returns the first output of the iterator for which the monadic predicate `p` returns `true`, or
+`none` if no such element is found.
+
+`O(|it|)`. Short-circuits when `f` returns `true`. The outputs of `it` are examined in order of
+iteration.
+
+This function is deprecated. Instead of `it.ensureTermination.findM?`, use `it.findM?`.
+
+Example:
+```lean example
+#eval [7, 6, 5, 8, 1, 2, 6].iter.findM? fun i => do
+  if i < 5 then
+    return true
+  if i ≤ 6 then
+    IO.println s!"Almost! {i}"
+  return false
+```
+```output
+Almost! 6
+Almost! 5
+```
+```output
+some 1
+```
+-/
+@[inline, deprecated Iter.findM? (since := "2025-12-04")]
 def Iter.Partial.findM? {α β : Type w} {m : Type w → Type w'} [Monad m] [Iterator α Id β]
-    [IteratorLoopPartial α Id m] (it : Iter.Partial (α := α) β) (f : β → m (ULift Bool)) :
+    [IteratorLoop α Id m] (it : Iter.Partial (α := α) β) (f : β → m (ULift Bool)) :
     m (Option β) :=
-  it.findSomeM? (fun x => return if (← f x).down then some x else none)
+  it.it.findM? f
 
+/--
+Returns the first output of the iterator for which the monadic predicate `p` returns `true`, or
+`none` if no such element is found.
+
+`O(|it|)`. Short-circuits when `f` returns `true`. The outputs of `it` are examined in order of
+iteration.
+
+This variant requires terminates after finitely many steps and requires a proof that the iterator is
+finite. If such a proof is not available, consider using `Iter.findM?`.
+
+Example:
+```lean example
+#eval [7, 6, 5, 8, 1, 2, 6].iter.findM? fun i => do
+  if i < 5 then
+    return true
+  if i ≤ 6 then
+    IO.println s!"Almost! {i}"
+  return false
+```
+```output
+Almost! 6
+Almost! 5
+```
+```output
+some 1
+```
+-/
+@[inline]
+def Iter.Total.findM? {α β : Type w} {m : Type w → Type w'} [Monad m] [Iterator α Id β]
+    [IteratorLoop α Id m] [Finite α Id] (it : Iter.Total (α := α) β) (f : β → m (ULift Bool)) :
+    m (Option β) :=
+  it.it.findM? f
+
+/--
+Returns the first output of the iterator for which the predicate `p` returns `true`, or `none` if
+no such output is found.
+
+`O(|it|)`. Short-circuits upon encountering the first match. The elements in `it` are examined in
+order of iteration.
+
+If the iterator is not finite, this function might run forever. The variant
+`it.ensureTermination.find?` always terminates after finitely many steps.
+
+Examples:
+* `[7, 6, 5, 8, 1, 2, 6].iter.find? (· < 5) = some 1`
+* `[7, 6, 5, 8, 1, 2, 6].iter.find? (· < 1) = none`
+-/
 @[inline]
 def Iter.find? {α β : Type w} [Iterator α Id β] [IteratorLoop α Id Id]
-    [Finite α Id] (it : Iter (α := α) β) (f : β → Bool) : Option β :=
+    (it : Iter (α := α) β) (f : β → Bool) : Option β :=
   Id.run (it.findM? (pure <| .up <| f ·))
 
-@[inline]
-def Iter.Partial.find? {α β : Type w} [Iterator α Id β] [IteratorLoopPartial α Id Id]
+/--
+Returns the first output of the iterator for which the predicate `p` returns `true`, or `none` if
+no such output is found.
+
+`O(|it|)`. Short-circuits upon encountering the first match. The elements in `it` are examined in
+order of iteration.
+
+This function is deprecated. Instead of `it.allowNontermination.find?`, use `it.find?`.
+
+Examples:
+* `[7, 6, 5, 8, 1, 2, 6].iter.allowNontermination.find? (· < 5) = some 1`
+* `[7, 6, 5, 8, 1, 2, 6].iter.allowNontermination.find? (· < 1) = none`
+-/
+@[inline, deprecated Iter.find? (since := "2025-12-04")]
+def Iter.Partial.find? {α β : Type w} [Iterator α Id β] [IteratorLoop α Id Id]
     (it : Iter.Partial (α := α) β) (f : β → Bool) : Option β :=
-  Id.run (it.findM? (pure <| .up <| f ·))
+  it.it.find? f
+
+/--
+Returns the first output of the iterator for which the predicate `p` returns `true`, or `none` if
+no such output is found.
+
+`O(|it|)`. Short-circuits upon encountering the first match. The elements in `it` are examined in
+order of iteration.
+
+This variant terminates after finitely many steps and requires a proof that the iterator is
+finite. If such a proof is not available, consider using `Iter.find?`.
+
+Examples:
+* `[7, 6, 5, 8, 1, 2, 6].iter.find? (· < 5) = some 1`
+* `[7, 6, 5, 8, 1, 2, 6].iter.find? (· < 1) = none`
+-/
+@[inline]
+def Iter.Total.find? {α β : Type w} [Iterator α Id β] [IteratorLoop α Id Id] [Finite α Id]
+    (it : Iter.Total (α := α) β) (f : β → Bool) : Option β :=
+  it.it.find? f
 
 /--
 Steps through the whole iterator, counting the number of outputs emitted.
@@ -263,7 +637,7 @@ Steps through the whole iterator, counting the number of outputs emitted.
 This function's runtime is linear in the number of steps taken by the iterator.
 -/
 @[always_inline, inline, expose]
-def Iter.count {α : Type w} {β : Type w} [Iterator α Id β] [Finite α Id] [IteratorLoop α Id Id]
+def Iter.count {α : Type w} {β : Type w} [Iterator α Id β] [IteratorLoop α Id Id]
     (it : Iter (α := α) β) : Nat :=
   it.toIterM.count.run.down
 
@@ -275,7 +649,7 @@ Steps through the whole iterator, counting the number of outputs emitted.
 This function's runtime is linear in the number of steps taken by the iterator.
 -/
 @[always_inline, inline, expose, deprecated Iter.count (since := "2025-10-29")]
-def Iter.size {α : Type w} {β : Type w} [Iterator α Id β] [Finite α Id] [IteratorLoop α Id Id]
+def Iter.size {α : Type w} {β : Type w} [Iterator α Id β] [IteratorLoop α Id Id]
     (it : Iter (α := α) β) : Nat :=
    it.count
 
@@ -286,10 +660,10 @@ Steps through the whole iterator, counting the number of outputs emitted.
 
 This function's runtime is linear in the number of steps taken by the iterator.
 -/
-@[always_inline, inline, expose]
-def Iter.Partial.count {α : Type w} {β : Type w} [Iterator α Id β] [IteratorLoopPartial α Id Id]
+@[always_inline, inline, expose, deprecated Iter.count (since := "2025-12-04")]
+def Iter.Partial.count {α : Type w} {β : Type w} [Iterator α Id β] [IteratorLoop α Id Id]
     (it : Iter.Partial (α := α) β) : Nat :=
-  it.it.toIterM.allowNontermination.count.run.down
+  it.it.toIterM.count.run.down
 
 /--
 Steps through the whole iterator, counting the number of outputs emitted.
@@ -298,9 +672,9 @@ Steps through the whole iterator, counting the number of outputs emitted.
 
 This function's runtime is linear in the number of steps taken by the iterator.
 -/
-@[always_inline, inline, expose, deprecated Iter.Partial.count (since := "2025-10-29")]
-def Iter.Partial.size {α : Type w} {β : Type w} [Iterator α Id β] [IteratorLoopPartial α Id Id]
+@[always_inline, inline, expose, deprecated Iter.count (since := "2025-10-29")]
+def Iter.Partial.size {α : Type w} {β : Type w} [Iterator α Id β] [IteratorLoop α Id Id]
     (it : Iter.Partial (α := α) β) : Nat :=
-  it.count
+  it.it.count
 
 end Std.Iterators

src/Init/Data/Iterators/Consumers/Monadic/Collect.lean

@@ -7,7 +7,9 @@ module
 
 prelude
 public import Init.Data.Iterators.Consumers.Monadic.Partial
+public import Init.Data.Iterators.Consumers.Monadic.Total
 public import Init.Data.Iterators.Internal.LawfulMonadLiftFunction
+public import Init.WFExtrinsicFix
 
 @[expose] public section
 
@@ -22,9 +24,9 @@ Concretely, the following operations are provided:
 * `IterM.toArray`, collecting the values in an array
 
 Some producers and combinators provide specialized implementations. These are captured by the
-`IteratorCollect` and `IteratorCollectPartial` typeclasses. They should be implemented by all
-types of iterators. A default implementation is provided. The typeclass `LawfulIteratorCollect`
-asserts that an `IteratorCollect` instance equals the default implementation.
+`IteratorCollect` type class. They should be implemented by all types of iterators. A default
+implementation is provided. The typeclass `LawfulIteratorCollect` asserts that an `IteratorCollect`
+instance equals the default implementation.
 -/
 
 namespace Std.Iterators
@@ -51,66 +53,58 @@ class IteratorCollect (α : Type w) (m : Type w → Type w') (n : Type w → Typ
   Maps the emitted values of an iterator using the given function and collects the results in an
   `Array`. This is an internal implementation detail. Consider using `it.map f |>.toArray` instead.
   -/
-  toArrayMapped [Finite α m] :
-    (lift : ⦃δ : Type w⦄ → m δ → n δ) → {γ : Type w} → (β → n γ) → IterM (α := α) m β → n (Array γ)
-
-/--
-`IteratorCollectPartial α m` provides efficient implementations of collectors for `α`-based
-iterators. Right now, it is limited to a potentially optimized partial `toArray` implementation.
-
-This class is experimental and users of the iterator API should not explicitly depend on it.
-They can, however, assume that consumers that require an instance will work for all iterators
-provided by the standard library.
--/
-class IteratorCollectPartial (α : Type w) (m : Type w → Type w') (n : Type w → Type w'')
-    {β : Type w} [Iterator α m β] where
-  /--
-  Maps the emitted values of an iterator using the given function and collects the results in an
-  `Array`. This is an internal implementation detail.
-  Consider using `it.map f |>.allowNontermination.toArray` instead.
-  -/
-  toArrayMappedPartial :
+  toArrayMapped :
     (lift : ⦃δ : Type w⦄ → m δ → n δ) → {γ : Type w} → (β → n γ) → IterM (α := α) m β → n (Array γ)
 
 end Typeclasses
 
 section ToArray
 
+def IterM.DefaultConsumers.toArrayMapped.RecursionRel {α β : Type w} {m : Type w → Type w'}
+    [Iterator α m β] {γ : Type w} (x' x : (_ : IterM (α := α) m β) ×' Array γ) : Prop :=
+  (∃ out, x.1.IsPlausibleStep (.yield x'.1 out) ∧ ∃ fx, x'.2 = x.2.push fx) ∨
+    (x.1.IsPlausibleStep (.skip x'.1) ∧ x'.2 = x.2)
+
 /--
 This is an internal function used in `IteratorCollect.defaultImplementation`.
 
 It iterates over an iterator and applies `f` whenever a value is emitted before inserting the result
 of `f` into an array.
 -/
-@[always_inline, inline]
+@[always_inline, no_expose]
 def IterM.DefaultConsumers.toArrayMapped {α β : Type w} {m : Type w → Type w'}
-    {n : Type w → Type w''} [Monad n] [Iterator α m β] [Finite α m]
+    {n : Type w → Type w''} [Monad n] [Iterator α m β]
     (lift : ⦃α : Type w⦄ → m α → n α) {γ : Type w} (f : β → n γ)
     (it : IterM (α := α) m β) : n (Array γ) :=
+  letI : MonadLift m n := ⟨lift (α := _)⟩
   go it #[]
 where
-  @[specialize]
-  go [Monad n] [Finite α m] (it : IterM (α := α) m β) a := letI : MonadLift m n := ⟨lift (α := _)⟩; do
-    match (← it.step).inflate with
-    | .yield it' b _ => go it' (a.push (← f b))
-    | .skip it' _ => go it' a
-    | .done _ => return a
-  termination_by it.finitelyManySteps
+  @[always_inline]
+  go it (acc : Array γ) : n (Array γ) :=
+    letI : MonadLift m n := ⟨lift (α := _)⟩
+    WellFounded.extrinsicFix₂ (C₂ := fun _ _ => n (Array γ)) (InvImage TerminationMeasures.Finite.Rel (·.1.finitelyManySteps!))
+    (fun (it : IterM (α := α) m β) acc recur => do
+      match (← it.step).inflate with
+      | .yield it' out h =>
+        recur it' (acc.push (← f out)) (by exact TerminationMeasures.Finite.rel_of_yield ‹_›)
+      | .skip it' h => recur it' acc (by exact TerminationMeasures.Finite.rel_of_skip ‹_›)
+      | .done _ => return acc) it acc
 
 /--
-This is the default implementation of the `IteratorLoop` class.
+This is the default implementation of the `IteratorCollect` class.
 It simply iterates through the iterator using `IterM.step`, incrementally building up the desired
 data structure. For certain iterators, more efficient implementations are possible and should be
 used instead.
 -/
-@[always_inline, inline]
+@[always_inline]
 def IteratorCollect.defaultImplementation {α β : Type w} {m : Type w → Type w'}
     {n : Type w → Type w''} [Monad n] [Iterator α m β] :
     IteratorCollect α m n where
   toArrayMapped := IterM.DefaultConsumers.toArrayMapped
 
 /--
-Asserts that a given `IteratorCollect` instance is equal to `IteratorCollect.defaultImplementation`.
+Asserts that a given `IteratorCollect` instance is equal to `IteratorCollect.defaultImplementation`
+*if the underlying iterator is finite*.
 (Even though equal, the given instance might be vastly more efficient.)
 -/
 class LawfulIteratorCollect (α : Type w) (m : Type w → Type w') (n : Type w → Type w'')
@@ -135,62 +129,38 @@ instance (α β : Type w) (m : Type w → Type w') (n : Type w → Type w'') [Mo
   letI : IteratorCollect α m n := .defaultImplementation
   ⟨fun _ => rfl⟩
 
-/--
-This is an internal function used in `IteratorCollectPartial.defaultImplementation`.
-
-It iterates over an iterator and applies `f` whenever a value is emitted before inserting the result
-of `f` into an array.
--/
-@[always_inline, inline]
-partial def IterM.DefaultConsumers.toArrayMappedPartial {α β : Type w} {m : Type w → Type w'}
-    {n : Type w → Type w''} [Monad n] [Iterator α m β]
-    (lift : {α : Type w} → m α → n α) {γ : Type w} (f : β → n γ)
-    (it : IterM (α := α) m β) : n (Array γ) :=
-  go it #[]
-where
-  @[specialize]
-  go [Monad n] (it : IterM (α := α) m β) a := letI : MonadLift m n := ⟨lift⟩; do
-    match (← it.step).inflate with
-    | .yield it' b _ => go it' (a.push (← f b))
-    | .skip it' _ => go it' a
-    | .done _ => return a
-
-/--
-This is the default implementation of the `IteratorLoopPartial` class.
-It simply iterates through the iterator using `IterM.step`, incrementally building up the desired
-data structure. For certain iterators, more efficient implementations are possible and should be
-used instead.
--/
-@[always_inline, inline]
-def IteratorCollectPartial.defaultImplementation {α β : Type w} {m : Type w → Type w'}
-    {n : Type w → Type w''} [Monad n] [Iterator α m β] :
-    IteratorCollectPartial α m n where
-  toArrayMappedPartial := IterM.DefaultConsumers.toArrayMappedPartial
-
 /--
 Traverses the given iterator and stores the emitted values in an array.
 
-This function requires a `Finite` instance proving that the iterator will finish after a finite
-number of steps. If the iterator is not finite or such an instance is not available, consider using
-`it.allowNontermination.toArray` instead of `it.toArray`. However, it is not possible to formally
-verify the behavior of the partial variant.
+If the iterator is not finite, this function might run forever. The variant
+`it.ensureTermination.toArray` always terminates after finitely many steps.
 -/
 @[always_inline, inline]
-def IterM.toArray {α β : Type w} {m : Type w → Type w'} [Monad m]
-    [Iterator α m β] [Finite α m] [IteratorCollect α m m]
-    (it : IterM (α := α) m β) : m (Array β) :=
+def IterM.toArray {α β : Type w} {m : Type w → Type w'} [Monad m] [Iterator α m β]
+    [IteratorCollect α m m] (it : IterM (α := α) m β) : m (Array β) :=
   IteratorCollect.toArrayMapped (fun ⦃_⦄ => id) pure it
 
 /--
 Traverses the given iterator and stores the emitted values in an array.
 
-This is a partial, potentially nonterminating, function. It is not possible to formally verify
-its behavior. If the iterator has a `Finite` instance, consider using `IterM.toArray` instead.
+This function is deprecated. Instead of `it.allowNontermination.toArray`, use `it.toArray`.
+-/
+@[always_inline, inline, deprecated IterM.toArray (since := "2025-10-23")]
+def IterM.Partial.toArray {α : Type w} {m : Type w → Type w'} {β : Type w} [Monad m]
+    [Iterator α m β] (it : IterM.Partial (α := α) m β) [IteratorCollect α m m] : m (Array β) :=
+  it.it.toArray
+
+/--
+Traverses the given iterator and stores the emitted values in an array.
+
+This variant terminates after finitely many steps and requires a proof that the iterator is
+finite. If such a proof is not available, consider using `IterM.toArray`.
 -/
 @[always_inline, inline]
-def IterM.Partial.toArray {α : Type w} {m : Type w → Type w'} {β : Type w} [Monad m]
-    [Iterator α m β] (it : IterM.Partial (α := α) m β) [IteratorCollectPartial α m m] : m (Array β) :=
-  IteratorCollectPartial.toArrayMappedPartial (fun ⦃_⦄ => id) pure it.it
+def IterM.Total.toArray {α : Type w} {m : Type w → Type w'} {β : Type w} [Monad m]
+    [Iterator α m β] [Finite α m] (it : IterM.Total (α := α) m β) [IteratorCollect α m m] :
+    m (Array β) :=
+  it.it.toArray
 
 end ToArray
 
@@ -198,67 +168,82 @@ end ToArray
 Traverses the given iterator and stores the emitted values in reverse order in a list. Because
 lists are prepend-only, this `toListRev` is usually more efficient that `toList`.
 
-This function requires a `Finite` instance proving that the iterator will finish after a finite
-number of steps. If the iterator is not finite or such an instance is not available, consider using
-`it.allowNontermination.toListRev` instead of `it.toListRev`. However, it is not possible to
-formally verify the behavior of the partial variant.
+If the iterator is not finite, this function might run forever. The variant
+`it.ensureTermination.toListRev` always terminates after finitely many steps.
 -/
-@[inline]
+@[always_inline, inline]
 def IterM.toListRev {α : Type w} {m : Type w → Type w'} [Monad m] {β : Type w}
-    [Iterator α m β] [Finite α m] (it : IterM (α := α) m β) : m (List β) :=
+    [Iterator α m β] (it : IterM (α := α) m β) : m (List β) :=
   go it []
 where
-  go [Finite α m] it bs := do
-    match (← it.step).inflate with
-    | .yield it' b _ => go it' (b :: bs)
-    | .skip it' _ => go it' bs
-    | .done _ => return bs
-  termination_by it.finitelyManySteps
+  @[always_inline, inline]
+  go (it : IterM m β) acc :=
+    WellFounded.extrinsicFix₂ (InvImage TerminationMeasures.Finite.Rel (·.1.finitelyManySteps!))
+      (fun it acc recur => do
+        match (← it.step).inflate with
+        | .yield it' out h => recur it' (out :: acc) (TerminationMeasures.Finite.rel_of_yield h)
+        | .skip it' h => recur it' acc (TerminationMeasures.Finite.rel_of_skip h)
+        | .done _ => return acc) it acc
 
 /--
 Traverses the given iterator and stores the emitted values in reverse order in a list. Because
 lists are prepend-only, this `toListRev` is usually more efficient that `toList`.
 
-This is a partial, potentially nonterminating, function. It is not possible to formally verify
-its behavior. If the iterator has a `Finite` instance, consider using `IterM.toListRev` instead.
+This function is deprecated. Instead of `it.allowNontermination.toListRev`, use `it.toListRev`.
 -/
-@[always_inline, inline]
+@[always_inline, inline, deprecated IterM.toListRev (since := "2025-10-23")]
 partial def IterM.Partial.toListRev {α : Type w} {m : Type w → Type w'} [Monad m] {β : Type w}
     [Iterator α m β] (it : IterM.Partial (α := α) m β) : m (List β) :=
-  go it.it []
-where
-  @[specialize]
-  go it bs := do
-    match (← it.step).inflate with
-    | .yield it' b _ => go it' (b :: bs)
-    | .skip it' _ => go it' bs
-    | .done _ => return bs
+  it.it.toListRev
+
+/--
+Traverses the given iterator and stores the emitted values in reverse order in a list. Because
+lists are prepend-only, this `toListRev` is usually more efficient that `toList`.
+
+This variant terminates after finitely many steps and requires a proof that the iterator is
+finite. If such a proof is not available, consider using `IterM.toListRev`.
+-/
+@[always_inline, inline]
+def IterM.Total.toListRev {α : Type w} {m : Type w → Type w'} {β : Type w} [Monad m]
+    [Iterator α m β] [Finite α m] (it : IterM.Total (α := α) m β) :
+    m (List β) :=
+  it.it.toListRev
 
 /--
 Traverses the given iterator and stores the emitted values in a list. Because
 lists are prepend-only, `toListRev` is usually more efficient that `toList`.
 
-This function requires a `Finite` instance proving that the iterator will finish after a finite
-number of steps. If the iterator is not finite or such an instance is not available, consider using
-`it.allowNontermination.toList` instead of `it.toList`. However, it is not possible to
-formally verify the behavior of the partial variant.
+If the iterator is not finite, this function might run forever. The variant
+`it.ensureTermination.toList` always terminates after finitely many steps.
 -/
 @[always_inline, inline]
 def IterM.toList {α : Type w} {m : Type w → Type w'} [Monad m] {β : Type w}
-    [Iterator α m β] [Finite α m] [IteratorCollect α m m] (it : IterM (α := α) m β) : m (List β) :=
+    [Iterator α m β] [IteratorCollect α m m] (it : IterM (α := α) m β) : m (List β) :=
   Array.toList <$> IterM.toArray it
 
 /--
 Traverses the given iterator and stores the emitted values in a list. Because
 lists are prepend-only, `toListRev` is usually more efficient that `toList`.
 
-This is a partial, potentially nonterminating, function. It is not possible to formally verify
-its behavior. If the iterator has a `Finite` instance, consider using `IterM.toList` instead.
+This function is deprecated. Instead of `it.allowNontermination.toList`, use `it.toList`.
+-/
+@[always_inline, inline, deprecated IterM.toList (since := "2025-10-23")]
+def IterM.Partial.toList {α : Type w} {m : Type w → Type w'} [Monad m] {β : Type w}
+    [Iterator α m β] (it : IterM.Partial (α := α) m β) [IteratorCollect α m m] :
+    m (List β) :=
+  Array.toList <$> it.it.toArray
+
+/--
+Traverses the given iterator and stores the emitted values in a list. Because
+lists are prepend-only, `toListRev` is usually more efficient that `toList`.
+
+This variant terminates after finitely many steps and requires a proof that the iterator is
+finite. If such a proof is not available, consider using `IterM.toList`.
 -/
 @[always_inline, inline]
-def IterM.Partial.toList {α : Type w} {m : Type w → Type w'} [Monad m] {β : Type w}
-    [Iterator α m β] (it : IterM.Partial (α := α) m β) [IteratorCollectPartial α m m] :
+def IterM.Total.toList {α : Type w} {m : Type w → Type w'} {β : Type w} [Monad m]
+    [Iterator α m β] [Finite α m] (it : IterM.Total (α := α) m β) [IteratorCollect α m m] :
     m (List β) :=
-  Array.toList <$> it.toArray
+  it.it.toList
 
 end Std.Iterators

src/Init/Data/Iterators/Consumers/Monadic/Total.lean

@@ -0,0 +1,36 @@
+/-
+Copyright (c) 2025 Lean FRO, LLC. All rights reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Paul Reichert
+-/
+module
+
+prelude
+public import Init.Data.Iterators.Basic
+
+set_option doc.verso true
+
+public section
+
+namespace Std.Iterators
+
+structure IterM.Total {α : Type w} (m : Type w → Type w') (β : Type w) where
+  it : IterM (α := α) m β
+
+/--
+For an iterator {name}`it`, {lean}`it.ensureTermination` provides variants of consumers that always
+terminate.
+-/
+@[always_inline, inline]
+def IterM.ensureTermination {α : Type w} {β : Type w} {m : Type w → Type w'}
+    (it : IterM (α := α) m β) :
+  IterM.Total (α := α) m β :=
+  ⟨it⟩
+
+/--
+A wrapper around an iterator that provides strictly terminating consumers. See
+{name}`IterM.ensureTermination`.
+-/
+add_decl_doc IterM.Total
+
+end Std.Iterators

src/Init/Data/Iterators/Consumers/Total.lean

@@ -0,0 +1,36 @@
+/-
+Copyright (c) 2025 Lean FRO, LLC. All rights reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Paul Reichert
+-/
+module
+
+prelude
+public import Init.Data.Iterators.Basic
+
+set_option doc.verso true
+
+public section
+
+namespace Std.Iterators
+
+structure Iter.Total {α : Type w} (β : Type w) where
+  it : Iter (α := α) β
+
+/--
+For an iterator {name}`it`, {lean}`it.ensureTermination` provides variants of consumers that always
+terminate.
+-/
+@[always_inline, inline]
+def Iter.ensureTermination {α : Type w} {β : Type w}
+    (it : Iter (α := α) β) :
+  Iter.Total (α := α) β :=
+  ⟨it⟩
+
+/--
+A wrapper around an iterator that provides strictly terminating consumers. See
+{name}`Iter.ensureTermination`.
+-/
+add_decl_doc Iter.Total
+
+end Std.Iterators

src/Init/Data/Iterators/Lemmas/Combinators/Monadic/FilterMap.lean

@@ -247,9 +247,8 @@ instance {α β γ : Type w} {m : Type w → Type w'} {n : Type w → Type w''}
     have : it = IterM.mapWithPostcondition _ it.internalState.inner := by rfl
     generalize it.internalState.inner = it at *
     cases this
-    simp only [LawfulIteratorCollect.toArrayMapped_eq]
     simp only [IteratorCollect.toArrayMapped]
-    rw [LawfulIteratorCollect.toArrayMapped_eq]
+    simp only [LawfulIteratorCollect.toArrayMapped_eq]
     induction it using IterM.inductSteps with | step it ih_yield ih_skip
     rw [IterM.DefaultConsumers.toArrayMapped_eq_match_step]
     rw [IterM.DefaultConsumers.toArrayMapped_eq_match_step]
@@ -487,13 +486,8 @@ theorem IterM.toList_map {α β β' : Type w} {m : Type w → Type w'} [Monad m]
   · simp [instIteratorMap, inferInstanceAs]
     congr
     simp
-  · refine heq_of_eqRec_eq ?_ rfl
-    congr
+  · congr
     simp only [Map, PostconditionT.map_pure, Function.comp_apply]
-    simp only [instIteratorMap, inferInstanceAs, Function.comp_apply]
-    congr
-    simp
-  · simp [Map]
   · simp only [instIteratorMap, inferInstanceAs, Function.comp_apply]
     congr
     simp

src/Init/Data/Iterators/Lemmas/Consumers/Collect.lean

@@ -11,6 +11,8 @@ public import Init.Data.Iterators.Lemmas.Consumers.Monadic.Collect
 public import Init.Data.Iterators.Consumers.Access
 import all Init.Data.Iterators.Consumers.Access
 import all Init.Data.Iterators.Consumers.Collect
+import all Init.Data.Iterators.Consumers.Total
+import all Init.Data.Iterators.Consumers.Monadic.Total
 
 public section
 
@@ -31,6 +33,23 @@ theorem Iter.toListRev_eq_toListRev_toIterM {α β} [Iterator α Id β] [Finite
     it.toListRev = it.toIterM.toListRev.run :=
   (rfl)
 
+@[simp]
+theorem Iter.toArray_ensureTermination {α β} [Iterator α Id β] [Finite α Id] [IteratorCollect α Id Id]
+    [LawfulIteratorCollect α Id Id] {it : Iter (α := α) β} :
+    it.ensureTermination.toArray = it.toArray :=
+  (rfl)
+
+@[simp]
+theorem Iter.toList_ensureTermination {α β} [Iterator α Id β] [Finite α Id] [IteratorCollect α Id Id]
+    [LawfulIteratorCollect α Id Id] {it : Iter (α := α) β} :
+    it.ensureTermination.toList = it.toList :=
+  (rfl)
+
+@[simp]
+theorem Iter.toListRev_ensureTermination_eq_toListRev {α β} [Iterator α Id β] [Finite α Id]
+    {it : Iter (α := α) β} : it.ensureTermination.toListRev = it.toListRev :=
+  (rfl)
+
 @[simp]
 theorem IterM.toList_toIter {α β} [Iterator α Id β] [Finite α Id] [IteratorCollect α Id Id]
     {it : IterM (α := α) Id β} :
@@ -49,12 +68,22 @@ theorem Iter.toList_toArray {α β} [Iterator α Id β] [Finite α Id] [Iterator
     it.toArray.toList = it.toList := by
   simp [toArray_eq_toArray_toIterM, toList_eq_toList_toIterM, ← IterM.toList_toArray]
 
+theorem Iter.toList_toArray_ensureTermination {α β} [Iterator α Id β] [Finite α Id]
+    [IteratorCollect α Id Id] [LawfulIteratorCollect α Id Id] {it : Iter (α := α) β} :
+    it.ensureTermination.toArray.toList = it.toList := by
+  simp
+
 @[simp]
 theorem Iter.toArray_toList {α β} [Iterator α Id β] [Finite α Id] [IteratorCollect α Id Id]
     [LawfulIteratorCollect α Id Id] {it : Iter (α := α) β} :
     it.toList.toArray = it.toArray := by
   simp [toArray_eq_toArray_toIterM, toList_eq_toList_toIterM, ← IterM.toArray_toList]
 
+theorem Iter.toArray_toList_ensureTermination {α β} [Iterator α Id β] [Finite α Id]
+    [IteratorCollect α Id Id] [LawfulIteratorCollect α Id Id] {it : Iter (α := α) β} :
+    it.ensureTermination.toList.toArray = it.toArray := by
+  simp
+
 @[simp]
 theorem Iter.reverse_toListRev [Iterator α Id β] [Finite α Id]
     [IteratorCollect α Id Id] [LawfulIteratorCollect α Id Id]
@@ -62,11 +91,21 @@ theorem Iter.reverse_toListRev [Iterator α Id β] [Finite α Id]
     it.toListRev.reverse = it.toList := by
   simp [toListRev_eq_toListRev_toIterM, toList_eq_toList_toIterM, ← IterM.reverse_toListRev]
 
+theorem Iter.reverse_toListRev_ensureTermination [Iterator α Id β] [Finite α Id]
+    [IteratorCollect α Id Id] [LawfulIteratorCollect α Id Id] {it : Iter (α := α) β} :
+    it.ensureTermination.toListRev.reverse = it.toList := by
+  simp
+
 theorem Iter.toListRev_eq {α β} [Iterator α Id β] [Finite α Id] [IteratorCollect α Id Id]
     [LawfulIteratorCollect α Id Id] {it : Iter (α := α) β} :
     it.toListRev = it.toList.reverse := by
   simp [Iter.toListRev_eq_toListRev_toIterM, Iter.toList_eq_toList_toIterM, IterM.toListRev_eq]
 
+theorem Iter.toListRev_ensureTermination {α β} [Iterator α Id β] [Finite α Id]
+    [IteratorCollect α Id Id] [LawfulIteratorCollect α Id Id] {it : Iter (α := α) β} :
+    it.ensureTermination.toListRev = it.toList.reverse := by
+  simp [toListRev_eq]
+
 theorem Iter.toArray_eq_match_step {α β} [Iterator α Id β] [Finite α Id] [IteratorCollect α Id Id]
     [LawfulIteratorCollect α Id Id] {it : Iter (α := α) β} :
     it.toArray = match it.step.val with
@@ -78,6 +117,14 @@ theorem Iter.toArray_eq_match_step {α β} [Iterator α Id β] [Finite α Id] [I
   generalize it.toIterM.step.run = step
   cases step.inflate using PlausibleIterStep.casesOn <;> simp
 
+theorem Iter.toArray_ensureTermination_eq_match_step {α β} [Iterator α Id β] [Finite α Id] [IteratorCollect α Id Id]
+    [LawfulIteratorCollect α Id Id] {it : Iter (α := α) β} :
+    it.ensureTermination.toArray = match it.step.val with
+      | .yield it' out => #[out] ++ it'.toArray
+      | .skip it' => it'.toArray
+      | .done => #[] := by
+  rw [toArray_ensureTermination, toArray_eq_match_step]
+
 theorem Iter.toList_eq_match_step {α β} [Iterator α Id β] [Finite α Id] [IteratorCollect α Id Id]
     [LawfulIteratorCollect α Id Id] {it : Iter (α := α) β} :
     it.toList = match it.step.val with
@@ -87,6 +134,14 @@ theorem Iter.toList_eq_match_step {α β} [Iterator α Id β] [Finite α Id] [It
   rw [← Iter.toList_toArray, Iter.toArray_eq_match_step]
   split <;> simp [Iter.toList_toArray]
 
+theorem Iter.toList_ensureTermination_eq_match_step {α β} [Iterator α Id β] [Finite α Id] [IteratorCollect α Id Id]
+    [LawfulIteratorCollect α Id Id] {it : Iter (α := α) β} :
+    it.ensureTermination.toList = match it.step.val with
+      | .yield it' out => out :: it'.toList
+      | .skip it' => it'.toList
+      | .done => [] := by
+  rw [toList_ensureTermination, toList_eq_match_step]
+
 theorem Iter.toListRev_eq_match_step {α β} [Iterator α Id β] [Finite α Id] {it : Iter (α := α) β} :
     it.toListRev = match it.step.val with
       | .yield it' out => it'.toListRev ++ [out]
@@ -96,6 +151,13 @@ theorem Iter.toListRev_eq_match_step {α β} [Iterator α Id β] [Finite α Id]
   generalize it.toIterM.step.run = step
   cases step.inflate using PlausibleIterStep.casesOn <;> simp
 
+theorem Iter.toListRev_ensureTermination_eq_match_step {α β} [Iterator α Id β] [Finite α Id] {it : Iter (α := α) β} :
+    it.ensureTermination.toListRev = match it.step.val with
+      | .yield it' out => it'.toListRev ++ [out]
+      | .skip it' => it'.toListRev
+      | .done => [] := by
+  rw [toListRev_ensureTermination_eq_toListRev, toListRev_eq_match_step]
+
 theorem Iter.getElem?_toList_eq_atIdxSlow? {α β}
     [Iterator α Id β] [Finite α Id] [IteratorCollect α Id Id] [LawfulIteratorCollect α Id Id]
     {it : Iter (α := α) β} {k : Nat} :

src/Init/Data/Iterators/Lemmas/Consumers/Loop.lean

@@ -23,22 +23,22 @@ theorem Iter.forIn'_eq {α β : Type w} [Iterator α Id β] [Finite α Id]
     {f : (b : β) → it.IsPlausibleIndirectOutput b → γ → m (ForInStep γ)} :
     letI : ForIn' m (Iter (α := α) β) β _ := Iter.instForIn'
     ForIn'.forIn' it init f =
-      IterM.DefaultConsumers.forIn' (fun _ _ f x => f x.run) γ (fun _ _ _ => True)
-        IteratorLoop.wellFounded_of_finite it.toIterM init _ (fun _ => id)
-          (fun out h acc => (⟨·, .intro⟩) <$>
-            f out (Iter.isPlausibleIndirectOutput_iff_isPlausibleIndirectOutput_toIterM.mpr h) acc) := by
-  simp [instForIn', ForIn'.forIn', IteratorLoop.finiteForIn', hl.lawful (fun γ δ f x => f x.run),
-    IteratorLoop.defaultImplementation]
+      IterM.DefaultConsumers.forIn' (n := m) (fun _ _ f x => f x.run) γ (fun _ _ _ => True)
+        it.toIterM init _ (fun _ => id)
+          (fun out h acc => return ⟨← f out (Iter.isPlausibleIndirectOutput_iff_isPlausibleIndirectOutput_toIterM.mpr h) acc, trivial⟩) := by
+  simp only [instForIn', ForIn'.forIn', IteratorLoop.finiteForIn']
+  have : ∀ a b c, f a b c = (Subtype.val <$> (⟨·, trivial⟩) <$> f a b c) := by simp
+  simp +singlePass only [this]
+  rw [hl.lawful (fun _ _ f x => f x.run) (wf := IteratorLoop.wellFounded_of_finite)]
+  simp [IteratorLoop.defaultImplementation]
 
 theorem Iter.forIn_eq {α β : Type w} [Iterator α Id β] [Finite α Id]
     {m : Type x → Type x'} [Monad m] [LawfulMonad m] [IteratorLoop α Id m]
     [hl : LawfulIteratorLoop α Id m] {γ : Type x} {it : Iter (α := α) β} {init : γ}
     {f : (b : β) → γ → m (ForInStep γ)} :
     ForIn.forIn it init f =
-      IterM.DefaultConsumers.forIn' (fun _ _ f c => f c.run) γ (fun _ _ _ => True)
-        IteratorLoop.wellFounded_of_finite it.toIterM init _ (fun _ => id)
-          (fun out _ acc => (⟨·, .intro⟩) <$>
-            f out acc) := by
+      IterM.DefaultConsumers.forIn' (n := m) (fun _ _ f c => f c.run) γ (fun _ _ _ => True)
+        it.toIterM init _ (fun _ => id) (fun out _ acc => return ⟨← f out acc, trivial⟩) := by
   simp [ForIn.forIn, forIn'_eq, -forIn'_eq_forIn]
 
 @[congr] theorem Iter.forIn'_congr {α β : Type w} {m : Type w → Type w'} [Monad m]
@@ -106,20 +106,24 @@ theorem Iter.forIn'_eq_match_step {α β : Type w} [Iterator α Id β]
             fun out h' acc => f out (.indirect ⟨_, rfl, h⟩ h') acc
       | .done _ => return init) := by
   simp only [forIn'_eq]
-  rw [IterM.DefaultConsumers.forIn'_eq_match_step]
-  simp only [bind_map_left, Iter.step]
+  rw [IterM.DefaultConsumers.forIn'_eq_match_step (fun _ _ _ => True)
+    IteratorLoop.wellFounded_of_finite]
+  simp only [Iter.step]
   cases it.toIterM.step.run.inflate using PlausibleIterStep.casesOn
-  · simp only [IterM.Step.toPure_yield, PlausibleIterStep.yield, toIter_toIterM, toIterM_toIter]
+  · simp only [IterM.Step.toPure_yield, PlausibleIterStep.yield, toIter_toIterM, toIterM_toIter,
+      bind_assoc]
     apply bind_congr
     intro forInStep
     cases forInStep
     · simp
-    · simp only
-      apply IterM.DefaultConsumers.forIn'_eq_forIn'
-      intros; congr
+    · simp only [pure_bind]
+      apply IterM.DefaultConsumers.forIn'_eq_forIn' (fun _ _ _ => True)
+        IteratorLoop.wellFounded_of_finite
+      · simp
   · simp only
-    apply IterM.DefaultConsumers.forIn'_eq_forIn'
-    intros; congr
+    apply IterM.DefaultConsumers.forIn'_eq_forIn' (fun _ _ _ => True)
+      IteratorLoop.wellFounded_of_finite
+    · simp
   · simp
 
 theorem Iter.forIn_eq_match_step {α β : Type w} [Iterator α Id β]

src/Init/Data/Iterators/Lemmas/Consumers/Monadic/Collect.lean

@@ -10,29 +10,49 @@ public import Init.Data.Array.Lemmas
 public import Init.Data.Iterators.Lemmas.Monadic.Basic
 public import Init.Data.Iterators.Consumers.Monadic.Collect
 import all Init.Data.Iterators.Consumers.Monadic.Collect
+import all Init.Data.Iterators.Consumers.Monadic.Total
+import all Init.WFExtrinsicFix
 
 public section
 
 namespace Std.Iterators
+open Std.Internal
 
 variable {α β γ : Type w} {m : Type w → Type w'} {n : Type w → Type w''}
   {lift : ⦃δ : Type w⦄ → m δ → n δ} {f : β → n γ} {it : IterM (α := α) m β}
 
-theorem IterM.DefaultConsumers.toArrayMapped.go.aux₁ [Monad n] [LawfulMonad n] [Iterator α m β]
-    [Finite α m] {b : γ} {bs : Array γ} :
+private theorem IterM.DefaultConsumers.toArrayMapped.go_eq [Monad n]
+    [Iterator α m β] [LawfulMonad n] [Finite α m] {acc : Array γ} :
+    letI : MonadLift m n := ⟨lift (δ := _)⟩
+    go lift f it acc (m := m) = (do
+      match (← it.step).inflate.val with
+      | .yield it' out => go lift f it' (acc.push (← f out))
+      | .skip it' => go lift f it' acc
+      | .done => return acc) := by
+  letI : MonadLift m n := ⟨lift (δ := _)⟩
+  rw [toArrayMapped.go, WellFounded.extrinsicFix₂_eq_apply]
+  · simp only
+    apply bind_congr; intro step
+    cases step.inflate using PlausibleIterStep.casesOn
+    · apply bind_congr; intro fx
+      simp [go]
+    · simp [go]
+    · simp
+  · simp only [show (IterM.finitelyManySteps! = IterM.finitelyManySteps) by rfl]
+    apply InvImage.wf
+    exact WellFoundedRelation.wf
+
+private theorem IterM.DefaultConsumers.toArrayMapped.go.aux₁ [Monad n] [LawfulMonad n]
+    [Iterator α m β] [Finite α m] {b : γ} {bs : Array γ} :
     IterM.DefaultConsumers.toArrayMapped.go lift f it (#[b] ++ bs) (m := m) =
       (#[b] ++ ·) <$> IterM.DefaultConsumers.toArrayMapped.go lift f it bs (m := m) := by
-  induction it, bs using IterM.DefaultConsumers.toArrayMapped.go.induct with | _ it bs ih₁ ih₂
-  rw [go, map_eq_pure_bind, go, bind_assoc]
-  apply bind_congr
-  intro step
-  split
-  · simp [ih₁ _ _ ‹_›]
-  · simp [ih₂ _ ‹_›]
-  · simp
+  induction it using IterM.inductSteps generalizing bs with | step it ihy ihs
+  rw [go_eq, map_eq_pure_bind, go_eq, bind_assoc]
+  apply bind_congr; intro step
+  cases step.inflate using PlausibleIterStep.casesOn <;> simp (discharger := assumption) [ihy, ihs]
 
-theorem IterM.DefaultConsumers.toArrayMapped.go.aux₂ [Monad n] [LawfulMonad n] [Iterator α m β]
-    [Finite α m] {acc : Array γ} :
+private theorem IterM.DefaultConsumers.toArrayMapped.go.aux₂ [Monad n] [LawfulMonad n]
+    [Iterator α m β] [Finite α m] {acc : Array γ} :
     IterM.DefaultConsumers.toArrayMapped.go lift f it acc (m := m) =
       (acc ++ ·) <$> IterM.DefaultConsumers.toArrayMapped lift f it (m := m) := by
   rw [← Array.toArray_toList (xs := acc)]
@@ -51,12 +71,18 @@ theorem IterM.DefaultConsumers.toArrayMapped_eq_match_step [Monad n] [LawfulMona
         return #[← f out] ++ (← IterM.DefaultConsumers.toArrayMapped lift f it' (m := m))
       | .skip it' => IterM.DefaultConsumers.toArrayMapped lift f it' (m := m)
       | .done => return #[]) := by
-  rw [IterM.DefaultConsumers.toArrayMapped, IterM.DefaultConsumers.toArrayMapped.go]
+  rw [IterM.DefaultConsumers.toArrayMapped, IterM.DefaultConsumers.toArrayMapped.go_eq]
   apply bind_congr
   intro step
   cases step.inflate using PlausibleIterStep.casesOn <;>
     simp [IterM.DefaultConsumers.toArrayMapped.go.aux₂]
 
+@[simp]
+theorem IterM.toArray_ensureTermination [Monad m] [Iterator α m β] [Finite α m]
+    [IteratorCollect α m m] {it : IterM (α := α) m β} :
+    it.ensureTermination.toArray = it.toArray :=
+  (rfl)
+
 theorem IterM.toArray_eq_match_step [Monad m] [LawfulMonad m] [Iterator α m β] [Finite α m]
     [IteratorCollect α m m] [LawfulIteratorCollect α m m] :
     it.toArray = (do
@@ -68,18 +94,43 @@ theorem IterM.toArray_eq_match_step [Monad m] [LawfulMonad m] [Iterator α m β]
   rw [IterM.DefaultConsumers.toArrayMapped_eq_match_step]
   simp [bind_pure_comp, pure_bind]
 
+theorem IterM.toArray_ensureTermination_eq_match_step [Monad m] [LawfulMonad m] [Iterator α m β]
+    [Finite α m] [IteratorCollect α m m] [LawfulIteratorCollect α m m] :
+    it.ensureTermination.toArray = (do
+      match (← it.step).inflate.val with
+      | .yield it' out => return #[out] ++ (← it'.toArray)
+      | .skip it' => it'.toArray
+      | .done => return #[]) := by
+  rw [toArray_ensureTermination, toArray_eq_match_step]
+
+@[simp]
+theorem IterM.toList_ensureTermination [Monad m] [Iterator α m β] [Finite α m]
+    [IteratorCollect α m m] {it : IterM (α := α) m β} :
+    it.ensureTermination.toList = it.toList :=
+  (rfl)
+
 @[simp]
 theorem IterM.toList_toArray [Monad m] [Iterator α m β] [Finite α m] [IteratorCollect α m m]
     {it : IterM (α := α) m β} :
     Array.toList <$> it.toArray = it.toList := by
   simp [IterM.toList]
 
+theorem IterM.toList_toArray_ensureTermination [Monad m] [Iterator α m β] [Finite α m]
+    [IteratorCollect α m m] {it : IterM (α := α) m β} :
+    Array.toList <$> it.ensureTermination.toArray = it.toList := by
+  simp
+
 @[simp]
 theorem IterM.toArray_toList [Monad m] [LawfulMonad m] [Iterator α m β] [Finite α m]
     [IteratorCollect α m m] {it : IterM (α := α) m β} :
     List.toArray <$> it.toList = it.toArray := by
   simp [IterM.toList, -toList_toArray]
 
+theorem IterM.toArray_toList_ensureTermination [Monad m] [LawfulMonad m] [Iterator α m β] [Finite α m]
+    [IteratorCollect α m m] {it : IterM (α := α) m β} :
+    List.toArray <$> it.ensureTermination.toList = it.toArray := by
+  rw [toList_ensureTermination, toArray_toList]
+
 theorem IterM.toList_eq_match_step [Monad m] [LawfulMonad m] [Iterator α m β] [Finite α m]
     [IteratorCollect α m m] [LawfulIteratorCollect α m m] {it : IterM (α := α) m β} :
     it.toList = (do
@@ -93,17 +144,49 @@ theorem IterM.toList_eq_match_step [Monad m] [LawfulMonad m] [Iterator α m β]
   intro step
   split <;> simp
 
-theorem IterM.toListRev.go.aux₁ [Monad m] [LawfulMonad m] [Iterator α m β] [Finite α m]
+theorem IterM.toList_ensureTermination_eq_match_step [Monad m] [LawfulMonad m] [Iterator α m β]
+    [Finite α m] [IteratorCollect α m m] [LawfulIteratorCollect α m m] {it : IterM (α := α) m β} :
+    it.ensureTermination.toList = (do
+      match (← it.step).inflate.val with
+      | .yield it' out => return out :: (← it'.toList)
+      | .skip it' => it'.toList
+      | .done => return []) := by
+  rw [toList_ensureTermination, toList_eq_match_step]
+
+@[simp]
+theorem IterM.toListRev_ensureTermination_eq_toListRev [Monad m] [Iterator α m β] [Finite α m]
+    {it : IterM (α := α) m β} :
+    it.ensureTermination.toListRev = it.toListRev :=
+  (rfl)
+
+private theorem IterM.toListRev.go_eq [Monad m] [LawfulMonad m] [Iterator α m β] [Finite α m]
+    {it : IterM (α := α) m β} {bs : List β} :
+    go it bs = (do
+      match (← it.step).inflate.val with
+      | .yield it' out => go it' (out :: bs)
+      | .skip it' => go it' bs
+      | .done => return bs) := by
+  rw [go, WellFounded.extrinsicFix₂_eq_apply]
+  · apply bind_congr; intro step
+    cases step.inflate using PlausibleIterStep.casesOn <;> simp [go]
+  · simp only [show (IterM.finitelyManySteps! = IterM.finitelyManySteps) by rfl]
+    apply InvImage.wf
+    exact WellFoundedRelation.wf
+
+private theorem IterM.toListRev.go.aux₁ [Monad m] [LawfulMonad m] [Iterator α m β] [Finite α m]
     {it : IterM (α := α) m β} {b : β} {bs : List β} :
     IterM.toListRev.go it (bs ++ [b]) = (· ++ [b]) <$> IterM.toListRev.go it bs:= by
-  induction it, bs using IterM.toListRev.go.induct with | _ it bs ih₁ ih₂
-  rw [go, go, map_eq_pure_bind, bind_assoc]
+  induction it using IterM.inductSteps generalizing bs with | step it ihy ihs
+  rw [go_eq, go_eq, map_eq_pure_bind, bind_assoc]
   apply bind_congr
   intro step
-  simp only [List.cons_append] at ih₁
-  split <;> simp [*]
+  cases step.inflate using PlausibleIterStep.casesOn
+  · simpa using ihy ‹_› (bs := _ :: bs)
+  · simpa using ihs ‹_›
+  · simp
 
-theorem IterM.toListRev.go.aux₂ [Monad m] [LawfulMonad m] [Iterator α m β] [Finite α m]
+
+private theorem IterM.toListRev.go.aux₂ [Monad m] [LawfulMonad m] [Iterator α m β] [Finite α m]
     {it : IterM (α := α) m β} {acc : List β} :
     IterM.toListRev.go it acc = (· ++ acc) <$> it.toListRev := by
   rw [← List.reverse_reverse (as := acc)]
@@ -120,11 +203,21 @@ theorem IterM.toListRev_eq_match_step [Monad m] [LawfulMonad m] [Iterator α m
       | .skip it' => it'.toListRev
       | .done => return []) := by
   simp [IterM.toListRev]
-  rw [toListRev.go]
+  rw [toListRev.go_eq]
   apply bind_congr
   intro step
   cases step.inflate using PlausibleIterStep.casesOn <;> simp [IterM.toListRev.go.aux₂]
 
+theorem IterM.toListRev_ensureTermination_eq_match_step [Monad m] [LawfulMonad m] [Iterator α m β]
+    [Finite α m] {it : IterM (α := α) m β} :
+    it.ensureTermination.toListRev = (do
+      match (← it.step).inflate.val with
+      | .yield it' out => return (← it'.toListRev) ++ [out]
+      | .skip it' => it'.toListRev
+      | .done => return []) := by
+  rw [toListRev_ensureTermination_eq_toListRev, toListRev_eq_match_step]
+
+@[simp]
 theorem IterM.reverse_toListRev [Monad m] [LawfulMonad m] [Iterator α m β] [Finite α m]
     [IteratorCollect α m m] [LawfulIteratorCollect α m m]
     {it : IterM (α := α) m β} :
@@ -137,19 +230,31 @@ theorem IterM.reverse_toListRev [Monad m] [LawfulMonad m] [Iterator α m β] [Fi
   intro step
   cases step.inflate using PlausibleIterStep.casesOn <;> simp (discharger := assumption) [ihy, ihs]
 
+@[simp]
+theorem IterM.reverse_toListRev_ensureTermination [Monad m] [LawfulMonad m] [Iterator α m β]
+    [Finite α m] [IteratorCollect α m m] [LawfulIteratorCollect α m m]
+    {it : IterM (α := α) m β} :
+    List.reverse <$> it.ensureTermination.toListRev = it.toList := by
+  rw [toListRev_ensureTermination_eq_toListRev, reverse_toListRev]
+
 theorem IterM.toListRev_eq [Monad m] [LawfulMonad m] [Iterator α m β] [Finite α m]
     [IteratorCollect α m m] [LawfulIteratorCollect α m m]
     {it : IterM (α := α) m β} :
     it.toListRev = List.reverse <$> it.toList := by
-  rw [← IterM.reverse_toListRev]
-  simp
+  simp [← IterM.reverse_toListRev]
+
+theorem IterM.toListRev_ensureTermination [Monad m] [LawfulMonad m] [Iterator α m β] [Finite α m]
+    [IteratorCollect α m m] [LawfulIteratorCollect α m m]
+    {it : IterM (α := α) m β} :
+    it.ensureTermination.toListRev = List.reverse <$> it.toList := by
+  simp [← IterM.reverse_toListRev]
 
 theorem LawfulIteratorCollect.toArray_eq {α β : Type w} {m : Type w → Type w'}
     [Monad m] [Iterator α m β] [Finite α m] [IteratorCollect α m m]
     [hl : LawfulIteratorCollect α m m]
     {it : IterM (α := α) m β} :
     it.toArray = (letI : IteratorCollect α m m := .defaultImplementation; it.toArray) := by
-  simp only [IterM.toArray, toArrayMapped_eq]
+  simp [IterM.toArray, toArrayMapped_eq, IteratorCollect.defaultImplementation]
 
 theorem LawfulIteratorCollect.toList_eq {α β : Type w} {m : Type w → Type w'}
     [Monad m] [Iterator α m β] [Finite α m] [IteratorCollect α m m]

src/Init/Data/Iterators/Lemmas/Consumers/Monadic/Loop.lean

@@ -15,29 +15,75 @@ public section
 namespace Std.Iterators
 
 theorem IterM.DefaultConsumers.forIn'_eq_match_step {α β : Type w} {m : Type w → Type w'}
-    [Iterator α m β]
-    {n : Type x → Type x'} [Monad n]
+    [Iterator α m β] {n : Type x → Type x'} [Monad n] [LawfulMonad n]
     {lift : ∀ γ δ, (γ → n δ) → m γ → n δ} {γ : Type x}
-    {plausible_forInStep : β → γ → ForInStep γ → Prop}
-    {wf : IteratorLoop.WellFounded α m plausible_forInStep}
     {it : IterM (α := α) m β} {init : γ}
-    {P hP} {f : (b : β) → P b → (c : γ) → n (Subtype (plausible_forInStep b c))} :
-    IterM.DefaultConsumers.forIn' lift γ plausible_forInStep wf it init P hP f =
+    {P hP}
+    (PlausibleForInStep : β → γ → ForInStep γ → Prop)
+    {f : (b : β) → P b → (c : γ) → n (Subtype (PlausibleForInStep b c))}
+    (wf : IteratorLoop.WellFounded α m PlausibleForInStep) :
+    IterM.DefaultConsumers.forIn' lift γ PlausibleForInStep it init P hP f =
       (lift _ _ · it.step) (fun s =>
           match s.inflate with
           | .yield it' out h => do
             match ← f out (hP _ <| .direct ⟨_, h⟩) init with
             | ⟨.yield c, _⟩ =>
-              IterM.DefaultConsumers.forIn' lift _ plausible_forInStep wf it' c P
+              IterM.DefaultConsumers.forIn' lift _ PlausibleForInStep it' c P
                 (fun _ h' => hP _ <| .indirect ⟨_, rfl, h⟩ h') f
             | ⟨.done c, _⟩ => return c
           | .skip it' h =>
-            IterM.DefaultConsumers.forIn' lift _ plausible_forInStep wf it' init P
+            IterM.DefaultConsumers.forIn' lift _ PlausibleForInStep it' init P
               (fun _ h' => hP _ <| .indirect ⟨_, rfl, h⟩ h') f
           | .done _ => return init) := by
-  rw [forIn']
-  congr; ext step
-  cases step.inflate using PlausibleIterStep.casesOn <;> rfl
+  haveI : Nonempty γ := ⟨init⟩
+  rw [forIn', WellFounded.extrinsicFix₃_eq_apply]
+  · congr; ext step
+    cases step.inflate using PlausibleIterStep.casesOn
+    · simp only
+      apply bind_congr; intro step
+      split <;> simp [forIn']
+    · simp [forIn']
+    · simp
+  · apply InvImage.wf
+    exact wf
+
+theorem IterM.DefaultConsumers.forIn'_eq_wf {m : Type w → Type w'} {α : Type w} {β : Type w}
+    [Iterator α m β]
+    {n : Type x → Type x'} [Monad n] [LawfulMonad n]
+    {lift : ∀ γ δ, (γ → n δ) → m γ → n δ} {γ : Type x}
+    (Pl : β → γ → ForInStep γ → Prop)
+    (wf : IteratorLoop.WellFounded α m Pl)
+    {it : IterM (α := α) m β} {init : γ}
+    {P : β → Prop} {hP : ∀ b, it.IsPlausibleIndirectOutput b → P b}
+    (f : (b : β) → P b → (c : γ) → n (Subtype (Pl b c))) :
+    forIn' lift γ Pl it init P hP f =
+      forIn'.wf lift γ Pl wf it init P hP f := by
+  haveI : Nonempty γ := ⟨init⟩
+  rw [forIn', WellFounded.extrinsicFix₃_eq_fix]; rotate_left
+  · apply InvImage.wf
+    exact wf
+  · fun_induction forIn'.wf lift γ Pl wf it init P hP f
+    rename_i ihy ihs
+    rw [WellFounded.fix_eq]
+    congr 1; ext step
+    cases step.inflate using PlausibleIterStep.casesOn
+    · apply bind_congr; intro forInStep
+      match forInStep with
+      | ⟨.yield c, h⟩ => simp (discharger := assumption) [ihy]
+      | ⟨.done c, h⟩ => simp
+    · simp (discharger := assumption) [ihs]
+    · simp
+
+theorem IterM.DefaultConsumers.forIn'_eq_wf_of_finite {m : Type w → Type w'} {α : Type w}
+    {β : Type w} [Iterator α m β] [Finite α m]
+    {n : Type x → Type x'} [Monad n] [LawfulMonad n]
+    {lift : ∀ γ δ, (γ → n δ) → m γ → n δ} {γ : Type x}
+    {it : IterM (α := α) m β} {init : γ}
+    {P : β → Prop} {hP : ∀ b, it.IsPlausibleIndirectOutput b → P b}
+    (f : (b : β) → P b → (c : γ) → n (Subtype (fun _ => True))) :
+    forIn' lift γ (fun _ _ _ => True) it init P hP f =
+      forIn'.wf lift γ (fun _ _ _ => True) IteratorLoop.wellFounded_of_finite it init P hP f := by
+  apply forIn'_eq_wf
 
 theorem IterM.forIn'_eq {α β : Type w} {m : Type w → Type w'} [Iterator α m β] [Finite α m]
     {n : Type w → Type w''} [Monad m] [Monad n] [LawfulMonad n] [IteratorLoop α m n]
@@ -45,11 +91,12 @@ theorem IterM.forIn'_eq {α β : Type w} {m : Type w → Type w'} [Iterator α m
     [MonadLiftT m n] [LawfulMonadLiftT m n] {γ : Type w} {it : IterM (α := α) m β} {init : γ}
     {f : (b : β) → it.IsPlausibleIndirectOutput b → γ → n (ForInStep γ)} :
     letI : ForIn' n (IterM (α := α) m β) β _ := IterM.instForIn'
-    ForIn'.forIn' it init f = IterM.DefaultConsumers.forIn' (n := n)
-        (fun _ _ f x => monadLift x >>= f) γ (fun _ _ _ => True)
-        IteratorLoop.wellFounded_of_finite it init _ (fun _ => id) ((⟨·, .intro⟩) <$> f · · ·) := by
-  simp [instForIn', ForIn'.forIn', IteratorLoop.finiteForIn',
-    hl.lawful (fun _ _ f x => monadLift x >>= f), IteratorLoop.defaultImplementation]
+    ForIn'.forIn' (α := β) (m := n) it init f = IterM.DefaultConsumers.forIn' (n := n)
+        (fun _ _ f x => monadLift x >>= f) γ (fun _ _ _ => True) it init _ (fun _ => id) (return ⟨← f · · ·, trivial⟩) := by
+  simp only [instForIn', ForIn'.forIn', IteratorLoop.finiteForIn']
+  have : f = (Subtype.val <$> (⟨·, trivial⟩) <$> f · · ·) := by simp
+  rw [this, hl.lawful (fun _ _ f x => monadLift x >>= f) (wf := IteratorLoop.wellFounded_of_finite)]
+  simp [IteratorLoop.defaultImplementation]
 
 theorem IterM.forIn_eq {α β : Type w} {m : Type w → Type w'} [Iterator α m β] [Finite α m]
     {n : Type w → Type w''} [Monad m] [Monad n] [LawfulMonad n] [IteratorLoop α m n]
@@ -57,13 +104,13 @@ theorem IterM.forIn_eq {α β : Type w} {m : Type w → Type w'} [Iterator α m
     [MonadLiftT m n] [LawfulMonadLiftT m n] {γ : Type w} {it : IterM (α := α) m β} {init : γ}
     {f : β → γ → n (ForInStep γ)} :
     ForIn.forIn it init f = IterM.DefaultConsumers.forIn' (n := n)
-        (fun _ _ f x => monadLift x >>= f) γ (fun _ _ _ => True)
-        IteratorLoop.wellFounded_of_finite it init _ (fun _ => id) (fun out _ acc => (⟨·, .intro⟩) <$> f out acc) := by
+        (fun _ _ f x => monadLift x >>= f) γ (fun _ _ _ => True) it init _ (fun _ => id)
+        (fun out _ acc => return ⟨← f out acc, trivial⟩) := by
   simp only [ForIn.forIn, forIn'_eq]
 
 @[congr] theorem IterM.forIn'_congr {α β : Type w} {m : Type w → Type w'}
     {n : Type w → Type w''} [Monad n] [Monad m]
-    [Iterator α m β] [Finite α m] [IteratorLoop α m n] [MonadLiftT m n]
+    [Iterator α m β] [IteratorLoop α m n] [MonadLiftT m n]
     {ita itb : IterM (α := α) m β} (w : ita = itb)
     {b b' : γ} (hb : b = b')
     {f : (a' : β) → _ → γ → n (ForInStep γ)}
@@ -78,7 +125,7 @@ theorem IterM.forIn_eq {α β : Type w} {m : Type w → Type w'} [Iterator α m
 
 @[congr] theorem IterM.forIn_congr {α β : Type w} {m : Type w → Type w'}
     {n : Type w → Type w''} [Monad n] [Monad m]
-    [Iterator α m β] [Finite α m] [IteratorLoop α m n] [MonadLiftT m n]
+    [Iterator α m β] [IteratorLoop α m n] [MonadLiftT m n]
     {ita itb : IterM (α := α) m β} (w : ita = itb)
     {b b' : γ} (hb : b = b')
     {f : (a' : β) → γ → n (ForInStep γ)}
@@ -89,6 +136,36 @@ theorem IterM.forIn_eq {α β : Type w} {m : Type w → Type w'} [Iterator α m
   simp only [← funext_iff] at h
   rw [← h]
 
+theorem IterM.DefaultConsumers.forIn'_eq_forIn' {m : Type w → Type w'} {α : Type w} {β : Type w}
+    [Iterator α m β]
+    {n : Type x → Type x'} [Monad n] [LawfulMonad n]
+    {lift : ∀ γ δ, (γ → n δ) → m γ → n δ} {γ : Type x}
+    {it : IterM (α := α) m β} {init : γ}
+    {P : β → Prop} {hP : ∀ b, it.IsPlausibleIndirectOutput b → P b}
+    {Q : β → Prop} {hQ : ∀ b, it.IsPlausibleIndirectOutput b → Q b}
+    (Pl : β → γ → ForInStep γ → Prop)
+    {f : (b : β) → P b → (c : γ) → n (Subtype (Pl b c))}
+    {g : (b : β) → Q b → (c : γ) → n (Subtype (Pl b c))}
+    (wf : IteratorLoop.WellFounded α m Pl)
+    (hfg : ∀ b c, (hPb : P b) → (hQb : Q b) → f b hPb c = g b hQb c) :
+    IterM.DefaultConsumers.forIn' lift γ Pl it init P hP f =
+      IterM.DefaultConsumers.forIn' lift γ Pl it init Q hQ g := by
+  rw [forIn'_eq_match_step Pl wf, forIn'_eq_match_step Pl wf]
+  congr; ext step
+  split
+  · congr
+    · apply hfg
+    · ext forInStep
+      match forInStep with
+      | ⟨.yield _, h⟩ => apply IterM.DefaultConsumers.forIn'_eq_forIn' <;> assumption
+      | ⟨.done _, h⟩ => rfl
+  · apply IterM.DefaultConsumers.forIn'_eq_forIn' <;> assumption
+  · rfl
+termination_by IteratorLoop.WithWF.mk it init (hwf := wf)
+decreasing_by
+  · exact Or.inl ⟨_, ‹_›, ‹_›⟩
+  · exact Or.inr ⟨‹_›, rfl⟩
+
 theorem IterM.forIn'_eq_match_step {α β : Type w} {m : Type w → Type w'} [Iterator α m β]
     [Finite α m] {n : Type w → Type w''} [Monad m] [Monad n] [LawfulMonad n]
     [IteratorLoop α m n] [LawfulIteratorLoop α m n]
@@ -108,21 +185,21 @@ theorem IterM.forIn'_eq_match_step {α β : Type w} {m : Type w → Type w'} [It
           fun out h' acc => f out (.indirect ⟨_, rfl, h⟩ h') acc
       | .done _ => return init) := by
   rw [IterM.forIn'_eq, DefaultConsumers.forIn'_eq_match_step]
-  apply bind_congr
-  intro step
-  cases step.inflate using PlausibleIterStep.casesOn
-  · simp only [map_eq_pure_bind, bind_assoc]
-    apply bind_congr
-    intro forInStep
-    cases forInStep
+  · apply bind_congr; intro step
+    cases step.inflate using PlausibleIterStep.casesOn
+    · simp only [bind_assoc]
+      apply bind_congr
+      intro forInStep
+      cases forInStep
+      · simp
+      · simp only [forIn'_eq, pure_bind]
+        exact DefaultConsumers.forIn'_eq_forIn' (α := α) (m := m) (n := n) _
+          IteratorLoop.wellFounded_of_finite (by simp)
+    · simp only [forIn'_eq]
+      exact DefaultConsumers.forIn'_eq_forIn' (α := α) (m := m) (n := n) _
+          IteratorLoop.wellFounded_of_finite (by simp)
     · simp
-    · simp only [bind_pure_comp, pure_bind, forIn'_eq]
-      apply DefaultConsumers.forIn'_eq_forIn'
-      intros; congr
-  · simp only [forIn'_eq]
-    apply DefaultConsumers.forIn'_eq_forIn'
-    intros; congr
-  · simp
+  · exact IteratorLoop.wellFounded_of_finite
 
 theorem IterM.forIn_eq_match_step {α β : Type w} {m : Type w → Type w'} [Iterator α m β]
     [Finite α m] {n : Type w → Type w''} [Monad m] [Monad n] [LawfulMonad n]

src/Init/Data/Iterators/Producers/Monadic/List.lean

@@ -72,19 +72,9 @@ instance {α : Type w} [Monad m] {n : Type w → Type w''} [Monad n] :
     IteratorCollect (ListIterator α) m n :=
   .defaultImplementation
 
-@[always_inline, inline]
-instance {α : Type w} [Monad m] {n : Type w → Type w''} [Monad n] :
-    IteratorCollectPartial (ListIterator α) m n :=
-  .defaultImplementation
-
 @[always_inline, inline]
 instance {α : Type w} [Monad m] {n : Type x → Type x'} [Monad n] :
     IteratorLoop (ListIterator α) m n :=
   .defaultImplementation
 
-@[always_inline, inline]
-instance {α : Type w} [Monad m] {n : Type x → Type x'} [Monad n] :
-    IteratorLoopPartial (ListIterator α) m n :=
-  .defaultImplementation
-
 end Std.Iterators

src/Init/Data/Iterators/ToIterator.lean

@@ -19,110 +19,45 @@ open Std.Iterators
 
 namespace Std.Iterators
 
-/--
-This typeclass provides an iterator for the given element `x : γ`. Usually, instances are provided
-for all elements of a type `γ`.
--/
-class ToIterator {γ : Type u} (x : γ) (m : Type w → Type w') (β : outParam (Type w)) where
-  State : Type w
-  iterMInternal : IterM (α := State) m β
+/-- This typeclass provides an iterator for elements of type `γ`. -/
+class ToIterator (γ : Type u) (m : Type w → Type w') (α β : outParam (Type w)) where
+  iterMInternal (x : γ) : IterM (α := α) m β
 
 /-- Converts `x` into a monadic iterator. -/
 @[always_inline, inline, expose]
-def ToIterator.iterM (x : γ) [ToIterator x m β] : IterM (α := ToIterator.State x m) m β :=
+def ToIterator.iterM (x : γ) [ToIterator γ m α β] : IterM (α := α) m β :=
   ToIterator.iterMInternal (x := x)
 
 /-- Converts `x` into a pure iterator. -/
 @[always_inline, inline, expose]
-def ToIterator.iter (x : γ) [ToIterator x Id β] : Iter (α := ToIterator.State x Id) β :=
+def ToIterator.iter [ToIterator γ Id α β] (x : γ) : Iter (α := α) β :=
   ToIterator.iterM x |>.toIter
 
 /-- Creates a monadic `ToIterator` instance. -/
 @[always_inline, inline, expose]
-def ToIterator.ofM {x : γ} (State : Type w)
-    (iterM : IterM (α := State) m β) :
-    ToIterator x m β where
-  State := State
-  iterMInternal := iterM
+def ToIterator.ofM (α : Type w)
+    (iterM : γ → IterM (α := α) m β) :
+    ToIterator γ m α β where
+  iterMInternal x := iterM x
 
 /-- Creates a pure `ToIterator` instance. -/
 @[always_inline, inline, expose]
-def ToIterator.of {x : γ} (State : Type w)
-    (iter : Iter (α := State) β) :
-    ToIterator x Id β where
-  State := State
-  iterMInternal := iter.toIterM
+def ToIterator.of (α : Type w)
+    (iter : γ → Iter (α := α) β) :
+    ToIterator γ Id α β where
+  iterMInternal x := iter x |>.toIterM
 
-theorem ToIterator.iterM_eq {γ : Type u} {x : γ} {State : Type v} {β : Type v} {it} :
-    letI : ToIterator x Id β := .ofM State it
-    ToIterator.iterM x = it :=
+/-- Replaces `ToIterator.iterM` with its definition. -/
+theorem ToIterator.iterM_eq {γ : Type u} {α β : Type v}
+    {it : γ → IterM (α := α) Id β} {x} :
+    letI : ToIterator γ Id α β := .ofM α it
+    ToIterator.iterM x = it x :=
   rfl
 
-theorem ToIterator.iter_eq {γ : Type u} {x : γ} {State : Type v} {β : Type v} {it} :
-    letI : ToIterator x Id β := .ofM State it
-    ToIterator.iter x = it.toIter :=
-  rfl
-
-/-!
-## Instance forwarding
-
-If the type defined as `ToIterator.State` implements an iterator typeclass, then this typeclass
-should also be available when the type is syntactically visible as `ToIteratorState`. The following
-instances are responsible for this forwarding.
--/
-
-instance {x : γ} {State : Type w} {iter}
-    [Iterator State m β] :
-    letI i : ToIterator x m β := .ofM State iter
-    Iterator (α := i.State) m β :=
-  inferInstanceAs <| Iterator State m β
-
-instance {x : γ} {State : Type w} {iter}
-    [Iterator (α := State) m β] [Finite State m] :
-    letI i : ToIterator x m β := .ofM State iter
-    Finite (α := i.State) m :=
-  inferInstanceAs <| Finite (α := State) m
-
-instance {x : γ} {State : Type w} {iter}
-    [Iterator (α := State) m β] [IteratorCollect State m n] :
-    letI i : ToIterator x m β := .ofM State iter
-    IteratorCollect (α := i.State) m n :=
-  inferInstanceAs <| IteratorCollect (α := State) m n
-
-instance {x : γ} {State : Type w} {iter} [Monad m] [Monad n]
-    [Iterator (α := State) m β] [IteratorCollect State m n] [LawfulIteratorCollect State m n] :
-    letI i : ToIterator x m β := .ofM State iter
-    LawfulIteratorCollect (α := i.State) m n :=
-  inferInstanceAs <| LawfulIteratorCollect (α := State) m n
-
-instance {x : γ} {State : Type w} {iter}
-    [Iterator (α := State) m β] [IteratorCollectPartial State m n] :
-    letI i : ToIterator x m β := .ofM State iter
-    IteratorCollectPartial (α := i.State) m n :=
-  inferInstanceAs <| IteratorCollectPartial (α := State) m n
-
-instance {x : γ} {State : Type w} {iter}
-    [Iterator (α := State) m β] [IteratorLoop State m n] :
-    letI i : ToIterator x m β := .ofM State iter
-    IteratorLoop (α := i.State) m n :=
-  inferInstanceAs <| IteratorLoop (α := State) m n
-
-instance {x : γ} {State : Type w} {iter} [Monad m] [Monad n]
-    [Iterator (α := State) m β] [IteratorLoop State m n] [LawfulIteratorLoop State m n]:
-    letI i : ToIterator x m β := .ofM State iter
-    LawfulIteratorLoop (α := i.State) m n :=
-  inferInstanceAs <| LawfulIteratorLoop (α := State) m n
-
-instance {x : γ} {State : Type w} {iter}
-    [Iterator (α := State) m β] [IteratorLoopPartial State m n] :
-    letI i : ToIterator x m β := .ofM State iter
-    IteratorLoopPartial (α := i.State) m n :=
-  inferInstanceAs <| IteratorLoopPartial (α := State) m n
-
-@[simp]
-theorem ToIterator.state_eq {x : γ} {State : Type w} {iter} :
-    haveI : ToIterator x Id β := .of State iter
-    ToIterator.State x Id = State :=
+/-- Replaces `ToIterator.iter` with its definition. -/
+theorem ToIterator.iter_eq {γ : Type u} {x : γ} {α β : Type v} {it} :
+    letI : ToIterator γ Id α β := .ofM α it
+    ToIterator.iter x = (it x).toIter :=
   rfl
 
 end Std.Iterators

src/Init/Data/List/Basic.lean

@@ -301,7 +301,7 @@ Examples:
 def getLast : ∀ (as : List α), as ≠ [] → α
   | [],       h => absurd rfl h
   | [a],      _ => a
-  | _::b::as, _ => getLast (b::as) (fun h => List.noConfusion h)
+  | _::b::as, _ => getLast (b::as) (fun h => List.noConfusion rfl (heq_of_eq h))
 
 /-! ### getLast? -/
 
@@ -318,7 +318,7 @@ Examples:
 -/
 def getLast? : List α → Option α
   | []    => none
-  | a::as => some (getLast (a::as) (fun h => List.noConfusion h))
+  | a::as => some (getLast (a::as) (fun h => List.noConfusion rfl (heq_of_eq h)))
 
 @[simp, grind =] theorem getLast?_nil : @getLast? α [] = none := rfl
 
@@ -337,7 +337,7 @@ Examples:
 -/
 def getLastD : (as : List α) → (fallback : α) → α
   | [],   a₀ => a₀
-  | a::as, _ => getLast (a::as) (fun h => List.noConfusion h)
+  | a::as, _ => getLast (a::as) (fun h => List.noConfusion rfl (heq_of_eq h))
 
 -- These aren't `simp` lemmas since we always simplify `getLastD` in terms of `getLast?`.
 theorem getLastD_nil {a : α} : getLastD [] a = a := rfl
@@ -1607,8 +1607,8 @@ such element is found.
 `O(|l|)`.
 
 Examples:
-* `[7, 6, 5, 8, 1, 2, 6].find? (· < 5) = some 2`
-* `[7, 6, 5, 8, 1, 2, 6].find? (· < 1) = none`
+* `[7, 6, 5, 8, 1, 2, 6].findRev? (· < 5) = some 2`
+* `[7, 6, 5, 8, 1, 2, 6].findRev? (· < 1) = none`
 -/
 def findRev? (p : α → Bool) : List α → Option α
   | []    => none
@@ -1847,6 +1847,7 @@ Examples:
 * `[2, 4, 5, 6].any (· % 2 = 0) = true`
 * `[2, 4, 5, 6].any (· % 2 = 1) = true`
 -/
+@[suggest_for List.some]
 def any : (l : List α) → (p : α → Bool) → Bool
   | [], _ => false
   | h :: t, p => p h || any t p
@@ -1866,6 +1867,7 @@ Examples:
 * `[2, 4, 6].all (· % 2 = 0) = true`
 * `[2, 4, 5, 6].all (· % 2 = 0) = false`
 -/
+@[suggest_for List.every]
 def all : List α → (α → Bool) → Bool
   | [], _ => true
   | h :: t, p => p h && all t p
@@ -2252,7 +2254,7 @@ def eraseReps {α} [BEq α] (as : List α) : List α := eraseRepsBy (· == ·) a
 /-! ### span -/
 
 /--
-Splits a list into the the longest initial segment for which `p` returns `true`, paired with the
+Splits a list into the longest initial segment for which `p` returns `true`, paired with the
 remainder of the list.
 
 `O(|l|)`.

src/Init/Data/List/BasicAux.lean

@@ -57,7 +57,7 @@ Examples:
 @[expose]
 def getLast! [Inhabited α] : List α → α
   | []    => panic! "empty list"
-  | a::as => getLast (a::as) (fun h => List.noConfusion h)
+  | a::as => getLast (a::as) (fun h => List.noConfusion rfl (heq_of_eq h))
 
 /-! ## Head and tail -/
 

src/Init/Data/List/Control.lean

@@ -366,12 +366,6 @@ theorem idRun_findM? (p : α → Id Bool) (as : List α) :
     (findM? p as).run = as.find? (p · |>.run) :=
   findM?_pure _ _
 
-@[deprecated idRun_findM? (since := "2025-05-21")]
-theorem findM?_id (p : α → Id Bool) (as : List α) :
-    findM? (m := Id) p as = as.find? p :=
-  findM?_pure _ _
-
-
 /--
 Returns the first non-`none` result of applying the monadic function `f` to each element of the
 list, in order. Returns `none` if `f` returns `none` for all elements.
@@ -434,11 +428,6 @@ theorem idRun_findSomeM? (f : α → Id (Option β)) (as : List α) :
     (findSomeM? f as).run = as.findSome? (f · |>.run) :=
   findSomeM?_pure
 
-@[deprecated idRun_findSomeM? (since := "2025-05-21")]
-theorem findSomeM?_id (f : α → Id (Option β)) (as : List α) :
-    findSomeM? (m := Id) f as = as.findSome? f :=
-  findSomeM?_pure
-
 theorem findSome?_eq_findSomeM? {f : α → Option β} {as : List α} :
     as.findSome? f = (as.findSomeM? (pure (f := Id) <| f ·)).run := by
   simp
@@ -471,7 +460,7 @@ theorem findM?_eq_findSomeM? [Monad m] [LawfulMonad m] {p : α → m Bool} {as :
         loop as' b this
   loop as init ⟨[], rfl⟩
 
-instance : ForIn' m (List α) α inferInstance where
+instance [Monad m] : ForIn' m (List α) α inferInstance where
   forIn' := List.forIn'
 
 -- No separate `ForIn` instance is required because it can be derived from `ForIn'`.
@@ -485,7 +474,7 @@ instance : ForIn' m (List α) α inferInstance where
 @[simp, grind =] theorem forIn_nil [Monad m] {f : α → β → m (ForInStep β)} {b : β} : forIn [] b f = pure b :=
   rfl
 
-instance : ForM m (List α) α where
+instance [Monad m] : ForM m (List α) α where
   forM := List.forM
 
 -- We simplify `List.forM` to `forM`.

src/Init/Data/List/Count.lean

@@ -29,7 +29,7 @@ section countP
 
 variable {p q : α → Bool}
 
-@[simp] theorem countP_nil : countP p [] = 0 := rfl
+@[simp, grind =] theorem countP_nil : countP p [] = 0 := rfl
 
 protected theorem countP_go_eq_add {l} : countP.go p l n = n + countP.go p l 0 := by
   induction l generalizing n with
@@ -47,6 +47,7 @@ protected theorem countP_go_eq_add {l} : countP.go p l n = n + countP.go p l 0 :
 @[simp] theorem countP_cons_of_neg {l} (pa : ¬p a) : countP p (a :: l) = countP p l := by
   simp [countP, countP.go, pa]
 
+@[grind =]
 theorem countP_cons {a : α} {l : List α} : countP p (a :: l) = countP p l + if p a then 1 else 0 := by
   by_cases h : p a <;> simp [h]
 
@@ -66,7 +67,6 @@ theorem length_eq_countP_add_countP (p : α → Bool) {l : List α} : length l =
       · rfl
       · simp [h]
 
-@[grind =]  -- This to quite aggressive, as it introduces `filter` based reasoning whenever we see `countP`.
 theorem countP_eq_length_filter {l : List α} : countP p l = (filter p l).length := by
   induction l with
   | nil => rfl
@@ -75,7 +75,8 @@ theorem countP_eq_length_filter {l : List α} : countP p l = (filter p l).length
     then rw [countP_cons_of_pos h, ih, filter_cons_of_pos h, length]
     else rw [countP_cons_of_neg h, ih, filter_cons_of_neg h]
 
-@[grind =]
+grind_pattern countP_eq_length_filter => l.countP p, l.filter p
+
 theorem countP_eq_length_filter' : countP p = length ∘ filter p := by
   funext l
   apply countP_eq_length_filter
@@ -351,10 +352,6 @@ theorem filter_eq [DecidableEq α] {l : List α} (a : α) : l.filter (· = a) =
   · simpa only [count_replicate_self] using h.count_le a
   · exact ((replicate_sublist_replicate a).2 h).trans <| filter_beq a ▸ filter_sublist
 
-@[deprecated replicate_sublist_iff (since := "2025-05-26")]
-theorem le_count_iff_replicate_sublist {l : List α} : n ≤ count a l ↔ replicate n a <+ l :=
-  replicate_sublist_iff.symm
-
 theorem replicate_count_eq_of_count_eq_length {l : List α} (h : count a l = length l) :
     replicate (count a l) a = l :=
   (replicate_sublist_iff.mpr (Nat.le_refl _)).eq_of_length <| length_replicate.trans h

src/Init/Data/List/Lemmas.lean

@@ -13,6 +13,9 @@ import all Init.Data.List.BasicAux
 public import Init.Data.List.Control
 import all Init.Data.List.Control
 public import Init.BinderPredicates
+import Init.Grind.Annotated
+
+grind_annotated "2025-01-24"
 
 public section
 
@@ -74,7 +77,7 @@ Further results, which first require developing further automation around `Nat`,
 * `Init.Data.List.Nat.TakeDrop`: `List.take` and `List.drop`
 
 Also
-* `Init.Data.List.Monadic` for addiation lemmas about `List.mapM` and `List.forM`.
+* `Init.Data.List.Monadic` for additional lemmas about `List.mapM` and `List.forM`.
 
 -/
 
@@ -251,6 +254,10 @@ theorem getElem_eq_getElem?_get {l : List α} {i : Nat} (h : i < l.length) :
     l[i] = l[i]?.get (by simp [h]) := by
   simp
 
+theorem getElem_eq_getD {l : List α} {i : Nat} {h : i < l.length} (fallback : α) :
+    l[i] = l.getD i fallback := by
+  rw [getElem_eq_getElem?_get, List.getD, Option.get_eq_getD]
+
 theorem getD_getElem? {l : List α} {i : Nat} {d : α} :
     l[i]?.getD d = if p : i < l.length then l[i]'p else d := by
   if h : i < l.length then
@@ -2559,17 +2566,9 @@ theorem foldr_eq_foldrM {f : α → β → β} {b : β} {l : List α} :
 theorem idRun_foldlM {f : β → α → Id β} {b : β} {l : List α} :
     Id.run (l.foldlM f b) = l.foldl (f · · |>.run) b := foldl_eq_foldlM.symm
 
-@[deprecated idRun_foldlM (since := "2025-05-21")]
-theorem id_run_foldlM {f : β → α → Id β} {b : β} {l : List α} :
-    Id.run (l.foldlM f b) = l.foldl f b := foldl_eq_foldlM.symm
-
 theorem idRun_foldrM {f : α → β → Id β} {b : β} {l : List α} :
     Id.run (l.foldrM f b) = l.foldr (f · · |>.run) b := foldr_eq_foldrM.symm
 
-@[deprecated idRun_foldrM (since := "2025-05-21")]
-theorem id_run_foldrM {f : α → β → Id β} {b : β} {l : List α} :
-    Id.run (l.foldrM f b) = l.foldr f b := foldr_eq_foldrM.symm
-
 @[simp] theorem foldlM_reverse [Monad m] {l : List α} {f : β → α → m β} {b : β} :
     l.reverse.foldlM f b = l.foldrM (fun x y => f y x) b := rfl
 

src/Init/Data/List/Monadic.lean

@@ -73,10 +73,6 @@ theorem mapM'_eq_mapM [Monad m] [LawfulMonad m] {f : α → m β} {l : List α}
 @[simp, grind =] theorem idRun_mapM {l : List α} {f : α → Id β} : (l.mapM f).run = l.map (f · |>.run) :=
   mapM_pure
 
-@[deprecated idRun_mapM (since := "2025-05-21")]
-theorem mapM_id {l : List α} {f : α → Id β} : (l.mapM f).run = l.map (f · |>.run) :=
-  mapM_pure
-
 @[simp, grind =] theorem mapM_map [Monad m] [LawfulMonad m] {f : α → β} {g : β → m γ} {l : List α} :
     (l.map f).mapM g = l.mapM (g ∘ f) := by
   induction l <;> simp_all
@@ -388,13 +384,6 @@ theorem forIn'_eq_foldlM [Monad m] [LawfulMonad m]
       l.attach.foldl (fun b ⟨a, h⟩ => f a h b |>.run) init :=
   forIn'_pure_yield_eq_foldl _ _
 
-@[deprecated idRun_forIn'_yield_eq_foldl (since := "2025-05-21")]
-theorem forIn'_yield_eq_foldl
-    {l : List α} (f : (a : α) → a ∈ l → β → β) (init : β) :
-    forIn' (m := Id) l init (fun a m b => .yield (f a m b)) =
-      l.attach.foldl (fun b ⟨a, h⟩ => f a h b) init :=
-  forIn'_pure_yield_eq_foldl _ _
-
 @[simp, grind =] theorem forIn'_map [Monad m] [LawfulMonad m]
     {l : List α} (g : α → β) (f : (b : β) → b ∈ l.map g → γ → m (ForInStep γ)) :
     forIn' (l.map g) init f = forIn' l init fun a h y => f (g a) (mem_map_of_mem h) y := by
@@ -447,13 +436,6 @@ theorem forIn_eq_foldlM [Monad m] [LawfulMonad m]
       l.foldl (fun b a => f a b |>.run) init :=
   forIn_pure_yield_eq_foldl _ _
 
-@[deprecated idRun_forIn_yield_eq_foldl (since := "2025-05-21")]
-theorem forIn_yield_eq_foldl
-    {l : List α} (f : α → β → β) (init : β) :
-    forIn (m := Id) l init (fun a b => .yield (f a b)) =
-      l.foldl (fun b a => f a b) init :=
-  forIn_pure_yield_eq_foldl _ _
-
 @[simp, grind =] theorem forIn_map [Monad m] [LawfulMonad m]
     {l : List α} {g : α → β} {f : β → γ → m (ForInStep γ)} :
     forIn (l.map g) init f = forIn l init fun a y => f (g a) y := by

src/Init/Data/List/Nat/InsertIdx.lean

@@ -121,9 +121,6 @@ theorem eraseIdx_insertIdx_self {i : Nat} {l : List α} (a : α) : (l.insertIdx
   rw [eraseIdx_eq_modifyTailIdx, insertIdx, modifyTailIdx_modifyTailIdx_self]
   exact modifyTailIdx_id _ _
 
-@[deprecated eraseIdx_insertIdx_self (since := "2025-06-18")]
-abbrev eraseIdx_insertIdx := @eraseIdx_insertIdx_self
-
 @[simp]
 theorem insertIdx_length_self {l : List α} {x : α} : l.insertIdx l.length x = l ++ [x] := by
   induction l with

src/Init/Data/List/Nat/Perm.lean

@@ -60,14 +60,14 @@ theorem set_set_perm {as : List α} {i j : Nat} (h₁ : i < as.length) (h₂ : j
 
 namespace Perm
 
-/-- Variant of `List.Perm.take` specifying the the permutation is constant after `i` elementwise. -/
+/-- Variant of `List.Perm.take` specifying that the permutation is constant after `i` elementwise. -/
 theorem take_of_getElem? {l₁ l₂ : List α} (h : l₁ ~ l₂) {i : Nat} (w : ∀ j, i ≤ j → l₁[j]? = l₂[j]?) :
     l₁.take i ~ l₂.take i := by
   refine h.take (Perm.of_eq ?_)
   ext1 j
   simpa using w (i + j) (by omega)
 
-/-- Variant of `List.Perm.drop` specifying the the permutation is constant before `i` elementwise. -/
+/-- Variant of `List.Perm.drop` specifying that the permutation is constant before `i` elementwise. -/
 theorem drop_of_getElem? {l₁ l₂ : List α} (h : l₁ ~ l₂) {i : Nat} (w : ∀ j, j < i → l₁[j]? = l₂[j]?) :
     l₁.drop i ~ l₂.drop i := by
   refine h.drop (Perm.of_eq ?_)

src/Init/Data/List/Nat/Sublist.lean

@@ -60,9 +60,6 @@ theorem suffix_iff_getElem? {l₁ l₂ : List α} : l₁ <:+ l₂ ↔
     rw [w, getElem_reverse]
     exact Nat.lt_of_lt_of_le h le
 
-@[deprecated suffix_iff_getElem? (since := "2025-05-27")]
-abbrev isSuffix_iff := @suffix_iff_getElem?
-
 theorem suffix_iff_getElem {l₁ l₂ : List α} :
     l₁ <:+ l₂ ↔ ∃ (_ : l₁.length ≤ l₂.length), ∀ i (_ : i < l₁.length), l₂[i + l₂.length - l₁.length] = l₁[i] := by
   rw [suffix_iff_getElem?]
@@ -111,9 +108,6 @@ theorem infix_iff_getElem? {l₁ l₂ : List α} : l₁ <:+: l₂ ↔
       simp_all
       omega
 
-@[deprecated infix_iff_getElem? (since := "2025-05-27")]
-abbrev isInfix_iff := @infix_iff_getElem?
-
 theorem suffix_iff_eq_append : l₁ <:+ l₂ ↔ take (length l₂ - length l₁) l₂ ++ l₁ = l₂ :=
   ⟨by rintro ⟨r, rfl⟩; simp only [length_append, Nat.add_sub_cancel_right, take_left], fun e =>
     ⟨_, e⟩⟩

src/Init/Data/List/Nat/TakeDrop.lean

@@ -137,9 +137,6 @@ theorem take_append {l₁ l₂ : List α} {i : Nat} :
       congr 1
       omega
 
-@[deprecated take_append (since := "2025-06-16")]
-abbrev take_append_eq_append_take := @take_append
-
 theorem take_append_of_le_length {l₁ l₂ : List α} {i : Nat} (h : i ≤ l₁.length) :
     (l₁ ++ l₂).take i = l₁.take i := by
   simp [take_append, Nat.sub_eq_zero_of_le h]
@@ -318,9 +315,6 @@ theorem drop_append {l₁ l₂ : List α} {i : Nat} :
       congr 1
       omega
 
-@[deprecated drop_append (since := "2025-06-16")]
-abbrev drop_append_eq_append_drop := @drop_append
-
 theorem drop_append_of_le_length {l₁ l₂ : List α} {i : Nat} (h : i ≤ l₁.length) :
     (l₁ ++ l₂).drop i = l₁.drop i ++ l₂ := by
   simp [drop_append, Nat.sub_eq_zero_of_le h]

src/Init/Data/List/Perm.lean

@@ -601,6 +601,12 @@ theorem sum_nat {l₁ l₂ : List Nat} (h : l₁ ~ l₂) : l₁.sum = l₂.sum :
   | swap => simpa [List.sum_cons] using Nat.add_left_comm ..
   | trans _ _ ih₁ ih₂ => simp [ih₁, ih₂]
 
+theorem all_eq {l₁ l₂ : List α} {f : α → Bool} (hp : l₁.Perm l₂) : l₁.all f = l₂.all f := by
+  rw [Bool.eq_iff_iff]; simp [hp.mem_iff]
+
+theorem any_eq {l₁ l₂ : List α} {f : α → Bool} (hp : l₁.Perm l₂) : l₁.any f = l₂.any f := by
+  rw [Bool.eq_iff_iff]; simp [hp.mem_iff]
+
 grind_pattern Perm.sum_nat => l₁ ~ l₂, l₁.sum
 grind_pattern Perm.sum_nat => l₁ ~ l₂, l₂.sum
 

src/Init/Data/List/Range.lean

@@ -37,7 +37,7 @@ open Nat
   rw [← length_eq_zero_iff, length_range']
 
 theorem range'_ne_nil_iff (s : Nat) {n step : Nat} : range' s n step ≠ [] ↔ n ≠ 0 := by
-  cases n <;> simp
+  simp
 
 theorem range'_eq_cons_iff : range' s n step = a :: xs ↔ s = a ∧ 0 < n ∧ xs = range' (a + step) (n - 1) step := by
   induction n generalizing s with

src/Init/Data/List/Sublist.lean

@@ -249,7 +249,7 @@ theorem Sublist.eq_of_length : l₁ <+ l₂ → length l₁ = length l₂ → l
   | .cons a s, h => nomatch Nat.not_lt.2 s.length_le (h ▸ lt_succ_self _)
   | .cons₂ a s, h => by rw [s.eq_of_length (succ.inj h)]
 
--- Only activative `eq_of_length` if we're already thinking about lengths.
+-- Only activate `eq_of_length` if we're already thinking about lengths.
 grind_pattern Sublist.eq_of_length => l₁ <+ l₂, length l₁, length l₂
 
 theorem Sublist.eq_of_length_le (s : l₁ <+ l₂) (h : length l₂ ≤ length l₁) : l₁ = l₂ :=
@@ -976,9 +976,6 @@ theorem prefix_iff_getElem? {l₁ l₂ : List α} :
 
 -- See `Init.Data.List.Nat.Sublist` for `isSuffix_iff` and `ifInfix_iff`.
 
-@[deprecated prefix_iff_getElem? (since := "2025-05-27")]
-abbrev isPrefix_iff := @prefix_iff_getElem?
-
 theorem prefix_iff_getElem {l₁ l₂ : List α} :
     l₁ <+: l₂ ↔ ∃ (h : l₁.length ≤ l₂.length), ∀ i (hx : i < l₁.length),
       l₁[i] = l₂[i]'(Nat.lt_of_lt_of_le hx h) where
@@ -997,9 +994,6 @@ theorem prefix_iff_getElem {l₁ l₂ : List α} :
         simp only [cons_prefix_cons]
         exact ⟨h 0 (zero_lt_succ _), tail_ih hl fun a ha ↦ h a.succ (succ_lt_succ ha)⟩
 
-@[deprecated prefix_iff_getElem (since := "2025-05-27")]
-abbrev isPrefix_iff_getElem := @prefix_iff_getElem
-
 theorem cons_prefix_iff {a : α} {l₁ l₂ : List α} :
     a :: l₁ <+: l₂ ↔ ∃ l', l₂ = a :: l' ∧ l₁ <+: l' := by
   match l₂ with
@@ -1015,9 +1009,6 @@ theorem prefix_filterMap_iff {β} {f : α → Option β} {l₁ : List α} {l₂
   · rintro ⟨l₁, ⟨l₂, rfl⟩, rfl⟩
     exact ⟨_, l₁, l₂, rfl, rfl, rfl⟩
 
-@[deprecated prefix_filterMap_iff (since := "2025-05-27")]
-abbrev isPrefix_filterMap_iff := @prefix_filterMap_iff
-
 theorem suffix_filterMap_iff {β} {f : α → Option β} {l₁ : List α} {l₂ : List β} :
     l₂ <:+ filterMap f l₁ ↔ ∃ l, l <:+ l₁ ∧ l₂ = filterMap f l := by
   simp only [IsSuffix, append_eq_filterMap_iff]
@@ -1027,9 +1018,6 @@ theorem suffix_filterMap_iff {β} {f : α → Option β} {l₁ : List α} {l₂
   · rintro ⟨l₁, ⟨l₂, rfl⟩, rfl⟩
     exact ⟨_, l₂, l₁, rfl, rfl, rfl⟩
 
-@[deprecated suffix_filterMap_iff (since := "2025-05-27")]
-abbrev isSuffix_filterMap_iff := @suffix_filterMap_iff
-
 theorem infix_filterMap_iff {β} {f : α → Option β} {l₁ : List α} {l₂ : List β} :
     l₂ <:+: filterMap f l₁ ↔ ∃ l, l <:+: l₁ ∧ l₂ = filterMap f l := by
   simp only [IsInfix, append_eq_filterMap_iff, filterMap_eq_append_iff]
@@ -1039,51 +1027,30 @@ theorem infix_filterMap_iff {β} {f : α → Option β} {l₁ : List α} {l₂ :
   · rintro ⟨l₃, ⟨l₂, l₁, rfl⟩, rfl⟩
     exact ⟨_, _, _, l₁, rfl, ⟨⟨l₂, l₃, rfl, rfl, rfl⟩, rfl⟩⟩
 
-@[deprecated infix_filterMap_iff (since := "2025-05-27")]
-abbrev isInfix_filterMap_iff := @infix_filterMap_iff
-
 theorem prefix_filter_iff {p : α → Bool} {l₁ l₂ : List α} :
     l₂ <+: l₁.filter p ↔ ∃ l, l <+: l₁ ∧ l₂ = l.filter p := by
   rw [← filterMap_eq_filter, prefix_filterMap_iff]
 
-@[deprecated prefix_filter_iff (since := "2025-05-27")]
-abbrev isPrefix_filter_iff := @prefix_filter_iff
-
 theorem suffix_filter_iff {p : α → Bool} {l₁ l₂ : List α} :
     l₂ <:+ l₁.filter p ↔ ∃ l, l <:+ l₁ ∧ l₂ = l.filter p := by
   rw [← filterMap_eq_filter, suffix_filterMap_iff]
 
-@[deprecated suffix_filter_iff (since := "2025-05-27")]
-abbrev isSuffix_filter_iff := @suffix_filter_iff
-
 theorem infix_filter_iff {p : α → Bool} {l₁ l₂ : List α} :
     l₂ <:+: l₁.filter p ↔ ∃ l, l <:+: l₁ ∧ l₂ = l.filter p := by
   rw [← filterMap_eq_filter, infix_filterMap_iff]
 
-@[deprecated infix_filter_iff (since := "2025-05-27")]
-abbrev isInfix_filter_iff := @infix_filter_iff
-
 theorem prefix_map_iff {β} {f : α → β} {l₁ : List α} {l₂ : List β} :
     l₂ <+: l₁.map f ↔ ∃ l, l <+: l₁ ∧ l₂ = l.map f := by
   rw [← filterMap_eq_map, prefix_filterMap_iff]
 
-@[deprecated prefix_map_iff (since := "2025-05-27")]
-abbrev isPrefix_map_iff := @prefix_map_iff
-
 theorem suffix_map_iff {β} {f : α → β} {l₁ : List α} {l₂ : List β} :
     l₂ <:+ l₁.map f ↔ ∃ l, l <:+ l₁ ∧ l₂ = l.map f := by
   rw [← filterMap_eq_map, suffix_filterMap_iff]
 
-@[deprecated suffix_map_iff (since := "2025-05-27")]
-abbrev isSuffix_map_iff := @suffix_map_iff
-
 theorem infix_map_iff {β} {f : α → β} {l₁ : List α} {l₂ : List β} :
     l₂ <:+: l₁.map f ↔ ∃ l, l <:+: l₁ ∧ l₂ = l.map f := by
   rw [← filterMap_eq_map, infix_filterMap_iff]
 
-@[deprecated infix_map_iff (since := "2025-05-27")]
-abbrev isInfix_map_iff := @infix_map_iff
-
 @[grind =] theorem prefix_replicate_iff {n} {a : α} {l : List α} :
     l <+: List.replicate n a ↔ l.length ≤ n ∧ l = List.replicate l.length a := by
   rw [IsPrefix]
@@ -1096,17 +1063,11 @@ abbrev isInfix_map_iff := @infix_map_iff
     · simpa using add_sub_of_le h
     · simpa using w
 
-@[deprecated prefix_replicate_iff (since := "2025-05-27")]
-abbrev isPrefix_replicate_iff := @prefix_replicate_iff
-
 @[grind =] theorem suffix_replicate_iff {n} {a : α} {l : List α} :
     l <:+ List.replicate n a ↔ l.length ≤ n ∧ l = List.replicate l.length a := by
   rw [← reverse_prefix, reverse_replicate, prefix_replicate_iff]
   simp [reverse_eq_iff]
 
-@[deprecated suffix_replicate_iff (since := "2025-05-27")]
-abbrev isSuffix_replicate_iff := @suffix_replicate_iff
-
 @[grind =] theorem infix_replicate_iff {n} {a : α} {l : List α} :
     l <:+: List.replicate n a ↔ l.length ≤ n ∧ l = List.replicate l.length a := by
   rw [IsInfix]
@@ -1119,9 +1080,6 @@ abbrev isSuffix_replicate_iff := @suffix_replicate_iff
     · simpa using Nat.sub_add_cancel h
     · simpa using w
 
-@[deprecated infix_replicate_iff (since := "2025-05-27")]
-abbrev isInfix_replicate_iff := @infix_replicate_iff
-
 theorem infix_of_mem_flatten : ∀ {L : List (List α)}, l ∈ L → l <:+: flatten L
   | l' :: _, h =>
     match h with

src/Init/Data/Nat/Bitwise/Lemmas.lean

@@ -338,9 +338,6 @@ theorem testBit_bool_toNat (b : Bool) (i : Nat) :
   simp [testBit_eq_decide_div_mod_eq,
         Nat.mod_eq_of_lt]
 
-@[deprecated testBit_bool_toNat (since := "2025-06-22")]
-abbrev testBit_bool_to_nat := @testBit_bool_toNat
-
 /-- `testBit 1 i` is true iff the index `i` equals 0. -/
 theorem testBit_one_eq_true_iff_self_eq_zero {i : Nat} :
     Nat.testBit 1 i = true ↔ i = 0 := by

src/Init/Data/Nat/Dvd.lean

@@ -27,9 +27,15 @@ protected theorem dvd_trans {a b c : Nat} (h₁ : a ∣ b) (h₂ : b ∣ c) : a
 protected theorem dvd_mul_left_of_dvd {a b : Nat} (h : a ∣ b) (c : Nat) : a ∣ c * b :=
   Nat.dvd_trans h (Nat.dvd_mul_left _ _)
 
+grind_pattern Nat.dvd_mul_left_of_dvd => a ∣ b, c * b where
+  guard a ∣ b
+
 protected theorem dvd_mul_right_of_dvd {a b : Nat} (h : a ∣ b) (c : Nat) : a ∣ b * c :=
   Nat.dvd_trans h (Nat.dvd_mul_right _ _)
 
+grind_pattern Nat.dvd_mul_right_of_dvd => a ∣ b, b * c where
+  guard a ∣ b
+
 protected theorem eq_zero_of_zero_dvd {a : Nat} (h : 0 ∣ a) : a = 0 :=
   let ⟨c, H'⟩ := h; H'.trans c.zero_mul
 

src/Init/Data/Nat/Lemmas.lean

@@ -1086,6 +1086,18 @@ protected theorem pow_add (a m n : Nat) : a ^ (m + n) = a ^ m * a ^ n := by
   | zero => rw [Nat.add_zero, Nat.pow_zero, Nat.mul_one]
   | succ _ ih => rw [Nat.add_succ, Nat.pow_succ, Nat.pow_succ, ih, Nat.mul_assoc]
 
+theorem div_pow_of_pos (a n : Nat) : n > 0 → a ∣ a ^ n := by
+  cases n <;> simp [Nat.pow_add]
+  exact Nat.dvd_mul_left a (a ^ _)
+
+grind_pattern div_pow_of_pos => a ^ n where
+  is_value a
+  guard n > 0
+
+grind_pattern Nat.pow_pos => a ^ n where
+  not_value n
+  guard a > 0
+
 protected theorem pow_add' (a m n : Nat) : a ^ (m + n) = a ^ n * a ^ m := by
   rw [← Nat.pow_add, Nat.add_comm]
 

src/Init/Data/Option/Basic.lean

@@ -22,12 +22,12 @@ instance instDecidableEq {α} [inst : DecidableEq α] : DecidableEq (Option α)
   match a with
   | none => match b with
     | none => .isTrue rfl
-    | some _ => .isFalse Option.noConfusion
+    | some _ => .isFalse (fun h => Option.noConfusion rfl (heq_of_eq h))
   | some a => match b with
-    | none => .isFalse Option.noConfusion
+    | none => .isFalse (fun h => Option.noConfusion rfl (heq_of_eq h))
     | some b => match inst a b with
       | .isTrue h => .isTrue (h ▸ rfl)
-      | .isFalse n => .isFalse (Option.noConfusion · n)
+      | .isFalse n => .isFalse (fun h => Option.noConfusion rfl (heq_of_eq h) (fun h' => absurd (eq_of_heq h') n))
 
 /--
 Equality with `none` is decidable even if the wrapped type does not have decidable equality.
@@ -37,7 +37,7 @@ instance decidableEqNone (o : Option α) : Decidable (o = none) :=
     compatibility with the `DecidableEq` instance. -/
   match o with
   | none => .isTrue rfl
-  | some _ => .isFalse Option.noConfusion
+  | some _ => .isFalse (fun h => Option.noConfusion rfl (heq_of_eq h))
 
 /--
 Equality with `none` is decidable even if the wrapped type does not have decidable equality.
@@ -47,7 +47,7 @@ instance decidableNoneEq (o : Option α) : Decidable (none = o) :=
     compatibility with the `DecidableEq` instance. -/
   match o with
   | none => .isTrue rfl
-  | some _ => .isFalse Option.noConfusion
+  | some _ => .isFalse (fun h => Option.noConfusion rfl (heq_of_eq h))
 
 deriving instance BEq for Option
 
@@ -125,11 +125,6 @@ Examples:
 @[simp, grind =] theorem bind_none (f : α → Option β) : none.bind f = none := rfl
 @[simp, grind =] theorem bind_some (a) (f : α → Option β) : (some a).bind f = f a := rfl
 
-@[deprecated bind_none (since := "2025-05-03")]
-abbrev none_bind := @bind_none
-@[deprecated bind_some (since := "2025-05-03")]
-abbrev some_bind := @bind_some
-
 /--
 Runs the monadic action `f` on `o`'s value, if any, and returns the result, or  `none` if there is
 no value.
@@ -538,13 +533,6 @@ instance [Min α] : Min (Option α) where min := Option.min
 @[simp, grind =] theorem min_none_right [Min α] {o : Option α} : min o none = none := by
   cases o <;> rfl
 
-@[deprecated min_none_right (since := "2025-05-12")]
-theorem min_some_none [Min α] {a : α} : min (some a) none = none := rfl
-@[deprecated min_none_left (since := "2025-05-12")]
-theorem min_none_some [Min α] {b : α} : min none (some b) = none := rfl
-@[deprecated min_none_left (since := "2025-05-12")]
-theorem min_none_none [Min α] : min (none : Option α) none = none := rfl
-
 /--
 The maximum of two optional values.
 
@@ -571,14 +559,6 @@ instance [Max α] : Max (Option α) where max := Option.max
 @[simp, grind =] theorem max_none_right [Max α] {o : Option α} : max o none = o := by
   cases o <;> rfl
 
-@[deprecated max_none_right (since := "2025-05-12")]
-theorem max_some_none [Max α] {a : α} : max (some a) none = some a := rfl
-@[deprecated max_none_left (since := "2025-05-12")]
-theorem max_none_some [Max α] {b : α} : max none (some b) = some b := rfl
-@[deprecated max_none_left (since := "2025-05-12")]
-theorem max_none_none [Max α] : max (none : Option α) none = none := rfl
-
-
 end Option
 
 instance [LT α] : LT (Option α) where

src/Init/Data/Option/Instances.lean

@@ -16,9 +16,9 @@ namespace Option
 
 theorem eq_of_eq_some {α : Type u} : ∀ {x y : Option α}, (∀ z, x = some z ↔ y = some z) → x = y
   | none,   none,   _ => rfl
-  | none,   some z, h => Option.noConfusion ((h z).2 rfl)
-  | some z, none,   h => Option.noConfusion ((h z).1 rfl)
-  | some _, some w, h => Option.noConfusion ((h w).2 rfl) (congrArg some)
+  | none,   some z, h => Option.noConfusion rfl (heq_of_eq ((h z).2 rfl))
+  | some z, none,   h => Option.noConfusion rfl (heq_of_eq ((h z).1 rfl))
+  | some _, some w, h => Option.noConfusion rfl (heq_of_eq ((h w).2 rfl)) (fun h => congrArg some (eq_of_heq h))
 
 theorem eq_none_of_isNone {α : Type u} : ∀ {o : Option α}, o.isNone → o = none
   | none, _ => rfl
@@ -168,10 +168,10 @@ Examples:
   | none  , _ => pure ⟨⟩
   | some a, f => f a
 
-instance : ForM m (Option α) α :=
+instance [Monad m] : ForM m (Option α) α :=
   ⟨Option.forM⟩
 
-instance : ForIn' m (Option α) α inferInstance where
+instance [Monad m] : ForIn' m (Option α) α inferInstance where
   forIn' x init f := do
     match x with
     | none => return init

src/Init/Data/Option/Lemmas.lean

@@ -388,11 +388,6 @@ theorem bind_guard (x : Option α) (p : α → Bool) :
     x.bind (Option.guard p) = x.filter p := by
   cases x <;> rfl
 
-@[deprecated bind_guard (since := "2025-05-15")]
-theorem filter_eq_bind (x : Option α) (p : α → Bool) :
-    x.filter p = x.bind (Option.guard p) :=
-  (bind_guard x p).symm
-
 @[simp, grind =] theorem any_filter : (o : Option α) →
     (Option.filter p o).any q = Option.any (fun a => p a && q a) o
   | none => rfl
@@ -612,12 +607,6 @@ theorem guard_def (p : α → Bool) :
 
 @[grind =] theorem guard_apply : Option.guard p x = if p x then some x else none := rfl
 
-@[deprecated guard_def (since := "2025-05-15")]
-theorem guard_eq_map (p : α → Bool) :
-    Option.guard p = fun x => Option.map (fun _ => x) (if p x then some x else none) := by
-  funext x
-  simp [Option.guard]
-
 theorem guard_eq_ite {p : α → Bool} {x : α} :
     Option.guard p x = if p x then some x else none := rfl
 
@@ -765,9 +754,6 @@ theorem choice_eq_some [Subsingleton α] (a : α) : choice α = some a := by
   rw [dif_pos (⟨a⟩ : Nonempty α)]
   simp; apply Subsingleton.elim
 
-@[deprecated choice_eq_some (since := "2025-05-12")]
-abbrev choice_eq := @choice_eq_some
-
 @[simp]
 theorem choice_eq_default [Subsingleton α] [Inhabited α] : choice α = some default :=
   choice_eq_some _
@@ -821,9 +807,6 @@ theorem or_eq_right_of_none {o o' : Option α} (h : o = none) : o.or o' = o' :=
 @[simp, grind =] theorem or_some {o : Option α} : o.or (some a) = some (o.getD a) := by
   cases o <;> rfl
 
-@[deprecated or_some (since := "2025-05-03")]
-abbrev or_some' := @or_some
-
 @[simp, grind =]
 theorem or_none : or o none = o := by
   cases o <;> rfl
@@ -901,30 +884,6 @@ theorem or_eq_orElse : or o o' = o.orElse (fun _ => o') := by
 @[simp, grind =] theorem orElse_eq_or {o : Option α} {f} : o.orElse f = o.or (f ()) := by
   simp [or_eq_orElse]
 
-@[deprecated or_some (since := "2025-05-03")]
-theorem some_orElse (a : α) (f) : (some a).orElse f = some a := rfl
-
-@[deprecated or_none (since := "2025-05-03")]
-theorem none_orElse (f : Unit → Option α) : none.orElse f = f () := rfl
-
-@[deprecated or_none (since := "2025-05-13")]
-theorem orElse_fun_none (x : Option α) : x.orElse (fun _ => none) = x := by simp
-
-@[deprecated or_some (since := "2025-05-13")]
-theorem orElse_fun_some (x : Option α) (a : α) :
-    x.orElse (fun _ => some a) = some (x.getD a) := by simp
-
-@[deprecated or_eq_some_iff (since := "2025-05-13")]
-theorem orElse_eq_some_iff (o : Option α) (f) (x : α) :
-    (o.orElse f) = some x ↔ o = some x ∨ o = none ∧ f () = some x := by simp
-
-@[deprecated or_eq_none_iff (since := "2025-05-13")]
-theorem orElse_eq_none_iff (o : Option α) (f) : (o.orElse f) = none ↔ o = none ∧ f () = none := by simp
-
-@[deprecated map_or (since := "2025-05-13")]
-theorem map_orElse {x : Option α} {y} :
-    (x.orElse y).map f = (x.map f).orElse (fun _ => (y ()).map f) := by simp [map_or]
-
 /-! ### beq -/
 
 section beq

src/Init/Data/Option/Monadic.lean

@@ -97,13 +97,6 @@ theorem forIn'_eq_pelim [Monad m] [LawfulMonad m]
       o.pelim b (fun a h => f a h b |>.run) :=
   forIn'_pure_yield_eq_pelim _ _ _
 
-@[deprecated idRun_forIn'_yield_eq_pelim (since := "2025-05-21")]
-theorem forIn'_id_yield_eq_pelim
-    (o : Option α) (f : (a : α) → a ∈ o → β → β) (b : β) :
-    forIn' (m := Id) o b (fun a m b => .yield (f a m b)) =
-      o.pelim b (fun a h => f a h b) :=
-  forIn'_pure_yield_eq_pelim _ _ _
-
 @[simp, grind =] theorem forIn'_map [Monad m] [LawfulMonad m]
     (o : Option α) (g : α → β) (f : (b : β) → b ∈ o.map g → γ → m (ForInStep γ)) :
     forIn' (o.map g) init f = forIn' o init fun a h y => f (g a) (mem_map_of_mem g h) y := by
@@ -140,13 +133,6 @@ theorem forIn_eq_elim [Monad m] [LawfulMonad m]
       o.elim b (fun a => f a b |>.run) :=
   forIn_pure_yield_eq_elim _ _ _
 
-@[deprecated idRun_forIn_yield_eq_elim (since := "2025-05-21")]
-theorem forIn_id_yield_eq_elim
-    (o : Option α) (f : (a : α) → β → β) (b : β) :
-    forIn (m := Id) o b (fun a b => .yield (f a b)) =
-      o.elim b (fun a => f a b) :=
-  forIn_pure_yield_eq_elim _ _ _
-
 @[simp, grind =] theorem forIn_map [Monad m] [LawfulMonad m]
     (o : Option α) (g : α → β) (f : β → γ → m (ForInStep γ)) :
     forIn (o.map g) init f = forIn o init fun a y => f (g a) y := by

src/Init/Data/Ord/Basic.lean

@@ -631,7 +631,7 @@ instance [Ord α] : DecidableRel (@LT.lt α ltOfOrd) := fun a b =>
   decidable_of_bool (compare a b).isLT Ordering.isLT_iff_eq_lt
 
 /--
-Constructs an `LT` instance from an `Ord` instance that asserts that the result of `compare`
+Constructs an `LE` instance from an `Ord` instance that asserts that the result of `compare`
 satisfies `Ordering.isLE`.
 -/
 @[expose] def leOfOrd [Ord α] : LE α where

src/Init/Data/Order/ClassesExtra.lean

@@ -36,4 +36,6 @@ public theorem LawfulOrderOrd.isGE_compare_eq_false {α : Type u} [Ord α] [LE
     (compare a b).isGE = false ↔ ¬ b ≤ a := by
   simp [← isGE_compare]
 
+public abbrev LawfulOrderCmp (cmp : α → α → Ordering) [LE α] := @Std.LawfulOrderOrd α ⟨cmp⟩ _
+
 end Std

src/Init/Data/Order/LemmasExtra.lean

@@ -147,6 +147,18 @@ public theorem max_eq_if_isGE_compare {α : Type u} [Ord α] [LE α] {_ : Max α
     {a b : α} : max a b = if (compare a b).isGE then a else b := by
   open Classical in simp [max_eq_if, isGE_compare]
 
+private theorem min_le_min [LE α] [Min α] [Std.LawfulOrderLeftLeaningMin α] [IsLinearOrder α] (a b : α) : min a b ≤ min b a := by
+  apply (LawfulOrderInf.le_min_iff (min a b) b a).2
+  rw [And.comm]
+  by_cases h : a ≤ b
+  case pos =>
+    simp [LawfulOrderLeftLeaningMin.min_eq_left, h, le_refl]
+  case neg =>
+    simp [LawfulOrderLeftLeaningMin.min_eq_right _ _ h, le_of_not_ge h, le_refl]
+
+public instance [LE α] [Min α] [Std.LawfulOrderLeftLeaningMin α] [IsLinearOrder α] : Commutative (min : α → α → α) where
+  comm a b := by apply le_antisymm <;> simp [min_le_min]
+
 end Std
 
 namespace Classical.Order

src/Init/Data/Range/Basic.lean

@@ -43,7 +43,7 @@ universe u v
   have := range.step_pos
   loop init range.start (by simp)
 
-instance : ForIn' m Range Nat inferInstance where
+instance [Monad m] : ForIn' m Range Nat inferInstance where
   forIn' := Range.forIn'
 
 -- No separate `ForIn` instance is required because it can be derived from `ForIn'`.
@@ -59,7 +59,7 @@ instance : ForIn' m Range Nat inferInstance where
   have := range.step_pos
   loop range.start
 
-instance : ForM m Range Nat where
+instance [Monad m] : ForM m Range Nat where
   forM := Range.forM
 
 syntax:max "[" withoutPosition(":" term) "]" : term

src/Init/Data/Range/Polymorphic/Lemmas.lean

@@ -467,6 +467,23 @@ public theorem Rxo.Iterator.toArray_eq_match [LT α] [DecidableLT α]
   · rfl
   · split <;> simp
 
+public theorem Rxc.Iterator.toList_eq_toList_rxoIterator [LE α] [DecidableLE α] [LT α] [DecidableLT α]
+    [UpwardEnumerable α] [Rxc.IsAlwaysFinite α] [Rxo.IsAlwaysFinite α] [LawfulUpwardEnumerable α]
+    [LawfulUpwardEnumerableLE α] [LawfulUpwardEnumerableLT α]
+    [InfinitelyUpwardEnumerable α] [LinearlyUpwardEnumerable α] {it : Iter (α := Rxc.Iterator α) α}:
+    it.toList = (⟨⟨it.internalState.next, succ it.internalState.upperBound⟩⟩ : Iter (α := Rxo.Iterator α) α).toList := by
+  induction it using Iter.inductSteps with | step it ihy ihs
+  rw [Rxc.Iterator.toList_eq_match, Rxo.Iterator.toList_eq_match]
+  split
+  · simp [*]
+  · simp only [UpwardEnumerable.le_iff, UpwardEnumerable.lt_iff, *]
+    split <;> rename_i h
+    · rw [ihy]; rotate_left
+      · simp [Iter.IsPlausibleStep, IterM.IsPlausibleStep, Iterator.IsPlausibleStep,
+          Iterator.Monadic.step, Iter.toIterM, *]; rfl
+      · simpa [UpwardEnumerable.lt_iff, UpwardEnumerable.le_iff, UpwardEnumerable.lt_succ_iff] using h
+    · simpa [UpwardEnumerable.lt_iff, UpwardEnumerable.le_iff, UpwardEnumerable.lt_succ_iff] using h
+
 public theorem Rxi.Iterator.toList_eq_match
     [UpwardEnumerable α] [Rxi.IsAlwaysFinite α] [LawfulUpwardEnumerable α]
     {it : Iter (α := Rxi.Iterator α) α} :
@@ -561,22 +578,6 @@ namespace Rcc
 
 variable {r : Rcc α}
 
-public theorem toList_eq_if_roo [UpwardEnumerable α] [LE α] [DecidableLE α]
-    [LawfulUpwardEnumerable α] [Rxc.IsAlwaysFinite α] [LawfulUpwardEnumerableLE α] :
-    r.toList = if r.lower ≤ r.upper then r.lower :: (r.lower<...=r.upper).toList else [] := by
-  rw [Internal.toList_eq_toList_iter, Rxc.Iterator.toList_eq_match]; rfl
-
-@[deprecated toList_eq_if_roo (since := "2025-10-29")]
-def toList_eq_if_Roo := @toList_eq_if_roo
-
-public theorem toArray_eq_if_roo [UpwardEnumerable α] [LE α] [DecidableLE α]
-    [LawfulUpwardEnumerable α] [Rxc.IsAlwaysFinite α] [LawfulUpwardEnumerableLE α] :
-    r.toArray = if r.lower ≤ r.upper then #[r.lower] ++ (r.lower<...=r.upper).toArray else #[] := by
-  rw [Internal.toArray_eq_toArray_iter, Rxc.Iterator.toArray_eq_match]; rfl
-
-@[deprecated toArray_eq_if_roo (since := "2025-10-29")]
-def toArray_eq_if_Roo := @toArray_eq_if_roo
-
 public theorem toList_eq_if_roc [LE α] [DecidableLE α] [UpwardEnumerable α]
     [LawfulUpwardEnumerable α] [LawfulUpwardEnumerableLE α] [Rxc.IsAlwaysFinite α] :
     r.toList = if r.lower ≤ r.upper then
@@ -585,6 +586,16 @@ public theorem toList_eq_if_roc [LE α] [DecidableLE α] [UpwardEnumerable α]
         [] := by
   rw [Internal.toList_eq_toList_iter, Rxc.Iterator.toList_eq_match]; rfl
 
+@[simp]
+public theorem toList_eq_toList_rco [LE α] [DecidableLE α] [LT α] [DecidableLT α]
+    [UpwardEnumerable α] [LawfulUpwardEnumerable α]
+    [LawfulUpwardEnumerableLE α] [LawfulUpwardEnumerableLT α]
+    [Rxc.IsAlwaysFinite α] [Rxo.IsAlwaysFinite α]
+    [InfinitelyUpwardEnumerable α] [LinearlyUpwardEnumerable α] :
+    r.toList = (r.lower...(succ r.upper)).toList := by
+  simp [Internal.toList_eq_toList_iter, Rco.Internal.toList_eq_toList_iter,
+    Internal.iter, Rco.Internal.iter, Rxc.Iterator.toList_eq_toList_rxoIterator]
+
 @[deprecated toList_eq_if_roc (since := "2025-10-29")]
 def toList_eq_match := @toList_eq_if_roc
 
@@ -816,6 +827,23 @@ public theorem toArray_eq_if_roo [UpwardEnumerable α] [LT α] [DecidableLT α]
         #[] := by
   rw [Internal.toArray_eq_toArray_iter, Rxo.Iterator.toArray_eq_match]; rfl
 
+public theorem toList_eq_if_rco [UpwardEnumerable α] [LT α] [DecidableLT α]
+    [LawfulUpwardEnumerable α] [Rxo.IsAlwaysFinite α] [LawfulUpwardEnumerableLT α] :
+    r.toList = if r.lower < r.upper then
+        match UpwardEnumerable.succ? r.lower with
+        | none => [r.lower]
+        | some next => r.lower :: (next...r.upper).toList
+      else
+        [] := by
+  rw [Internal.toList_eq_toList_iter, Rxo.Iterator.toList_eq_match]
+  simp only [Internal.iter]
+  split
+  · split
+    · simp [Rxo.Iterator.toList_eq_match, *]
+    · simp only [*]
+      rfl
+  · rfl
+
 public theorem toArray_eq_if_rco [UpwardEnumerable α] [LT α] [DecidableLT α]
     [LawfulUpwardEnumerable α] [Rxo.IsAlwaysFinite α] [LawfulUpwardEnumerableLT α] :
     r.toArray = if r.lower < r.upper then
@@ -1272,6 +1300,16 @@ public theorem toArray_eq_match_rcc [LE α] [DecidableLE α] [UpwardEnumerable
   simp only [← Internal.toList_eq_toList_iter, toList_eq_match_rcc]
   split <;> simp
 
+@[simp]
+public theorem toList_eq_toList_roo [LE α] [DecidableLE α] [LT α] [DecidableLT α]
+    [UpwardEnumerable α] [LawfulUpwardEnumerable α]
+    [LawfulUpwardEnumerableLE α] [LawfulUpwardEnumerableLT α]
+    [Rxc.IsAlwaysFinite α] [Rxo.IsAlwaysFinite α]
+    [InfinitelyUpwardEnumerable α] [LinearlyUpwardEnumerable α] :
+    r.toList = (r.lower<...(succ r.upper)).toList := by
+  simp [Internal.toList_eq_toList_iter, Roo.Internal.toList_eq_toList_iter,
+    Internal.iter, Roo.Internal.iter, Rxc.Iterator.toList_eq_toList_rxoIterator]
+
 @[simp]
 public theorem toArray_toList [LE α] [DecidableLE α] [UpwardEnumerable α] [LawfulUpwardEnumerable α]
     [Rxc.IsAlwaysFinite α] :
@@ -2856,7 +2894,7 @@ public theorem length_toList [LE α] [DecidableLE α] [UpwardEnumerable α]
   · simpa [toList_eq_nil_iff, size_eq_if_roc] using h
   · rename_i n ih
     rw [size_eq_if_rcc] at h
-    simp only [toList_eq_if_roo, ← h]
+    simp only [toList_eq_if_roc, ← h]
     simp only [Roc.toList_eq_match_rcc]
     split
     · split

src/Init/Data/Range/Polymorphic/PRange.lean

@@ -9,6 +9,7 @@ prelude
 public import Init.Data.Range.Polymorphic.UpwardEnumerable
 
 set_option doc.verso true
+set_option linter.missingDocs true
 
 public section
 
@@ -23,7 +24,13 @@ A range of elements of {given}`α` with closed lower and upper bounds.
 equal to {given}`b : α`. This is notation for {lean}`Rcc.mk a b`.
 -/
 structure Rcc (α : Type u) where
+  /--
+  The lower bound of the range. {name (full := Rcc.lower)}`lower` is included in the range.
+  -/
   lower : α
+  /--
+  The upper bound of the range. {name (full := Rcc.upper)}`upper` is included in the range.
+  -/
   upper : α
 
 /--
@@ -33,7 +40,13 @@ A range of elements of {given}`α` with a closed lower bound and an open upper b
 less than {given}`b : α`. This is notation for {lean}`Rco.mk a b`.
 -/
 structure Rco (α : Type u) where
+  /--
+  The lower bound of the range. {name (full := Rco.lower)}`lower` is included in the range.
+  -/
   lower : α
+  /--
+  The upper bound of the range. {name (full := Rco.upper)}`upper` is not included in the range.
+  -/
   upper : α
 
 /--
@@ -43,6 +56,9 @@ An upward-unbounded range of elements of {given}`α` with a closed lower bound.
 This is notation for {lean}`Rci.mk a`.
 -/
 structure Rci (α : Type u) where
+  /--
+  The lower bound of the range. {name (full := Rci.lower)}`lower` is included in the range.
+  -/
   lower : α
 
 /--
@@ -52,7 +68,13 @@ A range of elements of {given}`α` with an open lower bound and a closed upper b
 {given}`b : α`. This is notation for {lean}`Roc.mk a b`.
 -/
 structure Roc (α : Type u) where
+  /--
+  The lower bound of the range. {name (full := Roc.lower)}`lower` is not included in the range.
+  -/
   lower : α
+  /--
+  The upper bound of the range. {name (full := Roc.upper)}`upper` is included in the range.
+  -/
   upper : α
 
 /--
@@ -62,7 +84,13 @@ A range of elements of {given}`α` with an open lower and upper bounds.
 {given}`b : α`. This is notation for {lean}`Roo.mk a b`.
 -/
 structure Roo (α : Type u) where
+  /--
+  The lower bound of the range. {name (full := Roo.lower)}`lower` is not included in the range.
+  -/
   lower : α
+  /--
+  The upper bound of the range. {name (full := Roo.upper)}`upper` is not included in the range.
+  -/
   upper : α
 
 /--
@@ -72,6 +100,9 @@ An upward-unbounded range of elements of {given}`α` with an open lower bound.
 This is notation for {lean}`Roi.mk a`.
 -/
 structure Roi (α : Type u) where
+  /--
+  The lower bound of the range. {name (full := Roi.lower)}`lower` is not included in the range.
+  -/
   lower : α
 
 /--
@@ -81,6 +112,9 @@ A downward-unbounded range of elements of {given}`α` with a closed upper bound.
 This is notation for {lean}`Ric.mk b`.
 -/
 structure Ric (α : Type u) where
+  /--
+  The upper bound of the range. {name (full := Ric.upper)}`upper` is included in the range.
+  -/
   upper : α
 
 /--
@@ -90,6 +124,9 @@ A downward-unbounded range of elements of {given}`α` with an open upper bound.
 This is notation for {lean}`Rio.mk b`.
 -/
 structure Rio (α : Type u) where
+  /--
+  The upper bound of the range. {name (full := Rio.upper)}`upper` is not included in the range.
+  -/
   upper : α
 
 /--
@@ -162,6 +199,10 @@ This is a prerequisite for many functions and instances, such as
 {name (scope := "Init.Data.Range.Polymorphic.Iterators")}`Rcc.toList` or {name}`ForIn'`.
 -/
 class Rxc.IsAlwaysFinite (α : Type u) [UpwardEnumerable α] [LE α] : Prop where
+  /--
+  For every pair of elements {name}`init` and {name}`hi`, there exists a chain of successors that
+  results in an element that either has no successors or is greater than {name}`hi`.
+  -/
   finite (init : α) (hi : α) :
     ∃ n, (UpwardEnumerable.succMany? n init).elim True (¬ · ≤ hi)
 
@@ -172,6 +213,10 @@ This is a prerequisite for many functions and instances, such as
 {name (scope := "Init.Data.Range.Polymorphic.Iterators")}`Rco.toList` or {name}`ForIn'`.
 -/
 class Rxo.IsAlwaysFinite (α : Type u) [UpwardEnumerable α] [LT α] : Prop where
+  /--
+  For every pair of elements {name}`init` and {name}`hi`, there exists a chain of successors that
+  results in an element that either has no successors or is greater than {name}`hi`.
+  -/
   finite (init : α) (hi : α) :
     ∃ n, (UpwardEnumerable.succMany? n init).elim True (¬ · < hi)
 
@@ -182,6 +227,10 @@ This is a prerequisite for many functions and instances, such as
 {name (scope := "Init.Data.Range.Polymorphic.Iterators")}`Rci.toList` or {name}`ForIn'`.
 -/
 class Rxi.IsAlwaysFinite (α : Type u) [UpwardEnumerable α] : Prop where
+  /--
+  For every elements {name}`init`, there exists a chain of successors that
+  results in an element that has no successors.
+  -/
   finite (init : α) : ∃ n, UpwardEnumerable.succMany? n init = none
 
 namespace Rcc
@@ -291,6 +340,7 @@ This type class allows taking the intersection of a closed range with a
 left-closed right-open range, resulting in another left-closed right-open range.
 -/
 class Rcc.HasRcoIntersection (α : Type w) where
+  /-- The intersection operator. -/
   intersection : Rcc α → Rco α → Rco α
 
 /--
@@ -299,6 +349,9 @@ of two ranges contains exactly those elements that are contained in both ranges.
 -/
 class Rcc.LawfulRcoIntersection (α : Type w) [LT α] [LE α]
     [HasRcoIntersection α] where
+  /--
+  Every element of the intersection is an element of both original ranges.
+  -/
   mem_intersection_iff {a : α} {r : Rcc α} {s : Rco α} :
     a ∈ HasRcoIntersection.intersection r s ↔ a ∈ r ∧ a ∈ s
 
@@ -307,6 +360,7 @@ This type class allows taking the intersection of two left-closed right-open ran
 another left-closed right-open range.
 -/
 class Rco.HasRcoIntersection (α : Type w) where
+  /-- The intersection operator. -/
   intersection : Rco α → Rco α → Rco α
 
 /--
@@ -315,6 +369,9 @@ of two ranges contains exactly those elements that are contained in both ranges.
 -/
 class Rco.LawfulRcoIntersection (α : Type w) [LT α] [LE α]
     [HasRcoIntersection α] where
+  /--
+  Every element of the intersection is an element of both original ranges.
+  -/
   mem_intersection_iff {a : α} {r : Rco α} {s : Rco α} :
     a ∈ HasRcoIntersection.intersection r s ↔ a ∈ r ∧ a ∈ s
 
@@ -323,6 +380,7 @@ This type class allows taking the intersection of a left-closed right-unbounded
 left-closed right-open range, resulting in another left-closed right-open range.
 -/
 class Rci.HasRcoIntersection (α : Type w) where
+  /-- The intersection operator. -/
   intersection : Rci α → Rco α → Rco α
 
 /--
@@ -331,6 +389,9 @@ of two ranges contains exactly those elements that are contained in both ranges.
 -/
 class Rci.LawfulRcoIntersection (α : Type w) [LT α] [LE α]
     [HasRcoIntersection α] where
+  /--
+  Every element of the intersection is an element of both original ranges.
+  -/
   mem_intersection_iff {a : α} {r : Rci α} {s : Rco α} :
     a ∈ HasRcoIntersection.intersection r s ↔ a ∈ r ∧ a ∈ s
 
@@ -339,6 +400,7 @@ This type class allows taking the intersection of a left-open right-closed range
 left-closed right-open range, resulting in another left-closed right-open range.
 -/
 class Roc.HasRcoIntersection (α : Type w) where
+  /-- The intersection operator. -/
   intersection : Roc α → Rco α → Rco α
 
 /--
@@ -347,6 +409,9 @@ of two ranges contains exactly those elements that are contained in both ranges.
 -/
 class Roc.LawfulRcoIntersection (α : Type w) [LT α] [LE α]
     [HasRcoIntersection α] where
+  /--
+  Every element of the intersection is an element of both original ranges.
+  -/
   mem_intersection_iff {a : α} {r : Roc α} {s : Rco α} :
     a ∈ HasRcoIntersection.intersection r s ↔ a ∈ r ∧ a ∈ s
 
@@ -355,6 +420,7 @@ This type class allows taking the intersection of an open range with a
 left-closed right-open range, resulting in another left-closed right-open range.
 -/
 class Roo.HasRcoIntersection (α : Type w) where
+  /-- The intersection operator. -/
   intersection : Roo α → Rco α → Rco α
 
 /--
@@ -363,6 +429,9 @@ of two ranges contains exactly those elements that are contained in both ranges.
 -/
 class Roo.LawfulRcoIntersection (α : Type w) [LT α] [LE α]
     [HasRcoIntersection α] where
+  /--
+  Every element of the intersection is an element of both original ranges.
+  -/
   mem_intersection_iff {a : α} {r : Roo α} {s : Rco α} :
     a ∈ HasRcoIntersection.intersection r s ↔ a ∈ r ∧ a ∈ s
 
@@ -371,6 +440,7 @@ This type class allows taking the intersection of a left-open right-unbounded ra
 left-closed right-open range, resulting in another left-closed right-open range.
 -/
 class Roi.HasRcoIntersection (α : Type w) where
+  /-- The intersection operator. -/
   intersection : Roi α → Rco α → Rco α
 
 /--
@@ -379,6 +449,9 @@ of two ranges contains exactly those elements that are contained in both ranges.
 -/
 class Roi.LawfulRcoIntersection (α : Type w) [LT α] [LE α]
     [HasRcoIntersection α] where
+  /--
+  Every element of the intersection is an element of both original ranges.
+  -/
   mem_intersection_iff {a : α} {r : Roi α} {s : Rco α} :
     a ∈ HasRcoIntersection.intersection r s ↔ a ∈ r ∧ a ∈ s
 
@@ -387,6 +460,7 @@ This type class allows taking the intersection of a left-unbounded right-closed
 left-closed right-open range, resulting in another left-closed right-open range.
 -/
 class Ric.HasRcoIntersection (α : Type w) where
+  /-- The intersection operator. -/
   intersection : Ric α → Rco α → Rco α
 
 /--
@@ -395,6 +469,9 @@ of two ranges contains exactly those elements that are contained in both ranges.
 -/
 class Ric.LawfulRcoIntersection (α : Type w) [LT α] [LE α]
     [HasRcoIntersection α] where
+  /--
+  Every element of the intersection is an element of both original ranges.
+  -/
   mem_intersection_iff {a : α} {r : Ric α} {s : Rco α} :
     a ∈ HasRcoIntersection.intersection r s ↔ a ∈ r ∧ a ∈ s
 
@@ -403,6 +480,7 @@ This type class allows taking the intersection of a left-unbounded right-open ra
 left-closed right-open range, resulting in another left-closed right-open range.
 -/
 class Rio.HasRcoIntersection (α : Type w) where
+  /-- The intersection operator. -/
   intersection : Rio α → Rco α → Rco α
 
 /--
@@ -411,6 +489,9 @@ of two ranges contains exactly those elements that are contained in both ranges.
 -/
 class Rio.LawfulRcoIntersection (α : Type w) [LT α] [LE α]
     [HasRcoIntersection α] where
+  /--
+  Every element of the intersection is an element of both original ranges.
+  -/
   mem_intersection_iff {a : α} {r : Rio α} {s : Rco α} :
     a ∈ HasRcoIntersection.intersection r s ↔ a ∈ r ∧ a ∈ s
 

src/Init/Data/Range/Polymorphic/RangeIterator.lean

@@ -8,8 +8,10 @@ module
 prelude
 public import Init.Data.Iterators.Internal.Termination
 public import Init.Data.Iterators.Consumers.Access
+import Init.Data.Iterators.Lemmas.Consumers.Monadic.Loop
 public import Init.Data.Range.Polymorphic.PRange
 public import Init.Data.List.Sublist
+public import Init.WFExtrinsicFix
 
 set_option doc.verso true
 
@@ -121,10 +123,6 @@ instance Iterator.instIteratorCollect [UpwardEnumerable α] [LE α] [DecidableLE
     {n : Type u → Type w} [Monad n] : IteratorCollect (Rxc.Iterator α) Id n :=
   .defaultImplementation
 
-instance Iterator.instIteratorCollectPartial [UpwardEnumerable α] [LE α] [DecidableLE α]
-    {n : Type u → Type w} [Monad n] : IteratorCollectPartial (Rxc.Iterator α) Id n :=
-  .defaultImplementation
-
 theorem Iterator.Monadic.isPlausibleOutput_next {a}
     [UpwardEnumerable α] [LE α] [DecidableLE α]
     {it : IterM (α := Rxc.Iterator α) Id α} (h : it.internalState.next = some a)
@@ -448,161 +446,168 @@ instance Iterator.instIteratorLoop [UpwardEnumerable α] [LE α] [DecidableLE α
     [LawfulUpwardEnumerable α] [LawfulUpwardEnumerableLE α]
     {n : Type u → Type w} [Monad n] :
     IteratorLoop (Rxc.Iterator α) Id n where
-  forIn _ γ Pl wf it init f :=
+  forIn _ γ Pl it init f :=
     match it with
     | ⟨⟨some next, upperBound⟩⟩ =>
-      if hu : next ≤ upperBound then
-        loop γ Pl wf upperBound next init (fun a ha₁ ha₂ c => f a ?hf c) next ?hle hu
-      else
-        return init
+      loop γ Pl (next ≤ ·) (fun a b hab hna => ?hle) upperBound init next ?hle'' (fun a ha₁ ha₂ c => f a ?hf c)
     | ⟨⟨none, _⟩⟩ => return init
   where
-    @[specialize]
-    loop γ Pl wf (upperBound : α) least acc
-        (f : (out : α) → UpwardEnumerable.LE least out → out ≤ upperBound → (c : γ) → n (Subtype (fun s : ForInStep γ => Pl out c s)))
-        (next : α) (hl : UpwardEnumerable.LE least next) (hu : next ≤ upperBound) : n γ := do
-      match ← f next hl hu acc with
-      | ⟨.yield acc', _⟩ =>
-        match hs : UpwardEnumerable.succ? next with
-        | some next' =>
-          if hu : next' ≤ upperBound then
-            loop γ Pl wf upperBound least acc' f next' ?hle' hu
+    @[always_inline, inline]
+    loop γ (Pl : α → γ → ForInStep γ → Prop) (LargeEnough : α → Prop) (hl : ∀ a b : α, a ≤ b → LargeEnough a → LargeEnough b)
+        (upperBound : α) (acc : γ) (next : α) (h : LargeEnough next)
+        (f : (out : α) → LargeEnough out → out ≤ upperBound → (c : γ) → n (Subtype (Pl out c))) : n γ :=
+      haveI : Nonempty γ := ⟨acc⟩
+      WellFounded.extrinsicFix₃ (C₃ := fun _ _ _ => n γ) (InvImage (IteratorLoop.rel _ Id Pl) (fun x => (⟨Rxc.Iterator.mk (some x.1) upperBound⟩, x.2.1)))
+        (fun next acc (h : LargeEnough next) G => do
+          if hu : next ≤ upperBound then
+            match ← f next h hu acc with
+            | ⟨.yield acc', h'⟩ =>
+              match hs : UpwardEnumerable.succ? next with
+              | some next' => G next' acc' (hl _ _ ?hle' h) ?decreasing
+              | none => return acc'
+            | ⟨.done acc', _⟩ => return acc'
           else
-            return acc'
-        | none => return acc'
-      | ⟨.done acc', _⟩ => return acc'
-    termination_by IteratorLoop.WithWF.mk ⟨⟨some next, upperBound⟩⟩ acc (hwf := wf)
-    decreasing_by
-      simp [IteratorLoop.rel, Monadic.isPlausibleStep_iff,
-        Monadic.step, *]
+            return acc) next acc h
   finally
     case hf =>
       rw [Monadic.isPlausibleIndirectOutput_iff]
+      simp only [UpwardEnumerable.le_iff] at ha₁
       obtain ⟨n, hn⟩ := ha₁
       exact ⟨n, hn, ha₂⟩
     case hle =>
-      exact UpwardEnumerable.le_refl _
+      simp only [UpwardEnumerable.le_iff] at hna hab ⊢
+      exact UpwardEnumerable.le_trans hna hab
     case hle' =>
-      refine UpwardEnumerable.le_trans hl ⟨1, ?_⟩
-      simp [succMany?_one, hs]
+      simp only [UpwardEnumerable.le_iff]
+      refine ⟨1, ?_⟩
+      simpa [succMany?_one] using hs
+    case hle'' =>
+      exact UpwardEnumerable.le_iff.mpr (UpwardEnumerable.le_refl _)
+    case decreasing =>
+      simp_wf
+      simp [IteratorLoop.rel, Monadic.isPlausibleStep_iff, Monadic.step, *]
 
-/--
-An efficient {name}`IteratorLoop` instance:
-As long as the compiler cannot optimize away the {name}`Option` in the internal state, we use a special
-loop implementation.
--/
-partial instance Iterator.instIteratorLoopPartial [UpwardEnumerable α] [LE α] [DecidableLE α]
+private noncomputable def Iterator.instIteratorLoop.loop.wf [UpwardEnumerable α] [LE α] [DecidableLE α]
     [LawfulUpwardEnumerable α] [LawfulUpwardEnumerableLE α]
-    {n : Type u → Type w} [Monad n] : IteratorLoopPartial (Rxc.Iterator α) Id n where
-  forInPartial _ γ it init f :=
-    match it with
-    | ⟨⟨some next, upperBound⟩⟩ =>
+    {n : Type u → Type w} [Monad n] (γ : Type u)
+    (Pl : α → γ → ForInStep γ → Prop)
+    (wf : IteratorLoop.WellFounded (Rxc.Iterator α) Id Pl)
+    (LargeEnough : α → Prop) (hl : ∀ a b : α, a ≤ b → LargeEnough a → LargeEnough b)
+    (upperBound : α) (acc : γ) (next : α) (h : LargeEnough next)
+    (f : (out : α) → LargeEnough out → out ≤ upperBound → (c : γ) → n (Subtype (fun s : ForInStep γ => Pl out c s))) :
+    n γ := do
+  if hu : next ≤ upperBound then
+    match ← f next h hu acc with
+    | ⟨.yield acc', _⟩ =>
+      match hs : UpwardEnumerable.succ? next with
+      | some next' =>
+        loop.wf γ Pl wf LargeEnough hl upperBound acc' next' (hl _ _ ?hle h) f
+      | none => return acc'
+    | ⟨.done acc', _⟩ => return acc'
+  else
+    return acc
+termination_by IteratorLoop.WithWF.mk ⟨⟨some next, upperBound⟩⟩ acc (hwf := wf)
+decreasing_by
+  simp [IteratorLoop.rel, Monadic.isPlausibleStep_iff, Monadic.step, *]
+where finally
+  case hle =>
+    simp only [UpwardEnumerable.le_iff]
+    refine ⟨1, ?_⟩
+    simpa [succMany?_one] using hs
+
+private theorem Iterator.instIteratorLoop.loop_eq_wf [UpwardEnumerable α] [LE α] [DecidableLE α]
+    [LawfulUpwardEnumerable α] [LawfulUpwardEnumerableLE α] [Monad n] [LawfulMonad n]
+    {γ LargeEnough hl upperBound} {next hn} {acc} (Pl wf f) :
+    loop γ Pl LargeEnough hl upperBound acc next hn f =
+      loop.wf (α := α) (n := n) γ Pl wf LargeEnough hl upperBound acc next hn f := by
+  haveI : Nonempty γ := ⟨acc⟩
+  rw [loop, WellFounded.extrinsicFix₃_eq_fix]; rotate_left
+  · exact InvImage.wf _ wf
+  · fun_induction loop.wf γ Pl wf LargeEnough hl upperBound acc  next hn f
+    · rw [WellFounded.fix_eq]
+      simp only [↓reduceDIte, *]
+      apply bind_congr; intro forInStep
+      split
+      · simp only
+        split
+        · simp_all
+        · simp
+      · simp
+    · rw [WellFounded.fix_eq]
+      simp_all
+
+private theorem Iterator.instIteratorLoop.loopWf_eq [UpwardEnumerable α] [LE α] [DecidableLE α]
+    [LawfulUpwardEnumerable α] [LawfulUpwardEnumerableLE α]
+    {n : Type u → Type w} [Monad n] [LawfulMonad n] (γ : Type u)
+    {lift} [instLawfulMonadLiftFunction : Std.Internal.LawfulMonadLiftBindFunction (m := Id) (n := n) lift]
+    (Pl : α → γ → ForInStep γ → Prop)
+    (wf : IteratorLoop.WellFounded (Rxc.Iterator α) Id Pl)
+    (LargeEnough : α → Prop) (hl : ∀ a b : α, a ≤ b → LargeEnough a → LargeEnough b)
+    (upperBound : α) (acc : γ) (next : α) (h : LargeEnough next)
+    (f : (out : α) → LargeEnough out → out ≤ upperBound → (c : γ) → n (Subtype (fun s : ForInStep γ => Pl out c s))) :
+    loop.wf γ Pl wf LargeEnough hl upperBound acc next h f = (do
       if hu : next ≤ upperBound then
-        loop γ upperBound next init (fun a ha₁ ha₂ c => f a ?hf c) next ?hle hu
-      else
-        return init
-    | ⟨⟨none, _⟩⟩ => return init
-  where
-    @[specialize]
-    loop γ (upperBound : α) least acc
-        (f : (out : α) → UpwardEnumerable.LE least out → out ≤ upperBound → (c : γ) → n (ForInStep γ))
-        (next : α) (hl : UpwardEnumerable.LE least next) (hu : next ≤ upperBound) : n γ := do
-      match ← f next hl hu acc with
-      | .yield acc' =>
-        match hs : succ? next with
-        | some next' =>
-          if hu : next' ≤ upperBound then
-            loop γ upperBound least acc' f next' ?hle' hu
-          else
-            return acc'
-        | none => return acc'
-      | .done acc' => return acc'
-  finally
-    case hf =>
-      rw [Monadic.isPlausibleIndirectOutput_iff]
-      obtain ⟨n, hn⟩ := ha₁
-      exact ⟨n, hn, ha₂⟩
-    case hle =>
-      exact UpwardEnumerable.le_refl _
-    case hle' =>
-      refine UpwardEnumerable.le_trans hl ⟨1, ?_⟩
-      simp [succMany?_one, hs]
-
-theorem Iterator.instIteratorLoop.loop_eq [UpwardEnumerable α] [LE α] [DecidableLE α]
-    [LawfulUpwardEnumerable α] [LawfulUpwardEnumerableLE α]
-    {n : Type u → Type w} [Monad n] [LawfulMonad n] {γ : Type u}
-    {lift} [Internal.LawfulMonadLiftBindFunction lift]
-    {PlausibleForInStep} {upperBound} {next} {hl} {hu} {f} {acc} {wf} :
-    loop (α := α) (n := n) γ PlausibleForInStep wf upperBound least acc f next hl hu =
-      (do
-        match ← f next hl hu acc with
-        | ⟨.yield c, _⟩ =>
+        match ← f next h hu acc with
+        | ⟨.yield acc', _⟩ =>
           letI it' : IterM (α := Rxc.Iterator α) Id α := ⟨⟨succ? next, upperBound⟩⟩
-          IterM.DefaultConsumers.forIn' (m := Id) lift γ
-            PlausibleForInStep wf it' c it'.IsPlausibleIndirectOutput (fun _ => id)
-            (fun b h c => f b
-                (by
-                  refine UpwardEnumerable.le_trans hl ?_
-                  simp only [Monadic.isPlausibleIndirectOutput_iff, it',
-                    ← succMany?_add_one_eq_succ?_bind_succMany?] at h
-                  exact ⟨h.choose + 1, h.choose_spec.1⟩)
-                (by
-                  simp only [Monadic.isPlausibleIndirectOutput_iff, it'] at h
-                  exact h.choose_spec.2) c)
-        | ⟨.done c, _⟩ => return c) := by
-  rw [loop]
-  apply bind_congr
-  intro step
+          IterM.DefaultConsumers.forIn' (m := Id) (n := n) lift γ Pl it' acc'
+            it'.IsPlausibleIndirectOutput (fun _ => id)
+            fun next' h acc' => f next'
+              (by
+                refine hl next next' ?_ ‹_›
+                simp only [it', Monadic.isPlausibleIndirectOutput_iff,
+                  ← succMany?_add_one_eq_succ?_bind_succMany?] at h
+                exact UpwardEnumerable.le_iff.mpr ⟨h.choose + 1, h.choose_spec.1⟩)
+              (by
+                simp only [it', Monadic.isPlausibleIndirectOutput_iff] at h
+                exact h.choose_spec.2)
+              acc'
+        | ⟨.done acc', _⟩ => return acc'
+      else return acc) := by
+  haveI : Nonempty γ := ⟨acc⟩
+  rw [loop.wf]
+  congr 1; ext hu
+  apply bind_congr; intro forInStep
   split
   · split
-    · split
-      · simp only [*]
-        rw [IterM.DefaultConsumers.forIn']
-        simp only [Monadic.step_eq_step, Monadic.step, ↓reduceIte, *,
-          Internal.LawfulMonadLiftBindFunction.liftBind_pure]
-        rw [loop_eq (lift := lift), Shrink.inflate_deflate]
-        apply bind_congr
-        intro step
+    · rw [loopWf_eq (lift := lift) _ Pl wf]
+      rw [IterM.DefaultConsumers.forIn'_eq_match_step (lift := lift) Pl wf]; rotate_left
+      · simp only [Monadic.step_eq_step, Monadic.step,
+          Shrink.inflate_deflate, instLawfulMonadLiftFunction.liftBind_pure, *]
         split
-        · apply IterM.DefaultConsumers.forIn'_eq_forIn'
-          intros; rfl
+        · apply bind_congr; intro forInStep
+          split
+          · apply IterM.DefaultConsumers.forIn'_eq_forIn' Pl wf <;> (intros; rfl)
+          · simp
         · simp
-      · simp only [*]
-        rw [IterM.DefaultConsumers.forIn']
-        simp [Monadic.step_eq_step, Monadic.step, *,
-          Internal.LawfulMonadLiftBindFunction.liftBind_pure]
-    · simp only [*]
-      rw [IterM.DefaultConsumers.forIn']
-      simp [Monadic.step_eq_step, Monadic.step, Internal.LawfulMonadLiftBindFunction.liftBind_pure]
+    · rw [IterM.DefaultConsumers.forIn'_eq_match_step Pl wf]
+      simp [Monadic.step_eq_step, Monadic.step, instLawfulMonadLiftFunction.liftBind_pure, *]
   · simp
 termination_by IteratorLoop.WithWF.mk ⟨⟨some next, upperBound⟩⟩ acc (hwf := wf)
 decreasing_by
-      simp [IteratorLoop.rel, Monadic.isPlausibleStep_iff, Monadic.step, *]
+  simp [IteratorLoop.rel, Monadic.isPlausibleStep_iff, Monadic.step, *]
 
 instance Iterator.instLawfulIteratorLoop [UpwardEnumerable α] [LE α] [DecidableLE α]
     [LawfulUpwardEnumerable α] [LawfulUpwardEnumerableLE α]
     {n : Type u → Type w} [Monad n] [LawfulMonad n] :
     LawfulIteratorLoop (Rxc.Iterator α) Id n where
   lawful := by
-    intro lift instLawfulMonadLiftFunction
-    ext γ PlausibleForInStep hwf it init f
-    simp only [IteratorLoop.forIn, IteratorLoop.defaultImplementation]
-    rw [IterM.DefaultConsumers.forIn']
-    simp only [Monadic.step_eq_step, Monadic.step]
-    simp only [Internal.LawfulMonadLiftBindFunction.liftBind_pure]
+    intro lift instLawfulMonadLiftFunction γ it init Pl wf f
+    simp only [IteratorLoop.defaultImplementation, IteratorLoop.forIn,
+      IterM.DefaultConsumers.forIn'_eq_wf Pl wf]
+    rw [IterM.DefaultConsumers.forIn'.wf]
+    split; rotate_left
+    · simp [Monadic.step_eq_step, Monadic.step, Internal.LawfulMonadLiftBindFunction.liftBind_pure]
+    rename_i next _
+    rw [instIteratorLoop.loop_eq_wf Pl wf, instIteratorLoop.loopWf_eq (lift := lift)]
+    simp only [Monadic.step_eq_step, Monadic.step, instLawfulMonadLiftFunction.liftBind_pure,
+      Shrink.inflate_deflate]
     split
-    · rename_i it f next upperBound f'
-      simp
+    · apply bind_congr; intro forInStep
       split
       · simp only
-        rw [instIteratorLoop.loop_eq (lift := lift)]
-        apply bind_congr
-        intro step
-        split
-        · apply IterM.DefaultConsumers.forIn'_eq_forIn'
-          intro b c hPb hQb
-          congr
-        · simp
+        rw [← IterM.DefaultConsumers.forIn'_eq_wf Pl wf _]
+        apply IterM.DefaultConsumers.forIn'_eq_forIn' Pl wf <;> all_goals (intros; rfl)
       · simp
     · simp
 
@@ -698,10 +703,6 @@ instance Iterator.instIteratorCollect [UpwardEnumerable α] [LT α] [DecidableLT
     {n : Type u → Type w} [Monad n] : IteratorCollect (Rxo.Iterator α) Id n :=
   .defaultImplementation
 
-instance Iterator.instIteratorCollectPartial [UpwardEnumerable α] [LT α] [DecidableLT α]
-    {n : Type u → Type w} [Monad n] : IteratorCollectPartial (Rxo.Iterator α) Id n :=
-  .defaultImplementation
-
 theorem Iterator.Monadic.isPlausibleOutput_next {a}
     [UpwardEnumerable α] [LT α] [DecidableLT α]
     {it : IterM (α := Rxo.Iterator α) Id α} (h : it.internalState.next = some a)
@@ -1025,161 +1026,164 @@ instance Iterator.instIteratorLoop [UpwardEnumerable α] [LT α] [DecidableLT α
     [LawfulUpwardEnumerable α] [LawfulUpwardEnumerableLT α]
     {n : Type u → Type w} [Monad n] :
     IteratorLoop (Rxo.Iterator α) Id n where
-  forIn _ γ Pl wf it init f :=
+  forIn _ γ Pl it init f :=
     match it with
     | ⟨⟨some next, upperBound⟩⟩ =>
-      if hu : next < upperBound then
-        loop γ Pl wf upperBound next init (fun a ha₁ ha₂ c => f a ?hf c) next ?hle hu
-      else
-        return init
+      loop γ Pl (UpwardEnumerable.LE next ·) (fun a b hab hna => ?hle) upperBound init next ?hle'' (fun a ha₁ ha₂ c => f a ?hf c)
     | ⟨⟨none, _⟩⟩ => return init
   where
-    @[specialize]
-    loop γ Pl wf (upperBound : α) least acc
-        (f : (out : α) → UpwardEnumerable.LE least out → out < upperBound → (c : γ) → n (Subtype (fun s : ForInStep γ => Pl out c s)))
-        (next : α) (hl : UpwardEnumerable.LE least next) (hu : next < upperBound) : n γ := do
-      match ← f next hl hu acc with
-      | ⟨.yield acc', _⟩ =>
-        match hs : UpwardEnumerable.succ? next with
-        | some next' =>
-          if hu : next' < upperBound then
-            loop γ Pl wf upperBound least acc' f next' ?hle' hu
+    @[always_inline, inline]
+    loop γ (Pl : α → γ → ForInStep γ → Prop) (LargeEnough : α → Prop)
+        (hl : ∀ a b : α, UpwardEnumerable.LE a b → LargeEnough a → LargeEnough b)
+        (upperBound : α) (acc : γ) (next : α) (h : LargeEnough next)
+        (f : (out : α) → LargeEnough out → out < upperBound → (c : γ) → n (Subtype (Pl out c))) : n γ :=
+      haveI : Nonempty γ := ⟨acc⟩
+      WellFounded.extrinsicFix₃ (C₃ := fun _ _ _ => n γ) (InvImage (IteratorLoop.rel _ Id Pl) (fun x => (⟨Rxo.Iterator.mk (some x.1) upperBound⟩, x.2.1)))
+        (fun next acc (h : LargeEnough next) G => do
+          if hu : next < upperBound then
+            match ← f next h hu acc with
+            | ⟨.yield acc', h'⟩ =>
+              match hs : UpwardEnumerable.succ? next with
+              | some next' => G next' acc' (hl _ _ ?hle' h) ?decreasing
+              | none => return acc'
+            | ⟨.done acc', _⟩ => return acc'
           else
-            return acc'
-        | none => return acc'
-      | ⟨.done acc', _⟩ => return acc'
-    termination_by IteratorLoop.WithWF.mk ⟨⟨some next, upperBound⟩⟩ acc (hwf := wf)
-    decreasing_by
-      simp [IteratorLoop.rel, Monadic.isPlausibleStep_iff,
-        Monadic.step, *]
+            return acc) next acc h
   finally
     case hf =>
       rw [Monadic.isPlausibleIndirectOutput_iff]
       obtain ⟨n, hn⟩ := ha₁
       exact ⟨n, hn, ha₂⟩
     case hle =>
-      exact UpwardEnumerable.le_refl _
+      exact UpwardEnumerable.le_trans hna hab
     case hle' =>
-      refine UpwardEnumerable.le_trans hl ⟨1, ?_⟩
-      simp [succMany?_one, hs]
+      refine ⟨1, ?_⟩
+      simpa [succMany?_one] using hs
+    case hle'' =>
+      exact UpwardEnumerable.le_refl _
+    case decreasing =>
+      simp_wf; simp [IteratorLoop.rel, Monadic.isPlausibleStep_iff, Monadic.step, *]
 
-/--
-An efficient {name}`IteratorLoopPartial` instance:
-As long as the compiler cannot optimize away the {name}`Option` in the internal state, we use a special
-loop implementation.
--/
-partial instance Iterator.instIteratorLoopPartial [UpwardEnumerable α] [LT α] [DecidableLT α]
+private noncomputable def Iterator.instIteratorLoop.loop.wf [UpwardEnumerable α] [LT α] [DecidableLT α]
     [LawfulUpwardEnumerable α] [LawfulUpwardEnumerableLT α]
-    {n : Type u → Type w} [Monad n] : IteratorLoopPartial (Rxo.Iterator α) Id n where
-  forInPartial _ γ it init f :=
-    match it with
-    | ⟨⟨some next, upperBound⟩⟩ =>
+    {n : Type u → Type w} [Monad n] (γ : Type u)
+    (Pl : α → γ → ForInStep γ → Prop)
+    (wf : IteratorLoop.WellFounded (Rxo.Iterator α) Id Pl)
+    (LargeEnough : α → Prop) (hl : ∀ a b : α, UpwardEnumerable.LE a b → LargeEnough a → LargeEnough b)
+    (upperBound : α) (acc : γ) (next : α) (h : LargeEnough next)
+    (f : (out : α) → LargeEnough out → out < upperBound → (c : γ) → n (Subtype (fun s : ForInStep γ => Pl out c s))) :
+    n γ := do
+  if hu : next < upperBound then
+    match ← f next h hu acc with
+    | ⟨.yield acc', _⟩ =>
+      match hs : UpwardEnumerable.succ? next with
+      | some next' =>
+        loop.wf γ Pl wf LargeEnough hl upperBound acc' next' (hl _ _ ?hle h) f
+      | none => return acc'
+    | ⟨.done acc', _⟩ => return acc'
+  else
+    return acc
+termination_by IteratorLoop.WithWF.mk ⟨⟨some next, upperBound⟩⟩ acc (hwf := wf)
+decreasing_by
+  simp [IteratorLoop.rel, Monadic.isPlausibleStep_iff, Monadic.step, *]
+where finally
+  case hle =>
+    refine ⟨1, ?_⟩
+    simpa [succMany?_one] using hs
+
+private theorem Iterator.instIteratorLoop.loop_eq_wf [UpwardEnumerable α] [LT α] [DecidableLT α]
+    [LawfulUpwardEnumerable α] [LawfulUpwardEnumerableLT α] [Monad n] [LawfulMonad n]
+    {γ LargeEnough hl upperBound} {next hn} {acc} (Pl wf f) :
+    loop γ Pl LargeEnough hl upperBound acc next hn f =
+      loop.wf (α := α) (n := n) γ Pl wf LargeEnough hl upperBound acc next hn f := by
+  haveI : Nonempty γ := ⟨acc⟩
+  rw [loop, WellFounded.extrinsicFix₃_eq_fix]; rotate_left
+  · exact InvImage.wf _ wf
+  · fun_induction loop.wf γ Pl wf LargeEnough hl upperBound acc  next hn f
+    · rw [WellFounded.fix_eq]
+      simp only [↓reduceDIte, *]
+      apply bind_congr; intro forInStep
+      split
+      · simp only
+        split
+        · simp_all
+        · simp
+      · simp
+    · rw [WellFounded.fix_eq]
+      simp_all
+
+private theorem Iterator.instIteratorLoop.loopWf_eq [UpwardEnumerable α] [LT α] [DecidableLT α]
+    [LawfulUpwardEnumerable α] [LawfulUpwardEnumerableLT α]
+    {n : Type u → Type w} [Monad n] [LawfulMonad n] (γ : Type u)
+    {lift} [instLawfulMonadLiftFunction : Std.Internal.LawfulMonadLiftBindFunction (m := Id) (n := n) lift]
+    (Pl : α → γ → ForInStep γ → Prop)
+    (wf : IteratorLoop.WellFounded (Rxo.Iterator α) Id Pl)
+    (LargeEnough : α → Prop) (hl : ∀ a b : α, UpwardEnumerable.LE a b → LargeEnough a → LargeEnough b)
+    (upperBound : α) (acc : γ) (next : α) (h : LargeEnough next)
+    (f : (out : α) → LargeEnough out → out < upperBound → (c : γ) → n (Subtype (fun s : ForInStep γ => Pl out c s))) :
+    loop.wf γ Pl wf LargeEnough hl upperBound acc next h f = (do
       if hu : next < upperBound then
-        loop γ upperBound next init (fun a ha₁ ha₂ c => f a ?hf c) next ?hle hu
-      else
-        return init
-    | ⟨⟨none, _⟩⟩ => return init
-  where
-    @[specialize]
-    loop γ (upperBound : α) least acc
-        (f : (out : α) → UpwardEnumerable.LE least out → out < upperBound → (c : γ) → n (ForInStep γ))
-        (next : α) (hl : UpwardEnumerable.LE least next) (hu : next < upperBound) : n γ := do
-      match ← f next hl hu acc with
-      | .yield acc' =>
-        match hs : succ? next with
-        | some next' =>
-          if hu : next' < upperBound then
-            loop γ upperBound least acc' f next' ?hle' hu
-          else
-            return acc'
-        | none => return acc'
-      | .done acc' => return acc'
-  finally
-    case hf =>
-      rw [Monadic.isPlausibleIndirectOutput_iff]
-      obtain ⟨n, hn⟩ := ha₁
-      exact ⟨n, hn, ha₂⟩
-    case hle =>
-      exact UpwardEnumerable.le_refl _
-    case hle' =>
-      refine UpwardEnumerable.le_trans hl ⟨1, ?_⟩
-      simp [succMany?_one, hs]
-
-theorem Iterator.instIteratorLoop.loop_eq [UpwardEnumerable α] [LT α] [DecidableLT α]
-    [LawfulUpwardEnumerable α] [LawfulUpwardEnumerableLT α]
-    {n : Type u → Type w} [Monad n] [LawfulMonad n] {γ : Type u}
-    {lift} [Internal.LawfulMonadLiftBindFunction lift]
-    {PlausibleForInStep} {upperBound} {next} {hl} {hu} {f} {acc} {wf} :
-    loop (α := α) (n := n) γ PlausibleForInStep wf upperBound least acc f next hl hu =
-      (do
-        match ← f next hl hu acc with
-        | ⟨.yield c, _⟩ =>
+        match ← f next h hu acc with
+        | ⟨.yield acc', _⟩ =>
           letI it' : IterM (α := Rxo.Iterator α) Id α := ⟨⟨succ? next, upperBound⟩⟩
-          IterM.DefaultConsumers.forIn' (m := Id) lift γ
-            PlausibleForInStep wf it' c it'.IsPlausibleIndirectOutput (fun _ => id)
-            (fun b h c => f b
-                (by
-                  refine UpwardEnumerable.le_trans hl ?_
-                  simp only [Monadic.isPlausibleIndirectOutput_iff, it',
-                    ← succMany?_add_one_eq_succ?_bind_succMany?] at h
-                  exact ⟨h.choose + 1, h.choose_spec.1⟩)
-                (by
-                  simp only [Monadic.isPlausibleIndirectOutput_iff, it'] at h
-                  exact h.choose_spec.2) c)
-        | ⟨.done c, _⟩ => return c) := by
-  rw [loop]
-  apply bind_congr
-  intro step
+          IterM.DefaultConsumers.forIn' (m := Id) (n := n) lift γ Pl it' acc'
+            it'.IsPlausibleIndirectOutput (fun _ => id)
+            fun next' h acc' => f next'
+              (by
+                refine hl next next' ?_ ‹_›
+                simp only [it', Monadic.isPlausibleIndirectOutput_iff,
+                  ← succMany?_add_one_eq_succ?_bind_succMany?] at h
+                exact ⟨h.choose + 1, h.choose_spec.1⟩)
+              (by
+                simp only [it', Monadic.isPlausibleIndirectOutput_iff] at h
+                exact h.choose_spec.2)
+              acc'
+        | ⟨.done acc', _⟩ => return acc'
+      else return acc) := by
+  haveI : Nonempty γ := ⟨acc⟩
+  rw [loop.wf]
+  congr 1; ext hu
+  apply bind_congr; intro forInStep
   split
   · split
-    · split
-      · simp only [*]
-        rw [IterM.DefaultConsumers.forIn']
-        simp only [Monadic.step_eq_step, Monadic.step, ↓reduceIte, *,
-          Internal.LawfulMonadLiftBindFunction.liftBind_pure]
-        rw [loop_eq (lift := lift), Shrink.inflate_deflate]
-        apply bind_congr
-        intro step
+    · rw [loopWf_eq (lift := lift) _ Pl wf]
+      rw [IterM.DefaultConsumers.forIn'_eq_match_step (lift := lift) Pl wf]; rotate_left
+      · simp only [Monadic.step_eq_step, Monadic.step,
+          Shrink.inflate_deflate, instLawfulMonadLiftFunction.liftBind_pure, *]
         split
-        · apply IterM.DefaultConsumers.forIn'_eq_forIn'
-          intros; rfl
+        · apply bind_congr; intro forInStep
+          split
+          · apply IterM.DefaultConsumers.forIn'_eq_forIn' Pl wf <;> (intros; rfl)
+          · simp
         · simp
-      · simp only [*]
-        rw [IterM.DefaultConsumers.forIn']
-        simp [Monadic.step_eq_step, Monadic.step, *,
-          Internal.LawfulMonadLiftBindFunction.liftBind_pure]
-    · simp only [*]
-      rw [IterM.DefaultConsumers.forIn']
-      simp [Monadic.step_eq_step, Monadic.step, Internal.LawfulMonadLiftBindFunction.liftBind_pure]
+    · rw [IterM.DefaultConsumers.forIn'_eq_match_step Pl wf]
+      simp [Monadic.step_eq_step, Monadic.step, instLawfulMonadLiftFunction.liftBind_pure, *]
   · simp
 termination_by IteratorLoop.WithWF.mk ⟨⟨some next, upperBound⟩⟩ acc (hwf := wf)
 decreasing_by
-      simp [IteratorLoop.rel, Monadic.isPlausibleStep_iff, Monadic.step, *]
+  simp [IteratorLoop.rel, Monadic.isPlausibleStep_iff, Monadic.step, *]
 
 instance Iterator.instLawfulIteratorLoop [UpwardEnumerable α] [LT α] [DecidableLT α]
     [LawfulUpwardEnumerable α] [LawfulUpwardEnumerableLT α]
     {n : Type u → Type w} [Monad n] [LawfulMonad n] :
     LawfulIteratorLoop (Rxo.Iterator α) Id n where
   lawful := by
-    intro lift instLawfulMonadLiftFunction
-    ext γ PlausibleForInStep hwf it init f
-    simp only [IteratorLoop.forIn, IteratorLoop.defaultImplementation]
-    rw [IterM.DefaultConsumers.forIn']
-    simp only [Monadic.step_eq_step, Monadic.step]
-    simp only [Internal.LawfulMonadLiftBindFunction.liftBind_pure]
+    intro lift instLawfulMonadLiftFunction γ it init Pl wf f
+    simp only [IteratorLoop.defaultImplementation, IteratorLoop.forIn,
+      IterM.DefaultConsumers.forIn'_eq_wf Pl wf]
+    rw [IterM.DefaultConsumers.forIn'.wf]
+    split; rotate_left
+    · simp [Monadic.step_eq_step, Monadic.step, Internal.LawfulMonadLiftBindFunction.liftBind_pure]
+    rename_i next _
+    rw [instIteratorLoop.loop_eq_wf Pl wf, instIteratorLoop.loopWf_eq (lift := lift)]
+    simp only [Monadic.step_eq_step, Monadic.step, instLawfulMonadLiftFunction.liftBind_pure,
+      Shrink.inflate_deflate]
     split
-    · rename_i it f next upperBound f'
-      simp
+    · apply bind_congr; intro forInStep
       split
       · simp only
-        rw [instIteratorLoop.loop_eq (lift := lift)]
-        apply bind_congr
-        intro step
-        split
-        · apply IterM.DefaultConsumers.forIn'_eq_forIn'
-          intro b c hPb hQb
-          congr
-        · simp
+        rw [← IterM.DefaultConsumers.forIn'_eq_wf Pl wf _]
+        apply IterM.DefaultConsumers.forIn'_eq_forIn' Pl wf <;> all_goals (intros; rfl)
       · simp
     · simp
 
@@ -1265,10 +1269,6 @@ instance Iterator.instIteratorCollect [UpwardEnumerable α]
     {n : Type u → Type w} [Monad n] : IteratorCollect (Rxi.Iterator α) Id n :=
   .defaultImplementation
 
-instance Iterator.instIteratorCollectPartial [UpwardEnumerable α]
-    {n : Type u → Type w} [Monad n] : IteratorCollectPartial (Rxi.Iterator α) Id n :=
-  .defaultImplementation
-
 theorem Iterator.Monadic.isPlausibleOutput_next {a} [UpwardEnumerable α]
     {it : IterM (α := Rxi.Iterator α) Id α} (h : it.internalState.next = some a) :
     it.IsPlausibleOutput a := by
@@ -1508,148 +1508,151 @@ section IteratorLoop
 
 /--
 An efficient {name}`IteratorLoop` instance:
-As long as the compiler cannot optimize away the {name}`Option` in the internal state, we use a
-special loop implementation.
+As long as the compiler cannot optimize away the {name}`Option` in the internal state, we use a special
+loop implementation.
 -/
 @[always_inline, inline]
-instance Iterator.instIteratorLoop [UpwardEnumerable α]
-    [LawfulUpwardEnumerable α]
+instance Iterator.instIteratorLoop [UpwardEnumerable α] [LawfulUpwardEnumerable α]
     {n : Type u → Type w} [Monad n] :
     IteratorLoop (Rxi.Iterator α) Id n where
-  forIn _ γ Pl wf it init f :=
+  forIn _ γ Pl it init f :=
     match it with
     | ⟨⟨some next⟩⟩ =>
-        loop γ Pl wf next init (fun a ha c => f a ?hf c) next ?hle
+      loop γ Pl (UpwardEnumerable.LE next ·) (fun a b hab hna => ?hle) init next ?hle'' (fun a ha c => f a ?hf c)
     | ⟨⟨none⟩⟩ => return init
   where
-    @[specialize]
-    loop γ Pl wf least acc
-        (f : (out : α) → UpwardEnumerable.LE least out → (c : γ) → n (Subtype (fun s : ForInStep γ => Pl out c s)))
-        (next : α) (hl : UpwardEnumerable.LE least next) : n γ := do
-      match ← f next hl acc with
-      | ⟨.yield acc', _⟩ =>
-        match hs : UpwardEnumerable.succ? next with
-        | some next' =>
-            loop γ Pl wf least acc' f next' ?hle'
-        | none => return acc'
-      | ⟨.done acc', _⟩ => return acc'
-    termination_by IteratorLoop.WithWF.mk ⟨⟨some next⟩⟩ acc (hwf := wf)
-    decreasing_by
-      simp [IteratorLoop.rel, Monadic.isPlausibleStep_iff,
-        Monadic.step, *]
+    @[always_inline, inline]
+    loop γ (Pl : α → γ → ForInStep γ → Prop) (LargeEnough : α → Prop) (hl : ∀ a b : α, UpwardEnumerable.LE a b → LargeEnough a → LargeEnough b)
+        (acc : γ) (next : α) (h : LargeEnough next)
+        (f : (out : α) → LargeEnough out → (c : γ) → n (Subtype (Pl out c))) : n γ :=
+      haveI : Nonempty γ := ⟨acc⟩
+      WellFounded.extrinsicFix₃ (C₃ := fun _ _ _ => n γ) (InvImage (IteratorLoop.rel _ Id Pl) (fun x => (⟨Rxi.Iterator.mk (some x.1)⟩, x.2.1)))
+        (fun next acc (h : LargeEnough next) G => do
+          match ← f next h acc with
+          | ⟨.yield acc', h'⟩ =>
+            match hs : UpwardEnumerable.succ? next with
+            | some next' => G next' acc' (hl _ _ ?hle' h) ?decreasing
+            | none => return acc'
+          | ⟨.done acc', _⟩ => return acc') next acc h
   finally
     case hf =>
       rw [Monadic.isPlausibleIndirectOutput_iff]
       exact ha
     case hle =>
-      exact UpwardEnumerable.le_refl _
+      exact UpwardEnumerable.le_trans hna hab
     case hle' =>
-      refine UpwardEnumerable.le_trans hl ⟨1, ?_⟩
-      simp [succMany?_one, hs]
-
-/--
-An efficient {name}`IteratorLoopPartial` instance:
-As long as the compiler cannot optimize away the {name}`Option` in the internal state, we use a
-special loop implementation.
--/
-partial instance Iterator.instIteratorLoopPartial [UpwardEnumerable α]
-    [LawfulUpwardEnumerable α]
-    {n : Type u → Type w} [Monad n] : IteratorLoopPartial (Rxi.Iterator α) Id n where
-  forInPartial _ γ it init f :=
-    match it with
-    | ⟨⟨some next⟩⟩ => loop γ next init (fun a ha c => f a ?hf c) next ?hle
-    | ⟨⟨none⟩⟩ => return init
-  where
-    @[specialize]
-    loop γ least acc
-        (f : (out : α) → UpwardEnumerable.LE least out → (c : γ) → n (ForInStep γ))
-        (next : α) (hl : UpwardEnumerable.LE least next) : n γ := do
-      match ← f next hl acc with
-      | .yield acc' =>
-        match hs : succ? next with
-        | some next' =>
-            loop γ least acc' f next' ?hle'
-        | none => return acc'
-      | .done acc' => return acc'
-  finally
-    case hf =>
-      rw [Monadic.isPlausibleIndirectOutput_iff]
-      exact ha
-    case hle =>
+      refine ⟨1, ?_⟩
+      simpa [succMany?_one] using hs
+    case hle'' =>
       exact UpwardEnumerable.le_refl _
-    case hle' =>
-      refine UpwardEnumerable.le_trans hl ⟨1, ?_⟩
-      simp [succMany?_one, hs]
+    case decreasing =>
+      simp_wf; simp [IteratorLoop.rel, Monadic.isPlausibleStep_iff, Monadic.step, *]
 
-theorem Iterator.instIteratorLoop.loop_eq [UpwardEnumerable α]
+private noncomputable def Iterator.instIteratorLoop.loop.wf [UpwardEnumerable α]
     [LawfulUpwardEnumerable α]
-    {n : Type u → Type w} [Monad n] [LawfulMonad n] {γ : Type u}
-    {lift} [Internal.LawfulMonadLiftBindFunction lift]
-    {PlausibleForInStep next hl f acc wf} :
-    loop (α := α) (n := n) γ PlausibleForInStep wf least acc f next hl =
-      (do
-        match ← f next hl acc with
-        | ⟨.yield c, _⟩ =>
+    {n : Type u → Type w} [Monad n] (γ : Type u)
+    (Pl : α → γ → ForInStep γ → Prop)
+    (wf : IteratorLoop.WellFounded (Rxi.Iterator α) Id Pl)
+    (LargeEnough : α → Prop) (hl : ∀ a b : α, UpwardEnumerable.LE a b → LargeEnough a → LargeEnough b)
+    (acc : γ) (next : α) (h : LargeEnough next)
+    (f : (out : α) → LargeEnough out → (c : γ) → n (Subtype (fun s : ForInStep γ => Pl out c s))) :
+    n γ := do
+    match ← f next h acc with
+    | ⟨.yield acc', _⟩ =>
+      match hs : UpwardEnumerable.succ? next with
+      | some next' =>
+        loop.wf γ Pl wf LargeEnough hl acc' next' (hl _ _ ?hle h) f
+      | none => return acc'
+    | ⟨.done acc', _⟩ => return acc'
+termination_by IteratorLoop.WithWF.mk ⟨⟨some next⟩⟩ acc (hwf := wf)
+decreasing_by
+  simp [IteratorLoop.rel, Monadic.isPlausibleStep_iff, Monadic.step, *]
+where finally
+  case hle =>
+    refine ⟨1, ?_⟩
+    simpa [succMany?_one] using hs
+
+private theorem Iterator.instIteratorLoop.loop_eq_wf [UpwardEnumerable α]
+    [LawfulUpwardEnumerable α] [Monad n] [LawfulMonad n]
+    {γ LargeEnough hl} {next hn} {acc} (Pl wf f) :
+    loop γ Pl LargeEnough hl acc next hn f =
+      loop.wf (α := α) (n := n) γ Pl wf LargeEnough hl acc next hn f := by
+  haveI : Nonempty γ := ⟨acc⟩
+  rw [loop, WellFounded.extrinsicFix₃_eq_fix]; rotate_left
+  · exact InvImage.wf _ wf
+  · fun_induction loop.wf γ Pl wf LargeEnough hl acc  next hn f
+    · rw [WellFounded.fix_eq]
+      apply bind_congr; intro forInStep
+      split
+      · simp only
+        split
+        · simp_all
+        · simp
+      · simp
+
+private theorem Iterator.instIteratorLoop.loopWf_eq [UpwardEnumerable α]
+    [LawfulUpwardEnumerable α]
+    {n : Type u → Type w} [Monad n] [LawfulMonad n] (γ : Type u)
+    {lift} [instLawfulMonadLiftFunction : Std.Internal.LawfulMonadLiftBindFunction (m := Id) (n := n) lift]
+    (Pl : α → γ → ForInStep γ → Prop)
+    (wf : IteratorLoop.WellFounded (Rxi.Iterator α) Id Pl)
+    (LargeEnough : α → Prop) (hl : ∀ a b : α, UpwardEnumerable.LE a b → LargeEnough a → LargeEnough b)
+    (acc : γ) (next : α) (h : LargeEnough next)
+    (f : (out : α) → LargeEnough out → (c : γ) → n (Subtype (fun s : ForInStep γ => Pl out c s))) :
+    loop.wf γ Pl wf LargeEnough hl acc next h f = (do
+        match ← f next h acc with
+        | ⟨.yield acc', _⟩ =>
           letI it' : IterM (α := Rxi.Iterator α) Id α := ⟨⟨succ? next⟩⟩
-          IterM.DefaultConsumers.forIn' (m := Id) lift γ
-            PlausibleForInStep wf it' c it'.IsPlausibleIndirectOutput (fun _ => id)
-            (fun b h c => f b
-                (by
-                  refine UpwardEnumerable.le_trans hl ?_
-                  simp only [Monadic.isPlausibleIndirectOutput_iff, it',
-                    ← succMany?_add_one_eq_succ?_bind_succMany?] at h
-                  exact ⟨h.choose + 1, h.choose_spec⟩)
-                c)
-        | ⟨.done c, _⟩ => return c) := by
-  rw [loop]
-  apply bind_congr
-  intro step
+          IterM.DefaultConsumers.forIn' (m := Id) (n := n) lift γ Pl it' acc'
+            it'.IsPlausibleIndirectOutput (fun _ => id)
+            fun next' h acc' => f next'
+              (by
+                refine hl next next' ?_ ‹_›
+                simp only [it', Monadic.isPlausibleIndirectOutput_iff,
+                  ← succMany?_add_one_eq_succ?_bind_succMany?] at h
+                exact ⟨h.choose + 1, h.choose_spec⟩)
+              acc'
+        | ⟨.done acc', _⟩ => return acc') := by
+  haveI : Nonempty γ := ⟨acc⟩
+  rw [loop.wf]
+  apply bind_congr; intro forInStep
   split
   · split
-    · split
-      · rename_i heq
-        cases heq
-        simp only [*]
-        rw [IterM.DefaultConsumers.forIn']
-        simp only [Monadic.step_eq_step, Monadic.step, *,
-          Internal.LawfulMonadLiftBindFunction.liftBind_pure]
-        rw [loop_eq (lift := lift), Shrink.inflate_deflate]
-        apply bind_congr
-        intro step
+    · rw [loopWf_eq (lift := lift) _ Pl wf]
+      rw [IterM.DefaultConsumers.forIn'_eq_match_step (lift := lift) Pl wf]; rotate_left
+      · simp only [Monadic.step_eq_step, Monadic.step,
+          Shrink.inflate_deflate, instLawfulMonadLiftFunction.liftBind_pure, *]
+        apply bind_congr; intro forInStep
         split
-        · apply IterM.DefaultConsumers.forIn'_eq_forIn'
-          intros; rfl
+        · apply IterM.DefaultConsumers.forIn'_eq_forIn' Pl wf <;> (intros; rfl)
         · simp
-      · rename_i heq
-        cases heq
-    · simp only [*]
-      rw [IterM.DefaultConsumers.forIn']
-      simp [Monadic.step_eq_step, Monadic.step, Internal.LawfulMonadLiftBindFunction.liftBind_pure]
+    · rw [IterM.DefaultConsumers.forIn'_eq_match_step Pl wf]
+      simp [Monadic.step_eq_step, Monadic.step, instLawfulMonadLiftFunction.liftBind_pure, *]
   · simp
 termination_by IteratorLoop.WithWF.mk ⟨⟨some next⟩⟩ acc (hwf := wf)
 decreasing_by
-      simp [IteratorLoop.rel, Monadic.isPlausibleStep_iff, Monadic.step, *]
+  simp [IteratorLoop.rel, Monadic.isPlausibleStep_iff, Monadic.step, *]
 
 instance Iterator.instLawfulIteratorLoop [UpwardEnumerable α]
-    [LawfulUpwardEnumerable α] {n : Type u → Type w} [Monad n] [LawfulMonad n] :
+    [LawfulUpwardEnumerable α]
+    {n : Type u → Type w} [Monad n] [LawfulMonad n] :
     LawfulIteratorLoop (Rxi.Iterator α) Id n where
   lawful := by
-    intro lift instLawfulMonadLiftFunction
-    ext γ PlausibleForInStep hwf it init f
-    simp only [IteratorLoop.forIn, IteratorLoop.defaultImplementation]
-    rw [IterM.DefaultConsumers.forIn']
-    simp only [Monadic.step_eq_step, Monadic.step]
-    simp only [Internal.LawfulMonadLiftBindFunction.liftBind_pure]
+    intro lift instLawfulMonadLiftFunction γ it init Pl wf f
+    simp only [IteratorLoop.defaultImplementation, IteratorLoop.forIn,
+      IterM.DefaultConsumers.forIn'_eq_wf Pl wf]
+    rw [IterM.DefaultConsumers.forIn'.wf]
+    split; rotate_left
+    · simp [Monadic.step_eq_step, Monadic.step, Internal.LawfulMonadLiftBindFunction.liftBind_pure]
+    rename_i next _
+    rw [instIteratorLoop.loop_eq_wf Pl wf, instIteratorLoop.loopWf_eq (lift := lift)]
+    simp only [Monadic.step_eq_step, Monadic.step, instLawfulMonadLiftFunction.liftBind_pure,
+      Shrink.inflate_deflate]
+    apply bind_congr; intro forInStep
     split
-    · rename_i it f next upperBound f'
-      rw [instIteratorLoop.loop_eq (lift := lift), Shrink.inflate_deflate]
-      apply bind_congr
-      intro step
-      split
-      · apply IterM.DefaultConsumers.forIn'_eq_forIn'
-        intro b c hPb hQb
-        congr
-      · simp
+    · simp only
+      rw [← IterM.DefaultConsumers.forIn'_eq_wf Pl wf _]
+      apply IterM.DefaultConsumers.forIn'_eq_forIn' Pl wf <;> all_goals (intros; rfl)
     · simp
 
 end IteratorLoop