isabelle: src/HOL/Hoare/Examples.thy@abf3e80bd815 (annotated)

1476 608483c2122a expanded tabs; incorporated Konrad's changes clasohm parents: 1374 diff changeset	1	(* Title: HOL/Hoare/Examples.thy
608483c2122a expanded tabs; incorporated Konrad's changes clasohm parents: 1374 diff changeset	2	Author: Norbert Galm
5646 7c2ddbaf8b8c New many-sorted version. nipkow parents: 1625 diff changeset	3	Copyright 1998 TUM
67410 64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	4	*)
1335 5e1c0540f285 New directory. nipkow parents: diff changeset	5
67410 64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	6	chapter \<open>Various examples\<close>
1335 5e1c0540f285 New directory. nipkow parents: diff changeset	7
35316 870dfea4f9c0 dropped axclass; dropped Id; session theory Hoare.thy haftmann parents: 16796 diff changeset	8	theory Examples imports Hoare_Logic Arith2 begin
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	9
67410 64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	10	section \<open>ARITHMETIC\<close>
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	11
67410 64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	12	subsection \<open>multiplication by successive addition\<close>
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	13
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	14	lemma multiply_by_add: "VARS m s a b
67613 ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	15	{a=A \<and> b=B}
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	16	m := 0; s := 0;
67613 ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	17	WHILE m\<noteq>a
ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	18	INV {s=m*b \<and> a=A \<and> b=B}
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	19	DO s := s+b; m := m+(1::nat) OD
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	20	{s = A*B}"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	21	by vcg_simp
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	22
63106 412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	23	lemma multiply_by_add_time: "VARS m s a b t
67613 ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	24	{a=A \<and> b=B \<and> t=0}
63106 412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	25	m := 0; t := t+1; s := 0; t := t+1;
67613 ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	26	WHILE m\<noteq>a
ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	27	INV {s=mb \<and> a=A \<and> b=B \<and> t = 2m + 2}
63106 412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	28	DO s := s+b; t := t+1; m := m+(1::nat); t := t+1 OD
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	29	{s = AB \<and> t = 2A + 2}"
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	30	by vcg_simp
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	31
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	32	lemma multiply_by_add2: "VARS M N P :: int
67613 ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	33	{m=M \<and> n=N}
13789 d37f66755f47 New example nipkow parents: 13737 diff changeset	34	IF M < 0 THEN M := -M; N := -N ELSE SKIP FI;
d37f66755f47 New example nipkow parents: 13737 diff changeset	35	P := 0;
d37f66755f47 New example nipkow parents: 13737 diff changeset	36	WHILE 0 < M
67613 ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	37	INV {0 \<le> M \<and> (\<exists>p. p = (if m<0 then -m else m) & pN = mn & P = (p-M)*N)}
13789 d37f66755f47 New example nipkow parents: 13737 diff changeset	38	DO P := P+N; M := M - 1 OD
d37f66755f47 New example nipkow parents: 13737 diff changeset	39	{P = m*n}"
d37f66755f47 New example nipkow parents: 13737 diff changeset	40	apply vcg_simp
63106 412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	41	apply (auto simp add:int_distrib)
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	42	done
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	43
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	44	lemma multiply_by_add2_time: "VARS M N P t :: int
67613 ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	45	{m=M \<and> n=N \<and> t=0}
63106 412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	46	IF M < 0 THEN M := -M; t := t+1; N := -N; t := t+1 ELSE SKIP FI;
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	47	P := 0; t := t+1;
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	48	WHILE 0 < M
67613 ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	49	INV {0 \<le> M & (\<exists>p. p = (if m<0 then -m else m) & pN = mn & P = (p-M)N & t \<ge> 0 & t \<le> 2(p-M)+3)}
63106 412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	50	DO P := P+N; t := t+1; M := M - 1; t := t+1 OD
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	51	{P = mn & t \<le> 2abs m + 3}"
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	52	apply vcg_simp
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	53	apply (auto simp add:int_distrib)
13789 d37f66755f47 New example nipkow parents: 13737 diff changeset	54	done
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	55
67410 64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	56
64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	57	subsection \<open>Euclid's algorithm for GCD\<close>
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	58
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	59	lemma Euclid_GCD: "VARS a b
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	60	{0<A & 0<B}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	61	a := A; b := B;
13857 11d7c5a8dbb7 * empty log message * nipkow parents: 13789 diff changeset	62	WHILE a \<noteq> b
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	63	INV {0<a & 0<b & gcd A B = gcd a b}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	64	DO IF a<b THEN b := b-a ELSE a := a-b FI OD
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	65	{a = gcd A B}"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	66	apply vcg
67410 64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	67	\<comment> \<open>Now prove the verification conditions\<close>
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	68	apply auto
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	69	apply(simp add: gcd_diff_r less_imp_le)
16796 140f1e0ea846 generlization of some "nat" theorems paulson parents: 16733 diff changeset	70	apply(simp add: linorder_not_less gcd_diff_l)
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	71	apply(erule gcd_nnn)
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	72	done
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	73
63106 412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	74	lemma Euclid_GCD_time: "VARS a b t
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	75	{0<A & 0<B & t=0}
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	76	a := A; t := t+1; b := B; t := t+1;
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	77	WHILE a \<noteq> b
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	78	INV {0<a & 0<b & gcd A B = gcd a b & a\<le>A & b\<le>B & t \<le> max A B - max a b + 2}
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	79	DO IF a<b THEN b := b-a; t := t+1 ELSE a := a-b; t := t+1 FI OD
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	80	{a = gcd A B & t \<le> max A B + 2}"
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	81	apply vcg
67410 64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	82	\<comment> \<open>Now prove the verification conditions\<close>
63106 412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	83	apply auto
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	84	apply(simp add: gcd_diff_r less_imp_le)
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	85	apply(simp add: linorder_not_less gcd_diff_l)
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	86	apply(erule gcd_nnn)
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	87	done
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	88
67410 64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	89
64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	90	subsection \<open>Dijkstra's extension of Euclid's algorithm for simultaneous GCD and SCM\<close>
64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	91
64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	92	text \<open>
64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	93	From E.W. Disjkstra. Selected Writings on Computing, p 98 (EWD474),
64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	94	where it is given without the invariant. Instead of defining \<open>scm\<close>
64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	95	explicitly we have used the theorem \<open>scm x y = x * y / gcd x y\<close> and avoided
64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	96	division by mupltiplying with \<open>gcd x y\<close>.
64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	97	\<close>
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	98
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	99	lemmas distribs =
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	100	diff_mult_distrib diff_mult_distrib2 add_mult_distrib add_mult_distrib2
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	101
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	102	lemma gcd_scm: "VARS a b x y
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	103	{0<A & 0<B & a=A & b=B & x=B & y=A}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	104	WHILE a ~= b
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	105	INV {0<a & 0<b & gcd A B = gcd a b & 2AB = ax + by}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	106	DO IF a<b THEN (b := b-a; x := x+y) ELSE (a := a-b; y := y+x) FI OD
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	107	{a = gcd A B & 2AB = a*(x+y)}"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	108	apply vcg
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	109	apply simp
16796 140f1e0ea846 generlization of some "nat" theorems paulson parents: 16733 diff changeset	110	apply(simp add: distribs gcd_diff_r linorder_not_less gcd_diff_l)
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	111	apply(simp add: distribs gcd_nnn)
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	112	done
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	113
67410 64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	114
64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	115	subsection \<open>Power by iterated squaring and multiplication\<close>
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	116
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	117	lemma power_by_mult: "VARS a b c
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	118	{a=A & b=B}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	119	c := (1::nat);
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	120	WHILE b ~= 0
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	121	INV {A^B = c * a^b}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	122	DO WHILE b mod 2 = 0
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	123	INV {A^B = c * a^b}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	124	DO a := a*a; b := b div 2 OD;
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	125	c := c*a; b := b - 1
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	126	OD
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	127	{c = A^B}"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	128	apply vcg_simp
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	129	apply(case_tac "b")
42154 478bdcea240a tuned proofs; wenzelm parents: 35316 diff changeset	130	apply simp
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	131	apply simp
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	132	done
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	133
67410 64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	134
64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	135	subsection \<open>Factorial\<close>
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	136
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	137	lemma factorial: "VARS a b
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	138	{a=A}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	139	b := 1;
63106 412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	140	WHILE a > 0
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	141	INV {fac A = b * fac a}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	142	DO b := b*a; a := a - 1 OD
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	143	{b = fac A}"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	144	apply vcg_simp
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	145	apply(clarsimp split: nat_diff_split)
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	146	done
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	147
63106 412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	148	lemma factorial_time: "VARS a b t
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	149	{a=A & t=0}
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	150	b := 1; t := t+1;
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	151	WHILE a > 0
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	152	INV {fac A = b * fac a & a \<le> A & t = 2*(A-a)+1}
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	153	DO b := b*a; t := t+1; a := a - 1; t := t+1 OD
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	154	{b = fac A & t = 2*A + 1}"
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	155	apply vcg_simp
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	156	apply(clarsimp split: nat_diff_split)
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	157	done
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	158
13684 48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	159	lemma [simp]: "1 \<le> i \<Longrightarrow> fac (i - Suc 0) * i = fac i"
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	160	by(induct i, simp_all)
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	161
63106 412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	162	lemma factorial2: "VARS i f
13684 48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	163	{True}
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	164	i := (1::nat); f := 1;
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	165	WHILE i <= n INV {f = fac(i - 1) & 1 <= i & i <= n+1}
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	166	DO f := f*i; i := i+1 OD
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	167	{f = fac n}"
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	168	apply vcg_simp
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	169	apply(subgoal_tac "i = Suc n")
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	170	apply simp
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	171	apply arith
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	172	done
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	173
63106 412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	174	lemma factorial2_time: "VARS i f t
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	175	{t=0}
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	176	i := (1::nat); t := t+1; f := 1; t := t+1;
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	177	WHILE i \<le> n INV {f = fac(i - 1) & 1 \<le> i & i \<le> n+1 & t = 2*(i-1)+2}
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	178	DO f := f*i; t := t+1; i := i+1; t := t+1 OD
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	179	{f = fac n & t = 2*n+2}"
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	180	apply vcg_simp
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	181	apply auto
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	182	apply(subgoal_tac "i = Suc n")
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	183	apply simp
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	184	apply arith
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	185	done
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	186
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	187
67410 64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	188	subsection \<open>Square root\<close>
64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	189
64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	190	\<comment> \<open>the easy way:\<close>
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	191
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	192	lemma sqrt: "VARS r x
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	193	{True}
63106 412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	194	r := (0::nat);
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	195	WHILE (r+1)*(r+1) <= X
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	196	INV {r*r \<le> X}
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	197	DO r := r+1 OD
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	198	{rr <= X & X < (r+1)(r+1)}"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	199	apply vcg_simp
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	200	done
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	201
63106 412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	202	lemma sqrt_time: "VARS r t
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	203	{t=0}
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	204	r := (0::nat); t := t+1;
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	205	WHILE (r+1)*(r+1) <= X
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	206	INV {r*r \<le> X & t = r+1}
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	207	DO r := r+1; t := t+1 OD
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	208	{rr <= X & X < (r+1)(r+1) & (t-1)*(t-1) \<le> X}"
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	209	apply vcg_simp
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	210	done
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	211
67410 64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	212	\<comment> \<open>without multiplication\<close>
63106 412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	213	lemma sqrt_without_multiplication: "VARS u w r
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	214	{x=X}
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	215	u := 1; w := 1; r := (0::nat);
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	216	WHILE w <= X
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	217	INV {u = r+r+1 & w = (r+1)(r+1) & rr <= X}
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	218	DO r := r + 1; w := w + u + 2; u := u + 2 OD
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	219	{rr <= X & X < (r+1)(r+1)}"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	220	apply vcg_simp
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	221	done
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	222
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	223
67410 64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	224	section \<open>LISTS\<close>
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	225
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	226	lemma imperative_reverse: "VARS y x
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	227	{x=X}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	228	y:=[];
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	229	WHILE x ~= []
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	230	INV {rev(x)@y = rev(X)}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	231	DO y := (hd x # y); x := tl x OD
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	232	{y=rev(X)}"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	233	apply vcg_simp
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	234	apply(simp add: neq_Nil_conv)
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	235	apply auto
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	236	done
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	237
63106 412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	238	lemma imperative_reverse_time: "VARS y x t
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	239	{x=X & t=0}
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	240	y:=[]; t := t+1;
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	241	WHILE x ~= []
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	242	INV {rev(x)@y = rev(X) & t = 2*(length y) + 1}
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	243	DO y := (hd x # y); t := t+1; x := tl x; t := t+1 OD
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	244	{y=rev(X) & t = 2*length X + 1}"
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	245	apply vcg_simp
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	246	apply(simp add: neq_Nil_conv)
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	247	apply auto
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	248	done
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	249
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	250	lemma imperative_append: "VARS x y
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	251	{x=X & y=Y}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	252	x := rev(x);
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	253	WHILE x~=[]
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	254	INV {rev(x)@y = X@Y}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	255	DO y := (hd x # y);
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	256	x := tl x
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	257	OD
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	258	{y = X@Y}"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	259	apply vcg_simp
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	260	apply(simp add: neq_Nil_conv)
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	261	apply auto
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	262	done
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	263
63106 412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	264	lemma imperative_append_time_no_rev: "VARS x y t
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	265	{x=X & y=Y}
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	266	x := rev(x); t := 0;
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	267	WHILE x~=[]
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	268	INV {rev(x)@y = X@Y & length x \<le> length X & t = 2 * (length X - length x)}
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	269	DO y := (hd x # y); t := t+1;
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	270	x := tl x; t := t+1
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	271	OD
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	272	{y = X@Y & t = 2 * length X}"
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	273	apply vcg_simp
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	274	apply(simp add: neq_Nil_conv)
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	275	apply auto
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	276	done
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	277
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	278
67410 64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	279	section \<open>ARRAYS\<close>
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	280
67410 64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	281	subsection \<open>Search for a key\<close>
64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	282
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	283	lemma zero_search: "VARS A i
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	284	{True}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	285	i := 0;
67613 ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	286	WHILE i < length A & A!i \<noteq> key
ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	287	INV {\<forall>j. j<i --> A!j \<noteq> key}
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	288	DO i := i+1 OD
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	289	{(i < length A --> A!i = key) &
67613 ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	290	(i = length A --> (\<forall>j. j < length A \<longrightarrow> A!j \<noteq> key))}"
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	291	apply vcg_simp
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	292	apply(blast elim!: less_SucE)
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	293	done
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	294
63106 412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	295	lemma zero_search_time: "VARS A i t
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	296	{t=0}
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	297	i := 0; t := t+1;
67613 ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	298	WHILE i < length A \<and> A!i \<noteq> key
ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	299	INV {(\<forall>j. j<i \<longrightarrow> A!j \<noteq> key) \<and> i \<le> length A \<and> t = i+1}
63106 412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	300	DO i := i+1; t := t+1 OD
67613 ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	301	{(i < length A \<longrightarrow> A!i = key) \<and>
ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	302	(i = length A \<longrightarrow> (\<forall>j. j < length A --> A!j \<noteq> key)) \<and> t \<le> length A + 1}"
63106 412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	303	apply vcg_simp
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	304	apply(blast elim!: less_SucE)
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	305	done
412140038d3c added timing lemmas nipkow parents: 62390 diff changeset	306
67410 64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	307	text \<open>
64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	308	The \<open>partition\<close> procedure for quicksort.
64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	309	\<^item> \<open>A\<close> is the array to be sorted (modelled as a list).
64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	310	\<^item> Elements of \<open>A\<close> must be of class order to infer at the end
64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	311	that the elements between u and l are equal to pivot.
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	312
67410 64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	313	Ambiguity warnings of parser are due to \<open>:=\<close> being used
64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	314	both for assignment and list update.
64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	315	\<close>
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	316	lemma lem: "m - Suc 0 < n ==> m < Suc n"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	317	by arith
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	318
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	319
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	320	lemma Partition:
67613 ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	321	"[\| leq == \<lambda>A i. \<forall>k. k<i \<longrightarrow> A!k \<le> pivot;
ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	322	geq == \<lambda>A i. \<forall>k. i<k \<and> k<length A \<longrightarrow> pivot \<le> A!k \|] ==>
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	323	VARS A u l
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	324	{0 < length(A::('a::order)list)}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	325	l := 0; u := length A - Suc 0;
67613 ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	326	WHILE l \<le> u
ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	327	INV {leq A l \<and> geq A u \<and> u<length A \<and> l\<le>length A}
ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	328	DO WHILE l < length A \<and> A!l \<le> pivot
ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	329	INV {leq A l & geq A u \<and> u<length A \<and> l\<le>length A}
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	330	DO l := l+1 OD;
67613 ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	331	WHILE 0 < u & pivot \<le> A!u
ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	332	INV {leq A l & geq A u \<and> u<length A \<and> l\<le>length A}
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	333	DO u := u - 1 OD;
67613 ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	334	IF l \<le> u THEN A := A[l := A!u, u := A!l] ELSE SKIP FI
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	335	OD
67613 ce654b0e6d69 more symbols; wenzelm parents: 67410 diff changeset	336	{leq A u & (\<forall>k. u<k \<and> k<l --> A!k = pivot) \<and> geq A l}"
67410 64d928bacddd prefer formal comments; wenzelm parents: 63106 diff changeset	337	\<comment> \<open>expand and delete abbreviations first\<close>
58860 fee7cfa69c50 eliminated spurious semicolons; wenzelm parents: 42154 diff changeset	338	apply (simp)
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	339	apply (erule thin_rl)+
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	340	apply vcg_simp
16733 236dfafbeb63 linear arithmetic now takes "&" in assumptions apart. nipkow parents: 16417 diff changeset	341	apply (force simp: neq_Nil_conv)
236dfafbeb63 linear arithmetic now takes "&" in assumptions apart. nipkow parents: 16417 diff changeset	342	apply (blast elim!: less_SucE intro: Suc_leI)
236dfafbeb63 linear arithmetic now takes "&" in assumptions apart. nipkow parents: 16417 diff changeset	343	apply (blast elim!: less_SucE intro: less_imp_diff_less dest: lem)
236dfafbeb63 linear arithmetic now takes "&" in assumptions apart. nipkow parents: 16417 diff changeset	344	apply (force simp: nth_list_update)
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	345	done
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	346
62390 842917225d56 more canonical names nipkow parents: 58860 diff changeset	347	end

author	wenzelm
	Mon, 13 Apr 2020 22:08:14 +0200
changeset 71751	abf3e80bd815
parent 67613	ce654b0e6d69
child 72990	db8f94656024
permissions	-rw-r--r--