Commit 2ceef495 authored by MARCHE Claude's avatar MARCHE Claude

Cleaned proof of Binary Heaps

parent 8f71eaa0
......@@ -2,13 +2,12 @@
theory Bag
use import int.Int
use import map.Map as A
type bag 'a = A.map 'a int
type bag 'a
(* the most basic operation is the number of occurences *)
function nb_occ (x: 'a) (b: bag 'a): int = A.get b x
function nb_occ (x: 'a) (b: bag 'a): int
axiom occ_non_negative : forall b: bag 'a, x: 'a. nb_occ x b >= 0
......@@ -26,7 +25,12 @@ axiom occ_empty : forall x: 'a. nb_occ x empty_bag = 0
lemma is_empty : forall b: bag 'a.
(forall x: 'a. nb_occ x b = 0) -> b = empty_bag
function singleton (x: 'a) : bag 'a = A.set empty_bag x 1
function singleton (x: 'a) : bag 'a
axiom occ_singleton: forall x y: 'a.
(x = y /\ (nb_occ y (singleton x)) = 1) \/
(x <> y /\ (nb_occ y (singleton x)) = 0)
lemma occ_singleton_eq : forall x y: 'a. x = y -> (nb_occ y (singleton x)) = 1
lemma occ_singleton_neq : forall x y: 'a. x <> y -> (nb_occ y (singleton x)) = 0
......
......@@ -54,7 +54,7 @@ let insert (this : ref logic_heap) (e : int) : unit =
arr := A.set !arr !i e;
this := (!arr, n + 1);
assert { 0 < !i < n -> is_heap !this };
assert { !i < n -> model !this = add e (model (a,n)) }
assert { !i < n -> model !this = add e (model (a,n)) }
{ is_heap !this /\
model !this = add e (model (old !this)) }
......@@ -111,6 +111,57 @@ let extractMin (this : ref logic_heap) : int =
result = min_bag (model (old !this)) /\
model (old !this) = add result (model !this) }
(*
let extractMin0 (this : ref logic_heap) : int =
{ model !this <> empty_bag }
let (a, n) = !this in
assert {n > 0};
let min = a[0] in
let n' = n-1 in
let last = a[n'] in
assert { n' > 0 -> nb_occ last (diff (model (a,n))
(singleton min)) > 0 } ;
let arr = ref a in
let i = ref 0 in
try
while ( !i < n') do
invariant {
0 <= !i /\
(n' > 0 -> !i < n') /\
(!i = 0 -> !arr = a) /\
(n' > 0 ->
elements !arr 0 n' =
add !arr[!i] (diff (diff (model (a,n))
(singleton last))
(singleton min))) /\
(!i > 0 -> !arr[parent !i] < last) }
variant {n' - !i}
let left = 2 * !i + 1 in
let right = 2 * !i + 2 in
if (left >= n') then raise Break;
let smaller = ref left in
if right < n' then
if !arr[left] > !arr[right]
then smaller := right;
if last <= !arr[!smaller] then raise Break;
arr := !arr[!i <- !arr[!smaller]];
i := !smaller
done;
assert { n' = 0 }
with Break -> ()
end;
if !i < n' then
begin
arr := !arr[!i <- last];
assert { n' > 0 -> elements !arr 0 n' =
(diff (model (a,n)) (singleton min)) }
end;
this := (!arr, n');
min
{ model !this = diff (model (old !this)) (singleton result) }
*)
end
(*
......
(* This file is generated by Why3's Coq driver *)
(* Beware! Only edit allowed sections below *)
Require Import ZArith.
Require Import Rbase.
Parameter bag : forall (a:Type), Type.
Parameter nb_occ: forall (a:Type), a -> (bag a) -> Z.
Implicit Arguments nb_occ.
Axiom occ_non_negative : forall (a:Type), forall (b:(bag a)) (x:a),
(0%Z <= (nb_occ x b))%Z.
Definition eq_bag (a:Type)(a1:(bag a)) (b:(bag a)): Prop := forall (x:a),
((nb_occ x a1) = (nb_occ x b)).
Implicit Arguments eq_bag.
Axiom bag_extensionality : forall (a:Type), forall (a1:(bag a)) (b:(bag a)),
(eq_bag a1 b) -> (a1 = b).
Parameter empty_bag: forall (a:Type), (bag a).
Set Contextual Implicit.
Implicit Arguments empty_bag.
Unset Contextual Implicit.
Axiom occ_empty : forall (a:Type), forall (x:a), ((nb_occ x (empty_bag:(bag
a))) = 0%Z).
Axiom is_empty : forall (a:Type), forall (b:(bag a)), (forall (x:a),
((nb_occ x b) = 0%Z)) -> (b = (empty_bag:(bag a))).
Parameter singleton: forall (a:Type), a -> (bag a).
Implicit Arguments singleton.
Axiom occ_singleton : forall (a:Type), forall (x:a) (y:a), ((x = y) /\
((nb_occ y (singleton x)) = 1%Z)) \/ ((~ (x = y)) /\ ((nb_occ y
(singleton x)) = 0%Z)).
Axiom occ_singleton_eq : forall (a:Type), forall (x:a) (y:a), (x = y) ->
((nb_occ y (singleton x)) = 1%Z).
Axiom occ_singleton_neq : forall (a:Type), forall (x:a) (y:a), (~ (x = y)) ->
((nb_occ y (singleton x)) = 0%Z).
Parameter union: forall (a:Type), (bag a) -> (bag a) -> (bag a).
Implicit Arguments union.
Axiom occ_union : forall (a:Type), forall (x:a) (a1:(bag a)) (b:(bag a)),
((nb_occ x (union a1 b)) = ((nb_occ x a1) + (nb_occ x b))%Z).
Axiom Union_comm : forall (a:Type), forall (a1:(bag a)) (b:(bag a)),
((union a1 b) = (union b a1)).
Axiom Union_identity : forall (a:Type), forall (a1:(bag a)), ((union a1
(empty_bag:(bag a))) = a1).
Axiom Union_assoc : forall (a:Type), forall (a1:(bag a)) (b:(bag a)) (c:(bag
a)), ((union a1 (union b c)) = (union (union a1 b) c)).
Axiom bag_simpl : forall (a:Type), forall (a1:(bag a)) (b:(bag a)) (c:(bag
a)), ((union a1 b) = (union c b)) -> (a1 = c).
Axiom bag_simpl_left : forall (a:Type), forall (a1:(bag a)) (b:(bag a))
(c:(bag a)), ((union a1 b) = (union a1 c)) -> (b = c).
Definition add (a:Type)(x:a) (b:(bag a)): (bag a) := (union (singleton x) b).
Implicit Arguments add.
Axiom occ_add_eq : forall (a:Type), forall (b:(bag a)) (x:a) (y:a),
(x = y) -> ((nb_occ x (add x b)) = ((nb_occ x b) + 1%Z)%Z).
Axiom occ_add_neq : forall (a:Type), forall (b:(bag a)) (x:a) (y:a),
(~ (x = y)) -> ((nb_occ y (add x b)) = (nb_occ y b)).
Parameter card: forall (a:Type), (bag a) -> Z.
Implicit Arguments card.
Axiom Card_empty : forall (a:Type), ((card (empty_bag:(bag a))) = 0%Z).
Axiom Card_singleton : forall (a:Type), forall (x:a),
((card (singleton x)) = 1%Z).
Axiom Card_union : forall (a:Type), forall (x:(bag a)) (y:(bag a)),
((card (union x y)) = ((card x) + (card y))%Z).
Axiom Card_zero_empty : forall (a:Type), forall (x:(bag a)),
((card x) = 0%Z) -> (x = (empty_bag:(bag a))).
Axiom Max_is_ge : forall (x:Z) (y:Z), (x <= (Zmax x y))%Z /\
(y <= (Zmax x y))%Z.
Axiom Max_is_some : forall (x:Z) (y:Z), ((Zmax x y) = x) \/ ((Zmax x y) = y).
Axiom Min_is_le : forall (x:Z) (y:Z), ((Zmin x y) <= x)%Z /\
((Zmin x y) <= y)%Z.
Axiom Min_is_some : forall (x:Z) (y:Z), ((Zmin x y) = x) \/ ((Zmin x y) = y).
Axiom Max_x : forall (x:Z) (y:Z), (y <= x)%Z -> ((Zmax x y) = x).
Axiom Max_y : forall (x:Z) (y:Z), (x <= y)%Z -> ((Zmax x y) = y).
Axiom Min_x : forall (x:Z) (y:Z), (x <= y)%Z -> ((Zmin x y) = x).
Axiom Min_y : forall (x:Z) (y:Z), (y <= x)%Z -> ((Zmin x y) = y).
Axiom Max_sym : forall (x:Z) (y:Z), (y <= x)%Z -> ((Zmax x y) = (Zmax y x)).
Axiom Min_sym : forall (x:Z) (y:Z), (y <= x)%Z -> ((Zmin x y) = (Zmin y x)).
Parameter diff: forall (a:Type), (bag a) -> (bag a) -> (bag a).
Implicit Arguments diff.
Axiom Diff_occ : forall (a:Type), forall (b1:(bag a)) (b2:(bag a)) (x:a),
((nb_occ x (diff b1 b2)) = (Zmax 0%Z ((nb_occ x b1) - (nb_occ x b2))%Z)).
Axiom Diff_empty_right : forall (a:Type), forall (b:(bag a)), ((diff b
(empty_bag:(bag a))) = b).
Axiom Diff_empty_left : forall (a:Type), forall (b:(bag a)),
((diff (empty_bag:(bag a)) b) = (empty_bag:(bag a))).
Axiom Diff_add : forall (a:Type), forall (b:(bag a)) (x:a), ((diff (add x b)
(singleton x)) = b).
Axiom Diff_comm : forall (a:Type), forall (b:(bag a)) (b1:(bag a)) (b2:(bag
a)), ((diff (diff b b1) b2) = (diff (diff b b2) b1)).
(* YOU MAY EDIT THE CONTEXT BELOW *)
(* DO NOT EDIT BELOW *)
Theorem Add_diff : forall (a:Type), forall (b:(bag a)) (x:a),
(0%Z < (nb_occ x b))%Z -> ((add x (diff b (singleton x))) = b).
(* YOU MAY EDIT THE PROOF BELOW *)
intros X b x H.
apply bag_extensionality.
intro y.
unfold add; rewrite occ_union.
rewrite Diff_occ.
destruct (Zmax_spec 0 (nb_occ y b - nb_occ y (singleton x)))
as [(Ha,R)|(Ha,R)]; auto with zarith.
destruct (occ_singleton X x y) as [(H1,H2)|(H1,H2)].
subst; intuition.
generalize (occ_non_negative X b y).
omega.
Qed.
(* DO NOT EDIT BELOW *)
(* This file is generated by Why3's Coq driver *)
(* Beware! Only edit allowed sections below *)
Require Import ZArith.
Require Import Rbase.
Parameter bag : forall (a:Type), Type.
Parameter nb_occ: forall (a:Type), a -> (bag a) -> Z.
Implicit Arguments nb_occ.
Axiom occ_non_negative : forall (a:Type), forall (b:(bag a)) (x:a),
(0%Z <= (nb_occ x b))%Z.
Definition eq_bag (a:Type)(a1:(bag a)) (b:(bag a)): Prop := forall (x:a),
((nb_occ x a1) = (nb_occ x b)).
Implicit Arguments eq_bag.
Axiom bag_extensionality : forall (a:Type), forall (a1:(bag a)) (b:(bag a)),
(eq_bag a1 b) -> (a1 = b).
Parameter empty_bag: forall (a:Type), (bag a).
Set Contextual Implicit.
Implicit Arguments empty_bag.
Unset Contextual Implicit.
Axiom occ_empty : forall (a:Type), forall (x:a), ((nb_occ x (empty_bag:(bag
a))) = 0%Z).
Axiom is_empty : forall (a:Type), forall (b:(bag a)), (forall (x:a),
((nb_occ x b) = 0%Z)) -> (b = (empty_bag:(bag a))).
Parameter singleton: forall (a:Type), a -> (bag a).
Implicit Arguments singleton.
Axiom occ_singleton_eq : forall (a:Type), forall (x:a) (y:a), (x = y) ->
((nb_occ y (singleton x)) = 1%Z).
Axiom occ_singleton_neq : forall (a:Type), forall (x:a) (y:a), (~ (x = y)) ->
((nb_occ y (singleton x)) = 0%Z).
Parameter union: forall (a:Type), (bag a) -> (bag a) -> (bag a).
Implicit Arguments union.
Axiom occ_union : forall (a:Type), forall (x:a) (a1:(bag a)) (b:(bag a)),
((nb_occ x (union a1 b)) = ((nb_occ x a1) + (nb_occ x b))%Z).
Axiom Union_comm : forall (a:Type), forall (a1:(bag a)) (b:(bag a)),
((union a1 b) = (union b a1)).
Axiom Union_identity : forall (a:Type), forall (a1:(bag a)), ((union a1
(empty_bag:(bag a))) = a1).
Axiom Union_assoc : forall (a:Type), forall (a1:(bag a)) (b:(bag a)) (c:(bag
a)), ((union a1 (union b c)) = (union (union a1 b) c)).
Axiom bag_simpl : forall (a:Type), forall (a1:(bag a)) (b:(bag a)) (c:(bag
a)), ((union a1 b) = (union c b)) -> (a1 = c).
Axiom bag_simpl_left : forall (a:Type), forall (a1:(bag a)) (b:(bag a))
(c:(bag a)), ((union a1 b) = (union a1 c)) -> (b = c).
Definition add (a:Type)(x:a) (b:(bag a)): (bag a) := (union (singleton x) b).
Implicit Arguments add.
Axiom occ_add_eq : forall (a:Type), forall (b:(bag a)) (x:a) (y:a),
(x = y) -> ((nb_occ x (add x b)) = ((nb_occ x b) + 1%Z)%Z).
Axiom occ_add_neq : forall (a:Type), forall (b:(bag a)) (x:a) (y:a),
(~ (x = y)) -> ((nb_occ y (add x b)) = (nb_occ y b)).
Parameter card: forall (a:Type), (bag a) -> Z.
Implicit Arguments card.
Axiom Card_empty : forall (a:Type), ((card (empty_bag:(bag a))) = 0%Z).
Axiom Card_singleton : forall (a:Type), forall (x:a),
((card (singleton x)) = 1%Z).
Axiom Card_union : forall (a:Type), forall (x:(bag a)) (y:(bag a)),
((card (union x y)) = ((card x) + (card y))%Z).
Axiom Card_zero_empty : forall (a:Type), forall (x:(bag a)),
((card x) = 0%Z) -> (x = (empty_bag:(bag a))).
Axiom Max_is_ge : forall (x:Z) (y:Z), (x <= (Zmax x y))%Z /\
(y <= (Zmax x y))%Z.
Axiom Max_is_some : forall (x:Z) (y:Z), ((Zmax x y) = x) \/ ((Zmax x y) = y).
Axiom Min_is_le : forall (x:Z) (y:Z), ((Zmin x y) <= x)%Z /\
((Zmin x y) <= y)%Z.
Axiom Min_is_some : forall (x:Z) (y:Z), ((Zmin x y) = x) \/ ((Zmin x y) = y).
Axiom Max_x : forall (x:Z) (y:Z), (y <= x)%Z -> ((Zmax x y) = x).
Axiom Max_y : forall (x:Z) (y:Z), (x <= y)%Z -> ((Zmax x y) = y).
Axiom Min_x : forall (x:Z) (y:Z), (x <= y)%Z -> ((Zmin x y) = x).
Axiom Min_y : forall (x:Z) (y:Z), (y <= x)%Z -> ((Zmin x y) = y).
Axiom Max_sym : forall (x:Z) (y:Z), (y <= x)%Z -> ((Zmax x y) = (Zmax y x)).
Axiom Min_sym : forall (x:Z) (y:Z), (y <= x)%Z -> ((Zmin x y) = (Zmin y x)).
Parameter diff: forall (a:Type), (bag a) -> (bag a) -> (bag a).
Implicit Arguments diff.
Axiom Diff_occ : forall (a:Type), forall (b1:(bag a)) (b2:(bag a)) (x:a),
((nb_occ x (diff b1 b2)) = (Zmax 0%Z ((nb_occ x b1) - (nb_occ x b2))%Z)).
Axiom Diff_empty_right : forall (a:Type), forall (b:(bag a)), ((diff b
(empty_bag:(bag a))) = b).
Axiom Diff_empty_left : forall (a:Type), forall (b:(bag a)),
((diff (empty_bag:(bag a)) b) = (empty_bag:(bag a))).
(* YOU MAY EDIT THE CONTEXT BELOW *)
(* DO NOT EDIT BELOW *)
Theorem Diff_add : forall (a:Type), forall (b:(bag a)) (x:a), ((diff (add x
b) (singleton x)) = b).
(* YOU MAY EDIT THE PROOF BELOW *)
intros X b x.
apply bag_extensionality.
intros y.
rewrite Diff_occ.
unfold add; rewrite occ_union.
replace (nb_occ y (singleton x) + nb_occ y b -
nb_occ y (singleton x))%Z with (nb_occ y b) by omega.
generalize (Zmax_spec 0 (nb_occ y b)).
generalize (occ_non_negative X b y).
intuition.
Qed.
(* DO NOT EDIT BELOW *)
......@@ -2,109 +2,89 @@
(* Beware! Only edit allowed sections below *)
Require Import ZArith.
Require Import Rbase.
Parameter map : forall (a:Type) (b:Type), Type.
Parameter bag : forall (a:Type), Type.
Parameter get: forall (a:Type) (b:Type), (map a b) -> a -> b.
Parameter nb_occ: forall (a:Type), a -> (bag a) -> Z.
Implicit Arguments get.
Implicit Arguments nb_occ.
Parameter set: forall (a:Type) (b:Type), (map a b) -> a -> b -> (map a b).
Axiom occ_non_negative : forall (a:Type), forall (b:(bag a)) (x:a),
(0%Z <= (nb_occ x b))%Z.
Implicit Arguments set.
Axiom Select_eq : forall (a:Type) (b:Type), forall (m:(map a b)),
forall (a1:a) (a2:a), forall (b1:b), (a1 = a2) -> ((get (set m a1 b1)
a2) = b1).
Axiom Select_neq : forall (a:Type) (b:Type), forall (m:(map a b)),
forall (a1:a) (a2:a), forall (b1:b), (~ (a1 = a2)) -> ((get (set m a1 b1)
a2) = (get m a2)).
Parameter const: forall (b:Type) (a:Type), b -> (map a b).
Set Contextual Implicit.
Implicit Arguments const.
Unset Contextual Implicit.
Axiom Const : forall (b:Type) (a:Type), forall (b1:b) (a1:a), ((get (const(
b1):(map a b)) a1) = b1).
Definition bag (a:Type) := (map a Z).
Axiom occ_non_negative : forall (a:Type), forall (b:(map a Z)) (x:a),
(0%Z <= (get b x))%Z.
Definition eq_bag (a:Type)(a1:(map a Z)) (b:(map a Z)): Prop := forall (x:a),
((get a1 x) = (get b x)).
Definition eq_bag (a:Type)(a1:(bag a)) (b:(bag a)): Prop := forall (x:a),
((nb_occ x a1) = (nb_occ x b)).
Implicit Arguments eq_bag.
Axiom bag_extensionality : forall (a:Type), forall (a1:(map a Z)) (b:(map a
Z)), (eq_bag a1 b) -> (a1 = b).
Axiom bag_extensionality : forall (a:Type), forall (a1:(bag a)) (b:(bag a)),
(eq_bag a1 b) -> (a1 = b).
Parameter empty_bag: forall (a:Type), (map a Z).
Parameter empty_bag: forall (a:Type), (bag a).
Set Contextual Implicit.
Implicit Arguments empty_bag.
Unset Contextual Implicit.
Axiom occ_empty : forall (a:Type), forall (x:a), ((get (empty_bag:(map a Z))
x) = 0%Z).
Axiom occ_empty : forall (a:Type), forall (x:a), ((nb_occ x (empty_bag:(bag
a))) = 0%Z).
Axiom is_empty : forall (a:Type), forall (b:(bag a)), (forall (x:a),
((nb_occ x b) = 0%Z)) -> (b = (empty_bag:(bag a))).
Parameter singleton: forall (a:Type), a -> (bag a).
Axiom is_empty : forall (a:Type), forall (b:(map a Z)), (forall (x:a),
((get b x) = 0%Z)) -> (b = (empty_bag:(map a Z))).
Implicit Arguments singleton.
Axiom occ_singleton_eq : forall (a:Type), forall (x:a) (y:a), (x = y) ->
((get (set (empty_bag:(map a Z)) x 1%Z) y) = 1%Z).
((nb_occ y (singleton x)) = 1%Z).
Axiom occ_singleton_neq : forall (a:Type), forall (x:a) (y:a), (~ (x = y)) ->
((get (set (empty_bag:(map a Z)) x 1%Z) y) = 0%Z).
((nb_occ y (singleton x)) = 0%Z).
Parameter union: forall (a:Type), (map a Z) -> (map a Z) -> (map a Z).
Parameter union: forall (a:Type), (bag a) -> (bag a) -> (bag a).
Implicit Arguments union.
Axiom occ_union : forall (a:Type), forall (x:a) (a1:(map a Z)) (b:(map a Z)),
((get (union a1 b) x) = ((get a1 x) + (get b x))%Z).
Axiom occ_union : forall (a:Type), forall (x:a) (a1:(bag a)) (b:(bag a)),
((nb_occ x (union a1 b)) = ((nb_occ x a1) + (nb_occ x b))%Z).
Axiom Union_comm : forall (a:Type), forall (a1:(map a Z)) (b:(map a Z)),
Axiom Union_comm : forall (a:Type), forall (a1:(bag a)) (b:(bag a)),
((union a1 b) = (union b a1)).
Axiom Union_identity : forall (a:Type), forall (a1:(map a Z)), ((union a1
(empty_bag:(map a Z))) = a1).
Axiom Union_identity : forall (a:Type), forall (a1:(bag a)), ((union a1
(empty_bag:(bag a))) = a1).
Axiom Union_assoc : forall (a:Type), forall (a1:(map a Z)) (b:(map a Z))
(c:(map a Z)), ((union a1 (union b c)) = (union (union a1 b) c)).
Axiom Union_assoc : forall (a:Type), forall (a1:(bag a)) (b:(bag a)) (c:(bag
a)), ((union a1 (union b c)) = (union (union a1 b) c)).
Axiom bag_simpl : forall (a:Type), forall (a1:(map a Z)) (b:(map a Z))
(c:(map a Z)), ((union a1 b) = (union c b)) -> (a1 = c).
Axiom bag_simpl : forall (a:Type), forall (a1:(bag a)) (b:(bag a)) (c:(bag
a)), ((union a1 b) = (union c b)) -> (a1 = c).
Axiom bag_simpl_left : forall (a:Type), forall (a1:(map a Z)) (b:(map a Z))
(c:(map a Z)), ((union a1 b) = (union a1 c)) -> (b = c).
Axiom bag_simpl_left : forall (a:Type), forall (a1:(bag a)) (b:(bag a))
(c:(bag a)), ((union a1 b) = (union a1 c)) -> (b = c).
Definition add (a:Type)(x:a) (b:(map a Z)): (map a Z) :=
(union (set (empty_bag:(map a Z)) x 1%Z) b).
Definition add (a:Type)(x:a) (b:(bag a)): (bag a) := (union (singleton x) b).
Implicit Arguments add.
Axiom occ_add_eq : forall (a:Type), forall (b:(map a Z)) (x:a) (y:a),
(x = y) -> ((get (add x b) x) = ((get b x) + 1%Z)%Z).
Axiom occ_add_eq : forall (a:Type), forall (b:(bag a)) (x:a) (y:a),
(x = y) -> ((nb_occ x (add x b)) = ((nb_occ x b) + 1%Z)%Z).
Axiom occ_add_neq : forall (a:Type), forall (b:(map a Z)) (x:a) (y:a),
(~ (x = y)) -> ((get (add x b) y) = (get b y)).
Axiom occ_add_neq : forall (a:Type), forall (b:(bag a)) (x:a) (y:a),
(~ (x = y)) -> ((nb_occ y (add x b)) = (nb_occ y b)).
Parameter card: forall (a:Type), (map a Z) -> Z.
Parameter card: forall (a:Type), (bag a) -> Z.
Implicit Arguments card.
Axiom Card_empty : forall (a:Type), ((card (empty_bag:(map a Z))) = 0%Z).
Axiom Card_empty : forall (a:Type), ((card (empty_bag:(bag a))) = 0%Z).
Axiom Card_singleton : forall (a:Type), forall (x:a),
((card (set (empty_bag:(map a Z)) x 1%Z)) = 1%Z).
((card (singleton x)) = 1%Z).
Axiom Card_union : forall (a:Type), forall (x:(map a Z)) (y:(map a Z)),
Axiom Card_union : forall (a:Type), forall (x:(bag a)) (y:(bag a)),
((card (union x y)) = ((card x) + (card y))%Z).
Axiom Card_zero_empty : forall (a:Type), forall (x:(map a Z)),
((card x) = 0%Z) -> (x = (empty_bag:(map a Z))).
Axiom Card_zero_empty : forall (a:Type), forall (x:(bag a)),
((card x) = 0%Z) -> (x = (empty_bag:(bag a))).
Axiom Max_is_ge : forall (x:Z) (y:Z), (x <= (Zmax x y))%Z /\
(y <= (Zmax x y))%Z.
......@@ -128,28 +108,28 @@ Axiom Max_sym : forall (x:Z) (y:Z), (y <= x)%Z -> ((Zmax x y) = (Zmax y x)).
Axiom Min_sym : forall (x:Z) (y:Z), (y <= x)%Z -> ((Zmin x y) = (Zmin y x)).
Parameter diff: forall (a:Type), (map a Z) -> (map a Z) -> (map a Z).
Parameter diff: forall (a:Type), (bag a) -> (bag a) -> (bag a).
Implicit Arguments diff.
Axiom Diff_occ : forall (a:Type), forall (b1:(map a Z)) (b2:(map a Z)) (x:a),
((get (diff b1 b2) x) = (Zmax 0%Z ((get b1 x) - (get b2 x))%Z)).
Axiom Diff_occ : forall (a:Type), forall (b1:(bag a)) (b2:(bag a)) (x:a),
((nb_occ x (diff b1 b2)) = (Zmax 0%Z ((nb_occ x b1) - (nb_occ x b2))%Z)).
Axiom Diff_empty_right : forall (a:Type), forall (b:(map a Z)), ((diff b
(empty_bag:(map a Z))) = b).
Axiom Diff_empty_right : forall (a:Type), forall (b:(bag a)), ((diff b
(empty_bag:(bag a))) = b).
Axiom Diff_empty_left : forall (a:Type), forall (b:(map a Z)),
((diff (empty_bag:(map a Z)) b) = (empty_bag:(map a Z))).
Axiom Diff_empty_left : forall (a:Type), forall (b:(bag a)),
((diff (empty_bag:(bag a)) b) = (empty_bag:(bag a))).
Axiom Diff_add : forall (a:Type), forall (b:(map a Z)) (x:a), ((diff (add x
b) (set (empty_bag:(map a Z))</