Add files using upload-large-folder tool

.gitattributes

@@ -4358,3 +4358,11 @@ backend/core/leanprover--lean4---v4.22.0/lib/lean/Std/Tactic/BVDecide/Bitblast/B
 backend/core/leanprover--lean4---v4.22.0/lib/lean/Std/Do/WP/Monad.olean filter=lfs diff=lfs merge=lfs -text
 backend/core/leanprover--lean4---v4.22.0/lib/lean/Std/Tactic/Do/Syntax.olean filter=lfs diff=lfs merge=lfs -text
 backend/core/leanprover--lean4---v4.22.0/lib/lean/Std/Time/DateTime.olean filter=lfs diff=lfs merge=lfs -text
+backend/core/leanprover--lean4---v4.22.0/lib/lean/Std/Tactic/BVDecide/Bitblast/BVExpr/Circuit/Impl/Substructure.olean filter=lfs diff=lfs merge=lfs -text
+backend/core/leanprover--lean4---v4.22.0/lib/lean/Lean/Meta/Tactic/Grind/Arith/Linear/PropagateEq.olean filter=lfs diff=lfs merge=lfs -text
+backend/core/leanprover--lean4---v4.22.0/lib/lean/Std/Data/Iterators/Lemmas/Producers/Monadic/List.olean filter=lfs diff=lfs merge=lfs -text
+backend/core/leanprover--lean4---v4.22.0/lib/lean/Std/Do/Triple/Basic.olean filter=lfs diff=lfs merge=lfs -text
+backend/core/leanprover--lean4---v4.22.0/lib/lean/Lean/Meta/Tactic/Grind/Arith/Linear/Reify.olean filter=lfs diff=lfs merge=lfs -text
+backend/core/leanprover--lean4---v4.22.0/lib/lean/Std/Data/Iterators/Combinators/Monadic/TakeWhile.olean filter=lfs diff=lfs merge=lfs -text
+backend/core/leanprover--lean4---v4.22.0/lib/lean/Std/Tactic/BVDecide/Bitblast/BVExpr/Circuit/Lemmas/Var.olean filter=lfs diff=lfs merge=lfs -text
+backend/core/leanprover--lean4---v4.22.0/lib/lean/Std/Time/Date/Basic.olean filter=lfs diff=lfs merge=lfs -text

backend/core/leanprover--lean4---v4.22.0/lib/lean/Lean/Meta/Tactic/Grind/Arith/Linear/PropagateEq.olean

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2de3cb458ceff785a54415409cba6d5db42cf4e365612d41343cab9fad51fc77
+size 1545272

backend/core/leanprover--lean4---v4.22.0/lib/lean/Lean/Meta/Tactic/Grind/Arith/Linear/Reify.olean

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7b047e7935aa1986e41f765d7d0ac1b1c9469a769340130298e25f626df32152
+size 432920

backend/core/leanprover--lean4---v4.22.0/lib/lean/Std/Data/Iterators/Combinators/Monadic/TakeWhile.olean

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:88c64d21f17c53d5b885dea928cd0a2f57fdb7803d29b313bff051fc4afc3145
+size 358176

backend/core/leanprover--lean4---v4.22.0/lib/lean/Std/Data/Iterators/Lemmas/Producers/Monadic/List.olean

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a7796ccf1c2ade3c400ec8e94d460559cb27bd6947e523d1911fc12b2cd27638
+size 491680

backend/core/leanprover--lean4---v4.22.0/lib/lean/Std/Do/Triple/Basic.olean

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:56cc768c2c230024859db7d718f81796782627d78c51fc3b836e48fd6dbaf3eb
+size 120040

backend/core/leanprover--lean4---v4.22.0/lib/lean/Std/Tactic/BVDecide/Bitblast/BVExpr/Circuit/Impl/Substructure.olean

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4104065cda956d977c3175423a07767b2dc70f248d994517e12157bb68a5aade
+size 352432

backend/core/leanprover--lean4---v4.22.0/lib/lean/Std/Tactic/BVDecide/Bitblast/BVExpr/Circuit/Lemmas/Var.olean

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2ea84d8f6f9579e71bad5ce4724459329c472627fb8f44f52fe59e62302632b4
+size 353848

backend/core/leanprover--lean4---v4.22.0/lib/lean/Std/Time/Date/Basic.olean

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:695cad08d65230aa524b0b86ae256c50aff3a43a3babf3a2218ab52b7bd17af6
+size 326864

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/CommRing.lean

@@ -0,0 +1,43 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Util.Trace
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Poly
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Types
+import Lean.Meta.Tactic.Grind.Arith.CommRing.RingId
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Internalize
+import Lean.Meta.Tactic.Grind.Arith.CommRing.ToExpr
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Var
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Reify
+import Lean.Meta.Tactic.Grind.Arith.CommRing.EqCnstr
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Proof
+import Lean.Meta.Tactic.Grind.Arith.CommRing.DenoteExpr
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Inv
+import Lean.Meta.Tactic.Grind.Arith.CommRing.PP
+
+namespace Lean
+
+builtin_initialize registerTraceClass `grind.ring
+builtin_initialize registerTraceClass `grind.ring.internalize
+builtin_initialize registerTraceClass `grind.ring.assert
+builtin_initialize registerTraceClass `grind.ring.assert.unsat (inherited := true)
+builtin_initialize registerTraceClass `grind.ring.assert.trivial (inherited := true)
+builtin_initialize registerTraceClass `grind.ring.assert.queue (inherited := true)
+builtin_initialize registerTraceClass `grind.ring.assert.basis (inherited := true)
+builtin_initialize registerTraceClass `grind.ring.assert.store (inherited := true)
+builtin_initialize registerTraceClass `grind.ring.simp
+builtin_initialize registerTraceClass `grind.ring.superpose
+builtin_initialize registerTraceClass `grind.ring.impEq
+
+builtin_initialize registerTraceClass `grind.debug.ring.simp
+builtin_initialize registerTraceClass `grind.debug.ring.proof
+builtin_initialize registerTraceClass `grind.debug.ring.check
+builtin_initialize registerTraceClass `grind.debug.ring.impEq
+builtin_initialize registerTraceClass `grind.debug.ring.simpBasis
+builtin_initialize registerTraceClass `grind.debug.ring.basis
+builtin_initialize registerTraceClass `grind.debug.ring.rabinowitsch
+
+end Lean

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/CommRing/DenoteExpr.lean

@@ -0,0 +1,92 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Init.Grind.Ring.OfSemiring
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Util
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Var
+import Lean.Meta.Tactic.Grind.Arith.CommRing.RingId
+
+namespace Lean.Meta.Grind.Arith.CommRing
+/-!
+Helper functions for converting reified terms back into their denotations.
+-/
+
+variable [Monad M] [MonadGetRing M]
+
+def denoteNum (k : Int) : M Expr := do
+  let ring ← getRing
+  return denoteNumCore ring.u ring.type ring.semiringInst ring.negFn k
+
+def _root_.Lean.Grind.CommRing.Power.denoteExpr (pw : Power) : M Expr := do
+  let x := (← getRing).vars[pw.x]!
+  if pw.k == 1 then
+    return x
+  else
+    return mkApp2 (← getRing).powFn x (toExpr pw.k)
+
+def _root_.Lean.Grind.CommRing.Mon.denoteExpr (m : Mon) : M Expr := do
+  match m with
+  | .unit => denoteNum 1
+  | .mult pw m => go m (← pw.denoteExpr)
+where
+  go (m : Mon) (acc : Expr) : M Expr := do
+    match m with
+    | .unit => return acc
+    | .mult pw m => go m (mkApp2 (← getRing).mulFn acc (← pw.denoteExpr))
+
+def _root_.Lean.Grind.CommRing.Poly.denoteExpr (p : Poly) : M Expr := do
+  match p with
+  | .num k => denoteNum k
+  | .add k m p => go p (← denoteTerm k m)
+where
+  denoteTerm (k : Int) (m : Mon) : M Expr := do
+    if k == 1 then
+      m.denoteExpr
+    else
+      return mkApp2 (← getRing).mulFn (← denoteNum k) (← m.denoteExpr)
+
+  go (p : Poly) (acc : Expr) : M Expr := do
+    match p with
+    | .num 0 => return acc
+    | .num k => return mkApp2 (← getRing).addFn acc (← denoteNum k)
+    | .add k m p => go p (mkApp2 (← getRing).addFn acc (← denoteTerm k m))
+
+def _root_.Lean.Grind.CommRing.Expr.denoteExpr (e : RingExpr) : M Expr := do
+  go e
+where
+  go : RingExpr → M Expr
+  | .num k => denoteNum k
+  | .var x => return (← getRing).vars[x]!
+  | .add a b => return mkApp2 (← getRing).addFn (← go a) (← go b)
+  | .sub a b => return mkApp2 (← getRing).subFn (← go a) (← go b)
+  | .mul a b => return mkApp2 (← getRing).mulFn (← go a) (← go b)
+  | .pow a k => return mkApp2 (← getRing).powFn (← go a) (toExpr k)
+  | .neg a => return mkApp (← getRing).negFn (← go a)
+
+private def mkEq (a b : Expr) : M Expr := do
+  let r ← getRing
+  return mkApp3 (mkConst ``Eq [r.u.succ]) r.type a b
+
+def EqCnstr.denoteExpr (c : EqCnstr) : M Expr := do
+  mkEq (← c.p.denoteExpr) (← denoteNum 0)
+
+def PolyDerivation.denoteExpr (d : PolyDerivation) : M Expr := do
+  d.p.denoteExpr
+
+def DiseqCnstr.denoteExpr (c : DiseqCnstr) : M Expr := do
+  return mkNot (← mkEq (← c.d.denoteExpr) (← denoteNum 0))
+
+def _root_.Lean.Grind.Ring.OfSemiring.Expr.denoteAsRingExpr (e : SemiringExpr) : SemiringM Expr := do
+  shareCommon (← go e)
+where
+  go : SemiringExpr → SemiringM Expr
+  | .num k => denoteNum k
+  | .var x => return mkApp (← getSemiring).toQFn (← getSemiring).vars[x]!
+  | .add a b => return mkApp2 (← getRing).addFn (← go a) (← go b)
+  | .mul a b => return mkApp2 (← getRing).mulFn (← go a) (← go b)
+  | .pow a k => return mkApp2 (← getRing).powFn (← go a) (toExpr k)
+
+end Lean.Meta.Grind.Arith.CommRing

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/CommRing/EqCnstr.lean

@@ -0,0 +1,517 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.ProveEq
+import Lean.Meta.Tactic.Grind.Arith.CommRing.RingId
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Proof
+import Lean.Meta.Tactic.Grind.Arith.CommRing.DenoteExpr
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Inv
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Reify
+
+namespace Lean.Meta.Grind.Arith.CommRing
+/-- Returns `some ringId` if `a` and `b` are elements of the same ring. -/
+private def inSameRing? (a b : Expr) : GoalM (Option Nat) := do
+  let some ringId ← getTermRingId? a | return none
+  let some ringId' ← getTermRingId? b | return none
+  unless ringId == ringId' do return none -- This can happen when we have heterogeneous equalities
+  return ringId
+
+/-- Returns `some semiringId` if `a` and `b` are elements of the same semiring. -/
+private def inSameSemiring? (a b : Expr) : GoalM (Option Nat) := do
+  let some semiringId ← getTermSemiringId? a | return none
+  let some semiringId' ← getTermSemiringId? b | return none
+  unless semiringId == semiringId' do return none -- This can happen when we have heterogeneous equalities
+  return semiringId
+
+def mkEqCnstr (p : Poly) (h : EqCnstrProof) : RingM EqCnstr := do
+  let id := (← getRing).nextId
+  let sugar := p.degree
+  modifyRing fun s => { s with nextId := s.nextId + 1 }
+  return { sugar, p, h, id }
+
+/--
+Returns the ring expression denoting the given Lean expression.
+Recall that we compute the ring expressions during internalization.
+-/
+private def toRingExpr? (e : Expr) : RingM (Option RingExpr) := do
+  let ring ← getRing
+  if let some re := ring.denote.find? { expr := e } then
+    return some re
+  else if let some x := ring.varMap.find? { expr := e } then
+    return some (.var x)
+  else
+    reportIssue! "failed to convert to ring expression{indentExpr e}"
+    return none
+
+/--
+Returns the semiring expression denoting the given Lean expression.
+Recall that we compute the semiring expressions during internalization.
+-/
+private def toSemiringExpr? (e : Expr) : SemiringM (Option SemiringExpr) := do
+  let semiring ← getSemiring
+  if let some re := semiring.denote.find? { expr := e } then
+    return some re
+  else if let some x := semiring.varMap.find? { expr := e } then
+    return some (.var x)
+  else
+    reportIssue! "failed to convert to semiring expression{indentExpr e}"
+    return none
+
+/--
+Returns `some c`, where `c` is an equation from the basis whose leading monomial divides `m`.
+Remark: if the current ring does not satisfy the property
+```
+∀ (k : Nat) (a : α), k ≠ 0 → OfNat.ofNat (α := α) k * a = 0 → a = 0
+```
+then the leading coefficient of the equation must also divide `k`
+-/
+def _root_.Lean.Grind.CommRing.Mon.findSimp? (k : Int) (m : Mon) : RingM (Option EqCnstr) := do
+  let checkCoeff ← checkCoeffDvd
+  let noZeroDiv ← noZeroDivisors
+  for c in (← getRing).basis do
+    if !checkCoeff || noZeroDiv || (c.p.lc ∣ k) then
+    if c.p.divides m then
+      return some c
+  return none
+
+/--
+Returns `some c`, where `c` is an equation from the basis whose leading monomial divides some
+monomial in `p`.
+-/
+def _root_.Lean.Grind.CommRing.Poly.findSimp? (p : Poly) : RingM (Option EqCnstr) := do
+  match p with
+  | .num _ => return none
+  | .add k m p =>
+    match (← m.findSimp? k) with
+    | some c => return some c
+    | none => p.findSimp?
+
+/-- Simplifies `d.p` using `c`, and returns an extended polynomial derivation. -/
+def PolyDerivation.simplifyWith (d : PolyDerivation) (c : EqCnstr) : RingM PolyDerivation := do
+  let some r := d.p.simp? c.p (← nonzeroChar?) | return d
+  incSteps
+  trace_goal[grind.ring.simp] "{← r.p.denoteExpr}"
+  return .step r.p r.k₁ d r.k₂ r.m₂ c
+
+def PolyDerivation.simplifyNumEq0 (d : PolyDerivation) : RingM PolyDerivation := do
+  let some numEq0 := (← getRing).numEq0? | return d
+  let .num k := numEq0.p | return d
+  return .normEq0 (d.p.normEq0 k.natAbs) d numEq0
+
+/-- Simplified `d.p` using the current basis, and returns the extended polynomial derivation. -/
+def PolyDerivation.simplify (d : PolyDerivation) : RingM PolyDerivation := do
+  let mut d := d
+  repeat
+    d ← d.simplifyNumEq0
+    if (← checkMaxSteps) then return d
+    let some c ← d.p.findSimp? |
+      trace_goal[grind.debug.ring.simp] "simplified{indentD (← d.denoteExpr)}"
+      return d
+    d ← d.simplifyWith c
+  return d
+
+/-- Simplifies `c₁` using `c₂`. -/
+def EqCnstr.simplifyWithCore (c₁ c₂ : EqCnstr) : RingM (Option EqCnstr) := do
+  let some r := c₁.p.simp? c₂.p (← nonzeroChar?) | return none
+  let c := { c₁ with
+    p := r.p
+    h := .simp r.k₁ c₁ r.k₂ r.m₂ c₂
+  }
+  incSteps
+  trace_goal[grind.ring.simp] "{← c.p.denoteExpr}"
+  return some c
+
+/-- Simplifies `c₁` using `c₂`. -/
+def EqCnstr.simplifyWith (c₁ c₂ : EqCnstr) : RingM EqCnstr := do
+  let some c ← c₁.simplifyWithCore c₂ | return c₁
+  return c
+
+/-- Simplifies `c₁` using `c₂` exhaustively. -/
+partial def EqCnstr.simplifyWithExhaustively (c₁ c₂ : EqCnstr) : RingM EqCnstr := do
+  let some c ← c₁.simplifyWithCore c₂ | return c₁
+  c.simplifyWithExhaustively c₂
+
+def EqCnstr.simplifyUsingNumEq0 (c : EqCnstr) : RingM EqCnstr := do
+  let some c' := (← getRing).numEq0? | return c
+  let .num k := c'.p | return c
+  return { c with p := c.p.normEq0 k.natAbs, h := .numEq0 k.natAbs c' c }
+
+/-- Simplify the given equation constraint using the current basis. -/
+def EqCnstr.simplify (c : EqCnstr) : RingM EqCnstr := do
+  let mut c := c
+  repeat
+    c ← simplifyUsingNumEq0 c
+    if (← checkMaxSteps) then return c
+    let some c' ← c.p.findSimp? |
+      trace_goal[grind.debug.ring.simp] "simplified{indentD (← c.denoteExpr)}"
+      return c
+    c ← c.simplifyWith c'
+  return c
+
+/-- Returns `true` if `c.p` is the constant polynomial. -/
+def EqCnstr.checkConstant (c : EqCnstr) : RingM Bool := do
+  let .num n := c.p | return false
+  if n == 0 then
+    trace_goal[grind.ring.assert.trivial] "{← c.denoteExpr}"
+  else if (← hasChar) then
+    c.setUnsat
+  else if (← pure (n.natAbs == 1) <&&> isField) then
+    c.setUnsat
+  else
+    let mut c := c
+    let mut n := n
+    if n < 0 then
+      n := -n
+      c := { c with p := .num n, h := .mul (-1) c }
+    if let some c' := (← getRing).numEq0? then
+      let .num m := c'.p | unreachable!
+      let (g, a, b) := gcdExt n m
+      c := { c with p := .num g, h := .gcd a b c c' }
+    modifyRing fun s => { s with numEq0? := some c, numEq0Updated := true }
+    trace_goal[grind.ring.assert.store] "{← c.denoteExpr}"
+  return true
+
+/--
+Simplifies and checks whether the resulting constraint is trivial (i.e., `0 = 0`),
+or inconsistent (i.e., `k = 0` where `k % c != 0` for a comm-ring with characteristic `c`),
+and returns `none`. Otherwise, returns the simplified constraint.
+-/
+def EqCnstr.simplifyAndCheck (c : EqCnstr) : RingM (Option EqCnstr) := do
+  let c ← c.simplify
+  if (← c.checkConstant) then
+    return none
+  else
+    return some c
+
+private def addSorted (c : EqCnstr) : List EqCnstr → List EqCnstr
+  | [] => [c]
+  | c' :: cs =>
+    if c.p.lm.grevlex c'.p.lm == .gt then
+      c :: c' :: cs
+    else
+      c' :: addSorted c cs
+
+def addToBasisCore (c : EqCnstr) : RingM Unit := do
+  trace[grind.debug.ring.basis] "{← c.denoteExpr}"
+  modifyRing fun s => { s with
+    basis := addSorted c s.basis
+    recheck := true
+  }
+
+def EqCnstr.addToQueue (c : EqCnstr) : RingM Unit := do
+  if (← checkMaxSteps) then return ()
+  trace_goal[grind.ring.assert.queue] "{← c.denoteExpr}"
+  modifyRing fun s => { s with queue := s.queue.insert c }
+
+def EqCnstr.superposeWith (c : EqCnstr) : RingM Unit := do
+  if (← checkMaxSteps) then return ()
+  let .add _ m _ := c.p | return ()
+  for c' in (← getRing).basis do
+    let .add _ m' _ := c'.p | pure ()
+    if m.sharesVar m' then
+      let r ← c.p.spolM c'.p
+      trace_goal[grind.ring.superpose] "{← c.denoteExpr}\nwith: {← c'.denoteExpr}\nresult: {← r.spol.denoteExpr} = 0"
+      addToQueue (← mkEqCnstr r.spol <| .superpose r.k₁ r.m₁ c r.k₂ r.m₂ c')
+
+/--
+Tries to convert the leading monomial into a monic one.
+
+It exploits the fact that given a polynomial with leading coefficient `k`,
+if the ring has a nonzero characteristic `p` and `gcd k p = 1`, then
+`k` has an inverse.
+
+It also handles the easy case where `k` is `-1`.
+
+Remark: if the ring implements the class `NoNatZeroDivisors`, then
+the coefficients are divided by the gcd of all coefficients.
+-/
+def EqCnstr.toMonic (c : EqCnstr) : RingM EqCnstr := do
+  let k := c.p.lc
+  if k == 1 then return c
+  if let some p ← nonzeroChar? then
+    let (g, α, _β) := gcdExt k p
+    if g == 1 then
+      -- `α*k + β*p = 1`
+      -- `α*k = 1 (mod p)`
+      let α := if α < 0 then α % p else α
+      return { c with p := c.p.mulConstC α p, h := .mul α c }
+  if (← noZeroDivisors) then
+    let g : Int := c.p.gcdCoeffs
+    if g != 1 then
+      let g := if k < 0 then -g else g
+      return { c with p := c.p.divConst g, h := .div g c }
+  if k < 0 then
+    return { c with p := c.p.mulConst (-1), h := .mul (-1) c }
+  return c
+
+def EqCnstr.simplifyBasis (c : EqCnstr) : RingM Unit := do
+  trace[grind.debug.ring.simpBasis] "using: {← c.denoteExpr}"
+  let .add _ m _ := c.p | return ()
+  let rec go (basis : List EqCnstr) (acc : List EqCnstr) : RingM (List EqCnstr) := do
+    match basis with
+    | [] => return acc.reverse
+    | c' :: basis =>
+      match c'.p with
+      | .add _ m' _ =>
+        if m.divides m' then
+          let c'' ← c'.simplifyWithExhaustively c
+          trace[grind.debug.ring.simpBasis] "simplified: {← c''.denoteExpr}"
+          unless (← checkConstant c'') do
+            addToQueue c''
+          go basis acc
+        else
+          go basis (c' :: acc)
+      | _ => go basis (c' :: acc)
+  let basis ← go (← getRing).basis []
+  modifyRing fun s => { s with basis }
+
+def EqCnstr.addToBasisAfterSimp (c : EqCnstr) : RingM Unit := do
+  let c ← c.toMonic
+  c.simplifyBasis
+  c.superposeWith
+  trace_goal[grind.ring.assert.basis] "{← c.denoteExpr}"
+  addToBasisCore c
+
+private def checkNumEq0Updated : RingM Unit := do
+  if (← getRing).numEq0Updated then
+    -- `numEq0?` was updated, then we must move the basis back to the queue to be simplified.
+    let basis := (← getRing).basis
+    modifyRing fun s => { s with numEq0Updated := false, basis := {} }
+    for c in basis do
+      c.addToQueue
+
+abbrev withCheckingNumEq0 (k : RingM Unit) : RingM Unit := do
+  try
+    k
+  finally
+    checkNumEq0Updated
+
+def EqCnstr.addToBasis (c : EqCnstr) : RingM Unit := do
+  withCheckingNumEq0 do
+    let some c ← c.simplifyAndCheck | return ()
+    c.addToBasisAfterSimp
+
+def addNewEq (c : EqCnstr) : RingM Unit := do
+  withCheckingNumEq0 do
+    let some c ← c.simplifyAndCheck | return ()
+    if c.p.degree == 1 then
+      c.addToBasisAfterSimp
+    else
+      c.addToQueue
+
+/-- Returns `true` if `c.d.p` is the constant polynomial. -/
+def DiseqCnstr.checkConstant (c : DiseqCnstr) : RingM Bool := do
+  let .num k := c.d.p | return false
+  if k == 0 then
+    c.setUnsat
+  else if (← hasChar) then
+    trace_goal[grind.ring.assert.trivial] "{← c.denoteExpr}"
+  return true
+
+def DiseqCnstr.simplify (c : DiseqCnstr) : RingM DiseqCnstr :=
+  withCheckCoeffDvd do
+    -- We must enable `checkCoeffDvd := true`. See comments at `PolyDerivation`.
+    return { c with d := (← c.d.simplify) }
+
+def saveDiseq (c : DiseqCnstr) : RingM Unit := do
+  trace_goal[grind.ring.assert.store] "{← c.denoteExpr}"
+  modifyRing fun s => { s with diseqs := s.diseqs.push c }
+
+def addNewDiseq (c : DiseqCnstr) : RingM Unit := do
+  let c ← c.simplify
+  if (← c.checkConstant) then
+    return ()
+  trace[grind.ring.assert.store] "{← c.denoteExpr}"
+  saveDiseq c
+
+@[export lean_process_ring_eq]
+def processNewEqImpl (a b : Expr) : GoalM Unit := do
+  if isSameExpr a b then return () -- TODO: check why this is needed
+  if let some ringId ← inSameRing? a b then RingM.run ringId do
+    trace_goal[grind.ring.assert] "{← mkEq a b}"
+    let some ra ← toRingExpr? a | return ()
+    let some rb ← toRingExpr? b | return ()
+    let p ← (ra.sub rb).toPolyM
+    addNewEq (← mkEqCnstr p (.core a b ra rb))
+  else if let some semiringId ← inSameSemiring? a b then SemiringM.run semiringId do
+    if (← getConfig).ringNull then return () -- TODO: remove after we add Nullstellensatz certificates for semiring adapter
+    trace_goal[grind.ring.assert] "{← mkEq a b}"
+    let some sa ← toSemiringExpr? a | return ()
+    let some sb ← toSemiringExpr? b | return ()
+    let lhs ← sa.denoteAsRingExpr
+    let rhs ← sb.denoteAsRingExpr
+    RingM.run (← getSemiring).ringId do
+      let some ra ← reify? lhs (skipVar := false) (gen := (← getGeneration a)) | return ()
+      let some rb ← reify? rhs (skipVar := false) (gen := (← getGeneration b)) | return ()
+      let p ← (ra.sub rb).toPolyM
+      addNewEq (← mkEqCnstr p (.coreS a b sa sb ra rb))
+
+private def pre (e : Expr) : GoalM Expr := do
+  -- We must canonicalize because the instances generated by this module may not match
+  -- the ones selected by the canonicalizer
+  shareCommon (← canon e)
+
+private def diseqToEq (a b : Expr) : RingM Unit := do
+  -- Rabinowitsch transformation
+  let gen := max (← getGeneration a) (← getGeneration b)
+  let ring ← getRing
+  let some fieldInst := ring.fieldInst? | unreachable!
+  let e ← pre <| mkApp2 ring.subFn a b
+  modifyRing fun s => { s with invSet := s.invSet.insert e }
+  let eInv ← pre <| mkApp (← getRing).invFn?.get! e
+  let lhs ← pre <| mkApp2 ring.mulFn e eInv
+  internalize lhs gen none
+  trace[grind.debug.ring.rabinowitsch] "{lhs}"
+  pushEq lhs ring.one <| mkApp5 (mkConst ``Grind.CommRing.diseq_to_eq [ring.u]) ring.type fieldInst a b (← mkDiseqProof a b)
+
+private def diseqZeroToEq (a b : Expr) : RingM Unit := do
+  -- Rabinowitsch transformation for `b = 0` case
+  let gen ← getGeneration a
+  let ring ← getRing
+  let some fieldInst := ring.fieldInst? | unreachable!
+  modifyRing fun s => { s with invSet := s.invSet.insert a }
+  let aInv ← pre <| mkApp (← getRing).invFn?.get! a
+  let lhs ← pre <| mkApp2 ring.mulFn a aInv
+  internalize lhs gen none
+  trace[grind.debug.ring.rabinowitsch] "{lhs}"
+  pushEq lhs ring.one <| mkApp4 (mkConst ``Grind.CommRing.diseq0_to_eq [ring.u]) ring.type fieldInst a (← mkDiseqProof a b)
+
+@[export lean_process_ring_diseq]
+def processNewDiseqImpl (a b : Expr) : GoalM Unit := do
+  if let some ringId ← inSameRing? a b then RingM.run ringId do
+    trace_goal[grind.ring.assert] "{mkNot (← mkEq a b)}"
+    let some ra ← toRingExpr? a | return ()
+    let some rb ← toRingExpr? b | return ()
+    let p ← (ra.sub rb).toPolyM
+    if (← isField) then
+      if !(p matches .num _) || !(← hasChar) then
+        if rb matches .num 0 then
+          diseqZeroToEq a b
+        else
+          diseqToEq a b
+        return ()
+    addNewDiseq {
+      lhs := a, rhs := b
+      rlhs := ra, rrhs := rb
+      d := .input p
+      ofSemiring? := none
+    }
+  else if let some semiringId ← inSameSemiring? a b then SemiringM.run semiringId do
+    if (← getSemiring).addRightCancelInst?.isSome then
+      if (← getConfig).ringNull then return () -- TODO: remove after we add Nullstellensatz certificates for semiring adapter
+      trace_goal[grind.ring.assert] "{mkNot (← mkEq a b)}"
+      let some sa ← toSemiringExpr? a | return ()
+      let some sb ← toSemiringExpr? b | return ()
+      let lhs ← sa.denoteAsRingExpr
+      let rhs ← sb.denoteAsRingExpr
+      RingM.run (← getSemiring).ringId do
+        let some ra ← reify? lhs (skipVar := false) (gen := (← getGeneration a)) | return ()
+        let some rb ← reify? rhs (skipVar := false) (gen := (← getGeneration b)) | return ()
+        let p ← (ra.sub rb).toPolyM
+        addNewDiseq {
+          lhs := a, rhs := b
+          rlhs := ra, rrhs := rb
+          d := .input p
+          ofSemiring? := some (sa, sb)
+        }
+    else
+      -- If semiring does not have `AddRightCancel`,
+      -- we may still normalize and check whether lhs and rhs are equal
+      let some sa ← toSemiringExpr? a | return ()
+      let some sb ← toSemiringExpr? b | return ()
+      if sa.toPoly == sb.toPoly then
+        setSemiringDiseqUnsat a b sa sb
+
+/--
+Returns `true` if the todo queue is not empty or the `recheck` flag is set to `true`
+-/
+private def needCheck : RingM Bool := do
+  unless (← isQueueEmpty) do return true
+  return (← getRing).recheck
+
+private def checkDiseqs : RingM Unit := do
+  let diseqs := (← getRing).diseqs
+  modifyRing fun s => { s with diseqs := {} }
+  -- No indexing simple
+  for diseq in diseqs do
+    addNewDiseq diseq
+    if (← isInconsistent) then return
+
+abbrev PropagateEqMap := Std.HashMap (Int × Poly) (Expr × RingExpr)
+
+/--
+Propagates implied equalities.
+-/
+private def propagateEqs : RingM Unit := do
+  if (← isInconsistent) then return ()
+  /-
+  This is a very simple procedure that does not use any indexing data-structure.
+  We don't even cache the simplified polynomials.
+  TODO: optimize
+  TODO: support for semiring
+  -/
+  let mut map : PropagateEqMap := {}
+  for a in (← getRing).vars do
+    if (← checkMaxSteps) then return ()
+    let some ra ← toRingExpr? a | unreachable!
+    map ← process map a ra
+  for (a, ra) in (← getRing).denote do
+    if (← checkMaxSteps) then return ()
+    map ← process map a.expr ra
+where
+  process (map : PropagateEqMap) (a : Expr) (ra : RingExpr) : RingM PropagateEqMap := do
+    let d : PolyDerivation := .input (← ra.toPolyM)
+    let d ← d.simplify
+    let k := d.getMultiplier
+    trace_goal[grind.debug.ring.impEq] "{a}, {k}, {← d.p.denoteExpr}"
+    if let some (b, rb) := map[(k, d.p)]? then
+      -- TODO: use `isEqv` more effectively
+      unless (← isEqv a b) do
+        let p ← (ra.sub rb).toPolyM
+        let d : PolyDerivation := .input p
+        let d ← d.simplify
+        if d.getMultiplier != 1 then
+          unless (← noZeroDivisors) do
+            -- Given the multiplier `k' = d.getMultiplier`, we have that `k*(a - b) = 0`,
+            -- but we cannot eliminate the `k` because we don't have `noZeroDivisors`.
+            trace_goal[grind.ring.impEq] "skip: {← mkEq a b}, k: {k}, noZeroDivisors: false"
+            return map.insert (k, d.p) (a, ra)
+        trace_goal[grind.ring.impEq] "{← mkEq a b}, {k}, {← p.denoteExpr}"
+        propagateEq a b ra rb d
+      return map
+    else
+      return map.insert (k, d.p) (a, ra)
+
+def checkRing : RingM Bool := do
+  unless (← needCheck) do return false
+  trace_goal[grind.debug.ring.check] "{(← getRing).type}"
+  repeat
+    checkSystem "ring"
+    let some c ← getNext? | break
+    trace_goal[grind.debug.ring.check] "{← c.denoteExpr}"
+    c.addToBasis
+    if (← isInconsistent) then return true
+    if (← checkMaxSteps) then return true
+  checkDiseqs
+  propagateEqs
+  modifyRing fun s => { s with recheck := false }
+  return true
+
+def check : GoalM Bool := do
+  if (← checkMaxSteps) then return false
+  let mut progress := false
+  checkInvariants
+  try
+    for ringId in [:(← get').rings.size] do
+      let r ← RingM.run ringId checkRing
+      progress := progress || r
+      if (← isInconsistent) then
+        return true
+    return progress
+  finally
+    checkInvariants
+
+end Lean.Meta.Grind.Arith.CommRing

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/CommRing/Internalize.lean

@@ -0,0 +1,130 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.Simp
+import Lean.Meta.Tactic.Grind.Arith.CommRing.RingId
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Reify
+import Lean.Meta.Tactic.Grind.Arith.CommRing.DenoteExpr
+
+namespace Lean.Meta.Grind.Arith.CommRing
+
+/-- If `e` is a function application supported by the `CommRing` module, return its type. -/
+private def getType? (e : Expr) : Option Expr :=
+  match_expr e with
+  | HAdd.hAdd α _ _ _ _ _ => some α
+  | HSub.hSub α _ _ _ _ _ => some α
+  | HMul.hMul α _ _ _ _ _ => some α
+  | HPow.hPow α β _ _ _ _ =>
+    let_expr Nat := β | none
+    some α
+  | Neg.neg α _ _ => some α
+  | OfNat.ofNat α _ _ => some α
+  | NatCast.natCast α _ _ => some α
+  | IntCast.intCast α _ _ => some α
+  | _ => none
+
+private def isForbiddenParent (parent? : Option Expr) : Bool :=
+  if let some parent := parent? then
+    if getType? parent |>.isSome then
+      true
+    else
+      -- We also ignore the following parents.
+      -- Remark: `HDiv` should appear in `getType?` as soon as we add support for `Field`,
+      -- `LE.le` linear combinations
+      match_expr parent with
+      | LT.lt _ _ _ _ => true
+      | LE.le _ _ _ _ => true
+      | HDiv.hDiv _ _ _ _ _ _ => true
+      | HMod.hMod _ _ _ _ _ _ => true
+      | _ => false
+  else
+    false
+
+private partial def toInt? (e : Expr) : RingM (Option Int) := do
+  match_expr e with
+  | Neg.neg _ i a =>
+    if isNegInst (← getRing) i then return (- .) <$> (← toInt? a) else return none
+  | IntCast.intCast _ i a =>
+    if isIntCastInst (← getRing) i then getIntValue? a else return none
+  | NatCast.natCast _ i a =>
+    if isNatCastInst (← getRing) i then
+      let some v ← getNatValue? a | return none
+      return some (Int.ofNat v)
+    else
+      return none
+  | OfNat.ofNat _ n _ =>
+    let some v ← getNatValue? n | return none
+    return some (Int.ofNat v)
+  | _ => return none
+
+private def isInvInst (inst : Expr) : RingM Bool := do
+  let some fn := (← getRing).invFn? | return false
+  return isSameExpr fn.appArg! inst
+
+/--
+Given `e` of the form `@Inv.inv _ inst a`,
+asserts `a * a⁻¹ = 1` if `a` is a numeral.
+Otherwise, asserts `if a = 0 then a⁻¹ = 0 else a * a⁻¹ = 1`
+-/
+private def processInv (e inst a : Expr) : RingM Unit := do
+  unless (← isInvInst inst) do return ()
+  let ring ← getRing
+  let some fieldInst := ring.fieldInst? | return ()
+  if (← getRing).invSet.contains a then return ()
+  modifyRing fun s => { s with invSet := s.invSet.insert a }
+  if let some k ← toInt? a then
+    assert! k != 0 -- We have the normalization rule `Field.inv_zero`
+    if (← hasChar) then
+      let (charInst, c) ← getCharInst
+      if c == 0 then
+        let expected ← mkEq (mkApp2 ring.mulFn a e) (← denoteNum 1)
+        pushNewFact <| mkExpectedPropHint
+          (mkApp5 (mkConst ``Grind.CommRing.inv_int_eq [ring.u]) ring.type fieldInst charInst (mkIntLit k) reflBoolTrue)
+          expected
+      else if k % c == 0 then
+        let expected ← mkEq e (← denoteNum 0)
+        pushNewFact <| mkExpectedPropHint
+          (mkApp6 (mkConst ``Grind.CommRing.inv_zero_eqC [ring.u]) ring.type (mkNatLit c) fieldInst charInst (mkIntLit k) reflBoolTrue)
+          expected
+      else
+        let expected ← mkEq (mkApp2 ring.mulFn a e) (← denoteNum 1)
+        pushNewFact <| mkExpectedPropHint
+          (mkApp6 (mkConst ``Grind.CommRing.inv_int_eqC [ring.u]) ring.type (mkNatLit c) fieldInst charInst (mkIntLit k) reflBoolTrue)
+          expected
+      return ()
+  pushNewFact <| mkApp3 (mkConst ``Grind.CommRing.inv_split [ring.u]) ring.type fieldInst a
+
+/-- Returns `true` if `e` is a term `a⁻¹`. -/
+private def internalizeInv (e : Expr) : GoalM Bool := do
+  match_expr e with
+  | Inv.inv α inst a =>
+    let some ringId ← getRingId? α | return true
+    RingM.run ringId do processInv e inst a
+    return true
+  | _ => return false
+
+def internalize (e : Expr) (parent? : Option Expr) : GoalM Unit := do
+  if !(← getConfig).ring then return ()
+  if isIntModuleVirtualParent parent? then
+    -- `e` is an auxiliary term used to convert `CommRing` to `IntModule`
+    return ()
+  if (← internalizeInv e) then return ()
+  let some type := getType? e | return ()
+  if isForbiddenParent parent? then return ()
+  if let some ringId ← getRingId? type then RingM.run ringId do
+    let some re ← reify? e | return ()
+    trace_goal[grind.ring.internalize] "[{ringId}]: {e}"
+    setTermRingId e
+    markAsCommRingTerm e
+    modifyRing fun s => { s with denote := s.denote.insert { expr := e } re }
+  else if let some semiringId ← getSemiringId? type then SemiringM.run semiringId do
+    let some re ← sreify? e | return ()
+    trace_goal[grind.ring.internalize] "semiring [{semiringId}]: {e}"
+    setTermSemiringId e
+    markAsCommRingTerm e
+    modifySemiring fun s => { s with denote := s.denote.insert { expr := e } re }
+
+end Lean.Meta.Grind.Arith.CommRing

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/CommRing/Inv.lean

@@ -0,0 +1,57 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Util
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Poly
+
+namespace Lean.Meta.Grind.Arith.CommRing
+
+private def checkVars : RingM Unit := do
+  let s ← getRing
+  let mut num := 0
+  for ({ expr }, var) in s.varMap do
+    if h : var < s.vars.size then
+      let expr' := s.vars[var]
+      assert! isSameExpr expr expr'
+    else
+      unreachable!
+    num := num + 1
+  assert! s.vars.size == num
+
+private def checkPoly (p : Poly) : RingM Unit := do
+  assert! p.isSorted
+  assert! p.checkCoeffs
+  assert! p.checkNoUnitMon
+  assert! !(p matches .num _)
+
+private def checkBasis : RingM Unit := do
+  let mut x := 0
+  for c in (← getRing).basis do
+    checkPoly c.p
+    x := x + 1
+
+private def checkQueue : RingM Unit := do
+  for c in (← getRing).queue do
+    checkPoly c.p
+
+private def checkDiseqs : RingM Unit := do
+  for c in (← getRing).diseqs do
+    checkPoly c.d.p
+
+private def checkRingInvs : RingM Unit := do
+  checkVars
+  checkBasis
+  checkQueue
+  checkDiseqs
+
+def checkInvariants : GoalM Unit := do
+  unless grind.debug.get (← getOptions) do return ()
+  for ringId in [: (← get').rings.size] do
+    RingM.run ringId do
+      assert! (← getRingId) == ringId
+      checkRingInvs
+
+end Lean.Meta.Grind.Arith.CommRing

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/CommRing/PP.lean

@@ -0,0 +1,55 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.Arith.CommRing.DenoteExpr
+
+namespace Lean.Meta.Grind.Arith.CommRing
+
+instance : MonadGetRing (ReaderT Ring MetaM) where
+  getRing := read
+
+private def M := ReaderT Goal (StateT (Array MessageData) MetaM)
+
+private def toOption (cls : Name) (header : Thunk MessageData) (msgs : Array MessageData) : Option MessageData :=
+  if msgs.isEmpty then
+    none
+  else
+    some (.trace {cls} header.get msgs)
+
+private def push (msgs : Array MessageData) (msg? : Option MessageData) : Array MessageData :=
+  if let some msg := msg? then msgs.push msg else msgs
+
+def ppBasis? : ReaderT Ring MetaM (Option MessageData) := do
+  let mut basis := #[]
+  for c in (← getRing).basis do
+    basis := basis.push (toTraceElem (← c.denoteExpr))
+  return toOption `basis "Basis" basis
+
+def ppDiseqs? : ReaderT Ring MetaM (Option MessageData) := do
+  let mut diseqs := #[]
+  for d in (← getRing).diseqs do
+    diseqs := diseqs.push (toTraceElem (← d.denoteExpr))
+  return toOption `diseqs "Disequalities" diseqs
+
+def ppRing? : ReaderT Ring MetaM (Option MessageData) := do
+  let msgs := #[]
+  let msgs := push msgs (← ppBasis?)
+  let msgs := push msgs (← ppDiseqs?)
+  return toOption `ring m!"Ring `{(← getRing).type}`" msgs
+
+def pp? (goal : Goal) : MetaM (Option MessageData) := do
+  let mut msgs := #[]
+  for ring in goal.arith.ring.rings do
+    let some msg ← ppRing? ring | pure ()
+    msgs := msgs.push msg
+  if msgs.isEmpty then
+    return none
+  else if h : msgs.size = 1 then
+    return some msgs[0]
+  else
+    return some (.trace { cls := `ring } "Rings" msgs)
+
+end Lean.Meta.Grind.Arith.CommRing

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/CommRing/Poly.lean

@@ -0,0 +1,236 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Init.Grind.Ring.Poly
+namespace Lean.Grind.CommRing
+
+/-- `sharesVar m₁ m₂` returns `true` if `m₁` and `m₂` shares at least one variable. -/
+def Mon.sharesVar : Mon → Mon → Bool
+  | .unit, _ => false
+  | _, .unit => false
+  | .mult pw₁ m₁, .mult pw₂ m₂ =>
+    match compare pw₁.x pw₂.x with
+    | .eq => true
+    | .lt => sharesVar m₁ (.mult pw₂ m₂)
+    | .gt => sharesVar (.mult pw₁ m₁) m₂
+
+/-- `lcm m₁ m₂` returns the least common multiple of the given monomials. -/
+def Mon.lcm : Mon → Mon → Mon
+  | .unit, m₂ => m₂
+  | m₁, .unit => m₁
+  | .mult pw₁ m₁, .mult pw₂ m₂ =>
+    match compare pw₁.x pw₂.x with
+    | .eq => .mult { x := pw₁.x, k := max pw₁.k pw₂.k } (lcm m₁ m₂)
+    | .lt => .mult pw₁ (lcm m₁ (.mult pw₂ m₂))
+    | .gt => .mult pw₂ (lcm (.mult pw₁ m₁) m₂)
+
+/--
+`divides m₁ m₂` returns `true` if monomial `m₁` divides `m₂`
+Example: `x^2.z` divides `w.x^3.y^2.z`
+-/
+def Mon.divides : Mon → Mon → Bool
+  | .unit, _ => true
+  | _, .unit => false
+  | .mult pw₁ m₁, .mult pw₂ m₂ =>
+    match compare pw₁.x pw₂.x with
+    | .eq => pw₁.k ≤ pw₂.k && divides m₁ m₂
+    | .lt => false
+    | .gt => divides (.mult pw₁ m₁) m₂
+
+/--
+Given `m₁` and `m₂` such that `m₂.divides m₁`, then
+`m₁.div m₂` returns the result.
+Example `w.x^3.y^2.z` div `x^2.z` returns `w.x.y^2`
+-/
+def Mon.div : Mon → Mon → Mon
+  | m₁, .unit => m₁
+  | .unit, _  => .unit -- reachable only if pre-condition does not hold
+  | .mult pw₁ m₁, .mult pw₂ m₂ =>
+    match compare pw₁.x pw₂.x with
+    | .eq =>
+      let k := pw₁.k - pw₂.k
+      if k == 0 then
+        div m₁ m₂
+      else
+        .mult { x := pw₁.x, k } (div m₁ m₂)
+    | .lt => .mult pw₁ (div m₁ (.mult pw₂ m₂))
+    | .gt => .unit -- reachable only if pre-condition does not hold
+
+/--
+`coprime m₁ m₂` returns `true` if the given monomials
+do not have any variable in common.
+-/
+def Mon.coprime : Mon → Mon → Bool
+  | .unit, _ => true
+  | _, .unit => true
+  | .mult pw₁ m₁, .mult pw₂ m₂ =>
+    match compare pw₁.x pw₂.x with
+    | .eq => false
+    | .lt => coprime m₁ (.mult pw₂ m₂)
+    | .gt => coprime (.mult pw₁ m₁) m₂
+
+/--
+Contains the S-polynomial resulting from superposing two polynomials `p₁` and `p₂`,
+along with coefficients and monomials used in their construction.
+-/
+structure SPolResult where
+  /-- The computed S-polynomial. -/
+  spol : Poly := .num 0
+  /-- Coefficient applied to polynomial `p₁`. -/
+  k₁   : Int  := 0
+  /-- Monomial factor applied to polynomial `p₁`. -/
+  m₁   : Mon  := .unit
+  /-- Coefficient applied to polynomial `p₂`. -/
+  k₂   : Int  := 0
+  /-- Monomial factor applied to polynomial `p₂`. -/
+  m₂   : Mon  := .unit
+
+def Poly.mulConst' (p : Poly) (k : Int) (char? : Option Nat := none) : Poly :=
+  if let some char := char? then p.mulConstC k char else p.mulConst k
+
+def Poly.mulMon' (p : Poly) (k : Int) (m : Mon) (char? : Option Nat := none) : Poly :=
+  if let some char := char? then p.mulMonC k m char else p.mulMon k m
+
+def Poly.combine' (p₁ p₂ : Poly) (char? : Option Nat := none) : Poly :=
+  if let some char := char? then p₁.combineC p₂ char else p₁.combine p₂
+
+/--
+Returns the S-polynomial of polynomials `p₁` and `p₂`, and coefficients&terms used to construct it.
+Given polynomials with leading terms `k₁*m₁` and `k₂*m₂`, the S-polynomial is defined as:
+```
+S(p₁, p₂) = (k₂/gcd(k₁, k₂)) * (lcm(m₁, m₂)/m₁) * p₁ - (k₁/gcd(k₁, k₂)) * (lcm(m₁, m₂)/m₂) * p₂
+```
+Remark: if `char? = some c`, then `c` is the characteristic of the ring.
+-/
+def Poly.spol (p₁ p₂ : Poly) (char? : Option Nat := none) : SPolResult  :=
+  match p₁, p₂ with
+  | .add k₁ m₁ p₁, .add k₂ m₂ p₂ =>
+    let m    := m₁.lcm m₂
+    let m₁   := m.div m₁
+    let m₂   := m.div m₂
+    let g    := Nat.gcd k₁.natAbs k₂.natAbs
+    let c₁   := k₂/g
+    let c₂   := -k₁/g
+    let p₁   := p₁.mulMon' c₁ m₁ char?
+    let p₂   := p₂.mulMon' c₂ m₂ char?
+    let spol := p₁.combine' p₂ char?
+    { spol, m₁, m₂, k₁ := c₁, k₂ := c₂ }
+  | _, _ => {}
+
+/--
+Result of simplifying a polynomial `p₁` using a polynomial `p₂`.
+
+The simplification rewrites the first monomial of `p₁` that can be divided
+by the leading monomial of `p₂`.
+-/
+structure SimpResult where
+  /-- The resulting simplified polynomial after rewriting. -/
+  p  : Poly := .num 0
+  /-- The integer coefficient multiplied with polynomial `p₁` in the rewriting step. -/
+  k₁ : Int  := 0
+  /-- The integer coefficient multiplied with polynomial `p₂` during rewriting. -/
+  k₂ : Int  := 0
+  /-- The monomial factor applied to polynomial `p₂`. -/
+  m₂ : Mon  := .unit
+
+/--
+Simplifies polynomial `p₁` using polynomial `p₂` by rewriting.
+
+This function attempts to rewrite `p₁` by eliminating the first occurrence of
+the leading monomial of `p₂`.
+
+Remark: if `char? = some c`, then `c` is the characteristic of the ring.
+-/
+def Poly.simp? (p₁ p₂ : Poly) (char? : Option Nat := none) : Option SimpResult :=
+  match p₂ with
+  | .add k₂' m₂ p₂ =>
+    let rec go? (p₁ : Poly) : Option SimpResult :=
+      match p₁ with
+      | .add k₁' m₁ p₁ =>
+        if m₂.divides m₁ then
+          let m₂ := m₁.div m₂
+          let g  := Nat.gcd k₁'.natAbs k₂'.natAbs
+          let k₁ := k₂'/g
+          let k₂ := -k₁'/g
+          let p  := (p₂.mulMon' k₂ m₂ char?).combine' (p₁.mulConst' k₁ char?) char?
+          some { p, k₁, k₂, m₂ }
+        else if let some r := go? p₁ then
+          if let some char := char? then
+            let k := (k₁'*r.k₁) % char
+            if k == 0 then
+              some r
+            else
+              some { r with p := .add k m₁ r.p }
+          else
+            some { r with p := .add (k₁'*r.k₁) m₁ r.p }
+        else
+          none
+      | .num _ => none
+    go? p₁
+  | _ => none
+
+def Poly.degree : Poly → Nat
+  | .num _ => 0
+  | .add _ m _ => m.degree
+
+/-- Returns `true` if the leading monomial of `p` divides `m`. -/
+def Poly.divides (p : Poly) (m : Mon) : Bool :=
+  match p with
+  | .num _ => true -- should be unreachable
+  | .add _ m' _ => m'.divides m
+
+/-- Returns the leading coefficient of the given polynomial -/
+def Poly.lc : Poly → Int
+ | .num k => k
+ | .add k _ _ => k
+
+/-- Returns the leading monomial of the given polynomial. -/
+def Poly.lm : Poly → Mon
+ | .num _ => .unit
+ | .add _ m _ => m
+
+def Poly.isZero : Poly → Bool
+  | .num 0 => true
+  | _ => false
+
+def Poly.checkCoeffs : Poly → Bool
+  | .num _ => true
+  | .add k _ p => k != 0 && checkCoeffs p
+
+def Poly.checkNoUnitMon : Poly → Bool
+  | .num _ => true
+  | .add _ .unit _ => false
+  | .add _ _ p => p.checkNoUnitMon
+
+def Poly.gcdCoeffs : Poly → Nat
+  | .num k => k.natAbs
+  | .add k _ p => go p k.natAbs
+where
+  go (p : Poly) (acc : Nat) : Nat :=
+    if acc == 1 then
+      acc
+    else match p with
+      | .num k => Nat.gcd acc k.natAbs
+      | .add k _ p => go p (Nat.gcd acc k.natAbs)
+
+def Poly.divConst (p : Poly) (a : Int) : Poly :=
+  match p with
+  | .num k => .num (k / a)
+  | .add k m p => .add (k / a) m (divConst p a)
+
+def Mon.size : Mon → Nat
+  | .unit => 0
+  | .mult _ m => m.size + 1
+
+def Poly.size : Poly → Nat
+  | .num _ => 1
+  | .add _ m p => m.size + 1 + p.size
+
+def Poly.length : Poly → Nat
+  | .num _ => 0
+  | .add _ _ p => 1 + p.length
+
+end Lean.Grind.CommRing

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/CommRing/Proof.lean

@@ -0,0 +1,586 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Init.Grind.Ring.OfSemiring
+import Lean.Meta.Tactic.Grind.Diseq
+import Lean.Meta.Tactic.Grind.Arith.ProofUtil
+import Lean.Meta.Tactic.Grind.Arith.CommRing.RingId
+import Lean.Meta.Tactic.Grind.Arith.CommRing.DenoteExpr
+import Lean.Meta.Tactic.Grind.Arith.CommRing.SafePoly
+import Lean.Meta.Tactic.Grind.Arith.CommRing.ToExpr
+
+namespace Lean.Meta.Grind.Arith.CommRing
+
+/--
+Returns a context of type `RArray α` containing the variables of the given ring.
+`α` is the type of the ring.
+-/
+def toContextExpr : RingM Expr := do
+  let ring ← getRing
+  if h : 0 < ring.vars.size then
+    RArray.toExpr ring.type id (RArray.ofFn (ring.vars[·]) h)
+  else
+    RArray.toExpr ring.type id (RArray.leaf (mkApp ring.natCastFn (toExpr 0)))
+
+private def toSContextExpr' : SemiringM Expr := do
+  let semiring ← getSemiring
+  if h : 0 < semiring.vars.size then
+    RArray.toExpr semiring.type id (RArray.ofFn (semiring.vars[·]) h)
+  else
+    RArray.toExpr semiring.type id (RArray.leaf (mkApp semiring.natCastFn (toExpr 0)))
+
+/-- Similar to `toContextExpr`, but for semirings. -/
+private def toSContextExpr (semiringId : Nat) : RingM Expr := do
+  SemiringM.run semiringId do toSContextExpr'
+
+def throwNoNatZeroDivisors : RingM α := do
+  throwError "`grind` internal error, `NoNatZeroDivisors` instance is needed, but it is not available for{indentExpr (← getRing).type}"
+
+def getPolyConst (p : Poly) : RingM Int := do
+  let .num k := p
+    | throwError "`grind` internal error, constant polynomial expected {indentExpr (← p.denoteExpr)}"
+  return k
+
+namespace Null
+/-!
+Proof term for a Nullstellensatz certificate.
+-/
+
+/--
+A "pre" Nullstellensatz certificate.
+Recall that, given the hypotheses `h₁ : lhs₁ = rhs₁` ... `hₙ : lhsₙ = rhsₙ`,
+a Nullstellensatz certificate is of the form
+```
+q₁*(lhs₁ - rhs₁) + ... + qₙ*(lhsₙ - rhsₙ)
+```
+Each hypothesis is an `EqCnstr` justified by a `.core ..` `EqnCnstrProof`.
+We dynamically associate them with unique indices based on the order we find them
+during traversal.
+For the other `EqCnstr`s we compute a "pre" certificate as a dense array
+containing `q₁` ... `qₙ` needed to create the `EqCnstr`.
+
+We are assuming the number of hypotheses used to derive a conclusion is small
+and a dense array is a reasonable representation.
+-/
+structure PreNullCert where
+  qs : Array Poly
+  /--
+  We don't use rational coefficients in the polynomials.
+  Thus, we need to track a denominator to justify the proof step `div`.
+  -/
+  d  : Int := 1
+  deriving Inhabited
+
+def PreNullCert.zero : PreNullCert :=
+  { qs := #[] }
+
+def PreNullCert.unit (i : Nat) (n : Nat) : PreNullCert :=
+  let qs := Array.replicate n (.num 0)
+  let qs := qs.set! i (.num 1)
+  { qs }
+
+def PreNullCert.div (c : PreNullCert) (k : Int) : RingM PreNullCert := do
+  return { c with d := c.d * k }
+
+def PreNullCert.mul (c : PreNullCert) (k : Int) : RingM PreNullCert := do
+  if k == 1 then
+    return c
+  else
+    let g := Int.gcd k c.d
+    let k := k / g
+    let d := c.d / g
+    if k == 1 then
+      return { c with d }
+    else
+      let qs ← c.qs.mapM fun q => q.mulConstM k
+      return { qs, d }
+
+def PreNullCert.combine (k₁ : Int) (m₁ : Mon) (c₁ : PreNullCert) (k₂ : Int) (m₂ : Mon) (c₂ : PreNullCert) : RingM PreNullCert := do
+  let d₁    := c₁.d
+  let d₂    := c₂.d
+  let k₁_d₂ := k₁*d₂
+  let k₂_d₁ := k₂*d₁
+  let d₁_d₂ := d₁*d₂
+  let g     := Int.gcd (Int.gcd k₁_d₂ k₂_d₁) d₁_d₂
+  let k₁    := k₁_d₂ / g
+  let k₂    := k₂_d₁ / g
+  let d     := d₁_d₂ / g
+  let qs₁   := c₁.qs
+  let qs₂   := c₂.qs
+  let n := Nat.max qs₁.size qs₂.size
+  let mut qs : Vector Poly n := Vector.replicate n (.num 0)
+  for h : i in [:n] do
+    if h₁ : i < qs₁.size then
+      let q₁ ← qs₁[i].mulMonM k₁ m₁
+      if h₂ : i < qs₂.size then
+        let q₂ ← qs₂[i].mulMonM k₂ m₂
+        qs := qs.set i (← q₁.combineM q₂)
+      else
+        qs := qs.set i q₁
+    else
+      have : i < n := h.upper
+      have : qs₁.size = n ∨ qs₂.size = n := by simp +zetaDelta only [Nat.max_def, right_eq_ite_iff]; split <;> simp [*]
+      have : i < qs₂.size := by omega
+      let q₂ ← qs₂[i].mulMonM k₂ m₂
+      qs := qs.set i q₂
+  return { qs := qs.toArray, d }
+
+structure NullCertHypothesis where
+  h   : Expr
+  lhs : RingExpr
+  rhs : RingExpr
+
+structure ProofM.State where
+  /-- Mapping from `EqCnstr` to `PreNullCert` -/
+  cache       : Std.HashMap UInt64 PreNullCert := {}
+  hyps        : Array NullCertHypothesis := #[]
+
+abbrev ProofM := StateRefT ProofM.State RingM
+
+private abbrev caching (c : α) (k : ProofM PreNullCert) : ProofM PreNullCert := do
+  let addr := unsafe (ptrAddrUnsafe c).toUInt64 >>> 2
+  if let some h := (← get).cache[addr]? then
+    return h
+  else
+    let h ← k
+    modify fun s => { s with cache := s.cache.insert addr h }
+    return h
+
+structure NullCertExt where
+  d   : Int
+  qhs : Array (Poly × NullCertHypothesis)
+
+end Null
+
+section
+open Null
+partial def EqCnstr.toPreNullCert (c : EqCnstr) : ProofM PreNullCert := caching c do
+  match c.h with
+  | .core a b lhs rhs =>
+    let i := (← get).hyps.size
+    let h ← mkEqProof a b
+    modify fun s => { s with hyps := s.hyps.push { h, lhs, rhs } }
+    return PreNullCert.unit i (i+1)
+  | .coreS _a _b _sa _sb _ra _rb =>
+    throwError "`grind +ringNull` is not supported yet for this goal"
+  | .superpose k₁ m₁ c₁ k₂ m₂ c₂ => (← c₁.toPreNullCert).combine k₁ m₁ k₂ m₂ (← c₂.toPreNullCert)
+  | .simp k₁ c₁ k₂ m₂ c₂ => (← c₁.toPreNullCert).combine k₁ .unit k₂ m₂ (← c₂.toPreNullCert)
+  | .mul k c => (← c.toPreNullCert).mul k
+  | .div k c => (← c.toPreNullCert).div k
+  | .gcd .. | .numEq0 .. =>
+    throwError "`grind +ringNull` is not supported yet for this goal"
+
+def PolyDerivation.toPreNullCert (d : PolyDerivation) : ProofM PreNullCert := do
+  match d with
+  | .input _ => return .zero
+  | .step _p k₁ d k₂ m₂ c₂ =>
+    -- Recall that _p = k₁*d.getPoly + k₂*m₂*c.p
+    trace[grind.debug.ring.proof] ">> k₁: {k₁}, {(← d.toPreNullCert).d}, {(← c₂.toPreNullCert).d}"
+    (← d.toPreNullCert).combine k₁ .unit (-k₂) m₂ (← c₂.toPreNullCert)
+  | .normEq0 .. =>
+    throwError "`grind +ringNull` is not supported yet for this goal"
+
+/-- Returns the multiplier `k` for the input polynomial. See comment at `PolyDerivation.step`. -/
+def PolyDerivation.getMultiplier (d : PolyDerivation) : Int :=
+  go d 1
+where
+  go (d : PolyDerivation) (acc : Int) : Int :=
+    match d with
+    | .input _ => acc
+    | .step _ k₁ d .. => go d (k₁ * acc)
+    | .normEq0 _ d .. => go d acc
+
+def EqCnstr.mkNullCertExt (c : EqCnstr) : RingM NullCertExt := do
+  let (nc, s) ← c.toPreNullCert.run {}
+  return { d := nc.d, qhs := nc.qs.zip s.hyps }
+
+def PolyDerivation.mkNullCertExt (d : PolyDerivation) : RingM NullCertExt := do
+  let (nc, s) ← d.toPreNullCert.run {}
+  return { d := nc.d, qhs := nc.qs.zip s.hyps }
+
+def DiseqCnstr.mkNullCertExt (c : DiseqCnstr) : RingM NullCertExt :=
+  c.d.mkNullCertExt
+end
+
+namespace Null
+def NullCertExt.toPoly (nc : NullCertExt) : RingM Poly := do
+  let mut p : Poly := .num 0
+  for (q, h) in nc.qhs do
+    p ← p.combineM (← q.mulM (← (h.lhs.sub h.rhs).toPolyM))
+  return p
+
+def NullCertExt.check (c : EqCnstr) (nc : NullCertExt) : RingM Bool := do
+  let p₁ := c.p.mulConst' nc.d (← nonzeroChar?)
+  let p₂ ← nc.toPoly
+  return p₁ == p₂
+
+def NullCertExt.toNullCert (nc : NullCertExt) : Grind.CommRing.NullCert :=
+  go nc.qhs.size .empty (by omega)
+where
+  go (i : Nat) (acc : Grind.CommRing.NullCert) (h : i ≤ nc.qhs.size) : Grind.CommRing.NullCert :=
+    if h : i > 0 then
+      let i := i - 1
+      let (p, h) := nc.qhs[i]
+      go i (.add p h.lhs h.rhs acc) (by omega)
+    else
+      acc
+
+/--
+Given a `pr`, returns `pr h₁ ... hₙ`, where `n` is size `nc.qhs.size`, and `hᵢ`s
+are the equalities in the certificate.
+-/
+def NullCertExt.applyEqs (pr : Expr) (nc : NullCertExt) : Expr :=
+  go 0 pr
+where
+  go (i : Nat) (pr : Expr) : Expr :=
+    if _ : i < nc.qhs.size then
+      let (_, h) := nc.qhs[i]
+      go (i + 1) (mkApp pr h.h)
+    else
+      pr
+
+private def getNoZeroDivInstIfNeeded? (k : Int) : RingM (Option Expr) := do
+  if k == 1 then
+    return none
+  else
+    let some inst ← noZeroDivisorsInst? | throwNoNatZeroDivisors
+    return some inst
+
+def setEqUnsat (c : EqCnstr) : RingM Unit := do
+  trace_goal[grind.ring.assert.unsat] "{← c.denoteExpr}"
+  let k ← getPolyConst c.p
+  let ncx ← c.mkNullCertExt
+  trace_goal[grind.ring.assert.unsat] "{ncx.d}*({← c.p.denoteExpr}), {← (← ncx.toPoly).denoteExpr}"
+  let ring ← getRing
+  let some (charInst, char) := ring.charInst?
+    | throwError "`grind` internal error, `IsCharP` instance is needed, but it is not available for{indentExpr (← getRing).type}\nconsider not using `+ringNull`"
+  let h := if char == 0 then
+    mkApp (mkConst ``Grind.CommRing.NullCert.eq_unsat [ring.u]) ring.type
+  else
+    mkApp2 (mkConst ``Grind.CommRing.NullCert.eq_unsatC [ring.u]) ring.type (toExpr char)
+  let ctx ← toContextExpr
+  let nc := toExpr (ncx.toNullCert)
+  let h := mkApp6 h ring.commRingInst charInst ctx nc (toExpr k) reflBoolTrue
+  closeGoal <| ncx.applyEqs h
+
+def setDiseqUnsat (c : DiseqCnstr) : RingM Unit := do
+  trace_goal[grind.ring.assert.unsat] "{← c.denoteExpr}"
+  let ncx ← c.mkNullCertExt
+  trace_goal[grind.ring.assert.unsat] "multiplier: {c.d.getMultiplier}, {ncx.d}*({← c.d.p.denoteExpr}), {← (← ncx.toPoly).denoteExpr}"
+  let nc := toExpr (ncx.toNullCert)
+  let ring ← getRing
+  let ctx ← toContextExpr
+  let k := c.d.getMultiplier * ncx.d
+  let h := match (← nonzeroCharInst?), (← getNoZeroDivInstIfNeeded? k) with
+    | some (charInst, char), some nzDivInst =>
+      mkApp8 (mkConst ``Grind.CommRing.NullCert.ne_nzdiv_unsatC [ring.u]) ring.type (toExpr char) ring.commRingInst charInst nzDivInst ctx nc (toExpr k)
+    | some (charInst, char), none =>
+      mkApp6 (mkConst ``Grind.CommRing.NullCert.ne_unsatC [ring.u]) ring.type (toExpr char) ring.commRingInst charInst ctx nc
+    | none, some nzDivInst =>
+      mkApp6 (mkConst ``Grind.CommRing.NullCert.ne_nzdiv_unsat [ring.u]) ring.type ring.commRingInst nzDivInst ctx nc (toExpr k)
+    | none, none =>
+      mkApp4 (mkConst ``Grind.CommRing.NullCert.ne_unsat [ring.u]) ring.type ring.commRingInst ctx nc
+  let h := mkApp4 h (toExpr c.rlhs) (toExpr c.rrhs) reflBoolTrue (← mkDiseqProof c.lhs c.rhs)
+  closeGoal <| ncx.applyEqs h
+
+def propagateEq (a b : Expr) (ra rb : RingExpr) (d : PolyDerivation) : RingM Unit := do
+  let ncx ← d.mkNullCertExt
+  let nc := toExpr (ncx.toNullCert)
+  let ring ← getRing
+  let ctx ← toContextExpr
+  let k := d.getMultiplier * ncx.d
+  let h := match (← nonzeroCharInst?), (← getNoZeroDivInstIfNeeded? k) with
+    | some (charInst, char), some nzDivInst =>
+      mkApp8 (mkConst ``Grind.CommRing.NullCert.eq_nzdivC [ring.u]) ring.type (toExpr char) ring.commRingInst charInst nzDivInst ctx nc (toExpr k)
+    | some (charInst, char), none =>
+      mkApp6 (mkConst ``Grind.CommRing.NullCert.eqC [ring.u]) ring.type (toExpr char) ring.commRingInst charInst ctx nc
+    | none, some nzDivInst =>
+      mkApp6 (mkConst ``Grind.CommRing.NullCert.eq_nzdiv [ring.u]) ring.type ring.commRingInst nzDivInst ctx nc (toExpr k)
+    | none, none =>
+      mkApp4 (mkConst ``Grind.CommRing.NullCert.eq [ring.u]) ring.type ring.commRingInst ctx nc
+  let h := mkApp3 h (toExpr ra) (toExpr rb) reflBoolTrue
+  trace_goal[grind.debug.ring.impEq] "{a}, {b}"
+  let eq := mkApp3 (mkConst ``Eq [.succ ring.u]) ring.type a b
+  pushEq a b <| mkExpectedPropHint (ncx.applyEqs h) eq
+
+end Null
+
+namespace Stepwise
+/-!
+Alternative proof term construction where we generate a sub-term for each step in
+the derivation.
+-/
+
+structure ProofM.State where
+  cache       : Std.HashMap UInt64 Expr := {}
+  polyMap     : Std.HashMap Poly Expr := {}
+  monMap      : Std.HashMap Mon Expr := {}
+  exprMap     : Std.HashMap RingExpr Expr := {}
+  sexprMap    : Std.HashMap SemiringExpr Expr := {}
+
+structure ProofM.Context where
+  ctx   : Expr
+  /-- Context for semiring variables if available -/
+  sctx? : Option Expr
+
+abbrev ProofM := ReaderT ProofM.Context (StateRefT ProofM.State RingM)
+
+/-- Returns a Lean expression representing the variable context used to construct `CommRing` proof steps. -/
+private abbrev getContext : ProofM Expr := do
+  return (← read).ctx
+
+/--
+Returns a Lean expression representing the semiring variable context
+used to construct `CommRing` proof steps.
+-/
+private abbrev getSContext : ProofM Expr := do
+  let some sctx := (← read).sctx?
+    | throwError "`grind` internal error, semiring context is not available"
+  return sctx
+
+private abbrev caching (c : α) (k : ProofM Expr) : ProofM Expr := do
+  let addr := unsafe (ptrAddrUnsafe c).toUInt64 >>> 2
+  if let some h := (← get).cache[addr]? then
+    return h
+  else
+    let h ← k
+    modify fun s => { s with cache := s.cache.insert addr h }
+    return h
+
+def mkPolyDecl (p : Poly) : ProofM Expr := do
+  if let some x := (← get).polyMap[p]? then
+    return x
+  let x := mkFVar (← mkFreshFVarId)
+  modify fun s => { s with polyMap := s.polyMap.insert p x }
+  return x
+
+def mkExprDecl (e : RingExpr) : ProofM Expr := do
+  if let some x := (← get).exprMap[e]? then
+    return x
+  let x := mkFVar (← mkFreshFVarId)
+  modify fun s => { s with exprMap := s.exprMap.insert e x }
+  return x
+
+def mkSExprDecl (e : SemiringExpr) : ProofM Expr := do
+  if let some x := (← get).sexprMap[e]? then
+    return x
+  let x := mkFVar (← mkFreshFVarId)
+  modify fun s => { s with sexprMap := s.sexprMap.insert e x }
+  return x
+
+def mkMonDecl (m : Mon) : ProofM Expr := do
+  if let some x := (← get).monMap[m]? then
+    return x
+  let x := mkFVar (← mkFreshFVarId)
+  modify fun s => { s with monMap := s.monMap.insert m x }
+  return x
+
+private def mkStepBasicPrefix (declName : Name) : ProofM Expr := do
+  let ctx ← getContext
+  let ring ← getRing
+  return mkApp3 (mkConst declName [ring.u]) ring.type ring.commRingInst ctx
+
+private def mkStepPrefix (declName declNameC : Name) : ProofM Expr := do
+  if let some (charInst, char) ← nonzeroCharInst? then
+    let ctx ← getContext
+    let ring ← getRing
+    return mkApp5 (mkConst declNameC [ring.u]) ring.type (toExpr char) ring.commRingInst charInst ctx
+  else
+    mkStepBasicPrefix declName
+
+private def getSemiringOf : RingM Semiring := do
+  let some semiringId := (← getRing).semiringId? | throwError "`grind` internal error, semiring is not available"
+  SemiringM.run semiringId do getSemiring
+
+private def mkSemiringPrefix (declName : Name) : ProofM Expr := do
+  let sctx ← getSContext
+  let semiring ← getSemiringOf
+  return mkApp3 (mkConst declName [semiring.u]) semiring.type semiring.semiringInst sctx
+
+private def mkSemiringAddRightCancelPrefix (declName : Name) : ProofM Expr := do
+  let sctx ← getSContext
+  let semiring ← getSemiringOf
+  let some addRightCancelInst := semiring.addRightCancelInst?
+    | throwError "`grind` internal error, `AddRightCancel` instance is not available"
+  return mkApp4 (mkConst declName [semiring.u]) semiring.type semiring.semiringInst addRightCancelInst sctx
+
+open Lean.Grind.CommRing in
+partial def _root_.Lean.Meta.Grind.Arith.CommRing.EqCnstr.toExprProof (c : EqCnstr) : ProofM Expr := caching c do
+  match c.h with
+  | .core a b lhs rhs =>
+    let h ← mkStepPrefix ``Stepwise.core ``Stepwise.coreC
+    return mkApp5 h (← mkExprDecl lhs) (← mkExprDecl rhs) (← mkPolyDecl c.p) reflBoolTrue (← mkEqProof a b)
+  | .coreS a b sa sb ra rb =>
+    let h' ← mkSemiringPrefix ``Grind.Ring.OfSemiring.of_eq
+    let h' := mkApp3 h' (← mkSExprDecl sa) (← mkSExprDecl sb) (← mkEqProof a b)
+    let h ← mkStepPrefix ``Stepwise.core ``Stepwise.coreC
+    return mkApp5 h (← mkExprDecl ra) (← mkExprDecl rb) (← mkPolyDecl c.p) reflBoolTrue h'
+  | .superpose k₁ m₁ c₁ k₂ m₂ c₂ =>
+    let h ← mkStepPrefix ``Stepwise.superpose ``Stepwise.superposeC
+    return mkApp10 h
+      (toExpr k₁) (← mkMonDecl m₁) (← mkPolyDecl c₁.p)
+      (toExpr k₂) (← mkMonDecl m₂) (← mkPolyDecl c₂.p)
+      (← mkPolyDecl c.p) reflBoolTrue (← toExprProof c₁) (← toExprProof c₂)
+  | .simp k₁ c₁ k₂ m₂ c₂ =>
+    let h ← mkStepPrefix ``Stepwise.simp ``Stepwise.simpC
+    return mkApp9 h
+      (toExpr k₁) (← mkPolyDecl c₁.p)
+      (toExpr k₂) (← mkMonDecl m₂) (← mkPolyDecl c₂.p)
+      (← mkPolyDecl c.p) reflBoolTrue (← toExprProof c₁) (← toExprProof c₂)
+  | .mul k c₁ =>
+    let h ← mkStepPrefix ``Stepwise.mul ``Stepwise.mulC
+    return mkApp5 h (← mkPolyDecl c₁.p) (toExpr k) (← mkPolyDecl c.p) reflBoolTrue (← toExprProof c₁)
+  | .div k c₁ =>
+    let h ← mkStepPrefix ``Stepwise.div ``Stepwise.divC
+    let some nzInst ← noZeroDivisorsInst?
+      | throwNoNatZeroDivisors
+    return mkApp6 h nzInst (← mkPolyDecl c₁.p) (toExpr k) (← mkPolyDecl c.p) reflBoolTrue (← toExprProof c₁)
+  | .gcd a b c₁ c₂ =>
+    let h ← mkStepBasicPrefix ``Grind.CommRing.eq_gcd
+    return mkApp8 h (toExpr a) (toExpr b) (← mkPolyDecl c₁.p) (← mkPolyDecl c₂.p) (← mkPolyDecl c.p)
+      reflBoolTrue (← toExprProof c₁) (← toExprProof c₂)
+  | .numEq0 k c₁ c₂ =>
+    let h ← mkStepBasicPrefix ``Grind.CommRing.eq_normEq0
+    return mkApp7 h (toExpr k) (← mkPolyDecl c₁.p) (← mkPolyDecl c₂.p) (← mkPolyDecl c.p)
+      reflBoolTrue (← toExprProof c₁) (← toExprProof c₂)
+
+open Lean.Grind.CommRing in
+/--
+Given a polynomial derivation, returns `(k, p₀, h)` where `h` is a proof that
+`k*p₀ = d.p`
+-/
+private def derivToExprProof (d : PolyDerivation) : ProofM (Int × Poly × Expr) := do
+  match d with
+  | .input p₀ =>
+    let h := mkApp (← mkStepBasicPrefix ``Stepwise.d_init) (← mkPolyDecl p₀)
+    return (1, p₀, h)
+  | .step p k₁ d k₂ m₂ c₂ =>
+    let (k, p₀, h₁) ← derivToExprProof d
+    let h₂ ← c₂.toExprProof
+    let h ← if k₁ == 1 then
+      mkStepPrefix ``Stepwise.d_step1 ``Stepwise.d_step1C
+    else
+      pure <| mkApp (← mkStepPrefix ``Stepwise.d_stepk ``Stepwise.d_stepkC) (toExpr k₁)
+    let h := mkApp10 h
+      (toExpr k) (← mkPolyDecl p₀) (← mkPolyDecl d.p)
+      (toExpr k₂) (← mkMonDecl m₂) (← mkPolyDecl c₂.p) (← mkPolyDecl p)
+      reflBoolTrue h₁ h₂
+    return (k₁*k, p₀, h)
+  | .normEq0 p d c =>
+    let (k, p₀, h₁) ← derivToExprProof d
+    let h₂ ← c.toExprProof
+    let .num a := c.p | unreachable!
+    let h ← mkStepBasicPrefix ``Grind.CommRing.d_normEq0
+    let h := mkApp9 h
+      (toExpr k) (toExpr a.natAbs) (← mkPolyDecl p₀) (← mkPolyDecl d.p)
+      (← mkPolyDecl c.p) (← mkPolyDecl p) reflBoolTrue h₁ h₂
+    return (k, p₀, h)
+
+open Lean.Grind.CommRing in
+/--
+Given a derivation `d` for `k * p = 0` where `lhs - rhs = p`, returns a proof for `lhs = rhs`.
+-/
+private def mkImpEqExprProof (lhs rhs : RingExpr) (d : PolyDerivation) : ProofM Expr := do
+  assert! d.p matches .num 0
+  let (k, p₀, h₁) ← derivToExprProof d
+  let h ← if k == 1 then
+    mkStepPrefix ``Stepwise.imp_1eq ``Stepwise.imp_1eqC
+  else
+    let some nzInst ← noZeroDivisorsInst?
+      | throwNoNatZeroDivisors
+    pure <| mkApp2 (← mkStepPrefix ``Stepwise.imp_keq ``Stepwise.imp_keqC) nzInst (toExpr k)
+  return mkApp6 h (← mkExprDecl lhs) (← mkExprDecl rhs) (← mkPolyDecl p₀) (← mkPolyDecl d.p) reflBoolTrue h₁
+
+private abbrev withSemiringContext (k : Option Expr → RingM Expr) : RingM Expr := do
+  let some semiringId := (← getRing).semiringId? | k none
+  let sctx ← toSContextExpr semiringId
+  let semiring ← getSemiringOf
+  withLetDecl `sctx (mkApp (mkConst ``RArray [semiring.u]) semiring.type) sctx fun sctx =>
+  k (some sctx)
+
+private abbrev withProofContext (x : ProofM Expr) : RingM Expr := do
+  let ring ← getRing
+  withLetDecl `ctx (mkApp (mkConst ``RArray [ring.u]) ring.type) (← toContextExpr) fun ctx =>
+  withSemiringContext fun sctx? =>
+  go { ctx, sctx? } |>.run' {}
+where
+  go : ProofM Expr := do
+    let h ← x
+    let h ← mkLetOfMap (← get).polyMap h `p (mkConst ``Grind.CommRing.Poly) toExpr
+    let h ← mkLetOfMap (← get).monMap h `m (mkConst ``Grind.CommRing.Mon) toExpr
+    let h ← mkLetOfMap (← get).exprMap h `e (mkConst ``Grind.CommRing.Expr) toExpr
+    let h ← mkLetOfMap (← get).sexprMap h `s (mkConst ``Grind.Ring.OfSemiring.Expr) toExpr
+    let h ← if let some sctx := (← read).sctx? then mkLetFVars #[sctx] h else pure h
+    mkLetFVars #[(← getContext)] h
+
+open Lean.Grind.CommRing in
+def setEqUnsat (c : EqCnstr) : RingM Unit := do
+  let h ← withProofContext do
+    let ring ← getRing
+    if let some (charInst, char) := ring.charInst? then
+      let mut h ← mkStepPrefix ``Stepwise.unsat_eq ``Stepwise.unsat_eqC
+      if char == 0 then
+        h := mkApp h charInst
+      let k ← getPolyConst c.p
+      return mkApp4 h (← mkPolyDecl c.p) (toExpr k) reflBoolTrue (← c.toExprProof)
+    else if let some fieldInst := ring.fieldInst? then
+      return mkApp6 (mkConst ``Grind.CommRing.one_eq_zero_unsat [ring.u]) ring.type fieldInst (← getContext)
+        (← mkPolyDecl c.p) reflBoolTrue (← c.toExprProof)
+    else
+      throwError "`grind ring` internal error, unexpected unsat eq proof {← c.denoteExpr}"
+  closeGoal h
+
+def setDiseqUnsat (c : DiseqCnstr) : RingM Unit := do
+  let h ← withProofContext do
+    let heq ← mkImpEqExprProof c.rlhs c.rrhs c.d
+    let hne ← if let some (sa, sb) := c.ofSemiring? then
+      let h ← mkSemiringAddRightCancelPrefix ``Grind.Ring.OfSemiring.of_diseq
+      pure <| mkApp3 h (← mkSExprDecl sa) (← mkSExprDecl sb) (← mkDiseqProof c.lhs c.rhs)
+    else
+      mkDiseqProof c.lhs c.rhs
+    return mkApp hne heq
+  closeGoal h
+
+def propagateEq (a b : Expr) (ra rb : RingExpr) (d : PolyDerivation) : RingM Unit := do
+  let heq ← withProofContext do
+    mkImpEqExprProof ra rb d
+  let ring ← getRing
+  let eq := mkApp3 (mkConst ``Eq [.succ ring.u]) ring.type a b
+  pushEq a b <| mkExpectedPropHint heq eq
+
+end Stepwise
+
+def EqCnstr.setUnsat (c : EqCnstr) : RingM Unit := do
+  if (← getConfig).ringNull then
+    Null.setEqUnsat c
+  else
+    Stepwise.setEqUnsat c
+
+def DiseqCnstr.setUnsat (c : DiseqCnstr) : RingM Unit := do
+  if (← getConfig).ringNull then
+    Null.setDiseqUnsat c
+  else
+    Stepwise.setDiseqUnsat c
+
+def propagateEq (a b : Expr) (ra rb : RingExpr) (d : PolyDerivation) : RingM Unit := do
+  if (← getConfig).ringNull then
+    Null.propagateEq a b ra rb d
+  else
+    Stepwise.propagateEq a b ra rb d
+
+/--
+Given `a` and `b`, such that `a ≠ b` in the core and `sa` and `sb` their reified semiring
+terms s.t. `sa.toPoly == sb.toPoly`, close the goal.
+-/
+def setSemiringDiseqUnsat (a b : Expr) (sa sb : SemiringExpr) : SemiringM Unit := do
+  let ctx ← toSContextExpr'
+  let semiring ← getSemiring
+  let hne ← mkDiseqProof a b
+  let h := mkApp3 (mkConst ``Grind.Ring.OfSemiring.eq_normS [semiring.u]) semiring.type semiring.commSemiringInst ctx
+  let h := mkApp3 h (toExpr sa) (toExpr sb) reflBoolTrue
+  closeGoal (mkApp hne h)
+
+end Lean.Meta.Grind.Arith.CommRing

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/CommRing/Reify.lean

@@ -0,0 +1,170 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.Simp
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Util
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Var
+
+namespace Lean.Meta.Grind.Arith.CommRing
+
+def isAddInst (ring : Ring) (inst : Expr) : Bool :=
+  isSameExpr ring.addFn.appArg! inst
+def isMulInst (ring : Ring) (inst : Expr) : Bool :=
+  isSameExpr ring.mulFn.appArg! inst
+def isSubInst (ring : Ring) (inst : Expr) : Bool :=
+  isSameExpr ring.subFn.appArg! inst
+def isNegInst (ring : Ring) (inst : Expr) : Bool :=
+  isSameExpr ring.negFn.appArg! inst
+def isPowInst (ring : Ring) (inst : Expr) : Bool :=
+  isSameExpr ring.powFn.appArg! inst
+def isIntCastInst (ring : Ring) (inst : Expr) : Bool :=
+  isSameExpr ring.intCastFn.appArg! inst
+def isNatCastInst (ring : Ring) (inst : Expr) : Bool :=
+  isSameExpr ring.natCastFn.appArg! inst
+
+private def reportAppIssue (e : Expr) : GoalM Unit := do
+  reportIssue! "comm ring term with unexpected instance{indentExpr e}"
+
+/--
+Converts a Lean expression `e` in the `CommRing` into a `CommRing.Expr` object.
+
+If `skipVar` is `true`, then the result is `none` if `e` is not an interpreted `CommRing` term.
+We use `skipVar := false` when processing inequalities, and `skipVar := true` for equalities and disequalities
+-/
+partial def reify? (e : Expr) (skipVar := true) (gen : Nat := 0) : RingM (Option RingExpr) := do
+  let mkVar (e : Expr) : RingM Var := do
+    if (← alreadyInternalized e) then
+      mkVar e
+    else
+      internalize e gen
+      mkVar e
+  let toVar (e : Expr) : RingM RingExpr := do
+    return .var (← mkVar e)
+  let asVar (e : Expr) : RingM RingExpr := do
+    reportAppIssue e
+    return .var (← mkVar e)
+  let rec go (e : Expr) : RingM RingExpr := do
+    match_expr e with
+    | HAdd.hAdd _ _ _ i a b =>
+      if isAddInst (← getRing) i then return .add (← go a) (← go b) else asVar e
+    | HMul.hMul _ _ _ i a b =>
+      if isMulInst (← getRing) i then return .mul (← go a) (← go b) else asVar e
+    | HSub.hSub _ _ _ i a b =>
+      if isSubInst (← getRing) i then return .sub (← go a) (← go b) else asVar e
+    | HPow.hPow _ _ _ i a b =>
+      let some k ← getNatValue? b | toVar e
+      if isPowInst (← getRing) i then return .pow (← go a) k else asVar e
+    | Neg.neg _ i a =>
+      if isNegInst (← getRing) i then return .neg (← go a) else asVar e
+    | IntCast.intCast _ i a =>
+      if isIntCastInst (← getRing) i then
+        let some k ← getIntValue? a | toVar e
+        return .num k
+      else
+        asVar e
+    | NatCast.natCast _ i a =>
+      if isNatCastInst (← getRing) i then
+        let some k ← getNatValue? a | toVar e
+        return .num k
+      else
+        asVar e
+    | OfNat.ofNat _ n _ =>
+      let some k ← getNatValue? n | toVar e
+      return .num k
+    | _ => toVar e
+  let toTopVar (e : Expr) : RingM (Option RingExpr) := do
+    if skipVar then
+      return none
+    else
+      return some (← toVar e)
+  let asTopVar (e : Expr) : RingM (Option RingExpr) := do
+    reportAppIssue e
+    toTopVar e
+  match_expr e with
+  | HAdd.hAdd _ _ _ i a b =>
+    if isAddInst (← getRing) i then return some (.add (← go a) (← go b)) else asTopVar e
+  | HMul.hMul _ _ _ i a b =>
+    if isMulInst (← getRing) i then return some (.mul (← go a) (← go b)) else asTopVar e
+  | HSub.hSub _ _ _ i a b =>
+    if isSubInst (← getRing) i then return some (.sub (← go a) (← go b)) else asTopVar e
+  | HPow.hPow _ _ _ i a b =>
+    let some k ← getNatValue? b | return none
+    if isPowInst (← getRing) i then return some (.pow (← go a) k) else asTopVar e
+  | Neg.neg _ i a =>
+    if isNegInst (← getRing) i then return some (.neg (← go a)) else asTopVar e
+  | IntCast.intCast _ i a =>
+    if isIntCastInst (← getRing) i then
+      let some k ← getIntValue? a | toTopVar e
+      return some (.num k)
+    else
+      asTopVar e
+  | NatCast.natCast _ i a =>
+    if isNatCastInst (← getRing) i then
+      let some k ← getNatValue? a | toTopVar e
+      return some (.num k)
+    else
+      asTopVar e
+  | OfNat.ofNat _ n _ =>
+    let some k ← getNatValue? n | asTopVar e
+    return some (.num k)
+  | _ => toTopVar e
+
+private def reportSAppIssue (e : Expr) : GoalM Unit := do
+  reportIssue! "comm semiring term with unexpected instance{indentExpr e}"
+
+/--
+Similar to `reify?` but for `CommSemiring`
+-/
+partial def sreify? (e : Expr) : SemiringM (Option SemiringExpr) := do
+  let toVar (e : Expr) : SemiringM SemiringExpr := do
+    return .var (← mkSVar e)
+  let asVar (e : Expr) : SemiringM SemiringExpr := do
+    reportSAppIssue e
+    return .var (← mkSVar e)
+  let rec go (e : Expr) : SemiringM SemiringExpr := do
+    match_expr e with
+    | HAdd.hAdd _ _ _ i a b =>
+      if isSameExpr (← getSemiring).addFn.appArg! i then return .add (← go a) (← go b) else asVar e
+    | HMul.hMul _ _ _ i a b =>
+      if isSameExpr (← getSemiring).mulFn.appArg! i then return .mul (← go a) (← go b) else asVar e
+    | HPow.hPow _ _ _ i a b =>
+      let some k ← getNatValue? b | toVar e
+      if isSameExpr (← getSemiring).powFn.appArg! i then return .pow (← go a) k else asVar e
+    | NatCast.natCast _ i a =>
+      if isSameExpr (← getSemiring).natCastFn.appArg! i then
+        let some k ← getNatValue? a | toVar e
+        return .num k
+      else
+        asVar e
+    | OfNat.ofNat _ n _ =>
+      let some k ← getNatValue? n | toVar e
+      return .num k
+    | _ => toVar e
+  let toTopVar (e : Expr) : SemiringM (Option SemiringExpr) := do
+    return some (← toVar e)
+  let asTopVar (e : Expr) : SemiringM (Option SemiringExpr) := do
+    reportSAppIssue e
+    toTopVar e
+  match_expr e with
+  | HAdd.hAdd _ _ _ i a b =>
+    if isSameExpr (← getSemiring).addFn.appArg! i then return some (.add (← go a) (← go b)) else asTopVar e
+  | HMul.hMul _ _ _ i a b =>
+    if isSameExpr (← getSemiring).mulFn.appArg! i then return some (.mul (← go a) (← go b)) else asTopVar e
+  | HPow.hPow _ _ _ i a b =>
+    let some k ← getNatValue? b | return none
+    if isSameExpr (← getSemiring).powFn.appArg! i then return some (.pow (← go a) k) else asTopVar e
+  | NatCast.natCast _ i a =>
+    if isSameExpr (← getSemiring).natCastFn.appArg! i then
+      let some k ← getNatValue? a | toTopVar e
+      return some (.num k)
+    else
+      asTopVar e
+  | OfNat.ofNat _ n _ =>
+    let some k ← getNatValue? n | asTopVar e
+    return some (.num k)
+  | _ => toTopVar e
+
+end  Lean.Meta.Grind.Arith.CommRing

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/CommRing/RingId.lean

@@ -0,0 +1,197 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Init.Grind.Ring.Field
+import Init.Grind.Ring.Envelope
+import Lean.Meta.Tactic.Grind.Simp
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Util
+
+namespace Lean.Meta.Grind.Arith.CommRing
+
+def denoteNumCore (u : Level) (type : Expr) (semiringInst : Expr) (negFn : Expr) (k : Int) : Expr :=
+  let n := mkRawNatLit k.natAbs
+  let ofNatInst := mkApp3 (mkConst ``Grind.Semiring.ofNat [u]) type semiringInst n
+  let n := mkApp3 (mkConst ``OfNat.ofNat [u]) type n ofNatInst
+  if k < 0 then
+    mkApp negFn n
+  else
+    n
+
+private def internalizeFn (fn : Expr) : GoalM Expr := do
+  shareCommon (← canon fn)
+
+private def getUnaryFn (type : Expr)(u : Level) (instDeclName : Name) (declName : Name) : GoalM Expr := do
+  let instType := mkApp (mkConst instDeclName [u]) type
+  let .some inst ← trySynthInstance instType
+    | throwError "`grind ring` failed to find instance{indentExpr instType}"
+  internalizeFn <| mkApp2 (mkConst declName [u]) type inst
+
+private def getBinHomoFn (type : Expr)(u : Level) (instDeclName : Name) (declName : Name) : GoalM Expr := do
+  let instType := mkApp3 (mkConst instDeclName [u, u, u]) type type type
+  let .some inst ← trySynthInstance instType
+    | throwError "`grind ring` failed to find instance{indentExpr instType}"
+  internalizeFn <| mkApp4 (mkConst declName [u, u, u]) type type type inst
+
+-- Remark: we removed consistency checks such as the one that ensures `HAdd` instance matches `Semiring.toAdd`
+-- That is, we are assuming the type classes were properly setup.
+
+private def getAddFn (type : Expr) (u : Level) : GoalM Expr := do
+  getBinHomoFn type u ``HAdd ``HAdd.hAdd
+
+private def getMulFn (type : Expr) (u : Level) : GoalM Expr := do
+  getBinHomoFn type u ``HMul ``HMul.hMul
+
+private def getSubFn (type : Expr) (u : Level) : GoalM Expr := do
+  getBinHomoFn type u ``HSub ``HSub.hSub
+
+private def getDivFn (type : Expr) (u : Level) : GoalM Expr := do
+  getBinHomoFn type u ``HDiv ``HDiv.hDiv
+
+private def getNegFn (type : Expr) (u : Level) : GoalM Expr := do
+  getUnaryFn type u ``Neg ``Neg.neg
+
+private def getInvFn (type : Expr) (u : Level) : GoalM Expr := do
+  getUnaryFn type u ``Inv ``Inv.inv
+
+private def getPowFn (type : Expr) (u : Level) (semiringInst : Expr) : GoalM Expr := do
+  let instType := mkApp3 (mkConst ``HPow [u, 0, u]) type Nat.mkType type
+  let .some inst ← trySynthInstance instType |
+    throwError "failed to find instance for ring power operator{indentExpr instType}"
+  let inst' := mkApp2 (mkConst ``Grind.Semiring.toHPow [u]) type semiringInst
+  unless (← withDefault <| isDefEq inst inst') do
+    throwError "instance for power operator{indentExpr inst}\nis not definitionally equal to the `Grind.Semiring` one{indentExpr inst'}"
+  internalizeFn <| mkApp4 (mkConst ``HPow.hPow [u, 0, u]) type Nat.mkType type inst
+
+private def getIntCastFn (type : Expr) (u : Level) (ringInst : Expr) : GoalM Expr := do
+  let inst' := mkApp2 (mkConst ``Grind.Ring.intCast [u]) type ringInst
+  let instType := mkApp (mkConst ``IntCast [u]) type
+  -- Note that `Ring.intCast` is not registered as a global instance
+  -- (to avoid introducing unwanted coercions)
+  -- so merely having a `Ring α` instance
+  -- does not guarantee that an `IntCast α` will be available.
+  -- When both are present we verify that they are defeq,
+  -- and otherwise fall back to the field of the `Ring α` instance that we already have.
+  let inst ← match (← trySynthInstance instType).toOption with
+  | none => pure inst'
+  | some inst =>
+    unless (← withDefault <| isDefEq inst inst') do
+      throwError "instance for intCast{indentExpr inst}\nis not definitionally equal to the `Grind.Ring` one{indentExpr inst'}"
+    pure inst
+  internalizeFn <| mkApp2 (mkConst ``IntCast.intCast [u]) type inst
+
+private def getNatCastFn (type : Expr) (u : Level) (semiringInst : Expr) : GoalM Expr := do
+  let inst' := mkApp2 (mkConst ``Grind.Semiring.natCast [u]) type semiringInst
+  let instType := mkApp (mkConst ``NatCast [u]) type
+  -- Note that `Semiring.natCast` is not registered as a global instance
+  -- (to avoid introducing unwanted coercions)
+  -- so merely having a `Semiring α` instance
+  -- does not guarantee that an `NatCast α` will be available.
+  -- When both are present we verify that they are defeq,
+  -- and otherwise fall back to the field of the `Semiring α` instance that we already have.
+  let inst ← match (← trySynthInstance instType).toOption with
+  | none => pure inst'
+  | some inst =>
+    unless (← withDefault <| isDefEq inst inst') do
+      throwError "instance for natCast{indentExpr inst}\nis not definitionally equal to the `Grind.Semiring` one{indentExpr inst'}"
+    pure inst
+  internalizeFn <| mkApp2 (mkConst ``NatCast.natCast [u]) type inst
+
+/--
+Returns the ring id for the given type if there is a `CommRing` instance for it.
+
+This function will also perform sanity-checks
+(e.g., the `Add` instance for `type` must be definitionally equal to the `CommRing.toAdd` one.)
+
+It also caches the functions representing `+`, `*`, `-`, `^`, and `intCast`.
+-/
+def getRingId? (type : Expr) : GoalM (Option Nat) := do
+  if let some id? := (← get').typeIdOf.find? { expr := type } then
+    return id?
+  else
+    let id? ← go?
+    modify' fun s => { s with typeIdOf := s.typeIdOf.insert { expr := type } id? }
+    if let some id := id? then
+      -- Internalize helper constants
+      let ring := (← get').rings[id]!
+      internalize ring.one 0
+    return id?
+where
+  go? : GoalM (Option Nat) := do
+    let u ← getDecLevel type
+    let semiring := mkApp (mkConst ``Grind.Semiring [u]) type
+    let .some semiringInst ← trySynthInstance semiring | return none
+    let ring := mkApp (mkConst ``Grind.Ring [u]) type
+    let .some ringInst ← trySynthInstance ring | return none
+    let commSemiring := mkApp (mkConst ``Grind.CommSemiring [u]) type
+    let .some commSemiringInst ← trySynthInstance commSemiring | return none
+    let commRing := mkApp (mkConst ``Grind.CommRing [u]) type
+    let .some commRingInst ← trySynthInstance commRing | return none
+    trace_goal[grind.ring] "new ring: {type}"
+    let charInst? ← getIsCharInst? u type semiringInst
+    let noZeroDivInst? ← getNoZeroDivInst? u type
+    trace_goal[grind.ring] "NoNatZeroDivisors available: {noZeroDivInst?.isSome}"
+    let field := mkApp (mkConst ``Grind.Field [u]) type
+    let fieldInst? : Option Expr ← LOption.toOption <$> trySynthInstance field
+    let addFn ← getAddFn type u
+    let mulFn ← getMulFn type u
+    let subFn ← getSubFn type u
+    let negFn ← getNegFn type u
+    let powFn ← getPowFn type u semiringInst
+    let intCastFn ← getIntCastFn type u ringInst
+    let natCastFn ← getNatCastFn type u semiringInst
+    let invFn? ← if fieldInst?.isSome then
+      pure (some (← getInvFn type u))
+    else
+      pure none
+    let one ← shareCommon <| (← canon <| denoteNumCore u type semiringInst negFn 1)
+    let semiringId? := none
+    let id := (← get').rings.size
+    let ring : Ring := {
+      id, semiringId?, type, u, semiringInst, ringInst, commSemiringInst,
+      commRingInst, charInst?, noZeroDivInst?, fieldInst?,
+      addFn, mulFn, subFn, negFn, powFn, intCastFn, natCastFn, invFn?, one }
+    modify' fun s => { s with rings := s.rings.push ring }
+    return some id
+
+private def setSemiringId (ringId : Nat) (semiringId : Nat) : GoalM Unit := do
+  RingM.run ringId do modifyRing fun s => { s with semiringId? := some semiringId }
+
+def getSemiringId? (type : Expr) : GoalM (Option Nat) := do
+  if let some id? := (← get').stypeIdOf.find? { expr := type } then
+    return id?
+  else
+    let id? ← go?
+    modify' fun s => { s with stypeIdOf := s.stypeIdOf.insert { expr := type } id? }
+    return id?
+where
+  go? : GoalM (Option Nat) := do
+    let u ← getDecLevel type
+    let semiring := mkApp (mkConst ``Grind.Semiring [u]) type
+    let .some semiringInst ← trySynthInstance semiring | return none
+    let commSemiring := mkApp (mkConst ``Grind.CommSemiring [u]) type
+    let .some commSemiringInst ← trySynthInstance commSemiring | return none
+    let toQFn ← internalizeFn <| mkApp2 (mkConst ``Grind.Ring.OfSemiring.toQ [u]) type semiringInst
+    let addFn ← getAddFn type u
+    let mulFn ← getMulFn type u
+    let powFn ← getPowFn type u semiringInst
+    let natCastFn ← getNatCastFn type u semiringInst
+    let add := mkApp (mkConst ``Add [u]) type
+    let .some addInst ← trySynthInstance add | return none
+    let addRightCancel := mkApp2 (mkConst ``Grind.AddRightCancel [u]) type addInst
+    let addRightCancelInst? ← LOption.toOption <$> trySynthInstance addRightCancel
+    let q ← shareCommon (← canon (mkApp2 (mkConst ``Grind.Ring.OfSemiring.Q [u]) type semiringInst))
+    let some ringId ← getRingId? q
+      | throwError "`grind` unexpected failure, failure to initialize ring{indentExpr q}"
+    let id := (← get').semirings.size
+    let semiring : Semiring := {
+      id, type, ringId, u, semiringInst, commSemiringInst,
+      addFn, mulFn, powFn, natCastFn, toQFn, addRightCancelInst?
+    }
+    modify' fun s => { s with semirings := s.semirings.push semiring }
+    setSemiringId ringId id
+    return some id
+
+end Lean.Meta.Grind.Arith.CommRing

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/CommRing/SafePoly.lean

@@ -0,0 +1,114 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.Arith.CommRing.DenoteExpr
+
+namespace Lean.Meta.Grind.Arith.CommRing
+
+/-!
+The polynomial functions at `Poly.lean` are used for constructing proofs-by-reflection,
+but they do not provide mechanisms for aborting expensive computations.
+-/
+
+private def applyChar (a : Int) : RingM Int := do
+  if let some c ← nonzeroChar? then
+    return a % c
+  else
+    return a
+
+private def addConst (p : Poly) (k : Int) : RingM Poly := do
+  if let some c ← nonzeroChar? then return .addConstC p k c else return .addConst p k
+
+private def mulConst (k : Int) (p : Poly) : RingM Poly := do
+  if let some c ← nonzeroChar? then return .mulConstC k p c else return .mulConst k p
+
+private def mulMon (k : Int) (m : Mon) (p : Poly) : RingM Poly := do
+  if let some c ← nonzeroChar? then return .mulMonC k m p c else return .mulMon k m p
+
+private def combine (p₁ p₂ : Poly) : RingM Poly := withIncRecDepth do
+  match p₁, p₂ with
+  | .num k₁, .num k₂ => return .num (← applyChar (k₁ + k₂))
+  | .num k₁, .add k₂ m₂ p₂ => addConst (.add k₂ m₂ p₂) k₁
+  | .add k₁ m₁ p₁, .num k₂ => addConst (.add k₁ m₁ p₁) k₂
+  | .add k₁ m₁ p₁, .add k₂ m₂ p₂ =>
+    match m₁.grevlex m₂ with
+    | .eq =>
+      let k ← applyChar (k₁ + k₂)
+      bif k == 0 then
+        combine p₁ p₂
+      else
+        return .add k m₁ (← combine p₁ p₂)
+    | .gt => return .add k₁ m₁ (← combine p₁ (.add k₂ m₂ p₂))
+    | .lt => return .add k₂ m₂ (← combine (.add k₁ m₁ p₁) p₂)
+
+private def mul (p₁ : Poly) (p₂ : Poly) : RingM Poly :=
+  go p₁ (.num 0)
+where
+  go (p₁ : Poly) (acc : Poly) : RingM Poly :=  withIncRecDepth do
+    match p₁ with
+    | .num k => combine acc (← mulConst k p₂)
+    | .add k m p₁ =>
+      checkSystem "grind ring"
+      go p₁ (← combine acc (← mulMon k m p₂))
+
+private def pow (p : Poly) (k : Nat) : RingM Poly := withIncRecDepth do
+  match k with
+  | 0 => return .num 1
+  | 1 => return p
+  | 2 => mul p p
+  | k+3 => mul p (← pow p (k+2))
+
+private def toPoly (e : RingExpr) : RingM Poly := do
+  match e with
+  | .num n   => return .num (← applyChar n)
+  | .var x   => return .ofVar x
+  | .add a b => combine (← toPoly a) (← toPoly b)
+  | .mul a b => mul (← toPoly a) (← toPoly b)
+  | .neg a   => mulConst (-1) (← toPoly a)
+  | .sub a b => combine (← toPoly a) (← mulConst (-1) (← toPoly b))
+  | .pow a k =>
+    if k == 0 then
+      return .num 1
+    else match a with
+    | .num n => return .num (← applyChar (n^k))
+    | .var x => return .ofMon (.mult {x, k} .unit)
+    | _ => pow (← toPoly a) k
+
+/--
+Converts the given ring expression into a multivariate polynomial.
+If the ring has a nonzero characteristic, it is used during normalization.
+-/
+abbrev _root_.Lean.Grind.CommRing.Expr.toPolyM (e : RingExpr) : RingM Poly := do
+  toPoly e
+
+abbrev _root_.Lean.Grind.CommRing.Poly.mulConstM (p : Poly) (k : Int) : RingM Poly :=
+  mulConst k p
+
+abbrev _root_.Lean.Grind.CommRing.Poly.mulMonM (p : Poly) (k : Int) (m : Mon) : RingM Poly :=
+  mulMon k m p
+
+abbrev _root_.Lean.Grind.CommRing.Poly.mulM (p₁ p₂ : Poly) : RingM Poly := do
+  mul p₁ p₂
+
+abbrev _root_.Lean.Grind.CommRing.Poly.combineM (p₁ p₂ : Poly) : RingM Poly :=
+  combine p₁ p₂
+
+def _root_.Lean.Grind.CommRing.Poly.spolM (p₁ p₂ : Poly) : RingM Grind.CommRing.SPolResult := do
+  match p₁, p₂ with
+  | .add k₁ m₁ p₁, .add k₂ m₂ p₂ =>
+    let m    := m₁.lcm m₂
+    let m₁   := m.div m₁
+    let m₂   := m.div m₂
+    let g    := Nat.gcd k₁.natAbs k₂.natAbs
+    let c₁   := k₂/g
+    let c₂   := -k₁/g
+    let p₁   ← mulMon c₁ m₁ p₁
+    let p₂   ← mulMon c₂ m₂ p₂
+    let spol ← combine p₁ p₂
+    return { spol, m₁, m₂, k₁ := c₁, k₂ := c₂ }
+  | _, _ => return {}
+
+end Lean.Meta.Grind.Arith.CommRing

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/CommRing/ToExpr.lean

@@ -0,0 +1,79 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Init.Grind.Ring.Poly
+import Init.Grind.Ring.OfSemiring
+import Lean.ToExpr
+
+namespace Lean.Meta.Grind.Arith.CommRing
+open Grind.CommRing
+/-!
+`ToExpr` instances for `CommRing.Poly` types.
+-/
+
+def ofPower (p : Power) : Expr :=
+  mkApp2 (mkConst ``Power.mk) (toExpr p.x) (toExpr p.k)
+
+instance : ToExpr Power where
+  toExpr := ofPower
+  toTypeExpr := mkConst ``Power
+
+def ofMon (m : Mon) : Expr :=
+  match m with
+  | .unit => mkConst ``Mon.unit
+  | .mult pw m => mkApp2 (mkConst ``Mon.mult) (toExpr pw) (ofMon m)
+
+instance : ToExpr Mon where
+  toExpr := ofMon
+  toTypeExpr := mkConst ``Mon
+
+def ofPoly (p : Poly) : Expr :=
+  match p with
+  | .num k => mkApp (mkConst ``Poly.num) (toExpr k)
+  | .add k m p => mkApp3 (mkConst ``Poly.add) (toExpr k) (toExpr m) (ofPoly p)
+
+instance : ToExpr Poly where
+  toExpr := ofPoly
+  toTypeExpr := mkConst ``Poly
+
+open Lean.Grind
+
+def ofRingExpr (e : CommRing.Expr) : Expr :=
+  match e with
+  | .num k => mkApp (mkConst ``CommRing.Expr.num) (toExpr k)
+  | .var x => mkApp (mkConst ``CommRing.Expr.var) (toExpr x)
+  | .add a b => mkApp2 (mkConst ``CommRing.Expr.add) (ofRingExpr a) (ofRingExpr b)
+  | .mul a b => mkApp2 (mkConst ``CommRing.Expr.mul) (ofRingExpr a) (ofRingExpr b)
+  | .sub a b => mkApp2 (mkConst ``CommRing.Expr.sub) (ofRingExpr a) (ofRingExpr b)
+  | .neg a => mkApp (mkConst ``CommRing.Expr.neg) (ofRingExpr a)
+  | .pow a k => mkApp2 (mkConst ``CommRing.Expr.pow) (ofRingExpr a) (toExpr k)
+
+instance : ToExpr CommRing.Expr where
+  toExpr := ofRingExpr
+  toTypeExpr := mkConst ``CommRing.Expr
+
+def ofNullCert (nc : NullCert) : Expr :=
+  match nc with
+  | .empty => mkConst ``CommRing.NullCert.empty
+  | .add q lhs rhs nc => mkApp4 (mkConst ``CommRing.NullCert.add) (toExpr q) (toExpr lhs) (toExpr rhs) (ofNullCert nc)
+
+instance : ToExpr CommRing.NullCert where
+  toExpr := ofNullCert
+  toTypeExpr := mkConst ``CommRing.NullCert
+
+def ofSemiringExpr (e : Ring.OfSemiring.Expr) : Expr :=
+  match e with
+  | .num k => mkApp (mkConst ``Ring.OfSemiring.Expr.num) (toExpr k)
+  | .var x => mkApp (mkConst ``Ring.OfSemiring.Expr.var) (toExpr x)
+  | .add a b => mkApp2 (mkConst ``Ring.OfSemiring.Expr.add) (ofSemiringExpr a) (ofSemiringExpr b)
+  | .mul a b => mkApp2 (mkConst ``Ring.OfSemiring.Expr.mul) (ofSemiringExpr a) (ofSemiringExpr b)
+  | .pow a k => mkApp2 (mkConst ``Ring.OfSemiring.Expr.pow) (ofSemiringExpr a) (toExpr k)
+
+instance : ToExpr Ring.OfSemiring.Expr where
+  toExpr := ofSemiringExpr
+  toTypeExpr := mkConst ``Ring.OfSemiring.Expr
+
+end Lean.Meta.Grind.Arith.CommRing

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/CommRing/Types.lean

@@ -0,0 +1,279 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Init.Grind.Ring.OfSemiring
+import Lean.Data.PersistentArray
+import Lean.Data.RBTree
+import Lean.Meta.Tactic.Grind.ExprPtr
+import Lean.Meta.Tactic.Grind.Arith.Util
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Poly
+
+namespace Lean.Meta.Grind.Arith.CommRing
+export Lean.Grind.CommRing (Var Power Mon Poly)
+abbrev RingExpr := Grind.CommRing.Expr
+abbrev SemiringExpr := Grind.Ring.OfSemiring.Expr
+
+mutual
+structure EqCnstr where
+  p     : Poly
+  h     : EqCnstrProof
+  sugar : Nat
+  id    : Nat
+
+inductive EqCnstrProof where
+  | core (a b : Expr) (ra rb : RingExpr)
+  | coreS (a b : Expr) (sa sb : SemiringExpr) (ra rb : RingExpr)
+  | superpose (k₁ : Int) (m₁ : Mon) (c₁ : EqCnstr) (k₂ : Int) (m₂ : Mon) (c₂ : EqCnstr)
+  | simp (k₁ : Int) (c₁ : EqCnstr) (k₂ : Int) (m₂ : Mon) (c₂ : EqCnstr)
+  | mul (k : Int) (e : EqCnstr)
+  | div (k : Int) (e : EqCnstr)
+  | gcd (a b : Int) (c₁ c₂ : EqCnstr)
+  | numEq0 (k : Nat) (c₁ c₂ : EqCnstr)
+end
+
+instance : Inhabited EqCnstrProof where
+  default := .core default default default default
+
+instance : Inhabited EqCnstr where
+  default := { p := default, h := default, sugar := 0, id := 0 }
+
+protected def EqCnstr.compare (c₁ c₂ : EqCnstr) : Ordering :=
+  (compare c₁.sugar c₂.sugar) |>.then
+  (compare c₁.p.degree c₂.p.degree) |>.then
+  (compare c₁.id c₂.id)
+
+abbrev Queue : Type := RBTree EqCnstr EqCnstr.compare
+
+/--
+A polynomial equipped with a chain of rewrite steps that justifies its equality to the original input.
+From an input polynomial `p`, we use equations (i.e., `EqCnstr`) as rewriting rules.
+For example, consider the following sequence of rewrites for the input polynomial `x^2 + x*y`
+using the equations `x - 1 = 0` (`c₁`) and `y - 2 = 0` (`c₂`).
+```
+2*x^2 + x*y                  | s₁ := .input (2*x^2 + x*y)
+=           - 2*x*(x - 1)
+(2*x + x*y)                  | s₂ := .step (2*x + x*y)  1 s₁ (-2) x c₁
+=           - 2*1*(x - 1)
+(x*y + 2)                    | s₃ := .step (x*y + 2) 1 s₂ (-2) 1 c₁
+=           - 1*y*(x - 1)
+(y + 2)                      | s₄ := .step (y+2) 1 s₃ (-1) y c₁
+=           - 1*1*(y - 2)
+4                            | s₅ := .step 4 1 s₄ 1 1 c₂
+```
+From the chain above, we build the certificate
+```
+(-2*x - y - 2)*(x-1) + (-1)*(y-2)
+```
+for
+```
+4 = (2*x^2 + x*y)
+```
+because `x-1 = 0` and `y-2=0`
+-/
+inductive PolyDerivation where
+  | input (p : Poly)
+  | /--
+    ```
+    p = k₁*d.getPoly + k₂*m₂*c.p
+    ```
+    The coefficient `k₁` is used because the leading monomial in `c` may not be monic.
+    Thus, if we follow the chain back to the input polynomial, we have that
+    `p = C * input_p` for a `C` that is equal to the product of all `k₁`s in the chain.
+    We have that `C ≠ 1` only if the ring does not implement `NoNatZeroDivisors`.
+    Here is a small example where we simplify `x+y` using the equations
+    `2*x - 1 = 0` (`c₁`), `3*y - 1 = 0` (`c₂`), and `6*z + 5 = 0` (`c₃`)
+    ```
+    x + y + z            | s₁ := .input (x + y + z)
+    *2
+    =   - 1*1*(2*x - 1)
+    2*y + 2*z + 1        | s₂ := .step (2*y + 2*z + 1) 2 s₁ (-1) 1 c₁
+    *3
+    =   - 2*1*(3*y - 1)
+    6*z + 5              | s₃ := .step (6*z + 5) 3 s₂ (-2) 1 c₂
+    =   - 1*1*(6*z + 5)
+    0                    | s₄ := .step (0) 1 s₃ (-1) 1 c₃
+    ```
+    For this chain, we build the certificate
+    ```
+    (-3)*(2*x - 1) + (-2)*(3*y - 1) + (-1)*(6*z + 5)
+    ```
+    for
+    ```
+    0 = 6*(x + y + z)
+    ```
+    Recall that if the ring implement `NoNatZeroDivisors`, then the following property holds:
+    ```
+    ∀ (k : Int) (a : α), k ≠ 0 → (intCast k) * a = 0 → a = 0
+    ```
+    grind can deduce that `x+y+z = 0`
+    -/
+    step (p : Poly) (k₁ : Int) (d : PolyDerivation) (k₂ : Int) (m₂ : Mon) (c : EqCnstr)
+  | /--
+    Given `c.p == .num k`
+    ```
+    p = d.getPoly.normEq0 k
+    ```
+    -/
+    normEq0 (p : Poly) (d : PolyDerivation) (c : EqCnstr)
+
+def PolyDerivation.p : PolyDerivation → Poly
+  | .input p   => p
+  | .step p .. => p
+  | .normEq0 p .. => p
+
+/-- A disequality `lhs ≠ rhs` asserted by the core. -/
+structure DiseqCnstr where
+  lhs : Expr
+  rhs : Expr
+  /-- Reified `lhs` -/
+  rlhs : RingExpr
+  /-- Reified `rhs` -/
+  rrhs : RingExpr
+  /-- `lhs - rhs` simplification chain. If it becomes `0` we have an inconsistency. -/
+  d : PolyDerivation
+  /--
+  If `lhs` and `rhs` are semiring expressions that have been adapted as ring ones.
+  The respective semiring reified expressions are stored here.
+  -/
+  ofSemiring? : Option (SemiringExpr × SemiringExpr)
+
+/-- State for each `CommRing` processed by this module. -/
+structure Ring where
+  id             : Nat
+  /--
+  If this is a `OfSemiring.Q α` ring, this field contain the
+  `semiringId` for `α`.
+  -/
+  semiringId?    : Option Nat
+  type           : Expr
+  /-- Cached `getDecLevel type` -/
+  u              : Level
+  /-- `Semiring` instance for `type` -/
+  semiringInst   : Expr
+  /-- `Ring` instance for `type` -/
+  ringInst       : Expr
+  /-- `CommSemiring` instance for `type` -/
+  commSemiringInst   : Expr
+  /-- `CommRing` instance for `type` -/
+  commRingInst   : Expr
+  /-- `IsCharP` instance for `type` if available. -/
+  charInst?      : Option (Expr × Nat)
+  /-- `NoNatZeroDivisors` instance for `type` if available. -/
+  noZeroDivInst? : Option Expr
+  /-- `Field` instance for `type` if available. -/
+  fieldInst?     : Option Expr
+  addFn          : Expr
+  mulFn          : Expr
+  subFn          : Expr
+  negFn          : Expr
+  powFn          : Expr
+  intCastFn      : Expr
+  natCastFn      : Expr
+  /-- Inverse if `fieldInst?` is `some inst` -/
+  invFn?         : Option Expr
+  one            : Expr
+  /--
+  Mapping from variables to their denotations.
+  Remark each variable can be in only one ring.
+  -/
+  vars           : PArray Expr := {}
+  /-- Mapping from `Expr` to a variable representing it. -/
+  varMap         : PHashMap ExprPtr Var := {}
+  /-- Mapping from Lean expressions to their representations as `RingExpr` -/
+  denote         : PHashMap ExprPtr RingExpr := {}
+  /-- Next unique id for `EqCnstr`s. -/
+  nextId         : Nat := 0
+  /-- Number of "steps": simplification and superposition. -/
+  steps          : Nat := 0
+  /-- Equations to process. -/
+  queue          : Queue := {}
+  /--
+  The basis is currently just a list. If this is a performance bottleneck, we should use
+  a better data-structure. For examples, we could use a simple indexing for the linear case
+  where we map variable in the leading monomial to `EqCnstr`.
+  -/
+  basis          : List EqCnstr := {}
+  /-- Disequalities. -/
+  -- TODO: add indexing
+  diseqs         : PArray DiseqCnstr := {}
+  /--
+  If `recheck` is `true`, then new equalities have been added to the basis since we checked
+  disequalities and implied equalities.
+  -/
+  recheck        : Bool := false
+  /-- Inverse theorems that have been already asserted. -/
+  invSet         : PHashSet Expr := {}
+  /--
+  An equality of the form `c = 0`. It is used to simplify polynomial coefficients.
+  -/
+  numEq0?        : Option EqCnstr := none
+  /-- Flag indicating whether `numEq0?` has been updated. -/
+  numEq0Updated  : Bool := false
+  deriving Inhabited
+
+/--
+State for each `CommSemiring` processed by this module.
+Recall that `CommSemiring` are processed using the envelop `OfCommSemiring.Q`
+-/
+structure Semiring where
+  id             : Nat
+  /-- Id for `OfCommSemiring.Q` -/
+  ringId         : Nat
+  type           : Expr
+  /-- Cached `getDecLevel type` -/
+  u              : Level
+  /-- `Semiring` instance for `type` -/
+  semiringInst   : Expr
+  /-- `CommSemiring` instance for `type` -/
+  commSemiringInst   : Expr
+  /-- `AddRightCancel` instance for `type` if available. -/
+  addRightCancelInst? : Option Expr
+  toQFn          : Expr
+  addFn          : Expr
+  mulFn          : Expr
+  powFn          : Expr
+  natCastFn      : Expr
+  /-- Mapping from Lean expressions to their representations as `SemiringExpr` -/
+  denote         : PHashMap ExprPtr SemiringExpr := {}
+  /--
+  Mapping from variables to their denotations.
+  Remark each variable can be in only one ring.
+  -/
+  vars           : PArray Expr := {}
+  /-- Mapping from `Expr` to a variable representing it. -/
+  varMap         : PHashMap ExprPtr Var := {}
+  deriving Inhabited
+
+/-- State for all `CommRing` types detected by `grind`. -/
+structure State where
+  /--
+  Commutative rings.
+  We expect to find a small number of rings in a given goal. Thus, using `Array` is fine here.
+  -/
+  rings : Array Ring := {}
+  /--
+  Mapping from types to its "ring id". We cache failures using `none`.
+  `typeIdOf[type]` is `some id`, then `id < rings.size`. -/
+  typeIdOf : PHashMap ExprPtr (Option Nat) := {}
+  /- Mapping from expressions/terms to their ring ids. -/
+  exprToRingId : PHashMap ExprPtr Nat := {}
+  /-- Commutative semirings. We support them using the envelope `OfCommRing.Q` -/
+  semirings : Array Semiring := {}
+  /--
+  Mapping from types to its "semiring id". We cache failures using `none`.
+  `stypeIdOf[type]` is `some id`, then `id < semirings.size`.
+  If a type is in this map, it is not in `typeIdOf`.
+  -/
+  stypeIdOf : PHashMap ExprPtr (Option Nat) := {}
+  /-
+  Mapping from expressions/terms to their semiring ids.
+  If an expression is in this map, it is not in `exprToRingId`.
+  -/
+  exprToSemiringId : PHashMap ExprPtr Nat := {}
+  steps := 0
+  deriving Inhabited
+
+end Lean.Meta.Grind.Arith.CommRing

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/CommRing/Util.lean

@@ -0,0 +1,184 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.Types
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Poly
+
+namespace Lean.Meta.Grind.Arith.CommRing
+
+def get' : GoalM State := do
+  return (← get).arith.ring
+
+@[inline] def modify' (f : State → State) : GoalM Unit := do
+  modify fun s => { s with arith.ring := f s.arith.ring }
+
+def checkMaxSteps : GoalM Bool := do
+  return (← get').steps >= (← getConfig).ringSteps
+
+def incSteps : GoalM Unit := do
+  modify' fun s => { s with steps := s.steps + 1 }
+
+structure RingM.Context where
+  ringId : Nat
+  /--
+  If `checkCoeffDvd` is `true`, then when using a polynomial `k*m - p`
+  to simplify `.. + k'*m*m_2 + ...`, the substitution is performed IF
+  - `k` divides `k'`, OR
+  - Ring implements `NoNatZeroDivisors`.
+
+  We need this check when simplifying disequalities. In this case, if we perform
+  the simplification anyway, we may end up with a proof that `k * q = 0`, but
+  we cannot deduce `q = 0` since the ring does not implement `NoNatZeroDivisors`
+  See comment at `PolyDerivation`.
+  -/
+  checkCoeffDvd : Bool := false
+
+class MonadGetRing (m : Type → Type) where
+  getRing : m Ring
+
+export MonadGetRing (getRing)
+
+@[always_inline]
+instance (m n) [MonadLift m n] [MonadGetRing m] : MonadGetRing n where
+  getRing    := liftM (getRing : m Ring)
+
+/-- We don't want to keep carrying the `RingId` around. -/
+abbrev RingM := ReaderT RingM.Context GoalM
+
+abbrev RingM.run (ringId : Nat) (x : RingM α) : GoalM α :=
+  x { ringId }
+
+abbrev getRingId : RingM Nat :=
+  return (← read).ringId
+
+protected def RingM.getRing : RingM Ring := do
+  let s ← get'
+  let ringId ← getRingId
+  if h : ringId < s.rings.size then
+    return s.rings[ringId]
+  else
+    throwError "`grind` internal error, invalid ringId"
+
+instance : MonadGetRing RingM where
+  getRing := RingM.getRing
+
+@[inline] def modifyRing (f : Ring → Ring) : RingM Unit := do
+  let ringId ← getRingId
+  modify' fun s => { s with rings := s.rings.modify ringId f }
+
+structure SemiringM.Context where
+  semiringId : Nat
+
+abbrev SemiringM := ReaderT SemiringM.Context GoalM
+
+abbrev SemiringM.run (semiringId : Nat) (x : SemiringM α) : GoalM α :=
+  x { semiringId }
+
+abbrev getSemiringId : SemiringM Nat :=
+  return (← read).semiringId
+
+def getSemiring : SemiringM Semiring := do
+  let s ← get'
+  let semiringId ← getSemiringId
+  if h : semiringId < s.semirings.size then
+    return s.semirings[semiringId]
+  else
+    throwError "`grind` internal error, invalid semiringId"
+
+protected def SemiringM.getRing : SemiringM Ring := do
+  let s ← get'
+  let ringId := (← getSemiring).ringId
+  if h : ringId < s.rings.size then
+    return s.rings[ringId]
+  else
+    throwError "`grind` internal error, invalid ringId"
+
+instance : MonadGetRing SemiringM where
+  getRing := SemiringM.getRing
+
+@[inline] def modifySemiring (f : Semiring → Semiring) : SemiringM Unit := do
+  let semiringId ← getSemiringId
+  modify' fun s => { s with semirings := s.semirings.modify semiringId f }
+
+abbrev withCheckCoeffDvd (x : RingM α) : RingM α :=
+  withReader (fun ctx => { ctx with checkCoeffDvd := true }) x
+
+def checkCoeffDvd : RingM Bool :=
+  return (← read).checkCoeffDvd
+
+def getTermRingId? (e : Expr) : GoalM (Option Nat) := do
+  return (← get').exprToRingId.find? { expr := e }
+
+def setTermRingId (e : Expr) : RingM Unit := do
+  let ringId ← getRingId
+  if let some ringId' ← getTermRingId? e then
+    unless ringId' == ringId do
+      reportIssue! "expression in two different rings{indentExpr e}"
+    return ()
+  modify' fun s => { s with exprToRingId := s.exprToRingId.insert { expr := e } ringId }
+
+def getTermSemiringId? (e : Expr) : GoalM (Option Nat) := do
+  return (← get').exprToSemiringId.find? { expr := e }
+
+def setTermSemiringId (e : Expr) : SemiringM Unit := do
+  let semiringId ← getSemiringId
+  if let some semiringId' ← getTermSemiringId? e then
+    unless semiringId' == semiringId do
+      reportIssue! "expression in two different semirings{indentExpr e}"
+    return ()
+  modify' fun s => { s with exprToSemiringId := s.exprToSemiringId.insert { expr := e } semiringId }
+
+/-- Returns `some c` if the current ring has a nonzero characteristic `c`. -/
+def nonzeroChar? [Monad m] [MonadGetRing m] : m (Option Nat) := do
+  if let some (_, c) := (← getRing).charInst? then
+    if c != 0 then
+      return some c
+  return none
+
+/-- Returns `some (charInst, c)` if the current ring has a nonzero characteristic `c`. -/
+def nonzeroCharInst? [Monad m] [MonadGetRing m] : m (Option (Expr × Nat)) := do
+  if let some (inst, c) := (← getRing).charInst? then
+    if c != 0 then
+      return some (inst, c)
+  return none
+
+def noZeroDivisorsInst? : RingM (Option Expr) := do
+  return (← getRing).noZeroDivInst?
+
+/--
+Returns `true` if the current ring satisfies the property
+```
+∀ (k : Nat) (a : α), k ≠ 0 → OfNat.ofNat (α := α) k * a = 0 → a = 0
+```
+-/
+def noZeroDivisors : RingM Bool := do
+  return (← getRing).noZeroDivInst?.isSome
+
+/-- Returns `true` if the current ring has a `IsCharP` instance. -/
+def hasChar  : RingM Bool := do
+  return (← getRing).charInst?.isSome
+
+/--
+Returns the pair `(charInst, c)`. If the ring does not have a `IsCharP` instance, then throws internal error.
+-/
+def getCharInst : RingM (Expr × Nat) := do
+  let some c := (← getRing).charInst?
+    | throwError "`grind` internal error, ring does not have a characteristic"
+  return c
+
+def isField : RingM Bool :=
+  return (← getRing).fieldInst?.isSome
+
+def isQueueEmpty : RingM Bool :=
+  return (← getRing).queue.isEmpty
+
+def getNext? : RingM (Option EqCnstr) := do
+  let some c := (← getRing).queue.min | return none
+  modifyRing fun s => { s with queue := s.queue.erase c }
+  incSteps
+  return some c
+
+end Lean.Meta.Grind.Arith.CommRing

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/CommRing/Var.lean

@@ -0,0 +1,38 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Util
+
+namespace Lean.Meta.Grind.Arith.CommRing
+
+def mkVar (e : Expr) : RingM Var := do
+  let s ← getRing
+  if let some var := s.varMap.find? { expr := e } then
+    return var
+  let var : Var := s.vars.size
+  modifyRing fun s => { s with
+    vars       := s.vars.push e
+    varMap     := s.varMap.insert { expr := e } var
+  }
+  setTermRingId e
+  markAsCommRingTerm e
+  return var
+
+/-- Similar to `mkVar` but for `Semiring`s -/
+def mkSVar (e : Expr) : SemiringM Var := do
+  let s ← getSemiring
+  if let some var := s.varMap.find? { expr := e } then
+    return var
+  let var : Var := s.vars.size
+  modifySemiring fun s => { s with
+    vars       := s.vars.push e
+    varMap     := s.varMap.insert { expr := e } var
+  }
+  setTermSemiringId e
+  markAsCommRingTerm e
+  return var
+
+end Lean.Meta.Grind.Arith.CommRing

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Cutsat.lean

@@ -0,0 +1,44 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Util.Trace
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.DvdCnstr
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.LeCnstr
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Search
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Inv
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Proof
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Types
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Util
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Var
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.EqCnstr
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.SearchM
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Model
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.MBTC
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Nat
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.CommRing
+
+namespace Lean
+
+builtin_initialize registerTraceClass `grind.cutsat
+builtin_initialize registerTraceClass `grind.cutsat.model
+builtin_initialize registerTraceClass `grind.cutsat.assert
+builtin_initialize registerTraceClass `grind.cutsat.assert.trivial
+builtin_initialize registerTraceClass `grind.cutsat.assert.unsat
+builtin_initialize registerTraceClass `grind.cutsat.assert.store
+builtin_initialize registerTraceClass `grind.cutsat.assert.nonlinear
+
+builtin_initialize registerTraceClass `grind.debug.cutsat.subst
+builtin_initialize registerTraceClass `grind.debug.cutsat.search
+builtin_initialize registerTraceClass `grind.debug.cutsat.search.split (inherited := true)
+builtin_initialize registerTraceClass `grind.debug.cutsat.search.assign (inherited := true)
+builtin_initialize registerTraceClass `grind.debug.cutsat.search.conflict (inherited := true)
+builtin_initialize registerTraceClass `grind.debug.cutsat.search.backtrack (inherited := true)
+builtin_initialize registerTraceClass `grind.debug.cutsat.internalize
+builtin_initialize registerTraceClass `grind.debug.cutsat.toInt
+builtin_initialize registerTraceClass `grind.debug.cutsat.search.cnstrs
+builtin_initialize registerTraceClass `grind.debug.cutsat.search.reorder
+
+end Lean

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Cutsat/CommRing.lean

@@ -0,0 +1,58 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.ProveEq
+import Lean.Meta.Tactic.Grind.Arith.CommRing.RingId
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Reify
+import Lean.Meta.Tactic.Grind.Arith.CommRing.DenoteExpr
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Var
+
+/-!
+CommRing interface for cutsat. We use it to normalize nonlinear polynomials.
+-/
+
+namespace Lean.Meta.Grind.Arith.Cutsat
+
+/-- Returns `true` if `p` contains a nonlinear monomial. -/
+def _root_.Int.Linear.Poly.isNonlinear (p : Poly) : GoalM Bool := do
+  let .add _ x p := p | return false
+  if (← getVar x).isAppOf ``HMul.hMul then return true
+  p.isNonlinear
+
+def _root_.Int.Linear.Poly.getGeneration (p : Poly) : GoalM Nat := do
+  go p 0
+where
+  go : Poly → Nat → GoalM Nat
+  | .num _, gen => return gen
+  | .add _ x p, gen => do go p (max (← Grind.getGeneration (← getVar x)) gen)
+
+def getIntRingId? : GoalM (Option Nat) := do
+  CommRing.getRingId? (← getIntExpr)
+
+/-- Normalize the polynomial using `CommRing`-/
+def _root_.Int.Linear.Poly.normCommRing? (p : Poly) : GoalM (Option (CommRing.RingExpr × CommRing.Poly × Poly)) := do
+  unless (← p.isNonlinear) do return none
+  let some ringId ← getIntRingId? | return none
+  CommRing.RingM.run ringId do
+    let e ← p.denoteExpr'
+    -- TODO: we can avoid the following statement if we construct the `Int` denotation using
+    -- Internalized operators instead of `mkIntMul` and `mkIntAdd`
+    let e ← shareCommon (← canon e)
+    let gen ← p.getGeneration
+    let some re ← CommRing.reify? e (gen := gen) | return none
+    let p' := re.toPoly
+    let e' ← p'.denoteExpr
+    let e' ← preprocessLight e'
+    -- Remark: we are reusing the `IntModule` virtual parent.
+    -- TODO: Investigate whether we should have a custom virtual parent for cutsat
+    internalize e' gen (some getIntModuleVirtualParent)
+    let p'' ← toPoly e'
+    if p == p'' then return none
+    modify' fun s => { s with usedCommRing := true }
+    trace[grind.cutsat.assert.nonlinear] "{← p.pp} ===> {← p''.pp}"
+    return some (re, p', p'')
+
+end Lean.Meta.Grind.Arith.Cutsat

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Cutsat/DvdCnstr.lean

@@ -0,0 +1,130 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Simp.Arith.Int
+import Lean.Meta.Tactic.Grind.PropagatorAttr
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Var
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Util
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Proof
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Norm
+
+namespace Lean.Meta.Grind.Arith.Cutsat
+
+def DvdCnstr.norm (c : DvdCnstr) : DvdCnstr :=
+  let c := if c.p.isSorted then
+    c
+  else
+    { d := c.d, p := c.p.norm, h :=.norm c }
+  let g := c.p.gcdCoeffs c.d
+  let g := if c.d < 0 then -g else g
+  if c.p.getConst % g == 0 && g != 1 then
+    { d := c.d/g, p := c.p.div g, h := .divCoeffs c }
+  else
+    c
+
+/--
+Given an equation `c₁` containing the monomial `a*x`, and a divisibility constraint `c₂`
+containing the monomial `b*x`, eliminate `x` by applying substitution.
+-/
+def DvdCnstr.applyEq (a : Int) (x : Var) (c₁ : EqCnstr) (b : Int) (c₂ : DvdCnstr) : GoalM DvdCnstr := do
+  let p := c₁.p
+  let q := c₂.p
+  let d := Int.ofNat (a * c₂.d).natAbs
+  let p := (q.mul a |>.combine (p.mul (-b)))
+  trace[grind.debug.cutsat.subst] "{← getVar x}, {← c₁.pp}, {← c₂.pp}"
+  return { d, p, h := .subst x c₁ c₂ }
+
+partial def DvdCnstr.applySubsts (c : DvdCnstr) : GoalM DvdCnstr := withIncRecDepth do
+  let some (b, x, c₁) ← c.p.findVarToSubst | return c
+  let a := c₁.p.coeff x
+  let c ← c.applyEq a x c₁ b
+  applySubsts c
+
+/-- Asserts divisibility constraint. -/
+partial def DvdCnstr.assert (c : DvdCnstr) : GoalM Unit := withIncRecDepth do
+  if (← inconsistent) then return ()
+  trace[grind.cutsat.assert] "{← c.pp}"
+  let c ← c.norm.applySubsts
+  if c.isUnsat then
+    trace[grind.cutsat.assert.unsat] "{← c.pp}"
+    setInconsistent (.dvd c)
+    return ()
+  if c.isTrivial then
+    trace[grind.cutsat.assert.trivial] "{← c.pp}"
+    return ()
+  let d₁ := c.d
+  let .add a₁ x p₁ := c.p | c.throwUnexpected
+  if (← c.satisfied) == .false then
+    resetAssignmentFrom x
+  if let some c' := (← get').dvds[x]! then
+    let d₂ := c'.d
+    let .add a₂ _ p₂ := c'.p | c'.throwUnexpected
+    let (d, α, β) := gcdExt (a₁*d₂) (a₂*d₁)
+    /-
+    We have that
+    `d = α*a₁*d₂ + β*a₂*d₁`
+    `d = gcd (a₁*d₂) (a₂*d₁)`
+    and two implied divisibility constraints:
+    - `d₁*d₂ ∣ d*x + α*d₂*p₁ + β*d₁*p₂`
+    - `d ∣ a₂*p₁ - a₁*p₂`
+    -/
+    let α_d₂_p₁ := p₁.mul (α*d₂)
+    let β_d₁_p₂ := p₂.mul (β*d₁)
+    let combine := { d := d₁*d₂, p := .add d x (α_d₂_p₁.combine β_d₁_p₂), h := .solveCombine c c' : DvdCnstr }
+    modify' fun s => { s with dvds := s.dvds.set x none}
+    combine.assert
+    let a₂_p₁ := p₁.mul a₂
+    let a₁_p₂ := p₂.mul (-a₁)
+    let elim := { d, p := a₂_p₁.combine a₁_p₂, h := .solveElim c c' : DvdCnstr }
+    elim.assert
+  else
+    trace[grind.cutsat.assert.store] "{← c.pp}"
+    c.p.updateOccs
+    modify' fun s => { s with dvds := s.dvds.set x (some c) }
+
+/-- Asserts a constraint coming from the core. -/
+private def DvdCnstr.assertCore (c : DvdCnstr) : GoalM Unit := do
+  if let some (re, rp, p) ← c.p.normCommRing? then
+    let c := { c with p, h := .commRingNorm c re rp : DvdCnstr}
+    c.assert
+  else
+    c.assert
+
+def propagateIntDvd (e : Expr) : GoalM Unit := do
+  let_expr Dvd.dvd _ inst a b ← e | return ()
+  unless (← isInstDvdInt inst) do return ()
+  let some d ← getIntValue? a
+    | reportIssue! "non-linear divisibility constraint found{indentExpr e}"
+      return ()
+  if (← isEqTrue e) then
+    let p ← toPoly b
+    let c := { d, p, h := .core e : DvdCnstr }
+    c.assertCore
+  else if (← isEqFalse e) then
+    pushNewFact <| mkApp4 (mkConst ``Int.Linear.of_not_dvd) a b reflBoolTrue (mkOfEqFalseCore e (← mkEqFalseProof e))
+
+def propagateNatDvd (e : Expr) : GoalM Unit := do
+  let some (d, b) ← Int.OfNat.toIntDvd? e | return ()
+  let gen ← getGeneration e
+  let ctx ← getNatVars
+  let b' ← toLinearExpr (← b.denoteAsIntExpr ctx) gen
+  let p := b'.norm
+  if (← isEqTrue e) then
+    let c := { d, p, h := .coreNat e d b b' : DvdCnstr }
+    c.assertCore
+  else if (← isEqFalse e) then
+    let_expr Dvd.dvd _ _ a b ← e | return ()
+    pushNewFact <| mkApp3 (mkConst ``Nat.emod_pos_of_not_dvd) a b (mkOfEqFalseCore e (← mkEqFalseProof e))
+
+builtin_grind_propagator propagateDvd ↓Dvd.dvd := fun e => do
+  unless (← getConfig).cutsat do return ()
+  let_expr Dvd.dvd α _ _ _ ← e | return ()
+  if α.isConstOf ``Nat then
+    propagateNatDvd e
+  else
+    propagateIntDvd e
+
+end Lean.Meta.Grind.Arith.Cutsat

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Cutsat/EqCnstr.lean

@@ -0,0 +1,542 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.Simp
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Var
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.DvdCnstr
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.LeCnstr
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.ToInt
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.CommRing
+
+namespace Lean.Meta.Grind.Arith.Cutsat
+
+private def _root_.Int.Linear.Poly.substVar (p : Poly) : GoalM (Option (Var × EqCnstr × Poly)) := do
+  let some (a, x, c) ← p.findVarToSubst | return none
+  let b := c.p.coeff x
+  let p' := p.mul (-b) |>.combine (c.p.mul a)
+  trace[grind.debug.cutsat.subst] "{← p.pp}, {a}, {← getVar x}, {← c.pp}, {b}, {← p'.pp}"
+  return some (x, c, p')
+
+def EqCnstr.norm (c : EqCnstr) : EqCnstr :=
+  if c.p.isSorted then
+    c
+  else
+    { p := c.p.norm, h := .norm c }
+
+def DiseqCnstr.norm (c : DiseqCnstr) : DiseqCnstr :=
+  if c.p.isSorted then
+    c
+  else
+    { p := c.p.norm, h := .norm c }
+
+/--
+Given an equation `c₁` containing the monomial `a*x`, and a disequality constraint `c₂`
+containing the monomial `b*x`, eliminate `x` by applying substitution.
+-/
+def DiseqCnstr.applyEq (a : Int) (x : Var) (c₁ : EqCnstr) (b : Int) (c₂ : DiseqCnstr) : GoalM DiseqCnstr := do
+  let p := c₁.p
+  let q := c₂.p
+  let p := p.mul b |>.combine (q.mul (-a))
+  trace[grind.debug.cutsat.subst] "{← getVar x}, {← c₁.pp}, {← c₂.pp}"
+  return { p, h := .subst x c₁ c₂ }
+
+partial def DiseqCnstr.applySubsts (c : DiseqCnstr) : GoalM DiseqCnstr := withIncRecDepth do
+  let some (x, c₁, p) ← c.p.substVar | return c
+  trace[grind.debug.cutsat.subst] "{← getVar x}, {← c.pp}, {← c₁.pp}"
+  applySubsts { p, h := .subst x c₁ c }
+
+/--
+Given a disequality `c`, tries to find an inequality to be refined using
+`p ≤ 0 → p ≠ 0 → p + 1 ≤ 0`
+-/
+private def DiseqCnstr.findLe (c : DiseqCnstr) : GoalM Bool := do
+  let .add _ x _ := c.p | c.throwUnexpected
+  let s ← get'
+  let go (atLower : Bool) : GoalM Bool := do
+    let cs' := if atLower then s.lowers[x]! else s.uppers[x]!
+    for c' in cs' do
+      if c.p == c'.p || c.p.isNegEq c'.p then
+        c'.erase
+        { p := c'.p.addConst 1, h := .ofLeDiseq c' c : LeCnstr }.assert
+        return true
+    return false
+  go true <||> go false
+
+def DiseqCnstr.assert (c : DiseqCnstr) : GoalM Unit := do
+  if (← inconsistent) then return ()
+  trace[grind.cutsat.assert] "{← c.pp}"
+  let c ← c.norm.applySubsts
+  if c.p.isUnsatDiseq then
+    trace[grind.cutsat.assert.unsat] "{← c.pp}"
+    setInconsistent (.diseq c)
+    return ()
+  if c.isTrivial then
+    trace[grind.cutsat.assert.trivial] "{← c.pp}"
+    return ()
+  let k := c.p.gcdCoeffs c.p.getConst
+  let c := if k == 1 then
+    c
+  else
+    { p := c.p.div k, h := .divCoeffs c }
+  if (← c.findLe) then
+    return ()
+  let .add _ x _ := c.p | c.throwUnexpected
+  c.p.updateOccs
+  trace[grind.cutsat.assert.store] "{← c.pp}"
+  modify' fun s => { s with diseqs := s.diseqs.modify x (·.push c) }
+  if (← c.satisfied) == .false then
+    resetAssignmentFrom x
+
+/--
+Selects the variable in the given linear polynomial whose coefficient has the smallest absolute value.
+-/
+def _root_.Int.Linear.Poly.pickVarToElim? (p : Poly) : Option (Int × Var) :=
+  match p with
+  | .num _ => none
+  | .add k x p => go k x p
+where
+  go (k : Int) (x : Var) (p : Poly) : Int × Var :=
+    if k == 1 || k == -1 then
+      (k, x)
+    else match p with
+      | .num _ => (k, x)
+      | .add k' x' p =>
+        if k'.natAbs < k.natAbs then
+          go k' x' p
+        else
+          go k x p
+
+partial def EqCnstr.applySubsts (c : EqCnstr) : GoalM EqCnstr := withIncRecDepth do
+  let some (x, c₁, p) ← c.p.substVar | return c
+  trace[grind.debug.cutsat.subst] "{← getVar x}, {← c.pp}, {← c₁.pp}"
+  applySubsts { p, h := .subst x c₁ c : EqCnstr }
+
+private def updateDvdCnstr (a : Int) (x : Var) (c : EqCnstr) (y : Var) : GoalM Unit := do
+  let some c' := (← get').dvds[y]! | return ()
+  let b := c'.p.coeff x
+  if b == 0 then return ()
+  modify' fun s => { s with dvds := s.dvds.set y none }
+  let c' ← c'.applyEq a x c b
+  c'.assert
+
+private def splitLeCnstrs (x : Var) (cs : PArray LeCnstr) : PArray LeCnstr × Array (Int × LeCnstr) :=
+  split cs fun c => c.p.coeff x
+
+/--
+Given an equation `c₁` containing `a*x`, eliminate `x` from the inequalities in `todo`.
+`todo` contains pairs of the form `(b, c₂)` where `b` is the coefficient of `x` in `c₂`.
+-/
+private def updateLeCnstrs (a : Int) (x : Var) (c₁ : EqCnstr) (todo : Array (Int × LeCnstr)) : GoalM Unit := do
+  for (b, c₂) in todo do
+    let c₂ ← c₂.applyEq a x c₁ b
+    c₂.assert
+    if (← inconsistent) then return ()
+
+/--
+Given an equation `c₁` containing `a*x`, eliminate `x` from lower bound inequalities of `y`.
+-/
+private def updateLowers (a : Int) (x : Var) (c : EqCnstr) (y : Var) : GoalM Unit := do
+  if (← inconsistent) then return ()
+  let (lowers', todo) := splitLeCnstrs x (← get').lowers[y]!
+  modify' fun s => { s with lowers := s.lowers.set y lowers' }
+  updateLeCnstrs a x c todo
+
+/--
+Given an equation `c₁` containing `a*x`, eliminate `x` from upper bound inequalities of `y`.
+-/
+private def updateUppers (a : Int) (x : Var) (c : EqCnstr) (y : Var) : GoalM Unit := do
+  if (← inconsistent) then return ()
+  let (uppers', todo) := splitLeCnstrs x (← get').uppers[y]!
+  modify' fun s => { s with uppers := s.uppers.set y uppers' }
+  updateLeCnstrs a x c todo
+
+private def splitDiseqs (x : Var) (cs : PArray DiseqCnstr) : PArray DiseqCnstr × Array (Int × DiseqCnstr) :=
+  split cs fun c => c.p.coeff x
+
+private def updateDiseqs (a : Int) (x : Var) (c : EqCnstr) (y : Var) : GoalM Unit := do
+  if (← inconsistent) then return ()
+  let (diseqs', todo) := splitDiseqs x (← get').diseqs[y]!
+  modify' fun s => { s with diseqs := s.diseqs.set y diseqs' }
+  for (b, c₂) in todo do
+    let c₂ ← c₂.applyEq a x c b
+    c₂.assert
+    if (← inconsistent) then return ()
+
+private def updateOccsAt (k : Int) (x : Var) (c : EqCnstr) (y : Var) : GoalM Unit := do
+  updateDvdCnstr k x c y
+  updateLowers k x c y
+  updateUppers k x c y
+  updateDiseqs k x c y
+
+private def updateOccs (k : Int) (x : Var) (c : EqCnstr) : GoalM Unit := do
+  let ys := (← get').occurs[x]!
+  modify' fun s => { s with occurs := s.occurs.set x {} }
+  updateOccsAt k x c x
+  for y in ys do
+    updateOccsAt k x c y
+
+@[export lean_grind_cutsat_assert_eq]
+def EqCnstr.assertImpl (c : EqCnstr) : GoalM Unit := do
+  if (← inconsistent) then return ()
+  trace[grind.cutsat.assert] "{← c.pp}"
+  let c ← c.norm.applySubsts
+  if c.p.isUnsatEq then
+    trace[grind.cutsat.assert.unsat] "{← c.pp}"
+    setInconsistent (.eq c)
+    return ()
+  if c.isTrivial then
+    trace[grind.cutsat.assert.trivial] "{← c.pp}"
+    return ()
+  let k := c.p.gcdCoeffs'
+  if c.p.getConst % k > 0 then
+    setInconsistent (.eq c)
+    return ()
+  let c := if k == 1 then
+    c
+  else
+    { p := c.p.div k, h := .divCoeffs c }
+  let some (k, x) := c.p.pickVarToElim? | c.throwUnexpected
+  trace[grind.debug.cutsat.subst] ">> {← getVar x}, {← c.pp}"
+  trace[grind.cutsat.assert.store] "{← c.pp}"
+  modify' fun s => { s with
+    elimEqs := s.elimEqs.set x (some c)
+    elimStack := x :: s.elimStack
+  }
+  updateOccs k x c
+  if (← inconsistent) then return ()
+  -- assert a divisibility constraint IF `|k| != 1`
+  if k.natAbs != 1 then
+    let p := c.p.insert (-k) x
+    let d := Int.ofNat k.natAbs
+    { d, p, h := .ofEq x c : DvdCnstr }.assert
+
+private def exprAsPoly (a : Expr) : GoalM Poly := do
+  if let some k ← getIntValue? a then
+    return .num k
+  else if let some var := (← get').varMap.find? { expr := a } then
+    return .add 1 var (.num 0)
+  else
+    throwError "internal `grind` error, expression is not relevant to cutsat{indentExpr a}"
+
+private def processNewIntEq (a b : Expr) : GoalM Unit := do
+  let p₁ ← exprAsPoly a
+  let p₂ ← exprAsPoly b
+  -- Remark: we don't need to use the comm ring normalizer here because `p` is always linear.
+  let p := p₁.combine (p₂.mul (-1))
+  { p, h := .core a b p₁ p₂ : EqCnstr }.assert
+
+/-- Asserts a constraint coming from the core. -/
+private def EqCnstr.assertCore (c : EqCnstr) : GoalM Unit := do
+  if let some (re, rp, p) ← c.p.normCommRing? then
+    let c := { p, h := .commRingNorm c re rp : EqCnstr}
+    c.assert
+  else
+    c.assert
+
+private def processNewNatEq (a b : Expr) : GoalM Unit := do
+  let (lhs, rhs) ← Int.OfNat.toIntEq a b
+  let gen ← getGeneration a
+  let ctx ← getNatVars
+  let lhs' ← toLinearExpr (← lhs.denoteAsIntExpr ctx) gen
+  let rhs' ← toLinearExpr (← rhs.denoteAsIntExpr ctx) gen
+  let p := lhs'.sub rhs' |>.norm
+  let c := { p, h := .coreNat a b lhs rhs lhs' rhs' : EqCnstr }
+  trace[grind.debug.cutsat.nat] "{← c.pp}"
+  c.assertCore
+
+private def processNewToIntEq (a b : Expr) : ToIntM Unit := do
+  let gen := max (← getGeneration a) (← getGeneration b)
+  let (a', h₁) ← toInt a
+  let (b', h₂) ← toInt b
+  let thm := mkApp6 (← getInfo).ofEq a b a' b' h₁ h₂
+  let lhs ← toLinearExpr a' gen
+  let rhs ← toLinearExpr b' gen
+  let p := lhs.sub rhs |>.norm
+  let c := { p, h := .coreToInt a b thm lhs rhs : EqCnstr }
+  c.assertCore
+
+@[export lean_process_cutsat_eq]
+def processNewEqImpl (a b : Expr) : GoalM Unit := do
+  unless (← getConfig).cutsat do return ()
+  if (← isNatTerm a <&&> isNatTerm b) then
+    processNewNatEq a b
+  else if (← isIntTerm a <&&> isIntTerm b) then
+    processNewIntEq a b
+  else
+    let some α ← getToIntTermType? a | return ()
+    let some β ← getToIntTermType? b | return ()
+    unless isSameExpr α β do return ()
+    ToIntM.run α do processNewToIntEq a b
+
+private def processNewIntDiseq (a b : Expr) : GoalM Unit := do
+  -- Remark: we don't need to use comm ring to normalize these polynomials because they are
+  -- always linear.
+  let p₁ ← exprAsPoly a
+  let c ← if let some 0 ← getIntValue? b then
+    pure { p := p₁, h := .core0 a b : DiseqCnstr }
+  else
+    let p₂ ← exprAsPoly b
+    let p := p₁.combine (p₂.mul (-1))
+    pure {p, h := .core a b p₁ p₂ : DiseqCnstr }
+  c.assert
+
+/-- Asserts a constraint coming from the core. -/
+private def DiseqCnstr.assertCore (c : DiseqCnstr) : GoalM Unit := do
+  if let some (re, rp, p) ← c.p.normCommRing? then
+    let c := { p, h := .commRingNorm c re rp : DiseqCnstr }
+    c.assert
+  else
+    c.assert
+
+private def processNewNatDiseq (a b : Expr) : GoalM Unit := do
+  let (lhs, rhs) ← Int.OfNat.toIntEq a b
+  let gen ← getGeneration a
+  let ctx ← getNatVars
+  let lhs' ← toLinearExpr (← lhs.denoteAsIntExpr ctx) gen
+  let rhs' ← toLinearExpr (← rhs.denoteAsIntExpr ctx) gen
+  let p := lhs'.sub rhs' |>.norm
+  let c := { p, h := .coreNat a b lhs rhs lhs' rhs' : DiseqCnstr }
+  c.assertCore
+
+private def processNewToIntDiseq (a b : Expr) : ToIntM Unit := do
+  let gen := max (← getGeneration a) (← getGeneration b)
+  let (a', h₁) ← toInt a
+  let (b', h₂) ← toInt b
+  let thm := mkApp6 (← getInfo).ofDiseq a b a' b' h₁ h₂
+  let lhs ← toLinearExpr a' gen
+  let rhs ← toLinearExpr b' gen
+  let p := lhs.sub rhs |>.norm
+  let c := { p, h := .coreToInt a b thm lhs rhs : DiseqCnstr }
+  c.assertCore
+
+@[export lean_process_cutsat_diseq]
+def processNewDiseqImpl (a b : Expr) : GoalM Unit := do
+  unless (← getConfig).cutsat do return ()
+  if (← isNatTerm a <&&> isNatTerm b) then
+    processNewNatDiseq a b
+  else if (← isIntTerm a <&&> isIntTerm b) then
+    processNewIntDiseq a b
+  else
+    let some α ← getToIntTermType? a | return ()
+    let some β ← getToIntTermType? b | return ()
+    unless isSameExpr α β do return ()
+    ToIntM.run α do processNewToIntDiseq a b
+
+/-- Different kinds of terms internalized by this module. -/
+private inductive SupportedTermKind where
+  | add | mul | num | div | mod | sub | pow | natAbs | toNat | natCast | neg
+  deriving BEq
+
+private def getKindAndType? (e : Expr) : Option (SupportedTermKind × Expr) :=
+  match_expr e with
+  | HAdd.hAdd α _ _ _ _ _ => some (.add, α)
+  | HSub.hSub α _ _ _ _ _ => some (.sub, α)
+  | HMul.hMul α _ _ _ _ _ => some (.mul, α)
+  | HDiv.hDiv α _ _ _ _ _ => some (.div, α)
+  | HMod.hMod α _ _ _ _ _ => some (.mod, α)
+  | HPow.hPow α _ _ _ _ _ => some (.pow, α)
+  | OfNat.ofNat α _ _     => some (.num, α)
+  | Neg.neg α _ a =>
+    let_expr OfNat.ofNat _ _ _ := a | some (.neg, α)
+    some (.num, α)
+  | Int.natAbs _ => some (.natAbs, Nat.mkType)
+  | Int.toNat _ => some (.toNat, Nat.mkType)
+  | NatCast.natCast α _ _ => some (.natCast, α)
+  | _ => none
+
+private def isForbiddenParent (parent? : Option Expr) (k : SupportedTermKind) : Bool := Id.run do
+  let some parent := parent? | return false
+  let .const declName _ := parent.getAppFn | return false
+  -- TODO: document `NatCast.natCast` case.
+  -- Remark: we added it to prevent natCast_sub from being expanded twice.
+  if declName == ``NatCast.natCast then return true
+  if k matches .div | .mod | .sub | .pow | .neg | .natAbs | .toNat | .natCast then return false
+  if declName == ``HAdd.hAdd || declName == ``LE.le || declName == ``Dvd.dvd then return true
+  match k with
+  | .add => return false
+  | .mul => return declName == ``HMul.hMul
+  | .num =>
+    -- Recall that we don't want to internalize numerals occurring at terms such as `x^3`.
+    return declName == ``HMul.hMul || declName == ``HPow.hPow
+  | _ => unreachable!
+
+private def internalizeInt (e : Expr) : GoalM Unit := do
+  if (← hasVar e) then return ()
+  let p ← toPoly e
+  trace[grind.debug.cutsat.internalize] "{aquote e}:= {← p.pp}"
+  let x ← mkVar e
+  if p == .add 1 x (.num 0) then
+    -- It is pointless to assert `x = x`
+    -- This can happen if `e` is a nonlinear term (e.g., `e` is `a*b`)
+    return
+  if let some (re, rp, p') ← p.normCommRing? then
+    let c := { p := .add (-1) x p', h := .defnCommRing e p re rp p' : EqCnstr }
+    c.assert
+  else
+    let c := { p := .add (-1) x p, h := .defn e p : EqCnstr }
+    c.assert
+
+private def expandDivMod (a : Expr) (b : Int) : GoalM Unit := do
+  if b == 0 || b == 1 || b == -1 then
+    throwError "`grind` internal error, found non-normalized div/mod by {b}"
+  if (← get').divMod.contains (a, b) then return ()
+  modify' fun s => { s with divMod := s.divMod.insert (a, b) }
+  let n : Int := 1 - b.natAbs
+  let b := mkIntLit b
+  pushNewFact <| mkApp2 (mkConst ``Int.Linear.ediv_emod) a b
+  pushNewFact <| mkApp3 (mkConst ``Int.Linear.emod_nonneg) a b reflBoolTrue
+  pushNewFact <| mkApp4 (mkConst ``Int.Linear.emod_le) a b (toExpr n) reflBoolTrue
+
+private def propagateDiv (e : Expr) : GoalM Unit := do
+  let_expr HDiv.hDiv _ _ _ inst a b ← e | return ()
+  if (← isInstHDivInt inst) then
+    let some b ← getIntValue? b | return ()
+    -- Remark: we currently do not consider the case where `b` is in the equivalence class of a numeral.
+    expandDivMod a b
+
+private def propagateMod (e : Expr) : GoalM Unit := do
+  let_expr HMod.hMod _ _ _ inst a b ← e | return ()
+  if (← isInstHModInt inst) then
+    let some b ← getIntValue? b | return ()
+    expandDivMod a b
+
+private def propagateNatSub (e : Expr) : GoalM Unit := do
+  let_expr HSub.hSub _ _ _ inst a b := e | return ()
+  unless (← isInstHSubNat inst) do return ()
+  discard <| mkNatVar a
+  discard <| mkNatVar b
+  pushNewFact <| mkApp2 (mkConst ``Int.Linear.natCast_sub) a b
+
+private def propagateNatAbs (e : Expr) : GoalM Unit := do
+  let_expr Int.natAbs a := e | return ()
+  pushNewFact <| mkApp (mkConst ``Lean.Omega.Int.ofNat_natAbs) a
+
+private def propagateToNat (e : Expr) : GoalM Unit := do
+  let_expr Int.toNat a := e | return ()
+  pushNewFact <| mkApp (mkConst ``Int.OfNat.ofNat_toNat) a
+
+private def internalizeNat (e : Expr) : GoalM Unit := do
+  let e' : Int.OfNat.Expr ← Int.OfNat.toOfNatExpr e
+  let gen ← getGeneration e
+  let ctx ← getNatVars
+  let e'' : Expr ← e'.denoteAsIntExpr ctx
+  -- If `e''` is of the form `NatCast.natCast e`, then it is wasteful to
+  -- assert an equality
+  match_expr e'' with
+  | NatCast.natCast _ _ a => if e == a then return ()
+  | _ => pure ()
+  let e'' : Int.Linear.Expr ← toLinearExpr e'' gen
+  let p := e''.norm
+  let natCast_e ← shareCommon (mkIntNatCast e)
+  internalize natCast_e gen
+  trace[grind.debug.cutsat.internalize] "{aquote natCast_e}:= {← p.pp}"
+  let x ← mkVar natCast_e
+  modify' fun s => { s with natDef := s.natDef.insert { expr := e } x }
+  if let some (re, rp, p') ← p.normCommRing? then
+    let c := { p := .add (-1) x p', h := .defnNatCommRing e' x e'' p re rp p' : EqCnstr }
+    c.assert
+  else
+    let c := { p := .add (-1) x p, h := .defnNat e' x e'' : EqCnstr }
+    c.assert
+
+private def isToIntForbiddenParent (parent? : Option Expr) : Bool :=
+  if let some parent := parent? then
+    getKindAndType? parent |>.isSome
+  else
+    false
+
+private def internalizeIntTerm (e type : Expr) (parent? : Option Expr) (k : SupportedTermKind) : GoalM Unit := do
+  if isForbiddenParent parent? k then return ()
+  trace[grind.debug.cutsat.internalize] "{e} : {type}"
+  match k with
+  | .div => propagateDiv e
+  | .mod => propagateMod e
+  | _ => internalizeInt e
+
+private def internalizeNatTerm (e type : Expr) (parent? : Option Expr) (k : SupportedTermKind) : GoalM Unit := do
+  if isForbiddenParent parent? k then return ()
+  if (← isNatTerm e) then return ()
+  trace[grind.debug.cutsat.internalize] "{e} : {type}"
+  discard <| mkNatVar e
+  match k with
+  | .sub => propagateNatSub e
+  | .natAbs => propagateNatAbs e
+  | .toNat => propagateToNat e
+  | _ => internalizeNat e
+
+private def internalizeToIntTerm (e type : Expr) : GoalM Unit := do
+  if (← isToIntTerm e) then return () -- already internalized
+  if let some (eToInt, he) ← toInt? e type then
+    trace[grind.debug.cutsat.internalize] "{e} : {type}"
+    trace[grind.debug.cutsat.toInt] "{e} ==> {eToInt}"
+    let α := type
+    modify' fun s => { s with
+      toIntTermMap := s.toIntTermMap.insert { expr := e } { eToInt, he, α }
+    }
+    markAsCutsatTerm e
+
+/--
+Internalizes an integer (and `Nat`) expression. Here are the different cases that are handled.
+
+- `a + b` when `parent?` is not `+`, `≤`, or `∣`
+- `k * a` when `k` is a numeral and `parent?` is not `+`, `*`, `≤`, `∣`
+- numerals when `parent?` is not `+`, `*`, `≤`, `∣`.
+  Recall that we must internalize numerals to make sure we can propagate equalities
+  back to the congruence closure module. Example: we have `f 5`, `f x`, `x - y = 3`, `y = 2`.
+-/
+def internalize (e : Expr) (parent? : Option Expr) : GoalM Unit := do
+  unless (← getConfig).cutsat do return ()
+  if let some (k, type) := getKindAndType? e then
+    if type.isConstOf ``Int then
+      internalizeIntTerm e type parent? k
+    else if type.isConstOf ``Nat then
+      internalizeNatTerm e type parent? k
+    else
+      if isToIntForbiddenParent parent? then return ()
+      internalizeToIntTerm e type
+  else
+    /-
+    Remark: types implementing the `ToInt` class have a finite number
+    of elements. Thus, we must internalize all of them. Otherwise,
+    `grind` would fail to solve
+    ```
+    example (a : Fin 2) : a ≠ 0 → a ≠ 1 → False := by
+      grind
+    ```
+    It is not sufficient to internalize only the terms occurring in equalities and inequalities.
+    Here is an example where we must internalize `a`.
+    ```
+    example (a : Fin 2) (f : Fin 2 → Nat) : f 0 = 1 → f 1 = 1 → f a = 1 → False := by
+      grind
+    ```
+    Note that is not sufficient to internalize only the local declarations (e.g., `a`).
+    ```
+    example (g : Nat → Fin 2) (f : Fin 2 → Nat) : f 0 = 1 → f 1 = 1 → f (g 1) = 1 → False := by
+      grind
+    ```
+    That said, we currently do **not** support model-based theory combination for `ToInt` types.
+    Thus, we consider the extra terms occurring in equalities.
+
+    Recall that skip internalizing `Int` variables occurring in terms such as
+    ```
+    a = b
+    ```
+    is fine, because `Int` has an infinite number of elements, just using
+    the information in core, we can always find an assignment for them if even they have
+    not been internalized.
+
+    TODO: infer type and internalize all terms `a : α` s.t. `[ToInt α]` after we add
+    model-based theory combination for `ToInt`. One concern is performance, we will have
+    to use `inferType` again, and perform some form of canonicalization. Running
+    `ToInt` for them may be too expensive because the `ToInt` type class has output parameters.
+    Perhaps, we should have a `HasToInt` auxiliary class without output parameters.
+    -/
+    let_expr Eq α a b := e | return ()
+    unless (← getToIntInfo? α).isSome do return ()
+    internalizeToIntTerm a α
+    internalizeToIntTerm b α
+
+end Lean.Meta.Grind.Arith.Cutsat

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Cutsat/Inv.lean

@@ -0,0 +1,119 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Util
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Var
+
+namespace Int.Linear
+/-- Returns `true` if all coefficients are not `0`. -/
+def Poly.checkCoeffs : Poly → Bool
+  | .num _ => true
+  | .add k _ p => k != 0 && checkCoeffs p
+
+end Int.Linear
+
+namespace Lean.Meta.Grind.Arith.Cutsat
+
+def _root_.Int.Linear.Poly.checkNoElimVars (p : Poly) : GoalM Unit := do
+  let .add _ x p := p | return ()
+  assert! !(← eliminated x)
+  checkNoElimVars p
+
+def _root_.Int.Linear.Poly.checkOccs (p : Poly) : GoalM Unit := do
+  let .add _ y p := p | return ()
+  let rec go (p : Poly) : GoalM Unit := do
+    let .add _ x p := p | return ()
+    assert! (← getOccursOf x).contains y
+    go p
+  go p
+
+def _root_.Int.Linear.Poly.checkCnstrOf (p : Poly) (x : Var) : GoalM Unit := do
+  assert! p.isSorted
+  assert! p.checkCoeffs
+  unless (← inconsistent) do
+    p.checkNoElimVars
+    p.checkOccs
+  let .add _ y _ := p | unreachable!
+  assert! x == y
+
+def checkLeCnstrs (css : PArray (PArray LeCnstr)) (isLower : Bool) : GoalM Unit := do
+  let mut x := 0
+  for cs in css do
+    for c in cs do
+      c.p.checkCnstrOf x
+      let .add a _ _ := c.p | unreachable!
+      assert! isLower == (a < 0)
+    x := x + 1
+  return ()
+
+def checkLowers : GoalM Unit := do
+  let s ← get'
+  assert! s.lowers.size == s.vars.size
+  checkLeCnstrs s.lowers (isLower := true)
+
+def checkUppers : GoalM Unit := do
+  let s ← get'
+  assert! s.uppers.size == s.vars.size
+  checkLeCnstrs s.uppers (isLower := false)
+
+def checkDvds : GoalM Unit := do
+  let s ← get'
+  assert! s.vars.size == s.dvds.size
+  let mut x := 0
+  for c? in s.dvds do
+    if let some c := c? then
+      c.p.checkCnstrOf x
+      assert! c.d > 1
+    x := x + 1
+
+def checkVars : GoalM Unit := do
+  let s ← get'
+  let mut num := 0
+  for ({ expr }, var) in s.varMap do
+    if h : var < s.vars.size then
+      let expr' := s.vars[var]
+      assert! isSameExpr expr expr'
+    else
+      unreachable!
+    num := num + 1
+  assert! s.vars.size == num
+
+def checkElimEqs : GoalM Unit := do
+  let s ← get'
+  assert! s.elimEqs.size == s.vars.size
+  let mut x := 0
+  for c? in s.elimEqs do
+    if let some c := c? then
+      assert! c.p.isSorted
+      assert! c.p.checkCoeffs
+      assert! s.elimStack.contains x
+      assert! c.p.coeff x != 0
+    x := x + 1
+
+def checkElimStack : GoalM Unit := do
+  for x in (← get').elimStack do
+    assert! (← eliminated x)
+
+def checkDiseqCnstrs : GoalM Unit := do
+  let s ← get'
+  assert! s.vars.size == s.diseqs.size
+  let mut x := 0
+  for cs in s.diseqs do
+    for c in cs do
+      c.p.checkCnstrOf x
+    x := x + 1
+  return ()
+
+def checkInvariants : GoalM Unit := do
+  checkVars
+  checkDvds
+  checkLowers
+  checkUppers
+  checkElimEqs
+  checkElimStack
+  checkDiseqCnstrs
+
+end Lean.Meta.Grind.Arith.Cutsat

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Cutsat/LeCnstr.lean

@@ -0,0 +1,212 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Simp.Arith.Int
+import Lean.Meta.Tactic.Grind.PropagatorAttr
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Var
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Util
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Proof
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Nat
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Norm
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.ToInt
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.CommRing
+
+namespace Lean.Meta.Grind.Arith.Cutsat
+
+def LeCnstr.norm (c : LeCnstr) : LeCnstr :=
+  let c := if c.p.isSorted then
+    c
+  else
+    { p := c.p.norm, h := .norm c }
+  let k := c.p.gcdCoeffs'
+  if k != 1 then
+    { p := c.p.div k, h := .divCoeffs c }
+  else
+    c
+
+/--
+Given an equation `c₁` containing the monomial `a*x`, and an inequality constraint `c₂`
+containing the monomial `b*x`, eliminate `x` by applying substitution.
+-/
+def LeCnstr.applyEq (a : Int) (x : Var) (c₁ : EqCnstr) (b : Int) (c₂ : LeCnstr) : GoalM LeCnstr := do
+  let p := c₁.p
+  let q := c₂.p
+  let p := if a ≥ 0 then
+    q.mul a |>.combine (p.mul (-b))
+  else
+    p.mul b |>.combine (q.mul (-a))
+  trace[grind.cutsat.subst] "{← getVar x}, {← c₁.pp}, {← c₂.pp}"
+  return { p, h := .subst x c₁ c₂ }
+
+partial def LeCnstr.applySubsts (c : LeCnstr) : GoalM LeCnstr := withIncRecDepth do
+  let some (b, x, c₁) ← c.p.findVarToSubst | return c
+  let a := c₁.p.coeff x
+  let c ← c.applyEq a x c₁ b
+  applySubsts c
+
+def _root_.Int.Linear.Poly.isNegEq (p₁ p₂ : Poly) : Bool :=
+  match p₁, p₂ with
+  | .num k₁, .num k₂ => k₁ == -k₂
+  | .add a₁ x p₁, .add a₂ y p₂ => a₁ == -a₂ && x == y && isNegEq p₁ p₂
+  | _, _ => false
+
+def LeCnstr.erase (c : LeCnstr) : GoalM Unit := do
+  let .add a x _ := c.p | c.throwUnexpected
+  if a < 0 then
+    modify' fun s => { s with lowers := s.lowers.modify x fun cs' => cs'.filter fun c' => c'.p != c.p }
+  else
+    modify' fun s => { s with uppers := s.uppers.modify x fun cs' => cs'.filter fun c' => c'.p != c.p }
+
+/--
+Given a lower (upper) bound constraint `c`, tries to find
+an imply equality by searching a upper (lower) bound constraint `c'` such that
+`c.p == -c'.p`
+-/
+private def findEq (c : LeCnstr) : GoalM Bool := do
+  let .add a x _ := c.p | c.throwUnexpected
+  let s ← get'
+  let cs' := if a < 0 then s.uppers[x]! else s.lowers[x]!
+  for c' in cs' do
+    if c.p.isNegEq c'.p then
+      c'.erase
+      let eq := { p := c.p, h := .ofLeGe c c' : EqCnstr }
+      trace[grind.debug.cutsat.eq] "new eq: {← eq.pp}"
+      eq.assert
+      return true
+  return false
+
+/--
+Applies `p ≤ 0 → p ≠ 0 → p + 1 ≤ 0`
+-/
+private def refineWithDiseq (c : LeCnstr) : GoalM LeCnstr := do
+  let .add _ x _ := c.p | c.throwUnexpected
+  let mut c := c
+  repeat
+    let some c' ← refineWithDiseqStep? x c | return c
+    c := c'
+  return c
+where
+  refineWithDiseqStep? (x : Var) (c : LeCnstr) : GoalM (Option LeCnstr) := do
+    let s ← get'
+    let cs' := s.diseqs[x]!
+    for c' in cs' do
+      if c.p == c'.p || c.p.isNegEq c'.p then
+        -- Remove `c'`
+        modify' fun s => { s with diseqs := s.diseqs.modify x fun cs' => cs'.filter fun c => c.p != c'.p }
+        return some { p := c.p.addConst 1, h := .ofLeDiseq c c' }
+    return none
+
+@[export lean_grind_cutsat_assert_le]
+def LeCnstr.assertImpl (c : LeCnstr) : GoalM Unit := do
+  if (← inconsistent) then return ()
+  trace[grind.cutsat.assert] "{← c.pp}"
+  let c ← c.norm.applySubsts
+  if c.isUnsat then
+    trace[grind.cutsat.assert.unsat] "{← c.pp}"
+    setInconsistent (.le c)
+    return ()
+  if c.isTrivial then
+    trace[grind.cutsat.assert.trivial] "{← c.pp}"
+    return ()
+  let .add a x _ := c.p | c.throwUnexpected
+  if (← findEq c) then
+    return ()
+  let c ← refineWithDiseq c
+  trace[grind.cutsat.assert.store] "{← c.pp}"
+  c.p.updateOccs
+  if a < 0 then
+    modify' fun s => { s with lowers := s.lowers.modify x (·.push c) }
+  else
+    modify' fun s => { s with uppers := s.uppers.modify x (·.push c) }
+  if (← c.satisfied) == .false then
+    resetAssignmentFrom x
+
+private def reportNonNormalized (e : Expr) : GoalM Unit := do
+  reportIssue! "unexpected non normalized inequality constraint found{indentExpr e}"
+
+private def toPolyLe? (e : Expr) : GoalM (Option Poly) := do
+  let_expr LE.le _ inst a b ← e | return none
+  unless (← isInstLEInt inst) do return none
+  let some k ← getIntValue? b
+    | reportNonNormalized e; return none
+  unless k == 0 do
+    reportNonNormalized e; return none
+  return some (← toPoly a)
+
+/-- Asserts a constraint coming from the core. -/
+private def LeCnstr.assertCore (c : LeCnstr) : GoalM Unit := do
+  if let some (re, rp, p) ← c.p.normCommRing? then
+    let c := { p, h := .commRingNorm c re rp : LeCnstr}
+    c.assert
+  else
+    c.assert
+
+/--
+Given an expression `e` that is in `True` (or `False` equivalence class), if `e` is an
+integer inequality, asserts it to the cutsat state.
+-/
+def propagateIntLe (e : Expr) (eqTrue : Bool) : GoalM Unit := do
+  let some p ← toPolyLe? e | return ()
+  let c ← if eqTrue then
+    pure { p, h := .core e : LeCnstr }
+  else
+    pure { p := p.mul (-1) |>.addConst 1, h := .coreNeg e p : LeCnstr }
+  c.assertCore
+
+def propagateNatLe (e : Expr) (eqTrue : Bool) : GoalM Unit := do
+  let some (lhs, rhs) ← Int.OfNat.toIntLe? e | return ()
+  let gen ← getGeneration e
+  let ctx ← getNatVars
+  let lhs' ← toLinearExpr (← lhs.denoteAsIntExpr ctx) gen
+  let rhs' ← toLinearExpr (← rhs.denoteAsIntExpr ctx) gen
+  let p := lhs'.sub rhs' |>.norm
+  let c ← if eqTrue then
+    pure { p, h := .coreNat e lhs rhs lhs' rhs' : LeCnstr }
+  else
+    pure { p := p.mul (-1) |>.addConst 1, h := .coreNatNeg e lhs rhs lhs' rhs' : LeCnstr }
+  c.assertCore
+
+def propagateToIntLe (e : Expr) (eqTrue : Bool) : ToIntM Unit := do
+  let some thm ← if eqTrue then pure (← getInfo).ofLE? else pure (← getInfo).ofNotLE? | return ()
+  let_expr LE.le _ _ a b := e | return ()
+  let gen ← getGeneration e
+  let (a', h₁) ← toInt a
+  let (b', h₂) ← toInt b
+  let thm := mkApp6 thm a b a' b' h₁ h₂
+  let (a', b') := if eqTrue then (a', b') else (mkIntAdd b' (mkIntLit 1), a')
+  let lhs ← toLinearExpr a' gen
+  let rhs ← toLinearExpr b' gen
+  let p := lhs.sub rhs |>.norm
+  let c := { p, h := .coreToInt e eqTrue thm lhs rhs : LeCnstr }
+  c.assertCore
+
+def propagateLe (e : Expr) (eqTrue : Bool) : GoalM Unit := do
+  unless (← getConfig).cutsat do return ()
+  let_expr LE.le α _ _ _ := e | return ()
+  if α.isConstOf ``Nat then
+    propagateNatLe e eqTrue
+  else if α.isConstOf ``Int then
+    propagateIntLe e eqTrue
+  else ToIntM.run α do
+    propagateToIntLe e eqTrue
+
+def propagateLt (e : Expr) (eqTrue : Bool) : GoalM Unit := do
+  unless (← getConfig).cutsat do return ()
+  let_expr LT.lt α _ a b := e | return ()
+  ToIntM.run α do
+    let some thm ← if eqTrue then pure (← getInfo).ofLT? else pure (← getInfo).ofNotLT? | return ()
+    let gen ← getGeneration e
+    let (a', h₁) ← toInt a
+    let (b', h₂) ← toInt b
+    let thm := mkApp6 thm a b a' b' h₁ h₂
+    let (a', b') := if eqTrue then (mkIntAdd a' (mkIntLit 1), b') else (b', a')
+    let lhs ← toLinearExpr a' gen
+    let rhs ← toLinearExpr b' gen
+    let p := lhs.sub rhs |>.norm
+    let c := { p, h := .coreToInt e eqTrue thm lhs rhs : LeCnstr }
+    c.assert
+
+end Lean.Meta.Grind.Arith.Cutsat

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Cutsat/MBTC.lean

@@ -0,0 +1,45 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.Canon
+import Lean.Meta.Tactic.Grind.MBTC
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Model
+
+namespace Lean.Meta.Grind.Arith.Cutsat
+
+private def getAssignmentExt? (e : Expr) : GoalM (Option Rat) := do
+  let val? ← getAssignment? (← get) e
+  if val?.isSome then
+    return val?
+  let type ← inferType e
+  if type == Nat.mkType then
+    for parent in (← getParents e) do
+      let_expr NatCast.natCast _ inst _ := parent | pure ()
+      let_expr instNatCastInt := inst | pure ()
+      return (← getAssignment? (← get) parent)
+  return none
+
+private def hasTheoryVar (e : Expr) : GoalM Bool := do
+  return (← getAssignmentExt? e).isSome
+
+private def isInterpreted (e : Expr) : GoalM Bool := do
+  if isInterpretedTerm e then return true
+  let f := e.getAppFn
+  return f.isConstOf ``LE.le || f.isConstOf ``Dvd.dvd
+
+private def eqAssignment (a b : Expr) : GoalM Bool := do
+  let some v₁ ← getAssignmentExt? a | return false
+  let some v₂ ← getAssignmentExt? b | return false
+  return v₁ == v₂
+
+def mbtc : GoalM Bool := do
+  Grind.mbtc {
+    hasTheoryVar := hasTheoryVar
+    isInterpreted := isInterpreted
+    eqAssignment := eqAssignment
+  }
+
+end Lean.Meta.Grind.Arith.Cutsat

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Cutsat/Model.lean

@@ -0,0 +1,77 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Init.Grind.ToInt
+import Lean.Meta.Tactic.Grind.Types
+import Lean.Meta.Tactic.Grind.Arith.ModelUtil
+
+namespace Lean.Meta.Grind.Arith.Cutsat
+
+private def isIntNatENode (n : ENode) : MetaM Bool :=
+  withDefault do
+    let type ← inferType n.self
+    isDefEq type Int.mkType
+    <||>
+    isDefEq type Nat.mkType
+
+private def getCutsatAssignment? (goal : Goal) (node : ENode) : Option Rat := Id.run do
+  assert! isSameExpr node.self node.root
+  let some e := node.cutsat? | return none
+  let some x := goal.arith.cutsat.varMap.find? { expr := e } | return none
+  if h : x < goal.arith.cutsat.assignment.size then
+    return goal.arith.cutsat.assignment[x]
+  else
+    return none
+
+private def natCastToInt? (e : Expr) : Option Expr :=
+  match_expr e with
+  | NatCast.natCast _ inst a =>
+    let_expr instNatCastInt := inst | none
+    some a
+  | Grind.ToInt.toInt _ _ _ a => some a
+  | _ => none
+
+def getAssignment? (goal : Goal) (e : Expr) : MetaM (Option Rat) := do
+  let node ← goal.getENode (← goal.getRoot e)
+  if let some v := getCutsatAssignment? goal node then
+    return some v
+  else if let some v ← getIntValue? node.self then
+    return some v
+  else if let some v ← getNatValue? node.self then
+    return some (Int.ofNat v)
+  else
+    return none
+
+/--
+Construct a model that satisfies all constraints in the cutsat model.
+It also assigns values to integer terms that have not been internalized by the
+cutsat model.
+
+Remark: it uses rational numbers because cutsat may have failed to build an
+integer model.
+-/
+def mkModel (goal : Goal) : MetaM (Array (Expr × Rat)) := do
+  let mut model := {}
+  -- Assign on expressions associated with cutsat terms or interpreted terms
+  for e in goal.exprs do
+    let node ← goal.getENode e
+    if node.isRoot then
+    if (← isIntNatENode node) then
+      if let some v ← getAssignment? goal node.self then
+        model := assignEqc goal node.self v model
+  -- Assign natCast and toInt terms
+  for e in goal.exprs do
+    let node ← goal.getENode e
+    let i := node.self
+    let some n := natCastToInt? i | pure ()
+    if model[n]?.isNone then
+      let some v := model[i]? | pure ()
+      model := assignEqc goal n v model
+  let r ← finalizeModel goal isIntNatENode model
+  traceModel `grind.cutsat.model r
+  return r
+
+end Lean.Meta.Grind.Arith.Cutsat

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Cutsat/Nat.lean

@@ -0,0 +1,183 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Init.Data.Int.OfNat
+import Lean.Meta.Tactic.Grind.Simp
+import Lean.Meta.Tactic.Simp.Arith.Nat.Basic
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Norm
+
+namespace Lean.Meta.Grind.Arith.Cutsat
+
+def mkNatVar (e : Expr) : GoalM Var := do
+  if let some x := (← get').natVarMap.find? { expr := e } then
+    return x
+  let x := (← get').natVars.size
+  modify' fun s => { s with
+    natVars := s.natVars.push e
+    natVarMap := s.natVarMap.insert { expr := e } x
+  }
+  markAsCutsatTerm e
+  return x
+
+def getNatVars : GoalM (PArray Expr) := do
+  return (← get').natVars
+
+def isNatTerm (e : Expr) : GoalM Bool := do
+  return (← get').natVarMap.contains { expr := e }
+
+end Lean.Meta.Grind.Arith.Cutsat
+
+namespace Int.OfNat
+open Lean
+
+protected def toExpr (e : Expr) : Lean.Expr :=
+  open Int.OfNat.Expr in
+  match e with
+  | .num v    => mkApp (mkConst ``num) (mkNatLit v)
+  | .var i    => mkApp (mkConst ``var) (mkNatLit i)
+  | .add a b  => mkApp2 (mkConst ``add) (OfNat.toExpr a) (OfNat.toExpr b)
+  | .mul a b  => mkApp2 (mkConst ``mul) (OfNat.toExpr a) (OfNat.toExpr b)
+  | .div a b  => mkApp2 (mkConst ``div) (OfNat.toExpr a) (OfNat.toExpr b)
+  | .mod a b  => mkApp2 (mkConst ``mod) (OfNat.toExpr a) (OfNat.toExpr b)
+  | .pow a k  => mkApp2 (mkConst ``pow) (OfNat.toExpr a) (mkNatLit k)
+
+instance : ToExpr OfNat.Expr where
+  toExpr a := OfNat.toExpr a
+  toTypeExpr := mkConst ``OfNat.Expr
+
+open Lean.Meta.Grind
+open Lean.Meta.Grind.Arith.Cutsat
+
+open Meta
+
+def Expr.denoteAsIntExpr (ctx : PArray Lean.Expr) (e : Expr) : GoalM Lean.Expr :=
+  shareCommon (go e)
+where
+  go (e : Expr) : Lean.Expr :=
+    match e with
+    | .num v    => mkIntLit v
+    | .var i    => mkIntNatCast ctx[i]!
+    | .add a b  => mkIntAdd (go a) (go b)
+    | .mul a b  => mkIntMul (go a) (go b)
+    | .div a b  => mkIntDiv (go a) (go b)
+    | .mod a b  => mkIntMod (go a) (go b)
+    | .pow a b  => mkIntPowNat (go a) (mkNatLit b)
+
+partial def toOfNatExpr (e : Lean.Expr) : GoalM Expr := do
+  let mkVar (e : Lean.Expr) : GoalM Expr := do
+    let x ← mkNatVar e
+    return .var x
+  match_expr e with
+  | OfNat.ofNat _ _ _ =>
+    if let some n ← getNatValue? e then
+      return .num n
+    else
+      mkVar e
+  | HAdd.hAdd _ _ _ i a b =>
+    if (← isInstHAddNat i) then return .add (← toOfNatExpr a) (← toOfNatExpr b)
+    else mkVar e
+  | HMul.hMul _ _ _ i a b =>
+    if (← isInstHMulNat i) then return .mul (← toOfNatExpr a) (← toOfNatExpr b)
+    else mkVar e
+  | HDiv.hDiv _ _ _ i a b =>
+    if (← isInstHDivNat i) then return .div (← toOfNatExpr a) (← toOfNatExpr b)
+    else mkVar e
+  | HMod.hMod _ _ _ i a b =>
+    if (← isInstHModNat i) then return .mod (← toOfNatExpr a) (← toOfNatExpr b)
+    else mkVar e
+  | HPow.hPow _ _ _ i a b =>
+    let some k ← getNatValue? b | mkVar e
+    if (← isInstHPowNat i) then return .pow (← toOfNatExpr a) k
+    else mkVar e
+  | _ => mkVar e
+
+/--
+Given `e` of the form `lhs ≤ rhs` where `lhs` and `rhs` have type `Nat`,
+returns `(lhs, rhs)` where `lhs` and `rhs` are `Int.OfNat.Expr`.
+-/
+def toIntLe? (e : Lean.Expr) : GoalM (Option (Expr × Expr)) := do
+  let_expr LE.le _ inst lhs rhs := e | return none
+  unless (← isInstLENat inst) do return none
+  let lhs ← toOfNatExpr lhs
+  let rhs ← toOfNatExpr rhs
+  return some (lhs, rhs)
+
+def toIntDvd? (e : Lean.Expr) : GoalM (Option (Nat × Expr)) := do
+  let_expr Dvd.dvd _ inst a b := e | return none
+  unless (← isInstDvdNat inst) do return none
+  let some d ← getNatValue? a
+    | reportIssue! "non-linear divisibility constraint found{indentExpr e}"
+      return none
+  let b ← toOfNatExpr b
+  return some (d, b)
+
+def toIntEq (lhs rhs : Lean.Expr) : GoalM (Expr × Expr) := do
+  let lhs ← toOfNatExpr lhs
+  let rhs ← toOfNatExpr rhs
+  return (lhs, rhs)
+
+/--
+Given `e` of type `Int`, tries to compute `a : Int.OfNat.Expr` s.t.
+`a.denoteAsInt ctx` is `e`
+-/
+partial def ofDenoteAsIntExpr? (e : Lean.Expr) : OptionT GoalM Expr := do
+  match_expr e with
+  | OfNat.ofNat _ _ _ =>
+    let some n ← getIntValue? e | failure
+    guard (n ≥ 0)
+    return .num n.toNat
+  | HAdd.hAdd _ _ _ i a b =>
+    guard (← isInstHAddInt i)
+    return .add (← ofDenoteAsIntExpr? a) (← ofDenoteAsIntExpr? b)
+  | HMul.hMul _ _ _ i a b =>
+    guard (← isInstHMulInt i)
+    return .mul (← ofDenoteAsIntExpr? a) (← ofDenoteAsIntExpr? b)
+  | HDiv.hDiv _ _ _ i a b =>
+    guard (← isInstHDivInt i)
+    return .div (← ofDenoteAsIntExpr? a) (← ofDenoteAsIntExpr? b)
+  | HMod.hMod _ _ _ i a b =>
+    guard (← isInstHModInt i)
+    return .mod (← ofDenoteAsIntExpr? a) (← ofDenoteAsIntExpr? b)
+  | _ =>
+    let_expr NatCast.natCast _ inst a ← e | failure
+    let_expr instNatCastInt := inst | failure
+    let x ← mkNatVar a
+    return .var x
+
+end Int.OfNat
+
+namespace Lean.Meta.Grind.Arith.Cutsat
+/--
+If `e` is of the form `a.denoteAsInt ctx` for some `a` and `ctx`,
+assert that `e` is nonnegative.
+-/
+def assertDenoteAsIntNonneg (e : Expr) : GoalM Unit := withIncRecDepth do
+  if e.isAppOf ``NatCast.natCast then return ()
+  if e.isAppOf ``OfNat.ofNat then return () -- we don't want to propagate constraints such as `2 ≥ 0`
+  let some rhs ← Int.OfNat.ofDenoteAsIntExpr? e |>.run | return ()
+  let gen ← getGeneration e
+  let ctx ← getNatVars
+  let lhs' : Int.Linear.Expr := .num 0
+  let rhs' ← toLinearExpr (← rhs.denoteAsIntExpr ctx) gen
+  let p := lhs'.sub rhs' |>.norm
+  let c := { p, h := .denoteAsIntNonneg rhs rhs' : LeCnstr }
+  c.assert
+
+/--
+Given `x` whose denotation is `e`, if `e` is of the form `NatCast.natCast a`,
+asserts that it is nonnegative.
+-/
+def assertNatCast (e : Expr) (x : Var) : GoalM Unit := do
+  let_expr NatCast.natCast _ inst a := e | return ()
+  let_expr instNatCastInt := inst | return ()
+  if a.isAppOf ``OfNat.ofNat then return () -- we don't want to propagate constraints such as `2 ≥ 0`
+  if (← get').natDef.contains { expr := a } then return ()
+  let n ← mkNatVar a
+  let p := .add (-1) x (.num 0)
+  let c := { p, h := .denoteAsIntNonneg (.var n) (.var x) : LeCnstr}
+  c.assert
+
+end Lean.Meta.Grind.Arith.Cutsat

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Cutsat/Norm.lean

@@ -0,0 +1,49 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Util
+
+namespace Lean.Meta.Grind.Arith.Cutsat
+/-!
+`Int` expressions are normalized by the `grind` preprocessor, but we
+dynamically convert expressions from other types into `Int` expressions
+and these expressions must be normalized inside of the cutsat module.
+-/
+
+/-- Converts the given integer expression into `Int.Linear.Expr` -/
+partial def toLinearExpr (e : Expr) (generation : Nat := 0) : GoalM Int.Linear.Expr := do
+  let toVar (e : Expr) := do
+    let e ← shareCommon e
+    if (← alreadyInternalized e) then
+      return .var (← mkVar e)
+    else
+      internalize e generation
+      return .var (← mkVar e)
+  let mul (a b : Expr) := do
+    match (← getIntValue? a) with
+    | some k => return .mulL k (← toLinearExpr b)
+    | none => match (← getIntValue? b) with
+      | some k => return .mulR (← toLinearExpr a) k
+      | none => toVar e
+  match_expr e with
+  | OfNat.ofNat _ _ _ =>
+    if let some n ← getIntValue? e then return .num n
+    else toVar e
+  | Neg.neg _ i a =>
+    if (← isInstNegInt i) then return .neg (← toLinearExpr a)
+    else toVar e
+  | HAdd.hAdd _ _ _ i a b =>
+    if (← isInstHAddInt i) then return .add (← toLinearExpr a) (← toLinearExpr b)
+    else toVar e
+  | HSub.hSub _ _ _ i a b =>
+    if (← isInstHSubInt i) then return .sub (← toLinearExpr a) (← toLinearExpr b)
+    else toVar e
+  | HMul.hMul _ _ _ i a b =>
+    if (← isInstHMulInt i) then mul a b
+    else toVar e
+  | _ => toVar e
+
+end Lean.Meta.Grind.Arith.Cutsat

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Cutsat/Proof.lean

@@ -0,0 +1,520 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Init.Grind.Ring.Poly
+import Lean.Meta.Tactic.Grind.Diseq
+import Lean.Meta.Tactic.Grind.Arith.Util
+import Lean.Meta.Tactic.Grind.Arith.ProofUtil
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Util
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Nat
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.CommRing
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Util
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Proof
+
+namespace Lean.Meta.Grind.Arith.Cutsat
+
+deriving instance Hashable for Int.Linear.Expr
+deriving instance Hashable for Int.OfNat.Expr
+
+structure ProofM.State where
+  cache       : Std.HashMap UInt64 Expr := {}
+  polyMap     : Std.HashMap Poly Expr := {}
+  exprMap     : Std.HashMap Int.Linear.Expr Expr := {}
+  natExprMap  : Std.HashMap Int.OfNat.Expr Expr := {}
+  ringPolyMap : Std.HashMap CommRing.Poly Expr := {}
+  ringExprMap : Std.HashMap CommRing.RingExpr Expr := {}
+
+structure ProofM.Context where
+  ctx       : Expr
+  /-- Variables before reordering -/
+  ctx'      : Expr
+  natCtx    : Expr
+  ringCtx   : Expr
+  /--
+  `unordered` is `true` if we entered a `.reorder c` justification. The variables in `c` and
+  its dependencies are unordered.
+  -/
+  unordered : Bool := false
+
+/-- Auxiliary monad for constructing cutsat proofs. -/
+abbrev ProofM := ReaderT ProofM.Context (StateRefT ProofM.State GoalM)
+
+/-- Returns a Lean expression representing the variable context used to construct cutsat proofs. -/
+private abbrev getContext : ProofM Expr := do
+  return (← read).ctx
+
+private abbrev getNatContext : ProofM Expr := do
+  return (← read).natCtx
+
+/--
+Execute `k` with `unordered := true`, and the unordered variable context.
+We use this combinator to process `.reorder c` justifications.
+-/
+private abbrev withUnordered (k : ProofM α) : ProofM α := do
+  withReader (fun c => { c with ctx := c.ctx', unordered := true }) k
+
+private abbrev getVarMap : ProofM (PHashMap ExprPtr Var) := do
+  if (← read).unordered then
+    return (← get').varMap'
+  else
+    return (← get').varMap
+
+private abbrev caching (c : α) (k : ProofM Expr) : ProofM Expr := do
+  let addr := unsafe (ptrAddrUnsafe c).toUInt64 >>> 2
+  if let some h := (← get).cache[addr]? then
+    return h
+  else
+    let h ← k
+    modify fun s => { s with cache := s.cache.insert addr h }
+    return h
+
+private def mkPolyDecl (p : Poly) : ProofM Expr := do
+  if let some x := (← get).polyMap[p]? then
+    return x
+  let x := mkFVar (← mkFreshFVarId)
+  modify fun s => { s with polyMap := s.polyMap.insert p x }
+  return x
+
+private def mkExprDecl (e : Int.Linear.Expr) : ProofM Expr := do
+  if let some x := (← get).exprMap[e]? then
+    return x
+  let x := mkFVar (← mkFreshFVarId)
+  modify fun s => { s with exprMap := s.exprMap.insert e x }
+  return x
+
+private def mkNatExprDecl (e : Int.OfNat.Expr) : ProofM Expr := do
+  if let some x := (← get).natExprMap[e]? then
+    return x
+  let x := mkFVar (← mkFreshFVarId)
+  modify fun s => { s with natExprMap := s.natExprMap.insert e x }
+  return x
+
+private def mkRingPolyDecl (p : CommRing.Poly) : ProofM Expr := do
+  if let some x := (← get).ringPolyMap[p]? then
+    return x
+  let x := mkFVar (← mkFreshFVarId)
+  modify fun s => { s with ringPolyMap := s.ringPolyMap.insert p x }
+  return x
+
+private def mkRingExprDecl (e : CommRing.RingExpr) : ProofM Expr := do
+  if let some x := (← get).ringExprMap[e]? then
+    return x
+  let x := mkFVar (← mkFreshFVarId)
+  modify fun s => { s with ringExprMap := s.ringExprMap.insert e x }
+  return x
+
+private def toContextExprCore (vars : PArray Expr) (type : Expr) : MetaM Expr :=
+  if h : 0 < vars.size then
+    RArray.toExpr type id (RArray.ofFn (vars[·]) h)
+  else
+    RArray.toExpr type id (RArray.leaf (mkIntLit 0))
+
+private def toContextExpr : GoalM Expr := do
+  toContextExprCore (← getVars) Int.mkType
+
+private def toContextExpr' : GoalM Expr := do
+  toContextExprCore (← get').vars' Int.mkType
+
+private def toNatContextExpr : GoalM Expr := do
+  toContextExprCore (← getNatVars) Nat.mkType
+
+private def toRingContextExpr : GoalM Expr := do
+  if (← get').usedCommRing then
+    if let some ringId ← getIntRingId? then
+      return (← CommRing.RingM.run ringId do CommRing.toContextExpr)
+  RArray.toExpr Int.mkType id (RArray.leaf (mkIntLit 0))
+
+private abbrev withProofContext (x : ProofM Expr) : GoalM Expr := do
+  withLetDecl `ctx (mkApp (mkConst ``RArray [levelZero]) Int.mkType) (← toContextExpr) fun ctx => do
+  withLetDecl `ctx' (mkApp (mkConst ``RArray [levelZero]) Int.mkType) (← toContextExpr') fun ctx' => do
+  withLetDecl `rctx (mkApp (mkConst ``RArray [levelZero]) Int.mkType) (← toRingContextExpr) fun ringCtx => do
+  withLetDecl `nctx (mkApp (mkConst ``RArray [levelZero]) Nat.mkType) (← toNatContextExpr) fun natCtx => do
+    go { ctx, ctx', ringCtx, natCtx } |>.run' {}
+where
+  go : ProofM Expr := do
+    let h ← x
+    let h ← mkLetOfMap (← get).polyMap h `p (mkConst ``Int.Linear.Poly) toExpr
+    let h ← mkLetOfMap (← get).exprMap h `e (mkConst ``Int.Linear.Expr) toExpr
+    let h ← mkLetOfMap (← get).natExprMap h `a (mkConst ``Int.OfNat.Expr) toExpr
+    let h ← mkLetOfMap (← get).ringPolyMap h `rp (mkConst ``Grind.CommRing.Poly) toExpr
+    let h ← mkLetOfMap (← get).ringExprMap h `re (mkConst ``Grind.CommRing.Expr) toExpr
+    mkLetFVars #[(← getContext), (← read).ctx', (← read).ringCtx, (← getNatContext)] h
+
+/--
+Returns a Lean expression representing the auxiliary `CommRing` variable context needed for normalizing
+nonlinear polynomials.
+-/
+private abbrev getRingContext : ProofM Expr := do
+  return (← read).ringCtx
+
+private def DvdCnstr.get_d_a (c : DvdCnstr) : GoalM (Int × Int) := do
+  let d := c.d
+  let .add a _ _ := c.p | c.throwUnexpected
+  return (d, a)
+
+mutual
+partial def EqCnstr.toExprProof (c' : EqCnstr) : ProofM Expr := caching c' do
+  trace[grind.debug.cutsat.proof] "{← c'.pp}"
+  match c'.h with
+  | .core0 a zero =>
+    mkEqProof a zero
+  | .core a b p₁ p₂ =>
+    let h ← mkEqProof a b
+    return mkApp6 (mkConst ``Int.Linear.eq_of_core) (← getContext) (← mkPolyDecl p₁) (← mkPolyDecl p₂) (← mkPolyDecl c'.p) reflBoolTrue h
+  | .coreNat a b lhs rhs lhs' rhs' =>
+    let ctx ← getNatContext
+    let h := mkApp4 (mkConst ``Int.OfNat.of_eq) ctx (← mkNatExprDecl lhs) (← mkNatExprDecl rhs) (← mkEqProof a b)
+    return mkApp6 (mkConst ``Int.Linear.eq_norm_expr) (← getContext) (← mkExprDecl lhs') (← mkExprDecl rhs') (← mkPolyDecl c'.p) reflBoolTrue h
+  | .coreToInt a b toIntThm lhs rhs =>
+    let h := mkApp toIntThm (← mkEqProof a b)
+    return mkApp6 (mkConst ``Int.Linear.eq_norm_expr) (← getContext) (← mkExprDecl lhs) (← mkExprDecl rhs) (← mkPolyDecl c'.p) reflBoolTrue h
+  | .defn e p =>
+    let some x := (← getVarMap).find? { expr := e } | throwError "`grind` internal error, missing cutsat variable{indentExpr e}"
+    return mkApp6 (mkConst ``Int.Linear.eq_def) (← getContext) (toExpr x) (← mkPolyDecl p) (← mkPolyDecl c'.p) reflBoolTrue (← mkEqRefl e)
+  | .defnNat e x e' =>
+    let h := mkApp2 (mkConst ``Int.OfNat.Expr.eq_denoteAsInt) (← getNatContext) (← mkNatExprDecl e)
+    return mkApp6 (mkConst ``Int.Linear.eq_def') (← getContext) (toExpr x) (← mkExprDecl e') (← mkPolyDecl c'.p) reflBoolTrue h
+  | .norm c =>
+    return mkApp5 (mkConst ``Int.Linear.eq_norm) (← getContext) (← mkPolyDecl c.p) (← mkPolyDecl c'.p) reflBoolTrue (← c.toExprProof)
+  | .divCoeffs c =>
+    let k := c.p.gcdCoeffs c.p.getConst
+    return mkApp6 (mkConst ``Int.Linear.eq_coeff) (← getContext) (← mkPolyDecl c.p) (← mkPolyDecl c'.p) (toExpr k) reflBoolTrue (← c.toExprProof)
+  | .subst x c₁ c₂  =>
+    return mkApp8 (mkConst ``Int.Linear.eq_eq_subst)
+      (← getContext) (toExpr x) (← mkPolyDecl c₁.p) (← mkPolyDecl c₂.p) (← mkPolyDecl c'.p)
+      reflBoolTrue (← c₁.toExprProof) (← c₂.toExprProof)
+  | .ofLeGe c₁ c₂ =>
+    return mkApp6 (mkConst ``Int.Linear.eq_of_le_ge)
+      (← getContext) (← mkPolyDecl c₁.p) (← mkPolyDecl c₂.p)
+      reflBoolTrue (← c₁.toExprProof) (← c₂.toExprProof)
+  | .reorder c => withUnordered <| c.toExprProof
+  | .commRingNorm c e p =>
+    let h := mkApp4 (mkConst ``Grind.CommRing.norm_int) (← getRingContext) (← mkRingExprDecl e) (← mkRingPolyDecl p) reflBoolTrue
+    return mkApp5 (mkConst ``Int.Linear.eq_norm_poly) (← getContext) (← mkPolyDecl c.p) (← mkPolyDecl c'.p) h (← c.toExprProof)
+  | .defnCommRing e p re rp p' =>
+    let h := mkApp4 (mkConst ``Grind.CommRing.norm_int) (← getRingContext) (← mkRingExprDecl re) (← mkRingPolyDecl rp) reflBoolTrue
+    let some x := (← getVarMap).find? { expr := e } | throwError "`grind` internal error, missing cutsat variable{indentExpr e}"
+    return mkApp8 (mkConst ``Int.Linear.eq_def_norm) (← getContext)
+      (toExpr x) (← mkPolyDecl p) (← mkPolyDecl p') (← mkPolyDecl c'.p)
+      reflBoolTrue (← mkEqRefl e) h
+  | .defnNatCommRing e x e' p re rp p' =>
+    let h₁ := mkApp2 (mkConst ``Int.OfNat.Expr.eq_denoteAsInt) (← getNatContext) (← mkNatExprDecl e)
+    let h₂ := mkApp4 (mkConst ``Grind.CommRing.norm_int) (← getRingContext) (← mkRingExprDecl re) (← mkRingPolyDecl rp) reflBoolTrue
+    return mkApp9 (mkConst ``Int.Linear.eq_def'_norm) (← getContext) (toExpr x) (← mkExprDecl e')
+      (← mkPolyDecl p) (← mkPolyDecl p') (← mkPolyDecl c'.p) reflBoolTrue h₁ h₂
+
+partial def DvdCnstr.toExprProof (c' : DvdCnstr) : ProofM Expr := caching c' do
+  trace[grind.debug.cutsat.proof] "{← c'.pp}"
+  match c'.h with
+  | .core e =>
+    mkOfEqTrue (← mkEqTrueProof e)
+  | .coreNat e d b b' =>
+    let ctx ← getNatContext
+    let h := mkApp4 (mkConst ``Int.OfNat.of_dvd) ctx (toExpr d) (← mkNatExprDecl b) (mkOfEqTrueCore e (← mkEqTrueProof e))
+    return mkApp6 (mkConst ``Int.Linear.dvd_norm_expr) (← getContext) (toExpr (Int.ofNat d)) (← mkExprDecl b') (← mkPolyDecl c'.p) reflBoolTrue h
+  | .norm c =>
+    return mkApp6 (mkConst ``Int.Linear.dvd_norm) (← getContext) (toExpr c.d) (← mkPolyDecl c.p) (← mkPolyDecl c'.p) reflBoolTrue (← c.toExprProof)
+  | .elim c =>
+    return mkApp7 (mkConst ``Int.Linear.dvd_elim) (← getContext) (toExpr c.d) (← mkPolyDecl c.p) (toExpr c'.d) (← mkPolyDecl c'.p) reflBoolTrue (← c.toExprProof)
+  | .divCoeffs c =>
+    let g := c.p.gcdCoeffs c.d
+    let g := if c.d < 0 then -g else g
+    return mkApp8 (mkConst ``Int.Linear.dvd_coeff) (← getContext) (toExpr c.d) (← mkPolyDecl c.p) (toExpr c'.d) (← mkPolyDecl c'.p) (toExpr g) reflBoolTrue (← c.toExprProof)
+  | .solveCombine c₁ c₂ =>
+    let (d₁, a₁) ← c₁.get_d_a
+    let (d₂, a₂) ← c₂.get_d_a
+    let (g, α, β) := gcdExt (a₁*d₂) (a₂*d₁)
+    let r := mkApp10 (mkConst ``Int.Linear.dvd_solve_combine)
+      (← getContext) (toExpr c₁.d) (← mkPolyDecl c₁.p) (toExpr c₂.d) (← mkPolyDecl c₂.p) (toExpr c'.d) (← mkPolyDecl c'.p)
+      (toExpr g) (toExpr α) (toExpr β)
+    return mkApp3 r reflBoolTrue (← c₁.toExprProof) (← c₂.toExprProof)
+  | .solveElim c₁ c₂ =>
+    return mkApp10 (mkConst ``Int.Linear.dvd_solve_elim)
+      (← getContext) (toExpr c₁.d) (← mkPolyDecl c₁.p) (toExpr c₂.d) (← mkPolyDecl c₂.p) (toExpr c'.d) (← mkPolyDecl c'.p)
+      reflBoolTrue (← c₁.toExprProof) (← c₂.toExprProof)
+  | .ofEq x c =>
+    return mkApp7 (mkConst ``Int.Linear.dvd_of_eq)
+      (← getContext) (toExpr x) (← mkPolyDecl c.p) (toExpr c'.d) (← mkPolyDecl c'.p)
+      reflBoolTrue (← c.toExprProof)
+  | .subst x c₁ c₂ =>
+    return mkApp10 (mkConst ``Int.Linear.eq_dvd_subst)
+      (← getContext) (toExpr x) (← mkPolyDecl c₁.p) (toExpr c₂.d) (← mkPolyDecl c₂.p) (toExpr c'.d) (← mkPolyDecl c'.p)
+      reflBoolTrue (← c₁.toExprProof) (← c₂.toExprProof)
+  | .cooper₁ s =>
+    let { c₁, c₂, c₃?, left } := s.pred
+    let p₁ := c₁.p
+    let p₂ := c₂.p
+    match c₃? with
+    | none =>
+      let thmName := if left then ``Int.Linear.cooper_left_split_dvd else ``Int.Linear.cooper_right_split_dvd
+      return mkApp8 (mkConst thmName)
+        (← getContext) (← mkPolyDecl p₁) (← mkPolyDecl p₂) (toExpr s.k) (toExpr c'.d) (← mkPolyDecl c'.p) (← s.toExprProof) reflBoolTrue
+    | some c₃ =>
+      let thmName := if left then ``Int.Linear.cooper_dvd_left_split_dvd1 else ``Int.Linear.cooper_dvd_right_split_dvd1
+      return mkApp10 (mkConst thmName)
+        (← getContext) (← mkPolyDecl p₁) (← mkPolyDecl p₂) (← mkPolyDecl c₃.p) (toExpr c₃.d) (toExpr s.k) (toExpr c'.d) (← mkPolyDecl c'.p)
+        (← s.toExprProof) reflBoolTrue
+  | .cooper₂ s =>
+    let { c₁, c₂, c₃?, left } := s.pred
+    let p₁ := c₁.p
+    let p₂ := c₂.p
+    let some c₃ := c₃? | throwError "`grind` internal error, unexpected `cooper₂` proof"
+    let thmName := if left then ``Int.Linear.cooper_dvd_left_split_dvd2 else ``Int.Linear.cooper_dvd_right_split_dvd2
+    return mkApp10 (mkConst thmName)
+      (← getContext) (← mkPolyDecl p₁) (← mkPolyDecl p₂) (← mkPolyDecl c₃.p) (toExpr c₃.d) (toExpr s.k) (toExpr c'.d) (← mkPolyDecl c'.p)
+      (← s.toExprProof) reflBoolTrue
+  | .reorder c => withUnordered <| c.toExprProof
+  | .commRingNorm c e p =>
+    let h := mkApp4 (mkConst ``Grind.CommRing.norm_int) (← getRingContext) (← mkRingExprDecl e) (← mkRingPolyDecl p) reflBoolTrue
+    return mkApp6 (mkConst ``Int.Linear.dvd_norm_poly) (← getContext) (toExpr c.d) (← mkPolyDecl c.p) (← mkPolyDecl c'.p) h (← c.toExprProof)
+
+partial def LeCnstr.toExprProof (c' : LeCnstr) : ProofM Expr := caching c' do
+  trace[grind.debug.cutsat.proof] "{← c'.pp}"
+  match c'.h with
+  | .core e =>
+    mkOfEqTrue (← mkEqTrueProof e)
+  | .coreNeg e p =>
+    let h ← mkOfEqFalse (← mkEqFalseProof e)
+    return mkApp5 (mkConst ``Int.Linear.le_neg) (← getContext) (← mkPolyDecl p) (← mkPolyDecl c'.p) reflBoolTrue h
+  | .coreNat e lhs rhs lhs' rhs' =>
+    let ctx ← getNatContext
+    let h := mkApp4 (mkConst ``Int.OfNat.of_le) ctx (← mkNatExprDecl lhs) (← mkNatExprDecl rhs) (mkOfEqTrueCore e (← mkEqTrueProof e))
+    return mkApp6 (mkConst ``Int.Linear.le_norm_expr) (← getContext) (← mkExprDecl lhs') (← mkExprDecl rhs') (← mkPolyDecl c'.p) reflBoolTrue h
+  | .coreToInt e pos toIntThm lhs rhs =>
+    let h ← if pos then pure <| mkOfEqTrueCore e (← mkEqTrueProof e) else pure <| mkOfEqFalseCore e (← mkEqFalseProof e)
+    let h := mkApp toIntThm h
+    return mkApp6 (mkConst ``Int.Linear.le_norm_expr) (← getContext) (← mkExprDecl lhs) (← mkExprDecl rhs) (← mkPolyDecl c'.p) reflBoolTrue h
+  | .denoteAsIntNonneg rhs rhs' =>
+    let ctx ← getNatContext
+    let h := mkApp2 (mkConst ``Int.OfNat.Expr.denoteAsInt_nonneg) ctx (toExpr rhs)
+    return mkApp6 (mkConst ``Int.Linear.le_norm_expr) (← getContext) (← mkExprDecl (.num 0)) (← mkExprDecl rhs') (← mkPolyDecl c'.p) reflBoolTrue h
+  | .coreNatNeg e lhs rhs lhs' rhs' =>
+    let ctx ← getNatContext
+    let h := mkApp4 (mkConst ``Int.OfNat.of_not_le) ctx (← mkNatExprDecl lhs) (← mkNatExprDecl rhs) (mkOfEqFalseCore e (← mkEqFalseProof e))
+    return mkApp6 (mkConst ``Int.Linear.not_le_norm_expr) (← getContext) (← mkExprDecl lhs') (← mkExprDecl rhs') (← mkPolyDecl c'.p) reflBoolTrue h
+  | .bound h => return h
+  | .dec h =>
+    return mkFVar h
+  | .norm c =>
+    return mkApp5 (mkConst ``Int.Linear.le_norm) (← getContext) (← mkPolyDecl c.p) (← mkPolyDecl c'.p) reflBoolTrue (← c.toExprProof)
+  | .divCoeffs c =>
+    let k := c.p.gcdCoeffs'
+    return mkApp6 (mkConst ``Int.Linear.le_coeff) (← getContext) (← mkPolyDecl c.p) (← mkPolyDecl c'.p) (toExpr (Int.ofNat k)) reflBoolTrue (← c.toExprProof)
+  | .combine c₁ c₂ =>
+    return mkApp7 (mkConst ``Int.Linear.le_combine)
+      (← getContext) (← mkPolyDecl c₁.p) (← mkPolyDecl c₂.p) (← mkPolyDecl c'.p)
+      reflBoolTrue
+      (← c₁.toExprProof) (← c₂.toExprProof)
+  | .combineDivCoeffs c₁ c₂ k =>
+    return mkApp8 (mkConst ``Int.Linear.le_combine_coeff)
+      (← getContext) (← mkPolyDecl c₁.p) (← mkPolyDecl c₂.p) (← mkPolyDecl c'.p) (toExpr k)
+      reflBoolTrue
+      (← c₁.toExprProof) (← c₂.toExprProof)
+  | .subst x c₁ c₂ =>
+    let a := c₁.p.coeff x
+    let thm := if a ≥ 0 then
+      mkConst ``Int.Linear.eq_le_subst_nonneg
+    else
+      mkConst ``Int.Linear.eq_le_subst_nonpos
+    return mkApp8 thm
+        (← getContext) (toExpr x) (← mkPolyDecl c₁.p) (← mkPolyDecl c₂.p) (← mkPolyDecl c'.p)
+        reflBoolTrue
+        (← c₁.toExprProof) (← c₂.toExprProof)
+  | .ofLeDiseq c₁ c₂ =>
+    return mkApp7 (mkConst ``Int.Linear.le_of_le_diseq)
+      (← getContext) (← mkPolyDecl c₁.p) (← mkPolyDecl c₂.p) (← mkPolyDecl c'.p)
+      reflBoolTrue (← c₁.toExprProof) (← c₂.toExprProof)
+  | .dvdTight c₁ c₂ =>
+    return mkApp8 (mkConst ``Int.Linear.dvd_le_tight)
+      (← getContext) (toExpr c₁.d) (← mkPolyDecl c₁.p) (← mkPolyDecl c₂.p) (← mkPolyDecl c'.p)
+      reflBoolTrue (← c₁.toExprProof) (← c₂.toExprProof)
+  | .negDvdTight c₁ c₂ =>
+    return mkApp8 (mkConst ``Int.Linear.dvd_neg_le_tight)
+      (← getContext) (toExpr c₁.d) (← mkPolyDecl c₁.p) (← mkPolyDecl c₂.p) (← mkPolyDecl c'.p)
+      reflBoolTrue (← c₁.toExprProof) (← c₂.toExprProof)
+  | .ofDiseqSplit c₁ fvarId h _ =>
+    let p₂ := c₁.p.addConst 1
+    let hFalse ← h.toExprProofCore
+    let hNot := mkLambda `h .default (mkIntLE (← p₂.denoteExpr') (mkIntLit 0)) (hFalse.abstract #[mkFVar fvarId])
+    return mkApp7 (mkConst ``Int.Linear.diseq_split_resolve)
+      (← getContext) (← mkPolyDecl c₁.p) (← mkPolyDecl p₂) (← mkPolyDecl c'.p) reflBoolTrue (← c₁.toExprProof) hNot
+  | .cooper s =>
+    let { c₁, c₂, c₃?, left } := s.pred
+    let p₁ := c₁.p
+    let p₂ := c₂.p
+    let coeff := if left then p₂.leadCoeff else p₁.leadCoeff
+    match c₃? with
+    | none =>
+      let thmName := if left then ``Int.Linear.cooper_left_split_ineq else ``Int.Linear.cooper_right_split_ineq
+      return mkApp8 (mkConst thmName)
+        (← getContext) (← mkPolyDecl p₁) (← mkPolyDecl p₂) (toExpr s.k) (toExpr coeff) (← mkPolyDecl c'.p) (← s.toExprProof) reflBoolTrue
+    | some c₃ =>
+      let thmName := if left then ``Int.Linear.cooper_dvd_left_split_ineq else ``Int.Linear.cooper_dvd_right_split_ineq
+      return mkApp10 (mkConst thmName)
+        (← getContext) (← mkPolyDecl p₁) (← mkPolyDecl p₂) (← mkPolyDecl c₃.p) (toExpr c₃.d) (toExpr s.k) (toExpr coeff) (← mkPolyDecl c'.p) (← s.toExprProof) reflBoolTrue
+  | .reorder c => withUnordered <| c.toExprProof
+  | .commRingNorm c e p =>
+    let h := mkApp4 (mkConst ``Grind.CommRing.norm_int) (← getRingContext) (← mkRingExprDecl e) (← mkRingPolyDecl p) reflBoolTrue
+    return mkApp5 (mkConst ``Int.Linear.le_norm_poly) (← getContext) (← mkPolyDecl c.p) (← mkPolyDecl c'.p) h (← c.toExprProof)
+
+partial def DiseqCnstr.toExprProof (c' : DiseqCnstr) : ProofM Expr := caching c' do
+  match c'.h with
+  | .core0 a zero =>
+    mkDiseqProof a zero
+  | .core a b p₁ p₂ =>
+    let h ← mkDiseqProof a b
+    return mkApp6 (mkConst ``Int.Linear.diseq_of_core) (← getContext) (← mkPolyDecl p₁) (← mkPolyDecl p₂) (← mkPolyDecl c'.p) reflBoolTrue h
+  | .coreNat a b lhs rhs lhs' rhs' =>
+    let ctx ← getNatContext
+    let h := mkApp4 (mkConst ``Int.OfNat.of_not_eq) ctx (← mkNatExprDecl lhs) (← mkNatExprDecl rhs) (← mkDiseqProof a b)
+    return mkApp6 (mkConst ``Int.Linear.not_eq_norm_expr) (← getContext) (← mkExprDecl lhs') (← mkExprDecl rhs') (← mkPolyDecl c'.p) reflBoolTrue h
+  | .coreToInt a b toIntThm lhs rhs =>
+    let h := mkApp toIntThm (← mkDiseqProof a b)
+    return mkApp6 (mkConst ``Int.Linear.not_eq_norm_expr) (← getContext) (← mkExprDecl lhs) (← mkExprDecl rhs) (← mkPolyDecl c'.p) reflBoolTrue h
+  | .norm c =>
+    return mkApp5 (mkConst ``Int.Linear.diseq_norm) (← getContext) (← mkPolyDecl c.p) (← mkPolyDecl c'.p) reflBoolTrue (← c.toExprProof)
+  | .divCoeffs c =>
+    let k := c.p.gcdCoeffs c.p.getConst
+    return mkApp6 (mkConst ``Int.Linear.diseq_coeff) (← getContext) (← mkPolyDecl c.p) (← mkPolyDecl c'.p) (toExpr k) reflBoolTrue (← c.toExprProof)
+  | .neg c =>
+    return mkApp5 (mkConst ``Int.Linear.diseq_neg) (← getContext) (← mkPolyDecl c.p) (← mkPolyDecl c'.p) reflBoolTrue (← c.toExprProof)
+  | .subst x c₁ c₂  =>
+    return mkApp8 (mkConst ``Int.Linear.eq_diseq_subst)
+      (← getContext) (toExpr x) (← mkPolyDecl c₁.p) (← mkPolyDecl c₂.p) (← mkPolyDecl c'.p)
+      reflBoolTrue (← c₁.toExprProof) (← c₂.toExprProof)
+  | .reorder c => withUnordered <| c.toExprProof
+  | .commRingNorm c e p =>
+    let h := mkApp4 (mkConst ``Grind.CommRing.norm_int) (← getRingContext) (← mkRingExprDecl e) (← mkRingPolyDecl p) reflBoolTrue
+    return mkApp5 (mkConst ``Int.Linear.diseq_norm_poly) (← getContext) (← mkPolyDecl c.p) (← mkPolyDecl c'.p) h (← c.toExprProof)
+
+partial def CooperSplit.toExprProof (s : CooperSplit) : ProofM Expr := caching s do
+  match s.h with
+  | .dec h => return mkFVar h
+  | .last hs _ =>
+    let { c₁, c₂, c₃?, left } := s.pred
+    let p₁ := c₁.p
+    let p₂ := c₂.p
+    let n := s.pred.numCases
+    unless hs.size + 1 == n do
+      throwError "`grind` internal error, unexpected number of cases at `CopperSplit` hs.size: {hs.size}, n: {n}, left: {left}\nc₁: {← c₁.pp}\nc₂: {← c₂.pp}\nc₃: {← if let some c₃ := c₃? then c₃.pp else pure ""}"
+    let (base, pred) ← match c₃? with
+      | none =>
+        let thmName := if left then ``Int.Linear.cooper_left else ``Int.Linear.cooper_right
+        let predName := if left then ``Int.Linear.cooper_left_split else ``Int.Linear.cooper_right_split
+        let base := mkApp7 (mkConst thmName) (← getContext) (← mkPolyDecl p₁) (← mkPolyDecl p₂) (toExpr n)
+          reflBoolTrue (← c₁.toExprProof) (← c₂.toExprProof)
+        let pred := mkApp3 (mkConst predName) (← getContext) (← mkPolyDecl p₁) (← mkPolyDecl p₂)
+        pure (base, pred)
+      | some c₃ =>
+        let thmName := if left then ``Int.Linear.cooper_dvd_left else ``Int.Linear.cooper_dvd_right
+        let predName := if left then ``Int.Linear.cooper_dvd_left_split else ``Int.Linear.cooper_dvd_right_split
+        let base := mkApp10 (mkConst thmName) (← getContext) (← mkPolyDecl p₁) (← mkPolyDecl p₂) (← mkPolyDecl c₃.p) (toExpr c₃.d) (toExpr n)
+          reflBoolTrue (← c₁.toExprProof) (← c₂.toExprProof) (← c₃.toExprProof)
+        let pred := mkApp5 (mkConst predName) (← getContext) (← mkPolyDecl p₁) (← mkPolyDecl p₂) (← mkPolyDecl c₃.p) (toExpr c₃.d)
+        pure (base, pred)
+    -- `pred` is an expressions of the form `cooper_*_split ...` with type `Nat → Prop`
+    let mut k := n
+    let mut result := base -- `OrOver k (cooper_*_splti)
+    result := mkApp3 (mkConst ``Int.Linear.orOver_cases) (toExpr (n-1)) pred result
+    for (fvarId, c) in hs do
+      let type := mkApp pred (toExpr (k-1))
+      let h ← c.toExprProofCore -- proof of `False`
+      -- `hNotCase` is a proof for `¬ pred (k-1)`
+      let hNotCase := mkLambda `h .default type (h.abstract #[mkFVar fvarId])
+      result := mkApp result hNotCase
+      k := k - 1
+    -- `result` is now a proof of `p 0`
+    return result
+
+partial def UnsatProof.toExprProofCore (h : UnsatProof) : ProofM Expr := do
+  match h with
+  | .le c =>
+    return mkApp4 (mkConst ``Int.Linear.le_unsat) (← getContext) (← mkPolyDecl c.p) reflBoolTrue (← c.toExprProof)
+  | .dvd c =>
+    return mkApp5 (mkConst ``Int.Linear.dvd_unsat) (← getContext) (toExpr c.d) (← mkPolyDecl c.p) reflBoolTrue (← c.toExprProof)
+  | .eq c =>
+    if c.p.isUnsatEq then
+      return mkApp4 (mkConst ``Int.Linear.eq_unsat) (← getContext) (← mkPolyDecl c.p) reflBoolTrue (← c.toExprProof)
+    else
+      let k := c.p.gcdCoeffs'
+      return mkApp5 (mkConst ``Int.Linear.eq_unsat_coeff) (← getContext) (← mkPolyDecl c.p) (toExpr (Int.ofNat k)) reflBoolTrue (← c.toExprProof)
+  | .diseq c =>
+    return mkApp4 (mkConst ``Int.Linear.diseq_unsat) (← getContext) (← mkPolyDecl c.p) reflBoolTrue (← c.toExprProof)
+  | .cooper c₁ c₂ c₃ =>
+    let .add c _ _ := c₃.p | c₃.throwUnexpected
+    let d := c₃.d
+    let (_, α, β) := gcdExt c d
+    let h := mkApp7 (mkConst ``Int.Linear.cooper_unsat) (← getContext) (← mkPolyDecl c₁.p) (← mkPolyDecl c₂.p) (← mkPolyDecl c₃.p) (toExpr c₃.d) (toExpr α) (toExpr β)
+    return mkApp4 h reflBoolTrue (← c₁.toExprProof) (← c₂.toExprProof) (← c₃.toExprProof)
+
+end
+
+def UnsatProof.toExprProof (h : UnsatProof) : GoalM Expr := do
+  withProofContext do h.toExprProofCore
+
+def setInconsistent (h : UnsatProof) : GoalM Unit := do
+  if (← get').caseSplits then
+    -- Let the search procedure in `SearchM` resolve the conflict.
+    modify' fun s => { s with conflict? := some h }
+  else
+    let h ← h.toExprProof
+    closeGoal h
+
+/-!
+A cutsat proof may depend on decision variables.
+We collect them and perform non chronological backtracking.
+-/
+
+open CollectDecVars
+mutual
+partial def EqCnstr.collectDecVars (c' : EqCnstr) : CollectDecVarsM Unit := do unless (← alreadyVisited c') do
+  match c'.h with
+  | .core0 .. | .core .. | .coreNat .. | .defn .. | .defnNat ..
+  | .defnCommRing .. | .defnNatCommRing .. | .coreToInt .. => return () -- Equalities coming from the core never contain cutsat decision variables
+  | .commRingNorm c .. | .reorder c | .norm c | .divCoeffs c => c.collectDecVars
+  | .subst _ c₁ c₂ | .ofLeGe c₁ c₂ => c₁.collectDecVars; c₂.collectDecVars
+
+partial def CooperSplit.collectDecVars (s : CooperSplit) : CollectDecVarsM Unit := do unless (← alreadyVisited s) do
+  s.pred.c₁.collectDecVars
+  s.pred.c₂.collectDecVars
+  if let some c₃ := s.pred.c₃? then
+    c₃.collectDecVars
+  match s.h with
+  | .dec h => markAsFound h
+  | .last (decVars := decVars) .. => decVars.forM markAsFound
+
+partial def DvdCnstr.collectDecVars (c' : DvdCnstr) : CollectDecVarsM Unit := do unless (← alreadyVisited c') do
+  match c'.h with
+  | .core _ | .coreNat .. => return ()
+  | .cooper₁ c | .cooper₂ c
+  | .commRingNorm c .. | .reorder c | .norm c | .elim c | .divCoeffs c | .ofEq _ c => c.collectDecVars
+  | .solveCombine c₁ c₂ | .solveElim c₁ c₂ | .subst _ c₁ c₂ => c₁.collectDecVars; c₂.collectDecVars
+
+partial def LeCnstr.collectDecVars (c' : LeCnstr) : CollectDecVarsM Unit := do unless (← alreadyVisited c') do
+  match c'.h with
+  | .core .. | .coreNeg .. | .coreNat .. | .coreNatNeg .. | .coreToInt .. | .denoteAsIntNonneg .. | .bound .. => return ()
+  | .dec h => markAsFound h
+  | .commRingNorm c .. | .reorder c | .cooper c
+  | .norm c | .divCoeffs c => c.collectDecVars
+  | .dvdTight c₁ c₂ | .negDvdTight c₁ c₂
+  | .combine c₁ c₂ | .combineDivCoeffs c₁ c₂ _
+  | .subst _ c₁ c₂ | .ofLeDiseq c₁ c₂ => c₁.collectDecVars; c₂.collectDecVars
+  | .ofDiseqSplit (decVars := decVars) .. => decVars.forM markAsFound
+
+partial def DiseqCnstr.collectDecVars (c' : DiseqCnstr) : CollectDecVarsM Unit := do unless (← alreadyVisited c') do
+  match c'.h with
+  | .core0 .. | .core .. | .coreNat .. | .coreToInt .. => return () -- Disequalities coming from the core never contain cutsat decision variables
+  | .commRingNorm c .. | .reorder c | .norm c | .divCoeffs c | .neg c => c.collectDecVars
+  | .subst _ c₁ c₂  => c₁.collectDecVars; c₂.collectDecVars
+
+end
+
+def UnsatProof.collectDecVars (h : UnsatProof) : CollectDecVarsM Unit := do
+  match h with
+  | .le c | .dvd c | .eq c | .diseq c => c.collectDecVars
+  | .cooper c₁ c₂ c₃ => c₁.collectDecVars; c₂.collectDecVars; c₃.collectDecVars
+
+end Lean.Meta.Grind.Arith.Cutsat

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Cutsat/ReorderVars.lean

@@ -0,0 +1,166 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.EqCnstr
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Inv
+
+namespace Lean.Meta.Grind.Arith.Cutsat
+
+/-! Collect variable information -/
+
+structure VarInfo where
+  maxLowerCoeff : Nat := 0
+  maxUpperCoeff : Nat := 0
+  maxDvdCoeff   : Nat := 0
+  deriving Inhabited
+
+private abbrev CollectM := StateT (Array VarInfo) GoalM
+
+private def updateLower (a : Nat) (x : Var) : CollectM Unit := do
+  modify fun infos => infos.modify x fun info => { info with maxLowerCoeff := max a info.maxLowerCoeff }
+
+private def updateUpper (a : Nat) (x : Var) : CollectM Unit := do
+  modify fun infos => infos.modify x fun info => { info with maxUpperCoeff := max a info.maxUpperCoeff }
+
+private def updateVarCoeff (a : Int) (x : Var) : CollectM Unit := do
+  if a < 0 then updateLower a.natAbs x else updateUpper a.natAbs x
+
+private def updateDvd (a : Nat) (x : Var) : CollectM Unit := do
+  modify fun infos => infos.modify x fun info => { info with maxDvdCoeff := max a info.maxDvdCoeff }
+
+private def collectVarInfo : GoalM (Array VarInfo) := do
+  let (_, info) ← go |>.run (Array.replicate (← get').vars.size {})
+  return info
+where
+  go : CollectM Unit := do
+    let s ← get'
+    for x in [: s.vars.size] do
+      unless (← eliminated x) do
+        for c in s.lowers[x]! do
+          visitPoly c.p
+        for c in s.uppers[x]! do
+          visitPoly c.p
+        if let some c := s.dvds[x]! then
+          updateDvd c.d.natAbs x
+
+  visitPoly : Poly → CollectM Unit
+    | .num .. => return ()
+    | .add a x p => do updateVarCoeff a x; visitPoly p
+
+/-!
+We order variables in decreasing order of "cost".
+We use the lexicographical order of two different costs.
+The first one is the `max (min lowerCoeff upperCoeff) dvdCoeff`.
+Recall that we use cooper-left if the coefficient of the lower bound is smaller, and cooper-right otherwise.
+This is way we use the `min lowerCoeff upperCoeff`. The coefficient of the divisibility constraint also
+impacts the size of the search space.
+Then, we break ties using the max of all of them, and then the variable original order.
+-/
+def cost₁ (info : VarInfo) : Nat :=
+  max info.maxDvdCoeff (min info.maxLowerCoeff info.maxUpperCoeff)
+
+private def cmp₁ (infos : Array VarInfo) (x y : Var) : Ordering :=
+  compare (cost₁ infos[x]!) (cost₁ infos[y]!) |>.swap
+
+def cost₂ (info : VarInfo) : Nat :=
+  max info.maxDvdCoeff (max info.maxLowerCoeff info.maxUpperCoeff)
+
+private def cmp₂ (infos : Array VarInfo) (x y : Var) : Ordering :=
+  compare (cost₂ infos[x]!) (cost₂ infos[y]!) |>.swap
+
+private def cmp (infos : Array VarInfo) (x y : Var) : Ordering :=
+  cmp₁ infos x y |>.then (cmp₂ infos x y) |>.then (compare x y)
+
+private def sortVars : GoalM (Array Var) := do
+  let infos ← collectVarInfo
+  let result := Array.range (← get').vars.size
+  let result := result.qsort (fun x y => cmp infos x y == .lt)
+  return result
+
+private def mkPermInv (perm : Array Var) : Array Var := Id.run do
+  let mut inv := Array.replicate perm.size 0
+  for h : i in [: perm.size] do
+    inv := inv.set! perm[i] i
+  return inv
+
+def _root_.Int.Linear.Poly.reorder (p : Poly) (old2new : Array Var) : Poly :=
+  match p with
+  | .num k => .num k
+  | .add a x p => .add a old2new[x]! (p.reorder old2new)
+
+def DvdCnstr.reorder (c : DvdCnstr) (old2new : Array Var) : DvdCnstr :=
+  { c with p := c.p.reorder old2new, h := .reorder c : DvdCnstr }.norm
+
+def EqCnstr.reorder (c : EqCnstr) (old2new : Array Var) : EqCnstr :=
+  { p := c.p.reorder old2new, h := .reorder c : EqCnstr }.norm
+
+def LeCnstr.reorder (c : LeCnstr) (old2new : Array Var) : LeCnstr :=
+  { p := c.p.reorder old2new, h := .reorder c : LeCnstr }.norm
+
+def DiseqCnstr.reorder (c : DiseqCnstr) (old2new : Array Var) : DiseqCnstr :=
+  { p := c.p.reorder old2new, h := .reorder c : DiseqCnstr }.norm
+
+def reorderVarMap [Inhabited α] (m : PArray α) (new2old : Array Var) : PArray α := Id.run do
+  let mut r := {}
+  for h : i in [:new2old.size] do
+    let j : Nat := new2old[i]
+    r := r.push (m.get! j)
+  return r
+
+def reorderDiseqSplits (m : PHashMap Poly FVarId) (old2new : Array Var) : PHashMap Poly FVarId := Id.run do
+  let mut m' := {}
+  for (p, h) in m do
+    m' := m'.insert (p.reorder old2new) h
+  return m'
+
+def reorderVars : GoalM Unit := do
+  let s ← get'
+  if s.vars.isEmpty then return () -- nothing to reorder
+  /-
+  We currently reorder variables at most once.
+  It is feasible to implement dynamic variable reordering, but we would have to
+  store a trail of vars and varMaps.
+
+  The other option is change our representation and relax the assumption our polynomials are
+  sorted. It is unclear how it will impact performance.
+  -/
+  unless s.vars'.isEmpty do return ()
+  checkInvariants
+  let new2old ← sortVars
+  let old2new := mkPermInv new2old
+  -- We save the constraints to reinsert them later.
+  let dvds := s.dvds.foldl (init := #[]) fun
+    | dvds, none => dvds
+    | dvds, some c => dvds.push c
+  let dvds := dvds.map (·.reorder old2new)
+  let ineqs := s.lowers.foldl (init := #[]) (·.append ·.toArray)
+  let ineqs := s.uppers.foldl (init := ineqs) (·.append ·.toArray)
+  let ineqs := ineqs.map (·.reorder old2new)
+  let diseqs := s.diseqs.foldl (init := #[]) (·.append ·.toArray)
+  let diseqs := diseqs.map (·.reorder old2new)
+  modify' fun s => { s with
+    vars        := reorderVarMap s.vars new2old
+    varMap      := s.varMap.map fun x => old2new[x]!
+    vars'       := s.vars
+    varMap'     := s.varMap
+    natDef      := s.natDef.map fun x => old2new[x]!
+    dvds        := s.dvds.map fun _ => none
+    lowers      := s.lowers.map fun _ => {}
+    uppers      := s.uppers.map fun _ => {}
+    diseqs      := s.diseqs.map fun _ => {}
+    elimEqs     := reorderVarMap s.elimEqs new2old |>.map fun c? => (·.reorder old2new) <$> c?
+    elimStack   := s.elimStack.map fun x => old2new[x]!
+    occurs      := s.occurs.map fun _ => {}
+    diseqSplits := {}
+  }
+  for c in dvds do c.assert
+  for c in ineqs do c.assert
+  for c in diseqs do c.assert
+  trace[grind.debug.cutsat.search.reorder] "new2old: {new2old}"
+  trace[grind.debug.cutsat.search.reorder] "old2new: {old2new}"
+  checkInvariants
+
+end Lean.Meta.Grind.Arith.Cutsat

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Cutsat/Search.lean

@@ -0,0 +1,588 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Var
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Util
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.DvdCnstr
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.LeCnstr
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.EqCnstr
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.SearchM
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Model
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.ReorderVars
+
+namespace Lean.Meta.Grind.Arith.Cutsat
+
+/-- Asserts constraints implied by a `CooperSplit`. -/
+def CooperSplit.assert (cs : CooperSplit) : GoalM Unit := do
+  let { c₁, c₂, c₃?, left, .. } := cs.pred
+  let k   := cs.k
+  let p₁  := c₁.p
+  let p₂  := c₂.p
+  let p   := p₁.tail
+  let q   := p₂.tail
+  let a   := p₁.leadCoeff
+  let b   := p₂.leadCoeff
+  let p₁' := p.mul b |>.combine (q.mul (-a))
+  let p₁' := p₁'.addConst <| if left then b*k else (-a)*k
+  let c₁' := { p := p₁', h := .cooper cs : LeCnstr }
+  c₁'.assert
+  if (← inconsistent) then return ()
+  let d := if left then a else b
+  if d.natAbs != 1 then
+    let p₂' := if left then p else q
+    let p₂' := p₂'.addConst k
+    let c₂' := { d, p := p₂', h := .cooper₁ cs : DvdCnstr }
+    c₂'.assert
+    if (← inconsistent) then return ()
+  let some c₃ := c₃? | return ()
+  let p₃  := c₃.p
+  let d   := c₃.d
+  let s   := p₃.tail
+  let c   := p₃.leadCoeff
+  let c₃' := if left then
+    let p₃' := p.mul c |>.combine (s.mul (-a))
+    let p₃' := p₃'.addConst (c*k)
+    { d := a*d, p := p₃', h := .cooper₂ cs : DvdCnstr }
+  else
+    let p₃' := q.mul (-c) |>.combine (s.mul b)
+    let p₃' := p₃'.addConst (-c*k)
+    { d := b*d, p := p₃', h := .cooper₂ cs : DvdCnstr }
+  c₃'.assert
+
+private def checkIsNextVar (x : Var) : GoalM Unit := do
+  if x != (← get').assignment.size then
+    throwError "`grind` internal error, assigning variable out of order"
+
+private def traceAssignment (x : Var) (v : Rat) : GoalM Unit := do
+  trace[grind.debug.cutsat.search.assign] "{quoteIfArithTerm (← getVar x)} := {v}"
+
+private def setAssignment (x : Var) (v : Rat) : GoalM Unit := do
+  checkIsNextVar x
+  traceAssignment x v
+  modify' fun s => { s with assignment := s.assignment.push v }
+
+private def skipAssignment (x : Var)  : GoalM Unit := do
+  checkIsNextVar x
+  modify' fun s => { s with assignment := s.assignment.push 0 }
+
+/-- Assign eliminated variables using `elimEqs` field. -/
+private def assignElimVars : GoalM Unit := do
+  if (← inconsistent) then return ()
+  go (← get').elimStack
+where
+  go (xs : List Var) : GoalM Unit := do
+    match xs with
+    | [] => return ()
+    | x :: xs =>
+      let some c := (← get').elimEqs[x]!
+        | throwError "`grind` internal error, eliminated variable must have equation associated with it"
+      -- `x` may not be the max variable
+      let a := c.p.coeff x
+      if a == 0 then c.throwUnexpected
+      -- ensure `x` is 0 when evaluating `c.p`
+      modify' fun s => { s with assignment := s.assignment.set x 0 }
+      let some v ← c.p.eval? | c.throwUnexpected
+      let v := (-v) / a
+      traceAssignment x v
+      modify' fun s => { s with assignment := s.assignment.set x v }
+      go xs
+
+private def eqCoeffs (p₁ p₂ : Poly) (neg : Bool) :=
+  match p₁, p₂ with
+  | .num _, .num _ => true
+  | .add k₁ x₁ p₁, .add k₂ x₂ p₂ =>
+    (if neg then k₁ == -k₂ else k₁ == k₂) && x₁ == x₂ && eqCoeffs p₁ p₂ neg
+  | _, _ => false
+
+def tightUsingDvd (c : LeCnstr) (dvd? : Option DvdCnstr) : GoalM LeCnstr := do
+  let some dvd := dvd? | return c
+  let d  := dvd.d
+  let b₁ := dvd.p.getConst
+  if eqCoeffs dvd.p c.p false then
+    let b₂ := c.p.getConst
+    if (b₂ - b₁) % d != 0 then
+      let b₂' := b₁ - d * ((b₁ - b₂) / d)
+      let p := c.p.addConst (b₂'-b₂)
+      return { p, h := .dvdTight dvd c }
+  if eqCoeffs dvd.p c.p true then
+    let b₁ := -b₁
+    let b₂ := c.p.getConst
+    if (b₂ - b₁) % d != 0 then
+      let b₂' := b₁ - d * ((b₁ - b₂) / d)
+      let p := c.p.addConst (b₂'-b₂)
+      return { p, h := .negDvdTight dvd c }
+  return c
+
+/--
+Assuming all variables smaller than `x` have already been assigned,
+returns the best lower bound for `x` using the given partial assignment and
+inequality constraints where `x` is the maximal variable.
+-/
+def getBestLower? (x : Var) (dvd? : Option DvdCnstr) : GoalM (Option (Rat × LeCnstr)) := do
+  let s ← get'
+  let mut best? := none
+  for c in s.lowers[x]! do
+    let c ← tightUsingDvd c dvd?
+    let .add k _ p := c.p | c.throwUnexpected
+    let some v ← p.eval? | c.throwUnexpected
+    let lower' := v / (-k)
+    if let some (lower, _) := best? then
+      if lower' > lower then
+        best? := some (lower', c)
+    else
+      best? := some (lower', c)
+  return best?
+
+/--
+Assuming all variables smaller than `x` have already been assigned,
+returns the best upper bound for `x` using the given partial assignment and
+inequality constraints where `x` is the maximal variable.
+-/
+def getBestUpper? (x : Var) (dvd? : Option DvdCnstr) : GoalM (Option (Rat × LeCnstr)) := do
+  let s ← get'
+  let mut best? := none
+  for c in s.uppers[x]! do
+    let c ← tightUsingDvd c dvd?
+    let .add k _ p := c.p | c.throwUnexpected
+    let some v ← p.eval? | c.throwUnexpected
+    let upper' := (-v) / k
+    if let some (upper, _) := best? then
+      if upper' < upper then
+        best? := some (upper', c)
+    else
+      best? := some (upper', c)
+  return best?
+
+/-- Returns values we cannot assign `x` because of disequality constraints. -/
+def getDiseqValues (x : Var) : SearchM (Array (Rat × DiseqCnstr)) := do
+  let s ← get'
+  let mut r := #[]
+  for c in s.diseqs[x]! do
+    let .add k _ p := c.p | c.throwUnexpected
+    let some v ← p.eval? | c.throwUnexpected
+    if (← isApprox) then
+      r := r.push (((-v)/k), c)
+    else
+      -- We are building an integer model,
+      -- if `k` does not divide `v`, we can just ignore the disequality.
+      let v := v.num
+      if v % k == 0 then
+        r := r.push ((-v)/k, c)
+  return r
+
+/--
+Solution space for a divisibility constraint of the form `d ∣ a*x + b`
+See `DvdCnstr.getSolutions?` to understand how it is computed.
+-/
+structure DvdSolution where
+  d : Int := 1
+  b : Int := 0
+
+def DvdCnstr.getSolutions? (c : DvdCnstr) : SearchM (Option DvdSolution) := do
+  let d := c.d
+  let .add a _ p := c.p | c.throwUnexpected
+  let some b ← p.eval? | c.throwUnexpected
+  if b.den != 1 then
+    -- `b` is a rational number, mark model as imprecise, and ignore the constraint
+    setImprecise
+    return none
+  let b := b.num
+  -- We must solve `d ∣ a*x + b`
+  let g := d.gcd a
+  if b % g != 0 then
+    return none -- no solutions
+  let d := d / g
+  let a := a / g
+  let b := b / g
+  -- `α*a + β*d = 1`
+  -- `α*a = 1 (mod d)`
+  let (_, α, _β) := gcdExt a d
+  -- `a'*a = 1 (mod d)`
+  let a' := if α < 0 then α % d else α
+  -- `a*x = -b (mod d)`
+  -- `x = -b*a' (mod d)`
+  -- `x = k*d + -b*a'` for any k
+  return some { d, b := -b*a' }
+
+def resolveDvdConflict (c : DvdCnstr) : GoalM Unit := do
+  trace[grind.debug.cutsat.search.conflict] "{← c.pp}"
+  let d := c.d
+  let .add a _ p := c.p | c.throwUnexpected
+  { d := a.gcd d, p, h := .elim c : DvdCnstr }.assert
+
+/--
+Given a divisibility constraint solution space `s := { b, d }`,
+and a candidate assignment `v`, we want to find
+an assignment `w` such that `w ≥ v` such that exists `k`, `w = k*d + b`
+Thus,
+- `k*d + b ≥ v`
+- `k ≥ cdiv (v - b) d`
+So, we take `w = (cdiv (v - b) d)*d + b`
+-/
+def DvdSolution.ge (s : DvdSolution) (v : Int) : Int :=
+  (Int.Linear.cdiv (v - s.b) s.d)*s.d + s.b
+
+/--
+Given a divisibility constraint solution space `s := { b, d }`,
+and a candidate assignment `v`, we want to find
+an assignment `w` such that `w ≤ v` such that exists `k`, `w = k*d + b`
+Thus,
+- `k*d + b ≤ v`
+- `k ≤ (v - b) / d`
+So, we take `w = ((v - b) / d)*d + b`
+-/
+def DvdSolution.le (s : DvdSolution) (v : Int) : Int :=
+  ((v - s.b)/s.d)*s.d + s.b
+
+def findDiseq? (v : Int) (dvals : Array (Rat × DiseqCnstr)) : Option DiseqCnstr :=
+  (·.2) <$> dvals.find? fun (d, _) =>
+    d.den == 1 && d.num == v
+
+def inDiseqValues (v : Int) (dvals : Array (Rat × DiseqCnstr)) : Bool :=
+  Option.isSome <| findDiseq? v dvals
+
+def findRatDiseq? (v : Rat) (dvals : Array (Rat × DiseqCnstr)) : Option DiseqCnstr :=
+  (·.2) <$> dvals.find? fun (d, _) => v == d
+
+partial def DvdSolution.geAvoiding (s : DvdSolution) (v : Int) (dvals : Array (Rat × DiseqCnstr)) : Int :=
+  let v := s.ge v
+  if inDiseqValues v dvals then
+    geAvoiding s (v+1) dvals
+  else
+    v
+
+partial def DvdSolution.leAvoiding (s : DvdSolution) (v : Int) (dvals : Array (Rat × DiseqCnstr)) : Int :=
+  let v := s.le v
+  if inDiseqValues v dvals then
+    leAvoiding s (v-1) dvals
+  else
+    v
+
+inductive FindIntValResult where
+  | found (val : Int)
+  | diseq (c : DiseqCnstr)
+  | dvd
+  deriving Inhabited
+
+/--
+Tries to find an integer `v` s.t. `lower ≤ v ≤ upper`, `v ∉ dvals`, and `v ∈ s`.
+Returns `.found v` if result was found, `.dvd` if it failed because of the divisibility constraint,
+and `.diseq c` because of the disequality constraint `c`.
+-/
+partial def findIntVal (s : DvdSolution) (lower : Int) (upper : Int) (dvals : Array (Rat × DiseqCnstr)) : FindIntValResult :=
+  let v := s.ge lower
+  if v > upper then
+    .dvd
+  else
+    go v
+where
+  go (v : Int) : FindIntValResult :=
+    if let some c := findDiseq? v dvals then
+      let v := s.ge (v+1)
+      if v > upper then .diseq c else go v
+    else
+      .found v
+
+partial def findRatVal (lower upper : Rat) (diseqVals : Array (Rat × DiseqCnstr)) : Rat :=
+  let v := (lower + upper)/2
+  if (findRatDiseq? v diseqVals).isSome then
+    findRatVal lower v diseqVals
+  else
+    v
+
+def resolveRealLowerUpperConflict (c₁ c₂ : LeCnstr) : GoalM Bool := do
+  trace[grind.debug.cutsat.search.conflict] "{← c₁.pp}, {← c₂.pp}"
+  let .add a₁ _ p₁ := c₁.p | c₁.throwUnexpected
+  let .add a₂ _ p₂ := c₂.p | c₂.throwUnexpected
+  let p := p₁.mul a₂.natAbs |>.combine (p₂.mul a₁.natAbs)
+  if (← p.satisfiedLe) != .false then
+    trace[grind.cutsat.conflict] "not resolved"
+    return false
+  else
+    let k := p.gcdCoeffs'
+    let c := if k == 1 then
+      { p, h := .combine c₁ c₂ : LeCnstr }
+    else
+      { p := p.div k, h := .combineDivCoeffs c₁ c₂ k : LeCnstr }
+    trace[grind.debug.cutsat.search.conflict] "resolved: {← c.pp}"
+    c.assert
+    return true
+
+def resolveCooperUnary (pred : CooperSplitPred) : SearchM Bool := do
+  let some c₃ := pred.c₃? | return false
+  let .add (-1) _ (.num a) := pred.c₁.p | return false
+  let .add 1 _ (.num b) := pred.c₂.p | return false
+  let .add c _ (.num e) := c₃.p | return false
+  let d := c₃.d
+  let (1, α, _) := gcdExt c d | return false
+  unless -b < Int.Linear.cdiv (a - -α * e % d) d * d + -α * e % d do
+    return false
+  setInconsistent (.cooper pred.c₁ pred.c₂ c₃)
+  return true
+
+def resolveCooperPred (pred : CooperSplitPred) : SearchM Unit := do
+  trace[grind.debug.cutsat.search.conflict] "[{pred.numCases}]: {← pred.pp}"
+  if (← resolveCooperUnary pred) then
+    return
+  let n := pred.numCases
+  let fvarId ← mkCase (.cooper pred #[] {})
+  { pred, k := n - 1, h := .dec fvarId : CooperSplit }.assert
+
+def resolveCooper (c₁ c₂ : LeCnstr) : SearchM Unit := do
+  let left : Bool := c₁.p.leadCoeff.natAbs < c₂.p.leadCoeff.natAbs
+  resolveCooperPred { c₁, c₂, left, c₃? := none }
+
+def resolveCooperDvd (c₁ c₂ : LeCnstr) (c₃ : DvdCnstr) : SearchM Unit := do
+  let left : Bool := c₁.p.leadCoeff.natAbs < c₂.p.leadCoeff.natAbs
+  resolveCooperPred { c₁, c₂, left, c₃? := some c₃ }
+
+def DiseqCnstr.split (c : DiseqCnstr) : SearchM LeCnstr := do
+  let fvarId ← if let some fvarId := (← get').diseqSplits.find? c.p then
+    trace[grind.debug.cutsat.search.split] "{← c.pp}, reusing {fvarId.name}"
+    pure fvarId
+  else
+    let fvarId ← mkCase (.diseq c)
+    trace[grind.debug.cutsat.search.split] "{← c.pp}, {fvarId.name}"
+    modify' fun s => { s with diseqSplits := s.diseqSplits.insert c.p fvarId }
+    pure fvarId
+  let p₂ := c.p.addConst 1
+  return { p := p₂, h := .dec fvarId }
+
+/--
+Given `c₁` of the form `a₁*x + p₁ ≠ 0`, and `c₂` of the form `b*x + p ≤ 0`
+splits `c₁` and resolve with `c₂`.
+-/
+def resolveCooperDiseq (c₁ : DiseqCnstr) (c₂ : LeCnstr) (c₃? : Option DvdCnstr) : SearchM Unit := do
+  -- Ensure the coefficient is positive
+  let c₁ := if c₁.p.leadCoeff > 0 then
+    { p := c₁.p.mul (-1), h := .neg c₁ : DiseqCnstr }
+  else
+    c₁
+  let c₁ ← c₁.split
+  -- After the `c₁.split`, the real shadow may resolve the conflict
+  if (← resolveRealLowerUpperConflict c₁ c₂) then
+    return ()
+  if let some c₃ := c₃? then
+    resolveCooperDvd c₁ c₂ c₃
+  else
+    resolveCooper c₁ c₂
+
+/--
+Given `c₁` of the form `-a₁*x + p₁ ≤ 0`, and `c` of the form `b*x + p ≠ 0`,
+splits `c` and resolve with `c₁`.
+-/
+def resolveRatDiseq (c₁ : LeCnstr) (c : DiseqCnstr) : SearchM Unit := do
+  let c := if c.p.leadCoeff < 0 then
+    { p := c.p.mul (-1), h := .neg c : DiseqCnstr }
+  else
+    c
+  let c₂ ← c.split
+  let b ← resolveRealLowerUpperConflict c₁ c₂
+  assert! b
+
+def processVar (x : Var) : SearchM Unit := do
+  if (← eliminated x) then
+    trace[grind.debug.cutsat.search] "eliminated: {← getVar x}"
+    /-
+    Variable has been eliminated, and will be assigned later after we have assigned
+    variables that have not been eliminated.
+    -/
+    skipAssignment x
+    return ()
+  -- Solution space for divisibility constraint is `x = k*d + b`
+  let dvd? := (← get').dvds[x]!
+  let dvdSol ← if let some c := dvd? then
+    if let some solutions ← c.getSolutions? then
+      pure solutions
+    else
+      trace[grind.debug.cutsat.search] "dvd conflict: {← c.pp}"
+      resolveDvdConflict c
+      return ()
+  else
+    pure {}
+  let lower? ← getBestLower? x dvd?
+  let upper? ← getBestUpper? x dvd?
+  let diseqVals ← getDiseqValues x
+  match lower?, upper? with
+  | none, none =>
+    let v := dvdSol.geAvoiding 0 diseqVals
+    setAssignment x v
+  | some (lower, _), none =>
+    let lower := lower.ceil
+    let v := dvdSol.geAvoiding lower diseqVals
+    trace[grind.debug.cutsat.search] "{lower} ≤ {quoteIfArithTerm (← getVar x)} := {v}"
+    setAssignment x v
+  | none, some (upper, _) =>
+    let upper := upper.floor
+    let v := dvdSol.leAvoiding upper diseqVals
+    trace[grind.debug.cutsat.search] "{quoteIfArithTerm (← getVar x)} := {v} ≤ {upper}"
+    setAssignment x v
+  | some (lower, c₁), some (upper, c₂) =>
+    trace[grind.debug.cutsat.search] "{lower} ≤ {lower.ceil} ≤ {quoteIfArithTerm (← getVar x)} ≤ {upper.floor} ≤ {upper}"
+    if lower > upper then
+      let .true ← resolveRealLowerUpperConflict c₁ c₂
+        | throwError "`grind` internal error, conflict resolution failed"
+      return ()
+    -- `lower ≤ upper` here
+    if lower.ceil > upper.floor then
+      if (← resolveRealLowerUpperConflict c₁ c₂) then
+        -- Resolved conflict using "real" shadow
+        return ()
+      if !(← isApprox) then
+        resolveCooper c₁ c₂
+        return ()
+    let r := findIntVal dvdSol lower.ceil upper.floor diseqVals
+    if let .found v := r then
+      setAssignment x v
+      return ()
+    if (← isApprox) then
+      setImprecise
+      if lower < upper then
+        setAssignment x <| findRatVal lower upper diseqVals
+      else if let some c := findRatDiseq? lower diseqVals then
+        resolveRatDiseq c₁ c
+      else
+        setAssignment x lower
+    else
+      match r with
+      | .dvd => resolveCooperDvd c₁ c₂ dvd?.get!
+      | .diseq c => resolveCooperDiseq c c₂ dvd?
+      | _ => unreachable!
+
+/-- Returns `true` if we already have a complete assignment / model. -/
+def hasAssignment : GoalM Bool := do
+  return (← get').vars.size == (← get').assignment.size
+
+private def findCase (decVars : FVarIdSet) : SearchM Case := do
+  repeat
+    let numCases := (← get).cases.size
+    assert! numCases > 0
+    let case := (← get).cases[numCases-1]!
+    modify fun s => { s with cases := s.cases.pop }
+    if decVars.contains case.fvarId then
+      return case
+    -- Conflict does not depend on this case.
+    trace[grind.debug.cutsat.search.backtrack] "skipping {case.fvarId.name}"
+  unreachable!
+
+def resolveConflict (h : UnsatProof) : SearchM Unit := do
+  trace[grind.debug.cutsat.search.backtrack] "resolve conflict, decision stack: {(← get).cases.toList.map fun c => c.fvarId.name}"
+  let decVars := h.collectDecVars.run (← get).decVars
+  trace[grind.debug.cutsat.search.backtrack] "dec vars: {decVars.toList.map (·.name)}"
+  if decVars.isEmpty then
+    trace[grind.debug.cutsat.search.backtrack] "close goal: {← h.pp}"
+    closeGoal (← h.toExprProof)
+    return ()
+  let c ← findCase decVars
+  modify' fun _  => c.saved
+  trace[grind.debug.cutsat.search.backtrack] "backtracking {c.fvarId.name}"
+  let decVars := decVars.erase c.fvarId
+  match c.kind with
+  | .diseq c₁ =>
+    let decVars := decVars.toArray
+    let p' := c₁.p.mul (-1) |>.addConst 1
+    let c' := { p := p', h := .ofDiseqSplit c₁ c.fvarId h decVars : LeCnstr }
+    trace[grind.debug.cutsat.search.backtrack] "resolved diseq split: {← c'.pp}"
+    c'.assert
+  | .cooper pred hs decVars' =>
+    let decVars' := decVars.union decVars'
+    let n := pred.numCases
+    let hs := hs.push (c.fvarId, h)
+    trace[grind.debug.cutsat.search.backtrack] "cooper #{hs.size + 1}, {← pred.pp}, {hs.map fun p => p.1.name}"
+    let s ← if hs.size + 1 < n then
+      let fvarId ← mkCase (.cooper pred hs decVars')
+      pure { pred, k := n - hs.size - 1, h := .dec fvarId : CooperSplit }
+    else
+      let decVars' := decVars'.toArray
+      trace[grind.debug.cutsat.search.backtrack] "cooper last case, {← pred.pp}, dec vars: {decVars'.map (·.name)}"
+      pure { pred, k := 0, h := .last hs decVars' : CooperSplit }
+    s.assert
+
+/-- Search for an assignment/model for the linear constraints. -/
+private def searchAssignmentMain : SearchM Unit := do
+  repeat
+    trace[grind.debug.cutsat.search] "main loop"
+    checkSystem "cutsat"
+    if (← hasAssignment) then
+      return ()
+    if (← isInconsistent) then
+      -- `grind` state is inconsistent
+      return ()
+    if let some c := (← get').conflict? then
+      resolveConflict c
+    else
+      let x : Var := (← get').assignment.size
+      trace[grind.debug.cutsat.search] "next var: {← getVar x}, {x}, {(← get').assignment.toList}"
+      processVar x
+
+private def resetDecisionStack : SearchM Unit := do
+  if (← get).cases.isEmpty then
+    -- Nothing to reset
+    return ()
+  -- Backtrack changes but keep the assignment
+  let first := (← get).cases[0]!
+  modify' fun s => { first.saved with assignment := s.assignment }
+
+private def searchQLiaAssignment : GoalM Bool := do
+  let go : SearchM Bool := do
+    searchAssignmentMain
+    let precise := (← get).precise
+    resetDecisionStack
+    return precise
+  go .rat |>.run' {}
+
+private def traceActiveCnstrs : GoalM Unit := do
+  unless (← isTracingEnabledFor `grind.debug.cutsat.search.cnstrs) do return ()
+  let s ← get'
+  for x in [: s.vars.size] do
+    unless (← eliminated x) do
+      if let some dvd := s.dvds[x]! then
+        trace[grind.debug.cutsat.search.cnstrs] "{← dvd.pp}"
+      for c in s.lowers[x]! do
+        trace[grind.debug.cutsat.search.cnstrs] "{← c.pp}"
+      for c in s.uppers[x]! do
+        trace[grind.debug.cutsat.search.cnstrs] "{← c.pp}"
+      for c in s.diseqs[x]! do
+        trace[grind.debug.cutsat.search.cnstrs] "{← c.pp}"
+
+private def searchLiaAssignment : GoalM Unit := do
+  let go : SearchM Unit := do
+    searchAssignmentMain
+    resetDecisionStack
+  traceActiveCnstrs
+  reorderVars
+  traceActiveCnstrs
+  go .int |>.run' {}
+
+def searchAssignment : GoalM Unit := do
+  let precise ← searchQLiaAssignment
+  if (← isInconsistent) then return ()
+  if !(← getConfig).qlia && !precise then
+    -- Search for a new model using `.int` mode.
+    trace[grind.debug.cutsat.search] "restart using Cooper resolution"
+    modify' fun s => { s with assignment := {} }
+    searchLiaAssignment
+    trace[grind.debug.cutsat.search] "after search int model, inconsistent: {← isInconsistent}"
+    if (← isInconsistent) then return ()
+  -- TODO: constructing a model is only worth if `grind` will **not** continue searching.
+  assignElimVars
+
+/--
+Returns `true` if work/progress has been done.
+There are two kinds of progress:
+- An assignment for satisfying constraints was constructed.
+- An inconsistency was detected.
+
+The result is `false` if module already has a satisfying assignment.
+-/
+def check : GoalM Bool := do
+  if (← hasAssignment) then
+    return false
+  else
+    searchAssignment
+    return true
+
+end Lean.Meta.Grind.Arith.Cutsat

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Cutsat/SearchM.lean

@@ -0,0 +1,79 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Util
+
+namespace Lean.Meta.Grind.Arith.Cutsat
+/--
+In principle, we only need to support two kinds of case split.
+- Disequalities.
+- Cooper-Left, but we have 4 different variants of this one.
+-/
+inductive CaseKind where
+  | diseq (d : DiseqCnstr)
+  | cooper (s : CooperSplitPred) (hs : Array (FVarId × UnsatProof)) (decVars : FVarIdSet)
+  deriving Inhabited
+
+structure Case where
+  kind   : CaseKind
+  /--
+  Decision variable used to represent the case-split.
+  For example, suppose we are splitting on `p ≠ 0`. Then,
+  we create a decision variable `h : p + 1 ≤ 0`
+  -/
+  fvarId : FVarId
+  /--
+  Snapshot of the cutsat state for backtracking purposes.
+  We do not use a trail stack.
+  -/
+  saved  : State
+  deriving Inhabited
+
+inductive Search.Kind where
+  | /--
+    Allow variables to be assigned to rational numbers during model
+    construction.
+    -/
+    rat
+  | /--
+    Variables must be assigned to integer numbers.
+    Cooper case splits are required in this mode.
+    -/
+    int
+  deriving Inhabited, BEq
+
+/--
+State of the model search procedure.
+-/
+structure Search.State where
+  /-- Decision stack (aka case-split stack) -/
+  cases   : PArray Case := {}
+  /-- `precise := false` if not all constraints were satisfied during the search. -/
+  precise : Bool := true
+  /-- Set of decision variables in `cases`. -/
+  decVars : FVarIdSet := {}
+
+abbrev SearchM := ReaderT Search.Kind (StateRefT Search.State GoalM)
+
+/-- Returns `true` if approximations are allowed. -/
+def isApprox : SearchM Bool :=
+  return (← read) == .rat
+
+/-- Sets `precise` to `false` to indicate that some constraint was not satisfied. -/
+def setImprecise : SearchM Unit := do
+  modify fun s => { s with precise := false }
+
+def mkCase (kind : CaseKind) : SearchM FVarId := do
+  let fvarId ← mkFreshFVarId
+  let saved ← get'
+  modify fun s => { s with
+    cases   := s.cases.push { saved, fvarId, kind }
+    decVars := s.decVars.insert fvarId
+  }
+  modify' fun s => { s with caseSplits := true }
+  return fvarId
+
+end Lean.Meta.Grind.Arith.Cutsat

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Cutsat/ToInt.lean

@@ -0,0 +1,378 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Init.Grind.ToIntLemmas
+import Lean.Meta.Tactic.Grind.Simp
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Util
+
+namespace Lean.Meta.Grind.Arith.Cutsat
+
+private def reportMissingToIntAdapter (type : Expr) (instType : Expr) : MetaM Unit := do
+  trace[grind.debug.cutsat.debug] "`ToInt` initialization failure, failed to synthesize{indentExpr instType}\nfor type{indentExpr type}"
+
+private def throwMissingDecl (declName : Name) : MetaM Unit :=
+  throwError "`grind cutsat`, unexpected missing declaration {declName}"
+
+private def checkDecl (declName : Name) : MetaM Unit := do
+  unless (← getEnv).contains declName do
+    throwMissingDecl declName
+
+private def mkOfNatThm? (type : Expr) (u : Level) (toIntInst : Expr) (rangeExpr : Expr) : MetaM (Option Expr) := do
+  -- ∀ n, OfNat α n
+  let ofNat := mkForall `n .default (mkConst ``Nat) (mkApp2 (mkConst ``OfNat [u]) type (mkBVar 0))
+  let .some ofNatInst ← trySynthInstance ofNat
+    | reportMissingToIntAdapter type ofNat; return none
+  let toIntOfNat := mkApp4 (mkConst ``Grind.ToInt.OfNat [u]) type ofNatInst rangeExpr toIntInst
+  let .some toIntOfNatInst ← trySynthInstance toIntOfNat
+    | reportMissingToIntAdapter type toIntOfNat; return none
+  return mkApp5 (mkConst ``Grind.ToInt.ofNat_eq [u]) type rangeExpr toIntInst ofNatInst toIntOfNatInst
+
+/-- Helper function for `mkSimpleOpThm?` and `mkPowThm?` -/
+private def mkSimpleOpThmCore? (type : Expr) (u : Level) (toIntInst : Expr) (rangeExpr : Expr) (op : Expr) (opSuffix : Name) (thmName : Name) : MetaM (Option Expr) := do
+  let .some opInst ← trySynthInstance op | return none
+  let toIntOpName := ``Grind.ToInt ++ opSuffix
+  checkDecl toIntOpName
+  let toIntOp := mkApp4 (mkConst toIntOpName [u]) type opInst rangeExpr toIntInst
+  let .some toIntOpInst ← trySynthInstance toIntOp
+    | reportMissingToIntAdapter type toIntOp; return none
+  checkDecl thmName
+  return mkApp5 (mkConst thmName [u]) type rangeExpr toIntInst opInst toIntOpInst
+
+/-- Simpler version of `mkBinOpThms` for operators that have only one congruence theorem. -/
+private def mkSimpleOpThm? (type : Expr) (u : Level) (toIntInst : Expr) (rangeExpr : Expr) (opBaseName : Name) (thmName : Name) : MetaM (Option Expr) := do
+  let op := mkApp (mkConst opBaseName [u]) type
+  mkSimpleOpThmCore? type u toIntInst rangeExpr op opBaseName thmName
+
+/-- Simpler version of `mkBinOpThms` for operators that have only one congruence theorem. -/
+private def mkPowThm? (type : Expr) (u : Level) (toIntInst : Expr) (rangeExpr : Expr) : MetaM (Option Expr) := do
+  let op := mkApp3 (mkConst ``HPow [u, 0, u]) type Nat.mkType type
+  mkSimpleOpThmCore? type u toIntInst rangeExpr op `Pow ``Grind.ToInt.pow_congr
+
+private def mkBinOpThms (type : Expr) (u : Level) (toIntInst : Expr) (rangeExpr : Expr) (range : Grind.IntInterval) (opBaseName : Name) (thmName : Name) : MetaM ToIntThms := do
+  let some c ← mkSimpleOpThm? type u toIntInst rangeExpr opBaseName thmName | return {}
+  let opInst := c.appFn!.appArg!
+  let toIntOpInst := c.appArg!
+  let env ← getEnv
+  let cwwName := thmName ++ `ww
+  let cwlName := thmName ++ `wl
+  let cwrName := thmName ++ `wr
+  let c_ww? := if range.isFinite && env.contains cwwName then
+    some <| mkApp6 (mkConst cwwName [u]) type rangeExpr toIntInst opInst toIntOpInst reflBoolTrue
+  else
+    none
+  let c_wl? := if range.isFinite && range.nonEmpty && env.contains cwwName then
+    some <| mkApp7 (mkConst cwlName [u]) type rangeExpr toIntInst opInst toIntOpInst reflBoolTrue reflBoolTrue
+  else
+    none
+  let c_wr? := if range.isFinite && range.nonEmpty && env.contains cwwName then
+    some <| mkApp7 (mkConst cwrName [u]) type rangeExpr toIntInst opInst toIntOpInst reflBoolTrue reflBoolTrue
+  else
+    none
+  return { c? := some c, c_ww?, c_wl?, c_wr? }
+
+-- TODO: improve this function
+private def evalInt? (e : Expr) : MetaM (Option Int) := do
+  let e ← whnfD e
+  match_expr e with
+  | Int.ofNat a =>
+    let some a ← getNatValue? (← whnfD a) | return none
+    return some (a : Int)
+  | Int.negSucc a =>
+    let some a ← getNatValue? (← whnfD a) | return none
+    return some (- (a : Int) - 1)
+  | _ => return none
+
+def getToIntInfo? (type : Expr) : GoalM (Option ToIntInfo) := do
+  if let some id? := (← get').toIntInfos.find? { expr := type } then
+    return id?
+  else
+    let info? ← go?
+    modify' fun s => { s with toIntInfos := s.toIntInfos.insert { expr := type } info? }
+    return info?
+where
+  toIntInterval? (rangeExpr : Expr) : GoalM (Option Grind.IntInterval) := do
+    let rangeExpr ← whnfD rangeExpr
+    match_expr rangeExpr with
+    | Grind.IntInterval.co lo hi =>
+      let some lo ← evalInt? lo
+        | trace[grind.debug.cutsat.toInt] "`ToInt` lower bound could not be reduced to an integer{indentExpr (← whnfD lo)}\nfor type{indentExpr type}"
+          return none
+      let some hi ← evalInt? hi
+        | trace[grind.debug.cutsat.toInt] "`ToInt` upper bound could not be reduced to an integer{indentExpr hi}\nfor type{indentExpr type}"
+          return none
+      return some (.co lo hi)
+    | _ =>
+      trace[grind.debug.cutsat.toInt] "unsupported `ToInt` interval{indentExpr rangeExpr}\nfor type{indentExpr type}"
+      return none
+
+  go? : GoalM (Option ToIntInfo) := withNewMCtxDepth do
+    let u' ← getLevel type
+    let some u ← decLevel? u' | return none
+    let rangeExpr ← mkFreshExprMVar (mkConst ``Grind.IntInterval)
+    let toIntType := mkApp2 (mkConst ``Grind.ToInt [u]) type rangeExpr
+    let .some toIntInst ← trySynthInstance toIntType |
+      trace[grind.debug.cutsat.toInt] "failed to synthesize {indentExpr toIntType}"
+      return none
+    let rangeExpr ← instantiateMVars rangeExpr
+    let some range ← toIntInterval? rangeExpr | return none
+    let toInt := mkApp3 (mkConst ``Grind.ToInt.toInt [u]) type rangeExpr toIntInst
+    let wrap := mkApp (mkConst ``Grind.IntInterval.wrap) rangeExpr
+    let ofWrap0? := if let .co 0 hi := range then
+      some <| mkApp3 (mkConst ``Grind.ToInt.of_eq_wrap_co_0) rangeExpr (toExpr hi) reflBoolTrue
+    else
+      none
+    let ofEq := mkApp3 (mkConst ``Grind.ToInt.of_eq [u]) type rangeExpr toIntInst
+    let ofDiseq := mkApp3 (mkConst ``Grind.ToInt.of_diseq [u]) type rangeExpr toIntInst
+    let (ofLE?, ofNotLE?) ← do
+      let toLE := mkApp (mkConst ``LE [u]) type
+      let .some leInst ← LOption.toOption <$> trySynthInstance toLE | pure (none, none)
+      let toIntLE := mkApp4 (mkConst ``Grind.ToInt.LE [u]) type leInst rangeExpr toIntInst
+      let .some toIntLEInst ← LOption.toOption <$> trySynthInstance toIntLE
+        | reportMissingToIntAdapter type toIntLE; pure (none, none)
+      let ofLE := mkApp5 (mkConst ``Grind.ToInt.of_le [u]) type rangeExpr toIntInst leInst toIntLEInst
+      let ofNotLE := mkApp5 (mkConst ``Grind.ToInt.of_not_le [u]) type rangeExpr toIntInst leInst toIntLEInst
+      pure (some ofLE, some ofNotLE)
+    let (ofLT?, ofNotLT?) ← do
+      let toLT := mkApp (mkConst ``LT [u]) type
+      let .some ltInst ← LOption.toOption <$> trySynthInstance toLT | pure (none, none)
+      let toIntLT := mkApp4 (mkConst ``Grind.ToInt.LT [u]) type ltInst rangeExpr toIntInst
+      let .some toIntLTInst ← LOption.toOption <$> trySynthInstance toIntLT
+        | reportMissingToIntAdapter type toIntLT; pure (none, none)
+      let ofLT := mkApp5 (mkConst ``Grind.ToInt.of_lt [u]) type rangeExpr toIntInst ltInst toIntLTInst
+      let ofNotLT := mkApp5 (mkConst ``Grind.ToInt.of_not_lt [u]) type rangeExpr toIntInst ltInst toIntLTInst
+      pure (some ofLT, some ofNotLT)
+    let mkBinOpThms (opBaseName : Name) (thmName : Name) :=
+      mkBinOpThms type u toIntInst rangeExpr range opBaseName thmName
+    let mkSimpleOpThm? (opBaseName : Name) (thmName : Name) :=
+      mkSimpleOpThm? type u toIntInst rangeExpr opBaseName thmName
+    let addThms ← mkBinOpThms ``Add ``Grind.ToInt.add_congr
+    let mulThms ← mkBinOpThms ``Mul ``Grind.ToInt.mul_congr
+    let subThm? ← mkSimpleOpThm? ``Sub ``Grind.ToInt.sub_congr
+    let negThm? ← mkSimpleOpThm? ``Neg ``Grind.ToInt.neg_congr
+    let divThm? ← mkSimpleOpThm? ``Div ``Grind.ToInt.div_congr
+    let modThm? ← mkSimpleOpThm? ``Mod ``Grind.ToInt.mod_congr
+    let powThm? ← mkPowThm? type u toIntInst rangeExpr
+    let zeroThm? ← mkSimpleOpThm? ``Zero ``Grind.ToInt.zero_eq
+    let ofNatThm? ← mkOfNatThm? type u toIntInst rangeExpr
+    let lowerThm? := if let some lo := range.lo? then
+      if lo == 0 then
+        some <| mkApp4 (mkConst ``Grind.ToInt.ge_lower0 [u]) type rangeExpr toIntInst reflBoolTrue
+      else
+        some <| mkApp5 (mkConst ``Grind.ToInt.ge_lower [u]) type rangeExpr toIntInst (toExpr lo) reflBoolTrue
+    else none
+    let upperThm? := if let some hi := range.hi? then
+      some <| mkApp5 (mkConst ``Grind.ToInt.le_upper [u]) type rangeExpr toIntInst (toExpr (-hi + 1)) reflBoolTrue
+    else none
+    trace[grind.debug.cutsat.toInt] "registered toInt: {type}"
+    return some {
+      type, u, toIntInst, rangeExpr, range, toInt, wrap, ofWrap0?, ofEq, ofDiseq, ofLE?, ofNotLE?, ofLT?, ofNotLT?, addThms, mulThms,
+      subThm?, negThm?, divThm?, modThm?, powThm?, zeroThm?, ofNatThm?, lowerThm?, upperThm?
+    }
+
+structure ToIntM.Context where
+  info : ToIntInfo
+
+abbrev ToIntM := ReaderT ToIntM.Context GoalM
+
+def getInfo : ToIntM ToIntInfo :=
+  return (← read).info
+
+def ToIntM.run? (type : Expr) (x : ToIntM α) : GoalM (Option α) := do
+  let some info ← getToIntInfo? type | return none
+  return some (← x { info })
+
+def ToIntM.run (type : Expr) (x : ToIntM Unit) : GoalM Unit := do
+  let some info ← getToIntInfo? type | return ()
+  x { info }
+
+private def intRfl := mkApp (mkConst ``Eq.refl [1]) Int.mkType
+
+def mkToIntVar (e : Expr) : ToIntM (Expr × Expr) := do
+  if let some info := (← get').toIntTermMap.find? { expr := e } then
+    return (info.eToInt, info.he)
+  let eToInt := mkApp (← getInfo).toInt e
+  let he := mkApp intRfl eToInt
+  let α := (← getInfo).type
+  modify' fun s => { s with
+    toIntTermMap := s.toIntTermMap.insert { expr := e } { eToInt, he, α }
+  }
+  markAsCutsatTerm e
+  return (eToInt, he)
+
+def getToIntTermType? (e : Expr) : GoalM (Option Expr) := do
+  let some info := (← get').toIntTermMap.find? { expr := e } | return none
+  return some info.α
+
+def isToIntTerm (e : Expr) : GoalM Bool :=
+  return (← get').toIntTermMap.contains { expr := e }
+
+private def isHomo (α β γ : Expr) : Bool :=
+  isSameExpr α β && isSameExpr α γ
+
+private def isWrap (e : Expr) : Option Expr :=
+  match_expr e with
+  | Grind.IntInterval.wrap _ a => some a
+  | _ => none
+
+/--
+Given `h : toInt a = i.wrap b`, return `(b', h)` where
+`b'` is the expanded form of `i.wrap b`, and `h : toInt a = b'`
+-/
+private def expandWrap (a b : Expr) (h : Expr) : ToIntM (Expr × Expr) := do
+  match (← getInfo).range with
+  | .ii => return (b, h)
+  | .co 0 hi =>
+    let b' := mkIntMod b (toExpr hi)
+    let toA := mkApp (← getInfo).toInt a
+    let h := mkApp3 (← getInfo).ofWrap0?.get! toA b h
+    return (b', h)
+  | .co lo hi =>
+    let b' := mkIntAdd (mkIntMod (mkIntSub b (toExpr lo)) (toExpr (hi - lo))) (toExpr lo)
+    return (b', h)
+  | _ => throwError "`grind cutsat`, `ToInt` interval not supported yet"
+
+/--
+Given `h : toInt a = b`, if `b` is of the form `i.wrap b'`,
+invokes `expandWrap a b' h`
+-/
+private def expandIfWrap (a b : Expr) (h : Expr) : ToIntM (Expr × Expr) := do
+  match isWrap b with
+  | none => return (b, h)
+  | some b => expandWrap a b h
+
+private def mkWrap (a : Expr) : ToIntM Expr := do
+  return mkApp (← getInfo).wrap a
+
+private def ToIntThms.mkResult (toIntThms : ToIntThms) (mkBinOp : Expr → Expr → Expr) (a b : Expr) (a' b' : Expr) (h₁ h₂ : Expr) : ToIntM (Expr × Expr) := do
+  let f := toIntThms.c?.get!
+  let mk (f : Expr) (a' b' : Expr) : ToIntM (Expr × Expr) := do
+    -- If the appropriate `wrap` cancellation theorem is missing, we have to expand the nested wrap.
+    let (a', h₁) ← expandIfWrap a a' h₁
+    let (b', h₂) ← expandIfWrap b b' h₂
+    let h := mkApp6 f a b a' b' h₁ h₂
+    let r ← mkWrap (mkBinOp a' b')
+    return (r, h)
+  match isWrap a', isWrap b' with
+  | none,     none     => mk f a' b'
+  | some a'', none     => if let some f := toIntThms.c_wl? then mk f a'' b' else mk f a' b'
+  | none,     some b'' => if let some f := toIntThms.c_wr? then mk f a' b'' else mk f a' b'
+  | some a'', some b'' => if let some f := toIntThms.c_ww? then mk f a'' b'' else mk f a' b'
+
+private partial def toInt' (e : Expr) : ToIntM (Expr × Expr) := do
+  match_expr e with
+  | HAdd.hAdd α β γ _ a b =>
+    unless isHomo α β γ do return (← mkToIntVar e)
+    toIntBin (← getInfo).addThms mkIntAdd a b
+  | HMul.hMul α β γ _ a b =>
+    unless isHomo α β γ do return (← mkToIntVar e)
+    toIntBin (← getInfo).mulThms mkIntMul a b
+  | HDiv.hDiv α β γ _ a b =>
+    unless isHomo α β γ do return (← mkToIntVar e)
+    processDivMod (isDiv := true) a b
+  | HMod.hMod α β γ _ a b =>
+    unless isHomo α β γ do return (← mkToIntVar e)
+    processDivMod (isDiv := false) a b
+  | HSub.hSub α β γ _ a b =>
+    unless isHomo α β γ do return (← mkToIntVar e)
+    processSub a b
+  | Neg.neg _ _ a =>
+    processNeg a
+  | HPow.hPow α β γ _ a b =>
+    unless isSameExpr α γ && β.isConstOf ``Nat do return (← mkToIntVar e)
+    processPow a b
+  | Zero.zero _ _ =>
+    let some thm := (← getInfo).zeroThm? | mkToIntVar e
+    return (mkIntLit 0, thm)
+  | OfNat.ofNat _ n _ =>
+    let some thm := (← getInfo).ofNatThm? | mkToIntVar e
+    let some n ← getNatValue? n | mkToIntVar e
+    let r := mkIntLit ((← getInfo).range.wrap n)
+    let h := mkApp thm (toExpr n)
+    return (r, h)
+  | _ => mkToIntVar e
+where
+  toIntBin (toIntOp : ToIntThms) (mkBinOp : Expr → Expr → Expr) (a b : Expr) : ToIntM (Expr × Expr) := do
+    unless toIntOp.c?.isSome do return (← mkToIntVar e)
+    let (a', h₁) ← toInt' a
+    let (b', h₂) ← toInt' b
+    toIntOp.mkResult mkBinOp a b a' b' h₁ h₂
+
+  toIntAndExpandWrap (a : Expr) : ToIntM (Expr × Expr) := do
+    let (a', h₁) ← toInt' a
+    expandIfWrap a a' h₁
+
+  processDivMod (isDiv : Bool) (a b : Expr) : ToIntM (Expr × Expr) := do
+    let some thm ← if isDiv then pure (← getInfo).divThm? else pure (← getInfo).modThm?
+      | return (← mkToIntVar e)
+    let (a', h₁) ← toIntAndExpandWrap a
+    let (b', h₂) ← toIntAndExpandWrap b
+    let r := if isDiv then mkIntDiv a' b' else mkIntMod a' b'
+    let h := mkApp6 thm a b a' b' h₁ h₂
+    return (r, h)
+
+  processSub (a b : Expr) : ToIntM (Expr × Expr) := do
+    let some thm := (← getInfo).subThm? | return (← mkToIntVar e)
+    let (a', h₁) ← toIntAndExpandWrap a
+    let (b', h₂) ← toIntAndExpandWrap b
+    let r ← mkWrap (mkIntSub a' b')
+    let h := mkApp6 thm a b a' b' h₁ h₂
+    return (r, h)
+
+  processNeg (a : Expr) : ToIntM (Expr × Expr) := do
+    let some thm := (← getInfo).negThm? | return (← mkToIntVar e)
+    let (a', h₁) ← toIntAndExpandWrap a
+    let r ← mkWrap (mkIntNeg a')
+    let h := mkApp3 thm a a' h₁
+    return (r, h)
+
+  processPow (a b : Expr) : ToIntM (Expr × Expr) := do
+    let some thm := (← getInfo).powThm? | return (← mkToIntVar e)
+    let (a', h₁) ← toIntAndExpandWrap a
+    let r ← mkWrap (mkIntPowNat a' b)
+    let h := mkApp4 thm a b a' h₁
+    return (r, h)
+
+def toInt (a : Expr) : ToIntM (Expr × Expr) := do
+  let (b, h) ← toInt' a
+  let (b, h) ← match isWrap b with
+    | some b' => expandWrap a b' h
+    | _ => pure (b, h)
+  let r ← preprocess b
+  if let some proof := r.proof? then
+    return (r.expr, (← mkEqTrans h proof))
+  else
+    return (r.expr, h)
+
+def toInt? (a : Expr) (type : Expr) : GoalM (Option (Expr × Expr)) := do
+  ToIntM.run? type do toInt a
+
+def isSupportedType (type : Expr) : GoalM Bool := do
+  if type == Nat.mkType || type == Int.mkType then
+    return true
+  else
+    return (← getToIntInfo? type).isSome
+
+/--
+Given `x` whose denotation is `e`, if `e` is of the form `ToInt a`,
+asserts its lower and upper bounds if available
+-/
+def assertToIntBounds (e : Expr) (x : Var) : GoalM Unit := do
+  let_expr Grind.ToInt.toInt α _ _ a := e | return ()
+  ToIntM.run α do
+  let info ← getInfo
+  let i := info.range
+  if let some lo := i.lo? then
+    let some thm := info.lowerThm? | unreachable!
+    let p := .add (-1) x (.num lo)
+    let c := { p, h := .bound (mkApp thm a) : LeCnstr }
+    c.assert
+  if let some hi := i.hi? then
+    let some thm := info.upperThm? | unreachable!
+    let p := .add 1 x (.num (-hi + 1))
+    let c := { p, h := .bound (mkApp thm a) : LeCnstr }
+    c.assert
+
+end Lean.Meta.Grind.Arith.Cutsat

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Cutsat/ToIntInfo.lean

@@ -0,0 +1,85 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Init.Grind.ToInt
+import Lean.Meta.Tactic.Grind.Arith.Util
+
+namespace Lean.Meta.Grind.Arith.Cutsat
+open Lean Grind
+
+/--
+Theorems for operators that have support for `i.wrap` over `i.wrap` simplification.
+Currently only addition and multiplication have `wrap` cancellation theorems
+-/
+structure ToIntThms where
+  /--
+  Basic theorem of the form
+  ```
+  toInt a = a' → toInt b = b' → toInt (a ⊞ b) = i.wrap (a' ⊞ b')`
+  ```
+  -/
+  c?    : Option Expr := none
+  /--
+  Left-right `wrap` cancellation theorem of the form
+  ```
+  toInt a = i.wrap a' → toInt b = i.wrap b' → toInt (a ⊞ b) = i.wrap (a' ⊞ b')
+  ```
+  -/
+  c_ww? : Option Expr := none
+  /--
+  Left `wrap` cancellation theorem of the form
+  ```
+  toInt a = i.wrap a' → toInt b = b' → toInt (a ⊞ b) = i.wrap (a' ⊞ b')
+  ```
+  -/
+  c_wl? : Option Expr := none
+  /--
+  Right `wrap` cancellation theorem of the form
+  ```
+  toInt a = a' → toInt b = i.wrap b' → toInt (a ⊞ b) = i.wrap (a' ⊞ b')
+  ```
+  -/
+  c_wr? : Option Expr := none
+
+structure ToIntInfo where
+  type      : Expr
+  u         : Level
+  toIntInst : Expr
+  rangeExpr : Expr
+  range     : IntInterval
+  toInt     : Expr
+  wrap      : Expr
+  -- theorem `of_eq_wrap_co_0` if `range == .co 0 hi`
+  ofWrap0?  : Option Expr
+  ofEq      : Expr
+  ofDiseq   : Expr
+  ofLE?     : Option Expr
+  ofNotLE?  : Option Expr
+  ofLT?     : Option Expr
+  ofNotLT?  : Option Expr
+  addThms   : ToIntThms
+  mulThms   : ToIntThms
+  subThm?   : Option Expr
+  negThm?   : Option Expr
+  divThm?   : Option Expr
+  modThm?   : Option Expr
+  powThm?   : Option Expr
+  zeroThm?  : Option Expr
+  ofNatThm? : Option Expr
+  lowerThm? : Option Expr
+  upperThm? : Option Expr
+
+/--
+For each term `e` of type `α` which implements the `ToInt α i` class,
+we store its corresponding `Int` term `eToInt`, a proof `he : toInt e = eToInt`,
+and the type `α`.
+-/
+structure ToIntTermInfo where
+  eToInt : Expr
+  α      : Expr
+  he     : Expr
+
+end Lean.Meta.Grind.Arith.Cutsat

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Cutsat/Types.lean

@@ -0,0 +1,346 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Init.Data.Int.Linear
+import Std.Internal.Rat
+import Lean.Data.PersistentArray
+import Lean.Meta.Tactic.Grind.ExprPtr
+import Lean.Meta.Tactic.Grind.Arith.Util
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.ToIntInfo
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Types
+
+namespace Lean.Meta.Grind.Arith.Cutsat
+
+export Int.Linear (Var Poly)
+export Std.Internal (Rat)
+
+deriving instance Hashable for Poly
+
+/-!
+This module implements a model-based decision procedure for linear integer arithmetic,
+inspired by Section 4 of "Cutting to the Chase: Solving Linear Integer Arithmetic".
+Our implementation includes several enhancements and modifications:
+Key Features:
+- Extended constraint support (equality and disequality)
+- Optimized encoding of `Cooper-Left` rule using "big"-disjunction instead of fresh variables
+- Decision variable tracking for case splits (disequalities, `Cooper-Left`, `Cooper-Right`)
+
+Constraint Types:
+We handle four categories of linear polynomial constraints (where p is a linear polynomial):
+1. Equality:     `p = 0`
+2. Divisibility: `d ∣ p`
+3. Inequality:   `p ≤ 0`
+4. Disequality:  `p ≠ 0`
+
+Implementation Details:
+- Polynomials use `Int.Linear.Poly` with sorted linear monomials (leading monomial contains max variable)
+- Equalities are eliminated eagerly
+- Divisibility constraints are maintained in solved form (one constraint per variable) using `Div-Solve`
+
+Model Construction:
+The procedure builds a model incrementally, resolving conflicts through constraint generation.
+For example:
+Given a partial model `{x := 1}` and constraint `3 ∣ 3*y + x + 1`:
+- Cannot extend to `y` because `3 ∣ 3*y + 2` is unsatisfiable
+- Generate implied constraint `3 ∣ x + 1`
+- Force model update for `x`
+
+Variable Assignment:
+When assigning a variable `y`, we consider:
+- Best upper and lower bounds (inequalities)
+- Divisibility constraint
+- Disequality constraints
+`Cooper-Left` and `Cooper-Right` rules handle the combination of inequalities and divisibility.
+For unsatisfiable disequalities p ≠ 0, we generate case split: `p + 1 ≤ 0 ∨ -p + 1 ≤ 0`
+
+Contradiction Handling:
+- Check dependency on decision variables
+- If independent, use contradiction to close current grind goal
+- Otherwise, trigger backtracking
+
+Optimization:
+We employ rational approximation for model construction:
+- Continue with rational solutions when integer solutions aren't immediately found
+- Helps identify simpler unsatisfiability proofs before full integer model construction
+-/
+
+/-
+Remark: we will not define a parent structure `Cnstr` with the common
+fields until the compiler provides support for avoiding the performance overhead.
+-/
+
+mutual
+/-- A equality constraint and its justification/proof. -/
+structure EqCnstr where
+  p  : Poly
+  h  : EqCnstrProof
+
+inductive EqCnstrProof where
+  | /-- An equality `a = 0` coming from the core. -/
+    core0 (a : Expr) (zero : Expr)
+  | /--
+    An equality `a = b` coming from the core.
+    `p₁` and `p₂` are the polynomials corresponding to `a` and `b`.
+    -/
+    core (a b : Expr) (p₁ p₂ : Poly)
+  | coreNat (a b : Expr) (lhs rhs : Int.OfNat.Expr) (lhs' rhs' : Int.Linear.Expr)
+  | coreToInt (a b : Expr) (toIntThm : Expr) (lhs rhs : Int.Linear.Expr)
+  | /-- `e` is `p` -/
+    defn (e : Expr) (p : Poly)
+  | defnNat (e : Int.OfNat.Expr) (x : Var) (e' : Int.Linear.Expr)
+  | norm (c : EqCnstr)
+  | divCoeffs (c : EqCnstr)
+  | subst (x : Var) (c₁ : EqCnstr) (c₂ : EqCnstr)
+  | ofLeGe (c₁ : LeCnstr) (c₂ : LeCnstr)
+  | reorder (c : EqCnstr)
+  | commRingNorm (c : EqCnstr) (e : CommRing.RingExpr) (p : CommRing.Poly)
+  | defnCommRing (e : Expr) (p : Poly) (re : CommRing.RingExpr) (rp : CommRing.Poly) (p' : Poly)
+  | defnNatCommRing (e : Int.OfNat.Expr) (x : Var) (e' : Int.Linear.Expr) (p : Poly) (re : CommRing.RingExpr) (rp : CommRing.Poly) (p' : Poly)
+
+/-- A divisibility constraint and its justification/proof. -/
+structure DvdCnstr where
+  d  : Int
+  p  : Poly
+  h  : DvdCnstrProof
+
+/--
+The predicate of type `Nat → Prop`, which serves as the conclusion of the
+`cooper_left`, `cooper_right`, `cooper_dvd_left`, and `cooper_dvd_right` theorems.
+
+The specific predicate used is determined as follows:
+- `cooper_left_split` (if `left` is `true` and `c₃?` is `none`)
+- `cooper_right_split` (if `left` is `false` and `c₃?` is `none`)
+- `cooper_dvd_left_split` (if `left` is `true` and `c₃?` is `some`)
+- `cooper_dvd_right_split` (if `left` is `false` and `c₃?` is `some`)
+
+See `CooperSplit`
+-/
+structure CooperSplitPred where
+  left     : Bool
+  c₁       : LeCnstr
+  c₂       : LeCnstr
+  c₃?      : Option DvdCnstr
+
+/--
+An instance of the `CooperSplitPred` at `k`.
+-/
+structure CooperSplit where
+  pred  : CooperSplitPred
+  k     : Nat
+  h     : CooperSplitProof
+
+/--
+The `cooper_left`, `cooper_right`, `cooper_dvd_left`, and `cooper_dvd_right` theorems have a resulting type
+that is a big-or of the form `OrOver n (cooper_*_split ...)`. The predicate `(cooper_*_split ...)` has type `Nat → Prop`.
+The `cutsat` procedure performs case splitting on `(cooper_*_split ... (n-1))` down to `(cooper_*_split ... 1)`.
+If it derives `False` from each case, it uses `orOver_resolve` and `orOver_one` to deduce the final case,
+which has type `(cooper_*_split ... 0)`.
+-/
+inductive CooperSplitProof where
+  | /-- The first `n-1` cases are decisions (aka case-splits). -/
+    dec (h : FVarId)
+  | /-- The last case which has type `(cooper_*_split ... 0)` -/
+    last (hs : Array (FVarId × UnsatProof)) (decVars : Array FVarId)
+
+inductive DvdCnstrProof where
+  | /-- Given `e` of the form `k ∣ p` s.t. `e = True` in the core.  -/
+    core (e : Expr)
+  | coreNat (e : Expr) (d : Nat) (b : Int.OfNat.Expr) (b' : Int.Linear.Expr)
+  | norm (c : DvdCnstr)
+  | divCoeffs (c : DvdCnstr)
+  | solveCombine (c₁ c₂ : DvdCnstr)
+  | solveElim (c₁ c₂ : DvdCnstr)
+  | elim (c : DvdCnstr)
+  | ofEq (x : Var) (c : EqCnstr)
+  | subst (x : Var) (c₁ : EqCnstr) (c₂ : DvdCnstr)
+  | cooper₁ (c : CooperSplit)
+  /-- `c.c₃?` must be `some` -/
+  | cooper₂ (c : CooperSplit)
+  | reorder (c : DvdCnstr)
+  | commRingNorm (c : DvdCnstr) (e : CommRing.RingExpr) (p : CommRing.Poly)
+
+/-- An inequality constraint and its justification/proof. -/
+structure LeCnstr where
+  p  : Poly
+  h  : LeCnstrProof
+
+inductive LeCnstrProof where
+  | core (e : Expr)
+  | coreNeg (e : Expr) (p : Poly)
+  | coreNat (e : Expr) (lhs rhs : Int.OfNat.Expr) (lhs' rhs' : Int.Linear.Expr)
+  | coreNatNeg (e : Expr) (lhs rhs : Int.OfNat.Expr) (lhs' rhs' : Int.Linear.Expr)
+  | coreToInt (e : Expr) (pos : Bool) (toIntThm : Expr) (lhs rhs : Int.Linear.Expr)
+  | denoteAsIntNonneg (rhs : Int.OfNat.Expr) (rhs' : Int.Linear.Expr)
+  | bound (h : Expr)
+  | dec (h : FVarId)
+  | norm (c : LeCnstr)
+  | divCoeffs (c : LeCnstr)
+  | combine (c₁ c₂ : LeCnstr)
+  | combineDivCoeffs (c₁ c₂ : LeCnstr) (k : Int)
+  | subst (x : Var) (c₁ : EqCnstr) (c₂ : LeCnstr)
+  | ofLeDiseq (c₁ : LeCnstr) (c₂ : DiseqCnstr)
+  | ofDiseqSplit (c₁ : DiseqCnstr) (decVar : FVarId) (h : UnsatProof) (decVars : Array FVarId)
+  | cooper (c : CooperSplit)
+  | dvdTight (c₁ : DvdCnstr) (c₂ : LeCnstr)
+  | negDvdTight (c₁ : DvdCnstr) (c₂ : LeCnstr)
+  | reorder (c : LeCnstr)
+  | commRingNorm (c : LeCnstr) (e : CommRing.RingExpr) (p : CommRing.Poly)
+
+/-- A disequality constraint and its justification/proof. -/
+structure DiseqCnstr where
+  p  : Poly
+  h  : DiseqCnstrProof
+
+inductive DiseqCnstrProof where
+  | /-- An disequality `a != 0` coming from the core. That is, `(a = 0) = False` in the core. -/
+    core0 (a : Expr) (zero : Expr)
+  | /--
+    An disequality `a ≠ b` coming from the core. That is, `(a = b) = False` in the core.
+    `p₁` and `p₂` are the polynomials corresponding to `a` and `b`.
+    -/
+    core (a b : Expr) (p₁ p₂ : Poly)
+  | coreNat (a b : Expr) (lhs rhs : Int.OfNat.Expr) (lhs' rhs' : Int.Linear.Expr)
+  | coreToInt (a b : Expr) (toIntThm : Expr) (lhs rhs : Int.Linear.Expr)
+  | norm (c : DiseqCnstr)
+  | divCoeffs (c : DiseqCnstr)
+  | neg (c : DiseqCnstr)
+  | subst (x : Var) (c₁ : EqCnstr) (c₂ : DiseqCnstr)
+  | reorder (c : DiseqCnstr)
+  | commRingNorm (c : DiseqCnstr) (e : CommRing.RingExpr) (p : CommRing.Poly)
+
+/--
+A proof of `False`.
+Remark: We will later add support for a backtracking search inside of cutsat.
+-/
+inductive UnsatProof where
+  | dvd (c : DvdCnstr)
+  | le (c : LeCnstr)
+  | eq (c : EqCnstr)
+  | diseq (c : DiseqCnstr)
+  | cooper (c₁ c₂ : LeCnstr) (c₃ : DvdCnstr)
+
+end
+
+instance : Inhabited LeCnstr where
+  default := { p := .num 0, h := .core default}
+
+instance : Inhabited DvdCnstr where
+  default := { d := 0, p := .num 0, h := .core default }
+
+instance : Inhabited CooperSplitPred where
+  default := { left := false, c₁ := default, c₂ := default, c₃? := none }
+
+instance : Inhabited CooperSplit where
+  default := { pred := default, k := 0, h := .dec default }
+
+abbrev VarSet := RBTree Var compare
+
+/-- State of the cutsat procedure. -/
+structure State where
+  /-- Mapping from variables to their denotations. -/
+  vars : PArray Expr := {}
+  /-- Mapping from `Expr` to a variable representing it. -/
+  varMap  : PHashMap ExprPtr Var := {}
+  /--
+  `vars` before they were reordered.
+  This array is empty if the variables were not reordered.
+  We need them to generate the proof term because some
+  justification objects contain terms using variables before the reordering.
+  -/
+  vars' : PArray Expr := {}
+  /-- `varVap` before variables were reordered. -/
+  varMap' : PHashMap ExprPtr Var := {}
+  /--
+  Mapping from `Nat` terms to their variable. They are also marked using `markAsCutsatTerm`.
+  -/
+  natVarMap : PHashMap ExprPtr Var := {}
+  natVars : PArray Expr := {}
+  /--
+  Some `Nat` variables encode nested terms such as `b+1`.
+  This is a mapping from this kind of variable to the integer variable
+  representing `natCast (b+1)`.
+  -/
+  natDef : PHashMap ExprPtr Var := {}
+  /--
+  Mapping from variables to divisibility constraints. Recall that we keep the divisibility constraint in solved form.
+  Thus, we have at most one divisibility per variable. -/
+  dvds : PArray (Option DvdCnstr) := {}
+  /--
+  Mapping from variables to their "lower" bounds. We say a relational constraint `c` is a lower bound for a variable `x`
+  if `x` is the maximal variable in `c`, and `x` coefficient in `c` is negative.
+  -/
+  lowers : PArray (PArray LeCnstr) := {}
+  /--
+  Mapping from variables to their "upper" bounds. We say a relational constraint `c` is a upper bound for a variable `x`
+  if `x` is the maximal variable in `c`, and `x` coefficient in `c` is positive.
+  -/
+  uppers : PArray (PArray LeCnstr) := {}
+  /--
+  Mapping from variables to their disequalities. We say a disequality constraint `c` is a disequality for a variable `x`
+  if `x` is the maximal variable in `c`.
+  -/
+  diseqs : PArray (PArray DiseqCnstr) := {}
+  /--
+  Mapping from variable to equation constraint used to eliminate it. `solved` variables should not occur in
+  `dvdCnstrs`, `lowers`, or `uppers`.
+  -/
+  elimEqs : PArray (Option EqCnstr) := {}
+  /--
+  Elimination stack. For every variable in `elimStack`. If `x` in `elimStack`, then `elimEqs[x]` is not `none`.
+  -/
+  elimStack : List Var := []
+  /--
+  Mapping from variable to occurrences. For example, an entry `x ↦ {y, z}` means that `x` may occur in `dvdCnstrs`, `lowers`, or `uppers` of
+  variables `y` and `z`.
+  If `x` occurs in `dvdCnstrs[y]`, `lowers[y]`, or `uppers[y]`, then `y` is in `occurs[x]`, but the reverse is not true.
+  If `x` is in `elimStack`, then `occurs[x]` is the empty set.
+  -/
+  occurs : PArray VarSet := {}
+  /-- Partial assignment being constructed by cutsat. -/
+  assignment : PArray Rat := {}
+  /-- Next unique id for a constraint. -/
+  nextCnstrId : Nat := 0
+  /--
+  `caseSplits` is `true` if cutsat is searching for model and already performed case splits.
+  This information is used to decide whether a conflict should immediately close the
+  current `grind` goal or not.
+  -/
+  caseSplits : Bool := false
+  /--
+  `conflict?` is `some ..` if a contradictory constraint was derived.
+  This field is only set when `caseSplits` is `true`. Otherwise, we
+  can convert `UnsatProof` into a Lean term and close the current `grind` goal.
+  -/
+  conflict? : Option UnsatProof := none
+  /--
+  Cache decision variables used when splitting on disequalities.
+  This is necessary because the same disequality may be in different conflicts.
+  -/
+  diseqSplits : PHashMap Poly FVarId := {}
+  /--
+  Pairs `(x, n)` s.t. we have expanded the theorems
+  - `Int.Linear.ediv_emod`
+  - `Int.Linear.emod_nonneg`
+  - `Int.Linear.emod_le`
+  -/
+  divMod : PHashSet (Expr × Int) := {}
+  /--
+  Mapping from a type `α` to its corresponding `ToIntInfo` object, which contains
+  the information needed to embed `α` terms into `Int` terms.
+  -/
+  toIntInfos : PHashMap ExprPtr (Option ToIntInfo) := {}
+  /--
+  For each type `α` in `toIntInfos`, the mapping `toIntVarMap` contains a mapping
+  from a α-term `e` to the pair `(toInt e, α)`.
+  -/
+  toIntTermMap : PHashMap ExprPtr ToIntTermInfo := {}
+  /--
+  `usedCommRing` is `true` if the `CommRing` has been used to normalize expressions.
+  -/
+  usedCommRing : Bool := false
+  deriving Inhabited
+
+end Lean.Meta.Grind.Arith.Cutsat

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Internalize.lean

@@ -0,0 +1,20 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.Arith.Offset
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.EqCnstr
+import Lean.Meta.Tactic.Grind.Arith.CommRing.Internalize
+import Lean.Meta.Tactic.Grind.Arith.Linear.Internalize
+
+namespace Lean.Meta.Grind.Arith
+
+def internalize (e : Expr) (parent? : Option Expr) : GoalM Unit := do
+  Offset.internalize e parent?
+  Cutsat.internalize e parent?
+  CommRing.internalize e parent?
+  Linear.internalize e parent?
+
+end Lean.Meta.Grind.Arith

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Inv.lean

@@ -0,0 +1,18 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.Arith.Offset
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Inv
+import Lean.Meta.Tactic.Grind.Arith.Linear.Inv
+
+namespace Lean.Meta.Grind.Arith
+
+def checkInvariants : GoalM Unit := do
+  Offset.checkInvariants
+  Cutsat.checkInvariants
+  Linear.checkInvariants
+
+end Lean.Meta.Grind.Arith

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Linear.lean

@@ -0,0 +1,42 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.Arith.Linear.Types
+import Lean.Meta.Tactic.Grind.Arith.Linear.Util
+import Lean.Meta.Tactic.Grind.Arith.Linear.Var
+import Lean.Meta.Tactic.Grind.Arith.Linear.StructId
+import Lean.Meta.Tactic.Grind.Arith.Linear.IneqCnstr
+import Lean.Meta.Tactic.Grind.Arith.Linear.Reify
+import Lean.Meta.Tactic.Grind.Arith.Linear.DenoteExpr
+import Lean.Meta.Tactic.Grind.Arith.Linear.ToExpr
+import Lean.Meta.Tactic.Grind.Arith.Linear.Proof
+import Lean.Meta.Tactic.Grind.Arith.Linear.SearchM
+import Lean.Meta.Tactic.Grind.Arith.Linear.Search
+import Lean.Meta.Tactic.Grind.Arith.Linear.PropagateEq
+import Lean.Meta.Tactic.Grind.Arith.Linear.Internalize
+import Lean.Meta.Tactic.Grind.Arith.Linear.Model
+import Lean.Meta.Tactic.Grind.Arith.Linear.PP
+import Lean.Meta.Tactic.Grind.Arith.Linear.MBTC
+
+namespace Lean
+
+builtin_initialize registerTraceClass `grind.linarith
+builtin_initialize registerTraceClass `grind.linarith.internalize
+builtin_initialize registerTraceClass `grind.linarith.assert
+builtin_initialize registerTraceClass `grind.linarith.model
+builtin_initialize registerTraceClass `grind.linarith.assert.unsat (inherited := true)
+builtin_initialize registerTraceClass `grind.linarith.assert.trivial (inherited := true)
+builtin_initialize registerTraceClass `grind.linarith.assert.store (inherited := true)
+builtin_initialize registerTraceClass `grind.linarith.assert.ignored (inherited := true)
+
+builtin_initialize registerTraceClass `grind.debug.linarith.search
+builtin_initialize registerTraceClass `grind.debug.linarith.search.conflict (inherited := true)
+builtin_initialize registerTraceClass `grind.debug.linarith.search.assign (inherited := true)
+builtin_initialize registerTraceClass `grind.debug.linarith.search.split (inherited := true)
+builtin_initialize registerTraceClass `grind.debug.linarith.search.backtrack (inherited := true)
+builtin_initialize registerTraceClass `grind.debug.linarith.subst
+
+end Lean

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Main.lean

@@ -0,0 +1,61 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.PropagatorAttr
+import Lean.Meta.Tactic.Grind.Arith.Offset
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.LeCnstr
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Search
+import Lean.Meta.Tactic.Grind.Arith.CommRing.EqCnstr
+import Lean.Meta.Tactic.Grind.Arith.Linear.IneqCnstr
+import Lean.Meta.Tactic.Grind.Arith.Linear.Search
+
+namespace Lean.Meta.Grind.Arith
+
+namespace Offset
+def isCnstr? (e : Expr) : GoalM (Option (Cnstr NodeId)) :=
+  return (← get).arith.offset.cnstrs.find? { expr := e }
+
+def assertTrue (c : Cnstr NodeId) (p : Expr) : GoalM Unit := do
+  addEdge c.u c.v c.k (← mkOfEqTrue p)
+
+def assertFalse (c : Cnstr NodeId) (p : Expr) : GoalM Unit := do
+  let p := mkOfNegEqFalse (← get').nodes c p
+  let c := c.neg
+  addEdge c.u c.v c.k p
+
+end Offset
+
+builtin_grind_propagator propagateLE ↓LE.le := fun e => do
+  if (← isEqTrue e) then
+    if let some c ← Offset.isCnstr? e then
+      Offset.assertTrue c (← mkEqTrueProof e)
+    Cutsat.propagateLe e (eqTrue := true)
+    Linear.propagateIneq e (eqTrue := true)
+  else if (← isEqFalse e) then
+    if let some c ← Offset.isCnstr? e then
+      Offset.assertFalse c (← mkEqFalseProof e)
+    Cutsat.propagateLe e (eqTrue := false)
+    Linear.propagateIneq e (eqTrue := false)
+
+builtin_grind_propagator propagateLT ↓LT.lt := fun e => do
+  if (← isEqTrue e) then
+    Linear.propagateIneq e (eqTrue := true)
+    Cutsat.propagateLt e (eqTrue := true)
+  else if (← isEqFalse e) then
+    Linear.propagateIneq e (eqTrue := false)
+    Cutsat.propagateLt e (eqTrue := false)
+
+def check : GoalM Bool := do
+  let c₁ ← Cutsat.check
+  let c₂ ← CommRing.check
+  let c₃ ← Linear.check
+  if c₁ || c₂ || c₃ then
+    processNewFacts
+    return true
+  else
+    return false
+
+end Lean.Meta.Grind.Arith

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Model.lean

@@ -0,0 +1,8 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.Arith.Offset.Model
+import Lean.Meta.Tactic.Grind.Arith.Cutsat.Model

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/ModelUtil.lean

@@ -0,0 +1,123 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Std.Internal.Rat
+import Lean.Meta.Tactic.Grind.Types
+
+namespace Lean.Meta.Grind.Arith
+open Std.Internal
+/-!
+Helper functions for constructing counterexamples in the `linarith` and `cutsat` modules
+-/
+
+/--
+Returns `true` if adding the assignment `e := v` to `a` will falsify any asserted disequality in core.
+-/
+private partial def satisfyDiseqs (goal : Goal) (a : Std.HashMap Expr Rat) (e : Expr) (v : Int) : Bool := Id.run do
+  let some parents := goal.parents.find? { expr := e } | return true
+  for parent in parents do
+    let_expr Eq _ lhs rhs := parent | continue
+    let some root := goal.getRoot? parent | continue
+    if root.isConstOf ``False then
+      let some lhsRoot := goal.getRoot? lhs | continue
+      let some rhsRoot := goal.getRoot? rhs | continue
+      if lhsRoot == e && !checkDiseq rhsRoot then return false
+      if rhsRoot == e && !checkDiseq lhsRoot then return false
+  return true
+where
+  checkDiseq (other : Expr) : Bool :=
+    if let some v' := a[other]? then
+      v' != v
+    else
+      true
+
+/--
+Returns an integer value `i` for assigning to `e` s.t. adding `e := i` to `a` will not falsify any disequality
+and `i` is not in `alreadyUsed`.
+-/
+partial def pickUnusedValue (goal : Goal) (a : Std.HashMap Expr Rat) (e : Expr) (next : Int) (alreadyUsed : Std.HashSet Int) : Int :=
+  go next
+where
+  go (next : Int) : Int :=
+    if alreadyUsed.contains next then
+      go (next+1)
+    else if satisfyDiseqs goal a e next then
+      next
+    else
+      go (next + 1)
+
+/--
+Returns `true` if `e` should be treated as an interpreted value by the arithmetic modules.
+-/
+def isInterpretedTerm (e : Expr) : Bool :=
+  isNatNum e || isIntNum e || e.isAppOf ``HAdd.hAdd || e.isAppOf ``HMul.hMul || e.isAppOf ``HSub.hSub
+  || e.isAppOf ``Neg.neg || e.isAppOf ``HDiv.hDiv || e.isAppOf ``HMod.hMod || e.isAppOf ``One.one || e.isAppOf ``Zero.zero
+  || e.isAppOf ``NatCast.natCast || e.isIte || e.isDIte || e.isAppOf ``OfNat.ofNat || e.isAppOf ``Grind.ToInt.toInt
+  || e matches .lit (.natVal _)
+
+/--
+Adds the assignments `e' := v` to `a` for each `e'` in the equivalence class os `e`.
+-/
+def assignEqc (goal : Goal) (e : Expr) (v : Rat) (a : Std.HashMap Expr Rat) : Std.HashMap Expr Rat := Id.run do
+  let mut a := a
+  for e in goal.getEqc e do
+    a := a.insert e v
+  return a
+
+/--
+Assigns terms in the goal that satisfy `isTarget`.
+Recall that not all terms are communicated to `linarith` and `cutsat` modules if they do not appear in relevant constraints.
+The idea is to assign unused integer values that have not been used in the model and do not falsify equalities and disequalities
+in core.
+-/
+private def assignUnassigned (goal : Goal) (isTarget : ENode → MetaM Bool) (model : Std.HashMap Expr Rat) : MetaM (Std.HashMap Expr Rat) := do
+  let mut nextVal : Int := 0
+  -- Collect used values
+  let mut used : Std.HashSet Int := {}
+  for (_, v) in model do
+    if v.den == 1 then
+      used := used.insert v.num
+  let mut model := model
+  -- Assign the remaining ones with values not used by cutsat
+  for e in goal.exprs do
+    let node ← goal.getENode e
+    if node.isRoot then
+    if (← isTarget node) then
+    if model[node.self]?.isNone then
+      let v := pickUnusedValue goal model node.self nextVal used
+      model := assignEqc goal node.self v model
+      used := used.insert v
+      nextVal := v + 1
+  return model
+
+/-- Sorts assignment first by expression generation and then `Expr.lt` -/
+private def sortModel (goal : Goal) (m : Array (Expr × Rat)) : Array (Expr × Rat) :=
+  m.qsort fun (e₁, _) (e₂, _) =>
+    let g₁ := goal.getGeneration e₁
+    let g₂ := goal.getGeneration e₂
+    if g₁ != g₂ then g₁ < g₂ else e₁.lt e₂
+
+/--
+Converts the given model into a sorted array of pairs `(e, v)` representing assignments `e := v`.
+`isTarget` is a predicate used to detect terms that must be in the model but have not been assigned a value (see: `assignUnassigned`)
+The pairs are sorted using `e`s generation and then `Expr.lt`.
+Only terms s.t. `isInterpretedTerm e = false` are included into the resulting array.
+-/
+def finalizeModel (goal : Goal) (isTarget : ENode → MetaM Bool) (model : Std.HashMap Expr Rat) : MetaM (Array (Expr × Rat)) := do
+  let model ← assignUnassigned goal isTarget model
+  let mut r := #[]
+  for (e, v) in model do
+    unless isInterpretedTerm e do
+      r := r.push (e, v)
+  return sortModel goal r
+
+/-- If the given trace class is enabled, trace the model using the class. -/
+def traceModel (traceClass : Name) (model : Array (Expr × Rat)) : MetaM Unit := do
+  if (← isTracingEnabledFor traceClass) then
+    for (x, v) in model do
+      addTrace traceClass m!"{quoteIfArithTerm x} := {v}"
+
+end Lean.Meta.Grind.Arith

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Offset.lean

@@ -0,0 +1,27 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.Arith.Offset.Main
+import Lean.Meta.Tactic.Grind.Arith.Offset.Proof
+import Lean.Meta.Tactic.Grind.Arith.Offset.Util
+import Lean.Meta.Tactic.Grind.Arith.Offset.Types
+
+namespace Lean
+
+builtin_initialize registerTraceClass `grind.offset
+builtin_initialize registerTraceClass `grind.offset.dist
+builtin_initialize registerTraceClass `grind.offset.internalize
+builtin_initialize registerTraceClass `grind.offset.internalize.term (inherited := true)
+builtin_initialize registerTraceClass `grind.offset.propagate
+builtin_initialize registerTraceClass `grind.offset.eq
+builtin_initialize registerTraceClass `grind.offset.eq.to (inherited := true)
+builtin_initialize registerTraceClass `grind.offset.eq.from (inherited := true)
+builtin_initialize registerTraceClass `grind.offset.model
+
+builtin_initialize registerTraceClass `grind.debug.offset
+builtin_initialize registerTraceClass `grind.debug.offset.proof
+
+end Lean

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/ProofUtil.lean

@@ -0,0 +1,24 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Lean.Meta.Tactic.Grind.Types
+
+namespace Lean.Meta.Grind.Arith
+
+def mkLetOfMap {_ : Hashable α} {_ : BEq α} (m : Std.HashMap α Expr) (e : Expr)
+    (varPrefix : Name) (varType : Expr) (toExpr : α → Expr) : GoalM Expr := do
+  if m.isEmpty then
+    return e
+  else
+    let as := m.toArray
+    let mut e := e.abstract <| as.map (·.2)
+    let mut i := as.size
+    for (p, _) in as.reverse do
+      e := mkLet (varPrefix.appendIndexAfter i) varType (toExpr p) e
+      i := i - 1
+    return e
+
+end Lean.Meta.Grind.Arith

backend/core/leanprover--lean4---v4.22.0/src/lean/Lean/Meta/Tactic/Grind/Arith/Simproc.lean

@@ -0,0 +1,53 @@
+/-
+Copyright (c) 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Leonardo de Moura
+-/
+prelude
+import Init.Grind.Ring.Basic
+import Init.Simproc
+import Lean.Meta.Tactic.Simp.Simproc
+
+namespace Lean.Meta.Grind.Arith
+
+private def mkSemiringThm (declName : Name) (α : Expr) : MetaM (Option Expr) := do
+  let some u ← getDecLevel? α | return none
+  let semiring := mkApp (mkConst ``Grind.Semiring [u]) α
+  let .some semiringInst ← trySynthInstance semiring | return none
+  return mkApp2 (mkConst declName [u]) α semiringInst
+
+/--
+Applies `a^(m+n) = a^m * a^n`, `a^0 = 1`, `a^1 = a`.
+
+We do normalize `a^0` and `a^1` when converting expressions into polynomials,
+but we need to normalize them here when for other preprocessing steps such as
+`a / b = a*b⁻¹`. If `b` is of the form `c^1`, it will be treated as an
+atom in the comm ring module.
+-/
+builtin_simproc_decl expandPowAdd (_ ^ _) := fun e => do
+  let_expr HPow.hPow α nat α' _ a k := e | return .continue
+  let_expr Nat ← nat | return .continue
+  if let some k ← getNatValue? k then
+    if k == 0 then
+      unless (← isDefEq α α') do return .continue
+      let some h ← mkSemiringThm ``Grind.Semiring.pow_zero α | return .continue
+      let r ← mkNumeral α 1
+      return .done { expr := r, proof? := some (mkApp h a) }
+    else if k == 1 then
+      unless (← isDefEq α α') do return .continue
+      let some h ← mkSemiringThm ``Grind.Semiring.pow_one α | return .continue
+      return .done { expr := a, proof? := some (mkApp h a) }
+    else
+      return .continue
+  else
+    let_expr HAdd.hAdd _ _ _ _ m n := k | return .continue
+    unless (← isDefEq α α') do return .continue
+    let some h ← mkSemiringThm ``Grind.Semiring.pow_add α | return .continue
+    let pwFn := e.appFn!.appFn!
+    let r ← mkMul (mkApp2 pwFn a m) (mkApp2 pwFn a n)
+    return .visit { expr := r, proof? := some (mkApp3 h a m n) }
+
+def addSimproc (s : Simprocs) : CoreM Simprocs := do
+  s.add ``expandPowAdd (post := true)
+
+end Lean.Meta.Grind.Arith