Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
why3
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
104
Issues
104
List
Boards
Labels
Milestones
Merge Requests
13
Merge Requests
13
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Why3
why3
Commits
a869eaa9
Commit
a869eaa9
authored
Feb 15, 2014
by
MARCHE Claude
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fixed Coq proofs using realized MapInjection
parent
cf996aca
Changes
4
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
72 additions
and
101 deletions
+72
-101
examples/vacid_0_sparse_array/vacid_0_sparse_array_2_SparseArray_permutation_1.v
..._array/vacid_0_sparse_array_2_SparseArray_permutation_1.v
+4
-21
examples/vacid_0_sparse_array/why3session.xml
examples/vacid_0_sparse_array/why3session.xml
+7
-7
examples/vstte10_inverting/vstte10_inverting_WP_InvertingAnInjection_WP_parameter_inverting_1.v
...erting_WP_InvertingAnInjection_WP_parameter_inverting_1.v
+28
-40
examples/vstte10_inverting/why3session.xml
examples/vstte10_inverting/why3session.xml
+33
-33
No files found.
examples/vacid_0_sparse_array/vacid_0_sparse_array_2_SparseArray_permutation_1.v
View file @
a869eaa9
...
...
@@ -4,6 +4,7 @@ Require Import BuiltIn.
Require
BuiltIn
.
Require
int
.
Int
.
Require
map
.
Map
.
Require
map
.
MapInjection
.
(
*
Why3
assumption
*
)
Definition
unit
:=
unit
.
...
...
@@ -99,24 +100,6 @@ Axiom value_def : forall {a:Type} {a_WT:WhyType a}, forall (a1:(@sparse_array
Definition
length1
{
a
:
Type
}
{
a_WT
:
WhyType
a
}
(
a1
:
(
@
sparse_array
a
a_WT
))
:
Z
:=
(
length
(
values
a1
)).
(
*
Why3
assumption
*
)
Definition
injective
(
a
:
(
@
map
.
Map
.
map
Z
_
Z
_
))
(
n
:
Z
)
:
Prop
:=
forall
(
i
:
Z
)
(
j
:
Z
),
((
0
%
Z
<=
i
)
%
Z
/
\
(
i
<
n
)
%
Z
)
->
(((
0
%
Z
<=
j
)
%
Z
/
\
(
j
<
n
)
%
Z
)
->
((
~
(
i
=
j
))
->
~
((
map
.
Map
.
get
a
i
)
=
(
map
.
Map
.
get
a
j
)))).
(
*
Why3
assumption
*
)
Definition
surjective
(
a
:
(
@
map
.
Map
.
map
Z
_
Z
_
))
(
n
:
Z
)
:
Prop
:=
forall
(
i
:
Z
),
((
0
%
Z
<=
i
)
%
Z
/
\
(
i
<
n
)
%
Z
)
->
exists
j
:
Z
,
((
0
%
Z
<=
j
)
%
Z
/
\
(
j
<
n
)
%
Z
)
/
\
((
map
.
Map
.
get
a
j
)
=
i
).
(
*
Why3
assumption
*
)
Definition
range
(
a
:
(
@
map
.
Map
.
map
Z
_
Z
_
))
(
n
:
Z
)
:
Prop
:=
forall
(
i
:
Z
),
((
0
%
Z
<=
i
)
%
Z
/
\
(
i
<
n
)
%
Z
)
->
((
0
%
Z
<=
(
map
.
Map
.
get
a
i
))
%
Z
/
\
((
map
.
Map
.
get
a
i
)
<
n
)
%
Z
).
Axiom
injective_surjective
:
forall
(
a
:
(
@
map
.
Map
.
map
Z
_
Z
_
))
(
n
:
Z
),
(
injective
a
n
)
->
((
range
a
n
)
->
(
surjective
a
n
)).
Require
Import
Why3
.
Ltac
ae
:=
why3
"alt-ergo"
.
...
...
@@ -138,9 +121,9 @@ unfold is_elt, length1, get; simpl.
intro
H
;
decompose
[
and
]
H
;
clear
H
.
subst
n1
n2
.
intros
.
subst
a_card
.
assert
(
inj
:
injective
a_back
n0
)
by
ae
.
assert
(
rng
:
range
a_back
n0
)
by
ae
.
generalize
(
injective_surjective
a_back
n0
inj
rng
);
intro
surj
.
assert
(
inj
:
MapInjection
.
injective
a_back
n0
)
by
ae
.
assert
(
rng
:
MapInjection
.
range
a_back
n0
)
by
ae
.
generalize
(
MapInjection
.
injective_surjective
a_back
n0
inj
rng
);
intro
surj
.
destruct
(
surj
i
H1
)
as
(
j
,
(
hj1
,
hj2
)).
ae
.
Qed
.
...
...
examples/vacid_0_sparse_array/why3session.xml
View file @
a869eaa9
...
...
@@ -106,7 +106,7 @@
edited=
"vacid_0_sparse_array_2_SparseArray_permutation_1.v"
obsolete=
"false"
archived=
"false"
>
<result
status=
"valid"
time=
"1.2
2
"
/>
<result
status=
"valid"
time=
"1.2
4
"
/>
</proof>
</goal>
<goal
...
...
@@ -128,11 +128,11 @@
name=
"WP_parameter set.1"
locfile=
"../vacid_0_sparse_array.mlw"
loclnum=
"96"
loccnumb=
"6"
loccnume=
"9"
expl=
"1.
precondition
"
expl=
"1.
index in array bounds
"
sum=
"88db21b5a3cc7ee52c64849f80745892"
proved=
"true"
expanded=
"false"
shape=
"
precondition
ainfix <V8V0Aainfix <=c0V8Iainfix <V8V0Aainfix <=c0V8Aainfix <=c0V4Aainfix <=c0V2Aainfix <=c0V0Aainfix =agetV3agetV5V11V11Aainfix <agetV5V11V0Aainfix <=c0agetV5V11Iainfix <V11V6Aainfix <=c0V11FAainfix =V2V4Aainfix =V0V2Aainfix <=V0amaxlenAainfix <=V6V0Aainfix <=c0V6Lamk sparse_arrayamk arrayV0V1amk arrayV2V3amk arrayV4V5V6V7F"
>
shape=
"
index in array bounds
ainfix <V8V0Aainfix <=c0V8Iainfix <V8V0Aainfix <=c0V8Aainfix <=c0V4Aainfix <=c0V2Aainfix <=c0V0Aainfix =agetV3agetV5V11V11Aainfix <agetV5V11V0Aainfix <=c0agetV5V11Iainfix <V11V6Aainfix <=c0V11FAainfix =V2V4Aainfix =V0V2Aainfix <=V0amaxlenAainfix <=V6V0Aainfix <=c0V6Lamk sparse_arrayamk arrayV0V1amk arrayV2V3amk arrayV4V5V6V7F"
>
<label
name=
"expl:VC for set"
/>
<proof
...
...
@@ -244,11 +244,11 @@
name=
"WP_parameter set.6"
locfile=
"../vacid_0_sparse_array.mlw"
loclnum=
"96"
loccnumb=
"6"
loccnume=
"9"
expl=
"6.
precondition
"
expl=
"6.
index in array bounds
"
sum=
"7e779574092aeeba5588cc2cceb39bb5"
proved=
"true"
expanded=
"false"
shape=
"
precondition
ainfix <V8V2Aainfix <=c0V8Iainfix <V6V0INainfix =V13aTrueIais_eltV12V8qainfix =V13aTrueFIainfix <V8V0Aainfix <=c0V8Aainfix <=c0V0Aainfix =agetV3agetV5V14V14Aainfix <agetV5V14V0Aainfix <=c0agetV5V14Iainfix <V14V6Aainfix <=c0V14FAainfix =V2V4Aainfix =V0V2Aainfix <=V0amaxlenAainfix <=V6V0Aainfix <=c0V6Iainfix =V11asetV1V8V9Aainfix <=c0V0Lamk sparse_arrayamk arrayV0V11amk arrayV2V3amk arrayV4V5V6V7FIainfix <V8V0Aainfix <=c0V8Iainfix <V8V0Aainfix <=c0V8Aainfix <=c0V4Aainfix <=c0V2Aainfix <=c0V0Aainfix =agetV3agetV5V15V15Aainfix <agetV5V15V0Aainfix <=c0agetV5V15Iainfix <V15V6Aainfix <=c0V15FAainfix =V2V4Aainfix =V0V2Aainfix <=V0amaxlenAainfix <=V6V0Aainfix <=c0V6Lamk sparse_arrayamk arrayV0V1amk arrayV2V3amk arrayV4V5V6V7F"
>
shape=
"
index in array bounds
ainfix <V8V2Aainfix <=c0V8Iainfix <V6V0INainfix =V13aTrueIais_eltV12V8qainfix =V13aTrueFIainfix <V8V0Aainfix <=c0V8Aainfix <=c0V0Aainfix =agetV3agetV5V14V14Aainfix <agetV5V14V0Aainfix <=c0agetV5V14Iainfix <V14V6Aainfix <=c0V14FAainfix =V2V4Aainfix =V0V2Aainfix <=V0amaxlenAainfix <=V6V0Aainfix <=c0V6Iainfix =V11asetV1V8V9Aainfix <=c0V0Lamk sparse_arrayamk arrayV0V11amk arrayV2V3amk arrayV4V5V6V7FIainfix <V8V0Aainfix <=c0V8Iainfix <V8V0Aainfix <=c0V8Aainfix <=c0V4Aainfix <=c0V2Aainfix <=c0V0Aainfix =agetV3agetV5V15V15Aainfix <agetV5V15V0Aainfix <=c0agetV5V15Iainfix <V15V6Aainfix <=c0V15FAainfix =V2V4Aainfix =V0V2Aainfix <=V0amaxlenAainfix <=V6V0Aainfix <=c0V6Lamk sparse_arrayamk arrayV0V1amk arrayV2V3amk arrayV4V5V6V7F"
>
<label
name=
"expl:VC for set"
/>
<proof
...
...
@@ -264,11 +264,11 @@
name=
"WP_parameter set.7"
locfile=
"../vacid_0_sparse_array.mlw"
loclnum=
"96"
loccnumb=
"6"
loccnume=
"9"
expl=
"7.
precondition
"
expl=
"7.
index in array bounds
"
sum=
"03a900ddb7ac18d46efbf1d31a08a243"
proved=
"true"
expanded=
"false"
shape=
"
precondition
ainfix <V6V4Aainfix <=c0V6Iainfix =V14asetV3V8V6Aainfix <=c0V2FIainfix <V8V2Aainfix <=c0V8Iainfix <V6V0INainfix =V13aTrueIais_eltV12V8qainfix =V13aTrueFIainfix <V8V0Aainfix <=c0V8Aainfix <=c0V0Aainfix =agetV3agetV5V15V15Aainfix <agetV5V15V0Aainfix <=c0agetV5V15Iainfix <V15V6Aainfix <=c0V15FAainfix =V2V4Aainfix =V0V2Aainfix <=V0amaxlenAainfix <=V6V0Aainfix <=c0V6Iainfix =V11asetV1V8V9Aainfix <=c0V0Lamk sparse_arrayamk arrayV0V11amk arrayV2V3amk arrayV4V5V6V7FIainfix <V8V0Aainfix <=c0V8Iainfix <V8V0Aainfix <=c0V8Aainfix <=c0V4Aainfix <=c0V2Aainfix <=c0V0Aainfix =agetV3agetV5V16V16Aainfix <agetV5V16V0Aainfix <=c0agetV5V16Iainfix <V16V6Aainfix <=c0V16FAainfix =V2V4Aainfix =V0V2Aainfix <=V0amaxlenAainfix <=V6V0Aainfix <=c0V6Lamk sparse_arrayamk arrayV0V1amk arrayV2V3amk arrayV4V5V6V7F"
>
shape=
"
index in array bounds
ainfix <V6V4Aainfix <=c0V6Iainfix =V14asetV3V8V6Aainfix <=c0V2FIainfix <V8V2Aainfix <=c0V8Iainfix <V6V0INainfix =V13aTrueIais_eltV12V8qainfix =V13aTrueFIainfix <V8V0Aainfix <=c0V8Aainfix <=c0V0Aainfix =agetV3agetV5V15V15Aainfix <agetV5V15V0Aainfix <=c0agetV5V15Iainfix <V15V6Aainfix <=c0V15FAainfix =V2V4Aainfix =V0V2Aainfix <=V0amaxlenAainfix <=V6V0Aainfix <=c0V6Iainfix =V11asetV1V8V9Aainfix <=c0V0Lamk sparse_arrayamk arrayV0V11amk arrayV2V3amk arrayV4V5V6V7FIainfix <V8V0Aainfix <=c0V8Iainfix <V8V0Aainfix <=c0V8Aainfix <=c0V4Aainfix <=c0V2Aainfix <=c0V0Aainfix =agetV3agetV5V16V16Aainfix <agetV5V16V0Aainfix <=c0agetV5V16Iainfix <V16V6Aainfix <=c0V16FAainfix =V2V4Aainfix =V0V2Aainfix <=V0amaxlenAainfix <=V6V0Aainfix <=c0V6Lamk sparse_arrayamk arrayV0V1amk arrayV2V3amk arrayV4V5V6V7F"
>
<label
name=
"expl:VC for set"
/>
<proof
...
...
examples/vstte10_inverting/vstte10_inverting_WP_InvertingAnInjection_WP_parameter_inverting_1.v
View file @
a869eaa9
(
*
This
file
is
generated
by
Why3
'
s
Coq
driver
*
)
(
*
This
file
is
generated
by
Why3
'
s
Coq
8.4
driver
*
)
(
*
Beware
!
Only
edit
allowed
sections
below
*
)
Require
Import
BuiltIn
.
Require
BuiltIn
.
Require
int
.
Int
.
Require
map
.
Map
.
Require
map
.
MapInjection
.
(
*
Why3
assumption
*
)
Definition
unit
:=
unit
.
...
...
@@ -11,75 +12,63 @@ Definition unit := unit.
(
*
Why3
assumption
*
)
Inductive
array
(
a
:
Type
)
{
a_WT
:
WhyType
a
}
:=
|
mk_array
:
Z
->
(
map
.
Map
.
map
Z
a
)
->
array
a
.
|
mk_array
:
Z
->
(
@
map
.
Map
.
map
Z
_
a
a_WT
)
->
array
a
.
Axiom
array_WhyType
:
forall
(
a
:
Type
)
{
a_WT
:
WhyType
a
}
,
WhyType
(
array
a
).
Existing
Instance
array_WhyType
.
Implicit
Arguments
mk_array
[[
a
]
[
a_WT
]].
(
*
Why3
assumption
*
)
Definition
elts
{
a
:
Type
}
{
a_WT
:
WhyType
a
}
(
v
:
(
array
a
))
:
(
map
.
Map
.
map
Z
a
)
:=
match
v
with
Definition
elts
{
a
:
Type
}
{
a_WT
:
WhyType
a
}
(
v
:
(
@
array
a
a_WT
))
:
(
@
map
.
Map
.
map
Z
_
a
a_WT
)
:=
match
v
with
|
(
mk_array
x
x1
)
=>
x1
end
.
(
*
Why3
assumption
*
)
Definition
length
{
a
:
Type
}
{
a_WT
:
WhyType
a
}
(
v
:
(
array
a
))
:
Z
:=
Definition
length
{
a
:
Type
}
{
a_WT
:
WhyType
a
}
(
v
:
(
@
array
a
a_WT
))
:
Z
:=
match
v
with
|
(
mk_array
x
x1
)
=>
x
end
.
(
*
Why3
assumption
*
)
Definition
get
{
a
:
Type
}
{
a_WT
:
WhyType
a
}
(
a1
:
(
array
a
))
(
i
:
Z
)
:
a
:=
Definition
get
{
a
:
Type
}
{
a_WT
:
WhyType
a
}
(
a1
:
(
@
array
a
a_WT
))
(
i
:
Z
)
:
a
:=
(
map
.
Map
.
get
(
elts
a1
)
i
).
(
*
Why3
assumption
*
)
Definition
set
{
a
:
Type
}
{
a_WT
:
WhyType
a
}
(
a1
:
(
array
a
))
(
i
:
Z
)
(
v
:
a
)
:
(
array
a
)
:=
(
mk_array
(
length
a1
)
(
map
.
Map
.
set
(
elts
a1
)
i
v
)).
Definition
set
{
a
:
Type
}
{
a_WT
:
WhyType
a
}
(
a1
:
(
@
array
a
a_WT
))
(
i
:
Z
)
(
v
:
a
)
:
(
@
array
a
a_WT
)
:=
(
mk_array
(
length
a1
)
(
map
.
Map
.
set
(
elts
a1
)
i
v
)).
(
*
Why3
assumption
*
)
Definition
make
{
a
:
Type
}
{
a_WT
:
WhyType
a
}
(
n
:
Z
)
(
v
:
a
)
:
(
array
a
)
:=
(
mk_array
n
(
map
.
Map
.
const
v
:
(
map
.
Map
.
map
Z
a
))).
Definition
make
{
a
:
Type
}
{
a_WT
:
WhyType
a
}
(
n
:
Z
)
(
v
:
a
)
:
(
@
array
a
a_WT
)
:=
(
mk_array
n
(
map
.
Map
.
const
v
:
(
@
map
.
Map
.
map
Z
_
a
a_WT
))).
(
*
Why3
assumption
*
)
Definition
injective
(
a
:
(
map
.
Map
.
map
Z
Z
))
(
n
:
Z
)
:
Prop
:=
forall
(
i
:
Z
)
(
j
:
Z
),
((
0
%
Z
<=
i
)
%
Z
/
\
(
i
<
n
)
%
Z
)
->
(((
0
%
Z
<=
j
)
%
Z
/
\
(
j
<
n
)
%
Z
)
->
((
~
(
i
=
j
))
->
~
((
map
.
Map
.
get
a
i
)
=
(
map
.
Map
.
get
a
j
)))).
Definition
injective
(
a
:
(
@
array
Z
_
))
(
n
:
Z
)
:
Prop
:=
(
map
.
MapInjection
.
injective
(
elts
a
)
n
).
(
*
Why3
assumption
*
)
Definition
surjective
(
a
:
(
map
.
Map
.
map
Z
Z
))
(
n
:
Z
)
:
Prop
:=
forall
(
i
:
Z
),
((
0
%
Z
<=
i
)
%
Z
/
\
(
i
<
n
)
%
Z
)
->
exists
j
:
Z
,
((
0
%
Z
<=
j
)
%
Z
/
\
(
j
<
n
)
%
Z
)
/
\
((
map
.
Map
.
get
a
j
)
=
i
).
Definition
surjective
(
a
:
(
@
array
Z
_
))
(
n
:
Z
)
:
Prop
:=
(
map
.
MapInjection
.
surjective
(
elts
a
)
n
).
(
*
Why3
assumption
*
)
Definition
range
(
a
:
(
map
.
Map
.
map
Z
Z
))
(
n
:
Z
)
:
Prop
:=
forall
(
i
:
Z
),
((
0
%
Z
<=
i
)
%
Z
/
\
(
i
<
n
)
%
Z
)
->
((
0
%
Z
<=
(
map
.
Map
.
get
a
i
))
%
Z
/
\
((
map
.
Map
.
get
a
i
)
<
n
)
%
Z
).
Axiom
injective_surjective
:
forall
(
a
:
(
map
.
Map
.
map
Z
Z
))
(
n
:
Z
),
(
injective
a
n
)
->
((
range
a
n
)
->
(
surjective
a
n
)).
(
*
Why3
assumption
*
)
Definition
injective1
(
a
:
(
array
Z
))
(
n
:
Z
)
:
Prop
:=
(
injective
(
elts
a
)
n
).
(
*
Why3
assumption
*
)
Definition
surjective1
(
a
:
(
array
Z
))
(
n
:
Z
)
:
Prop
:=
(
surjective
(
elts
a
)
n
).
(
*
Why3
assumption
*
)
Definition
range1
(
a
:
(
array
Z
))
(
n
:
Z
)
:
Prop
:=
(
range
(
elts
a
)
n
).
Definition
range
(
a
:
(
@
array
Z
_
))
(
n
:
Z
)
:
Prop
:=
(
map
.
MapInjection
.
range
(
elts
a
)
n
).
(
*
Why3
goal
*
)
Theorem
WP_parameter_inverting
:
forall
(
a
:
Z
)
(
b
:
Z
)
(
n
:
Z
),
forall
(
a1
:
(
map
.
Map
.
map
Z
Z
)),
(((
0
%
Z
<=
a
)
%
Z
/
\
(
0
%
Z
<=
b
)
%
Z
)
/
\
(((
n
=
a
)
/
\
(
a
=
b
))
/
\
((
injective
a1
n
)
/
\
(
range
a1
n
))))
->
let
o
:=
(
n
-
1
%
Z
)
%
Z
in
((
0
%
Z
<=
o
)
%
Z
->
forall
(
b1
:
(
map
.
Map
.
map
Z
Z
)),
(
forall
(
j
:
Z
),
((
0
%
Z
<=
j
)
%
Z
/
\
(
j
<
(
o
+
1
%
Z
)
%
Z
)
%
Z
)
->
((
map
.
Map
.
get
b1
(
map
.
Map
.
get
a1
j
))
=
j
))
->
((
0
%
Z
<=
b
)
%
Z
->
(
injective
b1
n
))).
Theorem
WP_parameter_inverting
:
forall
(
a
:
Z
)
(
a1
:
(
@
map
.
Map
.
map
Z
_
Z
_
))
(
b
:
Z
)
(
n
:
Z
),
(((
0
%
Z
<=
a
)
%
Z
/
\
(
0
%
Z
<=
b
)
%
Z
)
/
\
(((
n
=
a
)
/
\
(
a
=
b
))
/
\
((
map
.
MapInjection
.
injective
a1
n
)
/
\
(
map
.
MapInjection
.
range
a1
n
))))
->
let
o
:=
(
n
-
1
%
Z
)
%
Z
in
((
0
%
Z
<=
o
)
%
Z
->
forall
(
b1
:
(
@
map
.
Map
.
map
Z
_
Z
_
)),
(
forall
(
j
:
Z
),
((
0
%
Z
<=
j
)
%
Z
/
\
(
j
<
(
o
+
1
%
Z
)
%
Z
)
%
Z
)
->
((
map
.
Map
.
get
b1
(
map
.
Map
.
get
a1
j
))
=
j
))
->
((
0
%
Z
<=
b
)
%
Z
->
(
map
.
MapInjection
.
injective
b1
n
))).
(
*
Why3
intros
a
a1
b
n
((
h1
,
h2
),((
h3
,
h4
),(
h5
,
h6
)))
o
h7
b1
h8
h9
.
*
)
intuition
.
intuition
.
red
;
intros
.
unfold
get
;
simpl
.
assert
(
surjective
a1
n
).
apply
injective_surjective
;
assumption
.
assert
(
MapInjection
.
surjective
a1
n
).
apply
MapInjection
.
injective_surjective
;
assumption
.
generalize
(
H11
i
H8
);
unfold
get
;
simpl
;
intros
(
i1
,
(
Hi1
,
Hi2
)).
generalize
(
H11
j
H9
);
unfold
get
;
simpl
;
intros
(
j1
,
(
Hj1
,
Hj2
)).
rewrite
<-
Hi2
.
...
...
@@ -92,4 +81,3 @@ subst.
auto
.
Qed
.
examples/vstte10_inverting/why3session.xml
View file @
a869eaa9
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
