(* Closure of sequents *)

  Require Import List.
  Export ListNotations.
  Require Import Lia.

  Require Import Coq.Init.Wf.

  Require Import GLS_export.
  Require Import UIGL_Def_measure.

  Require Import UIGL_irred_short UIGL_irred_high_level.

  Require Import general_export.

  (* Defining the premises of a sequent via Imp rules. *)

  Lemma finite_ImpRules_premises_of_S : (s : Seq), listImpRulesprems,
                ( prems, (((ImpRRule prems s) + (ImpLRule prems s)) (InT prems listImpRulesprems)) *
                               ((InT prems listImpRulesprems) ((ImpRRule prems s) + (ImpLRule prems s)))).
  Proof.
  intros.
  pose (finite_ImpR_premises_of_S s). destruct .
  pose (finite_ImpL_premises_of_S s). destruct .
  exists (x ). intros. split ; intro.
  - destruct H.
    + inversion i. subst. apply InT_or_app. left. apply p. apply ImpRRule_I.
    + inversion i. subst. apply InT_or_app. right. apply . apply ImpLRule_I.
  - apply InT_app_or in H. destruct H.
    + left. apply p ; auto.
    + right. apply ; auto.
  Defined.

  Definition inv_prems (s : Seq) := flatten_list (proj1_sigT2 (finite_ImpRules_premises_of_S s)).

  (* The number of implication symbols in a sequent gives a measure
      which has a well-founded order.*)

  Definition less_imp (s0 s1 : Seq) := (n_imp_subformS ) < (n_imp_subformS ).

  Lemma Acc_less_imp : well_founded less_imp.
  Proof.
  intros s ; induction on s as IHm with measure (n_imp_subformS s).
  apply Acc_intro. auto.
  Defined.

  Definition invprem (s0 s1 : Seq) := In (inv_prems ).

  Lemma InT_In_inv_prems : s0 s1, (InT (inv_prems ) In (inv_prems )) *
                                                                   (In (inv_prems ) InT (inv_prems )).
  Proof.
  intros. split ; intros.
  - apply InT_In ; auto.
  - unfold inv_prems. unfold inv_prems in H. destruct (finite_ImpRules_premises_of_S ).
    simpl. simpl in H. apply In_InT_seqs. auto.
Qed.

  Lemma Acc_invprem : well_founded invprem.
  Proof.
  intros s ; induction on s as IHs with measure (n_imp_subformS s).
  apply Acc_intro. intros. apply IHs. unfold invprem in H.
  apply InT_In_inv_prems in H. unfold inv_prems in H.
  destruct (finite_ImpRules_premises_of_S s) in H. simpl in H.
  apply InT_flatten_list_InT_elem in H. destruct H. destruct .
  apply p in . destruct .
  inversion . subst. inversion i. subst.
  unfold n_imp_subformS ; simpl. repeat rewrite n_imp_subformLF_dist_app.
  simpl. lia. subst. inversion .
  inversion . subst. inversion i. subst.
  unfold n_imp_subformS ; simpl. repeat rewrite n_imp_subformLF_dist_app.
  simpl. lia. subst.
  inversion . subst.
  unfold n_imp_subformS ; simpl. repeat rewrite n_imp_subformLF_dist_app.
  simpl. lia. subst. inversion .
  Defined.

  (* The closure of a sequent is the list of all sequents which can be
      reach via chains of backward applications of invertible rules. *)

  Definition Canopy := irred Acc_invprem.

  (* Critical sequents are sequents on which no invertible (Imp)
      rule is backward applicable. *)

  Definition critical_Seq (s : Seq) := is_Prime ((fst s) (snd s)).

  Definition is_Prime_dec : l, (is_Prime l) + (is_Prime l False).
  Proof.
  unfold is_Prime. induction l ; simpl ; auto.
  left. intros. inversion H. destruct IHl. destruct a as [n | | |].
  1,2,4: left ; intros ; destruct H ; auto. right. left ; exists n ; auto.
  left ; exists a ; auto. right. intro.
  assert ( --> = --> In ( --> ) l). left ; auto. apply H in .
  destruct . destruct . inversion . destruct . destruct ; inversion .
  inversion . right. intros. apply f. intros. apply H. auto.
  Defined.

  Definition critical_Seq_dec (s : Seq) : (critical_Seq s) + (critical_Seq s False).
  Proof.
  unfold critical_Seq. destruct s ; simpl. apply is_Prime_dec.
  Defined.

  (* We show that all sequents in Canopy are critical. *)

  Lemma inv_prems_id_critical : s, inv_prems s = [] critical_Seq s.
  Proof.
  intros. destruct s. unfold critical_Seq. intros A . destruct A as [n | | |].
  right ; left ; exists n ; auto. right ; auto.
  2: left ; exists A ; auto. exfalso. simpl in .
  apply in_app_or in ; destruct .
  apply in_split in . destruct . destruct . subst.
  assert (In (x :: , ) (inv_prems (x --> :: , ))).
  unfold inv_prems. apply InT_In.
  apply InT_trans_flatten_list with (bs:=[(x , [] :: );(x :: , [] )]).
  apply InT_cons ; apply InT_eq.
  destruct (finite_ImpRules_premises_of_S (x --> :: , )).
  apply p. right. assert ((x --> :: , ) = (x --> :: , [] )). auto.
  rewrite . apply ImpLRule_I.
  rewrite H in . inversion .
  apply in_split in . destruct . destruct . subst.
  assert (In (l :: [], x :: ) (inv_prems (l [] , x --> :: ))).
  unfold inv_prems. apply InT_In.
  apply InT_trans_flatten_list with (bs:=[(l [], x :: )]). apply InT_eq.
  destruct (finite_ImpRules_premises_of_S (l [], x --> :: )).
  apply p. left. apply ImpRRule_I. rewrite app_nil_r in .
  rewrite H in . inversion .
  Qed.

  Lemma Canopy_critical : s leaf, InT leaf (Canopy s) (critical_Seq leaf).
  Proof.
  unfold Canopy.
  intros s ; induction on s as IHs with measure (n_imp_subformS s).
  intros. remember (inv_prems s) as prems. destruct prems.
  - symmetry in Heqprems ; pose (irred_nil _ _ Acc_invprem s Heqprems).
    rewrite e in H. pose (inv_prems_id_critical _ Heqprems). inversion H ; subst ; auto.
    inversion .
  - assert (: inv_prems s []%list). rewrite Heqprems. intro.
    inversion . pose (irred_not _ _ Acc_invprem s ). rewrite e in H.
    pose (InT_In H). apply in_flat_map in i. destruct i. destruct .
    apply In_InT_seqs in . apply IHs with (y:=x) ; auto.
    apply InT_In_inv_prems in . unfold inv_prems in .
    destruct (finite_ImpRules_premises_of_S s) in . simpl in .
    apply InT_flatten_list_InT_elem in . destruct . destruct .
    apply p in . destruct .
    inversion . subst. inversion i. subst.
    unfold n_imp_subformS ; simpl. repeat rewrite n_imp_subformLF_dist_app.
    simpl. lia. subst. inversion .
    inversion . subst. inversion i. subst.
    unfold n_imp_subformS ; simpl. repeat rewrite n_imp_subformLF_dist_app.
    simpl. lia. subst.
    inversion . subst.
    unfold n_imp_subformS ; simpl. repeat rewrite n_imp_subformLF_dist_app.
    simpl. lia. subst. inversion .
  Qed.

  (* We show the equiprovability between a sequent and its Canopy. *)

  Lemma ImpRule_Canopy : s prems, ((ImpRRule prems s) + (ImpLRule prems s))
                ( prem, InT prem prems ( leaf, InT leaf (Canopy prem) InT leaf (Canopy s))).
  Proof.
  intros. unfold Canopy. rewrite irred_not. apply In_InT_seqs.
  apply in_flat_map. exists prem ; split ; auto. 2: apply InT_In ; auto.
  unfold inv_prems. apply InT_In. apply InT_trans_flatten_list with (bs:=prems) ; auto.
  destruct (finite_ImpRules_premises_of_S s) ; simpl. apply p ; auto.
  intro. unfold inv_prems in . destruct (finite_ImpRules_premises_of_S s) ; simpl.
  simpl in . apply p in H. assert (InT prem (flatten_list x)).
  apply InT_trans_flatten_list with (bs:=prems) ; auto. rewrite in . inversion .
  Qed.

  (* Move the lemma below to a more general location. *)

  Lemma InT_flat_map: (f : Seq list Seq) (l : list Seq) (y : Seq), (InT y (flat_map f l) ( x : Seq, InT x l * InT y (f x))) *
                                                                                                                ( ( x : Seq, InT x l * InT y (f x)) InT y (flat_map f l)).
  Proof.
  intros f. induction l.
  - intros ; split ; intros. simpl in H. inversion H. simpl. destruct H. destruct p. inversion i.
  - intros ; simpl ; split ; intros. apply InT_app_or in H. destruct H. exists a ; split ; auto. apply InT_eq.
    apply IHl in i. destruct i. destruct p. exists x ; split ; auto. apply InT_cons ; auto.
    apply InT_or_app. destruct H. destruct p. inversion i ; subst ; auto. right.
    apply IHl. exists x ; split ; auto.
  Qed.

  Lemma fold_Canopy : s leaf, InT leaf (Canopy s)
                  (leaf = s) + ( prem, InT prem (inv_prems s) * InT leaf (Canopy prem)).
  Proof.
  intros. remember (finite_ImpRules_premises_of_S s) as J.
  destruct J. destruct x.
  - assert (Canopy s = [s]). apply irred_nil. unfold inv_prems. rewrite HeqJ.
    simpl. auto. rewrite in H. inversion H ; subst ; auto. inversion .
  - right. unfold Canopy in H. rewrite irred_not in H. apply InT_flat_map in H. destruct H.
    destruct . exists ; split ; auto. intro. unfold inv_prems in . rewrite HeqJ in .
    assert (InT l (l :: x)). apply InT_eq. apply p in . destruct ; inversion i ; subst ;
    simpl in ; inversion .
  Qed.

  Lemma Canopy_equiprv : s,
    (( leaf, InT leaf (Canopy s) GLS_prv leaf) (GLS_prv s)) *
    ((GLS_prv s) ( leaf, InT leaf (Canopy s) GLS_prv leaf)).
  Proof.
  intros s ; induction on s as IHs with measure (n_imp_subformS s).
  intros ; split ; intros.
  - remember (finite_ImpRules_premises_of_S s) as H.
    destruct H. destruct x.
    + assert (Canopy s = [s]). apply irred_nil. unfold inv_prems. rewrite HeqH.
       simpl. auto. rewrite H in X. apply X. apply InT_eq.
    + assert (: InT l (l :: x)). apply InT_eq. apply p in . destruct ; unfold GLS_prv ; apply derI with (ps:=l).
       apply ImpR ; auto. 2: apply ImpL ; auto. all: inversion i ; subst ; apply dlCons. 4: apply dlCons. 2,5: apply dlNil.
       all: apply IHs. 1,3,5: unfold n_imp_subformS ; simpl ; repeat rewrite n_imp_subformLF_dist_app ; simpl ; lia.
       all: intros ; apply X. apply ImpRule_Canopy with (prems:=[(Γ0 A :: Γ1, Δ0 B :: Δ1)]) (prem:=(Γ0 A :: Γ1, Δ0 B :: Δ1)) ; auto.
       apply InT_eq. apply ImpRule_Canopy with (prems:=[(Γ0 Γ1, Δ0 A :: Δ1); (Γ0 B :: Γ1, Δ0 Δ1)])
       (prem:=(Γ0 Γ1, Δ0 A :: Δ1)) ; auto. apply InT_eq.
        apply ImpRule_Canopy with (prems:=[(Γ0 Γ1, Δ0 A :: Δ1); (Γ0 B :: Γ1, Δ0 Δ1)])
       (prem:=(Γ0 B :: Γ1, Δ0 Δ1)) ; auto. apply InT_cons ; apply InT_eq.
  - apply fold_Canopy in H. destruct H ; subst ; auto. destruct . destruct p.
    unfold inv_prems in i ; apply InT_flatten_list_InT_elem in i ; destruct i ; destruct p ; destruct (finite_ImpRules_premises_of_S s) ;
    simpl in . apply p in . destruct ; inversion ; subst.
    + inversion i ; subst. 2: inversion . apply IHs with (y:=(Γ0 A :: Γ1, Δ0 B :: Δ1)) ; auto.
       unfold n_imp_subformS ; simpl ; repeat rewrite n_imp_subformLF_dist_app ; simpl ; lia.
       apply ImpR_inv with (concl:=(Γ0 Γ1, Δ0 A --> B :: Δ1)) ; auto.
    + inversion i ; subst. apply IHs with (y:=(Γ0 Γ1, Δ0 A :: Δ1)) ; auto.
       unfold n_imp_subformS ; simpl ; repeat rewrite n_imp_subformLF_dist_app ; simpl ; lia.
       apply ImpL_inv with (concl:=(Γ0 A --> B :: Γ1, Δ0 Δ1)) (:= (Γ0 B :: Γ1, Δ0 Δ1)) ; auto.
       inversion ; subst. 2: inversion . apply IHs with (y:=(Γ0 B :: Γ1, Δ0 Δ1)) ; auto.
       unfold n_imp_subformS ; simpl ; repeat rewrite n_imp_subformLF_dist_app ; simpl ; lia.
       apply ImpL_inv with (concl:=(Γ0 A --> B :: Γ1, Δ0 Δ1)) (:= (Γ0 Γ1, Δ0 A :: Δ1)) ; auto.
  Qed.

  Lemma Canopy_equiprv_genL : s A,
    (( leaf, InT leaf (Canopy s) GLS_prv (A :: fst leaf, snd leaf)) (GLS_prv (A :: fst s, snd s))) *
    ((GLS_prv (A :: fst s, snd s)) ( leaf, InT leaf (Canopy s) GLS_prv (A :: fst leaf, snd leaf))).
  Proof.
  intros s ; induction on s as IHs with measure (n_imp_subformS s).
  intros ; split ; intros.
  - remember (finite_ImpRules_premises_of_S s) as .
    destruct . destruct x.
    + assert (Canopy s = [s]). apply irred_nil. unfold inv_prems. rewrite .
       simpl. auto. rewrite H in X. apply X. apply InT_eq.
    + assert (: InT l (l :: x)). apply InT_eq. apply p in . destruct ; unfold GLS_prv ; inversion i ; subst ; simpl.
       apply derI with (ps:=[(A :: Γ0 :: Γ1, Δ0 B :: Δ1)]).
       apply ImpR ; auto. assert ((A :: Γ0 :: Γ1) = ((A :: Γ0) :: Γ1)). auto. rewrite H.
       assert (A :: Γ0 Γ1 = (A :: Γ0) Γ1). auto. rewrite . apply ImpRRule_I. apply dlCons. 2: apply dlNil.
       2: apply derI with (ps:=[(A :: Γ0 Γ1, Δ0 :: Δ1);(A :: Γ0 B :: Γ1, Δ0 Δ1)]).
       2: apply ImpL ; auto. 2: assert (A :: Γ0 Γ1 = ((A :: Γ0) Γ1)) ; auto ; rewrite H.
       2: assert (A :: Γ0 B :: Γ1 = (A :: Γ0) B :: Γ1) ; auto ; rewrite . 2: apply ImpLRule_I. 2: apply dlCons.
       3: apply dlCons. 4: apply dlNil.
       assert (: n_imp_subformS (Γ0 :: Γ1, Δ0 B :: Δ1) < n_imp_subformS (Γ0 Γ1, Δ0 --> B :: Δ1)).
       unfold n_imp_subformS ; simpl ; repeat rewrite n_imp_subformLF_dist_app ; simpl ; lia.
       apply IHs with (A:=A) in . simpl in . destruct . apply g. intros. apply X.
       apply ImpRule_Canopy with (prems:=[(Γ0 :: Γ1, Δ0 B :: Δ1)]) (prem:=(Γ0 :: Γ1, Δ0 B :: Δ1)) ; auto.
       apply InT_eq.
       assert (: n_imp_subformS (Γ0 Γ1, Δ0 :: Δ1) < n_imp_subformS (Γ0 --> B :: Γ1, Δ0 Δ1)).
       unfold n_imp_subformS ; simpl ; repeat rewrite n_imp_subformLF_dist_app ; simpl ; lia.
       apply IHs with (A:=A) in . simpl in . destruct . apply g. intros. apply X.
       apply ImpRule_Canopy with (prems:=[(Γ0 Γ1, Δ0 :: Δ1); (Γ0 B :: Γ1, Δ0 Δ1)])
       (prem:=(Γ0 Γ1, Δ0 :: Δ1)) ; auto. apply InT_eq.
       assert (: n_imp_subformS (Γ0 B :: Γ1, Δ0 Δ1) < n_imp_subformS (Γ0 --> B :: Γ1, Δ0 Δ1)).
       unfold n_imp_subformS ; simpl ; repeat rewrite n_imp_subformLF_dist_app ; simpl ; lia.
       apply IHs with (A:=A) in . simpl in . destruct . apply g. intros. apply X.
       apply ImpRule_Canopy with (prems:=[(Γ0 Γ1, Δ0 :: Δ1); (Γ0 B :: Γ1, Δ0 Δ1)])
       (prem:=(Γ0 B :: Γ1, Δ0 Δ1)) ; auto. apply InT_cons. apply InT_eq.
  - apply fold_Canopy in H. destruct H ; subst ; auto. destruct . destruct p.
    unfold inv_prems in i ; apply InT_flatten_list_InT_elem in i ; destruct i ; destruct p ; destruct (finite_ImpRules_premises_of_S s) ;
    simpl in . apply p in . destruct ; inversion ; subst.
    + inversion i ; subst. 2: inversion . apply IHs with (y:=(Γ0 :: Γ1, Δ0 B :: Δ1)) ; auto.
       unfold n_imp_subformS ; simpl ; repeat rewrite n_imp_subformLF_dist_app ; simpl ; lia.
       apply ImpR_inv with (concl:=(A :: Γ0 Γ1, Δ0 --> B :: Δ1)) ; auto. simpl.
       assert (A :: Γ0 :: Γ1 = (A :: Γ0) :: Γ1). auto. rewrite H.
       assert (A :: Γ0 Γ1 = (A :: Γ0) Γ1). auto. rewrite . apply ImpRRule_I.
    + inversion i ; subst. apply IHs with (y:=(Γ0 Γ1, Δ0 :: Δ1)) ; auto.
       unfold n_imp_subformS ; simpl ; repeat rewrite n_imp_subformLF_dist_app ; simpl ; lia.
       apply ImpL_inv with (concl:=(A :: Γ0 --> B :: Γ1, Δ0 Δ1)) (:= (A :: Γ0 B :: Γ1, Δ0 Δ1)) ; auto. simpl.
       assert (A :: Γ0 B :: Γ1 = (A :: Γ0) B :: Γ1). auto. rewrite H.
       assert (A :: Γ0 Γ1 = (A :: Γ0) Γ1). auto. rewrite . apply ImpLRule_I.
       inversion ; subst. 2: inversion . apply IHs with (y:=(Γ0 B :: Γ1, Δ0 Δ1)) ; auto.
       unfold n_imp_subformS ; simpl ; repeat rewrite n_imp_subformLF_dist_app ; simpl ; lia.
       apply ImpL_inv with (concl:=(A :: Γ0 --> B :: Γ1, Δ0 Δ1)) (:= (A :: Γ0 Γ1, Δ0 :: Δ1)) ; auto. simpl.
       assert (A :: Γ0 B :: Γ1 = (A :: Γ0) B :: Γ1). auto. rewrite H.
       assert (A :: Γ0 Γ1 = (A :: Γ0) Γ1). auto. rewrite . apply ImpLRule_I.
  Qed.

  Lemma Canopy_equiprv_genR : s A,
    (( leaf, InT leaf (Canopy s) GLS_prv (fst leaf, A :: snd leaf)) (GLS_prv (fst s, A :: snd s))) *
    ((GLS_prv (fst s, A :: snd s)) ( leaf, InT leaf (Canopy s) GLS_prv (fst leaf, A :: snd leaf))).
  Proof.
  intros s ; induction on s as IHs with measure (n_imp_subformS s).
  intros ; split ; intros.
  - remember (finite_ImpRules_premises_of_S s) as .
    destruct . destruct x.
    + assert (Canopy s = [s]). apply irred_nil. unfold inv_prems. rewrite .
       simpl. auto. rewrite H in X. apply X. apply InT_eq.
    + assert (: InT l (l :: x)). apply InT_eq. apply p in . destruct ; unfold GLS_prv ; inversion i ; subst ; simpl.
       apply derI with (ps:=[(Γ0 :: Γ1, A :: Δ0 B :: Δ1)]).
       apply ImpR ; auto. assert ((A :: Δ0 B :: Δ1) = ((A :: Δ0) B :: Δ1)). auto. rewrite H.
       assert (A :: Δ0 --> B :: Δ1 = (A :: Δ0) --> B :: Δ1). auto. rewrite . apply ImpRRule_I. apply dlCons. 2: apply dlNil.
       2: apply derI with (ps:=[(Γ0 Γ1, A :: Δ0 :: Δ1);(Γ0 B :: Γ1, A :: Δ0 Δ1)]).
       2: apply ImpL ; auto. 2: assert (A :: Δ0 Δ1 = ((A :: Δ0) Δ1)) ; auto ; rewrite H.
       2: assert (A :: Δ0 :: Δ1 = (A :: Δ0) :: Δ1) ; auto ; rewrite . 2: apply ImpLRule_I. 2: apply dlCons.
       3: apply dlCons. 4: apply dlNil.
       assert (: n_imp_subformS (Γ0 :: Γ1, Δ0 B :: Δ1) < n_imp_subformS (Γ0 Γ1, Δ0 --> B :: Δ1)).
       unfold n_imp_subformS ; simpl ; repeat rewrite n_imp_subformLF_dist_app ; simpl ; lia.
       apply IHs with (A:=A) in . simpl in . destruct . apply g. intros. apply X.
       apply ImpRule_Canopy with (prems:=[(Γ0 :: Γ1, Δ0 B :: Δ1)]) (prem:=(Γ0 :: Γ1, Δ0 B :: Δ1)) ; auto.
       apply InT_eq.
       assert (: n_imp_subformS (Γ0 Γ1, Δ0 :: Δ1) < n_imp_subformS (Γ0 --> B :: Γ1, Δ0 Δ1)).
       unfold n_imp_subformS ; simpl ; repeat rewrite n_imp_subformLF_dist_app ; simpl ; lia.
       apply IHs with (A:=A) in . simpl in . destruct . apply g. intros. apply X.
       apply ImpRule_Canopy with (prems:=[(Γ0 Γ1, Δ0 :: Δ1); (Γ0 B :: Γ1, Δ0 Δ1)])
       (prem:=(Γ0 Γ1, Δ0 :: Δ1)) ; auto. apply InT_eq.
       assert (: n_imp_subformS (Γ0 B :: Γ1, Δ0 Δ1) < n_imp_subformS (Γ0 --> B :: Γ1, Δ0 Δ1)).
       unfold n_imp_subformS ; simpl ; repeat rewrite n_imp_subformLF_dist_app ; simpl ; lia.
       apply IHs with (A:=A) in . simpl in . destruct . apply g. intros. apply X.
       apply ImpRule_Canopy with (prems:=[(Γ0 Γ1, Δ0 :: Δ1); (Γ0 B :: Γ1, Δ0 Δ1)])
       (prem:=(Γ0 B :: Γ1, Δ0 Δ1)) ; auto. apply InT_cons. apply InT_eq.
  - apply fold_Canopy in H. destruct H ; subst ; auto. destruct . destruct p.
    unfold inv_prems in i ; apply InT_flatten_list_InT_elem in i ; destruct i ; destruct p ; destruct (finite_ImpRules_premises_of_S s) ;
    simpl in . apply p in . destruct ; inversion ; subst.
    + inversion i ; subst. 2: inversion . apply IHs with (y:=(Γ0 :: Γ1, Δ0 B :: Δ1)) ; auto.
       unfold n_imp_subformS ; simpl ; repeat rewrite n_imp_subformLF_dist_app ; simpl ; lia.
       apply ImpR_inv with (concl:=(Γ0 Γ1, A :: Δ0 --> B :: Δ1)) ; auto. simpl.
       assert (A :: Δ0 B :: Δ1 = (A :: Δ0) B :: Δ1). auto. rewrite H.
       assert (A :: Δ0 --> B :: Δ1 = (A :: Δ0) --> B :: Δ1). auto. rewrite . apply ImpRRule_I.
    + inversion i ; subst. apply IHs with (y:=(Γ0 Γ1, Δ0 :: Δ1)) ; auto.
       unfold n_imp_subformS ; simpl ; repeat rewrite n_imp_subformLF_dist_app ; simpl ; lia.
       apply ImpL_inv with (concl:=(Γ0 --> B :: Γ1, A :: Δ0 Δ1)) (:= (Γ0 B :: Γ1, A :: Δ0 Δ1)) ; auto. simpl.
       assert (A :: Δ0 :: Δ1 = (A :: Δ0) :: Δ1). auto. rewrite H.
       assert (A :: Δ0 Δ1 = (A :: Δ0) Δ1). auto. rewrite . apply ImpLRule_I.
       inversion ; subst. 2: inversion . apply IHs with (y:=(Γ0 B :: Γ1, Δ0 Δ1)) ; auto.
       unfold n_imp_subformS ; simpl ; repeat rewrite n_imp_subformLF_dist_app ; simpl ; lia.
       apply ImpL_inv with (concl:=(Γ0 --> B :: Γ1, A :: Δ0 Δ1)) (:= (Γ0 Γ1, A :: Δ0 :: Δ1)) ; auto. simpl.
       assert (A :: Δ0 :: Δ1 = (A :: Δ0) :: Δ1). auto. rewrite H.
       assert (A :: Δ0 Δ1 = (A :: Δ0) Δ1). auto. rewrite . apply ImpLRule_I.
  Qed.

  Lemma Canopy_hp_inv_ctx : s k scomp (D0 : GLS_prv scomp) X0 Y0,
        k = (derrec_height )
        scomp = (fst s , snd s )
        ( leaf, InT leaf (Canopy s) (D1: GLS_prv (fst leaf , snd leaf )),
                                                                                derrec_height k).
  Proof.
  intros s ; induction on s as IHs with measure (n_imp_subformS s).
  intros. apply fold_Canopy in . destruct .
  - subst. exists ; auto.
  - destruct ; destruct p. unfold inv_prems in i. apply InT_flatten_list_InT_elem in i. destruct i.
    destruct p. destruct (finite_ImpRules_premises_of_S s). simpl in . subst.
    assert (: derrec_height = derrec_height ). auto.
    pose (ImpR_ImpL_hpinv ). destruct . apply p in . destruct .
    + inversion ; subst. simpl in .
       assert (: ImpRRule [(Γ0 A :: (Γ1 ), Δ0 B :: (Δ1 ))] ((Γ0 Γ1) , (Δ0 A --> B :: Δ1) )).
       repeat rewrite app_assoc ; apply ImpRRule_I. apply in . destruct . inversion i ; subst.
       assert (: n_imp_subformS (Γ0 A :: Γ1, Δ0 B :: Δ1) < n_imp_subformS (Γ0 Γ1, Δ0 A --> B :: Δ1)).
       unfold n_imp_subformS. simpl. repeat rewrite n_imp_subformLF_dist_app. simpl ; repeat rewrite n_imp_subformLF_dist_app.
       lia.
       assert (: derrec_height = derrec_height ). auto.
       assert (: (Γ0 A :: Γ1 , Δ0 B :: Δ1 ) = (fst (Γ0 A :: Γ1, Δ0 B :: Δ1) , snd (Γ0 A :: Γ1, Δ0 B :: Δ1) )).
       simpl ; repeat rewrite app_assoc ; auto.
       pose (IHs _ _ _ _ ). destruct s. exists x. apply PeanoNat.Nat.le_trans with (m:=derrec_height ) ; auto.
       inversion .
    + inversion ; subst. simpl in . clear .
       assert (: ImpLRule [(Γ0 Γ1 , Δ0 A :: Δ1 ); (Γ0 B :: Γ1 , Δ0 Δ1 )] ((Γ0 A --> B :: Γ1) , (Δ0 Δ1) )).
       repeat rewrite app_assoc ; apply ImpLRule_I. apply in . destruct . destruct s. destruct . inversion i ; subst.
       assert (: n_imp_subformS (Γ0 Γ1, Δ0 A :: Δ1) < n_imp_subformS (Γ0 A --> B :: Γ1, Δ0 Δ1)).
       unfold n_imp_subformS. simpl. repeat rewrite n_imp_subformLF_dist_app. simpl ; repeat rewrite n_imp_subformLF_dist_app.
       lia.
       assert (: derrec_height = derrec_height ). auto.
       assert (: (Γ0 Γ1 , Δ0 A :: Δ1 ) = (fst (Γ0 Γ1, Δ0 A :: Δ1) , snd (Γ0 Γ1, Δ0 A :: Δ1) )).
       simpl ; repeat rewrite app_assoc ; auto.
       pose (IHs _ _ _ _ ). destruct s. exists x. apply PeanoNat.Nat.le_trans with (m:=derrec_height ) ; auto.
       inversion ; subst.
       assert (: n_imp_subformS (Γ0 B :: Γ1, Δ0 Δ1) < n_imp_subformS (Γ0 A --> B :: Γ1, Δ0 Δ1)).
       unfold n_imp_subformS. simpl. repeat rewrite n_imp_subformLF_dist_app. simpl ; repeat rewrite n_imp_subformLF_dist_app.
       lia.
       assert (: derrec_height = derrec_height ). auto.
       assert (: (Γ0 B :: Γ1 , Δ0 Δ1 ) = (fst (Γ0 B :: Γ1, Δ0 Δ1) , snd (Γ0 B :: Γ1, Δ0 Δ1) )).
       simpl ; repeat rewrite app_assoc ; auto.
       pose (IHs _ _ _ _ ). destruct s. exists x. apply PeanoNat.Nat.le_trans with (m:=derrec_height ) ; auto.
       inversion .
  Qed.

  Lemma Canopy_neg_var : s q, InT (# q) (fst s) ( leaf, InT leaf (Canopy s) InT (# q) (fst leaf)).
  Proof.
  intros s ; induction on s as IHs with measure (n_imp_subformS s).
  intros. apply fold_Canopy in . destruct ; subst ; auto.
  destruct ; destruct p. unfold inv_prems in i. apply InT_flatten_list_InT_elem in i. destruct i.
  destruct p. destruct (finite_ImpRules_premises_of_S s). simpl in . subst.
  apply p in . destruct .
  - inversion ; subst. inversion i ; subst. 2: inversion .
    assert (: n_imp_subformS (Γ0 A :: Γ1, Δ0 B :: Δ1) < n_imp_subformS (Γ0 Γ1, Δ0 A --> B :: Δ1)).
     unfold n_imp_subformS. simpl. repeat rewrite n_imp_subformLF_dist_app. simpl ; repeat rewrite n_imp_subformLF_dist_app.
     lia.
    apply IHs with (q:= q) (leaf:=leaf) in ; auto. simpl. apply InT_or_app. simpl in H. apply InT_app_or in H ; destruct H ; auto.
    right ; apply InT_cons ; auto.
  - inversion ; subst. inversion i ; subst. 2: inversion . 3: inversion .
    assert (: n_imp_subformS (Γ0 Γ1, Δ0 A :: Δ1) < n_imp_subformS (Γ0 A --> B :: Γ1, Δ0 Δ1)).
     unfold n_imp_subformS. simpl. repeat rewrite n_imp_subformLF_dist_app. simpl ; repeat rewrite n_imp_subformLF_dist_app.
     lia.
    apply IHs with (q:= q) (leaf:=leaf) in ; auto. simpl. apply InT_or_app. simpl in H. apply InT_app_or in H ; destruct H ; auto.
    inversion ; subst. inversion . auto. subst.
    assert (: n_imp_subformS (Γ0 B :: Γ1, Δ0 Δ1) < n_imp_subformS (Γ0 A --> B :: Γ1, Δ0 Δ1)).
     unfold n_imp_subformS. simpl. repeat rewrite n_imp_subformLF_dist_app. simpl ; repeat rewrite n_imp_subformLF_dist_app.
     lia.
    apply IHs with (q:= q) (leaf:=leaf) in ; auto. simpl. apply InT_or_app. simpl in H. apply InT_app_or in H ; destruct H ; auto.
    inversion ; subst. inversion . right ; apply InT_cons ; auto.
  Qed.

  Lemma Canopy_pos_var : s q, InT (# q) (snd s) ( leaf, InT leaf (Canopy s) InT (# q) (snd leaf)).
  Proof.
  intros s ; induction on s as IHs with measure (n_imp_subformS s).
  intros. apply fold_Canopy in . destruct ; subst ; auto.
  destruct ; destruct p. unfold inv_prems in i. apply InT_flatten_list_InT_elem in i. destruct i.
  destruct p. destruct (finite_ImpRules_premises_of_S s). simpl in . subst.
  apply p in . destruct .
  - inversion ; subst. inversion i ; subst. 2: inversion .
    assert (: n_imp_subformS (Γ0 A :: Γ1, Δ0 B :: Δ1) < n_imp_subformS (Γ0 Γ1, Δ0 A --> B :: Δ1)).
     unfold n_imp_subformS. simpl. repeat rewrite n_imp_subformLF_dist_app. simpl ; repeat rewrite n_imp_subformLF_dist_app.
     lia.
    apply IHs with (q:= q) (leaf:=leaf) in ; auto. simpl. apply InT_or_app. simpl in H. apply InT_app_or in H ; destruct H ; auto.
    inversion ; subst. inversion . right ; apply InT_cons ; auto.
  - inversion ; subst. inversion i ; subst. 2: inversion . 3: inversion .
    assert (: n_imp_subformS (Γ0 Γ1, Δ0 A :: Δ1) < n_imp_subformS (Γ0 A --> B :: Γ1, Δ0 Δ1)).
     unfold n_imp_subformS. simpl. repeat rewrite n_imp_subformLF_dist_app. simpl ; repeat rewrite n_imp_subformLF_dist_app.
     lia.
    apply IHs with (q:= q) (leaf:=leaf) in ; auto. simpl. apply InT_or_app. simpl in H. apply InT_app_or in H ; destruct H ; auto.
    right ; apply InT_cons ; auto. subst.
    assert (: n_imp_subformS (Γ0 B :: Γ1, Δ0 Δ1) < n_imp_subformS (Γ0 A --> B :: Γ1, Δ0 Δ1)).
     unfold n_imp_subformS. simpl. repeat rewrite n_imp_subformLF_dist_app. simpl ; repeat rewrite n_imp_subformLF_dist_app.
     lia.
    apply IHs with (q:= q) (leaf:=leaf) in ; auto.
  Qed.

  Definition Id_InT_Canopy : s, InT s (Canopy s) Canopy s = [s].
  Proof.
  intros. destruct (critical_Seq_dec s).
  - remember (finite_ImpRules_premises_of_S s) as J.
    destruct J. destruct x.
    + apply irred_nil. unfold inv_prems. rewrite HeqJ.
       simpl. auto.
    + exfalso. assert (: InT l (l :: x)). apply InT_eq. apply p in . unfold critical_Seq in c.
       destruct ; inversion i ; subst ; simpl in c.
       assert (In (A --> B) ((Γ0 Γ1) Δ0 A --> B :: Δ1)). apply in_or_app ; right ; apply in_or_app ; right ; apply in_eq.
       apply c in . destruct . destruct . inversion . destruct . destruct ; inversion . inversion .
       assert (In (A --> B) ((Γ0 A --> B :: Γ1) Δ0 Δ1)). apply in_or_app ; left ; apply in_or_app ; right ; apply in_eq.
       apply c in . destruct . destruct . inversion . destruct . destruct ; inversion . inversion .
  - exfalso. apply Canopy_critical in H. auto.
  Defined.

  Lemma critical_Seq_InT_Canopy : s, critical_Seq s InT s (Canopy s).
  Proof.
  intros. remember (finite_ImpRules_premises_of_S s) as J.
  destruct J. destruct x.
  + pose irred_nil. unfold Canopy. rewrite e. apply InT_eq. unfold inv_prems. rewrite HeqJ.
     simpl. auto.
  + exfalso. assert (: InT l (l :: x)). apply InT_eq. apply p in . unfold critical_Seq in H.
     destruct ; inversion i ; subst ; simpl in H.
     assert (In (A --> B) ((Γ0 Γ1) Δ0 A --> B :: Δ1)). apply in_or_app ; right ; apply in_or_app ; right ; apply in_eq.
     apply H in . destruct . destruct . inversion . destruct . destruct ; inversion . inversion .
     assert (In (A --> B) ((Γ0 A --> B :: Γ1) Δ0 Δ1)). apply in_or_app ; left ; apply in_or_app ; right ; apply in_eq.
     apply H in . destruct . destruct . inversion . destruct . destruct ; inversion . inversion .
  Qed.