 ### LCP: more proof attempts in Coq

parent 95d9e88f
 ... ... @@ -79,15 +79,24 @@ module LCP "longest common prefix" use import int.Int use map.Map use map.MapPermut use map.MapInjection use import array.Array predicate permutation (a:array int) = MapInjection.range a.elts a.length /\ MapInjection.injective a.elts a.length predicate map_permutation (m:Map.map int int) (u : int) = MapInjection.range m u /\ MapInjection.injective m u lemma map_permut_permutation : forall m1 m2:Map.map int int, u:int [MapPermut.permut_sub m1 m2 0 u]. MapPermut.permut_sub m1 m2 0 u -> map_permutation m1 u -> map_permutation m2 u use import array.Array use import array.ArrayPermut predicate permutation (a:array int) = map_permutation a.elts a.length lemma permut_permutation : forall a1 a2:array int. permut a1 a2 -> permutation a1 -> permutation a2 ... ...
 (* This file is generated by Why3's Coq driver *) (* Beware! Only edit allowed sections below *) Require Import BuiltIn. Require BuiltIn. Require int.Int. Require map.Map. Require map.MapPermut. (* Why3 assumption *) Definition unit := unit. (* Why3 assumption *) Definition injective(a:(map.Map.map Z Z)) (n:Z): Prop := forall (i:Z) (j:Z), ((0%Z <= i)%Z /\ (i < n)%Z) -> (((0%Z <= j)%Z /\ (j < n)%Z) -> ((~ (i = j)) -> ~ ((map.Map.get a i) = (map.Map.get a j)))). (* Why3 assumption *) Definition surjective(a:(map.Map.map Z Z)) (n:Z): Prop := forall (i:Z), ((0%Z <= i)%Z /\ (i < n)%Z) -> exists j:Z, ((0%Z <= j)%Z /\ (j < n)%Z) /\ ((map.Map.get a j) = i). (* Why3 assumption *) Definition range(a:(map.Map.map Z Z)) (n:Z): Prop := forall (i:Z), ((0%Z <= i)%Z /\ (i < n)%Z) -> ((0%Z <= (map.Map.get a i))%Z /\ ((map.Map.get a i) < n)%Z). Axiom injective_surjective : forall (a:(map.Map.map Z Z)) (n:Z), (injective a n) -> ((range a n) -> (surjective a n)). (* Why3 assumption *) Definition map_permutation(m:(map.Map.map Z Z)) (u:Z): Prop := (range m u) /\ (injective m u). (* Why3 goal *) Theorem map_permut_permutation : forall (m1:(map.Map.map Z Z)) (m2:(map.Map.map Z Z)) (u:Z), (map.MapPermut.permut_sub m1 m2 0%Z u) -> ((map_permutation m1 u) -> (map_permutation m2 u)). intros m1 m2 u h1 h2. unfold permutation in *. simpl in *. subst l2. Print permut_sub. inversion h2. elim h2; auto. admit. unfold range, injective. intuition. destruct H1 as (h1 & h2 & h3). intros. assert (i0=i \/ i0 = j \/ (i0 <> i /\ i0 <> j)) by omega. destruct H1. subst i0. rewrite h2. Qed.
 ... ... @@ -4,6 +4,7 @@ Require Import BuiltIn. Require BuiltIn. Require int.Int. Require map.Map. Require map.MapPermut. (* Why3 assumption *) Definition unit := unit. ... ... @@ -26,6 +27,14 @@ Definition range(a:(map.Map.map Z Z)) (n:Z): Prop := forall (i:Z), Axiom injective_surjective : forall (a:(map.Map.map Z Z)) (n:Z), (injective a n) -> ((range a n) -> (surjective a n)). (* Why3 assumption *) Definition map_permutation(m:(map.Map.map Z Z)) (u:Z): Prop := (range m u) /\ (injective m u). Axiom map_permut_permutation : forall (m1:(map.Map.map Z Z)) (m2:(map.Map.map Z Z)) (u:Z), (map.MapPermut.permut_sub m1 m2 0%Z u) -> ((map_permutation m1 u) -> (map_permutation m2 u)). (* Why3 assumption *) Inductive array (a:Type) {a_WT:WhyType a} := | mk_array : Z -> (map.Map.map Z a) -> array a. ... ... @@ -57,10 +66,6 @@ Definition set {a:Type} {a_WT:WhyType a}(a1:(array a)) (i:Z) (v:a): (array Definition make {a:Type} {a_WT:WhyType a}(n:Z) (v:a): (array a) := (mk_array n (map.Map.const v:(map.Map.map Z a))). (* Why3 assumption *) Definition permutation(a:(array Z)): Prop := (range (elts a) (length a)) /\ (injective (elts a) (length a)). (* Why3 assumption *) Definition exchange {a:Type} {a_WT:WhyType a}(a1:(map.Map.map Z a)) (a2:(map.Map.map Z a)) (i:Z) (j:Z): Prop := ((map.Map.get a1 ... ... @@ -150,20 +155,22 @@ Axiom array_eq_sub_permut : forall {a:Type} {a_WT:WhyType a}, Axiom array_eq_permut : forall {a:Type} {a_WT:WhyType a}, forall (a1:(array a)) (a2:(array a)), (array_eq a1 a2) -> (permut a1 a2). (* Why3 assumption *) Definition permutation(a:(array Z)): Prop := (map_permutation (elts a) (length a)). Require Import Why3. Ltac ae := why3 "alt-ergo" timelimit 3. (* Why3 goal *) Theorem permut_permutation : forall (a1:(array Z)) (a2:(array Z)), (permut a1 a2) -> ((permutation a1) -> (permutation a2)). intros (l1,a1) (l2,a2) (h1,h2) h. intros (l1,a1) (l2,a2) (h1,h2). unfold permutation in *. simpl in *. subst l2. induction h2. ae. ae. apply IHh2_2; auto. ae. intro. apply map_permut_permutation with (m1:=a1); auto. Qed.
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!