equal
deleted
inserted
replaced
218 OD |
218 OD |
219 \<lbrace>\<acute>S = (\<Sum>j<n. j)\<rbrace>" |
219 \<lbrace>\<acute>S = (\<Sum>j<n. j)\<rbrace>" |
220 proof - |
220 proof - |
221 let ?sum = "\<lambda>k::nat. \<Sum>j<k. j" |
221 let ?sum = "\<lambda>k::nat. \<Sum>j<k. j" |
222 let ?inv = "\<lambda>s i::nat. s = ?sum i" |
222 let ?inv = "\<lambda>s i::nat. s = ?sum i" |
223 |
|
224 show ?thesis |
223 show ?thesis |
225 proof hoare |
224 proof hoare |
226 show "?inv 0 1" by simp |
225 show "?inv 0 1" by simp |
227 next |
226 show "?inv (s + i) (i + 1)" if "?inv s i \<and> i \<noteq> n" for s i |
228 fix s i |
227 using prems by simp |
229 assume "?inv s i \<and> i \<noteq> n" |
228 show "s = ?sum n" if "?inv s i \<and> \<not> i \<noteq> n" for s i |
230 then show "?inv (s + i) (i + 1)" by simp |
229 using prems by simp |
231 next |
|
232 fix s i |
|
233 assume "?inv s i \<and> \<not> i \<noteq> n" |
|
234 then show "s = ?sum n" by simp |
|
235 qed |
230 qed |
236 qed |
231 qed |
237 |
232 |
238 text \<open>Certainly, this proof may be done fully automatic as well, |
233 text \<open>Certainly, this proof may be done fully automatic as well, |
239 provided that the invariant is given beforehand.\<close> |
234 provided that the invariant is given beforehand.\<close> |