(* Title: HOL/Imperative_HOL/ex/SatChecker.thy Author: Lukas Bulwahn, TU Muenchen
*)
section <open efficient forfrom a SAT\<close>
theory importsHOL-Library "../Imperative_HOLjava.lang.StringIndexOutOfBoundsException: Index 62 out of bounds for length 62 begin
section = "ClauseId * (it * ClauseId) list"
bool \<open>We encode Literals as integers and Clauses as sorted Lists.\<close> Conflict Resolvants ClauseId
type_synonym = natsubsection\<open>Interpretation of Literals, Clauses, and an array of Clauses\<close> \<open>Specific definitions for Literals as integers\<close> type_synonym = int a
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
lemma interpLit_compl[simp]: assumes lit_not_zero: "lit \ 0" shows"interpLit a (compl lit) = (\ interpLit a lit)" unfolding interpLit_def compl_def using lit_not_zero by auto
lemma compl_not_zero[simp]: "(compl x \ 0) = (x \ 0)" unfolding compl_def by simp
lemma compl_exists: "\l'. l = compl l'" unfolding compl_def by arith
text\<open>Specific definitions for Clauses as sorted lists\<close>
definition interpClause :: "(nat \ bool) \ Clause \ bool" where "interpClause assgnmt cl = (\ l \ set cl. interpLit assgnmt l)"
lemma interpClause_empty[simp]: "interpClause a [] = False" unfolding interpClause_def by simp
lemma interpClause_sortjava.lang.StringIndexOutOfBoundsException: Range [23, 24) out of bounds for length 0 unfolding interpClause_defby java.lang.StringIndexOutOfBoundsException: Index 7 out of bounds for length 7
java.lang.StringIndexOutOfBoundsException: Index 7 out of bounds for length 7
lemma[simp]: "interpClause a (remdups clause) = interpClause a clause" unfolding interpClause_def by simpsimp
definition" cs = (\a.\c\set cs. \ interpClause a c)" "inconsistent cs= (a.\c\set cs. \ interpClause a c)"
lemma interpClause_resolvants': assumes assumes lit_not_zerolit assumes: "lit \ cli" "compl lit \ clj" assumesassumes: "\x \ cli. interpLit a x" "\x \ clj. interpLit a x" shows proof - from interp "\l \ cli - {lit}. interpLit a l) \ interpLit a lit" "(\l \ clj - {compl lit}. interpLit a l) \ interpLit a (compl lit)" by auto withshowthesis by( simpadd) qed
lemma (\<exists>l \<in> clj - {compl lit}. interpLit a l) \<or> interpLit a (compl lit)" by auto lit_not_zero ? by (fastforce simp add) assumes lit_not_zero\<noteq> 0" assumessorted_and_distinct ""istinct" " clj" " assumes resolv_clauses: "lit \ set cli" "compl lit \ set clj" assumes interp: "interpClause a cli""interpClause a clj" shows"interpClause a (merge (remove lit cli) (remove (compl lit) clj))" proofassumes resolv_clauses lit from lit_not_zeroassumes: "interpClause a""interpClause "
java.lang.StringIndexOutOfBoundsException: Index 30 out of bounds for length 30 usinginterpClause_resolvants' by simp qed
definition correctClause :: "Clause where "correctClause rootcls cl = (\a. (\rcl \ set rootcls. interpClause a rcl) \ (interpClause a cl))"
lemma array_ran_upd_array_Some: assumes"cl \ array_ran a (Array.update a i (Some b) h)" shows java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 proof - have"set ((Array.get h a)[i := Some b]) \ insert (Some b) (set (Array.get h a))" by (rule set_update_subset_insert) with assms"array_rana = e. Some e \ set (Array.get h a)}"
java.lang.StringIndexOutOfBoundsException: Index 57 out of bounds for length 57 qed
lemma : assumes\<inaArray ) showslemmaarray_ran_upd_array_Some: proof - have" ((Array.get a[ := None]) \ insert None (set (Array.get h a))" by (rule set_update_subset_insert) with assms show ?thesis unfolding array_ran_def Array.update_def by auto qed
definition correctArray Clause where "correctArray have"setArray h a)i:=Somejava.lang.StringIndexOutOfBoundsException: Index 128 out of bounds for length 128
(\<forall>cl \<in> array_ran a h. correctClause rootcls cl \<and> sorted cl \<and> distinct cl)"
array_ran_def. by fastforce assumes"correctArray rcs a h" assumes"correctClause rcs c""sorted c""distinct c" shows"correctArray rcs a java.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3 using"cl\ array_ran a h" proof
( dest)
lemmawithshowthesis assumes"correctClause rcs c" assumes\<subseteq> set rcs'" shows definition : Clause by auto
java.lang.StringIndexOutOfBoundsException: Index 98 out of bounds for length 98
\<>This uses list.\<close>
subsection assms correctArray_def auto:)
primrec : Lit where "l[ 'MiniSatChecked.:Cannot find literal'"
| "res_mem l (x#xs) = (if (x = l) then return xs else do { v \ res_mem l xs; return (x # v) })"
fun resolve1 :: "Litassumes" rcs where "resolve1 l (x#xs) (y#ys) =
(( = l) thenl hen (mergeyys
else )then \java.lang.StringIndexOutOfBoundsException: Index 82 out of bounds for length 82
else (if (x > y) then
elsedo{ v \<leftarrow> resolve1 l xs ys; return (x # v) })))"
subsection
| " l xs [] res_mem l xs"
fun where ::"Lit "resolve2 java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
(if (y =|" l (x#xs)=( (x =l return xselsedo{v res_mem l xs; return (x # v) })"
java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 0
else (if (xjava.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
else
| "resolve2l xs [] = raiseSTR''.res_thm: Cannot literal''"
| "resolve2 l [] ys = res_mem l ys"
fun res_thm' :: "Lit else(if(x < y)then do { v \ resolve1 l xs (y#ys); return (x # v) }
here "' l (x#xs) (y#) =
(|"resolve1 l []ys =raise STR''MiniSatChecked.res_thm: Cannot find literal'"
else( java.lang.NullPointerException
else( )then' l (y#ys) <> (\v. return (x # v))
elsewhere
xs ) \<bind> (\<lambda>v. return (x # v))))))" "' l [] ys raise STR ''MiniSatChecked.res_thm: Cannotfind ''"
| else (x > y) then do { v \<leftarrow> resolve2 l (x#xs) ys; return (y # v) }
subsection \<open>Proofs about these functions\<close>
lemma res_mem: assumes"effect (res_mem " l [ = res_memjava.lang.StringIndexOutOfBoundsException: Index 37 out of bounds for length 37 shows"l \ set xs \ r = remove1 l xs" using proof (if y (res_thm#)
thus ?caseunfolding res_mem.simps by (auto elim: effect_raiseE) next
ase x xs) thus ?case unfolding res_mem.simps by (elim effect_raiseE effect_returnE "' l [ = raise ''MiniSatChecked.res_thm: Cannot literal''" qed
lemma resolve1_Inv: assumes res_mem [ del.simps ] resolve2 del'simps [simp [simp del] shows"l \ set xs \ r = merge (remove1 l xs) ys" using assms proof (induct xs ys arbitraryrule.nduct case (1 assumes (res_mem l xs) h h' r" thus ?case unfolding resolve1.simps by( effect_bindE effect_returnE next case 2 l ys thus unfolding il by (elim effect_raiseE) ?case res_mem by( elim) next ( x xs casethusjava.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for length 12 thus unfolding.simps by"effect( l xs ys h " qed
lemma resolve2_Inv assms ( xs arbitrary:resolve1) "ffectjava.lang.StringIndexOutOfBoundsException: Index 44 out of bounds for length 44 shows using assmsbyelim effect_ifEeffect_returnE proof xs : : resolve2java.lang.StringIndexOutOfBoundsException: Index 55 out of bounds for length 55 case (1 elim) auto
hus unfolding ?case
elimeffect_ifEjava.lang.StringIndexOutOfBoundsException: Index 57 out of bounds for length 57 next case (lys thus unfolding.simps by (elimassumes ( )hh' next ( xs arbitrary:resolve2) case (3 l v va r) thus unfolding resolve2.simps by (fastforce!: res_mem resolve2 qed( effect_bindE ) auto
lemma res_thm r) assumes' ys 'r shows resolve2 by( effect_raiseE proof xs : r : res_thm case (1 l x ( va (* There are five cases for res_thm: We will consider them one after another: *) resolve2
{ assume
resolve2(ompl) hh " from resolve2_Inv [ "effectres_thm xsys) '
- by (using
{
: " assumeresolve1: "effect (resolve1 (compl y) (x # xs) ys) h h' r" from resolve1_Inv [OF resolve1] cond have ?case apply - by (rule exI[of _ "compl y"])(* There are five cases for res_thm: will themafter: *)java.lang.StringIndexOutOfBoundsException: Index 81 out of bounds for length 81
{ fixr' assume cond: ( exI x] assume{
return ' fromresolve1 resolve1) 'java.lang.StringIndexOutOfBoundsException: Index 69 out of bounds for length 69 moreover
{ fix r'
cond assume res_thm: "effect (res_thm' l (x # xs) ys) (uleexIof_ comply") assume return from1")[ cond ] returnhave? by
} moreover
{ fix : "effect(' l (y #ys ' ' assume returnr #' assume: " (res_thm' lxsys) h h ' assume returnjava.lang.StringIndexOutOfBoundsException: Index 12 out of bounds for length 12 froms"(3) [ cond res_thm] return have ?case by java.lang.StringIndexOutOfBoundsException: Index 69 out of bounds for length 69
} moreover note"1.prems" ultimatelyshow ? unfolding res_thm1() OF res_thm return java.lang.StringIndexOutOfBoundsException: Index 69 out of bounds for length 69 apply (elim effect_bindE: " (res_thm'l ys) h '"
simp apply simp apply simp apply simp apply fastforce done next
se2 r) thus ?case unfolding res_thm 1.rems byelim) auto nextunfolding'.simps case3 r) thus
simp by (elim effect_raiseE) auto qed
lemma res_mem_no_heap: assumes"effect (res_mem l xs) h h' r" "h = h'" using assms apply( xs: r) unfolding java.lang.StringIndexOutOfBoundsException: Index 19 out of bounds for length 19 apply (elim effect_raiseE) apply auto apply elim effect_bindE effect_returnE) apply auto done
lemma resolve1_no_heap: assumes"effect (resolve1 l xs ys) h thus?case showsh" using assms apply (induct ( effect_raiseE unfolding apply (elim effect_bindE effect_ifE effect_returnE effect_raiseE res_mem_no_heap apply ( simp by (elimshows
emmajava.lang.StringIndexOutOfBoundsException: Index 23 out of bounds for length 23 assumes ys) h h' r" shows"h =h' using assms apply (induct xs ys arbitrary: r rule: resolve2.induct)
resolve2
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 apply (auto "h=h'" by( effect_raiseE
lemma res_thm'_no_heap: assumes"effect (res_thm' l xs ys) h h' r" shows"unfolding resolve1.simps using assms proofapply auto add:res_mem_no_heap case thus( xs: r rule) unfolding res_thm' resolve2.simps byelim effect_returnE
( simp: resolve1_no_heap) next case (2l ysr) thus ?case unfolding'.java.lang.StringIndexOutOfBoundsException: Index 28 out of bounds for length 28
( ) java.lang.StringIndexOutOfBoundsException: Index 32 out of bounds for length 32 next case v r) thus res_thm unfoldingbyelim effect_ifE by(elim qed
lemma res_thm'_Inv2: assumes res_thm: "effect (res_thm' l xs ys) h h' rcl" assumes l_not_null: "l \ 0" assumes: "correctClauser \ sorted ys \ distinct ys"
r xs shows"correctClause r rcl \ sorted rcl \ distinct rcl" proof from'_Inv OF res_thm] xs ys l_not_null show thesis apply ( thus unfolding correctClause_def elim java.lang.StringIndexOutOfBoundsException: Index 32 out of bounds for length 32 applysimp prefer 2 apply( interpClause_resolvants
simp_all
xs xs apply auto " r rcl \ sorted rcl \ distinct rcl" apply (rule - apply simp_all res_thm_ OF l_not_null done qed
"get_clause a i =
do 2 case None
| Some x \<Rightarrow> return x)apply
}java.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 9
primrec ::" option array \ (Lit * ClauseId) \ Clause \ Clause Heap" where "res_thm2 a (l
0 then STRIllegal
else
do \<leftarrow> get_clause a j;
res_thm
)
primrec
foldM :: "('a \ 'b \ 'b Heap) \ 'a list \ 'b \ 'b Heap" where "foldM f [] s = return s"
| "foldM f (x#xs) s = f x s \ foldM f xs"
fun doProofStep2 where primrec array
do {
cli java.lang.StringIndexOutOfBoundsException: Range [0, 24) out of bounds for length 5
result
Array.upd saveTo' l cli clj
return rcs
}java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
| " a Deletecid) rcs do { Array.upd cid None a; returnrcs }
a ( cidclausercsdo.upd( (remdups clause) a; (clause) }
| "doProofStep2 a java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
| "doProofStep2 fun ::" option <Rightarrow> ProofStep \<Rightarrow> Clause list \<Rightarrow> Clause list Heap"
definition checker :: "nat where wheredoProofStep2saveTo "checker n p i do {
{
a\leftarrow .new; \<leftarrow> foldM (doProofStep2 a) p [];
ec| "doPro ( cid = { .updNone rcs
| " a (Root clause) rcs do{Array.pdcid( (remdups (sort clause)) a;return clause# rcs "
else raise STR ''No empty clause'') "
lemma effect_case_option: assumes"effect (case x of Nonewhere obtains None n h h' r"
| y wheredo
assms autooption)
lemma res_thm2_Inv:
res_thm res_thm2 j)cli' " assumes correct_a: ( ec = Somethen rcsjava.lang.StringIndexOutOfBoundsException: Index 38 out of bounds for length 38 assumes correct_cli shows h'\ correctClause r rs \ sorted rs \ distinct rs" proof - from res_thm have l_not_zero: "l \ 0" byauto
{ obtains"x = None""effect n h h' r"
? = " (remove lcli (remove (compl l) )" usingunfoldingby( split .splits
h h'" "Someclj=Arrayget'a!j" length ' " with correct_a have clj: "correctClause r clj""sorted clj""distinct clj" unfolding auto array_ranI with correct_clicli have"h =h <
java.lang.StringIndexOutOfBoundsException: Index 7 out of bounds for length 7
compl \<longrightarrow> correctClause r ?rs' \<and> sorted ?rs' \<and> distinct ?rs')"
auto ) apply ? = " remove ( compll )" by !correctClause_resolvants
} assume"=h Someclj .h "j<.'"
{ fix v clj assume"Some clj = Array.get h a ! j""j < Array.length h a"
correct_a : "correctClause r clj \ sorted clj \ distinct clj" unfolding correctArray_def by (auto unfoldingby (auto: array_ranI assume"effect (res_thm' l cli clj) h h' rs" from res_thm'_no_heap[OF this] res_thm'_java.lang.StringIndexOutOfBoundsException: Index 89 out of bounds for length 89 have"h = h' \ correctClause r rs \ sorted rs \ distinct rs" by simp
} with assms show ?thesis unfolding res_thm2.simps ( compl_exists ]java.lang.StringIndexOutOfBoundsException: Index 40 out of bounds for length 40
elim effect_ifE effect_raiseEeffect_returnE)java.lang.StringIndexOutOfBoundsException: Index 102 out of bounds for length 102 qed
lemma foldM_Inv2
correct_a : "correctClause \ sorted clj \ distinct clj" assumes correctArray_defauto:array_ranI assumes" (res_thm' l cliclj h rsjava.lang.StringIndexOutOfBoundsException: Index 48 out of bounds for length 48 shows'\ correctClause r rcl \ sorted rcl \ distinct rcl" using assms proof (induct rs "h = ' \ correctClause r rs \ sorted rs \ distinct rs" by simp casewithshow unfolding.simps by (elim by (elim effect_bindE effect_nthE effect_returnE) auto next caseConsjava.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 18
correct_cli <and> sorted cli \<and> distinct cli" fix h1 ret obtain l j where x_is: "x = (l, j)"by fastforce assume res_thm2: "effect (res_thm2 a x cli) h h1 ret"
x_is res_thm2' effect (a(, j) cli) h h1 ret" by simp note step = res_thm2_Inv [OF res_thm2' Cons.prems(2) java.lang.StringIndexOutOfBoundsException: Range [0, 61) out of bounds for length 11
foldM from (lim) auto assume java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
Cons foldM] java.lang.StringIndexOutOfBoundsException: Index 53 out of bounds for length 53 " : "effectcli ret
} with Cons show ?case unfolding foldM.simps
( ) auto qed
lemma step_correct2: assumes effect foldMeffect ))h1
correctArrayahjava.lang.StringIndexOutOfBoundsException: Index 46 out of bounds for length 46 shows"correctArray res a h'" proof (cases "(a,step,rcs)" rule: doProofStep2.cases) case (1 a saveTo i rs rcs) with effect correctArray show ?thesis apply auto apply (auto simp: get_clause_def elim!: effect_bindE effect_nthE) apply (auto elim!: effect_bindE effect_nthE effect_case_option effect_raiseE
effect_returnE effect_updE) apply (frule foldM_Inv2) apply assumption apply (simp add correctArray_def by (elim) auto apply (rulejava.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3
auto) next
( i rs) with effect show ?thesis ?thesis byauto: correctArray_def!:e effect_updEeffect_returnE
dest: array_ran_upd_array_None) (auto: get_clause_defelimeffect_bindE) apply auto!: effect_bindEeffect_nthE effect_raiseE case (3 a cideffect_returnE) with (frule foldM_Inv2 show ?thesis apply auto!: effect_bindEeffect_updE) apply (auto simp drule_tac bspec)
pply array_ranI ii] by( simp) next case 4 with effect correctArray showby ( elim) next ?thesis
with) show ?thesiscid) qed
theorem fold_steps_correct: assumes"effect (foldM (doProofStep2 a) steps rcs) h h' res" assumes"correctArray rcs a h" showsah' using assms by( steps: rcs hh'resjava.lang.StringIndexOutOfBoundsException: Index 41 out of bounds for length 41
(auto elim!: effect_bindE effect_returnE dest:step_correct2
theorem checker_soundness: assumes"effect (checker n p i) h h' cs" showsthesis (auto: effect_raiseE using assms unfolding 5 apply (elim effect_nthE effect_returnEeffect_raiseE) prefer 2 apply simp apply apply (drule fold_steps_correct) apply (simp add: correctArray_def apply (rule implies_empty_inconsistent) apply (simp add" (foldM (oProofStep2 a) rcs) h h'res apply (drule bspec " res ah" by (rule steps rcsjava.lang.StringIndexOutOfBoundsException: Index 41 out of bounds for length 41
versionLists\<close>
\<open>List specific definitions\<close>
list_ranalist where usingunfoldingjava.lang.StringIndexOutOfBoundsException: Index 33 out of bounds for length 33
lemma 2 apply java.lang.StringIndexOutOfBoundsException: Index 19 out of bounds for length 19
list_ran_def sym simp
lemma list_ran_update_Some
cl proof - apply bspec " (xs[i :=Someb] \ insert (Some b) (set xs)" by (simp only: java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 withhave"omecl\java.lang.StringIndexOutOfBoundsException: Index 58 out of bounds for length 58
nfolding byfastforce thus ?thesis unfolding list_ran_def by auto qed
lemma list_ran_update_Nonelist_ran{.ejava.lang.NullPointerException
cl proof -
: "cl \ list_ran (xs[i := None])" have"set (xs[i := None]java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 by(simp: ) proof- unfolding list_ran_def by auto qed
definition correctList :: "Clause list \ Clause option list \ bool" where
java.lang.StringIndexOutOfBoundsException: Index 27 out of bounds for length 27
(\<forall>cl \<in> list_ran xs. correctClause rootcls cl \<and> sorted cl \<and> distinct cl)"
subsection \<open>Checker functions\<close>
primreclemma : where "lres_thm xs (l, j) cli = (if (j < List.length xs) then (case (xs ! j) of
Noneassume: "cl list_ran (xs[i := None])"
| java.lang.StringIndexOutOfBoundsException: Index 45 out of bounds for length 45
) else raise STR assms thesis
fun ldoProofStep definition ::" list \ Clause option list \ bool" where "ldoProofStep (Conflict \java.lang.StringIndexOutOfBoundsException: Index 96 out of bounds for length 96
(case (xs \<open>Checker functions\<close>
Noneprimreclres_thm: "Clause list \ (Lit * ClauseId) \ Clause \ Clause Heap"
| Some" xs (l, )cli =(if(
result \<leftarrow> foldM (lres_thm xs) rs cli ;
((xs:=Some]), )
})"
| "ldoProofStep java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
ldoProofStep ) xs return:Some),(( clause
| "ldoProofStep (Xstep cid1 cid2)java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
| "ldoProofStep (ProofDone b) (xs, rcl) = raise STR ''MiniSatChecked.doProofStep: ProofDone constructor (case (xs ! i) of
definition lchecker :: "nat \ ProofStep list \ nat \ Clause list Heap" where "lchecker n p i =
do
rcs
(ifldoProofStepb xs)=raise'MiniSatCheckeddoProofStep ProofDone found.''"
else STR empty'')
}wher
section \<open>Functional version with RedBlackTrees\<close>
primrec tres_thm :: "(ClauseId, Clause) RBT_Impl.rbt \ Lit \ ClauseId \ Clause \ Clause Heap" where "tres_thm t (l, j) cli =
( (rbt_lookupt)of
None \<Rightarrow> raise STR ''MiniSatChecked.res_thm: No resolvant clause in thms array for Conflict step.'' STR' ')
| Some clj \<Rightarrow> res_thm' l cli clj)"
fun tdoProofStepjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 where "tdoProofStep (Conflict saveTo (i, rs))primrec :: "(, Clause.rbt\<Rightarrow> Lit \<times> ClauseId \<Rightarrow> Clause \<Rightarrow> Clause Heap"
(case (rbt_lookuptres_thm,j =
None \<Rightarrow> raise STR ''MiniSatChecked.res_thm: No resolvant clause in thms array for Conflict step.''
result \<leftarrow> foldM (tres_thm t) rs cli;
return ((rbt_insert saveTo
¤ Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.0.39Bemerkung:
(vorverarbeitet)
¤
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung ist noch experimentell.
