--> **************************************************************** --> Proof scores for verifications of properties --> eq rev1(rev1(L:List) = L . --> eq rev2(L1:List,L2:List) = rev1(L1) @ L2 . --> **************************************************************** --> ----------------------------------------------------------------- --> parametrized lists (i.e. generic lists) --> ----------------------------------------------------------------- mod! LIST (X :: TRIV) { [List] op nil : -> List {constr} . op _|_ : Elt.X List -> List {constr} . } --> ----------------------------------------------------------------- --> lists with append operation _@_ --> ----------------------------------------------------------------- mod! LIST@(X :: TRIV) { pr(LIST(X)) -- append operation over List op _@_ : List List -> List . eq [@1]: nil @ L2:List = L2 . eq [@2]: (E:Elt | L1:List) @ L2:List = E | (L1 @ L2) . } --> **************************************************************** set trace whole on --> set trace whole on --> ---------------------------------------------------------------- --> ================================================================ --> Proof score for proving that nil is right-identity of _@_ (@ri) --> i.e. 'eq[@ri]: L:List @ nil = L .' --> with the induction on the L:List --> ---------------------------------------------------------------- --> induction base select LIST@ . red (nil @ nil) = nil . --> induction step open LIST@ . --> induction hypothesis op l : -> List . eq (l @ nil) = l . -- check the step op e : -> Elt . red (e | l) @ nil = (e | l) . close --> QED --> ================================================================ #| --> induction base -- reduce in LIST@(X) : ((nil @ nil) = nil):Bool ---> (nil = nil):Bool ---> (true):Bool --> induction step -- reduce in %LIST@(X) : (((e | l) @ nil) = (e | l)):Bool ---> ((e | (l @ nil)) = (e | l)):Bool ---> ((e | l) = (e | l)):Bool ---> (true):Bool |# --> ================================================================ --> Proof score for proving that _@_ is associative, --> i.e. 'eq (L1:List @ L2:List) @ L3:List = L1 @ (L2 @ L3) .' --> with the induction on the L1:List --> ---------------------------------------------------------------- --> induction base open LIST@ . ops l2 l3 : -> List . red (nil @ l2) @ l3 = nil @ (l2 @ l3) . close --> induction step open LIST@ . -- induction hypothesis op l1 : -> List . eq (l1 @ L2:List) @ L3:List = l1 @ (L2 @ L3) . -- check the step op e : -> Elt . ops l2 l3 : -> List . red ((e | l1) @ l2) @ l3 = (e | l1) @ (l2 @ l3) . close --> QED --> ================================================================ #| --> induction base -- reduce in %LIST@(X) : (((nil @ l2) @ l3) = (nil @ (l2 @ l3))):Bool ---> ((l2 @ l3) = (nil @ (l2 @ l3))):Bool ---> ((l2 @ l3) = (l2 @ l3)):Bool ---> (true):Bool --> induction step -- reduce in %LIST@(X) : ((((e | l1) @ l2) @ l3) = ((e | l1) @ (l2 @ l3))):Bool ---> (((e | (l1 @ l2)) @ l3) = ((e | l1) @ (l2 @ l3))):Bool ---> ((e | ((l1 @ l2) @ l3)) = ((e | l1) @ (l2 @ l3))):Bool ---> ((e | (l1 @ (l2 @ l3))) = ((e | l1) @ (l2 @ l3))):Bool ---> ((e | (l1 @ (l2 @ l3))) = (e | (l1 @ (l2 @ l3)))):Bool ---> (true):Bool |# --> ---------------------------------------------------------------- --> lists with associative append _@_ --> ---------------------------------------------------------------- mod! LIST@a(X :: TRIV) { pr(LIST(X)) -- notice that associativity {assoc} -- and right identity [@ri] are already proved op _@_ : List List -> List {assoc} . eq [@1]: nil @ L2:List = L2 . eq [@2]: (E:Elt | L1:List) @ L2:List = E | (L1 @ L2) . eq [@ri]: L1:List @ nil = L1 . } --> ---------------------------------------------------------------- --> lists with reverse operations --> ---------------------------------------------------------------- mod! LISTrev(X :: TRIV) { pr(LIST@a(X)) -- one argument reverse operation op rev1 : List -> List . eq rev1(nil) = nil . eq rev1(E:Elt | L:List) = rev1(L) @ (E | nil) . -- two arguments reverse operation op rev2 : List List -> List . eq rev2(nil,L2:List) = L2 . eq rev2(E:Elt | L1:List,L2:List) = rev2(L1,E | L2) . } --> ================================================================ --> Proof score for proving that rev1 distributes over _@_ --> reversely, i.e. --> 'eq[rev1@]: rev1(L1:List @ L2:List) = rev1(L2) @ rev1(L1) .' --> with the induction on L1:List --> ---------------------------------------------------------------- --> induction base open LISTrev . op l2 : -> List . red rev1(nil @ l2) = rev1(l2) @ rev1(nil) . close --> induction step open LISTrev . -- induction hypothesis op l1 : -> List . eq rev1(l1 @ L2:List) = rev1(L2) @ rev1(l1) . -- check the step op e : -> Elt . op l2 : -> List . red rev1((e | l1) @ l2) = rev1(l2) @ rev1(e | l1) . close --> QED --> ================================================================ #| --> induction base -- reduce in %LISTrev(X) : (rev1((nil @ l2)) = (rev1(l2) @ rev1(nil))):Bool ---> (rev1(l2) = (rev1(l2) @ rev1(nil))):Bool ---> (rev1(l2) = (rev1(l2) @ nil)):Bool ---> (rev1(l2) = rev1(l2)):Bool ---> (true):Bool --> induction step -- reduce in %LISTrev(X) : (rev1(((e | l1) @ l2)) = (rev1(l2) @ rev1((e | l1)))):Bool ---> (rev1((e | (l1 @ l2))) = (rev1(l2) @ rev1((e | l1)))):Bool ---> ((rev1((l1 @ l2)) @ (e | nil)) = (rev1(l2) @ rev1((e | l1)))):Bool ---> (((rev1(l2) @ rev1(l1)) @ (e | nil)) = (rev1(l2) @ rev1((e | l1)))):Bool ---> (((rev1(l2) @ rev1(l1)) @ (e | nil)) = (rev1(l2) @ (rev1(l1) @ (e | nil)))):Bool ---> (true):Bool |# --> ================================================================ --> Proof score for proving that rev1(rev1(_)) is the identity --> function (rev1rev1), --> i.e. 'eq[rev1rev1]: rev1(rev1(L:List) = L .' --> with the induction on L:List --> ---------------------------------------------------------------- --> induction base select LISTrev . red rev1(rev1(nil)) = nil . --> induction step open LISTrev . -- induction hypothesis op l : -> List . eq rev1(rev1(l)) = l . -- already proved property (lemma) eq[rev1@]: rev1(L1:List @ L2:List) = rev1(L2) @ rev1(L1) . -- check the step op e : -> Elt . red rev1(rev1(e | l)) = (e | l) . close --> QED --> ================================================================ #| --> induction base -- reduce in LISTrev(X) : (rev1(rev1(nil)) = nil):Bool ---> (rev1(nil) = nil):Bool ---> (nil = nil):Bool ---> (true):Bool --> induction step -- reduce in %LISTrev(X) : (rev1(rev1((e | l))) = (e | l)):Bool ---> (rev1((rev1(l) @ (e | nil))) = (e | l)):Bool ---> ((rev1((e | nil)) @ rev1(rev1(l))) = (e | l)):Bool ---> (((rev1(nil) @ (e | nil)) @ rev1(rev1(l))) = (e | l)):Bool ---> (((nil @ (e | nil)) @ rev1(rev1(l))) = (e | l)):Bool ---> (((e | nil) @ rev1(rev1(l))) = (e | l)):Bool ---> (((e | nil) @ l) = (e | l)):Bool ---> ((e | (nil @ l)) = (e | l)):Bool ---> ((e | l) = (e | l)):Bool ---> (true):Bool |# --> ================================================================ --> Proof score for proving: --> 'eq[rev2@]: rev2(L1:List,L2:List) = rev1(L1) @ L2 .' --> with the induction on L1:List --> ---------------------------------------------------------------- --> induction base open LISTrev . op l2 : -> List . red rev2(nil,l2) = rev1(nil) @ l2 . close --> induction step open LISTrev . -- induction hypothesis op l1 : -> List . eq rev2(l1,L2:List) = rev1(l1) @ L2 . -- check the step op e : -> Elt . op l2 : -> List . red rev2(e | l1,l2) = rev1(e | l1) @ l2 . close --> QED --> ================================================================ #| --> induction base -- reduce in %LISTrev(X) : (rev2(nil,l2) = (rev1(nil) @ l2)):Bool ---> (l2 = (rev1(nil) @ l2)):Bool ---> (l2 = (nil @ l2)):Bool ---> (l2 = l2):Bool ---> (true):Bool --> induction step -- reduce in %LISTrev(X) : (rev2((e | l1),l2) = (rev1((e | l1)) @ l2)):Bool ---> (rev2(l1,(e | l2)) = (rev1((e | l1)) @ l2)):Bool ---> ((rev1(l1) @ (e | l2)) = (rev1((e | l1)) @ l2)):Bool ---> ((rev1(l1) @ (e | l2)) = ((rev1(l1) @ (e | nil)) @ l2)):Bool ---> ((rev1(l1) @ (e | l2)) = (rev1(l1) @ (e | (nil @ l2)))):Bool ---> ((rev1(l1) @ (e | l2)) = (rev1(l1) @ (e | l2))):Bool ---> (true):Bool |# --> ---------------------------------------------------------------- set trace whole off --> set trace whole off --> **************************************************************** --> **************************************************************** --> end of file eof --> ****************************************************************