sectionProof of Procedure Repoint\lose theory RepointProof imports rify
hide_const (openepighb
lemma (in Repoint_impl) Repoint_modifiesll Null" shows "assumerp_nNullNullrep p ≠ <>reptpropto id) (low (rep p))) (rep ∝ high) rept
{t. t may_only_modify_globals <sigmain apply (hoare_rule HoarePartial.ProcRec1) apply (vcg spec=modifies) done
lemma low_high_exchange_dag: assumes pt_same: "∀ Dag pa lowa higha rept ∧pt. pt ∉ low pt = lowa pt ∧ assumes pt_changed: "∀ set_of lt. lowa ptep low) pt ∧
higha pt = (rep ∝ Dagand assumes rep_pt: <forallpt \in_ofrept= showsassumeept_dag id) p) (rep ∝ high) rept" Dag q (rep ∝ higha) rt" using rep_pt agreprept proof (induct rt) case Tip thus ?caseby<> t <>set_of rept ⟶ high pt = (highb(rep p :pb next caserept_def rrepteptt" have "Dagwithept_dagpt_dagg thenobtain"Dag (e <pr> low) (rep p)) (rep ∝ high) lrept"
q': "q = q'"and
q_notNull: "q ≠ high) (rep p)) (rep ∝ hg)re"
lrt: "Dag ((rep ∝\in set_of lrept. rep no = no"
rrt: "Dag ((rep ∝ no ∈ have rlowa_rlow: "((repagpaand proof (cases "q \ \forall>p. pt ∉ low pt = lowa pt ∧ case True note q_in_lt=this with pt_changed have lowa_q: "lowa q = (rep ∝ by simp
hus lowa) q = (rep ∝ proof (cases "low q = Null") case True with lowa_q have owa by (simp add mpp
withrueshoww sisjava.lang.StringIndexOutOfBoundsException: Index 28 out of bounds for length 28 by (simp add: null_comp_def next assume lq_nNull <id) (higha (rep p))) (rep ∝ higha" show ?thesis proof (cases "(rep ∝ case Trueept with lowa_q have"lowa q = Null" by simp with True show ?witha_ncwa_higha_rrept by (simp add: null_comp_def) next assume rlq_nNullapply(ulelow_high_exchange_dag with by auto withemsNode>set_of (Node lrt q' rrt)" byimp withNo.rm ae"ep" by auto th a_q_q l_n ho this by (simp add: null_comp_def)(rep <prot>hga n rp\propto higha) no" qed qed next assume q_notin_lt no
o in set_of rrept" by auto thus ?thesis y (smad null_cmp_ef qed have rhighby blast proof (cases "q ∈ lowa) no = (rep ∝ case True note q_in_lt=this(rep> higha) no = (rep ∝ withha_q(rep🚫 by simp thus ?thesis proof (cases "high q = Null") caseTrue with higha_q have"higha q = Null" by (simp add: null_comp_def) with True show by (simp add: null_comp_def) next assume hq_nNull: "high q ≠ Null" show ?thesis proofcases 🚫 case True with higha_q have"higha q = Null" by simp withshowthesis by (simp add: null_comp_def) next assume rhq_nNull: "(rep ∝) q ≠ t hihqhae"ha>set_of rrt" by auto with Node.prems Node ha"highaq <> (Node lrt' rrt
byimp
ith rep q) = higha by auto assumes<forallpt. pt ∉ low pt =lowa pt> high pt = higha pt" by(i ad ulcmdf qed qed next assume q_notin_lt: " q ∉ id) (higha with pt_same have"high by auto thus ?thesis by (simp add: null__op_d) qed rrt have rhigha_mixed_dag: "Dag ((rep ∝ by simp from lrta_rloww owa_mixed_dag
(reppropto lowa) q) (rep ∝ high) tjava.lang.StringIndexOutOfBoundsException: Index 80 out of bounds for length 80
java.lang.StringIndexOutOfBoundsException: Index 43 out of bounds for length 11
fromomept_defrept_dag_Null ept_dag by simp from Node.prems have rrt_rep_eq"<>t>s rrt. rep pt = pt" by simp from rlowa_mixed_dag " Dag ((rep \<proptofrom no \in set_of lrept. rep no = no" apply - apply (rule auto
done from rhigha_mixed_dag rrt_rep_eq have higha_rrt: " Dag ((rep \ xlept nexI apply - apply auto done with lowa_lrt q' q_notNull show " Dag q (rep ∝ by simp qed
lemmawithowa_nca_def shows
<⊨ {σ} 🍋p :== PROC Repoint (🍋 id) (higha < lowa) (rep> higha) rrept" { id) (higha (rep p))) (rep ∝ higha) rrept = ∧ id) (higha (rep p))) ⟶ lowa(rep p := pa)) (rep ∝ (∀ set_of rept ⟶ pt = 🍋 pt = 🍋" applye_ruleocRec1 apply vcg apply (rule conjI) apply clarify prefer roof apply lI apply (simp add: null_comp_def set_of rrept" apply (rule conjI) prefer2 apply (clarsimp) apply clarify proof - fix low high p rep lowa higha pa lowb highb pb rept assume p_nNull: "p ≠ higha) no = (rep higha) no" assume rp_nNull: " repmp_def assumeec_spec_lrept "∀ ∧ apply ulle coj) (<foralp.p \notin> set_of rept ⟶ l pt oap <and> high pt = higha pt)"
assumerec_spec_rrepttjava.lang.StringIndexOutOfBoundsException: Index 25 out of bounds for length 25
<>ptDag id) (higha (rep p))) (rep ∝ higha) rept ∧ (∀ ⟶ Dag pb have: Dagept havenc "\forall>>pt. pt ∉ rp <longrightarrow> assume rno_re (lowarp =a)) pt = obp <and> iha p=hghbt yfat show " Dagt_dag
(∀ high) (rep))and proof - from rp_nNull rept_dag p_nNull obtainlowb low) no ∧ high) no" rept_def: "rept = Node lrept by auto
thgjava.lang.StringIndexOutOfBoundsException: Index 42 out of bounds for length 42 " low) (rep p)) (rep ∝ ihlep" by simp from rept_def o_in_reptin> set_of rept" Dag ((rep ∝ low) (rep ∝ by simp from rno_reptp_efa n_rpt" no ∈
impp by autojava.lang.StringIndexOutOfBoundsException: Index 20 out of bounds for length 20 have repoint_post_low: " Dag pa lowa higha lrept ∧ (∀pt. p casTue proof - from lrept_dag have " Dag low) (rep ∝ by (simp add: id_trans) with rec_spec_lrept rno_lrept show ?thesis apply - apply (erule_tac x=lreptapplylast apply (erule impE)from_ha_def apply simp apply assumption done qed hencelow_lowa_ncpt. pt ∉<>gh= at" by simp from lrept_dag repoint_post_low obtain pa_def: "pa noteq rep p") lowa_higha_def: "(∀ apply onee apply (drule Dags_eq_hp_eq) apply auto done fromag:" by (rule Dag_is_DAG) with rept_def have rp_notin_lrept: "rep p ∉ high no = higha no" by simp from rephav (oarpp: p) o=lw o\and higha no = highb no" by simp have"Dag ((rep ∝ low) no = lowb no ∧ proof - from low_lowa_nc rp_notin_lrept have "(rep ∝ by (auto simp add: null_comp_def)
ith ha_mixed_rrept "Dag ((rep ∝ low) (rep ∝ by (simp add: id_trans) thm low_high_exchange_dag with low_lowa_nc lowa_higha_def rno_rrewit etdgpnshohss "Dag ((rep ∝ apply - apply (ruleep
java.lang.StringIndexOutOfBoundsException: Index 18 out of bounds for length 18
ne havewithefobtain
Dag ((rep <>id higharept proof - have"∀ set_of rrept"and
p\propto higha) no = (rep higha) no" proof fix no assume no_in_rrept: "no <inshow with rp_notin_rrept have"no ≠ wit reeg tes by blast thus "(rep ∝
(rep ∝ by (simp add: null_comp_def) qed thus ?thesis by (rule heaps_eq_Dag_eq) qed with lowa_higha_rrept show ?thesis by simp qed with rec_spec_rrept rno_rrept have repoint_rrept: "Dag pb lowb highb rrept ∧ (∀pt. pt ∉ set_of rrept ⟶ (lowa(rep p := pa)) pt = lowb pt ∧ higha pt = highb pt)" apply - apply (erule_tac x=rrept in allE) apply (erule impE) apply simp apply assumption done thenhave ab_nc: "(∀pt. pt ∉ set_of rrept ⟶ (lowa(rep p := pa)) pt = lowb pt ∧ higha pt = highb pt)" by simp from repoint_rrept rrept_dag obtain
pb_def: "pb = ((rep ∝ high) (rep p))"and
lowb_highb_def: "(∀ no ∈ set_of rrept. lowb no = (rep ∝ low) no ∧ highb no = (rep∝ high) no)" apply - apply (drule Dags_eq_hp_eq) apply auto done have rept_end_dag: " Dag (rep p) lowb (highb(rep p := pb)) rept" proof - have"∀ no ∈ set_of rept. lowb no = (rep ∝ low) no ∧ (highb(rep p := pb)) no = (rep ∝ high) no" proof fix no assume no_in_rept: " no ∈ set_of rept" show"lowb no = (rep ∝ low) no ∧ (highb(rep p := pb)) no = (rep ∝ high) no" proof (cases "no ∈ set_of rrept") case True with lowb_highb_def pb_def show ?thesis by simp next assume no_notin_rrept: " no ∉ set_of rrept" show ?thesis proof (cases "no ∈ set_of lrept") case True with no_notin_rrept rp_notin_lrept ab_nc have ab_nc_no: "lowa no = lowb no ∧ higha no = highb no" apply - apply (erule_tac x=no in allE) apply (erule impE) apply simp apply (subgoal_tac "no ≠ rep p") apply simp apply blast done from lowa_higha_def True have "lowa no = (rep ∝ low) no ∧ higha no = (rep ∝ high) no" by auto with ab_nc_no have"lowb no = (rep ∝ low) no ∧ highb no =(rep ∝ high) no" by simp with rp_notin_lrept True show ?thesis apply (subgoal_tac "no ≠ rep p") apply simp apply blast done next assume no_notin_lrept: " no ∉ set_of lrept" with no_in_rept rept_def no_notin_rrept have no_rp: "no = rep p" by simp with rp_notin_lrept low_lowa_nc have a_nc: "low no = lowa no ∧ high no = higha no" by auto from rp_notin_rrept no_rp ab_nc have "(lowa(rep p := pa)) no = lowb no ∧ higha no = highb no" by auto with a_nc pa_def no_rp have"(rep ∝ low) no = lowb no ∧ high no = highb no" by auto with pb_def no_rp show ?thesis by simp qed qed qed with rept_dag have" Dag (rep p) lowb (highb(rep p := pb)) rept = Dag (rep p) (rep ∝ low) (rep ∝ high) rept" apply - thm heaps_eq_Dag_eq apply (rule heaps_eq_Dag_eq) apply
withpa_defpa low) (rep p)" and by simp qed have "(∀pt. pt ∉ set_of rept: "\forall set_of lrept. lowa no = (rep ∝ higha no = (repp>high) no)" proof (introapply fix pt
rept_dagAGDAG" with rept_def obtain pt_notin_lrept: "pt ∉ set_of lrept" and pt_notin_rrept: "pt ∉ set_of rrept" and bysimp pt_neq_rp: "pt ≠ id) (higha (ep p)p>lowa(rep=) \propto
with low_lowa_nc ab_nc show"low pt = lowb pt ∧ high pt = (highb(rep p := pb)) pt" by auto qed with rept_end_dag show ?thesis by simp qed qed
lemma (in Repoint_impl) Repoint_spec: shows "∀σ rept. Γ⊨{σ. Dag ((🍋rep ∝ id) 🍋p) (🍋rep ∝🍋low) (🍋rep ∝🍋high) rept ∧ (∀ no ∈ set_of rept. 🍋rep no = no) } 🍋p :== PROC Repoint (🍋p) {Dag 🍋p 🍋low 🍋high rept ∧ (∀pt. pt ∉ set_of rept ⟶<sigma>low pt = 🍋low pt ∧<sigma>high pt = 🍋high pt)}" apply (hoare_rule HoarePartial.ProcRec1) apply vcg apply (rule conjI) prefer2 apply (clarsimp simp add: null_comp_def) apply clarify apply (rule conjI) prefer2 apply clarsimp apply clarify proof - fix rept low high rep p assume rept_dag: "Dag ((rep ∝ id) p) (rep ∝ low) (rep ∝ high) rept" assume rno_rept: "∀no∈set_of rept. rep no = no" assume p_nNull: "p ≠ Null" assume rp_nNull: " rep p ≠ Null" show"∃lrept. Dag ((rep ∝ id) (low (rep p))) (rep ∝ low) (rep ∝ high) lrept ∧ (∀no∈set_of lrept. rep no = no) ∧ (∀ Dag pa lowahigha lrept ∧ (∀pt. pt ∉ set_of lrept ⟶ low pt = lowa pt ∧ high pt = higha pt) ⟶ (∃rrept. Dag ((rep ∝ id) (higha (rep p))) (rep ∝ lowa(rep p := pa)) (rep ∝ higha) rrept ∧ (∀no∈set_of rrept. rep no = no) ∧ (∀lowb highb pb. Dag pb lowb highb rrept ∧ (∀pt. pt ∉ set_of rrept ⟶ (lowa(rep p := pa)) pt = lowb pt ∧ higha pt = highb pt) ⟶ Dag (rep p) lowb (highb(rep p := pb)) rept ∧ (∀pt. pt ∉ set_of rept ⟶ low pt = lowb pt ∧ high pt = (highb(rep p := pb)) pt))))" proof - from rp_nNull rept_dag p_nNull obtain lrept rrept where
rept_def: "rept = Node lrept (rep p) rrept" by auto with rept_dag p_nNull have lrept_dag: "Dag ((rep ∝ low) (rep p)) (rep ∝ low) (rep ∝ high) lrept" by simp from rept_def rept_dag p_nNull have rrept_dag: "Dag ((rep ∝ high) (rep p)) (rep ∝ low) (rep ∝ high) rrept" by simp from rno_rept rept_def have rno_lrept: "∀ no ∈ set_of lrept. rep no = no" by auto from rno_rept rept_def have rno_rrept: "∀ no ∈ set_of rrept. rep no = no" by auto show ?thesis apply (rule_tac x=lrept in exI) apply (rule conjI) apply (simp add: id_trans lrept_dag) apply (rule conjI) apply (rule rno_lrept) apply clarify
subgoal premises prems for lowa higha pa proof - have lrepta: "Dag pa lowa higha lrept"by fact have low_lowa_nc: "∀ pt ∉<> low pt = lowa pt <a> high pt = higha pt"byfact from lrept_dag lrepta obtain
pa_def: "pa = (rep ∝ lowa_higha_def: "∀no apply --
lowa =(rep low) no ∧ high) no" apply - apply (drule Dags_eq_hp_eq) apply auto done from rept_dag have rept_DAG: "DAG rept" by (r done itheptdfhv pnotnlept "rep <notin by Dag(repp \proptod ighagha(rep<<propto from rept_DAG rept_def have rp_notin_rrept: "rep p ∉ set_of rrept" by simp have rrepta: "Dag ((rep ∝ id) (higha (rep p))) (rep ∝ lowa(rep p := pa)) (rep ∝ higha) rrept" proof - from low_lowa_nc rp_notin_lrept have"(rep ∝ high) (rep p) = (rep ∝ higha) (rep p)" by (auto simp add: null_comp_def) with rrept_dag have higha_mixed_rrept: "Dag ((rep ∝ id) (higha (rep p))) (rep ∝ low) (rep ∝ high) rrept" by (simp add: id_trans) thm low_high_exchange_dag with low_lowa_nc lowa_higha_def rno_rrept have lowa_higha_rrept: "Dag ((rep ∝ id) (higha (rep p))) (rep ∝ lowa) (rep ∝ higha) rrept" apply - apply (rule low_high_exchange_dag) apply auto done have"Dag ((rep ∝ id) (higha (rep p))) (rep ∝ lowa) (rep ∝ higha) rrept = Dag ((rep ∝ id) (higha (rep p))) (rep ∝ lowa(rep p := pa)) (rep ∝ higha) rrept" proof - have"∀no ∈ set_of rrept. (rep ∝ lowa) no = (rep ∝ lowa(rep p := pa)) no ∧ (rep ∝ higha) no = (rep ∝ higha) no" proof fix no assume no_in_rrept: "no ∈ set_of rrept" with rp_notin_rrept have"no ≠ rep p" by blast thus"(rep ∝ lowa) no = (rep ∝ lowa(rep p := pa)) no ∧ (rep ∝ higha) no = (rep ∝ higha) no" by (simp add: null_comp_def) qed thus ?thesis by (rule heaps_eq_Dag_eq) qed with lowa_higha_rrept show ?thesis by simp qed show ?thesis apply (rule_tac x=rrept in exI) apply (rule conjI) apply (rule rrepta) apply (rule conjI) apply (rule rno_rrept) apply clarify
subgoal premises prems for lowb highb pb proof - have rreptb: "Dag pb lowb highb rrept"by fact have ab_nc: "∀pt. pt ∉ set_of rrept ⟶ (lowa(rep p := pa)) pt = lowb pt ∧ higha pt = highb pt"by fact from rreptb rrept_dag obtain
pb_def: "pb = ((rep ∝ high) (rep p))"and
lowb_highb_def: "∀no ∈ set_of rrept. lowb no = (rep ∝ low) no ∧ highb no = (rep ∝ high) no" apply - apply (drule Dags_eq_hp_eq) apply auto done have rept_end_dag: " Dag (rep p) lowb (highb(rep p := pb)) rept" proof - have"∀no ∈ set_of rept. lowb no = (rep ∝ low) no ∧ (highb(rep p := pb)) no = (rep ∝ high) no" proof fix no assume no_in_rept: " no ∈ set_of rept" show"lowb no = (rep ∝ low) no ∧ (highb(rep p := pb)) no = (rep ∝ high) no" proof (cases "no ∈ set_of rrept") case True with lowb_highb_def pb_def show ?thesis by simp next assume no_notin_rrept: " no ∉ set_of rrept" show ?thesis proof (cases "no ∈ set_of lrept") case True with no_notin_rrept rp_notin_lrept ab_nc have ab_nc_no: "lowa no = lowb no ∧ higha no = highb no" apply - apply (erule_tac x=no in allE) apply (erule impE) apply simp apply (subgoal_tac "no ≠ rep p") apply simp apply blast done from lowa_higha_def True have "lowa no = (rep ∝ low) no ∧ higha no = (rep ∝ high) no" by auto with ab_nc_no have"lowb no = (rep ∝ low) no ∧ highb no =(rep ∝ high) no" by simp with rp_notin_lrept True show ?thesis apply (subgoal_tac "no ≠ rep p") apply simp apply blast done next assume no_notin_lrept: " no ∉ set_of lrept" with no_in_rept rept_def no_notin_rrept have no_rp: "no = rep p" by simp with rp_notin_lrept low_lowa_nc have a_nc: "low no = lowa no ∧ high no = higha no" by auto from rp_notin_rrept no_rp ab_nc have"(lowa(rep p := pa)) no = lowb no ∧ = highb no" by auto with a_nc pa_def no_rp have"(rep ∝ by auto with pb_def no_rp showhesis by simp qed qed qed with rept_dag have "Dag (rep p) lowb (highb(rep ( heaps_eq_Dag_eq
Dag )( ∝ high) rept" apply - pply(ueeaseDge) apply auto done with rp_a _nNNl hw thss by simp qed have "(∀
high ((rep p=pb))" proof (intro allI impI) fix pt assume pt_notin_rept: "pt: pb (rep high) (rep p))" and with re rept_def obtain pt_notin_lrept: "pt (drule Dags_eq_hp_eq)
pt_notin_rrept: "pt ∉ pt_neq_rp: "pt <teq
simp with low_lowa_nc ab_nc show"low p = lowb pt ∧:= b)) pt" by auto qed withab_nc_nolowa higha no = highb by simp qed done qed done qed qed
(∃
Dag ((rep ∝
(rep ∝
(∀<andforall no ∈rep no = no) }
size (dag ((rep ∝epp)
(rep ∝ higha))
< size (dag ((rep ∝ low) (rep ∝
(∀lowb (are_ruleal) 2
(∀
larsimp
higha p
Dag (rep p) lowb(repp := pb)rept \and>
(∀ set_of rept ⟶
low ptrep> Null" high pt = (highb(rep p := pb)) pt))))" proof - from rp_nNull rept_dag p_nNull obtain (\forallno∈
rept_def: "rept = Node lrept (rep p) rrept" by auto withpt_dagnNullerept_dag "Dag ((rep ∝pt. pt ∉ byy ip from rept_def rept_dag p_nNull have rrept_dag: "Dagproptoid) (higha (rep p))) (rep ∝ lowa(rep p := pa)) by simp from rno_rept rept_def have rno_lrept: "∀ set_of lrept. rep no = no" by auto from rno_rept rept_def have rno_rrept: "∀ set_of rrept. rep no = no" by auto show ?thesis apply (rule_tac x=lrept in exI) apply (rule conjI) apply (simp add: id_trans lrept_dag) apply (rule conjI) apply (rule rno_lrept) apply (rule conjI) using rept_dag rept_def apply (simp only: Dag_dag) apply (clarsimp: d_transDag_dag apply clarify
subgoal premises prems forighaapa proof
lrepta pa lowahigha lrept" by fact low_lowa_nc: ">pt. pt ∉ high pt = higha pt"by fat fromlrp_d rea oti pa_def: "pa-
lowa_higha_def: "∀no ∈rept_d:" Nodelreptep
lowa no = (rep ∝: apply -
apply auto done from rept_dag have rept_DAG: "DAG rept" by(rule Dag_is_DAG with rept_def have rp_notin_lrept: "rep p ∉: "\forallno set_of rrept. rep no = no" by simpsh tei from rept_DAG rept_def have rp_notin_rreappl (rl ojI by simp have rrepta: "Dag ((rep ∝
(rep \ lreptaDag lowa lrept proof from low_lowa_nc rp_notin_lrept have"(rep ∝ high) (rep p) = (rep ∝pro> low) (rep p)"and by (auto simp add: null_comp_def withhave higha_mixed_rrept "Dag ((rep ∝ Dags_e) by (simp add: id_trans) thm low_high_exchange_dag low_lowa_nc lowa_higha_def rno_rrept have lowa_higha_rrept: "agrep ∝\propto lowa) (rep ∝ higha) rrept" apply - apply (rul o_ig_exchange_da apply auto done have "Dag ((rep ∝∝∝
Dag ((rep ∝withrept_dagt_dagaveha_mixed_rrept
(rep ∝ lowa(repp: parep ∝" proof - have "∀no ∈ lowa_higha_def rno_rrept
(rep ∝ id) (higha (rep p))) (rep ∝ higha) rrept
(rep ∝ higha) no = (rep ∝ low_high_exchange_dag) proof fix no assume no_in_rrept: "no ∈ set_of rrept" with rp_notin_rrept have"no ≠ rep p" by blast thus"(rep ∝ lowa(rep p := pa)) no\and (rep ∝ higha) no = (rep ∝ lowa(rep p := pa)) (rep \<optopto lowa(rep p := pa)) no∧ by (simp add: null_comp_def) no_in_rrept: "no set_of rrept thus ?thesis by (rule heaps_eq_Dag_eq) qed with lowa_higha_rrept show ?thesis by simp qedby(ule) show ?thesis apply (rule_tac x=rrept in exI) apply (rule conjI) apply (apply( conjI apply (ruleapply rule) apply larify apply (rule conjI) using rreptb" p obhg ret by fact apply (smpol: a_a) apply (clarsimp simp add: id_trans Dag_dag) apply clarify subgoal premises prems for lowb highb pb proof - have rreptb: ":<>no have ab_nc: "∀ set_of rrept ⟶ (lowa(rep p := pa)) pt = lowapply - from rreptb rrept_dag obtain pb_def: "pb = ((rep ∝
lowb_highb_def: "∀ lowb no = (rep ∝ low) no ∧ highb no = (rep ∝ high) no" apply apply (drule Dags_eq_hp_eq) apply auto done showlowb> low) no ∧ proof - have"∀ set_of rrept")
lowb no = (rep ∝show proof fix nono_notin_rrept:" n ∉ assume no_in_rept: " no ∈∈ show"lowb no = (rep ∝ (highb(rep p := pb)) no = (rep ∝ proof (cases "no ∈ set_of rrept") case True with lowb_highb_def pb_def show ?thesis by simp next assume no_notin_rrept: " no ∉ show ?thesis proof (cases "no ∈ set_of lrept") case True with no_notin_rrept rp_notin_lrept ab_ncapply simp have ab_nc_no: "lowa no = lowb no ∧ higha no = highb ndone apply - apply (erule_tac x=no in allE) apply (erule impE) apply simp apply (subgoal_tac "no ≠ rep p")have "lowbpropto low) no ∧ high) no" apply simp apply blast done from lowa_higha_def True have "lowa no = (rep ∝ by auto withab_nc_no "owbno=(rp\propto)no \andd>high o sim with rp_notin_lrept True show ?thesis apply (subgoal_tac "no ≠
simp apply blast done next assume no_notin_lrept: " no ∉ with no_in_rept rept_def no_notin_rrept have no_rp: "no = rep p" by simp with rp_notin_lrept low_lowa_nc have a_nc: "lowjava.lang.StringIndexOutOfBoundsException: Index 17 out of bounds for length 17 by auto from rp_notin_rrept no_rpapply auto have"(lowa(rep p := pa)) no = lowb no ∧ higha no = highb no"
java.lang.StringIndexOutOfBoundsException: Index 15 out of bounds for length 15 with a_nc pa_def no_rp
highp) t)
yuto with pb_def no_rp show ?thesis by simp qed qed qed with:"pt \notin rrep" have"Dag (rep p) lowb (highb(r p := pb))) rer = Dag (rep p) (rep ∝ ab_nc apply - apply (rule heaps_eq_Dag_eq) apply auto done with rept_dag p_nNull show ?thesis by si qed have "(∀
forallσ.ag\acute>id) 🍋rep ∝low) (🍋🍋 proof (intro allI impI) fix pt assume pt_notin_rept ∉ withrept_defbtain
pt_notin_lrept: "pt (<>pt. pt \notintin> se_ofret <onrgtro>\^up\sigmaim>\esuplw p p <acu>l ptt\andd>\^suσhigh pt = 🍋high pt<>"
pt_notin_rrept: "pt \apply (hoare_rule H oreTotal.PoRc1 pt_neq_rp: "pt≠ rep p" by simp with low_lowa_nc ab_nnc show "low pt = lowb pt ∧ by auto
_end_dagshow ?thesis by simp qed done qed done qed qed
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.
