isabelle: src/HOL/Imperative_HOL/ex/Imperative_Quicksort.thy@588c751a5eef (annotated)

36098 53992c639da5 added imperative SAT checker; improved headers of example files; adopted IsaMakefile bulwahn parents: 35041 diff changeset	1	(* Title: HOL/Imperative_HOL/ex/Imperative_Quicksort.thy
53992c639da5 added imperative SAT checker; improved headers of example files; adopted IsaMakefile bulwahn parents: 35041 diff changeset	2	Author: Lukas Bulwahn, TU Muenchen
53992c639da5 added imperative SAT checker; improved headers of example files; adopted IsaMakefile bulwahn parents: 35041 diff changeset	3	*)
53992c639da5 added imperative SAT checker; improved headers of example files; adopted IsaMakefile bulwahn parents: 35041 diff changeset	4
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	5	section \<open>An imperative implementation of Quicksort on arrays\<close>
30689 b14b2cc4e25e moved Imperative_HOL examples to Imperative_HOL/ex haftmann parents: 29793 diff changeset	6
b14b2cc4e25e moved Imperative_HOL examples to Imperative_HOL/ex haftmann parents: 29793 diff changeset	7	theory Imperative_Quicksort
41413 64cd30d6b0b8 explicit file specifications -- avoid secondary load path; wenzelm parents: 40671 diff changeset	8	imports
72671 588c751a5eef more standard imports; wenzelm parents: 68110 diff changeset	9	"../Imperative_HOL"
41413 64cd30d6b0b8 explicit file specifications -- avoid secondary load path; wenzelm parents: 40671 diff changeset	10	Subarray
66453 cc19f7ca2ed6 session-qualified theory imports: isabelle imports -U -i -d '~~/src/Benchmarks' -a; wenzelm parents: 65956 diff changeset	11	"HOL-Library.Multiset"
cc19f7ca2ed6 session-qualified theory imports: isabelle imports -U -i -d '~~/src/Benchmarks' -a; wenzelm parents: 65956 diff changeset	12	"HOL-Library.Code_Target_Numeral"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	13	begin
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	14
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	15	text \<open>We prove QuickSort correct in the Relational Calculus.\<close>
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	16
61702 2e89bc578935 misc. changes to Imperative-HOL from Peter Gammie Lars Hupel <lars.hupel@mytum.de> parents: 60515 diff changeset	17	definition swap :: "'a::heap array \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> unit Heap"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	18	where
37792 ba0bc31b90d7 Heap_Monad uses Monad_Syntax krauss parents: 37771 diff changeset	19	"swap arr i j =
ba0bc31b90d7 Heap_Monad uses Monad_Syntax krauss parents: 37771 diff changeset	20	do {
37798 0b0570445a2a proper merge of operation changes and generic do-syntax haftmann parents: 37797 diff changeset	21	x \<leftarrow> Array.nth arr i;
0b0570445a2a proper merge of operation changes and generic do-syntax haftmann parents: 37797 diff changeset	22	y \<leftarrow> Array.nth arr j;
0b0570445a2a proper merge of operation changes and generic do-syntax haftmann parents: 37797 diff changeset	23	Array.upd i y arr;
0b0570445a2a proper merge of operation changes and generic do-syntax haftmann parents: 37797 diff changeset	24	Array.upd j x arr;
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	25	return ()
37792 ba0bc31b90d7 Heap_Monad uses Monad_Syntax krauss parents: 37771 diff changeset	26	}"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	27
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	28	lemma effect_swapI [effect_intros]:
37802 f2e9c104cebd canonical argument order for length haftmann parents: 37798 diff changeset	29	assumes "i < Array.length h a" "j < Array.length h a"
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	30	"x = Array.get h a ! i" "y = Array.get h a ! j"
37798 0b0570445a2a proper merge of operation changes and generic do-syntax haftmann parents: 37797 diff changeset	31	"h' = Array.update a j x (Array.update a i y h)"
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	32	shows "effect (swap a i j) h h' r"
5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	33	unfolding swap_def using assms by (auto intro!: effect_intros)
37771 1bec64044b5e spelt out relational framework in a consistent way haftmann parents: 37758 diff changeset	34
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	35	lemma swap_permutes:
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	36	assumes "effect (swap a i j) h h' rs"
60515 484559628038 renamed multiset_of -> mset nipkow parents: 60495 diff changeset	37	shows "mset (Array.get h' a)
484559628038 renamed multiset_of -> mset nipkow parents: 60495 diff changeset	38	= mset (Array.get h a)"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	39	using assms
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	40	unfolding swap_def
60515 484559628038 renamed multiset_of -> mset nipkow parents: 60495 diff changeset	41	by (auto simp add: Array.length_def mset_swap dest: sym [of _ "h'"] elim!: effect_bindE effect_nthE effect_returnE effect_updE)
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	42
61702 2e89bc578935 misc. changes to Imperative-HOL from Peter Gammie Lars Hupel <lars.hupel@mytum.de> parents: 60515 diff changeset	43	function part1 :: "'a::{heap,ord} array \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> 'a \<Rightarrow> nat Heap"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	44	where
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	45	"part1 a left right p = (
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	46	if (right \<le> left) then return right
37792 ba0bc31b90d7 Heap_Monad uses Monad_Syntax krauss parents: 37771 diff changeset	47	else do {
37798 0b0570445a2a proper merge of operation changes and generic do-syntax haftmann parents: 37797 diff changeset	48	v \<leftarrow> Array.nth a left;
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	49	(if (v \<le> p) then (part1 a (left + 1) right p)
37792 ba0bc31b90d7 Heap_Monad uses Monad_Syntax krauss parents: 37771 diff changeset	50	else (do { swap a left right;
ba0bc31b90d7 Heap_Monad uses Monad_Syntax krauss parents: 37771 diff changeset	51	part1 a left (right - 1) p }))
ba0bc31b90d7 Heap_Monad uses Monad_Syntax krauss parents: 37771 diff changeset	52	})"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	53	by pat_completeness auto
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	54
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	55	termination
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	56	by (relation "measure (\<lambda>(_,l,r,_). r - l )") auto
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	57
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	58	declare part1.simps[simp del]
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	59
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	60	lemma part_permutes:
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	61	assumes "effect (part1 a l r p) h h' rs"
60515 484559628038 renamed multiset_of -> mset nipkow parents: 60495 diff changeset	62	shows "mset (Array.get h' a)
484559628038 renamed multiset_of -> mset nipkow parents: 60495 diff changeset	63	= mset (Array.get h a)"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	64	using assms
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	65	proof (induct a l r p arbitrary: h h' rs rule:part1.induct)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	66	case (1 a l r p h h' rs)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	67	thus ?case
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	68	unfolding part1.simps [of a l r p]
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	69	by (elim effect_bindE effect_ifE effect_returnE effect_nthE) (auto simp add: swap_permutes)
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	70	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	71
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	72	lemma part_returns_index_in_bounds:
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	73	assumes "effect (part1 a l r p) h h' rs"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	74	assumes "l \<le> r"
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	75	shows "l \<le> rs \<and> rs \<le> r"
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	76	using assms
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	77	proof (induct a l r p arbitrary: h h' rs rule:part1.induct)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	78	case (1 a l r p h h' rs)
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	79	note cr = \<open>effect (part1 a l r p) h h' rs\<close>
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	80	show ?case
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	81	proof (cases "r \<le> l")
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	82	case True (* Terminating case *)
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	83	with cr \<open>l \<le> r\<close> show ?thesis
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	84	unfolding part1.simps[of a l r p]
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	85	by (elim effect_bindE effect_ifE effect_returnE effect_nthE) auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	86	next
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	87	case False (* recursive case *)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	88	note rec_condition = this
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	89	let ?v = "Array.get h a ! l"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	90	show ?thesis
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	91	proof (cases "?v \<le> p")
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	92	case True
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	93	with cr False
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	94	have rec1: "effect (part1 a (l + 1) r p) h h' rs"
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	95	unfolding part1.simps[of a l r p]
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	96	by (elim effect_bindE effect_nthE effect_ifE effect_returnE) auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	97	from rec_condition have "l + 1 \<le> r" by arith
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	98	from 1(1)[OF rec_condition True rec1 \<open>l + 1 \<le> r\<close>]
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	99	show ?thesis by simp
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	100	next
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	101	case False
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	102	with rec_condition cr
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	103	obtain h1 where swp: "effect (swap a l r) h h1 ()"
5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	104	and rec2: "effect (part1 a l (r - 1) p) h1 h' rs"
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	105	unfolding part1.simps[of a l r p]
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	106	by (elim effect_bindE effect_nthE effect_ifE effect_returnE) auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	107	from rec_condition have "l \<le> r - 1" by arith
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	108	from 1(2) [OF rec_condition False rec2 \<open>l \<le> r - 1\<close>] show ?thesis by fastforce
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	109	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	110	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	111	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	112
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	113	lemma part_length_remains:
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	114	assumes "effect (part1 a l r p) h h' rs"
37802 f2e9c104cebd canonical argument order for length haftmann parents: 37798 diff changeset	115	shows "Array.length h a = Array.length h' a"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	116	using assms
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	117	proof (induct a l r p arbitrary: h h' rs rule:part1.induct)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	118	case (1 a l r p h h' rs)
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	119	note cr = \<open>effect (part1 a l r p) h h' rs\<close>
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	120
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	121	show ?case
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	122	proof (cases "r \<le> l")
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	123	case True (* Terminating case *)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	124	with cr show ?thesis
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	125	unfolding part1.simps[of a l r p]
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	126	by (elim effect_bindE effect_ifE effect_returnE effect_nthE) auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	127	next
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	128	case False (* recursive case *)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	129	with cr 1 show ?thesis
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	130	unfolding part1.simps [of a l r p] swap_def
44890 22f665a2e91c new fastforce replacing fastsimp - less confusing name nipkow parents: 41413 diff changeset	131	by (auto elim!: effect_bindE effect_ifE effect_nthE effect_returnE effect_updE) fastforce
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	132	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	133	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	134
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	135	lemma part_outer_remains:
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	136	assumes "effect (part1 a l r p) h h' rs"
61702 2e89bc578935 misc. changes to Imperative-HOL from Peter Gammie Lars Hupel <lars.hupel@mytum.de> parents: 60515 diff changeset	137	shows "\<forall>i. i < l \<or> r < i \<longrightarrow> Array.get h (a::'a::{heap,linorder} array) ! i = Array.get h' a ! i"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	138	using assms
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	139	proof (induct a l r p arbitrary: h h' rs rule:part1.induct)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	140	case (1 a l r p h h' rs)
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	141	note cr = \<open>effect (part1 a l r p) h h' rs\<close>
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	142
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	143	show ?case
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	144	proof (cases "r \<le> l")
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	145	case True (* Terminating case *)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	146	with cr show ?thesis
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	147	unfolding part1.simps[of a l r p]
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	148	by (elim effect_bindE effect_ifE effect_returnE effect_nthE) auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	149	next
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	150	case False (* recursive case *)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	151	note rec_condition = this
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	152	let ?v = "Array.get h a ! l"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	153	show ?thesis
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	154	proof (cases "?v \<le> p")
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	155	case True
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	156	with cr False
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	157	have rec1: "effect (part1 a (l + 1) r p) h h' rs"
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	158	unfolding part1.simps[of a l r p]
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	159	by (elim effect_bindE effect_nthE effect_ifE effect_returnE) auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	160	from 1(1)[OF rec_condition True rec1]
44890 22f665a2e91c new fastforce replacing fastsimp - less confusing name nipkow parents: 41413 diff changeset	161	show ?thesis by fastforce
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	162	next
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	163	case False
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	164	with rec_condition cr
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	165	obtain h1 where swp: "effect (swap a l r) h h1 ()"
5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	166	and rec2: "effect (part1 a l (r - 1) p) h1 h' rs"
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	167	unfolding part1.simps[of a l r p]
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	168	by (elim effect_bindE effect_nthE effect_ifE effect_returnE) auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	169	from swp rec_condition have
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	170	"\<forall>i. i < l \<or> r < i \<longrightarrow> Array.get h a ! i = Array.get h1 a ! i"
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	171	unfolding swap_def
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	172	by (elim effect_bindE effect_nthE effect_updE effect_returnE) auto
44890 22f665a2e91c new fastforce replacing fastsimp - less confusing name nipkow parents: 41413 diff changeset	173	with 1(2) [OF rec_condition False rec2] show ?thesis by fastforce
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	174	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	175	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	176	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	177
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	178
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	179	lemma part_partitions:
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	180	assumes "effect (part1 a l r p) h h' rs"
61702 2e89bc578935 misc. changes to Imperative-HOL from Peter Gammie Lars Hupel <lars.hupel@mytum.de> parents: 60515 diff changeset	181	shows "(\<forall>i. l \<le> i \<and> i < rs \<longrightarrow> Array.get h' (a::'a::{heap,linorder} array) ! i \<le> p)
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	182	\<and> (\<forall>i. rs < i \<and> i \<le> r \<longrightarrow> Array.get h' a ! i \<ge> p)"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	183	using assms
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	184	proof (induct a l r p arbitrary: h h' rs rule:part1.induct)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	185	case (1 a l r p h h' rs)
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	186	note cr = \<open>effect (part1 a l r p) h h' rs\<close>
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	187
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	188	show ?case
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	189	proof (cases "r \<le> l")
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	190	case True (* Terminating case *)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	191	with cr have "rs = r"
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	192	unfolding part1.simps[of a l r p]
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	193	by (elim effect_bindE effect_ifE effect_returnE effect_nthE) auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	194	with True
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	195	show ?thesis by auto
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	196	next
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	197	case False (* recursive case *)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	198	note lr = this
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	199	let ?v = "Array.get h a ! l"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	200	show ?thesis
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	201	proof (cases "?v \<le> p")
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	202	case True
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	203	with lr cr
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	204	have rec1: "effect (part1 a (l + 1) r p) h h' rs"
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	205	unfolding part1.simps[of a l r p]
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	206	by (elim effect_bindE effect_nthE effect_ifE effect_returnE) auto
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	207	from True part_outer_remains[OF rec1] have a_l: "Array.get h' a ! l \<le> p"
44890 22f665a2e91c new fastforce replacing fastsimp - less confusing name nipkow parents: 41413 diff changeset	208	by fastforce
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	209	have "\<forall>i. (l \<le> i = (l = i \<or> Suc l \<le> i))" by arith
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	210	with 1(1)[OF False True rec1] a_l show ?thesis
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	211	by auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	212	next
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	213	case False
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	214	with lr cr
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	215	obtain h1 where swp: "effect (swap a l r) h h1 ()"
5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	216	and rec2: "effect (part1 a l (r - 1) p) h1 h' rs"
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	217	unfolding part1.simps[of a l r p]
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	218	by (elim effect_bindE effect_nthE effect_ifE effect_returnE) auto
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	219	from swp False have "Array.get h1 a ! r \<ge> p"
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	220	unfolding swap_def
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	221	by (auto simp add: Array.length_def elim!: effect_bindE effect_nthE effect_updE effect_returnE)
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	222	with part_outer_remains [OF rec2] lr have a_r: "Array.get h' a ! r \<ge> p"
44890 22f665a2e91c new fastforce replacing fastsimp - less confusing name nipkow parents: 41413 diff changeset	223	by fastforce
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	224	have "\<forall>i. (i \<le> r = (i = r \<or> i \<le> r - 1))" by arith
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	225	with 1(2)[OF lr False rec2] a_r show ?thesis
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	226	by auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	227	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	228	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	229	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	230
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	231
61702 2e89bc578935 misc. changes to Imperative-HOL from Peter Gammie Lars Hupel <lars.hupel@mytum.de> parents: 60515 diff changeset	232	fun partition :: "'a::{heap,linorder} array \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> nat Heap"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	233	where
37792 ba0bc31b90d7 Heap_Monad uses Monad_Syntax krauss parents: 37771 diff changeset	234	"partition a left right = do {
37798 0b0570445a2a proper merge of operation changes and generic do-syntax haftmann parents: 37797 diff changeset	235	pivot \<leftarrow> Array.nth a right;
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	236	middle \<leftarrow> part1 a left (right - 1) pivot;
37798 0b0570445a2a proper merge of operation changes and generic do-syntax haftmann parents: 37797 diff changeset	237	v \<leftarrow> Array.nth a middle;
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	238	m \<leftarrow> return (if (v \<le> pivot) then (middle + 1) else middle);
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	239	swap a m right;
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	240	return m
37792 ba0bc31b90d7 Heap_Monad uses Monad_Syntax krauss parents: 37771 diff changeset	241	}"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	242
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	243	declare partition.simps[simp del]
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	244
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	245	lemma partition_permutes:
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	246	assumes "effect (partition a l r) h h' rs"
60515 484559628038 renamed multiset_of -> mset nipkow parents: 60495 diff changeset	247	shows "mset (Array.get h' a)
484559628038 renamed multiset_of -> mset nipkow parents: 60495 diff changeset	248	= mset (Array.get h a)"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	249	proof -
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	250	from assms part_permutes swap_permutes show ?thesis
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	251	unfolding partition.simps
61702 2e89bc578935 misc. changes to Imperative-HOL from Peter Gammie Lars Hupel <lars.hupel@mytum.de> parents: 60515 diff changeset	252	by (elim effect_bindE effect_returnE effect_nthE effect_ifE effect_updE) fastforce
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	253	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	254
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	255	lemma partition_length_remains:
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	256	assumes "effect (partition a l r) h h' rs"
37802 f2e9c104cebd canonical argument order for length haftmann parents: 37798 diff changeset	257	shows "Array.length h a = Array.length h' a"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	258	proof -
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	259	from assms part_length_remains show ?thesis
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	260	unfolding partition.simps swap_def
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	261	by (elim effect_bindE effect_returnE effect_nthE effect_ifE effect_updE) auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	262	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	263
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	264	lemma partition_outer_remains:
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	265	assumes "effect (partition a l r) h h' rs"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	266	assumes "l < r"
61702 2e89bc578935 misc. changes to Imperative-HOL from Peter Gammie Lars Hupel <lars.hupel@mytum.de> parents: 60515 diff changeset	267	shows "\<forall>i. i < l \<or> r < i \<longrightarrow> Array.get h (a::'a::{heap,linorder} array) ! i = Array.get h' a ! i"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	268	proof -
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	269	from assms part_outer_remains part_returns_index_in_bounds show ?thesis
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	270	unfolding partition.simps swap_def
44890 22f665a2e91c new fastforce replacing fastsimp - less confusing name nipkow parents: 41413 diff changeset	271	by (elim effect_bindE effect_returnE effect_nthE effect_ifE effect_updE) fastforce
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	272	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	273
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	274	lemma partition_returns_index_in_bounds:
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	275	assumes effect: "effect (partition a l r) h h' rs"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	276	assumes "l < r"
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	277	shows "l \<le> rs \<and> rs \<le> r"
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	278	proof -
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	279	from effect obtain middle h'' p where part: "effect (part1 a l (r - 1) p) h h'' middle"
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	280	and rs_equals: "rs = (if Array.get h'' a ! middle \<le> Array.get h a ! r then middle + 1
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	281	else middle)"
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	282	unfolding partition.simps
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	283	by (elim effect_bindE effect_returnE effect_nthE effect_ifE effect_updE) simp
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	284	from \<open>l < r\<close> have "l \<le> r - 1" by arith
0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	285	from part_returns_index_in_bounds[OF part this] rs_equals \<open>l < r\<close> show ?thesis by auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	286	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	287
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	288	lemma partition_partitions:
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	289	assumes effect: "effect (partition a l r) h h' rs"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	290	assumes "l < r"
61702 2e89bc578935 misc. changes to Imperative-HOL from Peter Gammie Lars Hupel <lars.hupel@mytum.de> parents: 60515 diff changeset	291	shows "(\<forall>i. l \<le> i \<and> i < rs \<longrightarrow> Array.get h' (a::'a::{heap,linorder} array) ! i \<le> Array.get h' a ! rs) \<and>
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	292	(\<forall>i. rs < i \<and> i \<le> r \<longrightarrow> Array.get h' a ! rs \<le> Array.get h' a ! i)"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	293	proof -
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	294	let ?pivot = "Array.get h a ! r"
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	295	from effect obtain middle h1 where part: "effect (part1 a l (r - 1) ?pivot) h h1 middle"
5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	296	and swap: "effect (swap a rs r) h1 h' ()"
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	297	and rs_equals: "rs = (if Array.get h1 a ! middle \<le> ?pivot then middle + 1
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	298	else middle)"
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	299	unfolding partition.simps
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	300	by (elim effect_bindE effect_returnE effect_nthE effect_ifE effect_updE) simp
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	301	from swap have h'_def: "h' = Array.update a r (Array.get h1 a ! rs)
a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	302	(Array.update a rs (Array.get h1 a ! r) h1)"
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	303	unfolding swap_def
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	304	by (elim effect_bindE effect_returnE effect_nthE effect_updE) simp
37802 f2e9c104cebd canonical argument order for length haftmann parents: 37798 diff changeset	305	from swap have in_bounds: "r < Array.length h1 a \<and> rs < Array.length h1 a"
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	306	unfolding swap_def
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	307	by (elim effect_bindE effect_returnE effect_nthE effect_updE) simp
37802 f2e9c104cebd canonical argument order for length haftmann parents: 37798 diff changeset	308	from swap have swap_length_remains: "Array.length h1 a = Array.length h' a"
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	309	unfolding swap_def by (elim effect_bindE effect_returnE effect_nthE effect_updE) auto
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	310	from \<open>l < r\<close> have "l \<le> r - 1" by simp
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	311	note middle_in_bounds = part_returns_index_in_bounds[OF part this]
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	312	from part_outer_remains[OF part] \<open>l < r\<close>
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	313	have "Array.get h a ! r = Array.get h1 a ! r"
44890 22f665a2e91c new fastforce replacing fastsimp - less confusing name nipkow parents: 41413 diff changeset	314	by fastforce
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	315	with swap
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	316	have right_remains: "Array.get h a ! r = Array.get h' a ! rs"
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	317	unfolding swap_def
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	318	by (auto simp add: Array.length_def elim!: effect_bindE effect_returnE effect_nthE effect_updE) (cases "r = rs", auto)
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	319	from part_partitions [OF part]
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	320	show ?thesis
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	321	proof (cases "Array.get h1 a ! middle \<le> ?pivot")
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	322	case True
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	323	with rs_equals have rs_equals: "rs = middle + 1" by simp
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	324	{
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	325	fix i
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	326	assume i_is_left: "l \<le> i \<and> i < rs"
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	327	with swap_length_remains in_bounds middle_in_bounds rs_equals \<open>l < r\<close>
37802 f2e9c104cebd canonical argument order for length haftmann parents: 37798 diff changeset	328	have i_props: "i < Array.length h' a" "i \<noteq> r" "i \<noteq> rs" by auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	329	from i_is_left rs_equals have "l \<le> i \<and> i < middle \<or> i = middle" by arith
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	330	with part_partitions[OF part] right_remains True
44890 22f665a2e91c new fastforce replacing fastsimp - less confusing name nipkow parents: 41413 diff changeset	331	have "Array.get h1 a ! i \<le> Array.get h' a ! rs" by fastforce
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	332	with i_props h'_def in_bounds have "Array.get h' a ! i \<le> Array.get h' a ! rs"
37798 0b0570445a2a proper merge of operation changes and generic do-syntax haftmann parents: 37797 diff changeset	333	unfolding Array.update_def Array.length_def by simp
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	334	}
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	335	moreover
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	336	{
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	337	fix i
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	338	assume "rs < i \<and> i \<le> r"
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	339
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	340	hence "(rs < i \<and> i \<le> r - 1) \<or> (rs < i \<and> i = r)" by arith
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	341	hence "Array.get h' a ! rs \<le> Array.get h' a ! i"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	342	proof
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	343	assume i_is: "rs < i \<and> i \<le> r - 1"
69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	344	with swap_length_remains in_bounds middle_in_bounds rs_equals
37802 f2e9c104cebd canonical argument order for length haftmann parents: 37798 diff changeset	345	have i_props: "i < Array.length h' a" "i \<noteq> r" "i \<noteq> rs" by auto
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	346	from part_partitions[OF part] rs_equals right_remains i_is
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	347	have "Array.get h' a ! rs \<le> Array.get h1 a ! i"
44890 22f665a2e91c new fastforce replacing fastsimp - less confusing name nipkow parents: 41413 diff changeset	348	by fastforce
22f665a2e91c new fastforce replacing fastsimp - less confusing name nipkow parents: 41413 diff changeset	349	with i_props h'_def show ?thesis by fastforce
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	350	next
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	351	assume i_is: "rs < i \<and> i = r"
69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	352	with rs_equals have "Suc middle \<noteq> r" by arith
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	353	with middle_in_bounds \<open>l < r\<close> have "Suc middle \<le> r - 1" by arith
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	354	with part_partitions[OF part] right_remains
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	355	have "Array.get h' a ! rs \<le> Array.get h1 a ! (Suc middle)"
44890 22f665a2e91c new fastforce replacing fastsimp - less confusing name nipkow parents: 41413 diff changeset	356	by fastforce
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	357	with i_is True rs_equals right_remains h'_def
69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	358	show ?thesis using in_bounds
37798 0b0570445a2a proper merge of operation changes and generic do-syntax haftmann parents: 37797 diff changeset	359	unfolding Array.update_def Array.length_def
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	360	by auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	361	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	362	}
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	363	ultimately show ?thesis by auto
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	364	next
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	365	case False
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	366	with rs_equals have rs_equals: "middle = rs" by simp
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	367	{
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	368	fix i
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	369	assume i_is_left: "l \<le> i \<and> i < rs"
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	370	with swap_length_remains in_bounds middle_in_bounds rs_equals
37802 f2e9c104cebd canonical argument order for length haftmann parents: 37798 diff changeset	371	have i_props: "i < Array.length h' a" "i \<noteq> r" "i \<noteq> rs" by auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	372	from part_partitions[OF part] rs_equals right_remains i_is_left
44890 22f665a2e91c new fastforce replacing fastsimp - less confusing name nipkow parents: 41413 diff changeset	373	have "Array.get h1 a ! i \<le> Array.get h' a ! rs" by fastforce
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	374	with i_props h'_def have "Array.get h' a ! i \<le> Array.get h' a ! rs"
37798 0b0570445a2a proper merge of operation changes and generic do-syntax haftmann parents: 37797 diff changeset	375	unfolding Array.update_def by simp
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	376	}
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	377	moreover
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	378	{
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	379	fix i
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	380	assume "rs < i \<and> i \<le> r"
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	381	hence "(rs < i \<and> i \<le> r - 1) \<or> i = r" by arith
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	382	hence "Array.get h' a ! rs \<le> Array.get h' a ! i"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	383	proof
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	384	assume i_is: "rs < i \<and> i \<le> r - 1"
69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	385	with swap_length_remains in_bounds middle_in_bounds rs_equals
37802 f2e9c104cebd canonical argument order for length haftmann parents: 37798 diff changeset	386	have i_props: "i < Array.length h' a" "i \<noteq> r" "i \<noteq> rs" by auto
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	387	from part_partitions[OF part] rs_equals right_remains i_is
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	388	have "Array.get h' a ! rs \<le> Array.get h1 a ! i"
44890 22f665a2e91c new fastforce replacing fastsimp - less confusing name nipkow parents: 41413 diff changeset	389	by fastforce
22f665a2e91c new fastforce replacing fastsimp - less confusing name nipkow parents: 41413 diff changeset	390	with i_props h'_def show ?thesis by fastforce
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	391	next
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	392	assume i_is: "i = r"
69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	393	from i_is False rs_equals right_remains h'_def
69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	394	show ?thesis using in_bounds
37798 0b0570445a2a proper merge of operation changes and generic do-syntax haftmann parents: 37797 diff changeset	395	unfolding Array.update_def Array.length_def
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	396	by auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	397	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	398	}
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	399	ultimately
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	400	show ?thesis by auto
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	401	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	402	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	403
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	404
61702 2e89bc578935 misc. changes to Imperative-HOL from Peter Gammie Lars Hupel <lars.hupel@mytum.de> parents: 60515 diff changeset	405	function quicksort :: "'a::{heap,linorder} array \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> unit Heap"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	406	where
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	407	"quicksort arr left right =
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	408	(if (right > left) then
37792 ba0bc31b90d7 Heap_Monad uses Monad_Syntax krauss parents: 37771 diff changeset	409	do {
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	410	pivotNewIndex \<leftarrow> partition arr left right;
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	411	pivotNewIndex \<leftarrow> assert (\<lambda>x. left \<le> x \<and> x \<le> right) pivotNewIndex;
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	412	quicksort arr left (pivotNewIndex - 1);
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	413	quicksort arr (pivotNewIndex + 1) right
37792 ba0bc31b90d7 Heap_Monad uses Monad_Syntax krauss parents: 37771 diff changeset	414	}
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	415	else return ())"
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	416	by pat_completeness auto
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	417
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	418	(* For termination, we must show that the pivotNewIndex is between left and right *)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	419	termination
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	420	by (relation "measure (\<lambda>(a, l, r). (r - l))") auto
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	421
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	422	declare quicksort.simps[simp del]
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	423
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	424
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	425	lemma quicksort_permutes:
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	426	assumes "effect (quicksort a l r) h h' rs"
60515 484559628038 renamed multiset_of -> mset nipkow parents: 60495 diff changeset	427	shows "mset (Array.get h' a)
484559628038 renamed multiset_of -> mset nipkow parents: 60495 diff changeset	428	= mset (Array.get h a)"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	429	using assms
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	430	proof (induct a l r arbitrary: h h' rs rule: quicksort.induct)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	431	case (1 a l r h h' rs)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	432	with partition_permutes show ?case
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	433	unfolding quicksort.simps [of a l r]
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	434	by (elim effect_ifE effect_bindE effect_assertE effect_returnE) auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	435	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	436
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	437	lemma length_remains:
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	438	assumes "effect (quicksort a l r) h h' rs"
37802 f2e9c104cebd canonical argument order for length haftmann parents: 37798 diff changeset	439	shows "Array.length h a = Array.length h' a"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	440	using assms
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	441	proof (induct a l r arbitrary: h h' rs rule: quicksort.induct)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	442	case (1 a l r h h' rs)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	443	with partition_length_remains show ?case
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	444	unfolding quicksort.simps [of a l r]
61702 2e89bc578935 misc. changes to Imperative-HOL from Peter Gammie Lars Hupel <lars.hupel@mytum.de> parents: 60515 diff changeset	445	by (elim effect_ifE effect_bindE effect_assertE effect_returnE) fastforce+
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	446	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	447
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	448	lemma quicksort_outer_remains:
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	449	assumes "effect (quicksort a l r) h h' rs"
61702 2e89bc578935 misc. changes to Imperative-HOL from Peter Gammie Lars Hupel <lars.hupel@mytum.de> parents: 60515 diff changeset	450	shows "\<forall>i. i < l \<or> r < i \<longrightarrow> Array.get h (a::'a::{heap,linorder} array) ! i = Array.get h' a ! i"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	451	using assms
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	452	proof (induct a l r arbitrary: h h' rs rule: quicksort.induct)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	453	case (1 a l r h h' rs)
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	454	note cr = \<open>effect (quicksort a l r) h h' rs\<close>
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	455	thus ?case
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	456	proof (cases "r > l")
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	457	case False
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	458	with cr have "h' = h"
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	459	unfolding quicksort.simps [of a l r]
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	460	by (elim effect_ifE effect_returnE) auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	461	thus ?thesis by simp
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	462	next
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	463	case True
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	464	{
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	465	fix h1 h2 p ret1 ret2 i
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	466	assume part: "effect (partition a l r) h h1 p"
5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	467	assume qs1: "effect (quicksort a l (p - 1)) h1 h2 ret1"
5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	468	assume qs2: "effect (quicksort a (p + 1) r) h2 h' ret2"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	469	assume pivot: "l \<le> p \<and> p \<le> r"
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	470	assume i_outer: "i < l \<or> r < i"
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	471	from partition_outer_remains [OF part True] i_outer
53374 a14d2a854c02 tuned proofs -- clarified flow of facts wrt. calculation; wenzelm parents: 51272 diff changeset	472	have 2: "Array.get h a !i = Array.get h1 a ! i" by fastforce
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	473	moreover
53374 a14d2a854c02 tuned proofs -- clarified flow of facts wrt. calculation; wenzelm parents: 51272 diff changeset	474	from 1(1) [OF True pivot qs1] pivot i_outer 2
a14d2a854c02 tuned proofs -- clarified flow of facts wrt. calculation; wenzelm parents: 51272 diff changeset	475	have 3: "Array.get h1 a ! i = Array.get h2 a ! i" by auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	476	moreover
53374 a14d2a854c02 tuned proofs -- clarified flow of facts wrt. calculation; wenzelm parents: 51272 diff changeset	477	from qs2 1(2) [of p h2 h' ret2] True pivot i_outer 3
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	478	have "Array.get h2 a ! i = Array.get h' a ! i" by auto
a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	479	ultimately have "Array.get h a ! i= Array.get h' a ! i" by simp
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	480	}
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	481	with cr show ?thesis
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	482	unfolding quicksort.simps [of a l r]
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	483	by (elim effect_ifE effect_bindE effect_assertE effect_returnE) auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	484	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	485	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	486
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	487	lemma quicksort_is_skip:
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	488	assumes "effect (quicksort a l r) h h' rs"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	489	shows "r \<le> l \<longrightarrow> h = h'"
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	490	using assms
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	491	unfolding quicksort.simps [of a l r]
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	492	by (elim effect_ifE effect_returnE) auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	493
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	494	lemma quicksort_sorts:
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	495	assumes "effect (quicksort a l r) h h' rs"
37802 f2e9c104cebd canonical argument order for length haftmann parents: 37798 diff changeset	496	assumes l_r_length: "l < Array.length h a" "r < Array.length h a"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	497	shows "sorted (subarray l (r + 1) a h')"
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	498	using assms
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	499	proof (induct a l r arbitrary: h h' rs rule: quicksort.induct)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	500	case (1 a l r h h' rs)
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	501	note cr = \<open>effect (quicksort a l r) h h' rs\<close>
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	502	thus ?case
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	503	proof (cases "r > l")
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	504	case False
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	505	hence "l \<ge> r + 1 \<or> l = r" by arith
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	506	with length_remains[OF cr] 1(5) show ?thesis
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	507	by (auto simp add: subarray_Nil subarray_single)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	508	next
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	509	case True
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	510	{
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	511	fix h1 h2 p
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	512	assume part: "effect (partition a l r) h h1 p"
5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	513	assume qs1: "effect (quicksort a l (p - 1)) h1 h2 ()"
5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	514	assume qs2: "effect (quicksort a (p + 1) r) h2 h' ()"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	515	from partition_returns_index_in_bounds [OF part True]
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	516	have pivot: "l\<le> p \<and> p \<le> r" .
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	517	note length_remains = length_remains[OF qs2] length_remains[OF qs1] partition_length_remains[OF part]
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	518	from quicksort_outer_remains [OF qs2] quicksort_outer_remains [OF qs1] pivot quicksort_is_skip[OF qs1]
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	519	have pivot_unchanged: "Array.get h1 a ! p = Array.get h' a ! p" by (cases p, auto)
28013 e892cedcd638 untabification haftmann parents: 27707 diff changeset	520	(-- First of all, by induction hypothesis both sublists are sorted. )
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	521	from 1(1)[OF True pivot qs1] length_remains pivot 1(5)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	522	have IH1: "sorted (subarray l p a h2)" by (cases p, auto simp add: subarray_Nil)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	523	from quicksort_outer_remains [OF qs2] length_remains
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	524	have left_subarray_remains: "subarray l p a h2 = subarray l p a h'"
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	525	by (simp add: subarray_eq_samelength_iff)
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	526	with IH1 have IH1': "sorted (subarray l p a h')" by simp
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	527	from 1(2)[OF True pivot qs2] pivot 1(5) length_remains
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	528	have IH2: "sorted (subarray (p + 1) (r + 1) a h')"
28013 e892cedcd638 untabification haftmann parents: 27707 diff changeset	529	by (cases "Suc p \<le> r", auto simp add: subarray_Nil)
e892cedcd638 untabification haftmann parents: 27707 diff changeset	530	(* -- Secondly, both sublists remain partitioned. *)
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	531	from partition_partitions[OF part True]
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	532	have part_conds1: "\<forall>j. j \<in> set (subarray l p a h1) \<longrightarrow> j \<le> Array.get h1 a ! p "
a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	533	and part_conds2: "\<forall>j. j \<in> set (subarray (p + 1) (r + 1) a h1) \<longrightarrow> Array.get h1 a ! p \<le> j"
28013 e892cedcd638 untabification haftmann parents: 27707 diff changeset	534	by (auto simp add: all_in_set_subarray_conv)
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	535	from quicksort_outer_remains [OF qs1] quicksort_permutes [OF qs1] True
65956 639eb3617a86 reorganised material on sublists eberlm <eberlm@in.tum.de> parents: 63167 diff changeset	536	length_remains 1(5) pivot mset_nths [of l p "Array.get h1 a" "Array.get h2 a"]
60515 484559628038 renamed multiset_of -> mset nipkow parents: 60495 diff changeset	537	have multiset_partconds1: "mset (subarray l p a h2) = mset (subarray l p a h1)"
37719 271ecd4fb9f9 moved "open" operations from Heap.thy to Array.thy and Ref.thy haftmann parents: 36098 diff changeset	538	unfolding Array.length_def subarray_def by (cases p, auto)
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	539	with left_subarray_remains part_conds1 pivot_unchanged
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	540	have part_conds2': "\<forall>j. j \<in> set (subarray l p a h') \<longrightarrow> j \<le> Array.get h' a ! p"
60515 484559628038 renamed multiset_of -> mset nipkow parents: 60495 diff changeset	541	by (simp, subst set_mset_mset[symmetric], simp)
28013 e892cedcd638 untabification haftmann parents: 27707 diff changeset	542	(* -- These steps are the analogous for the right sublist \<dots> *)
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	543	from quicksort_outer_remains [OF qs1] length_remains
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	544	have right_subarray_remains: "subarray (p + 1) (r + 1) a h1 = subarray (p + 1) (r + 1) a h2"
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	545	by (auto simp add: subarray_eq_samelength_iff)
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	546	from quicksort_outer_remains [OF qs2] quicksort_permutes [OF qs2] True
65956 639eb3617a86 reorganised material on sublists eberlm <eberlm@in.tum.de> parents: 63167 diff changeset	547	length_remains 1(5) pivot mset_nths [of "p + 1" "r + 1" "Array.get h2 a" "Array.get h' a"]
60515 484559628038 renamed multiset_of -> mset nipkow parents: 60495 diff changeset	548	have multiset_partconds2: "mset (subarray (p + 1) (r + 1) a h') = mset (subarray (p + 1) (r + 1) a h2)"
37719 271ecd4fb9f9 moved "open" operations from Heap.thy to Array.thy and Ref.thy haftmann parents: 36098 diff changeset	549	unfolding Array.length_def subarray_def by auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	550	with right_subarray_remains part_conds2 pivot_unchanged
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	551	have part_conds1': "\<forall>j. j \<in> set (subarray (p + 1) (r + 1) a h') \<longrightarrow> Array.get h' a ! p \<le> j"
60515 484559628038 renamed multiset_of -> mset nipkow parents: 60495 diff changeset	552	by (simp, subst set_mset_mset[symmetric], simp)
28013 e892cedcd638 untabification haftmann parents: 27707 diff changeset	553	(* -- Thirdly and finally, we show that the array is sorted
e892cedcd638 untabification haftmann parents: 27707 diff changeset	554	following from the facts above. *)
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	555	from True pivot 1(5) length_remains have "subarray l (r + 1) a h' = subarray l p a h' @ [Array.get h' a ! p] @ subarray (p + 1) (r + 1) a h'"
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	556	by (simp add: subarray_nth_array_Cons, cases "l < p") (auto simp add: subarray_append subarray_Nil)
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	557	with IH1' IH2 part_conds1' part_conds2' pivot have ?thesis
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 31887 diff changeset	558	unfolding subarray_def
68110 29da75b7e352 more "sorted" changes nipkow parents: 66453 diff changeset	559	apply (auto simp add: sorted_append all_in_set_nths'_conv)
65956 639eb3617a86 reorganised material on sublists eberlm <eberlm@in.tum.de> parents: 63167 diff changeset	560	by (auto simp add: set_nths' dest: order.trans [of _ "Array.get h' a ! p"])
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	561	}
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	562	with True cr show ?thesis
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	563	unfolding quicksort.simps [of a l r]
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	564	by (elim effect_ifE effect_returnE effect_bindE effect_assertE) auto
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	565	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	566	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	567
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	568
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	569	lemma quicksort_is_sort:
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	570	assumes effect: "effect (quicksort a 0 (Array.length h a - 1)) h h' rs"
37806 a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	571	shows "Array.get h' a = sort (Array.get h a)"
a7679be14442 qualified names for (really) all array operations haftmann parents: 37805 diff changeset	572	proof (cases "Array.get h a = []")
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	573	case True
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	574	with quicksort_is_skip[OF effect] show ?thesis
37719 271ecd4fb9f9 moved "open" operations from Heap.thy to Array.thy and Ref.thy haftmann parents: 36098 diff changeset	575	unfolding Array.length_def by simp
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	576	next
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	577	case False
65956 639eb3617a86 reorganised material on sublists eberlm <eberlm@in.tum.de> parents: 63167 diff changeset	578	from quicksort_sorts [OF effect] False have "sorted (nths' 0 (List.length (Array.get h a)) (Array.get h' a))"
37719 271ecd4fb9f9 moved "open" operations from Heap.thy to Array.thy and Ref.thy haftmann parents: 36098 diff changeset	579	unfolding Array.length_def subarray_def by auto
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	580	with length_remains[OF effect] have "sorted (Array.get h' a)"
37719 271ecd4fb9f9 moved "open" operations from Heap.thy to Array.thy and Ref.thy haftmann parents: 36098 diff changeset	581	unfolding Array.length_def by simp
44890 22f665a2e91c new fastforce replacing fastsimp - less confusing name nipkow parents: 41413 diff changeset	582	with quicksort_permutes [OF effect] properties_for_sort show ?thesis by fastforce
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	583	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	584
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	585	subsection \<open>No Errors in quicksort\<close>
0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	586	text \<open>We have proved that quicksort sorts (if no exceptions occur).
0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	587	We will now show that exceptions do not occur.\<close>
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	588
37758 bf86a65403a8 pervasive success combinator haftmann parents: 37750 diff changeset	589	lemma success_part1I:
37802 f2e9c104cebd canonical argument order for length haftmann parents: 37798 diff changeset	590	assumes "l < Array.length h a" "r < Array.length h a"
37758 bf86a65403a8 pervasive success combinator haftmann parents: 37750 diff changeset	591	shows "success (part1 a l r p) h"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	592	using assms
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	593	proof (induct a l r p arbitrary: h rule: part1.induct)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	594	case (1 a l r p)
37771 1bec64044b5e spelt out relational framework in a consistent way haftmann parents: 37758 diff changeset	595	thus ?case unfolding part1.simps [of a l r]
47108 2a1953f0d20d merged fork with new numeral representation (see NEWS) huffman parents: 44890 diff changeset	596	apply (auto intro!: success_intros simp add: not_le)
2a1953f0d20d merged fork with new numeral representation (see NEWS) huffman parents: 44890 diff changeset	597	apply (auto intro!: effect_intros)
37771 1bec64044b5e spelt out relational framework in a consistent way haftmann parents: 37758 diff changeset	598	done
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	599	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	600
37758 bf86a65403a8 pervasive success combinator haftmann parents: 37750 diff changeset	601	lemma success_bindI' [success_intros]: (FIXME move)
bf86a65403a8 pervasive success combinator haftmann parents: 37750 diff changeset	602	assumes "success f h"
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	603	assumes "\<And>h' r. effect f h h' r \<Longrightarrow> success (g r) h'"
62026 ea3b1b0413b4 more symbols; wenzelm parents: 61702 diff changeset	604	shows "success (f \<bind> g) h"
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	605	using assms(1) proof (rule success_effectE)
37771 1bec64044b5e spelt out relational framework in a consistent way haftmann parents: 37758 diff changeset	606	fix h' r
53374 a14d2a854c02 tuned proofs -- clarified flow of facts wrt. calculation; wenzelm parents: 51272 diff changeset	607	assume *: "effect f h h' r"
a14d2a854c02 tuned proofs -- clarified flow of facts wrt. calculation; wenzelm parents: 51272 diff changeset	608	with assms(2) have "success (g r) h'" .
62026 ea3b1b0413b4 more symbols; wenzelm parents: 61702 diff changeset	609	with * show "success (f \<bind> g) h" by (rule success_bind_effectI)
37771 1bec64044b5e spelt out relational framework in a consistent way haftmann parents: 37758 diff changeset	610	qed
37758 bf86a65403a8 pervasive success combinator haftmann parents: 37750 diff changeset	611
bf86a65403a8 pervasive success combinator haftmann parents: 37750 diff changeset	612	lemma success_partitionI:
37802 f2e9c104cebd canonical argument order for length haftmann parents: 37798 diff changeset	613	assumes "l < r" "l < Array.length h a" "r < Array.length h a"
37758 bf86a65403a8 pervasive success combinator haftmann parents: 37750 diff changeset	614	shows "success (partition a l r) h"
bf86a65403a8 pervasive success combinator haftmann parents: 37750 diff changeset	615	using assms unfolding partition.simps swap_def
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	616	apply (auto intro!: success_bindI' success_ifI success_returnI success_nthI success_updI success_part1I elim!: effect_bindE effect_updE effect_nthE effect_returnE simp add:)
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	617	apply (frule part_length_remains)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	618	apply (frule part_returns_index_in_bounds)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	619	apply auto
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	620	apply (frule part_length_remains)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	621	apply (frule part_returns_index_in_bounds)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	622	apply auto
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	623	apply (frule part_length_remains)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	624	apply auto
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	625	done
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	626
37758 bf86a65403a8 pervasive success combinator haftmann parents: 37750 diff changeset	627	lemma success_quicksortI:
37802 f2e9c104cebd canonical argument order for length haftmann parents: 37798 diff changeset	628	assumes "l < Array.length h a" "r < Array.length h a"
37758 bf86a65403a8 pervasive success combinator haftmann parents: 37750 diff changeset	629	shows "success (quicksort a l r) h"
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	630	using assms
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	631	proof (induct a l r arbitrary: h rule: quicksort.induct)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	632	case (1 a l ri h)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	633	thus ?case
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	634	unfolding quicksort.simps [of a l ri]
37758 bf86a65403a8 pervasive success combinator haftmann parents: 37750 diff changeset	635	apply (auto intro!: success_ifI success_bindI' success_returnI success_nthI success_updI success_assertI success_partitionI)
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	636	apply (frule partition_returns_index_in_bounds)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	637	apply auto
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	638	apply (frule partition_returns_index_in_bounds)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	639	apply auto
40671 5e46057ba8e0 renamed slightly ambivalent crel to effect haftmann parents: 38058 diff changeset	640	apply (auto elim!: effect_assertE dest!: partition_length_remains length_remains)
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	641	apply (subgoal_tac "Suc r \<le> ri \<or> r = ri")
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	642	apply (erule disjE)
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	643	apply auto
28145 af3923ed4786 dropped "run" marker in monad syntax haftmann parents: 28013 diff changeset	644	unfolding quicksort.simps [of a "Suc ri" ri]
37758 bf86a65403a8 pervasive success combinator haftmann parents: 37750 diff changeset	645	apply (auto intro!: success_ifI success_returnI)
27656 d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	646	done
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	647	qed
d4f6e64ee7cc added verification framework for the HeapMonad and quicksort as example for this framework bulwahn parents: diff changeset	648
27674 2736967f27fd added code generation haftmann parents: 27656 diff changeset	649
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	650	subsection \<open>Example\<close>
27674 2736967f27fd added code generation haftmann parents: 27656 diff changeset	651
37792 ba0bc31b90d7 Heap_Monad uses Monad_Syntax krauss parents: 37771 diff changeset	652	definition "qsort a = do {
37798 0b0570445a2a proper merge of operation changes and generic do-syntax haftmann parents: 37797 diff changeset	653	k \<leftarrow> Array.len a;
27674 2736967f27fd added code generation haftmann parents: 27656 diff changeset	654	quicksort a 0 (k - 1);
2736967f27fd added code generation haftmann parents: 27656 diff changeset	655	return a
37792 ba0bc31b90d7 Heap_Monad uses Monad_Syntax krauss parents: 37771 diff changeset	656	}"
27674 2736967f27fd added code generation haftmann parents: 27656 diff changeset	657
35041 6eb917794a5c avoid upto in generated code (is infix operator in library.ML) haftmann parents: 32960 diff changeset	658	code_reserved SML upto
6eb917794a5c avoid upto in generated code (is infix operator in library.ML) haftmann parents: 32960 diff changeset	659
51143 0a2371e7ced3 two target language numeral types: integer and natural, as replacement for code_numeral; haftmann parents: 50630 diff changeset	660	definition "example = do {
61702 2e89bc578935 misc. changes to Imperative-HOL from Peter Gammie Lars Hupel <lars.hupel@mytum.de> parents: 60515 diff changeset	661	a \<leftarrow> Array.of_list ([42, 2, 3, 5, 0, 1705, 8, 3, 15] :: nat list);
51143 0a2371e7ced3 two target language numeral types: integer and natural, as replacement for code_numeral; haftmann parents: 50630 diff changeset	662	qsort a
0a2371e7ced3 two target language numeral types: integer and natural, as replacement for code_numeral; haftmann parents: 50630 diff changeset	663	}"
0a2371e7ced3 two target language numeral types: integer and natural, as replacement for code_numeral; haftmann parents: 50630 diff changeset	664
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 62026 diff changeset	665	ML_val \<open>@{code example} ()\<close>
27674 2736967f27fd added code generation haftmann parents: 27656 diff changeset	666
50630 1ea90e8046dc code checking for Scala is mandatory, since Scala is now required anyway for Isabelle haftmann parents: 47108 diff changeset	667	export_code qsort checking SML SML_imp OCaml? OCaml_imp? Haskell? Scala Scala_imp
27674 2736967f27fd added code generation haftmann parents: 27656 diff changeset	668
37845 b70d7a347964 first roughly working version of Imperative HOL for Scala haftmann parents: 37826 diff changeset	669	end

author	wenzelm
	Sat, 21 Nov 2020 00:29:41 +0100
changeset 72671	588c751a5eef
parent 68110	29da75b7e352
permissions	-rw-r--r--