fix: case splitting on data

This PR improves the support for `match`-expressions in the `grind`
tactic.

.github/workflows/check-prelude.yml

@@ -14,6 +14,7 @@ jobs:
           sparse-checkout: |
             src/Lean
             src/Std
+            src/lake/Lake
       - name: Check Prelude
         run: |
           failed_files=""
@@ -21,7 +22,7 @@ jobs:
             if ! grep -q "^prelude$" "$file"; then
               failed_files="$failed_files$file\n"
             fi
-          done < <(find src/Lean src/Std -name '*.lean' -print0)
+          done < <(find src/Lean src/Std src/lake/Lake -name '*.lean' -print0)
           if [ -n "$failed_files" ]; then
             echo -e "The following files should use 'prelude':\n$failed_files"
             exit 1

.github/workflows/ci.yml

@@ -238,27 +238,27 @@ jobs:
                 "name": "Linux 32bit",
                 "os": "ubuntu-latest",
                 // Use 32bit on stage0 and stage1 to keep oleans compatible
-                "CMAKE_OPTIONS": "-DSTAGE0_USE_GMP=OFF -DSTAGE0_LEAN_EXTRA_CXX_FLAGS='-m32' -DSTAGE0_LEANC_OPTS='-m32' -DSTAGE0_MMAP=OFF -DUSE_GMP=OFF -DLEAN_EXTRA_CXX_FLAGS='-m32' -DLEANC_OPTS='-m32' -DMMAP=OFF -DLEAN_INSTALL_SUFFIX=-linux_x86 -DCMAKE_LIBRARY_PATH=/usr/lib/i386-linux-gnu/ -DSTAGE0_CMAKE_LIBRARY_PATH=/usr/lib/i386-linux-gnu/",
+                "CMAKE_OPTIONS": "-DSTAGE0_USE_GMP=OFF -DSTAGE0_LEAN_EXTRA_CXX_FLAGS='-m32' -DSTAGE0_LEANC_OPTS='-m32' -DSTAGE0_MMAP=OFF -DUSE_GMP=OFF -DLEAN_EXTRA_CXX_FLAGS='-m32' -DLEANC_OPTS='-m32' -DMMAP=OFF -DLEAN_INSTALL_SUFFIX=-linux_x86 -DCMAKE_LIBRARY_PATH=/usr/lib/i386-linux-gnu/ -DSTAGE0_CMAKE_LIBRARY_PATH=/usr/lib/i386-linux-gnu/ -DPKG_CONFIG_EXECUTABLE=/usr/bin/i386-linux-gnu-pkg-config",
                 "cmultilib": true,
                 "release": true,
                 "check-level": 2,
                 "cross": true,
                 "shell": "bash -euxo pipefail {0}"
-              },
-              {
-                "name": "Web Assembly",
-                "os": "ubuntu-latest",
-                // Build a native 32bit binary in stage0 and use it to compile the oleans and the wasm build
-                "CMAKE_OPTIONS": "-DCMAKE_C_COMPILER_WORKS=1 -DSTAGE0_USE_GMP=OFF -DSTAGE0_LEAN_EXTRA_CXX_FLAGS='-m32' -DSTAGE0_LEANC_OPTS='-m32' -DSTAGE0_CMAKE_CXX_COMPILER=clang++ -DSTAGE0_CMAKE_C_COMPILER=clang -DSTAGE0_CMAKE_EXECUTABLE_SUFFIX=\"\" -DUSE_GMP=OFF -DMMAP=OFF -DSTAGE0_MMAP=OFF -DCMAKE_AR=../emsdk/emsdk-main/upstream/emscripten/emar -DCMAKE_TOOLCHAIN_FILE=../emsdk/emsdk-main/upstream/emscripten/cmake/Modules/Platform/Emscripten.cmake -DLEAN_INSTALL_SUFFIX=-linux_wasm32 -DSTAGE0_CMAKE_LIBRARY_PATH=/usr/lib/i386-linux-gnu/",
-                "wasm": true,
-                "cmultilib": true,
-                "release": true,
-                "check-level": 2,
-                "cross": true,
-                "shell": "bash -euxo pipefail {0}",
-                // Just a few selected tests because wasm is slow
-                "CTEST_OPTIONS": "-R \"leantest_1007\\.lean|leantest_Format\\.lean|leanruntest\\_1037.lean|leanruntest_ac_rfl\\.lean|leanruntest_tempfile.lean\\.|leanruntest_libuv\\.lean\""
               }
+              // {
+              //   "name": "Web Assembly",
+              //   "os": "ubuntu-latest",
+              //   // Build a native 32bit binary in stage0 and use it to compile the oleans and the wasm build
+              //   "CMAKE_OPTIONS": "-DCMAKE_C_COMPILER_WORKS=1 -DSTAGE0_USE_GMP=OFF -DSTAGE0_LEAN_EXTRA_CXX_FLAGS='-m32' -DSTAGE0_LEANC_OPTS='-m32' -DSTAGE0_CMAKE_CXX_COMPILER=clang++ -DSTAGE0_CMAKE_C_COMPILER=clang -DSTAGE0_CMAKE_EXECUTABLE_SUFFIX=\"\" -DUSE_GMP=OFF -DMMAP=OFF -DSTAGE0_MMAP=OFF -DCMAKE_AR=../emsdk/emsdk-main/upstream/emscripten/emar -DCMAKE_TOOLCHAIN_FILE=../emsdk/emsdk-main/upstream/emscripten/cmake/Modules/Platform/Emscripten.cmake -DLEAN_INSTALL_SUFFIX=-linux_wasm32 -DSTAGE0_CMAKE_LIBRARY_PATH=/usr/lib/i386-linux-gnu/",
+              //   "wasm": true,
+              //   "cmultilib": true,
+              //   "release": true,
+              //   "check-level": 2,
+              //   "cross": true,
+              //   "shell": "bash -euxo pipefail {0}",
+              //   // Just a few selected tests because wasm is slow
+              //   "CTEST_OPTIONS": "-R \"leantest_1007\\.lean|leantest_Format\\.lean|leanruntest\\_1037.lean|leanruntest_ac_rfl\\.lean|leanruntest_tempfile.lean\\.|leanruntest_libuv\\.lean\""
+              // }
             ];
             console.log(`matrix:\n${JSON.stringify(matrix, null, 2)}`)
             return matrix.filter((job) => level >= job["check-level"])
@@ -327,7 +327,7 @@ jobs:
         run: |
           sudo dpkg --add-architecture i386
           sudo apt-get update
-          sudo apt-get install -y gcc-multilib g++-multilib ccache libuv1-dev:i386
+          sudo apt-get install -y gcc-multilib g++-multilib ccache libuv1-dev:i386 pkgconf:i386
         if: matrix.cmultilib
       - name: Cache
         uses: actions/cache@v4

.github/workflows/labels-from-comments.yml

@@ -1,7 +1,8 @@
 # This workflow allows any user to add one of the `awaiting-review`, `awaiting-author`, `WIP`,
-# or `release-ci` labels by commenting on the PR or issue.
+# `release-ci`, or a `changelog-XXX` label by commenting on the PR or issue.
 # If any labels from the set {`awaiting-review`, `awaiting-author`, `WIP`} are added, other labels
 # from that set are removed automatically at the same time.
+# Similarly, if any `changelog-XXX` label is added, other `changelog-YYY` labels are removed.
 
 name: Label PR based on Comment
 
@@ -11,7 +12,7 @@ on:
 
 jobs:
   update-label:
-    if: github.event.issue.pull_request != null && (contains(github.event.comment.body, 'awaiting-review') || contains(github.event.comment.body, 'awaiting-author') || contains(github.event.comment.body, 'WIP') || contains(github.event.comment.body, 'release-ci'))
+    if: github.event.issue.pull_request != null && (contains(github.event.comment.body, 'awaiting-review') || contains(github.event.comment.body, 'awaiting-author') || contains(github.event.comment.body, 'WIP') || contains(github.event.comment.body, 'release-ci') || contains(github.event.comment.body, 'changelog-'))
     runs-on: ubuntu-latest
 
     steps:
@@ -20,13 +21,14 @@ jobs:
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }}
         script: |
-          const { owner, repo, number: issue_number  } = context.issue;
+          const { owner, repo, number: issue_number } = context.issue;
           const commentLines = context.payload.comment.body.split('\r\n');
 
           const awaitingReview = commentLines.includes('awaiting-review');
           const awaitingAuthor = commentLines.includes('awaiting-author');
           const wip = commentLines.includes('WIP');
           const releaseCI = commentLines.includes('release-ci');
+          const changelogMatch = commentLines.find(line => line.startsWith('changelog-'));
 
           if (awaitingReview || awaitingAuthor || wip) {
             await github.rest.issues.removeLabel({ owner, repo, issue_number, name: 'awaiting-review' }).catch(() => {});
@@ -47,3 +49,19 @@ jobs:
           if (releaseCI) {
             await github.rest.issues.addLabels({ owner, repo, issue_number, labels: ['release-ci'] });
           }
+
+          if (changelogMatch) {
+            const changelogLabel = changelogMatch.trim();
+            const { data: existingLabels } = await github.rest.issues.listLabelsOnIssue({ owner, repo, issue_number });
+            const changelogLabels = existingLabels.filter(label => label.name.startsWith('changelog-'));
+
+            // Remove all other changelog labels
+            for (const label of changelogLabels) {
+              if (label.name !== changelogLabel) {
+                await github.rest.issues.removeLabel({ owner, repo, issue_number, name: label.name }).catch(() => {});
+              }
+            }
+
+            // Add the new changelog label
+            await github.rest.issues.addLabels({ owner, repo, issue_number, labels: [changelogLabel] });
+          }

.github/workflows/pr-release.yml

@@ -34,7 +34,7 @@ jobs:
       - name: Download artifact from the previous workflow.
         if: ${{ steps.workflow-info.outputs.pullRequestNumber != '' }}
         id: download-artifact
-        uses: dawidd6/action-download-artifact@v6 # https://github.com/marketplace/actions/download-workflow-artifact
+        uses: dawidd6/action-download-artifact@v7 # https://github.com/marketplace/actions/download-workflow-artifact
         with:
           run_id: ${{ github.event.workflow_run.id }}
           path: artifacts
@@ -111,7 +111,7 @@ jobs:
 
       - name: 'Setup jq'
         if: ${{ steps.workflow-info.outputs.pullRequestNumber != '' }}
-        uses: dcarbone/install-jq-action@v2.1.0
+        uses: dcarbone/install-jq-action@v3.0.1
 
       # Check that the most recently nightly coincides with 'git merge-base HEAD master'
       - name: Check merge-base and nightly-testing-YYYY-MM-DD

.gitpod.Dockerfile

@@ -0,0 +1,14 @@
+# You can find the new timestamped tags here: https://hub.docker.com/r/gitpod/workspace-full/tags
+FROM gitpod/workspace-full
+
+USER root
+RUN apt-get update && apt-get install git libgmp-dev libuv1-dev cmake ccache clang -y && apt-get clean
+
+USER gitpod
+
+# Install and configure elan
+RUN curl https://raw.githubusercontent.com/leanprover/elan/master/elan-init.sh -sSf | sh -s -- -y --default-toolchain none
+ENV PATH="/home/gitpod/.elan/bin:${PATH}"
+# Create a dummy toolchain so that we can pre-register it with elan
+RUN mkdir -p /workspace/lean4/build/release/stage1/bin && touch /workspace/lean4/build/release/stage1/bin/lean && elan toolchain link lean4 /workspace/lean4/build/release/stage1
+RUN mkdir -p /workspace/lean4/build/release/stage0/bin && touch /workspace/lean4/build/release/stage0/bin/lean && elan toolchain link lean4-stage0 /workspace/lean4/build/release/stage0

.gitpod.yml

@@ -0,0 +1,11 @@
+image:
+    file: .gitpod.Dockerfile
+
+vscode:
+  extensions:
+    - leanprover.lean4
+
+tasks:
+  - name: Release build
+    init: cmake --preset release
+    command: make -C build/release -j$(nproc || sysctl -n hw.logicalcpu)

CMakeLists.txt

@@ -18,6 +18,9 @@ foreach(var ${vars})
     if("${var}" MATCHES "LLVM*")
       list(APPEND STAGE0_ARGS "-D${var}=${${var}}")
     endif()
+    if("${var}" MATCHES "PKG_CONFIG*")
+      list(APPEND STAGE0_ARGS "-D${var}=${${var}}")
+    endif()
   elseif(("${var}" MATCHES "CMAKE_.*") AND NOT ("${var}" MATCHES "CMAKE_BUILD_TYPE") AND NOT ("${var}" MATCHES "CMAKE_HOME_DIRECTORY"))
     list(APPEND PLATFORM_ARGS "-D${var}=${${var}}")
   endif()

CMakePresets.json

@@ -26,7 +26,7 @@
       "displayName": "Sanitize build config",
       "cacheVariables": {
         "LEAN_EXTRA_CXX_FLAGS": "-fsanitize=address,undefined",
-        "LEANC_EXTRA_FLAGS": "-fsanitize=address,undefined -fsanitize-link-c++-runtime",
+        "LEANC_EXTRA_CC_FLAGS": "-fsanitize=address,undefined -fsanitize-link-c++-runtime",
         "SMALL_ALLOCATOR": "OFF",
         "BSYMBOLIC": "OFF"
       },

CODEOWNERS

@@ -4,7 +4,7 @@
 # Listed persons will automatically be asked by GitHub to review a PR touching these paths.
 # If multiple names are listed, a review by any of them is considered sufficient by default.
 
-/.github/ @Kha @kim-em
+/.github/ @kim-em
 /RELEASES.md @kim-em
 /src/kernel/ @leodemoura
 /src/lake/ @tydeu
@@ -14,9 +14,7 @@
 /src/Lean/Elab/Tactic/ @kim-em
 /src/Lean/Language/ @Kha
 /src/Lean/Meta/Tactic/ @leodemoura
-/src/Lean/Parser/ @Kha
-/src/Lean/PrettyPrinter/ @Kha
-/src/Lean/PrettyPrinter/Delaborator/ @kmill
+/src/Lean/PrettyPrinter/ @kmill
 /src/Lean/Server/ @mhuisi
 /src/Lean/Widget/ @Vtec234
 /src/Init/Data/ @kim-em

README.md

@@ -6,7 +6,8 @@ This is the repository for **Lean 4**.
 - [Homepage](https://lean-lang.org)
 - [Theorem Proving Tutorial](https://lean-lang.org/theorem_proving_in_lean4/)
 - [Functional Programming in Lean](https://lean-lang.org/functional_programming_in_lean/)
-- [Manual](https://lean-lang.org/lean4/doc/)
+- [Documentation Overview](https://lean-lang.org/lean4/doc/)
+- [Language Reference](https://lean-lang.org/doc/reference/latest/)
 - [Release notes](RELEASES.md) starting at v4.0.0-m3
 - [Examples](https://lean-lang.org/lean4/doc/examples.html)
 - [External Contribution Guidelines](CONTRIBUTING.md)

debug.log

@@ -1 +0,0 @@
-[0829/202002.254:ERROR:crashpad_client_win.cc(868)] not connected

doc/SUMMARY.md

@@ -13,61 +13,13 @@
   - [The Well-Typed Interpreter](examples/interp.lean.md)
   - [Dependent de Bruijn Indices](examples/deBruijn.lean.md)
   - [Parametric Higher-Order Abstract Syntax](examples/phoas.lean.md)
-
-# Language Manual
-<!-- - [Using Lean](./using_lean.md) -->
-<!-- - [Lexical Structure](./lexical_structure.md) -->
-<!-- - [Expressions](./expressions.md) -->
-<!-- - [Declarations](./declarations.md) -->
-- [Organizational features](./organization.md)
-  - [Sections](./sections.md)
-  - [Namespaces](./namespaces.md)
-  - [Implicit Arguments](./implicit.md)
-  - [Auto Bound Implicit Arguments](./autobound.md)
-<!-- - [Dependent Types](./deptypes.md) -->
-<!--   - [Simple Type Theory](./simptypes.md) -->
-<!--   - [Types as objects](./typeobjs.md) -->
-<!--   - [Function Abstraction and Evaluation](./funabst.md) -->
-<!--   - [Introducing Definitions](./introdef.md) -->
-<!--   - [What makes dependent type theory dependent?](./dep.md) -->
-<!-- - [Tactics](./tactics.md) -->
-- [Syntax Extensions](./syntax.md)
-  - [The `do` Notation](./do.md)
-  - [String Interpolation](./stringinterp.md)
-  - [User-Defined Notation](./notation.md)
-  - [Macro Overview](./macro_overview.md)
-  - [Elaborators](./elaborators.md)
-  - [Examples](./syntax_examples.md)
+  - [Syntax Examples](./syntax_examples.md)
     - [Balanced Parentheses](./syntax_example.md)
     - [Arithmetic DSL](./metaprogramming-arith.md)
-- [Declaring New Types](./decltypes.md)
-  - [Enumerated Types](./enum.md)
-  - [Inductive Types](./inductive.md)
-  - [Structures](./struct.md)
-  - [Type classes](./typeclass.md)
-  - [Unification Hints](./unifhint.md)
-- [Builtin Types](./builtintypes.md)
-  - [Natural number](./nat.md)
-  - [Integer](./int.md)
-  - [Fixed precision unsigned integer](./uint.md)
-  - [Float](./float.md)
-  - [Array](./array.md)
-  - [List](./list.md)
-  - [Character](./char.md)
-  - [String](./string.md)
-  - [Option](./option.md)
-  - [Thunk](./thunk.md)
-  - [Task and Thread](./task.md)
-- [Functions](./functions.md)
-- [Monads](./monads/intro.md)
-  - [Functor](./monads/functors.lean.md)
-  - [Applicative](./monads/applicatives.lean.md)
-  - [Monad](./monads/monads.lean.md)
-  - [Reader](./monads/readers.lean.md)
-  - [State](./monads/states.lean.md)
-  - [Except](./monads/except.lean.md)
-  - [Transformers](./monads/transformers.lean.md)
-  - [Laws](./monads/laws.lean.md)
+
+# Language Manual
+
+- [The Lean Reference Manual](./reference.md)
 
 # Other
 

doc/array.md

@@ -1,77 +0,0 @@
-# Arrays
-
-The `Array` type implements a *dynamic* (aka growable) array.
-It is defined as
-```lean
-# namespace hidden
-structure Array (α : Type u) where
-  data : List α
-# end hidden
-```
-but its execution time representation is optimized, and it is similar to C++ `std::vector<T>` and Rust `Vec<T>`.
-The Lean type checker has no special support for reducing `Array`s.
-
-You can create arrays in several ways. You can create a small array by listing consecutive values between
-`#[` and `]` and separated by commas, as shown in the following examples.
-
-```lean
-#check #[1, 2, 3] -- Array Nat
-
-#check #[] -- Array ?m
-```
-
-The type of the array elements is inferred from the literals used and must be consistent.
-```lean
-#check #["hello", "world"] -- Array String
-
--- The following is not valid
-#check_failure #[10, "hello"]
-```
-Recall that the command `#check_failure <term>` only succeeds when the given term is not type correct.
-
-To create an array of size `n` in which all the elements are initialized to some value `a`, use `mkArray`.
-```lean
-#eval mkArray 5 'a'
--- #['a', 'a', 'a', 'a', 'a']
-```
-
-## Accessing elements
-
-You can access array elements by using brackets (`[` and `]`).
-```lean
-def f (a : Array Nat) (i : Fin a.size) :=
-  a[i] + a[i]
-```
-Note that the index `i` has type `Fin a.size`, i.e., it is natural number less than `a.size`.
-You can also write
-```lean
-def f (a : Array Nat) (i : Nat) (h  : i < a.size) :=
-  a[i] + a[i]
-```
-The bracket operator is whitespace sensitive.
-
-```lean
-def f (xs : List Nat) : List Nat :=
-  xs ++ xs
-
-def as : Array Nat :=
-  #[1, 2, 3, 4]
-
-def idx : Fin 4 :=
-  2
-
-#eval f [1, 2, 3] -- This is a function application
-
-#eval as[idx] -- This is an array access
-```
-The notation `a[i]` has two variants: `a[i]!` and `a[i]?`. In both cases, `i` has type `Nat`. The first one
-produces a panic error message if the index `i` is out of bounds. The latter returns an `Option` type.
-
-```lean
-#eval #['a', 'b', 'c'][1]?
--- some 'b'
-#eval #['a', 'b', 'c'][5]?
--- none
-#eval #['a', 'b', 'c'][1]!
--- 'b!
-```

doc/autobound.md

@@ -1,47 +0,0 @@
-## Auto Bound Implicit Arguments
-
-In the previous section, we have shown how implicit arguments make functions more convenient to use.
-However, functions such as `compose` are still quite verbose to define. Note that the universe
-polymorphic `compose` is even more verbose than the one previously defined.
-
-```lean
-universe u v w
-def compose {α : Type u} {β : Type v} {γ : Type w}
-            (g : β → γ) (f : α → β) (x : α) : γ :=
-  g (f x)
-```
-
-You can avoid the `universe` command by providing the universe parameters when defining `compose`.
-
-```lean
-def compose.{u, v, w}
-            {α : Type u} {β : Type v} {γ : Type w}
-            (g : β → γ) (f : α → β) (x : α) : γ :=
-  g (f x)
-```
-
-Lean 4 supports a new feature called *auto bound implicit arguments*. It makes functions such as
-`compose` much more convenient to write. When Lean processes the header of a declaration,
-any unbound identifier is automatically added as an implicit argument *if* it is a single lower case or
-greek letter. With this feature, we can write `compose` as
-
-```lean
-def compose (g : β → γ) (f : α → β) (x : α) : γ :=
-  g (f x)
-
-#check @compose
--- {β : Sort u_1} → {γ : Sort u_2} → {α : Sort u_3} → (β → γ) → (α → β) → α → γ
-```
-Note that, Lean inferred a more general type using `Sort` instead of `Type`.
-
-Although we love this feature and use it extensively when implementing Lean,
-we realize some users may feel uncomfortable with it. Thus, you can disable it using
-the command `set_option autoImplicit false`.
-```lean
-set_option autoImplicit false
-/- The following definition produces `unknown identifier` errors -/
--- def compose (g : β → γ) (f : α → β) (x : α) : γ :=
---   g (f x)
-```
-The Lean language server provides [semantic highlighting](./semantic_highlighting.md) information to editors, and it provides
-visual feedback whether an identifier has been interpreted as an auto bound implicit argument.

doc/book.toml

@@ -3,7 +3,7 @@ authors = ["Leonardo de Moura", "Sebastian Ullrich"]
 language = "en"
 multilingual = false
 src = "."
-title = "Lean Manual"
+title = "Lean Documentation Overview"
 
 [build]
 build-dir = "out"

doc/builtintypes.md

@@ -1,25 +0,0 @@
-# Builtin Types
-
-## Numeric Operations
-
-Lean supports the basic mathematical operations you’d expect for all of the number types: addition, subtraction, multiplication, division, and remainder.
-The following code shows how you’d use each one in a `def` commands:
-
-```lean
--- addition
-def sum := 5 + 10
-
--- subtraction
-def difference := 95.5 - 4.3
-
--- multiplication
-def product := 4 * 30
-
--- division
-def quotient := 53.7 / 32.2
-
--- remainder/modulo
-def modulo := 43 % 5
-```
-
-Each expression in these statements uses a mathematical operator and evaluates to a single value.

doc/char.md

@@ -1,11 +0,0 @@
-# Characters
-
-A value of type `Char`, also known as a character, is a [Unicode scalar value](https://www.unicode.org/glossary/#unicode_scalar_value). It is represented using an unsigned 32-bit integer and is statically guaranteed to be a valid Unicode scalar value.
-
-Syntactically, character literals are enclosed in single quotes.
-```lean
-#eval 'a' -- 'a'
-#eval '∀' -- '∀'
-```
-
-Characters are ordered and can be decidably compared using the relational operators `=`, `<`, `≤`, `>`, `≥`.

doc/declarations.md

@@ -590,9 +590,9 @@ This table should be read as follows:
  * No other proofs were attempted, either because the parameter has a type without a non-trivial ``WellFounded`` instance (parameter 3), or because it is already clear that no decreasing measure can be found.
 
 
-Lean will print the termination argument it found if ``set_option showInferredTerminationBy true`` is set.
+Lean will print the termination measure it found if ``set_option showInferredTerminationBy true`` is set.
 
-If Lean does not find the termination argument, or if you want to be explicit, you can append a `termination_by` clause to the function definition, after the function's body, but before the `where` clause if present. It is of the form
+If Lean does not find the termination measure, or if you want to be explicit, you can append a `termination_by` clause to the function definition, after the function's body, but before the `where` clause if present. It is of the form
 ```
 termination_by e
 ```
@@ -672,7 +672,7 @@ def num_consts_lst : List Term → Nat
 end
 ```
 
-In a set of mutually recursive function, either all or no functions must have an explicit termination argument (``termination_by``). A change of the default termination tactic (``decreasing_by``) only affects the proofs about the recursive calls of that function, not the other functions in the group.
+In a set of mutually recursive function, either all or no functions must have an explicit termination measure (``termination_by``). A change of the default termination tactic (``decreasing_by``) only affects the proofs about the recursive calls of that function, not the other functions in the group.
 
 ```
 mutual

doc/decltypes.md

@@ -1,29 +0,0 @@
-# Declaring New Types
-
-In Lean's library, every concrete type other than the universes and every type constructor other than the dependent function type is
-an instance of a general family of type constructions known as *inductive types*. It is remarkable that it is possible to develop
-complex programs and formalize mathematics based on nothing more than the type universes, dependent function types,
-and inductive types; everything else follows from those.
-
-Intuitively, an inductive type is built up from a specified list of constructors. In Lean, the basic syntax for specifying such a type is as follows:
-```
-inductive NewType where
-  | constructor_1 : ... → NewType
-  | constructor_2 : ... → NewType
-  ...
-  | constructor_n : ... → NewType
-```
-
-The intuition is that each constructor specifies a way of building new objects of ``NewType``, possibly from previously constructed values.
-The type ``NewType`` consists of nothing more than the objects that are constructed in this way.
-
-We will see below that the arguments to the constructors can include objects of type ``NewType``,
-subject to a certain "positivity" constraint, which guarantees that elements of ``NewType`` are built
-from the bottom up. Roughly speaking, each ``...`` can be any function type constructed from ``NewType``
-and previously defined types, in which ``NewType`` appears, if at all, only as the "target" of the function type.
-
-We will provide a number of examples of inductive types. We will also consider slight generalizations of the scheme above,
-to mutually defined inductive types, and so-called *inductive families*.
-
-Every inductive type comes with constructors, which show how to construct an element of the type, and elimination rules,
-which show how to "use" an element of the type in another construction.

doc/dev/bootstrap.md

@@ -103,10 +103,21 @@ your PR using rebase merge, bypassing the merge queue.
 As written above, changes in meta code in the current stage usually will only
 affect later stages. This is an issue in two specific cases.
 
+* For the special case of *quotations*, it is desirable to have changes in builtin parsers affect them immediately: when the changes in the parser become active in the next stage, builtin macros implemented via quotations should generate syntax trees compatible with the new parser, and quotation patterns in builtin macros and elaborators should be able to match syntax created by the new parser and macros.
+  Since quotations capture the syntax tree structure during execution of the current stage and turn it into code for the next stage, we need to run the current stage's builtin parsers in quotations via the interpreter for this to work.
+  Caveats:
+  * We activate this behavior by default when building stage 1 by setting `-Dinternal.parseQuotWithCurrentStage=true`.
+    We force-disable it inside `macro/macro_rules/elab/elab_rules` via `suppressInsideQuot` as they are guaranteed not to run in the next stage and may need to be run in the current one, so the stage 0 parser is the correct one to use for them.
+    It may be necessary to extend this disabling to functions that contain quotations and are (exclusively) used by one of the mentioned commands. A function using quotations should never be used by both builtin and non-builtin macros/elaborators. Example: https://github.com/leanprover/lean4/blob/f70b7e5722da6101572869d87832494e2f8534b7/src/Lean/Elab/Tactic/Config.lean#L118-L122
+  * The parser needs to be reachable via an `import` statement, otherwise the version of the previous stage will silently be used.
+  * Only the parser code (`Parser.fn`) is affected; all metadata such as leading tokens is taken from the previous stage.
+
+  For an example, see https://github.com/leanprover/lean4/commit/f9dcbbddc48ccab22c7674ba20c5f409823b4cc1#diff-371387aed38bb02bf7761084fd9460e4168ae16d1ffe5de041b47d3ad2d22422R13
+
 * For *non-builtin* meta code such as `notation`s or `macro`s in
   `Notation.lean`, we expect changes to affect the current file and all later
   files of the same stage immediately, just like outside the stdlib. To ensure
-  this, we need to build the stage using `-Dinterpreter.prefer_native=false` -
+  this, we build stage 1 using `-Dinterpreter.prefer_native=false` -
   otherwise, when executing a macro, the interpreter would notice that there is
   already a native symbol available for this function and run it instead of the
   new IR, but the symbol is from the previous stage!
@@ -124,26 +135,11 @@ affect later stages. This is an issue in two specific cases.
   further stages (e.g. after an `update-stage0`) will then need to be compiled
   with the flag set to `false` again since they will expect the new signature.
 
-  For an example, see https://github.com/leanprover/lean4/commit/da4c46370d85add64ef7ca5e7cc4638b62823fbb.
+  When enabling `prefer_native`, we usually want to *disable* `parseQuotWithCurrentStage` as it would otherwise make quotations use the interpreter after all.
+  However, there is a specific case where we want to set both options to `true`: when we make changes to a non-builtin parser like `simp` that has a builtin elaborator, we cannot have the new parser be active outside of quotations in stage 1 as the builtin elaborator from stage 0 would not understand them; on the other hand, we need quotations in e.g. the builtin `simp` elaborator to produce the new syntax in the next stage.
+  As this issue usually affects only tactics, enabling `debug.byAsSorry` instead of `prefer_native` can be a simpler solution.
 
-* For the special case of *quotations*, it is desirable to have changes in
-  built-in parsers affect them immediately: when the changes in the parser
-  become active in the next stage, macros implemented via quotations should
-  generate syntax trees compatible with the new parser, and quotation patterns
-  in macro and elaborators should be able to match syntax created by the new
-  parser and macros. Since quotations capture the syntax tree structure during
-  execution of the current stage and turn it into code for the next stage, we
-  need to run the current stage's built-in parsers in quotation via the
-  interpreter for this to work. Caveats:
-  * Since interpreting full parsers is not nearly as cheap and we rarely change
-    built-in syntax, this needs to be opted in using `-Dinternal.parseQuotWithCurrentStage=true`.
-  * The parser needs to be reachable via an `import` statement, otherwise the
-    version of the previous stage will silently be used.
-  * Only the parser code (`Parser.fn`) is affected; all metadata such as leading
-    tokens is taken from the previous stage.
-
-  For an example, see https://github.com/leanprover/lean4/commit/f9dcbbddc48ccab22c7674ba20c5f409823b4cc1#diff-371387aed38bb02bf7761084fd9460e4168ae16d1ffe5de041b47d3ad2d22422
-  (from before the flag defaulted to `false`).
+  For a `prefer_native` example, see https://github.com/leanprover/lean4/commit/da4c46370d85add64ef7ca5e7cc4638b62823fbb.
 
 To modify either of these flags both for building and editing the stdlib, adjust
 the code in `stage0/src/stdlib_flags.h`. The flags will automatically be reset

doc/dev/commit_convention.md

@@ -33,6 +33,9 @@ Format of the commit message
  - chore (maintain, ex: travis-ci)
  - perf (performance improvement, optimization, ...)
 
+Every `feat` or `fix` commit must have a `changelog-*` label, and a commit message
+beginning with "This PR " that will be included in the changelog.
+
 ``<subject>`` has the following constraints:
 
  - use imperative, present tense: "change" not "changed" nor "changes"
@@ -44,6 +47,7 @@ Format of the commit message
  - just as in ``<subject>``, use imperative, present tense
  - includes motivation for the change and contrasts with previous
    behavior
+ - If a `changelog-*` label is present, the body must begin with "This PR ".
 
 ``<footer>`` is optional and may contain two items:
 
@@ -60,17 +64,21 @@ Examples
 
 fix: add declarations for operator<<(std::ostream&, expr const&) and operator<<(std::ostream&, context const&) in the kernel
 
+This PR adds declarations `operator<<` for raw printing.
 The actual implementation of these two operators is outside of the
-kernel. They are implemented in the file 'library/printer.cpp'. We
-declare them in the kernel to prevent the following problem. Suppose
-there is a file 'foo.cpp' that does not include 'library/printer.h',
-but contains
+kernel. They are implemented in the file 'library/printer.cpp'.
 
-    expr a;
-    ...
-    std::cout << a << "\n";
-    ...
+We declare them in the kernel to prevent the following problem.
+Suppose there is a file 'foo.cpp' that does not include 'library/printer.h',
+but contains
+```cpp
+expr a;
+...
+std::cout << a << "\n";
+...
+```
 
 The compiler does not generate an error message. It silently uses the
 operator bool() to coerce the expression into a Boolean. This produces
 counter-intuitive behavior, and may confuse developers.
+

doc/dev/ffi.md

@@ -49,8 +49,9 @@ In the case of `@[extern]` all *irrelevant* types are removed first; see next se
   is represented by the representation of that parameter's type.
 
   For example, `{ x : α // p }`, the `Subtype` structure of a value of type `α` and an irrelevant proof, is represented by the representation of `α`.
-* `Nat` is represented by `lean_object *`.
-  Its runtime value is either a pointer to an opaque bignum object or, if the lowest bit of the "pointer" is 1 (`lean_is_scalar`), an encoded unboxed natural number (`lean_box`/`lean_unbox`).
+  Similarly, the signed integer types `Int8`, ..., `Int64`, `ISize` are also represented by the unsigned C types `uint8_t`, ..., `uint64_t`, `size_t`, respectively, because they have a trivial structure.
+* `Nat` and `Int` are represented by `lean_object *`.
+  Their runtime values is either a pointer to an opaque bignum object or, if the lowest bit of the "pointer" is 1 (`lean_is_scalar`), an encoded unboxed natural number or integer (`lean_box`/`lean_unbox`).
 * A universe `Sort u`, type constructor `... → Sort u`, or proposition `p : Prop` is *irrelevant* and is either statically erased (see above) or represented as a `lean_object *` with the runtime value `lean_box(0)`
 * Any other type is represented by `lean_object *`.
   Its runtime value is a pointer to an object of a subtype of `lean_object` (see the "Inductive types" section below) or the unboxed value `lean_box(cidx)` for the `cidx`th constructor of an inductive type if this constructor does not have any relevant parameters.

doc/dev/index.md

@@ -80,3 +80,10 @@ Unlike most Lean projects, all submodules of the `Lean` module begin with the
 `prelude` keyword. This disables the automated import of `Init`, meaning that
 developers need to figure out their own subset of `Init` to import. This is done
 such that changing files in `Init` doesn't force a full rebuild of `Lean`.
+
+### Testing against Mathlib/Batteries
+You can test a Lean PR against Mathlib and Batteries by rebasing your PR
+on to `nightly-with-mathlib` branch. (It is fine to force push after rebasing.)
+CI will generate a branch of Mathlib and Batteries called `lean-pr-testing-NNNN`
+that uses the toolchain for your PR, and will report back to the Lean PR with results from Mathlib CI.
+See https://leanprover-community.github.io/contribute/tags_and_branches.html for more details.

doc/dev/release_checklist.md

@@ -5,11 +5,6 @@ See below for the checklist for release candidates.
 
 We'll use `v4.6.0` as the intended release version as a running example.
 
-- One week before the planned release, ensure that
-  (1) someone has written the release notes and
-  (2) someone has written the first draft of the release blog post.
-  If there is any material in `./releases_drafts/` on the `releases/v4.6.0` branch, then the release notes are not done.
-  (See the section "Writing the release notes".)
 - `git checkout releases/v4.6.0`
   (This branch should already exist, from the release candidates.)
 - `git pull`
@@ -42,16 +37,32 @@ We'll use `v4.6.0` as the intended release version as a running example.
     - Create the tag `v4.6.0` from `master`/`main` and push it.
     - Merge the tag `v4.6.0` into the `stable` branch and push it.
   - We do this for the repositories:
-    - [lean4checker](https://github.com/leanprover/lean4checker)
-      - No dependencies
-      - Toolchain bump PR
-      - Create and push the tag
-      - Merge the tag into `stable`
     - [Batteries](https://github.com/leanprover-community/batteries)
       - No dependencies
       - Toolchain bump PR
       - Create and push the tag
       - Merge the tag into `stable`
+    - [lean4checker](https://github.com/leanprover/lean4checker)
+      - No dependencies
+      - Toolchain bump PR
+      - Create and push the tag
+      - Merge the tag into `stable`
+    - [doc-gen4](https://github.com/leanprover/doc-gen4)
+      - Dependencies: exist, but they're not part of the release workflow
+      - Toolchain bump PR including updated Lake manifest
+      - Create and push the tag
+      - There is no `stable` branch; skip this step
+    - [Verso](https://github.com/leanprover/verso)
+      - Dependencies: exist, but they're not part of the release workflow
+      - The `SubVerso` dependency should be compatible with _every_ Lean release simultaneously, rather than following this workflow
+      - Toolchain bump PR including updated Lake manifest
+      - Create and push the tag
+      - There is no `stable` branch; skip this step
+    - [Cli](https://github.com/leanprover/lean4-cli)
+      - No dependencies
+      - Toolchain bump PR
+      - Create and push the tag
+      - There is no `stable` branch; skip this step
     - [ProofWidgets4](https://github.com/leanprover-community/ProofWidgets4)
       - Dependencies: `Batteries`
       - Note on versions and branches:
@@ -66,27 +77,20 @@ We'll use `v4.6.0` as the intended release version as a running example.
       - Toolchain bump PR including updated Lake manifest
       - Create and push the tag
       - Merge the tag into `stable`
-    - [doc-gen4](https://github.com/leanprover/doc-gen4)
-      - Dependencies: exist, but they're not part of the release workflow
-      - Toolchain bump PR including updated Lake manifest
-      - Create and push the tag
-      - There is no `stable` branch; skip this step
-    - [Verso](https://github.com/leanprover/verso)
-      - Dependencies: exist, but they're not part of the release workflow
-      - The `SubVerso` dependency should be compatible with _every_ Lean release simultaneously, rather than following this workflow
-      - Toolchain bump PR including updated Lake manifest
-      - Create and push the tag
-      - There is no `stable` branch; skip this step
     - [import-graph](https://github.com/leanprover-community/import-graph)
       - Toolchain bump PR including updated Lake manifest
       - Create and push the tag
       - There is no `stable` branch; skip this step
+    - [plausible](https://github.com/leanprover-community/plausible)
+      - Toolchain bump PR including updated Lake manifest
+      - Create and push the tag
+      - There is no `stable` branch; skip this step
     - [Mathlib](https://github.com/leanprover-community/mathlib4)
       - Dependencies: `Aesop`, `ProofWidgets4`, `lean4checker`, `Batteries`, `doc-gen4`, `import-graph`
       - Toolchain bump PR notes:
         - In addition to updating the `lean-toolchain` and `lakefile.lean`,
           in `.github/workflows/lean4checker.yml` update the line
-          `git checkout v4.6.0` to the appropriate tag. 
+          `git checkout v4.6.0` to the appropriate tag.
         - Push the PR branch to the main Mathlib repository rather than a fork, or CI may not work reliably
         - Create and push the tag
         - Create a new branch from the tag, push it, and open a pull request against `stable`.
@@ -98,6 +102,7 @@ We'll use `v4.6.0` as the intended release version as a running example.
       - Toolchain bump PR including updated Lake manifest
       - Create and push the tag
       - Merge the tag into `stable`
+- Run `scripts/release_checklist.py v4.6.0` to check that everything is in order.
 - The `v4.6.0` section of `RELEASES.md` is out of sync between
   `releases/v4.6.0` and `master`. This should be reconciled:
   - Replace the `v4.6.0` section on `master` with the `v4.6.0` section on `releases/v4.6.0`
@@ -139,16 +144,13 @@ We'll use `v4.7.0-rc1` as the intended release version in this example.
     git checkout -b releases/v4.7.0
     ```
 - In `RELEASES.md` replace `Development in progress` in the `v4.7.0` section with `Release notes to be written.`
-- We will rely on automatically generated release notes for release candidates,
-  and the written release notes will be used for stable versions only.
-  It is essential to choose the nightly that will become the release candidate as early as possible, to avoid confusion.
+- It is essential to choose the nightly that will become the release candidate as early as possible, to avoid confusion.
 - In `src/CMakeLists.txt`,
   - verify that you see `set(LEAN_VERSION_MINOR 7)` (for whichever `7` is appropriate); this should already have been updated when the development cycle began.
   - `set(LEAN_VERSION_IS_RELEASE 1)` (this should be a change; on `master` and nightly releases it is always `0`).
   - Commit your changes to `src/CMakeLists.txt`, and push.
 - `git tag v4.7.0-rc1`
 - `git push origin v4.7.0-rc1`
-- Ping the FRO Zulip that release notes need to be written. The release notes do not block completing the rest of this checklist.
 - Now wait, while CI runs.
   - You can monitor this at `https://github.com/leanprover/lean4/actions/workflows/ci.yml`, looking for the `v4.7.0-rc1` tag.
   - This step can take up to an hour.
@@ -248,15 +250,12 @@ Please read https://leanprover-community.github.io/contribute/tags_and_branches.
 
 # Writing the release notes
 
-We are currently trying a system where release notes are compiled all at once from someone looking through the commit history.
-The exact steps are a work in progress.
-Here is the general idea:
+Release notes are automatically generated from the commit history, using `script/release_notes.py`.
 
-* The work is done right on the `releases/v4.6.0` branch sometime after it is created but before the stable release is made.
-  The release notes for `v4.6.0` will later be copied to `master` when we begin a new development cycle.
-* There can be material for release notes entries in commit messages.
-* There can also be pre-written entries in `./releases_drafts`, which should be all incorporated in the release notes and then deleted from the branch.
+Run this as `script/release_notes.py v4.6.0`, where `v4.6.0` is the *previous* release version. This will generate output
+for all commits since that tag. Note that there is output on both stderr, which should be manually reviewed,
+and on stdout, which should be manually copied to `RELEASES.md`.
+
+There can also be pre-written entries in `./releases_drafts`, which should be all incorporated in the release notes and then deleted from the branch.
   See `./releases_drafts/README.md` for more information.
-* The release notes should be written from a downstream expert user's point of view.
 
-This section will be updated when the next release notes are written (for `v4.10.0`).

doc/do.md

@@ -1,417 +0,0 @@
-# The `do` notation
-
-Lean is a pure functional programming language, but you can write effectful code using the `do` embedded domain specific language (DSL). The following simple program prints two strings "hello" and "world" in the standard output and terminates with exit code 0. Note that the type of the program is `IO UInt32`. You can read this type as the type of values that perform input-output effects and produce a value of type `UInt32`.
-
-```lean
-def main : IO UInt32 := do
-  IO.println "hello"
-  IO.println "world"
-  return 0
-```
-The type of `IO.println` is `String → IO Unit`. That is, it is a function from `String` to `IO Unit` which indicates it may perform input-output effects and produce a value of type `Unit`. We often say that functions that may perform effects are *methods*.
-We also say a method application, such as `IO.println "hello"` is an *action*.
-Note that the examples above also demonstrates that braceless `do` blocks are whitespace sensitive.
-If you like `;`s and curly braces, you can write the example above as
-```lean
-def main : IO UInt32 := do {
-  IO.println "hello";
-  IO.println "world";
-  return 0;
-}
-```
-Semicolons can be used even when curly braces are not used. They are particularly useful when you want to "pack" more than one action in a single line.
-```lean
-def main : IO UInt32 := do
-  IO.println "hello"; IO.println "world"
-  return 0
-```
-Whitespace sensitivity in programming languages is a controversial topic
-among programmers. You should use your own style. We, the Lean developers, **love** the
-braceless and semicolon-free style.
-We believe it is clean and beautiful.
-
-The `do` DSL expands into the core Lean language. Let's inspect the different components using the commands `#print` and `#check`.
-
-```lean
-# def main : IO UInt32 := do
-#  IO.println "hello"
-#  IO.println "world"
-#  return 0
-
-#check IO.println "hello"
--- IO Unit
-#print main
--- Output contains the infix operator `>>=` and `pure`
--- The following `set_option` disables notation such as `>>=` in the output
-set_option pp.notation false in
-#print main
--- Output contains `bind` and `pure`
-#print bind
--- bind : {m : Type u → Type v} → [self : Bind m] → {α β : Type u} →
---        m α → (α → m β) → m β
-#print pure
--- pure : {m : Type u → Type v} → [self : Pure m] → {α : Type u} →
---        α → m α
-
--- IO implements the type classes `Bind` and `Pure`.
-#check (inferInstance : Bind IO)
-#check (inferInstance : Pure IO)
-```
-The types of `bind` and `pure` may look daunting at first sight.
-They both have many implicit arguments. Let's focus first on the explicit arguments.
-`bind` has two explicit arguments `m α` and `α → m β`. The first one should
-be viewed as an action with effects `m` and producing a value of type `α`.
-The second is a function that takes a value of type `α` and produces an action
-with effects `m` and a value of type `β`. The result is `m β`. The method `bind` is composing
-these two actions. We often say `bind` is an abstract semicolon. The method `pure` converts
-a value `α` into an action that produces an action `m α`.
-
-Here is the same function being defined using `bind` and `pure` without the `do` DSL.
-```lean
-def main : IO UInt32 :=
-  bind (IO.println "hello") fun _ =>
-  bind (IO.println "world") fun _ =>
-  pure 0
-```
-
-The notations `let x <- action1; action2` and `let x ← action1; action2` are just syntax sugar for `bind action1 fun x => action2`.
-Here is a small example using it.
-```lean
-def isGreaterThan0 (x : Nat) : IO Bool := do
-  IO.println s!"value: {x}"
-  return x > 0
-
-def f (x : Nat) : IO Unit := do
-  let c <- isGreaterThan0 x
-  if c then
-    IO.println s!"{x} is greater than 0"
-  else
-    pure ()
-
-#eval f 10
--- value: 10
--- 10 is greater than 0
-```
-
-
-## Nested actions
-
-Note that we cannot write `if isGreaterThan0 x then ... else ...` because the condition in a `if-then-else` is a **pure** value without effects, but `isGreaterThan0 x` has type `IO Bool`. You can use the nested action notation to avoid this annoyance. Here is an equivalent definition for `f` using a nested action.
-```lean
-# def isGreaterThan0 (x : Nat) : IO Bool := do
-#  IO.println s!"x: {x}"
-#  return x > 0
-
-def f (x : Nat) : IO Unit := do
-  if (<- isGreaterThan0 x) then
-    IO.println s!"{x} is greater than 0"
-  else
-    pure ()
-
-#print f
-```
-Lean "lifts" the nested actions and introduces the `bind` for us.
-Here is an example with two nested actions. Note that both actions are executed
-even if `x = 0`.
-```lean
-# def isGreaterThan0 (x : Nat) : IO Bool := do
-#  IO.println s!"x: {x}"
-#  return x > 0
-
-def f (x y : Nat) : IO Unit := do
-  if (<- isGreaterThan0 x) && (<- isGreaterThan0 y) then
-    IO.println s!"{x} and {y} are greater than 0"
-  else
-    pure ()
-
-#eval f 0 10
--- value: 0
--- value: 10
-
--- The function `f` above is equivalent to
-def g (x y : Nat) : IO Unit := do
-  let c1 <- isGreaterThan0 x
-  let c2 <- isGreaterThan0 y
-  if c1 && c2 then
-    IO.println s!"{x} and {y} are greater than 0"
-  else
-    pure ()
-
-theorem fgEqual : f = g :=
-  rfl -- proof by reflexivity
-```
-Here are two ways to achieve the short-circuit semantics in the example above
-```lean
-# def isGreaterThan0 (x : Nat) : IO Bool := do
-#  IO.println s!"x: {x}"
-#  return x > 0
-
-def f1 (x y : Nat) : IO Unit := do
-  if (<- isGreaterThan0 x <&&> isGreaterThan0 y) then
-    IO.println s!"{x} and {y} are greater than 0"
-  else
-    pure ()
-
--- `<&&>` is the effectful version of `&&`
--- Given `x y : IO Bool`, `x <&&> y` : m Bool`
--- It only executes `y` if `x` returns `true`.
-
-#eval f1 0 10
--- value: 0
-#eval f1 1 10
--- value: 1
--- value: 10
--- 1 and 10 are greater than 0
-
-def f2 (x y : Nat) : IO Unit := do
-  if (<- isGreaterThan0 x) then
-    if (<- isGreaterThan0 y) then
-      IO.println s!"{x} and {y} are greater than 0"
-    else
-      pure ()
-  else
-    pure ()
-```
-
-## `if-then` notation
-
-In the `do` DSL, we can write `if c then action` as a shorthand for `if c then action else pure ()`. Here is the method `f2` using this shorthand.
-```lean
-# def isGreaterThan0 (x : Nat) : IO Bool := do
-#  IO.println s!"x: {x}"
-#  return x > 0
-
-def f2 (x y : Nat) : IO Unit := do
-  if (<- isGreaterThan0 x) then
-    if (<- isGreaterThan0 y) then
-      IO.println s!"{x} and {y} are greater than 0"
-```
-
-## Reassignments
-
-When writing effectful code, it is natural to think imperatively.
-For example, suppose we want to create an empty array `xs`,
-add `0` if some condition holds, add `1` if another condition holds,
-and then print it. In the following example, we use variable
-"shadowing" to simulate this kind of "update".
-
-```lean
-def f (b1 b2 : Bool) : IO Unit := do
-  let xs := #[]
-  let xs := if b1 then xs.push 0 else xs
-  let xs := if b2 then xs.push 1 else xs
-  IO.println xs
-
-#eval f true true
--- #[0, 1]
-#eval f false true
--- #[1]
-#eval f true false
--- #[0]
-#eval f false false
--- #[]
-```
-
-We can use tuples to simulate updates on multiple variables.
-
-```lean
-def f (b1 b2 : Bool) : IO Unit := do
-  let xs := #[]
-  let ys := #[]
-  let (xs, ys) := if b1 then (xs.push 0, ys) else (xs, ys.push 0)
-  let (xs, ys) := if b2 then (xs.push 1, ys) else (xs, ys.push 1)
-  IO.println s!"xs: {xs}, ys: {ys}"
-
-#eval f true false
--- xs: #[0], ys: #[1]
-```
-
-We can also simulate the control-flow above using *join-points*.
-A join-point is a `let` that is always tail called and fully applied.
-The Lean compiler implements them using `goto`s.
-Here is the same example using join-points.
-
-```lean
-def f (b1 b2 : Bool) : IO Unit := do
-  let jp1 xs ys := IO.println s!"xs: {xs}, ys: {ys}"
-  let jp2 xs ys := if b2 then jp1 (xs.push 1) ys else jp1 xs (ys.push 1)
-  let xs := #[]
-  let ys := #[]
-  if b1 then jp2 (xs.push 0) ys else jp2 xs (ys.push 0)
-
-#eval f true false
--- xs: #[0], ys: #[1]
-```
-
-You can capture complex control-flow using join-points.
-The `do` DSL offers the variable reassignment feature to make this kind of code more comfortable to write. In the following example, the `mut` modifier at `let mut xs := #[]` indicates that variable `xs` can be reassigned. The example contains two reassignments `xs := xs.push 0` and `xs := xs.push 1`. The reassignments are compiled using join-points. There is no hidden state being updated.
-
-```lean
-def f (b1 b2 : Bool) : IO Unit := do
-  let mut xs := #[]
-  if b1 then xs := xs.push 0
-  if b2 then xs := xs.push 1
-  IO.println xs
-
-#eval f true true
--- #[0, 1]
-```
-The notation `x <- action` reassigns `x` with the value produced by the action. It is equivalent to `x := (<- action)`
-
-## Iteration
-
-The `do` DSL provides a unified notation for iterating over datastructures. Here are a few examples.
-
-```lean
-def sum (xs : Array Nat) : IO Nat := do
-  let mut s := 0
-  for x in xs do
-    IO.println s!"x: {x}"
-    s := s + x
-  return s
-
-#eval sum #[1, 2, 3]
--- x: 1
--- x: 2
--- x: 3
--- 6
-
--- We can write pure code using the `Id.run <| do` DSL too.
-def sum' (xs : Array Nat) : Nat := Id.run <| do
-  let mut s := 0
-  for x in xs do
-    s := s + x
-  return s
-
-#eval sum' #[1, 2, 3]
--- 6
-
-def sumEven (xs : Array Nat) : IO Nat := do
-  let mut s := 0
-  for x in xs do
-    if x % 2 == 0 then
-      IO.println s!"x: {x}"
-      s := s + x
-  return s
-
-#eval sumEven #[1, 2, 3, 6]
--- x: 2
--- x: 6
--- 8
-
-def splitEvenOdd (xs : List Nat) : IO Unit := do
-  let mut evens := #[]
-  let mut odds  := #[]
-  for x in xs do
-    if x % 2 == 0 then
-      evens := evens.push x
-    else
-      odds := odds.push x
-  IO.println s!"evens: {evens}, odds: {odds}"
-
-#eval splitEvenOdd [1, 2, 3, 4]
--- evens: #[2, 4], odds: #[1, 3]
-
-def findNatLessThan (x : Nat) (p : Nat → Bool) : IO Nat := do
-  -- [:x] is notation for the range [0, x)
-  for i in [:x] do
-    if p i then
-      return i -- `return` from the `do` block
-  throw (IO.userError "value not found")
-
-#eval findNatLessThan 10 (fun x => x > 5 && x % 4 == 0)
--- 8
-
-def sumOddUpTo (xs : List Nat) (threshold : Nat) : IO Nat := do
-  let mut s := 0
-  for x in xs do
-    if x % 2 == 0 then
-      continue -- it behaves like the `continue` statement in imperative languages
-    IO.println s!"x: {x}"
-    s := s + x
-    if s > threshold then
-      break -- it behaves like the `break` statement in imperative languages
-  IO.println s!"result: {s}"
-  return s
-
-#eval sumOddUpTo [2, 3, 4, 11, 20, 31, 41, 51, 107] 40
--- x: 3
--- x: 11
--- x: 31
--- result: 45
--- 45
-```
-
-TODO: describe `forIn`
-
-## Try-catch
-
-TODO
-
-## Returning early from a failed match
-
-Inside a `do` block, the pattern `let _ ← <success> | <fail>` will continue with the rest of the block if the match on the left hand side succeeds, but will execute the right hand side and exit the block on failure:
-
-```lean
-def showUserInfo (getUsername getFavoriteColor : IO (Option String)) : IO Unit := do
-  let some n ← getUsername | IO.println "no username!"
-  IO.println s!"username: {n}"
-  let some c ← getFavoriteColor | IO.println "user didn't provide a favorite color!"
-  IO.println s!"favorite color: {c}"
-
--- username: JohnDoe
--- favorite color: red
-#eval showUserInfo (pure <| some "JohnDoe") (pure <| some "red")
-
--- no username
-#eval showUserInfo (pure none) (pure <| some "purple")
-
--- username: JaneDoe
--- user didn't provide a favorite color
-#eval showUserInfo (pure <| some "JaneDoe") (pure none)
-```
-
-## If-let
-
-Inside a `do` block, users can employ the `if let` pattern to destructure actions:
-
-```lean
-def tryIncrement (getInput : IO (Option Nat)) : IO (Except String Nat) := do
-  if let some n ← getInput
-  then return Except.ok n.succ
-  else return Except.error "argument was `none`"
-
--- Except.ok 2
-#eval tryIncrement (pure <| some 1)
-
--- Except.error "argument was `none`"
-#eval tryIncrement (pure <| none)
-```
-
-## Pattern matching
-
-TODO
-
-## Monads
-
-TODO
-
-## ReaderT
-
-TODO
-
-## StateT
-
-TODO
-
-## StateRefT
-
-TODO
-
-## ExceptT
-
-TODO
-
-## MonadLift and automatic lifting
-
-TODO

doc/elaborators.md

@@ -1,8 +0,0 @@
-## Elaborators
-
-TODO. See [Lean Together 2021: Metaprogramming in Lean
-4](https://youtu.be/hxQ1vvhYN_U) for an overview as well [the
-continuation](https://youtu.be/vy4JWIiiXSY) about tactic programming.
-For more information on antiquotations, see also §4.1 of [Beyond
-Notations: Hygienic Macro Expansion for Theorem Proving
-Languages](https://arxiv.org/pdf/2001.10490.pdf#page=11).

doc/enum.md

@@ -1,190 +0,0 @@
-# Enumerated Types
-
-The simplest kind of inductive type is simply a type with a finite, enumerated list of elements.
-The following command declares the enumerated type `Weekday`.
-```lean
-inductive Weekday where
-  | sunday    : Weekday
-  | monday    : Weekday
-  | tuesday   : Weekday
-  | wednesday : Weekday
-  | thursday  : Weekday
-  | friday    : Weekday
-  | saturday  : Weekday
-```
-
-The `Weekday` type has 7 constructors/elements. The constructors live in the `Weekday` namespace
-Think of `sunday`, `monday`, …, `saturday` as being distinct elements of `Weekday`,
-with no other distinguishing properties.
-```lean
-# inductive Weekday where
-#  | sunday    : Weekday
-#  | monday    : Weekday
-#  | tuesday   : Weekday
-#  | wednesday : Weekday
-#  | thursday  : Weekday
-#  | friday    : Weekday
-#  | saturday  : Weekday
-#check Weekday.sunday   -- Weekday
-#check Weekday.monday   -- Weekday
-```
-
-You can define functions by pattern matching.
-The following function converts a `Weekday` into a natural number.
-```lean
-# inductive Weekday where
-#  | sunday    : Weekday
-#  | monday    : Weekday
-#  | tuesday   : Weekday
-#  | wednesday : Weekday
-#  | thursday  : Weekday
-#  | friday    : Weekday
-#  | saturday  : Weekday
-def natOfWeekday (d : Weekday) : Nat :=
-  match d with
-  | Weekday.sunday    => 1
-  | Weekday.monday    => 2
-  | Weekday.tuesday   => 3
-  | Weekday.wednesday => 4
-  | Weekday.thursday  => 5
-  | Weekday.friday    => 6
-  | Weekday.saturday  => 7
-
-#eval natOfWeekday Weekday.tuesday -- 3
-```
-
-It is often useful to group definitions related to a type in a namespace with the same name.
-For example, we can put the function above into the ``Weekday`` namespace.
-We are then allowed to use the shorter name when we open the namespace.
-
-In the following example, we define functions from ``Weekday`` to ``Weekday`` in the namespace `Weekday`.
-```lean
-# inductive Weekday where
-#  | sunday    : Weekday
-#  | monday    : Weekday
-#  | tuesday   : Weekday
-#  | wednesday : Weekday
-#  | thursday  : Weekday
-#  | friday    : Weekday
-#  | saturday  : Weekday
-namespace Weekday
-
-def next (d : Weekday) : Weekday :=
-  match d with
-  | sunday    => monday
-  | monday    => tuesday
-  | tuesday   => wednesday
-  | wednesday => thursday
-  | thursday  => friday
-  | friday    => saturday
-  | saturday  => sunday
-
-end Weekday
-```
-It is so common to start a definition with a `match` in Lean, that Lean provides a syntax sugar for it.
-```lean
-# inductive Weekday where
-#  | sunday    : Weekday
-#  | monday    : Weekday
-#  | tuesday   : Weekday
-#  | wednesday : Weekday
-#  | thursday  : Weekday
-#  | friday    : Weekday
-#  | saturday  : Weekday
-# namespace Weekday
-def previous : Weekday -> Weekday
-  | sunday    => saturday
-  | monday    => sunday
-  | tuesday   => monday
-  | wednesday => tuesday
-  | thursday  => wednesday
-  | friday    => thursday
-  | saturday  => friday
-# end Weekday
-```
-We can use the command `#eval` to test our definitions.
-```lean
-# inductive Weekday where
-#  | sunday    : Weekday
-#  | monday    : Weekday
-#  | tuesday   : Weekday
-#  | wednesday : Weekday
-#  | thursday  : Weekday
-#  | friday    : Weekday
-#  | saturday  : Weekday
-# namespace Weekday
-# def next (d : Weekday) : Weekday :=
-#  match d with
-#  | sunday    => monday
-#  | monday    => tuesday
-#  | tuesday   => wednesday
-#  | wednesday => thursday
-#  | thursday  => friday
-#  | friday    => saturday
-#  | saturday  => sunday
-# def previous : Weekday -> Weekday
-#  | sunday    => saturday
-#  | monday    => sunday
-#  | tuesday   => monday
-#  | wednesday => tuesday
-#  | thursday  => wednesday
-#  | friday    => thursday
-#  | saturday  => friday
-def toString : Weekday -> String
-  | sunday    => "Sunday"
-  | monday    => "Monday"
-  | tuesday   => "Tuesday"
-  | wednesday => "Wednesday"
-  | thursday  => "Thursday"
-  | friday    => "Friday"
-  | saturday  => "Saturday"
-
-#eval toString (next sunday)             -- "Monday"
-#eval toString (next tuesday)            -- "Wednesday"
-#eval toString (previous wednesday)      -- "Tuesday"
-#eval toString (next (previous sunday))  -- "Sunday"
-#eval toString (next (previous monday))  -- "Monday"
--- ..
-# end Weekday
-```
-We can now prove the general theorem that ``next (previous d) = d`` for any weekday ``d``.
-The idea is to perform a proof by cases using `match`, and rely on the fact for each constructor both
-sides of the equality reduce to the same term.
-```lean
-# inductive Weekday where
-#  | sunday    : Weekday
-#  | monday    : Weekday
-#  | tuesday   : Weekday
-#  | wednesday : Weekday
-#  | thursday  : Weekday
-#  | friday    : Weekday
-#  | saturday  : Weekday
-# namespace Weekday
-# def next (d : Weekday) : Weekday :=
-#  match d with
-#  | sunday    => monday
-#  | monday    => tuesday
-#  | tuesday   => wednesday
-#  | wednesday => thursday
-#  | thursday  => friday
-#  | friday    => saturday
-#  | saturday  => sunday
-# def previous : Weekday -> Weekday
-#  | sunday    => saturday
-#  | monday    => sunday
-#  | tuesday   => monday
-#  | wednesday => tuesday
-#  | thursday  => wednesday
-#  | friday    => thursday
-#  | saturday  => friday
-theorem nextOfPrevious (d : Weekday) : next (previous d) = d :=
-  match d with
-  | sunday    => rfl
-  | monday    => rfl
-  | tuesday   => rfl
-  | wednesday => rfl
-  | thursday  => rfl
-  | friday    => rfl
-  | saturday  => rfl
-# end Weekday
-```

doc/examples/ICERM2022/meta.lean

@@ -29,7 +29,7 @@ def ex3 (declName : Name) : MetaM Unit := do
     for x in xs do
       trace[Meta.debug] "{x} : {← inferType x}"
 
-def myMin [LT α] [DecidableRel (α := α) (·<·)] (a b : α) : α :=
+def myMin [LT α] [DecidableLT α] (a b : α) : α :=
   if a < b then
     a
   else

doc/examples/interp.lean

@@ -12,17 +12,17 @@ Remark: this example is based on an example found in the Idris manual.
 Vectors
 --------
 
-A `Vector` is a list of size `n` whose elements belong to a type `α`.
+A `Vec` is a list of size `n` whose elements belong to a type `α`.
 -/
 
-inductive Vector (α : Type u) : Nat → Type u
-  | nil : Vector α 0
-  | cons : α → Vector α n → Vector α (n+1)
+inductive Vec (α : Type u) : Nat → Type u
+  | nil : Vec α 0
+  | cons : α → Vec α n → Vec α (n+1)
 
 /-!
-We can overload the `List.cons` notation `::` and use it to create `Vector`s.
+We can overload the `List.cons` notation `::` and use it to create `Vec`s.
 -/
-infix:67 " :: " => Vector.cons
+infix:67 " :: " => Vec.cons
 
 /-!
 Now, we define the types of our simple functional language.
@@ -50,11 +50,11 @@ the builtin instance for `Add Int` as the solution.
 /-!
 Expressions are indexed by the types of the local variables, and the type of the expression itself.
 -/
-inductive HasType : Fin n → Vector Ty n → Ty → Type where
+inductive HasType : Fin n → Vec Ty n → Ty → Type where
   | stop : HasType 0 (ty :: ctx) ty
   | pop  : HasType k ctx ty → HasType k.succ (u :: ctx) ty
 
-inductive Expr : Vector Ty n → Ty → Type where
+inductive Expr : Vec Ty n → Ty → Type where
   | var   : HasType i ctx ty → Expr ctx ty
   | val   : Int → Expr ctx Ty.int
   | lam   : Expr (a :: ctx) ty → Expr ctx (Ty.fn a ty)
@@ -102,8 +102,8 @@ indexed over the types in scope. Since an environment is just another form of li
 to the vector of local variable types, we overload again the notation `::` so that we can use the usual list syntax.
 Given a proof that a variable is defined in the context, we can then produce a value from the environment.
 -/
-inductive Env : Vector Ty n → Type where
-  | nil  : Env Vector.nil
+inductive Env : Vec Ty n → Type where
+  | nil  : Env Vec.nil
   | cons : Ty.interp a → Env ctx → Env (a :: ctx)
 
 infix:67 " :: " => Env.cons

doc/examples/tc.lean

@@ -82,9 +82,7 @@ theorem Expr.typeCheck_correct (h₁ : HasType e ty) (h₂ : e.typeCheck ≠ .un
 /-!
 Now, we prove that if `Expr.typeCheck e` returns `Maybe.unknown`, then forall `ty`, `HasType e ty` does not hold.
 The notation `e.typeCheck` is sugar for `Expr.typeCheck e`. Lean can infer this because we explicitly said that `e` has type `Expr`.
-The proof is by induction on `e` and case analysis. The tactic `rename_i` is used to rename "inaccessible" variables.
-We say a variable is inaccessible if it is introduced by a tactic (e.g., `cases`) or has been shadowed by another variable introduced
-by the user. Note that the tactic `simp [typeCheck]` is applied to all goal generated by the `induction` tactic, and closes
+The proof is by induction on `e` and case analysis. Note that the tactic `simp [typeCheck]` is applied to all goal generated by the `induction` tactic, and closes
 the cases corresponding to the constructors `Expr.nat` and `Expr.bool`.
 -/
 theorem Expr.typeCheck_complete {e : Expr} : e.typeCheck = .unknown → ¬ HasType e ty := by

doc/examples/test_single.sh

@@ -1,4 +1,4 @@
 #!/usr/bin/env bash
 source ../../tests/common.sh
 
-exec_check lean -Dlinter.all=false "$f"
+exec_check_raw lean -Dlinter.all=false "$f"

doc/flake.nix

@@ -83,7 +83,6 @@
         src = ./.;
         roots = [
           { mod = "examples"; glob = "submodules"; }
-          { mod = "monads"; glob = "submodules"; }
         ];
       };
       inked = renderPackage literate;

doc/float.md

@@ -1 +0,0 @@
-# Float

doc/functions.md

@@ -1,153 +0,0 @@
-# Functions
-
-Functions are the fundamental unit of program execution in any programming language.
-As in other languages, a Lean function has a name, can have parameters and take arguments, and has a body.
-Lean also supports functional programming constructs such as treating functions as values,
-using unnamed functions in expressions, composition of functions to form new functions,
-curried functions, and the implicit definition of functions by way of
-the partial application of function arguments.
-
-You define functions by using the `def` keyword followed by its name, a parameter list, return type and its body.
-The parameter list consists of successive parameters that are separated by spaces.
-You can specify an explicit type for each parameter.
-If you do not specify a specific argument type, the compiler tries to infer the type from the function body.
-An error is returned when it cannot be inferred.
-The expression that makes up the function body is typically a compound expression consisting of a number of expressions
-that culminate in a final expression that is the return value.
-The return type is a colon followed by a type and is optional.
-If you do not specify the type of the return value explicitly,
-the compiler tries to determine the return type from the final expression.
-
-```lean
-def f x := x + 1
-```
-In the previous example, the function name is `f`, the argument is `x`, which has type `Nat`,
-the function body is `x + 1`, and the return value is of type `Nat`.
-The following example defines the factorial recursive function using pattern matching.
-```lean
-def fact x :=
-  match x with
-  | 0   => 1
-  | n+1 => (n+1) * fact n
-
-#eval fact 100
-```
-By default, Lean only accepts total functions.
-The `partial` keyword may be used to define a recursive function without a termination proof; `partial` functions compute in compiled programs, but are opaque in proofs and during type checking.
-```lean
-partial def g (x : Nat) (p : Nat -> Bool) : Nat :=
-  if p x then
-    x
-  else
-    g (x+1) p
-
-#eval g 0 (fun x => x > 10)
-```
-In the previous example, `g x p` only terminates if there is a `y >= x` such that `p y` returns `true`.
-Of course, `g 0 (fun x => false)` never terminates.
-
-However, the use of `partial` is restricted to functions whose return type is not empty so the soundness
-of the system is not compromised.
-
-```lean,ignore
-partial def loop? : α := -- failed to compile partial definition 'loop?', failed to
-  loop?                  -- show that type is inhabited and non empty
-
-partial def loop [Inhabited α] : α := -- compiles
-  loop
-
-example : True := -- accepted
-  loop
-
-example : False :=
-  loop -- failed to synthesize instance Inhabited False
-```
-
-If we were able to partially define `loop?`, we could prove `False` with it.
-
-# Lambda expressions
-
-A lambda expression is an unnamed function.
-You define lambda expressions by using the `fun` keyword. A lambda expression resembles a function definition, except that instead of the `:=` token,
-the `=>` token is used to separate the argument list from the function body. As in a regular function definition,
-the argument types can be inferred or specified explicitly, and the return type of the lambda expression is inferred from the type of the
-last expression in the body.
-
-```lean
-def twice (f : Nat -> Nat) (x : Nat) : Nat :=
-  f (f x)
-
-#eval twice (fun x => x + 1) 3
-#eval twice (fun (x : Nat) => x * 2) 3
-
-#eval List.map (fun x => x + 1) [1, 2, 3]
--- [2, 3, 4]
-
-#eval List.map (fun (x, y) => x + y) [(1, 2), (3, 4)]
--- [3, 7]
-```
-
-# Syntax sugar for simple lambda expressions
-
-Simple functions can be defined using parentheses and `·` as a placeholder.
-```lean
-#check (· + 1)
--- fun a => a + 1
-#check (2 - ·)
--- fun a => 2 - a
-#eval [1, 2, 3, 4, 5].foldl (· * ·) 1
--- 120
-
-def h (x y z : Nat) :=
-  x + y + z
-
-#check (h · 1 ·)
--- fun a b => h a 1 b
-
-#eval [(1, 2), (3, 4), (5, 6)].map (·.1)
--- [1, 3, 5]
-```
-In the previous example, the term `(·.1)` is syntax sugar for `fun x => x.1`.
-
-# Pipelining
-
-Pipelining enables function calls to be chained together as successive operations. Pipelining works as follows:
-
-```lean
-def add1 x := x + 1
-def times2 x := x * 2
-
-#eval times2 (add1 100)
-#eval 100 |> add1 |> times2
-#eval times2 <| add1 <| 100
-```
-The result of the previous `#eval` commands is 202.
-The forward pipeline `|>` operator takes a function and an argument and return a value.
-In contrast, the backward pipeline `<|` operator takes an argument and a function and returns a value.
-These operators are useful for minimizing the number of parentheses.
-```lean
-def add1Times3FilterEven (xs : List Nat) :=
-  List.filter (· % 2 == 0) (List.map (· * 3) (List.map (· + 1) xs))
-
-#eval add1Times3FilterEven [1, 2, 3, 4]
--- [6, 12]
-
--- Define the same function using pipes
-def add1Times3FilterEven' (xs : List Nat) :=
-  xs |> List.map (· + 1) |> List.map (· * 3) |> List.filter (· % 2 == 0)
-
-#eval add1Times3FilterEven' [1, 2, 3, 4]
--- [6, 12]
-```
-Lean also supports the operator `|>.` which combines forward pipeline `|>` operator with the `.` field notation.
-```lean
--- Define the same function using pipes
-def add1Times3FilterEven'' (xs : List Nat) :=
-  xs.map (· + 1) |>.map (· * 3) |>.filter (· % 2 == 0)
-
-#eval add1Times3FilterEven'' [1, 2, 3, 4]
--- [6, 12]
-```
-
-For users familiar with the Haskell programming language,
-Lean also supports the notation `f $ a` for the backward pipeline `f <| a`.

doc/implicit.md

@@ -1,142 +0,0 @@
-## Implicit Arguments
-
-Suppose we define the `compose` function as.
-
-```lean
-def compose (α β γ : Type) (g : β → γ) (f : α → β) (x : α) : γ :=
-  g (f x)
-```
-
-The function `compose` takes three types, ``α``, ``β``, and ``γ``, and two functions, ``g : β → γ`` and ``f : α → β``, a value `x : α`, and
-returns ``g (f x)``, the composition of ``g`` and ``f``.
-We say `compose` is polymorphic over types ``α``, ``β``, and ``γ``. Now, let's use `compose`:
-
-```lean
-# def compose (α β γ : Type) (g : β → γ) (f : α → β) (x : α) : γ :=
-#   g (f x)
-def double (x : Nat) := 2*x
-def triple (x : Nat) := 3*x
-
-#check compose Nat Nat Nat double triple 10 -- Nat
-#eval  compose Nat Nat Nat double triple 10 -- 60
-
-def appendWorld (s : String) := s ++ "world"
-#check String.length -- String → Nat
-
-#check compose String String Nat String.length appendWorld "hello" -- Nat
-#eval  compose String String Nat String.length appendWorld "hello" -- 10
-```
-
-Because `compose` is polymorphic over types ``α``, ``β``, and ``γ``, we have to provide them in the examples above.
-But this information is redundant: one can infer the types from the arguments ``g`` and ``f``.
-This is a central feature of dependent type theory: terms carry a lot of information, and often some of that information can be inferred from the context.
-In Lean, one uses an underscore, ``_``, to specify that the system should fill in the information automatically.
-
-```lean
-# def compose (α β γ : Type) (g : β → γ) (f : α → β) (x : α) : γ :=
-#  g (f x)
-# def double (x : Nat) := 2*x
-# def triple (x : Nat) := 3*x
-#check compose _ _ _ double triple 10 -- Nat
-#eval  compose Nat Nat Nat double triple 10 -- 60
-# def appendWorld (s : String) := s ++ "world"
-# #check String.length -- String → Nat
-#check compose _ _ _ String.length appendWorld "hello" -- Nat
-#eval  compose _ _ _ String.length appendWorld "hello" -- 10
-```
-It is still tedious, however, to type all these underscores. When a function takes an argument that can generally be inferred from context,
-Lean allows us to specify that this argument should, by default, be left implicit. This is done by putting the arguments in curly braces, as follows:
-
-```lean
-def compose {α β γ : Type} (g : β → γ) (f : α → β) (x : α) : γ :=
-  g (f x)
-# def double (x : Nat) := 2*x
-# def triple (x : Nat) := 3*x
-#check compose double triple 10 -- Nat
-#eval  compose double triple 10 -- 60
-# def appendWorld (s : String) := s ++ "world"
-# #check String.length -- String → Nat
-#check compose String.length appendWorld "hello" -- Nat
-#eval  compose String.length appendWorld "hello" -- 10
-```
-All that has changed are the braces around ``α β γ: Type``.
-It makes these three arguments implicit. Notationally, this hides the specification of the type,
-making it look as though ``compose`` simply takes 3 arguments.
-
-Variables can also be specified as implicit when they are declared with
-the ``variable`` command:
-
-```lean
-universe u
-
-section
-  variable {α : Type u}
-  variable (x : α)
-  def ident := x
-end
-
-variable (α β : Type u)
-variable (a : α) (b : β)
-
-#check ident
-#check ident a
-#check ident b
-```
-
-This definition of ``ident`` here has the same effect as the one above.
-
-Lean has very complex mechanisms for instantiating implicit arguments, and we will see that they can be used to infer function types, predicates, and even proofs.
-The process of instantiating these "holes," or "placeholders," in a term is part of a bigger process called *elaboration*.
-The presence of implicit arguments means that at times there may be insufficient information to fix the meaning of an expression precisely.
-An expression like ``ident`` is said to be *polymorphic*, because it can take on different meanings in different contexts.
-
-One can always specify the type ``T`` of an expression ``e`` by writing ``(e : T)``.
-This instructs Lean's elaborator to use the value ``T`` as the type of ``e`` when trying to elaborate it.
-In the following example, this mechanism is used to specify the desired types of the expressions ``ident``.
-
-```lean
-def ident {α : Type u} (a : α) : α := a
-
-#check (ident : Nat → Nat) -- Nat → Nat
-```
-
-Numerals are overloaded in Lean, but when the type of a numeral cannot be inferred, Lean assumes, by default, that it is a natural number.
-So the expressions in the first two ``#check`` commands below are elaborated in the same way, whereas the third ``#check`` command interprets ``2`` as an integer.
-
-```lean
-#check 2         -- Nat
-#check (2 : Nat) -- Nat
-#check (2 : Int) -- Int
-```
-
-Sometimes, however, we may find ourselves in a situation where we have declared an argument to a function to be implicit,
-but now want to provide the argument explicitly. If ``foo`` is such a function, the notation ``@foo`` denotes the same function with all
-the arguments made explicit.
-
-```lean
-# def ident {α : Type u} (a : α) : α := a
-variable (α β : Type)
-
-#check @ident           -- {α : Type u} → α → α
-#check @ident α         -- α → α
-#check @ident β         -- β → β
-#check @ident Nat       -- Nat → Nat
-#check @ident Bool true -- Bool
-```
-
-Notice that now the first ``#check`` command gives the type of the identifier, ``ident``, without inserting any placeholders.
-Moreover, the output indicates that the first argument is implicit.
-
-Named arguments enable you to specify an argument for a parameter by matching the argument with
-its name rather than with its position in the parameter list. You can use them to specify explicit *and* implicit arguments.
-If you don't remember the order of the parameters but know their names, you can send the arguments in any order.
-You may also provide the value for an implicit parameter when
-Lean failed to infer it. Named arguments also improve the readability of your code by identifying what
-each argument represents.
-
-```lean
-# def ident {α : Type u} (a : α) : α := a
-
-#check ident (α := Nat)  -- Nat → Nat
-#check ident (α := Bool) -- Bool → Bool
-```

doc/inductive.md

@@ -1,3 +0,0 @@
-# Inductive Types
-
-[Theorem Proving in Lean](https://lean-lang.org/theorem_proving_in_lean4/inductive_types.html) has a chapter about inductive datatypes.

doc/int.md

@@ -1,37 +0,0 @@
-# Integers
-
-The `Int` type represents the arbitrary-precision integers. There are no overflows.
-```lean
-#eval (100000000000000000 : Int) * 200000000000000000000 * 1000000000000000000000
-```
-Recall that nonnegative numerals are considered to be a `Nat` if there are no typing constraints.
-```lean
-#check 1 -- Nat
-#check -1 -- Int
-#check (1:Int) -- Int
-```
-
-The operator `/` for `Int` implements integer division.
-```lean
-#eval -10 / 4 -- -3
-```
-
-Similar to `Nat`, the internal representation of `Int` is optimized. Small integers are
-represented by a single machine word. Big integers are implemented using [GMP](https://gmplib.org/manual/) numbers.
-We recommend you use fixed precision numeric types only in performance critical code.
-
-The Lean kernel does not have special support for reducing `Int` during type checking.
-However, since `Int` is defined as
-```lean
-# namespace hidden
-inductive Int : Type where
-  | ofNat   : Nat → Int
-  | negSucc : Nat → Int
-# end hidden
-```
-the type checker will be able reduce `Int` expressions efficiently by relying on the special support for `Nat`.
-
-```lean
-theorem ex : -2000000000 * 1000000000 = -2000000000000000000 :=
- rfl
-```

doc/lexical_structure.md

@@ -61,7 +61,7 @@ Parts of atomic names can be escaped by enclosing them in pairs of French double
    letterlike_symbols: [℀-⅏]
    escaped_ident_part: "«" [^«»\r\n\t]* "»"
    atomic_ident_rest: atomic_ident_start | [0-9'ⁿ] | subscript
-   subscript: [₀-₉ₐ-ₜᵢ-ᵪ]
+   subscript: [₀-₉ₐ-ₜᵢ-ᵪⱼ]
 ```
 
 String Literals
@@ -128,16 +128,16 @@ Numeric literals can be specified in various bases.
 
 ```
    numeral    : numeral10 | numeral2 | numeral8 | numeral16
-   numeral10  : [0-9]+
-   numeral2   : "0" [bB] [0-1]+
-   numeral8   : "0" [oO] [0-7]+
-   numeral16  : "0" [xX] hex_char+
+   numeral10  : [0-9]+ ("_"+ [0-9]+)*
+   numeral2   : "0" [bB] ("_"* [0-1]+)+
+   numeral8   : "0" [oO] ("_"* [0-7]+)+
+   numeral16  : "0" [xX] ("_"* hex_char+)+
 ```
 
 Floating point literals are also possible with optional exponent:
 
 ```
-   float    : [0-9]+ "." [0-9]+ [[eE[+-][0-9]+]
+   float    : numeral10 "." numeral10? [eE[+-]numeral10]
 ```
 
 For example:
@@ -147,6 +147,7 @@ constant w : Int := 55
 constant x : Nat := 26085
 constant y : Nat := 0x65E5
 constant z : Float := 2.548123e-05
+constant b : Bool := 0b_11_01_10_00
 ```
 
 Note: that negative numbers are created by applying the "-" negation prefix operator to the number, for example:

doc/list.md

@@ -1 +0,0 @@
-# List

doc/macro_overview.md

@@ -1,393 +0,0 @@
-
-# Macro Overview
-
-The official paper describing the mechanics behind Lean 4's macro system can be
-found in [Beyond Notations: Hygienic Macro Expansion for Theorem Proving
-Languages](https://arxiv.org/abs/2001.10490) by Sebastian Ullrich and Leonardo
-de Moura, and the accompanying repo with example code can be found in the
-paper's code [supplement](https://github.com/Kha/macro-supplement). The
-supplement also includes a working implementation of the macro expander, so it's
-a good case study for people interested in the details.
-
-## What is a macro in Lean?
-
-A macro is a function that takes in a syntax tree and produces a new syntax
-tree. Macros are useful for many reasons, but two of the big ones are a)
-allowing users to extend the language with new syntactic constructs without
-having to actually expand the core language, and b) allowing users to automate
-tasks that would otherwise be extremely repetitive, time-consuming, and/or
-error-prone.
-
-A motivating example is set builder notation. We would like to be able to write
-the set of natural numbers 0, 1, and 2 as just `{0, 1, 2}`. However, Lean does
-not natively support this syntax, and the actual definition of a set in Mathlib
-does not let us just declare sets in this manner; naively using the set API
-would force us to write `Set.insert 1 (Set.insert 2 (Set.singleton 3))`.
-Instead, we can teach Lean's macro system to recognize `{0, 1, 2}` as a
-shorthand for a composition of existing methods and let it do the repetitive
-work of creating the `Set.insert...` invocation for us. In this way, we can have
-our more readable and more convenient syntax without having to extend Lean
-itself, and while retaining the simple insert/singleton API.
-
-## How macros are handled
-
-The general procedure is as follows:
-
-1. Lean parses a command, creating a Lean syntax tree which contains any
-   unexpanded macros.
-
-2. Lean repeats the cycle (elaboration ~> (macro hygiene and expansion) ~>
-   elaboration...)
-
-The cycle in step 2 repeats until there are no more macros which need to be
-expanded, and elaboration can finish normally. This repetition is required since
-macros can expand to other macros, and may expand to code that needs information
-from the elaborator. As you can see, the process of macro parsing and expansion
-is interleaved with the parsing and elaboration of non-macro code.
-
-By default, macros in Lean are hygienic, which means the system avoids
-accidental name capture when reusing the same name inside and outside the macro.
-Users may occasionally want to disable hygiene, which can be accomplished with
-the command `set_option hygiene false`. More in-depth information about hygiene
-and how it's implemented in the official paper and supplement linked at the top
-of this guide.
-
-## Elements of "a" macro (important types)
-
-
-In the big picture, a macro has two components that must be implemented by the
-user, parsers and syntax transformers, where the latter is a function that says
-what the input syntax should expand to. There is a third component, syntax
-categories, such as `term`, `tactic`, and `command`, but declaring a new syntax
-category is not always necessary. When we say "parser" in the context of a
-macro, we refer to the core type `Lean.ParserDescr`, which parses elements of
-type `Lean.Syntax`, where `Lean.Syntax` represents elements of a Lean syntax
-tree. Syntax transformers are functions of type `Syntax -> MacroM Syntax`. Lean
-has a synonym for this type, which is simply `Macro`. `MacroM` is a monad that
-carries state needed for macro expansion to work nicely, including the info
-needed to implement hygiene.
-
-As an example, we again refer to Mathlib's set builder notation:
-```lean
-/- Declares a parser -/
-syntax (priority := high) "{" term,+ "}" : term
-
-/- Declares two expansions/syntax transformers -/
-macro_rules
-  | `({$x}) => `(Set.singleton $x)
-  | `({$x, $xs:term,*}) => `(Set.insert $x {$xs,*})
-
-/- Provided `Set` has been imported (from Mathlib4), these are all we need for `{1, 2, 3}` to be valid notation to create a literal set -/
-
-```
-
-This example should also make clear the reason why macros (and pretty much all
-of Lean 4's metaprogramming facilities) are functions that take an argument of
-type `Syntax` e.g. `Syntax -> MacroM Syntax`; the leading syntax element is the
-thing that actually triggers the macro expansion by matching with the declared
-parser, and as a user, you will almost always be interested in inspecting and
-transforming that initial syntax element (though there are cases in which it can
-just be ignored, as in the parameter-less exfalso tactic).
-
-Returning briefly to the API provided by Lean, `Lean.Syntax`, is pretty much
-what you would expect a basic syntax tree type to look like. Below is a slightly
-simplified representation which omits details in the `atom` and `ident`
-constructors; users can create atoms and idents which comport with this
-simplified representation using the `mkAtom` and `mkIdent` methods provided in
-the `Lean` namespace.
-```lean
-# open Lean
-inductive Syntax where
-  | missing : Syntax
-  | node (kind : SyntaxNodeKind) (args : Array Syntax) : Syntax
-  | atom : String -> Syntax
-  | ident : Name -> Syntax
-```
-
-
-
-For those interested, `MacroM` is a `ReaderT`:
-```lean
-# open Lean
-abbrev MacroM := ReaderT Macro.Context (EStateM Macro.Exception Macro.State)
-```
-
-The other relevant components are defined as follows:
-```lean
-# open Lean
-structure Context where
-  methods        : MethodsRef
-  mainModule     : Name
-  currMacroScope : MacroScope
-  currRecDepth   : Nat := 0
-  maxRecDepth    : Nat := defaultMaxRecDepth
-  ref            : Syntax
-
-inductive Exception where
-  | error             : Syntax → String → Exception
-  | unsupportedSyntax : Exception
-
-structure State where
-  macroScope : MacroScope
-  traceMsgs  : List (Prod Name String) := List.nil
-  deriving Inhabited
-```
-
-As a review/checklist, the three (sometimes only two depending on whether you
-need a new syntax category) components users need to be concerned with are:
-
-0. You may or may not need to declare a new syntax category using
-   `declare_syntax_cat`
-1. Declare a parser with either `syntax` or `macro`
-2. Declare an expansion/syntax transformer with either `macro_rules` or `macro`
-
-Parsers and syntax transformers can be declared manually, but use of the pattern
-language and `syntax`, `macro_rules`, and `macro` is recommended.
-
-## syntax categories with declare_syntax_cat
-
-`declare_syntax_cat` declares a new syntax category, like `command`, `tactic`,
-or mathlib4's `binderterm`. These are the different categories of things that
-can be referred to in a quote/antiquote. `declare_syntax_cat` results in a call
-to `registerParserCategory` and produces a new parser descriptor:
-
-```lean
-set_option trace.Elab.definition true in
-declare_syntax_cat binderterm
-
-/-
-Output:
-
-[Elab.definition.body] binderterm.quot : Lean.ParserDescr :=
-Lean.ParserDescr.node `Lean.Parser.Term.quot 1024
-  (Lean.ParserDescr.binary `andthen (Lean.ParserDescr.symbol "`(binderterm|")
-    (Lean.ParserDescr.binary `andthen (Lean.ParserDescr.cat `binderterm 0)
-      (Lean.ParserDescr.symbol ")")))
--/
-```
-
-Declaring a new syntax category like this one automatically declares a quotation
-operator `` `(binderterm| ...)``. These pipe prefixes `<thing>|` are used in
-syntax quotations to say what category a given quotation is expected to be an
-element of. The pipe prefixes are *not* used for elements in the `term` and
-`command` categories (since they're considered the default), but need to be used
-for everything else.
-
-## Parsers and the `syntax` keyword
-
-Internally, elements of type `Lean.ParserDescr` are implemented as parser
-combinators. However, Lean offers the ability to write parsers using the
-macro/pattern language by way of the `syntax` keyword. This is the recommended
-means of writing parsers. As an example, the parser for the `rwa` (rewrite, then
-use assumption) tactic is:
-
-```lean
-# open Lean.Parser.Tactic
-set_option trace.Elab.definition true in
-syntax "rwa " rwRuleSeq (location)? : tactic
-
-/-
-which expands to:
-[Elab.definition.body] tacticRwa__ : Lean.ParserDescr :=
-Lean.ParserDescr.node `tacticRwa__ 1022
-  (Lean.ParserDescr.binary `andthen
-    (Lean.ParserDescr.binary `andthen (Lean.ParserDescr.nonReservedSymbol "rwa " false) Lean.Parser.Tactic.rwRuleSeq)
-    (Lean.ParserDescr.unary `optional Lean.Parser.Tactic.location))
-
--/
-
-```
-
-Literals are written as double-quoted strings (`"rwa "` expects the literal
-sequence of characters `rwa`, while the trailing space provides a hint to the
-formatter that it should add a space after `rwa` when pretty printing this
-syntax); `rwRuleSeq` and `location` are themselves `ParserDescr`s, and we finish
-with `: tactic` specifying that the preceding parser is for an element in the
-`tactic` syntax category. The parentheses around `(location)?` are necessary
-(rather than `location?`) because Lean 4 allows question marks to be used in
-identifiers, so `location?` is one single identifier that ends with a question
-mark, which is not what we want.
-
-The name `tacticRwa__` is automatically generated. You can name parser
-descriptors declared with the `syntax` keyword like so:
-
-```lean
-set_option trace.Elab.definition true in
-syntax (name := introv) "introv " (colGt ident)* : tactic
-
-/-
-[Elab.definition.body] introv : Lean.ParserDescr :=
-Lean.ParserDescr.node `introv 1022
-  (Lean.ParserDescr.binary `andthen (Lean.ParserDescr.nonReservedSymbol "introv " false)
-    (Lean.ParserDescr.unary `many
-      (Lean.ParserDescr.binary `andthen (Lean.ParserDescr.const `colGt) (Lean.ParserDescr.const `ident))))
--/
-```
-
-## The pattern language
-
-Available quantifiers are `?` (one or zero occurrences, see note below), `*`
-(zero or more occurrences), and `+` (one or more occurrences).
-
-Keep in mind that Lean makes `?` available for use in identifiers, so if we want
-a parser to look for an optional `location`, we would need to write
-`(location)?` with parenthesis acting as a separator, since `location?` would
-look for something under the identifier `location?` (where the `?` is part of
-the identifier).
-
-Parentheses can be used as delimiters.
-
-Separated lists can be constructed like so: `$ts,*` for a comma separated list.
-
-"extended splices" can be constructed as `$[..]`. See the official paper (p. 12)
-for more details.
-
-Literals are written as double-quoted strings. A literal may use trailing
-whitespace (see e.g. the `rwa` or `introv` tactics) to tell the pretty-printer
-how it should be displayed, but such whitespace will not prevent a literal with
-no trailing whitespace from matching. The spaces are relevant, but not
-interpreted literally. When the ParserDescr is turned into a Parser, the actual
-token matcher [uses the .trim of the provided
-string](https://github.com/leanprover/lean4/blob/53ec43ff9b8f55989b12c271e368287b7b997b54/src/Lean/Parser/Basic.lean#L1193),
-but the generated formatter [uses the spaces as
-specified](https://github.com/leanprover/lean4/blob/8d370f151f7c88a687152a5b161dcb484c446ce2/src/Lean/PrettyPrinter/Formatter.lean#L328),
-that is, turning the atom "rwa" in the syntax into the string rwa as part of the
-pretty printed output.
-
-## Syntax expansions with `macro_rules`, and how it desugars.
-
-`macro_rules` lets you declare expansions for a given `Syntax` element using a
-syntax similar to a `match` statement. The left-hand side of a match arm is a
-quotation (with a leading `<cat>|` for categories other than `term` and
-`command`) in which users can specify the pattern they'd like to write an
-expansion for. The right-hand side returns a syntax quotation which is the
-output the user wants to expand to.
-
-A feature of Lean's macro system is that if there are multiple expansions for a
-particular match, Lean will try the most recently declared expansion first, and
-will retry with other matching expansions if the previous attempt failed. This
-is particularly useful for extending existing tactics.
-
-The following example shows both the retry behavior, and the fact that macros
-declared using the shorthand `macro` syntax can still have additional expansions
-declared with `macro_rules`. This `transitivity` tactic is implemented such that
-it will work for either Nat.le or Nat.lt. The Nat.lt version was declared "most
-recently", so it will be tried first, but if it fails (for example, if the
-actual term in question is Nat.le) the next potential expansion will be tried:
-```lean
-macro "transitivity" e:(colGt term) : tactic => `(tactic| apply Nat.le_trans (m := $e))
-macro_rules
-  | `(tactic| transitivity $e) => `(tactic| apply Nat.lt_trans (m := $e))
-
-example (a b c : Nat) (h0 : a < b) (h1 : b < c) : a < c := by
-  transitivity b <;>
-  assumption
-
-example (a b c : Nat) (h0 : a <= b) (h1 : b <= c) : a <= c := by
-  transitivity b <;>
-  assumption
-
-/- This will fail, but is interesting in that it exposes the "most-recent first" behavior, since the
-  error message complains about being unable to unify mvar1 <= mvar2, rather than mvar1 < mvar2. -/
-/-
-example (a b c : Nat) (h0 : a <= b) (h1 : b <= c) : False := by
-  transitivity b <;>
-  assumption
--/
-```
-
-To see the desugared definition of the actual expansion, we can again use
-`set_option trace.Elab.definition true in` and observe the output of the humble
-`exfalso` tactic defined in Mathlib4:
-```lean
-
-set_option trace.Elab.definition true in
-macro "exfalso" : tactic => `(tactic| apply False.elim)
-
-/-
-Results in the expansion:
-
-[Elab.definition.body] _aux___macroRules_tacticExfalso_1 : Lean.Macro :=
-fun x =>
-  let discr := x;
-  /- This is where Lean tries to actually identify that it's an invocation of the exfalso tactic -/
-  if Lean.Syntax.isOfKind discr `tacticExfalso = true then
-    let discr := Lean.Syntax.getArg discr 0;
-    let x := discr;
-    do
-      /- Lean getting scope/meta info from the macro monad -/
-      let info ← Lean.MonadRef.mkInfoFromRefPos
-      let scp ← Lean.getCurrMacroScope
-      let mainModule ← Lean.getMainModule
-      pure
-          (Lean.Syntax.node Lean.SourceInfo.none `Lean.Parser.Tactic.seq1
-            #[Lean.Syntax.node Lean.SourceInfo.none `null
-                #[Lean.Syntax.node Lean.SourceInfo.none `Lean.Parser.Tactic.apply
-                    #[Lean.Syntax.atom info "apply",
-                      Lean.Syntax.ident info (String.toSubstring "False.elim")
-                        (Lean.addMacroScope mainModule `False.elim scp) [(`False.elim, [])]]]])
-  else
-    /- If this wasn't actually an invocation of the exfalso tactic, throw the "unsupportedSyntax" error -/
-    let discr := x;
-    throw Lean.Macro.Exception.unsupportedSyntax
--/
-```
-
-We can also create the syntax transformer declaration ourselves instead of using
-`macro_rules`. We'll need to name our parser and use the attribute `@[macro
-myExFalsoParser]` to associate our declaration with the parser:
-```lean
-# open Lean
-syntax (name := myExfalsoParser) "myExfalso" : tactic
-
--- remember that `Macro` is a synonym for `Syntax -> TacticM Unit`
-@[macro myExfalsoParser] def implMyExfalso : Macro :=
-fun stx => `(tactic| apply False.elim)
-
-example (p : Prop) (h : p) (f : p -> False) : 3 = 2 := by
-  myExfalso
-  exact f h
-```
-
-In the above example, we're still using the sugar Lean provides for creating
-quotations, as it feels more intuitive and saves us some work. It is possible to
-forego the sugar altogether:
-```lean
-syntax (name := myExfalsoParser) "myExfalso" : tactic
-
-@[macro myExfalsoParser] def implMyExfalso : Lean.Macro :=
-  fun stx => pure (Lean.mkNode `Lean.Parser.Tactic.apply
-    #[Lean.mkAtomFrom stx "apply", Lean.mkCIdentFrom stx ``False.elim])
-
-example (p : Prop) (h : p) (f : p -> False) : 3 = 2 := by
-  myExfalso
-  exact f h
-```
-
-## The `macro` keyword
-
-`macro` is a shortcut which allows users to declare both a parser and an
-expansion at the same time as a matter of convenience. Additional expansions for
-the parser generated by the `macro` invocation can be added with a separate
-`macro_rules` block (see the example in the `macro_rules` section).
-
-## Unexpanders
-
-TODO; for now, see the unexpander in Mathlib.Set for an example.
-
-## More illustrative examples:
-
-The
-[Tactic.Basic](https://github.com/leanprover-community/mathlib4/blob/master/Mathlib/Tactic/Basic.lean)
-file in Mathlib4 contains many good examples to learn from.
-
-## Practical tips:
-
-You can observe the output of commands and functions that in some way use the
-macro system by setting this option to true : `set_option trace.Elab.definition
-true`
-
-Lean also offers the option of limiting the region in which option is set with
-the syntax `set_option ... in`):
-
-Hygiene can be disabled with the command option `set_option hygiene false`

doc/make/osx-10.9.md

@@ -32,12 +32,13 @@ following to use `g++`.
 cmake -DCMAKE_CXX_COMPILER=g++ ...
 ```
 
-## Required Packages: CMake, GMP, libuv
+## Required Packages: CMake, GMP, libuv, pkgconf
 
 ```bash
 brew install cmake
 brew install gmp
 brew install libuv
+brew install pkgconf
 ```
 
 ## Recommended Packages: CCache

doc/make/ubuntu.md

@@ -8,5 +8,5 @@ follow the [generic build instructions](index.md).
 ## Basic packages
 
 ```bash
-sudo apt-get install git libgmp-dev libuv1-dev cmake ccache clang
+sudo apt-get install git libgmp-dev libuv1-dev cmake ccache clang pkgconf
 ```

doc/monads/.gitignore

@@ -1 +0,0 @@
-*.lean.md

doc/monads/applicatives.lean

@@ -1,334 +0,0 @@
-/-!
-# Applicative Functors
-
-Building on [Functors](functors.lean.md) is the [Applicative
-Functor](https://en.wikipedia.org/wiki/Applicative_functor). For simplicity, you can refer to these
-simply as "Applicatives". These are a little tricker than functors, but still simpler than monads.
-Let's see how they work!
-
-## What is an Applicative Functor?
-
-An applicative functor defines a default or "base" construction for an object and allows
-function application to be chained across multiple instances of the structure. All applicative
-functors are functors, meaning they must also support the "map" operation.
-
-## How are Applicatives represented in Lean?
-
-An [applicative functor](https://en.wikipedia.org/wiki/Applicative_functor) is an intermediate
-structure between `Functor` and `Monad`. It mainly consists of two operations:
-
-* `pure : α → F α`
-* `seq : F (α → β) → F α → F β` (written as `<*>`)
-
-The `pure` operator specifies how you can wrap a normal object `α` into an instance of this structure `F α`.
-This is the "default" mechanism mentioned above.
-
-The `seq` operator allows you to chain operations by wrapping a function in a structure. The name
-"applicative" comes from the fact that you "apply" functions from within the structure, rather than
-simply from outside the structure, as was the case with `Functor.map`.
-
-Applicative in Lean is built on some helper type classes, `Functor`, `Pure` and `Seq`:
-
--/
-namespace hidden -- hidden
-class Applicative (f : Type u → Type v) extends Functor f, Pure f, Seq f, SeqLeft f, SeqRight f where
-  map      := fun x y => Seq.seq (pure x) fun _ => y
-  seqLeft  := fun a b => Seq.seq (Functor.map (Function.const _) a) b
-  seqRight := fun a b => Seq.seq (Functor.map (Function.const _ id) a) b
-end hidden -- hidden
-/-!
-Notice that as with `Functor` it is also a type transformer `(f : Type u → Type v)` and notice the
-`extends Functor f` is ensuring the base `Functor` also performs that same type transformation.
-
-As stated above, all applicatives are then functors. This means you can assume that `map` already
-exists for all these types.
-
-The `Pure` base type class is a very simple type class that supplies the `pure` function.
-
--/
-namespace hidden -- hidden
-class Pure (f : Type u → Type v) where
-   pure {α : Type u} : α → f α
-end hidden -- hidden
-/-!
-
-You can think of it as lifting the result of a pure value to some monadic type. The simplest example
-of `pure` is the `Option` type:
-
--/
-#eval (pure 10 : Option Nat)  -- some 10
-/-!
-
-Here we used the `Option` implementation of `pure` to wrap the `Nat 10` value in an `Option Nat`
-type resulting in the value `some 10`, and in fact if you look at the Monad instance of `Option` , you
-will see that `pure` is indeed implemented using `Option.some`:
-
--/
-instance : Monad Option where
-    pure := Option.some
-/-!
-
-The `Seq` type class is also a simple type class that provides the `seq` operator which can
-also be written using the special syntax `<*>`.
-
--/
-namespace hidden -- hidden
-class Seq (f : Type u → Type v) : Type (max (u+1) v) where
-  seq : {α β : Type u} → f (α → β) → (Unit → f α) → f β
-end hidden -- hidden
-/-!
-
-
-## Basic Applicative Examples
-
-Many of the basic functors also have instances of `Applicative`.
-For example, `Option` is also `Applicative`.
-
-So let's take a look and what the `seq` operator can do.  Suppose you want to multiply two `Option Nat`
-objects.  Your first attempt might be this:
-
--/
-#check_failure (some 4) * (some 5)      -- failed to synthesize instance
-/-!
-
-You then might wonder how to use the `Functor.map` to solve this since you could do these before:
-
--/
-#eval (some 4).map (fun x => x * 5)  -- some 20
-
-#eval (some 4).map (· * 5)  -- some 20
-
-#eval (· * 5) <$> (some 4)   -- some 20
-/-!
-
-Remember that `<$>` is the infix notation for `Functor.map`.
-
-The functor `map` operation can apply a multiplication to the value in the `Option` and then lift the
-result back up to become a new `Option` , but this isn't what you need here.
-
-The `Seq.seq` operator `<*>` can help since it can apply a function to the items inside a
-container and then lift the result back up to the desired type, namely `Option` .
-
-There are two ways to do this:
-
--/
-#eval pure (.*.) <*> some 4 <*> some 5 -- some 20
-
-#eval (.*.) <$> some 4 <*> some 5 -- some 20
-/-!
-
-In the first way, we start off by wrapping the function in an applicative using pure. Then we apply
-this to the first `Option` , and again to the second `Option`  in a chain of operations.  So  you can see
-how `Seq.seq` can be chained in fact, `Seq.seq` is really all about chaining of operations.
-
-But in this case there is a simpler way.  In the second way, you can see that "applying" a single
-function to a container is the same as using `Functor.map`. So you use `<$>` to "transform" the first
-option into an `Option` containing a function, and then apply this function over the second value.
-
-Now if either side is `none`, the result is `none`, as expected, and in this case the
-`seq` operator was able to eliminate the multiplication:
-
--/
-#eval (.*.) <$> none <*> some 5  -- none
-#eval (.*.) <$> some 4 <*> none  -- none
-/-!
-
-For a more interesting example, let's make `List` an applicative by adding the following
-definition:
-
--/
-instance : Applicative List where
-  pure := List.singleton
-  seq f x := List.flatMap f fun y => Functor.map y (x ())
-/-!
-
-Notice you can now sequence a _list_ of functions and a _list_ of items.
-The trivial case of sequencing a singleton list is in fact the same as `map`, as you saw
-earlier with the `Option`  examples:
-
--/
-#eval [ (·+2)] <*> [4, 6] -- [6, 8]
-#eval (·+2) <$> [4,6]    -- [6, 8]
-/-!
-
-But now with list it is easier to show the difference when you do this:
-
--/
-#eval [(·+2), (· *3)] <*> [4, 6] -- [6, 8, 12, 18]
-/-!
-
-Why did this produce 4 values?  The reason is because `<*>` applies _every_ function to _every_
-value in a pairwise manner.  This makes sequence really convenient for solving certain problems. For
-example, how do you get the pairwise combinations of all values from two lists?
-
--/
-#eval Prod.mk <$> [1, 2, 3] <*> [4, 5, 6]
--- [(1, 4), (1, 5), (1, 6), (2, 4), (2, 5), (2, 6), (3, 4), (3, 5), (3, 6)]
-/-!
-
-How do you get the sum of these pairwise values?
--/
-#eval (·+·) <$> [1, 2, 3] <*> [4, 5, 6]
--- [5, 6, 7, 6, 7, 8, 7, 8, 9]
-/-!
-
-Here you can use `<$>` to "transform" each element of the first list into a function, and then apply
-these functions over the second list.
-
-If you have 3 lists, and want to find all combinations of 3 values across those lists you
-would need helper function that can create a tuple out of 3 values, and Lean provides a
-very convenient syntax for that `(·,·,·)`:
-
--/
-#eval (·,·,·) <$> [1, 2] <*> [3, 4] <*> [5, 6]
--- [(1, 3, 5), (1, 3, 6), (1, 4, 5), (1, 4, 6), (2, 3, 5), (2, 3, 6), (2, 4, 5), (2, 4, 6)]
-/-!
-
-And you could sum these combinations if you first define a sum function that takes three inputs and
-then you could chain apply this over the three lists.  Again lean can create such a function
-with the expression `(·+·+·)`:
-
--/
-#eval (·+·+·) <$> [1, 2] <*> [3, 4] <*> [5, 6]
--- [9, 10, 10, 11, 10, 11, 11, 12]
-/-!
-
-And indeed each sum here matches the expected values if you manually sum the triples we
-show above.
-
-**Side note:** there is another way to combine lists with a function that does not do the pairwise
-combinatorics, it is called `List.zipWith`:
-
--/
-#eval List.zipWith (·+·) [1, 2, 3] [4, 5, 6]
--- [5, 7, 9]
-/-!
-
-And there is a helper function named `List.zip` that calls `zipWith` using the function `Prod.mk`
-so you get a nice zipped list like this:
-
--/
-#eval List.zip [1, 2, 3] [4, 5, 6]
--- [(1, 4), (2, 5), (3, 6)]
-/-!
-
-And of course, as you would expect, there is an `unzip` also:
-
--/
-#eval List.unzip (List.zip [1, 2, 3] [4, 5, 6])
--- ([1, 2, 3], [4, 5, 6])
-/-!
-
-## Example: A Functor that is not Applicative
-
-From the chapter on [functors](functors.lean.md) you might remember this example of `LivingSpace`
-that had a `Functor` instance:
-
--/
-structure LivingSpace (α : Type) where
-  totalSize : α
-  numBedrooms : Nat
-  masterBedroomSize : α
-  livingRoomSize : α
-  kitchenSize : α
-  deriving Repr, BEq
-
-def LivingSpace.map (f : α → β) (s : LivingSpace α) : LivingSpace β :=
-  { totalSize := f s.totalSize
-    numBedrooms := s.numBedrooms
-    masterBedroomSize := f s.masterBedroomSize
-    livingRoomSize := f s.livingRoomSize
-    kitchenSize := f s.kitchenSize }
-
-instance : Functor LivingSpace where
-  map := LivingSpace.map
-/-!
-
-It wouldn't really make sense to make an `Applicative` instance here. How would you write `pure` in
-the `Applicative` instance? By taking a single value and plugging it in for total size _and_ the
-master bedroom size _and_ the living room size? That wouldn't really make sense. And what would the
-numBedrooms value be for the default? What would it mean to "chain" two of these objects together?
-
-If you can't answer these questions very well, then it suggests this type isn't really an
-Applicative functor.
-
-## SeqLeft and SeqRight
-
-You may remember seeing the `SeqLeft` and `SeqRight` base types on `class Applicative` earlier.
-These provide the `seqLeft` and `seqRight` operations which also have some handy notation
-shorthands `<*` and `*>` respectively. Where: `x <* y` evaluates `x`, then `y`, and returns the
-result of `x` and `x *> y` evaluates `x`, then `y`,  and returns the result of `y`.
-
-To make it easier to remember, notice that it returns that value that the `<*` or `*>` notation is
-pointing at.  For example:
-
--/
-#eval (some 1) *> (some 2) -- Some 2
-#eval (some 1) <* (some 2) -- Some 1
-/-!
-
-So these are a kind of "discard" operation.  Run all the actions, but only return the values that you
-care about. It will be easier to see these in action when you get to full Monads, but they are used
-heavily in the Lean `Parsec` parser combinator library where you will find parsing functions like
-this one which parses the XML declaration `<?xml version="1.0" encoding='utf-8' standalone="yes">`:
-
-```lean
-def XMLdecl : Parsec Unit := do
-  skipString "<?xml"
-  VersionInfo
-  optional EncodingDecl *> optional SDDecl *> optional S *> skipString "?>"
-```
-
-But you will need to understand full Monads before this will make sense.
-
-## Lazy Evaluation
-
-Diving a bit deeper, (you can skip this and jump to the [Applicative
-Laws](laws.lean.md#what-are-the-applicative-laws) if don't want to dive into this implementation detail right
-now). But, if you write a simple `Option` example `(.*.) <$> some 4 <*> some 5` that produces `some 20`
-using `Seq.seq` you will see something interesting:
-
--/
-#eval Seq.seq ((.*.) <$> some 4) (fun (_ : Unit) => some 5) -- some 20
-/-!
-
-This may look a bit cumbersome, specifically, why did we need to invent this funny looking function
-`fun (_ : Unit) => (some 5)`?
-
-Well if you take a close look at the type class definition:
-```lean
-class Seq (f : Type u → Type v) where
-  seq : {α β : Type u} → f (α → β) → (Unit → f α) → f β
-```
-
-You will see this function defined here: `(Unit → f α)`, this is a function that takes `Unit` as input
-and produces the output of type `f α` where `f` is the container type `Type u -> Type v`, in this example `Option`
-and `α` is the element type `Nat`, so `fun (_ : Unit) => some 5` matches this definition because
-it is taking an input of type Unit and producing `some 5` which is type `Option Nat`.
-
-The that `seq` is defined this way is because Lean is an eagerly evaluated language
-(call-by-value), you have to use this kind of Unit function whenever you want to explicitly delay
-evaluation and `seq` wants that so it can eliminate unnecessary function evaluations whenever
-possible.
-
-Fortunately the `<*>` infix notation hides this from you by creating this wrapper function for you.
-If you look up the notation using F12 in VS Code you will find it contains `(fun _ : Unit => b)`.
-
-Now to complete this picture you will find the default implementation of `seq` on the Lean `Monad`
-type class:
-
-```lean
-class Monad (m : Type u → Type v) extends Applicative m, Bind m where
-  seq      f x := bind f fun y => Functor.map y (x ())
-```
-
-Notice here that `x` is the `(Unit → f α)` function, and it is calling that function by passing the
-Unit value `()`, which is the Unit value (Unit.unit).  All this just to ensure delayed evaluation.
-
-## How do Applicatives help with Monads?
-
-Applicatives are helpful for the same reasons as functors. They're a relatively simple abstract
-structure that has practical applications in your code. Now that you understand how chaining
-operations can fit into a structure definition, you're in a good position to start learning about
-[Monads](monads.lean.md)!
--/

doc/monads/except.lean

@@ -1,178 +0,0 @@
-/-!
-# Except
-
-The `Except` Monad adds exception handling behavior to your functions.  Exception handling
-in other languages like Python or Java is done with a built in `throw` method that you
-can use anywhere.  In `Lean` you can only `throw` an exception when your function is
-executing in the context of an `Except` monad.
-
--/
-def divide (x y: Float): Except String Float :=
-  if y == 0 then
-    throw "can't divide by zero"
-  else
-    pure (x / y)
-
-#eval divide 5 2  -- Except.ok 2.500000
-#eval divide 5 0  -- Except.error "can't divide by zero"
-
-/-!
-
-Just as the `read` operation was available from the `ReaderM` monad and the `get` and `set`
-operations came with the `StateM` monad, here you can see a `throw` operation is provided by the
-`Except` monad.
-
-So in Lean, `throw` is not available everywhere like it is in most imperative programming languages.
-You have to declare your function can throw by changing the type signature to `Except String Float`.
-This creates a function that might return an error of type `String` or it might return a value of
-type `Float` in the non-error case.
-
-Once your function is monadic you also need to use the `pure` constructor of the `Except` monad to
-convert the pure non-monadic value `x / y` into the required `Except` object.  See
-[Applicatives](applicatives.lean.md) for details on `pure`.
-
-Now this return typing would get tedious if you had to include it everywhere that you call this
-function, however, Lean type inference can clean this up. For example, you can define a test
-function that calls the `divide` function and you don't need to say anything here about the fact that
-it might throw an error, because that is inferred:
--/
-def test := divide 5 0
-
-#check test     -- Except String Float
-/-!
-
-Notice the Lean compiler infers the required `Except String Float` type information for you.
-And now you can run this test and get the expected exception:
-
--/
-#eval test      -- Except.error "can't divide by zero"
-/-!
-
-
-## Chaining
-
-Now as before you can build a chain of monadic actions that can be composed together using `bind (>>=)`:
--/
-def square (x : Float) : Except String Float :=
-  if x >= 100 then
-    throw "it's absolutely huge"
-  else
-    pure (x * x)
-
-#eval divide 6 2 >>= square  -- Except.ok 9.000000
-#eval divide 6 0 >>= square  -- Except.error "can't divide by zero"
-#eval divide 100 1 >>= square  -- Except.error "it's absolutely huge"
-
-def chainUsingDoNotation := do
-  let r ← divide 6 0
-  square r
-
-#eval chainUsingDoNotation  -- Except.error "can't divide by zero"
-
-/-!
-Notice in the second `divide 6 0` the exception from that division was nicely propagated along
-to the final result and the square function was ignored in that case.  You can see why the
-`square` function was ignored if you look at the implementation of `Except.bind`:
--/
-def bind (ma : Except ε α) (f : α → Except ε β) : Except ε β :=
-  match ma with
-  | Except.error err => Except.error err
-  | Except.ok v      => f v
-/-!
-
-Specifically notice that it only calls the next function `f v` in the `Except.ok`, and
-in the error case it simply passes the same error along.
-
-Remember also that you can chain the actions with implicit binding by using the `do` notation
-as you see in the `chainUsingDoNotation` function above.
-
-## Try/Catch
-
-Now with all good exception handling you also want to be able to catch exceptions so your program
-can continue on or do some error recovery task, which you can do like this:
--/
-def testCatch :=
-  try
-    let r ← divide 8 0  -- 'r' is type Float
-    pure (toString r)
-  catch e =>
-    pure s!"Caught exception: {e}"
-
-#check testCatch -- Except String String
-/-!
-
-Note that the type inferred by Lean for this function is `Except String String` so unlike the
-`test` function earlier, this time Lean type inference has figured out that since the pure
-value `(toString r)` is of type `String`, then this function must have type `Except String String`
-so you don't have to explicitly state this. You can always hover your mouse over `testCatch`
-or use `#check testCatch` to query Lean interactively to figure out what type inference
-has decided.  Lean type inference makes life easy for you, so it's good to use it
-when you can.
-
-You can now see the try/catch working in this eval:
--/
-#eval testCatch -- Except.ok "Caught exception: can't divide by zero"
-/-!
-
-Notice the `Caught exception:` wrapped message is returned, and that it is returned as an
-`Except.ok` value, meaning `testCatch` eliminated the error result as expected.
-
-So you've interleaved a new concept into your functions (exception handling) and the compiler is still
-able to type check everything just as well as it does for pure functions and it's been able to infer
-some things along the way to make it even easier to manage.
-
-Now you might be wondering why `testCatch` doesn't infer the return type `String`? Lean does this as a
-convenience since you could have a rethrow in or after the catch block. If you really want to stop
-the `Except` type from bubbling up you can unwrap it like this:
-
--/
-def testUnwrap : String := Id.run do
-  let r ← divide 8 0 -- r is type Except String Float
-  match r with
-  | .ok a => toString a -- 'a' is type Float
-  | .error e => s!"Caught exception: {e}"
-
-#check testUnwrap -- String
-#eval testUnwrap -- "Caught exception: can't divide by zero"
-
-/-!
-
-The `Id.run` function is a helper function that executes the `do` block and returns the result where
-`Id` is the _identity monad_.  So `Id.run do` is a pattern you can use to execute monads in a
-function that is not itself monadic.  This works for all monads except `IO` which, as stated earlier,
-you cannot invent out of thin air, you must use the `IO` monad given to your `main` function.
-
-## Monadic functions
-
-You can also write functions that are designed to operate in the context of a monad.
-These functions typically end in upper case M like `List.forM` used below:
--/
-
-def validateList (x : List Nat) (max : Nat): Except String Unit := do
-  x.forM fun a => do
-    if a > max then throw "illegal value found in list"
-
-#eval validateList [1, 2, 5, 3, 8] 10 -- Except.ok ()
-#eval validateList [1, 2, 5, 3, 8] 5 -- Except.error "illegal value found in list"
-
-/-!
-Notice here that the `List.forM` function passes the monadic context through to the inner function
-so it can use the `throw` function from the `Except` monad.
-
-The `List.forM` function is defined like this where `[Monad m]` means "in the context of a monad `m`":
-
--/
-def forM [Monad m] (as : List α) (f : α → m PUnit) : m PUnit :=
-  match as with
-  | []      => pure ⟨⟩
-  | a :: as => do f a; List.forM as f
-/-!
-
-## Summary
-
-Now that you know all these different monad constructs, you might be wondering how you can combine
-them. What if there was some part of your state that you wanted to be able to modify (using the
-State monad), but you also needed exception handling. How can you get multiple monadic capabilities
-in the same function. To learn the answer, head to [Monad Transformers](transformers.lean.md).
-
--/

doc/monads/functors.lean

@@ -1,227 +0,0 @@
-/-!
-# Functor
-
-A `Functor` is any type that can act as a generic container that allows you to transform the
-underlying values inside the container using a function, so that the values are all updated, but the
-structure of the container is the same. This is called "mapping".
-
-A List is one of the most basic examples of a `Functor`.
-
-A list contains zero or more elements of the same, underlying type.  When you `map` a function over
-a list, you create a new list with the same number of elements, where each has been transformed by
-the function:
--/
-#eval List.map (λ x => toString x) [1,2,3] -- ["1", "2", "3"]
-
--- you can also write this using dot notation on the List object
-#eval [1,2,3].map (λ x => toString x)  -- ["1", "2", "3"]
-
-/-!
-Here we converted a list of natural numbers (Nat) to a list of strings where the lambda function
-here used `toString` to do the transformation of each element. Notice that when you apply `map` the
-"structure" of the object remains the same, in this case the result is always a `List` of the same
-size.
-
-Note that in Lean a lambda function can be written using `fun` keyword or the unicode
-symbol `λ` which you can type in VS code using `\la `.
-
-List has a specialized version of `map` defined as follows:
--/
-def map (f : α → β) : List α → List β
-  | []    => []
-  | a::as => f a :: map f as
-
-/-!
-This is a very generic `map` function that can take any function that converts `(α → β)` and use it
-to convert `List α → List β`. Notice the function call `f a` above, this application of `f` is
-producing the converted items for the new list.
-
-Let's look at some more examples:
-
--/
--- List String → List Nat
-#eval ["elephant", "tiger", "giraffe"].map (fun s => s.length)
--- [8, 5, 7]
-
--- List Nat → List Float
-#eval [1,2,3,4,5].map (fun s => (s.toFloat) ^ 3.0)
--- [1.000000, 8.000000, 27.000000, 64.000000, 125.000000]
-
---- List String → List String
-#eval ["chris", "david", "mark"].map (fun s => s.capitalize)
--- ["Chris", "David", "Mark"]
-/-!
-
-Another example of a functor is the `Option` type. Option contains a value or nothing and is handy
-for code that has to deal with optional values, like optional command line arguments.
-
-Remember you can construct an Option using the type constructors `some` or `none`:
-
--/
-#check some 5 -- Option Nat
-#eval some 5  -- some 5
-#eval (some 5).map (fun x => x + 1) -- some 6
-#eval (some 5).map (fun x => toString x) -- some "5"
-/-!
-
-Lean also provides a convenient short hand syntax for `(fun x => x + 1)`, namely `(· + 1)`
-using the middle dot unicode character which you can type in VS code using `\. `.
-
--/
-#eval (some 4).map (· * 5)  -- some 20
-/-!
-
-The `map` function preserves the `none` state of the Option, so again
-map preserves the structure of the object.
-
--/
-def x : Option Nat := none
-#eval x.map (fun x => toString x) -- none
-#check x.map (fun x => toString x) -- Option String
-/-!
-
-Notice that even in the `none` case it has transformed `Option Nat` into `Option String` as
-you see in the `#check` command.
-
-## How to make a Functor Instance?
-
-The `List` type is made an official `Functor` by the following type class instance:
-
--/
-instance : Functor List where
-  map := List.map
-/-!
-
-Notice all you need to do is provide the `map` function implementation.  For a quick
-example, let's supposed you create a new type describing the measurements of a home
-or apartment:
-
--/
-structure LivingSpace (α : Type) where
-  totalSize : α
-  numBedrooms : Nat
-  masterBedroomSize : α
-  livingRoomSize : α
-  kitchenSize : α
-  deriving Repr, BEq
-/-!
-
-Now you can construct a `LivingSpace` in square feet using floating point values:
--/
-abbrev SquareFeet := Float
-
-def mySpace : LivingSpace SquareFeet :=
-  { totalSize := 1800, numBedrooms := 4, masterBedroomSize := 500,
-    livingRoomSize := 900, kitchenSize := 400 }
-/-!
-
-Now, suppose you want anyone to be able to map a `LivingSpace` from one type of measurement unit to
-another.  Then you would provide a `Functor` instance as follows:
-
--/
-def LivingSpace.map (f : α → β) (s : LivingSpace α) : LivingSpace β :=
-  { totalSize := f s.totalSize
-    numBedrooms := s.numBedrooms
-    masterBedroomSize := f s.masterBedroomSize
-    livingRoomSize := f s.livingRoomSize
-    kitchenSize := f s.kitchenSize }
-
-instance : Functor LivingSpace where
-  map := LivingSpace.map
-/-!
-
-Notice this functor instance takes `LivingSpace` and not the fully qualified type `LivingSpace SquareFeet`.
-Notice below that `LivingSpace` is a function from Type to Type.  For example, if you give it type `SquareFeet`
-it gives you back the fully qualified type `LivingSpace SquareFeet`.
-
--/
-#check LivingSpace -- Type → Type
-/-!
-
-So the `instance : Functor` then is operating on the more abstract, or generic `LivingSpace` saying
-for the whole family of types `LivingSpace α` you can map to `LivingSpace β` using the generic
-`LivingSpace.map` map function by simply providing a function that does the more primitive mapping
-from `(f : α → β)`.  So `LivingSpace.map` is a sort of function applicator.
-This is called a "higher order function" because it takes a function as input
-`(α → β)` and returns another function as output `F α → F β`.
-
-Notice that `LivingSpace.map` applies a function `f` to convert the units of all the LivingSpace
-fields, except for `numBedrooms` which is a count (and therefore is not a measurement that needs
-converting).
-
-So now you can define a simple conversion function, let's say you want square meters instead:
-
--/
-abbrev SquareMeters := Float
-def squareFeetToMeters (ft : SquareFeet ) : SquareMeters := (ft / 10.7639104)
-/-!
-
-and now bringing it all together you can use the simple function `squareFeetToMeters` to map
-`mySpace` to square meters:
-
--/
-#eval mySpace.map squareFeetToMeters
-/-
-{ totalSize := 167.225472,
-  numBedrooms := 4,
-  masterBedroomSize := 46.451520,
-  livingRoomSize := 83.612736,
-  kitchenSize := 37.161216 }
-  -/
-/-!
-
-Lean also defines custom infix operator `<$>` for `Functor.map` which allows you to write this:
--/
-#eval (fun s => s.length) <$> ["elephant", "tiger", "giraffe"] -- [8, 5, 7]
-#eval (fun x => x + 1) <$> (some 5) -- some 6
-/-!
-
-Note that the infix operator is left associative which means it binds more tightly to the
-function on the left than to the expression on the right, this means you can often drop the
-parentheses on the right like this:
-
--/
-#eval (fun x => x + 1) <$> some 5 -- some 6
-/-!
-
-Note that Lean lets you define your own syntax, so `<$>` is nothing special.
-You can define your own infix operator like this:
-
--/
-infixr:100 " doodle " => Functor.map
-
-#eval (· * 5) doodle [1, 2, 3]  -- [5, 10, 15]
-
-/-!
-Wow, this is pretty powerful.  By providing a functor instance on `LivingSpace` with an
-implementation of the `map` function it is now super easy for anyone to come along and
-transform the units of a `LivingSpace` using very simple functions like `squareFeetToMeters`. Notice
-that squareFeetToMeters knows nothing about `LivingSpace`.
-
-## How do Functors help with Monads ?
-
-Functors are an abstract mathematical structure that is represented in Lean with a type class. The
-Lean functor defines both `map` and a special case for working on constants more efficiently called
-`mapConst`:
-
-```lean
-class Functor (f : Type u → Type v) : Type (max (u+1) v) where
-  map : {α β : Type u} → (α → β) → f α → f β
-  mapConst : {α β : Type u} → α → f β → f α
-```
-
-Note that `mapConst` has a default implementation, namely:
-`mapConst : {α β : Type u} → α → f β → f α := Function.comp map (Function.const _)` in the `Functor`
-type class.  So you can use this default implementation and you only need to replace it if
-your functor has a more specialized variant than this (usually the custom version is more performant).
-
-In general then, a functor is a function on types `F : Type u → Type v` equipped with an operator
-called `map` such that if you have a function `f` of type `α → β` then `map f` will convert your
-container type from `F α → F β`. This corresponds to the category-theory notion of
-[functor](https://en.wikipedia.org/wiki/Functor) in the special case where the category is the
-category of types and functions between them.
-
-Understanding abstract mathematical structures is a little tricky for most people. So it helps to
-start with a simpler idea like functors before you try to understand monads.  Building on
-functors is the next abstraction called [Applicatives](applicatives.lean.md).
--/

doc/monads/intro.md

@@ -1,63 +0,0 @@
-# Monads
-
-Monads are used heavily in Lean, as they are also in Haskell. Monads come from the wonderful world
-of [Category Theory](https://en.wikipedia.org/wiki/Monad_%28category_theory%29).
-
-Monads in Lean are so similar to Haskell that this introduction to monads is heavily based on the
-similar chapter of the [Monday Morning Haskell](https://mmhaskell.com/monads/). Many thanks to
-the authors of that material for allowing us to reuse it here.
-
-Monads build on the following fundamental type classes which you will need to understand
-first before fully understanding monads. Shown in light blue are some concrete functors
-and monads that will also be covered in this chapter:
-
-![image](../images/monads.svg)
-
-This chapter is organized to give you a bottom up introduction to monads, starting with functors and
-applicative functors, you'll get an intuition for how these abstract structures work in Lean. Then
-you'll dive into monads and learn how to use some of the most useful built-in ones.
-
-## [Functor](functors.lean.md)
-A functor is a type class that provides a map function and the map function is something many
-people are already familiar with so this should be easy to follow.  Here you will see some
-concrete examples in action with `List` and `Option`.
-
-## [Applicative Functors](applicatives.lean.md)
-Applicatives are a little more difficult to understand than functors, but their functionality can
-still be summed up in a couple simple functions.  Here you will learn how to create an
-`Applicative List` and a completely custom `Applicative` type.
-
-## [Monads Tutorial](monads.lean.md)
-Now that you have an intuition for how abstract structures work, you'll examine some of the problems
-that functors and applicative functors don't help you solve. Then you'll learn the specifics of how
-to actually use monads with some examples using the `Option` monad and the all important `IO` monad.
-
-## [Reader Monad](readers.lean.md)
-Now that you understand the details of what makes a monadic structure work, in this section, you'll
-learn about one of the most useful built in monads `ReaderM`, which gives your programs a
-global read-only context.
-
-## [State Monad](states.lean.md)
-This section introduces the `StateM` monad. This monad allows you to access a particular type that you can
-both read from and write to. It opens the door to fully stateful programming, allowing you to do many
-of the things a function programming language supposedly "can't" do.
-
-## [Except Monad](except.lean.md)
-
-Similar to the `Option` monad the `Except` monad allows you to change the signature of a function so
-that it can return an `ok` value or an `error` and it provides the classic exception handling
-operations `throw/try/catch` so that your programs can do monad-based exception handling.
-
-## [Monad Transformers](transformers.lean.md)
-
-Now that you are familiar with all the above monads it is time to answer the question - how you can
-make them work together? After all, there are definitely times when you need multiple kinds of
-monadic behavior. This section introduces the concept of monad transformers, which allow you to
-combine multiple monads into one.
-
-## [Monad Laws](laws.lean.md)
-This section examines what makes a monad a legal monad. You could just implement your monadic type
-classes any way you want and write "monad" instances, but starting back with functors and
-applicative functors, you'll learn that all these structures have "laws" that they are expected to
-obey with respect to their behavior. You can make instances that don't follow these laws. But you do
-so at your peril, as other programmers will be very confused when they try to use them.

doc/monads/laws.lean

@@ -1,322 +0,0 @@
-/-!
-# Monad Laws
-
-In the previous sections you learned how to use [Functors](functors.lean.md),
-[Applicatives](applicatives.lean.md), and [Monads](monads.lean.md), and you played with some useful
-instances including [Option](monads.lean.md), [IO](monads.lean.md), [Reader](readers.lean.md),
-[State](states.lean.md) and [Except](except.lean.md) and you learned about composition using [Monad
-Transformers](transformers.lean.md).
-
-So far, you've learned the concrete details you need in order to _use_ monads in your Lean programs.
-But there's still one more important concept you need if you want to _create_ new functors,
-applicatives and monads. Namely, the notion of _structural "laws"_ -- rules that these type
-classes should follow in order to meet other programmers' expectations about your code.
-
-## Life without Laws
-
-Remember Lean represents each of these abstract structures by a type class. Each of these type classes
-has one or two main functions. So, as long as you implement those functions and it type checks, you
-have a new functor, applicative, or monad, right?
-
-Well not quite. Yes, your program will compile and you'll be able to use the instances. But this
-doesn't mean your instances follow the mathematical constructs. If they don't, your instances won't
-fulfill other programmers' expectations. Each type class has its own "laws". For instance, suppose
-you have the following Point Functor:
--/
-structure Point (α : Type) where
-  x : α
-  y : α
-  deriving Repr, BEq
-
-def Point.map (f : α → β) (s : Point α) : Point β :=
-  { x := f s.y,  -- an example of something weird
-    y := f s.x }
-
-instance : Functor Point where
-  map := Point.map
-
-#eval (·+2) <$> (Point.mk 1 2) -- { x := 4, y := 3 }
-
-/-!
-This Point does something weird, when you `map` it because it transposes the `x` and `y` coordinates
-which is not what other people would expect from a `map` function.  In fact, it breaks the rules
-as you will see below.
-
-## What are the Functor laws?
-
-Functors have two laws: the _identity_ law, and the _composition_ law. These laws express behaviors that
-your functor instances should follow. If they don't, other programmers will be very confused at the
-effect your instances have on their program.
-
-The identity law says that if you "map" the identity function (`id`) over your functor, the
-resulting functor should be the same. A succinct way of showing this on a `List` functor is:
-
--/
-def list1 := [1,2,3]
-
-#eval id <$> list1 == list1 -- true
-/-!
-
-Now let's try the same test on the `Point` functor:
--/
-
-def p1 : Point Nat := (Point.mk 1 2)
-
-#eval id <$> p1 == p1 -- false
-
-/-!
-Oh, and look while the `List` is behaving well, the `Point` functor fails this identity test.
-
-The _composition_ law says that if you "map" two functions in succession over a functor, this
-should be the same as "composing" the functions and simply mapping that one super-function over the
-functor.  In Lean you can compose two functions using `Function.comp f g` (or the syntax `f ∘ g`,
-which you can type in VS code using `\o `) and you will get the same results from both of these
-showing that the composition law holds for `List Nat`:
-
--/
-def double (x : Nat) := x + x
-def square (x : Nat) := x * x
-
-#eval double <$> (square <$> list1) -- [2, 8, 18]
-
-#eval (double <$> (square <$> list1)) == ((double ∘ square) <$> list1) -- true
-
--- ok, what about the Point class?
-#eval double <$> (square <$> p1) -- { x := 2, y := 8 }
-#eval (double ∘ square) <$> p1   -- { x := 8, y := 2 }
-
-#eval double <$> (square <$> p1) == (double ∘ square) <$> p1  -- false
-/-!
-Note that composition also fails on the bad `Point` because the x/y transpose.
-
-As you can see this bad `Point` implementation violates both of the functor laws. In this case it
-would not be a true functor. Its behavior would confuse any other programmers trying to use it. You
-should take care to make sure that your instances make sense. Once you get a feel for these type
-classes, the likelihood is that the instances you'll create will follow the laws.
-
-You can also write a bad functor that passes one law but not the other like this:
--/
-def bad_option_map {α β : Type u} : (α → β) → Option α → Option β
-  | _, _ => none
-
-instance : Functor Option where
-    map := bad_option_map
-
-def t1 : Option Nat := some 10
-
-#eval id <$> t1 == t1 -- false
-#eval double <$> (square <$> t1) == (double ∘ square) <$> t1  -- true
-/-!
-
-This fails the id law but obeys the composition law. Hopefully this explains the value of these
-laws, and you don't need to see any more bad examples!
-
-## What are the Applicative Laws?
-
-While functors have two laws, applicatives have four laws:
-
-- Identity
-- Homomorphism
-- Interchange
-- Composition
-
-### Identity
-
-`pure id <*> v = v`
-
-Applying the identity function through an applicative structure should not change the underlying
-values or structure.  For example:
--/
-instance : Applicative List where
-  pure := List.singleton
-  seq f x := List.flatMap f fun y => Functor.map y (x ())
-
-#eval pure id <*> [1, 2, 3]  -- [1, 2, 3]
-/-!
-
-The `pure id` statement here is wrapping the identity function in an applicative structure
-so that you can apply that over the container `[1, 2, 3]` using the Applicative `seq` operation
-which has the notation `<*>`.
-
-To prove this for all values `v` and any applicative `m` you can write this theorem:
--/
-example [Applicative m] [LawfulApplicative m] (v : m α) :
-  pure id <*> v = v :=
-  by simp -- Goals accomplished 🎉
-/-!
-
-### Homomorphism
-
-`pure f <*> pure x = pure (f x)`
-
-Suppose you wrap a function and an object in `pure`. You can then apply the wrapped function over the
-wrapped object. Of course, you could also apply the normal function over the normal object, and then
-wrap it in `pure`. The homomorphism law states these results should be the same.
-
-For example:
-
--/
-def x := 1
-def f := (· + 2)
-
-#eval pure f <*> pure x = (pure (f x) : List Nat) -- true
-/-!
-
-You should see a distinct pattern here. The overriding theme of almost all these laws is that these
-`Applicative` types should behave like normal containers. The `Applicative` functions should not
-have any side effects. All they should do is facilitate the wrapping, unwrapping, and transformation
-of data contained in the container resulting in a new container that has the same structure.
-
-### Interchange
-
-`u <*> pure y = pure (. y) <*> u`.
-
-This law is a little more complicated, so don't sweat it too much. It states that the order that
-you wrap things shouldn't matter. One the left, you apply any applicative `u` over a pure wrapped
-object. On the right, you first wrap a function applying the object as an argument. Note that `(·
-y)` is short hand for: `fun f => f y`. Then you apply this to the first applicative `u`. These
-should be the same.
-
-For example:
-
--/
-def y := 4
-def g : List (Nat → Nat) := [(· + 2)]
-
-#eval g <*> pure y = pure (· y) <*> g      -- true
-/-!
-
-You can prove this with the following theorem:
--/
-example [Applicative m] [LawfulApplicative m] (u : m (α → β)) (y : α) :
-  u <*> pure y = pure (· y) <*> u :=
-  by simp [pure_seq] -- Goals accomplished 🎉
-
-/-!
-
-### Composition:
-
-`u <*> v <*> w = u <*> (v <*> w)`
-
-This final applicative law mimics the second functor law. It is a composition law. It states that
-function composition holds across applications within the applicative:
-
-For example:
-
--/
-def u := [1, 2]
-def v := [3, 4]
-def w := [5, 6]
-
-#eval pure (·+·+·) <*> u <*> v <*> w
--- [9, 10, 10, 11, 10, 11, 11, 12]
-
-#eval let grouping := pure (·+·) <*> v <*> w
-      pure (·+·) <*> u <*> grouping
--- [9, 10, 10, 11, 10, 11, 11, 12]
-/-!
-
-To test composition you see the separate grouping `(v <*> w)` then that can be used in the outer
-sequence `u <*> grouping` to get the same final result `[9, 10, 10, 11, 10, 11, 11, 12]`.
-
-## What are the Monad Laws?
-
-Monads have three laws:
-
-- Left Identity
-- Right Identity
-- Associativity
-
-### Left Identity
-
-Identity laws for monads specify that `pure` by itself shouldn't really change anything about the
-structure or its values.
-
-Left identity is `x >>= pure = x` and is demonstrated by the following examples on a monadic `List`:
--/
-instance : Monad List  where
-  pure := List.singleton
-  bind := List.flatMap
-
-def a := ["apple", "orange"]
-
-#eval a >>= pure      -- ["apple", "orange"]
-
-#eval a >>= pure = a  -- true
-
-/-!
-
-### Right Identity
-
-Right identity is `pure x >>= f = f x` and is demonstrated by the following example:
--/
-def h (x : Nat) : Option Nat :=  some (x + 1)
-def z := 5
-
-#eval pure z >>= h                  -- some 6
-#eval h z                           -- some 6
-
-#eval pure z >>= h = h z            -- true
-/-!
-
-So in this example, with this specific `z` and `h`, you see that the rule holds true.
-
-
-### Associativity
-
-The associativity law is written as:
-```lean,ignore
-  x >>= f >>= g = x >>= (λ x => f x >>= g)
-```
-where `(x : m α)` and `(f : α → m β)` and `(g : β → m γ)`.
-
-The associativity law is difficult to parse like some of the applicative laws, but what it is saying
-is that if you change the grouping of `bind` operations, you should still get the same result.
-This law has a parallel structure to the other composition laws.
-
-You can see this in action in the following rewrite of `runOptionFuncsBind` from [monads](monads.lean.md):
--/
-def optionFunc1 : String -> Option Nat
-  | "" => none
-  | str => some str.length
-
-def optionFunc2 (i : Nat) : Option Float :=
-  if i % 2 == 0 then none else some (i.toFloat * 3.14159)
-
-def optionFunc3 (f : Float) : Option (List Nat) :=
-  if f > 15.0 then none else some [f.floor.toUInt32.toNat, f.ceil.toUInt32.toNat]
-
-
-def runOptionFuncsBind (input : String) : Option (List Nat) :=
-   optionFunc1 input >>= optionFunc2 >>= optionFunc3
-
-def runOptionFuncsBindGrouped (input : String) : Option (List Nat) :=
-   optionFunc1 input >>= (λ x => optionFunc2 x >>= optionFunc3)
-
-#eval runOptionFuncsBind "big"        -- some [9, 10]
-#eval runOptionFuncsBindGrouped "big" -- some [9, 10]
-/-!
-
-Notice here we had to insert a `λ` function just like the definition says: `(λ x => f x >>= g)`.
-This is because unlike applicatives, you can't resolve the structure of later operations without the
-results of earlier operations quite as well because of the extra context monads provide. But you can
-still group their later operations into composite functions taking their inputs from earlier on, and
-the result should be the same.
-
-
-## Summary
-
-While these laws may be a bit difficult to understand just by looking at them, the good news is that
-most of the instances you'll make will naturally follow the laws so long as you keep it simple, so
-you shouldn't have to worry about them too much.
-
-There are two main ideas from all the laws:
-
-1. Applying the identity or pure function should not change the underlying values or structure.
-1. It should not matter what order you group operations in.  Another way to state this is function
-   composition should hold across your structures.
-
-Following these laws will ensure other programmers are not confused by the behavior of your
-new functors, applicatives and monads.
-
--/

doc/monads/monads.lean

@@ -1,300 +0,0 @@
-/-!
-# Monads
-
-Building on [Functors](functors.lean.md) and [Applicatives](applicatives.lean.md) we can now
-introduce [monads](https://en.wikipedia.org/wiki/Monad_%28category_theory%29).
-
-A monad is another type of abstract, functional structure. Let's explore what makes it different
-from the first two structures.
-
-## What is a Monad?
-
-A monad is a computational context. It provides a structure that allows you to chain together
-operations that have some kind of shared state or similar effect. Whereas pure functional code can
-only operate on explicit input parameters and affect the program through explicit return values,
-operations in a monad can affect other computations in the chain implicitly through side effects,
-especially modification of an implicitly shared value.
-
-## How are monads represented in Lean?
-
-Like functors and applicatives, monads are represented with a type class in Lean:
-
-```lean,ignore
-class Monad (m : Type u → Type v) extends Applicative m, Bind m where
-```
-
-Just as every applicative is a functor, every monad is also an applicative and there's one more new
-base type class used here that you need to understand, namely, `Bind`.
-
-```lean,ignore
-class Bind (f : Type u → Type v) where
-  bind : {α β : Type u} → f α → (α → f β) → f β
-```
-
-The `bind` operator also has infix notation `>>=` where `x >>= g` represents the result of executing
-`x` to get a value of type `f α` then unwrapping the value `α` from that and passing it to function
-`g` of type `α → f β` returning the result of type `f β` where `f` is the target structure type
-(like `Option` or List)
-
-This `bind` operation looks similar to the other ones you've seen so far, if you put them all
-together `Monad` has the following operations:
-
-```lean,ignore
-class Monad (f : Type u → Type v) extends Applicative f, Bind f where
-  pure {α : Type u} : α → f α
-  map : {α β : Type u} → (α → β) → f α → f β
-  seq : {α β : Type u} → f (α → β) → (Unit → f α) → f β
-  bind : {α β : Type u} → f α → (α → f β) → f β
-  ...
-```
-
-Notice `Monad` also contains `pure` it must also have a "default" way to wrap a value in the
-structure.
-
-The `bind` operator is similar to the applicative `seq` operator in that it chains two operations,
-with one of them being function related. Notice that `bind`, `seq` and `map` all take a function of
-some kind.  Let's examine those function types:
-
-- map: `(α → β)`
-- seq: `f (α → β)`
-- bind: `(α → f β)`
-
-So `map` is a pure function, `seq` is a pure function wrapped in the structure, and `bind` takes a
-pure input but produces an output wrapped in the structure.
-
-Note: we are ignoring the `(Unit → f α)` function used by `seq` here since that has a special
-purpose explained in [Applicatives Lazy Evaluation](applicatives.lean.md#lazy-evaluation).
-
-## Basic Monad Example
-
-Just as `Option` is a functor and an applicative functor, it is also a monad! Let's start with how
-`Option` implements the Monad type class.
-
--/
-instance : Monad Option where
-  pure := Option.some
-  bind := Option.bind
-/-!
-
-where:
-
-```lean,ignore
-def Option.bind : Option α → (α → Option β) → Option β
-  | none,   _ => none
-  | some a, f => f a
-```
-
-> **Side note**: this function definition is using a special shorthand syntax in Lean where the `:=
-match a, b with` code can be collapsed away. To make this more clear consider the following simpler
-example, where `Option.bind` is using the second form like `bar`:
-
--/
-def foo (x : Option Nat) (y : Nat) : Option Nat :=
-  match x, y with
-  | none, _ => none
-  | some x, y => some (x + y)
-
-def bar : Option Nat → Nat → Option Nat
-  | none, _ => none
-  | some x, y => some (x + y)
-
-#eval foo (some 1) 2  -- some 3
-#eval bar (some 1) 2  -- some 3
-/-!
-What is important is that `Option.bind` is using a `match` statement to unwrap the input value
-`Option α`, if it is `none` then it does nothing and returns `none`, if it has a value of type `α`
-then it applies the function in the second argument `(α → Option β)` to this value, which is
-the expression `f a` that you see in the line `  | some a, f => f a` above.  The function
-returns a result of type `Option β` which then becomes the return value for `bind`.  So there
-is no structure wrapping required on the return value since the input function already did that.
-
-But let's bring in the definition of a monad. What does it mean to describe `Option` as a
-computational context?
-
-The `Option` monad encapsulates the context of failure. Essentially, the `Option` monad lets us
-abort a series of operations whenever one of them fails. This allows future operations to assume
-that all previous operations have succeeded. Here's some code to motivate this idea:
-
--/
-def optionFunc1 : String -> Option Nat
-  | "" => none
-  | str => some str.length
-
-def optionFunc2 (i : Nat) : Option Float :=
-  if i % 2 == 0 then none else some (i.toFloat * 3.14159)
-
-def optionFunc3 (f : Float) : Option (List Nat) :=
-  if f > 15.0 then none else some [f.floor.toUInt32.toNat, f.ceil.toUInt32.toNat]
-
-def runOptionFuncs (input : String) : Option (List Nat) :=
-  match optionFunc1 input with
-  | none => none
-  | some i => match optionFunc2 i with
-    | none => none
-    | some f => optionFunc3 f
-
-#eval runOptionFuncs "big" -- some [9, 10]
-/-!
-
-Here you see three different functions that could fail. These are then combined in `runOptionFuncs`.
-But then you have to use nested `match` expressions to check if the previous result succeeded. It
-would be very tedious to continue this pattern much longer.
-
-The `Option` monad helps you fix this. Here's what this function looks like using the `bind`
-operator.
-
--/
-
-def runOptionFuncsBind (input : String) : Option (List Nat) :=
-  optionFunc1 input >>= optionFunc2 >>= optionFunc3
-
-#eval runOptionFuncsBind "big" -- some [9, 10]
-/-!
-
-It's much cleaner now! You take the first result and pass it into the second and third functions
-using the `bind` operation. The monad instance handles all the failure cases so you don't have to!
-
-Let's see why the types work out. The result of `optionFunc1` input is simply `Option Nat`. Then the
-bind operator allows you to take this `Option Nat` value and combine it with `optionFunc2`, whose type
-is `Nat → Option Float` The **bind operator resolves** these to an `Option Float`. Then you pass this
-similarly through the bind operator to `optionFunc3`, resulting in the final type, `Option (List Nat)`.
-
-Your functions will not always combine so cleanly though. This is where `do` notation comes into play.
-This notation allows you to write monadic operations one after another, line-by-line. It almost makes
-your code look like imperative programming. You can rewrite the above as:
--/
-
-def runOptionFuncsDo (input : String) : Option (List Nat) := do
-  let i ← optionFunc1 input
-  let f ← optionFunc2 i
-  optionFunc3 f
-
-#eval runOptionFuncsDo "big" -- some [9, 10]
-/-!
-
-The `←` operator used here is special. It effectively unwraps the value on the right-hand side from
-the monad. This means the value `i` has type `Nat`, _even though_ the result of `optionFunc1` is
-`Option Nat`. This is done using a `bind` operation under the hood.
-
-> Note you can use `<-` or the nice unicode symbol `←` which you can type into VS code by typing
-these characters `\l `.  When you type the final space, `\l` is replaced with `←`.
-
-Observe that we do not unwrap the final line of the computation. The function result is `Option
-(List Nat)` which matches what `optionFunc3` returns. At first glance, this may look more complicated
-than the `bind` example. However, it gives you a lot more flexibility, like mixing monadic and
-non-monadic statements, using if then/else structures with their own local do blocks and so on. It
-is particularly helpful when one monadic function depends on multiple previous functions.
-
-## Example using List
-
-You can easily make `List` into a monad with the following, since List already provides an
-implementation of `pure` and `bind`.
-
--/
-instance : Monad List  where
-  pure := List.singleton
-  bind := List.flatMap
-/-!
-
-Like you saw with the applicative `seq` operator, the `bind` operator applies the given function
-to every element of the list.  It is useful to look at the bind implementation for List:
-
--/
-open List
-def bind (a : List α) (b : α → List β) : List β := join (map b a)
-/-!
-
-So `Functor.map` is used to apply the function `b` to every element of `a` but this would
-return a whole bunch of little lists, so `join` is used to turn those back into a single list.
-
-Here's an example where you use `bind` to convert a list of strings into a combined list of chars:
-
--/
-
-#eval "apple".toList  -- ['a', 'p', 'p', 'l', 'e']
-
-#eval ["apple", "orange"] >>= String.toList
--- ['a', 'p', 'p', 'l', 'e', 'o', 'r', 'a', 'n', 'g', 'e']
-
-/-!
-
-
-## The IO Monad
-
-The `IO Monad` is perhaps the most important monad in Lean. It is also one of the hardest monads to
-understand starting out. Its actual implementation is too intricate to discuss when first learning
-monads. So it is best to learn by example.
-
-What is the **computational context** that describes the IO monad? IO operations can read
-information from or write information to the terminal, file system, operating system, and/or
-network. They interact with systems outside of your program. If you want to get user input, print a
-message to the user, read information from a file, or make a network call, you'll need to do so
-within the IO Monad.
-
-The state of the world outside your program can change at virtually any moment, and so this IO
-context is particularly special. So these IO operations are "side effects" which means you cannot
-perform them from "pure" Lean functions.
-
-Now, the most important job of pretty much any computer program is precisely to perform this
-interaction with the outside world. For this reason, the root of all executable Lean code is a
-function called main, with the type `IO Unit`. So every program starts in the IO monad!
-
-When your function is `IO` monadic, you can get any input you need, call into "pure" code with the
-inputs, and then output the result in some way. The reverse does not work. You cannot call into IO
-code from pure code like you can call into a function that takes `Option` as input. Another way to
-say this is you cannot invent an `IO` context out of thin air, it has to be given to you in your
-`main` function.
-
-Let's look at a simple program showing a few of the basic IO functions. It also uses `do` notation
-to make the code read nicely:
--/
-def main : IO Unit := do
-  IO.println "enter a line of text:"
-  let stdin ← IO.getStdin            -- IO IO.FS.Stream (monadic)
-  let input ← stdin.getLine          -- IO.FS.Stream → IO String (monadic)
-  let uppercased := input.toUpper    -- String → String (pure)
-  IO.println uppercased              -- IO Unit (monadic)
-/-!
-
-So, once again you can see that the `do` notation lets you chain a series of monadic actions.
-`IO.getStdin` is of type `IO IO.FS.Stream` and `stdin.getLine` is of type `IO String`
-and `IO.println` is of type `IO Unit`.
-
-In between you see a non-monadic expression `let uppercased := input.toUpper` which is fine too.
-A let statement can occur in any monad. Just as you could unwrap `i` from `Option Nat` to get the
-inner Nat, you can use `←` to unwrap the result of `getLine` to get a String. You can then manipulate
-this value using normal pure string functions like `toUpper`, and then you can pass the result to the
-`IO.println` function.
-
-This is a simple echo program. It reads a line from the terminal, and then prints the line back out
-capitalized to the terminal. Hopefully it gives you a basic understanding of how IO works.
-
-You can test this program using `lean --run` as follows:
-
-```
-> lean --run Main.lean
-enter a line of text:
-the quick brown fox
-THE QUICK BROWN FOX
-```
-
-Here the user entered the string `the quick brown fox` and got back the uppercase result.
-
-## What separates Monads from Applicatives?
-
-The key that separates these is **context**. You cannot really determine the structure of
-"future" operations without knowing the results of "past" operations, because the past can alter the
-context in which the future operations work. With applicatives, you can't get the final function
-result without evaluating everything, but you can determine the structure of how the operation will
-take place. This allows some degree of parallelism with applicatives that is not generally possible
-with monads.
-
-
-## Conclusion
-
-Hopefully you now have a basic level understanding of what a monad is. But perhaps some more
-examples of what a "computational context" means would be useful to you. The Reader, State and
-Except monads each provide a concrete and easily understood context that can be compared easily to
-function parameters. You can learn more about those in [Reader monads](readers.lean.md),
-[State monads](states.lean.md), and the [Except monad](except.lean.md).
--/

doc/monads/readers.lean

@@ -1,199 +0,0 @@
-/-!
-# Readers
-
-In the [previous section](monads.lean.md) you learned about the conceptual idea of monads. You learned
-what they are, and saw how some common types like `IO` and `Option` work as monads. Now in this
-section, you will be looking at some other useful monads. In particular, the `ReaderM` monad.
-
-## How to do Global Variables in Lean?
-
-In Lean, your code is generally "pure", meaning functions can only interact with the arguments
-passed to them. This effectively means you cannot have global variables. You can have global
-definitions, but these are fixed at compile time. If some user behavior might change them, you would have
-to wrap them in the `IO` monad, which means they can't be used from pure code.
-
-Consider this example. Here, you want to have an `Environment` containing different parameters as a
-global variable. However, you want to load these parameters from the process environment variables,
-which requires the `IO` monad.
--/
-
-structure Environment where
-  path : String
-  home : String
-  user : String
-  deriving Repr
-
-def getEnvDefault (name : String): IO String := do
-  let val? ← IO.getEnv name
-  pure <| match val? with
-          | none => ""
-          | some s => s
-
-def loadEnv : IO Environment := do
-  let path ← getEnvDefault "PATH"
-  let home ← getEnvDefault "HOME"
-  let user ← getEnvDefault "USER"
-  pure { path, home, user }
-
-def func1 (e : Environment) : Float :=
-  let l1 := e.path.length
-  let l2 := e.home.length * 2
-  let l3 := e.user.length * 3
-  (l1 + l2 + l3).toFloat * 2.1
-
-def func2 (env : Environment) : Nat :=
-  2 + (func1 env).floor.toUInt32.toNat
-
-def func3 (env : Environment) : String :=
-  "Result: " ++ (toString (func2 env))
-
-def main : IO Unit := do
-  let env ← loadEnv
-  let str := func3 env
-  IO.println str
-
-#eval main -- Result: 7538
-
-/-!
-The only function actually using the environment is func1. However func1 is a pure function. This
-means it cannot directly call loadEnv, an impure function in the IO monad. This means the
-environment has to be passed through as a variable to the other functions, just so they can
-ultimately pass it to func1. In a language with global variables, you could save env as a global
-value in main. Then func1 could access it directly. There would be no need to have it as a parameter
-to func1, func2 and func3. In larger programs, these "pass-through" variables can cause a lot of
-headaches.
-
-## The Reader Solution
-
-The `ReaderM` monad solves this problem. It effectively creates a global read-only value of a
-specified type. All functions within the monad can "read" the type. Let's look at how the `ReaderM`
-monad changes the shape of this code. Now the functions **no longer need** to be given the
-`Environment` as an explicit parameter, as they can access it through the monad.
--/
-
-def readerFunc1 : ReaderM Environment Float := do
-  let env ← read
-  let l1 := env.path.length
-  let l2 := env.home.length * 2
-  let l3 := env.user.length * 3
-  return (l1 + l2 + l3).toFloat * 2.1
-
-def readerFunc2 : ReaderM Environment Nat :=
-  readerFunc1 >>= (fun x => return 2 + (x.floor.toUInt32.toNat))
-
-def readerFunc3 : ReaderM Environment String := do
-  let x ← readerFunc2
-  return "Result: " ++ toString x
-
-def main2 : IO Unit := do
-  let env ← loadEnv
-  let str := readerFunc3.run env
-  IO.println str
-
-#eval main2 -- Result: 7538
-/-!
-The `ReaderM` monad provides a `run` method and it is the `ReaderM` run method that takes the initial
-`Environment` context.  So here you see `main2` loads the environment as before, and establishes
-the `ReaderM` context by passing `env` to the `run` method.
-
-> **Side note 1**: The `return` statement used above also needs some explanation.  The `return`
-statement in Lean is closely related to `pure`, but a little different. First the similarity is that
-`return` and `pure` both lift a pure value up to the Monad type. But `return` is a keyword so you do
-not need to parenthesize the expression like you do when using `pure`.  (Note: you can avoid
-parentheses when using `pure` by using the `<|` operator like we did above in the initial
-`getEnvDefault` function).  Furthermore, `return` can also cause an early `return` in a monadic
-function similar to how it can in an imperative language while `pure` cannot.
-
-> So technically if `return` is the last statement in a function it could be replaced with `pure <|`,
-but one could argue that `return` is still a little easier for most folks to read, just so long as
-you understand that `return` is doing more than other languages, it is also wrapping pure values in
-the monadic container type.
-
-> **Side note 2**: If the function `readerFunc3` also took some explicit arguments then you would have
-to write `(readerFunc3 args).run env` and this is a bit ugly, so Lean provides an infix operator
-`|>` that eliminates those parentheses so you can write `readerFunc3 args |>.run env` and then you can
-chain multiple monadic actions like this `m1 args1 |>.run args2 |>.run args3` and this is the
-recommended style.  You will see this pattern used heavily in Lean code.
-
-The `let env ← read` expression in `readerFunc1` unwraps the environment from the `ReaderM` so we
-can use it. Each type of monad might provide one or more extra functions like this, functions that
-become available only when you are in the context of that monad.
-
-Here the `readerFunc2` function uses the `bind` operator `>>=` just to show you that there are bind
-operations happening here.  The `readerFunc3` function uses the `do` notation you learned about in
-[Monads](monads.lean.md) which hides that bind operation and can make the code look cleaner.
-So the expression `let x ← readerFunc2` is also calling the `bind` function under the covers,
-so that you can access the unwrapped value `x` needed for the `toString x` conversion.
-
-The important difference here to the earlier code is that `readerFunc3` and `readerFunc2` no longer
-have an **explicit** Environment input parameter that needs to be passed along all the way to
-`readerFunc1`.  Instead, the `ReaderM` monad is taking care of that for you, which gives you the
-illusion of something like global context where the context is now available to all functions that use
-the `ReaderM` monad.
-
-The above code also introduces an important idea. Whenever you learn about a monad "X", there's
-often (but not always) a `run` function to execute that monad, and sometimes some additional
-functions like `read` that interact with the monad context.
-
-You might be wondering, how does the context actually move through the `ReaderM` monad? How can you
-add an input argument to a function by modifying its return type?  There is a special command in
-Lean that will show you the reduced types:
--/
-#reduce ReaderM Environment String   -- Environment → String
-/-!
-And you can see here that this type is actually a function!  It's a function that takes an
-`Environment` as input and returns a `String`.
-
-Now, remember in Lean that a function that takes an argument of type `Nat` and returns a `String`
-like `def f (a : Nat) : String` is the same as this function `def f : Nat → String`.  These are
-exactly equal as types.  Well this is being used by the `ReaderM` Monad to add an input argument to
-all the functions that use the `ReaderM` monad and this is why `main` is able to start things off by
-simply passing that new input argument in `readerFunc3.run env`. So now that you know the implementation
-details of the `ReaderM` monad you can see that what it is doing looks very much like the original
-code we wrote at the beginning of this section, only it's taking a lot of the tedious work off your
-plate and it is creating a nice clean separation between what your pure functions are doing, and the
-global context idea that the `ReaderM` adds.
-
-## withReader
-
-One `ReaderM` function can call another with a modified version of the `ReaderM` context. You can
-use the `withReader` function from the `MonadWithReader` type class to do this:
-
--/
-def readerFunc3WithReader : ReaderM Environment String := do
-  let x ← withReader (λ env => { env with user := "new user" }) readerFunc2
-  return "Result: " ++ toString x
-
-/-!
-Here we changed the `user` in the `Environment` context to "new user" and then we passed that
-modified context to `readerFunc2`.
-
-So `withReader f m` executes monad `m` in the `ReaderM` context modified by `f`.
-
-## Handy shortcut with (← e)
-
-If you use the operator `←` in a let expression and the variable is only used once you can
-eliminate the let expression and place the `←` operator in parentheses like this
-call to loadEnv:
--/
-def main3 : IO Unit := do
-  let str := readerFunc3 (← loadEnv)
-  IO.println str
-/-!
-
-## Conclusion
-
-It might not seem like much has been accomplished with this `ReaderM Environment` monad, but you will
-find that in larger code bases, with many different types of monads all composed together this
-greatly cleans up the code. Monads provide a beautiful functional way of managing cross-cutting
-concerns that would otherwise make your code very messy.
-
-Having this control over the inherited `ReaderM` context via `withReader` is actually very useful
-and something that is quite messy if you try and do this sort of thing with global variables, saving
-the old value, setting the new one, calling the function, then restoring the old value, making sure
-you do that in a try/finally block and so on. The `ReaderM` design pattern avoids that mess
-entirely.
-
-Now it's time to move on to [StateM Monad](states.lean.md) which is like a `ReaderM` that is
-also updatable.
--/

doc/monads/states.lean

@@ -1,265 +0,0 @@
-import Lean.Data.HashMap
-/-!
-# State
-
-In the [previous section](readers.lean.md), you learned about the `ReaderM` monad. Hopefully this gave you
-a new perspective on Lean. It showed that, in fact, you _can_ have global variables of some sort;
-you just need to encode them in the type signature somehow, and this is what monads are for! In this
-part, you will explore the `StateM` monad, which is like a `ReaderM` only the state can also be updated.
-
-## Motivating example: Tic Tac Toe
-
-For this section, let's build a simple model for a Tic Tace Toe game. The main object is the `GameState`
-data type containing several important pieces of information. First and foremost, it has the
-"board", a map from 2D tile indices to the "Tile State" (X, O or empty). Then it also knows the
-current player, and it has a random generator.
--/
-
-open Batteries (HashMap)
-abbrev TileIndex := Nat × Nat -- a 2D index
-
-inductive TileState where
-  | TileEmpty | TileX | TileO
-  deriving Repr, BEq
-
-inductive Player where
-  | XPlayer | OPlayer
-  deriving Repr, BEq
-
-abbrev Board := HashMap TileIndex TileState
-
-structure GameState where
-  board : Board
-  currentPlayer : Player
-  generator : StdGen
-
-/-!
-Let's think at a high level about how some of the game functions would work. You could, for
-instance, have a function for selecting a random move. This would output a `TileIndex` to play and
-alter the game's number generator. You would then make a move based on the selected move and the
-current player. This would change the board state as well as swap the current player. In other
-words, you have operations that depend on the current state of the game, but also need to **update
-that state**.
-
-## The StateM Monad to the Rescue
-
-This is exactly the situation the `StateM` monad deals with. The `StateM` monad wraps computations in
-the context of reading and modifying a global state object.
-
-It is parameterized by a single type parameter `s`, the state type in use. So just like the `ReaderM`
-has a single type you read from, the `StateM` has a single type you can both **read from and write
-to**. There are three primary actions you can take within the `StateM`monad:
-
-- **get** - retrieves the state, like Reader.read
-- **set** - updates the state
-- **modifyGet** - retrieves the state, then updates it
-
-There is also a `run` function, similar to `run` on `ReaderM`. Like the `ReaderM` monad, you must
-provide an initial state, in addition to the computation to run. `StateM` then produces two outputs:
-the result of the computation combined with the final updated state.
-
-If you wish to discard the final state and just get the computation's result, you can use
-`run'` method instead.  Yes in Lean, the apostrophe can be part of a name, you read this "run
-prime", and the general naming convention is that the prime method discards something.
-
-So for your Tic Tac Toe game, many of your functions will have a signature like `State GameState a`.
-
-## Stateful Functions
-
-Now you can examine some of the different functions mentioned above and determine their types.
-You can, for instance, pick a random move:
-
--/
-open TileState
-
-def findOpen : StateM GameState (List TileIndex) := do
-  let game ← get
-  return game.board.toList.filterMap fun (i, x) => guard (x == TileEmpty) *> pure i
-
-def chooseRandomMove : StateM GameState TileIndex := do
-  let game ← get
-  let openSpots ← findOpen
-  let gen := game.generator
-  let (i, gen') := randNat gen 0 (openSpots.length - 1)
-  set { game with generator := gen' }
-  return openSpots[i]!
-
-/-!
-This returns a `TileIndex` and modifies the random number generator stored in the `GameState`!
-Notice you have a fun little use of the `Applicative.seqRight` operator `*>` in `findOpen`
-as described in [Applicatives](applicatives.lean.md).
-
-Now you can create the function that can make a move:
--/
-open Player
-
-def tileStateForPlayer : Player → TileState
-| XPlayer => TileX
-| OPlayer => TileO
-
-def nextPlayer : Player →  Player
-| XPlayer => OPlayer
-| OPlayer => XPlayer
-
-def applyMove (i : TileIndex): StateM GameState Unit := do
-  let game ← get
-  let p := game.currentPlayer
-  let newBoard := game.board.insert i (tileStateForPlayer p)
-  set { game with currentPlayer := nextPlayer p, board := newBoard }
-
-/-!
-This updates the board in the `GameState` with the new tile, and then changes the current player,
-providing no output (`Unit` return type).
-
-So finally, you can combine these functions together with `do` notation, and it actually looks quite
-clean! You don't need to worry about the side effects. The different monadic functions handle them.
-Here's a sample of what your function might look like to play one turn of the game. At the end, it
-returns a boolean determining if all the spaces have been filled.
-
-Notice in `isGameDone` and `nextTurn` we have stopped providing the full return type
-`StateM GameState Unit`.  This is because Lean is able to infer the correct monadic return type
-from the context and as a result the code is now looking really clean.
--/
-
-def isGameDone := do
-  return (← findOpen).isEmpty
-
-def nextTurn := do
-  let i ← chooseRandomMove
-  applyMove i
-  isGameDone
-
-/-!
-To give you a quick test harness that runs all moves for both players you can run this:
--/
-
-def initBoard : Board := Id.run do
-  let mut board := HashMap.empty
-  for i in [0:3] do
-    for j in [0:3] do
-      let t : TileIndex := (i, j)
-      board := board.insert t TileEmpty
-  board
-
-def printBoard (board : Board) : IO Unit := do
-  let mut row : List String := []
-  for i in board.toList do
-    let s := match i.2 with
-      | TileEmpty => " "
-      | TileX => "X"
-      | TileO => "O"
-    row := row.append [s]
-    if row.length == 3 then
-      IO.println row
-      row := []
-
-def playGame := do
-  while true do
-    let finished ← nextTurn
-    if finished then return
-
-def main : IO Unit := do
-  let gen ← IO.stdGenRef.get
-  let (x, gen') := randNat gen 0 1
-  let gs := {
-    board := initBoard,
-    currentPlayer := if x = 0 then XPlayer else OPlayer,
-    generator := gen' }
-  let (_, g) := playGame |>.run gs
-  printBoard g.board
-
-#eval main
--- [X, X, O]
--- [X, O, O]
--- [O, O, X]
-
-/-!
-
-Note that when you run the above code interactively the random number generator always starts in the
-same place.  But if you run `lean --run states.lean` then you will see randomness in the result.
-
-## Implementation
-
-It may be helpful to see how the `StateM` monad adds the input state and output state.  If you look
-at the reduced Type for `nextTurn`:
--/
-#reduce StateM GameState Bool
--- GameState → Bool × GameState
-/-!
-
-So a function like `nextTurn` that might have just returned a `Bool` has been modified by the
-`StateM` monad such that the initial `GameState` is passed in as a new input argument, and the output
-value has been changed to the pair `Bool × GameState` so that it can return the pure `Bool` and the
-updated `GameState`.  So `playGame` then is automatically saving that updated game state so that each
-time around the `while` loop it is acting on the new state, otherwise that would be an infinite loop!
-
-It is also interesting to see how much work the `do` and `←` notation are doing for you.  To
-implement the `nextTurn` function without these you would have to write this, manually plumbing
-the state all the way through:
--/
-def nextTurnManually : StateM GameState Bool
-| state =>
-  let (i, gs) := chooseRandomMove |>.run state
-  let (_, gs') := applyMove i  |>.run gs
-  let (result, gs'') := isGameDone |>.run gs'
-  (result, gs'')
-
-/-!
-
-This expression `let (i, gs)` conveniently breaks a returned pair up into 2 variables.
-In the expression `let (_, gs')` we didn't care what the first value was so we used underscore.
-Notice that nextTurn is capturing the updated game state from `chooseRandomMove` in the variable
-`gs`, which it is then passing to `applyMove` which returns `gs'` which is passed to `isGameDone`
-and that function returns `gs''` which we then return from `nextTurnManually`.  Phew, what a lot
-of work you don't have to do when you use `do` notation!
-
-## StateM vs ReaderM
-
-While `ReaderM` functions can use `withReader` to modify the context before calling another function,
-`StateM` functions are a little more powerful, let's look at this function again:
-```
-def nextTurn : StateM GameState Bool := do
-  let i ← chooseRandomMove
-  applyMove i
-  isGameDone
-```
-
-In this function `chooseRandomMove` is modifying the state that `applyMove` is getting
-and `chooseRandomMove` knows nothing about `applyMove`.  So `StateM` functions can have this
-kind of downstream effect outside their own scope, whereas, `withReader` cannot do that.
-
-So there is no equivalent to `withReader` for `StateM`, besides you can always use the `StateM`
-`set` function to modify the state before calling the next function anyway.  You could however,
-manually call a `StateM` function like you see in `nextTurnManually` and completely override
-the state at any point that way.
-
-## State, IO and other languages
-
-When thinking about Lean, it is often seen as a restriction that you can't have global variables or
-`static` variables like you can with other languages like Python or C++. However, hopefully you see
-now this isn't true. You can have a data type with exactly the same functionality as a Python class.
-You would simply have many functions that can modify some global state using the `StateM` monad.
-
-The difference is in Lean you simply put a label on these types of functions. You don't allow it to
-happen for free anywhere in an uncontrolled fashion because that results in too many sleepless
-nights debugging nasty code. You want to know when side effects can potentially happen, because
-knowing when they can happen makes your code easier to reason about. In a Python class, many of the
-methods won't actually need to modify the global state. But they could, which makes it harder to
-debug them. In Lean you can simply make these pure functions, and the compiler will ensure they stay
-pure and cannot modify any global state.
-
-IO is the same way. It's not like you can't perform IO in Lean. Instead, you want to label the areas
-where you can, to increase your certainty about the areas where you don't need to. When you know part of
-your code cannot communicate with the outside world, you can be far more certain of its behavior.
-
-The `StateM` monad is also a more disciplined way of managing side effects. Top level code could
-call a `StateM` function multiple times with different independent initial states, even doing that
-across multiple tasks in parallel and each of these cannot clobber the state belonging to other
-tasks. Monadic code is more predictable and reusable than code that uses global variables.
-
-## Summary
-
-That wraps it up for the `StateM` monad! There is one more very useful monad that can be used to do
-exception handling which will be covered in the [next section](except.lean.md).
-
--/

doc/monads/transformers.lean

@@ -1,316 +0,0 @@
-/-!
-# Monad Transformers
-
-In the previous sections you learned about some handy monads [Option](monads.lean.md),
-[IO](monads.lean.md), [Reader](readers.lean.md), [State](states.lean.md) and
-[Except](except.lean.md), and you now know how to make your function use one of these, but what you
-do not yet know is how to make your function use multiple monads at once.
-
-For example, suppose you need a function that wants to access some Reader context and optionally throw
-an exception?  This would require composition of two monads `ReaderM` and `Except` and this is what
-monad transformers are for.
-
-A monad transformer is fundamentally a wrapper type. It is generally parameterized by another
-monadic type. You can then run actions from the inner monad, while adding your own customized
-behavior for combining actions in this new monad. The common transformers add `T` to the end of an
-existing monad name. You will find `OptionT`, `ExceptT`, `ReaderT`, `StateT` but there is no transformer
-for `IO`.  So generally if you need `IO` it becomes the innermost wrapped monad.
-
-In the following example we use `ReaderT` to provide some read only context to a function
-and this `ReaderT` transformer will wrap an `Except` monad.  If all goes well the
-`requiredArgument` returns the value of a required argument and `optionalSwitch`
-returns true if the optional argument is present.
-
--/
-abbrev Arguments := List String
-
-def indexOf? [BEq α] (xs : List α) (s : α) (start := 0): Option Nat :=
-  match xs with
-  | [] => none
-  | a :: tail => if a == s then some start else indexOf? tail s (start+1)
-
-def requiredArgument (name : String) : ReaderT Arguments (Except String) String := do
-  let args ← read
-  let value := match indexOf? args name with
-    | some i => if i + 1 < args.length then args[i+1]! else ""
-    | none => ""
-  if value == "" then throw s!"Command line argument {name} missing"
-  return value
-
-def optionalSwitch (name : String) : ReaderT Arguments (Except String) Bool := do
-  let args ← read
-  return match (indexOf? args name) with
-  | some _ => true
-  | none => false
-
-#eval requiredArgument "--input" |>.run ["--input", "foo"]
--- Except.ok "foo"
-
-#eval requiredArgument "--input" |>.run ["foo", "bar"]
--- Except.error "Command line argument --input missing"
-
-#eval optionalSwitch "--help" |>.run ["--help"]
--- Except.ok true
-
-#eval optionalSwitch "--help" |>.run []
--- Except.ok false
-
-/-!
-Notice that `throw` was available from the inner `Except` monad. The cool thing is you can switch
-this around and get the exact same result using `ExceptT` as the outer monad transformer and
-`ReaderM` as the wrapped monad. Try changing requiredArgument to `ExceptT String (ReaderM Arguments) Bool`.
-
-Note: the `|>.` notation is described in [Readers](readers.lean.md#the-reader-solution).
-
-## Adding more layers
-
-Here's the best part about monad transformers. Since the result of a monad transformer is itself a
-monad, you can wrap it inside another transformer! Suppose you need to pass in some read only context
-like the command line arguments, update some read-write state (like program Config) and optionally
-throw an exception, then you could write this:
-
--/
-structure Config where
-  help : Bool := false
-  verbose : Bool := false
-  input : String := ""
-  deriving Repr
-
-abbrev CliConfigM := StateT Config (ReaderT Arguments (Except String))
-
-def parseArguments : CliConfigM Bool := do
-  let mut config ← get
-  if (← optionalSwitch "--help") then
-    throw "Usage: example [--help] [--verbose] [--input <input file>]"
-  config := { config with
-    verbose := (← optionalSwitch "--verbose"),
-    input := (← requiredArgument "--input") }
-  set config
-  return true
-
-def main (args : List String) : IO Unit := do
-  let config : Config := { input := "default"}
-  match parseArguments |>.run config |>.run args with
-  | Except.ok (_, c) => do
-    IO.println s!"Processing input '{c.input}' with verbose={c.verbose}"
-  | Except.error s => IO.println s
-
-
-#eval main ["--help"]
--- Usage: example [--help] [--verbose] [--input <input file>]
-
-#eval main ["--input", "foo"]
--- Processing input file 'foo' with verbose=false
-
-#eval main ["--verbose", "--input", "bar"]
--- Processing input 'bar' with verbose=true
-
-/-!
-In this example `parseArguments` is actually three stacked monads, `StateM`, `ReaderM`, `Except`. Notice
-the convention of abbreviating long monadic types with an alias like `CliConfigM`.
-
-## Monad Lifting
-
-Lean makes it easy to compose functions that use different monads using a concept of automatic monad
-lifting.  You already used lifting in the above code, because you were able to compose
-`optionalSwitch` which has type `ReaderT Arguments (Except String) Bool` and call it from
-`parseArguments` which has a bigger type `StateT Config (ReaderT Arguments (Except String))`.
-This "just worked" because Lean did some magic with monad lifting.
-
-To give you a simpler example of this, suppose you have the following function:
--/
-def divide (x : Float ) (y : Float): ExceptT String Id Float :=
-  if y == 0 then
-    throw "can't divide by zero"
-  else
-    pure (x / y)
-
-#eval divide 6 3 -- Except.ok 2.000000
-#eval divide 1 0 -- Except.error "can't divide by zero"
-/-!
-
-Notice here we used the `ExceptT` transformer, but we composed it with the `Id` identity monad.
-This is then the same as writing `Except String Float` since the identity monad does nothing.
-
-Now suppose you want to count the number of times divide is called and store the result in some
-global state:
--/
-
-def divideCounter (x : Float) (y : Float) : StateT Nat (ExceptT String Id) Float := do
-  modify fun s => s + 1
-  divide x y
-
-#eval divideCounter 6 3 |>.run 0    -- Except.ok (2.000000, 1)
-#eval divideCounter 1 0 |>.run 0    -- Except.error "can't divide by zero"
-
-/-!
-
-The `modify` function is a helper which makes it easier to use `modifyGet` from the `StateM` monad.
-But something interesting is happening here, `divideCounter` is returning the value of
-`divide`, but the types don't match, yet it works?  This is monad lifting in action.
-
-You can see this more clearly with the following test:
-
--/
-def liftTest (x : Except String Float) :
-  StateT Nat (Except String) Float := x
-
-#eval liftTest (divide 5 1) |>.run 3 -- Except.ok (5.000000, 3)
-
-/-!
-
-Notice that `liftTest` returned `x` without doing anything to it, yet that matched the return type
-`StateT Nat (Except String) Float`.  Monad lifting is provided by monad transformers.  if you
-`#print liftTest` you will see that Lean is implementing this using a call to a function named
-`monadLift` from the `MonadLift` type class:
-
-```lean,ignore
-class MonadLift (m : Type u → Type v) (n : Type u → Type w) where
-  monadLift : {α : Type u} → m α → n α
-```
-
-So `monadLift` is a function for lifting a computation from an inner `Monad m α ` to an outer `Monad n α`.
-You could replace `x` in `liftTest` with `monadLift x` if you want to be explicit about it.
-
-The StateT monad transformer defines an instance of `MonadLift` like this:
-
-```lean
-@[inline] protected def lift {α : Type u} (t : m α) : StateT σ m α :=
-  fun s => do let a ← t; pure (a, s)
-
-instance : MonadLift m (StateT σ m) := ⟨StateT.lift⟩
-```
-This means that any monad `m` can be wrapped in a `StateT` monad by using the function
-`fun s => do let a ← t; pure (a, s)` that takes state `s`, runs the inner monad action `t`, and
-returns the result and the new state in a pair `(a, s)` without making any changes to `s`.
-
-Because `MonadLift` is a type class, Lean can automatically find the required `monadLift`
-instances in order to make your code compile and in this way it was able to find the `StateT.lift`
-function and use it to wrap the result of `divide` so that the correct type is returned from
-`divideCounter`.
-
-If you have an instance `MonadLift m n` that means there is a way to turn a computation that happens
-inside of `m` into one that happens inside of `n` and (this is the key part) usually *without* the
-instance itself creating any additional data that feeds into the computation. This means you can in
-principle declare lifting instances from any monad to any other monad, it does not, however, mean
-that you should do this in all cases.  You can get a very nice report on how all this was done by
-adding the line `set_option trace.Meta.synthInstance true in` before `divideCounter` and moving you
-cursor to the end of the first line after `do`.
-
-This was a lot of detail, but it is very important to understand how monad lifting works because it
-is used heavily in Lean programs.
-
-## Transitive lifting
-
-There is also a transitive version of `MonadLift` called `MonadLiftT` which can lift multiple
-monad layers at once.  In the following example we added another monad layer with
-`ReaderT String ...` and notice that `x` is also automatically lifted to match.
-
--/
-def liftTest2 (x : Except String Float) :
-  ReaderT String (StateT Nat (Except String)) Float := x
-
-#eval liftTest2 (divide 5 1) |>.run "" |>.run 3
--- Except.ok (5.000000, 3)
-
-/-!
-
-The ReaderT monadLift is even simpler than the one for StateT:
-
-```lean,ignore
-instance  : MonadLift m (ReaderT ρ m) where
-  monadLift x := fun _ => x
-```
-
-This lift operation creates a function that defines the required `ReaderT` input
-argument, but the inner monad doesn't know or care about `ReaderT` so the
-monadLift function throws it away with the `_` then calls the inner monad action `x`.
-This is a perfectly legal implementation of the `ReaderM` monad.
-
-## Add your own Custom MonadLift
-
-This does not compile:
--/
-def main2 : IO Unit := do
-  try
-    let ret ← divideCounter 5 2 |>.run 0
-    IO.println (toString ret)
-  catch e =>
-    IO.println e
-
-/-!
-saying:
-```
-typeclass instance problem is stuck, it is often due to metavariables
-  ToString ?m.4786
-```
-
-The reason is `divideCounter` returns the big `StateT Nat (ExceptT String Id) Float` and that type
-cannot be automatically lifted into the `main` return type of `IO Unit` unless you give it some
-help.
-
-The following custom `MonadLift` solves this problem:
-
--/
-def liftIO (t : ExceptT String Id α) : IO α := do
-  match t with
-  | .ok r => EStateM.Result.ok r
-  | .error s => EStateM.Result.error s
-
-instance : MonadLift (ExceptT String Id) IO where
-  monadLift := liftIO
-
-def main3 : IO Unit := do
-  try
-    let ret ← divideCounter 5 2 |>.run 0
-    IO.println (toString ret)
-  catch e =>
-    IO.println e
-
-#eval main3 -- (2.500000, 1)
-/-!
-
-It turns out that the `IO` monad you see in your `main` function is based on the `EStateM.Result` type
-which is similar to the `Except` type but it has an additional return value. The `liftIO` function
-converts any `Except String α` into `IO α` by simply mapping the ok case of the `Except` to the
-`Result.ok` and the error case to the `Result.error`.
-
-## Lifting ExceptT
-
-In the previous [Except](except.lean.md) section you saw functions that `throw` Except
-values. When you get all the way back up to your `main` function which has type `IO Unit` you have
-the same problem you had above, because `Except String Float` doesn't match even if you use a
-`try/catch`.
-
--/
-
-def main4 : IO Unit := do
-  try
-    let ret ← divide 5 0
-    IO.println (toString ret)  -- lifting happens here.
-  catch e =>
-    IO.println s!"Unhandled exception: {e}"
-
-#eval main4 -- Unhandled exception: can't divide by zero
-
-/-!
-
-Without the `liftIO` the `(toString ret)` expression would not compile with a similar error:
-
-```
-typeclass instance problem is stuck, it is often due to metavariables
-  ToString ?m.6007
-```
-
-So the general lesson is that if you see an error like this when using monads, check for
-a missing `MonadLift`.
-
-## Summary
-
-Now that you know how to combine your monads together, you're almost done with understanding the key
-concepts of monads! You could probably go out now and start writing some pretty nice code! But to
-truly master monads, you should know how to make your own, and there's one final concept that you
-should understand for that. This is the idea of type "laws". Each of the structures you've learned
-so far has a series of laws associated with it. And for your instances of these classes to make
-sense, they should follow the laws! Check out [Monad Laws](laws.lean.md).
--/

doc/namespaces.md

@@ -1,108 +0,0 @@
-# Namespaces
-
-Lean provides us with the ability to group definitions into nested, hierarchical *namespaces*:
-
-```lean
-namespace Foo
-  def a : Nat := 5
-  def f (x : Nat) : Nat := x + 7
-
-  def fa : Nat := f a
-  def ffa : Nat := f (f a)
-
-  #check a
-  #check f
-  #check fa
-  #check ffa
-  #check Foo.fa
-end Foo
-
--- #check a  -- error
--- #check f  -- error
-#check Foo.a
-#check Foo.f
-#check Foo.fa
-#check Foo.ffa
-
-open Foo
-
-#check a
-#check f
-#check fa
-#check Foo.fa
-```
-
-When we declare that we are working in the namespace ``Foo``, every identifier we declare has
-a full name with prefix "``Foo.``" Within the namespace, we can refer to identifiers
-by their shorter names, but once we end the namespace, we have to use the longer names.
-
-The ``open`` command brings the shorter names into the current context. Often, when we import a
-module, we will want to open one or more of the namespaces it contains, to have access to the short identifiers.
-But sometimes we will want to leave this information hidden, for example, when they conflict with
-identifiers in another namespace we want to use. Thus namespaces give us a way to manage our working environment.
-
-For example, Lean groups definitions and theorems involving lists into a namespace ``List``.
-```lean
-#check List.nil
-#check List.cons
-#check List.map
-```
-We will discuss their types, below. The command ``open List`` allows us to use the shorter names:
-```lean
-open List
-
-#check nil
-#check cons
-#check map
-```
-Like sections, namespaces can be nested:
-```lean
-namespace Foo
-  def a : Nat := 5
-  def f (x : Nat) : Nat := x + 7
-
-  def fa : Nat := f a
-
-  namespace Bar
-    def ffa : Nat := f (f a)
-
-    #check fa
-    #check ffa
-  end Bar
-
-  #check fa
-  #check Bar.ffa
-end Foo
-
-#check Foo.fa
-#check Foo.Bar.ffa
-
-open Foo
-
-#check fa
-#check Bar.ffa
-```
-Namespaces that have been closed can later be reopened, even in another file:
-```lean
-namespace Foo
-  def a : Nat := 5
-  def f (x : Nat) : Nat := x + 7
-
-  def fa : Nat := f a
-end Foo
-
-#check Foo.a
-#check Foo.f
-
-namespace Foo
-  def ffa : Nat := f (f a)
-end Foo
-```
-
-Like sections, nested namespaces have to be closed in the order they are opened.
-Namespaces and sections serve different purposes: namespaces organize data and sections declare variables for insertion in definitions.
-Sections are also useful for delimiting the scope of commands such as ``set_option`` and ``open``.
-
-In many respects, however, a ``namespace ... end`` block behaves the same as a ``section ... end`` block.
-In particular, if you use the ``variable`` command within a namespace, its scope is limited to the namespace.
-Similarly, if you use an ``open`` command within a namespace, its effects disappear when the namespace is closed.

doc/nat.md

@@ -1,68 +0,0 @@
-# Natural numbers
-
-The `Nat` type represents the natural numbers, i.e., arbitrary-precision unsigned integers.
-There are no overflows.
-
-```lean
-#eval 100000000000000000 * 200000000000000000000 * 1000000000000000000000
-```
-
-A numeral is considered to be a `Nat` if there are no typing constraints.
-```lean
-#check 10    -- Nat
-#check id 10 -- Nat
-
-def f (x : Int) : Int :=
-  x - 1
-
-#eval f (3 - 5) -- 3 and 5 are `Int` since `f` expects an `Int`.
--- -3
-```
-
-The operator `-` for `Nat` implements truncated subtraction.
-```lean
-#eval 10 - 5 -- 5
-#eval 5 - 10 -- 0
-
-theorem ex : 5 - 10 = 0 :=
-  rfl
-
-#eval (5:Int) - 10 -- -5
-```
-
-The operator `/` for `Nat` implements Euclidean division.
-```lean
-#eval 10 / 4 -- 2
-
-#check 10.0 / 4.0 -- Float
-#eval 10.0 / 4.0  -- 2.5
-```
-
-As we described in the previous sections, we define the `Nat` type as an `inductive` datatype.
-```lean
-# namespace hidden
-inductive Nat where
-  | zero : Nat
-  | succ : Nat → Nat
-# end hidden
-```
-However, the internal representation of `Nat` is optimized. Small natural numbers (i.e., < `2^63` in a 64-bit machine) are
-represented by a single machine word. Big numbers are implemented using [GMP](https://gmplib.org/manual/) numbers.
-We recommend you use fixed precision numeric types only in performance critical code.
-
-The Lean kernel has builtin support for the `Nat` type too, and can efficiently reduce `Nat` expressions during type checking.
-```lean
-#reduce 100000000000000000 * 200000000000000000000 * 1000000000000000000000
-
-theorem ex
-      : 1000000000000000 * 2000000000000000000 = 2000000000000000000000000000000000 :=
-  rfl
-```
-The sharp-eyed reader will notice that GMP is part of the Lean kernel trusted code base.
-We believe this is not a problem because you can use external type checkers to double-check your developments,
-and we consider GMP very trustworthy.
-Existing external type checkers for Lean 3 (e.g., [Trepplein](https://github.com/gebner/trepplein) and [TC](https://github.com/leanprover/tc))
-can be easily adapted to Lean 4.
-If you are still concerned after checking your development with multiple different external checkers because
-they may all rely on buggy arbitrary-precision libraries,
-you can develop your own certified arbitrary-precision library and use it to implement your own type checker for Lean.

doc/notation.md

@@ -1,78 +0,0 @@
-# Notations and Precedence
-
-The most basic syntax extension commands allow introducing new (or
-overloading existing) prefix, infix, and postfix operators.
-
-```lean
-infixl:65   " + " => HAdd.hAdd  -- left-associative
-infix:50    " = " => Eq         -- non-associative
-infixr:80   " ^ " => HPow.hPow  -- right-associative
-prefix:75  "-"   => Neg.neg
-# set_option quotPrecheck false
-postfix:max "⁻¹"  => Inv.inv
-```
-
-After the initial command name describing the operator kind (its
-"fixity"), we give the *parsing precedence* of the operator preceded
-by a colon `:`, then a new or existing token surrounded by double
-quotes (the whitespace is used for pretty printing), then the function
-this operator should be translated to after the arrow `=>`.
-
-The precedence is a natural number describing how "tightly" an
-operator binds to its arguments, encoding the order of operations. We
-can make this more precise by looking at what the commands above unfold to:
-
-```lean
-notation:65 lhs:65 " + " rhs:66 => HAdd.hAdd lhs rhs
-notation:50 lhs:51 " = " rhs:51 => Eq lhs rhs
-notation:80 lhs:81 " ^ " rhs:80 => HPow.hPow lhs rhs
-notation:75 "-" arg:75 => Neg.neg arg
-# set_option quotPrecheck false
-notation:1024 arg:1024 "⁻¹" => Inv.inv arg  -- `max` is a shorthand for precedence 1024
-```
-
-It turns out that all commands from the first code block are in fact
-command *macros* translating to the more general `notation` command.
-We will learn about writing such macros below. Instead of a single
-token, the `notation` command accepts a mixed sequence of tokens and
-named term placeholders with precedences, which can be referenced on
-the right-hand side of `=>` and will be replaced by the respective
-term parsed at that position. A placeholder with precedence `p`
-accepts only notations with precedence at least `p` in that place.
-Thus the string `a + b + c` cannot be parsed as the equivalent of `a +
-(b + c)` because the right-hand side operand of an `infixl` notation
-has precedence one greater than the notation itself. In contrast,
-`infixr` reuses the notation's precedence for the right-hand side
-operand, so `a ^ b ^ c` *can* be parsed as `a ^ (b ^ c)`. Note that if
-we used `notation` directly to introduce an infix notation like
-```lean
-# set_option quotPrecheck false
-notation:65 lhs:65 " ~ " rhs:65 => wobble lhs rhs
-```
-where the precedences do not sufficiently determine associativity,
-Lean's parser will default to right associativity. More precisely,
-Lean's parser follows a local *longest parse* rule in the presence of
-ambiguous grammars: when parsing the right-hand side of `a ~` in `a ~
-b ~ c`, it will continue parsing as long as possible (as the current
-precedence allows), not stopping after `b` but parsing `~ c` as well.
-Thus the term is equivalent to `a ~ (b ~ c)`.
-
-As mentioned above, the `notation` command allows us to define
-arbitrary *mixfix* syntax freely mixing tokens and placeholders.
-```lean
-# set_option quotPrecheck false
-notation:max "(" e ")" => e
-notation:10 Γ " ⊢ " e " : " τ => Typing Γ e τ
-```
-Placeholders without precedence default to `0`, i.e. they accept
-notations of any precedence in their place. If two notations overlap,
-we again apply the longest parse rule:
-```lean
-notation:65 a " + " b:66 " + " c:66 => a + b - c
-#eval 1 + 2 + 3  -- 0
-```
-The new notation is preferred to the binary notation since the latter,
-before chaining, would stop parsing after `1 + 2`. If there are
-multiple notations accepting the same longest parse, the choice will
-be delayed until elaboration, which will fail unless exactly one
-overload is type correct.

doc/option.md

@@ -1 +0,0 @@
-# Option

doc/organization.md

@@ -1,4 +0,0 @@
-# Organizational features
-
-In this section we introduce some organizational features of Lean that are not a part of its kernel per se,
-but make it possible to work in the framework more efficiently.

doc/reference.md

@@ -0,0 +1,3 @@
+# The Lean Reference Manual
+
+The latest version of the Lean reference manual is available [here](https://lean-lang.org/doc/reference/latest).

doc/sections.md

@@ -1,70 +0,0 @@
-# Variables and Sections
-
-Consider the following three function definitions:
-```lean
-def compose (α β γ : Type) (g : β → γ) (f : α → β) (x : α) : γ :=
-  g (f x)
-
-def doTwice (α : Type) (h : α → α) (x : α) : α :=
-  h (h x)
-
-def doThrice (α : Type) (h : α → α) (x : α) : α :=
-  h (h (h x))
-```
-
-Lean provides us with the ``variable`` command to make such declarations look more compact:
-
-```lean
-variable (α β γ : Type)
-
-def compose (g : β → γ) (f : α → β) (x : α) : γ :=
-  g (f x)
-
-def doTwice (h : α → α) (x : α) : α :=
-  h (h x)
-
-def doThrice (h : α → α) (x : α) : α :=
-  h (h (h x))
-```
-We can declare variables of any type, not just ``Type`` itself:
-```lean
-variable (α β γ : Type)
-variable (g : β → γ) (f : α → β) (h : α → α)
-variable (x : α)
-
-def compose := g (f x)
-def doTwice := h (h x)
-def doThrice := h (h (h x))
-
-#print compose
-#print doTwice
-#print doThrice
-```
-Printing them out shows that all three groups of definitions have exactly the same effect.
-
-The ``variable`` command instructs Lean to insert the declared variables as bound variables in definitions that refer to them.
-Lean is smart enough to figure out which variables are used explicitly or implicitly in a definition. We can therefore proceed as
-though ``α``, ``β``, ``γ``, ``g``, ``f``, ``h``, and ``x`` are fixed objects when we write our definitions, and let Lean abstract
-the definitions for us automatically.
-
-When declared in this way, a variable stays in scope until the end of the file we are working on.
-Sometimes, however, it is useful to limit the scope of a variable. For that purpose, Lean provides the notion of a ``section``:
-
-```lean
-section useful
-  variable (α β γ : Type)
-  variable (g : β → γ) (f : α → β) (h : α → α)
-  variable (x : α)
-
-  def compose := g (f x)
-  def doTwice := h (h x)
-  def doThrice := h (h (h x))
-end useful
-```
-
-When the section is closed, the variables go out of scope, and become nothing more than a distant memory.
-
-You do not have to indent the lines within a section. Nor do you have to name a section, which is to say,
-you can use an anonymous ``section`` / ``end`` pair.
-If you do name a section, however, you have to close it using the same name.
-Sections can also be nested, which allows you to declare new variables incrementally.

doc/string.md

@@ -1 +0,0 @@
-# Strings

doc/stringinterp.md

@@ -1,58 +0,0 @@
-# String interpolation
-
-The `s!` prefix identifies a string literal as an interpolated string.
-An interpolated string is a string literal that might contain interpolation expressions.
-When an interpolated string is resolved to a result string, items with interpolation expressions are
-replaced by the string representations of the expression results. The polymorphic method `toString` is used
-to convert the value into a string.
-
-String interpolation provides a more readable and convenient syntax to create formatted strings than
-a string composite formatting feature. The following example uses both features to produce the same output:
-
-```lean
-def name := "John"
-def age  := 28
-
-#eval IO.println s!"Hello, {name}! Are you {age} years old?"
-
-#eval IO.println ("Hello, " ++ name ++ "! Are you " ++ toString age ++ " years old?")
-
--- `println! <interpolated-string>` is a macro for `IO.println s!<interpolated-string>`
-#eval println! "Hello, {name}! Are you {age} years old?"
-```
-
-# Structure of an interpolated string
-
-To identify a string literal as an interpolated string, prepend it with `s!`.
-Terms inside braces `{}` are ordinary expressions whose type implements the type class `ToString`.
-To include a curly brace `{` in your interpolated string, you must escape it using `\{`.
-You can nest interpolated strings inside interpolated strings.
-
-```lean
-def vals := [1, 2, 3]
-
-#eval IO.println s!"\{ vals := {vals} }"
-
-#eval IO.println s!"variables: {vals.map (fun i => s!"x_{i}")}"
-```
-
-# `ToString` instances
-
-You can define a `ToString` instance for your own datatypes.
-
-```lean
-structure Person where
-  name : String
-  age  : Nat
-
-instance : ToString Person where
-  toString : Person -> String
-    | { name := n, age := v } => s!"\{ name := {n}, age := {v} }"
-
-def person1 : Person := {
-  name := "John"
-  age  := 28
-}
-
-#eval println! "person1: {person1}"
-```

doc/struct.md

@@ -1,227 +0,0 @@
-# Structures
-
-Structure is a special case of inductive datatype. It has only one constructor and is not recursive.
-Similar to the `inductive` command, the `structure` command introduces a namespace with the same name.
-The general form is as follows:
-```
-structure <name> <parameters> <parent-structures> where
-  <constructor-name> :: <fields>
-```
-Most parts are optional. Here is our first example.
-```lean
-structure Point (α : Type u) where
-  x : α
-  y : α
-```
-In the example above, the constructor name is not provided. So, the constructor is named `mk` by Lean.
-Values of type ``Point`` are created using `Point.mk a b` or `{ x := a, y := b : Point α }`. The latter can be
-written as `{ x := a, y := b }` when the expected type is known.
-The fields of a point ``p`` are accessed using ``Point.x p`` and ``Point.y p``. You can also the more compact notation `p.x` and `p.y` as a shorthand
-for `Point.x p` and `Point.y p`.
-```lean
-# structure Point (α : Type u) where
-#  x : α
-#  y : α
-#check Point
-#check Point       -- Type u -> Type u
-#check @Point.mk   -- {α : Type u} → α → α → Point α
-#check @Point.x    -- {α : Type u} → Point α → α
-#check @Point.y    -- {α : Type u} → Point α → α
-
-#check Point.mk 10 20                   -- Point Nat
-#check { x := 10, y := 20 : Point Nat } -- Point Nat
-
-def mkPoint (a : Nat) : Point Nat :=
-  { x := a, y := a }
-
-#eval (Point.mk 10 20).x                   -- 10
-#eval (Point.mk 10 20).y                   -- 20
-#eval { x := 10, y := 20 : Point Nat }.x   -- 10
-#eval { x := 10, y := 20 : Point Nat }.y   -- 20
-
-def addXY (p : Point Nat) : Nat :=
-  p.x + p.y
-
-#eval addXY { x := 10, y := 20 }    -- 30
-```
-In the notation `{ ... }`, if the fields are in different lines, the `,` is optional.
-```lean
-# structure Point (α : Type u) where
-#  x : α
-#  y : α
-def mkPoint (a : Nat) : Point Nat := {
-  x := a
-  y := a
-}
-```
-You can also use `where` instead of `:= { ... }`.
-```lean
-# structure Point (α : Type u) where
-#  x : α
-#  y : α
-def mkPoint (a : Nat) : Point Nat where
-  x := a
-  y := a
-```
-
-Here are some simple theorems about our `Point` type.
-```lean
-# structure Point (α : Type u) where
-#  x : α
-#  y : α
-theorem ex1 (a b : α) : (Point.mk a b).x = a :=
-  rfl
-
-theorem ex2 (a b : α) : (Point.mk a b).y = b :=
-  rfl
-
-theorem ex3 (a b : α) : Point.mk a b = { x := a, y := b } :=
-  rfl
-```
-
-The dot notation is convenient not just for accessing the projections of a structure,
-but also for applying functions defined in a namespace with the same name.
-If ``p`` has type ``Point``, the expression ``p.foo`` is interpreted as ``Point.foo p``,
-assuming that the first argument to ``foo`` has type ``Point``.
-The expression ``p.add q`` is therefore shorthand for ``Point.add p q`` in the example below.
-```lean
-structure Point (α : Type u) where
-  x : α
-  y : α
-
-def Point.add (p q : Point Nat) : Point Nat :=
-  { x := p.x + q.x, y := p.y + q.y }
-
-def p : Point Nat := Point.mk 1 2
-def q : Point Nat := Point.mk 3 4
-
-#eval (p.add q).x  -- 4
-#eval (p.add q).y  -- 6
-```
-
-After we introduce type classes, we show how to define a function like ``add`` so that
-it works generically for elements of ``Point α`` rather than just ``Point Nat``,
-assuming ``α`` has an associated addition operation.
-
-More generally, given an expression ``p.foo x y z``, Lean will insert ``p`` at the first argument to ``foo`` of type ``Point``.
-For example, with the definition of scalar multiplication below, ``p.smul 3`` is interpreted as ``Point.smul 3 p``.
-
-```lean
-structure Point (α : Type u) where
-  x : α
-  y : α
-
-def Point.smul (n : Nat) (p : Point Nat) :=
-  Point.mk (n * p.x) (n * p.y)
-
-def p : Point Nat :=
-  Point.mk 1 2
-
-#eval (p.smul 3).x -- 3
-#eval (p.smul 3).y -- 6
-```
-
-##  Inheritance
-
-We can *extend* existing structures by adding new fields. This feature allows us to simulate a form of *inheritance*.
-
-```lean
-structure Point (α : Type u) where
-  x : α
-  y : α
-
-inductive Color where
-  | red
-  | green
-  | blue
-
-structure ColorPoint (α : Type u) extends Point α where
-  color : Color
-
-#check { x := 10, y := 20, color := Color.red : ColorPoint Nat }
--- { toPoint := { x := 10, y := 20 }, color := Color.red }
-```
-The output for the `check` command above suggests how Lean encoded inheritance and multiple inheritance.
-Lean uses fields to each parent structure.
-
-```lean
-structure Foo where
-  x : Nat
-  y : Nat
-
-structure Boo where
-  w : Nat
-  z : Nat
-
-structure Bla extends Foo, Boo where
-  bit : Bool
-
-#check Bla.mk -- Foo → Boo → Bool → Bla
-#check Bla.mk { x := 10, y := 20 } { w := 30, z := 40 } true
-#check { x := 10, y := 20, w := 30, z := 40, bit := true : Bla }
-#check { toFoo := { x := 10, y := 20 },
-         toBoo := { w := 30, z := 40 },
-         bit := true : Bla }
-
-theorem ex :
-    Bla.mk { x := x, y := y } { w := w, z := z } b
-    =
-    { x := x, y := y, w := w, z := z, bit := b } :=
-  rfl
-```
-
-## Default field values
-
-You can assign default value to fields when declaring a new structure.
-```lean
-inductive MessageSeverity
-  | error | warning
-
-structure Message where
-  fileName : String
-  pos      : Option Nat      := none
-  severity : MessageSeverity := MessageSeverity.error
-  caption  : String          := ""
-  data     : String
-
-def msg1 : Message :=
-  { fileName := "foo.lean", data := "failed to import file" }
-
-#eval msg1.pos      -- none
-#eval msg1.fileName -- "foo.lean"
-#eval msg1.caption  -- ""
-```
-When extending a structure, you can not only add new fields, but provide new default values for existing fields.
-```lean
-# inductive MessageSeverity
-#  | error | warning
-# structure Message where
-#  fileName : String
-#  pos      : Option Nat      := none
-#  severity : MessageSeverity := MessageSeverity.error
-#  caption  : String          := ""
-#  data     : String
-structure MessageExt extends Message where
-  timestamp : Nat
-  caption   := "extended" -- new default value for field `caption`
-
-def msg2 : MessageExt where
-  fileName  := "bar.lean"
-  data      := "error at initialization"
-  timestamp := 10
-
-#eval msg2.fileName  -- "bar.lean"
-#eval msg2.timestamp -- 10
-#eval msg2.caption   -- "extended"
-```
-
-## Updating structure fields
-
-Structure fields can be updated using `{ <struct-val> with <field> := <new-value>, ... }`:
-
-```lean
-# structure Point (α : Type u) where
-#  x : α
-#  y : α
-def incrementX (p : Point Nat) : Point Nat := { p with x := p.x + 1 }
-```

doc/syntax.md

@@ -1,20 +0,0 @@
-# Syntax Extensions
-
-Lean's syntax can be extended and customized
-by users at every level, ranging from [basic "mixfix" notations](./notation.md)
-over [macro transformers](./macro_overview.md) to
-[type-aware elaborators](./elaborators.md). In fact, all builtin syntax is parsed and
-processed using the same mechanisms and APIs open to users. In this
-section, we will describe and explain the various extension points.
-Significant syntax extensions already builtin into Lean such as the
-[`do` notation](./do.md) are described in subsections.
-
-While introducing new syntax is a relatively rare feature in
-programming languages and sometimes even frowned upon because of its
-potential to obscure code, it is an invaluable tool in formalization
-for expressing established conventions and notations of the respective
-field succinctly in code. Going beyond basic notations, Lean's ability
-to factor out common boilerplate code into (well-behaved) macros and
-to embed entire custom domain specific languages (DSLs) to textually
-encode subproblems efficiently and readably can be of great benefit to
-both programmers and proof engineers alike.

doc/task.md

@@ -1 +0,0 @@
-# Task

doc/thunk.md

@@ -1,104 +0,0 @@
-# Thunks, Tasks, and Threads
-
-A `Thunk` is defined as
-```lean
-# namespace Ex
-# universe u
-structure Thunk (α : Type u) : Type u where
-  fn : Unit → α
-# end Ex
-```
-A `Thunk` encapsulates a computation without evaluation.
-That is, a `Thunk` stores the way of how the value would be computed.
-The Lean runtime has special support for `Thunk`s. It caches their values
-after they are computed for the first time. This feature is useful for implementing
-data structures such as lazy lists.
-Here is a small example using a `Thunk`.
-```lean
-def fib : Nat → Nat
-  | 0   => 0
-  | 1   => 1
-  | x+2 => fib (x+1) + fib x
-
-def f (c : Bool) (x : Thunk Nat) : Nat :=
-  if c then
-    x.get
-  else
-    0
-
-def g (c : Bool) (x : Nat) : Nat :=
-  f c (Thunk.mk (fun _ => fib x))
-
-#eval g false 1000
-```
-The function `f` above uses `x.get` to evaluate the `Thunk` `x`.
-The expression `Thunk.mk (fun _ => fib x)` creates a `Thunk` for computing `fib x`.
-Note that `fib` is a very naive function for computing the Fibonacci numbers,
-and it would an unreasonable amount of time to compute `fib 1000`. However, our
-test terminates instantaneously because the `Thunk` is not evaluated when `c` is `false`.
-Lean has a builtin coercion from any type `a` to `Thunk a`. You write the function `g` above as
-```lean
-# def fib : Nat → Nat
-#  | 0   => 0
-#  | 1   => 1
-#  | x+2 => fib (x+1) + fib x
-# def f (c : Bool) (x : Thunk Nat) : Nat :=
-#  if c then
-#    x.get
-#  else
-#    0
-def g (c : Bool) (x : Nat) : Nat :=
-  f c (fib x)
-
-#eval g false 1000
-```
-In the following example, we use the macro `dbg_trace` to demonstrate
-that the Lean runtime caches the value computed by a `Thunk`.
-We remark that the macro `dbg_trace` should be used for debugging purposes
-only.
-```lean
-def add1 (x : Nat) : Nat :=
-  dbg_trace "add1: {x}"
-  x + 1
-
-def double (x : Thunk Nat) : Nat :=
-  x.get + x.get
-
-def triple (x : Thunk Nat) : Nat :=
-  double x + x.get
-
-def test (x : Nat) : Nat :=
-  triple (add1 x)
-
-#eval test 2
--- add1: 2
--- 9
-```
-Note that the message `add1: 2` is printed only once.
-Now, consider the same example using `Unit -> Nat` instead of `Thunk Nat`.
-```lean
-def add1 (x : Nat) : Nat :=
-  dbg_trace "add1: {x}"
-  x + 1
-
-def double (x : Unit -> Nat) : Nat :=
-  x () + x ()
-
-def triple (x : Unit -> Nat) : Nat :=
-  double x + x ()
-
-def test (x : Nat) : Nat :=
-  triple (fun _ => add1 x)
-
-#eval test 2
--- add1: 2
--- add1: 2
--- 9
-```
-Now, the message `add1: 2` is printed twice.
-It may come as a surprise that it was printed twice instead of three times.
-As we pointed out, `dbg_trace` is a macro used for debugging purposes only,
-and `add1` is still considered to be a pure function.
-The Lean compiler performs common subexpression elimination when compiling `double`,
-and the produced code for `double` executes `x ()` only once instead of twice.
-This transformation is safe because `x : Unit -> Nat` is pure.

doc/typeclass.md

@@ -1,457 +0,0 @@
-# Type classes
-
-Typeclasses were introduced as a principled way of enabling
-ad-hoc polymorphism in functional programming languages. We first observe that it
-would be easy to implement an ad-hoc polymorphic function (such as addition) if the
-function simply took the type-specific implementation of addition as an argument
-and then called that implementation on the remaining arguments. For example,
-suppose we declare a structure in Lean to hold implementations of addition
-```lean
-# namespace Ex
-structure Add (a : Type) where
-  add : a -> a -> a
-
-#check @Add.add
--- Add.add : {a : Type} → Add a → a → a → a
-# end Ex
-```
-In the above Lean code, the field `add` has type
-`Add.add : {α : Type} → Add α → α → α → α`
-where the curly braces around the type `a` mean that it is an implicit argument.
-We could implement `double` by
-```lean
-# namespace Ex
-# structure Add (a : Type) where
-#  add : a -> a -> a
-def double (s : Add a) (x : a) : a :=
-  s.add x x
-
-#eval double { add := Nat.add } 10
--- 20
-
-#eval double { add := Nat.mul } 10
--- 100
-
-#eval double { add := Int.add } 10
--- 20
-
-# end Ex
-```
-Note that you can double a natural number `n` by `double { add := Nat.add } n`.
-Of course, it would be highly cumbersome for users to manually pass the
-implementations around in this way.
-Indeed, it would defeat most of the potential benefits of ad-hoc
-polymorphism.
-
-The main idea behind typeclasses is to make arguments such as `Add a` implicit,
-and to use a database of user-defined instances to synthesize the desired instances
-automatically through a process known as typeclass resolution. In Lean, by changing
-`structure` to `class` in the example above, the type of `Add.add` becomes
-```lean
-# namespace Ex
-class Add (a : Type) where
-  add : a -> a -> a
-
-#check @Add.add
--- Add.add : {a : Type} → [self : Add a] → a → a → a
-# end Ex
-```
-where the square brackets indicate that the argument of type `Add a` is *instance implicit*,
-i.e. that it should be synthesized using typeclass resolution. This version of
-`add` is the Lean analogue of the Haskell term `add :: Add a => a -> a -> a`.
-Similarly, we can register an instance by
-```lean
-# namespace Ex
-# class Add (a : Type) where
-#  add : a -> a -> a
-instance : Add Nat where
-  add := Nat.add
-
-# end Ex
-```
-Then for `n : Nat` and `m : Nat`, the term `Add.add n m` triggers typeclass resolution with the goal
-of `Add Nat`, and typeclass resolution will synthesize the instance above. In
-general, instances may depend on other instances in complicated ways. For example,
-you can declare an (anonymous) instance stating that if `a` has addition, then `Array a`
-has addition:
-```lean
-instance [Add a] : Add (Array a) where
-  add x y := Array.zipWith x y (· + ·)
-
-#eval Add.add #[1, 2] #[3, 4]
--- #[4, 6]
-
-#eval #[1, 2] + #[3, 4]
--- #[4, 6]
-```
-Note that `x + y` is notation for `Add.add x y` in Lean.
-
-The example above demonstrates how type classes are used to overload notation.
-Now, we explore another application. We often need an arbitrary element of a given type.
-Recall that types may not have any elements in Lean.
-It often happens that we would like a definition to return an arbitrary element in a "corner case."
-For example, we may like the expression ``head xs`` to be of type ``a`` when ``xs`` is of type ``List a``.
-Similarly, many theorems hold under the additional assumption that a type is not empty.
-For example, if ``a`` is a type, ``exists x : a, x = x`` is true only if ``a`` is not empty.
-The standard library defines a type class ``Inhabited`` to enable type class inference to infer a
-"default" or "arbitrary" element of an inhabited type.
-Let us start with the first step of the program above, declaring an appropriate class:
-
-```lean
-# namespace Ex
-class Inhabited (a : Sort u) where
-  default : a
-
-#check @Inhabited.default
--- Inhabited.default : {a : Sort u} → [self : Inhabited a] → a
-# end Ex
-```
-Note `Inhabited.default` doesn't have any explicit argument.
-
-An element of the class ``Inhabited a`` is simply an expression of the form ``Inhabited.mk x``, for some element ``x : a``.
-The projection ``Inhabited.default`` will allow us to "extract" such an element of ``a`` from an element of ``Inhabited a``.
-Now we populate the class with some instances:
-
-```lean
-# namespace Ex
-# class Inhabited (a : Sort _) where
-#  default : a
-instance : Inhabited Bool where
-  default := true
-
-instance : Inhabited Nat where
-  default := 0
-
-instance : Inhabited Unit where
-  default := ()
-
-instance : Inhabited Prop where
-  default := True
-
-#eval (Inhabited.default : Nat)
--- 0
-
-#eval (Inhabited.default : Bool)
--- true
-# end Ex
-```
-You can use the command `export` to create the alias `default` for `Inhabited.default`
-```lean
-# namespace Ex
-# class Inhabited (a : Sort _) where
-#  default : a
-# instance : Inhabited Bool where
-#  default := true
-# instance : Inhabited Nat where
-#  default := 0
-# instance : Inhabited Unit where
-#  default := ()
-# instance : Inhabited Prop where
-#  default := True
-export Inhabited (default)
-
-#eval (default : Nat)
--- 0
-
-#eval (default : Bool)
--- true
-# end Ex
-```
-
-## Chaining Instances
-
-If that were the extent of type class inference, it would not be all that impressive;
-it would be simply a mechanism of storing a list of instances for the elaborator to find in a lookup table.
-What makes type class inference powerful is that one can *chain* instances. That is,
-an instance declaration can in turn depend on an implicit instance of a type class.
-This causes class inference to chain through instances recursively, backtracking when necessary, in a Prolog-like search.
-
-For example, the following definition shows that if two types ``a`` and ``b`` are inhabited, then so is their product:
-```lean
-instance [Inhabited a] [Inhabited b] : Inhabited (a × b) where
-  default := (default, default)
-```
-With this added to the earlier instance declarations, type class instance can infer, for example, a default element of ``Nat × Bool``:
-```lean
-# namespace Ex
-# class Inhabited (a : Sort u) where
-#  default : a
-# instance : Inhabited Bool where
-#  default := true
-# instance : Inhabited Nat where
-#  default := 0
-# opaque default [Inhabited a] : a :=
-#  Inhabited.default
-instance [Inhabited a] [Inhabited b] : Inhabited (a × b) where
-  default := (default, default)
-
-#eval (default : Nat × Bool)
--- (0, true)
-# end Ex
-```
-Similarly, we can inhabit type function with suitable constant functions:
-```lean
-# namespace Ex
-# class Inhabited (a : Sort u) where
-#  default : a
-# opaque default [Inhabited a] : a :=
-#  Inhabited.default
-instance [Inhabited b] : Inhabited (a -> b) where
-  default := fun _ => default
-# end Ex
-```
-As an exercise, try defining default instances for other types, such as `List` and `Sum` types.
-
-The Lean standard library contains the definition `inferInstance`. It has type `{α : Sort u} → [i : α] → α`,
-and is useful for triggering the type class resolution procedure when the expected type is an instance.
-```lean
-#check (inferInstance : Inhabited Nat) -- Inhabited Nat
-
-def foo : Inhabited (Nat × Nat) :=
-  inferInstance
-
-theorem ex : foo.default = (default, default) :=
-  rfl
-```
-You can use the command `#print` to inspect how simple `inferInstance` is.
-```lean
-#print inferInstance
-```
-
-## ToString
-
-The polymorphic method `toString` has type `{α : Type u} → [ToString α] → α → String`. You implement the instance
-for your own types and use chaining to convert complex values into strings. Lean comes with `ToString` instances
-for most builtin types.
-```lean
-structure Person where
-  name : String
-  age  : Nat
-
-instance : ToString Person where
-  toString p := p.name ++ "@" ++ toString p.age
-
-#eval toString { name := "Leo", age := 542 : Person }
-#eval toString ({ name := "Daniel", age := 18 : Person }, "hello")
-```
-## Numerals
-
-Numerals are polymorphic in Lean. You can use a numeral (e.g., `2`) to denote an element of any type that implements
-the type class `OfNat`.
-```lean
-structure Rational where
-  num : Int
-  den : Nat
-  inv : den ≠ 0
-
-instance : OfNat Rational n where
-  ofNat := { num := n, den := 1, inv := by decide }
-
-instance : ToString Rational where
-  toString r := s!"{r.num}/{r.den}"
-
-#eval (2 : Rational) -- 2/1
-
-#check (2 : Rational) -- Rational
-#check (2 : Nat)      -- Nat
-```
-Lean elaborate the terms `(2 : Nat)` and `(2 : Rational)` as
-`OfNat.ofNat Nat 2 (instOfNatNat 2)` and
-`OfNat.ofNat Rational 2 (instOfNatRational 2)` respectively.
-We say the numerals `2` occurring in the elaborated terms are *raw* natural numbers.
-You can input the raw natural number `2` using the macro `nat_lit 2`.
-```lean
-#check nat_lit 2  -- Nat
-```
-Raw natural numbers are *not* polymorphic.
-
-The `OfNat` instance is parametric on the numeral. So, you can define instances for particular numerals.
-The second argument is often a variable as in the example above, or a *raw* natural number.
-```lean
-class Monoid (α : Type u) where
-  unit : α
-  op   : α → α → α
-
-instance [s : Monoid α] : OfNat α (nat_lit 1) where
-  ofNat := s.unit
-
-def getUnit [Monoid α] : α :=
-  1
-```
-
-Because many users were forgetting the `nat_lit` when defining `OfNat` instances, Lean also accepts `OfNat` instance
-declarations not using `nat_lit`. Thus, the following is also accepted.
-```lean
-class Monoid (α : Type u) where
-  unit : α
-  op   : α → α → α
-
-instance [s : Monoid α] : OfNat α 1 where
-  ofNat := s.unit
-
-def getUnit [Monoid α] : α :=
-  1
-```
-
-## Output parameters
-
-By default, Lean only tries to synthesize an instance `Inhabited T` when the term `T` is known and does not
-contain missing parts. The following command produces the error
-"failed to create type class instance for `Inhabited (Nat × ?m.1499)`" because the type has a missing part (i.e., the `_`).
-```lean
-# -- FIXME: should fail
-#check (inferInstance : Inhabited (Nat × _))
-```
-You can view the parameter of the type class `Inhabited` as an *input* value for the type class synthesizer.
-When a type class has multiple parameters, you can mark some of them as output parameters.
-Lean will start type class synthesizer even when these parameters have missing parts.
-In the following example, we use output parameters to define a *heterogeneous* polymorphic
-multiplication.
-```lean
-# namespace Ex
-class HMul (α : Type u) (β : Type v) (γ : outParam (Type w)) where
-  hMul : α → β → γ
-
-export HMul (hMul)
-
-instance : HMul Nat Nat Nat where
-  hMul := Nat.mul
-
-instance : HMul Nat (Array Nat) (Array Nat) where
-  hMul a bs := bs.map (fun b => hMul a b)
-
-#eval hMul 4 3           -- 12
-#eval hMul 4 #[2, 3, 4]  -- #[8, 12, 16]
-# end Ex
-```
-The parameters `α` and `β` are considered input parameters and `γ` an output one.
-Given an application `hMul a b`, after types of `a` and `b` are known, the type class
-synthesizer is invoked, and the resulting type is obtained from the output parameter `γ`.
-In the example above, we defined two instances. The first one is the homogeneous
-multiplication for natural numbers. The second is the scalar multiplication for arrays.
-Note that, you chain instances and generalize the second instance.
-```lean
-# namespace Ex
-class HMul (α : Type u) (β : Type v) (γ : outParam (Type w)) where
-  hMul : α → β → γ
-
-export HMul (hMul)
-
-instance : HMul Nat Nat Nat where
-  hMul := Nat.mul
-
-instance : HMul Int Int Int where
-  hMul := Int.mul
-
-instance [HMul α β γ] : HMul α (Array β) (Array γ) where
-  hMul a bs := bs.map (fun b => hMul a b)
-
-#eval hMul 4 3                    -- 12
-#eval hMul 4 #[2, 3, 4]           -- #[8, 12, 16]
-#eval hMul (-2) #[3, -1, 4]       -- #[-6, 2, -8]
-#eval hMul 2 #[#[2, 3], #[0, 4]]  -- #[#[4, 6], #[0, 8]]
-# end Ex
-```
-You can use our new scalar array multiplication instance on arrays of type `Array β`
-with a scalar of type `α` whenever you have an instance `HMul α β γ`.
-In the last `#eval`, note that the instance was used twice on an array of arrays.
-
-## Default instances
-
-In the class `HMul`, the parameters `α` and `β` are treated as input values.
-Thus, type class synthesis only starts after these two types are known. This may often
-be too restrictive.
-```lean
-# namespace Ex
-class HMul (α : Type u) (β : Type v) (γ : outParam (Type w)) where
-  hMul : α → β → γ
-
-export HMul (hMul)
-
-instance : HMul Int Int Int where
-  hMul := Int.mul
-
-def xs : List Int := [1, 2, 3]
-
-# -- TODO: fix error message
--- Error "failed to create type class instance for HMul Int ?m.1767 (?m.1797 x)"
--- #check fun y => xs.map (fun x => hMul x y)
-# end Ex
-```
-The instance `HMul` is not synthesized by Lean because the type of `y` has not been provided.
-However, it is natural to assume that the type of `y` and `x` should be the same in
-this kind of situation. We can achieve exactly that using *default instances*.
-```lean
-# namespace Ex
-class HMul (α : Type u) (β : Type v) (γ : outParam (Type w)) where
-  hMul : α → β → γ
-
-export HMul (hMul)
-
-@[default_instance]
-instance : HMul Int Int Int where
-  hMul := Int.mul
-
-def xs : List Int := [1, 2, 3]
-
-#check fun y => xs.map (fun x => hMul x y)  -- Int -> List Int
-# end Ex
-```
-By tagging the instance above with the attribute `default_instance`, we are instructing Lean
-to use this instance on pending type class synthesis problems.
-The actual Lean implementation defines homogeneous and heterogeneous classes for arithmetical operators.
-Moreover, `a+b`, `a*b`, `a-b`, `a/b`, and `a%b` are notations for the heterogeneous versions.
-The instance `OfNat Nat n` is the default instance (with priority `100`) for the `OfNat` class. This is why the numeral
-`2` has type `Nat` when the expected type is not known. You can define default instances with higher
-priority to override the builtin ones.
-```lean
-structure Rational where
-  num : Int
-  den : Nat
-  inv : den ≠ 0
-
-@[default_instance 200]
-instance : OfNat Rational n where
-  ofNat := { num := n, den := 1, inv := by decide }
-
-instance : ToString Rational where
-  toString r := s!"{r.num}/{r.den}"
-
-#check 2 -- Rational
-```
-Priorities are also useful to control the interaction between different default instances.
-For example, suppose `xs` has type `α`, when elaboration `xs.map (fun x => 2 * x)`, we want the homogeneous instance for multiplication
-to have higher priority than the default instance for `OfNat`. This is particularly important when we have implemented only the instance
-`HMul α α α`, and did not implement `HMul Nat α α`.
-Now, we reveal how the notation `a*b` is defined in Lean.
-```lean
-# namespace Ex
-class OfNat (α : Type u) (n : Nat) where
-  ofNat : α
-
-@[default_instance]
-instance (n : Nat) : OfNat Nat n where
-  ofNat := n
-
-class HMul (α : Type u) (β : Type v) (γ : outParam (Type w)) where
-  hMul : α → β → γ
-
-class Mul (α : Type u) where
-  mul : α → α → α
-
-@[default_instance 10]
-instance [Mul α] : HMul α α α where
-  hMul a b := Mul.mul a b
-
-infixl:70 " * "  => HMul.hMul
-# end Ex
-```
-The `Mul` class is convenient for types that only implement the homogeneous multiplication.
-
-## Scoped Instances
-
-TODO
-
-## Local Instances
-
-TODO

doc/uint.md

@@ -1 +0,0 @@
-# Fixed precision unsigned integers

doc/unifhint.md

@@ -1,5 +0,0 @@
-# Unification Hints
-
-
-
-TODO

flake.nix

@@ -28,7 +28,7 @@
           stdenv = pkgs.overrideCC pkgs.stdenv lean-packages.llvmPackages.clang;
         } ({
           buildInputs = with pkgs; [
-            cmake gmp libuv ccache cadical
+            cmake gmp libuv ccache cadical pkg-config
             lean-packages.llvmPackages.llvm  # llvm-symbolizer for asan/lsan
             gdb
             tree  # for CI

nix/bootstrap.nix

@@ -1,12 +1,12 @@
 { src, debug ? false, stage0debug ? false, extraCMakeFlags ? [],
-  stdenv, lib, cmake, gmp, libuv, cadical, git, gnumake, bash, buildLeanPackage, writeShellScriptBin, runCommand, symlinkJoin, lndir, perl, gnused, darwin, llvmPackages, linkFarmFromDrvs,
+  stdenv, lib, cmake, pkg-config, gmp, libuv, cadical, git, gnumake, bash, buildLeanPackage, writeShellScriptBin, runCommand, symlinkJoin, lndir, perl, gnused, darwin, llvmPackages, linkFarmFromDrvs,
   ... } @ args:
 with builtins;
 lib.warn "The Nix-based build is deprecated" rec {
   inherit stdenv;
   sourceByRegex = p: rs: lib.sourceByRegex p (map (r: "(/src/)?${r}") rs);
   buildCMake = args: stdenv.mkDerivation ({
-    nativeBuildInputs = [ cmake ];
+    nativeBuildInputs = [ cmake pkg-config ];
     buildInputs = [ gmp libuv llvmPackages.llvm ];
     # https://github.com/NixOS/nixpkgs/issues/60919
     hardeningDisable = [ "all" ];

script/mathlib-bench

@@ -0,0 +1,12 @@
+#! /bin/env bash
+# Open a Mathlib4 PR for benchmarking a given Lean 4 PR
+
+set -euo pipefail
+
+[ $# -eq 1 ] || (echo "usage: $0 <lean4 PR #>"; exit 1)
+
+LEAN_PR=$1
+PR_RESPONSE=$(gh api repos/leanprover-community/mathlib4/pulls -X POST -f head=lean-pr-testing-$LEAN_PR -f base=nightly-testing -f title="leanprover/lean4#$LEAN_PR benchmarking" -f draft=true -f body="ignore me")
+PR_NUMBER=$(echo "$PR_RESPONSE" | jq '.number')
+echo "opened https://github.com/leanprover-community/mathlib4/pull/$PR_NUMBER"
+gh api repos/leanprover-community/mathlib4/issues/$PR_NUMBER/comments -X POST -f body="!bench" > /dev/null

script/prepare-llvm-linux.sh

@@ -63,8 +63,8 @@ else
 fi
 # use `-nostdinc` to make sure headers are not visible by default (in particular, not to `#include_next` in the clang headers),
 # but do not change sysroot so users can still link against system libs
-echo -n " -DLEANC_INTERNAL_FLAGS='-nostdinc -isystem ROOT/include/clang' -DLEANC_CC=ROOT/bin/clang"
-echo -n " -DLEANC_INTERNAL_LINKER_FLAGS='-L ROOT/lib -L ROOT/lib/glibc ROOT/lib/glibc/libc_nonshared.a ROOT/lib/glibc/libpthread_nonshared.a -Wl,--as-needed -Wl,-Bstatic -lgmp -lunwind -luv -Wl,-Bdynamic -Wl,--no-as-needed -fuse-ld=lld'"
+echo -n " -DLEANC_INTERNAL_FLAGS='--sysroot ROOT -nostdinc -isystem ROOT/include/clang' -DLEANC_CC=ROOT/bin/clang"
+echo -n " -DLEANC_INTERNAL_LINKER_FLAGS='--sysroot ROOT -L ROOT/lib -L ROOT/lib/glibc ROOT/lib/glibc/libc_nonshared.a ROOT/lib/glibc/libpthread_nonshared.a -Wl,--as-needed -Wl,-Bstatic -lgmp -lunwind -luv -Wl,-Bdynamic -Wl,--no-as-needed -fuse-ld=lld'"
 # when not using the above flags, link GMP dynamically/as usual
 echo -n " -DLEAN_EXTRA_LINKER_FLAGS='-Wl,--as-needed -lgmp -luv -lpthread -ldl -lrt -Wl,--no-as-needed'"
 # do not set `LEAN_CC` for tests

script/prepare-llvm-macos.sh

@@ -48,12 +48,11 @@ if [[ -L llvm-host ]]; then
   echo -n " -DCMAKE_C_COMPILER=$PWD/stage1/bin/clang"
   gcp $GMP/lib/libgmp.a stage1/lib/
   gcp $LIBUV/lib/libuv.a stage1/lib/
-  echo -n " -DLEANC_INTERNAL_LINKER_FLAGS='-L ROOT/lib -L ROOT/lib/libc -fuse-ld=lld'"
   echo -n " -DLEAN_EXTRA_LINKER_FLAGS='-lgmp -luv'"
 else
   echo -n " -DCMAKE_C_COMPILER=$PWD/llvm-host/bin/clang -DLEANC_OPTS='--sysroot $PWD/stage1 -resource-dir $PWD/stage1/lib/clang/15.0.1 ${EXTRA_FLAGS:-}'"
-  echo -n " -DLEANC_INTERNAL_LINKER_FLAGS='-L ROOT/lib -L ROOT/lib/libc -fuse-ld=lld'"
 fi
-echo -n " -DLEANC_INTERNAL_FLAGS='-nostdinc -isystem ROOT/include/clang' -DLEANC_CC=ROOT/bin/clang"
+echo -n " -DLEANC_INTERNAL_FLAGS='--sysroot ROOT -nostdinc -isystem ROOT/include/clang' -DLEANC_CC=ROOT/bin/clang"
+echo -n " -DLEANC_INTERNAL_LINKER_FLAGS='--sysroot ROOT -L ROOT/lib -L ROOT/lib/libc -fuse-ld=lld'"
 # do not set `LEAN_CC` for tests
 echo -n " -DLEAN_TEST_VARS=''"

script/prepare-llvm-mingw.sh

@@ -43,7 +43,7 @@ echo -n " -DCMAKE_C_COMPILER=$PWD/stage1/bin/clang.exe -DCMAKE_C_COMPILER_WORKS=
 echo -n " -DSTAGE0_CMAKE_C_COMPILER=clang -DSTAGE0_CMAKE_CXX_COMPILER=clang++"
 echo -n " -DLEAN_EXTRA_CXX_FLAGS='--sysroot $PWD/llvm -idirafter /clang64/include/'"
 echo -n " -DLEANC_INTERNAL_FLAGS='--sysroot ROOT -nostdinc -isystem ROOT/include/clang' -DLEANC_CC=ROOT/bin/clang.exe"
-echo -n " -DLEANC_INTERNAL_LINKER_FLAGS='-L ROOT/lib -static-libgcc -Wl,-Bstatic -lgmp $(pkg-config --static --libs libuv) -lunwind -Wl,-Bdynamic -fuse-ld=lld'"
+echo -n " -DLEANC_INTERNAL_LINKER_FLAGS='--sysroot ROOT -L ROOT/lib -Wl,-Bstatic -lgmp $(pkg-config --static --libs libuv) -lunwind -Wl,-Bdynamic -fuse-ld=lld'"
 # when not using the above flags, link GMP dynamically/as usual. Always link ICU dynamically.
 echo -n " -DLEAN_EXTRA_LINKER_FLAGS='-lgmp $(pkg-config --libs libuv) -lucrtbase'"
 # do not set `LEAN_CC` for tests

script/push_repo_release_tag.py

@@ -0,0 +1,69 @@
+#!/usr/bin/env python3
+import sys
+import subprocess
+import requests
+
+def main():
+    if len(sys.argv) != 4:
+        print("Usage: ./push_repo_release_tag.py <repo> <branch> <version_tag>")
+        sys.exit(1)
+
+    repo, branch, version_tag = sys.argv[1], sys.argv[2], sys.argv[3]
+
+    if branch not in {"master", "main"}:
+        print(f"Error: Branch '{branch}' is not 'master' or 'main'.")
+        sys.exit(1)
+
+    # Get the `lean-toolchain` file content
+    lean_toolchain_url = f"https://raw.githubusercontent.com/{repo}/{branch}/lean-toolchain"
+    try:
+        response = requests.get(lean_toolchain_url)
+        response.raise_for_status()
+    except requests.exceptions.RequestException as e:
+        print(f"Error fetching 'lean-toolchain' file: {e}")
+        sys.exit(1)
+
+    lean_toolchain_content = response.text.strip()
+    expected_prefix = "leanprover/lean4:"
+    if not lean_toolchain_content.startswith(expected_prefix) or lean_toolchain_content != f"{expected_prefix}{version_tag}":
+        print(f"Error: 'lean-toolchain' content does not match '{expected_prefix}{version_tag}'.")
+        sys.exit(1)
+
+    # Create and push the tag using `gh`
+    try:
+        # Check if the tag already exists
+        list_tags_cmd = ["gh", "api", f"repos/{repo}/git/matching-refs/tags/v4", "--jq", ".[].ref"]
+        list_tags_output = subprocess.run(list_tags_cmd, capture_output=True, text=True)
+
+        if list_tags_output.returncode == 0:
+            existing_tags = list_tags_output.stdout.strip().splitlines()
+            if f"refs/tags/{version_tag}" in existing_tags:
+                print(f"Error: Tag '{version_tag}' already exists.")
+                print("Existing tags starting with 'v4':")
+                for tag in existing_tags:
+                    print(tag.replace("refs/tags/", ""))
+                sys.exit(1)
+
+        # Get the SHA of the branch
+        get_sha_cmd = [
+            "gh", "api", f"repos/{repo}/git/ref/heads/{branch}", "--jq", ".object.sha"
+        ]
+        sha_result = subprocess.run(get_sha_cmd, capture_output=True, text=True, check=True)
+        sha = sha_result.stdout.strip()
+
+        # Create the tag
+        create_tag_cmd = [
+            "gh", "api", f"repos/{repo}/git/refs",
+            "-X", "POST",
+            "-F", f"ref=refs/tags/{version_tag}",
+            "-F", f"sha={sha}"
+        ]
+        subprocess.run(create_tag_cmd, capture_output=True, text=True, check=True)
+
+        print(f"Successfully created and pushed tag '{version_tag}' to {repo}.")
+    except subprocess.CalledProcessError as e:
+        print(f"Error while creating/pushing tag: {e.stderr.strip() if e.stderr else e}")
+        sys.exit(1)
+
+if __name__ == "__main__":
+    main()

script/release_checklist.py

@@ -0,0 +1,227 @@
+#!/usr/bin/env python3
+
+import argparse
+import yaml
+import requests
+import base64
+import subprocess
+import sys
+import os
+
+def parse_repos_config(file_path):
+    with open(file_path, "r") as f:
+        return yaml.safe_load(f)["repositories"]
+
+def get_github_token():
+    try:
+        import subprocess
+        result = subprocess.run(['gh', 'auth', 'token'], capture_output=True, text=True)
+        if result.returncode == 0:
+            return result.stdout.strip()
+    except FileNotFoundError:
+        print("Warning: 'gh' CLI not found. Some API calls may be rate-limited.")
+    return None
+
+def strip_rc_suffix(toolchain):
+    """Remove -rcX suffix from the toolchain."""
+    return toolchain.split("-")[0]
+
+def branch_exists(repo_url, branch, github_token):
+    api_url = repo_url.replace("https://github.com/", "https://api.github.com/repos/") + f"/branches/{branch}"
+    headers = {'Authorization': f'token {github_token}'} if github_token else {}
+    response = requests.get(api_url, headers=headers)
+    return response.status_code == 200
+
+def tag_exists(repo_url, tag_name, github_token):
+    api_url = repo_url.replace("https://github.com/", "https://api.github.com/repos/") + f"/git/refs/tags/{tag_name}"
+    headers = {'Authorization': f'token {github_token}'} if github_token else {}
+    response = requests.get(api_url, headers=headers)
+    return response.status_code == 200
+
+def release_page_exists(repo_url, tag_name, github_token):
+    api_url = repo_url.replace("https://github.com/", "https://api.github.com/repos/") + f"/releases/tags/{tag_name}"
+    headers = {'Authorization': f'token {github_token}'} if github_token else {}
+    response = requests.get(api_url, headers=headers)
+    return response.status_code == 200
+
+def get_release_notes(repo_url, tag_name, github_token):
+    api_url = repo_url.replace("https://github.com/", "https://api.github.com/repos/") + f"/releases/tags/{tag_name}"
+    headers = {'Authorization': f'token {github_token}'} if github_token else {}
+    response = requests.get(api_url, headers=headers)
+    if response.status_code == 200:
+        return response.json().get("body", "").strip()
+    return None
+
+def get_branch_content(repo_url, branch, file_path, github_token):
+    api_url = repo_url.replace("https://github.com/", "https://api.github.com/repos/") + f"/contents/{file_path}?ref={branch}"
+    headers = {'Authorization': f'token {github_token}'} if github_token else {}
+    response = requests.get(api_url, headers=headers)
+    if response.status_code == 200:
+        content = response.json().get("content", "")
+        content = content.replace("\n", "")
+        try:
+            return base64.b64decode(content).decode('utf-8').strip()
+        except Exception:
+            return None
+    return None
+
+def parse_version(version_str):
+    # Remove 'v' prefix and extract version and release candidate suffix
+    if ':' in version_str:
+        version_str = version_str.split(':')[1]
+    version = version_str.lstrip('v')
+    parts = version.split('-')
+    base_version = tuple(map(int, parts[0].split('.')))
+    rc_part = parts[1] if len(parts) > 1 and parts[1].startswith('rc') else None
+    rc_number = int(rc_part[2:]) if rc_part else float('inf')  # Treat non-rc as higher than rc
+    return base_version + (rc_number,)
+
+def is_version_gte(version1, version2):
+    """Check if version1 >= version2, including proper handling of release candidates."""
+    return parse_version(version1) >= parse_version(version2)
+
+def is_merged_into_stable(repo_url, tag_name, stable_branch, github_token):
+    # First get the commit SHA for the tag
+    api_base = repo_url.replace("https://github.com/", "https://api.github.com/repos/")
+    headers = {'Authorization': f'token {github_token}'} if github_token else {}
+
+    # Get tag's commit SHA
+    tag_response = requests.get(f"{api_base}/git/refs/tags/{tag_name}", headers=headers)
+    if tag_response.status_code != 200:
+        return False
+    tag_sha = tag_response.json()['object']['sha']
+
+    # Get commits on stable branch containing this SHA
+    commits_response = requests.get(
+        f"{api_base}/commits?sha={stable_branch}&per_page=100",
+        headers=headers
+    )
+    if commits_response.status_code != 200:
+        return False
+
+    # Check if any commit in stable's history matches our tag's SHA
+    stable_commits = [commit['sha'] for commit in commits_response.json()]
+    return tag_sha in stable_commits
+
+def is_release_candidate(version):
+    return "-rc" in version
+
+def check_cmake_version(repo_url, branch, version_major, version_minor, github_token):
+    """Verify the CMake version settings in src/CMakeLists.txt."""
+    cmake_file_path = "src/CMakeLists.txt"
+    content = get_branch_content(repo_url, branch, cmake_file_path, github_token)
+    if content is None:
+        print(f"  ❌ Could not retrieve {cmake_file_path} from {branch}")
+        return False
+
+    expected_lines = [
+        f"set(LEAN_VERSION_MAJOR {version_major})",
+        f"set(LEAN_VERSION_MINOR {version_minor})",
+        f"set(LEAN_VERSION_PATCH 0)",
+        f"set(LEAN_VERSION_IS_RELEASE 1)"
+    ]
+
+    for line in expected_lines:
+        if not any(l.strip().startswith(line) for l in content.splitlines()):
+            print(f"  ❌ Missing or incorrect line in {cmake_file_path}: {line}")
+            return False
+
+    print(f"  ✅ CMake version settings are correct in {cmake_file_path}")
+    return True
+
+def extract_org_repo_from_url(repo_url):
+    """Extract the 'org/repo' part from a GitHub URL."""
+    if repo_url.startswith("https://github.com/"):
+        return repo_url.replace("https://github.com/", "").rstrip("/")
+    return repo_url
+
+def main():
+    github_token = get_github_token()
+
+    if len(sys.argv) != 2:
+        print("Usage: python3 release_checklist.py <toolchain>")
+        sys.exit(1)
+
+    toolchain = sys.argv[1]
+    stripped_toolchain = strip_rc_suffix(toolchain)
+    lean_repo_url = "https://github.com/leanprover/lean4"
+
+    # Preliminary checks
+    print("\nPerforming preliminary checks...")
+
+    # Check for branch releases/v4.Y.0
+    version_major, version_minor, _ = map(int, stripped_toolchain.lstrip('v').split('.'))
+    branch_name = f"releases/v{version_major}.{version_minor}.0"
+    if branch_exists(lean_repo_url, branch_name, github_token):
+        print(f"  ✅ Branch {branch_name} exists")
+
+        # Check CMake version settings
+        check_cmake_version(lean_repo_url, branch_name, version_major, version_minor, github_token)
+    else:
+        print(f"  ❌ Branch {branch_name} does not exist")
+
+    # Check for tag v4.X.Y(-rcZ)
+    if tag_exists(lean_repo_url, toolchain, github_token):
+        print(f"  ✅ Tag {toolchain} exists")
+    else:
+        print(f"  ❌ Tag {toolchain} does not exist.")
+
+    # Check for release page
+    if release_page_exists(lean_repo_url, toolchain, github_token):
+        print(f"  ✅ Release page for {toolchain} exists")
+
+        # Check the first line of the release notes
+        release_notes = get_release_notes(lean_repo_url, toolchain, github_token)
+        if release_notes and release_notes.splitlines()[0].strip() == toolchain:
+            print(f"  ✅ Release notes look good.")
+        else:
+            previous_minor_version = version_minor - 1
+            previous_stable_branch = f"releases/v{version_major}.{previous_minor_version}.0"
+            previous_release = f"v{version_major}.{previous_minor_version}.0"
+            print(f"  ❌ Release notes not published. Please run `script/release_notes.py {previous_release}` on branch `{previous_stable_branch}`.")
+    else:
+        print(f"  ❌ Release page for {toolchain} does not exist")
+
+    # Load repositories and perform further checks
+    print("\nChecking repositories...")
+
+    with open(os.path.join(os.path.dirname(__file__), "release_repos.yml")) as f:
+        repos = yaml.safe_load(f)["repositories"]
+
+    for repo in repos:
+        name = repo["name"]
+        url = repo["url"]
+        branch = repo["branch"]
+        check_stable = repo["stable-branch"]
+        check_tag = repo.get("toolchain-tag", True)
+
+        print(f"\nRepository: {name}")
+
+        # Check if branch is on at least the target toolchain
+        lean_toolchain_content = get_branch_content(url, branch, "lean-toolchain", github_token)
+        if lean_toolchain_content is None:
+            print(f"  ❌ No lean-toolchain file found in {branch} branch")
+            continue
+
+        on_target_toolchain = is_version_gte(lean_toolchain_content.strip(), toolchain)
+        if not on_target_toolchain:
+            print(f"  ❌ Not on target toolchain (needs ≥ {toolchain}, but {branch} is on {lean_toolchain_content.strip()})")
+            continue
+        print(f"  ✅ On compatible toolchain (>= {toolchain})")
+
+        # Only check for tag if toolchain-tag is true
+        if check_tag:
+            if not tag_exists(url, toolchain, github_token):
+                print(f"  ❌ Tag {toolchain} does not exist. Run `script/push_repo_release_tag.py {extract_org_repo_from_url(url)} {branch} {toolchain}`.")
+                continue
+            print(f"  ✅ Tag {toolchain} exists")
+
+        # Only check merging into stable if stable-branch is true and not a release candidate
+        if check_stable and not is_release_candidate(toolchain):
+            if not is_merged_into_stable(url, toolchain, "stable", github_token):
+                print(f"  ❌ Tag {toolchain} is not merged into stable")
+                continue
+            print(f"  ✅ Tag {toolchain} is merged into stable")
+
+if __name__ == "__main__":
+    main()

script/release_notes.py

@@ -0,0 +1,145 @@
+#!/usr/bin/env python3
+
+import sys
+import re
+import json
+import requests
+import subprocess
+from collections import defaultdict
+from git import Repo
+
+def get_commits_since_tag(repo, tag):
+    try:
+        tag_commit = repo.commit(tag)
+        commits = list(repo.iter_commits(f"{tag_commit.hexsha}..HEAD"))
+        return [
+            (commit.hexsha, commit.message.splitlines()[0], commit.message)
+            for commit in commits
+        ]
+    except Exception as e:
+        sys.stderr.write(f"Error retrieving commits: {e}\n")
+        sys.exit(1)
+
+def check_pr_number(first_line):
+    match = re.search(r"\(\#(\d+)\)$", first_line)
+    if match:
+        return int(match.group(1))
+    return None
+
+def fetch_pr_labels(pr_number):
+    try:
+        # Use gh CLI to fetch PR details
+        result = subprocess.run([
+            "gh", "api", f"repos/leanprover/lean4/pulls/{pr_number}"
+        ], capture_output=True, text=True, check=True)
+        pr_data = result.stdout
+        pr_json = json.loads(pr_data)
+        return [label["name"] for label in pr_json.get("labels", [])]
+    except subprocess.CalledProcessError as e:
+        sys.stderr.write(f"Failed to fetch PR #{pr_number} using gh: {e.stderr}\n")
+        return []
+
+def format_section_title(label):
+    title = label.replace("changelog-", "").capitalize()
+    if title == "Doc":
+        return "Documentation"
+    elif title == "Pp":
+        return "Pretty Printing"
+    return title
+
+def sort_sections_order():
+    return [
+        "Language",
+        "Library",
+        "Compiler",
+        "Pretty Printing",
+        "Documentation",
+        "Server",
+        "Lake",
+        "Other",
+        "Uncategorised"
+    ]
+
+def format_markdown_description(pr_number, description):
+    link = f"[#{pr_number}](https://github.com/leanprover/lean4/pull/{pr_number})"
+    return f"{link} {description}"
+
+def main():
+    if len(sys.argv) != 2:
+        sys.stderr.write("Usage: script.py <git-tag>\n")
+        sys.exit(1)
+
+    tag = sys.argv[1]
+    try:
+        repo = Repo(".")
+    except Exception as e:
+        sys.stderr.write(f"Error opening Git repository: {e}\n")
+        sys.exit(1)
+
+    commits = get_commits_since_tag(repo, tag)
+
+    sys.stderr.write(f"Found {len(commits)} commits since tag {tag}:\n")
+    for commit_hash, first_line, _ in commits:
+        sys.stderr.write(f"- {commit_hash}: {first_line}\n")
+
+    changelog = defaultdict(list)
+
+    for commit_hash, first_line, full_message in commits:
+        # Skip commits with the specific first lines
+        if first_line == "chore: update stage0" or first_line.startswith("chore: CI: bump "):
+            continue
+
+        pr_number = check_pr_number(first_line)
+
+        if not pr_number:
+            sys.stderr.write(f"No PR number found in {first_line}\n")
+            continue
+
+        # Remove the first line from the full_message for further processing
+        body = full_message[len(first_line):].strip()
+
+        paragraphs = body.split('\n\n')
+        second_paragraph = paragraphs[0] if len(paragraphs) > 0 else ""
+
+        labels = fetch_pr_labels(pr_number)
+
+        # Skip entries with the "changelog-no" label
+        if "changelog-no" in labels:
+            continue
+
+        report_errors = first_line.startswith("feat:") or first_line.startswith("fix:")
+
+        if not second_paragraph.startswith("This PR "):
+            if report_errors:
+                sys.stderr.write(f"No PR description found in commit:\n{commit_hash}\n{first_line}\n{body}\n\n")
+                fallback_description = re.sub(r":$", "", first_line.split(" ", 1)[1]).rsplit(" (#", 1)[0]
+                markdown_description = format_markdown_description(pr_number, fallback_description)
+            else:
+                continue
+        else:
+            markdown_description = format_markdown_description(pr_number, second_paragraph.replace("This PR ", ""))
+
+        changelog_labels = [label for label in labels if label.startswith("changelog-")]
+        if len(changelog_labels) > 1:
+            sys.stderr.write(f"Warning: Multiple changelog-* labels found for PR #{pr_number}: {changelog_labels}\n")
+
+        if not changelog_labels:
+            if report_errors:
+                sys.stderr.write(f"Warning: No changelog-* label found for PR #{pr_number}\n")
+            else:
+                continue
+
+        for label in changelog_labels:
+            changelog[label].append((pr_number, markdown_description))
+
+    section_order = sort_sections_order()
+    sorted_changelog = sorted(changelog.items(), key=lambda item: section_order.index(format_section_title(item[0])) if format_section_title(item[0]) in section_order else len(section_order))
+
+    for label, entries in sorted_changelog:
+        section_title = format_section_title(label) if label != "Uncategorised" else "Uncategorised"
+        print(f"## {section_title}\n")
+        for _, entry in sorted(entries, key=lambda x: x[0]):
+            print(f"* {entry}\n")
+
+if __name__ == "__main__":
+    main()

script/release_repos.yml

@@ -0,0 +1,86 @@
+repositories:
+  - name: Batteries
+    url: https://github.com/leanprover-community/batteries
+    toolchain-tag: true
+    stable-branch: true
+    branch: main
+    dependencies: []
+
+  - name: lean4checker
+    url: https://github.com/leanprover/lean4checker
+    toolchain-tag: true
+    stable-branch: true
+    branch: master
+    dependencies: []
+
+  - name: doc-gen4
+    url: https://github.com/leanprover/doc-gen4
+    toolchain-tag: true
+    stable-branch: false
+    branch: main
+    dependencies: []
+
+  - name: Verso
+    url: https://github.com/leanprover/verso
+    toolchain-tag: true
+    stable-branch: false
+    branch: main
+    dependencies: []
+
+  - name: Cli
+    url: https://github.com/leanprover/lean4-cli
+    toolchain-tag: true
+    stable-branch: false
+    branch: main
+    dependencies: []
+
+  - name: ProofWidgets4
+    url: https://github.com/leanprover-community/ProofWidgets4
+    toolchain-tag: false
+    stable-branch: false
+    branch: main
+    dependencies:
+      - Batteries
+
+  - name: Aesop
+    url: https://github.com/leanprover-community/aesop
+    toolchain-tag: true
+    stable-branch: true
+    branch: master
+    dependencies:
+      - Batteries
+
+  - name: import-graph
+    url: https://github.com/leanprover-community/import-graph
+    toolchain-tag: true
+    stable-branch: false
+    branch: main
+    dependencies: []
+
+  - name: plausible
+    url: https://github.com/leanprover-community/plausible
+    toolchain-tag: true
+    stable-branch: false
+    branch: main
+    dependencies: []
+
+  - name: Mathlib
+    url: https://github.com/leanprover-community/mathlib4
+    toolchain-tag: true
+    stable-branch: true
+    branch: master
+    dependencies:
+      - Aesop
+      - ProofWidgets4
+      - lean4checker
+      - Batteries
+      - doc-gen4
+      - import-graph
+
+  - name: REPL
+    url: https://github.com/leanprover-community/repl
+    toolchain-tag: true
+    stable-branch: true
+    branch: master
+    dependencies:
+      - Mathlib

src/CMakeLists.txt

@@ -10,7 +10,7 @@ endif()
 include(ExternalProject)
 project(LEAN CXX C)
 set(LEAN_VERSION_MAJOR 4)
-set(LEAN_VERSION_MINOR 15)
+set(LEAN_VERSION_MINOR 16)
 set(LEAN_VERSION_PATCH 0)
 set(LEAN_VERSION_IS_RELEASE 0)  # This number is 1 in the release revision, and 0 otherwise.
 set(LEAN_SPECIAL_VERSION_DESC "" CACHE STRING "Additional version description like 'nightly-2018-03-11'")
@@ -51,6 +51,8 @@ option(LLVM               "LLVM"               OFF)
 option(USE_GITHASH        "GIT_HASH"           ON)
 # When ON we install LICENSE files to CMAKE_INSTALL_PREFIX
 option(INSTALL_LICENSE "INSTALL_LICENSE" ON)
+# When ON we install a copy of cadical
+option(INSTALL_CADICAL "Install a copy of cadical" ON)
 # When ON thread storage is automatically finalized, it assumes platform support pthreads.
 # This option is important when using Lean as library that is invoked from a different programming language (e.g., Haskell).
 option(AUTO_THREAD_FINALIZATION "AUTO_THREAD_FINALIZATION" ON)
@@ -120,7 +122,7 @@ if(${CMAKE_SYSTEM_NAME} MATCHES "Emscripten")
     # From https://emscripten.org/docs/compiling/WebAssembly.html#backends:
     # > The simple and safe thing is to pass all -s flags at both compile and link time.
     set(EMSCRIPTEN_SETTINGS "-s ALLOW_MEMORY_GROWTH=1 -fwasm-exceptions -pthread -flto")
-    string(APPEND LEANC_EXTRA_FLAGS " -pthread")
+    string(APPEND LEANC_EXTRA_CC_FLAGS " -pthread")
     string(APPEND LEAN_EXTRA_CXX_FLAGS " -D LEAN_EMSCRIPTEN ${EMSCRIPTEN_SETTINGS}")
     string(APPEND LEAN_EXTRA_LINKER_FLAGS " ${EMSCRIPTEN_SETTINGS}")
 endif()
@@ -155,11 +157,11 @@ if ((${MULTI_THREAD} MATCHES "ON") AND (${CMAKE_SYSTEM_NAME} MATCHES "Darwin"))
 endif ()
 
 # We want explicit stack probes in huge Lean stack frames for robust stack overflow detection
-string(APPEND LEANC_EXTRA_FLAGS " -fstack-clash-protection")
+string(APPEND LEANC_EXTRA_CC_FLAGS " -fstack-clash-protection")
 
 # This makes signed integer overflow guaranteed to match 2's complement.
 string(APPEND CMAKE_CXX_FLAGS " -fwrapv")
-string(APPEND LEANC_EXTRA_FLAGS " -fwrapv")
+string(APPEND LEANC_EXTRA_CC_FLAGS " -fwrapv")
 
 if(NOT MULTI_THREAD)
   message(STATUS "Disabled multi-thread support, it will not be safe to run multiple threads in parallel")
@@ -293,14 +295,15 @@ index 5e8e0166..f3b29134 100644
 	  PATCH_COMMAND git reset --hard HEAD && printf "${LIBUV_PATCH}" > patch.diff && git apply patch.diff
     BUILD_IN_SOURCE ON
     INSTALL_COMMAND "")
-  set(LIBUV_INCLUDE_DIR "${CMAKE_BINARY_DIR}/libuv/src/libuv/include")
-  set(LIBUV_LIBRARIES "${CMAKE_BINARY_DIR}/libuv/src/libuv/libuv.a")
+  set(LIBUV_INCLUDE_DIRS "${CMAKE_BINARY_DIR}/libuv/src/libuv/include")
+  set(LIBUV_LDFLAGS "${CMAKE_BINARY_DIR}/libuv/src/libuv/libuv.a")
 else()
   find_package(LibUV 1.0.0 REQUIRED)
 endif()
-include_directories(${LIBUV_INCLUDE_DIR})
+include_directories(${LIBUV_INCLUDE_DIRS})
 if(NOT LEAN_STANDALONE)
-  string(APPEND LEAN_EXTRA_LINKER_FLAGS " ${LIBUV_LIBRARIES}")
+  string(JOIN " " LIBUV_LDFLAGS ${LIBUV_LDFLAGS})
+  string(APPEND LEAN_EXTRA_LINKER_FLAGS " ${LIBUV_LDFLAGS}")
 endif()
 
 # Windows SDK (for ICU)
@@ -449,7 +452,7 @@ if(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
     string(APPEND TOOLCHAIN_SHARED_LINKER_FLAGS " -Wl,-Bsymbolic")
   endif()
   string(APPEND CMAKE_CXX_FLAGS " -fPIC -ftls-model=initial-exec")
-  string(APPEND LEANC_EXTRA_FLAGS " -fPIC")
+  string(APPEND LEANC_EXTRA_CC_FLAGS " -fPIC")
   string(APPEND TOOLCHAIN_SHARED_LINKER_FLAGS " -Wl,-rpath=\\$$ORIGIN/..:\\$$ORIGIN")
   string(APPEND LAKESHARED_LINKER_FLAGS " -Wl,--whole-archive ${CMAKE_BINARY_DIR}/lib/temp/libLake.a.export -Wl,--no-whole-archive")
   string(APPEND CMAKE_EXE_LINKER_FLAGS " -Wl,-rpath=\\\$ORIGIN/../lib:\\\$ORIGIN/../lib/lean")
@@ -462,7 +465,7 @@ elseif(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
   string(APPEND CMAKE_EXE_LINKER_FLAGS " -Wl,-rpath,@executable_path/../lib -Wl,-rpath,@executable_path/../lib/lean")
 elseif(${CMAKE_SYSTEM_NAME} MATCHES "Emscripten")
   string(APPEND CMAKE_CXX_FLAGS " -fPIC")
-  string(APPEND LEANC_EXTRA_FLAGS " -fPIC")
+  string(APPEND LEANC_EXTRA_CC_FLAGS " -fPIC")
 elseif(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
   string(APPEND LAKESHARED_LINKER_FLAGS " -Wl,--out-implib,${CMAKE_BINARY_DIR}/lib/lean/libLake_shared.dll.a -Wl,--whole-archive ${CMAKE_BINARY_DIR}/lib/temp/libLake.a.export -Wl,--no-whole-archive")
 endif()
@@ -477,7 +480,7 @@ if(NOT(${CMAKE_SYSTEM_NAME} MATCHES "Windows") AND NOT(${CMAKE_SYSTEM_NAME} MATC
   string(APPEND CMAKE_EXE_LINKER_FLAGS " -rdynamic")
   # hide all other symbols
   string(APPEND CMAKE_CXX_FLAGS " -fvisibility=hidden -fvisibility-inlines-hidden")
-  string(APPEND LEANC_EXTRA_FLAGS " -fvisibility=hidden")
+  string(APPEND LEANC_EXTRA_CC_FLAGS " -fvisibility=hidden")
 endif()
 
 # On Windows, add bcrypt for random number generation
@@ -542,9 +545,10 @@ include_directories(${CMAKE_BINARY_DIR}/include)  # config.h etc., "public" head
 string(TOUPPER "${CMAKE_BUILD_TYPE}" uppercase_CMAKE_BUILD_TYPE)
 string(APPEND LEANC_OPTS " ${CMAKE_CXX_FLAGS_${uppercase_CMAKE_BUILD_TYPE}}")
 
-# Do embed flag for finding system libraries in dev builds
+# Do embed flag for finding system headers and libraries in dev builds
 if(CMAKE_OSX_SYSROOT AND NOT LEAN_STANDALONE)
-  string(APPEND LEANC_EXTRA_FLAGS " ${CMAKE_CXX_SYSROOT_FLAG}${CMAKE_OSX_SYSROOT}")
+  string(APPEND LEANC_EXTRA_CC_FLAGS " ${CMAKE_CXX_SYSROOT_FLAG}${CMAKE_OSX_SYSROOT}")
+  string(APPEND LEAN_EXTRA_LINKER_FLAGS " ${CMAKE_CXX_SYSROOT_FLAG}${CMAKE_OSX_SYSROOT}")
 endif()
 
 add_subdirectory(initialize)
@@ -616,7 +620,7 @@ else()
     OUTPUT_NAME leancpp)
 endif()
 
-if((${STAGE} GREATER 0) AND CADICAL)
+if((${STAGE} GREATER 0) AND CADICAL AND INSTALL_CADICAL)
   add_custom_target(copy-cadical
     COMMAND cmake -E copy_if_different "${CADICAL}" "${CMAKE_BINARY_DIR}/bin/cadical${CMAKE_EXECUTABLE_SUFFIX}")
   add_dependencies(leancpp copy-cadical)
@@ -695,12 +699,12 @@ else()
 endif()
 
 if(NOT ${CMAKE_SYSTEM_NAME} MATCHES "Emscripten")
-  add_custom_target(lake_lib ALL
+  add_custom_target(lake_lib
     WORKING_DIRECTORY ${LEAN_SOURCE_DIR}
     DEPENDS leanshared
     COMMAND $(MAKE) -f ${CMAKE_BINARY_DIR}/stdlib.make Lake
     VERBATIM)
-  add_custom_target(lake_shared ALL
+  add_custom_target(lake_shared
     WORKING_DIRECTORY ${LEAN_SOURCE_DIR}
     DEPENDS lake_lib
     COMMAND $(MAKE) -f ${CMAKE_BINARY_DIR}/stdlib.make libLake_shared
@@ -738,7 +742,7 @@ file(COPY ${LEAN_SOURCE_DIR}/bin/leanmake DESTINATION ${CMAKE_BINARY_DIR}/bin)
 
 install(DIRECTORY "${CMAKE_BINARY_DIR}/bin/" USE_SOURCE_PERMISSIONS DESTINATION bin)
 
-if (${STAGE} GREATER 0 AND CADICAL)
+if (${STAGE} GREATER 0 AND CADICAL AND INSTALL_CADICAL)
   install(PROGRAMS "${CADICAL}" DESTINATION bin)
 endif()
 

src/Init.lean

@@ -37,3 +37,4 @@ import Init.MacroTrace
 import Init.Grind
 import Init.While
 import Init.Syntax
+import Init.Internal

src/Init/Control/Lawful/Basic.lean

@@ -106,7 +106,7 @@ theorem seq_eq_bind_map {α β : Type u} [Monad m] [LawfulMonad m] (f : m (α
 theorem bind_congr [Bind m] {x : m α} {f g : α → m β} (h : ∀ a, f a = g a) : x >>= f = x >>= g := by
   simp [funext h]
 
-@[simp] theorem bind_pure_unit [Monad m] [LawfulMonad m] {x : m PUnit} : (x >>= fun _ => pure ⟨⟩) = x := by
+theorem bind_pure_unit [Monad m] [LawfulMonad m] {x : m PUnit} : (x >>= fun _ => pure ⟨⟩) = x := by
   rw [bind_pure]
 
 theorem map_congr [Functor m] {x : m α} {f g : α → β} (h : ∀ a, f a = g a) : (f <$> x : m β) = g <$> x := by
@@ -133,7 +133,7 @@ theorem seqLeft_eq_bind [Monad m] [LawfulMonad m] (x : m α) (y : m β) : x <* y
   rw [← bind_pure_comp]
   simp only [bind_assoc, pure_bind]
 
-@[simp] theorem Functor.map_unit [Monad m] [LawfulMonad m] {a : m PUnit} : (fun _ => PUnit.unit) <$> a = a := by
+theorem Functor.map_unit [Monad m] [LawfulMonad m] {a : m PUnit} : (fun _ => PUnit.unit) <$> a = a := by
   simp [map]
 
 /--

src/Init/Conv.lean

@@ -150,6 +150,10 @@ See the `simp` tactic for more information. -/
 syntax (name := simp) "simp" optConfig (discharger)? (&" only")?
   (" [" withoutPosition((simpStar <|> simpErase <|> simpLemma),*) "]")? : conv
 
+/-- `simp?` takes the same arguments as `simp`, but reports an equivalent call to `simp only`
+that would be sufficient to close the goal. See the `simp?` tactic for more information. -/
+syntax (name := simpTrace) "simp?" optConfig (discharger)? (&" only")? (simpArgs)? : conv
+
 /--
 `dsimp` is the definitional simplifier in `conv`-mode. It differs from `simp` in that it only
 applies theorems that hold by reflexivity.
@@ -167,6 +171,9 @@ example (a : Nat): (0 + 0) = a - a := by
 syntax (name := dsimp) "dsimp" optConfig (discharger)? (&" only")?
   (" [" withoutPosition((simpErase <|> simpLemma),*) "]")? : conv
 
+@[inherit_doc simpTrace]
+syntax (name := dsimpTrace) "dsimp?" optConfig (&" only")? (dsimpArgs)? : conv
+
 /-- `simp_match` simplifies match expressions. For example,
 ```
 match [a, b] with

src/Init/Core.lean

@@ -516,8 +516,17 @@ The tasks have an overridden representation in the runtime.
 structure Task (α : Type u) : Type u where
   /-- `Task.pure (a : α)` constructs a task that is already resolved with value `a`. -/
   pure ::
-  /-- If `task : Task α` then `task.get : α` blocks the current thread until the
-  value is available, and then returns the result of the task. -/
+  /--
+  Blocks the current thread until the given task has finished execution, and then returns the result
+  of the task. If the current thread is itself executing a (non-dedicated) task, the maximum
+  threadpool size is temporarily increased by one while waiting so as to ensure the process cannot
+  be deadlocked by threadpool starvation. Note that when the current thread is unblocked, more tasks
+  than the configured threadpool size may temporarily be running at the same time until sufficiently
+  many tasks have finished.
+
+  `Task.map` and `Task.bind` should be preferred over `Task.get` for setting up task dependencies
+  where possible as they do not require temporarily growing the threadpool in this way.
+  -/
   get : α
   deriving Inhabited, Nonempty
 
@@ -2116,14 +2125,35 @@ instance : Commutative Or := ⟨fun _ _ => propext or_comm⟩
 instance : Commutative And := ⟨fun _ _ => propext and_comm⟩
 instance : Commutative Iff := ⟨fun _ _ => propext iff_comm⟩
 
-/--
-`Antisymm (·≤·)` says that `(·≤·)` is antisymmetric, that is, `a ≤ b → b ≤ a → a = b`.
--/
+/-- `Refl r` means the binary relation `r` is reflexive, that is, `r x x` always holds. -/
+class Refl (r : α → α → Prop) : Prop where
+  /-- A reflexive relation satisfies `r a a`. -/
+  refl : ∀ a, r a a
+
+/-- `Antisymm r` says that `r` is antisymmetric, that is, `r a b → r b a → a = b`. -/
 class Antisymm (r : α → α → Prop) : Prop where
-  /-- An antisymmetric relation `(·≤·)` satisfies `a ≤ b → b ≤ a → a = b`. -/
-  antisymm {a b : α} : r a b → r b a → a = b
+  /-- An antisymmetric relation `r` satisfies `r a b → r b a → a = b`. -/
+  antisymm (a b : α) : r a b → r b a → a = b
 
 @[deprecated Antisymm (since := "2024-10-16"), inherit_doc Antisymm]
 abbrev _root_.Antisymm (r : α → α → Prop) : Prop := Std.Antisymm r
 
+/-- `Asymm X r` means that the binary relation `r` on `X` is asymmetric, that is,
+`r a b → ¬ r b a`. -/
+class Asymm (r : α → α → Prop) : Prop where
+  /-- An asymmetric relation satisfies `r a b → ¬ r b a`. -/
+  asymm : ∀ a b, r a b → ¬r b a
+
+/-- `Total X r` means that the binary relation `r` on `X` is total, that is, that for any
+`x y : X` we have `r x y` or `r y x`. -/
+class Total (r : α → α → Prop) : Prop where
+  /-- A total relation satisfies `r a b ∨ r b a`. -/
+  total : ∀ a b, r a b ∨ r b a
+
+/-- `Irrefl r` means the binary relation `r` is irreflexive, that is, `r x x` never
+holds. -/
+class Irrefl (r : α → α → Prop) : Prop where
+  /-- An irreflexive relation satisfies `¬ r a a`. -/
+  irrefl : ∀ a, ¬r a a
+
 end Std

src/Init/Data.lean

@@ -21,6 +21,7 @@ import Init.Data.Fin
 import Init.Data.UInt
 import Init.Data.SInt
 import Init.Data.Float
+import Init.Data.Float32
 import Init.Data.Option
 import Init.Data.Ord
 import Init.Data.Random
@@ -43,3 +44,4 @@ import Init.Data.Zero
 import Init.Data.NeZero
 import Init.Data.Function
 import Init.Data.RArray
+import Init.Data.Vector

src/Init/Data/Array.lean

@@ -19,3 +19,7 @@ import Init.Data.Array.GetLit
 import Init.Data.Array.MapIdx
 import Init.Data.Array.Set
 import Init.Data.Array.Monadic
+import Init.Data.Array.FinRange
+import Init.Data.Array.Perm
+import Init.Data.Array.Find
+import Init.Data.Array.Lex

src/Init/Data/Array/Attach.lean

@@ -6,16 +6,18 @@ Authors: Joachim Breitner, Mario Carneiro
 prelude
 import Init.Data.Array.Mem
 import Init.Data.Array.Lemmas
+import Init.Data.Array.Count
 import Init.Data.List.Attach
 
 namespace Array
 
-/-- `O(n)`. Partial map. If `f : Π a, P a → β` is a partial function defined on
-  `a : α` satisfying `P`, then `pmap f l h` is essentially the same as `map f l`
-  but is defined only when all members of `l` satisfy `P`, using the proof
-  to apply `f`.
+/--
+`O(n)`. Partial map. If `f : Π a, P a → β` is a partial function defined on
+`a : α` satisfying `P`, then `pmap f l h` is essentially the same as `map f l`
+but is defined only when all members of `l` satisfy `P`, using the proof
+to apply `f`.
 
-We replace this at runtime with a more efficient version via
+We replace this at runtime with a more efficient version via the `csimp` lemma `pmap_eq_pmapImpl`.
 -/
 def pmap {P : α → Prop} (f : ∀ a, P a → β) (l : Array α) (H : ∀ a ∈ l, P a) : Array β :=
   (l.toList.pmap f (fun a m => H a (mem_def.mpr m))).toArray
@@ -73,6 +75,17 @@ Unsafe implementation of `attachWith`, taking advantage of the fact that the rep
   intro a m h₁ h₂
   congr
 
+@[simp] theorem pmap_empty {P : α → Prop} (f : ∀ a, P a → β) : pmap f #[] (by simp) = #[] := rfl
+
+@[simp] theorem pmap_push {P : α → Prop} (f : ∀ a, P a → β) (a : α) (l : Array α) (h : ∀ b ∈ l.push a, P b) :
+    pmap f (l.push a) h =
+      (pmap f l (fun a m => by simp at h; exact h a (.inl m))).push (f a (h a (by simp))) := by
+  simp [pmap]
+
+@[simp] theorem attach_empty : (#[] : Array α).attach = #[] := rfl
+
+@[simp] theorem attachWith_empty {P : α → Prop} (H : ∀ x ∈ #[], P x) : (#[] : Array α).attachWith P H = #[] := rfl
+
 @[simp] theorem _root_.List.attachWith_mem_toArray {l : List α} :
     l.attachWith (fun x => x ∈ l.toArray) (fun x h => by simpa using h) =
       l.attach.map fun ⟨x, h⟩ => ⟨x, by simpa using h⟩ := by
@@ -80,6 +93,419 @@ Unsafe implementation of `attachWith`, taking advantage of the fact that the rep
   apply List.pmap_congr_left
   simp
 
+@[simp]
+theorem pmap_eq_map (p : α → Prop) (f : α → β) (l : Array α) (H) :
+    @pmap _ _ p (fun a _ => f a) l H = map f l := by
+  cases l; simp
+
+theorem pmap_congr_left {p q : α → Prop} {f : ∀ a, p a → β} {g : ∀ a, q a → β} (l : Array α) {H₁ H₂}
+    (h : ∀ a ∈ l, ∀ (h₁ h₂), f a h₁ = g a h₂) : pmap f l H₁ = pmap g l H₂ := by
+  cases l
+  simp only [mem_toArray] at h
+  simp only [List.pmap_toArray, mk.injEq]
+  rw [List.pmap_congr_left _ h]
+
+theorem map_pmap {p : α → Prop} (g : β → γ) (f : ∀ a, p a → β) (l H) :
+    map g (pmap f l H) = pmap (fun a h => g (f a h)) l H := by
+  cases l
+  simp [List.map_pmap]
+
+theorem pmap_map {p : β → Prop} (g : ∀ b, p b → γ) (f : α → β) (l H) :
+    pmap g (map f l) H = pmap (fun a h => g (f a) h) l fun _ h => H _ (mem_map_of_mem _ h) := by
+  cases l
+  simp [List.pmap_map]
+
+theorem attach_congr {l₁ l₂ : Array α} (h : l₁ = l₂) :
+    l₁.attach = l₂.attach.map (fun x => ⟨x.1, h ▸ x.2⟩) := by
+  subst h
+  simp
+
+theorem attachWith_congr {l₁ l₂ : Array α} (w : l₁ = l₂) {P : α → Prop} {H : ∀ x ∈ l₁, P x} :
+    l₁.attachWith P H = l₂.attachWith P fun _ h => H _ (w ▸ h) := by
+  subst w
+  simp
+
+@[simp] theorem attach_push {a : α} {l : Array α} :
+    (l.push a).attach =
+      (l.attach.map (fun ⟨x, h⟩ => ⟨x, mem_push_of_mem a h⟩)).push ⟨a, by simp⟩ := by
+  cases l
+  rw [attach_congr (List.push_toArray _ _)]
+  simp [Function.comp_def]
+
+@[simp] theorem attachWith_push {a : α} {l : Array α} {P : α → Prop} {H : ∀ x ∈ l.push a, P x} :
+    (l.push a).attachWith P H =
+      (l.attachWith P (fun x h => by simp at H; exact H x (.inl h))).push ⟨a, H a (by simp)⟩ := by
+  cases l
+  simp [attachWith_congr (List.push_toArray _ _)]
+
+theorem pmap_eq_map_attach {p : α → Prop} (f : ∀ a, p a → β) (l H) :
+    pmap f l H = l.attach.map fun x => f x.1 (H _ x.2) := by
+  cases l
+  simp [List.pmap_eq_map_attach]
+
+@[simp]
+theorem pmap_eq_attachWith {p q : α → Prop} (f : ∀ a, p a → q a) (l H) :
+    pmap (fun a h => ⟨a, f a h⟩) l H = l.attachWith q (fun x h => f x (H x h)) := by
+  cases l
+  simp [List.pmap_eq_attachWith]
+
+theorem attach_map_coe (l : Array α) (f : α → β) :
+    (l.attach.map fun (i : {i // i ∈ l}) => f i) = l.map f := by
+  cases l
+  simp
+
+theorem attach_map_val (l : Array α) (f : α → β) : (l.attach.map fun i => f i.val) = l.map f :=
+  attach_map_coe _ _
+
+theorem attach_map_subtype_val (l : Array α) : l.attach.map Subtype.val = l := by
+  cases l; simp
+
+theorem attachWith_map_coe {p : α → Prop} (f : α → β) (l : Array α) (H : ∀ a ∈ l, p a) :
+    ((l.attachWith p H).map fun (i : { i // p i}) => f i) = l.map f := by
+  cases l; simp
+
+theorem attachWith_map_val {p : α → Prop} (f : α → β) (l : Array α) (H : ∀ a ∈ l, p a) :
+    ((l.attachWith p H).map fun i => f i.val) = l.map f :=
+  attachWith_map_coe _ _ _
+
+theorem attachWith_map_subtype_val {p : α → Prop} (l : Array α) (H : ∀ a ∈ l, p a) :
+    (l.attachWith p H).map Subtype.val = l := by
+  cases l; simp
+
+@[simp]
+theorem mem_attach (l : Array α) : ∀ x, x ∈ l.attach
+  | ⟨a, h⟩ => by
+    have := mem_map.1 (by rw [attach_map_subtype_val] <;> exact h)
+    rcases this with ⟨⟨_, _⟩, m, rfl⟩
+    exact m
+
+@[simp]
+theorem mem_attachWith (l : Array α) {q : α → Prop} (H) (x : {x // q x}) :
+    x ∈ l.attachWith q H ↔ x.1 ∈ l := by
+  cases l
+  simp
+
+@[simp]
+theorem mem_pmap {p : α → Prop} {f : ∀ a, p a → β} {l H b} :
+    b ∈ pmap f l H ↔ ∃ (a : _) (h : a ∈ l), f a (H a h) = b := by
+  simp only [pmap_eq_map_attach, mem_map, mem_attach, true_and, Subtype.exists, eq_comm]
+
+theorem mem_pmap_of_mem {p : α → Prop} {f : ∀ a, p a → β} {l H} {a} (h : a ∈ l) :
+    f a (H a h) ∈ pmap f l H := by
+  rw [mem_pmap]
+  exact ⟨a, h, rfl⟩
+
+@[simp]
+theorem size_pmap {p : α → Prop} {f : ∀ a, p a → β} {l H} : (pmap f l H).size = l.size := by
+  cases l; simp
+
+@[simp]
+theorem size_attach {L : Array α} : L.attach.size = L.size := by
+  cases L; simp
+
+@[simp]
+theorem size_attachWith {p : α → Prop} {l : Array α} {H} : (l.attachWith p H).size = l.size := by
+  cases l; simp
+
+@[simp]
+theorem pmap_eq_empty_iff {p : α → Prop} {f : ∀ a, p a → β} {l H} : pmap f l H = #[] ↔ l = #[] := by
+  cases l; simp
+
+theorem pmap_ne_empty_iff {P : α → Prop} (f : (a : α) → P a → β) {xs : Array α}
+    (H : ∀ (a : α), a ∈ xs → P a) : xs.pmap f H ≠ #[] ↔ xs ≠ #[] := by
+  cases xs; simp
+
+theorem pmap_eq_self {l : Array α} {p : α → Prop} {hp : ∀ (a : α), a ∈ l → p a}
+    {f : (a : α) → p a → α} : l.pmap f hp = l ↔ ∀ a (h : a ∈ l), f a (hp a h) = a := by
+  cases l; simp [List.pmap_eq_self]
+
+@[simp]
+theorem attach_eq_empty_iff {l : Array α} : l.attach = #[] ↔ l = #[] := by
+  cases l; simp
+
+theorem attach_ne_empty_iff {l : Array α} : l.attach ≠ #[] ↔ l ≠ #[] := by
+  cases l; simp
+
+@[simp]
+theorem attachWith_eq_empty_iff {l : Array α} {P : α → Prop} {H : ∀ a ∈ l, P a} :
+    l.attachWith P H = #[] ↔ l = #[] := by
+  cases l; simp
+
+theorem attachWith_ne_empty_iff {l : Array α} {P : α → Prop} {H : ∀ a ∈ l, P a} :
+    l.attachWith P H ≠ #[] ↔ l ≠ #[] := by
+  cases l; simp
+
+@[simp]
+theorem getElem?_pmap {p : α → Prop} (f : ∀ a, p a → β) {l : Array α} (h : ∀ a ∈ l, p a) (i : Nat) :
+    (pmap f l h)[i]? = Option.pmap f l[i]? fun x H => h x (mem_of_getElem? H) := by
+  cases l; simp
+
+@[simp]
+theorem getElem_pmap {p : α → Prop} (f : ∀ a, p a → β) {l : Array α} (h : ∀ a ∈ l, p a) {i : Nat}
+    (hi : i < (pmap f l h).size) :
+    (pmap f l h)[i] =
+      f (l[i]'(@size_pmap _ _ p f l h ▸ hi))
+        (h _ (getElem_mem (@size_pmap _ _ p f l h ▸ hi))) := by
+  cases l; simp
+
+@[simp]
+theorem getElem?_attachWith {xs : Array α} {i : Nat} {P : α → Prop} {H : ∀ a ∈ xs, P a} :
+    (xs.attachWith P H)[i]? = xs[i]?.pmap Subtype.mk (fun _ a => H _ (mem_of_getElem? a)) :=
+  getElem?_pmap ..
+
+@[simp]
+theorem getElem?_attach {xs : Array α} {i : Nat} :
+    xs.attach[i]? = xs[i]?.pmap Subtype.mk (fun _ a => mem_of_getElem? a) :=
+  getElem?_attachWith
+
+@[simp]
+theorem getElem_attachWith {xs : Array α} {P : α → Prop} {H : ∀ a ∈ xs, P a}
+    {i : Nat} (h : i < (xs.attachWith P H).size) :
+    (xs.attachWith P H)[i] = ⟨xs[i]'(by simpa using h), H _ (getElem_mem (by simpa using h))⟩ :=
+  getElem_pmap _ _ h
+
+@[simp]
+theorem getElem_attach {xs : Array α} {i : Nat} (h : i < xs.attach.size) :
+    xs.attach[i] = ⟨xs[i]'(by simpa using h), getElem_mem (by simpa using h)⟩ :=
+  getElem_attachWith h
+
+@[simp] theorem pmap_attach (l : Array α) {p : {x // x ∈ l} → Prop} (f : ∀ a, p a → β) (H) :
+    pmap f l.attach H =
+      l.pmap (P := fun a => ∃ h : a ∈ l, p ⟨a, h⟩)
+        (fun a h => f ⟨a, h.1⟩ h.2) (fun a h => ⟨h, H ⟨a, h⟩ (by simp)⟩) := by
+  ext <;> simp
+
+@[simp] theorem pmap_attachWith (l : Array α) {p : {x // q x} → Prop} (f : ∀ a, p a → β) (H₁ H₂) :
+    pmap f (l.attachWith q H₁) H₂ =
+      l.pmap (P := fun a => ∃ h : q a, p ⟨a, h⟩)
+        (fun a h => f ⟨a, h.1⟩ h.2) (fun a h => ⟨H₁ _ h, H₂ ⟨a, H₁ _ h⟩ (by simpa)⟩) := by
+  ext <;> simp
+
+theorem foldl_pmap (l : Array α) {P : α → Prop} (f : (a : α) → P a → β)
+  (H : ∀ (a : α), a ∈ l → P a) (g : γ → β → γ) (x : γ) :
+    (l.pmap f H).foldl g x = l.attach.foldl (fun acc a => g acc (f a.1 (H _ a.2))) x := by
+  rw [pmap_eq_map_attach, foldl_map]
+
+theorem foldr_pmap (l : Array α) {P : α → Prop} (f : (a : α) → P a → β)
+  (H : ∀ (a : α), a ∈ l → P a) (g : β → γ → γ) (x : γ) :
+    (l.pmap f H).foldr g x = l.attach.foldr (fun a acc => g (f a.1 (H _ a.2)) acc) x := by
+  rw [pmap_eq_map_attach, foldr_map]
+
+/--
+If we fold over `l.attach` with a function that ignores the membership predicate,
+we get the same results as folding over `l` directly.
+
+This is useful when we need to use `attach` to show termination.
+
+Unfortunately this can't be applied by `simp` because of the higher order unification problem,
+and even when rewriting we need to specify the function explicitly.
+See however `foldl_subtype` below.
+-/
+theorem foldl_attach (l : Array α) (f : β → α → β) (b : β) :
+    l.attach.foldl (fun acc t => f acc t.1) b = l.foldl f b := by
+  rcases l with ⟨l⟩
+  simp only [List.attach_toArray, List.attachWith_mem_toArray, List.map_attach, size_toArray,
+    List.length_pmap, List.foldl_toArray', mem_toArray, List.foldl_subtype]
+  congr
+  ext
+  simpa using fun a => List.mem_of_getElem? a
+
+/--
+If we fold over `l.attach` with a function that ignores the membership predicate,
+we get the same results as folding over `l` directly.
+
+This is useful when we need to use `attach` to show termination.
+
+Unfortunately this can't be applied by `simp` because of the higher order unification problem,
+and even when rewriting we need to specify the function explicitly.
+See however `foldr_subtype` below.
+-/
+theorem foldr_attach (l : Array α) (f : α → β → β) (b : β) :
+    l.attach.foldr (fun t acc => f t.1 acc) b = l.foldr f b := by
+  rcases l with ⟨l⟩
+  simp only [List.attach_toArray, List.attachWith_mem_toArray, List.map_attach, size_toArray,
+    List.length_pmap, List.foldr_toArray', mem_toArray, List.foldr_subtype]
+  congr
+  ext
+  simpa using fun a => List.mem_of_getElem? a
+
+theorem attach_map {l : Array α} (f : α → β) :
+    (l.map f).attach = l.attach.map (fun ⟨x, h⟩ => ⟨f x, mem_map_of_mem f h⟩) := by
+  cases l
+  ext <;> simp
+
+theorem attachWith_map {l : Array α} (f : α → β) {P : β → Prop} {H : ∀ (b : β), b ∈ l.map f → P b} :
+    (l.map f).attachWith P H = (l.attachWith (P ∘ f) (fun _ h => H _ (mem_map_of_mem f h))).map
+      fun ⟨x, h⟩ => ⟨f x, h⟩ := by
+  cases l
+  simp [List.attachWith_map]
+
+theorem map_attachWith {l : Array α} {P : α → Prop} {H : ∀ (a : α), a ∈ l → P a}
+    (f : { x // P x } → β) :
+    (l.attachWith P H).map f =
+      l.pmap (fun a (h : a ∈ l ∧ P a) => f ⟨a, H _ h.1⟩) (fun a h => ⟨h, H a h⟩) := by
+  cases l
+  ext <;> simp
+
+/-- See also `pmap_eq_map_attach` for writing `pmap` in terms of `map` and `attach`. -/
+theorem map_attach {l : Array α} (f : { x // x ∈ l } → β) :
+    l.attach.map f = l.pmap (fun a h => f ⟨a, h⟩) (fun _ => id) := by
+  cases l
+  ext <;> simp
+
+theorem attach_filterMap {l : Array α} {f : α → Option β} :
+    (l.filterMap f).attach = l.attach.filterMap
+      fun ⟨x, h⟩ => (f x).pbind (fun b m => some ⟨b, mem_filterMap.mpr ⟨x, h, m⟩⟩) := by
+  cases l
+  rw [attach_congr (List.filterMap_toArray f _)]
+  simp [List.attach_filterMap, List.map_filterMap, Function.comp_def]
+
+theorem attach_filter {l : Array α} (p : α → Bool) :
+    (l.filter p).attach = l.attach.filterMap
+      fun x => if w : p x.1 then some ⟨x.1, mem_filter.mpr ⟨x.2, w⟩⟩ else none := by
+  cases l
+  rw [attach_congr (List.filter_toArray p _)]
+  simp [List.attach_filter, List.map_filterMap, Function.comp_def]
+
+-- We are still missing here `attachWith_filterMap` and `attachWith_filter`.
+
+@[simp]
+theorem filterMap_attachWith {q : α → Prop} {l : Array α} {f : {x // q x} → Option β} (H)
+    (w : stop = (l.attachWith q H).size) :
+    (l.attachWith q H).filterMap f 0 stop = l.attach.filterMap (fun ⟨x, h⟩ => f ⟨x, H _ h⟩) := by
+  subst w
+  cases l
+  simp [Function.comp_def]
+
+@[simp]
+theorem filter_attachWith {q : α → Prop} {l : Array α} {p : {x // q x} → Bool} (H)
+    (w : stop = (l.attachWith q H).size) :
+    (l.attachWith q H).filter p 0 stop =
+      (l.attach.filter (fun ⟨x, h⟩ => p ⟨x, H _ h⟩)).map (fun ⟨x, h⟩ => ⟨x, H _ h⟩) := by
+  subst w
+  cases l
+  simp [Function.comp_def, List.filter_map]
+
+theorem pmap_pmap {p : α → Prop} {q : β → Prop} (g : ∀ a, p a → β) (f : ∀ b, q b → γ) (l H₁ H₂) :
+    pmap f (pmap g l H₁) H₂ =
+      pmap (α := { x // x ∈ l }) (fun a h => f (g a h) (H₂ (g a h) (mem_pmap_of_mem a.2))) l.attach
+        (fun a _ => H₁ a a.2) := by
+  cases l
+  simp [List.pmap_pmap, List.pmap_map]
+
+@[simp] theorem pmap_append {p : ι → Prop} (f : ∀ a : ι, p a → α) (l₁ l₂ : Array ι)
+    (h : ∀ a ∈ l₁ ++ l₂, p a) :
+    (l₁ ++ l₂).pmap f h =
+      (l₁.pmap f fun a ha => h a (mem_append_left l₂ ha)) ++
+        l₂.pmap f fun a ha => h a (mem_append_right l₁ ha) := by
+  cases l₁
+  cases l₂
+  simp
+
+theorem pmap_append' {p : α → Prop} (f : ∀ a : α, p a → β) (l₁ l₂ : Array α)
+    (h₁ : ∀ a ∈ l₁, p a) (h₂ : ∀ a ∈ l₂, p a) :
+    ((l₁ ++ l₂).pmap f fun a ha => (mem_append.1 ha).elim (h₁ a) (h₂ a)) =
+      l₁.pmap f h₁ ++ l₂.pmap f h₂ :=
+  pmap_append f l₁ l₂ _
+
+@[simp] theorem attach_append (xs ys : Array α) :
+    (xs ++ ys).attach = xs.attach.map (fun ⟨x, h⟩ => ⟨x, mem_append_left ys h⟩) ++
+      ys.attach.map fun ⟨x, h⟩ => ⟨x, mem_append_right xs h⟩ := by
+  cases xs
+  cases ys
+  rw [attach_congr (List.append_toArray _ _)]
+  simp [List.attach_append, Function.comp_def]
+
+@[simp] theorem attachWith_append {P : α → Prop} {xs ys : Array α}
+    {H : ∀ (a : α), a ∈ xs ++ ys → P a} :
+    (xs ++ ys).attachWith P H = xs.attachWith P (fun a h => H a (mem_append_left ys h)) ++
+      ys.attachWith P (fun a h => H a (mem_append_right xs h)) := by
+  simp [attachWith, attach_append, map_pmap, pmap_append]
+
+@[simp] theorem pmap_reverse {P : α → Prop} (f : (a : α) → P a → β) (xs : Array α)
+    (H : ∀ (a : α), a ∈ xs.reverse → P a) :
+    xs.reverse.pmap f H = (xs.pmap f (fun a h => H a (by simpa using h))).reverse := by
+  induction xs <;> simp_all
+
+theorem reverse_pmap {P : α → Prop} (f : (a : α) → P a → β) (xs : Array α)
+    (H : ∀ (a : α), a ∈ xs → P a) :
+    (xs.pmap f H).reverse = xs.reverse.pmap f (fun a h => H a (by simpa using h)) := by
+  rw [pmap_reverse]
+
+@[simp] theorem attachWith_reverse {P : α → Prop} {xs : Array α}
+    {H : ∀ (a : α), a ∈ xs.reverse → P a} :
+    xs.reverse.attachWith P H =
+      (xs.attachWith P (fun a h => H a (by simpa using h))).reverse := by
+  cases xs
+  simp
+
+theorem reverse_attachWith {P : α → Prop} {xs : Array α}
+    {H : ∀ (a : α), a ∈ xs → P a} :
+    (xs.attachWith P H).reverse = (xs.reverse.attachWith P (fun a h => H a (by simpa using h))) := by
+  cases xs
+  simp
+
+@[simp] theorem attach_reverse (xs : Array α) :
+    xs.reverse.attach = xs.attach.reverse.map fun ⟨x, h⟩ => ⟨x, by simpa using h⟩ := by
+  cases xs
+  rw [attach_congr (List.reverse_toArray _)]
+  simp
+
+theorem reverse_attach (xs : Array α) :
+    xs.attach.reverse = xs.reverse.attach.map fun ⟨x, h⟩ => ⟨x, by simpa using h⟩ := by
+  cases xs
+  simp
+
+@[simp] theorem back?_pmap {P : α → Prop} (f : (a : α) → P a → β) (xs : Array α)
+    (H : ∀ (a : α), a ∈ xs → P a) :
+    (xs.pmap f H).back? = xs.attach.back?.map fun ⟨a, m⟩ => f a (H a m) := by
+  cases xs
+  simp
+
+@[simp] theorem back?_attachWith {P : α → Prop} {xs : Array α}
+    {H : ∀ (a : α), a ∈ xs → P a} :
+    (xs.attachWith P H).back? = xs.back?.pbind (fun a h => some ⟨a, H _ (mem_of_back? h)⟩) := by
+  cases xs
+  simp
+
+@[simp]
+theorem back?_attach {xs : Array α} :
+    xs.attach.back? = xs.back?.pbind fun a h => some ⟨a, mem_of_back? h⟩ := by
+  cases xs
+  simp
+
+@[simp]
+theorem countP_attach (l : Array α) (p : α → Bool) :
+    l.attach.countP (fun a : {x // x ∈ l} => p a) = l.countP p := by
+  cases l
+  simp [Function.comp_def]
+
+@[simp]
+theorem countP_attachWith {p : α → Prop} (l : Array α) (H : ∀ a ∈ l, p a) (q : α → Bool) :
+    (l.attachWith p H).countP (fun a : {x // p x} => q a) = l.countP q := by
+  cases l
+  simp
+
+@[simp]
+theorem count_attach [DecidableEq α] (l : Array α) (a : {x // x ∈ l}) :
+    l.attach.count a = l.count ↑a := by
+  rcases l with ⟨l⟩
+  simp only [List.attach_toArray, List.attachWith_mem_toArray, List.count_toArray]
+  rw [List.map_attach, List.count_eq_countP]
+  simp only [Subtype.beq_iff]
+  rw [List.countP_pmap, List.countP_attach (p := (fun x => x == a.1)), List.count]
+
+@[simp]
+theorem count_attachWith [DecidableEq α] {p : α → Prop} (l : Array α) (H : ∀ a ∈ l, p a) (a : {x // p x}) :
+    (l.attachWith p H).count a = l.count ↑a := by
+  cases l
+  simp
+
+@[simp] theorem countP_pmap {p : α → Prop} (g : ∀ a, p a → β) (f : β → Bool) (l : Array α) (H₁) :
+    (l.pmap g H₁).countP f =
+      l.attach.countP (fun ⟨a, m⟩ => f (g a (H₁ a m))) := by
+  simp [pmap_eq_map_attach, countP_map, Function.comp_def]
+
 /-! ## unattach
 
 `Array.unattach` is the (one-sided) inverse of `Array.attach`. It is a synonym for `Array.map Subtype.val`.
@@ -98,7 +524,7 @@ and is ideally subsequently simplified away by `unattach_attach`.
 
 If not, usually the right approach is `simp [Array.unattach, -Array.map_subtype]` to unfold.
 -/
-def unattach {α : Type _} {p : α → Prop} (l : Array { x // p x }) := l.map (·.val)
+def unattach {α : Type _} {p : α → Prop} (l : Array { x // p x }) : Array α := l.map (·.val)
 
 @[simp] theorem unattach_nil {p : α → Prop} : (#[] : Array { x // p x }).unattach = #[] := rfl
 @[simp] theorem unattach_push {p : α → Prop} {a : { x // p x }} {l : Array { x // p x }} :
@@ -128,6 +554,15 @@ def unattach {α : Type _} {p : α → Prop} (l : Array { x // p x }) := l.map (
   cases l
   simp
 
+@[simp] theorem getElem?_unattach {p : α → Prop} {l : Array { x // p x }} (i : Nat) :
+    l.unattach[i]? = l[i]?.map Subtype.val := by
+  simp [unattach]
+
+@[simp] theorem getElem_unattach
+    {p : α → Prop} {l : Array { x // p x }} (i : Nat) (h : i < l.unattach.size) :
+    l.unattach[i] = (l[i]'(by simpa using h)).1 := by
+  simp [unattach]
+
 /-! ### Recognizing higher order functions using a function that only depends on the value. -/
 
 /--
@@ -212,4 +647,16 @@ and simplifies these to the function directly taking the value.
   cases l₂
   simp
 
+@[simp] theorem unattach_flatten {p : α → Prop} {l : Array (Array { x // p x })} :
+    l.flatten.unattach = (l.map unattach).flatten := by
+  unfold unattach
+  cases l using array₂_induction
+  simp only [flatten_toArray, List.map_map, Function.comp_def, List.map_id_fun', id_eq,
+    List.map_toArray, List.map_flatten, map_subtype, map_id_fun', List.unattach_toArray, mk.injEq]
+  simp only [List.unattach]
+
+@[simp] theorem unattach_mkArray {p : α → Prop} {n : Nat} {x : { x // p x }} :
+    (Array.mkArray n x).unattach = Array.mkArray n x.1 := by
+  simp [unattach]
+
 end Array

src/Init/Data/Array/Basic.lean

@@ -11,8 +11,9 @@ import Init.Data.UInt.BasicAux
 import Init.Data.Repr
 import Init.Data.ToString.Basic
 import Init.GetElem
-import Init.Data.List.ToArray
+import Init.Data.List.ToArrayImpl
 import Init.Data.Array.Set
+
 universe u v w
 
 /-! ### Array literal syntax -/
@@ -78,12 +79,15 @@ theorem ext' {as bs : Array α} (h : as.toList = bs.toList) : as = bs := by
 @[simp] theorem toArrayAux_eq (as : List α) (acc : Array α) : (as.toArrayAux acc).toList = acc.toList ++ as := by
   induction as generalizing acc <;> simp [*, List.toArrayAux, Array.push, List.append_assoc, List.concat_eq_append]
 
-@[simp] theorem toList_toArray (as : List α) : as.toArray.toList = as := rfl
+-- This does not need to be a simp lemma, as already after the `whnfR` the right hand side is `as`.
+theorem toList_toArray (as : List α) : as.toArray.toList = as := rfl
 
 @[simp] theorem size_toArray (as : List α) : as.toArray.size = as.length := by simp [size]
 
 @[simp] theorem getElem_toList {a : Array α} {i : Nat} (h : i < a.size) : a.toList[i] = a[i] := rfl
 
+@[simp] theorem getElem?_toList {a : Array α} {i : Nat} : a.toList[i]? = a[i]? := rfl
+
 /-- `a ∈ as` is a predicate which asserts that `a` is in the array `as`. -/
 -- NB: This is defined as a structure rather than a plain def so that a lemma
 -- like `sizeOf_lt_of_mem` will not apply with no actual arrays around.
@@ -96,6 +100,9 @@ instance : Membership α (Array α) where
 theorem mem_def {a : α} {as : Array α} : a ∈ as ↔ a ∈ as.toList :=
   ⟨fun | .mk h => h, Array.Mem.mk⟩
 
+@[simp] theorem mem_toArray {a : α} {l : List α} : a ∈ l.toArray ↔ a ∈ l := by
+  simp [mem_def]
+
 @[simp] theorem getElem_mem {l : Array α} {i : Nat} (h : i < l.size) : l[i] ∈ l := by
   rw [Array.mem_def, ← getElem_toList]
   apply List.getElem_mem
@@ -165,15 +172,15 @@ This will perform the update destructively provided that `a` has a reference
 count of 1 when called.
 -/
 @[extern "lean_array_fswap"]
-def swap (a : Array α) (i j : @& Fin a.size) : Array α :=
+def swap (a : Array α) (i j : @& Nat) (hi : i < a.size := by get_elem_tactic) (hj : j < a.size := by get_elem_tactic) : Array α :=
   let v₁ := a[i]
   let v₂ := a[j]
   let a'  := a.set i v₂
-  a'.set j v₁ (Nat.lt_of_lt_of_eq j.isLt (size_set a i v₂ _).symm)
+  a'.set j v₁ (Nat.lt_of_lt_of_eq hj (size_set a i v₂ _).symm)
 
-@[simp] theorem size_swap (a : Array α) (i j : Fin a.size) : (a.swap i j).size = a.size := by
+@[simp] theorem size_swap (a : Array α) (i j : Nat) {hi hj} : (a.swap i j hi hj).size = a.size := by
   show ((a.set i a[j]).set j a[i]
-    (Nat.lt_of_lt_of_eq j.isLt (size_set a i a[j] _).symm)).size = a.size
+    (Nat.lt_of_lt_of_eq hj (size_set a i a[j] _).symm)).size = a.size
   rw [size_set, size_set]
 
 /--
@@ -183,12 +190,14 @@ This will perform the update destructively provided that `a` has a reference
 count of 1 when called.
 -/
 @[extern "lean_array_swap"]
-def swap! (a : Array α) (i j : @& Nat) : Array α :=
+def swapIfInBounds (a : Array α) (i j : @& Nat) : Array α :=
   if h₁ : i < a.size then
-  if h₂ : j < a.size then swap a ⟨i, h₁⟩ ⟨j, h₂⟩
+  if h₂ : j < a.size then swap a i j
   else a
   else a
 
+@[deprecated swapIfInBounds (since := "2024-11-24")] abbrev swap! := @swapIfInBounds
+
 /-! ### GetElem instance for `USize`, backed by `uget` -/
 
 instance : GetElem (Array α) USize α fun xs i => i.toNat < xs.size where
@@ -200,7 +209,7 @@ instance : EmptyCollection (Array α) := ⟨Array.empty⟩
 instance : Inhabited (Array α) where
   default := Array.empty
 
-@[simp] def isEmpty (a : Array α) : Bool :=
+def isEmpty (a : Array α) : Bool :=
   a.size = 0
 
 @[specialize]
@@ -233,13 +242,12 @@ def ofFn {n} (f : Fin n → α) : Array α := go 0 (mkEmpty n) where
 
 /-- The array `#[0, 1, ..., n - 1]`. -/
 def range (n : Nat) : Array Nat :=
-  n.fold (flip Array.push) (mkEmpty n)
+  ofFn fun (i : Fin n) => i
 
-def singleton (v : α) : Array α :=
-  mkArray 1 v
+@[inline] protected def singleton (v : α) : Array α := #[v]
 
 def back! [Inhabited α] (a : Array α) : α :=
-  a.get! (a.size - 1)
+  a[a.size - 1]!
 
 @[deprecated back! (since := "2024-10-31")] abbrev back := @back!
 
@@ -249,7 +257,7 @@ def get? (a : Array α) (i : Nat) : Option α :=
 def back? (a : Array α) : Option α :=
   a[a.size - 1]?
 
-@[inline] def swapAt (a : Array α) (i : Fin a.size) (v : α) : α × Array α :=
+@[inline] def swapAt (a : Array α) (i : Nat) (v : α) (hi : i < a.size := by get_elem_tactic) : α × Array α :=
   let e := a[i]
   let a := a.set i v
   (e, a)
@@ -257,7 +265,7 @@ def back? (a : Array α) : Option α :=
 @[inline]
 def swapAt! (a : Array α) (i : Nat) (v : α) : α × Array α :=
   if h : i < a.size then
-    swapAt a ⟨i, h⟩ v
+    swapAt a i v
   else
     have : Inhabited (α × Array α) := ⟨(v, a)⟩
     panic! ("index " ++ toString i ++ " out of bounds")
@@ -447,7 +455,7 @@ def mapM {α : Type u} {β : Type v} {m : Type v → Type w} [Monad m] (f : α
 /-- Variant of `mapIdxM` which receives the index as a `Fin as.size`. -/
 @[inline]
 def mapFinIdxM {α : Type u} {β : Type v} {m : Type v → Type w} [Monad m]
-    (as : Array α) (f : Fin as.size → α → m β) : m (Array β) :=
+    (as : Array α) (f : (i : Nat) → α → (h : i < as.size) → m β) : m (Array β) :=
   let rec @[specialize] map (i : Nat) (j : Nat) (inv : i + j = as.size) (bs : Array β) : m (Array β) := do
     match i, inv with
     | 0,    _  => pure bs
@@ -456,12 +464,12 @@ def mapFinIdxM {α : Type u} {β : Type v} {m : Type v → Type w} [Monad m]
         rw [← inv, Nat.add_assoc, Nat.add_comm 1 j, Nat.add_comm]
         apply Nat.le_add_right
       have : i + (j + 1) = as.size := by rw [← inv, Nat.add_comm j 1, Nat.add_assoc]
-      map i (j+1) this (bs.push (← f ⟨j, j_lt⟩ (as.get j j_lt)))
+      map i (j+1) this (bs.push (← f j (as.get j j_lt) j_lt))
   map as.size 0 rfl (mkEmpty as.size)
 
 @[inline]
 def mapIdxM {α : Type u} {β : Type v} {m : Type v → Type w} [Monad m] (f : Nat → α → m β) (as : Array α) : m (Array β) :=
-  as.mapFinIdxM fun i a => f i a
+  as.mapFinIdxM fun i a _ => f i a
 
 @[inline]
 def findSomeM? {α : Type u} {β : Type v} {m : Type v → Type w} [Monad m] (f : α → m (Option β)) (as : Array α) : m (Option β) := do
@@ -471,6 +479,10 @@ def findSomeM? {α : Type u} {β : Type v} {m : Type v → Type w} [Monad m] (f
     | _      => pure ⟨⟩
   return none
 
+/--
+Note that the universe level is contrained to `Type` here,
+to avoid having to have the predicate live in `p : α → m (ULift Bool)`.
+-/
 @[inline]
 def findM? {α : Type} {m : Type → Type} [Monad m] (p : α → m Bool) (as : Array α) : m (Option α) := do
   for a in as do
@@ -564,13 +576,28 @@ def foldl {α : Type u} {β : Type v} (f : β → α → β) (init : β) (as : A
 def foldr {α : Type u} {β : Type v} (f : α → β → β) (init : β) (as : Array α) (start := as.size) (stop := 0) : β :=
   Id.run <| as.foldrM f init start stop
 
+/-- Sum of an array.
+
+`Array.sum #[a, b, c] = a + (b + (c + 0))` -/
+@[inline]
+def sum {α} [Add α] [Zero α] : Array α → α :=
+  foldr (· + ·) 0
+
+@[inline]
+def countP {α : Type u} (p : α → Bool) (as : Array α) : Nat :=
+  as.foldr (init := 0) fun a acc => bif p a then acc + 1 else acc
+
+@[inline]
+def count {α : Type u} [BEq α] (a : α) (as : Array α) : Nat :=
+  countP (· == a) as
+
 @[inline]
 def map {α : Type u} {β : Type v} (f : α → β) (as : Array α) : Array β :=
   Id.run <| as.mapM f
 
 /-- Variant of `mapIdx` which receives the index as a `Fin as.size`. -/
 @[inline]
-def mapFinIdx {α : Type u} {β : Type v} (as : Array α) (f : Fin as.size → α → β) : Array β :=
+def mapFinIdx {α : Type u} {β : Type v} (as : Array α) (f : (i : Nat) → α → (h : i < as.size) → β) : Array β :=
   Id.run <| as.mapFinIdxM f
 
 @[inline]
@@ -582,8 +609,12 @@ def zipWithIndex (arr : Array α) : Array (α × Nat) :=
   arr.mapIdx fun i a => (a, i)
 
 @[inline]
-def find? {α : Type} (p : α → Bool) (as : Array α) : Option α :=
-  Id.run <| as.findM? p
+def find? {α : Type u} (p : α → Bool) (as : Array α) : Option α :=
+  Id.run do
+    for a in as do
+      if p a then
+        return a
+    return none
 
 @[inline]
 def findSome? {α : Type u} {β : Type v} (f : α → Option β) (as : Array α) : Option β :=
@@ -613,8 +644,15 @@ def findIdx? {α : Type u} (p : α → Bool) (as : Array α) : Option Nat :=
     decreasing_by simp_wf; decreasing_trivial_pre_omega
   loop 0
 
-def getIdx? [BEq α] (a : Array α) (v : α) : Option Nat :=
-  a.findIdx? fun a => a == v
+@[inline]
+def findFinIdx? {α : Type u} (p : α → Bool) (as : Array α) : Option (Fin as.size) :=
+  let rec @[semireducible] -- This is otherwise irreducible because it uses well-founded recursion.
+  loop (j : Nat) :=
+    if h : j < as.size then
+      if p as[j] then some ⟨j, h⟩ else loop (j + 1)
+    else none
+    decreasing_by simp_wf; decreasing_trivial_pre_omega
+  loop 0
 
 @[semireducible] -- This is otherwise irreducible because it uses well-founded recursion.
 def indexOfAux [BEq α] (a : Array α) (v : α) (i : Nat) : Option (Fin a.size) :=
@@ -627,6 +665,10 @@ decreasing_by simp_wf; decreasing_trivial_pre_omega
 def indexOf? [BEq α] (a : Array α) (v : α) : Option (Fin a.size) :=
   indexOfAux a v 0
 
+@[deprecated indexOf? (since := "2024-11-20")]
+def getIdx? [BEq α] (a : Array α) (v : α) : Option Nat :=
+  a.findIdx? fun a => a == v
+
 @[inline]
 def any (as : Array α) (p : α → Bool) (start := 0) (stop := as.size) : Bool :=
   Id.run <| as.anyM p start stop
@@ -635,9 +677,15 @@ def any (as : Array α) (p : α → Bool) (start := 0) (stop := as.size) : Bool
 def all (as : Array α) (p : α → Bool) (start := 0) (stop := as.size) : Bool :=
   Id.run <| as.allM p start stop
 
+/-- `as.contains a` is true if there is some element `b` in `as` such that `a == b`. -/
 def contains [BEq α] (as : Array α) (a : α) : Bool :=
-  as.any (· == a)
+  as.any (a == ·)
 
+/--
+Variant of `Array.contains` with arguments reversed.
+
+For verification purposes, we simplify this to `contains`.
+-/
 def elem [BEq α] (a : α) (as : Array α) : Bool :=
   as.contains a
 
@@ -735,7 +783,7 @@ where
   loop (as : Array α) (i : Nat) (j : Fin as.size) :=
     if h : i < j then
       have := termination h
-      let as := as.swap ⟨i, Nat.lt_trans h j.2⟩ j
+      let as := as.swap i j (Nat.lt_trans h j.2)
       have : j-1 < as.size := by rw [size_swap]; exact Nat.lt_of_le_of_lt (Nat.pred_le _) j.2
       loop as (i+1) ⟨j-1, this⟩
     else
@@ -766,49 +814,63 @@ def takeWhile (p : α → Bool) (as : Array α) : Array α :=
     decreasing_by simp_wf; decreasing_trivial_pre_omega
   go 0 #[]
 
-/-- Remove the element at a given index from an array without bounds checks, using a `Fin` index.
+/--
+Remove the element at a given index from an array without a runtime bounds checks,
+using a `Nat` index and a tactic-provided bound.
 
-  This function takes worst case O(n) time because
-  it has to backshift all elements at positions greater than `i`.-/
+This function takes worst case O(n) time because
+it has to backshift all elements at positions greater than `i`.-/
 @[semireducible] -- This is otherwise irreducible because it uses well-founded recursion.
-def feraseIdx (a : Array α) (i : Fin a.size) : Array α :=
-  if h : i.val + 1 < a.size then
-    let a' := a.swap ⟨i.val + 1, h⟩ i
-    let i' : Fin a'.size := ⟨i.val + 1, by simp [a', h]⟩
-    a'.feraseIdx i'
+def eraseIdx (a : Array α) (i : Nat) (h : i < a.size := by get_elem_tactic) : Array α :=
+  if h' : i + 1 < a.size then
+    let a' := a.swap (i + 1) i
+    a'.eraseIdx (i + 1) (by simp [a', h'])
   else
     a.pop
-termination_by a.size - i.val
-decreasing_by simp_wf; exact Nat.sub_succ_lt_self _ _ i.isLt
+termination_by a.size - i
+decreasing_by simp_wf; exact Nat.sub_succ_lt_self _ _ h
 
 -- This is required in `Lean.Data.PersistentHashMap`.
-@[simp] theorem size_feraseIdx (a : Array α) (i : Fin a.size) : (a.feraseIdx i).size = a.size - 1 := by
-  induction a, i using Array.feraseIdx.induct with
-  | @case1 a i h a' _ ih =>
-    unfold feraseIdx
-    simp [h, a', ih]
-  | case2 a i h =>
-    unfold feraseIdx
-    simp [h]
+@[simp] theorem size_eraseIdx (a : Array α) (i : Nat) (h) : (a.eraseIdx i h).size = a.size - 1 := by
+  induction a, i, h using Array.eraseIdx.induct with
+  | @case1 a i h h' a' ih =>
+    unfold eraseIdx
+    simp +zetaDelta [h', a', ih]
+  | case2 a i h h' =>
+    unfold eraseIdx
+    simp [h']
 
 /-- Remove the element at a given index from an array, or do nothing if the index is out of bounds.
 
   This function takes worst case O(n) time because
   it has to backshift all elements at positions greater than `i`.-/
-def eraseIdx (a : Array α) (i : Nat) : Array α :=
-  if h : i < a.size then a.feraseIdx ⟨i, h⟩ else a
+def eraseIdxIfInBounds (a : Array α) (i : Nat) : Array α :=
+  if h : i < a.size then a.eraseIdx i h else a
+
+/-- Remove the element at a given index from an array, or panic if the index is out of bounds.
+
+This function takes worst case O(n) time because
+it has to backshift all elements at positions greater than `i`. -/
+def eraseIdx! (a : Array α) (i : Nat) : Array α :=
+  if h : i < a.size then a.eraseIdx i h else panic! "invalid index"
 
 def erase [BEq α] (as : Array α) (a : α) : Array α :=
   match as.indexOf? a with
   | none   => as
-  | some i => as.feraseIdx i
+  | some i => as.eraseIdx i
+
+/-- Erase the first element that satisfies the predicate `p`. -/
+def eraseP (as : Array α) (p : α → Bool) : Array α :=
+  match as.findIdx? p with
+  | none   => as
+  | some i => as.eraseIdxIfInBounds i
 
 /-- Insert element `a` at position `i`. -/
-@[inline] def insertAt (as : Array α) (i : Fin (as.size + 1)) (a : α) : Array α :=
+@[inline] def insertIdx (as : Array α) (i : Nat) (a : α) (_ : i ≤ as.size := by get_elem_tactic) : Array α :=
   let rec @[semireducible] -- This is otherwise irreducible because it uses well-founded recursion.
   loop (as : Array α) (j : Fin as.size) :=
-    if i.1 < j then
-      let j' := ⟨j-1, Nat.lt_of_le_of_lt (Nat.pred_le _) j.2⟩
+    if i < j then
+      let j' : Fin as.size := ⟨j-1, Nat.lt_of_le_of_lt (Nat.pred_le _) j.2⟩
       let as := as.swap j' j
       loop as ⟨j', by rw [size_swap]; exact j'.2⟩
     else
@@ -818,12 +880,23 @@ def erase [BEq α] (as : Array α) (a : α) : Array α :=
   let as := as.push a
   loop as ⟨j, size_push .. ▸ j.lt_succ_self⟩
 
+@[deprecated insertIdx (since := "2024-11-20")] abbrev insertAt := @insertIdx
+
 /-- Insert element `a` at position `i`. Panics if `i` is not `i ≤ as.size`. -/
-def insertAt! (as : Array α) (i : Nat) (a : α) : Array α :=
+def insertIdx! (as : Array α) (i : Nat) (a : α) : Array α :=
   if h : i ≤ as.size then
-    insertAt as ⟨i, Nat.lt_succ_of_le h⟩ a
+    insertIdx as i a
   else panic! "invalid index"
 
+@[deprecated insertIdx! (since := "2024-11-20")] abbrev insertAt! := @insertIdx!
+
+/-- Insert element `a` at position `i`, or do nothing if `as.size < i`. -/
+def insertIdxIfInBounds (as : Array α) (i : Nat) (a : α) : Array α :=
+  if h : i ≤ as.size then
+    insertIdx as i a
+  else
+    as
+
 @[semireducible] -- This is otherwise irreducible because it uses well-founded recursion.
 def isPrefixOfAux [BEq α] (as bs : Array α) (hle : as.size ≤ bs.size) (i : Nat) : Bool :=
   if h : i < as.size then
@@ -847,12 +920,12 @@ def isPrefixOf [BEq α] (as bs : Array α) : Bool :=
     false
 
 @[semireducible, specialize] -- This is otherwise irreducible because it uses well-founded recursion.
-def zipWithAux (f : α → β → γ) (as : Array α) (bs : Array β) (i : Nat) (cs : Array γ) : Array γ :=
+def zipWithAux (as : Array α) (bs : Array β) (f : α → β → γ) (i : Nat) (cs : Array γ) : Array γ :=
   if h : i < as.size then
     let a := as[i]
     if h : i < bs.size then
       let b := bs[i]
-      zipWithAux f as bs (i+1) <| cs.push <| f a b
+      zipWithAux as bs f (i+1) <| cs.push <| f a b
     else
       cs
   else
@@ -860,11 +933,23 @@ def zipWithAux (f : α → β → γ) (as : Array α) (bs : Array β) (i : Nat)
 decreasing_by simp_wf; decreasing_trivial_pre_omega
 
 @[inline] def zipWith (as : Array α) (bs : Array β) (f : α → β → γ) : Array γ :=
-  zipWithAux f as bs 0 #[]
+  zipWithAux as bs f 0 #[]
 
 def zip (as : Array α) (bs : Array β) : Array (α × β) :=
   zipWith as bs Prod.mk
 
+def zipWithAll (as : Array α) (bs : Array β) (f : Option α → Option β → γ) : Array γ :=
+  go as bs 0 #[]
+where go (as : Array α) (bs : Array β) (i : Nat) (cs : Array γ) :=
+  if i < max as.size bs.size then
+    let a := as[i]?
+    let b := bs[i]?
+    go as bs (i+1) (cs.push (f a b))
+  else
+    cs
+  termination_by max as.size bs.size - i
+  decreasing_by simp_wf; decreasing_trivial_pre_omega
+
 def unzip (as : Array (α × β)) : Array α × Array β :=
   as.foldl (init := (#[], #[])) fun (as, bs) (a, b) => (as.push a, bs.push b)
 
@@ -873,6 +958,13 @@ def split (as : Array α) (p : α → Bool) : Array α × Array α :=
   as.foldl (init := (#[], #[])) fun (as, bs) a =>
     if p a then (as.push a, bs) else (as, bs.push a)
 
+/-! ### Lexicographic ordering -/
+
+instance instLT [LT α] : LT (Array α) := ⟨fun as bs => as.toList < bs.toList⟩
+instance instLE [LT α] : LE (Array α) := ⟨fun as bs => as.toList ≤ bs.toList⟩
+
+-- See `Init.Data.Array.Lex.Basic` for the boolean valued lexicographic comparator.
+
 /-! ## Auxiliary functions used in metaprogramming.
 
 We do not currently intend to provide verification theorems for these functions.

src/Init/Data/Array/BasicAux.lean

@@ -32,10 +32,8 @@ private theorem List.of_toArrayAux_eq_toArrayAux {as bs : List α} {cs ds : Arra
     have := Array.of_push_eq_push ih₂
     simp [this]
 
-@[simp] theorem List.toArray_eq_toArray_eq (as bs : List α) : (as.toArray = bs.toArray) = (as = bs) := by
-  apply propext; apply Iff.intro
-  · intro h; simpa [toArray] using h
-  · intro h; rw [h]
+theorem List.toArray_eq_toArray_eq (as bs : List α) : (as.toArray = bs.toArray) = (as = bs) := by
+  simp
 
 def Array.mapM' [Monad m] (f : α → m β) (as : Array α) : m { bs : Array β // bs.size = as.size } :=
   go 0 ⟨mkEmpty as.size, rfl⟩ (by simp)

src/Init/Data/Array/BinSearch.lean

@@ -5,59 +5,64 @@ Authors: Leonardo de Moura
 -/
 prelude
 import Init.Data.Array.Basic
+import Init.Omega
 universe u v
 
--- TODO: CLEANUP
-
 namespace Array
--- TODO: remove the [Inhabited α] parameters as soon as we have the tactic framework for automating proof generation and using Array.fget
--- TODO: remove `partial` using well-founded recursion
 
-@[specialize] partial def binSearchAux {α : Type u} {β : Type v} [Inhabited β] (lt : α → α → Bool) (found : Option α → β) (as : Array α) (k : α) : Nat → Nat → β
-  | lo, hi =>
-    if lo <= hi then
-      let _ := Inhabited.mk k
-      let m := (lo + hi)/2
-      let a := as.get! m
-      if lt a k then binSearchAux lt found as k (m+1) hi
-      else if lt k a then
-        if m == 0 then found none
-        else binSearchAux lt found as k lo (m-1)
-      else found (some a)
-    else found none
+@[specialize] def binSearchAux {α : Type u} {β : Type v} (lt : α → α → Bool) (found : Option α → β) (as : Array α) (k : α) :
+    (lo : Fin (as.size + 1)) → (hi : Fin as.size) → (lo.1 ≤ hi.1) → β
+  | lo, hi, h =>
+    let m := (lo.1 + hi.1)/2
+    let a := as[m]
+    if lt a k then
+      if h' : m + 1 ≤ hi.1 then
+        binSearchAux lt found as k ⟨m+1, by omega⟩ hi h'
+      else found none
+    else if lt k a then
+      if h' : m = 0 ∨ m - 1 < lo.1 then found none
+      else binSearchAux lt found as k lo ⟨m-1, by omega⟩ (by simp; omega)
+    else found (some a)
+termination_by lo hi => hi.1 - lo.1
 
 @[inline] def binSearch {α : Type} (as : Array α) (k : α) (lt : α → α → Bool) (lo := 0) (hi := as.size - 1) : Option α :=
-  if lo < as.size then
+  if h : lo < as.size then
     let hi := if hi < as.size then hi else as.size - 1
-    binSearchAux lt id as k lo hi
+    if w : lo ≤ hi then
+      binSearchAux lt id as k ⟨lo, by omega⟩ ⟨hi, by simp [hi]; split <;> omega⟩ (by simp [hi]; omega)
+    else
+      none
   else
     none
 
 @[inline] def binSearchContains {α : Type} (as : Array α) (k : α) (lt : α → α → Bool) (lo := 0) (hi := as.size - 1) : Bool :=
-  if lo < as.size then
+  if h : lo < as.size then
     let hi := if hi < as.size then hi else as.size - 1
-    binSearchAux lt Option.isSome as k lo hi
+    if w : lo ≤ hi then
+      binSearchAux lt Option.isSome as k ⟨lo, by omega⟩ ⟨hi, by simp [hi]; split <;> omega⟩ (by simp [hi]; omega)
+    else
+      false
   else
     false
 
-@[specialize] private partial def binInsertAux {α : Type u} {m : Type u → Type v} [Monad m]
+@[specialize] private def binInsertAux {α : Type u} {m : Type u → Type v} [Monad m]
     (lt : α → α → Bool)
     (merge : α → m α)
     (add : Unit → m α)
     (as : Array α)
-    (k : α) : Nat → Nat → m (Array α)
-  | lo, hi =>
-    let _ := Inhabited.mk k
-    -- as[lo] < k < as[hi]
-    let mid    := (lo + hi)/2
-    let midVal := as.get! mid
-    if lt midVal k then
-      if mid == lo then do let v ← add (); pure <| as.insertAt! (lo+1) v
-      else binInsertAux lt merge add as k mid hi
-    else if lt k midVal then
-      binInsertAux lt merge add as k lo mid
+    (k : α) : (lo : Fin as.size) → (hi : Fin as.size) → (lo.1 ≤ hi.1) → (lt as[lo] k) → m (Array α)
+  | lo, hi, h, w =>
+    let mid    := (lo.1 + hi.1)/2
+    let midVal := as[mid]
+    if w₁ : lt midVal k then
+      if h' : mid = lo then do let v ← add (); pure <| as.insertIdx (lo+1) v
+      else binInsertAux lt merge add as k ⟨mid, by omega⟩ hi (by simp; omega) w₁
+    else if w₂ : lt k midVal then
+      have : mid ≠ lo := fun z => by simp [midVal, z] at w₁; simp_all
+      binInsertAux lt merge add as k lo ⟨mid, by omega⟩ (by simp; omega) w
     else do
       as.modifyM mid <| fun v => merge v
+termination_by lo hi => hi.1 - lo.1
 
 @[specialize] def binInsertM {α : Type u} {m : Type u → Type v} [Monad m]
     (lt : α → α → Bool)
@@ -65,13 +70,12 @@ namespace Array
     (add : Unit → m α)
     (as : Array α)
     (k : α) : m (Array α) :=
-  let _ := Inhabited.mk k
-  if as.isEmpty then do let v ← add (); pure <| as.push v
-  else if lt k (as.get! 0) then do let v ← add (); pure <| as.insertAt! 0 v
-  else if !lt (as.get! 0) k then as.modifyM 0 <| merge
-  else if lt as.back! k then do let v ← add (); pure <| as.push v
-  else if !lt k as.back! then as.modifyM (as.size - 1) <| merge
-  else binInsertAux lt merge add as k 0 (as.size - 1)
+  if h : as.size = 0 then do let v ← add (); pure <| as.push v
+  else if lt k as[0] then do let v ← add (); pure <| as.insertIdx 0 v
+  else if h' : !lt as[0] k then as.modifyM 0 <| merge
+  else if lt as[as.size - 1] k then do let v ← add (); pure <| as.push v
+  else if !lt k as[as.size - 1] then as.modifyM (as.size - 1) <| merge
+  else binInsertAux lt merge add as k ⟨0, by omega⟩ ⟨as.size - 1, by omega⟩ (by simp) (by simpa using h')
 
 @[inline] def binInsert {α : Type u} (lt : α → α → Bool) (as : Array α) (k : α) : Array α :=
   Id.run <| binInsertM lt (fun _ => k) (fun _ => k) as k

src/Init/Data/Array/Bootstrap.lean

@@ -23,7 +23,7 @@ theorem foldlM_toList.aux [Monad m]
   · cases Nat.not_le_of_gt ‹_› (Nat.zero_add _ ▸ H)
   · rename_i i; rw [Nat.succ_add] at H
     simp [foldlM_toList.aux f arr i (j+1) H]
-    rw (occs := .pos [2]) [← List.getElem_cons_drop_succ_eq_drop ‹_›]
+    rw (occs := [2]) [← List.getElem_cons_drop_succ_eq_drop ‹_›]
     rfl
   · rw [List.drop_of_length_le (Nat.ge_of_not_lt ‹_›)]; rfl
 
@@ -81,23 +81,32 @@ theorem foldrM_eq_reverse_foldlM_toList [Monad m] (f : α → β → m β) (init
 
 @[simp] theorem toList_empty : (#[] : Array α).toList = [] := rfl
 
-@[simp] theorem append_nil (as : Array α) : as ++ #[] = as := by
+@[simp] theorem append_empty (as : Array α) : as ++ #[] = as := by
   apply ext'; simp only [toList_append, toList_empty, List.append_nil]
 
-@[simp] theorem nil_append (as : Array α) : #[] ++ as = as := by
+@[deprecated append_empty (since := "2025-01-13")]
+abbrev append_nil := @append_empty
+
+@[simp] theorem empty_append (as : Array α) : #[] ++ as = as := by
   apply ext'; simp only [toList_append, toList_empty, List.nil_append]
 
+@[deprecated empty_append (since := "2025-01-13")]
+abbrev nil_append := @empty_append
+
 @[simp] theorem append_assoc (as bs cs : Array α) : as ++ bs ++ cs = as ++ (bs ++ cs) := by
   apply ext'; simp only [toList_append, List.append_assoc]
 
 @[simp] theorem appendList_eq_append
     (arr : Array α) (l : List α) : arr.appendList l = arr ++ l := rfl
 
-@[simp] theorem appendList_toList (arr : Array α) (l : List α) :
+@[simp] theorem toList_appendList (arr : Array α) (l : List α) :
     (arr ++ l).toList = arr.toList ++ l := by
   rw [← appendList_eq_append]; unfold Array.appendList
   induction l generalizing arr <;> simp [*]
 
+@[deprecated toList_appendList (since := "2024-12-11")]
+abbrev appendList_toList := @toList_appendList
+
 @[deprecated "Use the reverse direction of `foldrM_toList`." (since := "2024-11-13")]
 theorem foldrM_eq_foldrM_toList [Monad m]
     (f : α → β → m β) (init : β) (arr : Array α) :
@@ -149,7 +158,7 @@ abbrev pop_data := @pop_toList
 @[deprecated toList_append (since := "2024-09-09")]
 abbrev append_data := @toList_append
 
-@[deprecated appendList_toList (since := "2024-09-09")]
-abbrev appendList_data := @appendList_toList
+@[deprecated toList_appendList (since := "2024-09-09")]
+abbrev appendList_data := @toList_appendList
 
 end Array

src/Init/Data/Array/Count.lean

@@ -0,0 +1,270 @@
+/-
+Copyright (c) 2025 Lean FRO, LLC. All rights reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Kim Morrison
+-/
+prelude
+import Init.Data.Array.Lemmas
+import Init.Data.List.Nat.Count
+
+/-!
+# Lemmas about `Array.countP` and `Array.count`.
+-/
+
+namespace Array
+
+open Nat
+
+/-! ### countP -/
+section countP
+
+variable (p q : α → Bool)
+
+@[simp] theorem countP_empty : countP p #[] = 0 := rfl
+
+@[simp] theorem countP_push_of_pos (l) (pa : p a) : countP p (l.push a) = countP p l + 1 := by
+  rcases l with ⟨l⟩
+  simp_all
+
+@[simp] theorem countP_push_of_neg (l) (pa : ¬p a) : countP p (l.push a) = countP p l := by
+  rcases l with ⟨l⟩
+  simp_all
+
+theorem countP_push (a : α) (l) : countP p (l.push a) = countP p l + if p a then 1 else 0 := by
+  rcases l with ⟨l⟩
+  simp_all
+
+@[simp] theorem countP_singleton (a : α) : countP p #[a] = if p a then 1 else 0 := by
+  simp [countP_push]
+
+theorem size_eq_countP_add_countP (l) : l.size = countP p l + countP (fun a => ¬p a) l := by
+  cases l
+  simp [List.length_eq_countP_add_countP (p := p)]
+
+theorem countP_eq_size_filter (l) : countP p l = (filter p l).size := by
+  cases l
+  simp [List.countP_eq_length_filter]
+
+theorem countP_eq_size_filter' : countP p = size ∘ filter p := by
+  funext l
+  apply countP_eq_size_filter
+
+theorem countP_le_size : countP p l ≤ l.size := by
+  simp only [countP_eq_size_filter]
+  apply size_filter_le
+
+@[simp] theorem countP_append (l₁ l₂) : countP p (l₁ ++ l₂) = countP p l₁ + countP p l₂ := by
+  cases l₁
+  cases l₂
+  simp
+
+@[simp] theorem countP_pos_iff {p} : 0 < countP p l ↔ ∃ a ∈ l, p a := by
+  cases l
+  simp
+
+@[simp] theorem one_le_countP_iff {p} : 1 ≤ countP p l ↔ ∃ a ∈ l, p a :=
+  countP_pos_iff
+
+@[simp] theorem countP_eq_zero {p} : countP p l = 0 ↔ ∀ a ∈ l, ¬p a := by
+  cases l
+  simp
+
+@[simp] theorem countP_eq_size {p} : countP p l = l.size ↔ ∀ a ∈ l, p a := by
+  cases l
+  simp
+
+theorem countP_mkArray (p : α → Bool) (a : α) (n : Nat) :
+    countP p (mkArray n a) = if p a then n else 0 := by
+  simp [← List.toArray_replicate, List.countP_replicate]
+
+theorem boole_getElem_le_countP (p : α → Bool) (l : Array α) (i : Nat) (h : i < l.size) :
+    (if p l[i] then 1 else 0) ≤ l.countP p := by
+  cases l
+  simp [List.boole_getElem_le_countP]
+
+theorem countP_set (p : α → Bool) (l : Array α) (i : Nat) (a : α) (h : i < l.size) :
+    (l.set i a).countP p = l.countP p - (if p l[i] then 1 else 0) + (if p a then 1 else 0) := by
+  cases l
+  simp [List.countP_set, h]
+
+theorem countP_filter (l : Array α) :
+    countP p (filter q l) = countP (fun a => p a && q a) l := by
+  cases l
+  simp [List.countP_filter]
+
+@[simp] theorem countP_true : (countP fun (_ : α) => true) = size := by
+  funext l
+  simp
+
+@[simp] theorem countP_false : (countP fun (_ : α) => false) = Function.const _ 0 := by
+  funext l
+  simp
+
+@[simp] theorem countP_map (p : β → Bool) (f : α → β) (l : Array α) :
+    countP p (map f l) = countP (p ∘ f) l := by
+  cases l
+  simp
+
+theorem size_filterMap_eq_countP (f : α → Option β) (l : Array α) :
+    (filterMap f l).size = countP (fun a => (f a).isSome) l := by
+  cases l
+  simp [List.length_filterMap_eq_countP]
+
+theorem countP_filterMap (p : β → Bool) (f : α → Option β) (l : Array α) :
+    countP p (filterMap f l) = countP (fun a => ((f a).map p).getD false) l := by
+  cases l
+  simp [List.countP_filterMap]
+
+@[simp] theorem countP_flatten (l : Array (Array α)) :
+    countP p l.flatten = (l.map (countP p)).sum := by
+  cases l using array₂_induction
+  simp [List.countP_flatten, Function.comp_def]
+
+theorem countP_flatMap (p : β → Bool) (l : Array α) (f : α → Array β) :
+    countP p (l.flatMap f) = sum (map (countP p ∘ f) l) := by
+  cases l
+  simp [List.countP_flatMap, Function.comp_def]
+
+@[simp] theorem countP_reverse (l : Array α) : countP p l.reverse = countP p l := by
+  cases l
+  simp [List.countP_reverse]
+
+variable {p q}
+
+theorem countP_mono_left (h : ∀ x ∈ l, p x → q x) : countP p l ≤ countP q l := by
+  cases l
+  simpa using List.countP_mono_left (by simpa using h)
+
+theorem countP_congr (h : ∀ x ∈ l, p x ↔ q x) : countP p l = countP q l :=
+  Nat.le_antisymm
+    (countP_mono_left fun x hx => (h x hx).1)
+    (countP_mono_left fun x hx => (h x hx).2)
+
+end countP
+
+/-! ### count -/
+section count
+
+variable [BEq α]
+
+@[simp] theorem count_empty (a : α) : count a #[] = 0 := rfl
+
+theorem count_push (a b : α) (l : Array α) :
+    count a (l.push b) = count a l + if b == a then 1 else 0 := by
+  simp [count, countP_push]
+
+theorem count_eq_countP (a : α) (l : Array α) : count a l = countP (· == a) l := rfl
+theorem count_eq_countP' {a : α} : count a = countP (· == a) := by
+  funext l
+  apply count_eq_countP
+
+theorem count_le_size (a : α) (l : Array α) : count a l ≤ l.size := countP_le_size _
+
+theorem count_le_count_push (a b : α) (l : Array α) : count a l ≤ count a (l.push b) := by
+  simp [count_push]
+
+@[simp] theorem count_singleton (a b : α) : count a #[b] = if b == a then 1 else 0 := by
+  simp [count_eq_countP]
+
+@[simp] theorem count_append (a : α) : ∀ l₁ l₂, count a (l₁ ++ l₂) = count a l₁ + count a l₂ :=
+  countP_append _
+
+@[simp] theorem count_flatten (a : α) (l : Array (Array α)) :
+    count a l.flatten = (l.map (count a)).sum := by
+  cases l using array₂_induction
+  simp [List.count_flatten, Function.comp_def]
+
+@[simp] theorem count_reverse (a : α) (l : Array α) : count a l.reverse = count a l := by
+  cases l
+  simp
+
+theorem boole_getElem_le_count (a : α) (l : Array α) (i : Nat) (h : i < l.size) :
+    (if l[i] == a then 1 else 0) ≤ l.count a := by
+  rw [count_eq_countP]
+  apply boole_getElem_le_countP (· == a)
+
+theorem count_set (a b : α) (l : Array α) (i : Nat) (h : i < l.size) :
+    (l.set i a).count b = l.count b - (if l[i] == b then 1 else 0) + (if a == b then 1 else 0) := by
+  simp [count_eq_countP, countP_set, h]
+
+variable [LawfulBEq α]
+
+@[simp] theorem count_push_self (a : α) (l : Array α) : count a (l.push a) = count a l + 1 := by
+  simp [count_push]
+
+@[simp] theorem count_push_of_ne (h : b ≠ a) (l : Array α) : count a (l.push b) = count a l := by
+  simp_all [count_push, h]
+
+theorem count_singleton_self (a : α) : count a #[a] = 1 := by simp
+
+@[simp]
+theorem count_pos_iff {a : α} {l : Array α} : 0 < count a l ↔ a ∈ l := by
+  simp only [count, countP_pos_iff, beq_iff_eq, exists_eq_right]
+
+@[simp] theorem one_le_count_iff {a : α} {l : Array α} : 1 ≤ count a l ↔ a ∈ l :=
+  count_pos_iff
+
+theorem count_eq_zero_of_not_mem {a : α} {l : Array α} (h : a ∉ l) : count a l = 0 :=
+  Decidable.byContradiction fun h' => h <| count_pos_iff.1 (Nat.pos_of_ne_zero h')
+
+theorem not_mem_of_count_eq_zero {a : α} {l : Array α} (h : count a l = 0) : a ∉ l :=
+  fun h' => Nat.ne_of_lt (count_pos_iff.2 h') h.symm
+
+theorem count_eq_zero {l : Array α} : count a l = 0 ↔ a ∉ l :=
+  ⟨not_mem_of_count_eq_zero, count_eq_zero_of_not_mem⟩
+
+theorem count_eq_size {l : Array α} : count a l = l.size ↔ ∀ b ∈ l, a = b := by
+  rw [count, countP_eq_size]
+  refine ⟨fun h b hb => Eq.symm ?_, fun h b hb => ?_⟩
+  · simpa using h b hb
+  · rw [h b hb, beq_self_eq_true]
+
+@[simp] theorem count_mkArray_self (a : α) (n : Nat) : count a (mkArray n a) = n := by
+  simp [← List.toArray_replicate]
+
+theorem count_mkArray (a b : α) (n : Nat) : count a (mkArray n b) = if b == a then n else 0 := by
+  simp [← List.toArray_replicate, List.count_replicate]
+
+theorem filter_beq (l : Array α) (a : α) : l.filter (· == a) = mkArray (count a l) a := by
+  cases l
+  simp [List.filter_beq]
+
+theorem filter_eq {α} [DecidableEq α] (l : Array α) (a : α) : l.filter (· = a) = mkArray (count a l) a :=
+  filter_beq l a
+
+theorem mkArray_count_eq_of_count_eq_size {l : Array α} (h : count a l = l.size) :
+    mkArray (count a l) a = l := by
+  cases l
+  rw [← toList_inj]
+  simp [List.replicate_count_eq_of_count_eq_length (by simpa using h)]
+
+@[simp] theorem count_filter {l : Array α} (h : p a) : count a (filter p l) = count a l := by
+  cases l
+  simp [List.count_filter, h]
+
+theorem count_le_count_map [DecidableEq β] (l : Array α) (f : α → β) (x : α) :
+    count x l ≤ count (f x) (map f l) := by
+  cases l
+  simp [List.count_le_count_map, countP_map]
+
+theorem count_filterMap {α} [BEq β] (b : β) (f : α → Option β) (l : Array α) :
+    count b (filterMap f l) = countP (fun a => f a == some b) l := by
+  cases l
+  simp [List.count_filterMap, countP_filterMap]
+
+theorem count_flatMap {α} [BEq β] (l : Array α) (f : α → Array β) (x : β) :
+    count x (l.flatMap f) = sum (map (count x ∘ f) l) := by
+  simp [count_eq_countP, countP_flatMap, Function.comp_def]
+
+-- FIXME these theorems can be restored once `List.erase` and `Array.erase` have been related.
+
+-- theorem count_erase (a b : α) (l : Array α) : count a (l.erase b) = count a l - if b == a then 1 else 0 := by
+--   sorry
+
+-- @[simp] theorem count_erase_self (a : α) (l : Array α) :
+--     count a (l.erase a) = count a l - 1 := by rw [count_erase, if_pos (by simp)]
+
+-- @[simp] theorem count_erase_of_ne (ab : a ≠ b) (l : Array α) : count a (l.erase b) = count a l := by
+--   rw [count_erase, if_neg (by simpa using ab.symm), Nat.sub_zero]
+
+end count

src/Init/Data/Array/DecidableEq.lean

@@ -6,7 +6,6 @@ Authors: Leonardo de Moura
 prelude
 import Init.Data.Array.Basic
 import Init.Data.BEq
-import Init.Data.Nat.Lemmas
 import Init.Data.List.Nat.BEq
 import Init.ByCases
 
@@ -43,7 +42,7 @@ theorem rel_of_isEqv {r : α → α → Bool} {a b : Array α} :
   · exact fun h' => ⟨h, fun i => rel_of_isEqvAux h (Nat.le_refl ..) h'⟩
   · intro; contradiction
 
-theorem isEqv_iff_rel (a b : Array α) (r) :
+theorem isEqv_iff_rel {a b : Array α} {r} :
     Array.isEqv a b r ↔ ∃ h : a.size = b.size, ∀ (i : Nat) (h' : i < a.size), r (a[i]) (b[i]'(h ▸ h')) :=
   ⟨rel_of_isEqv, fun ⟨h, w⟩ => by
     simp only [isEqv, ← h, ↓reduceDIte]

src/Init/Data/Array/FinRange.lean

@@ -0,0 +1,14 @@
+/-
+Copyright (c) 2024 François G. Dorais. All rights reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: François G. Dorais
+-/
+prelude
+import Init.Data.List.FinRange
+
+namespace Array
+
+/-- `finRange n` is the array of all elements of `Fin n` in order. -/
+protected def finRange (n : Nat) : Array (Fin n) := ofFn fun i => i
+
+end Array

src/Init/Data/Array/Find.lean

@@ -74,14 +74,14 @@ theorem findSome?_append {l₁ l₂ : Array α} : (l₁ ++ l₂).findSome? f = (
 
 theorem getElem?_zero_flatten (L : Array (Array α)) :
     (flatten L)[0]? = L.findSome? fun l => l[0]? := by
-  cases L using array_array_induction
+  cases L using array₂_induction
   simp [← List.head?_eq_getElem?, List.head?_flatten, List.findSome?_map, Function.comp_def]
 
 theorem getElem_zero_flatten.proof {L : Array (Array α)} (h : 0 < L.flatten.size) :
     (L.findSome? fun l => l[0]?).isSome := by
-  cases L using array_array_induction
+  cases L using array₂_induction
   simp only [List.findSome?_toArray, List.findSome?_map, Function.comp_def, List.getElem?_toArray,
-    List.findSome?_isSome_iff, List.isSome_getElem?]
+    List.findSome?_isSome_iff, isSome_getElem?]
   simp only [flatten_toArray_map_toArray, size_toArray, List.length_flatten,
     Nat.sum_pos_iff_exists_pos, List.mem_map] at h
   obtain ⟨_, ⟨xs, m, rfl⟩, h⟩ := h
@@ -95,11 +95,11 @@ theorem getElem_zero_flatten {L : Array (Array α)} (h) :
 
 theorem back?_flatten {L : Array (Array α)} :
     (flatten L).back? = (L.findSomeRev? fun l => l.back?) := by
-  cases L using array_array_induction
+  cases L using array₂_induction
   simp [List.getLast?_flatten, ← List.map_reverse, List.findSome?_map, Function.comp_def]
 
 theorem findSome?_mkArray : findSome? f (mkArray n a) = if n = 0 then none else f a := by
-  simp [mkArray_eq_toArray_replicate, List.findSome?_replicate]
+  simp [← List.toArray_replicate, List.findSome?_replicate]
 
 @[simp] theorem findSome?_mkArray_of_pos (h : 0 < n) : findSome? f (mkArray n a) = f a := by
   simp [findSome?_mkArray, Nat.ne_of_gt h]
@@ -203,7 +203,7 @@ theorem get_find?_mem {xs : Array α} (h) : (xs.find? p).get h ∈ xs := by
 
 @[simp] theorem find?_flatten (xs : Array (Array α)) (p : α → Bool) :
     xs.flatten.find? p = xs.findSome? (·.find? p) := by
-  cases xs using array_array_induction
+  cases xs using array₂_induction
   simp [List.findSome?_map, Function.comp_def]
 
 theorem find?_flatten_eq_none {xs : Array (Array α)} {p : α → Bool} :
@@ -220,7 +220,7 @@ theorem find?_flatten_eq_some {xs : Array (Array α)} {p : α → Bool} {a : α}
       p a ∧ ∃ (as : Array (Array α)) (ys zs : Array α) (bs : Array (Array α)),
         xs = as.push (ys.push a ++ zs) ++ bs ∧
         (∀ a ∈ as, ∀ x ∈ a, !p x) ∧ (∀ x ∈ ys, !p x) := by
-  cases xs using array_array_induction
+  cases xs using array₂_induction
   simp only [flatten_toArray_map_toArray, List.find?_toArray, List.find?_flatten_eq_some]
   simp only [Bool.not_eq_eq_eq_not, Bool.not_true, exists_and_right, and_congr_right_iff]
   intro w
@@ -246,7 +246,7 @@ theorem find?_flatMap_eq_none {xs : Array α} {f : α → Array β} {p : β →
 
 theorem find?_mkArray :
     find? p (mkArray n a) = if n = 0 then none else if p a then some a else none := by
-  simp [mkArray_eq_toArray_replicate, List.find?_replicate]
+  simp [← List.toArray_replicate, List.find?_replicate]
 
 @[simp] theorem find?_mkArray_of_length_pos (h : 0 < n) :
     find? p (mkArray n a) = if p a then some a else none := by
@@ -262,14 +262,20 @@ theorem find?_mkArray :
 -- This isn't a `@[simp]` lemma since there is already a lemma for `l.find? p = none` for any `l`.
 theorem find?_mkArray_eq_none {n : Nat} {a : α} {p : α → Bool} :
     (mkArray n a).find? p = none ↔ n = 0 ∨ !p a := by
-  simp [mkArray_eq_toArray_replicate, List.find?_replicate_eq_none, Classical.or_iff_not_imp_left]
+  simp [← List.toArray_replicate, List.find?_replicate_eq_none, Classical.or_iff_not_imp_left]
 
 @[simp] theorem find?_mkArray_eq_some {n : Nat} {a b : α} {p : α → Bool} :
     (mkArray n a).find? p = some b ↔ n ≠ 0 ∧ p a ∧ a = b := by
-  simp [mkArray_eq_toArray_replicate]
+  simp [← List.toArray_replicate]
 
 @[simp] theorem get_find?_mkArray (n : Nat) (a : α) (p : α → Bool) (h) :
     ((mkArray n a).find? p).get h = a := by
-  simp [mkArray_eq_toArray_replicate]
+  simp [← List.toArray_replicate]
+
+theorem find?_pmap {P : α → Prop} (f : (a : α) → P a → β) (xs : Array α)
+    (H : ∀ (a : α), a ∈ xs → P a) (p : β → Bool) :
+    (xs.pmap f H).find? p = (xs.attach.find? (fun ⟨a, m⟩ => p (f a (H a m)))).map fun ⟨a, m⟩ => f a (H a m) := by
+  simp only [pmap_eq_map_attach, find?_map]
+  rfl
 
 end Array

src/Init/Data/Array/InsertionSort.lean

@@ -6,7 +6,7 @@ Authors: Leonardo de Moura
 prelude
 import Init.Data.Array.Basic
 
-@[inline] def Array.insertionSort (a : Array α) (lt : α → α → Bool) : Array α :=
+@[inline] def Array.insertionSort (a : Array α) (lt : α → α → Bool := by exact (· < ·)) : Array α :=
   traverse a 0 a.size
 where
   @[specialize] traverse (a : Array α) (i : Nat) (fuel : Nat) : Array α :=
@@ -23,6 +23,6 @@ where
     | j'+1 =>
       have h' : j' < a.size := by subst j; exact Nat.lt_trans (Nat.lt_succ_self _) h
       if lt a[j] a[j'] then
-        swapLoop (a.swap ⟨j, h⟩ ⟨j', h'⟩) j' (by rw [size_swap]; assumption; done)
+        swapLoop (a.swap j j') j' (by rw [size_swap]; assumption; done)
       else
         a

src/Init/Data/Array/Lex.lean

@@ -0,0 +1,8 @@
+/-
+Copyright (c) 2024 Lean FRO. All rights reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Author: Kim Morrison
+-/
+prelude
+import Init.Data.Array.Lex.Basic
+import Init.Data.Array.Lex.Lemmas

src/Init/Data/Array/Lex/Basic.lean

@@ -0,0 +1,30 @@
+/-
+Copyright (c) 2024 Lean FRO. All rights reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Author: Kim Morrison
+-/
+prelude
+import Init.Data.Array.Basic
+import Init.Data.Nat.Lemmas
+import Init.Data.Range
+
+namespace Array
+
+/--
+Lexicographic comparator for arrays.
+
+`lex as bs lt` is true if
+- `bs` is larger than `as` and `as` is pairwise equivalent via `==` to the initial segment of `bs`, or
+- there is an index `i` such that `lt as[i] bs[i]`, and for all `j < i`, `as[j] == bs[j]`.
+-/
+def lex [BEq α] (as bs : Array α) (lt : α → α → Bool := by exact (· < ·)) : Bool := Id.run do
+  for h : i in [0 : min as.size bs.size] do
+    -- TODO: `omega` should be able to find this itself.
+    have : i < min as.size bs.size := Membership.get_elem_helper h rfl
+    if lt as[i] bs[i] then
+      return true
+    else if as[i] != bs[i] then
+      return false
+  return as.size < bs.size
+
+end Array

src/Init/Data/Array/Lex/Lemmas.lean

@@ -0,0 +1,281 @@
+/-
+Copyright (c) 2024 Lean FRO. All rights reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Author: Kim Morrison
+-/
+prelude
+import Init.Data.Array.Lemmas
+import Init.Data.List.Lex
+
+namespace Array
+
+/-! ### Lexicographic ordering -/
+
+@[simp] theorem _root_.List.lt_toArray [LT α] (l₁ l₂ : List α) : l₁.toArray < l₂.toArray ↔ l₁ < l₂ := Iff.rfl
+@[simp] theorem _root_.List.le_toArray [LT α] (l₁ l₂ : List α) : l₁.toArray ≤ l₂.toArray ↔ l₁ ≤ l₂ := Iff.rfl
+
+@[simp] theorem lt_toList [LT α] (l₁ l₂ : Array α) : l₁.toList < l₂.toList ↔ l₁ < l₂ := Iff.rfl
+@[simp] theorem le_toList [LT α] (l₁ l₂ : Array α) : l₁.toList ≤ l₂.toList ↔ l₁ ≤ l₂ := Iff.rfl
+
+protected theorem not_lt_iff_ge [LT α] (l₁ l₂ : List α) : ¬ l₁ < l₂ ↔ l₂ ≤ l₁ := Iff.rfl
+protected theorem not_le_iff_gt [DecidableEq α] [LT α] [DecidableLT α] (l₁ l₂ : List α) :
+    ¬ l₁ ≤ l₂ ↔ l₂ < l₁ :=
+  Decidable.not_not
+
+@[simp] theorem lex_empty [BEq α] {lt : α → α → Bool} (l : Array α) : l.lex #[] lt = false := by
+  simp [lex, Id.run]
+
+@[simp] theorem singleton_lex_singleton [BEq α] {lt : α → α → Bool} : #[a].lex #[b] lt = lt a b := by
+  simp only [lex, List.getElem_toArray, List.getElem_singleton]
+  cases lt a b <;> cases a != b <;> simp [Id.run]
+
+private theorem cons_lex_cons [BEq α] {lt : α → α → Bool} {a b : α} {xs ys : Array α} :
+     (#[a] ++ xs).lex (#[b] ++ ys) lt =
+       (lt a b || a == b && xs.lex ys lt) := by
+  simp only [lex, Id.run]
+  simp only [Std.Range.forIn'_eq_forIn'_range', size_append, size_toArray, List.length_singleton,
+    Nat.add_comm 1]
+  simp [Nat.add_min_add_right, List.range'_succ, getElem_append_left, List.range'_succ_left,
+    getElem_append_right]
+  cases lt a b
+  · rw [bne]
+    cases a == b <;> simp
+  · simp
+
+@[simp] theorem _root_.List.lex_toArray [BEq α] (lt : α → α → Bool) (l₁ l₂ : List α) :
+    l₁.toArray.lex l₂.toArray lt = l₁.lex l₂ lt := by
+  induction l₁ generalizing l₂ with
+  | nil => cases l₂ <;> simp [lex, Id.run]
+  | cons x l₁ ih =>
+    cases l₂ with
+    | nil => simp [lex, Id.run]
+    | cons y l₂ =>
+      rw [List.toArray_cons, List.toArray_cons y, cons_lex_cons, List.lex, ih]
+
+@[simp] theorem lex_toList [BEq α] (lt : α → α → Bool) (l₁ l₂ : Array α) :
+    l₁.toList.lex l₂.toList lt = l₁.lex l₂ lt := by
+  cases l₁ <;> cases l₂ <;> simp
+
+protected theorem lt_irrefl [LT α] [Std.Irrefl (· < · : α → α → Prop)] (l : Array α) : ¬ l < l :=
+  List.lt_irrefl l.toList
+
+instance ltIrrefl [LT α] [Std.Irrefl (· < · : α → α → Prop)] : Std.Irrefl (α := Array α) (· < ·) where
+  irrefl := Array.lt_irrefl
+
+@[simp] theorem not_lt_empty [LT α] (l : Array α) : ¬ l < #[] := List.not_lt_nil l.toList
+@[simp] theorem empty_le [LT α] (l : Array α) : #[] ≤ l := List.nil_le l.toList
+
+@[simp] theorem le_empty [LT α] (l : Array α) : l ≤ #[] ↔ l = #[] := by
+  cases l
+  simp
+
+@[simp] theorem empty_lt_push [LT α] (l : Array α) (a : α) : #[] < l.push a := by
+  rcases l with (_ | ⟨x, l⟩) <;> simp
+
+protected theorem le_refl [LT α] [i₀ : Std.Irrefl (· < · : α → α → Prop)] (l : Array α) : l ≤ l :=
+  List.le_refl l.toList
+
+instance [LT α] [Std.Irrefl (· < · : α → α → Prop)] : Std.Refl (· ≤ · : Array α → Array α → Prop) where
+  refl := Array.le_refl
+
+protected theorem lt_trans [LT α]
+    [i₁ : Trans (· < · : α → α → Prop) (· < ·) (· < ·)]
+    {l₁ l₂ l₃ : Array α} (h₁ : l₁ < l₂) (h₂ : l₂ < l₃) : l₁ < l₃ :=
+  List.lt_trans h₁ h₂
+
+instance [LT α] [Trans (· < · : α → α → Prop) (· < ·) (· < ·)] :
+    Trans (· < · : Array α → Array α → Prop) (· < ·) (· < ·) where
+  trans h₁ h₂ := Array.lt_trans h₁ h₂
+
+protected theorem lt_of_le_of_lt [DecidableEq α] [LT α] [DecidableLT α]
+    [i₀ : Std.Irrefl (· < · : α → α → Prop)]
+    [i₁ : Std.Asymm (· < · : α → α → Prop)]
+    [i₂ : Std.Antisymm (¬ · < · : α → α → Prop)]
+    [i₃ : Trans (¬ · < · : α → α → Prop) (¬ · < ·) (¬ · < ·)]
+    {l₁ l₂ l₃ : Array α} (h₁ : l₁ ≤ l₂) (h₂ : l₂ < l₃) : l₁ < l₃ :=
+  List.lt_of_le_of_lt h₁ h₂
+
+protected theorem le_trans [DecidableEq α] [LT α] [DecidableLT α]
+    [Std.Irrefl (· < · : α → α → Prop)]
+    [Std.Asymm (· < · : α → α → Prop)]
+    [Std.Antisymm (¬ · < · : α → α → Prop)]
+    [Trans (¬ · < · : α → α → Prop) (¬ · < ·) (¬ · < ·)]
+    {l₁ l₂ l₃ : Array α} (h₁ : l₁ ≤ l₂) (h₂ : l₂ ≤ l₃) : l₁ ≤ l₃ :=
+  fun h₃ => h₁ (Array.lt_of_le_of_lt h₂ h₃)
+
+instance [DecidableEq α] [LT α] [DecidableLT α]
+    [Std.Irrefl (· < · : α → α → Prop)]
+    [Std.Asymm (· < · : α → α → Prop)]
+    [Std.Antisymm (¬ · < · : α → α → Prop)]
+    [Trans (¬ · < · : α → α → Prop) (¬ · < ·) (¬ · < ·)] :
+    Trans (· ≤ · : Array α → Array α → Prop) (· ≤ ·) (· ≤ ·) where
+  trans h₁ h₂ := Array.le_trans h₁ h₂
+
+protected theorem lt_asymm [LT α]
+    [i : Std.Asymm (· < · : α → α → Prop)]
+    {l₁ l₂ : Array α} (h : l₁ < l₂) : ¬ l₂ < l₁ := List.lt_asymm h
+
+instance [DecidableEq α] [LT α] [DecidableLT α]
+    [Std.Asymm (· < · : α → α → Prop)] :
+    Std.Asymm (· < · : Array α → Array α → Prop) where
+  asymm _ _ := Array.lt_asymm
+
+protected theorem le_total [DecidableEq α] [LT α] [DecidableLT α]
+    [i : Std.Total (¬ · < · : α → α → Prop)] (l₁ l₂ : Array α) : l₁ ≤ l₂ ∨ l₂ ≤ l₁ :=
+  List.le_total _ _
+
+@[simp] protected theorem not_lt [LT α]
+    {l₁ l₂ : Array α} : ¬ l₁ < l₂ ↔ l₂ ≤ l₁ := Iff.rfl
+
+@[simp] protected theorem not_le [DecidableEq α] [LT α] [DecidableLT α]
+    {l₁ l₂ : Array α} : ¬ l₂ ≤ l₁ ↔ l₁ < l₂ := Decidable.not_not
+
+protected theorem le_of_lt [DecidableEq α] [LT α] [DecidableLT α]
+    [i : Std.Total (¬ · < · : α → α → Prop)]
+    {l₁ l₂ : Array α} (h : l₁ < l₂) : l₁ ≤ l₂ :=
+  List.le_of_lt h
+
+protected theorem le_iff_lt_or_eq [DecidableEq α] [LT α] [DecidableLT α]
+    [Std.Irrefl (· < · : α → α → Prop)]
+    [Std.Antisymm (¬ · < · : α → α → Prop)]
+    [Std.Total (¬ · < · : α → α → Prop)]
+    {l₁ l₂ : Array α} : l₁ ≤ l₂ ↔ l₁ < l₂ ∨ l₁ = l₂ := by
+  simpa using List.le_iff_lt_or_eq (l₁ := l₁.toList) (l₂ := l₂.toList)
+
+instance [DecidableEq α] [LT α] [DecidableLT α]
+    [Std.Total (¬ · < · : α → α → Prop)] :
+    Std.Total (· ≤ · : Array α → Array α → Prop) where
+  total := Array.le_total
+
+@[simp] theorem lex_eq_true_iff_lt [DecidableEq α] [LT α] [DecidableLT α]
+    {l₁ l₂ : Array α} : lex l₁ l₂ = true ↔ l₁ < l₂ := by
+  cases l₁
+  cases l₂
+  simp
+
+@[simp] theorem lex_eq_false_iff_ge [DecidableEq α] [LT α] [DecidableLT α]
+    {l₁ l₂ : Array α} : lex l₁ l₂ = false ↔ l₂ ≤ l₁ := by
+  cases l₁
+  cases l₂
+  simp [List.not_lt_iff_ge]
+
+instance [DecidableEq α] [LT α] [DecidableLT α] : DecidableLT (Array α) :=
+  fun l₁ l₂ => decidable_of_iff (lex l₁ l₂ = true) lex_eq_true_iff_lt
+
+instance [DecidableEq α] [LT α] [DecidableLT α] : DecidableLE (Array α) :=
+  fun l₁ l₂ => decidable_of_iff (lex l₂ l₁ = false) lex_eq_false_iff_ge
+
+/--
+`l₁` is lexicographically less than `l₂` if either
+- `l₁` is pairwise equivalent under `· == ·` to `l₂.take l₁.size`,
+  and `l₁` is shorter than `l₂` or
+- there exists an index `i` such that
+  - for all `j < i`, `l₁[j] == l₂[j]` and
+  - `l₁[i] < l₂[i]`
+-/
+theorem lex_eq_true_iff_exists [BEq α] (lt : α → α → Bool) :
+    lex l₁ l₂ lt = true ↔
+      (l₁.isEqv (l₂.take l₁.size) (· == ·) ∧ l₁.size < l₂.size) ∨
+        (∃ (i : Nat) (h₁ : i < l₁.size) (h₂ : i < l₂.size),
+          (∀ j, (hj : j < i) →
+            l₁[j]'(Nat.lt_trans hj h₁) == l₂[j]'(Nat.lt_trans hj h₂)) ∧ lt l₁[i] l₂[i]) := by
+  cases l₁
+  cases l₂
+  simp [List.lex_eq_true_iff_exists]
+
+/--
+`l₁` is *not* lexicographically less than `l₂`
+(which you might think of as "`l₂` is lexicographically greater than or equal to `l₁`"") if either
+- `l₁` is pairwise equivalent under `· == ·` to `l₂.take l₁.length` or
+- there exists an index `i` such that
+  - for all `j < i`, `l₁[j] == l₂[j]` and
+  - `l₂[i] < l₁[i]`
+
+This formulation requires that `==` and `lt` are compatible in the following senses:
+- `==` is symmetric
+  (we unnecessarily further assume it is transitive, to make use of the existing typeclasses)
+- `lt` is irreflexive with respect to `==` (i.e. if `x == y` then `lt x y = false`
+- `lt` is asymmmetric  (i.e. `lt x y = true → lt y x = false`)
+- `lt` is antisymmetric with respect to `==` (i.e. `lt x y = false → lt y x = false → x == y`)
+-/
+theorem lex_eq_false_iff_exists [BEq α] [PartialEquivBEq α] (lt : α → α → Bool)
+    (lt_irrefl : ∀ x y, x == y → lt x y = false)
+    (lt_asymm : ∀ x y, lt x y = true → lt y x = false)
+    (lt_antisymm : ∀ x y, lt x y = false → lt y x = false → x == y) :
+    lex l₁ l₂ lt = false ↔
+      (l₂.isEqv (l₁.take l₂.size) (· == ·)) ∨
+        (∃ (i : Nat) (h₁ : i < l₁.size) (h₂ : i < l₂.size),
+          (∀ j, (hj : j < i) →
+            l₁[j]'(Nat.lt_trans hj h₁) == l₂[j]'(Nat.lt_trans hj h₂)) ∧ lt l₂[i] l₁[i]) := by
+  cases l₁
+  cases l₂
+  simp_all [List.lex_eq_false_iff_exists]
+
+protected theorem lt_iff_exists [DecidableEq α] [LT α] [DecidableLT α] {l₁ l₂ : Array α} :
+    l₁ < l₂ ↔
+      (l₁ = l₂.take l₁.size ∧ l₁.size < l₂.size) ∨
+        (∃ (i : Nat) (h₁ : i < l₁.size) (h₂ : i < l₂.size),
+          (∀ j, (hj : j < i) →
+            l₁[j]'(Nat.lt_trans hj h₁) = l₂[j]'(Nat.lt_trans hj h₂)) ∧ l₁[i] < l₂[i]) := by
+  cases l₁
+  cases l₂
+  simp [List.lt_iff_exists]
+
+protected theorem le_iff_exists [DecidableEq α] [LT α] [DecidableLT α]
+    [Std.Irrefl (· < · : α → α → Prop)]
+    [Std.Asymm (· < · : α → α → Prop)]
+    [Std.Antisymm (¬ · < · : α → α → Prop)] {l₁ l₂ : Array α} :
+    l₁ ≤ l₂ ↔
+      (l₁ = l₂.take l₁.size) ∨
+        (∃ (i : Nat) (h₁ : i < l₁.size) (h₂ : i < l₂.size),
+          (∀ j, (hj : j < i) →
+            l₁[j]'(Nat.lt_trans hj h₁) = l₂[j]'(Nat.lt_trans hj h₂)) ∧ l₁[i] < l₂[i]) := by
+  cases l₁
+  cases l₂
+  simp [List.le_iff_exists]
+
+theorem append_left_lt [LT α] {l₁ l₂ l₃ : Array α} (h : l₂ < l₃) :
+    l₁ ++ l₂ < l₁ ++ l₃ := by
+  cases l₁
+  cases l₂
+  cases l₃
+  simpa using List.append_left_lt h
+
+theorem append_left_le [DecidableEq α] [LT α] [DecidableLT α]
+    [Std.Irrefl (· < · : α → α → Prop)]
+    [Std.Asymm (· < · : α → α → Prop)]
+    [Std.Antisymm (¬ · < · : α → α → Prop)]
+    {l₁ l₂ l₃ : Array α} (h : l₂ ≤ l₃) :
+    l₁ ++ l₂ ≤ l₁ ++ l₃ := by
+  cases l₁
+  cases l₂
+  cases l₃
+  simpa using List.append_left_le h
+
+theorem le_append_left [LT α] [Std.Irrefl (· < · : α → α → Prop)]
+    {l₁ l₂ : Array α} : l₁ ≤ l₁ ++ l₂ := by
+  cases l₁
+  cases l₂
+  simpa using List.le_append_left
+
+protected theorem map_lt [LT α] [LT β]
+    {l₁ l₂ : Array α} {f : α → β} (w : ∀ x y, x < y → f x < f y) (h : l₁ < l₂) :
+    map f l₁ < map f l₂ := by
+  cases l₁
+  cases l₂
+  simpa using List.map_lt w h
+
+protected theorem map_le [DecidableEq α] [LT α] [DecidableLT α] [DecidableEq β] [LT β] [DecidableLT β]
+    [Std.Irrefl (· < · : α → α → Prop)]
+    [Std.Asymm (· < · : α → α → Prop)]
+    [Std.Antisymm (¬ · < · : α → α → Prop)]
+    [Std.Irrefl (· < · : β → β → Prop)]
+    [Std.Asymm (· < · : β → β → Prop)]
+    [Std.Antisymm (¬ · < · : β → β → Prop)]
+    {l₁ l₂ : Array α} {f : α → β} (w : ∀ x y, x < y → f x < f y) (h : l₁ ≤ l₂) :
+    map f l₁ ≤ map f l₂ := by
+  cases l₁
+  cases l₂
+  simpa using List.map_le w h
+
+end Array