Merge branch 'issue_290' #fix 290

e58d9baf · Sylvain Dailler · f5daea84 · 23cf299e · e58d9baf · e58d9baf
Commit e58d9baf authored Apr 05, 2019 by Sylvain Dailler
12 changed files
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,6 +30,10 @@ IDE
  * display of counterexamples in the Task view has been improved
  * auto jumping to next unproved goal can now be disabled in the preferences

+Realizations
+  * Added experimental realizations for new Set theories in both Isabelle and
+    Coq
+
 Version 1.2.0, February 11, 2019
 --------------------------------


--- a/Makefile.in
+++ b/Makefile.in
@@ -974,7 +974,7 @@ COQLIBS_REAL = $(addprefix lib/coq/real/, $(COQLIBS_REAL_FILES))
 COQLIBS_NUMBER_FILES = Divisibility Gcd Parity Prime Coprime
 COQLIBS_NUMBER = $(addprefix lib/coq/number/, $(COQLIBS_NUMBER_FILES))

-COQLIBS_SET_FILES = Set
+COQLIBS_SET_FILES = Set Cardinal Fset FsetInduction FsetInt FsetSum SetApp SetAppInt SetImp SetImpInt
 COQLIBS_SET = $(addprefix lib/coq/set/, $(COQLIBS_SET_FILES))

 COQLIBS_MAP_FILES = Map Const Occ MapPermut MapInjection

--- a/lib/coq/set/Cardinal.v
+++ b/lib/coq/set/Cardinal.v
--- a/lib/coq/set/Fset.v
+++ b/lib/coq/set/Fset.v
--- a/lib/coq/set/FsetInduction.v
+++ b/lib/coq/set/FsetInduction.v
+(* This file is generated by Why3's Coq-realize driver *)
+(* Beware! Only edit allowed sections below    *)
+Require Import BuiltIn.
+Require BuiltIn.
+Require HighOrd.
+Require int.Int.
+Require set.Fset.
+
+(* Why3 goal *)
+Definition t : Type.
+Proof.
+(* Example bool *)
+apply bool.
+Defined.
+
+(* Why3 goal *)
+Definition p : set.Fset.fset t -> Prop.
+Proof.
+intros f.
+apply True.
+Defined.
+
+(* Why3 goal *)
+Lemma Induction :
+  (forall (s:set.Fset.fset t), set.Fset.is_empty s -> p s) ->
+  (forall (s:set.Fset.fset t), p s -> (forall (t1:t), p (set.Fset.add t1 s))) ->
+  forall (s:set.Fset.fset t), p s.
+Proof.
+intros h1 h2 s.
+(* TODO make something interesting *)
+unfold p. constructor.
+Qed.
+
--- a/lib/coq/set/FsetInt.v
+++ b/lib/coq/set/FsetInt.v
+(* This file is generated by Why3's Coq-realize driver *)
+(* Beware! Only edit allowed sections below    *)
+Require Import BuiltIn.
+Require BuiltIn.
+Require HighOrd.
+Require int.Int.
+Require set.Fset.
+
+(* Why3 goal *)
+Definition min_elt : set.Fset.fset Numbers.BinNums.Z -> Numbers.BinNums.Z.
+Proof.
+intros.
+destruct X as (fs, H).
+(* We use the list to define the algorithm *)
+eapply ClassicalEpsilon.constructive_indefinite_description in H.
+destruct H as (l, Hl).
+destruct l.
+- apply Z.zero. (* If the list is empty the result is unspecified *)
+- apply (List.fold_left (fun acc x => if Z_le_dec acc x then acc else x) l z).
+Defined.
+
+(* Why3 goal *)
+Lemma min_elt_def :
+  forall (s:set.Fset.fset Numbers.BinNums.Z), ~ set.Fset.is_empty s ->
+  set.Fset.mem (min_elt s) s /\
+  (forall (x:Numbers.BinNums.Z), set.Fset.mem x s -> ((min_elt s) <= x)%Z).
+Proof.
+intros s h1.
+unfold min_elt, Fset.is_empty, Fset.mem, set.Set.mem in *. 
+destruct s. simpl.
+destruct ClassicalEpsilon.constructive_indefinite_description as [l [Hdupl Heql]].
+destruct l.
+{ destruct h1. intros. intro. apply Heql in H. destruct H. }
+assert (forall l z,
+  forall x, List.In x l -> List.fold_left (fun x1 acc : int => if Z_le_dec x1 acc then x1 else acc) l z <= x)%Z.
+{
+induction l0; intros.
+{ destruct H. }
+assert (forall l z, List.fold_left (fun x1 acc : int => if Z_le_dec x1 acc then x1 else acc) l z <= z)%Z.
+{
+  induction l1; intros; simpl; eauto. omega.
+  simpl. destruct Z_le_dec. eauto. eapply Z.le_trans with a0; eauto. omega. 
+}
+simpl. destruct Z_le_dec.
+destruct (Z_le_dec z0 x0).
+eapply Z.le_trans with z0. eapply H0. assumption.
+simpl in H. destruct H.  subst. omega.
+eapply IHl0; eauto.
+
+destruct (Z_le_dec a x0).
+eapply Z.le_trans with a. eapply H0. assumption.
+simpl in H. destruct H. subst. omega.
+eapply IHl0; eauto.
+}
+
+assert (forall l z, List.In (List.fold_left (fun x acc => if Z_le_dec x acc then x else acc) l z) l \/
+  List.fold_left (fun x acc => if Z_le_dec x acc then x else acc) l z = z).
+{
+  induction l0; intros.
+  + simpl. right. reflexivity.
+  + simpl. destruct Z_le_dec.
+    - specialize (IHl0 z0). intuition.
+    - specialize (IHl0 a). intuition.
+}
+
+split.
+rewrite <- Heql. simpl. specialize (H0 l z). intuition.
+
+intros. eapply Heql in H1. eapply (H (List.cons z l) z) in H1; eauto. simpl in H1.
+destruct Z_le_dec. assumption.
+omega.
+Qed.
+
+(* Why3 goal *)
+Definition max_elt : set.Fset.fset Numbers.BinNums.Z -> Numbers.BinNums.Z.
+Proof.
+intros.
+apply (- min_elt (Fset.map (fun x => - x) X))%Z.
+Defined.
+
+(* Why3 goal *)
+Lemma max_elt_def :
+  forall (s:set.Fset.fset Numbers.BinNums.Z), ~ set.Fset.is_empty s ->
+  set.Fset.mem (max_elt s) s /\
+  (forall (x:Numbers.BinNums.Z), set.Fset.mem x s -> (x <= (max_elt s))%Z).
+Proof.
+intros s h1.
+unfold max_elt.
+assert (~ Fset.is_empty (Fset.map (fun x : int => (- x)%Z) s))%Z.
+{ unfold Fset.is_empty in *.
+intro. destruct h1. intros. intro. specialize (H (-x)%Z).
+apply H. eapply Fset.mem_map. assumption.
+}
+specialize (min_elt_def (Fset.map (fun x => -x)%Z s) H).
+intros. destruct H0.
+split.
+clear H1 H h1.
+rewrite Fset.map_def in H0. destruct H0.
+destruct H. rewrite H0. replace ( - - x)%Z with x. assumption.
+ring.
+
+intros. clear H0. clear h1 H.
+assert (min_elt (Fset.map (fun x => - x) s) <= -x)%Z.
+{
+  eapply H1; eauto. apply Fset.mem_map. assumption.
+}
+omega.
+Qed.
+
+Fixpoint seqZ l len : list Numbers.BinNums.Z :=
+  match len with
+  | S n => List.cons l (seqZ (l + 1)%Z n)
+  | O => List.nil
+  end.
+
+Lemma seqZ_le: forall len x l, List.In x (seqZ l len) -> (l <= x)%Z.
+Proof.
+induction len; simpl; intuition.
+eapply IHlen in H0; intuition.
+Qed.
+
+Lemma seqZ_le2: forall len x l, List.In x (seqZ l len) -> (x < l + Z.of_nat len)%Z.
+Proof.
+induction len; simpl; intuition.
+- subst. zify. omega.
+- eapply IHlen in H0. zify. omega.
+Qed.
+
+Lemma seqZ_rev: forall len x l, (l <= x < l + Z.of_nat len)%Z -> List.In x (seqZ l len).
+Proof.
+induction len; intros; simpl in *.
+ omega.
+ destruct (Z_eq_dec l x); eauto. 
+  right. eapply IHlen; eauto. zify; omega.
+Qed.
+
+Lemma seqZ_In_iff: forall l len x, List.In x (seqZ l len) <-> (l <= x <  l + Z.of_nat len)%Z.
+Proof.
+split.
+intros. eauto using seqZ_le, seqZ_le2.
+eapply seqZ_rev.
+Qed.
+
+Lemma seqZ_NoDup: forall len l, List.NoDup (seqZ l len).
+Proof.
+induction len; intros.
+ constructor.
+ simpl. constructor; eauto.
+  intro Habs. eapply seqZ_le in Habs. omega. 
+Qed.
+
+Lemma seqZ_length: forall len l, List.length (seqZ l len) = len.
+Proof.
+induction len; eauto.
+intros. simpl. rewrite IHlen. reflexivity.
+Qed.
+
+(* Why3 goal *)
+Definition interval :
+  Numbers.BinNums.Z -> Numbers.BinNums.Z -> set.Fset.fset Numbers.BinNums.Z.
+Proof.
+intros l r.
+exists (fun x => if Z_le_dec l x then 
+                   if Z_lt_dec x r then true 
+                   else false 
+                 else false).
+destruct (Z_le_dec l r).
+ exists (seqZ l (Z.to_nat (r - l))%Z).
+  split. 
+  - eapply seqZ_NoDup.
+  - intros.
+    rewrite seqZ_In_iff.
+    rewrite Z2Nat.id; [|omega].
+    destruct Z_le_dec.
+    * destruct Z_lt_dec. split; intros; [reflexivity|].
+      intuition.
+      intuition. inversion H.
+    * intuition. inversion H.
+ exists List.nil. 
+  split.
+  - constructor.
+  - intros.
+    destruct Z_le_dec; try destruct Z_lt_dec; intuition.
+    omega.
+    inversion H.
+    inversion H.
+Defined.
+
+(* Why3 goal *)
+Lemma interval_def :
+  forall (l:Numbers.BinNums.Z) (r:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
+  set.Fset.mem x (interval l r) <-> (l <= x)%Z /\ (x < r)%Z.
+Proof.
+intros l r x.
+unfold interval, Fset.mem, set.Set.mem.
+destruct Z_le_dec; try destruct Z_lt_dec; intuition; try inversion H.
+Qed.
+
+Lemma interval_is_finite: forall l r, 
+  Cardinal.is_finite (fun x : int => 
+    if Z_le_dec l x then if Z_lt_dec x r then true 
+    else false else false).
+Proof.
+intros. 
+unfold Cardinal.is_finite.
+destruct (Z_le_dec l r).
+ exists (seqZ l (Z.to_nat (r - l)%Z)).
+  split. apply seqZ_NoDup.
+  intros. rewrite seqZ_In_iff.
+  rewrite Z2Nat.id; [|omega].
+  destruct Z_le_dec; try destruct Z_lt_dec; intuition; try inversion H.
+ exists nil. split. constructor.
+  simpl. intros. destruct Z_le_dec; try destruct Z_lt_dec; intuition.
+Qed.
+
+
+(* Why3 goal *)
+Lemma cardinal_interval :
+  forall (l:Numbers.BinNums.Z) (r:Numbers.BinNums.Z),
+  ((l <= r)%Z -> ((set.Fset.cardinal (interval l r)) = (r - l)%Z)) /\
+  (~ (l <= r)%Z -> ((set.Fset.cardinal (interval l r)) = 0%Z)).
+Proof.
+intros l r.
+unfold interval, Fset.mem, set.Set.mem, Fset.cardinal, Cardinal.cardinal.
+assert (H := interval_is_finite l r).
+destruct ClassicalEpsilon.excluded_middle_informative; [| intuition]. 
+destruct ClassicalEpsilon.classical_indefinite_description.
+specialize (a i).
+split.
+ intros.
+  destruct a. 
+  assert (length (seqZ l (Z.to_nat (r - l)%Z)) = length x).
+  {
+    eapply Nat.le_antisymm.
+    + eapply List.NoDup_incl_length. eapply seqZ_NoDup. intro. rewrite H2.
+      rewrite seqZ_In_iff. destruct Z_le_dec; try destruct Z_lt_dec; intuition.
+      rewrite Z2Nat.id in H5; omega.
+    + eapply List.NoDup_incl_length. assumption. intro. rewrite H2.
+      rewrite seqZ_In_iff. destruct Z_le_dec; try destruct Z_lt_dec; intuition.
+      rewrite Z2Nat.id; omega. 
+      inversion H3.
+      inversion H3.
+  }
+  rewrite <- H3. rewrite seqZ_length. rewrite Z2Nat.id; omega.
+ intros. destruct a. 
+  destruct x. reflexivity.
+  specialize (H2 z). contradict H2. destruct Z_le_dec. 
+  destruct Z_lt_dec. omega. intuition. intuition.
+Qed.
+
--- a/lib/coq/set/FsetSum.v
+++ b/lib/coq/set/FsetSum.v
--- a/lib/coq/set/Set.v
+++ b/lib/coq/set/Set.v
@@ -385,7 +385,7 @@ set (P := fun (x:a) => mem x s /\ y = f x).
 assert (inhabited a).
 destruct a_WT.
 exact (inhabits why_inhabitant).
-set (x := epsilon H P). 
+set (x := epsilon H P).
 destruct b_WT.
 destruct (why_decidable_eq y (f x)).
 exact (s x).

--- a/lib/coq/set/SetApp.v
+++ b/lib/coq/set/SetApp.v
+(* This file is generated by Why3's Coq-realize driver *)
+(* Beware! Only edit allowed sections below    *)
+Require Import BuiltIn.
+Require BuiltIn.
+Require HighOrd.
+Require int.Int.
+Require set.Fset.
+
+(* Why3 goal *)
+Definition elt : Type.
+Proof.
+(* TODO find something more interesting *)
+apply bool.
+Defined.
+
+(* Why3 goal *)
+Definition set : Type.
+Proof.
+(* TODO find something more interesting *)
+apply bool.
+Defined.
+
+(* Why3 goal *)
+Definition to_fset : set -> set.Fset.fset elt.
+Proof.
+(* TODO find something more interesting *)
+intros. exists (fun _ => false).
+exists nil. split. constructor. intros. split.
+intros. destruct H. intro. inversion H.
+Defined.
+
+(* Why3 goal *)
+Definition choose : set -> elt.
+Proof.
+intros.
+apply true.
+Defined.
+
+(* Why3 goal *)
+Lemma choose_spec :
+  forall (s:set), ~ set.Fset.is_empty (to_fset s) ->
+  set.Fset.mem (choose s) (to_fset s).
+Proof.
+intros s h1.
+destruct h1. unfold set.Fset.is_empty. intros.
+unfold to_fset. simpl. unfold set.Set.mem.
+intuition.
+Qed.
+
--- a/lib/coq/set/SetAppInt.v
+++ b/lib/coq/set/SetAppInt.v
+(* This file is generated by Why3's Coq-realize driver *)
+(* Beware! Only edit allowed sections below    *)
+Require Import BuiltIn.
+Require BuiltIn.
+Require HighOrd.
+Require int.Int.
+Require set.Fset.
+Require set.FsetInt.
+Require set.SetApp.
+
+(* Why3 goal *)
+Definition set : Type.
+Proof.
+(* TODO find something more interesting. *)
+apply bool.
+Defined.
+
+(* Why3 goal *)
+Definition to_fset : set -> set.Fset.fset Numbers.BinNums.Z.
+Proof.
+(* TODO find something more interesting. *)
+intros. exists (fun _ => false).
+exists nil. intuition.
+constructor. inversion H.
+Defined.
+
+(* Why3 goal *)
+Definition choose : set -> Numbers.BinNums.Z.
+Proof.
+(* TODO find something more interesting. *)
+intros. apply Z.zero.
+Defined.
+
+(* Why3 goal *)
+Lemma choose_spec :
+  forall (s:set), ~ set.Fset.is_empty (to_fset s) ->
+  set.Fset.mem (choose s) (to_fset s).
+Proof.
+intros s h1.
+destruct h1. unfold to_fset, Fset.is_empty, Fset.mem, set.Set.mem.
+intuition.
+Qed.
+
--- a/lib/coq/set/SetImp.v
+++ b/lib/coq/set/SetImp.v
+(* This file is generated by Why3's Coq-realize driver *)
+(* Beware! Only edit allowed sections below    *)
+Require Import BuiltIn.
+Require BuiltIn.
+Require HighOrd.
+Require int.Int.
+Require set.Fset.
+
+(* Why3 goal *)
+Definition elt : Type.
+Proof.
+(* TODO find something more interesting. *)
+apply bool.
+Defined.
+
+(* Why3 goal *)
+Definition set : Type.
+Proof.
+(* TODO find something more interesting. *)
+apply bool.
+Defined.
+
+(* Why3 goal *)
+Definition to_fset : set -> set.Fset.fset elt.
+Proof.
+(* TODO find something more interesting. *)
+intros. exists (fun _ => false).
+exists nil. intuition.
+constructor. inversion H.
+Defined.
+
+(* Why3 goal *)
+Definition choose : set -> elt.
+Proof.
+(* TODO find something more interesting. *)
+intros. apply true.
+Defined.
+
+(* Why3 goal *)
+Lemma choose_spec :
+  forall (s:set), ~ set.Fset.is_empty (to_fset s) ->
+  set.Fset.mem (choose s) (to_fset s).
+Proof.
+intros s h1.
+destruct h1. unfold to_fset, Fset.is_empty, Fset.mem, set.Set.mem.
+intuition.
+Qed.
+
--- a/lib/coq/set/SetImpInt.v
+++ b/lib/coq/set/SetImpInt.v
+(* This file is generated by Why3's Coq-realize driver *)
+(* Beware! Only edit allowed sections below    *)
+Require Import BuiltIn.
+Require BuiltIn.
+Require HighOrd.
+Require int.Int.
+Require set.Fset.
+Require set.FsetInt.
+Require set.SetImp.
+
+(* Why3 goal *)
+Definition set : Type.
+Proof.
+(* TODO find something more interesting. *)
+apply bool.
+Defined.
+
+(* Why3 goal *)
+Definition to_fset : set -> set.Fset.fset Numbers.BinNums.Z.
+Proof.
+(* TODO find something more interesting. *)
+intros. exists (fun _ => false).
+exists nil. intuition.
+constructor. inversion H.
+Defined.
+
+(* Why3 goal *)
+Definition choose : set -> Numbers.BinNums.Z.
+Proof.
+(* TODO find something more interesting. *)
+intros. apply Z.zero.
+Defined.
+
+(* Why3 goal *)
+Lemma choose_spec :
+  forall (s:set), ~ set.Fset.is_empty (to_fset s) ->
+  set.Fset.mem (choose s) (to_fset s).
+Proof.
+intros s h1.
+destruct h1. unfold to_fset, Fset.is_empty, Fset.mem, set.Set.mem.
+intuition.
+Qed.
+