Commit 07132f83 authored by Guillaume Melquiond's avatar Guillaume Melquiond

Implicitly introduce type arguments in Coq printer.

parent 486766c4
...@@ -123,10 +123,10 @@ Theorem WP_parameter_add : forall {a:Type} {a_WT:WhyType a}, forall (h:Z) ...@@ -123,10 +123,10 @@ Theorem WP_parameter_add : forall {a:Type} {a_WT:WhyType a}, forall (h:Z)
forall (rho6:(map.Map.map key (option a))), (rho6 = (map.Map.set rho2 k forall (rho6:(map.Map.map key (option a))), (rho6 = (map.Map.set rho2 k
(Init.Datatypes.Some v))) -> forall (i1:Z), ((0%Z <= i1)%Z /\ (Init.Datatypes.Some v))) -> forall (i1:Z), ((0%Z <= i1)%Z /\
(i1 < rho)%Z) -> (good_hash (mk_array rho o) i1))). (i1 < rho)%Z) -> (good_hash (mk_array rho o) i1))).
(* Why3 intros a a_WT h h1 h2 k v ((h1,(h2,h3)),h4) rho rho1 (* Why3 intros h h1 h2 k v ((h1,(h2,h3)),h4) rho rho1
((h5,(h6,h7)),h8) rho2 rho3 rho4 (((h9,(h10,h11)),h12),(h13,h14)) i ((h5,(h6,h7)),h8) rho2 rho3 rho4 (((h9,(h10,h11)),h12),(h13,h14)) i
(h15,h16) (h17,h18) o (h19,h20) rho5 h21 rho6 h22 i1 (h23,h24). *) (h15,h16) (h17,h18) o (h19,h20) rho5 h21 rho6 h22 i1 (h23,h24). *)
intros a a_WT rho rho1 rho2 k v ((h1,(h2,h3)),h4) rho3 rho4 ((h5,(h6,h7)),h8) intros rho rho1 rho2 k v ((h1,(h2,h3)),h4) rho3 rho4 ((h5,(h6,h7)),h8)
rho5 rho6 rho7 (((h9,(h10,h11)),h12),(h13,h14)) i1 (h15,h16) (h17,h18) o rho5 rho6 rho7 (((h9,(h10,h11)),h12),(h13,h14)) i1 (h15,h16) (h17,h18) o
(h19,h20) rho8 h21 rho9 h22 i (h23,h24). (h19,h20) rho8 h21 rho9 h22 i (h23,h24).
subst i1. subst i1.
......
...@@ -99,7 +99,7 @@ Theorem VC_find : forall {a:Type} {a_WT:WhyType a}, forall (h:(t a)) ...@@ -99,7 +99,7 @@ Theorem VC_find : forall {a:Type} {a_WT:WhyType a}, forall (h:(t a))
| (Init.Datatypes.Some v) => (list.Mem.mem (k, v) o1) | (Init.Datatypes.Some v) => (list.Mem.mem (k, v) o1)
end -> (result = ((view h) k))). end -> (result = ((view h) k))).
Proof. Proof.
intros a a_WT h h_view h_data h_size k (h1,(h2,h3)) o i (h4,h5) o1 result h6. intros h h_view h_data h_size k (h1,(h2,h3)) o i (h4,h5) o1 result h6.
subst i. subst i.
destruct result. destruct result.
symmetry. symmetry.
......
...@@ -99,10 +99,10 @@ Theorem VC_remove : forall {a:Type} {a_WT:WhyType a}, forall (h:(t a)) ...@@ -99,10 +99,10 @@ Theorem VC_remove : forall {a:Type} {a_WT:WhyType a}, forall (h:(t a))
| (Init.Datatypes.Some v) => (list.Mem.mem (k, v) l) | (Init.Datatypes.Some v) => (list.Mem.mem (k, v) l)
end -> ((o1 = Init.Datatypes.None) -> (((view h) end -> ((o1 = Init.Datatypes.None) -> (((view h)
k) = Init.Datatypes.None))). k) = Init.Datatypes.None))).
(* Why3 intros a a_WT h h_view h_data h_size k (h1,(h2,h3)) o i (h4,h5) l o1 (* Why3 intros h h_view h_data h_size k (h1,(h2,h3)) o i (h4,h5) l o1
h6 h7. *) h6 h7. *)
Proof. Proof.
intros a a_WT h h_view h_data h_size k (h1,(h2,h3)) o i (h4,h5) l o1 h6 h7. intros h h_view h_data h_size k (h1,(h2,h3)) o i (h4,h5) l o1 h6 h7.
subst i. subst i.
rewrite h7 in h6. rewrite h7 in h6.
subst l. subst l.
......
...@@ -462,9 +462,9 @@ Theorem WP_parameter_infix_tl : forall {a:Type} {a_WT:WhyType a}, ...@@ -462,9 +462,9 @@ Theorem WP_parameter_infix_tl : forall {a:Type} {a_WT:WhyType a},
| (VMC p2 s m _) => exists ms:machine_state, (transition c_glob (VMS p2 s | (VMC p2 s m _) => exists ms:machine_state, (transition c_glob (VMS p2 s
m) ms) m) ms)
end)))))))). end)))))))).
(* Why3 intros a a_WT s1 s11 s2 s21 (h1,h2) code2 x p mc p1 x1 y z h3 (h4,h5) (* Why3 intros s1 s11 s2 s21 (h1,h2) code2 x p mc p1 x1 y z h3 (h4,h5)
c_glob post2 mc' mc'' h6 h7 h8 h9 h10 h11 post21 h12 h13. *) c_glob post2 mc' mc'' h6 h7 h8 h9 h10 h11 post21 h12 h13. *)
intros a a_WT s1 s11 s2 s21 (h1,h2) code2 x p mc p1 x1 y z h3 (h4,h5) c_glob intros s1 s11 s2 s21 (h1,h2) code2 x p mc p1 x1 y z h3 (h4,h5) c_glob
post2 mc' mc'' h6 h7 h8 h9 h10 h11 post21 h12 h13. post2 mc' mc'' h6 h7 h8 h9 h10 h11 post21 h12 h13.
Require Import Why3. Require Import Why3.
Ltac cvc := why3 "CVC4,1.4," timelimit 10. Ltac cvc := why3 "CVC4,1.4," timelimit 10.
......
...@@ -541,9 +541,9 @@ Theorem WP_parameter_make_loop_hl : forall {a:Type} {a_WT:WhyType a}, ...@@ -541,9 +541,9 @@ Theorem WP_parameter_make_loop_hl : forall {a:Type} {a_WT:WhyType a},
| (VMC p2 s m _) => exists ms:machine_state, (transition c_glob (VMS p2 s | (VMC p2 s m _) => exists ms:machine_state, (transition c_glob (VMS p2 s
m) ms) m) ms)
end)))))))). end)))))))).
(* Why3 intros a a_WT c c1 c2 inv p x y z h1 (h2,h3) post2 x1 c_glob p1 mc' (* Why3 intros c c1 c2 inv p x y z h1 (h2,h3) post2 x1 c_glob p1 mc'
mc'' h4 h5 h6 (h7,(h8,h9)) mc h10 h11 h12 post21 h13 h14. *) mc'' h4 h5 h6 (h7,(h8,h9)) mc h10 h11 h12 post21 h13 h14. *)
intros a a_WT c c1 c2 inv p x y z h1 (h2,h3) post2 x1 c_glob p1 mc' mc'' h4 intros c c1 c2 inv p x y z h1 (h2,h3) post2 x1 c_glob p1 mc' mc'' h4
h5 h6 (h7,(h8,h9)) mc h10 h11 h12 post21 h13 h14. h5 h6 (h7,(h8,h9)) mc h10 h11 h12 post21 h13 h14.
Require Import Why3. Require Import Why3.
Ltac cvc := why3 "CVC4,1.4,". Ltac cvc := why3 "CVC4,1.4,".
......
...@@ -537,9 +537,9 @@ Theorem WP_parameter_ifunf : forall {a:Type} {a_WT:WhyType a}, ...@@ -537,9 +537,9 @@ Theorem WP_parameter_ifunf : forall {a:Type} {a_WT:WhyType a},
(x2:(list Z)) (x3:(map id Z)) (x4:Z), (mc' = (VMC x1 x2 x3 x4)) -> (x2:(list Z)) (x3:(map id Z)) (x4:Z), (mc' = (VMC x1 x2 x3 x4)) ->
((mc = mc') -> (transition c_glob (VMS x1 x2 x3) (infix_at f (VMS x1 x2 ((mc = mc') -> (transition c_glob (VMS x1 x2 x3) (infix_at f (VMS x1 x2
x3)))))). x3)))))).
(* Why3 intros a a_WT pre2 code_f f h1 x c_glob p mc mc' h2 h3 post2 (h4,h5) (* Why3 intros pre2 code_f f h1 x c_glob p mc mc' h2 h3 post2 (h4,h5)
x1 x2 x3 x4 h6 h7. *) x1 x2 x3 x4 h6 h7. *)
intros a a_WT pre2 code_f f h1 x c_glob p mc mc' h2 h3 post2 (h4,h5) x1 x2 x3 intros pre2 code_f f h1 x c_glob p mc mc' h2 h3 post2 (h4,h5) x1 x2 x3
x4 h6 h7. x4 h6 h7.
unfold post2 in *;clear post2. unfold post2 in *;clear post2.
subst. subst.
......
...@@ -536,7 +536,7 @@ Theorem WP_parameter_ifunf : forall {a:Type} {a_WT:WhyType a}, ...@@ -536,7 +536,7 @@ Theorem WP_parameter_ifunf : forall {a:Type} {a_WT:WhyType a},
c_glob, post2) mc mc') /\ ~ ((infix_at post2 mc') = true)) -> forall (x1:Z) c_glob, post2) mc mc') /\ ~ ((infix_at post2 mc') = true)) -> forall (x1:Z)
(x2:(list Z)) (x3:(map id Z)) (x4:Z), (mc' = (VMC x1 x2 x3 x4)) -> (x2:(list Z)) (x3:(map id Z)) (x4:Z), (mc' = (VMC x1 x2 x3 x4)) ->
(mc = mc'))). (mc = mc'))).
intros a a_WT pre2 code_f f h1 x c_glob p mc mc' h2 h3 post2 (h4,h5) x1 x2 x3 intros pre2 code_f f h1 x c_glob p mc mc' h2 h3 post2 (h4,h5) x1 x2 x3
x4 h6. x4 h6.
remember post2 as post;unfold post2 in *;clear post2. remember post2 as post;unfold post2 in *;clear post2.
inversion h4;subst. trivial. inversion h4;subst. trivial.
......
...@@ -175,10 +175,10 @@ Theorem WP_parameter_enqueue : forall {a:Type} {a_WT:WhyType a}, ...@@ -175,10 +175,10 @@ Theorem WP_parameter_enqueue : forall {a:Type} {a_WT:WhyType a},
(rho5 = (rho1 + 1%Z)%Z) -> forall (rho6:(@list a a_WT)), (rho5 = (rho1 + 1%Z)%Z) -> forall (rho6:(@list a a_WT)),
(rho6 = (infix_plpl rho (Cons x (Nil :(@list a a_WT))))) -> (rho6 = (infix_plpl rho (Cons x (Nil :(@list a a_WT))))) ->
(rho6 = (to_list (mk_array rho3 o) rho2 rho5))). (rho6 = (to_list (mk_array rho3 o) rho2 rho5))).
(* Why3 intros a a_WT x rho rho1 rho2 rho3 rho4 (* Why3 intros x rho rho1 rho2 rho3 rho4
((((h1,((h2,h3),h4)),h5),h6),h7) (h8,h9) o (h10,h11) rho5 h12 rho6 ((((h1,((h2,h3),h4)),h5),h6),h7) (h8,h9) o (h10,h11) rho5 h12 rho6
h13. *) h13. *)
intros a a_WT x rho rho1 rho2 rho3 rho4 ((((h1,((h2,h3),h4)),h5),h6),h7) intros x rho rho1 rho2 rho3 rho4 ((((h1,((h2,h3),h4)),h5),h6),h7)
(h8,h9) o (h10,h11) rho5 h12 rho6 h13. (h8,h9) o (h10,h11) rho5 h12 rho6 h13.
subst rho6. subst rho6.
symmetry. symmetry.
......
...@@ -86,8 +86,8 @@ Theorem exchange_permut_sub : forall {a:Type} {a_WT:WhyType a}, ...@@ -86,8 +86,8 @@ Theorem exchange_permut_sub : forall {a:Type} {a_WT:WhyType a},
forall (a1:(array a)) (a2:(array a)) (i:Z) (j:Z) (l:Z) (u:Z), (exchange1 a1 forall (a1:(array a)) (a2:(array a)) (i:Z) (j:Z) (l:Z) (u:Z), (exchange1 a1
a2 i j) -> (((l <= i)%Z /\ (i < u)%Z) -> (((l <= j)%Z /\ (j < u)%Z) -> a2 i j) -> (((l <= i)%Z /\ (i < u)%Z) -> (((l <= j)%Z /\ (j < u)%Z) ->
((0%Z <= l)%Z -> ((u <= (length a1))%Z -> (permut_sub a1 a2 l u))))). ((0%Z <= l)%Z -> ((u <= (length a1))%Z -> (permut_sub a1 a2 l u))))).
(* Why3 intros a a_WT a1 a2 i j l u h1 (h2,h3) (h4,h5) h6 h7. *) (* Why3 intros a1 a2 i j l u h1 (h2,h3) (h4,h5) h6 h7. *)
intros a a_WT a1 a2 i j l u h1 (h2,h3) (h4,h5) h6 h7. intros a1 a2 i j l u h1 (h2,h3) (h4,h5) h6 h7.
destruct h1 as (h11,h12). destruct h1 as (h11,h12).
destruct h12 as (ha,(hb,(hc,(hd,he)))). destruct h12 as (ha,(hb,(hc,(hd,he)))).
red. repeat split. red. repeat split.
......
...@@ -107,8 +107,8 @@ Theorem permut_sub_weakening : forall {a:Type} {a_WT:WhyType a}, ...@@ -107,8 +107,8 @@ Theorem permut_sub_weakening : forall {a:Type} {a_WT:WhyType a},
forall (a1:(@array a a_WT)) (a2:(@array a a_WT)) (l1:Z) (u1:Z) (l2:Z) forall (a1:(@array a a_WT)) (a2:(@array a a_WT)) (l1:Z) (u1:Z) (l2:Z)
(u2:Z), (permut_sub a1 a2 l1 u1) -> (((0%Z <= l2)%Z /\ (l2 <= l1)%Z) -> (u2:Z), (permut_sub a1 a2 l1 u1) -> (((0%Z <= l2)%Z /\ (l2 <= l1)%Z) ->
(((u1 <= u2)%Z /\ (u2 <= (length a1))%Z) -> (permut_sub a1 a2 l2 u2))). (((u1 <= u2)%Z /\ (u2 <= (length a1))%Z) -> (permut_sub a1 a2 l2 u2))).
(* Why3 intros a a_WT a1 a2 l1 u1 l2 u2 h1 (h2,h3) (h4,h5). *) (* Why3 intros a1 a2 l1 u1 l2 u2 h1 (h2,h3) (h4,h5). *)
intros a a_WT a1 a2 l1 u1 l2 u2 h1 (h2,h3) (h4,h5). intros a1 a2 l1 u1 l2 u2 h1 (h2,h3) (h4,h5).
unfold permut_sub in *. unfold permut_sub in *.
destruct h1 as (eql,(h1,eqr)). destruct h1 as (eql,(h1,eqr)).
unfold map_eq_sub in *. unfold map_eq_sub in *.
......
...@@ -156,8 +156,8 @@ Ltac cvc := why3 "CVC4,1.4,"; admit. ...@@ -156,8 +156,8 @@ Ltac cvc := why3 "CVC4,1.4,"; admit.
(* Why3 goal *) (* Why3 goal *)
Theorem Permut_length : forall {a:Type} {a_WT:WhyType a}, forall (l1:(list Theorem Permut_length : forall {a:Type} {a_WT:WhyType a}, forall (l1:(list
a)) (l2:(list a)), (permut l1 l2) -> ((length l1) = (length l2)). a)) (l2:(list a)), (permut l1 l2) -> ((length l1) = (length l2)).
(* Why3 intros a a_WT l1 l2 h1. *) (* Why3 intros l1 l2 h1. *)
intros a a_WT l1 l2 h1. intros l1 l2 h1.
generalize dependent l2. generalize dependent l2.
induction l1; intros. induction l1; intros.
destruct l2. destruct l2.
......
...@@ -32,9 +32,7 @@ Axiom ax : forall {a:Type} {a_WT:WhyType a}, forall (x:a), ((id x) = x). ...@@ -32,9 +32,7 @@ Axiom ax : forall {a:Type} {a_WT:WhyType a}, forall (x:a), ((id x) = x).
(* Why3 goal *) (* Why3 goal *)
Theorem g1 : forall {a:Type} {a_WT:WhyType a}, exists x:a, ((id x) = x). Theorem g1 : forall {a:Type} {a_WT:WhyType a}, exists x:a, ((id x) = x).
(* Why3 intros a a_WT. *)
Proof. Proof.
intros a a_WT.
exists why_inhabitant. exists why_inhabitant.
apply ax. apply ax.
Qed. Qed.
......
...@@ -42,7 +42,7 @@ Fixpoint flatten {a:Type} {a_WT:WhyType a} (l:(list (a* ...@@ -42,7 +42,7 @@ Fixpoint flatten {a:Type} {a_WT:WhyType a} (l:(list (a*
Theorem length_flatten : forall {a:Type} {a_WT:WhyType a}, Theorem length_flatten : forall {a:Type} {a_WT:WhyType a},
forall (l:(list (a* a)%type)), forall (l:(list (a* a)%type)),
((list.Length.length (flatten l)) = (2%Z * (list.Length.length l))%Z). ((list.Length.length (flatten l)) = (2%Z * (list.Length.length l))%Z).
intros a a_WT l. intros l.
induction l. induction l.
auto. auto.
simpl (flatten (a0::l)). simpl (flatten (a0::l)).
......
...@@ -19,8 +19,7 @@ Require list.Length. ...@@ -19,8 +19,7 @@ Require list.Length.
Require list.Mem. Require list.Mem.
(* Why3 goal *) (* Why3 goal *)
Lemma infix_plpl_def : Lemma infix_plpl_def {a:Type} {a_WT:WhyType a} :
forall {a:Type} {a_WT:WhyType a},
forall (l1:(list a)) (l2:(list a)), forall (l1:(list a)) (l2:(list a)),
((Init.Datatypes.app l1 l2) = ((Init.Datatypes.app l1 l2) =
match l1 with match l1 with
...@@ -29,50 +28,47 @@ Lemma infix_plpl_def : ...@@ -29,50 +28,47 @@ Lemma infix_plpl_def :
(Init.Datatypes.cons x1 (Init.Datatypes.app r1 l2)) (Init.Datatypes.cons x1 (Init.Datatypes.app r1 l2))
end). end).
Proof. Proof.
now intros a a_WT [|h1 q1] l2. now intros [|h1 q1] l2.
Qed. Qed.
Require Import Lists.List. Require Import Lists.List.
(* Why3 goal *) (* Why3 goal *)
Lemma Append_assoc : Lemma Append_assoc {a:Type} {a_WT:WhyType a} :
forall {a:Type} {a_WT:WhyType a},
forall (l1:(list a)) (l2:(list a)) (l3:(list a)), forall (l1:(list a)) (l2:(list a)) (l3:(list a)),
((Init.Datatypes.app l1 (Init.Datatypes.app l2 l3)) = ((Init.Datatypes.app l1 (Init.Datatypes.app l2 l3)) =
(Init.Datatypes.app (Init.Datatypes.app l1 l2) l3)). (Init.Datatypes.app (Init.Datatypes.app l1 l2) l3)).
Proof. Proof.
intros a a_WT l1 l2 l3. intros l1 l2 l3.
apply app_assoc. apply app_assoc.
Qed. Qed.
(* Why3 goal *) (* Why3 goal *)
Lemma Append_l_nil : forall {a:Type} {a_WT:WhyType a}, forall (l:(list a)), Lemma Append_l_nil {a:Type} {a_WT:WhyType a} :
((Init.Datatypes.app l Init.Datatypes.nil) = l). forall (l:(list a)), ((Init.Datatypes.app l Init.Datatypes.nil) = l).
Proof. Proof.
intros a a_WT l. intros l.
apply app_nil_r. apply app_nil_r.
Qed. Qed.
(* Why3 goal *) (* Why3 goal *)
Lemma Append_length : Lemma Append_length {a:Type} {a_WT:WhyType a} :
forall {a:Type} {a_WT:WhyType a},
forall (l1:(list a)) (l2:(list a)), forall (l1:(list a)) (l2:(list a)),
((list.Length.length (Init.Datatypes.app l1 l2)) = ((list.Length.length (Init.Datatypes.app l1 l2)) =
((list.Length.length l1) + (list.Length.length l2))%Z). ((list.Length.length l1) + (list.Length.length l2))%Z).
Proof. Proof.
intros a a_WT l1 l2. intros l1 l2.
rewrite 3!Length.length_std. rewrite 3!Length.length_std.
now rewrite app_length, inj_plus. now rewrite app_length, inj_plus.
Qed. Qed.
(* Why3 goal *) (* Why3 goal *)
Lemma mem_append : Lemma mem_append {a:Type} {a_WT:WhyType a} :
forall {a:Type} {a_WT:WhyType a},
forall (x:a) (l1:(list a)) (l2:(list a)), forall (x:a) (l1:(list a)) (l2:(list a)),
(list.Mem.mem x (Init.Datatypes.app l1 l2)) <-> (list.Mem.mem x (Init.Datatypes.app l1 l2)) <->
((list.Mem.mem x l1) \/ (list.Mem.mem x l2)). ((list.Mem.mem x l1) \/ (list.Mem.mem x l2)).
Proof. Proof.
intros a a_WT x l1 l2. intros x l1 l2.
split. split.
intros H. intros H.
apply Mem.mem_std in H. apply Mem.mem_std in H.
...@@ -93,11 +89,12 @@ now apply Mem.mem_std. ...@@ -93,11 +89,12 @@ now apply Mem.mem_std.
Qed. Qed.
(* Why3 goal *) (* Why3 goal *)
Lemma mem_decomp : forall {a:Type} {a_WT:WhyType a}, forall (x:a) Lemma mem_decomp {a:Type} {a_WT:WhyType a} :
(l:(list a)), (list.Mem.mem x l) -> exists l1:(list a), exists l2:(list a), forall (x:a) (l:(list a)), (list.Mem.mem x l) ->
exists l1:(list a), exists l2:(list a),
(l = (Init.Datatypes.app l1 (Init.Datatypes.cons x l2))). (l = (Init.Datatypes.app l1 (Init.Datatypes.cons x l2))).
Proof. Proof.
intros a a_WT x l h1. intros x l h1.
apply in_split. apply in_split.
now apply Mem.mem_std. now apply Mem.mem_std.
Qed. Qed.
......
...@@ -19,8 +19,7 @@ Require list.List. ...@@ -19,8 +19,7 @@ Require list.List.
(* combine is replaced with (Lists.List.combine x x1) by the coq driver *) (* combine is replaced with (Lists.List.combine x x1) by the coq driver *)
(* Why3 goal *) (* Why3 goal *)
Lemma combine_def : Lemma combine_def {a:Type} {a_WT:WhyType a} {b:Type} {b_WT:WhyType b} :
forall {a:Type} {a_WT:WhyType a} {b:Type} {b_WT:WhyType b},
forall (x:(list a)) (y:(list b)), forall (x:(list a)) (y:(list b)),
match (x, y) with match (x, y) with
| ((Init.Datatypes.cons x0 x1), (Init.Datatypes.cons y0 y1)) => | ((Init.Datatypes.cons x0 x1), (Init.Datatypes.cons y0 y1)) =>
...@@ -29,6 +28,6 @@ Lemma combine_def : ...@@ -29,6 +28,6 @@ Lemma combine_def :
| _ => ((Lists.List.combine x y) = Init.Datatypes.nil) | _ => ((Lists.List.combine x y) = Init.Datatypes.nil)
end. end.
Proof. Proof.
now intros a a_WT b b_WT [|xh xt] [|yh yt]. now intros [|xh xt] [|yh yt].
Qed. Qed.
...@@ -21,19 +21,19 @@ Require list.Append. ...@@ -21,19 +21,19 @@ Require list.Append.
(* Why3 assumption *) (* Why3 assumption *)
Inductive distinct {a:Type} {a_WT:WhyType a}: (list a) -> Prop := Inductive distinct {a:Type} {a_WT:WhyType a}: (list a) -> Prop :=
| distinct_zero : (distinct Init.Datatypes.nil) | distinct_zero : distinct Init.Datatypes.nil
| distinct_one : forall (x:a), (distinct | distinct_one : forall (x:a), (distinct
(Init.Datatypes.cons x Init.Datatypes.nil)) (Init.Datatypes.cons x Init.Datatypes.nil))
| distinct_many : forall (x:a) (l:(list a)), (~ (list.Mem.mem x l)) -> | distinct_many : forall (x:a) (l:(list a)), (~ (list.Mem.mem x l)) ->
((distinct l) -> (distinct (Init.Datatypes.cons x l))). ((distinct l) -> (distinct (Init.Datatypes.cons x l))).
(* Why3 goal *) (* Why3 goal *)
Lemma distinct_append : forall {a:Type} {a_WT:WhyType a}, Lemma distinct_append {a:Type} {a_WT:WhyType a} :
forall (l1:(list a)) (l2:(list a)), (distinct l1) -> ((distinct l2) -> forall (l1:(list a)) (l2:(list a)), (distinct l1) -> (distinct l2) ->
((forall (x:a), (list.Mem.mem x l1) -> ~ (list.Mem.mem x l2)) -> (distinct (forall (x:a), (list.Mem.mem x l1) -> ~ (list.Mem.mem x l2)) ->
(Init.Datatypes.app l1 l2)))). distinct (Init.Datatypes.app l1 l2).
Proof. Proof.
intros a a_WT l1 l2 h1 h2 h3. intros l1 l2 h1 h2 h3.
induction l1 as [|l1h l1t IHl1]. induction l1 as [|l1h l1t IHl1].
exact h2. exact h2.
simpl. simpl.
......
...@@ -16,32 +16,30 @@ Require BuiltIn. ...@@ -16,32 +16,30 @@ Require BuiltIn.
Require list.List. Require list.List.
(* Why3 goal *) (* Why3 goal *)
Definition hd : forall {a:Type} {a_WT:WhyType a}, (list a) -> a. Definition hd {a:Type} {a_WT:WhyType a} : (list a) -> a.
intros a a_WT [|h _]. intros [|h _].
exact why_inhabitant. exact why_inhabitant.
exact h. exact h.
Defined. Defined.
(* Why3 goal *) (* Why3 goal *)
Lemma hd_cons : Lemma hd_cons {a:Type} {a_WT:WhyType a} :
forall {a:Type} {a_WT:WhyType a},
forall (x:a) (r:(list a)), ((hd (Init.Datatypes.cons x r)) = x). forall (x:a) (r:(list a)), ((hd (Init.Datatypes.cons x r)) = x).
Proof. Proof.
now intros a a_WT x r. now intros x r.
Qed. Qed.
(* Why3 goal *) (* Why3 goal *)
Definition tl : forall {a:Type} {a_WT:WhyType a}, (list a) -> (list a). Definition tl {a:Type} {a_WT:WhyType a} : (list a) -> (list a).
intros a a_WT [|_ t]. intros [|_ t].
exact nil. exact nil.
exact t. exact t.
Defined. Defined.
(* Why3 goal *) (* Why3 goal *)
Lemma tl_cons : Lemma tl_cons {a:Type} {a_WT:WhyType a} :
forall {a:Type} {a_WT:WhyType a},
forall (x:a) (r:(list a)), ((tl (Init.Datatypes.cons x r)) = r). forall (x:a) (r:(list a)), ((tl (Init.Datatypes.cons x r)) = r).
Proof. Proof.
now intros a a_WT x r. now intros x r.
Qed. Qed.
...@@ -35,21 +35,19 @@ now rewrite inj_S, Zplus_comm, IHl. ...@@ -35,21 +35,19 @@ now rewrite inj_S, Zplus_comm, IHl.
Qed. Qed.
(* Why3 goal *) (* Why3 goal *)
Lemma Length_nonnegative : Lemma Length_nonnegative {a:Type} {a_WT:WhyType a} :
forall {a:Type} {a_WT:WhyType a},
forall (l:(list a)), (0%Z <= (length l))%Z. forall (l:(list a)), (0%Z <= (length l))%Z.
Proof. Proof.
intros a a_WT l. intros l.
rewrite length_std. rewrite length_std.
apply Zle_0_nat. apply Zle_0_nat.
Qed. Qed.
(* Why3 goal *) (* Why3 goal *)
Lemma Length_nil : Lemma Length_nil {a:Type} {a_WT:WhyType a} :
forall {a:Type} {a_WT:WhyType a},
forall (l:(list a)), ((length l) = 0%Z) <-> (l = Init.Datatypes.nil). forall (l:(list a)), ((length l) = 0%Z) <-> (l = Init.Datatypes.nil).
Proof. Proof.
intros a a_WT [|h t] ; split ; try easy. intros [|h t] ; split ; try easy.
unfold length. fold length. unfold length. fold length.
intros H. intros H.
exfalso. exfalso.
......
...@@ -22,10 +22,10 @@ Definition is_nil {a:Type} {a_WT:WhyType a} (l:(list a)) : Prop := ...@@ -22,10 +22,10 @@ Definition is_nil {a:Type} {a_WT:WhyType a} (l:(list a)) : Prop :=
end. end.
(* Why3 goal *) (* Why3 goal *)
Lemma is_nil_spec : forall {a:Type} {a_WT:WhyType a}, forall (l:(list a)), Lemma is_nil_spec {a:Type} {a_WT:WhyType a} :
(is_nil l) <-> (l = Init.Datatypes.nil). forall (l:(list a)), (is_nil l) <-> (l = Init.Datatypes.nil).
Proof. Proof.
intros a a_WT l. intros l.
split. split.
now destruct l. now destruct l.
now intros ->. now intros ->.
......
...@@ -18,15 +18,12 @@ Require list.List. ...@@ -18,15 +18,12 @@ Require list.List.
Require option.Option. Require option.Option.
(* Why3 goal *) (* Why3 goal *)
Definition nth : Definition nth {a:Type} {a_WT:WhyType a} : Z -> (list a) -> (option a).
forall {a:Type} {a_WT:WhyType a}, Z -> (list a) -> (option a).
intros a a_WT.
exact (fix nth n l := match l with nil => None | cons h t => if Zeq_bool n Z0 then Some h else nth (n - 1)%Z t end). exact (fix nth n l := match l with nil => None | cons h t => if Zeq_bool n Z0 then Some h else nth (n - 1)%Z t end).
Defined. Defined.
(* Why3 goal *) (* Why3 goal *)
Lemma nth_def : Lemma nth_def {a:Type} {a_WT:WhyType a} :