@@ -24,10 +24,13 @@ open bdd_auxTheory;
2424open bdd_genTheory;
2525open bdd_gen_wfTheory;
2626open bdd_gen_orderTheory;
27+ open bdd_gen_correctTheory;
2728
2829val _ = new_theory " bdd_gen_merge"
2930
3031
32+
33+
3134Definition mergable_def:
3235mergable ((r,edges,labels):('a,'b)BDD) n n' =
3336(n≠n' ∧ ALOOKUP edges n = ALOOKUP edges n' ∧
5659
5760
5861
59-
60-
61-
6262Theorem merge_lookup_none:
6363 ∀ edges n n' n''.
6464 n' ≠ n'' ⇒
7777QED
7878
7979
80+
81+
8082Theorem merge_lookup_exists:
8183 ∀ edges n n' n'' x.
8284 n' ≠ n'' ∧
9698QED
9799
98100
99-
100-
101-
102-
103-
104-
105101
106-
107102
108103Theorem mergable_correct_leaf:
109104 ∀labels n'' r edges n' n mv b rec.
411406*)
412407
413408
414- (* very low proof, check why*)
409+ (* very slow proof, check why*)
415410Theorem merge_replaces_stays_same:
416411 ∀ edges n' n x1 x2 x1' x2'.
417412 n' ≠ x1' ∧ n' ≠ x2' ∧
446441
447442Theorem mergable_correct_internal:
448443 ∀ x vars_consumed r edges labels n n' n'' nl nr pred mv b rec.
449- consumed_dom_bdd vars_consumed (r,edges,labels) ∧
444+ consumed_dom_bdd vars_consumed (r,edges,labels) ∧
445+ mv_dom_bdd mv (r,edges,labels) ∧
450446 BDD_ordered (r,edges,labels) vars_consumed ∧
451447 BDD_WF (r,edges,labels) ∧
452448 mergable (r,edges,labels) n n' ∧
@@ -544,6 +540,7 @@ Proof
544540
545541 simp[Once BDD_sem_cases] >> gvs[ALOOKUP_ADELKEY] >>
546542 Cases_on ‘ALOOKUP (merge_edges edges n n') n’ >> gvs[] >|[
543+
547544 ‘ALOOKUP edges n' = NONE ’ by (metis_tac [merge_lookup_none]) >>
548545 simp[Once EQ_SYM_EQ, Once BDD_sem_cases]
549546 ,
@@ -552,20 +549,28 @@ Proof
552549 PairCases_on ‘x'’ >> gvs[] >>
553550 Cases_on ‘ALOOKUP labels n'’ >> gvs[] >>
554551 Cases_on ‘x'’ >> gvs[] >|[
552+
555553 ‘∃pair. ALOOKUP edges n = SOME pair’ by metis_tac [merge_lookup_exists] >>
556554 ‘∃ x'' p''. ALOOKUP labels n = SOME (non_termn (SOME x'',p'')) ’ by metis_tac[WF_imp_non_leaf_lbl] >>
557555 gvs[]
558556 ,
557+
559558 Cases_on ‘p’ >> gvs[] >>
560559 Cases_on ‘q’ >> gvs[] >|[
560+
561561 ‘∃pair. ALOOKUP edges n = SOME pair’ by metis_tac [merge_lookup_exists] >>
562562 ‘∃ x'' p''. ALOOKUP labels n = SOME (non_termn (SOME x'',p'')) ’ by metis_tac[WF_imp_non_leaf_lbl] >>
563- gvs[]
563+ gvs[]
564564 ,
565+
565566 Cases_on ‘ALOOKUP mv x'’ >> gvs[] >|[
566- cheat
567+
568+ gvs[mv_dom_bdd_def, lookup_is_some_def] >>
569+ res_tac >> gvs[]
567570 ,
571+
568572 Cases_on ‘x''’ >> gvs[] >|[
573+
569574 (* true *)
570575 ‘n' ≠ n'' ∧ nl ≠ n''’ by (imp_res_tac lookup_edges_not_parent >> gvs[]) >>
571576
@@ -606,6 +611,7 @@ Proof
606611 gvs[Once BDD_sem_cases] >>
607612 simp[Once BDD_sem_cases] >> gvs[ALOOKUP_ADELKEY]
608613 ,
614+
609615 cheat
610616
611617
628634
629635
630636
631-
632-
633-
634637
635638
636639
639642Theorem Lemma3:
640643 ∀ labels vars_consumed n'' r edges n' n mv b rec.
641644 consumed_dom_bdd vars_consumed (r,edges,labels) ∧
645+ mv_dom_bdd mv (r,edges,labels) ∧
642646 BDD_ordered (r,edges,labels) vars_consumed ∧
643647 BDD_WF (r,edges,labels) ∧
644648 mergable (r,edges,labels) n n' ∧
@@ -671,21 +675,63 @@ QED
671675
672676
673677
678+ Theorem mv_dom_bdd_merge_preserved:
679+ ∀ r edges labels keys n n' mv.
680+ mergable (r,edges,labels) n n' ∧
681+ mv_dom_bdd mv (r,ADELKEY n' (merge_edges edges n n'),ADELKEY n' labels) ⇒
682+ mv_dom_bdd mv (r,edges,labels)
683+ Proof
684+ rpt strip_tac >>
685+ gvs[mv_dom_bdd_def] >>
686+ rpt strip_tac >>
687+ Cases_on ‘n'' = n'’ >|[
688+ rgs[mergable_def] >>
689+ gvs[ALOOKUP_ADELKEY] >>
690+ res_tac >> gvs[]
691+ ,
692+ gvs[ALOOKUP_ADELKEY] >>
693+ res_tac >> gvs[]
694+ ]
695+ QED
696+
674697
675- Theorem BDD_sem_determ:
676- ∀ n BDD mv b b' rec.
677- BDD_sem rec BDD mv n b ∧
678- BDD_sem rec BDD mv n b' ⇒
679- (b=b')
698+
699+ Theorem fv_in_labels_preserved:
700+ ∀ r edges labels keys n n' mv rec.
701+ mergable (r,edges,labels) n n' ∧
702+ fv_in_labels rec (ADELKEY n' labels) mv ⇒
703+ fv_in_labels rec labels mv
680704Proof
681- Induct_on ‘BDD_sem’ >>
682- rpt strip_tac >>
683- rgs[Once BDD_sem_cases]
705+ rpt strip_tac >>
706+ gvs[fv_in_labels_def] >>
707+ rpt strip_tac >>
708+ Cases_on ‘n'' = n'’ >|[
709+ rgs[mergable_def] >>
710+ gvs[ALOOKUP_ADELKEY] >>
711+ res_tac >> gvs[]
712+ ,
713+ gvs[ALOOKUP_ADELKEY] >>
714+ res_tac >> gvs[]
715+ ]
684716QED
685717
686718
687719
688-
720+
721+
722+ Theorem get_prop_delkey_none:
723+ ∀ labels n'.
724+ get_prop (ADELKEY n' labels) n' = NONE
725+ Proof
726+ Induct >>
727+ gvs[get_prop_def] >>
728+ rpt strip_tac >>
729+ gvs[ALOOKUP_ADELKEY]
730+ QED
731+
732+
733+
734+
689735
690736Theorem merge_correct:
691737 ∀ r edges labels vars_consumed n n' rec .
@@ -705,21 +751,23 @@ Proof
705751 Cases_on ‘n' = n''’ >> gvs[] >|[
706752
707753
708- ‘get_prop (ADELKEY n' labels) n' = NONE ’ by cheat >>
754+ ‘get_prop (ADELKEY n' labels) n' = NONE ’ by gvs[get_prop_delkey_none] >>
709755 gvs[op_sem_def, get_prop_def] >>
710- gvs[AllCaseEqs()]>>
756+ gvs[AllCaseEqs()]>>
711757
712- ‘BDD_sem rec
713- (r,ADELKEY n' (merge_edges edges n n'),ADELKEY n' labels) mv n' (NONE )’ by cheat >>
714- imp_res_tac BDD_sem_determ
758+ gvs[Once BDD_sem_cases]
715759 ,
716760
717761 assume_tac Lemma3 >>
718762 first_x_assum (strip_assume_tac o (Q.SPECL [‘labels’, ‘vars_consumed’, ‘n''’, ‘r’, ‘edges’, ‘n'’, ‘n’, ‘mv’, ‘b’, ‘rec’])) >>
719763 gvs[] >>
720764
765+
766+ ‘mv_dom_bdd mv (r,edges,labels)’ by metis_tac[mv_dom_bdd_merge_preserved] >>
767+ res_tac >>
721768
722- ‘mv_dom_bdd mv (r,edges,labels)’ by cheat >>
769+ ‘fv_in_labels rec labels mv’ by metis_tac [fv_in_labels_preserved] >>
770+
723771 gvs[correct_sem_def] >>
724772 res_tac >>
725773
@@ -728,21 +776,14 @@ Proof
728776
729777 gvs[ALOOKUP_ADELKEY] >>
730778 rgs[op_sem_def] >>
731- gvs[AllCaseEqs()]>>
732- cheat
733-
779+ gvs[AllCaseEqs()]
734780 ]
735781QED
736782
737783
738784
739785
740786
741-
742-
743-
744-
745-
746787
747788
748789(* ******************************************************)
0 commit comments