Why3 Standard Library index



Set theories


General Sets

theory SetGen

  type set 'a

if 'a is an infinite type, then set 'a is infinite

  meta "material_type_arg" type set, 0

membership

  predicate mem 'a (set 'a)

equality

  predicate (==) (s1 s2: set 'a) = forall x : 'a. mem x s1 <-> mem x s2

  axiom extensionality:
    forall s1 s2: set 'a. s1 == s2 -> s1 = s2

inclusion

  predicate subset (s1 s2: set 'a) = forall x : 'a. mem x s1 -> mem x s2

  lemma subset_refl:
    forall s: set 'a. subset s s

  lemma subset_trans:
    forall s1 s2 s3: set 'a. subset s1 s2 -> subset s2 s3 -> subset s1 s3

empty set

  constant empty : set 'a

  predicate is_empty (s: set 'a) = forall x: 'a. not (mem x s)

  axiom empty_def1: is_empty (empty : set 'a)

  lemma mem_empty: forall x:'a. mem x empty <-> false

addition

  function add 'a (set 'a) : set 'a

  axiom add_def1:
    forall x y: 'a. forall s: set 'a.
    mem x (add y s) <-> x = y \/ mem x s

  function singleton (x: 'a) : set 'a = add x empty

removal

  function remove 'a (set 'a) : set 'a

  axiom remove_def1:
    forall x y : 'a, s : set 'a.
    mem x (remove y s) <-> x <> y /\ mem x s

  lemma add_remove:
    forall x: 'a, s : set 'a. mem x s -> add x (remove x s) = s

  lemma remove_add:
    forall x: 'a, s : set 'a. remove x (add x s) = remove x s

  lemma subset_remove:
    forall x: 'a, s: set 'a. subset (remove x s) s

union

  function union (set 'a) (set 'a) : set 'a

  axiom union_def1:
    forall s1 s2: set 'a, x: 'a.
    mem x (union s1 s2) <-> mem x s1 \/ mem x s2

intersection

  function inter (set 'a) (set 'a) : set 'a

  axiom inter_def1:
    forall s1 s2: set 'a, x: 'a.
    mem x (inter s1 s2) <-> mem x s1 /\ mem x s2

difference

  function diff (set 'a) (set 'a) : set 'a

  axiom diff_def1:
    forall s1 s2: set 'a, x: 'a.
    mem x (diff s1 s2) <-> mem x s1 /\ not (mem x s2)

  lemma subset_diff:
    forall s1 s2: set 'a. subset (diff s1 s2) s1

arbitrary element

  function choose (s:set 'a) : 'a

  axiom choose_def:
    forall s: set 'a. not (is_empty s) -> mem (choose s) s

end

Potentially infinite sets

theory Set

  clone export SetGen

the set of all x of type 'a

  constant all: set 'a

  axiom all_def: forall x: 'a. mem x all

end

Set Comprehension

theory SetComprehension

  use export Set
  use HighOrd as HO

{ x | p x }

  function comprehension (p: HO.pred 'a) : set 'a

  axiom comprehension_def:
    forall p: HO.pred 'a.
    forall x: 'a. mem x (comprehension p) <-> p x

{ x | x in U and p(x) }

  function filter (p: HO.pred 'a) (u: set 'a) : set 'a =
    comprehension (\ x: 'a. p x /\ mem x u)

{ f x | x in U }

  function map (f: HO.func 'a 'b) (u: set 'a) : set 'b =
    comprehension (\ y: 'b. exists x: 'a. mem x u /\ y = f x)

  lemma map_def:
    forall f: HO.func 'a 'b, u: set 'a.
    forall x: 'a. mem x u -> mem (f x) (map f u)

end

Finite sets

theory Fset

  use import int.Int
  clone export SetGen

  function .
    Fset

  use axiom nonneg>Fs7t

  <>nonneg="keyword1">forall x: 'a. set 'a. subset   Fset

  Int
 ">== sE -> s3x: >s2

axiom y 149t

  <>class="key"keyword1">forall s: set 'a. subset   Fset

  mem xmpty s) -> axiom  s) 1a>:
_   s)lass="keyword1">forall x y : 'a, s : forall s: set 'a.
    not (mem x s2)

  mem (   Fset

  us s) = Int
 ">== 2B/a>:
+ass="ksubset_23">subset   Fset

  axiom  x 1>:
 _   xlass="keyword1">forall x y : 'a, s : forall s: set 'a.
    mem x s -> add x   Fset

  Int
 ">== 2B/a>:
+ass="ksubset_23">subset   Fset

  remove x s) s

uni axiom (<160 _ ef="set.ht="keyword1">forall s1 s2 s3: set 'a. subset s1 s2 -> subset Fset Int ">== 3C -> s hr<s2 subset Fset lemma subset_req<16s2 -> forall s1 s2 s3: set 'a. mem x s1 s2 -> subset Fset remove Fset

i#inter_73">inter== s2 -> s1 = s2 lemma s/a> <1<167t forall s1 s2: set 'a. subset Fset forall x: 'a. mem x u -> remove /a> s) s end

Finite sets

theory SetComprehens>:
  cla">SetComprehess="keyword1">use export Set
 >

  use import int.Int
  clone as HO

{ x | p x }

 

  function filter (p:
  .pred 'a) (u: set 'a) : set 'a =
    axiom forall p: HO.pred 'a.
    set 'a.
    forall x: 'a. mem x u -> remover (p:
  .pred 'a) (p"ke.html(et.html#mem_14">mem x u)

{ f x |yword1">lemma sr ( F88 .pred a/a> forall p: HO.pred 'a. set 'a. subset Fset remover (p: .pred 'a) (p"ke.hInt_11">Int ">== 3C -> s hr<s2 subset Fset

  function map (f: H92func 'a 'b) (u: set 'a) : set 'b =
    axiom forall f: HO.func 'a 'b, u: set 'a.
    forall x: 'a. mem x u)

{yml#map_129">map f u) 92func 'a 'bf"ke.html(ord1">exists x: 'a. mem x u /\ y = f x) lemma map_def1<198 forall s1 s2: set 'a. forall x: 'a. mem x u -> mem (f x) (map f u) 92func 'a 'bf"kekeyword1">lemma map_def< 20 forall p: HO.pred 'a. u: set 'a. subset Fset removef u) 92func 'a 'bf"ke.hInt_11">Int ">== 3C -> s hr<s2 subset Fset end

Finite sets

theory use import int.Int clone import int.Set > function map nth>2 (set 'a) = axiom chnth>inj 2 6inj forall s1 s2: set 'a. Int ">== 3C -> s hr<s2 Int ">== 3C_ 6subset Fset Int ">== 3C -> s hr<s2 Int ">== 3C_ 6subset Fset subsetnth>2 (subsetnth>2 (axiom chnth>surj 2_defnth>surj forall s1 s2: set 'a. mem x u -> forall s1 'a. Int ">== 3C -> s hr<s2 Int ">== 3C_ 6subset Fset removenth>2 (end

Finite sets

theory Set claInduame=">2_8an claInduame="ss="keyword1">use import int.Set > function set 'as1 s2fuass="keyword1">function <is_ep1 s(use uss1 s2fuass="ekeyword1">lemma map_Induame=">2>: exists x: s2: set 'a. uss1 s2fuass="ml#mem_14">mem xmpty s) -> subsetp1 s(exists x: s2: set 'a. uss1 s2fuass="ml#mem_14">mem xp1 s(false set 'as1 s2fuass="m"keywml#rd1">not (mem x s2) mem (p1 s(us s) = forall x: 'a. set 'a. uss1 s2fuass="ml#mem_14">mem xp1 s(end

Finite sets

 ger class="keyword1">theory Set

 cla<->_246an clainass="keyword1">use import inthref="set.htmlhtml#Int_11">Int
  clone import inthref="set.html#Set_99">Set
 >

  function map (in_el>_25> <(in_el>span class="keyword1">use axiom forall s1 s2: set 'a. not (is_empty s) -> mem (choose(in_el>_25> <(in_el>span ="keys ord1">axiom forall s1 s2: set 'a. not (mem x s -> add x(in_el>_25> <(in_el>span =.hInt_11">Int
 ">== 3C -> s hr<s2

function map (ax_el>_258  span class="keyword1">use axiom forall s1 s2: set 'a. not (is_empty s) -> mem (choose(ax_el>_258  span ="keys ord1">axiom forall s1 s2: set 'a. not (mem x s -> Int
 ">== 3C -> s hr<s2

choose(ax_el>_258  span =keyword1">function map <-> 26:
    set 'a. axiom inter_dv0">/a>:267t/a>lass=word1">forall x y : 'a, s : mem x s -> inter s1v0">26:
    Int
 ">== 3C -> s hr<s2

Int
 ">== 3C_ 6lemma s/a>

  <_a> s1v0">269t

  <>   forall s1 s2: mem x   Fset

  removea> s1v0">26:
    forall x: if href="sl hInt_11">Int
 ">== 3C -> s hr<s2

function Int
 ">==-_100
 -span l ord1">import inth>

additbershrd1">end

Finite sets


theory Set

Min_276use import int.Set
 >

  use import int.Int
  function set 'aparam_28> <function set 'ael>_283nth>ass="keyword1">function map cos>_28et2

chooseparam_28> <chooseel>_283nth>ass=".s
    axiom map (in_287 <(in2

chooseparam_28> <use usel>_283nth>ass=").s
    axiom forall p: HO.pred 'a.
    #choose_90">chooseparam_28> <use usel>_283nth>ass=", etlass="keyword1">usel>_283nth>ass=".womem_14">mem x s -> add xcos>_28et2

Int ">== 3E -> s3x: >s2 add x(in_287 <(in2

axiom forall p: HO.pred 'a. #choose_90">chooseparam_28> <use usel>_283nth>ass=".word1">not (is_empty s) -> not (usel>_283nth>ass=".womem_14">mem x s -> mem xcos>_28et2

remove(in_287 <(in2

end

Finite setssum =" pre> theory Set claSum_299an claSum2 use import int.use import int.Int clone import int.Set > as HO

{ xSkeyword1">function singum_30>: ms="k/class="keyword1">use

=o"s=">e> is ium s fte

>ss="keyword1">function :y
s0panSum_/a>:yss=" ="keyword1">forall p: HO.pred 'a. ml#subset_23">subset: ms="k/cS.lass="keyword1">use>

removml#set_8">set 'a) = axiom forall s1 s2: set 'a. not (not (mem x s2) mem (: ms="k/cS.lass="keyword1">us s) = remove: ms="k/s f.hInt_11">Int ">== 2B/a>: +ass="f/xkeyword1">function sSum_ x 315 cSum_ xlass="keyword1">forall x y : 'a, s : set 'a. not (mem x s -> add x: ms="k/cS.lass="keyword1">us x s) s

uniof.ml#remove_50">remove: ms="k/s f.hInt_11">Int ">==-_100 -span f/xkeyword1">function sSum_/a>: /a> s)3y: /a> slass="keyword1">forall x y : 'a, s : set 'a. not (not (usmpty s) -> function us /a> s) s import int."singlet"keywmoremove_50">remove: ms="k/s f.lass=.hInt_11">Int ">== 2B/a>: +ass="#add_41">add x: ms="k/cS.lass="keyword1">us x s) s

uniofkeyword1">function sSum_pan citivi forall x y : 'a, s : set 'a. not (add x: ms="k/cS.lass="keyword1">usa> s1 s2) <-> remove: ms="k/s1 f.hInt_11">Int ">== 2B/a>: +ass="#remove_50">remove: ms="k/s2 f.hInt_11">Int ">==-_100 -span #add_41">add x: ms="k/cS.lass="keyword1">usa> s1 s2) <-> function sSum_eq/prforall s1 s2 s3: set 'a. not (exists x: s2: us s -> add x: ms="k/sof.ml#remove_50">remove: ms="k/s gyword1">end

Set Comprehensiontheory Set use import int.use import int.use import int.function set 'a. map.emovef u)function <is_e s -346an"set.htmlt.ht)html#set_8">set 'a) : 344 href="set.hass="[x]ss=Truekeyword1">clone empty : set 'a) 344 href="set.html#add_41">map.emovec nam s8pan nam="setFe> predicate is_empty (s) sset 'a) 344 href="set.hkeyword1">forall x : 'a. not (mem x s2)346an"set.htm>uni axiom is_eEty_def1a>: Ety_def1set 'ampty (s) sempty : set 'a) 344 href="set.hi axiom add 'a (<354set 'a) : 344 href="set.hasml#set_8">set 'a) 344 href="set.html"[x <-=True] axiom add ' x 3>: set 'a) : 344 href="set.hasml#set_8">set 'a) 344 href="set.htmll"[x <-=Fe> <] axiom add 'a> s1 358ref="set.html#set_8">set 'a) (<344 href="set.hasl#set_8">set 'a) (<344 href="set.hasml#set_8">set 'a) 344 href="set.h axiom forall p: HO.pred 'a. ="set.ml#set_8">set 'a. not (union s1 358ref="set.htmf="set[x]ss=lass="keybool.emoveorb_ 6function map <-> <_364ref="set.html#set_8">set 'a) (<344 href="set.hasl#set_8">set 'a) (<344 href="set.hasml#set_8">set 'a) 344 href="set.h axiom forall p: HO.pred 'a. ="set.ml#set_8">set 'a. not (union <_364ref="set.htmf="set[x]ss=lass="keybool.emoveandb_ 0 andbt.htmf=[x]ss2[x]keyword1">function map s1 s37ref="set.html#set_8">set 'a) (<344 href="set.hasl#set_8">set 'a) (<344 href="set.hasml#set_8">set 'a) 344 href="set.h axiom forall p: HO.pred 'a. ="set.ml#set_8">set 'a. not (unionaxiom is_e> set 'a. forall x : 'a. forall(* dubious ame=": >: axiom is_e s138/a>: "setl="set.ml#set_8">set 'a. forall x : 'a. mem x s2)346an"set.htm>un.html#mem_14">mem x s2 346an"set.htm>unrkeyword1">lemma co (\ set 'a) (<344 href="set.hasml#set_8">set 'a) 344 href="set.h axiom forall p: HO.pred 'a. =.ml#set_8">set 'a. not (unionco (\ forall

Set Cmprehens/c">>"why3dop>
="d by pre>

>