Commit 4740cd89 authored by Andrei Paskevich's avatar Andrei Paskevich

repair sessions

parent a098ed15
...@@ -71,10 +71,10 @@ ...@@ -71,10 +71,10 @@
locfile="../add_list.mlw" locfile="../add_list.mlw"
loclnum="44" loccnumb="4" loccnume="8" loclnum="44" loccnumb="4" loccnume="8"
expl="VC for main" expl="VC for main"
sum="1e59a24fb282a191a17e4debdff0ca6e" sum="3addecdc3def08b9d84f78ae1b651633"
proved="true" proved="true"
expanded="true" expanded="true"
shape="ainfix =V1c4.7Aainfix =V0c22Iainfix =V1aadd_realaConsaIntegerc5aConsaRealc3.3aConsaIntegerc8aConsaRealc1.4aConsaIntegerc9aNilAainfix =V0aadd_intaConsaIntegerc5aConsaRealc3.3aConsaIntegerc8aConsaRealc1.4aConsaIntegerc9aNilF"> shape="ainfix =V2c4.7Aainfix =V1c22Iainfix =V2aadd_realV0Aainfix =V1aadd_intV0FLaConsaIntegerc5aConsaRealc3.3aConsaIntegerc8aConsaRealc1.4aConsaIntegerc9aNil">
<label <label
name="expl:VC for main"/> name="expl:VC for main"/>
<proof <proof
...@@ -134,10 +134,10 @@ ...@@ -134,10 +134,10 @@
locfile="../add_list.mlw" locfile="../add_list.mlw"
loclnum="86" loccnumb="4" loccnume="8" loclnum="86" loccnumb="4" loccnume="8"
expl="VC for main" expl="VC for main"
sum="9a71ed6f77f4b28ff9d67782ed191026" sum="14865656d7430b23243e556d7d49e6c7"
proved="true" proved="true"
expanded="true" expanded="true"
shape="ainfix =V1c4.7Aainfix =V0c22Iainfix =V1aadd_realaConsaIntegerc5aConsaRealc3.3aConsaIntegerc8aConsaRealc1.4aConsaIntegerc9aNilAainfix =V0aadd_intaConsaIntegerc5aConsaRealc3.3aConsaIntegerc8aConsaRealc1.4aConsaIntegerc9aNilF"> shape="ainfix =V2c4.7Aainfix =V1c22Iainfix =V2aadd_realV0Aainfix =V1aadd_intV0FLaConsaIntegerc5aConsaRealc3.3aConsaIntegerc8aConsaRealc1.4aConsaIntegerc9aNil">
<label <label
name="expl:VC for main"/> name="expl:VC for main"/>
<proof <proof
......
This diff is collapsed.
...@@ -24,10 +24,10 @@ ...@@ -24,10 +24,10 @@
locfile="../arm.mlw" locfile="../arm.mlw"
loclnum="16" loccnumb="6" loccnume="20" loclnum="16" loccnumb="6" loccnume="20"
expl="VC for insertion_sort" expl="VC for insertion_sort"
sum="1aa1097194b9d30e0d6cf83318c97522" sum="5677a170e9f6faf600b34c4281eebd63"
proved="false" proved="false"
expanded="false" expanded="false"
shape="iainfix &lt;=V5c10iainfix &lt;agetV13V11agetV13ainfix -V11c1ainfix &lt;V18V11Aainfix &lt;=c0V11Aainfix &lt;=ainfix *c2V15ainfix +ainfix *ainfix -V5c2ainfix -V5c1ainfix *c2ainfix -V5V18Aainvamk arrayV0V17Aainfix &lt;=V18V5Aainfix &lt;=c1V18Iainfix =V18ainfix -V11c1FIainfix =V17asetV16ainfix -V11c1agetV13V11Aainfix &lt;=c0V0FAainfix &lt;ainfix -V11c1V0Aainfix &lt;=c0ainfix -V11c1Iainfix =V16asetV13V11agetV13ainfix -V11c1Aainfix &lt;=c0V0FAainfix &lt;V11V0Aainfix &lt;=c0V11Aainfix &lt;ainfix -V11c1V0Aainfix &lt;=c0ainfix -V11c1Aainfix &lt;V11V0Aainfix &lt;=c0V11Iainfix =V15ainfix +V12c1Fainfix &lt;ainfix -c10V19ainfix -c10V5Aainfix &lt;=c0ainfix -c10V5Aainfix &lt;=ainfix *c2V12ainfix *ainfix -V19c2ainfix -V19c1Aainfix =V10ainfix -V19c2AainvV14Aainfix &lt;=V19c11Aainfix &lt;=c2V19Iainfix =V19ainfix +V5c1FAainfix &lt;V11V0Aainfix &lt;=c0V11Aainfix &lt;ainfix -V11c1V0Aainfix &lt;=c0ainfix -V11c1Aainfix &lt;=c0V0Iainfix &lt;=ainfix *c2V12ainfix +ainfix *ainfix -V5c2ainfix -V5c1ainfix *c2ainfix -V5V11AainvV14Aainfix &lt;=V11V5Aainfix &lt;=c1V11Lamk arrayV0V13FAainfix &lt;=ainfix *c2V6ainfix +ainfix *ainfix -V5c2ainfix -V5c1ainfix *c2ainfix -V5V5AainvV9Aainfix &lt;=V5V5Aainfix &lt;=c1V5Iainfix =V10ainfix +V7c1Fainfix &lt;=V6c45Aainfix =V7c9Aainfix &lt;=c0V0Iainfix &lt;=ainfix *c2V6ainfix *ainfix -V5c2ainfix -V5c1Aainfix =V7ainfix -V5c2AainvV9Aainfix &lt;=V5c11Aainfix &lt;=c2V5Lamk arrayV0V8FAainfix &lt;=ainfix *c2V1ainfix *ainfix -c2c2ainfix -c2c1Aainfix =V2ainfix -c2c2AainvV4Aainfix &lt;=c2c11Aainfix &lt;=c2c2Iainfix =V1c0Aainfix =V2c0AainvV4Aainfix &lt;=c0V0Lamk arrayV0V3FF"> shape="iainfix &lt;=V5c10iainfix &lt;agetV13V11agetV13V15ainfix &lt;V21V11Aainfix &lt;=c0V11Aainfix &lt;=ainfix *c2V16ainfix +ainfix *ainfix -V5c2ainfix -V5c1ainfix *c2ainfix -V5V21Aainvamk arrayV0V20Aainfix &lt;=V21V5Aainfix &lt;=c1V21Iainfix =V21ainfix -V11c1FIainfix =V20asetV18V19agetV13V11Aainfix &lt;=c0V0FAainfix &lt;V19V0Aainfix &lt;=c0V19Lainfix -V11c1Iainfix =V18asetV13V11agetV13V17Aainfix &lt;=c0V0FAainfix &lt;V11V0Aainfix &lt;=c0V11Aainfix &lt;V17V0Aainfix &lt;=c0V17Lainfix -V11c1Aainfix &lt;V11V0Aainfix &lt;=c0V11Iainfix =V16ainfix +V12c1Fainfix &lt;ainfix -c10V22ainfix -c10V5Aainfix &lt;=c0ainfix -c10V5Aainfix &lt;=ainfix *c2V12ainfix *ainfix -V22c2ainfix -V22c1Aainfix =V10ainfix -V22c2AainvV14Aainfix &lt;=V22c11Aainfix &lt;=c2V22Iainfix =V22ainfix +V5c1FAainfix &lt;V11V0Aainfix &lt;=c0V11Aainfix &lt;V15V0Aainfix &lt;=c0V15Aainfix &lt;=c0V0Lainfix -V11c1Iainfix &lt;=ainfix *c2V12ainfix +ainfix *ainfix -V5c2ainfix -V5c1ainfix *c2ainfix -V5V11AainvV14Aainfix &lt;=V11V5Aainfix &lt;=c1V11Lamk arrayV0V13FAainfix &lt;=ainfix *c2V6ainfix +ainfix *ainfix -V5c2ainfix -V5c1ainfix *c2ainfix -V5V5AainvV9Aainfix &lt;=V5V5Aainfix &lt;=c1V5Iainfix =V10ainfix +V7c1Fainfix &lt;=V6c45Aainfix =V7c9Aainfix &lt;=c0V0Iainfix &lt;=ainfix *c2V6ainfix *ainfix -V5c2ainfix -V5c1Aainfix =V7ainfix -V5c2AainvV9Aainfix &lt;=V5c11Aainfix &lt;=c2V5Lamk arrayV0V8FAainfix &lt;=ainfix *c2V1ainfix *ainfix -c2c2ainfix -c2c1Aainfix =V2ainfix -c2c2AainvV4Aainfix &lt;=c2c11Aainfix &lt;=c2c2Iainfix =V1c0Aainfix =V2c0AainvV4Aainfix &lt;=c0V0Lamk arrayV0V3FF">
<label <label
name="expl:VC for insertion_sort"/> name="expl:VC for insertion_sort"/>
</goal> </goal>
......
...@@ -6,10 +6,11 @@ Require int.Int. ...@@ -6,10 +6,11 @@ Require int.Int.
Require map.Map. Require map.Map.
(* Why3 assumption *) (* Why3 assumption *)
Definition unit := unit. Definition unit := unit.
(* Why3 assumption *) (* Why3 assumption *)
Inductive list (a:Type) {a_WT:WhyType a} := Inductive list
(a:Type) {a_WT:WhyType a} :=
| Nil : list a | Nil : list a
| Cons : a -> (list a) -> list a. | Cons : a -> (list a) -> list a.
Axiom list_WhyType : forall (a:Type) {a_WT:WhyType a}, WhyType (list a). Axiom list_WhyType : forall (a:Type) {a_WT:WhyType a}, WhyType (list a).
...@@ -18,7 +19,7 @@ Implicit Arguments Nil [[a] [a_WT]]. ...@@ -18,7 +19,7 @@ Implicit Arguments Nil [[a] [a_WT]].
Implicit Arguments Cons [[a] [a_WT]]. Implicit Arguments Cons [[a] [a_WT]].
(* Why3 assumption *) (* Why3 assumption *)
Fixpoint length {a:Type} {a_WT:WhyType a}(l:(list a)) {struct l}: Z := Fixpoint length {a:Type} {a_WT:WhyType a} (l:(list a)) {struct l}: Z :=
match l with match l with
| Nil => 0%Z | Nil => 0%Z
| (Cons _ r) => (1%Z + (length r))%Z | (Cons _ r) => (1%Z + (length r))%Z
...@@ -37,15 +38,15 @@ Existing Instance set_WhyType. ...@@ -37,15 +38,15 @@ Existing Instance set_WhyType.
Parameter mem: forall {a:Type} {a_WT:WhyType a}, a -> (set a) -> Prop. Parameter mem: forall {a:Type} {a_WT:WhyType a}, a -> (set a) -> Prop.
(* Why3 assumption *) (* Why3 assumption *)
Definition infix_eqeq {a:Type} {a_WT:WhyType a}(s1:(set a)) (s2:(set Definition infix_eqeq {a:Type} {a_WT:WhyType a} (s1:(set a)) (s2:(set
a)): Prop := forall (x:a), (mem x s1) <-> (mem x s2). a)): Prop := forall (x:a), (mem x s1) <-> (mem x s2).
Axiom extensionality : forall {a:Type} {a_WT:WhyType a}, forall (s1:(set a)) Axiom extensionality : forall {a:Type} {a_WT:WhyType a}, forall (s1:(set a))
(s2:(set a)), (infix_eqeq s1 s2) -> (s1 = s2). (s2:(set a)), (infix_eqeq s1 s2) -> (s1 = s2).
(* Why3 assumption *) (* Why3 assumption *)
Definition subset {a:Type} {a_WT:WhyType a}(s1:(set a)) (s2:(set a)): Prop := Definition subset {a:Type} {a_WT:WhyType a} (s1:(set a)) (s2:(set
forall (x:a), (mem x s1) -> (mem x s2). a)): Prop := forall (x:a), (mem x s1) -> (mem x s2).
Axiom subset_refl : forall {a:Type} {a_WT:WhyType a}, forall (s:(set a)), Axiom subset_refl : forall {a:Type} {a_WT:WhyType a}, forall (s:(set a)),
(subset s s). (subset s s).
...@@ -57,7 +58,7 @@ Axiom subset_trans : forall {a:Type} {a_WT:WhyType a}, forall (s1:(set a)) ...@@ -57,7 +58,7 @@ Axiom subset_trans : forall {a:Type} {a_WT:WhyType a}, forall (s1:(set a))
Parameter empty: forall {a:Type} {a_WT:WhyType a}, (set a). Parameter empty: forall {a:Type} {a_WT:WhyType a}, (set a).
(* Why3 assumption *) (* Why3 assumption *)
Definition is_empty {a:Type} {a_WT:WhyType a}(s:(set a)): Prop := Definition is_empty {a:Type} {a_WT:WhyType a} (s:(set a)): Prop :=
forall (x:a), ~ (mem x s). forall (x:a), ~ (mem x s).
Axiom empty_def1 : forall {a:Type} {a_WT:WhyType a}, (is_empty (empty :(set Axiom empty_def1 : forall {a:Type} {a_WT:WhyType a}, (is_empty (empty :(set
...@@ -136,7 +137,7 @@ Parameter vertices: (set vertex). ...@@ -136,7 +137,7 @@ Parameter vertices: (set vertex).
Parameter edges: (set (vertex* vertex)%type). Parameter edges: (set (vertex* vertex)%type).
(* Why3 assumption *) (* Why3 assumption *)
Definition edge(x:vertex) (y:vertex): Prop := (mem (x, y) edges). Definition edge (x:vertex) (y:vertex): Prop := (mem (x, y) edges).
Axiom edges_def : forall (x:vertex) (y:vertex), (mem (x, y) edges) -> ((mem x Axiom edges_def : forall (x:vertex) (y:vertex), (mem (x, y) edges) -> ((mem x
vertices) /\ (mem y vertices)). vertices) /\ (mem y vertices)).
...@@ -148,7 +149,7 @@ Axiom s_in_graph : (mem s vertices). ...@@ -148,7 +149,7 @@ Axiom s_in_graph : (mem s vertices).
Axiom vertices_cardinal_pos : (0%Z < (cardinal vertices))%Z. Axiom vertices_cardinal_pos : (0%Z < (cardinal vertices))%Z.
(* Why3 assumption *) (* Why3 assumption *)
Fixpoint infix_plpl {a:Type} {a_WT:WhyType a}(l1:(list a)) (l2:(list Fixpoint infix_plpl {a:Type} {a_WT:WhyType a} (l1:(list a)) (l2:(list
a)) {struct l1}: (list a) := a)) {struct l1}: (list a) :=
match l1 with match l1 with
| Nil => l2 | Nil => l2
...@@ -167,7 +168,8 @@ Axiom Append_length : forall {a:Type} {a_WT:WhyType a}, forall (l1:(list a)) ...@@ -167,7 +168,8 @@ Axiom Append_length : forall {a:Type} {a_WT:WhyType a}, forall (l1:(list a))
l2)) = ((length l1) + (length l2))%Z). l2)) = ((length l1) + (length l2))%Z).
(* Why3 assumption *) (* Why3 assumption *)
Fixpoint mem1 {a:Type} {a_WT:WhyType a}(x:a) (l:(list a)) {struct l}: Prop := Fixpoint mem1 {a:Type} {a_WT:WhyType a} (x:a) (l:(list
a)) {struct l}: Prop :=
match l with match l with
| Nil => False | Nil => False
| (Cons y r) => (x = y) \/ (mem1 x r) | (Cons y r) => (x = y) \/ (mem1 x r)
...@@ -210,7 +212,7 @@ Axiom path_decomposition : forall (x:vertex) (y:vertex) (z:vertex) (l1:(list ...@@ -210,7 +212,7 @@ Axiom path_decomposition : forall (x:vertex) (y:vertex) (z:vertex) (l1:(list
Parameter weight: vertex -> vertex -> Z. Parameter weight: vertex -> vertex -> Z.
(* Why3 assumption *) (* Why3 assumption *)
Fixpoint path_weight(l:(list vertex)) (dst:vertex) {struct l}: Z := Fixpoint path_weight (l:(list vertex)) (dst:vertex) {struct l}: Z :=
match l with match l with
| Nil => 0%Z | Nil => 0%Z
| (Cons x Nil) => (weight x dst) | (Cons x Nil) => (weight x dst)
...@@ -229,16 +231,16 @@ Axiom path_in_vertices : forall (v1:vertex) (v2:vertex) (l:(list vertex)), ...@@ -229,16 +231,16 @@ Axiom path_in_vertices : forall (v1:vertex) (v2:vertex) (l:(list vertex)),
(mem v1 vertices) -> ((path v1 l v2) -> (mem v2 vertices)). (mem v1 vertices) -> ((path v1 l v2) -> (mem v2 vertices)).
(* Why3 assumption *) (* Why3 assumption *)
Definition pigeon_set(s1:(set vertex)): Prop := forall (l:(list vertex)), Definition pigeon_set (s1:(set vertex)): Prop := forall (l:(list vertex)),
(forall (e:vertex), (mem1 e l) -> (mem e s1)) -> (forall (e:vertex), (mem1 e l) -> (mem e s1)) ->
(((cardinal s1) < (length l))%Z -> exists e:vertex, exists l1:(list (((cardinal s1) < (length l))%Z -> exists e:vertex, exists l1:(list
vertex), exists l2:(list vertex), exists l3:(list vertex), vertex), exists l2:(list vertex), exists l3:(list vertex),
(l = (infix_plpl l1 (Cons e (infix_plpl l2 (Cons e l3)))))). (l = (infix_plpl l1 (Cons e (infix_plpl l2 (Cons e l3)))))).
Axiom Induction : (forall (s1:(set vertex)), (is_empty s1) -> Axiom Induction : (forall (s1:(set vertex)), (is_empty s1) -> (pigeon_set
(pigeon_set s1)) -> ((forall (s1:(set vertex)), (pigeon_set s1) -> s1)) -> ((forall (s1:(set vertex)), (pigeon_set s1) -> forall (t:vertex),
forall (t:vertex), (~ (mem t s1)) -> (pigeon_set (add t s1))) -> (~ (mem t s1)) -> (pigeon_set (add t s1))) -> forall (s1:(set vertex)),
forall (s1:(set vertex)), (pigeon_set s1)). (pigeon_set s1)).
Axiom corner : forall (s1:(set vertex)) (l:(list vertex)), Axiom corner : forall (s1:(set vertex)) (l:(list vertex)),
((length l) = (cardinal s1)) -> ((forall (e:vertex), (mem1 e l) -> (mem e ((length l) = (cardinal s1)) -> ((forall (e:vertex), (mem1 e l) -> (mem e
...@@ -291,24 +293,24 @@ Axiom simple_path : forall (v:vertex) (l:(list vertex)), (path s l v) -> ...@@ -291,24 +293,24 @@ Axiom simple_path : forall (v:vertex) (l:(list vertex)), (path s l v) ->
((length l') < (cardinal vertices))%Z. ((length l') < (cardinal vertices))%Z.
(* Why3 assumption *) (* Why3 assumption *)
Definition negative_cycle(v:vertex): Prop := (mem v vertices) /\ Definition negative_cycle (v:vertex): Prop := (mem v vertices) /\
((exists l1:(list vertex), (path s l1 v)) /\ exists l2:(list vertex), ((exists l1:(list vertex), (path s l1 v)) /\ exists l2:(list vertex), (path
(path v l2 v) /\ ((path_weight l2 v) < 0%Z)%Z). v l2 v) /\ ((path_weight l2 v) < 0%Z)%Z).
Axiom key_lemma_1 : forall (v:vertex) (n:Z), (forall (l:(list vertex)), Axiom key_lemma_1 : forall (v:vertex) (n:Z), (forall (l:(list vertex)), (path
(path s l v) -> (((length l) < (cardinal vertices))%Z -> s l v) -> (((length l) < (cardinal vertices))%Z -> (n <= (path_weight l
(n <= (path_weight l v))%Z)) -> ((exists l:(list vertex), (path s l v) /\ v))%Z)) -> ((exists l:(list vertex), (path s l v) /\ ((path_weight l
((path_weight l v) < n)%Z) -> exists u:vertex, (negative_cycle u)). v) < n)%Z) -> exists u:vertex, (negative_cycle u)).
(* Why3 assumption *) (* Why3 assumption *)
Inductive t := Inductive t :=
| Finite : Z -> t | Finite : Z -> t
| Infinite : t . | Infinite : t.
Axiom t_WhyType : WhyType t. Axiom t_WhyType : WhyType t.
Existing Instance t_WhyType. Existing Instance t_WhyType.
(* Why3 assumption *) (* Why3 assumption *)
Definition add1(x:t) (y:t): t := Definition add1 (x:t) (y:t): t :=
match x with match x with
| Infinite => Infinite | Infinite => Infinite
| (Finite x1) => | (Finite x1) =>
...@@ -319,7 +321,7 @@ Definition add1(x:t) (y:t): t := ...@@ -319,7 +321,7 @@ Definition add1(x:t) (y:t): t :=
end. end.
(* Why3 assumption *) (* Why3 assumption *)
Definition lt(x:t) (y:t): Prop := Definition lt (x:t) (y:t): Prop :=
match x with match x with
| Infinite => False | Infinite => False
| (Finite x1) => | (Finite x1) =>
...@@ -330,7 +332,7 @@ Definition lt(x:t) (y:t): Prop := ...@@ -330,7 +332,7 @@ Definition lt(x:t) (y:t): Prop :=
end. end.
(* Why3 assumption *) (* Why3 assumption *)
Definition le(x:t) (y:t): Prop := (lt x y) \/ (x = y). Definition le (x:t) (y:t): Prop := (lt x y) \/ (x = y).
Axiom Refl : forall (x:t), (le x x). Axiom Refl : forall (x:t), (le x x).
...@@ -348,7 +350,7 @@ Existing Instance ref_WhyType. ...@@ -348,7 +350,7 @@ Existing Instance ref_WhyType.
Implicit Arguments mk_ref [[a] [a_WT]]. Implicit Arguments mk_ref [[a] [a_WT]].
(* Why3 assumption *) (* Why3 assumption *)
Definition contents {a:Type} {a_WT:WhyType a}(v:(ref a)): a := Definition contents {a:Type} {a_WT:WhyType a} (v:(ref a)): a :=
match v with match v with
| (mk_ref x) => x | (mk_ref x) => x
end. end.
...@@ -357,10 +359,10 @@ Definition contents {a:Type} {a_WT:WhyType a}(v:(ref a)): a := ...@@ -357,10 +359,10 @@ Definition contents {a:Type} {a_WT:WhyType a}(v:(ref a)): a :=
Definition t1 (a:Type) {a_WT:WhyType a} := (ref (set a)). Definition t1 (a:Type) {a_WT:WhyType a} := (ref (set a)).
(* Why3 assumption *) (* Why3 assumption *)
Definition distmap := (map.Map.map vertex t). Definition distmap := (map.Map.map vertex t).
(* Why3 assumption *) (* Why3 assumption *)
Definition inv1(m:(map.Map.map vertex t)) (pass:Z) (via:(set (vertex* Definition inv1 (m:(map.Map.map vertex t)) (pass:Z) (via:(set (vertex*
vertex)%type)): Prop := forall (v:vertex), (mem v vertices) -> vertex)%type)): Prop := forall (v:vertex), (mem v vertices) ->
match (map.Map.get m match (map.Map.get m
v) with v) with
...@@ -376,7 +378,7 @@ Definition inv1(m:(map.Map.map vertex t)) (pass:Z) (via:(set (vertex* ...@@ -376,7 +378,7 @@ Definition inv1(m:(map.Map.map vertex t)) (pass:Z) (via:(set (vertex*
end. end.
(* Why3 assumption *) (* Why3 assumption *)
Definition inv2(m:(map.Map.map vertex t)) (via:(set (vertex* Definition inv2 (m:(map.Map.map vertex t)) (via:(set (vertex*
vertex)%type)): Prop := forall (u:vertex) (v:vertex), (mem (u, v) via) -> vertex)%type)): Prop := forall (u:vertex) (v:vertex), (mem (u, v) via) ->
(le (map.Map.get m v) (add1 (map.Map.get m u) (Finite (weight u v)))). (le (map.Map.get m v) (add1 (map.Map.get m u) (Finite (weight u v)))).
...@@ -388,17 +390,16 @@ Require Import Why3. ...@@ -388,17 +390,16 @@ Require Import Why3.
Ltac ae := why3 "alt-ergo". Ltac ae := why3 "alt-ergo".
(* Why3 goal *) (* Why3 goal *)
Theorem WP_parameter_bellman_ford : (1%Z <= ((cardinal vertices) - 1%Z)%Z)%Z -> Theorem WP_parameter_bellman_ford : let o := ((cardinal vertices) - 1%Z)%Z in
forall (m:(map.Map.map vertex t)), (inv1 m ((1%Z <= o)%Z -> forall (m:(map.Map.map vertex t)), (inv1 m (o + 1%Z)%Z
(((cardinal vertices) - 1%Z)%Z + 1%Z)%Z (empty :(set (vertex* (empty :(set (vertex* vertex)%type))) -> ((inv1 m (cardinal vertices)
vertex)%type))) -> ((inv1 m (cardinal vertices) (empty :(set (vertex* (empty :(set (vertex* vertex)%type))) -> forall (es:(set (vertex*
vertex)%type))) -> forall (es:(set (vertex* vertex)%type)), (es = edges) -> vertex)%type)), (es = edges) -> forall (es1:(set (vertex* vertex)%type)),
forall (es1:(set (vertex* vertex)%type)), ((subset es1 edges) /\ (inv2 m ((subset es1 edges) /\ (inv2 m (diff edges es1))) -> forall (o1:bool),
(diff edges es1))) -> forall (o:bool), ((o = true) <-> (is_empty es1)) -> ((o1 = true) <-> (is_empty es1)) -> ((~ (o1 = true)) -> ((~ (is_empty
((~ (o = true)) -> ((~ (is_empty es1)) -> forall (es2:(set (vertex* es1)) -> forall (es2:(set (vertex* vertex)%type)), forall (result:vertex)
vertex)%type)), forall (result:vertex) (result1:vertex), let result2 := ( (result1:vertex), let result2 := (result, result1) in (((mem result2
result, result1) in (((mem result2 es1) /\ (es2 = (remove result2 es1))) -> es1) /\ (es2 = (remove result2 es1))) -> (match (map.Map.get m
(match (map.Map.get m
result) with result) with
| Infinite => False | Infinite => False
| (Finite x) => match (map.Map.get m | (Finite x) => match (map.Map.get m
...@@ -406,8 +407,10 @@ Theorem WP_parameter_bellman_ford : (1%Z <= ((cardinal vertices) - 1%Z)%Z)%Z -> ...@@ -406,8 +407,10 @@ Theorem WP_parameter_bellman_ford : (1%Z <= ((cardinal vertices) - 1%Z)%Z)%Z ->
| Infinite => True | Infinite => True
| (Finite y) => ((x + (weight result result1))%Z < y)%Z | (Finite y) => ((x + (weight result result1))%Z < y)%Z
end end
end -> exists v:vertex, (negative_cycle v)))))). end -> exists v:vertex, (negative_cycle v))))))).
intros _ m _ hinv1. (* Why3 intros o h1 m h2 h3 es h4 es1 (h5,h6) o1 h7 h8 h9 es2 result result1
result2 (h10,h11) h12. *)
intros o _ m _ hinv1. subst o.
intros result hresult; subst result. intros result hresult; subst result.
intros es (h1, h2) _ _ _ h3. intros es (h1, h2) _ _ _ h3.
intros es1 u v uv. unfold uv; clear uv. intros es1 u v uv. unfold uv; clear uv.
......
...@@ -6,10 +6,11 @@ Require int.Int. ...@@ -6,10 +6,11 @@ Require int.Int.
Require map.Map. Require map.Map.
(* Why3 assumption *) (* Why3 assumption *)
Definition unit := unit. Definition unit := unit.
(* Why3 assumption *) (* Why3 assumption *)
Inductive list (a:Type) {a_WT:WhyType a} := Inductive list
(a:Type) {a_WT:WhyType a} :=
| Nil : list a | Nil : list a
| Cons : a -> (list a) -> list a. | Cons : a -> (list a) -> list a.
Axiom list_WhyType : forall (a:Type) {a_WT:WhyType a}, WhyType (list a). Axiom list_WhyType : forall (a:Type) {a_WT:WhyType a}, WhyType (list a).
...@@ -18,7 +19,7 @@ Implicit Arguments Nil [[a] [a_WT]]. ...@@ -18,7 +19,7 @@ Implicit Arguments Nil [[a] [a_WT]].
Implicit Arguments Cons [[a] [a_WT]]. Implicit Arguments Cons [[a] [a_WT]].
(* Why3 assumption *) (* Why3 assumption *)
Fixpoint length {a:Type} {a_WT:WhyType a}(l:(list a)) {struct l}: Z := Fixpoint length {a:Type} {a_WT:WhyType a} (l:(list a)) {struct l}: Z :=
match l with match l with
| Nil => 0%Z | Nil => 0%Z
| (Cons _ r) => (1%Z + (length r))%Z | (Cons _ r) => (1%Z + (length r))%Z
...@@ -37,15 +38,15 @@ Existing Instance set_WhyType. ...@@ -37,15 +38,15 @@ Existing Instance set_WhyType.
Parameter mem: forall {a:Type} {a_WT:WhyType a}, a -> (set a) -> Prop. Parameter mem: forall {a:Type} {a_WT:WhyType a}, a -> (set a) -> Prop.
(* Why3 assumption *) (* Why3 assumption *)
Definition infix_eqeq {a:Type} {a_WT:WhyType a}(s1:(set a)) (s2:(set Definition infix_eqeq {a:Type} {a_WT:WhyType a} (s1:(set a)) (s2:(set
a)): Prop := forall (x:a), (mem x s1) <-> (mem x s2). a)): Prop := forall (x:a), (mem x s1) <-> (mem x s2).
Axiom extensionality : forall {a:Type} {a_WT:WhyType a}, forall (s1:(set a)) Axiom extensionality : forall {a:Type} {a_WT:WhyType a}, forall (s1:(set a))
(s2:(set a)), (infix_eqeq s1 s2) -> (s1 = s2). (s2:(set a)), (infix_eqeq s1 s2) -> (s1 = s2).
(* Why3 assumption *) (* Why3 assumption *)
Definition subset {a:Type} {a_WT:WhyType a}(s1:(set a)) (s2:(set a)): Prop := Definition subset {a:Type} {a_WT:WhyType a} (s1:(set a)) (s2:(set
forall (x:a), (mem x s1) -> (mem x s2). a)): Prop := forall (x:a), (mem x s1) -> (mem x s2).
Axiom subset_refl : forall {a:Type} {a_WT:WhyType a}, forall (s:(set a)), Axiom subset_refl : forall {a:Type} {a_WT:WhyType a}, forall (s:(set a)),
(subset s s). (subset s s).
...@@ -57,7 +58,7 @@ Axiom subset_trans : forall {a:Type} {a_WT:WhyType a}, forall (s1:(set a)) ...@@ -57,7 +58,7 @@ Axiom subset_trans : forall {a:Type} {a_WT:WhyType a}, forall (s1:(set a))
Parameter empty: forall {a:Type} {a_WT:WhyType a}, (set a). Parameter empty: forall {a:Type} {a_WT:WhyType a}, (set a).
(* Why3 assumption *) (* Why3 assumption *)
Definition is_empty {a:Type} {a_WT:WhyType a}(s:(set a)): Prop := Definition is_empty {a:Type} {a_WT:WhyType a} (s:(set a)): Prop :=
forall (x:a), ~ (mem x s). forall (x:a), ~ (mem x s).
Axiom empty_def1 : forall {a:Type} {a_WT:WhyType a}, (is_empty (empty :(set Axiom empty_def1 : forall {a:Type} {a_WT:WhyType a}, (is_empty (empty :(set
...@@ -136,7 +137,7 @@ Parameter vertices: (set vertex). ...@@ -136,7 +137,7 @@ Parameter vertices: (set vertex).
Parameter edges: (set (vertex* vertex)%type). Parameter edges: (set (vertex* vertex)%type).
(* Why3 assumption *) (* Why3 assumption *)
Definition edge(x:vertex) (y:vertex): Prop := (mem (x, y) edges). Definition edge (x:vertex) (y:vertex): Prop := (mem (x, y) edges).
Axiom edges_def : forall (x:vertex) (y:vertex), (mem (x, y) edges) -> ((mem x Axiom edges_def : forall (x:vertex) (y:vertex), (mem (x, y) edges) -> ((mem x
vertices) /\ (mem y vertices)). vertices) /\ (mem y vertices)).
...@@ -148,7 +149,7 @@ Axiom s_in_graph : (mem s vertices). ...@@ -148,7 +149,7 @@ Axiom s_in_graph : (mem s vertices).
Axiom vertices_cardinal_pos : (0%Z < (cardinal vertices))%Z. Axiom vertices_cardinal_pos : (0%Z < (cardinal vertices))%Z.
(* Why3 assumption *) (* Why3 assumption *)
Fixpoint infix_plpl {a:Type} {a_WT:WhyType a}(l1:(list a)) (l2:(list Fixpoint infix_plpl {a:Type} {a_WT:WhyType a} (l1:(list a)) (l2:(list
a)) {struct l1}: (list a) := a)) {struct l1}: (list a) :=
match l1 with match l1 with
| Nil => l2 | Nil => l2
...@@ -167,7 +168,8 @@ Axiom Append_length : forall {a:Type} {a_WT:WhyType a}, forall (l1:(list a)) ...@@ -167,7 +168,8 @@ Axiom Append_length : forall {a:Type} {a_WT:WhyType a}, forall (l1:(list a))
l2)) = ((length l1) + (length l2))%Z). l2)) = ((length l1) + (length l2))%Z).
(* Why3 assumption *) (* Why3 assumption *)
Fixpoint mem1 {a:Type} {a_WT:WhyType a}(x:a) (l:(list a)) {struct l}: Prop := Fixpoint mem1 {a:Type} {a_WT:WhyType a} (x:a) (l:(list
a)) {struct l}: Prop :=
match l with match l with
| Nil => False | Nil => False
| (Cons y r) => (x = y) \/ (mem1 x r) | (Cons y r) => (x = y) \/ (mem1 x r)
...@@ -210,7 +212,7 @@ Axiom path_decomposition : forall (x:vertex) (y:vertex) (z:vertex) (l1:(list ...@@ -210,7 +212,7 @@ Axiom path_decomposition : forall (x:vertex) (y:vertex) (z:vertex) (l1:(list
Parameter weight: vertex -> vertex -> Z. Parameter weight: vertex -> vertex -> Z.
(* Why3 assumption *) (* Why3 assumption *)
Fixpoint path_weight(l:(list vertex)) (dst:vertex) {struct l}: Z := Fixpoint path_weight (l:(list vertex)) (dst:vertex) {struct l}: Z :=
match l with match l with
| Nil => 0%Z | Nil => 0%Z
| (Cons x Nil) => (weight x dst) | (Cons x Nil) => (weight x dst)
...@@ -229,16 +231,16 @@ Axiom path_in_vertices : forall (v1:vertex) (v2:vertex) (l:(list vertex)), ...@@ -229,16 +231,16 @@ Axiom path_in_vertices : forall (v1:vertex) (v2:vertex) (l:(list vertex)),
(mem v1 vertices) -> ((path v1 l v2) -> (mem v2 vertices)). (mem v1 vertices) -> ((path v1 l v2) -> (mem v2 vertices)).
(* Why3 assumption *) (* Why3 assumption *)
Definition pigeon_set(s1:(set vertex)): Prop := forall (l:(list vertex)), Definition pigeon_set (s1:(set vertex)): Prop := forall (l:(list vertex)),
(forall (e:vertex), (mem1 e l) -> (mem e s1)) -> (forall (e:vertex), (mem1 e l) -> (mem e s1)) ->
(((cardinal s1) < (length l))%Z -> exists e:vertex, exists l1:(list (((cardinal s1) < (length l))%Z -> exists e:vertex, exists l1:(list