+ [ O ⇒ (* dummy value: it could be an elim False: *) mk_pair … O O
+ | S index' ⇒ iso_nat_nat_union s (minus m (s index)) index']].
+
+alias symbol "eq" = "leibnitz's equality".
+naxiom plus_n_O: ∀n. n + O = n.
+naxiom plus_n_S: ∀n,m. n + S m = S (n + m).
+naxiom ltb_t: ∀n,m. n < m → ltb n m = true.
+naxiom ltb_f: ∀n,m. ¬ (n < m) → ltb n m = false.
+naxiom ltb_cases: ∀n,m. (n < m ∧ ltb n m = true) ∨ (¬ (n < m) ∧ ltb n m = false).
+naxiom minus_canc: ∀n. minus n n = O.
+naxiom ad_hoc9: ∀a,b,c. a < b + c → a - b < c.
+naxiom ad_hoc10: ∀a,b,c. a - b = c → a = b + c.
+naxiom ad_hoc11: ∀a,b. a - b ≤ S a - b.
+naxiom ad_hoc12: ∀a,b. b ≤ a → S a - b - (a - b) = S O.
+naxiom ad_hoc13: ∀a,b. b ≤ a → (O + (a - b)) + b = a.
+naxiom ad_hoc14: ∀a,b,c,d,e. c ≤ a → a - c = b + d + e → a = b + (c + d) + e.
+naxiom ad_hoc15: ∀a,a',b,c. a=a' → b < c → a + b < c + a'.
+naxiom ad_hoc16: ∀a,b,c. a < c → a < b + c.
+naxiom not_lt_to_le: ∀a,b. ¬ (a < b) → b ≤ a.
+naxiom le_to_le_S_S: ∀a,b. a ≤ b → S a ≤ S b.
+naxiom minus_S: ∀n. S n - n = S O.
+naxiom ad_hoc17: ∀a,b,c,d,d'. a+c+d=b+c+d' → a+d=b+d'.
+naxiom split_big_plus:
+ ∀n,m,f. m ≤ n →
+ big_plus n f = big_plus m (λi,p.f i ?) + big_plus (n - m) (λi.λp.f (i + m) ?).
+ nelim daemon.
+nqed.
+naxiom big_plus_preserves_ext:
+ ∀n,f,f'. (∀i,p. f i p = f' i p) → big_plus n f = big_plus n f'.
+
+ntheorem iso_nat_nat_union_char:
+ ∀n:nat. ∀s: nat → nat. ∀m:nat. m < big_plus (S n) (λi.λ_.s i) →
+ let p ≝ iso_nat_nat_union s m n in
+ m = big_plus (n - fst … p) (λi.λ_.s (S (i + fst … p))) + snd … p ∧
+ fst … p ≤ n ∧ snd … p < s (fst … p).
+ #n; #s; nelim n
+ [ #m; nwhd in ⊢ (??% → let p ≝ % in ?); nwhd in ⊢ (??(??%) → ?);
+ nrewrite > (plus_n_O (s O)); #H; nrewrite > (ltb_t … H); nnormalize; @
+ [ @ [ napply refl | napply le_n ] ##| nassumption ]
+##| #n'; #Hrec; #m; nwhd in ⊢ (??% → let p ≝ % in ?); #H;
+ ncases (ltb_cases m (s (S n'))); *; #H1; #H2; nrewrite > H2;
+ nwhd in ⊢ (let p ≝ % in ?); nwhd
+ [ napply conj [napply conj
+ [ nwhd in ⊢ (???(?(?%(λ_.λ_:(??%).?))%)); nrewrite > (minus_canc n'); napply refl
+ | nnormalize; napply le_n]
+ ##| nnormalize; nassumption ]
+ ##| nchange in H with (m < s (S n') + big_plus (S n') (λi.λ_.s i));
+ nlapply (Hrec (m - s (S n')) ?)
+ [ napply ad_hoc9; nassumption] *; *; #Hrec1; #Hrec2; #Hrec3; @
+ [##2: nassumption
+ |@
+ [nrewrite > (split_big_plus …); ##[##2:napply ad_hoc11;##|##3:##skip]
+ nrewrite > (ad_hoc12 …); ##[##2: nassumption]
+ nwhd in ⊢ (???(?(??%)?));
+ nrewrite > (ad_hoc13 …);##[##2: nassumption]
+ napply ad_hoc14 [ napply not_lt_to_le; nassumption ]
+ nwhd in ⊢ (???(?(??%)?));
+ nrewrite > (plus_n_O …);
+ nassumption;
+ ##| napply le_S; nassumption ]##]##]##]
+nqed.
+
+ntheorem iso_nat_nat_union_pre:
+ ∀n:nat. ∀s: nat → nat.
+ ∀i1,i2. i1 ≤ n → i2 < s i1 →
+ big_plus (n - i1) (λi.λ_.s (S (i + i1))) + i2 < big_plus (S n) (λi.λ_.s i).
+ #n; #s; #i1; #i2; #H1; #H2;
+ nrewrite > (split_big_plus (S n) (S i1) (λi.λ_.s i) ?)
+ [##2: napply le_to_le_S_S; nassumption]
+ napply ad_hoc15
+ [ nwhd in ⊢ (???(?%?));
+ napply big_plus_preserves_ext; #i; #_;
+ nrewrite > (plus_n_S i i1); napply refl
+ | nrewrite > (split_big_plus (S i1) i1 (λi.λ_.s i) ?) [##2: napply le_S; napply le_n]
+ napply ad_hoc16; nrewrite > (minus_S i1); nnormalize; nrewrite > (plus_n_O (s i1) …);
+ nassumption ]
+nqed.
+
+ntheorem iso_nat_nat_union_uniq:
+ ∀n:nat. ∀s: nat → nat.
+ ∀i1,i1',i2,i2'. i1 ≤ n → i1' ≤ n → i2 < s i1 → i2' < s i1' →
+ big_plus (n - i1) (λi.λ_.s (S (i + i1))) + i2 = big_plus (n - i1') (λi.λ_.s (S (i + i1'))) + i2' →
+ i1 = i1' ∧ i2 = i2'.
+ #n; #s; #i1; #i1'; #i2; #i2'; #H1; #H1'; #H2; #H2'; #E;
+ nelim daemon.
+nqed.