 sparse_arrays: Coq proof for permutation lemma using map.MapInjective

 (* This file is generated by Why3's Coq driver *) (* Beware! Only edit allowed sections below *) Require Import ZArith. Require Import Rbase. Definition unit := unit. Parameter mark : Type. Parameter at1: forall (a:Type), a -> mark -> a. Implicit Arguments at1. Parameter old: forall (a:Type), a -> a. Implicit Arguments old. Parameter map : forall (a:Type) (b:Type), Type. Parameter get: forall (a:Type) (b:Type), (map a b) -> a -> b. Implicit Arguments get. Parameter set: forall (a:Type) (b:Type), (map a b) -> a -> b -> (map a b). Implicit Arguments set. Axiom Select_eq : forall (a:Type) (b:Type), forall (m:(map a b)), forall (a1:a) (a2:a), forall (b1:b), (a1 = a2) -> ((get (set m a1 b1) a2) = b1). Axiom Select_neq : forall (a:Type) (b:Type), forall (m:(map a b)), forall (a1:a) (a2:a), forall (b1:b), (~ (a1 = a2)) -> ((get (set m a1 b1) a2) = (get m a2)). Parameter const: forall (b:Type) (a:Type), b -> (map a b). Set Contextual Implicit. Implicit Arguments const. Unset Contextual Implicit. Axiom Const : forall (b:Type) (a:Type), forall (b1:b) (a1:a), ((get (const( b1):(map a b)) a1) = b1). Inductive array (a:Type) := | mk_array : Z -> (map Z a) -> array a. Implicit Arguments mk_array. Definition elts (a:Type)(u:(array a)): (map Z a) := match u with | mk_array _ elts1 => elts1 end. Implicit Arguments elts. Definition length (a:Type)(u:(array a)): Z := match u with | mk_array length1 _ => length1 end. Implicit Arguments length. Definition get1 (a:Type)(a1:(array a)) (i:Z): a := (get (elts a1) i). Implicit Arguments get1. Definition set1 (a:Type)(a1:(array a)) (i:Z) (v:a): (array a) := match a1 with | mk_array xcl0 _ => (mk_array xcl0 (set (elts a1) i v)) end. Implicit Arguments set1. Inductive sparse_array (a:Type) := | mk_sparse_array : (array a) -> (array Z) -> (array Z) -> Z -> a -> sparse_array a. Implicit Arguments mk_sparse_array. Definition back (a:Type)(u:(sparse_array a)): (array Z) := match u with | mk_sparse_array _ _ back1 _ _ => back1 end. Implicit Arguments back. Definition card (a:Type)(u:(sparse_array a)): Z := match u with | mk_sparse_array _ _ _ card1 _ => card1 end. Implicit Arguments card. Definition def (a:Type)(u:(sparse_array a)): a := match u with | mk_sparse_array _ _ _ _ def1 => def1 end. Implicit Arguments def. Definition index (a:Type)(u:(sparse_array a)): (array Z) := match u with | mk_sparse_array _ index1 _ _ _ => index1 end. Implicit Arguments index. Definition values (a:Type)(u:(sparse_array a)): (array a) := match u with | mk_sparse_array values1 _ _ _ _ => values1 end. Implicit Arguments values. Definition is_elt (a:Type)(a1:(sparse_array a)) (i:Z): Prop := ((0%Z <= (get1 (index a1) i))%Z /\ ((get1 (index a1) i) < (card a1))%Z) /\ ((get1 (back a1) (get1 (index a1) i)) = i). Implicit Arguments is_elt. Parameter value: forall (a:Type), (sparse_array a) -> Z -> a. Implicit Arguments value. Axiom value_def : forall (a:Type), forall (a1:(sparse_array a)) (i:Z), ((is_elt a1 i) -> ((value a1 i) = (get1 (values a1) i))) /\ ((~ (is_elt a1 i)) -> ((value a1 i) = (def a1))). Definition length1 (a:Type)(a1:(sparse_array a)): Z := (length (values a1)). Implicit Arguments length1. Definition sa_inv (a:Type)(a1:(sparse_array a)): Prop := (((0%Z <= (card a1))%Z /\ ((card a1) <= (length1 a1))%Z) /\ ((length1 a1) <= 1000%Z)%Z) /\ ((((length (values a1)) = (length (index a1))) /\ ((length (index a1)) = (length (back a1)))) /\ forall (i:Z), ((0%Z <= i)%Z /\ (i < (card a1))%Z) -> (((0%Z <= (get1 (back a1) i))%Z /\ ((get1 (back a1) i) < (length1 a1))%Z) /\ ((get1 (index a1) (get1 (back a1) i)) = i))). Implicit Arguments sa_inv. Definition injective(a:(map Z Z)) (n:Z): Prop := forall (i:Z) (j:Z), ((0%Z <= i)%Z /\ (i < n)%Z) -> (((0%Z <= j)%Z /\ (j < n)%Z) -> ((~ (i = j)) -> ~ ((get a i) = (get a j)))). Definition surjective(a:(map Z Z)) (n:Z): Prop := forall (i:Z), ((0%Z <= i)%Z /\ (i < n)%Z) -> exists j:Z, ((0%Z <= j)%Z /\ (j < n)%Z) /\ ((get a j) = i). Definition range(a:(map Z Z)) (n:Z): Prop := forall (i:Z), ((0%Z <= i)%Z /\ (i < n)%Z) -> ((0%Z <= (get a i))%Z /\ ((get a i) < n)%Z). Axiom injective_surjective : forall (a:(map Z Z)) (n:Z), (injective a n) -> ((range a n) -> (surjective a n)). Theorem permutation : forall (a:Type), forall (a1:(sparse_array a)), (sa_inv a1) -> (((card a1) = (length1 a1)) -> forall (i:Z), ((0%Z <= i)%Z /\ (i < (length1 a1))%Z) -> (is_elt a1 i)). (* YOU MAY EDIT THE PROOF BELOW *) destruct a1 as ((n0, a_values), (n1, a_index), (n2, a_back), a_card, a_def); simpl. unfold sa_inv, is_elt, length1, get1; simpl. intro H; decompose [and] H; clear H. clear a_values a_def H0 H3 H4. subst n1 n2. intros. subst a_card. assert (inj: injective a_back n0). red; intros. red; intro. generalize (H5 i0 H). generalize (H5 j H1). intuition. apply H2. rewrite <- H11. rewrite <- H12. apply f_equal; assumption. assert (rng: range a_back n0). red; intros. generalize (H5 i0); intuition. generalize (injective_surjective a_back n0 inj rng); intro surj. destruct (surj i H0) as (j, (hj1, hj2)). generalize (H5 j hj1); intros (hi1, hi2). split. rewrite <- hj2. rewrite hi2; auto. rewrite <- hj2. generalize (H5 j hj1); intuition. rewrite H8; auto. Qed. (* DO NOT EDIT BELOW *)
