Commit 85edfb97 authored by MARCHE Claude's avatar MARCHE Claude

vstte10_inverting: fixed renaming of a Coq proof

parent a2660ca4
(* This file is generated by Why3's Coq 8.4 driver *) (* This file is generated by Why3's Coq driver *)
(* Beware! Only edit allowed sections below *) (* Beware! Only edit allowed sections below *)
Require Import BuiltIn. Require Import BuiltIn.
Require BuiltIn. Require BuiltIn.
Require int.Int. Require int.Int.
Require map.Map. Require map.Map.
Require map.Occ.
Require map.MapInjection. Require map.MapInjection.
(* Why3 assumption *) (* Why3 assumption *)
Definition unit := unit. Definition unit := unit.
Axiom qtmark : Type.
Parameter qtmark_WhyType : WhyType qtmark.
Existing Instance qtmark_WhyType.
(* Why3 assumption *) (* Why3 assumption *)
Inductive array Inductive array (a:Type) :=
(a:Type) {a_WT:WhyType a} := | mk_array : Z -> (map.Map.map Z a) -> array a.
| mk_array : Z -> (@map.Map.map Z _ a a_WT) -> array a.
Axiom array_WhyType : forall (a:Type) {a_WT:WhyType a}, WhyType (array a). Axiom array_WhyType : forall (a:Type) {a_WT:WhyType a}, WhyType (array a).
Existing Instance array_WhyType. Existing Instance array_WhyType.
Implicit Arguments mk_array [[a] [a_WT]]. Implicit Arguments mk_array [[a]].
(* Why3 assumption *) (* Why3 assumption *)
Definition elts {a:Type} {a_WT:WhyType a} (v:(@array a a_WT)): (@map.Map.map Definition elts {a:Type} {a_WT:WhyType a} (v:(array a)): (map.Map.map Z a) :=
Z _ a a_WT) := match v with match v with
| (mk_array x x1) => x1 | (mk_array x x1) => x1
end. end.
(* Why3 assumption *) (* Why3 assumption *)
Definition length {a:Type} {a_WT:WhyType a} (v:(@array a a_WT)): Z := Definition length {a:Type} {a_WT:WhyType a} (v:(array a)): Z :=
match v with match v with
| (mk_array x x1) => x | (mk_array x x1) => x
end. end.
(* Why3 assumption *) (* Why3 assumption *)
Definition get {a:Type} {a_WT:WhyType a} (a1:(@array a a_WT)) (i:Z): a := Definition get {a:Type} {a_WT:WhyType a} (a1:(array a)) (i:Z): a :=
(map.Map.get (elts a1) i). (map.Map.get (elts a1) i).
(* Why3 assumption *) (* Why3 assumption *)
Definition set {a:Type} {a_WT:WhyType a} (a1:(@array a a_WT)) (i:Z) Definition set {a:Type} {a_WT:WhyType a} (a1:(array a)) (i:Z) (v:a): (array
(v:a): (@array a a_WT) := (mk_array (length a1) (map.Map.set (elts a1) i a) := (mk_array (length a1) (map.Map.set (elts a1) i v)).
v)).
(* Why3 assumption *)
Definition make {a:Type} {a_WT:WhyType a} (n:Z) (v:a): (@array a a_WT) :=
(mk_array n (map.Map.const v:(@map.Map.map Z _ a a_WT))).
(* Why3 assumption *) (* Why3 assumption *)
Definition injective (a:(@array Z _)) (n:Z): Prop := Definition injective (a:(array Z)) (n:Z): Prop := (map.MapInjection.injective
(map.MapInjection.injective (elts a) n). (elts a) n).
(* Why3 assumption *) (* Why3 assumption *)
Definition surjective (a:(@array Z _)) (n:Z): Prop := Definition surjective (a:(array Z)) (n:Z): Prop :=
(map.MapInjection.surjective (elts a) n). (map.MapInjection.surjective (elts a) n).
(* Why3 assumption *) (* Why3 assumption *)
Definition range (a:(@array Z _)) (n:Z): Prop := (map.MapInjection.range Definition range (a:(array Z)) (n:Z): Prop := (map.MapInjection.range
(elts a) n). (elts a) n).
(* Why3 goal *) (* Why3 goal *)
Theorem WP_parameter_inverting2 : forall (a:Z) (a1:(@map.Map.map Z _ Z _)) Theorem WP_parameter_inverting2 : forall (a:Z) (a1:(map.Map.map Z Z)) (n:Z),
(n:Z), ((0%Z <= a)%Z /\ ((n = a) /\ ((map.MapInjection.injective a1 n) /\ ((0%Z <= a)%Z /\ ((n = a) /\ ((map.MapInjection.injective a1 n) /\
(map.MapInjection.range a1 n)))) -> ((0%Z <= n)%Z -> ((0%Z <= n)%Z -> (map.MapInjection.range a1 n)))) -> ((0%Z <= n)%Z -> forall (b:Z)
let o := (n - 1%Z)%Z in ((0%Z <= o)%Z -> forall (b:(@map.Map.map Z _ Z _)), (b1:(map.Map.map Z Z)), ((0%Z <= b)%Z /\ ((b = n) /\ forall (i:Z),
(forall (j:Z), ((0%Z <= j)%Z /\ (j < (o + 1%Z)%Z)%Z) -> ((map.Map.get b ((0%Z <= i)%Z /\ (i < n)%Z) -> ((map.Map.get b1 i) = 0%Z))) -> let o :=
(map.Map.get a1 j)) = j)) -> ((0%Z <= n)%Z -> (map.MapInjection.injective b (n - 1%Z)%Z in ((0%Z <= o)%Z -> forall (b2:(map.Map.map Z Z)),
n))))). (forall (j:Z), ((0%Z <= j)%Z /\ (j < (o + 1%Z)%Z)%Z) -> ((map.Map.get b2
(* Why3 intros a a1 n (h1,(h2,(h3,h4))) h5 h6 o h7 b h8 h9. *) (map.Map.get a1 j)) = j)) -> ((0%Z <= b)%Z -> (map.MapInjection.injective
(* YOU MAY EDIT THE PROOF BELOW *) b2 n)))).
intuition. intros a a1 n (h1,(h2,(h3,h4))) h5 b b1 (h6,(h7,h8)) o h9 b2 h10 h11.
intuition.
red; intros.
unfold get; simpl.
assert (MapInjection.surjective a1 n). assert (MapInjection.surjective a1 n).
apply MapInjection.injective_surjective; assumption. apply MapInjection.injective_surjective; assumption.
generalize (H11 i H8); unfold get; simpl; intros (i1, (Hi1,Hi2)). red; intros.
generalize (H11 j H9); unfold get; simpl; intros (j1, (Hj1,Hj2)). generalize (H i H0); unfold get; simpl; intros (i1, (Hi1,Hi2)).
generalize (H j H1); unfold get; simpl; intros (j1, (Hj1,Hj2)).
rewrite <- Hi2. rewrite <- Hi2.
rewrite <- Hj2. rewrite <- Hj2.
rewrite H6; try omega. subst o.
rewrite H6; try omega. rewrite h10; try omega.
intro. rewrite h10; try omega.
apply H10. red; intro h.
subst. subst i1.
auto. omega.
Qed. Qed.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment