isabelle: src/HOL/Hoare/Examples.thy@a4e6ea45f416 (annotated)

1476 608483c2122a expanded tabs; incorporated Konrad's changes clasohm parents: 1374 diff changeset	1	(* Title: HOL/Hoare/Examples.thy
608483c2122a expanded tabs; incorporated Konrad's changes clasohm parents: 1374 diff changeset	2	Author: Norbert Galm
5646 7c2ddbaf8b8c New many-sorted version. nipkow parents: 1625 diff changeset	3	Copyright 1998 TUM
1335 5e1c0540f285 New directory. nipkow parents: diff changeset	4
5646 7c2ddbaf8b8c New many-sorted version. nipkow parents: 1625 diff changeset	5	Various examples.
1335 5e1c0540f285 New directory. nipkow parents: diff changeset	6	*)
5e1c0540f285 New directory. nipkow parents: diff changeset	7
35316 870dfea4f9c0 dropped axclass; dropped Id; session theory Hoare.thy haftmann parents: 16796 diff changeset	8	theory Examples imports Hoare_Logic Arith2 begin
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	9
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	10	(* ARITHMETIC *)
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	11
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	12	( multiplication by successive addition )
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	13
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	14	lemma multiply_by_add: "VARS m s a b
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	15	{a=A & b=B}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	16	m := 0; s := 0;
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	17	WHILE m~=a
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	18	INV {s=m*b & a=A & b=B}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	19	DO s := s+b; m := m+(1::nat) OD
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	20	{s = A*B}"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	21	by vcg_simp
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	22
13789 d37f66755f47 New example nipkow parents: 13737 diff changeset	23	lemma "VARS M N P :: int
d37f66755f47 New example nipkow parents: 13737 diff changeset	24	{m=M & n=N}
d37f66755f47 New example nipkow parents: 13737 diff changeset	25	IF M < 0 THEN M := -M; N := -N ELSE SKIP FI;
d37f66755f47 New example nipkow parents: 13737 diff changeset	26	P := 0;
d37f66755f47 New example nipkow parents: 13737 diff changeset	27	WHILE 0 < M
d37f66755f47 New example nipkow parents: 13737 diff changeset	28	INV {0 <= M & (EX p. p = (if m<0 then -m else m) & pN = mn & P = (p-M)*N)}
d37f66755f47 New example nipkow parents: 13737 diff changeset	29	DO P := P+N; M := M - 1 OD
d37f66755f47 New example nipkow parents: 13737 diff changeset	30	{P = m*n}"
d37f66755f47 New example nipkow parents: 13737 diff changeset	31	apply vcg_simp
d37f66755f47 New example nipkow parents: 13737 diff changeset	32	apply (simp add:int_distrib)
d37f66755f47 New example nipkow parents: 13737 diff changeset	33	apply clarsimp
d37f66755f47 New example nipkow parents: 13737 diff changeset	34	apply(rule conjI)
d37f66755f47 New example nipkow parents: 13737 diff changeset	35	apply clarsimp
d37f66755f47 New example nipkow parents: 13737 diff changeset	36	apply clarsimp
d37f66755f47 New example nipkow parents: 13737 diff changeset	37	done
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	38
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	39	( Euclid's algorithm for GCD )
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	40
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	41	lemma Euclid_GCD: "VARS a b
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	42	{0<A & 0<B}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	43	a := A; b := B;
13857 11d7c5a8dbb7 * empty log message * nipkow parents: 13789 diff changeset	44	WHILE a \<noteq> b
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	45	INV {0<a & 0<b & gcd A B = gcd a b}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	46	DO IF a<b THEN b := b-a ELSE a := a-b FI OD
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	47	{a = gcd A B}"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	48	apply vcg
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	49	(Now prove the verification conditions)
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	50	apply auto
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	51	apply(simp add: gcd_diff_r less_imp_le)
16796 140f1e0ea846 generlization of some "nat" theorems paulson parents: 16733 diff changeset	52	apply(simp add: linorder_not_less gcd_diff_l)
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	53	apply(erule gcd_nnn)
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	54	done
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	55
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	56	( Dijkstra's extension of Euclid's algorithm for simultaneous GCD and SCM )
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	57	(* From E.W. Disjkstra. Selected Writings on Computing, p 98 (EWD474),
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	58	where it is given without the invariant. Instead of defining scm
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	59	explicitly we have used the theorem scm x y = x*y/gcd x y and avoided
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	60	division by mupltiplying with gcd x y.
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	61	*)
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	62
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	63	lemmas distribs =
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	64	diff_mult_distrib diff_mult_distrib2 add_mult_distrib add_mult_distrib2
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	65
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	66	lemma gcd_scm: "VARS a b x y
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	67	{0<A & 0<B & a=A & b=B & x=B & y=A}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	68	WHILE a ~= b
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	69	INV {0<a & 0<b & gcd A B = gcd a b & 2AB = ax + by}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	70	DO IF a<b THEN (b := b-a; x := x+y) ELSE (a := a-b; y := y+x) FI OD
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	71	{a = gcd A B & 2AB = a*(x+y)}"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	72	apply vcg
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	73	apply simp
16796 140f1e0ea846 generlization of some "nat" theorems paulson parents: 16733 diff changeset	74	apply(simp add: distribs gcd_diff_r linorder_not_less gcd_diff_l)
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	75	apply(simp add: distribs gcd_nnn)
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	76	done
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	77
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	78	( Power by iterated squaring and multiplication )
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	79
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	80	lemma power_by_mult: "VARS a b c
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	81	{a=A & b=B}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	82	c := (1::nat);
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	83	WHILE b ~= 0
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	84	INV {A^B = c * a^b}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	85	DO WHILE b mod 2 = 0
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	86	INV {A^B = c * a^b}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	87	DO a := a*a; b := b div 2 OD;
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	88	c := c*a; b := b - 1
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	89	OD
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	90	{c = A^B}"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	91	apply vcg_simp
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	92	apply(case_tac "b")
42154 478bdcea240a tuned proofs; wenzelm parents: 35316 diff changeset	93	apply simp
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	94	apply simp
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	95	done
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	96
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	97	( Factorial )
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	98
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	99	lemma factorial: "VARS a b
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	100	{a=A}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	101	b := 1;
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	102	WHILE a ~= 0
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	103	INV {fac A = b * fac a}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	104	DO b := b*a; a := a - 1 OD
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	105	{b = fac A}"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	106	apply vcg_simp
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	107	apply(clarsimp split: nat_diff_split)
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	108	done
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	109
13684 48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	110	lemma [simp]: "1 \<le> i \<Longrightarrow> fac (i - Suc 0) * i = fac i"
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	111	by(induct i, simp_all)
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	112
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	113	lemma "VARS i f
13684 48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	114	{True}
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	115	i := (1::nat); f := 1;
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	116	WHILE i <= n INV {f = fac(i - 1) & 1 <= i & i <= n+1}
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	117	DO f := f*i; i := i+1 OD
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	118	{f = fac n}"
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	119	apply vcg_simp
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	120	apply(subgoal_tac "i = Suc n")
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	121	apply simp
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	122	apply arith
48bfc2cc0938 moved fac example nipkow parents: 13682 diff changeset	123	done
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	124
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	125	( Square root )
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	126
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	127	(* the easy way: *)
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	128
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	129	lemma sqrt: "VARS r x
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	130	{True}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	131	x := X; r := (0::nat);
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	132	WHILE (r+1)*(r+1) <= x
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	133	INV {r*r <= x & x=X}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	134	DO r := r+1 OD
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	135	{rr <= X & X < (r+1)(r+1)}"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	136	apply vcg_simp
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	137	done
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	138
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	139	(* without multiplication *)
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	140
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	141	lemma sqrt_without_multiplication: "VARS u w r x
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	142	{True}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	143	x := X; u := 1; w := 1; r := (0::nat);
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	144	WHILE w <= x
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	145	INV {u = r+r+1 & w = (r+1)(r+1) & rr <= x & x=X}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	146	DO r := r + 1; w := w + u + 2; u := u + 2 OD
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	147	{rr <= X & X < (r+1)(r+1)}"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	148	apply vcg_simp
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	149	done
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	150
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	151
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	152	(* LISTS *)
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	153
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	154	lemma imperative_reverse: "VARS y x
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	155	{x=X}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	156	y:=[];
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	157	WHILE x ~= []
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	158	INV {rev(x)@y = rev(X)}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	159	DO y := (hd x # y); x := tl x OD
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	160	{y=rev(X)}"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	161	apply vcg_simp
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	162	apply(simp add: neq_Nil_conv)
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	163	apply auto
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	164	done
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	165
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	166	lemma imperative_append: "VARS x y
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	167	{x=X & y=Y}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	168	x := rev(x);
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	169	WHILE x~=[]
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	170	INV {rev(x)@y = X@Y}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	171	DO y := (hd x # y);
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	172	x := tl x
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	173	OD
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	174	{y = X@Y}"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	175	apply vcg_simp
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	176	apply(simp add: neq_Nil_conv)
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	177	apply auto
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	178	done
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	179
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	180
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	181	(* ARRAYS *)
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	182
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	183	(* Search for a key *)
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	184	lemma zero_search: "VARS A i
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	185	{True}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	186	i := 0;
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	187	WHILE i < length A & A!i ~= key
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	188	INV {!j. j<i --> A!j ~= key}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	189	DO i := i+1 OD
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	190	{(i < length A --> A!i = key) &
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	191	(i = length A --> (!j. j < length A --> A!j ~= key))}"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	192	apply vcg_simp
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	193	apply(blast elim!: less_SucE)
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	194	done
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	195
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	196	(*
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	197	The `partition' procedure for quicksort.
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	198	`A' is the array to be sorted (modelled as a list).
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	199	Elements of A must be of class order to infer at the end
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	200	that the elements between u and l are equal to pivot.
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	201
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	202	Ambiguity warnings of parser are due to := being used
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	203	both for assignment and list update.
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	204	*)
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	205	lemma lem: "m - Suc 0 < n ==> m < Suc n"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	206	by arith
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	207
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	208
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	209	lemma Partition:
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	210	"[\| leq == %A i. !k. k<i --> A!k <= pivot;
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	211	geq == %A i. !k. i<k & k<length A --> pivot <= A!k \|] ==>
13737 e564c3d2d174 added a few lemmas nipkow parents: 13684 diff changeset	212	VARS A u l
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	213	{0 < length(A::('a::order)list)}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	214	l := 0; u := length A - Suc 0;
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	215	WHILE l <= u
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	216	INV {leq A l & geq A u & u<length A & l<=length A}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	217	DO WHILE l < length A & A!l <= pivot
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	218	INV {leq A l & geq A u & u<length A & l<=length A}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	219	DO l := l+1 OD;
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	220	WHILE 0 < u & pivot <= A!u
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	221	INV {leq A l & geq A u & u<length A & l<=length A}
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	222	DO u := u - 1 OD;
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	223	IF l <= u THEN A := A[l := A!u, u := A!l] ELSE SKIP FI
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	224	OD
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	225	{leq A u & (!k. u<k & k<l --> A!k = pivot) & geq A l}"
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	226	(* expand and delete abbreviations first *)
58860 fee7cfa69c50 eliminated spurious semicolons; wenzelm parents: 42154 diff changeset	227	apply (simp)
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	228	apply (erule thin_rl)+
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	229	apply vcg_simp
16733 236dfafbeb63 linear arithmetic now takes "&" in assumptions apart. nipkow parents: 16417 diff changeset	230	apply (force simp: neq_Nil_conv)
236dfafbeb63 linear arithmetic now takes "&" in assumptions apart. nipkow parents: 16417 diff changeset	231	apply (blast elim!: less_SucE intro: Suc_leI)
236dfafbeb63 linear arithmetic now takes "&" in assumptions apart. nipkow parents: 16417 diff changeset	232	apply (blast elim!: less_SucE intro: less_imp_diff_less dest: lem)
236dfafbeb63 linear arithmetic now takes "&" in assumptions apart. nipkow parents: 16417 diff changeset	233	apply (force simp: nth_list_update)
13682 91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	234	done
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	235
91674c8a008b conversion ML -> thy nipkow parents: 5646 diff changeset	236	end

author	wenzelm
	Sun, 24 Jan 2016 15:25:39 +0100
changeset 62242	a4e6ea45f416
parent 58860	fee7cfa69c50
child 62390	842917225d56
permissions	-rw-r--r--