|
573 | 573 |
|
574 | 574 |
|
575 | 575 | (* when edges are empty, then root makes a correct BDD *) |
576 | | -Theorem edges_empty_correct: |
| 576 | +Theorem edges_empty_correct_ntl: |
577 | 577 | ∀r edges labels r' edges' labels' mv n n' n'' x p c c' p' h rec. |
578 | 578 | prop1 rec ∧ |
579 | 579 | prop2 rec ∧ |
@@ -770,20 +770,20 @@ QED |
770 | 770 |
|
771 | 771 |
|
772 | 772 | Theorem statements_structs_correctness_new_layer: |
773 | | - ∀ simp_leaves' leaves_sub ntl simp_leaves new_edges new_labels n n' n'' p p' p'' h c mv rec. |
| 773 | + ∀ simp_leaves' leaves_sub ntl simp_leaves new_edges new_labels n n' n'' p p' p'' h c mv rec. |
774 | 774 | c > n ∧ |
775 | 775 | prop1 rec ∧ |
776 | 776 | prop2 rec ∧ |
777 | 777 | fv_in_p rec p mv ∧ |
778 | 778 |
|
779 | | - |
780 | 779 | ALOOKUP ntl n = SOME p ∧ |
781 | 780 | ALOOKUP new_edges n = SOME (n',n'') ∧ |
782 | 781 | leaves_pred_sub rec ntl h = leaves_sub ∧ |
783 | 782 | simp_pred_list rec leaves_sub = simp_leaves ∧ |
784 | 783 | determine_termn_list rec simp_leaves = simp_leaves' ∧ |
785 | 784 | mk_new_edges simp_leaves' c = new_edges ∧ |
786 | 785 | mk_new_labels simp_leaves' c = new_labels ⇒ |
| 786 | + |
787 | 787 | ((ALOOKUP mv h = SOME T ∧ ALOOKUP new_labels n' = SOME p' ⇒ |
788 | 788 | from_formula_to_action rec p' mv = op_sem rec (SOME p) mv) |
789 | 789 | ∧ |
@@ -936,7 +936,7 @@ Proof |
936 | 936 | rgs[Once BDD_sem_cases] >> |
937 | 937 | (Cases_on ‘edges = []’ >|[ |
938 | 938 | (* then we should prove the root*) |
939 | | - imp_res_tac edges_empty_correct |
| 939 | + imp_res_tac edges_empty_correct_ntl |
940 | 940 | , |
941 | 941 | gvs[body_of_mk_def] >> |
942 | 942 | gvs[AllCaseEqs()]>> |
@@ -1088,6 +1088,8 @@ val parent_in_old_sem_correct_tac_l = ( |
1088 | 1088 |
|
1089 | 1089 |
|
1090 | 1090 |
|
| 1091 | + |
| 1092 | + |
1091 | 1093 | val parent_in_old_sem_correct_tac_r = ( |
1092 | 1094 | ‘MEM n'' (dom_range_edges edges')’ by imp_res_tac lookup_edges_in_domain >> |
1093 | 1095 |
|
@@ -1329,23 +1331,233 @@ Proof |
1329 | 1331 | ] |
1330 | 1332 | QED |
1331 | 1333 |
|
| 1334 | + |
| 1335 | + |
| 1336 | + |
1332 | 1337 |
|
| 1338 | +Theorem dom_range_edges_not: |
| 1339 | + ∀ edges new_edges n. |
| 1340 | + ¬MEM n (dom_range_edges (edges ⧺ new_edges)) ⇒ |
| 1341 | + ¬MEM n (dom_range_edges edges) ∧ ¬ MEM n (dom_range_edges new_edges) |
| 1342 | +Proof |
| 1343 | + rpt strip_tac >> |
| 1344 | + gvs[dom_range_edges_def] |
| 1345 | +QED |
| 1346 | + |
| 1347 | + |
| 1348 | + |
| 1349 | +Theorem lookup_in_updt_labels_term: |
| 1350 | + ∀ labels n p h. |
| 1351 | + ALOOKUP (non_term_leaf_updt labels h) n = SOME (termn p) ⇒ |
| 1352 | + ALOOKUP labels n = SOME (termn p) |
| 1353 | +Proof |
| 1354 | + Induct >> |
| 1355 | + rpt strip_tac >> |
| 1356 | + gvs[non_term_leaf_updt_def] >> |
| 1357 | + |
| 1358 | + PairCases_on ‘h’ >> |
| 1359 | + gvs[AllCaseEqs()] >> |
| 1360 | + Cases_on ‘h1’ >> gvs[] >> |
| 1361 | + Cases_on ‘p'’ >> gvs[] >> |
| 1362 | + gvs[AllCaseEqs()] >> |
| 1363 | + res_tac >> |
| 1364 | + Cases_on ‘q’ >> gvs[] >> |
| 1365 | + gvs[AllCaseEqs()] >> |
| 1366 | + res_tac |
| 1367 | +QED |
| 1368 | + |
1333 | 1369 |
|
1334 | 1370 |
|
1335 | | - |
1336 | 1371 |
|
1337 | 1372 |
|
| 1373 | +Triviality mem_not_mem_triv: |
| 1374 | +∀ l n1 n2. ¬MEM n1 l ∧ MEM n2 l ⇒ n1 ≠ n2 |
| 1375 | +Proof |
| 1376 | + Induct >> gvs[] |
| 1377 | +QED |
| 1378 | + |
1338 | 1379 |
|
1339 | | -(* TODO: we need a property to say something about: |
1340 | | - termin(a,b) to be exactly the same the evaluation of b in sem mv should be equal to a |
1341 | | - note that we cannot depend just on prop 2, not enough |
1342 | | - also we cannot just depend on fv, we need to have a conversion function from atomic True to T and so on, and relate these two. |
1343 | | -*) |
| 1380 | +Theorem if_in_new_labels_parents_in_new_edges: |
| 1381 | + ∀ simp_leaves' new_labels new_edges n action prop c. |
| 1382 | + ALL_DISTINCT (MAP FST simp_leaves') ∧ |
| 1383 | + ALOOKUP new_labels n = SOME (termn (action,prop)) ∧ |
| 1384 | + mk_new_labels simp_leaves' c = new_labels ∧ |
| 1385 | + mk_new_edges simp_leaves' c = new_edges ⇒ |
| 1386 | + ∃ n_parent n'. ALOOKUP new_edges n_parent = SOME (n,n') ∨ |
| 1387 | + ALOOKUP new_edges n_parent = SOME (n',n) |
| 1388 | +Proof |
1344 | 1389 |
|
| 1390 | + Induct >> |
| 1391 | + rpt strip_tac >> |
| 1392 | + imp_res_tac mk_body_map5 >- |
| 1393 | + gvs[mk_new_labels_def] >> |
| 1394 | + rgs[] >> |
| 1395 | + |
| 1396 | + ‘MEM n (MAP FST new_labels)’ by (imp_res_tac ALOOKUP_MEM >> imp_res_tac mem_fst_snd >> gvs[]) >> |
| 1397 | + ‘n < c + LENGTH new_labels ’ by (imp_res_tac counter_range_in_new_labels) >> |
| 1398 | + imp_res_tac mk_body_map5 >> |
| 1399 | + |
| 1400 | + PairCases_on ‘h’ >> rgs[] >> |
| 1401 | + rgs[mk_new_edges_def] >> |
| 1402 | + rgs[mk_new_labels_def] >> |
| 1403 | + Cases_on ‘new_labels’ >> |
| 1404 | + Cases_on ‘new_edges’ >> |
| 1405 | + rgs[] >|[ |
| 1406 | + PairCases_on ‘h’ >> rgs[] >> |
| 1407 | + PairCases_on ‘h'’ >> rgs[] >> |
| 1408 | + gvs[] >> |
| 1409 | + qexistsl_tac[‘h'0’, ‘c+1’] >> gvs[] |
| 1410 | + , |
| 1411 | + PairCases_on ‘h’ >> rgs[] >> |
| 1412 | + PairCases_on ‘h'’ >> rgs[] >> |
| 1413 | + gvs[] >|[ |
| 1414 | + qexistsl_tac[‘h'0’, ‘c’] >> gvs[] |
| 1415 | + , |
| 1416 | + gvs[AllCaseEqs()]>- |
| 1417 | + (qexistsl_tac[‘h'0’, ‘c+1’] >> gvs[]) >- |
| 1418 | + (qexistsl_tac[‘h'0’, ‘c’] >> gvs[]) >> |
| 1419 | + res_tac >> |
| 1420 | + imp_res_tac ALOOKUP_MEM >> |
| 1421 | + imp_res_tac mem_fst_snd >> |
| 1422 | + gvs[] >> |
| 1423 | + metis_tac[mem_not_mem_triv] |
| 1424 | + ] |
| 1425 | + ] |
| 1426 | +QED |
| 1427 | + |
| 1428 | + |
| 1429 | + |
| 1430 | + |
| 1431 | + |
| 1432 | +Theorem edges_not_empty_correct_tl: |
| 1433 | + ∀vars_consumed r edges labels r' edges' labels' mv n h c c' action prop rec. |
| 1434 | + prop1 rec ∧ |
| 1435 | + prop2 rec ∧ |
| 1436 | + prop3 rec ∧ |
| 1437 | + range_c c (r,edges,labels) ∧ |
| 1438 | + ALL_DISTINCT vars_consumed ∧ |
| 1439 | + ¬MEM h vars_consumed ∧ |
| 1440 | + BDD_ordered (r,edges,labels) vars_consumed ∧ |
| 1441 | + BDD_WF (r,edges,labels) ∧ |
| 1442 | + consumed_dom_bdd vars_consumed (r,edges,labels) ∧ |
| 1443 | + correct_sem rec (r,edges,labels) ∧ |
| 1444 | + body_of_mk rec (r,edges,labels) h c = SOME ((r',edges',labels'),c') ∧ |
| 1445 | + BDD_ordered (r',edges',labels') (h::vars_consumed) ∧ |
| 1446 | + mv_dom_bdd mv (r',edges',labels') ∧ |
| 1447 | + fv_in_labels rec labels' mv ∧ |
| 1448 | + ALOOKUP edges' n = NONE ∧ |
| 1449 | + ALOOKUP labels' n = SOME (termn (action,prop)) ⇒ |
| 1450 | + SOME action = rec.sem prop mv |
| 1451 | +Proof |
| 1452 | + |
| 1453 | + rpt strip_tac >> |
| 1454 | + |
| 1455 | + ‘range_c c' (r',edges',labels')’ by imp_res_tac WFness_range_c_inter >> |
| 1456 | + ‘BDD_WF (r',edges',labels')’ by imp_res_tac WFness_translation_inter >> |
| 1457 | + ‘mv_dom_bdd mv (r,edges,labels)’ by imp_res_tac mv_dom_bdd_preserved >> |
| 1458 | + ‘fv_in_labels rec labels mv’ by imp_res_tac fv_in_labels_preserved >> |
| 1459 | + |
| 1460 | + Cases_on ‘ALOOKUP (non_term_leaf_updt labels h) n’ >|[ |
| 1461 | + (* none in labels *) |
| 1462 | + |
| 1463 | + gvs[body_of_mk_def] >> |
| 1464 | + gvs[AllCaseEqs()]>> |
| 1465 | + body_of_mk_pred_tac >> |
| 1466 | + |
| 1467 | + ‘ALOOKUP new_labels n = SOME (termn (action,prop))’ by rgs[ALOOKUP_APPEND] >> |
| 1468 | + |
| 1469 | + subgoal ‘∃ n_parent n'. ALOOKUP new_edges n_parent = SOME (n,n') ∨ |
| 1470 | + ALOOKUP new_edges n_parent = SOME (n',n) ’ >- |
| 1471 | + ( |
| 1472 | + ‘ALL_DISTINCT (MAP FST simp_leaves')’ by (rgs[BDD_WF_def] >> imp_res_tac_distinct) >> |
| 1473 | + metis_tac[if_in_new_labels_parents_in_new_edges] |
| 1474 | + ) >> |
| 1475 | + ( |
| 1476 | + |
| 1477 | + ‘∃ prop_parent . ALOOKUP ntl n_parent = SOME prop_parent ’ by |
| 1478 | + (imp_res_tac_body >> metis_tac[alookup_map_local_thm] ) >> |
| 1479 | + |
| 1480 | + subgoal ‘MEM n_parent leaves ∧ ∃ lbl. ALOOKUP leaves_labels n_parent = SOME lbl’ >- ( |
| 1481 | + imp_res_tac_body >> |
| 1482 | + imp_res_tac alookup_nonterm_exsists >> |
| 1483 | + imp_res_tac ALOOKUP_MEM >> |
| 1484 | + imp_res_tac mem_fst_snd >> rgs[] |
| 1485 | + ) >> |
| 1486 | + |
| 1487 | + |
| 1488 | + ‘ALOOKUP labels n_parent = SOME lbl’ by imp_res_tac lookup_labels_of_leaves_same >> |
| 1489 | + |
| 1490 | + subgoal ‘c > n_parent’ >- |
| 1491 | + ( |
| 1492 | + rgs[range_c_def] >> |
| 1493 | + rgs[EVERY_MEM] >> imp_res_tac ALOOKUP_MEM >> |
| 1494 | + imp_res_tac mem_fst_snd >> |
| 1495 | + rgs[] |
| 1496 | + ) |
| 1497 | + )>| [ |
| 1498 | + assume_tac body_return_in_decision_str_conv >> |
| 1499 | + first_x_assum (strip_assume_tac o (Q.SPECL [‘simp_leaves'’, ‘leaves_sub’, ‘ntl’, ‘simp_leaves’, |
| 1500 | + ‘new_edges’, ‘new_labels’, ‘n_parent’, |
| 1501 | + ‘n’, ‘n'’, ‘prop_parent’, ‘termn (action,prop)’, ‘p'’, |
| 1502 | + ‘h’, ‘c’, ‘rec’])) >> |
| 1503 | + |
| 1504 | + rgs[from_formula_to_action_def, op_sem_def] >> |
| 1505 | + rgs[determine_termn_def] >> |
| 1506 | + rgs[AllCaseEqs()]>> |
| 1507 | + rgs[prop1_def] >> |
| 1508 | + rgs[prop2_def] >> |
| 1509 | + res_tac >> |
| 1510 | + rgs[prop3_def] >> |
| 1511 | + res_tac >> |
| 1512 | + gvs[] |
| 1513 | + , |
| 1514 | + assume_tac body_return_in_decision_str_conv >> |
| 1515 | + first_x_assum (strip_assume_tac o (Q.SPECL [‘simp_leaves'’, ‘leaves_sub’, ‘ntl’, ‘simp_leaves’, |
| 1516 | + ‘new_edges’, ‘new_labels’, ‘n_parent’, |
| 1517 | + ‘n'’, ‘n’, ‘prop_parent’, ‘p'’, ‘termn (action,prop)’, |
| 1518 | + ‘h’, ‘c’, ‘rec’])) >> |
| 1519 | + |
| 1520 | + rgs[from_formula_to_action_def, op_sem_def] >> |
| 1521 | + rgs[determine_termn_def] >> |
| 1522 | + rgs[AllCaseEqs()]>> |
| 1523 | + rgs[prop1_def] >> |
| 1524 | + rgs[prop2_def] >> |
| 1525 | + res_tac >> |
| 1526 | + rgs[prop3_def] >> |
| 1527 | + res_tac >> |
| 1528 | + gvs[] |
| 1529 | + ] |
| 1530 | + |
| 1531 | + , |
| 1532 | + imp_res_tac body_of_mk_output >> rgs[] >> |
| 1533 | + |
| 1534 | + ‘SOME x = SOME (termn (action,prop))’ by (rgs[BDD_WF_def] >> rgs[ALL_DISTINCT_APPEND, ALOOKUP_APPEND]) >> |
| 1535 | + rgs[] >> |
| 1536 | + |
| 1537 | + |
| 1538 | + ‘ALOOKUP labels n = SOME (termn (action,prop))’ by imp_res_tac lookup_in_updt_labels_term >> |
| 1539 | + rgs[] >> |
| 1540 | + |
| 1541 | + rgs[correct_sem_def] >> |
| 1542 | + first_x_assum (strip_assume_tac o (Q.SPECL [‘n’, ‘mv’, ‘SOME action’])) >> |
| 1543 | + gvs[get_prop_def, op_sem_def] >> |
| 1544 | + |
| 1545 | + subgoal ‘BDD_sem rec (r,edges,labels) mv n (SOME action)’ >- |
| 1546 | + ( |
| 1547 | + simp[Once BDD_sem_cases] >> |
| 1548 | + rgs[from_formula_to_action_def, ALOOKUP_APPEND] >> |
| 1549 | + gvs[AllCaseEqs()] |
| 1550 | + ) >> |
| 1551 | + gvs[] |
| 1552 | + ] |
| 1553 | +QED |
| 1554 | + |
| 1555 | + |
| 1556 | + |
1345 | 1557 |
|
1346 | 1558 | Theorem correct_sem_translation_inter: |
1347 | 1559 | ∀ (BDD:('a,'b) BDD) BDD'' rec c c' vars h vars_consumed. |
1348 | | - prop1 rec ∧ prop2 rec ∧ |
| 1560 | + prop1 rec ∧ prop2 rec ∧ prop3 rec ∧ |
1349 | 1561 |
|
1350 | 1562 | range_c c BDD ∧ |
1351 | 1563 | ALL_DISTINCT (h::vars_consumed) ∧ |
@@ -1382,8 +1594,8 @@ Proof |
1382 | 1594 | rgs[Once BDD_sem_cases] >> |
1383 | 1595 | rgs[from_formula_to_action_def] >> |
1384 | 1596 | Cases_on ‘b’ >> gvs[] >> |
1385 | | - |
1386 | | - cheat (* TODO: consult with Roberto about this one*) |
| 1597 | + |
| 1598 | + metis_tac[edges_not_empty_correct_tl] |
1387 | 1599 | , |
1388 | 1600 | (*inner nodes including the changed layer *) |
1389 | 1601 | Cases_on ‘x’ >> |
@@ -1412,7 +1624,7 @@ QED |
1412 | 1624 |
|
1413 | 1625 | Theorem correct_sem_translation: |
1414 | 1626 | ∀ vars vars_consumed BDD BDD' rec c. |
1415 | | - prop1 rec ∧ prop2 rec ∧ |
| 1627 | + prop1 rec ∧ prop2 rec ∧ prop3 rec ∧ |
1416 | 1628 | BDD_ordered BDD vars_consumed ∧ |
1417 | 1629 | BDD_WF BDD ∧ |
1418 | 1630 | range_c c BDD ∧ |
|
0 commit comments