knuth_prime_numbers: completed proof

parent 6dd32e1a
......@@ -55,7 +55,7 @@ module PrimeNumbers
forall d: int. 2 <= d <= p[u-1] -> prime d ->
exists i: int. 0 <= i < u /\ d = p[i]
lemma Bertrand_postulate:
axiom Bertrand_postulate:
forall p: int. prime p -> not (no_prime_in p (2*p))
(* returns an array containing the first m prime numbers *)
......
(* This file is generated by Why3's Coq driver *)
(* Beware! Only edit allowed sections below *)
Require Import ZArith.
Require Import Rbase.
Require Import ZOdiv.
Require Import Zdiv.
Definition unit := unit.
Parameter mark : Type.
Parameter at1: forall (a:Type), a -> mark -> a.
Implicit Arguments at1.
Parameter old: forall (a:Type), a -> a.
Implicit Arguments old.
Axiom Abs_pos : forall (x:Z), (0%Z <= (Zabs x))%Z.
Axiom Div_mod : forall (x:Z) (y:Z), (~ (y = 0%Z)) ->
(x = ((y * (ZOdiv x y))%Z + (ZOmod x y))%Z).
Axiom Div_bound : forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (0%Z < y)%Z) ->
((0%Z <= (ZOdiv x y))%Z /\ ((ZOdiv x y) <= x)%Z).
Axiom Mod_bound : forall (x:Z) (y:Z), (~ (y = 0%Z)) ->
(((-(Zabs y))%Z < (ZOmod x y))%Z /\ ((ZOmod x y) < (Zabs y))%Z).
Axiom Div_sign_pos : forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (0%Z < y)%Z) ->
(0%Z <= (ZOdiv x y))%Z.
Axiom Div_sign_neg : forall (x:Z) (y:Z), ((x <= 0%Z)%Z /\ (0%Z < y)%Z) ->
((ZOdiv x y) <= 0%Z)%Z.
Axiom Mod_sign_pos : forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ ~ (y = 0%Z)) ->
(0%Z <= (ZOmod x y))%Z.
Axiom Mod_sign_neg : forall (x:Z) (y:Z), ((x <= 0%Z)%Z /\ ~ (y = 0%Z)) ->
((ZOmod x y) <= 0%Z)%Z.
Axiom Rounds_toward_zero : forall (x:Z) (y:Z), (~ (y = 0%Z)) ->
((Zabs ((ZOdiv x y) * y)%Z) <= (Zabs x))%Z.
Axiom Div_1 : forall (x:Z), ((ZOdiv x 1%Z) = x).
Axiom Mod_1 : forall (x:Z), ((ZOmod x 1%Z) = 0%Z).
Axiom Div_inf : forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (x < y)%Z) ->
((ZOdiv x y) = 0%Z).
Axiom Mod_inf : forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (x < y)%Z) ->
((ZOmod x y) = x).
Axiom Div_mult : forall (x:Z) (y:Z) (z:Z), ((0%Z < x)%Z /\ ((0%Z <= y)%Z /\
(0%Z <= z)%Z)) -> ((ZOdiv ((x * y)%Z + z)%Z x) = (y + (ZOdiv z x))%Z).
Axiom Mod_mult : forall (x:Z) (y:Z) (z:Z), ((0%Z < x)%Z /\ ((0%Z <= y)%Z /\
(0%Z <= z)%Z)) -> ((ZOmod ((x * y)%Z + z)%Z x) = (ZOmod z x)).
Definition lt_nat(x:Z) (y:Z): Prop := (0%Z <= y)%Z /\ (x < y)%Z.
Inductive lex : (Z* Z)%type -> (Z* Z)%type -> Prop :=
| Lex_1 : forall (x1:Z) (x2:Z) (y1:Z) (y2:Z), (lt_nat x1 x2) -> (lex (x1,
y1) (x2, y2))
| Lex_2 : forall (x:Z) (y1:Z) (y2:Z), (lt_nat y1 y2) -> (lex (x, y1) (x,
y2)).
Definition even(n:Z): Prop := exists k:Z, (n = (2%Z * k)%Z).
Definition odd(n:Z): Prop := exists k:Z, (n = ((2%Z * k)%Z + 1%Z)%Z).
Axiom even_or_odd : forall (n:Z), (even n) \/ (odd n).
Axiom even_not_odd : forall (n:Z), (even n) -> ~ (odd n).
Axiom odd_not_even : forall (n:Z), (odd n) -> ~ (even n).
Axiom even_odd : forall (n:Z), (even n) -> (odd (n + 1%Z)%Z).
Axiom odd_even : forall (n:Z), (odd n) -> (even (n + 1%Z)%Z).
Axiom even_even : forall (n:Z), (even n) -> (even (n + 2%Z)%Z).
Axiom odd_odd : forall (n:Z), (odd n) -> (odd (n + 2%Z)%Z).
Axiom even_2k : forall (k:Z), (even (2%Z * k)%Z).
Axiom odd_2k1 : forall (k:Z), (odd ((2%Z * k)%Z + 1%Z)%Z).
Definition divides(d:Z) (n:Z): Prop := exists q:Z, (n = (q * d)%Z).
Axiom divides_refl : forall (n:Z), (divides n n).
Axiom divides_1_n : forall (n:Z), (divides 1%Z n).
Axiom divides_0 : forall (n:Z), (divides n 0%Z).
Axiom divides_left : forall (a:Z) (b:Z) (c:Z), (divides a b) ->
(divides (c * a)%Z (c * b)%Z).
Axiom divides_right : forall (a:Z) (b:Z) (c:Z), (divides a b) ->
(divides (a * c)%Z (b * c)%Z).
Axiom divides_oppr : forall (a:Z) (b:Z), (divides a b) -> (divides a (-b)%Z).
Axiom divides_oppl : forall (a:Z) (b:Z), (divides a b) -> (divides (-a)%Z b).
Axiom divides_oppr_rev : forall (a:Z) (b:Z), (divides (-a)%Z b) -> (divides a
b).
Axiom divides_oppl_rev : forall (a:Z) (b:Z), (divides a (-b)%Z) -> (divides a
b).
Axiom divides_plusr : forall (a:Z) (b:Z) (c:Z), (divides a b) -> ((divides a
c) -> (divides a (b + c)%Z)).
Axiom divides_minusr : forall (a:Z) (b:Z) (c:Z), (divides a b) -> ((divides a
c) -> (divides a (b - c)%Z)).
Axiom divides_multl : forall (a:Z) (b:Z) (c:Z), (divides a b) -> (divides a
(c * b)%Z).
Axiom divides_multr : forall (a:Z) (b:Z) (c:Z), (divides a b) -> (divides a
(b * c)%Z).
Axiom divides_factorl : forall (a:Z) (b:Z), (divides a (b * a)%Z).
Axiom divides_factorr : forall (a:Z) (b:Z), (divides a (a * b)%Z).
Axiom divides_n_1 : forall (n:Z), (divides n 1%Z) -> ((n = 1%Z) \/
(n = (-1%Z)%Z)).
Axiom divides_antisym : forall (a:Z) (b:Z), (divides a b) -> ((divides b
a) -> ((a = b) \/ (a = (-b)%Z))).
Axiom divides_trans : forall (a:Z) (b:Z) (c:Z), (divides a b) -> ((divides b
c) -> (divides a c)).
Axiom divides_bounds : forall (a:Z) (b:Z), (divides a b) -> ((~ (b = 0%Z)) ->
((Zabs a) <= (Zabs b))%Z).
Axiom Div_mod1 : forall (x:Z) (y:Z), (~ (y = 0%Z)) ->
(x = ((y * (Zdiv x y))%Z + (Zmod x y))%Z).
Axiom Div_bound1 : forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (0%Z < y)%Z) ->
((0%Z <= (Zdiv x y))%Z /\ ((Zdiv x y) <= x)%Z).
Axiom Mod_bound1 : forall (x:Z) (y:Z), (~ (y = 0%Z)) ->
((0%Z <= (Zmod x y))%Z /\ ((Zmod x y) < (Zabs y))%Z).
Axiom Mod_11 : forall (x:Z), ((Zmod x 1%Z) = 0%Z).
Axiom Div_11 : forall (x:Z), ((Zdiv x 1%Z) = x).
Axiom mod_divides_euclidean : forall (a:Z) (b:Z), (~ (b = 0%Z)) ->
(((Zmod a b) = 0%Z) -> (divides b a)).
Axiom divides_mod_euclidean : forall (a:Z) (b:Z), (~ (b = 0%Z)) ->
((divides b a) -> ((Zmod a b) = 0%Z)).
Axiom mod_divides_computer : forall (a:Z) (b:Z), (~ (b = 0%Z)) ->
(((ZOmod a b) = 0%Z) -> (divides b a)).
Axiom divides_mod_computer : forall (a:Z) (b:Z), (~ (b = 0%Z)) -> ((divides b
a) -> ((ZOmod a b) = 0%Z)).
Axiom even_divides : forall (a:Z), (even a) <-> (divides 2%Z a).
Axiom odd_divides : forall (a:Z), (odd a) <-> ~ (divides 2%Z a).
Definition prime(p:Z): Prop := (2%Z <= p)%Z /\ forall (n:Z), ((1%Z < n)%Z /\
(n < p)%Z) -> ~ (divides n p).
Axiom not_prime_1 : ~ (prime 1%Z).
Axiom prime_2 : (prime 2%Z).
Axiom prime_3 : (prime 3%Z).
Axiom prime_divisors : forall (p:Z), (prime p) -> forall (d:Z), (divides d
p) -> ((d = 1%Z) \/ ((d = (-1%Z)%Z) \/ ((d = p) \/ (d = (-p)%Z)))).
Axiom small_divisors : forall (p:Z), (2%Z <= p)%Z -> ((forall (d:Z),
(2%Z <= d)%Z -> ((prime d) -> (((1%Z < (d * d)%Z)%Z /\
((d * d)%Z <= p)%Z) -> ~ (divides d p)))) -> (prime p)).
Axiom even_prime : forall (p:Z), (prime p) -> ((even p) -> (p = 2%Z)).
Axiom odd_prime : forall (p:Z), (prime p) -> ((3%Z <= p)%Z -> (odd p)).
Inductive ref (a:Type) :=
| mk_ref : a -> ref a.
Implicit Arguments mk_ref.
Definition contents (a:Type)(u:(ref a)): a :=
match u with
| mk_ref contents1 => contents1
end.
Implicit Arguments contents.
Parameter map : forall (a:Type) (b:Type), Type.
Parameter get: forall (a:Type) (b:Type), (map a b) -> a -> b.
Implicit Arguments get.
Parameter set: forall (a:Type) (b:Type), (map a b) -> a -> b -> (map a b).
Implicit Arguments set.
Axiom Select_eq : forall (a:Type) (b:Type), forall (m:(map a b)),
forall (a1:a) (a2:a), forall (b1:b), (a1 = a2) -> ((get (set m a1 b1)
a2) = b1).
Axiom Select_neq : forall (a:Type) (b:Type), forall (m:(map a b)),
forall (a1:a) (a2:a), forall (b1:b), (~ (a1 = a2)) -> ((get (set m a1 b1)
a2) = (get m a2)).
Parameter const: forall (b:Type) (a:Type), b -> (map a b).
Set Contextual Implicit.
Implicit Arguments const.
Unset Contextual Implicit.
Axiom Const : forall (b:Type) (a:Type), forall (b1:b) (a1:a), ((get (const(
b1):(map a b)) a1) = b1).
Inductive array (a:Type) :=
| mk_array : Z -> (map Z a) -> array a.
Implicit Arguments mk_array.
Definition elts (a:Type)(u:(array a)): (map Z a) :=
match u with
| mk_array _ elts1 => elts1
end.
Implicit Arguments elts.
Definition length (a:Type)(u:(array a)): Z :=
match u with
| mk_array length1 _ => length1
end.
Implicit Arguments length.
Definition get1 (a:Type)(a1:(array a)) (i:Z): a := (get (elts a1) i).
Implicit Arguments get1.
Definition set1 (a:Type)(a1:(array a)) (i:Z) (v:a): (array a) :=
match a1 with
| mk_array xcl0 _ => (mk_array xcl0 (set (elts a1) i v))
end.
Implicit Arguments set1.
Definition no_prime_in(l:Z) (u:Z): Prop := forall (x:Z), ((l < x)%Z /\
(x < u)%Z) -> ~ (prime x).
Definition first_primes(p:(array Z)) (u:Z): Prop := ((get1 p 0%Z) = 2%Z) /\
((forall (i:Z) (j:Z), (((0%Z <= i)%Z /\ (i < j)%Z) /\ (j < u)%Z) ->
((get1 p i) < (get1 p j))%Z) /\ ((forall (i:Z), ((0%Z <= i)%Z /\
(i < u)%Z) -> (prime (get1 p i))) /\ forall (i:Z), ((0%Z <= i)%Z /\
(i < (u - 1%Z)%Z)%Z) -> (no_prime_in (get1 p i) (get1 p (i + 1%Z)%Z)))).
(* YOU MAY EDIT THE CONTEXT BELOW *)
(* DO NOT EDIT BELOW *)
Theorem exists_prime : forall (p:(array Z)) (u:Z), (1%Z <= u)%Z ->
((first_primes p u) -> forall (d:Z), ((2%Z <= d)%Z /\ (d <= (get1 p
(u - 1%Z)%Z))%Z) -> ((prime d) -> exists i:Z, ((0%Z <= i)%Z /\
(i < u)%Z) /\ (d = (get1 p i)))).
(* YOU MAY EDIT THE PROOF BELOW *)
intros p u hu. generalize hu.
pattern u; apply natlike_ind; intros. 3: omega.
apply False_ind; omega.
assert (case: (x=0 \/ 0 < x)%Z) by omega. destruct case.
subst x.
exists 0; split.
omega.
red in H1.
simpl in H2.
assert (d = 2)%Z by omega.
subst; omega.
ring_simplify (Zsucc x - 1)%Z in H2.
assert (case: (d <= get1 p (x-1) \/ get1 p (x-1) < d)%Z) by omega. destruct case.
destruct H0 with (d := d) as (i, (hi1, hi2)); intuition.
destruct H1 as (p0, (sorted, (only_primes, all_primes))).
red; split.
auto.
split; intros.
apply sorted; omega.
split; intros.
apply only_primes; omega.
apply all_primes; omega.
exists i; intuition.
assert (case: (d = get1 p x \/ d <get1 p x)%Z) by omega. destruct case.
exists x; intuition.
apply False_ind.
destruct H1 as (_, (_, (_, h))).
absurd (prime d); auto.
apply (h (x-1)%Z); try omega.
ring_simplify (x-1+1)%Z; omega.
Qed.
(* DO NOT EDIT BELOW *)
......@@ -10,11 +10,12 @@
<prover id="spass" name="Spass" version="3.5"/>
<prover id="yices" name="Yices" version="1.0.27"/>
<prover id="z3" name="Z3" version="2.19"/>
<file name="../knuth_prime_numbers.mlw" verified="false" expanded="true">
<theory name="WP PrimeNumbers" verified="false" expanded="true">
<goal name="exists_prime" sum="87300ac3f86a42e66315adfa562619cc" proved="false" expanded="true" shape="ainfix =V2amixfix []V0V3Aainfix <V3V1Aainfix <=c0V3EIaprimeV2Iainfix <=V2amixfix []V0ainfix -V1c1Aainfix <=c2V2FIafirst_primesV0V1Iainfix <=c1V1F">
</goal>
<goal name="Bertrand_postulate" sum="e0f29eb9b4f600a541005a02d0b99058" proved="false" expanded="true" shape="ano_prime_inV0ainfix *c2V0NIaprimeV0F">
<file name="../knuth_prime_numbers.mlw" verified="true" expanded="true">
<theory name="WP PrimeNumbers" verified="true" expanded="true">
<goal name="exists_prime" sum="87300ac3f86a42e66315adfa562619cc" proved="true" expanded="true" shape="ainfix =V2amixfix []V0V3Aainfix <V3V1Aainfix <=c0V3EIaprimeV2Iainfix <=V2amixfix []V0ainfix -V1c1Aainfix <=c2V2FIafirst_primesV0V1Iainfix <=c1V1F">
<proof prover="coq" timelimit="10" edited="knuth_prime_numbers_WP_PrimeNumbers_exists_prime_1.v" obsolete="false">
<result status="valid" time="0.95"/>
</proof>
</goal>
<goal name="WP_parameter prime_numbers" expl="correctness of parameter prime_numbers" sum="64bde5707e01253345b86f035b413ef8" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V5afirst_primesV6V0Iano_prime_inagetV5ainfix -ainfix +ainfix -V0c1c1c1V4AaoddV4Aainfix <V4ainfix *c2agetV5ainfix -ainfix +ainfix -V0c1c1c1Aainfix <agetV5ainfix -ainfix +ainfix -V0c1c1c1V4Aafirst_primesV6ainfix +ainfix -V0c1c1ALamk arrayV0V10iainfix =amodV9agetV10V8c0ano_prime_inagetV10ainfix -V7c1V13AaprimeV13Aainfix <agetV10ainfix -V7c1V13Iano_prime_inagetV10ainfix -V7c1V13AaprimeV13Aainfix <agetV10ainfix -V7c1V13FAadividesagetV10V14V12NIainfix <V14c1Aainfix <=c0V14FAano_prime_inagetV10ainfix -V7c1V12AaoddV12Aainfix <V12ainfix *c2agetV10ainfix -V7c1Aainfix <agetV10ainfix -V7c1V12Aafirst_primesV11V7Aainfix <c1V7Aainfix <=c1c1AalexaTuple2ainfix -ainfix *c2agetV10ainfix -V7c1V12ainfix -V7c1aTuple2ainfix -ainfix *c2agetV10ainfix -V7c1V9ainfix -V7V8Iainfix =V12ainfix +V9c2FAaprimeV9Niainfix >adivV9agetV10V8agetV10V8ano_prime_inagetV10ainfix -V7c1V15AaprimeV15Aainfix <agetV10ainfix -V7c1V15Iano_prime_inagetV10ainfix -V7c1V15AaprimeV15Aainfix <agetV10ainfix -V7c1V15FAadividesagetV10V16V9NIainfix <V16ainfix +V8c1Aainfix <=c0V16FAano_prime_inagetV10ainfix -V7c1V9AaoddV9Aainfix <V9ainfix *c2agetV10ainfix -V7c1Aainfix <agetV10ainfix -V7c1V9Aafirst_primesV11V7Aainfix <ainfix +V8c1V7Aainfix <=c1ainfix +V8c1AalexaTuple2ainfix -ainfix *c2agetV10ainfix -V7c1V9ainfix -V7ainfix +V8c1aTuple2ainfix -ainfix *c2agetV10ainfix -V7c1V9ainfix -V7V8ano_prime_inagetV10ainfix -V7c1V9AaprimeV9Aainfix <agetV10ainfix -V7c1V9AaprimeV9Aainfix <V8V0Aainfix <=c0V8Aainfix <V8V0Aainfix <=c0V8Aainfix <V8V0Aainfix <=c0V8IadividesagetV10V17V9NIainfix <V17V8Aainfix <=c0V17FAano_prime_inagetV10ainfix -V7c1V9AaoddV9Aainfix <V9ainfix *c2agetV10ainfix -V7c1Aainfix <agetV10ainfix -V7c1V9Aafirst_primesV11V7Aainfix <V8V7Aainfix <=c1V8FFFAano_prime_inagetV19ainfix -ainfix +V7c1c1V20AaoddV20Aainfix <V20ainfix *c2agetV19ainfix -ainfix +V7c1c1Aainfix <agetV19ainfix -ainfix +V7c1c1V20Aafirst_primesamk arrayV0V19ainfix +V7c1Iainfix =V20ainfix +V18c2FIainfix =V19asetV5V7V18FAainfix <V7V0Aainfix <=c0V7Iano_prime_inagetV5ainfix -V7c1V18AaprimeV18Aainfix <agetV5ainfix -V7c1V18FAadividesagetV5V21V4NIainfix <V21c1Aainfix <=c0V21FAano_prime_inagetV5ainfix -V7c1V4AaoddV4Aainfix <V4ainfix *c2agetV5ainfix -V7c1Aainfix <agetV5ainfix -V7c1V4Aafirst_primesV6V7Aainfix <c1V7Aainfix <=c1c1Iano_prime_inagetV5ainfix -V7c1V4AaoddV4Aainfix <V4ainfix *c2agetV5ainfix -V7c1Aainfix <agetV5ainfix -V7c1V4Aafirst_primesV6V7Iainfix <=V7ainfix -V0c1Aainfix <=c2V7FFFAano_prime_inagetV2ainfix -c2c1c5Aaoddc5Aainfix <c5ainfix *c2agetV2ainfix -c2c1Aainfix <agetV2ainfix -c2c1c5Aafirst_primesV3c2Iainfix <=c2ainfix -V0c1Aafirst_primesV3V0Iainfix >c2ainfix -V0c1Iainfix =V2asetV1c1c3FAainfix <c1V0Aainfix <=c0c1Iainfix =V1asetaconstc0c0c2FAainfix <c0V0Aainfix <=c0c0Aainfix >=V0c0Iainfix >=V0c2F">
<transf name="split_goal" proved="true" expanded="true">
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment