NumOf libraries look nicer with arrows instead of HO.pred

64ee8990 · Jean-Christophe Filliatre · 0171d24a · 64ee8990 · 64ee8990 · 64ee8990
Commit 64ee8990 authored Nov 24, 2014 by Jean-Christophe Filliatre
4 changed files
--- a/examples/counting_sort/why3session.xml
+++ b/examples/counting_sort/why3session.xml
--- a/examples/inverse_in_place/why3session.xml
+++ b/examples/inverse_in_place/why3session.xml
--- a/modules/array.mlw
+++ b/modules/array.mlw
@@ -262,11 +262,12 @@ end

 module NumOf
  use import Array
-  use HighOrd as HO
+  use HighOrd
+  use import Bool
  use int.NumOf as N

  (** the number of a[i] such that [l <= i < u] and [pr i a[i]] *)
-  function numof (pr: HO.func int (HO.pred 'a)) (a: array 'a) (l u: int) : int =
+  function numof (pr: int -> 'a -> bool) (a: array 'a) (l u: int) : int =
    N.numof (\ i. pr i a[i]) l u

 end

--- a/theories/int.why
+++ b/theories/int.why
@@ -255,67 +255,68 @@ end
 theory NumOf

  use import Int
-  use HighOrd as HO
+  use HighOrd
+  use import Bool

-  function numof (p: HO.pred int) (a b: int) : int
+  function numof (p: int -> bool) (a b: int) : int
  (** number of [n] such that [a <= n < b] and [p n] *)

  axiom Numof_empty :
-    forall p: HO.pred int, a b: int.
+    forall p: int -> bool, a b: int.
    b <= a -> numof p a b = 0

  axiom Numof_right_no_add :
-    forall p : HO.pred int, a b : int.
+    forall p : int -> bool, a b : int.
    a < b -> not (p (b-1)) -> numof p a b = numof p a (b-1)
  axiom Numof_right_add :
-    forall p : HO.pred int, a b : int.
+    forall p : int -> bool, a b : int.
    a < b -> p (b-1) -> numof p a b = 1 + numof p a (b-1)

  lemma Numof_bounds :
-    forall p : HO.pred int, a b : int. a < b -> 0 <= numof p a b <= b - a
+    forall p : int -> bool, a b : int. a < b -> 0 <= numof p a b <= b - a
    (* direct when a>=b, by induction on b when a <= b *)

  lemma Numof_append :
-    forall p : HO.pred int, a b c : int.
+    forall p : int -> bool, a b c : int.
    a <= b <= c -> numof p a c = numof p a b + numof p b c
    (* by induction on c *)

  lemma Numof_left_no_add :
-    forall p : HO.pred int, a b : int.
+    forall p : int -> bool, a b : int.
    a < b -> not p a -> numof p a b = numof p (a+1) b
    (* by Numof_append *)
  lemma Numof_left_add :
-    forall p : HO.pred int, a b : int.
+    forall p : int -> bool, a b : int.
    a < b -> p a -> numof p a b = 1 + numof p (a+1) b
    (* by Numof_append *)

  lemma Empty :
-    forall p : HO.pred int, a b : int.
+    forall p : int -> bool, a b : int.
    (forall n : int. a <= n < b -> not p n) -> numof p a b = 0
    (* by induction on b *)

  lemma Full :
-    forall p : HO.pred int, a b : int. a <= b ->
+    forall p : int -> bool, a b : int. a <= b ->
    (forall n : int. a <= n < b -> p n) -> numof p a b = b - a
    (* by induction on b *)

  lemma numof_increasing:
-    forall p : HO.pred int, i j k : int.
+    forall p : int -> bool, i j k : int.
    i <= j <= k -> numof p i j <= numof p i k
    (* by Numof_append and Numof_non_negative *)

  lemma numof_strictly_increasing:
-    forall p: HO.pred int, i j k l: int.
+    forall p: int -> bool, i j k l: int.
    i <= j <= k < l -> p k -> numof p i j < numof p i l
    (* by Numof_append and numof_increasing *)

  lemma numof_change_any:
-    forall p1 p2: HO.pred int, a b: int.
+    forall p1 p2: int -> bool, a b: int.
    (forall j: int. a <= j < b -> p1 j -> p2 j) ->
    numof p2 a b >= numof p1 a b

  lemma numof_change_some:
-    forall p1 p2: HO.pred int, a b i: int. a <= i < b ->
+    forall p1 p2: int -> bool, a b i: int. a <= i < b ->
    (forall j: int. a <= j < b -> p1 j -> p2 j) ->
    not (p1 i) -> p2 i ->
    numof p2 a b > numof p1 a b