Set Implicit Arguments.
Set Contextual Implicit.

Require Import Utf8.
Require Export Relation_Definitions.
Require Import Sets.Ensembles.
Require Import EF.Categories.
Require Import EF.EvidencedFrames.
Require Import EF.ImplicativeAlgebras.

Section UEF.
  Context `{IA:ImplicativeAlgebra}.

  Definition IAPROP:=X.
  Definition IAEvidence:= {x :X | separator x }.
  Definition GetEvidence:IAEvidence -> X:=fun x => proj1_sig x.
  Coercion GetEvidence: IAEvidence >-> X.
  Notation "ι( x )":=(GetEvidence x).

  Definition realizes: IAPROP -> IAEvidence -> IAPROP -> Prop:=
    fun φ e θ => ι(e) ≤ arrow φ θ.


  Notation "e ⊩ φ1 ⇒ φ2":=(realizes φ1 e φ2) (at level 50).

  Lemma beta_sep: forall f a, (λ- f) ∈ʆ → a∈ʆ → f a ∈ʆ.
  Proof.
    intros f a Hf Ha.
    eapply up_closed.
    apply betarule.
    apply app_closed;assumption.
  Qed.

  Notation "[ t ] u":= (@trm_app X (t) u ) (at level 69, right associativity).
  Notation "$ n":= (@trm_bvar X n) (at level 69, right associativity).
  Notation "λ+ t":= (@lam X 0 t) (at level 69, right associativity).

  Notation "[ n ~> a ] t":=(@sub X t n a) (at level 69).

  Notation "a × b":=(prodt a b) (at level 69).
  Notation "[∀] a":=(forallt a) (at level 69).

   Ltac autoev:=
    repeat(
        match goal with
          | x:Evidence |- _ => destruct x as (x,?H)
        end
      );simpl.

  Ltac trm_sep:= repeat apply app_closed;try apply sep_S;try apply sep_K.
  Ltac realizer t:=
        apply up_closed with (translate t);[|trm_sep].

  Ltac rw_sub:=repeat (repeat rewrite sub_lam;repeat rewrite sub_app);
    repeat rewrite sub_eq; repeat (rewrite sub_neq;[|auto]);repeat rewrite sub_cste.

  Ltac rw_translate:=
    repeat (repeat rewrite translate_app;repeat rewrite translate_cvar).

  Ltac try_beta:= auto_meet_intro;
                  try (apply adj_imp; eapply ord_trans;[apply translate_beta|]; rw_sub;rw_translate).

  Ltac auto_real:= repeat try_beta; simpl; adjunction_mon.

  Ltac insep a:= destruct a; simpl;assumption.

  Definition id:IAEvidence:=
    exist _ Id sep_Id.

  Lemma ax_id: forall (φ:IAPROP), id ⊩ φ ⇒ φ.
  Proof.
    intros φ.
    auto_meet_elim_trans.
  Qed.

  Program Definition comp (a b:IAEvidence):IAEvidence := exist _ (λ- (fun (x:X) => ι(b) @(ι(a)@x))) _.
  Obligation Tactic := intros a b.
  Next Obligation.
    apply (beta_sep (fun y => λ- (fun x => ι(b)@(y@x))) a);try assumption.
    apply (beta_sep (fun z => λ- (fun y => λ- (fun x => z@(y@x)))) b);try assumption.
    realizer (λ+ λ+ λ+ ([$2] ([$1] $0))).
    auto_real. intros. now apply adjunction.
    insep b. insep a.
  Qed.

  Lemma ax_comp: forall φ1 φ2 φ3 : IAPROP, forall e12 e23 : IAEvidence,
        e12 ⊩ φ1 ⇒ φ2 -> e23 ⊩ φ2 ⇒ φ3 → (comp e12 e23) ⊩ φ1 ⇒ φ3.
  Proof.
    intros φ1 φ2 φ3 e12 e23 H12 H23.
    apply adjunction,beta_red,adjunction.
    transitivity (arrow φ2 φ3).
    exact H23.
    apply arrow_mon_l.
    now apply adjunction.
  Qed.

  Definition top_φ:IAPROP:=top.
  Definition tt:IAEvidence:=id.

  Lemma ax_true : forall φ : IAPROP, tt ⊩ φ ⇒ top_φ.
  Proof.
    intros φ.
    auto_meet_elim_trans.
    apply arrow_mon_r.
    apply top_max.
  Qed.

  Definition bot_φ : IAPROP:=bot.
  Definition ff : IAEvidence:=id.

  Lemma ax_false : forall φ : IAPROP, ff ⊩ bot_φ ⇒ φ.
  Proof.
    intros φ.
    auto_meet_elim_trans.
    apply arrow_mon_l.
    apply bot_min.
  Qed.

  Definition and_φ := fun x y => x × y.
  Program Definition paire (a b : IAEvidence) : IAEvidence := exist _ (λ- (fun z:X => pair (ι(a)@z) (ι(b)@z))) _.
  Next Obligation.
    apply (beta_sep (fun y=>λ- (λ z : X, pair (ι(a) @ z) (y @ z))) ι(b));intuition.
    apply (beta_sep (fun x => λ-(fun y=>λ- (λ z : X, pair (x @ z) (y @ z)))) a);intuition.
    realizer (λ+ λ+ λ+ λ+ ([[$0] ([$3] $1)] ([$2] $1))).
    auto_real. intros; now apply adjunction.
    insep a. insep b.
  Qed.

  Obligation Tactic := idtac.
  Program Definition fste : IAEvidence := exist _ (λ-(fun x => x @ proj1)) _.
  Next Obligation.
    realizer (λ+ [$0] (λ+ λ+ $1)).
    try_beta. apply app_mon_r;auto_real.
  Qed.

  Program Definition snde : IAEvidence := exist _ (λ-(fun x => x @ proj2)) _.
  Next Obligation.
    realizer (λ+ [$0] (λ+ λ+ $0)).
    try_beta. apply app_mon_r;auto_real.
  Qed.

  Lemma intro_and : forall φ φ1 φ2 e1 e2,
        e1 ⊩ φ ⇒ φ1 -> e2 ⊩ φ ⇒ φ2 → (paire e1 e2) ⊩ φ ⇒ (and_φ φ1 φ2).
  Proof.
    intros φ φ1 φ2 (e1,S1) (e2,S2) H1 H2.
    apply adjunction,beta_red,type_pair;now apply adjunction.
  Qed.

  Lemma elim1_and : forall φ1 φ2 : IAPROP, fste ⊩ (and_φ φ1 φ2) ⇒ φ1 .
  Proof.
    intros φ1 φ2.
    now apply adjunction,beta_red,(type_proj1 _ φ2).
  Qed.

  Lemma elim2_and : forall φ1 φ2 : IAPROP, snde ⊩ (and_φ φ1 φ2) ⇒ φ2 .
  Proof.
    intros φ1 φ2.
    now apply adjunction,beta_red,(type_proj2 φ1).
  Qed.

  Definition imp_φ : IAPROP -> (IAPROP -> Prop) -> IAPROP:=
    fun x y => arrow x (meet_set y).

  (* a x b ↦ e   => a ↦ b ↦ c*)
  Program Definition lambdae (x : IAEvidence) : IAEvidence := exist _ (λ- (fun x1 => λ- (fun x2 => (proj1_sig x)@(pair x1 x2)))) _.
  Next Obligation.
   intros (x,Hx).
   apply (beta_sep (fun x => λ- (λ x1 : X, λ- (λ x2 : X, x @ pair x1 x2))) x);intuition.
   realizer (λ+ λ+ λ+ ([$2] (λ+ [[$0] $2] $1 ))).
   do 3 try_beta;subst. apply app_mon_r;auto_real. intros;now apply adjunction.
  Qed.

  (* ((a↦b) x a)↦ b*)
  Program Definition evale : IAEvidence := exist _ (λ- (fun x => x@(λ- (fun y => λ- (fun z => z@y))))) _.
  Next Obligation.
    realizer (λ+ [$0] λ+ λ+ [$0] $1).
    try_beta;subst. apply app_mon_r;auto_real. intros;now apply adjunction.
  Qed.


  Lemma intro_imp : forall (φ φ1: IAPROP) (φ':IAPROP → Prop), forall e : IAEvidence,
        (forall (φ2:IAPROP), φ' φ2 → e ⊩ (and_φ φ φ1) ⇒ φ2) -> lambdae e ⊩ φ ⇒ (imp_φ φ1 φ').
  Proof.
    intros φ φ1 φ' (e,S) H.
    apply adjunction,beta_red; auto_meet_elim_trans.
    apply arrow_mon_r. apply meet_intro.
    intros ψ Phi; apply adjunction.
    transitivity (arrow (and_φ φ φ1) ψ).
    - now apply H.
    - now apply arrow_mon_l, type_pair.
  Qed.

  Lemma elim_imp : forall (φ1:IAPROP) (φ:IAPROP→Prop) (φ2 : IAPROP),
      φ φ2 → evale ⊩ (and_φ φ1 (imp_φ φ1 φ)) ⇒ φ2.
  Proof.
    intros φ φ1 φ2 Phi.
    apply adjunction,beta_red,adjunction.
    auto_meet_elim_trans.
    apply arrow_mon_l.
    do 2 (apply adjunction,beta_red).
    apply adjunction,arrow_mon_r.
    now apply meet_elim.
  Qed.

  Definition UEF :=
    evidenced_frame IAPROP IAEvidence realizes top_φ and_φ imp_φ
            (ex_intro _ id ax_id) (ex_intro _ comp ax_comp) (ex_intro _ tt ax_true)
            (ex_intro _ paire intro_and) (ex_intro _ fste elim1_and) (ex_intro _ snde elim2_and)
            (ex_intro _ lambdae intro_imp) (ex_intro _ evale elim_imp).


End UEF.

Definition uef (A : ImplicativeAlgebraObject) : EvidencedFrame
:= @UEF (IASet A) (IAOrder A) (IALattice A) (IAStructure A) (IAAlgebra A).

Program Definition uef_morphism {int : Prop} {A1 A2 : ImplicativeAlgebraObject} (F : ImplicativeAlgebraMorphism int A1 A2) : EvidencedFrameMorphism int (uef A1) (uef A2)
  := evidenced_frame_morphism int (uef A1) (uef A2) (IAMap F) _ _ _ _ _.
Next Obligation.
  destruct F;simpl in *. rename IAMap into F.
  destruct e1 as (e,He).
  pose (id:=(@Id _ _ _ (IAStructure A1)) ).
  specialize (iambinary id sep_Id).
  pose (s:=(IAapp ( ⊓ (λ a2 : IASet A2,
                    ∃ a1 a1' a1'' : IASet A1,
                      IAOrd A1 id (a1 ↦ a1' ↦ a1'') ∧ F a1 ↦ F a1' ↦ F a1'' = a2)) (F e))).
  assert (Hs:IASeparator A2 s).
  apply app_closed;[apply iambinary|apply (iamsep _ He)].
  exists (exist _ s Hs).
  intros a b H.
  unfold realizes in *;simpl in *.
  apply adj_app.
  apply meet_elim.
  exists e;exists a;exists b;split;trivial.
  transitivity (e ↦ e);[apply meet_elim;exists e;trivial| apply arrow_mon_r,H].
Qed.
Next Obligation.
  pose (top:= (@top _ _ (IALattice A1))).
  assert (unary:=(iamunary F (⊓ emptyset ↦ top))).
  destruct F;simpl in *. rename IAMap into F.
  pose (a:= ⊓ (λ a2 : IASet A2,
              ∃ a1 a1' : IASet A1,
                IAOrd A1 ((⊓ emptyset) ↦ top) (a1 ↦ a1') ∧ F a1 ↦ F a1' = a2)).

  pose (b:= (⊓ (λ a2 : IASet A2,
                  ∃ as1 : IASet A1 → Prop,
                    (⊓ (λ a3 : IASet A2, exists2 a1 : IASet A1, as1 a1 & F a1 = a3)) ↦ F (⊓ as1) = a2))).
  pose (s:=(IAapp (IAapp (IAabs (fun y => IAabs (fun z => IAabs (fun x:IASet A2 => IAapp y (IAapp z x))))) a ) b)).
  pose (id:=(@Id _ _ _ (IAStructure A1)) ).
  assert (Hs: IASeparator _ s).
  1:{
    repeat (apply app_closed);trivial.
    realizer (λ[A2]+ λ+ λ+ ([$2] ([$1] $0))).
    apply unary. apply up_closed with id;[|apply sep_Id].
    transitivity (top ↦ top);[apply meet_elim;exists top;reflexivity|apply arrow_mon_l,top_max].
  }
  exists (exist _ s Hs).
  do 3 (apply adjunction, beta_red).
  apply adjunction.
  transitivity ((F (⊓ emptyset)) ↦ (F top)).
  apply meet_elim. do 2 eexists;split;reflexivity.
  apply arrow_mon_l,adjunction.
  transitivity ((⊓ (λ a3 : IASet A2, exists2 a1 : IASet A1,emptyset a1 & F a1 = a3)) ↦ F (⊓ emptyset)).
  apply meet_elim. exists emptyset;split;reflexivity.
  apply arrow_mon_l.
  apply meet_intro. intros x (z,Ha,Hx). contradict Ha.
Qed.
Next Obligation.
  simpl.
  assert (Unary:=iamunary_real F).
  destruct F;simpl in *. rename IAMap into F.
  pose (sarr:= (⊓ (λ a2 : IASet A2, ∃ a1 a1' : IASet A1, (F a1 ↦ F a1') ↦ F (a1 ↦ a1') = a2))).
  pose (sarr':=(⊓ (λ a2 : IASet A2, ∃ a1 a1' : IASet A1, F (a1 ↦ a1') ↦ F a1 ↦ F a1' = a2))).
  pose (smeet:=( (⊓ (λ a2 : IASet A2, ∃ as1 : IASet A1 → Prop,
    (⊓ (λ a3 : IASet A2, exists2 a1 : IASet A1, as1 a1 & F a1 = a3)) ↦ F (⊓ as1) = a2)))).
  pose (t:= IAapp (IAapp (IAapp (IAabs (fun sarr => (IAabs (fun smeet => IAabs (fun sarr'=> IAabs (fun x => IAapp x (IAabs (fun x1 => IAabs (fun x2 => IAapp smeet (IAapp sarr(IAabs (fun x =>
             (IAapp (IAapp sarr' (IAapp (IAapp sarr' x) x1 )) x2))))))))))))) sarr) smeet) sarr').
  assert (IASeparator A2 t).
  - repeat (apply app_closed);try assumption.
    realizer (λ[A2]+ λ+ λ+ λ+ ([$0] (λ+ λ+ ([$4] ([$5] (λ+ ([[$4] ([([$4] $0)] $2)] $1 ))))))).
  - exists (exist _ t H). intros p1 p2.
    do 2 (apply adj_app).
    do 3 (apply beta_red,adj_imp).
    apply beta_red.
    apply adj_app. auto_meet_elim_risky.
    apply arrow_mon_l.
    apply adj_imp,beta_red,adj_imp,beta_red.
    apply adj_app. auto_meet_elim_trans. apply arrow_mon_l.
    auto_meet_intro. intros y (a,(c,Hc),Ha);subst.
    apply adj_app.
    transitivity (( F (p1 ↦ p2 ↦ c) ↦ F c) ↦ (F ((p1 ↦ p2 ↦ c )↦ c))).
    auto_meet_elim_risky. eexists;reflexivity.
    apply arrow_mon_l.
    apply adj_imp,beta_red,adj_app,adj_app.
    transitivity ((F ( p2 ↦ c)) ↦ ((F p2)↦ (F c))).
    apply meet_elim;eexists;eexists. reflexivity.
    apply arrow_mon_l,adj_app,adj_app.
    apply meet_elim;eexists;eexists;reflexivity.
Qed.
Next Obligation.
  assert (unary:=iamunary F _ sep_Id).
  destruct F;simpl in *. rename IAMap into F.
  pose (sarr:= (⊓ (λ a2 : IASet A2, ∃ a1 a1' : IASet A1, (F a1 ↦ F a1') ↦ F (a1 ↦ a1') = a2))).
  pose (sunary:=(⊓ (λ a2 : IASet A2, ∃ a1 a1' : IASet A1, IAOrd A1 (@Id _ _ _ (IAStructure A1)) (a1 ↦ a1') ∧ F a1 ↦ F a1' = a2))).
  pose (smeet:=( (⊓ (λ a2 : IASet A2, ∃ as1 : IASet A1 → Prop,
    (⊓ (λ a3 : IASet A2, exists2 a1 : IASet A1, as1 a1 & F a1 = a3)) ↦ F (⊓ as1) = a2)))).
  pose (t:= IAapp (IAapp (IAapp (IAabs (fun sunary => IAabs (fun smeet => IAabs (fun sarr => IAabs (fun x => IAapp sunary (IAapp smeet (IAapp sarr x) )))))) sunary) smeet) sarr).
  assert (IASeparator A2 t).
  - repeat (apply app_closed);trivial.
    realizer (λ[A2]+ λ+ λ+ λ+ ([$3] ([$2] ([$1] $0)))).
  - exists (exist _ t H). intros p1 S.
    do 2 (apply adj_app).
    do 3 (apply beta_red,adj_imp).
    apply beta_red.
    apply adj_app.
    transitivity ((F (@meet_set _ _ (IALattice A1) (fun a => exists p2, S p2 /\ a = p1 ↦ p2)))↦ (F (@imp_φ _ _ _ (IAStructure A1) p1 S))) .
    + apply meet_elim;eexists;eexists;split;[|reflexivity].
      apply adj_imp,beta_red. apply arrow_meet.
    + apply arrow_mon_l. apply adj_app.
      auto_meet_elim_trans. apply arrow_mon_l.
      auto_meet_intro. intros x (a,(x2,(H2,H1)),Hx);subst.
      apply adj_app.
      transitivity ((F p1 ↦ F x2) ↦ F(p1 ↦ x2)).
      apply meet_elim;exists p1;exists x2;reflexivity.
      apply arrow_mon_l.
      unfold imp_φ.
      eapply ord_trans;[apply arrow_meet|].
      apply meet_elim.
      eexists;split. exists x2;trivial. reflexivity.
Qed.
Next Obligation.
  simpl.
  destruct F;simpl;rename IAMap into F.
  destruct iamdense as (f,(Hf1,Hf2),Hint).
  exists f.
  - exists (exist _ _ Hf1). exists (exist _ _ Hf2).
    intros p. split;apply meet_elim;exists p;reflexivity.
  - intro Hi. destruct (Hint Hi) as (finv, Hinv1,Hinv2).
    exists finv;assumption.
Qed.

Program Definition UEFFunctor (int : Prop) : Pseudofunctor (ImplicativeAlgebraCategory int) (EvidencedFrameCategory int)
  := pseudofunctor (ImplicativeAlgebraCategory int) (EvidencedFrameCategory int) uef (@uef_morphism int) _ _ _.
Next Obligation.
  simpl in *;unfold EvidencedFrameRefines,ImplicativeAlgebraRefines in *.
  pose (e:=(⊓ (λ a2 : IASet o1', ∃ a1 : IASet o1, IAMap f1 a1 ↦ IAMap f1' a1 = a2))).
  exists (exist _ e H).
  intros;simpl.
  apply meet_elim;eexists;reflexivity.
Qed.
Next Obligation.
  split; exists (exist _ _ sep_Id);intros; apply meet_elim;eexists;reflexivity.
Qed.
Next Obligation.
  split; exists (exist _ _ sep_Id);intros; apply meet_elim;eexists;reflexivity.
Qed.
Arguments UEFFunctor : clear implicits.

Section FIA.
  Context `{EF:EvidencedFrame}.

  Definition PHI:=PROP EF.
  Definition E:=Evidence EF.
  Definition real:=Evidences EF.

  Ltac destructuniimp :=
    destruct (euniimpi EF) as (elam,Hlam);
    destruct (euniimpe EF) as (eeval,Heval).

  Ltac destructconj :=
    destruct (econji EF) as (epair,Hpair);
    destruct (econje1 EF) as (efst,Hfst);
    destruct (econje2 EF) as (esnd,Hsnd).

  Ltac destructbase :=
    destruct (eaxiom EF) as (eax,Hax);
    destruct (ecut EF) as (ecut,Hcut);
    destruct (etopi EF) as (ett,Htop).

  Ltac destructEF :=
    destructuniimp;destructconj;destructbase.

  Definition Pi (P:PHI -> Prop):PHI := euniimp EF (etop EF) P.
  Lemma ePi: exists e, forall (P:PHI -> Prop) p, P p -> real (Pi P) e p.
  Proof.
    destructEF.
    eexists. intros P p Hp.
    eapply Hcut;[|apply Heval].
    2:{exact Hp. }
    apply Hpair;[apply Htop|apply Hax].
  Qed.

  Lemma eforall: exists (efa:E -> E), forall p (P:PHI -> Prop) e, (forall p', P p' -> real p e p') -> real p (efa e) (Pi P).
  Proof.
    destructEF.
    eexists. intros p P e He.
    apply Hlam. intros p' Hp'.
    eapply Hcut;[apply Hfst|].
    now apply He.
  Qed.

  Ltac destructforall:=
    destruct ePi as (ePi, HPi);
    destruct eforall as (efa,Hfa).

  Lemma Pi_mon : exists e, forall P P', P ⊆ P'-> real (Pi P') e (Pi P).
  Proof.
    destructforall;destructbase.
    eexists;intros P P' H.
    apply Hfa;intros p' Hp'.
    apply HPi. now apply H.
  Qed.

  Notation " 'Π[' a ']' p " := ( Pi (fun x => ∃ a, x= p)) (at level 60).




  Lemma swap: exists e, forall a b, real (econj _ a b) e (econj _ b a).
  Proof.
    destructEF. eexists.
    intros a b. apply Hpair;[apply Hsnd|apply Hfst].
  Qed.

  Lemma conj_mon: ∃ f, forall a a' b b' ea eb, real a ea a' -> real b eb b' -> real (econj EF a b) (f ea eb) (econj EF a' b').
    destructbase;destructconj.
    eexists;intros a a' b b' ea eb Ha Hb.
    apply Hpair. eapply Hcut;[apply Hfst|apply Ha].
    eapply Hcut;[apply Hsnd|apply Hb].
  Qed.


  Definition singleton: PHI -> (PHI -> Prop):=
    fun a b => a = b.
  Definition imp a b:=euniimp _ a (singleton b).

  Infix "⊃":=imp (right associativity, at level 25).
  Lemma impeval: exists e, forall p1 p2 : PHI, real (econj EF p1 (imp p1 p2)) e p2.
  Proof.
    destructuniimp.
    exists eeval. intros.
    apply Heval. reflexivity.
  Qed.

  Lemma implam: exists f, forall (p1 p2 p3: PHI) e, (real (econj EF p1 p2) e p3)
        → real p1 (f e) (imp p2 p3).
  Proof.
    destructuniimp.
    exists elam. intros.
    apply Hlam. intros. rewrite <- H0. assumption.
  Qed.

  Ltac destructimp :=
    destruct (implam) as (elam,Hlam);
    destruct (impeval) as (eeval,Heval).


   Lemma impPi: exists e, forall a B, real (Pi (λ x : PHI, ∃ b , B b ∧ x = a ⊃ b))
    e (a ⊃ Pi (λ x : PHI, ∃ b , B b ∧ x = b)).
   Proof.
     destructbase; destructimp; destructforall.
     destruct conj_mon as (f,Hmon).
     destruct swap as (swap,Hswap).
     eexists; intros a B.
     apply Hlam,Hfa; intros p (b,(Hb,Hp));subst.
     eapply Hcut;[|apply Heval].
     eapply Hcut;[apply Hswap|].
     apply Hmon;[apply Hax|].
     apply HPi. exists b;split;trivial.
   Qed.

   Lemma imp_mon: ∃ f, forall a a' b b' ea eb, real a' ea a -> real b eb b' -> real (a ⊃ b) (f ea eb) (a' ⊃ b').
     destructbase;destructimp;destruct conj_mon as (emon,Hmon);destruct swap as (swap,Hswap).
     eexists;intros a a' b b' ea eb Ha Hb.
     eapply Hlam,Hcut;[|apply Hb].
     eapply Hcut;[apply Hmon;[apply Hax|apply Ha]|].
     eapply Hcut;[apply Hswap|apply Heval].
   Qed.

  (*******************************************)
  (* Definition of the Implicative structure *)
  (*******************************************)


  (* Infix "⊆":=(Included X) (at level 75). *)

  Definition subset_refl `{X:SET}:= λ (x : Ensemble X) (x0 : X) (H : In X x x0), H.
  Definition subset_antisym `{X:SET}: forall x y, x ⊆ y -> y ⊆ x -> x = y :=
    λ (x y : Ensemble X) (H : x ⊆ y) (H0 : y ⊆ x), Extensionality_Ensembles X x y (conj H H0).
  Definition subset_trans `{X:SET}: forall x y z, x ⊆ y -> y ⊆ z -> x ⊆ z :=
    λ (x y z : Ensemble X) (H : x ⊆ y) (H0 : y ⊆ z) (x0 : X) (H1 : In X x x0), H0 x0 (H x0 H1).


  Definition supset_refl `{X:SET}:= λ (x : Ensemble X) (x0 : X) (H : In X x x0), H.
  Definition supset_antisym `{X:SET} : forall x y, x ⊇ y -> y ⊇ x -> x = y :=
    λ (x y : Ensemble X) (H : y ⊆ x) (H0 : x ⊆ y), Extensionality_Ensembles X x y (conj H0 H).
  Definition supset_trans `{X:SET}: forall x y z, x ⊇ y -> y ⊇ z -> x ⊇ z :=
    λ (x y z : Ensemble X) (H : x ⊇ y) (H0 : y ⊇ z) (x0 : X) (H1 : In X z x0), H x0 (H0 x0 H1).


  Inductive A0:=
  |ax_phi : PHI -> A0
  |ax_arrow : (PHI -> Prop) -> A0 -> A0.

  Notation " P ⇀ a" := (ax_arrow P a) (at level 72).

  Inductive ord0 : A0 -> A0 -> Prop:=
  |ord0_phi : forall p, ord0 (ax_phi p) (ax_phi p)
  |ord0_arrow : forall a a' (p p':Ensemble PHI), ord0 a a' -> p ⊆ p' -> ord0 (p ⇀ a) (p' ⇀ a').

  Notation " a <0< b" := (ord0 a b) (at level 72).

  Lemma ord0_trans:
    forall a b c, a <0<b -> b<0<c -> a<0<c.
  Proof.
    intros a;induction a;intros b c Ha Hb.
    inversion Ha;subst;trivial.
    inversion Hb;subst;trivial.
    inversion Ha;subst;trivial.
    apply ord0_arrow. now apply IHa with a0.
    now apply subset_trans with p.
  Qed.

  Fixpoint injec0 (a0 : A0): PHI:=
      match a0 with
      | ax_phi p => p
      | ax_arrow P a0 => imp (Pi P) (injec0 a0)
      end.


  Definition up_closed0 (P: A0 -> Prop) :=
    forall a b, P a -> a <0< b -> P b.

  Definition A:= { P : A0 -> Prop | up_closed0 P }.

  Definition proj:A -> (A0 -> Prop):=
    fun x => proj1_sig x.

  Coercion proj: A >-> Funclass.

  Definition ordA : A → A → Prop:= supset.

  Definition injec (a:A):=
    fun x:PHI => exists y:A0, a y /\ x = injec0 y.

  Definition closure (P:PHI -> Prop):=
    fun Q:PHI-> Prop => P ⊆ Q.

  Definition prearrow0 (a b:A):A0 -> Prop :=
    fun x => exists s ß, x = (s ⇀ ß) /\ (closure (injec a)) s /\ b ß.

  Lemma prearrow0_upclosed0: forall (a b:A),
      up_closed0 (prearrow0 a b).
  Proof.
    intros (A,Ha) (B,Hb) x y (s,(ß,(Hx,(Hs,Hß)))) Hord.
    unfold prearrow0 in *.
    rewrite Hx in *.
    inversion Hord;subst.
    exists p'; exists a'; repeat split;trivial.
    - unfold closure,injec;simpl.
      apply subset_trans with s;[apply Hs|trivial].
    - simpl; now apply (Hb ß a').
  Qed.

  #[refine] Global Instance Powerset_Rev_Order : @Order A:=
    { ord := supset}.
  Proof.
    - intros P Q H. assumption.
    - intros a b c. apply supset_trans.
  Defined.


  Definition preintersection_set (B:Ensemble (A)):=
    fun (x:A0) => ∀ b, B b → b x.

  Program Definition intersection_set (S : Ensemble A) : A := exist _ (preintersection_set S) _.
  Obligation Tactic := idtac.
  Next Obligation.
    intro S.
    unfold preintersection_set in *.
    intros a b Ha Hb c H. specialize (Ha c H).
    destruct c as (c,Hc);simpl in *.
    now apply (Hc a).
  Qed.


  Definition preunion_set (B:Ensemble A) :=
    fun (x:A0) => ∃ b, B b ∧ b x.

  Program Definition union_set (S : Ensemble A) : A := exist _ (preunion_set S) _.
  Next Obligation.
    intro S.
    unfold preunion_set in *.
    intros a b (c,(Hc,Ha)) Hb.
    exists c. split;trivial.
    destruct c as (c,H);simpl in *.
    now apply (H a).
  Qed.

  Lemma intersection_set_lb :
    ∀ (S:Ensemble A) b , S b → (intersection_set S) ⊆ b.
  Proof.
    intros S b H x Hx.
    apply Hx,H.
  Qed.

  Lemma intersection_set_glb:
    ∀ (S : Ensemble A) b , (∀ c , S c → b ⊆ c) → b ⊆ (intersection_set S).
  Proof.
    intros S b H x Hx c Hc.
    apply H;assumption.
  Qed.

  Lemma union_set_ub :
    ∀ (S:Ensemble A) b , S b → b ⊆ (union_set S).
  Proof.
    intros S b H x Hx.
    exists b;split;assumption.
  Qed.

  Lemma union_set_lub :
    ∀ (S : Ensemble A) b , (∀ c , S c → c ⊆ b) → (union_set S) ⊆ b.
  Proof.
    intros S b H x [c [Hc Hx]].
    apply (H c Hc). assumption.
  Qed.

  Hint Resolve intersection_set_lb intersection_set_glb union_set_ub union_set_lub : sets.


  Global Instance Powerset_CompleteLattice: @CompleteLattice _ (Powerset_Rev_Order)
    := {meet_set:=union_set ;join_set:=intersection_set;
        meet_elim:=union_set_ub; meet_intro:=union_set_lub;
        join_elim:=intersection_set_lb; join_intro:=intersection_set_glb;
       }.

   (********************************)

  #[refine] Global Instance A_IS:
    @ImplicativeStructure _ (Powerset_Rev_Order) (Powerset_CompleteLattice):=
    { arrow := λ a b : A, exist _ (prearrow0 a b) (prearrow0_upclosed0 (b:=b))}.
  Proof.
    - intros a a' b H x (s,(ß,(Hx,(Hs,Hß)))).
      exists s;exists ß; repeat split;trivial.
      eapply subset_trans;[|apply Hs].
      intros p (y,(Hy,Hp));subst. exists y;split;trivial; now apply H.
    - intros a b b' H x (s,(ß,(Hx,(Hs,Hß)))).
      exists s; exists ß;repeat split;trivial; now apply H.
    - intros a B. split;intros x H;unfold In,prearrow0,preunion_set in *.
      + destruct H as (c,((d,(Hd,H)),Hc));subst.
        destruct Hc as (s,(ß,(Hx,(Hs,Hß)))).
        exists s;exists ß; repeat split; trivial.
        exists d;split;trivial.
      + destruct H as (s,(ß,(Hx,(Hs,(b,(Hb,Hß)))))).
         exists (exist _ (prearrow0 a b) (prearrow0_upclosed0 (b:=b)));split.
         * exists b;auto.
         * rewrite Hx;simpl. exists s;exists ß; repeat split; trivial.
  Defined.


  Definition phi: A -> PHI :=
    fun a => Pi (injec a).

  Definition valid (p:PHI) := exists e:E, real (etop EF) e p.


  Definition impval a b:= valid a -> valid b.

  Definition is_evd a b:=exists e, real a e b.
  Infix "⊢ ":=is_evd (at level 27).

  Lemma entails_impval: forall a b, a ⊢ b -> impval a b.
  Proof.
    intros a b (e,H) (ea,Ha).
    destructbase.
    exists (ecut ea e).
    eapply Hcut;[apply Ha|apply H].
  Qed.

  Ltac step Hcut a:= eapply (Hcut _ a).

  Lemma injec0_mon: forall a b, a <0< b -> ∃ e,real (injec0 a) e (injec0 b).
  Proof.
    destructEF. destruct imp_mon as (emon,Hmon),Pi_mon as (ePi,HPi).
    intros.
    induction H.
    eexists;intros.
    - apply Hax.
    - destruct IHord0. eexists. simpl.
      apply Hmon. now apply HPi.
      apply H1.
  Qed.


  Lemma injec_mon: forall a b, a ≤ b -> (injec b) ⊆ (injec a).
  Proof.
     intros a b H x (y,(Hy,Hx)).
     exists y. split;trivial.
     apply (H y Hy).
  Qed.

   Lemma phi_mon: exists e, forall a b, a ≤ b -> real (phi a) e (phi b).
     destructuniimp. destructbase. destruct swap as (eswap,Hswap).
     eexists. intros a b H.
     apply Hlam. intros.
     eapply Hcut. apply Hswap. apply Heval.
     now apply (injec_mon H).
   Qed.


  Lemma phi_Pi: ∃ e, forall B , real (phi (meet_set B)) e (Pi (fun x=> exists a, B a /\ x=phi a )).
  Proof.
    destructEF;destructforall;destruct phi_mon as (emon,Hmon).
    eexists. intros;apply Hfa;intros p [a [Ha Hp]];subst.
    apply Hmon. now apply meet_elim.
  Qed.

  Definition presing a:=fun (x:A0) => a <0< x.
  Program Definition sing (a0:A0): A := exist _ (presing a0) _.
  Next Obligation. intros a0 a b Ha H0. now apply ord0_trans with a. Qed.

  Lemma Pi_phi: ∃ e, forall B , real (Pi (fun x=> exists a, B a /\ x=phi a )) e (phi (meet_set B)).
  Proof.
    destructEF;destructforall;destruct phi_mon as (emon,Hmon).
    eexists;intros;apply Hfa;intros p [x [Hx Hp]];subst.
    destruct Hx as [a [Ha Hx]].
    apply Hcut with (phi a);[apply HPi;exists a;split;trivial|].
    apply HPi. exists x;now split.
  Qed.

  Lemma phi_arrow: ∃ e, forall a b, real (phi (arrow a b)) e (imp (phi a) (phi b)).
  Proof.
    destructbase; destructimp; destructforall.
    destruct conj_mon as (f,Hmon).
    destruct swap as (swap,Hswap).
    unfold phi at 1,injec;unfold A_IS,arrow,prearrow0,impval;simpl.
    eexists;intros.
    eapply (Hcut _ (Pi (λ x, ∃ s ß (c:A), closure (injec a) s ∧ b ß ∧ x = injec0 (s ⇀ ß)))); simpl.
    - apply Hfa; intros p (P, (w,(HP,(Hw,(Hb,Hp)))));subst.
      apply HPi. exists (P ⇀ w). split;[|reflexivity]. exists P;exists w; repeat split;trivial.
    - eapply (Hcut _ (Pi (λ x : PHI, ∃ (ß : A0), b ß ∧ x = imp (Pi (injec a)) ((injec0 ß))))).
      + apply Hfa;intros p (x, (w,Hw));subst.
        apply HPi. exists (injec a);exists x;repeat split;trivial. intros p H;exact H.
      + eapply (Hcut _ (imp (Pi (injec a)) (Pi (λ x, ∃ ß : A0, b ß ∧ x =(injec0 ß)))));[|apply Hax].
        apply Hlam,Hfa; intros p (c,(Hc,Hp));subst.
        eapply Hcut;[|apply Heval]; eapply Hcut;[apply Hswap|];apply Hmon;[apply Hax|];
        apply HPi;exists c;split;trivial.
   Qed.



  Lemma arrow_phi: exists e, forall a b, real (phi a ⊃ phi b) e (phi (arrow a b)).
    destructbase; destructimp; destructforall;
    destruct imp_mon as (f,Hmon); destruct Pi_mon as (f',Hmon'); destruct swap as (swap,Hswap).
    eexists. intros.
    eapply (Hcut _ (Pi (λ x : PHI, (∃ s ß, closure (injec a) s ∧ b ß ∧ x = injec0 (s ⇀ ß))))); simpl.
    - eapply (Hcut _ (Pi (λ x : PHI, ∃ (ß : A0), b ß ∧ x = imp (Pi (injec a)) ((injec0 ß))))).
      + eapply (Hcut _ (imp (Pi (injec a)) (Pi (λ x, ∃ ß : A0, b ß ∧ x =(injec0 ß)))));[apply Hax|].
        apply Hfa; intros p (c,(Hc,Hp));subst.
        apply Hmon;[apply Hax|].
        apply HPi;exists c;split;trivial.
      + apply Hfa; intros p (P, (x,(HP,(Hx,Hp)))); subst.
        eapply (Hcut _ (Pi (λ x0 : PHI, ∃ ß : A0, b ß ∧ x0 = Pi P ⊃ injec0 ß)));
          [|apply HPi;exists x; split;trivial].
         eapply Hfa; intros p' (z,(Hz,Hp')); subst.
          eapply (Hcut _ (Pi (injec a) ⊃ injec0 z));[apply HPi;exists z;repeat split;trivial|].
          apply Hmon;[now apply Hmon'|apply Hax].
    - apply Hfa;intros p (P, ((s,(ß,(HP,(Hs,Hß)))),Hw)); subst.
      apply HPi. exists s;exists ß; repeat split;trivial.
  Qed.


Lemma phiK:
     impval (Pi (fun x => exists a:A, x= Pi (fun y => exists b, y = (phi a) ⊃ (phi b) ⊃ (phi a)))) (phi K).
   Proof.
     apply entails_impval.
     destructEF. destructforall.
     destruct imp_mon as (emon,Hmon).
     destruct Pi_mon as (emon',Hmon').
     eexists.
     apply Hfa.
     intros. destruct H as (y,(Hy,Hp')). subst.
     unfold K in Hy. simpl in Hy.
     destruct Hy as (P,((a,Ha),Hy)).
     rewrite Ha in Hy. destruct Hy as (z,((b,Hz),Hy)). subst.
     destruct Hy as (s, (ß,(Hy,(Hs,Hß)))). subst.
     destruct Hß as (s', (ß',(Hß,(Hs',Hß')))). subst.
     simpl.
     eapply (Hcut _ (phi a ⊃ phi b ⊃ phi a)).
     - eapply (Hcut _ (Pi (λ y : PHI, ∃ b0 : A, y = phi a ⊃ phi b0 ⊃ phi a))).
       apply HPi;exists a;reflexivity.
       apply HPi;exists b;reflexivity.
     - apply Hmon. now apply Hmon'.
       apply Hmon. now apply Hmon'.
       apply HPi. exists ß';split;trivial.
   Qed.

   Lemma phiK_aux:
     valid (Pi (fun x => exists a, x= Pi (fun y => exists b, y = a ⊃ b ⊃ a))).
   Proof.
     destructEF. destructforall.
     exists (efa (efa (elam (elam (ecut efst esnd))))).
     apply Hfa. intros ?p' (?a,?Ha). subst.
     apply Hfa. intros ?p' (?a,?Ha). subst.
     apply Hlam. intros ?p' ?Ha. rewrite <- Ha.
     apply Hlam. intros ?p' ?Ha. rewrite <- Ha0.
     eapply Hcut. apply Hfst. apply Hsnd.
   Qed.


   Lemma validK: valid (phi K).
   Proof.
     apply phiK.
     destructimp. destructforall. destructbase.
     destruct phiK_aux as (eK,HK).
     eexists.
     apply Hfa. intros p' (a,Ha). subst.
     apply Hfa. intros p' (b,Hb). subst.
     eapply Hcut;[apply HK|].
     eapply Hcut. apply HPi. exists (phi a). reflexivity.
     apply HPi. exists (phi b). reflexivity.
   Qed.

   Lemma phiS:
     (Π[ a] (Π[ b] (Π[ c] (phi a ⊃ phi b ⊃ phi c) ⊃ (phi a ⊃ phi b) ⊃ phi a ⊃ phi c))) ⊢ phi S.
   Proof.
     destructEF. destructforall.
     destruct imp_mon as (emon,Hmon).
     destruct Pi_mon as (emon',Hmon').
     destruct phi_arrow as (ephi,Hphi).
     destruct arrow_phi as (earr,Harr).
     eexists.
     apply Hfa.
     intros. destruct H as (y,(Hy,Hp')). subst.
     unfold S in Hy. simpl in Hy.
     destruct Hy as (P,((a,Ha),Hy)). rewrite Ha in Hy.
     destruct Hy as (z,((b,Hz),Hy)). subst.
     destruct Hy as (w,((c,Hw),Hz)). subst.
     destruct Hz as (s1, (ß1,(Hz,(Hs1,Hß1)))). subst.
     destruct Hß1 as (s2, (ß2,(Hß1,(Hs2,Hß2)))). subst.
     destruct Hß2 as (s3, (ß3,(Hß2,(Hs3,Hß3)))). subst.
     simpl.
     eapply (Hcut _ ((phi a ⊃ phi b ⊃ phi c) ⊃ (phi a ⊃ phi b) ⊃ phi a ⊃ phi c)).
     - eapply (Hcut _ (Π[b0] (Π[c0] (phi a ⊃ phi b0 ⊃ phi c0) ⊃ (phi a ⊃ phi b0) ⊃ phi a ⊃ phi c0))).
       apply HPi;exists a;reflexivity.
       eapply (Hcut _ (Π[c0] (phi a ⊃ phi b ⊃ phi c0) ⊃ (phi a ⊃ phi b) ⊃ phi a ⊃ phi c0)).
       apply HPi;exists b;reflexivity.
       apply HPi;exists c;reflexivity.
     - apply Hmon. eapply (Hcut _ (phi (arrow a (arrow b c)))). now apply Hmon'.
       eapply Hcut;[apply Hphi|].
       apply Hmon;[apply Hax |apply Hphi].
       eapply (Hcut _ ((phi (arrow a b)) ⊃ phi a ⊃ phi c)).
       eapply Hcut.
       apply Hmon. apply Hphi. apply Harr.
       apply Hmon;[apply Hax|apply Hphi].
       apply Hmon.
       + apply Hfa. intros p' (w, (Hw,Hp')). subst.
         apply HPi. apply Hs2. exists w;split;trivial.
       + apply Hmon.
         * apply Hfa. intros p' (w, (Hw,Hp')). subst.
           apply HPi. apply Hs3. exists w;split;trivial.
         * apply HPi. exists ß3;split;trivial.
   Qed.


   Lemma phiS_aux:
     valid (Pi (fun x => exists a, x= Pi (fun y => exists b, y = Pi (fun z => exists c, z = (a ⊃ b ⊃ c) ⊃ (a ⊃ b) ⊃ a ⊃ c)))).
   Proof.
     destructEF. destructforall. destruct impeval as (eval,Hev).
     exists (efa (efa (efa (elam (elam (elam (ecut
       (epair
           (ecut (epair esnd (ecut efst esnd)) eval)
          (ecut (epair esnd (ecut efst (ecut efst esnd))) eval)
       ) eval))))))).
     do 3 (apply Hfa; intros ?p' (?a,?Ha); subst).
     do 3 (apply Hlam; intros ?p' Hp'; unfold singleton in *; subst).
     eapply Hcut. 2: { apply Hev. }
     apply Hpair.
     - eapply Hcut. 2: { apply Hev. }
       apply Hpair.
       + apply Hsnd.
       + eapply Hcut;[apply Hfst|apply Hsnd].
     - eapply Hcut. 2: { apply Hev. }
       apply Hpair.
         + apply Hsnd.
         + eapply Hcut;[apply Hfst|].
           eapply Hcut;[apply Hfst|apply Hsnd].
   Qed.



   Lemma validS: valid (phi S).
   Proof.
     destructimp. destructforall. destructbase.
     destruct phiS as (ephi,Hphi).
     destruct phiS_aux as (eS,HS).
     eexists.
     eapply Hcut;[|apply Hphi].
     apply Hfa. intros p' (a,Ha). subst.
     apply Hfa. intros p' (b,Hb). subst.
     apply Hfa. intros p' (c,Hc). subst.
     eapply Hcut;[apply HS|].
     eapply Hcut. apply HPi. exists (phi a). reflexivity.
     eapply Hcut. apply HPi. exists (phi b). reflexivity.
     apply HPi. exists (phi c). reflexivity.
   Qed.