| products/Sources/formale Sprachen/Isabelle/HOL/Proofs/Extraction/ |
|
Quellcode-Bibliothek© Kompilation durch diese Firma[Weder Korrektheit noch Funktionsfähigkeit der Software werden zugesichert.]Datei: Pigeonhole.thy Sprache: IsabelleOriginal von: Isabelle© |
|
||||||
|
(* Title: HOL/Proofs/Extraction/Pigeonhole.thy
Author: Stefan Berghofer, TU Muenchen *) section \<open>The pigeonhole principle\<close> theory Pigeonhole imports Util "HOL-Library.Realizers" "HOL-Library.Code_Target_Numeral" begin text \<open> We formalize two proofs of the pigeonhole principle, which lead to extracted programs of quite different complexity. The original formalization of these proofs in {\sc Nuprl} is due to Aleksey Nogin @{cite "Nogin-ENTCS-2000"}. This proof yields a polynomial program. \<close> theorem pigeonhole: "\ proof (induct n) case 0 then have "Suc 0 \ then show ?case by iprover next case (Suc n) have r: "k \ (\<And>i j. Suc k \<le> i \<Longrightarrow> i \<le> Suc (Suc n) \<Longrightarrow> j < i \<Longrightarrow> f i \<n (\<exists>i j. i \<le> k \<and> j < i \<and> f i = f j)" for k proof (induct k) case 0 let ?f = "\ have "\ proof assume "\ then obtain i j where i: "i \ by iprover from j have i_nz: "Suc 0 \ from i have iSSn: "i \ have S0SSn: "Suc 0 \ show False proof cases assume fi: "f i = Suc n" show False proof cases assume fj: "f j = Suc n" from i_nz and iSSn and j have "f i \ moreover from fi have "f i = f j" by (simp add: fj [symmetric]) ultimately show ?thesis .. next from i and j have "j < Suc (Suc n)" by simp with S0SSn and le_refl have "f (Suc (Suc n)) \ by (rule 0) moreover assume "f j \ with fi and f have "f (Suc (Suc n)) = f j" by simp ultimately show False .. qed next assume fi: "f i \ show False proof cases from i have "i < Suc (Suc n)" by simp with S0SSn and le_refl have "f (Suc (Suc n)) \ by (rule 0) moreover assume "f j = Suc n" with fi and f have "f (Suc (Suc n)) = f i" by simp ultimately show False .. next from i_nz and iSSn and j have "f i \ moreover assume "f j \ with fi and f have "f i = f j" by simp ultimately show False .. qed qed qed moreover have "?f i \ proof - from that have i: "i < Suc (Suc n)" by simp have "f (Suc (Suc n)) \ by (rule 0) (simp_all add: i) moreover have "f (Suc (Suc n)) \ by (rule Suc) simp moreover from i have "i \ then have "f i \ ultimately show ?thesis by simp qed then have "\ by (rule Suc) ultimately show ?case .. next case (Suc k) from search [OF nat_eq_dec] show ?case proof assume "\ then show ?case by (iprover intro: le_refl) next assume nex: "\ have "\ proof (rule Suc) from Suc show "k \ fix i j assume k: "Suc k \ and j: "j < i" show "f i \ proof cases assume eq: "i = Suc k" show ?thesis proof assume "f i = f j" then have "f (Suc k) = f j" by (simp add: eq) with nex and j and eq show False by iprover qed next assume "i \ with k have "Suc (Suc k) \ then show ?thesis using i and j by (rule Suc) qed qed then show ?thesis by (iprover intro: le_SucI) qed qed show ?case by (rule r) simp_all qed text \<open> The following proof, although quite elegant from a mathematical point of view, leads to an exponential program: \<close> theorem pigeonhole_slow: "\ proof (induct n) case 0 have "Suc 0 \ moreover have "0 < Suc 0" .. moreover from 0 have "f (Suc 0) = f 0" by simp ultimately show ?case by iprover next case (Suc n) from search [OF nat_eq_dec] show ?case proof assume "\ then show ?case by (iprover intro: le_refl) next assume "\ then have nex: "\ let ?f = "\ have "\ proof - fix i assume i: "i \ show "?thesis i" proof (cases "f i = Suc n") case True from i and nex have "f (Suc (Suc n)) \ with True have "f (Suc (Suc n)) \ moreover from Suc have "f (Suc (Suc n)) \ ultimately have "f (Suc (Suc n)) \ with True show ?thesis by simp next case False from Suc and i have "f i \ with False show ?thesis by simp qed qed then have "\ then obtain i j where i: "i \ by iprover have "f i = f j" proof (cases "f i = Suc n") case True show ?thesis proof (cases "f j = Suc n") assume "f j = Suc n" with True show ?thesis by simp next assume "f j \ moreover from i ji nex have "f (Suc (Suc n)) \ ultimately show ?thesis using True f by simp qed next case False show ?thesis proof (cases "f j = Suc n") assume "f j = Suc n" moreover from i nex have "f (Suc (Suc n)) \ ultimately show ?thesis using False f by simp next assume "f j \ with False f show ?thesis by simp qed qed moreover from i have "i \ ultimately show ?thesis using ji by iprover qed qed extract pigeonhole pigeonhole_slow text \<open> The programs extracted from the above proofs look as follows: @{thm [display] pigeonhole_def} @{thm [display] pigeonhole_slow_def} The program for searching for an element in an array is @{thm [display,eta_contract=false] search_def} The correctness statement for \<^term>\<open>pigeonhole\<close> is @{thm [display] pigeonhole_correctness [no_vars]} In order to analyze the speed of the above programs, we generate ML code from them. \<close> instantiation nat :: default begin definition "default = (0::nat)" instance .. end instantiation prod :: (default, default) default begin definition "default = (default, default)" instance .. end definition "test n u = pigeonhole (nat_of_integer n) (\ definition "test' n u = pigeonhole_slow (nat_of_integer n) (\ definition "test'' u = pigeonhole 8 (List.nth [0, 1, 2, 3, 4, 5, 6, 3, 7, 8])" ML_val "timeit (@{code test} 10)" ML_val "timeit (@{code test'} 10)" ML_val "timeit (@{code test} 20)" ML_val "timeit (@{code test'} 20)" ML_val "timeit (@{code test} 25)" ML_val "timeit (@{code test'} 25)" ML_val "timeit (@{code test} 500)" ML_val "timeit @{code test''}" end ¤ Dauer der Verarbeitung: 0.6 Sekunden (vorverarbeitet) ¤ |
Haftungshinweis
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:Die farbliche Syntaxdarstellung ist noch experimentell.Bot Zugriff |
