1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
|
theory Why3_List
imports Why3_Setup
begin
section \<open> Length of a list \<close>
why3_open "list/Length.xml"
why3_vc lengthqtdef by (cases l) simp_all
why3_vc Length_nil by simp
why3_vc Length_nonnegative by simp
why3_end
section \<open> Membership in a list \<close>
why3_open "list/Mem.xml"
why3_vc memqtdef by (simp split: list.split)
why3_end
section \<open> Nth element of a list \<close>
why3_open "list/Nth.xml"
lemma nth_eq: "0 \<le> i \<Longrightarrow> nat i < length xs \<Longrightarrow> nth i xs = Some (xs ! nat i)"
by (induct xs arbitrary: i) (auto simp add: nat_diff_distrib)
why3_vc is_noneqtspec
by (simp add: is_none_def split: option.split)
why3_end
why3_open "list/NthNoOpt.xml"
why3_vc nth_cons_0 by simp
why3_vc nth_cons_n
using assms
by (simp add: nat_diff_distrib)
why3_end
why3_open "list/NthLength.xml"
why3_vc nth_none_1
using assms
by (induct l arbitrary: i) simp_all
why3_vc nth_none_2
using assms
by (induct l arbitrary: i) simp_all
why3_vc nth_none_3
using assms
proof (induct l arbitrary: i)
case Nil
then show ?case by simp arith
next
case (Cons x xs)
show ?case
proof (cases "i < 0")
case False
with Cons have "0 < i" by (simp split: if_split_asm)
with Cons have "Nth.nth (i - 1) xs = None" by simp
then have "i - 1 < 0 \<or> int (length xs) \<le> i - 1"
by (rule Cons)
with `0 < i` show ?thesis by auto
qed simp
qed
why3_vc is_noneqtspec
by (simp add: is_none_def split: option.split)
why3_end
section \<open> Head and tail \<close>
why3_open "list/HdTl.xml"
why3_vc is_noneqtspec
by (simp add: is_none_def split: option.split)
why3_end
why3_open "list/HdTlNoOpt.xml"
why3_vc hd_cons by simp
why3_vc tl_cons by simp
why3_end
section \<open> Relation between head, tail, and nth \<close>
why3_open "list/NthHdTl.xml"
why3_vc Nth_tl
using assms
by (simp add: tl_def split: list.split_asm)
why3_vc Nth0_head
by (simp add: hd_def split: list.split)
why3_vc is_noneqtspec
by (simp add: is_none_def split: option.split)
why3_end
section \<open> Appending two lists \<close>
why3_open "list/Append.xml"
why3_vc infix_plplqtdef by (simp split: list.split)
why3_vc Append_assoc by simp
why3_vc Append_l_nil by simp
why3_vc Append_length by simp
why3_vc mem_append by simp
why3_vc mem_decomp
using assms
by (simp add: in_set_conv_decomp)
why3_end
why3_open "list/NthLengthAppend.xml"
why3_vc nth_append_1
proof (cases "0 \<le> i")
case True
with assms have "nat i < length l1" by simp
with True show ?thesis
by (simp add: nth_eq nth_append)
next
case False
then show ?thesis by (simp add: nth_none_1)
qed
why3_vc nth_append_2
proof (cases "nat i < length (l1 @ l2)")
case True
with assms show ?thesis
by (auto simp add: nth_eq nth_append nat_diff_distrib)
next
case False
with assms show ?thesis by (simp add: nth_none_2)
qed
why3_vc is_noneqtspec
by (simp add: is_none_def split: option.split)
why3_end
section \<open> Reversing a list \<close>
why3_open "list/Reverse.xml"
why3_vc reverseqtdef by (simp split: list.split)
why3_vc Reverse_length by simp
why3_vc reverse_append by simp
why3_vc reverse_reverse by simp
why3_vc reverse_mem by simp
why3_vc reverse_cons by simp
why3_vc cons_reverse by simp
why3_end
section \<open> Reverse append \<close>
why3_open "list/RevAppend.xml"
why3_vc rev_append_append_l
by (induct r arbitrary: t) simp_all
why3_vc rev_append_append_r
proof (induct s arbitrary: r)
case (Cons x xs)
show ?case by (simp add: Cons [symmetric])
qed simp
why3_vc rev_append_length
by (induct s arbitrary: t) simp_all
why3_vc rev_append_def
by (induct r arbitrary: s) simp_all
why3_end
section \<open> Zip \<close>
why3_open "list/Combine.xml"
why3_end
section \<open> List with pairwise distinct elements \<close>
why3_open "list/Distinct.xml"
why3_vc distinct_zero by simp
why3_vc distinct_one by simp
why3_vc distinct_many using assms by simp
why3_vc distinct_append using assms by auto
why3_end
section \<open> Number of occurrences in a list \<close>
why3_open "list/NumOcc.xml"
why3_vc Num_Occ_NonNeg
by (induct l) simp_all
why3_vc Mem_Num_Occ
proof (induct l)
case (Cons y ys)
from Num_Occ_NonNeg [of y ys]
have "0 < 1 + num_occ y ys" by simp
with Cons show ?case by simp
qed simp
why3_vc Append_Num_Occ
by (induct l1) simp_all
why3_vc reverse_num_occ
by (induct l) (simp_all add: Append_Num_Occ)
why3_end
section \<open> Permutation of lists \<close>
why3_open "list/Permut.xml"
why3_vc Permut_refl by (simp add: permut_def)
why3_vc Permut_sym using assms by (simp add: permut_def)
why3_vc Permut_trans using assms by (simp add: permut_def)
why3_vc Permut_cons using assms by (simp add: permut_def)
why3_vc Permut_swap by (simp add: permut_def)
why3_vc Permut_cons_append by (simp add: permut_def Append_Num_Occ)
why3_vc Permut_assoc by (simp add: permut_def)
why3_vc Permut_append using assms by (simp add: permut_def Append_Num_Occ)
why3_vc Permut_append_swap by (simp add: permut_def Append_Num_Occ)
why3_vc Permut_mem using assms by (simp add: permut_def Mem_Num_Occ)
why3_vc Permut_length
using assms
proof (induct l1 arbitrary: l2)
case Nil
then show ?case
proof (cases l2)
case (Cons x xs)
with Nil Num_Occ_NonNeg [of x xs]
show ?thesis by (auto simp add: permut_def dest: spec [of _ x])
qed simp
next
case (Cons x xs)
from `permut (x # xs) l2` have "x \<in> set l2"
by (rule Permut_mem) simp
then obtain ys zs where "l2 = ys @ x # zs"
by (auto simp add: in_set_conv_decomp)
with Cons have "permut (x # xs) (ys @ x # zs)" by simp
moreover have "permut (ys @ x # zs) ((x # zs) @ ys)"
by (rule Permut_append_swap)
ultimately have "permut (x # xs) ((x # zs) @ ys)"
by (rule Permut_trans)
then have "permut xs (zs @ ys)" by (simp add: permut_def)
then have "int (length xs) = int (length (zs @ ys))" by (rule Cons)
with `l2 = ys @ x # zs` show ?case by simp
qed
why3_end
end
|
