isabelle: src/HOL/SPARK/Examples/Liseq/Longest_Increasing_Subsequence.thy@61c39a9e5415 (annotated)

41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	1	(* Title: HOL/SPARK/Examples/Liseq/Longest_Increasing_Subsequence.thy
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	2	Author: Stefan Berghofer
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	3	Copyright: secunet Security Networks AG
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	4	*)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	5
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	6	theory Longest_Increasing_Subsequence
66992 69673025292e less global theories -- avoid confusion about special cases; wenzelm parents: 66453 diff changeset	7	imports "HOL-SPARK.SPARK"
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	8	begin
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	9
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	10	text \<open>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	11	Set of all increasing subsequences in a prefix of an array
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	12	\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	13
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	14	definition iseq :: "(nat \<Rightarrow> 'a::linorder) \<Rightarrow> nat \<Rightarrow> nat set set" where
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	15	"iseq xs l = {is. (\<forall>i\<in>is. i < l) \<and>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	16	(\<forall>i\<in>is. \<forall>j\<in>is. i \<le> j \<longrightarrow> xs i \<le> xs j)}"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	17
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	18	text \<open>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	19	Length of longest increasing subsequence in a prefix of an array
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	20	\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	21
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	22	definition liseq :: "(nat \<Rightarrow> 'a::linorder) \<Rightarrow> nat \<Rightarrow> nat" where
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	23	"liseq xs i = Max (card ` iseq xs i)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	24
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	25	text \<open>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	26	Length of longest increasing subsequence ending at a particular position
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	27	\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	28
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	29	definition liseq' :: "(nat \<Rightarrow> 'a::linorder) \<Rightarrow> nat \<Rightarrow> nat" where
56798 939e88e79724 Discontinued old spark_open; spark_open_siv is now spark_open berghofe parents: 44890 diff changeset	30	"liseq' xs i = Max (card ` (iseq xs (Suc i) \<inter> {is. Max is = i}))"
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	31
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	32	lemma iseq_finite: "finite (iseq xs i)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	33	apply (simp add: iseq_def)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	34	apply (rule finite_subset [OF _
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	35	finite_Collect_subsets [of "{j. j < i}"]])
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	36	apply auto
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	37	done
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	38
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	39	lemma iseq_finite': "is \<in> iseq xs i \<Longrightarrow> finite is"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	40	by (auto simp add: iseq_def bounded_nat_set_is_finite)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	41
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	42	lemma iseq_singleton: "i < l \<Longrightarrow> {i} \<in> iseq xs l"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	43	by (simp add: iseq_def)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	44
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	45	lemma iseq_trivial: "{} \<in> iseq xs i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	46	by (simp add: iseq_def)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	47
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	48	lemma iseq_nonempty: "iseq xs i \<noteq> {}"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	49	by (auto intro: iseq_trivial)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	50
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	51	lemma liseq'_ge1: "1 \<le> liseq' xs x"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	52	apply (simp add: liseq'_def)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	53	apply (subgoal_tac "iseq xs (Suc x) \<inter> {is. Max is = x} \<noteq> {}")
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	54	apply (simp add: Max_ge_iff iseq_finite)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	55	apply (rule_tac x="{x}" in bexI)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	56	apply (auto intro: iseq_singleton)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	57	done
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	58
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	59	lemma liseq_expand:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	60	assumes R: "\<And>is. liseq xs i = card is \<Longrightarrow> is \<in> iseq xs i \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	61	(\<And>js. js \<in> iseq xs i \<Longrightarrow> card js \<le> card is) \<Longrightarrow> P"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	62	shows "P"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	63	proof -
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	64	have "Max (card ` iseq xs i) \<in> card ` iseq xs i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	65	by (rule Max_in) (simp_all add: iseq_finite iseq_nonempty)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	66	then obtain js where js: "liseq xs i = card js" and "js \<in> iseq xs i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	67	by (rule imageE) (simp add: liseq_def)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	68	moreover {
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	69	fix js'
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	70	assume "js' \<in> iseq xs i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	71	then have "card js' \<le> card js"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	72	by (simp add: js [symmetric] liseq_def iseq_finite iseq_trivial)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	73	}
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	74	ultimately show ?thesis by (rule R)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	75	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	76
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	77	lemma liseq'_expand:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	78	assumes R: "\<And>is. liseq' xs i = card is \<Longrightarrow> is \<in> iseq xs (Suc i) \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	79	finite is \<Longrightarrow> Max is = i \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	80	(\<And>js. js \<in> iseq xs (Suc i) \<Longrightarrow> Max js = i \<Longrightarrow> card js \<le> card is) \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	81	is \<noteq> {} \<Longrightarrow> P"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	82	shows "P"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	83	proof -
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	84	have "Max (card ` (iseq xs (Suc i) \<inter> {is. Max is = i})) \<in>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	85	card ` (iseq xs (Suc i) \<inter> {is. Max is = i})"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	86	by (auto simp add: iseq_finite intro!: iseq_singleton Max_in)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	87	then obtain js where js: "liseq' xs i = card js" and "js \<in> iseq xs (Suc i)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	88	and "finite js" and "Max js = i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	89	by (auto simp add: liseq'_def intro: iseq_finite')
81354 a1567e05f7fd tuned proofs; wenzelm parents: 72302 diff changeset	90	moreover have max: "card js' \<le> card js" if "js' \<in> iseq xs (Suc i)" "Max js' = i" for js'
a1567e05f7fd tuned proofs; wenzelm parents: 72302 diff changeset	91	using that by (auto simp add: js [symmetric] liseq'_def iseq_finite intro!: iseq_singleton)
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	92	moreover have "card {i} \<le> card js"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	93	by (rule max) (simp_all add: iseq_singleton)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	94	then have "js \<noteq> {}" by auto
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	95	ultimately show ?thesis by (rule R)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	96	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	97
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	98	lemma liseq'_ge:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	99	"j = card js \<Longrightarrow> js \<in> iseq xs (Suc i) \<Longrightarrow> Max js = i \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	100	js \<noteq> {} \<Longrightarrow> j \<le> liseq' xs i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	101	by (simp add: liseq'_def iseq_finite)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	102
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	103	lemma liseq'_eq:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	104	"j = card js \<Longrightarrow> js \<in> iseq xs (Suc i) \<Longrightarrow> Max js = i \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	105	js \<noteq> {} \<Longrightarrow> (\<And>js'. js' \<in> iseq xs (Suc i) \<Longrightarrow> Max js' = i \<Longrightarrow> finite js' \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	106	js' \<noteq> {} \<Longrightarrow> card js' \<le> card js) \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	107	j = liseq' xs i"
44890 22f665a2e91c new fastforce replacing fastsimp - less confusing name nipkow parents: 41588 diff changeset	108	by (fastforce simp add: liseq'_def iseq_finite
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	109	intro: Max_eqI [symmetric])
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	110
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	111	lemma liseq_ge:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	112	"j = card js \<Longrightarrow> js \<in> iseq xs i \<Longrightarrow> j \<le> liseq xs i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	113	by (auto simp add: liseq_def iseq_finite)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	114
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	115	lemma liseq_eq:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	116	"j = card js \<Longrightarrow> js \<in> iseq xs i \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	117	(\<And>js'. js' \<in> iseq xs i \<Longrightarrow> finite js' \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	118	js' \<noteq> {} \<Longrightarrow> card js' \<le> card js) \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	119	j = liseq xs i"
44890 22f665a2e91c new fastforce replacing fastsimp - less confusing name nipkow parents: 41588 diff changeset	120	by (fastforce simp add: liseq_def iseq_finite
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	121	intro: Max_eqI [symmetric])
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	122
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	123	lemma max_notin: "finite xs \<Longrightarrow> Max xs < x \<Longrightarrow> x \<notin> xs"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	124	by (cases "xs = {}") auto
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	125
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	126	lemma iseq_insert:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	127	"xs (Max is) \<le> xs i \<Longrightarrow> is \<in> iseq xs i \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	128	is \<union> {i} \<in> iseq xs (Suc i)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	129	apply (frule iseq_finite')
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	130	apply (cases "is = {}")
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	131	apply (auto simp add: iseq_def)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	132	apply (rule order_trans [of _ "xs (Max is)"])
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	133	apply auto
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	134	apply (thin_tac "\<forall>a\<in>is. a < i")
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	135	apply (drule_tac x=ia in bspec)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	136	apply assumption
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	137	apply (drule_tac x="Max is" in bspec)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	138	apply (auto intro: Max_in)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	139	done
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	140
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	141	lemma iseq_diff: "is \<in> iseq xs (Suc (Max is)) \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	142	is - {Max is} \<in> iseq xs (Suc (Max (is - {Max is})))"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	143	apply (frule iseq_finite')
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	144	apply (simp add: iseq_def less_Suc_eq_le)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	145	done
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	146
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	147	lemma iseq_butlast:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	148	assumes "js \<in> iseq xs (Suc i)" and "js \<noteq> {}"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	149	and "Max js \<noteq> i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	150	shows "js \<in> iseq xs i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	151	proof -
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	152	from assms have fin: "finite js"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	153	by (simp add: iseq_finite')
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	154	with assms have "Max js \<in> js"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	155	by auto
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	156	with assms have "Max js < i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	157	by (auto simp add: iseq_def)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	158	with fin assms have "\<forall>j\<in>js. j < i"
41588 9546828c0eb3 tuned; wenzelm parents: 41561 diff changeset	159	by simp
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	160	with assms show ?thesis
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	161	by (simp add: iseq_def)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	162	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	163
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	164	lemma iseq_mono: "is \<in> iseq xs i \<Longrightarrow> i \<le> j \<Longrightarrow> is \<in> iseq xs j"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	165	by (auto simp add: iseq_def)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	166
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	167	lemma diff_nonempty:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	168	assumes "1 < card is"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	169	shows "is - {i} \<noteq> {}"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	170	proof -
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	171	from assms have fin: "finite is" by (auto intro: card_ge_0_finite)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	172	with assms fin have "card is - 1 \<le> card (is - {i})"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	173	by (simp add: card_Diff_singleton_if)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	174	with assms have "0 < card (is - {i})" by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	175	then show ?thesis by (simp add: card_gt_0_iff)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	176	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	177
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	178	lemma Max_diff:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	179	assumes "1 < card is"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	180	shows "Max (is - {Max is}) < Max is"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	181	proof -
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	182	from assms have "finite is" by (auto intro: card_ge_0_finite)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	183	moreover from assms have "is - {Max is} \<noteq> {}"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	184	by (rule diff_nonempty)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	185	ultimately show ?thesis using assms
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	186	apply (auto simp add: not_less)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	187	apply (subgoal_tac "a \<le> Max is")
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	188	apply auto
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	189	done
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	190	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	191
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	192	lemma iseq_nth: "js \<in> iseq xs l \<Longrightarrow> 1 < card js \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	193	xs (Max (js - {Max js})) \<le> xs (Max js)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	194	apply (auto simp add: iseq_def)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	195	apply (subgoal_tac "Max (js - {Max js}) \<in> js")
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	196	apply (thin_tac "\<forall>i\<in>js. i < l")
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	197	apply (drule_tac x="Max (js - {Max js})" in bspec)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	198	apply assumption
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	199	apply (drule_tac x="Max js" in bspec)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	200	using card_gt_0_iff [of js]
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	201	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	202	using Max_diff [of js]
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	203	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	204	using Max_in [of "js - {Max js}", OF _ diff_nonempty] card_gt_0_iff [of js]
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	205	apply auto
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	206	done
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	207
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	208	lemma card_leq1_singleton:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	209	assumes "finite xs" "xs \<noteq> {}" "card xs \<le> 1"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	210	obtains x where "xs = {x}"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	211	using assms
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	212	by induct simp_all
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	213
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	214	lemma longest_iseq1:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	215	"liseq' xs i =
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	216	Max ({0} \<union> {liseq' xs j \|j. j < i \<and> xs j \<le> xs i}) + 1"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	217	proof -
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	218	have "Max ({0} \<union> {liseq' xs j \|j. j < i \<and> xs j \<le> xs i}) = liseq' xs i - 1"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	219	proof (rule Max_eqI)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	220	fix y
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	221	assume "y \<in> {0} \<union> {liseq' xs j \|j. j < i \<and> xs j \<le> xs i}"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	222	then show "y \<le> liseq' xs i - 1"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	223	proof
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	224	assume "y \<in> {liseq' xs j \|j. j < i \<and> xs j \<le> xs i}"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	225	then obtain j where j: "j < i" "xs j \<le> xs i" "y = liseq' xs j"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	226	by auto
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	227	have "liseq' xs j + 1 \<le> liseq' xs i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	228	proof (rule liseq'_expand)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	229	fix "is"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	230	assume H: "liseq' xs j = card is" "is \<in> iseq xs (Suc j)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	231	"finite is" "Max is = j" "is \<noteq> {}"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	232	from H j have "card is + 1 = card (is \<union> {i})"
72302 d7d90ed4c74e fixed some remarkably ugly proofs paulson <lp15@cam.ac.uk> parents: 69605 diff changeset	233	by (simp add: card.insert_remove max_notin)
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	234	moreover {
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	235	from H j have "xs (Max is) \<le> xs i" by simp
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	236	moreover from \<open>j < i\<close> have "Suc j \<le> i" by simp
0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	237	with \<open>is \<in> iseq xs (Suc j)\<close> have "is \<in> iseq xs i"
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	238	by (rule iseq_mono)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	239	ultimately have "is \<union> {i} \<in> iseq xs (Suc i)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	240	by (rule iseq_insert)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	241	} moreover from H j have "Max (is \<union> {i}) = i" by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	242	moreover have "is \<union> {i} \<noteq> {}" by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	243	ultimately have "card is + 1 \<le> liseq' xs i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	244	by (rule liseq'_ge)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	245	with H show ?thesis by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	246	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	247	with j show "y \<le> liseq' xs i - 1"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	248	by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	249	qed simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	250	next
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	251	have "liseq' xs i \<le> 1 \<or>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	252	(\<exists>j. liseq' xs i - 1 = liseq' xs j \<and> j < i \<and> xs j \<le> xs i)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	253	proof (rule liseq'_expand)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	254	fix "is"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	255	assume H: "liseq' xs i = card is" "is \<in> iseq xs (Suc i)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	256	"finite is" "Max is = i" "is \<noteq> {}"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	257	assume R: "\<And>js. js \<in> iseq xs (Suc i) \<Longrightarrow> Max js = i \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	258	card js \<le> card is"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	259	show ?thesis
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	260	proof (cases "card is \<le> 1")
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	261	case True with H show ?thesis by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	262	next
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	263	case False
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	264	then have "1 < card is" by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	265	then have "Max (is - {Max is}) < Max is"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	266	by (rule Max_diff)
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	267	from \<open>is \<in> iseq xs (Suc i)\<close> \<open>1 < card is\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	268	have "xs (Max (is - {Max is})) \<le> xs (Max is)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	269	by (rule iseq_nth)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	270	have "card is - 1 = liseq' xs (Max (is - {i}))"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	271	proof (rule liseq'_eq)
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	272	from \<open>Max is = i\<close> [symmetric] \<open>finite is\<close> \<open>is \<noteq> {}\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	273	show "card is - 1 = card (is - {i})" by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	274	next
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	275	from \<open>is \<in> iseq xs (Suc i)\<close> \<open>Max is = i\<close> [symmetric]
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	276	show "is - {i} \<in> iseq xs (Suc (Max (is - {i})))"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	277	by simp (rule iseq_diff)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	278	next
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	279	from \<open>1 < card is\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	280	show "is - {i} \<noteq> {}" by (rule diff_nonempty)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	281	next
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	282	fix js
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	283	assume "js \<in> iseq xs (Suc (Max (is - {i})))"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	284	"Max js = Max (is - {i})" "finite js" "js \<noteq> {}"
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	285	from \<open>xs (Max (is - {Max is})) \<le> xs (Max is)\<close>
0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	286	\<open>Max js = Max (is - {i})\<close> \<open>Max is = i\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	287	have "xs (Max js) \<le> xs i" by simp
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	288	moreover from \<open>Max is = i\<close> \<open>Max (is - {Max is}) < Max is\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	289	have "Suc (Max (is - {i})) \<le> i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	290	by simp
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	291	with \<open>js \<in> iseq xs (Suc (Max (is - {i})))\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	292	have "js \<in> iseq xs i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	293	by (rule iseq_mono)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	294	ultimately have "js \<union> {i} \<in> iseq xs (Suc i)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	295	by (rule iseq_insert)
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	296	moreover from \<open>js \<noteq> {}\<close> \<open>finite js\<close> \<open>Max js = Max (is - {i})\<close>
0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	297	\<open>Max is = i\<close> [symmetric] \<open>Max (is - {Max is}) < Max is\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	298	have "Max (js \<union> {i}) = i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	299	by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	300	ultimately have "card (js \<union> {i}) \<le> card is" by (rule R)
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	301	moreover from \<open>Max is = i\<close> [symmetric] \<open>finite js\<close>
0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	302	\<open>Max (is - {Max is}) < Max is\<close> \<open>Max js = Max (is - {i})\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	303	have "i \<notin> js" by (simp add: max_notin)
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	304	with \<open>finite js\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	305	have "card (js \<union> {i}) = card ((js \<union> {i}) - {i}) + 1"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	306	by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	307	ultimately show "card js \<le> card (is - {i})"
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	308	using \<open>i \<notin> js\<close> \<open>Max is = i\<close> [symmetric] \<open>is \<noteq> {}\<close> \<open>finite is\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	309	by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	310	qed simp
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	311	with H \<open>Max (is - {Max is}) < Max is\<close>
0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	312	\<open>xs (Max (is - {Max is})) \<le> xs (Max is)\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	313	show ?thesis by auto
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	314	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	315	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	316	then show "liseq' xs i - 1 \<in> {0} \<union>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	317	{liseq' xs j \|j. j < i \<and> xs j \<le> xs i}" by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	318	qed simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	319	moreover have "1 \<le> liseq' xs i" by (rule liseq'_ge1)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	320	ultimately show ?thesis by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	321	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	322
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	323	lemma longest_iseq2': "liseq xs i < liseq' xs i \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	324	liseq xs (Suc i) = liseq' xs i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	325	apply (rule_tac xs=xs and i=i in liseq'_expand)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	326	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	327	apply (rule liseq_eq [symmetric])
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	328	apply (rule refl)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	329	apply assumption
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	330	apply (case_tac "Max js' = i")
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	331	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	332	apply (drule_tac js=js' in iseq_butlast)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	333	apply assumption+
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	334	apply (drule_tac js=js' in liseq_ge [OF refl])
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	335	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	336	done
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	337
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	338	lemma longest_iseq2: "liseq xs i < liseq' xs i \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	339	liseq xs i + 1 = liseq' xs i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	340	apply (rule_tac xs=xs and i=i in liseq'_expand)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	341	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	342	apply (rule_tac xs=xs and i=i in liseq_expand)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	343	apply (drule_tac s="Max is" in sym)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	344	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	345	apply (case_tac "card is \<le> 1")
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	346	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	347	apply (drule iseq_diff)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	348	apply (drule_tac i="Suc (Max (is - {Max is}))" and j="Max is" in iseq_mono)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	349	apply (simp add: less_eq_Suc_le [symmetric])
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	350	apply (rule Max_diff)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	351	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	352	apply (drule_tac x="is - {Max is}" in meta_spec,
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	353	drule meta_mp, assumption)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	354	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	355	done
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	356
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	357	lemma longest_iseq3:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	358	"liseq xs j = liseq' xs i \<Longrightarrow> xs i \<le> xs j \<Longrightarrow> i < j \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	359	liseq xs (Suc j) = liseq xs j + 1"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	360	apply (rule_tac xs=xs and i=j in liseq_expand)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	361	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	362	apply (rule_tac xs=xs and i=i in liseq'_expand)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	363	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	364	apply (rule_tac js="isa \<union> {j}" in liseq_eq [symmetric])
72302 d7d90ed4c74e fixed some remarkably ugly proofs paulson <lp15@cam.ac.uk> parents: 69605 diff changeset	365	apply (simp add: card.insert_remove card_Diff_singleton_if max_notin)
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	366	apply (rule iseq_insert)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	367	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	368	apply (erule iseq_mono)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	369	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	370	apply (case_tac "j = Max js'")
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	371	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	372	apply (drule iseq_diff)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	373	apply (drule_tac x="js' - {j}" in meta_spec)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	374	apply (drule meta_mp)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	375	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	376	apply (case_tac "card js' \<le> 1")
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	377	apply (erule_tac xs=js' in card_leq1_singleton)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	378	apply assumption+
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	379	apply (simp add: iseq_trivial)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	380	apply (erule iseq_mono)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	381	apply (simp add: less_eq_Suc_le [symmetric])
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	382	apply (rule Max_diff)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	383	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	384	apply (rule le_diff_iff [THEN iffD1, of 1])
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	385	apply (simp add: card_0_eq [symmetric] del: card_0_eq)
72302 d7d90ed4c74e fixed some remarkably ugly proofs paulson <lp15@cam.ac.uk> parents: 69605 diff changeset	386	apply (simp add: card.insert_remove)
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	387	apply (subgoal_tac "card (js' - {j}) = card js' - 1")
72302 d7d90ed4c74e fixed some remarkably ugly proofs paulson <lp15@cam.ac.uk> parents: 69605 diff changeset	388	apply (simp add: card.insert_remove card_Diff_singleton_if max_notin)
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	389	apply (frule_tac A=js' in Max_in)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	390	apply assumption
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	391	apply (simp add: card_Diff_singleton_if)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	392	apply (drule_tac js=js' in iseq_butlast)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	393	apply assumption
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	394	apply (erule not_sym)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	395	apply (drule_tac x=js' in meta_spec)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	396	apply (drule meta_mp)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	397	apply assumption
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	398	apply (simp add: card_insert_disjoint max_notin)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	399	done
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	400
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	401	lemma longest_iseq4:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	402	"liseq xs j = liseq' xs i \<Longrightarrow> xs i \<le> xs j \<Longrightarrow> i < j \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	403	liseq' xs j = liseq' xs i + 1"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	404	apply (rule_tac xs=xs and i=j in liseq_expand)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	405	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	406	apply (rule_tac xs=xs and i=i in liseq'_expand)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	407	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	408	apply (rule_tac js="isa \<union> {j}" in liseq'_eq [symmetric])
72302 d7d90ed4c74e fixed some remarkably ugly proofs paulson <lp15@cam.ac.uk> parents: 69605 diff changeset	409	apply (simp add: card.insert_remove card_Diff_singleton_if max_notin)
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	410	apply (rule iseq_insert)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	411	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	412	apply (erule iseq_mono)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	413	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	414	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	415	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	416	apply (drule_tac s="Max js'" in sym)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	417	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	418	apply (drule iseq_diff)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	419	apply (drule_tac x="js' - {j}" in meta_spec)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	420	apply (drule meta_mp)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	421	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	422	apply (case_tac "card js' \<le> 1")
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	423	apply (erule_tac xs=js' in card_leq1_singleton)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	424	apply assumption+
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	425	apply (simp add: iseq_trivial)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	426	apply (erule iseq_mono)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	427	apply (simp add: less_eq_Suc_le [symmetric])
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	428	apply (rule Max_diff)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	429	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	430	apply (rule le_diff_iff [THEN iffD1, of 1])
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	431	apply (simp add: card_0_eq [symmetric] del: card_0_eq)
72302 d7d90ed4c74e fixed some remarkably ugly proofs paulson <lp15@cam.ac.uk> parents: 69605 diff changeset	432	apply (simp add: card.insert_remove)
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	433	apply (subgoal_tac "card (js' - {j}) = card js' - 1")
72302 d7d90ed4c74e fixed some remarkably ugly proofs paulson <lp15@cam.ac.uk> parents: 69605 diff changeset	434	apply (simp add: card.insert_remove card_Diff_singleton_if max_notin)
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	435	apply (frule_tac A=js' in Max_in)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	436	apply assumption
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	437	apply (simp add: card_Diff_singleton_if)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	438	done
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	439
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	440	lemma longest_iseq5: "liseq' xs i \<le> liseq xs i \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	441	liseq xs (Suc i) = liseq xs i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	442	apply (rule_tac i=i and xs=xs in liseq'_expand)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	443	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	444	apply (rule_tac xs=xs and i=i in liseq_expand)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	445	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	446	apply (rule liseq_eq [symmetric])
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	447	apply (rule refl)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	448	apply (erule iseq_mono)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	449	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	450	apply (case_tac "Max js' = i")
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	451	apply (drule_tac x=js' in meta_spec)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	452	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	453	apply (drule iseq_butlast, assumption, assumption)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	454	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	455	done
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	456
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	457	lemma liseq_empty: "liseq xs 0 = 0"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	458	apply (rule_tac js="{}" in liseq_eq [symmetric])
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	459	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	460	apply (rule iseq_trivial)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	461	apply (simp add: iseq_def)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	462	done
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	463
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	464	lemma liseq'_singleton: "liseq' xs 0 = 1"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	465	by (simp add: longest_iseq1 [of _ 0])
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	466
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	467	lemma liseq_singleton: "liseq xs (Suc 0) = Suc 0"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	468	by (simp add: longest_iseq2' liseq_empty liseq'_singleton)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	469
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	470	lemma liseq'_Suc_unfold:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	471	"A j \<le> x \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	472	(insert 0 {liseq' A j' \|j'. j' < Suc j \<and> A j' \<le> x}) =
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	473	(insert 0 {liseq' A j' \|j'. j' < j \<and> A j' \<le> x}) \<union>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	474	{liseq' A j}"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	475	by (auto simp add: less_Suc_eq)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	476
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	477	lemma liseq'_Suc_unfold':
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	478	"\<not> (A j \<le> x) \<Longrightarrow>
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	479	{liseq' A j' \|j'. j' < Suc j \<and> A j' \<le> x} =
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	480	{liseq' A j' \|j'. j' < j \<and> A j' \<le> x}"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	481	by (auto simp add: less_Suc_eq)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	482
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	483	lemma iseq_card_limit:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	484	assumes "is \<in> iseq A i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	485	shows "card is \<le> i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	486	proof -
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	487	from assms have "is \<subseteq> {0..<i}"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	488	by (auto simp add: iseq_def)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	489	with finite_atLeastLessThan have "card is \<le> card {0..<i}"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	490	by (rule card_mono)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	491	with card_atLeastLessThan show ?thesis by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	492	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	493
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	494	lemma liseq_limit: "liseq A i \<le> i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	495	by (rule_tac xs=A and i=i in liseq_expand)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	496	(simp add: iseq_card_limit)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	497
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	498	lemma liseq'_limit: "liseq' A i \<le> i + 1"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	499	by (rule_tac xs=A and i=i in liseq'_expand)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	500	(simp add: iseq_card_limit)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	501
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	502	definition max_ext :: "(nat \<Rightarrow> 'a::linorder) \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> nat" where
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	503	"max_ext A i j = Max ({0} \<union> {liseq' A j' \|j'. j' < j \<and> A j' \<le> A i})"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	504
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	505	lemma max_ext_limit: "max_ext A i j \<le> j"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	506	apply (auto simp add: max_ext_def)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	507	apply (drule Suc_leI)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	508	apply (cut_tac i=j' and A=A in liseq'_limit)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	509	apply simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	510	done
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	511
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	512
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	513	text \<open>Proof functions\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	514
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	515	abbreviation (input)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	516	"arr_conv a \<equiv> (\<lambda>n. a (int n))"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	517
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	518	lemma idx_conv_suc:
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	519	"0 \<le> i \<Longrightarrow> nat (i + 1) = nat i + 1"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	520	by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	521
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	522	abbreviation liseq_ends_at' :: "(int \<Rightarrow> 'a::linorder) \<Rightarrow> int \<Rightarrow> int" where
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	523	"liseq_ends_at' A i \<equiv> int (liseq' (\<lambda>l. A (int l)) (nat i))"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	524
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	525	abbreviation liseq_prfx' :: "(int \<Rightarrow> 'a::linorder) \<Rightarrow> int \<Rightarrow> int" where
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	526	"liseq_prfx' A i \<equiv> int (liseq (\<lambda>l. A (int l)) (nat i))"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	527
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	528	abbreviation max_ext' :: "(int \<Rightarrow> 'a::linorder) \<Rightarrow> int \<Rightarrow> int \<Rightarrow> int" where
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	529	"max_ext' A i j \<equiv> int (max_ext (\<lambda>l. A (int l)) (nat i) (nat j))"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	530
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	531	spark_proof_functions
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	532	liseq_ends_at = "liseq_ends_at' :: (int \<Rightarrow> int) \<Rightarrow> int \<Rightarrow> int"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	533	liseq_prfx = "liseq_prfx' :: (int \<Rightarrow> int) \<Rightarrow> int \<Rightarrow> int"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	534	max_ext = "max_ext' :: (int \<Rightarrow> int) \<Rightarrow> int \<Rightarrow> int \<Rightarrow> int"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	535
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	536
63167 0909deb8059b isabelle update_cartouches -c -t; wenzelm parents: 58130 diff changeset	537	text \<open>The verification conditions\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	538
69605 a96320074298 isabelle update -u path_cartouches; wenzelm parents: 66992 diff changeset	539	spark_open \<open>liseq/liseq_length\<close>
41561 d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	540
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	541	spark_vc procedure_liseq_length_5
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	542	by (simp_all add: liseq_singleton liseq'_singleton)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	543
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	544	spark_vc procedure_liseq_length_6
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	545	proof -
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	546	from H1 H2 H3 H4
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	547	have eq: "liseq (arr_conv a) (nat i) =
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	548	liseq' (arr_conv a) (nat pmax)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	549	by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	550	from H14 H3 H4
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	551	have pmax1: "arr_conv a (nat pmax) \<le> arr_conv a (nat i)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	552	by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	553	from H3 H4 have pmax2: "nat pmax < nat i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	554	by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	555	{
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	556	fix i2
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	557	assume i2: "0 \<le> i2" "i2 \<le> i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	558	have "(l(i := l pmax + 1)) i2 =
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	559	int (liseq' (arr_conv a) (nat i2))"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	560	proof (cases "i2 = i")
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	561	case True
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	562	from eq pmax1 pmax2 have "liseq' (arr_conv a) (nat i) =
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	563	liseq' (arr_conv a) (nat pmax) + 1"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	564	by (rule longest_iseq4)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	565	with True H1 H3 H4 show ?thesis
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	566	by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	567	next
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	568	case False
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	569	with H1 i2 show ?thesis
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	570	by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	571	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	572	}
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	573	then show ?C1 by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	574	from eq pmax1 pmax2
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	575	have "liseq (arr_conv a) (Suc (nat i)) =
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	576	liseq (arr_conv a) (nat i) + 1"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	577	by (rule longest_iseq3)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	578	with H2 H3 H4 show ?C2
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	579	by (simp add: idx_conv_suc)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	580	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	581
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	582	spark_vc procedure_liseq_length_7
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	583	proof -
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	584	from H1 show ?C1
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	585	by (simp add: max_ext_def longest_iseq1 [of _ "nat i"])
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	586	from H6
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	587	have m: "max_ext (arr_conv a) (nat i) (nat i) + 1 =
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	588	liseq' (arr_conv a) (nat i)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	589	by (simp add: max_ext_def longest_iseq1 [of _ "nat i"])
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	590	with H2 H18
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	591	have gt: "liseq (arr_conv a) (nat i) < liseq' (arr_conv a) (nat i)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	592	by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	593	then have "liseq' (arr_conv a) (nat i) = liseq (arr_conv a) (nat i) + 1"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	594	by (rule longest_iseq2 [symmetric])
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	595	with H2 m show ?C2 by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	596	from gt have "liseq (arr_conv a) (Suc (nat i)) = liseq' (arr_conv a) (nat i)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	597	by (rule longest_iseq2')
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	598	with m H6 show ?C3 by (simp add: idx_conv_suc)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	599	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	600
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	601	spark_vc procedure_liseq_length_8
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	602	proof -
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	603	{
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	604	fix i2
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	605	assume i2: "0 \<le> i2" "i2 \<le> i"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	606	have "(l(i := max_ext' a i i + 1)) i2 =
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	607	int (liseq' (arr_conv a) (nat i2))"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	608	proof (cases "i2 = i")
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	609	case True
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	610	with H1 show ?thesis
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	611	by (simp add: max_ext_def longest_iseq1 [of _ "nat i"])
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	612	next
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	613	case False
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	614	with H1 i2 show ?thesis by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	615	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	616	}
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	617	then show ?C1 by simp
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	618	from H2 H6 H18
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	619	have "liseq' (arr_conv a) (nat i) \<le> liseq (arr_conv a) (nat i)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	620	by (simp add: max_ext_def longest_iseq1 [of _ "nat i"])
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	621	then have "liseq (arr_conv a) (Suc (nat i)) = liseq (arr_conv a) (nat i)"
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	622	by (rule longest_iseq5)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	623	with H2 H6 show ?C2 by (simp add: idx_conv_suc)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	624	qed
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	625
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	626	spark_vc procedure_liseq_length_12
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	627	by (simp add: max_ext_def)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	628
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	629	spark_vc procedure_liseq_length_13
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	630	using H1 H6 H13 H21 H22
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	631	by (simp add: max_ext_def
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	632	idx_conv_suc liseq'_Suc_unfold max_def del: Max_less_iff)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	633
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	634	spark_vc procedure_liseq_length_14
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	635	using H1 H6 H13 H21
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	636	by (cases "a j \<le> a i")
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	637	(simp_all add: max_ext_def
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	638	idx_conv_suc liseq'_Suc_unfold liseq'_Suc_unfold')
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	639
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	640	spark_vc procedure_liseq_length_19
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	641	using H3 H4 H5 H8 H9
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	642	apply (rule_tac y="int (nat i)" in order_trans)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	643	apply (cut_tac A="arr_conv a" and i="nat i" and j="nat i" in max_ext_limit)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	644	apply simp_all
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	645	done
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	646
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	647	spark_vc procedure_liseq_length_23
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	648	using H2 H3 H4 H7 H8 H11
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	649	apply (rule_tac y="int (nat i)" in order_trans)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	650	apply (cut_tac A="arr_conv a" and i="nat i" in liseq_limit)
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	651	apply simp_all
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	652	done
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	653
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	654	spark_vc procedure_liseq_length_29
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	655	using H2 H3 H8 H13
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	656	by (simp add: add1_zle_eq [symmetric])
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	657
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	658	spark_end
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	659
d1318f3c86ba Added new SPARK verification environment. berghofe parents: diff changeset	660	end

author	haftmann
	Fri, 27 Jun 2025 08:09:26 +0200
changeset 82775	61c39a9e5415
parent 81354	a1567e05f7fd
permissions	-rw-r--r--