fix realizations

[why3.git] / examples / kmp / kmp_WP_KnuthMorrisPratt_next_is_maximal_1.v

(* This file is generated by Why3's Coq driver *)
(* Beware! Only edit allowed sections below    *)
Require Import BuiltIn.
Require BuiltIn.
Require HighOrd.
Require int.Int.
Require map.Map.

(* Why3 assumption *)
Inductive ref (a:Type) :=
  | ref'mk : a -> ref a.
Axiom ref_WhyType : forall (a:Type) {a_WT:WhyType a}, WhyType (ref a).
Existing Instance ref_WhyType.
Arguments ref'mk {a}.

(* Why3 assumption *)
Definition contents {a:Type} {a_WT:WhyType a} (v:ref a) : a :=
  match v with
  | ref'mk x => x
  end.

Axiom array : forall (a:Type), Type.
Parameter array_WhyType :
  forall (a:Type) {a_WT:WhyType a}, WhyType (array a).
Existing Instance array_WhyType.

Parameter elts:
  forall {a:Type} {a_WT:WhyType a}, array a -> Numbers.BinNums.Z -> a.

Parameter length:
  forall {a:Type} {a_WT:WhyType a}, array a -> Numbers.BinNums.Z.

Axiom array'invariant :
  forall {a:Type} {a_WT:WhyType a},
  forall (self:array a), (0%Z <= (length self))%Z.

(* Why3 assumption *)
Definition mixfix_lbrb {a:Type} {a_WT:WhyType a} (a1:array a)
    (i:Numbers.BinNums.Z) : a :=
  elts a1 i.

Parameter mixfix_lblsmnrb:
  forall {a:Type} {a_WT:WhyType a}, array a -> Numbers.BinNums.Z -> a ->
  array a.

Axiom mixfix_lblsmnrb'spec'0 :
  forall {a:Type} {a_WT:WhyType a},
  forall (a1:array a) (i:Numbers.BinNums.Z) (v:a),
  ((length (mixfix_lblsmnrb a1 i v)) = (length a1)).

Axiom mixfix_lblsmnrb'spec :
  forall {a:Type} {a_WT:WhyType a},
  forall (a1:array a) (i:Numbers.BinNums.Z) (v:a),
  ((elts (mixfix_lblsmnrb a1 i v)) = (map.Map.set (elts a1) i v)).

Parameter make:
  forall {a:Type} {a_WT:WhyType a}, Numbers.BinNums.Z -> a -> array a.

Axiom make_spec :
  forall {a:Type} {a_WT:WhyType a},
  forall (n:Numbers.BinNums.Z) (v:a), (0%Z <= n)%Z ->
  (forall (i:Numbers.BinNums.Z), (0%Z <= i)%Z /\ (i < n)%Z ->
   ((mixfix_lbrb (make n v) i) = v)) /\
  ((length (make n v)) = n).

Axiom char : Type.
Parameter char_WhyType : WhyType char.
Existing Instance char_WhyType.

(* Why3 assumption *)
Definition matches (a1:array char) (i1:Numbers.BinNums.Z) (a2:array char)
    (i2:Numbers.BinNums.Z) (n:Numbers.BinNums.Z) : Prop :=
  ((0%Z <= i1)%Z /\ (i1 <= ((length a1) - n)%Z)%Z) /\
  ((0%Z <= i2)%Z /\ (i2 <= ((length a2) - n)%Z)%Z) /\
  (forall (i:Numbers.BinNums.Z), (0%Z <= i)%Z /\ (i < n)%Z ->
   ((mixfix_lbrb a1 (i1 + i)%Z) = (mixfix_lbrb a2 (i2 + i)%Z))).

Axiom matches_empty :
  forall (a1:array char) (a2:array char) (i1:Numbers.BinNums.Z)
    (i2:Numbers.BinNums.Z),
  (0%Z <= i1)%Z /\ (i1 <= (length a1))%Z ->
  (0%Z <= i2)%Z /\ (i2 <= (length a2))%Z -> matches a1 i1 a2 i2 0%Z.

Axiom matches_right_extension :
  forall (a1:array char) (a2:array char) (i1:Numbers.BinNums.Z)
    (i2:Numbers.BinNums.Z) (n:Numbers.BinNums.Z),
  matches a1 i1 a2 i2 n -> (i1 <= (((length a1) - n)%Z - 1%Z)%Z)%Z ->
  (i2 <= (((length a2) - n)%Z - 1%Z)%Z)%Z ->
  ((mixfix_lbrb a1 (i1 + n)%Z) = (mixfix_lbrb a2 (i2 + n)%Z)) ->
  matches a1 i1 a2 i2 (n + 1%Z)%Z.

Axiom matches_contradiction_at_first :
  forall (a1:array char) (a2:array char) (i1:Numbers.BinNums.Z)
    (i2:Numbers.BinNums.Z) (n:Numbers.BinNums.Z),
  (0%Z < n)%Z -> ~ ((mixfix_lbrb a1 i1) = (mixfix_lbrb a2 i2)) ->
  ~ matches a1 i1 a2 i2 n.

Axiom matches_contradiction_at_i :
  forall (a1:array char) (a2:array char) (i1:Numbers.BinNums.Z)
    (i2:Numbers.BinNums.Z) (i:Numbers.BinNums.Z) (n:Numbers.BinNums.Z),
  (0%Z < n)%Z -> (0%Z <= i)%Z /\ (i < n)%Z ->
  ~ ((mixfix_lbrb a1 (i1 + i)%Z) = (mixfix_lbrb a2 (i2 + i)%Z)) ->
  ~ matches a1 i1 a2 i2 n.

Axiom matches_right_weakening :
  forall (a1:array char) (a2:array char) (i1:Numbers.BinNums.Z)
    (i2:Numbers.BinNums.Z) (n:Numbers.BinNums.Z) (n':Numbers.BinNums.Z),
  matches a1 i1 a2 i2 n -> (n' < n)%Z -> matches a1 i1 a2 i2 n'.

Axiom matches_left_weakening :
  forall (a1:array char) (a2:array char) (i1:Numbers.BinNums.Z)
    (i2:Numbers.BinNums.Z) (n:Numbers.BinNums.Z) (n':Numbers.BinNums.Z),
  matches a1 (i1 - (n - n')%Z)%Z a2 (i2 - (n - n')%Z)%Z n -> (n' < n)%Z ->
  matches a1 i1 a2 i2 n'.

Axiom matches_sym :
  forall (a1:array char) (a2:array char) (i1:Numbers.BinNums.Z)
    (i2:Numbers.BinNums.Z) (n:Numbers.BinNums.Z),
  matches a1 i1 a2 i2 n -> matches a2 i2 a1 i1 n.

Axiom matches_trans :
  forall (a1:array char) (a2:array char) (a3:array char)
    (i1:Numbers.BinNums.Z) (i2:Numbers.BinNums.Z) (i3:Numbers.BinNums.Z)
    (n:Numbers.BinNums.Z),
  matches a1 i1 a2 i2 n -> matches a2 i2 a3 i3 n -> matches a1 i1 a3 i3 n.

(* Why3 assumption *)
Definition is_next (p:array char) (j:Numbers.BinNums.Z)
    (n:Numbers.BinNums.Z) : Prop :=
  ((0%Z <= n)%Z /\ (n < j)%Z) /\
  matches p (j - n)%Z p 0%Z n /\
  (forall (z:Numbers.BinNums.Z), (n < z)%Z /\ (z < j)%Z ->
   ~ matches p (j - z)%Z p 0%Z z).

Axiom next_iteration :
  forall (p:array char) (a:array char) (i:Numbers.BinNums.Z)
    (j:Numbers.BinNums.Z) (n:Numbers.BinNums.Z),
  (0%Z < j)%Z /\ (j < (length p))%Z -> (j <= i)%Z /\ (i <= (length a))%Z ->
  matches a (i - j)%Z p 0%Z j -> is_next p j n -> matches a (i - n)%Z p 0%Z n.

Require Import Lia.

(* Why3 goal *)
Theorem next_is_maximal :
  forall (p:array char) (a:array char) (i:Numbers.BinNums.Z)
    (j:Numbers.BinNums.Z) (n:Numbers.BinNums.Z) (k:Numbers.BinNums.Z),
  (0%Z < j)%Z /\ (j < (length p))%Z -> (j <= i)%Z /\ (i <= (length a))%Z ->
  ((i - j)%Z < k)%Z /\ (k < (i - n)%Z)%Z -> matches a (i - j)%Z p 0%Z j ->
  is_next p j n -> ~ matches a k p 0%Z (length p).
(* Why3 intros p a i j n k (h1,h2) (h3,h4) (h5,h6) h7 h8. *)
(* YOU MAY EDIT THE PROOF BELOW *)
intros p a.
intros i j n k Hj Hi Hk Hmatch Hnext.
red.
 intro Hmax.
elim Hnext; intros h1 (h2, h3).
absurd (matches p (j - (i - k)) p 0 (i - k)).
apply h3; lia.
apply matches_trans with (a2 := a) (i2 := k).
apply matches_sym.
apply matches_left_weakening with (n := j).
replace (k - (j - (i - k)))%Z with (i-j)%Z by ring.
 ring_simplify (j - (i - k) - (j - (i - k)))%Z.
 assumption.
lia.
apply matches_right_weakening with (n := length p).
assumption.
lia.
Qed.