examples/decrease1/decrease1_Decrease1_decrease1_induction_2.v

(* This file is generated by Why3's Coq driver *)
(* Beware! Only edit allowed sections below    *)
Require Import BuiltIn.
Require BuiltIn.
Require int.Int.
Require map.Map.

(* Why3 assumption *)
Definition unit  := unit.

(* Why3 assumption *)
Inductive ref (a:Type) {a_WT:WhyType a} :=
  | mk_ref : a -> ref a.
Axiom ref_WhyType : forall (a:Type) {a_WT:WhyType a}, WhyType (ref a).
Existing Instance ref_WhyType.
Implicit Arguments mk_ref [[a] [a_WT]].

(* Why3 assumption *)
Definition contents {a:Type} {a_WT:WhyType a}(v:(ref a)): a :=
  match v with
  | (mk_ref x) => x
  end.

(* Why3 assumption *)
Inductive array (a:Type) {a_WT:WhyType a} :=
  | mk_array : Z -> (map.Map.map Z a) -> array a.
Axiom array_WhyType : forall (a:Type) {a_WT:WhyType a}, WhyType (array a).
Existing Instance array_WhyType.
Implicit Arguments mk_array [[a] [a_WT]].

(* Why3 assumption *)
Definition elts {a:Type} {a_WT:WhyType a}(v:(array a)): (map.Map.map Z a) :=
  match v with
  | (mk_array x x1) => x1
  end.

(* Why3 assumption *)
Definition length {a:Type} {a_WT:WhyType a}(v:(array a)): Z :=
  match v with
  | (mk_array x x1) => x
  end.

(* Why3 assumption *)
Definition get {a:Type} {a_WT:WhyType a}(a1:(array a)) (i:Z): a :=
  (map.Map.get (elts a1) i).

(* Why3 assumption *)
Definition set {a:Type} {a_WT:WhyType a}(a1:(array a)) (i:Z) (v:a): (array
  a) := (mk_array (length a1) (map.Map.set (elts a1) i v)).

(* Why3 assumption *)
Definition make {a:Type} {a_WT:WhyType a}(n:Z) (v:a): (array a) :=
  (mk_array n (map.Map.const v:(map.Map.map Z a))).

(* Why3 assumption *)
Definition decrease1(a:(array Z)): Prop := forall (i:Z), ((0%Z <= i)%Z /\
  (i < ((length a) - 1%Z)%Z)%Z) -> (((get a i) - 1%Z)%Z <= (get a
  (i + 1%Z)%Z))%Z.


(* Why3 goal *)
Theorem decrease1_induction : forall (a:(array Z)), (decrease1 a) ->
  forall (i:Z) (j:Z), (((0%Z <= i)%Z /\ (i <= j)%Z) /\ (j < (length a))%Z) ->
  ((((get a i) + i)%Z - j)%Z <= (get a j))%Z.
(* YOU MAY EDIT THE PROOF BELOW *)
unfold decrease1.
intros a Ha i j Hij.
generalize Hij; pattern j.
apply (Zlt_lower_bound_ind _ i).
2: omega.
intuition.
assert (x = i \/ i < x)%Z by omega.
destruct H4.
subst x.
ring_simplify.
omega.
apply Zle_trans with (get a (x-1) - 1)%Z.
assert (i <= x-1 < x)%Z by omega.
assert (0 <= i <= x-1 /\ x-1 < length a)%Z by omega.
generalize (H (x-1)%Z H8 H9); clear H; intuition.
apply Zle_trans with (get a (x-1+1))%Z.
apply (Ha (x-1)%Z); omega.
ring_simplify (x-1+1)%Z.
omega.
Qed.
example decrease1: Coq proof and recursive version 2011-05-16 14:28:44 +02:00			`(* This file is generated by Why3's Coq driver *)`
			`(* Beware! Only edit allowed sections below *)`
Update examples due to the new Coq realization for map.Map. 2012-12-04 16:17:50 +01:00			`Require Import BuiltIn.`
			`Require BuiltIn.`
			`Require int.Int.`
			`Require map.Map.`

			`(* Why3 assumption *)`
example decrease1: Coq proof and recursive version 2011-05-16 14:28:44 +02:00			`Definition unit := unit.`

Update examples due to the new Coq realization for map.Map. 2012-12-04 16:17:50 +01:00			`(* Why3 assumption *)`
			`Inductive ref (a:Type) {a_WT:WhyType a} :=`
programs: WP code refactored 2011-05-23 14:33:51 +02:00			`\| mk_ref : a -> ref a.`
Update examples due to the new Coq realization for map.Map. 2012-12-04 16:17:50 +01:00			`Axiom ref_WhyType : forall (a:Type) {a_WT:WhyType a}, WhyType (ref a).`
			`Existing Instance ref_WhyType.`
			`Implicit Arguments mk_ref [[a] [a_WT]].`
programs: WP code refactored 2011-05-23 14:33:51 +02:00
Update examples due to the new Coq realization for map.Map. 2012-12-04 16:17:50 +01:00			`(* Why3 assumption *)`
			`Definition contents {a:Type} {a_WT:WhyType a}(v:(ref a)): a :=`
			`match v with`
			`\| (mk_ref x) => x`
programs: WP code refactored 2011-05-23 14:33:51 +02:00			`end.`
example decrease1: Coq proof and recursive version 2011-05-16 14:28:44 +02:00
Update examples due to the new Coq realization for map.Map. 2012-12-04 16:17:50 +01:00			`(* Why3 assumption *)`
			`Inductive array (a:Type) {a_WT:WhyType a} :=`
			`\| mk_array : Z -> (map.Map.map Z a) -> array a.`
			`Axiom array_WhyType : forall (a:Type) {a_WT:WhyType a}, WhyType (array a).`
			`Existing Instance array_WhyType.`
			`Implicit Arguments mk_array [[a] [a_WT]].`
example decrease1: Coq proof and recursive version 2011-05-16 14:28:44 +02:00
Update examples due to the new Coq realization for map.Map. 2012-12-04 16:17:50 +01:00			`(* Why3 assumption *)`
			`Definition elts {a:Type} {a_WT:WhyType a}(v:(array a)): (map.Map.map Z a) :=`
			`match v with`
			`\| (mk_array x x1) => x1`
example decrease1: Coq proof and recursive version 2011-05-16 14:28:44 +02:00			`end.`

Update examples due to the new Coq realization for map.Map. 2012-12-04 16:17:50 +01:00			`(* Why3 assumption *)`
			`Definition length {a:Type} {a_WT:WhyType a}(v:(array a)): Z :=`
			`match v with`
			`\| (mk_array x x1) => x`
example decrease1: Coq proof and recursive version 2011-05-16 14:28:44 +02:00			`end.`

Update examples due to the new Coq realization for map.Map. 2012-12-04 16:17:50 +01:00			`(* Why3 assumption *)`
			`Definition get {a:Type} {a_WT:WhyType a}(a1:(array a)) (i:Z): a :=`
			`(map.Map.get (elts a1) i).`
programs: WP code refactored 2011-05-23 14:33:51 +02:00
Update examples due to the new Coq realization for map.Map. 2012-12-04 16:17:50 +01:00			`(* Why3 assumption *)`
			`Definition set {a:Type} {a_WT:WhyType a}(a1:(array a)) (i:Z) (v:a): (array`
			`a) := (mk_array (length a1) (map.Map.set (elts a1) i v)).`
example decrease1: Coq proof and recursive version 2011-05-16 14:28:44 +02:00
Update examples due to the new Coq realization for map.Map. 2012-12-04 16:17:50 +01:00			`(* Why3 assumption *)`
			`Definition make {a:Type} {a_WT:WhyType a}(n:Z) (v:a): (array a) :=`
			`(mk_array n (map.Map.const v:(map.Map.map Z a))).`

			`(* Why3 assumption *)`
example decrease1: Coq proof and recursive version 2011-05-16 14:28:44 +02:00			`Definition decrease1(a:(array Z)): Prop := forall (i:Z), ((0%Z <= i)%Z /\`
Update examples due to the new Coq realization for map.Map. 2012-12-04 16:17:50 +01:00			`(i < ((length a) - 1%Z)%Z)%Z) -> (((get a i) - 1%Z)%Z <= (get a`
update coq proofs for name changes in Map and Array (sorry for not doing it earlier) 2011-06-03 14:05:59 +02:00			`(i + 1%Z)%Z))%Z.`
example decrease1: Coq proof and recursive version 2011-05-16 14:28:44 +02:00
Update examples due to the new Coq realization for map.Map. 2012-12-04 16:17:50 +01:00
			`(* Why3 goal *)`
example decrease1: Coq proof and recursive version 2011-05-16 14:28:44 +02:00			`Theorem decrease1_induction : forall (a:(array Z)), (decrease1 a) ->`
Update examples due to the new Coq realization for map.Map. 2012-12-04 16:17:50 +01:00			`forall (i:Z) (j:Z), (((0%Z <= i)%Z /\ (i <= j)%Z) /\ (j < (length a))%Z) ->`
			`((((get a i) + i)%Z - j)%Z <= (get a j))%Z.`
example decrease1: Coq proof and recursive version 2011-05-16 14:28:44 +02:00			`(* YOU MAY EDIT THE PROOF BELOW *)`
			`unfold decrease1.`
			`intros a Ha i j Hij.`
			`generalize Hij; pattern j.`
			`apply (Zlt_lower_bound_ind _ i).`
			`2: omega.`
			`intuition.`
			`assert (x = i \/ i < x)%Z by omega.`
			`destruct H4.`
			`subst x.`
			`ring_simplify.`
			`omega.`
Update examples due to the new Coq realization for map.Map. 2012-12-04 16:17:50 +01:00			`apply Zle_trans with (get a (x-1) - 1)%Z.`
example decrease1: Coq proof and recursive version 2011-05-16 14:28:44 +02:00			`assert (i <= x-1 < x)%Z by omega.`
			`assert (0 <= i <= x-1 /\ x-1 < length a)%Z by omega.`
			`generalize (H (x-1)%Z H8 H9); clear H; intuition.`
Update examples due to the new Coq realization for map.Map. 2012-12-04 16:17:50 +01:00			`apply Zle_trans with (get a (x-1+1))%Z.`
example decrease1: Coq proof and recursive version 2011-05-16 14:28:44 +02:00			`apply (Ha (x-1)%Z); omega.`
			`ring_simplify (x-1+1)%Z.`
			`omega.`
			`Qed.`