Library quicksort3_QuickSort_WP_parameter_quick_sort1_1

This file is generated by Why3's Coq 8.4 driver
Beware! Only edit allowed sections below


Require Import BuiltIn.
Require BuiltIn.
Require int.Int.
Require map.Map.
Require map.MapPermut.

Definition unit := unit.

Inductive ref (a:Type) {a_WT:WhyType a} :=
  | mk_ref : a -> ref a.
Axiom ref_WhyType : forall (a:Type) {a_WT:WhyType a}, WhyType (ref a).
Existing Instance ref_WhyType.
Implicit Arguments mk_ref [[a] [a_WT]].

Definition contents {a:Type} {a_WT:WhyType a} (v:(ref a)): a :=
  match v with
  | (mk_ref x) => x
  end.

Inductive array
  (a:Type) {a_WT:WhyType a} :=
  | mk_array : Z -> (map.Map.map Z a) -> array a.
Axiom array_WhyType : forall (a:Type) {a_WT:WhyType a}, WhyType (array a).
Existing Instance array_WhyType.
Implicit Arguments mk_array [[a] [a_WT]].

Definition elts {a:Type} {a_WT:WhyType a} (v:(array a)): (map.Map.map Z a) :=
  match v with
  | (mk_array x x1) => x1
  end.

Definition length {a:Type} {a_WT:WhyType a} (v:(array a)): Z :=
  match v with
  | (mk_array x x1) => x
  end.

Definition get {a:Type} {a_WT:WhyType a} (a1:(array a)) (i:Z): a :=
  (map.Map.get (elts a1) i).

Definition set {a:Type} {a_WT:WhyType a} (a1:(array a)) (i:Z) (v:a): (array
  a) := (mk_array (length a1) (map.Map.set (elts a1) i v)).

Definition make {a:Type} {a_WT:WhyType a} (n:Z) (v:a): (array a) :=
  (mk_array n (map.Map.const v:(map.Map.map Z a))).

Definition sorted_sub (a:(map.Map.map Z Z)) (l:Z) (u:Z): Prop :=
  forall (i1:Z) (i2:Z), (((l <= i1)%Z /\ (i1 <= i2)%Z) /\ (i2 < u)%Z) ->
  ((map.Map.get a i1) <= (map.Map.get a i2))%Z.

Definition sorted_sub1 (a:(array Z)) (l:Z) (u:Z): Prop := (sorted_sub
  (elts a) l u).

Definition sorted (a:(array Z)): Prop := (sorted_sub (elts a) 0%Z
  (length a)).

Definition exchange {a:Type} {a_WT:WhyType a} (a1:(array a)) (a2:(array a))
  (i:Z) (j:Z): Prop := (map.MapPermut.exchange (elts a1) (elts a2) i j).

Definition permut_sub {a:Type} {a_WT:WhyType a} (a1:(array a)) (a2:(array a))
  (l:Z) (u:Z): Prop := (map.MapPermut.permut_sub (elts a1) (elts a2) l u).

Definition permut {a:Type} {a_WT:WhyType a} (a1:(array a)) (a2:(array
  a)): Prop := ((length a1) = (length a2)) /\ (map.MapPermut.permut_sub
  (elts a1) (elts a2) 0%Z (length a1)).

Axiom exchange_permut : forall {a:Type} {a_WT:WhyType a}, forall (a1:(array
  a)) (a2:(array a)) (i:Z) (j:Z), (exchange a1 a2 i j) ->
  (((length a1) = (length a2)) -> (((0%Z <= i)%Z /\ (i < (length a1))%Z) ->
  (((0%Z <= j)%Z /\ (j < (length a1))%Z) -> (permut a1 a2)))).

Axiom permut_sym : forall {a:Type} {a_WT:WhyType a}, forall (a1:(array a))
  (a2:(array a)), (permut a1 a2) -> (permut a2 a1).

Axiom permut_trans : forall {a:Type} {a_WT:WhyType a}, forall (a1:(array a))
  (a2:(array a)) (a3:(array a)), (permut a1 a2) -> ((permut a2 a3) -> (permut
  a1 a3)).

Definition map_eq_sub {a:Type} {a_WT:WhyType a} (a1:(map.Map.map Z a))
  (a2:(map.Map.map Z a)) (l:Z) (u:Z): Prop := forall (i:Z), ((l <= i)%Z /\
  (i < u)%Z) -> ((map.Map.get a1 i) = (map.Map.get a2 i)).

Definition array_eq_sub {a:Type} {a_WT:WhyType a} (a1:(array a)) (a2:(array
  a)) (l:Z) (u:Z): Prop := (map_eq_sub (elts a1) (elts a2) l u).

Definition array_eq {a:Type} {a_WT:WhyType a} (a1:(array a)) (a2:(array
  a)): Prop := ((length a1) = (length a2)) /\ (array_eq_sub a1 a2 0%Z
  (length a1)).

Axiom array_eq_sub_permut : forall {a:Type} {a_WT:WhyType a},
  forall (a1:(array a)) (a2:(array a)) (l:Z) (u:Z), (array_eq_sub a1 a2 l
  u) -> (permut_sub a1 a2 l u).

Axiom array_eq_permut : forall {a:Type} {a_WT:WhyType a}, forall (a1:(array
  a)) (a2:(array a)), (array_eq a1 a2) -> (permut a1 a2).

Definition div_sub (a:(array Z)) (l:Z) (m:Z) (u:Z): Prop := (forall (i:Z),
  ((l <= i)%Z /\ (i < m)%Z) -> ((get a i) <= (get a m))%Z) /\ forall (j:Z),
  (((m + 1%Z)%Z <= j)%Z /\ (j < u)%Z) -> ((get a m) <= (get a j))%Z.

Axiom sorted_div_sorted_sub : forall (a:(array Z)), forall (l:Z) (m:Z) (u:Z),
  (sorted_sub1 a l m) -> ((div_sub a l m u) -> ((sorted_sub1 a (m + 1%Z)%Z
  u) -> (sorted_sub1 a l u))).

Interactive proof using ssreflect

Require Import ssreflect.
Ltac compress :=
  repeat (match goal with [H1: ?A, H2: ?A |- _] => clear H2 end).

Lemma losorted_hipermut_losorted (a1 a2: Map.map int int) (l m u: int) :
  sorted_sub a1 l (m-1) -> MapPermut.permut_sub a1 a2 m u -> sorted_sub a2 l (m-1).
Proof.
 move=> a1_losorted a1_hipermut.
 unfold sorted_sub => l1 l2 [[hll1 hl1l2] l2m].
 rewrite !(MapPermut.permut_eq a1 a2 m u); [ | |omega | | omega].
 - by apply a1_losorted; [omega].
 - exact a1_hipermut.
 - exact a1_hipermut.
Qed.

Lemma sorted_array_to_sorted_map (a1: array int) (a2: Map.map int int):
  forall l u: int, a2 = elts a1 -> sorted_sub1 a1 l u = sorted_sub a2 l u.
Proof.
 move=> l u eq.
 unfold sorted_sub1.
 by rewrite eq //.
Qed.

Why3 goal
Theorem WP_parameter_quick_sort1 : forall (a:Z) (lo:Z) (hi:Z),
  forall (a1:(map.Map.map Z Z)), ((0%Z <= a)%Z /\ (((0%Z <= lo)%Z /\
  (lo <= a)%Z) /\ ((0%Z <= hi)%Z /\ (hi <= a)%Z))) ->
  ((lo < (hi - 1%Z)%Z)%Z -> (((lo + 1%Z)%Z <= (hi - 1%Z)%Z)%Z -> forall (i:Z)
  (a2:(map.Map.map Z Z)), (((((lo < i)%Z /\
  (i <= ((hi - 1%Z)%Z + 1%Z)%Z)%Z) /\ forall (k:Z), (((lo + 1%Z)%Z <= k)%Z /\
  (k < i)%Z) -> ((map.Map.get a2 k) <= (map.Map.get a2 lo))%Z) /\
  forall (k':Z), ((i <= k')%Z /\ (k' < ((hi - 1%Z)%Z + 1%Z)%Z)%Z) ->
  ((map.Map.get a2 lo) <= (map.Map.get a2 k'))%Z) /\
  (map.MapPermut.permut_sub a1 a2 (lo + 1%Z)%Z hi)) -> (((0%Z <= a)%Z /\
  (((0%Z <= lo)%Z /\ (lo < a)%Z) /\ ((0%Z <= (i - 1%Z)%Z)%Z /\
  ((i - 1%Z)%Z < a)%Z))) -> forall (a3:(map.Map.map Z Z)), ((0%Z <= a)%Z /\
  (map.MapPermut.exchange a2 a3 lo (i - 1%Z)%Z)) -> ((div_sub (mk_array a a3)
  lo (i - 1%Z)%Z hi) -> ((((0%Z <= lo)%Z /\ (lo <= a)%Z) /\
  ((0%Z <= (i - 1%Z)%Z)%Z /\ ((i - 1%Z)%Z <= a)%Z)) ->
  forall (a4:(map.Map.map Z Z)), ((0%Z <= a)%Z /\ ((sorted_sub a4 lo
  (i - 1%Z)%Z) /\ (map.MapPermut.permut_sub a3 a4 lo (i - 1%Z)%Z))) ->
  ((((0%Z <= i)%Z /\ (i <= a)%Z) /\ ((0%Z <= hi)%Z /\ (hi <= a)%Z)) ->
  forall (a5:(map.Map.map Z Z)), ((0%Z <= a)%Z /\ ((sorted_sub a5 i hi) /\
  (map.MapPermut.permut_sub a4 a5 i hi))) -> ((div_sub (mk_array a a5) lo
  (i - 1%Z)%Z hi) -> (sorted_sub a5 lo hi)))))))).

move=> a lo hi a1 [h1 [[h2 h3] [h4 h5]]] h6 h7 i a2 [[[[h8 h9] h10]
h11] a1_to_a2] [h13 [[h14 h15] [h16 h17]]] a3 [h18 a2_to_a3] h20 [[h21
h22] [h23 h24]] a4 [h25 [a4_losorted a3_to_a4]] [[h28 h29] [h30 h31]]
a5 [h32 [a5_hisorted a4_hipermut]] a5_div; compress.

pose m5 := mk_array (hi-lo) a5.
rewrite -(sorted_array_to_sorted_map m5 a5) //=.
apply (sorted_div_sorted_sub m5 lo (i-1) hi).
- rewrite (sorted_array_to_sorted_map m5 a5) //=.
  apply (losorted_hipermut_losorted a4 a5 lo i hi).
  + exact a4_losorted.
  + exact a4_hipermut.
- exact a5_div.
- rewrite Z.sub_add.
  rewrite (sorted_array_to_sorted_map m5 a5); [ | reflexivity].
  exact a5_hisorted.
Qed.

This page has been generated by coqdoc