From f77e3f9cbe2ea7abeb4be815bdbf33d0c98076c2 Mon Sep 17 00:00:00 2001 From: Nadrieril Date: Mon, 27 May 2024 13:28:28 +0200 Subject: tests: Rename betree_main -> betree --- tests/hol4/betree/betreeMain_FunsScript.sml | 1212 ----------------- tests/hol4/betree/betreeMain_FunsTheory.sig | 1230 ----------------- tests/hol4/betree/betreeMain_OpaqueScript.sml | 26 - tests/hol4/betree/betreeMain_OpaqueTheory.sig | 11 - tests/hol4/betree/betreeMain_TypesScript.sml | 76 -- tests/hol4/betree/betreeMain_TypesTheory.sig | 1751 ------------------------- tests/hol4/betree/betree_FunsScript.sml | 1212 +++++++++++++++++ tests/hol4/betree/betree_FunsTheory.sig | 1230 +++++++++++++++++ tests/hol4/betree/betree_OpaqueScript.sml | 26 + tests/hol4/betree/betree_OpaqueTheory.sig | 11 + tests/hol4/betree/betree_TypesScript.sml | 76 ++ tests/hol4/betree/betree_TypesTheory.sig | 1751 +++++++++++++++++++++++++ 12 files changed, 4306 insertions(+), 4306 deletions(-) delete mode 100644 tests/hol4/betree/betreeMain_FunsScript.sml delete mode 100644 tests/hol4/betree/betreeMain_FunsTheory.sig delete mode 100644 tests/hol4/betree/betreeMain_OpaqueScript.sml delete mode 100644 tests/hol4/betree/betreeMain_OpaqueTheory.sig delete mode 100644 tests/hol4/betree/betreeMain_TypesScript.sml delete mode 100644 tests/hol4/betree/betreeMain_TypesTheory.sig create mode 100644 tests/hol4/betree/betree_FunsScript.sml create mode 100644 tests/hol4/betree/betree_FunsTheory.sig create mode 100644 tests/hol4/betree/betree_OpaqueScript.sml create mode 100644 tests/hol4/betree/betree_OpaqueTheory.sig create mode 100644 tests/hol4/betree/betree_TypesScript.sml create mode 100644 tests/hol4/betree/betree_TypesTheory.sig (limited to 'tests/hol4/betree') diff --git a/tests/hol4/betree/betreeMain_FunsScript.sml b/tests/hol4/betree/betreeMain_FunsScript.sml deleted file mode 100644 index bd16c16c..00000000 --- a/tests/hol4/betree/betreeMain_FunsScript.sml +++ /dev/null @@ -1,1212 +0,0 @@ -(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) -(** [betree_main]: function definitions *) -open primitivesLib divDefLib -open betreeMain_TypesTheory betreeMain_OpaqueTheory - -val _ = new_theory "betreeMain_Funs" - - -val betree_load_internal_node_fwd_def = Define ‘ - (** [betree_main::betree::load_internal_node]: forward function *) - betree_load_internal_node_fwd - (id : u64) (st : state) : - (state # (u64 # betree_message_t) betree_list_t) result - = - betree_utils_load_internal_node_fwd id st -’ - -val betree_store_internal_node_fwd_def = Define ‘ - (** [betree_main::betree::store_internal_node]: forward function *) - betree_store_internal_node_fwd - (id : u64) (content : (u64 # betree_message_t) betree_list_t) (st : state) - : - (state # unit) result - = - do - (st0, _) <- betree_utils_store_internal_node_fwd id content st; - Return (st0, ()) - od -’ - -val betree_load_leaf_node_fwd_def = Define ‘ - (** [betree_main::betree::load_leaf_node]: forward function *) - betree_load_leaf_node_fwd - (id : u64) (st : state) : (state # (u64 # u64) betree_list_t) result = - betree_utils_load_leaf_node_fwd id st -’ - -val betree_store_leaf_node_fwd_def = Define ‘ - (** [betree_main::betree::store_leaf_node]: forward function *) - betree_store_leaf_node_fwd - (id : u64) (content : (u64 # u64) betree_list_t) (st : state) : - (state # unit) result - = - do - (st0, _) <- betree_utils_store_leaf_node_fwd id content st; - Return (st0, ()) - od -’ - -val betree_fresh_node_id_fwd_def = Define ‘ - (** [betree_main::betree::fresh_node_id]: forward function *) - betree_fresh_node_id_fwd (counter : u64) : u64 result = - do - _ <- u64_add counter (int_to_u64 1); - Return counter - od -’ - -val betree_fresh_node_id_back_def = Define ‘ - (** [betree_main::betree::fresh_node_id]: backward function 0 *) - betree_fresh_node_id_back (counter : u64) : u64 result = - u64_add counter (int_to_u64 1) -’ - -val betree_node_id_counter_new_fwd_def = Define ‘ - (** [betree_main::betree::NodeIdCounter::{0}::new]: forward function *) - betree_node_id_counter_new_fwd : betree_node_id_counter_t result = - Return (<| betree_node_id_counter_next_node_id := (int_to_u64 0) |>) -’ - -val betree_node_id_counter_fresh_id_fwd_def = Define ‘ - (** [betree_main::betree::NodeIdCounter::{0}::fresh_id]: forward function *) - betree_node_id_counter_fresh_id_fwd - (self : betree_node_id_counter_t) : u64 result = - do - _ <- u64_add self.betree_node_id_counter_next_node_id (int_to_u64 1); - Return self.betree_node_id_counter_next_node_id - od -’ - -val betree_node_id_counter_fresh_id_back_def = Define ‘ - (** [betree_main::betree::NodeIdCounter::{0}::fresh_id]: backward function 0 *) - betree_node_id_counter_fresh_id_back - (self : betree_node_id_counter_t) : betree_node_id_counter_t result = - do - i <- u64_add self.betree_node_id_counter_next_node_id (int_to_u64 1); - Return (<| betree_node_id_counter_next_node_id := i |>) - od -’ - -val betree_upsert_update_fwd_def = Define ‘ - (** [betree_main::betree::upsert_update]: forward function *) - betree_upsert_update_fwd - (prev : u64 option) (st : betree_upsert_fun_state_t) : u64 result = - (case prev of - | NONE => - (case st of - | BetreeUpsertFunStateAdd v => Return v - | BetreeUpsertFunStateSub i => Return (int_to_u64 0)) - | SOME prev0 => - (case st of - | BetreeUpsertFunStateAdd v => - do - margin <- u64_sub core_u64_max prev0; - if u64_ge margin v then u64_add prev0 v else Return core_u64_max - od - | BetreeUpsertFunStateSub v => - if u64_ge prev0 v then u64_sub prev0 v else Return (int_to_u64 0))) -’ - -val [betree_list_len_fwd_def] = DefineDiv ‘ - (** [betree_main::betree::List::{1}::len]: forward function *) - betree_list_len_fwd (self : 't betree_list_t) : u64 result = - (case self of - | BetreeListCons t tl => - do - i <- betree_list_len_fwd tl; - u64_add (int_to_u64 1) i - od - | BetreeListNil => Return (int_to_u64 0)) -’ - -val [betree_list_split_at_fwd_def] = DefineDiv ‘ - (** [betree_main::betree::List::{1}::split_at]: forward function *) - betree_list_split_at_fwd - (self : 't betree_list_t) (n : u64) : - ('t betree_list_t # 't betree_list_t) result - = - if n = int_to_u64 0 - then Return (BetreeListNil, self) - else - (case self of - | BetreeListCons hd tl => - do - i <- u64_sub n (int_to_u64 1); - p <- betree_list_split_at_fwd tl i; - let (ls0, ls1) = p in let l = ls0 in Return (BetreeListCons hd l, ls1) - od - | BetreeListNil => Fail Failure) -’ - -val betree_list_push_front_fwd_back_def = Define ‘ - (** [betree_main::betree::List::{1}::push_front]: merged forward/backward function - (there is a single backward function, and the forward function returns ()) *) - betree_list_push_front_fwd_back - (self : 't betree_list_t) (x : 't) : 't betree_list_t result = - let tl = mem_replace_fwd self BetreeListNil in - let l = tl in - Return (BetreeListCons x l) -’ - -val betree_list_pop_front_fwd_def = Define ‘ - (** [betree_main::betree::List::{1}::pop_front]: forward function *) - betree_list_pop_front_fwd (self : 't betree_list_t) : 't result = - let ls = mem_replace_fwd self BetreeListNil in - (case ls of - | BetreeListCons x tl => Return x - | BetreeListNil => Fail Failure) -’ - -val betree_list_pop_front_back_def = Define ‘ - (** [betree_main::betree::List::{1}::pop_front]: backward function 0 *) - betree_list_pop_front_back - (self : 't betree_list_t) : 't betree_list_t result = - let ls = mem_replace_fwd self BetreeListNil in - (case ls of - | BetreeListCons x tl => Return tl - | BetreeListNil => Fail Failure) -’ - -val betree_list_hd_fwd_def = Define ‘ - (** [betree_main::betree::List::{1}::hd]: forward function *) - betree_list_hd_fwd (self : 't betree_list_t) : 't result = - (case self of - | BetreeListCons hd l => Return hd - | BetreeListNil => Fail Failure) -’ - -val betree_list_head_has_key_fwd_def = Define ‘ - (** [betree_main::betree::List::{2}::head_has_key]: forward function *) - betree_list_head_has_key_fwd - (self : (u64 # 't) betree_list_t) (key : u64) : bool result = - (case self of - | BetreeListCons hd l => let (i, _) = hd in Return (i = key) - | BetreeListNil => Return F) -’ - -val [betree_list_partition_at_pivot_fwd_def] = DefineDiv ‘ - (** [betree_main::betree::List::{2}::partition_at_pivot]: forward function *) - betree_list_partition_at_pivot_fwd - (self : (u64 # 't) betree_list_t) (pivot : u64) : - ((u64 # 't) betree_list_t # (u64 # 't) betree_list_t) result - = - (case self of - | BetreeListCons hd tl => - let (i, t) = hd in - if u64_ge i pivot - then Return (BetreeListNil, BetreeListCons (i, t) tl) - else ( - do - p <- betree_list_partition_at_pivot_fwd tl pivot; - let (ls0, ls1) = p in - let l = ls0 in - Return (BetreeListCons (i, t) l, ls1) - od) - | BetreeListNil => Return (BetreeListNil, BetreeListNil)) -’ - -val betree_leaf_split_fwd_def = Define ‘ - (** [betree_main::betree::Leaf::{3}::split]: forward function *) - betree_leaf_split_fwd - (self : betree_leaf_t) (content : (u64 # u64) betree_list_t) - (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t) - (st : state) : - (state # betree_internal_t) result - = - do - p <- betree_list_split_at_fwd content params.betree_params_split_size; - let (content0, content1) = p in - do - p0 <- betree_list_hd_fwd content1; - let (pivot, _) = p0 in - do - id0 <- betree_node_id_counter_fresh_id_fwd node_id_cnt; - node_id_cnt0 <- betree_node_id_counter_fresh_id_back node_id_cnt; - id1 <- betree_node_id_counter_fresh_id_fwd node_id_cnt0; - (st0, _) <- betree_store_leaf_node_fwd id0 content0 st; - (st1, _) <- betree_store_leaf_node_fwd id1 content1 st0; - let n = BetreeNodeLeaf - (<| - betree_leaf_id := id0; - betree_leaf_size := params.betree_params_split_size - |>) in - let n0 = BetreeNodeLeaf - (<| - betree_leaf_id := id1; - betree_leaf_size := params.betree_params_split_size - |>) in - Return (st1, - <| - betree_internal_id := self.betree_leaf_id; - betree_internal_pivot := pivot; - betree_internal_left := n; - betree_internal_right := n0 - |>) - od - od - od -’ - -val betree_leaf_split_back_def = Define ‘ - (** [betree_main::betree::Leaf::{3}::split]: backward function 2 *) - betree_leaf_split_back - (self : betree_leaf_t) (content : (u64 # u64) betree_list_t) - (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t) - (st : state) : - betree_node_id_counter_t result - = - do - p <- betree_list_split_at_fwd content params.betree_params_split_size; - let (content0, content1) = p in - do - _ <- betree_list_hd_fwd content1; - id0 <- betree_node_id_counter_fresh_id_fwd node_id_cnt; - node_id_cnt0 <- betree_node_id_counter_fresh_id_back node_id_cnt; - id1 <- betree_node_id_counter_fresh_id_fwd node_id_cnt0; - (st0, _) <- betree_store_leaf_node_fwd id0 content0 st; - _ <- betree_store_leaf_node_fwd id1 content1 st0; - betree_node_id_counter_fresh_id_back node_id_cnt0 - od - od -’ - -val [betree_node_lookup_first_message_for_key_fwd_def] = DefineDiv ‘ - (** [betree_main::betree::Node::{5}::lookup_first_message_for_key]: forward function *) - betree_node_lookup_first_message_for_key_fwd - (key : u64) (msgs : (u64 # betree_message_t) betree_list_t) : - (u64 # betree_message_t) betree_list_t result - = - (case msgs of - | BetreeListCons x next_msgs => - let (i, m) = x in - if u64_ge i key - then Return (BetreeListCons (i, m) next_msgs) - else betree_node_lookup_first_message_for_key_fwd key next_msgs - | BetreeListNil => Return BetreeListNil) -’ - -val [betree_node_lookup_first_message_for_key_back_def] = DefineDiv ‘ - (** [betree_main::betree::Node::{5}::lookup_first_message_for_key]: backward function 0 *) - betree_node_lookup_first_message_for_key_back - (key : u64) (msgs : (u64 # betree_message_t) betree_list_t) - (ret : (u64 # betree_message_t) betree_list_t) : - (u64 # betree_message_t) betree_list_t result - = - (case msgs of - | BetreeListCons x next_msgs => - let (i, m) = x in - if u64_ge i key - then Return ret - else ( - do - next_msgs0 <- - betree_node_lookup_first_message_for_key_back key next_msgs ret; - Return (BetreeListCons (i, m) next_msgs0) - od) - | BetreeListNil => Return ret) -’ - -val [betree_node_apply_upserts_fwd_def] = DefineDiv ‘ - (** [betree_main::betree::Node::{5}::apply_upserts]: forward function *) - betree_node_apply_upserts_fwd - (msgs : (u64 # betree_message_t) betree_list_t) (prev : u64 option) - (key : u64) (st : state) : - (state # u64) result - = - do - b <- betree_list_head_has_key_fwd msgs key; - if b - then ( - do - msg <- betree_list_pop_front_fwd msgs; - let (_, m) = msg in - (case m of - | BetreeMessageInsert i => Fail Failure - | BetreeMessageDelete => Fail Failure - | BetreeMessageUpsert s => - do - v <- betree_upsert_update_fwd prev s; - msgs0 <- betree_list_pop_front_back msgs; - betree_node_apply_upserts_fwd msgs0 (SOME v) key st - od) - od) - else ( - do - (st0, v) <- core_option_option_unwrap_fwd prev st; - _ <- betree_list_push_front_fwd_back msgs (key, BetreeMessageInsert v); - Return (st0, v) - od) - od -’ - -val [betree_node_apply_upserts_back_def] = DefineDiv ‘ - (** [betree_main::betree::Node::{5}::apply_upserts]: backward function 0 *) - betree_node_apply_upserts_back - (msgs : (u64 # betree_message_t) betree_list_t) (prev : u64 option) - (key : u64) (st : state) : - (u64 # betree_message_t) betree_list_t result - = - do - b <- betree_list_head_has_key_fwd msgs key; - if b - then ( - do - msg <- betree_list_pop_front_fwd msgs; - let (_, m) = msg in - (case m of - | BetreeMessageInsert i => Fail Failure - | BetreeMessageDelete => Fail Failure - | BetreeMessageUpsert s => - do - v <- betree_upsert_update_fwd prev s; - msgs0 <- betree_list_pop_front_back msgs; - betree_node_apply_upserts_back msgs0 (SOME v) key st - od) - od) - else ( - do - (_, v) <- core_option_option_unwrap_fwd prev st; - betree_list_push_front_fwd_back msgs (key, BetreeMessageInsert v) - od) - od -’ - -val [betree_node_lookup_in_bindings_fwd_def] = DefineDiv ‘ - (** [betree_main::betree::Node::{5}::lookup_in_bindings]: forward function *) - betree_node_lookup_in_bindings_fwd - (key : u64) (bindings : (u64 # u64) betree_list_t) : u64 option result = - (case bindings of - | BetreeListCons hd tl => - let (i, i0) = hd in - if i = key - then Return (SOME i0) - else - if u64_gt i key - then Return NONE - else betree_node_lookup_in_bindings_fwd key tl - | BetreeListNil => Return NONE) -’ - -val [betree_internal_lookup_in_children_fwd_def, betree_internal_lookup_in_children_back_def, betree_node_lookup_fwd_def, betree_node_lookup_back_def] = DefineDiv ‘ - (** [betree_main::betree::Internal::{4}::lookup_in_children]: forward function *) - (betree_internal_lookup_in_children_fwd - (self : betree_internal_t) (key : u64) (st : state) : - (state # u64 option) result - = - if u64_lt key self.betree_internal_pivot - then betree_node_lookup_fwd self.betree_internal_left key st - else betree_node_lookup_fwd self.betree_internal_right key st) - /\ - - (** [betree_main::betree::Internal::{4}::lookup_in_children]: backward function 0 *) - (betree_internal_lookup_in_children_back - (self : betree_internal_t) (key : u64) (st : state) : - betree_internal_t result - = - if u64_lt key self.betree_internal_pivot - then ( - do - n <- betree_node_lookup_back self.betree_internal_left key st; - Return (self with <| betree_internal_left := n |>) - od) - else ( - do - n <- betree_node_lookup_back self.betree_internal_right key st; - Return (self with <| betree_internal_right := n |>) - od)) - /\ - - (** [betree_main::betree::Node::{5}::lookup]: forward function *) - (betree_node_lookup_fwd - (self : betree_node_t) (key : u64) (st : state) : - (state # u64 option) result - = - (case self of - | BetreeNodeInternal node => - do - (st0, msgs) <- betree_load_internal_node_fwd node.betree_internal_id st; - pending <- betree_node_lookup_first_message_for_key_fwd key msgs; - (case pending of - | BetreeListCons p l => - let (k, msg) = p in - if k <> key - then ( - do - (st1, opt) <- betree_internal_lookup_in_children_fwd node key st0; - _ <- - betree_node_lookup_first_message_for_key_back key msgs - (BetreeListCons (k, msg) l); - Return (st1, opt) - od) - else - (case msg of - | BetreeMessageInsert v => - do - _ <- - betree_node_lookup_first_message_for_key_back key msgs - (BetreeListCons (k, BetreeMessageInsert v) l); - Return (st0, SOME v) - od - | BetreeMessageDelete => - do - _ <- - betree_node_lookup_first_message_for_key_back key msgs - (BetreeListCons (k, BetreeMessageDelete) l); - Return (st0, NONE) - od - | BetreeMessageUpsert ufs => - do - (st1, v) <- betree_internal_lookup_in_children_fwd node key st0; - (st2, v0) <- - betree_node_apply_upserts_fwd (BetreeListCons (k, - BetreeMessageUpsert ufs) l) v key st1; - node0 <- betree_internal_lookup_in_children_back node key st0; - pending0 <- - betree_node_apply_upserts_back (BetreeListCons (k, - BetreeMessageUpsert ufs) l) v key st1; - msgs0 <- - betree_node_lookup_first_message_for_key_back key msgs pending0; - (st3, _) <- - betree_store_internal_node_fwd node0.betree_internal_id msgs0 st2; - Return (st3, SOME v0) - od) - | BetreeListNil => - do - (st1, opt) <- betree_internal_lookup_in_children_fwd node key st0; - _ <- - betree_node_lookup_first_message_for_key_back key msgs BetreeListNil; - Return (st1, opt) - od) - od - | BetreeNodeLeaf node => - do - (st0, bindings) <- betree_load_leaf_node_fwd node.betree_leaf_id st; - opt <- betree_node_lookup_in_bindings_fwd key bindings; - Return (st0, opt) - od)) - /\ - - (** [betree_main::betree::Node::{5}::lookup]: backward function 0 *) - betree_node_lookup_back - (self : betree_node_t) (key : u64) (st : state) : betree_node_t result = - (case self of - | BetreeNodeInternal node => - do - (st0, msgs) <- betree_load_internal_node_fwd node.betree_internal_id st; - pending <- betree_node_lookup_first_message_for_key_fwd key msgs; - (case pending of - | BetreeListCons p l => - let (k, msg) = p in - if k <> key - then ( - do - _ <- - betree_node_lookup_first_message_for_key_back key msgs - (BetreeListCons (k, msg) l); - node0 <- betree_internal_lookup_in_children_back node key st0; - Return (BetreeNodeInternal node0) - od) - else - (case msg of - | BetreeMessageInsert v => - do - _ <- - betree_node_lookup_first_message_for_key_back key msgs - (BetreeListCons (k, BetreeMessageInsert v) l); - Return (BetreeNodeInternal node) - od - | BetreeMessageDelete => - do - _ <- - betree_node_lookup_first_message_for_key_back key msgs - (BetreeListCons (k, BetreeMessageDelete) l); - Return (BetreeNodeInternal node) - od - | BetreeMessageUpsert ufs => - do - (st1, v) <- betree_internal_lookup_in_children_fwd node key st0; - (st2, _) <- - betree_node_apply_upserts_fwd (BetreeListCons (k, - BetreeMessageUpsert ufs) l) v key st1; - node0 <- betree_internal_lookup_in_children_back node key st0; - pending0 <- - betree_node_apply_upserts_back (BetreeListCons (k, - BetreeMessageUpsert ufs) l) v key st1; - msgs0 <- - betree_node_lookup_first_message_for_key_back key msgs pending0; - _ <- - betree_store_internal_node_fwd node0.betree_internal_id msgs0 st2; - Return (BetreeNodeInternal node0) - od) - | BetreeListNil => - do - _ <- - betree_node_lookup_first_message_for_key_back key msgs BetreeListNil; - node0 <- betree_internal_lookup_in_children_back node key st0; - Return (BetreeNodeInternal node0) - od) - od - | BetreeNodeLeaf node => - do - (_, bindings) <- betree_load_leaf_node_fwd node.betree_leaf_id st; - _ <- betree_node_lookup_in_bindings_fwd key bindings; - Return (BetreeNodeLeaf node) - od) -’ - -val [betree_node_filter_messages_for_key_fwd_back_def] = DefineDiv ‘ - (** [betree_main::betree::Node::{5}::filter_messages_for_key]: merged forward/backward function - (there is a single backward function, and the forward function returns ()) *) - betree_node_filter_messages_for_key_fwd_back - (key : u64) (msgs : (u64 # betree_message_t) betree_list_t) : - (u64 # betree_message_t) betree_list_t result - = - (case msgs of - | BetreeListCons p l => - let (k, m) = p in - if k = key - then ( - do - msgs0 <- betree_list_pop_front_back (BetreeListCons (k, m) l); - betree_node_filter_messages_for_key_fwd_back key msgs0 - od) - else Return (BetreeListCons (k, m) l) - | BetreeListNil => Return BetreeListNil) -’ - -val [betree_node_lookup_first_message_after_key_fwd_def] = DefineDiv ‘ - (** [betree_main::betree::Node::{5}::lookup_first_message_after_key]: forward function *) - betree_node_lookup_first_message_after_key_fwd - (key : u64) (msgs : (u64 # betree_message_t) betree_list_t) : - (u64 # betree_message_t) betree_list_t result - = - (case msgs of - | BetreeListCons p next_msgs => - let (k, m) = p in - if k = key - then betree_node_lookup_first_message_after_key_fwd key next_msgs - else Return (BetreeListCons (k, m) next_msgs) - | BetreeListNil => Return BetreeListNil) -’ - -val [betree_node_lookup_first_message_after_key_back_def] = DefineDiv ‘ - (** [betree_main::betree::Node::{5}::lookup_first_message_after_key]: backward function 0 *) - betree_node_lookup_first_message_after_key_back - (key : u64) (msgs : (u64 # betree_message_t) betree_list_t) - (ret : (u64 # betree_message_t) betree_list_t) : - (u64 # betree_message_t) betree_list_t result - = - (case msgs of - | BetreeListCons p next_msgs => - let (k, m) = p in - if k = key - then ( - do - next_msgs0 <- - betree_node_lookup_first_message_after_key_back key next_msgs ret; - Return (BetreeListCons (k, m) next_msgs0) - od) - else Return ret - | BetreeListNil => Return ret) -’ - -val betree_node_apply_to_internal_fwd_back_def = Define ‘ - (** [betree_main::betree::Node::{5}::apply_to_internal]: merged forward/backward function - (there is a single backward function, and the forward function returns ()) *) - betree_node_apply_to_internal_fwd_back - (msgs : (u64 # betree_message_t) betree_list_t) (key : u64) - (new_msg : betree_message_t) : - (u64 # betree_message_t) betree_list_t result - = - do - msgs0 <- betree_node_lookup_first_message_for_key_fwd key msgs; - b <- betree_list_head_has_key_fwd msgs0 key; - if b - then - (case new_msg of - | BetreeMessageInsert i => - do - msgs1 <- betree_node_filter_messages_for_key_fwd_back key msgs0; - msgs2 <- - betree_list_push_front_fwd_back msgs1 (key, BetreeMessageInsert i); - betree_node_lookup_first_message_for_key_back key msgs msgs2 - od - | BetreeMessageDelete => - do - msgs1 <- betree_node_filter_messages_for_key_fwd_back key msgs0; - msgs2 <- - betree_list_push_front_fwd_back msgs1 (key, BetreeMessageDelete); - betree_node_lookup_first_message_for_key_back key msgs msgs2 - od - | BetreeMessageUpsert s => - do - p <- betree_list_hd_fwd msgs0; - let (_, m) = p in - (case m of - | BetreeMessageInsert prev => - do - v <- betree_upsert_update_fwd (SOME prev) s; - msgs1 <- betree_list_pop_front_back msgs0; - msgs2 <- - betree_list_push_front_fwd_back msgs1 (key, BetreeMessageInsert v); - betree_node_lookup_first_message_for_key_back key msgs msgs2 - od - | BetreeMessageDelete => - do - v <- betree_upsert_update_fwd NONE s; - msgs1 <- betree_list_pop_front_back msgs0; - msgs2 <- - betree_list_push_front_fwd_back msgs1 (key, BetreeMessageInsert v); - betree_node_lookup_first_message_for_key_back key msgs msgs2 - od - | BetreeMessageUpsert ufs => - do - msgs1 <- betree_node_lookup_first_message_after_key_fwd key msgs0; - msgs2 <- - betree_list_push_front_fwd_back msgs1 (key, BetreeMessageUpsert s); - msgs3 <- - betree_node_lookup_first_message_after_key_back key msgs0 msgs2; - betree_node_lookup_first_message_for_key_back key msgs msgs3 - od) - od) - else ( - do - msgs1 <- betree_list_push_front_fwd_back msgs0 (key, new_msg); - betree_node_lookup_first_message_for_key_back key msgs msgs1 - od) - od -’ - -val [betree_node_apply_messages_to_internal_fwd_back_def] = DefineDiv ‘ - (** [betree_main::betree::Node::{5}::apply_messages_to_internal]: merged forward/backward function - (there is a single backward function, and the forward function returns ()) *) - betree_node_apply_messages_to_internal_fwd_back - (msgs : (u64 # betree_message_t) betree_list_t) - (new_msgs : (u64 # betree_message_t) betree_list_t) : - (u64 # betree_message_t) betree_list_t result - = - (case new_msgs of - | BetreeListCons new_msg new_msgs_tl => - let (i, m) = new_msg in - do - msgs0 <- betree_node_apply_to_internal_fwd_back msgs i m; - betree_node_apply_messages_to_internal_fwd_back msgs0 new_msgs_tl - od - | BetreeListNil => Return msgs) -’ - -val [betree_node_lookup_mut_in_bindings_fwd_def] = DefineDiv ‘ - (** [betree_main::betree::Node::{5}::lookup_mut_in_bindings]: forward function *) - betree_node_lookup_mut_in_bindings_fwd - (key : u64) (bindings : (u64 # u64) betree_list_t) : - (u64 # u64) betree_list_t result - = - (case bindings of - | BetreeListCons hd tl => - let (i, i0) = hd in - if u64_ge i key - then Return (BetreeListCons (i, i0) tl) - else betree_node_lookup_mut_in_bindings_fwd key tl - | BetreeListNil => Return BetreeListNil) -’ - -val [betree_node_lookup_mut_in_bindings_back_def] = DefineDiv ‘ - (** [betree_main::betree::Node::{5}::lookup_mut_in_bindings]: backward function 0 *) - betree_node_lookup_mut_in_bindings_back - (key : u64) (bindings : (u64 # u64) betree_list_t) - (ret : (u64 # u64) betree_list_t) : - (u64 # u64) betree_list_t result - = - (case bindings of - | BetreeListCons hd tl => - let (i, i0) = hd in - if u64_ge i key - then Return ret - else ( - do - tl0 <- betree_node_lookup_mut_in_bindings_back key tl ret; - Return (BetreeListCons (i, i0) tl0) - od) - | BetreeListNil => Return ret) -’ - -val betree_node_apply_to_leaf_fwd_back_def = Define ‘ - (** [betree_main::betree::Node::{5}::apply_to_leaf]: merged forward/backward function - (there is a single backward function, and the forward function returns ()) *) - betree_node_apply_to_leaf_fwd_back - (bindings : (u64 # u64) betree_list_t) (key : u64) - (new_msg : betree_message_t) : - (u64 # u64) betree_list_t result - = - do - bindings0 <- betree_node_lookup_mut_in_bindings_fwd key bindings; - b <- betree_list_head_has_key_fwd bindings0 key; - if b - then ( - do - hd <- betree_list_pop_front_fwd bindings0; - (case new_msg of - | BetreeMessageInsert v => - do - bindings1 <- betree_list_pop_front_back bindings0; - bindings2 <- betree_list_push_front_fwd_back bindings1 (key, v); - betree_node_lookup_mut_in_bindings_back key bindings bindings2 - od - | BetreeMessageDelete => - do - bindings1 <- betree_list_pop_front_back bindings0; - betree_node_lookup_mut_in_bindings_back key bindings bindings1 - od - | BetreeMessageUpsert s => - let (_, i) = hd in - do - v <- betree_upsert_update_fwd (SOME i) s; - bindings1 <- betree_list_pop_front_back bindings0; - bindings2 <- betree_list_push_front_fwd_back bindings1 (key, v); - betree_node_lookup_mut_in_bindings_back key bindings bindings2 - od) - od) - else - (case new_msg of - | BetreeMessageInsert v => - do - bindings1 <- betree_list_push_front_fwd_back bindings0 (key, v); - betree_node_lookup_mut_in_bindings_back key bindings bindings1 - od - | BetreeMessageDelete => - betree_node_lookup_mut_in_bindings_back key bindings bindings0 - | BetreeMessageUpsert s => - do - v <- betree_upsert_update_fwd NONE s; - bindings1 <- betree_list_push_front_fwd_back bindings0 (key, v); - betree_node_lookup_mut_in_bindings_back key bindings bindings1 - od) - od -’ - -val [betree_node_apply_messages_to_leaf_fwd_back_def] = DefineDiv ‘ - (** [betree_main::betree::Node::{5}::apply_messages_to_leaf]: merged forward/backward function - (there is a single backward function, and the forward function returns ()) *) - betree_node_apply_messages_to_leaf_fwd_back - (bindings : (u64 # u64) betree_list_t) - (new_msgs : (u64 # betree_message_t) betree_list_t) : - (u64 # u64) betree_list_t result - = - (case new_msgs of - | BetreeListCons new_msg new_msgs_tl => - let (i, m) = new_msg in - do - bindings0 <- betree_node_apply_to_leaf_fwd_back bindings i m; - betree_node_apply_messages_to_leaf_fwd_back bindings0 new_msgs_tl - od - | BetreeListNil => Return bindings) -’ - -val [betree_internal_flush_fwd_def, betree_internal_flush_back_def, betree_node_apply_messages_fwd_def, betree_node_apply_messages_back_def] = DefineDiv ‘ - (** [betree_main::betree::Internal::{4}::flush]: forward function *) - (betree_internal_flush_fwd - (self : betree_internal_t) (params : betree_params_t) - (node_id_cnt : betree_node_id_counter_t) - (content : (u64 # betree_message_t) betree_list_t) (st : state) : - (state # (u64 # betree_message_t) betree_list_t) result - = - do - p <- betree_list_partition_at_pivot_fwd content self.betree_internal_pivot; - let (msgs_left, msgs_right) = p in - do - len_left <- betree_list_len_fwd msgs_left; - if u64_ge len_left params.betree_params_min_flush_size - then ( - do - (st0, _) <- - betree_node_apply_messages_fwd self.betree_internal_left params - node_id_cnt msgs_left st; - (_, node_id_cnt0) <- - betree_node_apply_messages_back self.betree_internal_left params - node_id_cnt msgs_left st; - len_right <- betree_list_len_fwd msgs_right; - if u64_ge len_right params.betree_params_min_flush_size - then ( - do - (st1, _) <- - betree_node_apply_messages_fwd self.betree_internal_right params - node_id_cnt0 msgs_right st0; - _ <- - betree_node_apply_messages_back self.betree_internal_right params - node_id_cnt0 msgs_right st0; - Return (st1, BetreeListNil) - od) - else Return (st0, msgs_right) - od) - else ( - do - (st0, _) <- - betree_node_apply_messages_fwd self.betree_internal_right params - node_id_cnt msgs_right st; - _ <- - betree_node_apply_messages_back self.betree_internal_right params - node_id_cnt msgs_right st; - Return (st0, msgs_left) - od) - od - od) - /\ - - (** [betree_main::betree::Internal::{4}::flush]: backward function 0 *) - (betree_internal_flush_back - (self : betree_internal_t) (params : betree_params_t) - (node_id_cnt : betree_node_id_counter_t) - (content : (u64 # betree_message_t) betree_list_t) (st : state) : - (betree_internal_t # betree_node_id_counter_t) result - = - do - p <- betree_list_partition_at_pivot_fwd content self.betree_internal_pivot; - let (msgs_left, msgs_right) = p in - do - len_left <- betree_list_len_fwd msgs_left; - if u64_ge len_left params.betree_params_min_flush_size - then ( - do - (st0, _) <- - betree_node_apply_messages_fwd self.betree_internal_left params - node_id_cnt msgs_left st; - (n, node_id_cnt0) <- - betree_node_apply_messages_back self.betree_internal_left params - node_id_cnt msgs_left st; - len_right <- betree_list_len_fwd msgs_right; - if u64_ge len_right params.betree_params_min_flush_size - then ( - do - (n0, node_id_cnt1) <- - betree_node_apply_messages_back self.betree_internal_right params - node_id_cnt0 msgs_right st0; - Return - (self - with - <| - betree_internal_left := n; betree_internal_right := n0 - |>, node_id_cnt1) - od) - else Return (self with <| betree_internal_left := n |>, node_id_cnt0) - od) - else ( - do - (n, node_id_cnt0) <- - betree_node_apply_messages_back self.betree_internal_right params - node_id_cnt msgs_right st; - Return (self with <| betree_internal_right := n |>, node_id_cnt0) - od) - od - od) - /\ - - (** [betree_main::betree::Node::{5}::apply_messages]: forward function *) - (betree_node_apply_messages_fwd - (self : betree_node_t) (params : betree_params_t) - (node_id_cnt : betree_node_id_counter_t) - (msgs : (u64 # betree_message_t) betree_list_t) (st : state) : - (state # unit) result - = - (case self of - | BetreeNodeInternal node => - do - (st0, content) <- - betree_load_internal_node_fwd node.betree_internal_id st; - content0 <- betree_node_apply_messages_to_internal_fwd_back content msgs; - num_msgs <- betree_list_len_fwd content0; - if u64_ge num_msgs params.betree_params_min_flush_size - then ( - do - (st1, content1) <- - betree_internal_flush_fwd node params node_id_cnt content0 st0; - (node0, _) <- - betree_internal_flush_back node params node_id_cnt content0 st0; - (st2, _) <- - betree_store_internal_node_fwd node0.betree_internal_id content1 st1; - Return (st2, ()) - od) - else ( - do - (st1, _) <- - betree_store_internal_node_fwd node.betree_internal_id content0 st0; - Return (st1, ()) - od) - od - | BetreeNodeLeaf node => - do - (st0, content) <- betree_load_leaf_node_fwd node.betree_leaf_id st; - content0 <- betree_node_apply_messages_to_leaf_fwd_back content msgs; - len <- betree_list_len_fwd content0; - i <- u64_mul (int_to_u64 2) params.betree_params_split_size; - if u64_ge len i - then ( - do - (st1, _) <- betree_leaf_split_fwd node content0 params node_id_cnt st0; - (st2, _) <- - betree_store_leaf_node_fwd node.betree_leaf_id BetreeListNil st1; - Return (st2, ()) - od) - else ( - do - (st1, _) <- - betree_store_leaf_node_fwd node.betree_leaf_id content0 st0; - Return (st1, ()) - od) - od)) - /\ - - (** [betree_main::betree::Node::{5}::apply_messages]: backward function 0 *) - betree_node_apply_messages_back - (self : betree_node_t) (params : betree_params_t) - (node_id_cnt : betree_node_id_counter_t) - (msgs : (u64 # betree_message_t) betree_list_t) (st : state) : - (betree_node_t # betree_node_id_counter_t) result - = - (case self of - | BetreeNodeInternal node => - do - (st0, content) <- - betree_load_internal_node_fwd node.betree_internal_id st; - content0 <- betree_node_apply_messages_to_internal_fwd_back content msgs; - num_msgs <- betree_list_len_fwd content0; - if u64_ge num_msgs params.betree_params_min_flush_size - then ( - do - (st1, content1) <- - betree_internal_flush_fwd node params node_id_cnt content0 st0; - (node0, node_id_cnt0) <- - betree_internal_flush_back node params node_id_cnt content0 st0; - _ <- - betree_store_internal_node_fwd node0.betree_internal_id content1 st1; - Return (BetreeNodeInternal node0, node_id_cnt0) - od) - else ( - do - _ <- - betree_store_internal_node_fwd node.betree_internal_id content0 st0; - Return (BetreeNodeInternal node, node_id_cnt) - od) - od - | BetreeNodeLeaf node => - do - (st0, content) <- betree_load_leaf_node_fwd node.betree_leaf_id st; - content0 <- betree_node_apply_messages_to_leaf_fwd_back content msgs; - len <- betree_list_len_fwd content0; - i <- u64_mul (int_to_u64 2) params.betree_params_split_size; - if u64_ge len i - then ( - do - (st1, new_node) <- - betree_leaf_split_fwd node content0 params node_id_cnt st0; - _ <- betree_store_leaf_node_fwd node.betree_leaf_id BetreeListNil st1; - node_id_cnt0 <- - betree_leaf_split_back node content0 params node_id_cnt st0; - Return (BetreeNodeInternal new_node, node_id_cnt0) - od) - else ( - do - _ <- betree_store_leaf_node_fwd node.betree_leaf_id content0 st0; - Return (BetreeNodeLeaf (node with <| betree_leaf_size := len |>), - node_id_cnt) - od) - od) -’ - -val betree_node_apply_fwd_def = Define ‘ - (** [betree_main::betree::Node::{5}::apply]: forward function *) - betree_node_apply_fwd - (self : betree_node_t) (params : betree_params_t) - (node_id_cnt : betree_node_id_counter_t) (key : u64) - (new_msg : betree_message_t) (st : state) : - (state # unit) result - = - let l = BetreeListNil in - do - (st0, _) <- - betree_node_apply_messages_fwd self params node_id_cnt (BetreeListCons - (key, new_msg) l) st; - _ <- - betree_node_apply_messages_back self params node_id_cnt (BetreeListCons - (key, new_msg) l) st; - Return (st0, ()) - od -’ - -val betree_node_apply_back_def = Define ‘ - (** [betree_main::betree::Node::{5}::apply]: backward function 0 *) - betree_node_apply_back - (self : betree_node_t) (params : betree_params_t) - (node_id_cnt : betree_node_id_counter_t) (key : u64) - (new_msg : betree_message_t) (st : state) : - (betree_node_t # betree_node_id_counter_t) result - = - let l = BetreeListNil in - betree_node_apply_messages_back self params node_id_cnt (BetreeListCons - (key, new_msg) l) st -’ - -val betree_be_tree_new_fwd_def = Define ‘ - (** [betree_main::betree::BeTree::{6}::new]: forward function *) - betree_be_tree_new_fwd - (min_flush_size : u64) (split_size : u64) (st : state) : - (state # betree_be_tree_t) result - = - do - node_id_cnt <- betree_node_id_counter_new_fwd; - id <- betree_node_id_counter_fresh_id_fwd node_id_cnt; - (st0, _) <- betree_store_leaf_node_fwd id BetreeListNil st; - node_id_cnt0 <- betree_node_id_counter_fresh_id_back node_id_cnt; - Return (st0, - <| - betree_be_tree_params := - (<| - betree_params_min_flush_size := min_flush_size; - betree_params_split_size := split_size - |>); - betree_be_tree_node_id_cnt := node_id_cnt0; - betree_be_tree_root := - (BetreeNodeLeaf - (<| betree_leaf_id := id; betree_leaf_size := (int_to_u64 0) |>)) - |>) - od -’ - -val betree_be_tree_apply_fwd_def = Define ‘ - (** [betree_main::betree::BeTree::{6}::apply]: forward function *) - betree_be_tree_apply_fwd - (self : betree_be_tree_t) (key : u64) (msg : betree_message_t) (st : state) - : - (state # unit) result - = - do - (st0, _) <- - betree_node_apply_fwd self.betree_be_tree_root self.betree_be_tree_params - self.betree_be_tree_node_id_cnt key msg st; - _ <- - betree_node_apply_back self.betree_be_tree_root - self.betree_be_tree_params self.betree_be_tree_node_id_cnt key msg st; - Return (st0, ()) - od -’ - -val betree_be_tree_apply_back_def = Define ‘ - (** [betree_main::betree::BeTree::{6}::apply]: backward function 0 *) - betree_be_tree_apply_back - (self : betree_be_tree_t) (key : u64) (msg : betree_message_t) (st : state) - : - betree_be_tree_t result - = - do - (n, nic) <- - betree_node_apply_back self.betree_be_tree_root - self.betree_be_tree_params self.betree_be_tree_node_id_cnt key msg st; - Return - (self - with - <| - betree_be_tree_node_id_cnt := nic; betree_be_tree_root := n - |>) - od -’ - -val betree_be_tree_insert_fwd_def = Define ‘ - (** [betree_main::betree::BeTree::{6}::insert]: forward function *) - betree_be_tree_insert_fwd - (self : betree_be_tree_t) (key : u64) (value : u64) (st : state) : - (state # unit) result - = - do - (st0, _) <- - betree_be_tree_apply_fwd self key (BetreeMessageInsert value) st; - _ <- betree_be_tree_apply_back self key (BetreeMessageInsert value) st; - Return (st0, ()) - od -’ - -val betree_be_tree_insert_back_def = Define ‘ - (** [betree_main::betree::BeTree::{6}::insert]: backward function 0 *) - betree_be_tree_insert_back - (self : betree_be_tree_t) (key : u64) (value : u64) (st : state) : - betree_be_tree_t result - = - betree_be_tree_apply_back self key (BetreeMessageInsert value) st -’ - -val betree_be_tree_delete_fwd_def = Define ‘ - (** [betree_main::betree::BeTree::{6}::delete]: forward function *) - betree_be_tree_delete_fwd - (self : betree_be_tree_t) (key : u64) (st : state) : - (state # unit) result - = - do - (st0, _) <- betree_be_tree_apply_fwd self key BetreeMessageDelete st; - _ <- betree_be_tree_apply_back self key BetreeMessageDelete st; - Return (st0, ()) - od -’ - -val betree_be_tree_delete_back_def = Define ‘ - (** [betree_main::betree::BeTree::{6}::delete]: backward function 0 *) - betree_be_tree_delete_back - (self : betree_be_tree_t) (key : u64) (st : state) : - betree_be_tree_t result - = - betree_be_tree_apply_back self key BetreeMessageDelete st -’ - -val betree_be_tree_upsert_fwd_def = Define ‘ - (** [betree_main::betree::BeTree::{6}::upsert]: forward function *) - betree_be_tree_upsert_fwd - (self : betree_be_tree_t) (key : u64) (upd : betree_upsert_fun_state_t) - (st : state) : - (state # unit) result - = - do - (st0, _) <- betree_be_tree_apply_fwd self key (BetreeMessageUpsert upd) st; - _ <- betree_be_tree_apply_back self key (BetreeMessageUpsert upd) st; - Return (st0, ()) - od -’ - -val betree_be_tree_upsert_back_def = Define ‘ - (** [betree_main::betree::BeTree::{6}::upsert]: backward function 0 *) - betree_be_tree_upsert_back - (self : betree_be_tree_t) (key : u64) (upd : betree_upsert_fun_state_t) - (st : state) : - betree_be_tree_t result - = - betree_be_tree_apply_back self key (BetreeMessageUpsert upd) st -’ - -val betree_be_tree_lookup_fwd_def = Define ‘ - (** [betree_main::betree::BeTree::{6}::lookup]: forward function *) - betree_be_tree_lookup_fwd - (self : betree_be_tree_t) (key : u64) (st : state) : - (state # u64 option) result - = - betree_node_lookup_fwd self.betree_be_tree_root key st -’ - -val betree_be_tree_lookup_back_def = Define ‘ - (** [betree_main::betree::BeTree::{6}::lookup]: backward function 0 *) - betree_be_tree_lookup_back - (self : betree_be_tree_t) (key : u64) (st : state) : - betree_be_tree_t result - = - do - n <- betree_node_lookup_back self.betree_be_tree_root key st; - Return (self with <| betree_be_tree_root := n |>) - od -’ - -val main_fwd_def = Define ‘ - (** [betree_main::main]: forward function *) - main_fwd : unit result = - Return () -’ - -(** Unit test for [betree_main::main] *) -val _ = assert_return (“main_fwd”) - -val _ = export_theory () diff --git a/tests/hol4/betree/betreeMain_FunsTheory.sig b/tests/hol4/betree/betreeMain_FunsTheory.sig deleted file mode 100644 index c922ca9f..00000000 --- a/tests/hol4/betree/betreeMain_FunsTheory.sig +++ /dev/null @@ -1,1230 +0,0 @@ -signature betreeMain_FunsTheory = -sig - type thm = Thm.thm - - (* Definitions *) - val betree_be_tree_apply_back_def : thm - val betree_be_tree_apply_fwd_def : thm - val betree_be_tree_delete_back_def : thm - val betree_be_tree_delete_fwd_def : thm - val betree_be_tree_insert_back_def : thm - val betree_be_tree_insert_fwd_def : thm - val betree_be_tree_lookup_back_def : thm - val betree_be_tree_lookup_fwd_def : thm - val betree_be_tree_new_fwd_def : thm - val betree_be_tree_upsert_back_def : thm - val betree_be_tree_upsert_fwd_def : thm - val betree_fresh_node_id_back_def : thm - val betree_fresh_node_id_fwd_def : thm - val betree_internal_flush_back_def : thm - val betree_internal_flush_fwd_def : thm - val betree_internal_lookup_in_children_back_def : thm - val betree_internal_lookup_in_children_fwd_def : thm - val betree_leaf_split_back_def : thm - val betree_leaf_split_fwd_def : thm - val betree_list_hd_fwd_def : thm - val betree_list_head_has_key_fwd_def : thm - val betree_list_len_fwd_def : thm - val betree_list_partition_at_pivot_fwd_def : thm - val betree_list_pop_front_back_def : thm - val betree_list_pop_front_fwd_def : thm - val betree_list_push_front_fwd_back_def : thm - val betree_list_split_at_fwd_def : thm - val betree_load_internal_node_fwd_def : thm - val betree_load_leaf_node_fwd_def : thm - val betree_node_apply_back_def : thm - val betree_node_apply_fwd_def : thm - val betree_node_apply_messages_back_def : thm - val betree_node_apply_messages_fwd_def : thm - val betree_node_apply_messages_to_internal_fwd_back_def : thm - val betree_node_apply_messages_to_leaf_fwd_back_def : thm - val betree_node_apply_to_internal_fwd_back_def : thm - val betree_node_apply_to_leaf_fwd_back_def : thm - val betree_node_apply_upserts_back_def : thm - val betree_node_apply_upserts_fwd_def : thm - val betree_node_filter_messages_for_key_fwd_back_def : thm - val betree_node_id_counter_fresh_id_back_def : thm - val betree_node_id_counter_fresh_id_fwd_def : thm - val betree_node_id_counter_new_fwd_def : thm - val betree_node_lookup_back_def : thm - val betree_node_lookup_first_message_after_key_back_def : thm - val betree_node_lookup_first_message_after_key_fwd_def : thm - val betree_node_lookup_first_message_for_key_back_def : thm - val betree_node_lookup_first_message_for_key_fwd_def : thm - val betree_node_lookup_fwd_def : thm - val betree_node_lookup_in_bindings_fwd_def : thm - val betree_node_lookup_mut_in_bindings_back_def : thm - val betree_node_lookup_mut_in_bindings_fwd_def : thm - val betree_store_internal_node_fwd_def : thm - val betree_store_leaf_node_fwd_def : thm - val betree_upsert_update_fwd_def : thm - val main_fwd_def : thm - - val betreeMain_Funs_grammars : type_grammar.grammar * term_grammar.grammar -(* - [betreeMain_Opaque] Parent theory of "betreeMain_Funs" - - [betree_be_tree_apply_back_def] Definition - - ⊢ ∀self key msg st. - betree_be_tree_apply_back self key msg st = - do - (n,nic) <- - betree_node_apply_back self.betree_be_tree_root - self.betree_be_tree_params self.betree_be_tree_node_id_cnt - key msg st; - Return - (self with - <|betree_be_tree_node_id_cnt := nic; - betree_be_tree_root := n|>) - od - - [betree_be_tree_apply_fwd_def] Definition - - ⊢ ∀self key msg st. - betree_be_tree_apply_fwd self key msg st = - do - (st0,_) <- - betree_node_apply_fwd self.betree_be_tree_root - self.betree_be_tree_params self.betree_be_tree_node_id_cnt - key msg st; - monad_ignore_bind - (betree_node_apply_back self.betree_be_tree_root - self.betree_be_tree_params self.betree_be_tree_node_id_cnt - key msg st) (Return (st0,())) - od - - [betree_be_tree_delete_back_def] Definition - - ⊢ ∀self key st. - betree_be_tree_delete_back self key st = - betree_be_tree_apply_back self key BetreeMessageDelete st - - [betree_be_tree_delete_fwd_def] Definition - - ⊢ ∀self key st. - betree_be_tree_delete_fwd self key st = - do - (st0,_) <- - betree_be_tree_apply_fwd self key BetreeMessageDelete st; - monad_ignore_bind - (betree_be_tree_apply_back self key BetreeMessageDelete st) - (Return (st0,())) - od - - [betree_be_tree_insert_back_def] Definition - - ⊢ ∀self key value st. - betree_be_tree_insert_back self key value st = - betree_be_tree_apply_back self key (BetreeMessageInsert value) st - - [betree_be_tree_insert_fwd_def] Definition - - ⊢ ∀self key value st. - betree_be_tree_insert_fwd self key value st = - do - (st0,_) <- - betree_be_tree_apply_fwd self key (BetreeMessageInsert value) - st; - monad_ignore_bind - (betree_be_tree_apply_back self key - (BetreeMessageInsert value) st) (Return (st0,())) - od - - [betree_be_tree_lookup_back_def] Definition - - ⊢ ∀self key st. - betree_be_tree_lookup_back self key st = - do - n <- betree_node_lookup_back self.betree_be_tree_root key st; - Return (self with betree_be_tree_root := n) - od - - [betree_be_tree_lookup_fwd_def] Definition - - ⊢ ∀self key st. - betree_be_tree_lookup_fwd self key st = - betree_node_lookup_fwd self.betree_be_tree_root key st - - [betree_be_tree_new_fwd_def] Definition - - ⊢ ∀min_flush_size split_size st. - betree_be_tree_new_fwd min_flush_size split_size st = - do - node_id_cnt <- betree_node_id_counter_new_fwd; - id <- betree_node_id_counter_fresh_id_fwd node_id_cnt; - (st0,_) <- betree_store_leaf_node_fwd id BetreeListNil st; - node_id_cnt0 <- - betree_node_id_counter_fresh_id_back node_id_cnt; - Return - (st0, - <|betree_be_tree_params := - <|betree_params_min_flush_size := min_flush_size; - betree_params_split_size := split_size|>; - betree_be_tree_node_id_cnt := node_id_cnt0; - betree_be_tree_root := - BetreeNodeLeaf - <|betree_leaf_id := id; - betree_leaf_size := int_to_u64 0|> |>) - od - - [betree_be_tree_upsert_back_def] Definition - - ⊢ ∀self key upd st. - betree_be_tree_upsert_back self key upd st = - betree_be_tree_apply_back self key (BetreeMessageUpsert upd) st - - [betree_be_tree_upsert_fwd_def] Definition - - ⊢ ∀self key upd st. - betree_be_tree_upsert_fwd self key upd st = - do - (st0,_) <- - betree_be_tree_apply_fwd self key (BetreeMessageUpsert upd) - st; - monad_ignore_bind - (betree_be_tree_apply_back self key (BetreeMessageUpsert upd) - st) (Return (st0,())) - od - - [betree_fresh_node_id_back_def] Definition - - ⊢ ∀counter. - betree_fresh_node_id_back counter = - u64_add counter (int_to_u64 1) - - [betree_fresh_node_id_fwd_def] Definition - - ⊢ ∀counter. - betree_fresh_node_id_fwd counter = - monad_ignore_bind (u64_add counter (int_to_u64 1)) - (Return counter) - - [betree_internal_flush_back_def] Definition - - ⊢ ∀self params node_id_cnt content st. - betree_internal_flush_back self params node_id_cnt content st = - do - p <- - betree_list_partition_at_pivot_fwd content - self.betree_internal_pivot; - (msgs_left,msgs_right) <<- p; - len_left <- betree_list_len_fwd msgs_left; - if u64_ge len_left params.betree_params_min_flush_size then - do - (st0,_) <- - betree_node_apply_messages_fwd self.betree_internal_left - params node_id_cnt msgs_left st; - (n,node_id_cnt0) <- - betree_node_apply_messages_back self.betree_internal_left - params node_id_cnt msgs_left st; - len_right <- betree_list_len_fwd msgs_right; - if - u64_ge len_right params.betree_params_min_flush_size - then - do - (n0,node_id_cnt1) <- - betree_node_apply_messages_back - self.betree_internal_right params node_id_cnt0 - msgs_right st0; - Return - (self with - <|betree_internal_left := n; - betree_internal_right := n0|>,node_id_cnt1) - od - else - Return (self with betree_internal_left := n,node_id_cnt0) - od - else - do - (n,node_id_cnt0) <- - betree_node_apply_messages_back - self.betree_internal_right params node_id_cnt - msgs_right st; - Return (self with betree_internal_right := n,node_id_cnt0) - od - od - - [betree_internal_flush_fwd_def] Definition - - ⊢ ∀self params node_id_cnt content st. - betree_internal_flush_fwd self params node_id_cnt content st = - do - p <- - betree_list_partition_at_pivot_fwd content - self.betree_internal_pivot; - (msgs_left,msgs_right) <<- p; - len_left <- betree_list_len_fwd msgs_left; - if u64_ge len_left params.betree_params_min_flush_size then - do - (st0,_) <- - betree_node_apply_messages_fwd self.betree_internal_left - params node_id_cnt msgs_left st; - (_,node_id_cnt0) <- - betree_node_apply_messages_back self.betree_internal_left - params node_id_cnt msgs_left st; - len_right <- betree_list_len_fwd msgs_right; - if - u64_ge len_right params.betree_params_min_flush_size - then - do - (st1,_) <- - betree_node_apply_messages_fwd - self.betree_internal_right params node_id_cnt0 - msgs_right st0; - monad_ignore_bind - (betree_node_apply_messages_back - self.betree_internal_right params node_id_cnt0 - msgs_right st0) (Return (st1,BetreeListNil)) - od - else Return (st0,msgs_right) - od - else - do - (st0,_) <- - betree_node_apply_messages_fwd self.betree_internal_right - params node_id_cnt msgs_right st; - monad_ignore_bind - (betree_node_apply_messages_back - self.betree_internal_right params node_id_cnt - msgs_right st) (Return (st0,msgs_left)) - od - od - - [betree_internal_lookup_in_children_back_def] Definition - - ⊢ ∀self key st. - betree_internal_lookup_in_children_back self key st = - if u64_lt key self.betree_internal_pivot then - do - n <- betree_node_lookup_back self.betree_internal_left key st; - Return (self with betree_internal_left := n) - od - else - do - n <- - betree_node_lookup_back self.betree_internal_right key st; - Return (self with betree_internal_right := n) - od - - [betree_internal_lookup_in_children_fwd_def] Definition - - ⊢ ∀self key st. - betree_internal_lookup_in_children_fwd self key st = - if u64_lt key self.betree_internal_pivot then - betree_node_lookup_fwd self.betree_internal_left key st - else betree_node_lookup_fwd self.betree_internal_right key st - - [betree_leaf_split_back_def] Definition - - ⊢ ∀self content params node_id_cnt st. - betree_leaf_split_back self content params node_id_cnt st = - do - p <- - betree_list_split_at_fwd content - params.betree_params_split_size; - (content0,content1) <<- p; - monad_ignore_bind (betree_list_hd_fwd content1) - do - id0 <- betree_node_id_counter_fresh_id_fwd node_id_cnt; - node_id_cnt0 <- - betree_node_id_counter_fresh_id_back node_id_cnt; - id1 <- betree_node_id_counter_fresh_id_fwd node_id_cnt0; - (st0,_) <- betree_store_leaf_node_fwd id0 content0 st; - monad_ignore_bind - (betree_store_leaf_node_fwd id1 content1 st0) - (betree_node_id_counter_fresh_id_back node_id_cnt0) - od - od - - [betree_leaf_split_fwd_def] Definition - - ⊢ ∀self content params node_id_cnt st. - betree_leaf_split_fwd self content params node_id_cnt st = - do - p <- - betree_list_split_at_fwd content - params.betree_params_split_size; - (content0,content1) <<- p; - p0 <- betree_list_hd_fwd content1; - (pivot,_) <<- p0; - id0 <- betree_node_id_counter_fresh_id_fwd node_id_cnt; - node_id_cnt0 <- - betree_node_id_counter_fresh_id_back node_id_cnt; - id1 <- betree_node_id_counter_fresh_id_fwd node_id_cnt0; - (st0,_) <- betree_store_leaf_node_fwd id0 content0 st; - (st1,_) <- betree_store_leaf_node_fwd id1 content1 st0; - n <<- - BetreeNodeLeaf - <|betree_leaf_id := id0; - betree_leaf_size := params.betree_params_split_size|>; - n0 <<- - BetreeNodeLeaf - <|betree_leaf_id := id1; - betree_leaf_size := params.betree_params_split_size|>; - Return - (st1, - <|betree_internal_id := self.betree_leaf_id; - betree_internal_pivot := pivot; betree_internal_left := n; - betree_internal_right := n0|>) - od - - [betree_list_hd_fwd_def] Definition - - ⊢ ∀self. - betree_list_hd_fwd self = - case self of - BetreeListCons hd l => Return hd - | BetreeListNil => Fail Failure - - [betree_list_head_has_key_fwd_def] Definition - - ⊢ ∀self key. - betree_list_head_has_key_fwd self key = - case self of - BetreeListCons hd l => (let (i,_) = hd in Return (i = key)) - | BetreeListNil => Return F - - [betree_list_len_fwd_def] Definition - - ⊢ ∀self. - betree_list_len_fwd self = - case self of - BetreeListCons t tl => - do i <- betree_list_len_fwd tl; u64_add (int_to_u64 1) i od - | BetreeListNil => Return (int_to_u64 0) - - [betree_list_partition_at_pivot_fwd_def] Definition - - ⊢ ∀self pivot. - betree_list_partition_at_pivot_fwd self pivot = - case self of - BetreeListCons hd tl => - (let - (i,t) = hd - in - if u64_ge i pivot then - Return (BetreeListNil,BetreeListCons (i,t) tl) - else - do - p <- betree_list_partition_at_pivot_fwd tl pivot; - (ls0,ls1) <<- p; - l <<- ls0; - Return (BetreeListCons (i,t) l,ls1) - od) - | BetreeListNil => Return (BetreeListNil,BetreeListNil) - - [betree_list_pop_front_back_def] Definition - - ⊢ ∀self. - betree_list_pop_front_back self = - (let - ls = mem_replace_fwd self BetreeListNil - in - case ls of - BetreeListCons x tl => Return tl - | BetreeListNil => Fail Failure) - - [betree_list_pop_front_fwd_def] Definition - - ⊢ ∀self. - betree_list_pop_front_fwd self = - (let - ls = mem_replace_fwd self BetreeListNil - in - case ls of - BetreeListCons x tl => Return x - | BetreeListNil => Fail Failure) - - [betree_list_push_front_fwd_back_def] Definition - - ⊢ ∀self x. - betree_list_push_front_fwd_back self x = - (let - tl = mem_replace_fwd self BetreeListNil; - l = tl - in - Return (BetreeListCons x l)) - - [betree_list_split_at_fwd_def] Definition - - ⊢ ∀self n. - betree_list_split_at_fwd self n = - if n = int_to_u64 0 then Return (BetreeListNil,self) - else - case self of - BetreeListCons hd tl => - do - i <- u64_sub n (int_to_u64 1); - p <- betree_list_split_at_fwd tl i; - (ls0,ls1) <<- p; - l <<- ls0; - Return (BetreeListCons hd l,ls1) - od - | BetreeListNil => Fail Failure - - [betree_load_internal_node_fwd_def] Definition - - ⊢ ∀id st. - betree_load_internal_node_fwd id st = - betree_utils_load_internal_node_fwd id st - - [betree_load_leaf_node_fwd_def] Definition - - ⊢ ∀id st. - betree_load_leaf_node_fwd id st = - betree_utils_load_leaf_node_fwd id st - - [betree_node_apply_back_def] Definition - - ⊢ ∀self params node_id_cnt key new_msg st. - betree_node_apply_back self params node_id_cnt key new_msg st = - (let - l = BetreeListNil - in - betree_node_apply_messages_back self params node_id_cnt - (BetreeListCons (key,new_msg) l) st) - - [betree_node_apply_fwd_def] Definition - - ⊢ ∀self params node_id_cnt key new_msg st. - betree_node_apply_fwd self params node_id_cnt key new_msg st = - (let - l = BetreeListNil - in - do - (st0,_) <- - betree_node_apply_messages_fwd self params node_id_cnt - (BetreeListCons (key,new_msg) l) st; - monad_ignore_bind - (betree_node_apply_messages_back self params node_id_cnt - (BetreeListCons (key,new_msg) l) st) (Return (st0,())) - od) - - [betree_node_apply_messages_back_def] Definition - - ⊢ ∀self params node_id_cnt msgs st. - betree_node_apply_messages_back self params node_id_cnt msgs st = - case self of - BetreeNodeInternal node => - do - (st0,content) <- - betree_load_internal_node_fwd node.betree_internal_id st; - content0 <- - betree_node_apply_messages_to_internal_fwd_back content - msgs; - num_msgs <- betree_list_len_fwd content0; - if u64_ge num_msgs params.betree_params_min_flush_size then - do - (st1,content1) <- - betree_internal_flush_fwd node params node_id_cnt - content0 st0; - (node0,node_id_cnt0) <- - betree_internal_flush_back node params node_id_cnt - content0 st0; - monad_ignore_bind - (betree_store_internal_node_fwd - node0.betree_internal_id content1 st1) - (Return (BetreeNodeInternal node0,node_id_cnt0)) - od - else - monad_ignore_bind - (betree_store_internal_node_fwd node.betree_internal_id - content0 st0) - (Return (BetreeNodeInternal node,node_id_cnt)) - od - | BetreeNodeLeaf node' => - do - (st0,content) <- - betree_load_leaf_node_fwd node'.betree_leaf_id st; - content0 <- - betree_node_apply_messages_to_leaf_fwd_back content msgs; - len <- betree_list_len_fwd content0; - i <- u64_mul (int_to_u64 2) params.betree_params_split_size; - if u64_ge len i then - do - (st1,new_node) <- - betree_leaf_split_fwd node' content0 params node_id_cnt - st0; - monad_ignore_bind - (betree_store_leaf_node_fwd node'.betree_leaf_id - BetreeListNil st1) - do - node_id_cnt0 <- - betree_leaf_split_back node' content0 params - node_id_cnt st0; - Return (BetreeNodeInternal new_node,node_id_cnt0) - od - od - else - monad_ignore_bind - (betree_store_leaf_node_fwd node'.betree_leaf_id content0 - st0) - (Return - (BetreeNodeLeaf (node' with betree_leaf_size := len), - node_id_cnt)) - od - - [betree_node_apply_messages_fwd_def] Definition - - ⊢ ∀self params node_id_cnt msgs st. - betree_node_apply_messages_fwd self params node_id_cnt msgs st = - case self of - BetreeNodeInternal node => - do - (st0,content) <- - betree_load_internal_node_fwd node.betree_internal_id st; - content0 <- - betree_node_apply_messages_to_internal_fwd_back content - msgs; - num_msgs <- betree_list_len_fwd content0; - if u64_ge num_msgs params.betree_params_min_flush_size then - do - (st1,content1) <- - betree_internal_flush_fwd node params node_id_cnt - content0 st0; - (node0,_) <- - betree_internal_flush_back node params node_id_cnt - content0 st0; - (st2,_) <- - betree_store_internal_node_fwd - node0.betree_internal_id content1 st1; - Return (st2,()) - od - else - do - (st1,_) <- - betree_store_internal_node_fwd - node.betree_internal_id content0 st0; - Return (st1,()) - od - od - | BetreeNodeLeaf node' => - do - (st0,content) <- - betree_load_leaf_node_fwd node'.betree_leaf_id st; - content0 <- - betree_node_apply_messages_to_leaf_fwd_back content msgs; - len <- betree_list_len_fwd content0; - i <- u64_mul (int_to_u64 2) params.betree_params_split_size; - if u64_ge len i then - do - (st1,_) <- - betree_leaf_split_fwd node' content0 params node_id_cnt - st0; - (st2,_) <- - betree_store_leaf_node_fwd node'.betree_leaf_id - BetreeListNil st1; - Return (st2,()) - od - else - do - (st1,_) <- - betree_store_leaf_node_fwd node'.betree_leaf_id - content0 st0; - Return (st1,()) - od - od - - [betree_node_apply_messages_to_internal_fwd_back_def] Definition - - ⊢ ∀msgs new_msgs. - betree_node_apply_messages_to_internal_fwd_back msgs new_msgs = - case new_msgs of - BetreeListCons new_msg new_msgs_tl => - (let - (i,m) = new_msg - in - do - msgs0 <- betree_node_apply_to_internal_fwd_back msgs i m; - betree_node_apply_messages_to_internal_fwd_back msgs0 - new_msgs_tl - od) - | BetreeListNil => Return msgs - - [betree_node_apply_messages_to_leaf_fwd_back_def] Definition - - ⊢ ∀bindings new_msgs. - betree_node_apply_messages_to_leaf_fwd_back bindings new_msgs = - case new_msgs of - BetreeListCons new_msg new_msgs_tl => - (let - (i,m) = new_msg - in - do - bindings0 <- - betree_node_apply_to_leaf_fwd_back bindings i m; - betree_node_apply_messages_to_leaf_fwd_back bindings0 - new_msgs_tl - od) - | BetreeListNil => Return bindings - - [betree_node_apply_to_internal_fwd_back_def] Definition - - ⊢ ∀msgs key new_msg. - betree_node_apply_to_internal_fwd_back msgs key new_msg = - do - msgs0 <- betree_node_lookup_first_message_for_key_fwd key msgs; - b <- betree_list_head_has_key_fwd msgs0 key; - if b then - case new_msg of - BetreeMessageInsert i => - do - msgs1 <- - betree_node_filter_messages_for_key_fwd_back key - msgs0; - msgs2 <- - betree_list_push_front_fwd_back msgs1 - (key,BetreeMessageInsert i); - betree_node_lookup_first_message_for_key_back key msgs - msgs2 - od - | BetreeMessageDelete => - do - msgs1 <- - betree_node_filter_messages_for_key_fwd_back key msgs0; - msgs2 <- - betree_list_push_front_fwd_back msgs1 - (key,BetreeMessageDelete); - betree_node_lookup_first_message_for_key_back key msgs - msgs2 - od - | BetreeMessageUpsert s => - do - p <- betree_list_hd_fwd msgs0; - (_,m) <<- p; - case m of - BetreeMessageInsert prev => - do - v <- betree_upsert_update_fwd (SOME prev) s; - msgs1 <- betree_list_pop_front_back msgs0; - msgs2 <- - betree_list_push_front_fwd_back msgs1 - (key,BetreeMessageInsert v); - betree_node_lookup_first_message_for_key_back key - msgs msgs2 - od - | BetreeMessageDelete => - do - v <- betree_upsert_update_fwd NONE s; - msgs1 <- betree_list_pop_front_back msgs0; - msgs2 <- - betree_list_push_front_fwd_back msgs1 - (key,BetreeMessageInsert v); - betree_node_lookup_first_message_for_key_back key - msgs msgs2 - od - | BetreeMessageUpsert ufs => - do - msgs1 <- - betree_node_lookup_first_message_after_key_fwd key - msgs0; - msgs2 <- - betree_list_push_front_fwd_back msgs1 - (key,BetreeMessageUpsert s); - msgs3 <- - betree_node_lookup_first_message_after_key_back key - msgs0 msgs2; - betree_node_lookup_first_message_for_key_back key - msgs msgs3 - od - od - else - do - msgs1 <- - betree_list_push_front_fwd_back msgs0 (key,new_msg); - betree_node_lookup_first_message_for_key_back key msgs - msgs1 - od - od - - [betree_node_apply_to_leaf_fwd_back_def] Definition - - ⊢ ∀bindings key new_msg. - betree_node_apply_to_leaf_fwd_back bindings key new_msg = - do - bindings0 <- - betree_node_lookup_mut_in_bindings_fwd key bindings; - b <- betree_list_head_has_key_fwd bindings0 key; - if b then - do - hd <- betree_list_pop_front_fwd bindings0; - case new_msg of - BetreeMessageInsert v => - do - bindings1 <- betree_list_pop_front_back bindings0; - bindings2 <- - betree_list_push_front_fwd_back bindings1 (key,v); - betree_node_lookup_mut_in_bindings_back key bindings - bindings2 - od - | BetreeMessageDelete => - do - bindings1 <- betree_list_pop_front_back bindings0; - betree_node_lookup_mut_in_bindings_back key bindings - bindings1 - od - | BetreeMessageUpsert s => - (let - (_,i) = hd - in - do - v <- betree_upsert_update_fwd (SOME i) s; - bindings1 <- betree_list_pop_front_back bindings0; - bindings2 <- - betree_list_push_front_fwd_back bindings1 (key,v); - betree_node_lookup_mut_in_bindings_back key bindings - bindings2 - od) - od - else - case new_msg of - BetreeMessageInsert v => - do - bindings1 <- - betree_list_push_front_fwd_back bindings0 (key,v); - betree_node_lookup_mut_in_bindings_back key bindings - bindings1 - od - | BetreeMessageDelete => - betree_node_lookup_mut_in_bindings_back key bindings - bindings0 - | BetreeMessageUpsert s => - do - v <- betree_upsert_update_fwd NONE s; - bindings1 <- - betree_list_push_front_fwd_back bindings0 (key,v); - betree_node_lookup_mut_in_bindings_back key bindings - bindings1 - od - od - - [betree_node_apply_upserts_back_def] Definition - - ⊢ ∀msgs prev key st. - betree_node_apply_upserts_back msgs prev key st = - do - b <- betree_list_head_has_key_fwd msgs key; - if b then - do - msg <- betree_list_pop_front_fwd msgs; - (_,m) <<- msg; - case m of - BetreeMessageInsert i => Fail Failure - | BetreeMessageDelete => Fail Failure - | BetreeMessageUpsert s => - do - v <- betree_upsert_update_fwd prev s; - msgs0 <- betree_list_pop_front_back msgs; - betree_node_apply_upserts_back msgs0 (SOME v) key st - od - od - else - do - (_,v) <- core_option_option_unwrap_fwd prev st; - betree_list_push_front_fwd_back msgs - (key,BetreeMessageInsert v) - od - od - - [betree_node_apply_upserts_fwd_def] Definition - - ⊢ ∀msgs prev key st. - betree_node_apply_upserts_fwd msgs prev key st = - do - b <- betree_list_head_has_key_fwd msgs key; - if b then - do - msg <- betree_list_pop_front_fwd msgs; - (_,m) <<- msg; - case m of - BetreeMessageInsert i => Fail Failure - | BetreeMessageDelete => Fail Failure - | BetreeMessageUpsert s => - do - v <- betree_upsert_update_fwd prev s; - msgs0 <- betree_list_pop_front_back msgs; - betree_node_apply_upserts_fwd msgs0 (SOME v) key st - od - od - else - do - (st0,v) <- core_option_option_unwrap_fwd prev st; - monad_ignore_bind - (betree_list_push_front_fwd_back msgs - (key,BetreeMessageInsert v)) (Return (st0,v)) - od - od - - [betree_node_filter_messages_for_key_fwd_back_def] Definition - - ⊢ ∀key msgs. - betree_node_filter_messages_for_key_fwd_back key msgs = - case msgs of - BetreeListCons p l => - (let - (k,m) = p - in - if k = key then - do - msgs0 <- - betree_list_pop_front_back (BetreeListCons (k,m) l); - betree_node_filter_messages_for_key_fwd_back key msgs0 - od - else Return (BetreeListCons (k,m) l)) - | BetreeListNil => Return BetreeListNil - - [betree_node_id_counter_fresh_id_back_def] Definition - - ⊢ ∀self. - betree_node_id_counter_fresh_id_back self = - do - i <- - u64_add self.betree_node_id_counter_next_node_id - (int_to_u64 1); - Return <|betree_node_id_counter_next_node_id := i|> - od - - [betree_node_id_counter_fresh_id_fwd_def] Definition - - ⊢ ∀self. - betree_node_id_counter_fresh_id_fwd self = - monad_ignore_bind - (u64_add self.betree_node_id_counter_next_node_id - (int_to_u64 1)) - (Return self.betree_node_id_counter_next_node_id) - - [betree_node_id_counter_new_fwd_def] Definition - - ⊢ betree_node_id_counter_new_fwd = - Return <|betree_node_id_counter_next_node_id := int_to_u64 0|> - - [betree_node_lookup_back_def] Definition - - ⊢ ∀self key st. - betree_node_lookup_back self key st = - case self of - BetreeNodeInternal node => - do - (st0,msgs) <- - betree_load_internal_node_fwd node.betree_internal_id st; - pending <- - betree_node_lookup_first_message_for_key_fwd key msgs; - case pending of - BetreeListCons p l => - (let - (k,msg) = p - in - if k ≠ key then - monad_ignore_bind - (betree_node_lookup_first_message_for_key_back - key msgs (BetreeListCons (k,msg) l)) - do - node0 <- - betree_internal_lookup_in_children_back node - key st0; - Return (BetreeNodeInternal node0) - od - else - case msg of - BetreeMessageInsert v => - monad_ignore_bind - (betree_node_lookup_first_message_for_key_back - key msgs - (BetreeListCons (k,BetreeMessageInsert v) - l)) (Return (BetreeNodeInternal node)) - | BetreeMessageDelete => - monad_ignore_bind - (betree_node_lookup_first_message_for_key_back - key msgs - (BetreeListCons (k,BetreeMessageDelete) l)) - (Return (BetreeNodeInternal node)) - | BetreeMessageUpsert ufs => - do - (st1,v) <- - betree_internal_lookup_in_children_fwd node - key st0; - (st2,_) <- - betree_node_apply_upserts_fwd - (BetreeListCons - (k,BetreeMessageUpsert ufs) l) v key - st1; - node0 <- - betree_internal_lookup_in_children_back node - key st0; - pending0 <- - betree_node_apply_upserts_back - (BetreeListCons - (k,BetreeMessageUpsert ufs) l) v key - st1; - msgs0 <- - betree_node_lookup_first_message_for_key_back - key msgs pending0; - monad_ignore_bind - (betree_store_internal_node_fwd - node0.betree_internal_id msgs0 st2) - (Return (BetreeNodeInternal node0)) - od) - | BetreeListNil => - monad_ignore_bind - (betree_node_lookup_first_message_for_key_back key msgs - BetreeListNil) - do - node0 <- - betree_internal_lookup_in_children_back node key - st0; - Return (BetreeNodeInternal node0) - od - od - | BetreeNodeLeaf node' => - do - (_,bindings) <- - betree_load_leaf_node_fwd node'.betree_leaf_id st; - monad_ignore_bind - (betree_node_lookup_in_bindings_fwd key bindings) - (Return (BetreeNodeLeaf node')) - od - - [betree_node_lookup_first_message_after_key_back_def] Definition - - ⊢ ∀key msgs ret. - betree_node_lookup_first_message_after_key_back key msgs ret = - case msgs of - BetreeListCons p next_msgs => - (let - (k,m) = p - in - if k = key then - do - next_msgs0 <- - betree_node_lookup_first_message_after_key_back key - next_msgs ret; - Return (BetreeListCons (k,m) next_msgs0) - od - else Return ret) - | BetreeListNil => Return ret - - [betree_node_lookup_first_message_after_key_fwd_def] Definition - - ⊢ ∀key msgs. - betree_node_lookup_first_message_after_key_fwd key msgs = - case msgs of - BetreeListCons p next_msgs => - (let - (k,m) = p - in - if k = key then - betree_node_lookup_first_message_after_key_fwd key - next_msgs - else Return (BetreeListCons (k,m) next_msgs)) - | BetreeListNil => Return BetreeListNil - - [betree_node_lookup_first_message_for_key_back_def] Definition - - ⊢ ∀key msgs ret. - betree_node_lookup_first_message_for_key_back key msgs ret = - case msgs of - BetreeListCons x next_msgs => - (let - (i,m) = x - in - if u64_ge i key then Return ret - else - do - next_msgs0 <- - betree_node_lookup_first_message_for_key_back key - next_msgs ret; - Return (BetreeListCons (i,m) next_msgs0) - od) - | BetreeListNil => Return ret - - [betree_node_lookup_first_message_for_key_fwd_def] Definition - - ⊢ ∀key msgs. - betree_node_lookup_first_message_for_key_fwd key msgs = - case msgs of - BetreeListCons x next_msgs => - (let - (i,m) = x - in - if u64_ge i key then - Return (BetreeListCons (i,m) next_msgs) - else - betree_node_lookup_first_message_for_key_fwd key - next_msgs) - | BetreeListNil => Return BetreeListNil - - [betree_node_lookup_fwd_def] Definition - - ⊢ ∀self key st. - betree_node_lookup_fwd self key st = - case self of - BetreeNodeInternal node => - do - (st0,msgs) <- - betree_load_internal_node_fwd node.betree_internal_id st; - pending <- - betree_node_lookup_first_message_for_key_fwd key msgs; - case pending of - BetreeListCons p l => - (let - (k,msg) = p - in - if k ≠ key then - do - (st1,opt) <- - betree_internal_lookup_in_children_fwd node - key st0; - monad_ignore_bind - (betree_node_lookup_first_message_for_key_back - key msgs (BetreeListCons (k,msg) l)) - (Return (st1,opt)) - od - else - case msg of - BetreeMessageInsert v => - monad_ignore_bind - (betree_node_lookup_first_message_for_key_back - key msgs - (BetreeListCons (k,BetreeMessageInsert v) - l)) (Return (st0,SOME v)) - | BetreeMessageDelete => - monad_ignore_bind - (betree_node_lookup_first_message_for_key_back - key msgs - (BetreeListCons (k,BetreeMessageDelete) l)) - (Return (st0,NONE)) - | BetreeMessageUpsert ufs => - do - (st1,v) <- - betree_internal_lookup_in_children_fwd node - key st0; - (st2,v0) <- - betree_node_apply_upserts_fwd - (BetreeListCons - (k,BetreeMessageUpsert ufs) l) v key - st1; - node0 <- - betree_internal_lookup_in_children_back node - key st0; - pending0 <- - betree_node_apply_upserts_back - (BetreeListCons - (k,BetreeMessageUpsert ufs) l) v key - st1; - msgs0 <- - betree_node_lookup_first_message_for_key_back - key msgs pending0; - (st3,_) <- - betree_store_internal_node_fwd - node0.betree_internal_id msgs0 st2; - Return (st3,SOME v0) - od) - | BetreeListNil => - do - (st1,opt) <- - betree_internal_lookup_in_children_fwd node key st0; - monad_ignore_bind - (betree_node_lookup_first_message_for_key_back key - msgs BetreeListNil) (Return (st1,opt)) - od - od - | BetreeNodeLeaf node' => - do - (st0,bindings) <- - betree_load_leaf_node_fwd node'.betree_leaf_id st; - opt <- betree_node_lookup_in_bindings_fwd key bindings; - Return (st0,opt) - od - - [betree_node_lookup_in_bindings_fwd_def] Definition - - ⊢ ∀key bindings. - betree_node_lookup_in_bindings_fwd key bindings = - case bindings of - BetreeListCons hd tl => - (let - (i,i0) = hd - in - if i = key then Return (SOME i0) - else if u64_gt i key then Return NONE - else betree_node_lookup_in_bindings_fwd key tl) - | BetreeListNil => Return NONE - - [betree_node_lookup_mut_in_bindings_back_def] Definition - - ⊢ ∀key bindings ret. - betree_node_lookup_mut_in_bindings_back key bindings ret = - case bindings of - BetreeListCons hd tl => - (let - (i,i0) = hd - in - if u64_ge i key then Return ret - else - do - tl0 <- - betree_node_lookup_mut_in_bindings_back key tl ret; - Return (BetreeListCons (i,i0) tl0) - od) - | BetreeListNil => Return ret - - [betree_node_lookup_mut_in_bindings_fwd_def] Definition - - ⊢ ∀key bindings. - betree_node_lookup_mut_in_bindings_fwd key bindings = - case bindings of - BetreeListCons hd tl => - (let - (i,i0) = hd - in - if u64_ge i key then Return (BetreeListCons (i,i0) tl) - else betree_node_lookup_mut_in_bindings_fwd key tl) - | BetreeListNil => Return BetreeListNil - - [betree_store_internal_node_fwd_def] Definition - - ⊢ ∀id content st. - betree_store_internal_node_fwd id content st = - do - (st0,_) <- betree_utils_store_internal_node_fwd id content st; - Return (st0,()) - od - - [betree_store_leaf_node_fwd_def] Definition - - ⊢ ∀id content st. - betree_store_leaf_node_fwd id content st = - do - (st0,_) <- betree_utils_store_leaf_node_fwd id content st; - Return (st0,()) - od - - [betree_upsert_update_fwd_def] Definition - - ⊢ ∀prev st. - betree_upsert_update_fwd prev st = - case prev of - NONE => - (case st of - BetreeUpsertFunStateAdd v => Return v - | BetreeUpsertFunStateSub i => Return (int_to_u64 0)) - | SOME prev0 => - case st of - BetreeUpsertFunStateAdd v => - do - margin <- u64_sub core_u64_max prev0; - if u64_ge margin v then u64_add prev0 v - else Return core_u64_max - od - | BetreeUpsertFunStateSub v' => - if u64_ge prev0 v' then u64_sub prev0 v' - else Return (int_to_u64 0) - - [main_fwd_def] Definition - - ⊢ main_fwd = Return () - - -*) -end diff --git a/tests/hol4/betree/betreeMain_OpaqueScript.sml b/tests/hol4/betree/betreeMain_OpaqueScript.sml deleted file mode 100644 index 1d16db4c..00000000 --- a/tests/hol4/betree/betreeMain_OpaqueScript.sml +++ /dev/null @@ -1,26 +0,0 @@ -(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) -(** [betree_main]: external function declarations *) -open primitivesLib divDefLib -open betreeMain_TypesTheory - -val _ = new_theory "betreeMain_Opaque" - - -(** [betree_main::betree_utils::load_internal_node]: forward function *)val _ = new_constant ("betree_utils_load_internal_node_fwd", - “:u64 -> state -> (state # (u64 # betree_message_t) betree_list_t) - result”) - -(** [betree_main::betree_utils::store_internal_node]: forward function *)val _ = new_constant ("betree_utils_store_internal_node_fwd", - “:u64 -> (u64 # betree_message_t) betree_list_t -> state -> (state # unit) - result”) - -(** [betree_main::betree_utils::load_leaf_node]: forward function *)val _ = new_constant ("betree_utils_load_leaf_node_fwd", - “:u64 -> state -> (state # (u64 # u64) betree_list_t) result”) - -(** [betree_main::betree_utils::store_leaf_node]: forward function *)val _ = new_constant ("betree_utils_store_leaf_node_fwd", - “:u64 -> (u64 # u64) betree_list_t -> state -> (state # unit) result”) - -(** [core::option::Option::{0}::unwrap]: forward function *)val _ = new_constant ("core_option_option_unwrap_fwd", - “:'t option -> state -> (state # 't) result”) - -val _ = export_theory () diff --git a/tests/hol4/betree/betreeMain_OpaqueTheory.sig b/tests/hol4/betree/betreeMain_OpaqueTheory.sig deleted file mode 100644 index da7559a0..00000000 --- a/tests/hol4/betree/betreeMain_OpaqueTheory.sig +++ /dev/null @@ -1,11 +0,0 @@ -signature betreeMain_OpaqueTheory = -sig - type thm = Thm.thm - - val betreeMain_Opaque_grammars : type_grammar.grammar * term_grammar.grammar -(* - [betreeMain_Types] Parent theory of "betreeMain_Opaque" - - -*) -end diff --git a/tests/hol4/betree/betreeMain_TypesScript.sml b/tests/hol4/betree/betreeMain_TypesScript.sml deleted file mode 100644 index 779f6abb..00000000 --- a/tests/hol4/betree/betreeMain_TypesScript.sml +++ /dev/null @@ -1,76 +0,0 @@ -(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) -(** [betree_main]: type definitions *) -open primitivesLib divDefLib - -val _ = new_theory "betreeMain_Types" - - -Datatype: - (** [betree_main::betree::List] *) - betree_list_t = | BetreeListCons 't betree_list_t | BetreeListNil -End - -Datatype: - (** [betree_main::betree::UpsertFunState] *) - betree_upsert_fun_state_t = - | BetreeUpsertFunStateAdd u64 - | BetreeUpsertFunStateSub u64 -End - -Datatype: - (** [betree_main::betree::Message] *) - betree_message_t = - | BetreeMessageInsert u64 - | BetreeMessageDelete - | BetreeMessageUpsert betree_upsert_fun_state_t -End - -Datatype: - (** [betree_main::betree::Leaf] *) - betree_leaf_t = <| betree_leaf_id : u64; betree_leaf_size : u64; |> -End - -Datatype: - (** [betree_main::betree::Internal] *) - betree_internal_t = - <| - betree_internal_id : u64; - betree_internal_pivot : u64; - betree_internal_left : betree_node_t; - betree_internal_right : betree_node_t; - |> - ; - - (** [betree_main::betree::Node] *) - betree_node_t = - | BetreeNodeInternal betree_internal_t - | BetreeNodeLeaf betree_leaf_t -End - -Datatype: - (** [betree_main::betree::Params] *) - betree_params_t = - <| - betree_params_min_flush_size : u64; betree_params_split_size : u64; - |> -End - -Datatype: - (** [betree_main::betree::NodeIdCounter] *) - betree_node_id_counter_t = <| betree_node_id_counter_next_node_id : u64; |> -End - -Datatype: - (** [betree_main::betree::BeTree] *) - betree_be_tree_t = - <| - betree_be_tree_params : betree_params_t; - betree_be_tree_node_id_cnt : betree_node_id_counter_t; - betree_be_tree_root : betree_node_t; - |> -End - -(** The state type used in the state-error monad *) -val _ = new_type ("state", 0) - -val _ = export_theory () diff --git a/tests/hol4/betree/betreeMain_TypesTheory.sig b/tests/hol4/betree/betreeMain_TypesTheory.sig deleted file mode 100644 index cffe6afb..00000000 --- a/tests/hol4/betree/betreeMain_TypesTheory.sig +++ /dev/null @@ -1,1751 +0,0 @@ -signature betreeMain_TypesTheory = -sig - type thm = Thm.thm - - (* Definitions *) - val betree_be_tree_t_TY_DEF : thm - val betree_be_tree_t_betree_be_tree_node_id_cnt : thm - val betree_be_tree_t_betree_be_tree_node_id_cnt_fupd : thm - val betree_be_tree_t_betree_be_tree_params : thm - val betree_be_tree_t_betree_be_tree_params_fupd : thm - val betree_be_tree_t_betree_be_tree_root : thm - val betree_be_tree_t_betree_be_tree_root_fupd : thm - val betree_be_tree_t_case_def : thm - val betree_be_tree_t_size_def : thm - val betree_internal_t_TY_DEF : thm - val betree_internal_t_betree_internal_id : thm - val betree_internal_t_betree_internal_id_fupd : thm - val betree_internal_t_betree_internal_left : thm - val betree_internal_t_betree_internal_left_fupd : thm - val betree_internal_t_betree_internal_pivot : thm - val betree_internal_t_betree_internal_pivot_fupd : thm - val betree_internal_t_betree_internal_right : thm - val betree_internal_t_betree_internal_right_fupd : thm - val betree_internal_t_case_def : thm - val betree_internal_t_size_def : thm - val betree_leaf_t_TY_DEF : thm - val betree_leaf_t_betree_leaf_id : thm - val betree_leaf_t_betree_leaf_id_fupd : thm - val betree_leaf_t_betree_leaf_size : thm - val betree_leaf_t_betree_leaf_size_fupd : thm - val betree_leaf_t_case_def : thm - val betree_leaf_t_size_def : thm - val betree_list_t_TY_DEF : thm - val betree_list_t_case_def : thm - val betree_list_t_size_def : thm - val betree_message_t_TY_DEF : thm - val betree_message_t_case_def : thm - val betree_message_t_size_def : thm - val betree_node_id_counter_t_TY_DEF : thm - val betree_node_id_counter_t_betree_node_id_counter_next_node_id : thm - val betree_node_id_counter_t_betree_node_id_counter_next_node_id_fupd : thm - val betree_node_id_counter_t_case_def : thm - val betree_node_id_counter_t_size_def : thm - val betree_node_t_TY_DEF : thm - val betree_node_t_case_def : thm - val betree_params_t_TY_DEF : thm - val betree_params_t_betree_params_min_flush_size : thm - val betree_params_t_betree_params_min_flush_size_fupd : thm - val betree_params_t_betree_params_split_size : thm - val betree_params_t_betree_params_split_size_fupd : thm - val betree_params_t_case_def : thm - val betree_params_t_size_def : thm - val betree_upsert_fun_state_t_TY_DEF : thm - val betree_upsert_fun_state_t_case_def : thm - val betree_upsert_fun_state_t_size_def : thm - - (* Theorems *) - val EXISTS_betree_be_tree_t : thm - val EXISTS_betree_internal_t : thm - val EXISTS_betree_leaf_t : thm - val EXISTS_betree_node_id_counter_t : thm - val EXISTS_betree_params_t : thm - val FORALL_betree_be_tree_t : thm - val FORALL_betree_internal_t : thm - val FORALL_betree_leaf_t : thm - val FORALL_betree_node_id_counter_t : thm - val FORALL_betree_params_t : thm - val betree_be_tree_t_11 : thm - val betree_be_tree_t_Axiom : thm - val betree_be_tree_t_accessors : thm - val betree_be_tree_t_accfupds : thm - val betree_be_tree_t_case_cong : thm - val betree_be_tree_t_case_eq : thm - val betree_be_tree_t_component_equality : thm - val betree_be_tree_t_fn_updates : thm - val betree_be_tree_t_fupdcanon : thm - val betree_be_tree_t_fupdcanon_comp : thm - val betree_be_tree_t_fupdfupds : thm - val betree_be_tree_t_fupdfupds_comp : thm - val betree_be_tree_t_induction : thm - val betree_be_tree_t_literal_11 : thm - val betree_be_tree_t_literal_nchotomy : thm - val betree_be_tree_t_nchotomy : thm - val betree_be_tree_t_updates_eq_literal : thm - val betree_internal_t_11 : thm - val betree_internal_t_Axiom : thm - val betree_internal_t_accessors : thm - val betree_internal_t_accfupds : thm - val betree_internal_t_case_cong : thm - val betree_internal_t_case_eq : thm - val betree_internal_t_component_equality : thm - val betree_internal_t_fn_updates : thm - val betree_internal_t_fupdcanon : thm - val betree_internal_t_fupdcanon_comp : thm - val betree_internal_t_fupdfupds : thm - val betree_internal_t_fupdfupds_comp : thm - val betree_internal_t_induction : thm - val betree_internal_t_literal_11 : thm - val betree_internal_t_literal_nchotomy : thm - val betree_internal_t_nchotomy : thm - val betree_internal_t_updates_eq_literal : thm - val betree_leaf_t_11 : thm - val betree_leaf_t_Axiom : thm - val betree_leaf_t_accessors : thm - val betree_leaf_t_accfupds : thm - val betree_leaf_t_case_cong : thm - val betree_leaf_t_case_eq : thm - val betree_leaf_t_component_equality : thm - val betree_leaf_t_fn_updates : thm - val betree_leaf_t_fupdcanon : thm - val betree_leaf_t_fupdcanon_comp : thm - val betree_leaf_t_fupdfupds : thm - val betree_leaf_t_fupdfupds_comp : thm - val betree_leaf_t_induction : thm - val betree_leaf_t_literal_11 : thm - val betree_leaf_t_literal_nchotomy : thm - val betree_leaf_t_nchotomy : thm - val betree_leaf_t_updates_eq_literal : thm - val betree_list_t_11 : thm - val betree_list_t_Axiom : thm - val betree_list_t_case_cong : thm - val betree_list_t_case_eq : thm - val betree_list_t_distinct : thm - val betree_list_t_induction : thm - val betree_list_t_nchotomy : thm - val betree_message_t_11 : thm - val betree_message_t_Axiom : thm - val betree_message_t_case_cong : thm - val betree_message_t_case_eq : thm - val betree_message_t_distinct : thm - val betree_message_t_induction : thm - val betree_message_t_nchotomy : thm - val betree_node_id_counter_t_11 : thm - val betree_node_id_counter_t_Axiom : thm - val betree_node_id_counter_t_accessors : thm - val betree_node_id_counter_t_accfupds : thm - val betree_node_id_counter_t_case_cong : thm - val betree_node_id_counter_t_case_eq : thm - val betree_node_id_counter_t_component_equality : thm - val betree_node_id_counter_t_fn_updates : thm - val betree_node_id_counter_t_fupdfupds : thm - val betree_node_id_counter_t_fupdfupds_comp : thm - val betree_node_id_counter_t_induction : thm - val betree_node_id_counter_t_literal_11 : thm - val betree_node_id_counter_t_literal_nchotomy : thm - val betree_node_id_counter_t_nchotomy : thm - val betree_node_id_counter_t_updates_eq_literal : thm - val betree_node_t_11 : thm - val betree_node_t_Axiom : thm - val betree_node_t_case_cong : thm - val betree_node_t_case_eq : thm - val betree_node_t_distinct : thm - val betree_node_t_induction : thm - val betree_node_t_nchotomy : thm - val betree_params_t_11 : thm - val betree_params_t_Axiom : thm - val betree_params_t_accessors : thm - val betree_params_t_accfupds : thm - val betree_params_t_case_cong : thm - val betree_params_t_case_eq : thm - val betree_params_t_component_equality : thm - val betree_params_t_fn_updates : thm - val betree_params_t_fupdcanon : thm - val betree_params_t_fupdcanon_comp : thm - val betree_params_t_fupdfupds : thm - val betree_params_t_fupdfupds_comp : thm - val betree_params_t_induction : thm - val betree_params_t_literal_11 : thm - val betree_params_t_literal_nchotomy : thm - val betree_params_t_nchotomy : thm - val betree_params_t_updates_eq_literal : thm - val betree_upsert_fun_state_t_11 : thm - val betree_upsert_fun_state_t_Axiom : thm - val betree_upsert_fun_state_t_case_cong : thm - val betree_upsert_fun_state_t_case_eq : thm - val betree_upsert_fun_state_t_distinct : thm - val betree_upsert_fun_state_t_induction : thm - val betree_upsert_fun_state_t_nchotomy : thm - val datatype_betree_be_tree_t : thm - val datatype_betree_internal_t : thm - val datatype_betree_leaf_t : thm - val datatype_betree_list_t : thm - val datatype_betree_message_t : thm - val datatype_betree_node_id_counter_t : thm - val datatype_betree_params_t : thm - val datatype_betree_upsert_fun_state_t : thm - - val betreeMain_Types_grammars : type_grammar.grammar * term_grammar.grammar -(* - [divDef] Parent theory of "betreeMain_Types" - - [betree_be_tree_t_TY_DEF] Definition - - ⊢ ∃rep. - TYPE_DEFINITION - (λa0'. - ∀ $var$('betree_be_tree_t'). - (∀a0'. - (∃a0 a1 a2. - a0' = - (λa0 a1 a2. - ind_type$CONSTR 0 (a0,a1,a2) - (λn. ind_type$BOTTOM)) a0 a1 a2) ⇒ - $var$('betree_be_tree_t') a0') ⇒ - $var$('betree_be_tree_t') a0') rep - - [betree_be_tree_t_betree_be_tree_node_id_cnt] Definition - - ⊢ ∀b b0 b1. - (betree_be_tree_t b b0 b1).betree_be_tree_node_id_cnt = b0 - - [betree_be_tree_t_betree_be_tree_node_id_cnt_fupd] Definition - - ⊢ ∀f b b0 b1. - betree_be_tree_t b b0 b1 with - betree_be_tree_node_id_cnt updated_by f = - betree_be_tree_t b (f b0) b1 - - [betree_be_tree_t_betree_be_tree_params] Definition - - ⊢ ∀b b0 b1. (betree_be_tree_t b b0 b1).betree_be_tree_params = b - - [betree_be_tree_t_betree_be_tree_params_fupd] Definition - - ⊢ ∀f b b0 b1. - betree_be_tree_t b b0 b1 with betree_be_tree_params updated_by f = - betree_be_tree_t (f b) b0 b1 - - [betree_be_tree_t_betree_be_tree_root] Definition - - ⊢ ∀b b0 b1. (betree_be_tree_t b b0 b1).betree_be_tree_root = b1 - - [betree_be_tree_t_betree_be_tree_root_fupd] Definition - - ⊢ ∀f b b0 b1. - betree_be_tree_t b b0 b1 with betree_be_tree_root updated_by f = - betree_be_tree_t b b0 (f b1) - - [betree_be_tree_t_case_def] Definition - - ⊢ ∀a0 a1 a2 f. - betree_be_tree_t_CASE (betree_be_tree_t a0 a1 a2) f = f a0 a1 a2 - - [betree_be_tree_t_size_def] Definition - - ⊢ ∀a0 a1 a2. - betree_be_tree_t_size (betree_be_tree_t a0 a1 a2) = - 1 + - (betree_params_t_size a0 + - (betree_node_id_counter_t_size a1 + betree_node_t_size a2)) - - [betree_internal_t_TY_DEF] Definition - - ⊢ ∃rep. - TYPE_DEFINITION - (λa0'. - ∀ $var$('betree_internal_t') $var$('betree_node_t'). - (∀a0'. - (∃a0 a1 a2 a3. - a0' = - (λa0 a1 a2 a3. - ind_type$CONSTR 0 (a0,a1,ARB) - (ind_type$FCONS a2 - (ind_type$FCONS a3 (λn. ind_type$BOTTOM)))) - a0 a1 a2 a3 ∧ $var$('betree_node_t') a2 ∧ - $var$('betree_node_t') a3) ⇒ - $var$('betree_internal_t') a0') ∧ - (∀a1'. - (∃a. a1' = - (λa. - ind_type$CONSTR (SUC 0) (ARB,ARB,ARB) - (ind_type$FCONS a (λn. ind_type$BOTTOM))) - a ∧ $var$('betree_internal_t') a) ∨ - (∃a. a1' = - (λa. - ind_type$CONSTR (SUC (SUC 0)) (ARB,ARB,a) - (λn. ind_type$BOTTOM)) a) ⇒ - $var$('betree_node_t') a1') ⇒ - $var$('betree_internal_t') a0') rep - - [betree_internal_t_betree_internal_id] Definition - - ⊢ ∀u u0 b b0. (betree_internal_t u u0 b b0).betree_internal_id = u - - [betree_internal_t_betree_internal_id_fupd] Definition - - ⊢ ∀f u u0 b b0. - betree_internal_t u u0 b b0 with betree_internal_id updated_by f = - betree_internal_t (f u) u0 b b0 - - [betree_internal_t_betree_internal_left] Definition - - ⊢ ∀u u0 b b0. (betree_internal_t u u0 b b0).betree_internal_left = b - - [betree_internal_t_betree_internal_left_fupd] Definition - - ⊢ ∀f u u0 b b0. - betree_internal_t u u0 b b0 with - betree_internal_left updated_by f = - betree_internal_t u u0 (f b) b0 - - [betree_internal_t_betree_internal_pivot] Definition - - ⊢ ∀u u0 b b0. - (betree_internal_t u u0 b b0).betree_internal_pivot = u0 - - [betree_internal_t_betree_internal_pivot_fupd] Definition - - ⊢ ∀f u u0 b b0. - betree_internal_t u u0 b b0 with - betree_internal_pivot updated_by f = - betree_internal_t u (f u0) b b0 - - [betree_internal_t_betree_internal_right] Definition - - ⊢ ∀u u0 b b0. - (betree_internal_t u u0 b b0).betree_internal_right = b0 - - [betree_internal_t_betree_internal_right_fupd] Definition - - ⊢ ∀f u u0 b b0. - betree_internal_t u u0 b b0 with - betree_internal_right updated_by f = - betree_internal_t u u0 b (f b0) - - [betree_internal_t_case_def] Definition - - ⊢ ∀a0 a1 a2 a3 f. - betree_internal_t_CASE (betree_internal_t a0 a1 a2 a3) f = - f a0 a1 a2 a3 - - [betree_internal_t_size_def] Definition - - ⊢ (∀a0 a1 a2 a3. - betree_internal_t_size (betree_internal_t a0 a1 a2 a3) = - 1 + (betree_node_t_size a2 + betree_node_t_size a3)) ∧ - (∀a. betree_node_t_size (BetreeNodeInternal a) = - 1 + betree_internal_t_size a) ∧ - ∀a. betree_node_t_size (BetreeNodeLeaf a) = - 1 + betree_leaf_t_size a - - [betree_leaf_t_TY_DEF] Definition - - ⊢ ∃rep. - TYPE_DEFINITION - (λa0'. - ∀ $var$('betree_leaf_t'). - (∀a0'. - (∃a0 a1. - a0' = - (λa0 a1. - ind_type$CONSTR 0 (a0,a1) - (λn. ind_type$BOTTOM)) a0 a1) ⇒ - $var$('betree_leaf_t') a0') ⇒ - $var$('betree_leaf_t') a0') rep - - [betree_leaf_t_betree_leaf_id] Definition - - ⊢ ∀u u0. (betree_leaf_t u u0).betree_leaf_id = u - - [betree_leaf_t_betree_leaf_id_fupd] Definition - - ⊢ ∀f u u0. - betree_leaf_t u u0 with betree_leaf_id updated_by f = - betree_leaf_t (f u) u0 - - [betree_leaf_t_betree_leaf_size] Definition - - ⊢ ∀u u0. (betree_leaf_t u u0).betree_leaf_size = u0 - - [betree_leaf_t_betree_leaf_size_fupd] Definition - - ⊢ ∀f u u0. - betree_leaf_t u u0 with betree_leaf_size updated_by f = - betree_leaf_t u (f u0) - - [betree_leaf_t_case_def] Definition - - ⊢ ∀a0 a1 f. betree_leaf_t_CASE (betree_leaf_t a0 a1) f = f a0 a1 - - [betree_leaf_t_size_def] Definition - - ⊢ ∀a0 a1. betree_leaf_t_size (betree_leaf_t a0 a1) = 1 - - [betree_list_t_TY_DEF] Definition - - ⊢ ∃rep. - TYPE_DEFINITION - (λa0'. - ∀ $var$('betree_list_t'). - (∀a0'. - (∃a0 a1. - a0' = - (λa0 a1. - ind_type$CONSTR 0 a0 - (ind_type$FCONS a1 (λn. ind_type$BOTTOM))) - a0 a1 ∧ $var$('betree_list_t') a1) ∨ - a0' = - ind_type$CONSTR (SUC 0) ARB (λn. ind_type$BOTTOM) ⇒ - $var$('betree_list_t') a0') ⇒ - $var$('betree_list_t') a0') rep - - [betree_list_t_case_def] Definition - - ⊢ (∀a0 a1 f v. - betree_list_t_CASE (BetreeListCons a0 a1) f v = f a0 a1) ∧ - ∀f v. betree_list_t_CASE BetreeListNil f v = v - - [betree_list_t_size_def] Definition - - ⊢ (∀f a0 a1. - betree_list_t_size f (BetreeListCons a0 a1) = - 1 + (f a0 + betree_list_t_size f a1)) ∧ - ∀f. betree_list_t_size f BetreeListNil = 0 - - [betree_message_t_TY_DEF] Definition - - ⊢ ∃rep. - TYPE_DEFINITION - (λa0. - ∀ $var$('betree_message_t'). - (∀a0. - (∃a. a0 = - (λa. - ind_type$CONSTR 0 (a,ARB) - (λn. ind_type$BOTTOM)) a) ∨ - a0 = - ind_type$CONSTR (SUC 0) (ARB,ARB) - (λn. ind_type$BOTTOM) ∨ - (∃a. a0 = - (λa. - ind_type$CONSTR (SUC (SUC 0)) (ARB,a) - (λn. ind_type$BOTTOM)) a) ⇒ - $var$('betree_message_t') a0) ⇒ - $var$('betree_message_t') a0) rep - - [betree_message_t_case_def] Definition - - ⊢ (∀a f v f1. - betree_message_t_CASE (BetreeMessageInsert a) f v f1 = f a) ∧ - (∀f v f1. betree_message_t_CASE BetreeMessageDelete f v f1 = v) ∧ - ∀a f v f1. - betree_message_t_CASE (BetreeMessageUpsert a) f v f1 = f1 a - - [betree_message_t_size_def] Definition - - ⊢ (∀a. betree_message_t_size (BetreeMessageInsert a) = 1) ∧ - betree_message_t_size BetreeMessageDelete = 0 ∧ - ∀a. betree_message_t_size (BetreeMessageUpsert a) = - 1 + betree_upsert_fun_state_t_size a - - [betree_node_id_counter_t_TY_DEF] Definition - - ⊢ ∃rep. - TYPE_DEFINITION - (λa0. - ∀ $var$('betree_node_id_counter_t'). - (∀a0. - (∃a. a0 = - (λa. ind_type$CONSTR 0 a (λn. ind_type$BOTTOM)) - a) ⇒ - $var$('betree_node_id_counter_t') a0) ⇒ - $var$('betree_node_id_counter_t') a0) rep - - [betree_node_id_counter_t_betree_node_id_counter_next_node_id] Definition - - ⊢ ∀u. (betree_node_id_counter_t u). - betree_node_id_counter_next_node_id = - u - - [betree_node_id_counter_t_betree_node_id_counter_next_node_id_fupd] Definition - - ⊢ ∀f u. - betree_node_id_counter_t u with - betree_node_id_counter_next_node_id updated_by f = - betree_node_id_counter_t (f u) - - [betree_node_id_counter_t_case_def] Definition - - ⊢ ∀a f. - betree_node_id_counter_t_CASE (betree_node_id_counter_t a) f = - f a - - [betree_node_id_counter_t_size_def] Definition - - ⊢ ∀a. betree_node_id_counter_t_size (betree_node_id_counter_t a) = 1 - - [betree_node_t_TY_DEF] Definition - - ⊢ ∃rep. - TYPE_DEFINITION - (λa1'. - ∀ $var$('betree_internal_t') $var$('betree_node_t'). - (∀a0'. - (∃a0 a1 a2 a3. - a0' = - (λa0 a1 a2 a3. - ind_type$CONSTR 0 (a0,a1,ARB) - (ind_type$FCONS a2 - (ind_type$FCONS a3 (λn. ind_type$BOTTOM)))) - a0 a1 a2 a3 ∧ $var$('betree_node_t') a2 ∧ - $var$('betree_node_t') a3) ⇒ - $var$('betree_internal_t') a0') ∧ - (∀a1'. - (∃a. a1' = - (λa. - ind_type$CONSTR (SUC 0) (ARB,ARB,ARB) - (ind_type$FCONS a (λn. ind_type$BOTTOM))) - a ∧ $var$('betree_internal_t') a) ∨ - (∃a. a1' = - (λa. - ind_type$CONSTR (SUC (SUC 0)) (ARB,ARB,a) - (λn. ind_type$BOTTOM)) a) ⇒ - $var$('betree_node_t') a1') ⇒ - $var$('betree_node_t') a1') rep - - [betree_node_t_case_def] Definition - - ⊢ (∀a f f1. betree_node_t_CASE (BetreeNodeInternal a) f f1 = f a) ∧ - ∀a f f1. betree_node_t_CASE (BetreeNodeLeaf a) f f1 = f1 a - - [betree_params_t_TY_DEF] Definition - - ⊢ ∃rep. - TYPE_DEFINITION - (λa0'. - ∀ $var$('betree_params_t'). - (∀a0'. - (∃a0 a1. - a0' = - (λa0 a1. - ind_type$CONSTR 0 (a0,a1) - (λn. ind_type$BOTTOM)) a0 a1) ⇒ - $var$('betree_params_t') a0') ⇒ - $var$('betree_params_t') a0') rep - - [betree_params_t_betree_params_min_flush_size] Definition - - ⊢ ∀u u0. (betree_params_t u u0).betree_params_min_flush_size = u - - [betree_params_t_betree_params_min_flush_size_fupd] Definition - - ⊢ ∀f u u0. - betree_params_t u u0 with - betree_params_min_flush_size updated_by f = - betree_params_t (f u) u0 - - [betree_params_t_betree_params_split_size] Definition - - ⊢ ∀u u0. (betree_params_t u u0).betree_params_split_size = u0 - - [betree_params_t_betree_params_split_size_fupd] Definition - - ⊢ ∀f u u0. - betree_params_t u u0 with betree_params_split_size updated_by f = - betree_params_t u (f u0) - - [betree_params_t_case_def] Definition - - ⊢ ∀a0 a1 f. betree_params_t_CASE (betree_params_t a0 a1) f = f a0 a1 - - [betree_params_t_size_def] Definition - - ⊢ ∀a0 a1. betree_params_t_size (betree_params_t a0 a1) = 1 - - [betree_upsert_fun_state_t_TY_DEF] Definition - - ⊢ ∃rep. - TYPE_DEFINITION - (λa0. - ∀ $var$('betree_upsert_fun_state_t'). - (∀a0. - (∃a. a0 = - (λa. ind_type$CONSTR 0 a (λn. ind_type$BOTTOM)) - a) ∨ - (∃a. a0 = - (λa. - ind_type$CONSTR (SUC 0) a - (λn. ind_type$BOTTOM)) a) ⇒ - $var$('betree_upsert_fun_state_t') a0) ⇒ - $var$('betree_upsert_fun_state_t') a0) rep - - [betree_upsert_fun_state_t_case_def] Definition - - ⊢ (∀a f f1. - betree_upsert_fun_state_t_CASE (BetreeUpsertFunStateAdd a) f f1 = - f a) ∧ - ∀a f f1. - betree_upsert_fun_state_t_CASE (BetreeUpsertFunStateSub a) f f1 = - f1 a - - [betree_upsert_fun_state_t_size_def] Definition - - ⊢ (∀a. betree_upsert_fun_state_t_size (BetreeUpsertFunStateAdd a) = 1) ∧ - ∀a. betree_upsert_fun_state_t_size (BetreeUpsertFunStateSub a) = 1 - - [EXISTS_betree_be_tree_t] Theorem - - ⊢ ∀P. (∃b. P b) ⇔ - ∃b2 b1 b0. - P - <|betree_be_tree_params := b2; - betree_be_tree_node_id_cnt := b1; - betree_be_tree_root := b0|> - - [EXISTS_betree_internal_t] Theorem - - ⊢ ∀P. (∃b. P b) ⇔ - ∃u0 u b1 b0. - P - <|betree_internal_id := u0; betree_internal_pivot := u; - betree_internal_left := b1; betree_internal_right := b0|> - - [EXISTS_betree_leaf_t] Theorem - - ⊢ ∀P. (∃b. P b) ⇔ - ∃u0 u. P <|betree_leaf_id := u0; betree_leaf_size := u|> - - [EXISTS_betree_node_id_counter_t] Theorem - - ⊢ ∀P. (∃b. P b) ⇔ ∃u. P <|betree_node_id_counter_next_node_id := u|> - - [EXISTS_betree_params_t] Theorem - - ⊢ ∀P. (∃b. P b) ⇔ - ∃u0 u. - P - <|betree_params_min_flush_size := u0; - betree_params_split_size := u|> - - [FORALL_betree_be_tree_t] Theorem - - ⊢ ∀P. (∀b. P b) ⇔ - ∀b2 b1 b0. - P - <|betree_be_tree_params := b2; - betree_be_tree_node_id_cnt := b1; - betree_be_tree_root := b0|> - - [FORALL_betree_internal_t] Theorem - - ⊢ ∀P. (∀b. P b) ⇔ - ∀u0 u b1 b0. - P - <|betree_internal_id := u0; betree_internal_pivot := u; - betree_internal_left := b1; betree_internal_right := b0|> - - [FORALL_betree_leaf_t] Theorem - - ⊢ ∀P. (∀b. P b) ⇔ - ∀u0 u. P <|betree_leaf_id := u0; betree_leaf_size := u|> - - [FORALL_betree_node_id_counter_t] Theorem - - ⊢ ∀P. (∀b. P b) ⇔ ∀u. P <|betree_node_id_counter_next_node_id := u|> - - [FORALL_betree_params_t] Theorem - - ⊢ ∀P. (∀b. P b) ⇔ - ∀u0 u. - P - <|betree_params_min_flush_size := u0; - betree_params_split_size := u|> - - [betree_be_tree_t_11] Theorem - - ⊢ ∀a0 a1 a2 a0' a1' a2'. - betree_be_tree_t a0 a1 a2 = betree_be_tree_t a0' a1' a2' ⇔ - a0 = a0' ∧ a1 = a1' ∧ a2 = a2' - - [betree_be_tree_t_Axiom] Theorem - - ⊢ ∀f. ∃fn. ∀a0 a1 a2. fn (betree_be_tree_t a0 a1 a2) = f a0 a1 a2 - - [betree_be_tree_t_accessors] Theorem - - ⊢ (∀b b0 b1. (betree_be_tree_t b b0 b1).betree_be_tree_params = b) ∧ - (∀b b0 b1. - (betree_be_tree_t b b0 b1).betree_be_tree_node_id_cnt = b0) ∧ - ∀b b0 b1. (betree_be_tree_t b b0 b1).betree_be_tree_root = b1 - - [betree_be_tree_t_accfupds] Theorem - - ⊢ (∀f b. - (b with betree_be_tree_node_id_cnt updated_by f). - betree_be_tree_params = - b.betree_be_tree_params) ∧ - (∀f b. - (b with betree_be_tree_root updated_by f).betree_be_tree_params = - b.betree_be_tree_params) ∧ - (∀f b. - (b with betree_be_tree_params updated_by f). - betree_be_tree_node_id_cnt = - b.betree_be_tree_node_id_cnt) ∧ - (∀f b. - (b with betree_be_tree_root updated_by f). - betree_be_tree_node_id_cnt = - b.betree_be_tree_node_id_cnt) ∧ - (∀f b. - (b with betree_be_tree_params updated_by f).betree_be_tree_root = - b.betree_be_tree_root) ∧ - (∀f b. - (b with betree_be_tree_node_id_cnt updated_by f). - betree_be_tree_root = - b.betree_be_tree_root) ∧ - (∀f b. - (b with betree_be_tree_params updated_by f). - betree_be_tree_params = - f b.betree_be_tree_params) ∧ - (∀f b. - (b with betree_be_tree_node_id_cnt updated_by f). - betree_be_tree_node_id_cnt = - f b.betree_be_tree_node_id_cnt) ∧ - ∀f b. - (b with betree_be_tree_root updated_by f).betree_be_tree_root = - f b.betree_be_tree_root - - [betree_be_tree_t_case_cong] Theorem - - ⊢ ∀M M' f. - M = M' ∧ - (∀a0 a1 a2. - M' = betree_be_tree_t a0 a1 a2 ⇒ f a0 a1 a2 = f' a0 a1 a2) ⇒ - betree_be_tree_t_CASE M f = betree_be_tree_t_CASE M' f' - - [betree_be_tree_t_case_eq] Theorem - - ⊢ betree_be_tree_t_CASE x f = v ⇔ - ∃b b0 b1. x = betree_be_tree_t b b0 b1 ∧ f b b0 b1 = v - - [betree_be_tree_t_component_equality] Theorem - - ⊢ ∀b1 b2. - b1 = b2 ⇔ - b1.betree_be_tree_params = b2.betree_be_tree_params ∧ - b1.betree_be_tree_node_id_cnt = b2.betree_be_tree_node_id_cnt ∧ - b1.betree_be_tree_root = b2.betree_be_tree_root - - [betree_be_tree_t_fn_updates] Theorem - - ⊢ (∀f b b0 b1. - betree_be_tree_t b b0 b1 with betree_be_tree_params updated_by f = - betree_be_tree_t (f b) b0 b1) ∧ - (∀f b b0 b1. - betree_be_tree_t b b0 b1 with - betree_be_tree_node_id_cnt updated_by f = - betree_be_tree_t b (f b0) b1) ∧ - ∀f b b0 b1. - betree_be_tree_t b b0 b1 with betree_be_tree_root updated_by f = - betree_be_tree_t b b0 (f b1) - - [betree_be_tree_t_fupdcanon] Theorem - - ⊢ (∀g f b. - b with - <|betree_be_tree_node_id_cnt updated_by f; - betree_be_tree_params updated_by g|> = - b with - <|betree_be_tree_params updated_by g; - betree_be_tree_node_id_cnt updated_by f|>) ∧ - (∀g f b. - b with - <|betree_be_tree_root updated_by f; - betree_be_tree_params updated_by g|> = - b with - <|betree_be_tree_params updated_by g; - betree_be_tree_root updated_by f|>) ∧ - ∀g f b. - b with - <|betree_be_tree_root updated_by f; - betree_be_tree_node_id_cnt updated_by g|> = - b with - <|betree_be_tree_node_id_cnt updated_by g; - betree_be_tree_root updated_by f|> - - [betree_be_tree_t_fupdcanon_comp] Theorem - - ⊢ ((∀g f. - betree_be_tree_node_id_cnt_fupd f ∘ - betree_be_tree_params_fupd g = - betree_be_tree_params_fupd g ∘ - betree_be_tree_node_id_cnt_fupd f) ∧ - ∀h g f. - betree_be_tree_node_id_cnt_fupd f ∘ - betree_be_tree_params_fupd g ∘ h = - betree_be_tree_params_fupd g ∘ - betree_be_tree_node_id_cnt_fupd f ∘ h) ∧ - ((∀g f. - betree_be_tree_root_fupd f ∘ betree_be_tree_params_fupd g = - betree_be_tree_params_fupd g ∘ betree_be_tree_root_fupd f) ∧ - ∀h g f. - betree_be_tree_root_fupd f ∘ betree_be_tree_params_fupd g ∘ h = - betree_be_tree_params_fupd g ∘ betree_be_tree_root_fupd f ∘ h) ∧ - (∀g f. - betree_be_tree_root_fupd f ∘ betree_be_tree_node_id_cnt_fupd g = - betree_be_tree_node_id_cnt_fupd g ∘ betree_be_tree_root_fupd f) ∧ - ∀h g f. - betree_be_tree_root_fupd f ∘ betree_be_tree_node_id_cnt_fupd g ∘ - h = - betree_be_tree_node_id_cnt_fupd g ∘ betree_be_tree_root_fupd f ∘ - h - - [betree_be_tree_t_fupdfupds] Theorem - - ⊢ (∀g f b. - b with - <|betree_be_tree_params updated_by f; - betree_be_tree_params updated_by g|> = - b with betree_be_tree_params updated_by f ∘ g) ∧ - (∀g f b. - b with - <|betree_be_tree_node_id_cnt updated_by f; - betree_be_tree_node_id_cnt updated_by g|> = - b with betree_be_tree_node_id_cnt updated_by f ∘ g) ∧ - ∀g f b. - b with - <|betree_be_tree_root updated_by f; - betree_be_tree_root updated_by g|> = - b with betree_be_tree_root updated_by f ∘ g - - [betree_be_tree_t_fupdfupds_comp] Theorem - - ⊢ ((∀g f. - betree_be_tree_params_fupd f ∘ betree_be_tree_params_fupd g = - betree_be_tree_params_fupd (f ∘ g)) ∧ - ∀h g f. - betree_be_tree_params_fupd f ∘ betree_be_tree_params_fupd g ∘ h = - betree_be_tree_params_fupd (f ∘ g) ∘ h) ∧ - ((∀g f. - betree_be_tree_node_id_cnt_fupd f ∘ - betree_be_tree_node_id_cnt_fupd g = - betree_be_tree_node_id_cnt_fupd (f ∘ g)) ∧ - ∀h g f. - betree_be_tree_node_id_cnt_fupd f ∘ - betree_be_tree_node_id_cnt_fupd g ∘ h = - betree_be_tree_node_id_cnt_fupd (f ∘ g) ∘ h) ∧ - (∀g f. - betree_be_tree_root_fupd f ∘ betree_be_tree_root_fupd g = - betree_be_tree_root_fupd (f ∘ g)) ∧ - ∀h g f. - betree_be_tree_root_fupd f ∘ betree_be_tree_root_fupd g ∘ h = - betree_be_tree_root_fupd (f ∘ g) ∘ h - - [betree_be_tree_t_induction] Theorem - - ⊢ ∀P. (∀b b0 b1. P (betree_be_tree_t b b0 b1)) ⇒ ∀b. P b - - [betree_be_tree_t_literal_11] Theorem - - ⊢ ∀b21 b11 b01 b22 b12 b02. - <|betree_be_tree_params := b21; - betree_be_tree_node_id_cnt := b11; betree_be_tree_root := b01|> = - <|betree_be_tree_params := b22; - betree_be_tree_node_id_cnt := b12; betree_be_tree_root := b02|> ⇔ - b21 = b22 ∧ b11 = b12 ∧ b01 = b02 - - [betree_be_tree_t_literal_nchotomy] Theorem - - ⊢ ∀b. ∃b2 b1 b0. - b = - <|betree_be_tree_params := b2; betree_be_tree_node_id_cnt := b1; - betree_be_tree_root := b0|> - - [betree_be_tree_t_nchotomy] Theorem - - ⊢ ∀bb. ∃b b0 b1. bb = betree_be_tree_t b b0 b1 - - [betree_be_tree_t_updates_eq_literal] Theorem - - ⊢ ∀b b2 b1 b0. - b with - <|betree_be_tree_params := b2; betree_be_tree_node_id_cnt := b1; - betree_be_tree_root := b0|> = - <|betree_be_tree_params := b2; betree_be_tree_node_id_cnt := b1; - betree_be_tree_root := b0|> - - [betree_internal_t_11] Theorem - - ⊢ ∀a0 a1 a2 a3 a0' a1' a2' a3'. - betree_internal_t a0 a1 a2 a3 = betree_internal_t a0' a1' a2' a3' ⇔ - a0 = a0' ∧ a1 = a1' ∧ a2 = a2' ∧ a3 = a3' - - [betree_internal_t_Axiom] Theorem - - ⊢ ∀f0 f1 f2. ∃fn0 fn1. - (∀a0 a1 a2 a3. - fn0 (betree_internal_t a0 a1 a2 a3) = - f0 a0 a1 a2 a3 (fn1 a2) (fn1 a3)) ∧ - (∀a. fn1 (BetreeNodeInternal a) = f1 a (fn0 a)) ∧ - ∀a. fn1 (BetreeNodeLeaf a) = f2 a - - [betree_internal_t_accessors] Theorem - - ⊢ (∀u u0 b b0. (betree_internal_t u u0 b b0).betree_internal_id = u) ∧ - (∀u u0 b b0. - (betree_internal_t u u0 b b0).betree_internal_pivot = u0) ∧ - (∀u u0 b b0. (betree_internal_t u u0 b b0).betree_internal_left = b) ∧ - ∀u u0 b b0. - (betree_internal_t u u0 b b0).betree_internal_right = b0 - - [betree_internal_t_accfupds] Theorem - - ⊢ (∀f b. - (b with betree_internal_pivot updated_by f).betree_internal_id = - b.betree_internal_id) ∧ - (∀f b. - (b with betree_internal_left updated_by f).betree_internal_id = - b.betree_internal_id) ∧ - (∀f b. - (b with betree_internal_right updated_by f).betree_internal_id = - b.betree_internal_id) ∧ - (∀f b. - (b with betree_internal_id updated_by f).betree_internal_pivot = - b.betree_internal_pivot) ∧ - (∀f b. - (b with betree_internal_left updated_by f).betree_internal_pivot = - b.betree_internal_pivot) ∧ - (∀f b. - (b with betree_internal_right updated_by f). - betree_internal_pivot = - b.betree_internal_pivot) ∧ - (∀f b. - (b with betree_internal_id updated_by f).betree_internal_left = - b.betree_internal_left) ∧ - (∀f b. - (b with betree_internal_pivot updated_by f).betree_internal_left = - b.betree_internal_left) ∧ - (∀f b. - (b with betree_internal_right updated_by f).betree_internal_left = - b.betree_internal_left) ∧ - (∀f b. - (b with betree_internal_id updated_by f).betree_internal_right = - b.betree_internal_right) ∧ - (∀f b. - (b with betree_internal_pivot updated_by f). - betree_internal_right = - b.betree_internal_right) ∧ - (∀f b. - (b with betree_internal_left updated_by f).betree_internal_right = - b.betree_internal_right) ∧ - (∀f b. - (b with betree_internal_id updated_by f).betree_internal_id = - f b.betree_internal_id) ∧ - (∀f b. - (b with betree_internal_pivot updated_by f). - betree_internal_pivot = - f b.betree_internal_pivot) ∧ - (∀f b. - (b with betree_internal_left updated_by f).betree_internal_left = - f b.betree_internal_left) ∧ - ∀f b. - (b with betree_internal_right updated_by f).betree_internal_right = - f b.betree_internal_right - - [betree_internal_t_case_cong] Theorem - - ⊢ ∀M M' f. - M = M' ∧ - (∀a0 a1 a2 a3. - M' = betree_internal_t a0 a1 a2 a3 ⇒ - f a0 a1 a2 a3 = f' a0 a1 a2 a3) ⇒ - betree_internal_t_CASE M f = betree_internal_t_CASE M' f' - - [betree_internal_t_case_eq] Theorem - - ⊢ betree_internal_t_CASE x f = v ⇔ - ∃u0 u b b0. x = betree_internal_t u0 u b b0 ∧ f u0 u b b0 = v - - [betree_internal_t_component_equality] Theorem - - ⊢ ∀b1 b2. - b1 = b2 ⇔ - b1.betree_internal_id = b2.betree_internal_id ∧ - b1.betree_internal_pivot = b2.betree_internal_pivot ∧ - b1.betree_internal_left = b2.betree_internal_left ∧ - b1.betree_internal_right = b2.betree_internal_right - - [betree_internal_t_fn_updates] Theorem - - ⊢ (∀f u u0 b b0. - betree_internal_t u u0 b b0 with betree_internal_id updated_by f = - betree_internal_t (f u) u0 b b0) ∧ - (∀f u u0 b b0. - betree_internal_t u u0 b b0 with - betree_internal_pivot updated_by f = - betree_internal_t u (f u0) b b0) ∧ - (∀f u u0 b b0. - betree_internal_t u u0 b b0 with - betree_internal_left updated_by f = - betree_internal_t u u0 (f b) b0) ∧ - ∀f u u0 b b0. - betree_internal_t u u0 b b0 with - betree_internal_right updated_by f = - betree_internal_t u u0 b (f b0) - - [betree_internal_t_fupdcanon] Theorem - - ⊢ (∀g f b. - b with - <|betree_internal_pivot updated_by f; - betree_internal_id updated_by g|> = - b with - <|betree_internal_id updated_by g; - betree_internal_pivot updated_by f|>) ∧ - (∀g f b. - b with - <|betree_internal_left updated_by f; - betree_internal_id updated_by g|> = - b with - <|betree_internal_id updated_by g; - betree_internal_left updated_by f|>) ∧ - (∀g f b. - b with - <|betree_internal_left updated_by f; - betree_internal_pivot updated_by g|> = - b with - <|betree_internal_pivot updated_by g; - betree_internal_left updated_by f|>) ∧ - (∀g f b. - b with - <|betree_internal_right updated_by f; - betree_internal_id updated_by g|> = - b with - <|betree_internal_id updated_by g; - betree_internal_right updated_by f|>) ∧ - (∀g f b. - b with - <|betree_internal_right updated_by f; - betree_internal_pivot updated_by g|> = - b with - <|betree_internal_pivot updated_by g; - betree_internal_right updated_by f|>) ∧ - ∀g f b. - b with - <|betree_internal_right updated_by f; - betree_internal_left updated_by g|> = - b with - <|betree_internal_left updated_by g; - betree_internal_right updated_by f|> - - [betree_internal_t_fupdcanon_comp] Theorem - - ⊢ ((∀g f. - betree_internal_pivot_fupd f ∘ betree_internal_id_fupd g = - betree_internal_id_fupd g ∘ betree_internal_pivot_fupd f) ∧ - ∀h g f. - betree_internal_pivot_fupd f ∘ betree_internal_id_fupd g ∘ h = - betree_internal_id_fupd g ∘ betree_internal_pivot_fupd f ∘ h) ∧ - ((∀g f. - betree_internal_left_fupd f ∘ betree_internal_id_fupd g = - betree_internal_id_fupd g ∘ betree_internal_left_fupd f) ∧ - ∀h g f. - betree_internal_left_fupd f ∘ betree_internal_id_fupd g ∘ h = - betree_internal_id_fupd g ∘ betree_internal_left_fupd f ∘ h) ∧ - ((∀g f. - betree_internal_left_fupd f ∘ betree_internal_pivot_fupd g = - betree_internal_pivot_fupd g ∘ betree_internal_left_fupd f) ∧ - ∀h g f. - betree_internal_left_fupd f ∘ betree_internal_pivot_fupd g ∘ h = - betree_internal_pivot_fupd g ∘ betree_internal_left_fupd f ∘ h) ∧ - ((∀g f. - betree_internal_right_fupd f ∘ betree_internal_id_fupd g = - betree_internal_id_fupd g ∘ betree_internal_right_fupd f) ∧ - ∀h g f. - betree_internal_right_fupd f ∘ betree_internal_id_fupd g ∘ h = - betree_internal_id_fupd g ∘ betree_internal_right_fupd f ∘ h) ∧ - ((∀g f. - betree_internal_right_fupd f ∘ betree_internal_pivot_fupd g = - betree_internal_pivot_fupd g ∘ betree_internal_right_fupd f) ∧ - ∀h g f. - betree_internal_right_fupd f ∘ betree_internal_pivot_fupd g ∘ h = - betree_internal_pivot_fupd g ∘ betree_internal_right_fupd f ∘ h) ∧ - (∀g f. - betree_internal_right_fupd f ∘ betree_internal_left_fupd g = - betree_internal_left_fupd g ∘ betree_internal_right_fupd f) ∧ - ∀h g f. - betree_internal_right_fupd f ∘ betree_internal_left_fupd g ∘ h = - betree_internal_left_fupd g ∘ betree_internal_right_fupd f ∘ h - - [betree_internal_t_fupdfupds] Theorem - - ⊢ (∀g f b. - b with - <|betree_internal_id updated_by f; - betree_internal_id updated_by g|> = - b with betree_internal_id updated_by f ∘ g) ∧ - (∀g f b. - b with - <|betree_internal_pivot updated_by f; - betree_internal_pivot updated_by g|> = - b with betree_internal_pivot updated_by f ∘ g) ∧ - (∀g f b. - b with - <|betree_internal_left updated_by f; - betree_internal_left updated_by g|> = - b with betree_internal_left updated_by f ∘ g) ∧ - ∀g f b. - b with - <|betree_internal_right updated_by f; - betree_internal_right updated_by g|> = - b with betree_internal_right updated_by f ∘ g - - [betree_internal_t_fupdfupds_comp] Theorem - - ⊢ ((∀g f. - betree_internal_id_fupd f ∘ betree_internal_id_fupd g = - betree_internal_id_fupd (f ∘ g)) ∧ - ∀h g f. - betree_internal_id_fupd f ∘ betree_internal_id_fupd g ∘ h = - betree_internal_id_fupd (f ∘ g) ∘ h) ∧ - ((∀g f. - betree_internal_pivot_fupd f ∘ betree_internal_pivot_fupd g = - betree_internal_pivot_fupd (f ∘ g)) ∧ - ∀h g f. - betree_internal_pivot_fupd f ∘ betree_internal_pivot_fupd g ∘ h = - betree_internal_pivot_fupd (f ∘ g) ∘ h) ∧ - ((∀g f. - betree_internal_left_fupd f ∘ betree_internal_left_fupd g = - betree_internal_left_fupd (f ∘ g)) ∧ - ∀h g f. - betree_internal_left_fupd f ∘ betree_internal_left_fupd g ∘ h = - betree_internal_left_fupd (f ∘ g) ∘ h) ∧ - (∀g f. - betree_internal_right_fupd f ∘ betree_internal_right_fupd g = - betree_internal_right_fupd (f ∘ g)) ∧ - ∀h g f. - betree_internal_right_fupd f ∘ betree_internal_right_fupd g ∘ h = - betree_internal_right_fupd (f ∘ g) ∘ h - - [betree_internal_t_induction] Theorem - - ⊢ ∀P0 P1. - (∀b b0. P1 b ∧ P1 b0 ⇒ ∀u u0. P0 (betree_internal_t u0 u b b0)) ∧ - (∀b. P0 b ⇒ P1 (BetreeNodeInternal b)) ∧ - (∀b. P1 (BetreeNodeLeaf b)) ⇒ - (∀b. P0 b) ∧ ∀b. P1 b - - [betree_internal_t_literal_11] Theorem - - ⊢ ∀u01 u1 b11 b01 u02 u2 b12 b02. - <|betree_internal_id := u01; betree_internal_pivot := u1; - betree_internal_left := b11; betree_internal_right := b01|> = - <|betree_internal_id := u02; betree_internal_pivot := u2; - betree_internal_left := b12; betree_internal_right := b02|> ⇔ - u01 = u02 ∧ u1 = u2 ∧ b11 = b12 ∧ b01 = b02 - - [betree_internal_t_literal_nchotomy] Theorem - - ⊢ ∀b. ∃u0 u b1 b0. - b = - <|betree_internal_id := u0; betree_internal_pivot := u; - betree_internal_left := b1; betree_internal_right := b0|> - - [betree_internal_t_nchotomy] Theorem - - ⊢ ∀bb. ∃u0 u b b0. bb = betree_internal_t u0 u b b0 - - [betree_internal_t_updates_eq_literal] Theorem - - ⊢ ∀b u0 u b1 b0. - b with - <|betree_internal_id := u0; betree_internal_pivot := u; - betree_internal_left := b1; betree_internal_right := b0|> = - <|betree_internal_id := u0; betree_internal_pivot := u; - betree_internal_left := b1; betree_internal_right := b0|> - - [betree_leaf_t_11] Theorem - - ⊢ ∀a0 a1 a0' a1'. - betree_leaf_t a0 a1 = betree_leaf_t a0' a1' ⇔ a0 = a0' ∧ a1 = a1' - - [betree_leaf_t_Axiom] Theorem - - ⊢ ∀f. ∃fn. ∀a0 a1. fn (betree_leaf_t a0 a1) = f a0 a1 - - [betree_leaf_t_accessors] Theorem - - ⊢ (∀u u0. (betree_leaf_t u u0).betree_leaf_id = u) ∧ - ∀u u0. (betree_leaf_t u u0).betree_leaf_size = u0 - - [betree_leaf_t_accfupds] Theorem - - ⊢ (∀f b. - (b with betree_leaf_size updated_by f).betree_leaf_id = - b.betree_leaf_id) ∧ - (∀f b. - (b with betree_leaf_id updated_by f).betree_leaf_size = - b.betree_leaf_size) ∧ - (∀f b. - (b with betree_leaf_id updated_by f).betree_leaf_id = - f b.betree_leaf_id) ∧ - ∀f b. - (b with betree_leaf_size updated_by f).betree_leaf_size = - f b.betree_leaf_size - - [betree_leaf_t_case_cong] Theorem - - ⊢ ∀M M' f. - M = M' ∧ (∀a0 a1. M' = betree_leaf_t a0 a1 ⇒ f a0 a1 = f' a0 a1) ⇒ - betree_leaf_t_CASE M f = betree_leaf_t_CASE M' f' - - [betree_leaf_t_case_eq] Theorem - - ⊢ betree_leaf_t_CASE x f = v ⇔ - ∃u u0. x = betree_leaf_t u u0 ∧ f u u0 = v - - [betree_leaf_t_component_equality] Theorem - - ⊢ ∀b1 b2. - b1 = b2 ⇔ - b1.betree_leaf_id = b2.betree_leaf_id ∧ - b1.betree_leaf_size = b2.betree_leaf_size - - [betree_leaf_t_fn_updates] Theorem - - ⊢ (∀f u u0. - betree_leaf_t u u0 with betree_leaf_id updated_by f = - betree_leaf_t (f u) u0) ∧ - ∀f u u0. - betree_leaf_t u u0 with betree_leaf_size updated_by f = - betree_leaf_t u (f u0) - - [betree_leaf_t_fupdcanon] Theorem - - ⊢ ∀g f b. - b with - <|betree_leaf_size updated_by f; betree_leaf_id updated_by g|> = - b with - <|betree_leaf_id updated_by g; betree_leaf_size updated_by f|> - - [betree_leaf_t_fupdcanon_comp] Theorem - - ⊢ (∀g f. - betree_leaf_size_fupd f ∘ betree_leaf_id_fupd g = - betree_leaf_id_fupd g ∘ betree_leaf_size_fupd f) ∧ - ∀h g f. - betree_leaf_size_fupd f ∘ betree_leaf_id_fupd g ∘ h = - betree_leaf_id_fupd g ∘ betree_leaf_size_fupd f ∘ h - - [betree_leaf_t_fupdfupds] Theorem - - ⊢ (∀g f b. - b with - <|betree_leaf_id updated_by f; betree_leaf_id updated_by g|> = - b with betree_leaf_id updated_by f ∘ g) ∧ - ∀g f b. - b with - <|betree_leaf_size updated_by f; betree_leaf_size updated_by g|> = - b with betree_leaf_size updated_by f ∘ g - - [betree_leaf_t_fupdfupds_comp] Theorem - - ⊢ ((∀g f. - betree_leaf_id_fupd f ∘ betree_leaf_id_fupd g = - betree_leaf_id_fupd (f ∘ g)) ∧ - ∀h g f. - betree_leaf_id_fupd f ∘ betree_leaf_id_fupd g ∘ h = - betree_leaf_id_fupd (f ∘ g) ∘ h) ∧ - (∀g f. - betree_leaf_size_fupd f ∘ betree_leaf_size_fupd g = - betree_leaf_size_fupd (f ∘ g)) ∧ - ∀h g f. - betree_leaf_size_fupd f ∘ betree_leaf_size_fupd g ∘ h = - betree_leaf_size_fupd (f ∘ g) ∘ h - - [betree_leaf_t_induction] Theorem - - ⊢ ∀P. (∀u u0. P (betree_leaf_t u u0)) ⇒ ∀b. P b - - [betree_leaf_t_literal_11] Theorem - - ⊢ ∀u01 u1 u02 u2. - <|betree_leaf_id := u01; betree_leaf_size := u1|> = - <|betree_leaf_id := u02; betree_leaf_size := u2|> ⇔ - u01 = u02 ∧ u1 = u2 - - [betree_leaf_t_literal_nchotomy] Theorem - - ⊢ ∀b. ∃u0 u. b = <|betree_leaf_id := u0; betree_leaf_size := u|> - - [betree_leaf_t_nchotomy] Theorem - - ⊢ ∀bb. ∃u u0. bb = betree_leaf_t u u0 - - [betree_leaf_t_updates_eq_literal] Theorem - - ⊢ ∀b u0 u. - b with <|betree_leaf_id := u0; betree_leaf_size := u|> = - <|betree_leaf_id := u0; betree_leaf_size := u|> - - [betree_list_t_11] Theorem - - ⊢ ∀a0 a1 a0' a1'. - BetreeListCons a0 a1 = BetreeListCons a0' a1' ⇔ - a0 = a0' ∧ a1 = a1' - - [betree_list_t_Axiom] Theorem - - ⊢ ∀f0 f1. ∃fn. - (∀a0 a1. fn (BetreeListCons a0 a1) = f0 a0 a1 (fn a1)) ∧ - fn BetreeListNil = f1 - - [betree_list_t_case_cong] Theorem - - ⊢ ∀M M' f v. - M = M' ∧ - (∀a0 a1. M' = BetreeListCons a0 a1 ⇒ f a0 a1 = f' a0 a1) ∧ - (M' = BetreeListNil ⇒ v = v') ⇒ - betree_list_t_CASE M f v = betree_list_t_CASE M' f' v' - - [betree_list_t_case_eq] Theorem - - ⊢ betree_list_t_CASE x f v = v' ⇔ - (∃t b. x = BetreeListCons t b ∧ f t b = v') ∨ - x = BetreeListNil ∧ v = v' - - [betree_list_t_distinct] Theorem - - ⊢ ∀a1 a0. BetreeListCons a0 a1 ≠ BetreeListNil - - [betree_list_t_induction] Theorem - - ⊢ ∀P. (∀b. P b ⇒ ∀t. P (BetreeListCons t b)) ∧ P BetreeListNil ⇒ - ∀b. P b - - [betree_list_t_nchotomy] Theorem - - ⊢ ∀bb. (∃t b. bb = BetreeListCons t b) ∨ bb = BetreeListNil - - [betree_message_t_11] Theorem - - ⊢ (∀a a'. BetreeMessageInsert a = BetreeMessageInsert a' ⇔ a = a') ∧ - ∀a a'. BetreeMessageUpsert a = BetreeMessageUpsert a' ⇔ a = a' - - [betree_message_t_Axiom] Theorem - - ⊢ ∀f0 f1 f2. ∃fn. - (∀a. fn (BetreeMessageInsert a) = f0 a) ∧ - fn BetreeMessageDelete = f1 ∧ - ∀a. fn (BetreeMessageUpsert a) = f2 a - - [betree_message_t_case_cong] Theorem - - ⊢ ∀M M' f v f1. - M = M' ∧ (∀a. M' = BetreeMessageInsert a ⇒ f a = f' a) ∧ - (M' = BetreeMessageDelete ⇒ v = v') ∧ - (∀a. M' = BetreeMessageUpsert a ⇒ f1 a = f1' a) ⇒ - betree_message_t_CASE M f v f1 = - betree_message_t_CASE M' f' v' f1' - - [betree_message_t_case_eq] Theorem - - ⊢ betree_message_t_CASE x f v f1 = v' ⇔ - (∃u. x = BetreeMessageInsert u ∧ f u = v') ∨ - x = BetreeMessageDelete ∧ v = v' ∨ - ∃b. x = BetreeMessageUpsert b ∧ f1 b = v' - - [betree_message_t_distinct] Theorem - - ⊢ (∀a. BetreeMessageInsert a ≠ BetreeMessageDelete) ∧ - (∀a' a. BetreeMessageInsert a ≠ BetreeMessageUpsert a') ∧ - ∀a. BetreeMessageDelete ≠ BetreeMessageUpsert a - - [betree_message_t_induction] Theorem - - ⊢ ∀P. (∀u. P (BetreeMessageInsert u)) ∧ P BetreeMessageDelete ∧ - (∀b. P (BetreeMessageUpsert b)) ⇒ - ∀b. P b - - [betree_message_t_nchotomy] Theorem - - ⊢ ∀bb. - (∃u. bb = BetreeMessageInsert u) ∨ bb = BetreeMessageDelete ∨ - ∃b. bb = BetreeMessageUpsert b - - [betree_node_id_counter_t_11] Theorem - - ⊢ ∀a a'. - betree_node_id_counter_t a = betree_node_id_counter_t a' ⇔ a = a' - - [betree_node_id_counter_t_Axiom] Theorem - - ⊢ ∀f. ∃fn. ∀a. fn (betree_node_id_counter_t a) = f a - - [betree_node_id_counter_t_accessors] Theorem - - ⊢ ∀u. (betree_node_id_counter_t u). - betree_node_id_counter_next_node_id = - u - - [betree_node_id_counter_t_accfupds] Theorem - - ⊢ ∀f b. - (b with betree_node_id_counter_next_node_id updated_by f). - betree_node_id_counter_next_node_id = - f b.betree_node_id_counter_next_node_id - - [betree_node_id_counter_t_case_cong] Theorem - - ⊢ ∀M M' f. - M = M' ∧ (∀a. M' = betree_node_id_counter_t a ⇒ f a = f' a) ⇒ - betree_node_id_counter_t_CASE M f = - betree_node_id_counter_t_CASE M' f' - - [betree_node_id_counter_t_case_eq] Theorem - - ⊢ betree_node_id_counter_t_CASE x f = v ⇔ - ∃u. x = betree_node_id_counter_t u ∧ f u = v - - [betree_node_id_counter_t_component_equality] Theorem - - ⊢ ∀b1 b2. - b1 = b2 ⇔ - b1.betree_node_id_counter_next_node_id = - b2.betree_node_id_counter_next_node_id - - [betree_node_id_counter_t_fn_updates] Theorem - - ⊢ ∀f u. - betree_node_id_counter_t u with - betree_node_id_counter_next_node_id updated_by f = - betree_node_id_counter_t (f u) - - [betree_node_id_counter_t_fupdfupds] Theorem - - ⊢ ∀g f b. - b with - <|betree_node_id_counter_next_node_id updated_by f; - betree_node_id_counter_next_node_id updated_by g|> = - b with betree_node_id_counter_next_node_id updated_by f ∘ g - - [betree_node_id_counter_t_fupdfupds_comp] Theorem - - ⊢ (∀g f. - betree_node_id_counter_next_node_id_fupd f ∘ - betree_node_id_counter_next_node_id_fupd g = - betree_node_id_counter_next_node_id_fupd (f ∘ g)) ∧ - ∀h g f. - betree_node_id_counter_next_node_id_fupd f ∘ - betree_node_id_counter_next_node_id_fupd g ∘ h = - betree_node_id_counter_next_node_id_fupd (f ∘ g) ∘ h - - [betree_node_id_counter_t_induction] Theorem - - ⊢ ∀P. (∀u. P (betree_node_id_counter_t u)) ⇒ ∀b. P b - - [betree_node_id_counter_t_literal_11] Theorem - - ⊢ ∀u1 u2. - <|betree_node_id_counter_next_node_id := u1|> = - <|betree_node_id_counter_next_node_id := u2|> ⇔ u1 = u2 - - [betree_node_id_counter_t_literal_nchotomy] Theorem - - ⊢ ∀b. ∃u. b = <|betree_node_id_counter_next_node_id := u|> - - [betree_node_id_counter_t_nchotomy] Theorem - - ⊢ ∀bb. ∃u. bb = betree_node_id_counter_t u - - [betree_node_id_counter_t_updates_eq_literal] Theorem - - ⊢ ∀b u. - b with betree_node_id_counter_next_node_id := u = - <|betree_node_id_counter_next_node_id := u|> - - [betree_node_t_11] Theorem - - ⊢ (∀a a'. BetreeNodeInternal a = BetreeNodeInternal a' ⇔ a = a') ∧ - ∀a a'. BetreeNodeLeaf a = BetreeNodeLeaf a' ⇔ a = a' - - [betree_node_t_Axiom] Theorem - - ⊢ ∀f0 f1 f2. ∃fn0 fn1. - (∀a0 a1 a2 a3. - fn0 (betree_internal_t a0 a1 a2 a3) = - f0 a0 a1 a2 a3 (fn1 a2) (fn1 a3)) ∧ - (∀a. fn1 (BetreeNodeInternal a) = f1 a (fn0 a)) ∧ - ∀a. fn1 (BetreeNodeLeaf a) = f2 a - - [betree_node_t_case_cong] Theorem - - ⊢ ∀M M' f f1. - M = M' ∧ (∀a. M' = BetreeNodeInternal a ⇒ f a = f' a) ∧ - (∀a. M' = BetreeNodeLeaf a ⇒ f1 a = f1' a) ⇒ - betree_node_t_CASE M f f1 = betree_node_t_CASE M' f' f1' - - [betree_node_t_case_eq] Theorem - - ⊢ betree_node_t_CASE x f f1 = v ⇔ - (∃b. x = BetreeNodeInternal b ∧ f b = v) ∨ - ∃b. x = BetreeNodeLeaf b ∧ f1 b = v - - [betree_node_t_distinct] Theorem - - ⊢ ∀a' a. BetreeNodeInternal a ≠ BetreeNodeLeaf a' - - [betree_node_t_induction] Theorem - - ⊢ ∀P0 P1. - (∀b b0. P1 b ∧ P1 b0 ⇒ ∀u u0. P0 (betree_internal_t u0 u b b0)) ∧ - (∀b. P0 b ⇒ P1 (BetreeNodeInternal b)) ∧ - (∀b. P1 (BetreeNodeLeaf b)) ⇒ - (∀b. P0 b) ∧ ∀b. P1 b - - [betree_node_t_nchotomy] Theorem - - ⊢ ∀bb. (∃b. bb = BetreeNodeInternal b) ∨ ∃b. bb = BetreeNodeLeaf b - - [betree_params_t_11] Theorem - - ⊢ ∀a0 a1 a0' a1'. - betree_params_t a0 a1 = betree_params_t a0' a1' ⇔ - a0 = a0' ∧ a1 = a1' - - [betree_params_t_Axiom] Theorem - - ⊢ ∀f. ∃fn. ∀a0 a1. fn (betree_params_t a0 a1) = f a0 a1 - - [betree_params_t_accessors] Theorem - - ⊢ (∀u u0. (betree_params_t u u0).betree_params_min_flush_size = u) ∧ - ∀u u0. (betree_params_t u u0).betree_params_split_size = u0 - - [betree_params_t_accfupds] Theorem - - ⊢ (∀f b. - (b with betree_params_split_size updated_by f). - betree_params_min_flush_size = - b.betree_params_min_flush_size) ∧ - (∀f b. - (b with betree_params_min_flush_size updated_by f). - betree_params_split_size = - b.betree_params_split_size) ∧ - (∀f b. - (b with betree_params_min_flush_size updated_by f). - betree_params_min_flush_size = - f b.betree_params_min_flush_size) ∧ - ∀f b. - (b with betree_params_split_size updated_by f). - betree_params_split_size = - f b.betree_params_split_size - - [betree_params_t_case_cong] Theorem - - ⊢ ∀M M' f. - M = M' ∧ - (∀a0 a1. M' = betree_params_t a0 a1 ⇒ f a0 a1 = f' a0 a1) ⇒ - betree_params_t_CASE M f = betree_params_t_CASE M' f' - - [betree_params_t_case_eq] Theorem - - ⊢ betree_params_t_CASE x f = v ⇔ - ∃u u0. x = betree_params_t u u0 ∧ f u u0 = v - - [betree_params_t_component_equality] Theorem - - ⊢ ∀b1 b2. - b1 = b2 ⇔ - b1.betree_params_min_flush_size = b2.betree_params_min_flush_size ∧ - b1.betree_params_split_size = b2.betree_params_split_size - - [betree_params_t_fn_updates] Theorem - - ⊢ (∀f u u0. - betree_params_t u u0 with - betree_params_min_flush_size updated_by f = - betree_params_t (f u) u0) ∧ - ∀f u u0. - betree_params_t u u0 with betree_params_split_size updated_by f = - betree_params_t u (f u0) - - [betree_params_t_fupdcanon] Theorem - - ⊢ ∀g f b. - b with - <|betree_params_split_size updated_by f; - betree_params_min_flush_size updated_by g|> = - b with - <|betree_params_min_flush_size updated_by g; - betree_params_split_size updated_by f|> - - [betree_params_t_fupdcanon_comp] Theorem - - ⊢ (∀g f. - betree_params_split_size_fupd f ∘ - betree_params_min_flush_size_fupd g = - betree_params_min_flush_size_fupd g ∘ - betree_params_split_size_fupd f) ∧ - ∀h g f. - betree_params_split_size_fupd f ∘ - betree_params_min_flush_size_fupd g ∘ h = - betree_params_min_flush_size_fupd g ∘ - betree_params_split_size_fupd f ∘ h - - [betree_params_t_fupdfupds] Theorem - - ⊢ (∀g f b. - b with - <|betree_params_min_flush_size updated_by f; - betree_params_min_flush_size updated_by g|> = - b with betree_params_min_flush_size updated_by f ∘ g) ∧ - ∀g f b. - b with - <|betree_params_split_size updated_by f; - betree_params_split_size updated_by g|> = - b with betree_params_split_size updated_by f ∘ g - - [betree_params_t_fupdfupds_comp] Theorem - - ⊢ ((∀g f. - betree_params_min_flush_size_fupd f ∘ - betree_params_min_flush_size_fupd g = - betree_params_min_flush_size_fupd (f ∘ g)) ∧ - ∀h g f. - betree_params_min_flush_size_fupd f ∘ - betree_params_min_flush_size_fupd g ∘ h = - betree_params_min_flush_size_fupd (f ∘ g) ∘ h) ∧ - (∀g f. - betree_params_split_size_fupd f ∘ - betree_params_split_size_fupd g = - betree_params_split_size_fupd (f ∘ g)) ∧ - ∀h g f. - betree_params_split_size_fupd f ∘ - betree_params_split_size_fupd g ∘ h = - betree_params_split_size_fupd (f ∘ g) ∘ h - - [betree_params_t_induction] Theorem - - ⊢ ∀P. (∀u u0. P (betree_params_t u u0)) ⇒ ∀b. P b - - [betree_params_t_literal_11] Theorem - - ⊢ ∀u01 u1 u02 u2. - <|betree_params_min_flush_size := u01; - betree_params_split_size := u1|> = - <|betree_params_min_flush_size := u02; - betree_params_split_size := u2|> ⇔ u01 = u02 ∧ u1 = u2 - - [betree_params_t_literal_nchotomy] Theorem - - ⊢ ∀b. ∃u0 u. - b = - <|betree_params_min_flush_size := u0; - betree_params_split_size := u|> - - [betree_params_t_nchotomy] Theorem - - ⊢ ∀bb. ∃u u0. bb = betree_params_t u u0 - - [betree_params_t_updates_eq_literal] Theorem - - ⊢ ∀b u0 u. - b with - <|betree_params_min_flush_size := u0; - betree_params_split_size := u|> = - <|betree_params_min_flush_size := u0; - betree_params_split_size := u|> - - [betree_upsert_fun_state_t_11] Theorem - - ⊢ (∀a a'. - BetreeUpsertFunStateAdd a = BetreeUpsertFunStateAdd a' ⇔ a = a') ∧ - ∀a a'. - BetreeUpsertFunStateSub a = BetreeUpsertFunStateSub a' ⇔ a = a' - - [betree_upsert_fun_state_t_Axiom] Theorem - - ⊢ ∀f0 f1. ∃fn. - (∀a. fn (BetreeUpsertFunStateAdd a) = f0 a) ∧ - ∀a. fn (BetreeUpsertFunStateSub a) = f1 a - - [betree_upsert_fun_state_t_case_cong] Theorem - - ⊢ ∀M M' f f1. - M = M' ∧ (∀a. M' = BetreeUpsertFunStateAdd a ⇒ f a = f' a) ∧ - (∀a. M' = BetreeUpsertFunStateSub a ⇒ f1 a = f1' a) ⇒ - betree_upsert_fun_state_t_CASE M f f1 = - betree_upsert_fun_state_t_CASE M' f' f1' - - [betree_upsert_fun_state_t_case_eq] Theorem - - ⊢ betree_upsert_fun_state_t_CASE x f f1 = v ⇔ - (∃u. x = BetreeUpsertFunStateAdd u ∧ f u = v) ∨ - ∃u. x = BetreeUpsertFunStateSub u ∧ f1 u = v - - [betree_upsert_fun_state_t_distinct] Theorem - - ⊢ ∀a' a. BetreeUpsertFunStateAdd a ≠ BetreeUpsertFunStateSub a' - - [betree_upsert_fun_state_t_induction] Theorem - - ⊢ ∀P. (∀u. P (BetreeUpsertFunStateAdd u)) ∧ - (∀u. P (BetreeUpsertFunStateSub u)) ⇒ - ∀b. P b - - [betree_upsert_fun_state_t_nchotomy] Theorem - - ⊢ ∀bb. - (∃u. bb = BetreeUpsertFunStateAdd u) ∨ - ∃u. bb = BetreeUpsertFunStateSub u - - [datatype_betree_be_tree_t] Theorem - - ⊢ DATATYPE - (record betree_be_tree_t betree_be_tree_params - betree_be_tree_node_id_cnt betree_be_tree_root) - - [datatype_betree_internal_t] Theorem - - ⊢ DATATYPE - (record betree_internal_t betree_internal_id - betree_internal_pivot betree_internal_left - betree_internal_right ∧ - betree_node_t BetreeNodeInternal BetreeNodeLeaf) - - [datatype_betree_leaf_t] Theorem - - ⊢ DATATYPE (record betree_leaf_t betree_leaf_id betree_leaf_size) - - [datatype_betree_list_t] Theorem - - ⊢ DATATYPE (betree_list_t BetreeListCons BetreeListNil) - - [datatype_betree_message_t] Theorem - - ⊢ DATATYPE - (betree_message_t BetreeMessageInsert BetreeMessageDelete - BetreeMessageUpsert) - - [datatype_betree_node_id_counter_t] Theorem - - ⊢ DATATYPE - (record betree_node_id_counter_t - betree_node_id_counter_next_node_id) - - [datatype_betree_params_t] Theorem - - ⊢ DATATYPE - (record betree_params_t betree_params_min_flush_size - betree_params_split_size) - - [datatype_betree_upsert_fun_state_t] Theorem - - ⊢ DATATYPE - (betree_upsert_fun_state_t BetreeUpsertFunStateAdd - BetreeUpsertFunStateSub) - - -*) -end diff --git a/tests/hol4/betree/betree_FunsScript.sml b/tests/hol4/betree/betree_FunsScript.sml new file mode 100644 index 00000000..49bcb446 --- /dev/null +++ b/tests/hol4/betree/betree_FunsScript.sml @@ -0,0 +1,1212 @@ +(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) +(** [betree]: function definitions *) +open primitivesLib divDefLib +open betree_TypesTheory betree_OpaqueTheory + +val _ = new_theory "betree_Funs" + + +val betree_load_internal_node_fwd_def = Define ‘ + (** [betree::betree::load_internal_node]: forward function *) + betree_load_internal_node_fwd + (id : u64) (st : state) : + (state # (u64 # betree_message_t) betree_list_t) result + = + betree_utils_load_internal_node_fwd id st +’ + +val betree_store_internal_node_fwd_def = Define ‘ + (** [betree::betree::store_internal_node]: forward function *) + betree_store_internal_node_fwd + (id : u64) (content : (u64 # betree_message_t) betree_list_t) (st : state) + : + (state # unit) result + = + do + (st0, _) <- betree_utils_store_internal_node_fwd id content st; + Return (st0, ()) + od +’ + +val betree_load_leaf_node_fwd_def = Define ‘ + (** [betree::betree::load_leaf_node]: forward function *) + betree_load_leaf_node_fwd + (id : u64) (st : state) : (state # (u64 # u64) betree_list_t) result = + betree_utils_load_leaf_node_fwd id st +’ + +val betree_store_leaf_node_fwd_def = Define ‘ + (** [betree::betree::store_leaf_node]: forward function *) + betree_store_leaf_node_fwd + (id : u64) (content : (u64 # u64) betree_list_t) (st : state) : + (state # unit) result + = + do + (st0, _) <- betree_utils_store_leaf_node_fwd id content st; + Return (st0, ()) + od +’ + +val betree_fresh_node_id_fwd_def = Define ‘ + (** [betree::betree::fresh_node_id]: forward function *) + betree_fresh_node_id_fwd (counter : u64) : u64 result = + do + _ <- u64_add counter (int_to_u64 1); + Return counter + od +’ + +val betree_fresh_node_id_back_def = Define ‘ + (** [betree::betree::fresh_node_id]: backward function 0 *) + betree_fresh_node_id_back (counter : u64) : u64 result = + u64_add counter (int_to_u64 1) +’ + +val betree_node_id_counter_new_fwd_def = Define ‘ + (** [betree::betree::NodeIdCounter::{0}::new]: forward function *) + betree_node_id_counter_new_fwd : betree_node_id_counter_t result = + Return (<| betree_node_id_counter_next_node_id := (int_to_u64 0) |>) +’ + +val betree_node_id_counter_fresh_id_fwd_def = Define ‘ + (** [betree::betree::NodeIdCounter::{0}::fresh_id]: forward function *) + betree_node_id_counter_fresh_id_fwd + (self : betree_node_id_counter_t) : u64 result = + do + _ <- u64_add self.betree_node_id_counter_next_node_id (int_to_u64 1); + Return self.betree_node_id_counter_next_node_id + od +’ + +val betree_node_id_counter_fresh_id_back_def = Define ‘ + (** [betree::betree::NodeIdCounter::{0}::fresh_id]: backward function 0 *) + betree_node_id_counter_fresh_id_back + (self : betree_node_id_counter_t) : betree_node_id_counter_t result = + do + i <- u64_add self.betree_node_id_counter_next_node_id (int_to_u64 1); + Return (<| betree_node_id_counter_next_node_id := i |>) + od +’ + +val betree_upsert_update_fwd_def = Define ‘ + (** [betree::betree::upsert_update]: forward function *) + betree_upsert_update_fwd + (prev : u64 option) (st : betree_upsert_fun_state_t) : u64 result = + (case prev of + | NONE => + (case st of + | BetreeUpsertFunStateAdd v => Return v + | BetreeUpsertFunStateSub i => Return (int_to_u64 0)) + | SOME prev0 => + (case st of + | BetreeUpsertFunStateAdd v => + do + margin <- u64_sub core_u64_max prev0; + if u64_ge margin v then u64_add prev0 v else Return core_u64_max + od + | BetreeUpsertFunStateSub v => + if u64_ge prev0 v then u64_sub prev0 v else Return (int_to_u64 0))) +’ + +val [betree_list_len_fwd_def] = DefineDiv ‘ + (** [betree::betree::List::{1}::len]: forward function *) + betree_list_len_fwd (self : 't betree_list_t) : u64 result = + (case self of + | BetreeListCons t tl => + do + i <- betree_list_len_fwd tl; + u64_add (int_to_u64 1) i + od + | BetreeListNil => Return (int_to_u64 0)) +’ + +val [betree_list_split_at_fwd_def] = DefineDiv ‘ + (** [betree::betree::List::{1}::split_at]: forward function *) + betree_list_split_at_fwd + (self : 't betree_list_t) (n : u64) : + ('t betree_list_t # 't betree_list_t) result + = + if n = int_to_u64 0 + then Return (BetreeListNil, self) + else + (case self of + | BetreeListCons hd tl => + do + i <- u64_sub n (int_to_u64 1); + p <- betree_list_split_at_fwd tl i; + let (ls0, ls1) = p in let l = ls0 in Return (BetreeListCons hd l, ls1) + od + | BetreeListNil => Fail Failure) +’ + +val betree_list_push_front_fwd_back_def = Define ‘ + (** [betree::betree::List::{1}::push_front]: merged forward/backward function + (there is a single backward function, and the forward function returns ()) *) + betree_list_push_front_fwd_back + (self : 't betree_list_t) (x : 't) : 't betree_list_t result = + let tl = mem_replace_fwd self BetreeListNil in + let l = tl in + Return (BetreeListCons x l) +’ + +val betree_list_pop_front_fwd_def = Define ‘ + (** [betree::betree::List::{1}::pop_front]: forward function *) + betree_list_pop_front_fwd (self : 't betree_list_t) : 't result = + let ls = mem_replace_fwd self BetreeListNil in + (case ls of + | BetreeListCons x tl => Return x + | BetreeListNil => Fail Failure) +’ + +val betree_list_pop_front_back_def = Define ‘ + (** [betree::betree::List::{1}::pop_front]: backward function 0 *) + betree_list_pop_front_back + (self : 't betree_list_t) : 't betree_list_t result = + let ls = mem_replace_fwd self BetreeListNil in + (case ls of + | BetreeListCons x tl => Return tl + | BetreeListNil => Fail Failure) +’ + +val betree_list_hd_fwd_def = Define ‘ + (** [betree::betree::List::{1}::hd]: forward function *) + betree_list_hd_fwd (self : 't betree_list_t) : 't result = + (case self of + | BetreeListCons hd l => Return hd + | BetreeListNil => Fail Failure) +’ + +val betree_list_head_has_key_fwd_def = Define ‘ + (** [betree::betree::List::{2}::head_has_key]: forward function *) + betree_list_head_has_key_fwd + (self : (u64 # 't) betree_list_t) (key : u64) : bool result = + (case self of + | BetreeListCons hd l => let (i, _) = hd in Return (i = key) + | BetreeListNil => Return F) +’ + +val [betree_list_partition_at_pivot_fwd_def] = DefineDiv ‘ + (** [betree::betree::List::{2}::partition_at_pivot]: forward function *) + betree_list_partition_at_pivot_fwd + (self : (u64 # 't) betree_list_t) (pivot : u64) : + ((u64 # 't) betree_list_t # (u64 # 't) betree_list_t) result + = + (case self of + | BetreeListCons hd tl => + let (i, t) = hd in + if u64_ge i pivot + then Return (BetreeListNil, BetreeListCons (i, t) tl) + else ( + do + p <- betree_list_partition_at_pivot_fwd tl pivot; + let (ls0, ls1) = p in + let l = ls0 in + Return (BetreeListCons (i, t) l, ls1) + od) + | BetreeListNil => Return (BetreeListNil, BetreeListNil)) +’ + +val betree_leaf_split_fwd_def = Define ‘ + (** [betree::betree::Leaf::{3}::split]: forward function *) + betree_leaf_split_fwd + (self : betree_leaf_t) (content : (u64 # u64) betree_list_t) + (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t) + (st : state) : + (state # betree_internal_t) result + = + do + p <- betree_list_split_at_fwd content params.betree_params_split_size; + let (content0, content1) = p in + do + p0 <- betree_list_hd_fwd content1; + let (pivot, _) = p0 in + do + id0 <- betree_node_id_counter_fresh_id_fwd node_id_cnt; + node_id_cnt0 <- betree_node_id_counter_fresh_id_back node_id_cnt; + id1 <- betree_node_id_counter_fresh_id_fwd node_id_cnt0; + (st0, _) <- betree_store_leaf_node_fwd id0 content0 st; + (st1, _) <- betree_store_leaf_node_fwd id1 content1 st0; + let n = BetreeNodeLeaf + (<| + betree_leaf_id := id0; + betree_leaf_size := params.betree_params_split_size + |>) in + let n0 = BetreeNodeLeaf + (<| + betree_leaf_id := id1; + betree_leaf_size := params.betree_params_split_size + |>) in + Return (st1, + <| + betree_internal_id := self.betree_leaf_id; + betree_internal_pivot := pivot; + betree_internal_left := n; + betree_internal_right := n0 + |>) + od + od + od +’ + +val betree_leaf_split_back_def = Define ‘ + (** [betree::betree::Leaf::{3}::split]: backward function 2 *) + betree_leaf_split_back + (self : betree_leaf_t) (content : (u64 # u64) betree_list_t) + (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t) + (st : state) : + betree_node_id_counter_t result + = + do + p <- betree_list_split_at_fwd content params.betree_params_split_size; + let (content0, content1) = p in + do + _ <- betree_list_hd_fwd content1; + id0 <- betree_node_id_counter_fresh_id_fwd node_id_cnt; + node_id_cnt0 <- betree_node_id_counter_fresh_id_back node_id_cnt; + id1 <- betree_node_id_counter_fresh_id_fwd node_id_cnt0; + (st0, _) <- betree_store_leaf_node_fwd id0 content0 st; + _ <- betree_store_leaf_node_fwd id1 content1 st0; + betree_node_id_counter_fresh_id_back node_id_cnt0 + od + od +’ + +val [betree_node_lookup_first_message_for_key_fwd_def] = DefineDiv ‘ + (** [betree::betree::Node::{5}::lookup_first_message_for_key]: forward function *) + betree_node_lookup_first_message_for_key_fwd + (key : u64) (msgs : (u64 # betree_message_t) betree_list_t) : + (u64 # betree_message_t) betree_list_t result + = + (case msgs of + | BetreeListCons x next_msgs => + let (i, m) = x in + if u64_ge i key + then Return (BetreeListCons (i, m) next_msgs) + else betree_node_lookup_first_message_for_key_fwd key next_msgs + | BetreeListNil => Return BetreeListNil) +’ + +val [betree_node_lookup_first_message_for_key_back_def] = DefineDiv ‘ + (** [betree::betree::Node::{5}::lookup_first_message_for_key]: backward function 0 *) + betree_node_lookup_first_message_for_key_back + (key : u64) (msgs : (u64 # betree_message_t) betree_list_t) + (ret : (u64 # betree_message_t) betree_list_t) : + (u64 # betree_message_t) betree_list_t result + = + (case msgs of + | BetreeListCons x next_msgs => + let (i, m) = x in + if u64_ge i key + then Return ret + else ( + do + next_msgs0 <- + betree_node_lookup_first_message_for_key_back key next_msgs ret; + Return (BetreeListCons (i, m) next_msgs0) + od) + | BetreeListNil => Return ret) +’ + +val [betree_node_apply_upserts_fwd_def] = DefineDiv ‘ + (** [betree::betree::Node::{5}::apply_upserts]: forward function *) + betree_node_apply_upserts_fwd + (msgs : (u64 # betree_message_t) betree_list_t) (prev : u64 option) + (key : u64) (st : state) : + (state # u64) result + = + do + b <- betree_list_head_has_key_fwd msgs key; + if b + then ( + do + msg <- betree_list_pop_front_fwd msgs; + let (_, m) = msg in + (case m of + | BetreeMessageInsert i => Fail Failure + | BetreeMessageDelete => Fail Failure + | BetreeMessageUpsert s => + do + v <- betree_upsert_update_fwd prev s; + msgs0 <- betree_list_pop_front_back msgs; + betree_node_apply_upserts_fwd msgs0 (SOME v) key st + od) + od) + else ( + do + (st0, v) <- core_option_option_unwrap_fwd prev st; + _ <- betree_list_push_front_fwd_back msgs (key, BetreeMessageInsert v); + Return (st0, v) + od) + od +’ + +val [betree_node_apply_upserts_back_def] = DefineDiv ‘ + (** [betree::betree::Node::{5}::apply_upserts]: backward function 0 *) + betree_node_apply_upserts_back + (msgs : (u64 # betree_message_t) betree_list_t) (prev : u64 option) + (key : u64) (st : state) : + (u64 # betree_message_t) betree_list_t result + = + do + b <- betree_list_head_has_key_fwd msgs key; + if b + then ( + do + msg <- betree_list_pop_front_fwd msgs; + let (_, m) = msg in + (case m of + | BetreeMessageInsert i => Fail Failure + | BetreeMessageDelete => Fail Failure + | BetreeMessageUpsert s => + do + v <- betree_upsert_update_fwd prev s; + msgs0 <- betree_list_pop_front_back msgs; + betree_node_apply_upserts_back msgs0 (SOME v) key st + od) + od) + else ( + do + (_, v) <- core_option_option_unwrap_fwd prev st; + betree_list_push_front_fwd_back msgs (key, BetreeMessageInsert v) + od) + od +’ + +val [betree_node_lookup_in_bindings_fwd_def] = DefineDiv ‘ + (** [betree::betree::Node::{5}::lookup_in_bindings]: forward function *) + betree_node_lookup_in_bindings_fwd + (key : u64) (bindings : (u64 # u64) betree_list_t) : u64 option result = + (case bindings of + | BetreeListCons hd tl => + let (i, i0) = hd in + if i = key + then Return (SOME i0) + else + if u64_gt i key + then Return NONE + else betree_node_lookup_in_bindings_fwd key tl + | BetreeListNil => Return NONE) +’ + +val [betree_internal_lookup_in_children_fwd_def, betree_internal_lookup_in_children_back_def, betree_node_lookup_fwd_def, betree_node_lookup_back_def] = DefineDiv ‘ + (** [betree::betree::Internal::{4}::lookup_in_children]: forward function *) + (betree_internal_lookup_in_children_fwd + (self : betree_internal_t) (key : u64) (st : state) : + (state # u64 option) result + = + if u64_lt key self.betree_internal_pivot + then betree_node_lookup_fwd self.betree_internal_left key st + else betree_node_lookup_fwd self.betree_internal_right key st) + /\ + + (** [betree::betree::Internal::{4}::lookup_in_children]: backward function 0 *) + (betree_internal_lookup_in_children_back + (self : betree_internal_t) (key : u64) (st : state) : + betree_internal_t result + = + if u64_lt key self.betree_internal_pivot + then ( + do + n <- betree_node_lookup_back self.betree_internal_left key st; + Return (self with <| betree_internal_left := n |>) + od) + else ( + do + n <- betree_node_lookup_back self.betree_internal_right key st; + Return (self with <| betree_internal_right := n |>) + od)) + /\ + + (** [betree::betree::Node::{5}::lookup]: forward function *) + (betree_node_lookup_fwd + (self : betree_node_t) (key : u64) (st : state) : + (state # u64 option) result + = + (case self of + | BetreeNodeInternal node => + do + (st0, msgs) <- betree_load_internal_node_fwd node.betree_internal_id st; + pending <- betree_node_lookup_first_message_for_key_fwd key msgs; + (case pending of + | BetreeListCons p l => + let (k, msg) = p in + if k <> key + then ( + do + (st1, opt) <- betree_internal_lookup_in_children_fwd node key st0; + _ <- + betree_node_lookup_first_message_for_key_back key msgs + (BetreeListCons (k, msg) l); + Return (st1, opt) + od) + else + (case msg of + | BetreeMessageInsert v => + do + _ <- + betree_node_lookup_first_message_for_key_back key msgs + (BetreeListCons (k, BetreeMessageInsert v) l); + Return (st0, SOME v) + od + | BetreeMessageDelete => + do + _ <- + betree_node_lookup_first_message_for_key_back key msgs + (BetreeListCons (k, BetreeMessageDelete) l); + Return (st0, NONE) + od + | BetreeMessageUpsert ufs => + do + (st1, v) <- betree_internal_lookup_in_children_fwd node key st0; + (st2, v0) <- + betree_node_apply_upserts_fwd (BetreeListCons (k, + BetreeMessageUpsert ufs) l) v key st1; + node0 <- betree_internal_lookup_in_children_back node key st0; + pending0 <- + betree_node_apply_upserts_back (BetreeListCons (k, + BetreeMessageUpsert ufs) l) v key st1; + msgs0 <- + betree_node_lookup_first_message_for_key_back key msgs pending0; + (st3, _) <- + betree_store_internal_node_fwd node0.betree_internal_id msgs0 st2; + Return (st3, SOME v0) + od) + | BetreeListNil => + do + (st1, opt) <- betree_internal_lookup_in_children_fwd node key st0; + _ <- + betree_node_lookup_first_message_for_key_back key msgs BetreeListNil; + Return (st1, opt) + od) + od + | BetreeNodeLeaf node => + do + (st0, bindings) <- betree_load_leaf_node_fwd node.betree_leaf_id st; + opt <- betree_node_lookup_in_bindings_fwd key bindings; + Return (st0, opt) + od)) + /\ + + (** [betree::betree::Node::{5}::lookup]: backward function 0 *) + betree_node_lookup_back + (self : betree_node_t) (key : u64) (st : state) : betree_node_t result = + (case self of + | BetreeNodeInternal node => + do + (st0, msgs) <- betree_load_internal_node_fwd node.betree_internal_id st; + pending <- betree_node_lookup_first_message_for_key_fwd key msgs; + (case pending of + | BetreeListCons p l => + let (k, msg) = p in + if k <> key + then ( + do + _ <- + betree_node_lookup_first_message_for_key_back key msgs + (BetreeListCons (k, msg) l); + node0 <- betree_internal_lookup_in_children_back node key st0; + Return (BetreeNodeInternal node0) + od) + else + (case msg of + | BetreeMessageInsert v => + do + _ <- + betree_node_lookup_first_message_for_key_back key msgs + (BetreeListCons (k, BetreeMessageInsert v) l); + Return (BetreeNodeInternal node) + od + | BetreeMessageDelete => + do + _ <- + betree_node_lookup_first_message_for_key_back key msgs + (BetreeListCons (k, BetreeMessageDelete) l); + Return (BetreeNodeInternal node) + od + | BetreeMessageUpsert ufs => + do + (st1, v) <- betree_internal_lookup_in_children_fwd node key st0; + (st2, _) <- + betree_node_apply_upserts_fwd (BetreeListCons (k, + BetreeMessageUpsert ufs) l) v key st1; + node0 <- betree_internal_lookup_in_children_back node key st0; + pending0 <- + betree_node_apply_upserts_back (BetreeListCons (k, + BetreeMessageUpsert ufs) l) v key st1; + msgs0 <- + betree_node_lookup_first_message_for_key_back key msgs pending0; + _ <- + betree_store_internal_node_fwd node0.betree_internal_id msgs0 st2; + Return (BetreeNodeInternal node0) + od) + | BetreeListNil => + do + _ <- + betree_node_lookup_first_message_for_key_back key msgs BetreeListNil; + node0 <- betree_internal_lookup_in_children_back node key st0; + Return (BetreeNodeInternal node0) + od) + od + | BetreeNodeLeaf node => + do + (_, bindings) <- betree_load_leaf_node_fwd node.betree_leaf_id st; + _ <- betree_node_lookup_in_bindings_fwd key bindings; + Return (BetreeNodeLeaf node) + od) +’ + +val [betree_node_filter_messages_for_key_fwd_back_def] = DefineDiv ‘ + (** [betree::betree::Node::{5}::filter_messages_for_key]: merged forward/backward function + (there is a single backward function, and the forward function returns ()) *) + betree_node_filter_messages_for_key_fwd_back + (key : u64) (msgs : (u64 # betree_message_t) betree_list_t) : + (u64 # betree_message_t) betree_list_t result + = + (case msgs of + | BetreeListCons p l => + let (k, m) = p in + if k = key + then ( + do + msgs0 <- betree_list_pop_front_back (BetreeListCons (k, m) l); + betree_node_filter_messages_for_key_fwd_back key msgs0 + od) + else Return (BetreeListCons (k, m) l) + | BetreeListNil => Return BetreeListNil) +’ + +val [betree_node_lookup_first_message_after_key_fwd_def] = DefineDiv ‘ + (** [betree::betree::Node::{5}::lookup_first_message_after_key]: forward function *) + betree_node_lookup_first_message_after_key_fwd + (key : u64) (msgs : (u64 # betree_message_t) betree_list_t) : + (u64 # betree_message_t) betree_list_t result + = + (case msgs of + | BetreeListCons p next_msgs => + let (k, m) = p in + if k = key + then betree_node_lookup_first_message_after_key_fwd key next_msgs + else Return (BetreeListCons (k, m) next_msgs) + | BetreeListNil => Return BetreeListNil) +’ + +val [betree_node_lookup_first_message_after_key_back_def] = DefineDiv ‘ + (** [betree::betree::Node::{5}::lookup_first_message_after_key]: backward function 0 *) + betree_node_lookup_first_message_after_key_back + (key : u64) (msgs : (u64 # betree_message_t) betree_list_t) + (ret : (u64 # betree_message_t) betree_list_t) : + (u64 # betree_message_t) betree_list_t result + = + (case msgs of + | BetreeListCons p next_msgs => + let (k, m) = p in + if k = key + then ( + do + next_msgs0 <- + betree_node_lookup_first_message_after_key_back key next_msgs ret; + Return (BetreeListCons (k, m) next_msgs0) + od) + else Return ret + | BetreeListNil => Return ret) +’ + +val betree_node_apply_to_internal_fwd_back_def = Define ‘ + (** [betree::betree::Node::{5}::apply_to_internal]: merged forward/backward function + (there is a single backward function, and the forward function returns ()) *) + betree_node_apply_to_internal_fwd_back + (msgs : (u64 # betree_message_t) betree_list_t) (key : u64) + (new_msg : betree_message_t) : + (u64 # betree_message_t) betree_list_t result + = + do + msgs0 <- betree_node_lookup_first_message_for_key_fwd key msgs; + b <- betree_list_head_has_key_fwd msgs0 key; + if b + then + (case new_msg of + | BetreeMessageInsert i => + do + msgs1 <- betree_node_filter_messages_for_key_fwd_back key msgs0; + msgs2 <- + betree_list_push_front_fwd_back msgs1 (key, BetreeMessageInsert i); + betree_node_lookup_first_message_for_key_back key msgs msgs2 + od + | BetreeMessageDelete => + do + msgs1 <- betree_node_filter_messages_for_key_fwd_back key msgs0; + msgs2 <- + betree_list_push_front_fwd_back msgs1 (key, BetreeMessageDelete); + betree_node_lookup_first_message_for_key_back key msgs msgs2 + od + | BetreeMessageUpsert s => + do + p <- betree_list_hd_fwd msgs0; + let (_, m) = p in + (case m of + | BetreeMessageInsert prev => + do + v <- betree_upsert_update_fwd (SOME prev) s; + msgs1 <- betree_list_pop_front_back msgs0; + msgs2 <- + betree_list_push_front_fwd_back msgs1 (key, BetreeMessageInsert v); + betree_node_lookup_first_message_for_key_back key msgs msgs2 + od + | BetreeMessageDelete => + do + v <- betree_upsert_update_fwd NONE s; + msgs1 <- betree_list_pop_front_back msgs0; + msgs2 <- + betree_list_push_front_fwd_back msgs1 (key, BetreeMessageInsert v); + betree_node_lookup_first_message_for_key_back key msgs msgs2 + od + | BetreeMessageUpsert ufs => + do + msgs1 <- betree_node_lookup_first_message_after_key_fwd key msgs0; + msgs2 <- + betree_list_push_front_fwd_back msgs1 (key, BetreeMessageUpsert s); + msgs3 <- + betree_node_lookup_first_message_after_key_back key msgs0 msgs2; + betree_node_lookup_first_message_for_key_back key msgs msgs3 + od) + od) + else ( + do + msgs1 <- betree_list_push_front_fwd_back msgs0 (key, new_msg); + betree_node_lookup_first_message_for_key_back key msgs msgs1 + od) + od +’ + +val [betree_node_apply_messages_to_internal_fwd_back_def] = DefineDiv ‘ + (** [betree::betree::Node::{5}::apply_messages_to_internal]: merged forward/backward function + (there is a single backward function, and the forward function returns ()) *) + betree_node_apply_messages_to_internal_fwd_back + (msgs : (u64 # betree_message_t) betree_list_t) + (new_msgs : (u64 # betree_message_t) betree_list_t) : + (u64 # betree_message_t) betree_list_t result + = + (case new_msgs of + | BetreeListCons new_msg new_msgs_tl => + let (i, m) = new_msg in + do + msgs0 <- betree_node_apply_to_internal_fwd_back msgs i m; + betree_node_apply_messages_to_internal_fwd_back msgs0 new_msgs_tl + od + | BetreeListNil => Return msgs) +’ + +val [betree_node_lookup_mut_in_bindings_fwd_def] = DefineDiv ‘ + (** [betree::betree::Node::{5}::lookup_mut_in_bindings]: forward function *) + betree_node_lookup_mut_in_bindings_fwd + (key : u64) (bindings : (u64 # u64) betree_list_t) : + (u64 # u64) betree_list_t result + = + (case bindings of + | BetreeListCons hd tl => + let (i, i0) = hd in + if u64_ge i key + then Return (BetreeListCons (i, i0) tl) + else betree_node_lookup_mut_in_bindings_fwd key tl + | BetreeListNil => Return BetreeListNil) +’ + +val [betree_node_lookup_mut_in_bindings_back_def] = DefineDiv ‘ + (** [betree::betree::Node::{5}::lookup_mut_in_bindings]: backward function 0 *) + betree_node_lookup_mut_in_bindings_back + (key : u64) (bindings : (u64 # u64) betree_list_t) + (ret : (u64 # u64) betree_list_t) : + (u64 # u64) betree_list_t result + = + (case bindings of + | BetreeListCons hd tl => + let (i, i0) = hd in + if u64_ge i key + then Return ret + else ( + do + tl0 <- betree_node_lookup_mut_in_bindings_back key tl ret; + Return (BetreeListCons (i, i0) tl0) + od) + | BetreeListNil => Return ret) +’ + +val betree_node_apply_to_leaf_fwd_back_def = Define ‘ + (** [betree::betree::Node::{5}::apply_to_leaf]: merged forward/backward function + (there is a single backward function, and the forward function returns ()) *) + betree_node_apply_to_leaf_fwd_back + (bindings : (u64 # u64) betree_list_t) (key : u64) + (new_msg : betree_message_t) : + (u64 # u64) betree_list_t result + = + do + bindings0 <- betree_node_lookup_mut_in_bindings_fwd key bindings; + b <- betree_list_head_has_key_fwd bindings0 key; + if b + then ( + do + hd <- betree_list_pop_front_fwd bindings0; + (case new_msg of + | BetreeMessageInsert v => + do + bindings1 <- betree_list_pop_front_back bindings0; + bindings2 <- betree_list_push_front_fwd_back bindings1 (key, v); + betree_node_lookup_mut_in_bindings_back key bindings bindings2 + od + | BetreeMessageDelete => + do + bindings1 <- betree_list_pop_front_back bindings0; + betree_node_lookup_mut_in_bindings_back key bindings bindings1 + od + | BetreeMessageUpsert s => + let (_, i) = hd in + do + v <- betree_upsert_update_fwd (SOME i) s; + bindings1 <- betree_list_pop_front_back bindings0; + bindings2 <- betree_list_push_front_fwd_back bindings1 (key, v); + betree_node_lookup_mut_in_bindings_back key bindings bindings2 + od) + od) + else + (case new_msg of + | BetreeMessageInsert v => + do + bindings1 <- betree_list_push_front_fwd_back bindings0 (key, v); + betree_node_lookup_mut_in_bindings_back key bindings bindings1 + od + | BetreeMessageDelete => + betree_node_lookup_mut_in_bindings_back key bindings bindings0 + | BetreeMessageUpsert s => + do + v <- betree_upsert_update_fwd NONE s; + bindings1 <- betree_list_push_front_fwd_back bindings0 (key, v); + betree_node_lookup_mut_in_bindings_back key bindings bindings1 + od) + od +’ + +val [betree_node_apply_messages_to_leaf_fwd_back_def] = DefineDiv ‘ + (** [betree::betree::Node::{5}::apply_messages_to_leaf]: merged forward/backward function + (there is a single backward function, and the forward function returns ()) *) + betree_node_apply_messages_to_leaf_fwd_back + (bindings : (u64 # u64) betree_list_t) + (new_msgs : (u64 # betree_message_t) betree_list_t) : + (u64 # u64) betree_list_t result + = + (case new_msgs of + | BetreeListCons new_msg new_msgs_tl => + let (i, m) = new_msg in + do + bindings0 <- betree_node_apply_to_leaf_fwd_back bindings i m; + betree_node_apply_messages_to_leaf_fwd_back bindings0 new_msgs_tl + od + | BetreeListNil => Return bindings) +’ + +val [betree_internal_flush_fwd_def, betree_internal_flush_back_def, betree_node_apply_messages_fwd_def, betree_node_apply_messages_back_def] = DefineDiv ‘ + (** [betree::betree::Internal::{4}::flush]: forward function *) + (betree_internal_flush_fwd + (self : betree_internal_t) (params : betree_params_t) + (node_id_cnt : betree_node_id_counter_t) + (content : (u64 # betree_message_t) betree_list_t) (st : state) : + (state # (u64 # betree_message_t) betree_list_t) result + = + do + p <- betree_list_partition_at_pivot_fwd content self.betree_internal_pivot; + let (msgs_left, msgs_right) = p in + do + len_left <- betree_list_len_fwd msgs_left; + if u64_ge len_left params.betree_params_min_flush_size + then ( + do + (st0, _) <- + betree_node_apply_messages_fwd self.betree_internal_left params + node_id_cnt msgs_left st; + (_, node_id_cnt0) <- + betree_node_apply_messages_back self.betree_internal_left params + node_id_cnt msgs_left st; + len_right <- betree_list_len_fwd msgs_right; + if u64_ge len_right params.betree_params_min_flush_size + then ( + do + (st1, _) <- + betree_node_apply_messages_fwd self.betree_internal_right params + node_id_cnt0 msgs_right st0; + _ <- + betree_node_apply_messages_back self.betree_internal_right params + node_id_cnt0 msgs_right st0; + Return (st1, BetreeListNil) + od) + else Return (st0, msgs_right) + od) + else ( + do + (st0, _) <- + betree_node_apply_messages_fwd self.betree_internal_right params + node_id_cnt msgs_right st; + _ <- + betree_node_apply_messages_back self.betree_internal_right params + node_id_cnt msgs_right st; + Return (st0, msgs_left) + od) + od + od) + /\ + + (** [betree::betree::Internal::{4}::flush]: backward function 0 *) + (betree_internal_flush_back + (self : betree_internal_t) (params : betree_params_t) + (node_id_cnt : betree_node_id_counter_t) + (content : (u64 # betree_message_t) betree_list_t) (st : state) : + (betree_internal_t # betree_node_id_counter_t) result + = + do + p <- betree_list_partition_at_pivot_fwd content self.betree_internal_pivot; + let (msgs_left, msgs_right) = p in + do + len_left <- betree_list_len_fwd msgs_left; + if u64_ge len_left params.betree_params_min_flush_size + then ( + do + (st0, _) <- + betree_node_apply_messages_fwd self.betree_internal_left params + node_id_cnt msgs_left st; + (n, node_id_cnt0) <- + betree_node_apply_messages_back self.betree_internal_left params + node_id_cnt msgs_left st; + len_right <- betree_list_len_fwd msgs_right; + if u64_ge len_right params.betree_params_min_flush_size + then ( + do + (n0, node_id_cnt1) <- + betree_node_apply_messages_back self.betree_internal_right params + node_id_cnt0 msgs_right st0; + Return + (self + with + <| + betree_internal_left := n; betree_internal_right := n0 + |>, node_id_cnt1) + od) + else Return (self with <| betree_internal_left := n |>, node_id_cnt0) + od) + else ( + do + (n, node_id_cnt0) <- + betree_node_apply_messages_back self.betree_internal_right params + node_id_cnt msgs_right st; + Return (self with <| betree_internal_right := n |>, node_id_cnt0) + od) + od + od) + /\ + + (** [betree::betree::Node::{5}::apply_messages]: forward function *) + (betree_node_apply_messages_fwd + (self : betree_node_t) (params : betree_params_t) + (node_id_cnt : betree_node_id_counter_t) + (msgs : (u64 # betree_message_t) betree_list_t) (st : state) : + (state # unit) result + = + (case self of + | BetreeNodeInternal node => + do + (st0, content) <- + betree_load_internal_node_fwd node.betree_internal_id st; + content0 <- betree_node_apply_messages_to_internal_fwd_back content msgs; + num_msgs <- betree_list_len_fwd content0; + if u64_ge num_msgs params.betree_params_min_flush_size + then ( + do + (st1, content1) <- + betree_internal_flush_fwd node params node_id_cnt content0 st0; + (node0, _) <- + betree_internal_flush_back node params node_id_cnt content0 st0; + (st2, _) <- + betree_store_internal_node_fwd node0.betree_internal_id content1 st1; + Return (st2, ()) + od) + else ( + do + (st1, _) <- + betree_store_internal_node_fwd node.betree_internal_id content0 st0; + Return (st1, ()) + od) + od + | BetreeNodeLeaf node => + do + (st0, content) <- betree_load_leaf_node_fwd node.betree_leaf_id st; + content0 <- betree_node_apply_messages_to_leaf_fwd_back content msgs; + len <- betree_list_len_fwd content0; + i <- u64_mul (int_to_u64 2) params.betree_params_split_size; + if u64_ge len i + then ( + do + (st1, _) <- betree_leaf_split_fwd node content0 params node_id_cnt st0; + (st2, _) <- + betree_store_leaf_node_fwd node.betree_leaf_id BetreeListNil st1; + Return (st2, ()) + od) + else ( + do + (st1, _) <- + betree_store_leaf_node_fwd node.betree_leaf_id content0 st0; + Return (st1, ()) + od) + od)) + /\ + + (** [betree::betree::Node::{5}::apply_messages]: backward function 0 *) + betree_node_apply_messages_back + (self : betree_node_t) (params : betree_params_t) + (node_id_cnt : betree_node_id_counter_t) + (msgs : (u64 # betree_message_t) betree_list_t) (st : state) : + (betree_node_t # betree_node_id_counter_t) result + = + (case self of + | BetreeNodeInternal node => + do + (st0, content) <- + betree_load_internal_node_fwd node.betree_internal_id st; + content0 <- betree_node_apply_messages_to_internal_fwd_back content msgs; + num_msgs <- betree_list_len_fwd content0; + if u64_ge num_msgs params.betree_params_min_flush_size + then ( + do + (st1, content1) <- + betree_internal_flush_fwd node params node_id_cnt content0 st0; + (node0, node_id_cnt0) <- + betree_internal_flush_back node params node_id_cnt content0 st0; + _ <- + betree_store_internal_node_fwd node0.betree_internal_id content1 st1; + Return (BetreeNodeInternal node0, node_id_cnt0) + od) + else ( + do + _ <- + betree_store_internal_node_fwd node.betree_internal_id content0 st0; + Return (BetreeNodeInternal node, node_id_cnt) + od) + od + | BetreeNodeLeaf node => + do + (st0, content) <- betree_load_leaf_node_fwd node.betree_leaf_id st; + content0 <- betree_node_apply_messages_to_leaf_fwd_back content msgs; + len <- betree_list_len_fwd content0; + i <- u64_mul (int_to_u64 2) params.betree_params_split_size; + if u64_ge len i + then ( + do + (st1, new_node) <- + betree_leaf_split_fwd node content0 params node_id_cnt st0; + _ <- betree_store_leaf_node_fwd node.betree_leaf_id BetreeListNil st1; + node_id_cnt0 <- + betree_leaf_split_back node content0 params node_id_cnt st0; + Return (BetreeNodeInternal new_node, node_id_cnt0) + od) + else ( + do + _ <- betree_store_leaf_node_fwd node.betree_leaf_id content0 st0; + Return (BetreeNodeLeaf (node with <| betree_leaf_size := len |>), + node_id_cnt) + od) + od) +’ + +val betree_node_apply_fwd_def = Define ‘ + (** [betree::betree::Node::{5}::apply]: forward function *) + betree_node_apply_fwd + (self : betree_node_t) (params : betree_params_t) + (node_id_cnt : betree_node_id_counter_t) (key : u64) + (new_msg : betree_message_t) (st : state) : + (state # unit) result + = + let l = BetreeListNil in + do + (st0, _) <- + betree_node_apply_messages_fwd self params node_id_cnt (BetreeListCons + (key, new_msg) l) st; + _ <- + betree_node_apply_messages_back self params node_id_cnt (BetreeListCons + (key, new_msg) l) st; + Return (st0, ()) + od +’ + +val betree_node_apply_back_def = Define ‘ + (** [betree::betree::Node::{5}::apply]: backward function 0 *) + betree_node_apply_back + (self : betree_node_t) (params : betree_params_t) + (node_id_cnt : betree_node_id_counter_t) (key : u64) + (new_msg : betree_message_t) (st : state) : + (betree_node_t # betree_node_id_counter_t) result + = + let l = BetreeListNil in + betree_node_apply_messages_back self params node_id_cnt (BetreeListCons + (key, new_msg) l) st +’ + +val betree_be_tree_new_fwd_def = Define ‘ + (** [betree::betree::BeTree::{6}::new]: forward function *) + betree_be_tree_new_fwd + (min_flush_size : u64) (split_size : u64) (st : state) : + (state # betree_be_tree_t) result + = + do + node_id_cnt <- betree_node_id_counter_new_fwd; + id <- betree_node_id_counter_fresh_id_fwd node_id_cnt; + (st0, _) <- betree_store_leaf_node_fwd id BetreeListNil st; + node_id_cnt0 <- betree_node_id_counter_fresh_id_back node_id_cnt; + Return (st0, + <| + betree_be_tree_params := + (<| + betree_params_min_flush_size := min_flush_size; + betree_params_split_size := split_size + |>); + betree_be_tree_node_id_cnt := node_id_cnt0; + betree_be_tree_root := + (BetreeNodeLeaf + (<| betree_leaf_id := id; betree_leaf_size := (int_to_u64 0) |>)) + |>) + od +’ + +val betree_be_tree_apply_fwd_def = Define ‘ + (** [betree::betree::BeTree::{6}::apply]: forward function *) + betree_be_tree_apply_fwd + (self : betree_be_tree_t) (key : u64) (msg : betree_message_t) (st : state) + : + (state # unit) result + = + do + (st0, _) <- + betree_node_apply_fwd self.betree_be_tree_root self.betree_be_tree_params + self.betree_be_tree_node_id_cnt key msg st; + _ <- + betree_node_apply_back self.betree_be_tree_root + self.betree_be_tree_params self.betree_be_tree_node_id_cnt key msg st; + Return (st0, ()) + od +’ + +val betree_be_tree_apply_back_def = Define ‘ + (** [betree::betree::BeTree::{6}::apply]: backward function 0 *) + betree_be_tree_apply_back + (self : betree_be_tree_t) (key : u64) (msg : betree_message_t) (st : state) + : + betree_be_tree_t result + = + do + (n, nic) <- + betree_node_apply_back self.betree_be_tree_root + self.betree_be_tree_params self.betree_be_tree_node_id_cnt key msg st; + Return + (self + with + <| + betree_be_tree_node_id_cnt := nic; betree_be_tree_root := n + |>) + od +’ + +val betree_be_tree_insert_fwd_def = Define ‘ + (** [betree::betree::BeTree::{6}::insert]: forward function *) + betree_be_tree_insert_fwd + (self : betree_be_tree_t) (key : u64) (value : u64) (st : state) : + (state # unit) result + = + do + (st0, _) <- + betree_be_tree_apply_fwd self key (BetreeMessageInsert value) st; + _ <- betree_be_tree_apply_back self key (BetreeMessageInsert value) st; + Return (st0, ()) + od +’ + +val betree_be_tree_insert_back_def = Define ‘ + (** [betree::betree::BeTree::{6}::insert]: backward function 0 *) + betree_be_tree_insert_back + (self : betree_be_tree_t) (key : u64) (value : u64) (st : state) : + betree_be_tree_t result + = + betree_be_tree_apply_back self key (BetreeMessageInsert value) st +’ + +val betree_be_tree_delete_fwd_def = Define ‘ + (** [betree::betree::BeTree::{6}::delete]: forward function *) + betree_be_tree_delete_fwd + (self : betree_be_tree_t) (key : u64) (st : state) : + (state # unit) result + = + do + (st0, _) <- betree_be_tree_apply_fwd self key BetreeMessageDelete st; + _ <- betree_be_tree_apply_back self key BetreeMessageDelete st; + Return (st0, ()) + od +’ + +val betree_be_tree_delete_back_def = Define ‘ + (** [betree::betree::BeTree::{6}::delete]: backward function 0 *) + betree_be_tree_delete_back + (self : betree_be_tree_t) (key : u64) (st : state) : + betree_be_tree_t result + = + betree_be_tree_apply_back self key BetreeMessageDelete st +’ + +val betree_be_tree_upsert_fwd_def = Define ‘ + (** [betree::betree::BeTree::{6}::upsert]: forward function *) + betree_be_tree_upsert_fwd + (self : betree_be_tree_t) (key : u64) (upd : betree_upsert_fun_state_t) + (st : state) : + (state # unit) result + = + do + (st0, _) <- betree_be_tree_apply_fwd self key (BetreeMessageUpsert upd) st; + _ <- betree_be_tree_apply_back self key (BetreeMessageUpsert upd) st; + Return (st0, ()) + od +’ + +val betree_be_tree_upsert_back_def = Define ‘ + (** [betree::betree::BeTree::{6}::upsert]: backward function 0 *) + betree_be_tree_upsert_back + (self : betree_be_tree_t) (key : u64) (upd : betree_upsert_fun_state_t) + (st : state) : + betree_be_tree_t result + = + betree_be_tree_apply_back self key (BetreeMessageUpsert upd) st +’ + +val betree_be_tree_lookup_fwd_def = Define ‘ + (** [betree::betree::BeTree::{6}::lookup]: forward function *) + betree_be_tree_lookup_fwd + (self : betree_be_tree_t) (key : u64) (st : state) : + (state # u64 option) result + = + betree_node_lookup_fwd self.betree_be_tree_root key st +’ + +val betree_be_tree_lookup_back_def = Define ‘ + (** [betree::betree::BeTree::{6}::lookup]: backward function 0 *) + betree_be_tree_lookup_back + (self : betree_be_tree_t) (key : u64) (st : state) : + betree_be_tree_t result + = + do + n <- betree_node_lookup_back self.betree_be_tree_root key st; + Return (self with <| betree_be_tree_root := n |>) + od +’ + +val main_fwd_def = Define ‘ + (** [betree::main]: forward function *) + main_fwd : unit result = + Return () +’ + +(** Unit test for [betree::main] *) +val _ = assert_return (“main_fwd”) + +val _ = export_theory () diff --git a/tests/hol4/betree/betree_FunsTheory.sig b/tests/hol4/betree/betree_FunsTheory.sig new file mode 100644 index 00000000..4127cba1 --- /dev/null +++ b/tests/hol4/betree/betree_FunsTheory.sig @@ -0,0 +1,1230 @@ +signature betree_FunsTheory = +sig + type thm = Thm.thm + + (* Definitions *) + val betree_be_tree_apply_back_def : thm + val betree_be_tree_apply_fwd_def : thm + val betree_be_tree_delete_back_def : thm + val betree_be_tree_delete_fwd_def : thm + val betree_be_tree_insert_back_def : thm + val betree_be_tree_insert_fwd_def : thm + val betree_be_tree_lookup_back_def : thm + val betree_be_tree_lookup_fwd_def : thm + val betree_be_tree_new_fwd_def : thm + val betree_be_tree_upsert_back_def : thm + val betree_be_tree_upsert_fwd_def : thm + val betree_fresh_node_id_back_def : thm + val betree_fresh_node_id_fwd_def : thm + val betree_internal_flush_back_def : thm + val betree_internal_flush_fwd_def : thm + val betree_internal_lookup_in_children_back_def : thm + val betree_internal_lookup_in_children_fwd_def : thm + val betree_leaf_split_back_def : thm + val betree_leaf_split_fwd_def : thm + val betree_list_hd_fwd_def : thm + val betree_list_head_has_key_fwd_def : thm + val betree_list_len_fwd_def : thm + val betree_list_partition_at_pivot_fwd_def : thm + val betree_list_pop_front_back_def : thm + val betree_list_pop_front_fwd_def : thm + val betree_list_push_front_fwd_back_def : thm + val betree_list_split_at_fwd_def : thm + val betree_load_internal_node_fwd_def : thm + val betree_load_leaf_node_fwd_def : thm + val betree_node_apply_back_def : thm + val betree_node_apply_fwd_def : thm + val betree_node_apply_messages_back_def : thm + val betree_node_apply_messages_fwd_def : thm + val betree_node_apply_messages_to_internal_fwd_back_def : thm + val betree_node_apply_messages_to_leaf_fwd_back_def : thm + val betree_node_apply_to_internal_fwd_back_def : thm + val betree_node_apply_to_leaf_fwd_back_def : thm + val betree_node_apply_upserts_back_def : thm + val betree_node_apply_upserts_fwd_def : thm + val betree_node_filter_messages_for_key_fwd_back_def : thm + val betree_node_id_counter_fresh_id_back_def : thm + val betree_node_id_counter_fresh_id_fwd_def : thm + val betree_node_id_counter_new_fwd_def : thm + val betree_node_lookup_back_def : thm + val betree_node_lookup_first_message_after_key_back_def : thm + val betree_node_lookup_first_message_after_key_fwd_def : thm + val betree_node_lookup_first_message_for_key_back_def : thm + val betree_node_lookup_first_message_for_key_fwd_def : thm + val betree_node_lookup_fwd_def : thm + val betree_node_lookup_in_bindings_fwd_def : thm + val betree_node_lookup_mut_in_bindings_back_def : thm + val betree_node_lookup_mut_in_bindings_fwd_def : thm + val betree_store_internal_node_fwd_def : thm + val betree_store_leaf_node_fwd_def : thm + val betree_upsert_update_fwd_def : thm + val main_fwd_def : thm + + val betree_Funs_grammars : type_grammar.grammar * term_grammar.grammar +(* + [betree_Opaque] Parent theory of "betree_Funs" + + [betree_be_tree_apply_back_def] Definition + + ⊢ ∀self key msg st. + betree_be_tree_apply_back self key msg st = + do + (n,nic) <- + betree_node_apply_back self.betree_be_tree_root + self.betree_be_tree_params self.betree_be_tree_node_id_cnt + key msg st; + Return + (self with + <|betree_be_tree_node_id_cnt := nic; + betree_be_tree_root := n|>) + od + + [betree_be_tree_apply_fwd_def] Definition + + ⊢ ∀self key msg st. + betree_be_tree_apply_fwd self key msg st = + do + (st0,_) <- + betree_node_apply_fwd self.betree_be_tree_root + self.betree_be_tree_params self.betree_be_tree_node_id_cnt + key msg st; + monad_ignore_bind + (betree_node_apply_back self.betree_be_tree_root + self.betree_be_tree_params self.betree_be_tree_node_id_cnt + key msg st) (Return (st0,())) + od + + [betree_be_tree_delete_back_def] Definition + + ⊢ ∀self key st. + betree_be_tree_delete_back self key st = + betree_be_tree_apply_back self key BetreeMessageDelete st + + [betree_be_tree_delete_fwd_def] Definition + + ⊢ ∀self key st. + betree_be_tree_delete_fwd self key st = + do + (st0,_) <- + betree_be_tree_apply_fwd self key BetreeMessageDelete st; + monad_ignore_bind + (betree_be_tree_apply_back self key BetreeMessageDelete st) + (Return (st0,())) + od + + [betree_be_tree_insert_back_def] Definition + + ⊢ ∀self key value st. + betree_be_tree_insert_back self key value st = + betree_be_tree_apply_back self key (BetreeMessageInsert value) st + + [betree_be_tree_insert_fwd_def] Definition + + ⊢ ∀self key value st. + betree_be_tree_insert_fwd self key value st = + do + (st0,_) <- + betree_be_tree_apply_fwd self key (BetreeMessageInsert value) + st; + monad_ignore_bind + (betree_be_tree_apply_back self key + (BetreeMessageInsert value) st) (Return (st0,())) + od + + [betree_be_tree_lookup_back_def] Definition + + ⊢ ∀self key st. + betree_be_tree_lookup_back self key st = + do + n <- betree_node_lookup_back self.betree_be_tree_root key st; + Return (self with betree_be_tree_root := n) + od + + [betree_be_tree_lookup_fwd_def] Definition + + ⊢ ∀self key st. + betree_be_tree_lookup_fwd self key st = + betree_node_lookup_fwd self.betree_be_tree_root key st + + [betree_be_tree_new_fwd_def] Definition + + ⊢ ∀min_flush_size split_size st. + betree_be_tree_new_fwd min_flush_size split_size st = + do + node_id_cnt <- betree_node_id_counter_new_fwd; + id <- betree_node_id_counter_fresh_id_fwd node_id_cnt; + (st0,_) <- betree_store_leaf_node_fwd id BetreeListNil st; + node_id_cnt0 <- + betree_node_id_counter_fresh_id_back node_id_cnt; + Return + (st0, + <|betree_be_tree_params := + <|betree_params_min_flush_size := min_flush_size; + betree_params_split_size := split_size|>; + betree_be_tree_node_id_cnt := node_id_cnt0; + betree_be_tree_root := + BetreeNodeLeaf + <|betree_leaf_id := id; + betree_leaf_size := int_to_u64 0|> |>) + od + + [betree_be_tree_upsert_back_def] Definition + + ⊢ ∀self key upd st. + betree_be_tree_upsert_back self key upd st = + betree_be_tree_apply_back self key (BetreeMessageUpsert upd) st + + [betree_be_tree_upsert_fwd_def] Definition + + ⊢ ∀self key upd st. + betree_be_tree_upsert_fwd self key upd st = + do + (st0,_) <- + betree_be_tree_apply_fwd self key (BetreeMessageUpsert upd) + st; + monad_ignore_bind + (betree_be_tree_apply_back self key (BetreeMessageUpsert upd) + st) (Return (st0,())) + od + + [betree_fresh_node_id_back_def] Definition + + ⊢ ∀counter. + betree_fresh_node_id_back counter = + u64_add counter (int_to_u64 1) + + [betree_fresh_node_id_fwd_def] Definition + + ⊢ ∀counter. + betree_fresh_node_id_fwd counter = + monad_ignore_bind (u64_add counter (int_to_u64 1)) + (Return counter) + + [betree_internal_flush_back_def] Definition + + ⊢ ∀self params node_id_cnt content st. + betree_internal_flush_back self params node_id_cnt content st = + do + p <- + betree_list_partition_at_pivot_fwd content + self.betree_internal_pivot; + (msgs_left,msgs_right) <<- p; + len_left <- betree_list_len_fwd msgs_left; + if u64_ge len_left params.betree_params_min_flush_size then + do + (st0,_) <- + betree_node_apply_messages_fwd self.betree_internal_left + params node_id_cnt msgs_left st; + (n,node_id_cnt0) <- + betree_node_apply_messages_back self.betree_internal_left + params node_id_cnt msgs_left st; + len_right <- betree_list_len_fwd msgs_right; + if + u64_ge len_right params.betree_params_min_flush_size + then + do + (n0,node_id_cnt1) <- + betree_node_apply_messages_back + self.betree_internal_right params node_id_cnt0 + msgs_right st0; + Return + (self with + <|betree_internal_left := n; + betree_internal_right := n0|>,node_id_cnt1) + od + else + Return (self with betree_internal_left := n,node_id_cnt0) + od + else + do + (n,node_id_cnt0) <- + betree_node_apply_messages_back + self.betree_internal_right params node_id_cnt + msgs_right st; + Return (self with betree_internal_right := n,node_id_cnt0) + od + od + + [betree_internal_flush_fwd_def] Definition + + ⊢ ∀self params node_id_cnt content st. + betree_internal_flush_fwd self params node_id_cnt content st = + do + p <- + betree_list_partition_at_pivot_fwd content + self.betree_internal_pivot; + (msgs_left,msgs_right) <<- p; + len_left <- betree_list_len_fwd msgs_left; + if u64_ge len_left params.betree_params_min_flush_size then + do + (st0,_) <- + betree_node_apply_messages_fwd self.betree_internal_left + params node_id_cnt msgs_left st; + (_,node_id_cnt0) <- + betree_node_apply_messages_back self.betree_internal_left + params node_id_cnt msgs_left st; + len_right <- betree_list_len_fwd msgs_right; + if + u64_ge len_right params.betree_params_min_flush_size + then + do + (st1,_) <- + betree_node_apply_messages_fwd + self.betree_internal_right params node_id_cnt0 + msgs_right st0; + monad_ignore_bind + (betree_node_apply_messages_back + self.betree_internal_right params node_id_cnt0 + msgs_right st0) (Return (st1,BetreeListNil)) + od + else Return (st0,msgs_right) + od + else + do + (st0,_) <- + betree_node_apply_messages_fwd self.betree_internal_right + params node_id_cnt msgs_right st; + monad_ignore_bind + (betree_node_apply_messages_back + self.betree_internal_right params node_id_cnt + msgs_right st) (Return (st0,msgs_left)) + od + od + + [betree_internal_lookup_in_children_back_def] Definition + + ⊢ ∀self key st. + betree_internal_lookup_in_children_back self key st = + if u64_lt key self.betree_internal_pivot then + do + n <- betree_node_lookup_back self.betree_internal_left key st; + Return (self with betree_internal_left := n) + od + else + do + n <- + betree_node_lookup_back self.betree_internal_right key st; + Return (self with betree_internal_right := n) + od + + [betree_internal_lookup_in_children_fwd_def] Definition + + ⊢ ∀self key st. + betree_internal_lookup_in_children_fwd self key st = + if u64_lt key self.betree_internal_pivot then + betree_node_lookup_fwd self.betree_internal_left key st + else betree_node_lookup_fwd self.betree_internal_right key st + + [betree_leaf_split_back_def] Definition + + ⊢ ∀self content params node_id_cnt st. + betree_leaf_split_back self content params node_id_cnt st = + do + p <- + betree_list_split_at_fwd content + params.betree_params_split_size; + (content0,content1) <<- p; + monad_ignore_bind (betree_list_hd_fwd content1) + do + id0 <- betree_node_id_counter_fresh_id_fwd node_id_cnt; + node_id_cnt0 <- + betree_node_id_counter_fresh_id_back node_id_cnt; + id1 <- betree_node_id_counter_fresh_id_fwd node_id_cnt0; + (st0,_) <- betree_store_leaf_node_fwd id0 content0 st; + monad_ignore_bind + (betree_store_leaf_node_fwd id1 content1 st0) + (betree_node_id_counter_fresh_id_back node_id_cnt0) + od + od + + [betree_leaf_split_fwd_def] Definition + + ⊢ ∀self content params node_id_cnt st. + betree_leaf_split_fwd self content params node_id_cnt st = + do + p <- + betree_list_split_at_fwd content + params.betree_params_split_size; + (content0,content1) <<- p; + p0 <- betree_list_hd_fwd content1; + (pivot,_) <<- p0; + id0 <- betree_node_id_counter_fresh_id_fwd node_id_cnt; + node_id_cnt0 <- + betree_node_id_counter_fresh_id_back node_id_cnt; + id1 <- betree_node_id_counter_fresh_id_fwd node_id_cnt0; + (st0,_) <- betree_store_leaf_node_fwd id0 content0 st; + (st1,_) <- betree_store_leaf_node_fwd id1 content1 st0; + n <<- + BetreeNodeLeaf + <|betree_leaf_id := id0; + betree_leaf_size := params.betree_params_split_size|>; + n0 <<- + BetreeNodeLeaf + <|betree_leaf_id := id1; + betree_leaf_size := params.betree_params_split_size|>; + Return + (st1, + <|betree_internal_id := self.betree_leaf_id; + betree_internal_pivot := pivot; betree_internal_left := n; + betree_internal_right := n0|>) + od + + [betree_list_hd_fwd_def] Definition + + ⊢ ∀self. + betree_list_hd_fwd self = + case self of + BetreeListCons hd l => Return hd + | BetreeListNil => Fail Failure + + [betree_list_head_has_key_fwd_def] Definition + + ⊢ ∀self key. + betree_list_head_has_key_fwd self key = + case self of + BetreeListCons hd l => (let (i,_) = hd in Return (i = key)) + | BetreeListNil => Return F + + [betree_list_len_fwd_def] Definition + + ⊢ ∀self. + betree_list_len_fwd self = + case self of + BetreeListCons t tl => + do i <- betree_list_len_fwd tl; u64_add (int_to_u64 1) i od + | BetreeListNil => Return (int_to_u64 0) + + [betree_list_partition_at_pivot_fwd_def] Definition + + ⊢ ∀self pivot. + betree_list_partition_at_pivot_fwd self pivot = + case self of + BetreeListCons hd tl => + (let + (i,t) = hd + in + if u64_ge i pivot then + Return (BetreeListNil,BetreeListCons (i,t) tl) + else + do + p <- betree_list_partition_at_pivot_fwd tl pivot; + (ls0,ls1) <<- p; + l <<- ls0; + Return (BetreeListCons (i,t) l,ls1) + od) + | BetreeListNil => Return (BetreeListNil,BetreeListNil) + + [betree_list_pop_front_back_def] Definition + + ⊢ ∀self. + betree_list_pop_front_back self = + (let + ls = mem_replace_fwd self BetreeListNil + in + case ls of + BetreeListCons x tl => Return tl + | BetreeListNil => Fail Failure) + + [betree_list_pop_front_fwd_def] Definition + + ⊢ ∀self. + betree_list_pop_front_fwd self = + (let + ls = mem_replace_fwd self BetreeListNil + in + case ls of + BetreeListCons x tl => Return x + | BetreeListNil => Fail Failure) + + [betree_list_push_front_fwd_back_def] Definition + + ⊢ ∀self x. + betree_list_push_front_fwd_back self x = + (let + tl = mem_replace_fwd self BetreeListNil; + l = tl + in + Return (BetreeListCons x l)) + + [betree_list_split_at_fwd_def] Definition + + ⊢ ∀self n. + betree_list_split_at_fwd self n = + if n = int_to_u64 0 then Return (BetreeListNil,self) + else + case self of + BetreeListCons hd tl => + do + i <- u64_sub n (int_to_u64 1); + p <- betree_list_split_at_fwd tl i; + (ls0,ls1) <<- p; + l <<- ls0; + Return (BetreeListCons hd l,ls1) + od + | BetreeListNil => Fail Failure + + [betree_load_internal_node_fwd_def] Definition + + ⊢ ∀id st. + betree_load_internal_node_fwd id st = + betree_utils_load_internal_node_fwd id st + + [betree_load_leaf_node_fwd_def] Definition + + ⊢ ∀id st. + betree_load_leaf_node_fwd id st = + betree_utils_load_leaf_node_fwd id st + + [betree_node_apply_back_def] Definition + + ⊢ ∀self params node_id_cnt key new_msg st. + betree_node_apply_back self params node_id_cnt key new_msg st = + (let + l = BetreeListNil + in + betree_node_apply_messages_back self params node_id_cnt + (BetreeListCons (key,new_msg) l) st) + + [betree_node_apply_fwd_def] Definition + + ⊢ ∀self params node_id_cnt key new_msg st. + betree_node_apply_fwd self params node_id_cnt key new_msg st = + (let + l = BetreeListNil + in + do + (st0,_) <- + betree_node_apply_messages_fwd self params node_id_cnt + (BetreeListCons (key,new_msg) l) st; + monad_ignore_bind + (betree_node_apply_messages_back self params node_id_cnt + (BetreeListCons (key,new_msg) l) st) (Return (st0,())) + od) + + [betree_node_apply_messages_back_def] Definition + + ⊢ ∀self params node_id_cnt msgs st. + betree_node_apply_messages_back self params node_id_cnt msgs st = + case self of + BetreeNodeInternal node => + do + (st0,content) <- + betree_load_internal_node_fwd node.betree_internal_id st; + content0 <- + betree_node_apply_messages_to_internal_fwd_back content + msgs; + num_msgs <- betree_list_len_fwd content0; + if u64_ge num_msgs params.betree_params_min_flush_size then + do + (st1,content1) <- + betree_internal_flush_fwd node params node_id_cnt + content0 st0; + (node0,node_id_cnt0) <- + betree_internal_flush_back node params node_id_cnt + content0 st0; + monad_ignore_bind + (betree_store_internal_node_fwd + node0.betree_internal_id content1 st1) + (Return (BetreeNodeInternal node0,node_id_cnt0)) + od + else + monad_ignore_bind + (betree_store_internal_node_fwd node.betree_internal_id + content0 st0) + (Return (BetreeNodeInternal node,node_id_cnt)) + od + | BetreeNodeLeaf node' => + do + (st0,content) <- + betree_load_leaf_node_fwd node'.betree_leaf_id st; + content0 <- + betree_node_apply_messages_to_leaf_fwd_back content msgs; + len <- betree_list_len_fwd content0; + i <- u64_mul (int_to_u64 2) params.betree_params_split_size; + if u64_ge len i then + do + (st1,new_node) <- + betree_leaf_split_fwd node' content0 params node_id_cnt + st0; + monad_ignore_bind + (betree_store_leaf_node_fwd node'.betree_leaf_id + BetreeListNil st1) + do + node_id_cnt0 <- + betree_leaf_split_back node' content0 params + node_id_cnt st0; + Return (BetreeNodeInternal new_node,node_id_cnt0) + od + od + else + monad_ignore_bind + (betree_store_leaf_node_fwd node'.betree_leaf_id content0 + st0) + (Return + (BetreeNodeLeaf (node' with betree_leaf_size := len), + node_id_cnt)) + od + + [betree_node_apply_messages_fwd_def] Definition + + ⊢ ∀self params node_id_cnt msgs st. + betree_node_apply_messages_fwd self params node_id_cnt msgs st = + case self of + BetreeNodeInternal node => + do + (st0,content) <- + betree_load_internal_node_fwd node.betree_internal_id st; + content0 <- + betree_node_apply_messages_to_internal_fwd_back content + msgs; + num_msgs <- betree_list_len_fwd content0; + if u64_ge num_msgs params.betree_params_min_flush_size then + do + (st1,content1) <- + betree_internal_flush_fwd node params node_id_cnt + content0 st0; + (node0,_) <- + betree_internal_flush_back node params node_id_cnt + content0 st0; + (st2,_) <- + betree_store_internal_node_fwd + node0.betree_internal_id content1 st1; + Return (st2,()) + od + else + do + (st1,_) <- + betree_store_internal_node_fwd + node.betree_internal_id content0 st0; + Return (st1,()) + od + od + | BetreeNodeLeaf node' => + do + (st0,content) <- + betree_load_leaf_node_fwd node'.betree_leaf_id st; + content0 <- + betree_node_apply_messages_to_leaf_fwd_back content msgs; + len <- betree_list_len_fwd content0; + i <- u64_mul (int_to_u64 2) params.betree_params_split_size; + if u64_ge len i then + do + (st1,_) <- + betree_leaf_split_fwd node' content0 params node_id_cnt + st0; + (st2,_) <- + betree_store_leaf_node_fwd node'.betree_leaf_id + BetreeListNil st1; + Return (st2,()) + od + else + do + (st1,_) <- + betree_store_leaf_node_fwd node'.betree_leaf_id + content0 st0; + Return (st1,()) + od + od + + [betree_node_apply_messages_to_internal_fwd_back_def] Definition + + ⊢ ∀msgs new_msgs. + betree_node_apply_messages_to_internal_fwd_back msgs new_msgs = + case new_msgs of + BetreeListCons new_msg new_msgs_tl => + (let + (i,m) = new_msg + in + do + msgs0 <- betree_node_apply_to_internal_fwd_back msgs i m; + betree_node_apply_messages_to_internal_fwd_back msgs0 + new_msgs_tl + od) + | BetreeListNil => Return msgs + + [betree_node_apply_messages_to_leaf_fwd_back_def] Definition + + ⊢ ∀bindings new_msgs. + betree_node_apply_messages_to_leaf_fwd_back bindings new_msgs = + case new_msgs of + BetreeListCons new_msg new_msgs_tl => + (let + (i,m) = new_msg + in + do + bindings0 <- + betree_node_apply_to_leaf_fwd_back bindings i m; + betree_node_apply_messages_to_leaf_fwd_back bindings0 + new_msgs_tl + od) + | BetreeListNil => Return bindings + + [betree_node_apply_to_internal_fwd_back_def] Definition + + ⊢ ∀msgs key new_msg. + betree_node_apply_to_internal_fwd_back msgs key new_msg = + do + msgs0 <- betree_node_lookup_first_message_for_key_fwd key msgs; + b <- betree_list_head_has_key_fwd msgs0 key; + if b then + case new_msg of + BetreeMessageInsert i => + do + msgs1 <- + betree_node_filter_messages_for_key_fwd_back key + msgs0; + msgs2 <- + betree_list_push_front_fwd_back msgs1 + (key,BetreeMessageInsert i); + betree_node_lookup_first_message_for_key_back key msgs + msgs2 + od + | BetreeMessageDelete => + do + msgs1 <- + betree_node_filter_messages_for_key_fwd_back key msgs0; + msgs2 <- + betree_list_push_front_fwd_back msgs1 + (key,BetreeMessageDelete); + betree_node_lookup_first_message_for_key_back key msgs + msgs2 + od + | BetreeMessageUpsert s => + do + p <- betree_list_hd_fwd msgs0; + (_,m) <<- p; + case m of + BetreeMessageInsert prev => + do + v <- betree_upsert_update_fwd (SOME prev) s; + msgs1 <- betree_list_pop_front_back msgs0; + msgs2 <- + betree_list_push_front_fwd_back msgs1 + (key,BetreeMessageInsert v); + betree_node_lookup_first_message_for_key_back key + msgs msgs2 + od + | BetreeMessageDelete => + do + v <- betree_upsert_update_fwd NONE s; + msgs1 <- betree_list_pop_front_back msgs0; + msgs2 <- + betree_list_push_front_fwd_back msgs1 + (key,BetreeMessageInsert v); + betree_node_lookup_first_message_for_key_back key + msgs msgs2 + od + | BetreeMessageUpsert ufs => + do + msgs1 <- + betree_node_lookup_first_message_after_key_fwd key + msgs0; + msgs2 <- + betree_list_push_front_fwd_back msgs1 + (key,BetreeMessageUpsert s); + msgs3 <- + betree_node_lookup_first_message_after_key_back key + msgs0 msgs2; + betree_node_lookup_first_message_for_key_back key + msgs msgs3 + od + od + else + do + msgs1 <- + betree_list_push_front_fwd_back msgs0 (key,new_msg); + betree_node_lookup_first_message_for_key_back key msgs + msgs1 + od + od + + [betree_node_apply_to_leaf_fwd_back_def] Definition + + ⊢ ∀bindings key new_msg. + betree_node_apply_to_leaf_fwd_back bindings key new_msg = + do + bindings0 <- + betree_node_lookup_mut_in_bindings_fwd key bindings; + b <- betree_list_head_has_key_fwd bindings0 key; + if b then + do + hd <- betree_list_pop_front_fwd bindings0; + case new_msg of + BetreeMessageInsert v => + do + bindings1 <- betree_list_pop_front_back bindings0; + bindings2 <- + betree_list_push_front_fwd_back bindings1 (key,v); + betree_node_lookup_mut_in_bindings_back key bindings + bindings2 + od + | BetreeMessageDelete => + do + bindings1 <- betree_list_pop_front_back bindings0; + betree_node_lookup_mut_in_bindings_back key bindings + bindings1 + od + | BetreeMessageUpsert s => + (let + (_,i) = hd + in + do + v <- betree_upsert_update_fwd (SOME i) s; + bindings1 <- betree_list_pop_front_back bindings0; + bindings2 <- + betree_list_push_front_fwd_back bindings1 (key,v); + betree_node_lookup_mut_in_bindings_back key bindings + bindings2 + od) + od + else + case new_msg of + BetreeMessageInsert v => + do + bindings1 <- + betree_list_push_front_fwd_back bindings0 (key,v); + betree_node_lookup_mut_in_bindings_back key bindings + bindings1 + od + | BetreeMessageDelete => + betree_node_lookup_mut_in_bindings_back key bindings + bindings0 + | BetreeMessageUpsert s => + do + v <- betree_upsert_update_fwd NONE s; + bindings1 <- + betree_list_push_front_fwd_back bindings0 (key,v); + betree_node_lookup_mut_in_bindings_back key bindings + bindings1 + od + od + + [betree_node_apply_upserts_back_def] Definition + + ⊢ ∀msgs prev key st. + betree_node_apply_upserts_back msgs prev key st = + do + b <- betree_list_head_has_key_fwd msgs key; + if b then + do + msg <- betree_list_pop_front_fwd msgs; + (_,m) <<- msg; + case m of + BetreeMessageInsert i => Fail Failure + | BetreeMessageDelete => Fail Failure + | BetreeMessageUpsert s => + do + v <- betree_upsert_update_fwd prev s; + msgs0 <- betree_list_pop_front_back msgs; + betree_node_apply_upserts_back msgs0 (SOME v) key st + od + od + else + do + (_,v) <- core_option_option_unwrap_fwd prev st; + betree_list_push_front_fwd_back msgs + (key,BetreeMessageInsert v) + od + od + + [betree_node_apply_upserts_fwd_def] Definition + + ⊢ ∀msgs prev key st. + betree_node_apply_upserts_fwd msgs prev key st = + do + b <- betree_list_head_has_key_fwd msgs key; + if b then + do + msg <- betree_list_pop_front_fwd msgs; + (_,m) <<- msg; + case m of + BetreeMessageInsert i => Fail Failure + | BetreeMessageDelete => Fail Failure + | BetreeMessageUpsert s => + do + v <- betree_upsert_update_fwd prev s; + msgs0 <- betree_list_pop_front_back msgs; + betree_node_apply_upserts_fwd msgs0 (SOME v) key st + od + od + else + do + (st0,v) <- core_option_option_unwrap_fwd prev st; + monad_ignore_bind + (betree_list_push_front_fwd_back msgs + (key,BetreeMessageInsert v)) (Return (st0,v)) + od + od + + [betree_node_filter_messages_for_key_fwd_back_def] Definition + + ⊢ ∀key msgs. + betree_node_filter_messages_for_key_fwd_back key msgs = + case msgs of + BetreeListCons p l => + (let + (k,m) = p + in + if k = key then + do + msgs0 <- + betree_list_pop_front_back (BetreeListCons (k,m) l); + betree_node_filter_messages_for_key_fwd_back key msgs0 + od + else Return (BetreeListCons (k,m) l)) + | BetreeListNil => Return BetreeListNil + + [betree_node_id_counter_fresh_id_back_def] Definition + + ⊢ ∀self. + betree_node_id_counter_fresh_id_back self = + do + i <- + u64_add self.betree_node_id_counter_next_node_id + (int_to_u64 1); + Return <|betree_node_id_counter_next_node_id := i|> + od + + [betree_node_id_counter_fresh_id_fwd_def] Definition + + ⊢ ∀self. + betree_node_id_counter_fresh_id_fwd self = + monad_ignore_bind + (u64_add self.betree_node_id_counter_next_node_id + (int_to_u64 1)) + (Return self.betree_node_id_counter_next_node_id) + + [betree_node_id_counter_new_fwd_def] Definition + + ⊢ betree_node_id_counter_new_fwd = + Return <|betree_node_id_counter_next_node_id := int_to_u64 0|> + + [betree_node_lookup_back_def] Definition + + ⊢ ∀self key st. + betree_node_lookup_back self key st = + case self of + BetreeNodeInternal node => + do + (st0,msgs) <- + betree_load_internal_node_fwd node.betree_internal_id st; + pending <- + betree_node_lookup_first_message_for_key_fwd key msgs; + case pending of + BetreeListCons p l => + (let + (k,msg) = p + in + if k ≠ key then + monad_ignore_bind + (betree_node_lookup_first_message_for_key_back + key msgs (BetreeListCons (k,msg) l)) + do + node0 <- + betree_internal_lookup_in_children_back node + key st0; + Return (BetreeNodeInternal node0) + od + else + case msg of + BetreeMessageInsert v => + monad_ignore_bind + (betree_node_lookup_first_message_for_key_back + key msgs + (BetreeListCons (k,BetreeMessageInsert v) + l)) (Return (BetreeNodeInternal node)) + | BetreeMessageDelete => + monad_ignore_bind + (betree_node_lookup_first_message_for_key_back + key msgs + (BetreeListCons (k,BetreeMessageDelete) l)) + (Return (BetreeNodeInternal node)) + | BetreeMessageUpsert ufs => + do + (st1,v) <- + betree_internal_lookup_in_children_fwd node + key st0; + (st2,_) <- + betree_node_apply_upserts_fwd + (BetreeListCons + (k,BetreeMessageUpsert ufs) l) v key + st1; + node0 <- + betree_internal_lookup_in_children_back node + key st0; + pending0 <- + betree_node_apply_upserts_back + (BetreeListCons + (k,BetreeMessageUpsert ufs) l) v key + st1; + msgs0 <- + betree_node_lookup_first_message_for_key_back + key msgs pending0; + monad_ignore_bind + (betree_store_internal_node_fwd + node0.betree_internal_id msgs0 st2) + (Return (BetreeNodeInternal node0)) + od) + | BetreeListNil => + monad_ignore_bind + (betree_node_lookup_first_message_for_key_back key msgs + BetreeListNil) + do + node0 <- + betree_internal_lookup_in_children_back node key + st0; + Return (BetreeNodeInternal node0) + od + od + | BetreeNodeLeaf node' => + do + (_,bindings) <- + betree_load_leaf_node_fwd node'.betree_leaf_id st; + monad_ignore_bind + (betree_node_lookup_in_bindings_fwd key bindings) + (Return (BetreeNodeLeaf node')) + od + + [betree_node_lookup_first_message_after_key_back_def] Definition + + ⊢ ∀key msgs ret. + betree_node_lookup_first_message_after_key_back key msgs ret = + case msgs of + BetreeListCons p next_msgs => + (let + (k,m) = p + in + if k = key then + do + next_msgs0 <- + betree_node_lookup_first_message_after_key_back key + next_msgs ret; + Return (BetreeListCons (k,m) next_msgs0) + od + else Return ret) + | BetreeListNil => Return ret + + [betree_node_lookup_first_message_after_key_fwd_def] Definition + + ⊢ ∀key msgs. + betree_node_lookup_first_message_after_key_fwd key msgs = + case msgs of + BetreeListCons p next_msgs => + (let + (k,m) = p + in + if k = key then + betree_node_lookup_first_message_after_key_fwd key + next_msgs + else Return (BetreeListCons (k,m) next_msgs)) + | BetreeListNil => Return BetreeListNil + + [betree_node_lookup_first_message_for_key_back_def] Definition + + ⊢ ∀key msgs ret. + betree_node_lookup_first_message_for_key_back key msgs ret = + case msgs of + BetreeListCons x next_msgs => + (let + (i,m) = x + in + if u64_ge i key then Return ret + else + do + next_msgs0 <- + betree_node_lookup_first_message_for_key_back key + next_msgs ret; + Return (BetreeListCons (i,m) next_msgs0) + od) + | BetreeListNil => Return ret + + [betree_node_lookup_first_message_for_key_fwd_def] Definition + + ⊢ ∀key msgs. + betree_node_lookup_first_message_for_key_fwd key msgs = + case msgs of + BetreeListCons x next_msgs => + (let + (i,m) = x + in + if u64_ge i key then + Return (BetreeListCons (i,m) next_msgs) + else + betree_node_lookup_first_message_for_key_fwd key + next_msgs) + | BetreeListNil => Return BetreeListNil + + [betree_node_lookup_fwd_def] Definition + + ⊢ ∀self key st. + betree_node_lookup_fwd self key st = + case self of + BetreeNodeInternal node => + do + (st0,msgs) <- + betree_load_internal_node_fwd node.betree_internal_id st; + pending <- + betree_node_lookup_first_message_for_key_fwd key msgs; + case pending of + BetreeListCons p l => + (let + (k,msg) = p + in + if k ≠ key then + do + (st1,opt) <- + betree_internal_lookup_in_children_fwd node + key st0; + monad_ignore_bind + (betree_node_lookup_first_message_for_key_back + key msgs (BetreeListCons (k,msg) l)) + (Return (st1,opt)) + od + else + case msg of + BetreeMessageInsert v => + monad_ignore_bind + (betree_node_lookup_first_message_for_key_back + key msgs + (BetreeListCons (k,BetreeMessageInsert v) + l)) (Return (st0,SOME v)) + | BetreeMessageDelete => + monad_ignore_bind + (betree_node_lookup_first_message_for_key_back + key msgs + (BetreeListCons (k,BetreeMessageDelete) l)) + (Return (st0,NONE)) + | BetreeMessageUpsert ufs => + do + (st1,v) <- + betree_internal_lookup_in_children_fwd node + key st0; + (st2,v0) <- + betree_node_apply_upserts_fwd + (BetreeListCons + (k,BetreeMessageUpsert ufs) l) v key + st1; + node0 <- + betree_internal_lookup_in_children_back node + key st0; + pending0 <- + betree_node_apply_upserts_back + (BetreeListCons + (k,BetreeMessageUpsert ufs) l) v key + st1; + msgs0 <- + betree_node_lookup_first_message_for_key_back + key msgs pending0; + (st3,_) <- + betree_store_internal_node_fwd + node0.betree_internal_id msgs0 st2; + Return (st3,SOME v0) + od) + | BetreeListNil => + do + (st1,opt) <- + betree_internal_lookup_in_children_fwd node key st0; + monad_ignore_bind + (betree_node_lookup_first_message_for_key_back key + msgs BetreeListNil) (Return (st1,opt)) + od + od + | BetreeNodeLeaf node' => + do + (st0,bindings) <- + betree_load_leaf_node_fwd node'.betree_leaf_id st; + opt <- betree_node_lookup_in_bindings_fwd key bindings; + Return (st0,opt) + od + + [betree_node_lookup_in_bindings_fwd_def] Definition + + ⊢ ∀key bindings. + betree_node_lookup_in_bindings_fwd key bindings = + case bindings of + BetreeListCons hd tl => + (let + (i,i0) = hd + in + if i = key then Return (SOME i0) + else if u64_gt i key then Return NONE + else betree_node_lookup_in_bindings_fwd key tl) + | BetreeListNil => Return NONE + + [betree_node_lookup_mut_in_bindings_back_def] Definition + + ⊢ ∀key bindings ret. + betree_node_lookup_mut_in_bindings_back key bindings ret = + case bindings of + BetreeListCons hd tl => + (let + (i,i0) = hd + in + if u64_ge i key then Return ret + else + do + tl0 <- + betree_node_lookup_mut_in_bindings_back key tl ret; + Return (BetreeListCons (i,i0) tl0) + od) + | BetreeListNil => Return ret + + [betree_node_lookup_mut_in_bindings_fwd_def] Definition + + ⊢ ∀key bindings. + betree_node_lookup_mut_in_bindings_fwd key bindings = + case bindings of + BetreeListCons hd tl => + (let + (i,i0) = hd + in + if u64_ge i key then Return (BetreeListCons (i,i0) tl) + else betree_node_lookup_mut_in_bindings_fwd key tl) + | BetreeListNil => Return BetreeListNil + + [betree_store_internal_node_fwd_def] Definition + + ⊢ ∀id content st. + betree_store_internal_node_fwd id content st = + do + (st0,_) <- betree_utils_store_internal_node_fwd id content st; + Return (st0,()) + od + + [betree_store_leaf_node_fwd_def] Definition + + ⊢ ∀id content st. + betree_store_leaf_node_fwd id content st = + do + (st0,_) <- betree_utils_store_leaf_node_fwd id content st; + Return (st0,()) + od + + [betree_upsert_update_fwd_def] Definition + + ⊢ ∀prev st. + betree_upsert_update_fwd prev st = + case prev of + NONE => + (case st of + BetreeUpsertFunStateAdd v => Return v + | BetreeUpsertFunStateSub i => Return (int_to_u64 0)) + | SOME prev0 => + case st of + BetreeUpsertFunStateAdd v => + do + margin <- u64_sub core_u64_max prev0; + if u64_ge margin v then u64_add prev0 v + else Return core_u64_max + od + | BetreeUpsertFunStateSub v' => + if u64_ge prev0 v' then u64_sub prev0 v' + else Return (int_to_u64 0) + + [main_fwd_def] Definition + + ⊢ main_fwd = Return () + + +*) +end diff --git a/tests/hol4/betree/betree_OpaqueScript.sml b/tests/hol4/betree/betree_OpaqueScript.sml new file mode 100644 index 00000000..d8fdf6b5 --- /dev/null +++ b/tests/hol4/betree/betree_OpaqueScript.sml @@ -0,0 +1,26 @@ +(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) +(** [betree]: external function declarations *) +open primitivesLib divDefLib +open betree_TypesTheory + +val _ = new_theory "betree_Opaque" + + +(** [betree::betree_utils::load_internal_node]: forward function *)val _ = new_constant ("betree_utils_load_internal_node_fwd", + “:u64 -> state -> (state # (u64 # betree_message_t) betree_list_t) + result”) + +(** [betree::betree_utils::store_internal_node]: forward function *)val _ = new_constant ("betree_utils_store_internal_node_fwd", + “:u64 -> (u64 # betree_message_t) betree_list_t -> state -> (state # unit) + result”) + +(** [betree::betree_utils::load_leaf_node]: forward function *)val _ = new_constant ("betree_utils_load_leaf_node_fwd", + “:u64 -> state -> (state # (u64 # u64) betree_list_t) result”) + +(** [betree::betree_utils::store_leaf_node]: forward function *)val _ = new_constant ("betree_utils_store_leaf_node_fwd", + “:u64 -> (u64 # u64) betree_list_t -> state -> (state # unit) result”) + +(** [core::option::Option::{0}::unwrap]: forward function *)val _ = new_constant ("core_option_option_unwrap_fwd", + “:'t option -> state -> (state # 't) result”) + +val _ = export_theory () diff --git a/tests/hol4/betree/betree_OpaqueTheory.sig b/tests/hol4/betree/betree_OpaqueTheory.sig new file mode 100644 index 00000000..9452ff0f --- /dev/null +++ b/tests/hol4/betree/betree_OpaqueTheory.sig @@ -0,0 +1,11 @@ +signature betree_OpaqueTheory = +sig + type thm = Thm.thm + + val betree_Opaque_grammars : type_grammar.grammar * term_grammar.grammar +(* + [betree_Types] Parent theory of "betree_Opaque" + + +*) +end diff --git a/tests/hol4/betree/betree_TypesScript.sml b/tests/hol4/betree/betree_TypesScript.sml new file mode 100644 index 00000000..93be2f46 --- /dev/null +++ b/tests/hol4/betree/betree_TypesScript.sml @@ -0,0 +1,76 @@ +(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) +(** [betree]: type definitions *) +open primitivesLib divDefLib + +val _ = new_theory "betree_Types" + + +Datatype: + (** [betree::betree::List] *) + betree_list_t = | BetreeListCons 't betree_list_t | BetreeListNil +End + +Datatype: + (** [betree::betree::UpsertFunState] *) + betree_upsert_fun_state_t = + | BetreeUpsertFunStateAdd u64 + | BetreeUpsertFunStateSub u64 +End + +Datatype: + (** [betree::betree::Message] *) + betree_message_t = + | BetreeMessageInsert u64 + | BetreeMessageDelete + | BetreeMessageUpsert betree_upsert_fun_state_t +End + +Datatype: + (** [betree::betree::Leaf] *) + betree_leaf_t = <| betree_leaf_id : u64; betree_leaf_size : u64; |> +End + +Datatype: + (** [betree::betree::Internal] *) + betree_internal_t = + <| + betree_internal_id : u64; + betree_internal_pivot : u64; + betree_internal_left : betree_node_t; + betree_internal_right : betree_node_t; + |> + ; + + (** [betree::betree::Node] *) + betree_node_t = + | BetreeNodeInternal betree_internal_t + | BetreeNodeLeaf betree_leaf_t +End + +Datatype: + (** [betree::betree::Params] *) + betree_params_t = + <| + betree_params_min_flush_size : u64; betree_params_split_size : u64; + |> +End + +Datatype: + (** [betree::betree::NodeIdCounter] *) + betree_node_id_counter_t = <| betree_node_id_counter_next_node_id : u64; |> +End + +Datatype: + (** [betree::betree::BeTree] *) + betree_be_tree_t = + <| + betree_be_tree_params : betree_params_t; + betree_be_tree_node_id_cnt : betree_node_id_counter_t; + betree_be_tree_root : betree_node_t; + |> +End + +(** The state type used in the state-error monad *) +val _ = new_type ("state", 0) + +val _ = export_theory () diff --git a/tests/hol4/betree/betree_TypesTheory.sig b/tests/hol4/betree/betree_TypesTheory.sig new file mode 100644 index 00000000..ee2ec4b5 --- /dev/null +++ b/tests/hol4/betree/betree_TypesTheory.sig @@ -0,0 +1,1751 @@ +signature betree_TypesTheory = +sig + type thm = Thm.thm + + (* Definitions *) + val betree_be_tree_t_TY_DEF : thm + val betree_be_tree_t_betree_be_tree_node_id_cnt : thm + val betree_be_tree_t_betree_be_tree_node_id_cnt_fupd : thm + val betree_be_tree_t_betree_be_tree_params : thm + val betree_be_tree_t_betree_be_tree_params_fupd : thm + val betree_be_tree_t_betree_be_tree_root : thm + val betree_be_tree_t_betree_be_tree_root_fupd : thm + val betree_be_tree_t_case_def : thm + val betree_be_tree_t_size_def : thm + val betree_internal_t_TY_DEF : thm + val betree_internal_t_betree_internal_id : thm + val betree_internal_t_betree_internal_id_fupd : thm + val betree_internal_t_betree_internal_left : thm + val betree_internal_t_betree_internal_left_fupd : thm + val betree_internal_t_betree_internal_pivot : thm + val betree_internal_t_betree_internal_pivot_fupd : thm + val betree_internal_t_betree_internal_right : thm + val betree_internal_t_betree_internal_right_fupd : thm + val betree_internal_t_case_def : thm + val betree_internal_t_size_def : thm + val betree_leaf_t_TY_DEF : thm + val betree_leaf_t_betree_leaf_id : thm + val betree_leaf_t_betree_leaf_id_fupd : thm + val betree_leaf_t_betree_leaf_size : thm + val betree_leaf_t_betree_leaf_size_fupd : thm + val betree_leaf_t_case_def : thm + val betree_leaf_t_size_def : thm + val betree_list_t_TY_DEF : thm + val betree_list_t_case_def : thm + val betree_list_t_size_def : thm + val betree_message_t_TY_DEF : thm + val betree_message_t_case_def : thm + val betree_message_t_size_def : thm + val betree_node_id_counter_t_TY_DEF : thm + val betree_node_id_counter_t_betree_node_id_counter_next_node_id : thm + val betree_node_id_counter_t_betree_node_id_counter_next_node_id_fupd : thm + val betree_node_id_counter_t_case_def : thm + val betree_node_id_counter_t_size_def : thm + val betree_node_t_TY_DEF : thm + val betree_node_t_case_def : thm + val betree_params_t_TY_DEF : thm + val betree_params_t_betree_params_min_flush_size : thm + val betree_params_t_betree_params_min_flush_size_fupd : thm + val betree_params_t_betree_params_split_size : thm + val betree_params_t_betree_params_split_size_fupd : thm + val betree_params_t_case_def : thm + val betree_params_t_size_def : thm + val betree_upsert_fun_state_t_TY_DEF : thm + val betree_upsert_fun_state_t_case_def : thm + val betree_upsert_fun_state_t_size_def : thm + + (* Theorems *) + val EXISTS_betree_be_tree_t : thm + val EXISTS_betree_internal_t : thm + val EXISTS_betree_leaf_t : thm + val EXISTS_betree_node_id_counter_t : thm + val EXISTS_betree_params_t : thm + val FORALL_betree_be_tree_t : thm + val FORALL_betree_internal_t : thm + val FORALL_betree_leaf_t : thm + val FORALL_betree_node_id_counter_t : thm + val FORALL_betree_params_t : thm + val betree_be_tree_t_11 : thm + val betree_be_tree_t_Axiom : thm + val betree_be_tree_t_accessors : thm + val betree_be_tree_t_accfupds : thm + val betree_be_tree_t_case_cong : thm + val betree_be_tree_t_case_eq : thm + val betree_be_tree_t_component_equality : thm + val betree_be_tree_t_fn_updates : thm + val betree_be_tree_t_fupdcanon : thm + val betree_be_tree_t_fupdcanon_comp : thm + val betree_be_tree_t_fupdfupds : thm + val betree_be_tree_t_fupdfupds_comp : thm + val betree_be_tree_t_induction : thm + val betree_be_tree_t_literal_11 : thm + val betree_be_tree_t_literal_nchotomy : thm + val betree_be_tree_t_nchotomy : thm + val betree_be_tree_t_updates_eq_literal : thm + val betree_internal_t_11 : thm + val betree_internal_t_Axiom : thm + val betree_internal_t_accessors : thm + val betree_internal_t_accfupds : thm + val betree_internal_t_case_cong : thm + val betree_internal_t_case_eq : thm + val betree_internal_t_component_equality : thm + val betree_internal_t_fn_updates : thm + val betree_internal_t_fupdcanon : thm + val betree_internal_t_fupdcanon_comp : thm + val betree_internal_t_fupdfupds : thm + val betree_internal_t_fupdfupds_comp : thm + val betree_internal_t_induction : thm + val betree_internal_t_literal_11 : thm + val betree_internal_t_literal_nchotomy : thm + val betree_internal_t_nchotomy : thm + val betree_internal_t_updates_eq_literal : thm + val betree_leaf_t_11 : thm + val betree_leaf_t_Axiom : thm + val betree_leaf_t_accessors : thm + val betree_leaf_t_accfupds : thm + val betree_leaf_t_case_cong : thm + val betree_leaf_t_case_eq : thm + val betree_leaf_t_component_equality : thm + val betree_leaf_t_fn_updates : thm + val betree_leaf_t_fupdcanon : thm + val betree_leaf_t_fupdcanon_comp : thm + val betree_leaf_t_fupdfupds : thm + val betree_leaf_t_fupdfupds_comp : thm + val betree_leaf_t_induction : thm + val betree_leaf_t_literal_11 : thm + val betree_leaf_t_literal_nchotomy : thm + val betree_leaf_t_nchotomy : thm + val betree_leaf_t_updates_eq_literal : thm + val betree_list_t_11 : thm + val betree_list_t_Axiom : thm + val betree_list_t_case_cong : thm + val betree_list_t_case_eq : thm + val betree_list_t_distinct : thm + val betree_list_t_induction : thm + val betree_list_t_nchotomy : thm + val betree_message_t_11 : thm + val betree_message_t_Axiom : thm + val betree_message_t_case_cong : thm + val betree_message_t_case_eq : thm + val betree_message_t_distinct : thm + val betree_message_t_induction : thm + val betree_message_t_nchotomy : thm + val betree_node_id_counter_t_11 : thm + val betree_node_id_counter_t_Axiom : thm + val betree_node_id_counter_t_accessors : thm + val betree_node_id_counter_t_accfupds : thm + val betree_node_id_counter_t_case_cong : thm + val betree_node_id_counter_t_case_eq : thm + val betree_node_id_counter_t_component_equality : thm + val betree_node_id_counter_t_fn_updates : thm + val betree_node_id_counter_t_fupdfupds : thm + val betree_node_id_counter_t_fupdfupds_comp : thm + val betree_node_id_counter_t_induction : thm + val betree_node_id_counter_t_literal_11 : thm + val betree_node_id_counter_t_literal_nchotomy : thm + val betree_node_id_counter_t_nchotomy : thm + val betree_node_id_counter_t_updates_eq_literal : thm + val betree_node_t_11 : thm + val betree_node_t_Axiom : thm + val betree_node_t_case_cong : thm + val betree_node_t_case_eq : thm + val betree_node_t_distinct : thm + val betree_node_t_induction : thm + val betree_node_t_nchotomy : thm + val betree_params_t_11 : thm + val betree_params_t_Axiom : thm + val betree_params_t_accessors : thm + val betree_params_t_accfupds : thm + val betree_params_t_case_cong : thm + val betree_params_t_case_eq : thm + val betree_params_t_component_equality : thm + val betree_params_t_fn_updates : thm + val betree_params_t_fupdcanon : thm + val betree_params_t_fupdcanon_comp : thm + val betree_params_t_fupdfupds : thm + val betree_params_t_fupdfupds_comp : thm + val betree_params_t_induction : thm + val betree_params_t_literal_11 : thm + val betree_params_t_literal_nchotomy : thm + val betree_params_t_nchotomy : thm + val betree_params_t_updates_eq_literal : thm + val betree_upsert_fun_state_t_11 : thm + val betree_upsert_fun_state_t_Axiom : thm + val betree_upsert_fun_state_t_case_cong : thm + val betree_upsert_fun_state_t_case_eq : thm + val betree_upsert_fun_state_t_distinct : thm + val betree_upsert_fun_state_t_induction : thm + val betree_upsert_fun_state_t_nchotomy : thm + val datatype_betree_be_tree_t : thm + val datatype_betree_internal_t : thm + val datatype_betree_leaf_t : thm + val datatype_betree_list_t : thm + val datatype_betree_message_t : thm + val datatype_betree_node_id_counter_t : thm + val datatype_betree_params_t : thm + val datatype_betree_upsert_fun_state_t : thm + + val betree_Types_grammars : type_grammar.grammar * term_grammar.grammar +(* + [divDef] Parent theory of "betree_Types" + + [betree_be_tree_t_TY_DEF] Definition + + ⊢ ∃rep. + TYPE_DEFINITION + (λa0'. + ∀ $var$('betree_be_tree_t'). + (∀a0'. + (∃a0 a1 a2. + a0' = + (λa0 a1 a2. + ind_type$CONSTR 0 (a0,a1,a2) + (λn. ind_type$BOTTOM)) a0 a1 a2) ⇒ + $var$('betree_be_tree_t') a0') ⇒ + $var$('betree_be_tree_t') a0') rep + + [betree_be_tree_t_betree_be_tree_node_id_cnt] Definition + + ⊢ ∀b b0 b1. + (betree_be_tree_t b b0 b1).betree_be_tree_node_id_cnt = b0 + + [betree_be_tree_t_betree_be_tree_node_id_cnt_fupd] Definition + + ⊢ ∀f b b0 b1. + betree_be_tree_t b b0 b1 with + betree_be_tree_node_id_cnt updated_by f = + betree_be_tree_t b (f b0) b1 + + [betree_be_tree_t_betree_be_tree_params] Definition + + ⊢ ∀b b0 b1. (betree_be_tree_t b b0 b1).betree_be_tree_params = b + + [betree_be_tree_t_betree_be_tree_params_fupd] Definition + + ⊢ ∀f b b0 b1. + betree_be_tree_t b b0 b1 with betree_be_tree_params updated_by f = + betree_be_tree_t (f b) b0 b1 + + [betree_be_tree_t_betree_be_tree_root] Definition + + ⊢ ∀b b0 b1. (betree_be_tree_t b b0 b1).betree_be_tree_root = b1 + + [betree_be_tree_t_betree_be_tree_root_fupd] Definition + + ⊢ ∀f b b0 b1. + betree_be_tree_t b b0 b1 with betree_be_tree_root updated_by f = + betree_be_tree_t b b0 (f b1) + + [betree_be_tree_t_case_def] Definition + + ⊢ ∀a0 a1 a2 f. + betree_be_tree_t_CASE (betree_be_tree_t a0 a1 a2) f = f a0 a1 a2 + + [betree_be_tree_t_size_def] Definition + + ⊢ ∀a0 a1 a2. + betree_be_tree_t_size (betree_be_tree_t a0 a1 a2) = + 1 + + (betree_params_t_size a0 + + (betree_node_id_counter_t_size a1 + betree_node_t_size a2)) + + [betree_internal_t_TY_DEF] Definition + + ⊢ ∃rep. + TYPE_DEFINITION + (λa0'. + ∀ $var$('betree_internal_t') $var$('betree_node_t'). + (∀a0'. + (∃a0 a1 a2 a3. + a0' = + (λa0 a1 a2 a3. + ind_type$CONSTR 0 (a0,a1,ARB) + (ind_type$FCONS a2 + (ind_type$FCONS a3 (λn. ind_type$BOTTOM)))) + a0 a1 a2 a3 ∧ $var$('betree_node_t') a2 ∧ + $var$('betree_node_t') a3) ⇒ + $var$('betree_internal_t') a0') ∧ + (∀a1'. + (∃a. a1' = + (λa. + ind_type$CONSTR (SUC 0) (ARB,ARB,ARB) + (ind_type$FCONS a (λn. ind_type$BOTTOM))) + a ∧ $var$('betree_internal_t') a) ∨ + (∃a. a1' = + (λa. + ind_type$CONSTR (SUC (SUC 0)) (ARB,ARB,a) + (λn. ind_type$BOTTOM)) a) ⇒ + $var$('betree_node_t') a1') ⇒ + $var$('betree_internal_t') a0') rep + + [betree_internal_t_betree_internal_id] Definition + + ⊢ ∀u u0 b b0. (betree_internal_t u u0 b b0).betree_internal_id = u + + [betree_internal_t_betree_internal_id_fupd] Definition + + ⊢ ∀f u u0 b b0. + betree_internal_t u u0 b b0 with betree_internal_id updated_by f = + betree_internal_t (f u) u0 b b0 + + [betree_internal_t_betree_internal_left] Definition + + ⊢ ∀u u0 b b0. (betree_internal_t u u0 b b0).betree_internal_left = b + + [betree_internal_t_betree_internal_left_fupd] Definition + + ⊢ ∀f u u0 b b0. + betree_internal_t u u0 b b0 with + betree_internal_left updated_by f = + betree_internal_t u u0 (f b) b0 + + [betree_internal_t_betree_internal_pivot] Definition + + ⊢ ∀u u0 b b0. + (betree_internal_t u u0 b b0).betree_internal_pivot = u0 + + [betree_internal_t_betree_internal_pivot_fupd] Definition + + ⊢ ∀f u u0 b b0. + betree_internal_t u u0 b b0 with + betree_internal_pivot updated_by f = + betree_internal_t u (f u0) b b0 + + [betree_internal_t_betree_internal_right] Definition + + ⊢ ∀u u0 b b0. + (betree_internal_t u u0 b b0).betree_internal_right = b0 + + [betree_internal_t_betree_internal_right_fupd] Definition + + ⊢ ∀f u u0 b b0. + betree_internal_t u u0 b b0 with + betree_internal_right updated_by f = + betree_internal_t u u0 b (f b0) + + [betree_internal_t_case_def] Definition + + ⊢ ∀a0 a1 a2 a3 f. + betree_internal_t_CASE (betree_internal_t a0 a1 a2 a3) f = + f a0 a1 a2 a3 + + [betree_internal_t_size_def] Definition + + ⊢ (∀a0 a1 a2 a3. + betree_internal_t_size (betree_internal_t a0 a1 a2 a3) = + 1 + (betree_node_t_size a2 + betree_node_t_size a3)) ∧ + (∀a. betree_node_t_size (BetreeNodeInternal a) = + 1 + betree_internal_t_size a) ∧ + ∀a. betree_node_t_size (BetreeNodeLeaf a) = + 1 + betree_leaf_t_size a + + [betree_leaf_t_TY_DEF] Definition + + ⊢ ∃rep. + TYPE_DEFINITION + (λa0'. + ∀ $var$('betree_leaf_t'). + (∀a0'. + (∃a0 a1. + a0' = + (λa0 a1. + ind_type$CONSTR 0 (a0,a1) + (λn. ind_type$BOTTOM)) a0 a1) ⇒ + $var$('betree_leaf_t') a0') ⇒ + $var$('betree_leaf_t') a0') rep + + [betree_leaf_t_betree_leaf_id] Definition + + ⊢ ∀u u0. (betree_leaf_t u u0).betree_leaf_id = u + + [betree_leaf_t_betree_leaf_id_fupd] Definition + + ⊢ ∀f u u0. + betree_leaf_t u u0 with betree_leaf_id updated_by f = + betree_leaf_t (f u) u0 + + [betree_leaf_t_betree_leaf_size] Definition + + ⊢ ∀u u0. (betree_leaf_t u u0).betree_leaf_size = u0 + + [betree_leaf_t_betree_leaf_size_fupd] Definition + + ⊢ ∀f u u0. + betree_leaf_t u u0 with betree_leaf_size updated_by f = + betree_leaf_t u (f u0) + + [betree_leaf_t_case_def] Definition + + ⊢ ∀a0 a1 f. betree_leaf_t_CASE (betree_leaf_t a0 a1) f = f a0 a1 + + [betree_leaf_t_size_def] Definition + + ⊢ ∀a0 a1. betree_leaf_t_size (betree_leaf_t a0 a1) = 1 + + [betree_list_t_TY_DEF] Definition + + ⊢ ∃rep. + TYPE_DEFINITION + (λa0'. + ∀ $var$('betree_list_t'). + (∀a0'. + (∃a0 a1. + a0' = + (λa0 a1. + ind_type$CONSTR 0 a0 + (ind_type$FCONS a1 (λn. ind_type$BOTTOM))) + a0 a1 ∧ $var$('betree_list_t') a1) ∨ + a0' = + ind_type$CONSTR (SUC 0) ARB (λn. ind_type$BOTTOM) ⇒ + $var$('betree_list_t') a0') ⇒ + $var$('betree_list_t') a0') rep + + [betree_list_t_case_def] Definition + + ⊢ (∀a0 a1 f v. + betree_list_t_CASE (BetreeListCons a0 a1) f v = f a0 a1) ∧ + ∀f v. betree_list_t_CASE BetreeListNil f v = v + + [betree_list_t_size_def] Definition + + ⊢ (∀f a0 a1. + betree_list_t_size f (BetreeListCons a0 a1) = + 1 + (f a0 + betree_list_t_size f a1)) ∧ + ∀f. betree_list_t_size f BetreeListNil = 0 + + [betree_message_t_TY_DEF] Definition + + ⊢ ∃rep. + TYPE_DEFINITION + (λa0. + ∀ $var$('betree_message_t'). + (∀a0. + (∃a. a0 = + (λa. + ind_type$CONSTR 0 (a,ARB) + (λn. ind_type$BOTTOM)) a) ∨ + a0 = + ind_type$CONSTR (SUC 0) (ARB,ARB) + (λn. ind_type$BOTTOM) ∨ + (∃a. a0 = + (λa. + ind_type$CONSTR (SUC (SUC 0)) (ARB,a) + (λn. ind_type$BOTTOM)) a) ⇒ + $var$('betree_message_t') a0) ⇒ + $var$('betree_message_t') a0) rep + + [betree_message_t_case_def] Definition + + ⊢ (∀a f v f1. + betree_message_t_CASE (BetreeMessageInsert a) f v f1 = f a) ∧ + (∀f v f1. betree_message_t_CASE BetreeMessageDelete f v f1 = v) ∧ + ∀a f v f1. + betree_message_t_CASE (BetreeMessageUpsert a) f v f1 = f1 a + + [betree_message_t_size_def] Definition + + ⊢ (∀a. betree_message_t_size (BetreeMessageInsert a) = 1) ∧ + betree_message_t_size BetreeMessageDelete = 0 ∧ + ∀a. betree_message_t_size (BetreeMessageUpsert a) = + 1 + betree_upsert_fun_state_t_size a + + [betree_node_id_counter_t_TY_DEF] Definition + + ⊢ ∃rep. + TYPE_DEFINITION + (λa0. + ∀ $var$('betree_node_id_counter_t'). + (∀a0. + (∃a. a0 = + (λa. ind_type$CONSTR 0 a (λn. ind_type$BOTTOM)) + a) ⇒ + $var$('betree_node_id_counter_t') a0) ⇒ + $var$('betree_node_id_counter_t') a0) rep + + [betree_node_id_counter_t_betree_node_id_counter_next_node_id] Definition + + ⊢ ∀u. (betree_node_id_counter_t u). + betree_node_id_counter_next_node_id = + u + + [betree_node_id_counter_t_betree_node_id_counter_next_node_id_fupd] Definition + + ⊢ ∀f u. + betree_node_id_counter_t u with + betree_node_id_counter_next_node_id updated_by f = + betree_node_id_counter_t (f u) + + [betree_node_id_counter_t_case_def] Definition + + ⊢ ∀a f. + betree_node_id_counter_t_CASE (betree_node_id_counter_t a) f = + f a + + [betree_node_id_counter_t_size_def] Definition + + ⊢ ∀a. betree_node_id_counter_t_size (betree_node_id_counter_t a) = 1 + + [betree_node_t_TY_DEF] Definition + + ⊢ ∃rep. + TYPE_DEFINITION + (λa1'. + ∀ $var$('betree_internal_t') $var$('betree_node_t'). + (∀a0'. + (∃a0 a1 a2 a3. + a0' = + (λa0 a1 a2 a3. + ind_type$CONSTR 0 (a0,a1,ARB) + (ind_type$FCONS a2 + (ind_type$FCONS a3 (λn. ind_type$BOTTOM)))) + a0 a1 a2 a3 ∧ $var$('betree_node_t') a2 ∧ + $var$('betree_node_t') a3) ⇒ + $var$('betree_internal_t') a0') ∧ + (∀a1'. + (∃a. a1' = + (λa. + ind_type$CONSTR (SUC 0) (ARB,ARB,ARB) + (ind_type$FCONS a (λn. ind_type$BOTTOM))) + a ∧ $var$('betree_internal_t') a) ∨ + (∃a. a1' = + (λa. + ind_type$CONSTR (SUC (SUC 0)) (ARB,ARB,a) + (λn. ind_type$BOTTOM)) a) ⇒ + $var$('betree_node_t') a1') ⇒ + $var$('betree_node_t') a1') rep + + [betree_node_t_case_def] Definition + + ⊢ (∀a f f1. betree_node_t_CASE (BetreeNodeInternal a) f f1 = f a) ∧ + ∀a f f1. betree_node_t_CASE (BetreeNodeLeaf a) f f1 = f1 a + + [betree_params_t_TY_DEF] Definition + + ⊢ ∃rep. + TYPE_DEFINITION + (λa0'. + ∀ $var$('betree_params_t'). + (∀a0'. + (∃a0 a1. + a0' = + (λa0 a1. + ind_type$CONSTR 0 (a0,a1) + (λn. ind_type$BOTTOM)) a0 a1) ⇒ + $var$('betree_params_t') a0') ⇒ + $var$('betree_params_t') a0') rep + + [betree_params_t_betree_params_min_flush_size] Definition + + ⊢ ∀u u0. (betree_params_t u u0).betree_params_min_flush_size = u + + [betree_params_t_betree_params_min_flush_size_fupd] Definition + + ⊢ ∀f u u0. + betree_params_t u u0 with + betree_params_min_flush_size updated_by f = + betree_params_t (f u) u0 + + [betree_params_t_betree_params_split_size] Definition + + ⊢ ∀u u0. (betree_params_t u u0).betree_params_split_size = u0 + + [betree_params_t_betree_params_split_size_fupd] Definition + + ⊢ ∀f u u0. + betree_params_t u u0 with betree_params_split_size updated_by f = + betree_params_t u (f u0) + + [betree_params_t_case_def] Definition + + ⊢ ∀a0 a1 f. betree_params_t_CASE (betree_params_t a0 a1) f = f a0 a1 + + [betree_params_t_size_def] Definition + + ⊢ ∀a0 a1. betree_params_t_size (betree_params_t a0 a1) = 1 + + [betree_upsert_fun_state_t_TY_DEF] Definition + + ⊢ ∃rep. + TYPE_DEFINITION + (λa0. + ∀ $var$('betree_upsert_fun_state_t'). + (∀a0. + (∃a. a0 = + (λa. ind_type$CONSTR 0 a (λn. ind_type$BOTTOM)) + a) ∨ + (∃a. a0 = + (λa. + ind_type$CONSTR (SUC 0) a + (λn. ind_type$BOTTOM)) a) ⇒ + $var$('betree_upsert_fun_state_t') a0) ⇒ + $var$('betree_upsert_fun_state_t') a0) rep + + [betree_upsert_fun_state_t_case_def] Definition + + ⊢ (∀a f f1. + betree_upsert_fun_state_t_CASE (BetreeUpsertFunStateAdd a) f f1 = + f a) ∧ + ∀a f f1. + betree_upsert_fun_state_t_CASE (BetreeUpsertFunStateSub a) f f1 = + f1 a + + [betree_upsert_fun_state_t_size_def] Definition + + ⊢ (∀a. betree_upsert_fun_state_t_size (BetreeUpsertFunStateAdd a) = 1) ∧ + ∀a. betree_upsert_fun_state_t_size (BetreeUpsertFunStateSub a) = 1 + + [EXISTS_betree_be_tree_t] Theorem + + ⊢ ∀P. (∃b. P b) ⇔ + ∃b2 b1 b0. + P + <|betree_be_tree_params := b2; + betree_be_tree_node_id_cnt := b1; + betree_be_tree_root := b0|> + + [EXISTS_betree_internal_t] Theorem + + ⊢ ∀P. (∃b. P b) ⇔ + ∃u0 u b1 b0. + P + <|betree_internal_id := u0; betree_internal_pivot := u; + betree_internal_left := b1; betree_internal_right := b0|> + + [EXISTS_betree_leaf_t] Theorem + + ⊢ ∀P. (∃b. P b) ⇔ + ∃u0 u. P <|betree_leaf_id := u0; betree_leaf_size := u|> + + [EXISTS_betree_node_id_counter_t] Theorem + + ⊢ ∀P. (∃b. P b) ⇔ ∃u. P <|betree_node_id_counter_next_node_id := u|> + + [EXISTS_betree_params_t] Theorem + + ⊢ ∀P. (∃b. P b) ⇔ + ∃u0 u. + P + <|betree_params_min_flush_size := u0; + betree_params_split_size := u|> + + [FORALL_betree_be_tree_t] Theorem + + ⊢ ∀P. (∀b. P b) ⇔ + ∀b2 b1 b0. + P + <|betree_be_tree_params := b2; + betree_be_tree_node_id_cnt := b1; + betree_be_tree_root := b0|> + + [FORALL_betree_internal_t] Theorem + + ⊢ ∀P. (∀b. P b) ⇔ + ∀u0 u b1 b0. + P + <|betree_internal_id := u0; betree_internal_pivot := u; + betree_internal_left := b1; betree_internal_right := b0|> + + [FORALL_betree_leaf_t] Theorem + + ⊢ ∀P. (∀b. P b) ⇔ + ∀u0 u. P <|betree_leaf_id := u0; betree_leaf_size := u|> + + [FORALL_betree_node_id_counter_t] Theorem + + ⊢ ∀P. (∀b. P b) ⇔ ∀u. P <|betree_node_id_counter_next_node_id := u|> + + [FORALL_betree_params_t] Theorem + + ⊢ ∀P. (∀b. P b) ⇔ + ∀u0 u. + P + <|betree_params_min_flush_size := u0; + betree_params_split_size := u|> + + [betree_be_tree_t_11] Theorem + + ⊢ ∀a0 a1 a2 a0' a1' a2'. + betree_be_tree_t a0 a1 a2 = betree_be_tree_t a0' a1' a2' ⇔ + a0 = a0' ∧ a1 = a1' ∧ a2 = a2' + + [betree_be_tree_t_Axiom] Theorem + + ⊢ ∀f. ∃fn. ∀a0 a1 a2. fn (betree_be_tree_t a0 a1 a2) = f a0 a1 a2 + + [betree_be_tree_t_accessors] Theorem + + ⊢ (∀b b0 b1. (betree_be_tree_t b b0 b1).betree_be_tree_params = b) ∧ + (∀b b0 b1. + (betree_be_tree_t b b0 b1).betree_be_tree_node_id_cnt = b0) ∧ + ∀b b0 b1. (betree_be_tree_t b b0 b1).betree_be_tree_root = b1 + + [betree_be_tree_t_accfupds] Theorem + + ⊢ (∀f b. + (b with betree_be_tree_node_id_cnt updated_by f). + betree_be_tree_params = + b.betree_be_tree_params) ∧ + (∀f b. + (b with betree_be_tree_root updated_by f).betree_be_tree_params = + b.betree_be_tree_params) ∧ + (∀f b. + (b with betree_be_tree_params updated_by f). + betree_be_tree_node_id_cnt = + b.betree_be_tree_node_id_cnt) ∧ + (∀f b. + (b with betree_be_tree_root updated_by f). + betree_be_tree_node_id_cnt = + b.betree_be_tree_node_id_cnt) ∧ + (∀f b. + (b with betree_be_tree_params updated_by f).betree_be_tree_root = + b.betree_be_tree_root) ∧ + (∀f b. + (b with betree_be_tree_node_id_cnt updated_by f). + betree_be_tree_root = + b.betree_be_tree_root) ∧ + (∀f b. + (b with betree_be_tree_params updated_by f). + betree_be_tree_params = + f b.betree_be_tree_params) ∧ + (∀f b. + (b with betree_be_tree_node_id_cnt updated_by f). + betree_be_tree_node_id_cnt = + f b.betree_be_tree_node_id_cnt) ∧ + ∀f b. + (b with betree_be_tree_root updated_by f).betree_be_tree_root = + f b.betree_be_tree_root + + [betree_be_tree_t_case_cong] Theorem + + ⊢ ∀M M' f. + M = M' ∧ + (∀a0 a1 a2. + M' = betree_be_tree_t a0 a1 a2 ⇒ f a0 a1 a2 = f' a0 a1 a2) ⇒ + betree_be_tree_t_CASE M f = betree_be_tree_t_CASE M' f' + + [betree_be_tree_t_case_eq] Theorem + + ⊢ betree_be_tree_t_CASE x f = v ⇔ + ∃b b0 b1. x = betree_be_tree_t b b0 b1 ∧ f b b0 b1 = v + + [betree_be_tree_t_component_equality] Theorem + + ⊢ ∀b1 b2. + b1 = b2 ⇔ + b1.betree_be_tree_params = b2.betree_be_tree_params ∧ + b1.betree_be_tree_node_id_cnt = b2.betree_be_tree_node_id_cnt ∧ + b1.betree_be_tree_root = b2.betree_be_tree_root + + [betree_be_tree_t_fn_updates] Theorem + + ⊢ (∀f b b0 b1. + betree_be_tree_t b b0 b1 with betree_be_tree_params updated_by f = + betree_be_tree_t (f b) b0 b1) ∧ + (∀f b b0 b1. + betree_be_tree_t b b0 b1 with + betree_be_tree_node_id_cnt updated_by f = + betree_be_tree_t b (f b0) b1) ∧ + ∀f b b0 b1. + betree_be_tree_t b b0 b1 with betree_be_tree_root updated_by f = + betree_be_tree_t b b0 (f b1) + + [betree_be_tree_t_fupdcanon] Theorem + + ⊢ (∀g f b. + b with + <|betree_be_tree_node_id_cnt updated_by f; + betree_be_tree_params updated_by g|> = + b with + <|betree_be_tree_params updated_by g; + betree_be_tree_node_id_cnt updated_by f|>) ∧ + (∀g f b. + b with + <|betree_be_tree_root updated_by f; + betree_be_tree_params updated_by g|> = + b with + <|betree_be_tree_params updated_by g; + betree_be_tree_root updated_by f|>) ∧ + ∀g f b. + b with + <|betree_be_tree_root updated_by f; + betree_be_tree_node_id_cnt updated_by g|> = + b with + <|betree_be_tree_node_id_cnt updated_by g; + betree_be_tree_root updated_by f|> + + [betree_be_tree_t_fupdcanon_comp] Theorem + + ⊢ ((∀g f. + betree_be_tree_node_id_cnt_fupd f ∘ + betree_be_tree_params_fupd g = + betree_be_tree_params_fupd g ∘ + betree_be_tree_node_id_cnt_fupd f) ∧ + ∀h g f. + betree_be_tree_node_id_cnt_fupd f ∘ + betree_be_tree_params_fupd g ∘ h = + betree_be_tree_params_fupd g ∘ + betree_be_tree_node_id_cnt_fupd f ∘ h) ∧ + ((∀g f. + betree_be_tree_root_fupd f ∘ betree_be_tree_params_fupd g = + betree_be_tree_params_fupd g ∘ betree_be_tree_root_fupd f) ∧ + ∀h g f. + betree_be_tree_root_fupd f ∘ betree_be_tree_params_fupd g ∘ h = + betree_be_tree_params_fupd g ∘ betree_be_tree_root_fupd f ∘ h) ∧ + (∀g f. + betree_be_tree_root_fupd f ∘ betree_be_tree_node_id_cnt_fupd g = + betree_be_tree_node_id_cnt_fupd g ∘ betree_be_tree_root_fupd f) ∧ + ∀h g f. + betree_be_tree_root_fupd f ∘ betree_be_tree_node_id_cnt_fupd g ∘ + h = + betree_be_tree_node_id_cnt_fupd g ∘ betree_be_tree_root_fupd f ∘ + h + + [betree_be_tree_t_fupdfupds] Theorem + + ⊢ (∀g f b. + b with + <|betree_be_tree_params updated_by f; + betree_be_tree_params updated_by g|> = + b with betree_be_tree_params updated_by f ∘ g) ∧ + (∀g f b. + b with + <|betree_be_tree_node_id_cnt updated_by f; + betree_be_tree_node_id_cnt updated_by g|> = + b with betree_be_tree_node_id_cnt updated_by f ∘ g) ∧ + ∀g f b. + b with + <|betree_be_tree_root updated_by f; + betree_be_tree_root updated_by g|> = + b with betree_be_tree_root updated_by f ∘ g + + [betree_be_tree_t_fupdfupds_comp] Theorem + + ⊢ ((∀g f. + betree_be_tree_params_fupd f ∘ betree_be_tree_params_fupd g = + betree_be_tree_params_fupd (f ∘ g)) ∧ + ∀h g f. + betree_be_tree_params_fupd f ∘ betree_be_tree_params_fupd g ∘ h = + betree_be_tree_params_fupd (f ∘ g) ∘ h) ∧ + ((∀g f. + betree_be_tree_node_id_cnt_fupd f ∘ + betree_be_tree_node_id_cnt_fupd g = + betree_be_tree_node_id_cnt_fupd (f ∘ g)) ∧ + ∀h g f. + betree_be_tree_node_id_cnt_fupd f ∘ + betree_be_tree_node_id_cnt_fupd g ∘ h = + betree_be_tree_node_id_cnt_fupd (f ∘ g) ∘ h) ∧ + (∀g f. + betree_be_tree_root_fupd f ∘ betree_be_tree_root_fupd g = + betree_be_tree_root_fupd (f ∘ g)) ∧ + ∀h g f. + betree_be_tree_root_fupd f ∘ betree_be_tree_root_fupd g ∘ h = + betree_be_tree_root_fupd (f ∘ g) ∘ h + + [betree_be_tree_t_induction] Theorem + + ⊢ ∀P. (∀b b0 b1. P (betree_be_tree_t b b0 b1)) ⇒ ∀b. P b + + [betree_be_tree_t_literal_11] Theorem + + ⊢ ∀b21 b11 b01 b22 b12 b02. + <|betree_be_tree_params := b21; + betree_be_tree_node_id_cnt := b11; betree_be_tree_root := b01|> = + <|betree_be_tree_params := b22; + betree_be_tree_node_id_cnt := b12; betree_be_tree_root := b02|> ⇔ + b21 = b22 ∧ b11 = b12 ∧ b01 = b02 + + [betree_be_tree_t_literal_nchotomy] Theorem + + ⊢ ∀b. ∃b2 b1 b0. + b = + <|betree_be_tree_params := b2; betree_be_tree_node_id_cnt := b1; + betree_be_tree_root := b0|> + + [betree_be_tree_t_nchotomy] Theorem + + ⊢ ∀bb. ∃b b0 b1. bb = betree_be_tree_t b b0 b1 + + [betree_be_tree_t_updates_eq_literal] Theorem + + ⊢ ∀b b2 b1 b0. + b with + <|betree_be_tree_params := b2; betree_be_tree_node_id_cnt := b1; + betree_be_tree_root := b0|> = + <|betree_be_tree_params := b2; betree_be_tree_node_id_cnt := b1; + betree_be_tree_root := b0|> + + [betree_internal_t_11] Theorem + + ⊢ ∀a0 a1 a2 a3 a0' a1' a2' a3'. + betree_internal_t a0 a1 a2 a3 = betree_internal_t a0' a1' a2' a3' ⇔ + a0 = a0' ∧ a1 = a1' ∧ a2 = a2' ∧ a3 = a3' + + [betree_internal_t_Axiom] Theorem + + ⊢ ∀f0 f1 f2. ∃fn0 fn1. + (∀a0 a1 a2 a3. + fn0 (betree_internal_t a0 a1 a2 a3) = + f0 a0 a1 a2 a3 (fn1 a2) (fn1 a3)) ∧ + (∀a. fn1 (BetreeNodeInternal a) = f1 a (fn0 a)) ∧ + ∀a. fn1 (BetreeNodeLeaf a) = f2 a + + [betree_internal_t_accessors] Theorem + + ⊢ (∀u u0 b b0. (betree_internal_t u u0 b b0).betree_internal_id = u) ∧ + (∀u u0 b b0. + (betree_internal_t u u0 b b0).betree_internal_pivot = u0) ∧ + (∀u u0 b b0. (betree_internal_t u u0 b b0).betree_internal_left = b) ∧ + ∀u u0 b b0. + (betree_internal_t u u0 b b0).betree_internal_right = b0 + + [betree_internal_t_accfupds] Theorem + + ⊢ (∀f b. + (b with betree_internal_pivot updated_by f).betree_internal_id = + b.betree_internal_id) ∧ + (∀f b. + (b with betree_internal_left updated_by f).betree_internal_id = + b.betree_internal_id) ∧ + (∀f b. + (b with betree_internal_right updated_by f).betree_internal_id = + b.betree_internal_id) ∧ + (∀f b. + (b with betree_internal_id updated_by f).betree_internal_pivot = + b.betree_internal_pivot) ∧ + (∀f b. + (b with betree_internal_left updated_by f).betree_internal_pivot = + b.betree_internal_pivot) ∧ + (∀f b. + (b with betree_internal_right updated_by f). + betree_internal_pivot = + b.betree_internal_pivot) ∧ + (∀f b. + (b with betree_internal_id updated_by f).betree_internal_left = + b.betree_internal_left) ∧ + (∀f b. + (b with betree_internal_pivot updated_by f).betree_internal_left = + b.betree_internal_left) ∧ + (∀f b. + (b with betree_internal_right updated_by f).betree_internal_left = + b.betree_internal_left) ∧ + (∀f b. + (b with betree_internal_id updated_by f).betree_internal_right = + b.betree_internal_right) ∧ + (∀f b. + (b with betree_internal_pivot updated_by f). + betree_internal_right = + b.betree_internal_right) ∧ + (∀f b. + (b with betree_internal_left updated_by f).betree_internal_right = + b.betree_internal_right) ∧ + (∀f b. + (b with betree_internal_id updated_by f).betree_internal_id = + f b.betree_internal_id) ∧ + (∀f b. + (b with betree_internal_pivot updated_by f). + betree_internal_pivot = + f b.betree_internal_pivot) ∧ + (∀f b. + (b with betree_internal_left updated_by f).betree_internal_left = + f b.betree_internal_left) ∧ + ∀f b. + (b with betree_internal_right updated_by f).betree_internal_right = + f b.betree_internal_right + + [betree_internal_t_case_cong] Theorem + + ⊢ ∀M M' f. + M = M' ∧ + (∀a0 a1 a2 a3. + M' = betree_internal_t a0 a1 a2 a3 ⇒ + f a0 a1 a2 a3 = f' a0 a1 a2 a3) ⇒ + betree_internal_t_CASE M f = betree_internal_t_CASE M' f' + + [betree_internal_t_case_eq] Theorem + + ⊢ betree_internal_t_CASE x f = v ⇔ + ∃u0 u b b0. x = betree_internal_t u0 u b b0 ∧ f u0 u b b0 = v + + [betree_internal_t_component_equality] Theorem + + ⊢ ∀b1 b2. + b1 = b2 ⇔ + b1.betree_internal_id = b2.betree_internal_id ∧ + b1.betree_internal_pivot = b2.betree_internal_pivot ∧ + b1.betree_internal_left = b2.betree_internal_left ∧ + b1.betree_internal_right = b2.betree_internal_right + + [betree_internal_t_fn_updates] Theorem + + ⊢ (∀f u u0 b b0. + betree_internal_t u u0 b b0 with betree_internal_id updated_by f = + betree_internal_t (f u) u0 b b0) ∧ + (∀f u u0 b b0. + betree_internal_t u u0 b b0 with + betree_internal_pivot updated_by f = + betree_internal_t u (f u0) b b0) ∧ + (∀f u u0 b b0. + betree_internal_t u u0 b b0 with + betree_internal_left updated_by f = + betree_internal_t u u0 (f b) b0) ∧ + ∀f u u0 b b0. + betree_internal_t u u0 b b0 with + betree_internal_right updated_by f = + betree_internal_t u u0 b (f b0) + + [betree_internal_t_fupdcanon] Theorem + + ⊢ (∀g f b. + b with + <|betree_internal_pivot updated_by f; + betree_internal_id updated_by g|> = + b with + <|betree_internal_id updated_by g; + betree_internal_pivot updated_by f|>) ∧ + (∀g f b. + b with + <|betree_internal_left updated_by f; + betree_internal_id updated_by g|> = + b with + <|betree_internal_id updated_by g; + betree_internal_left updated_by f|>) ∧ + (∀g f b. + b with + <|betree_internal_left updated_by f; + betree_internal_pivot updated_by g|> = + b with + <|betree_internal_pivot updated_by g; + betree_internal_left updated_by f|>) ∧ + (∀g f b. + b with + <|betree_internal_right updated_by f; + betree_internal_id updated_by g|> = + b with + <|betree_internal_id updated_by g; + betree_internal_right updated_by f|>) ∧ + (∀g f b. + b with + <|betree_internal_right updated_by f; + betree_internal_pivot updated_by g|> = + b with + <|betree_internal_pivot updated_by g; + betree_internal_right updated_by f|>) ∧ + ∀g f b. + b with + <|betree_internal_right updated_by f; + betree_internal_left updated_by g|> = + b with + <|betree_internal_left updated_by g; + betree_internal_right updated_by f|> + + [betree_internal_t_fupdcanon_comp] Theorem + + ⊢ ((∀g f. + betree_internal_pivot_fupd f ∘ betree_internal_id_fupd g = + betree_internal_id_fupd g ∘ betree_internal_pivot_fupd f) ∧ + ∀h g f. + betree_internal_pivot_fupd f ∘ betree_internal_id_fupd g ∘ h = + betree_internal_id_fupd g ∘ betree_internal_pivot_fupd f ∘ h) ∧ + ((∀g f. + betree_internal_left_fupd f ∘ betree_internal_id_fupd g = + betree_internal_id_fupd g ∘ betree_internal_left_fupd f) ∧ + ∀h g f. + betree_internal_left_fupd f ∘ betree_internal_id_fupd g ∘ h = + betree_internal_id_fupd g ∘ betree_internal_left_fupd f ∘ h) ∧ + ((∀g f. + betree_internal_left_fupd f ∘ betree_internal_pivot_fupd g = + betree_internal_pivot_fupd g ∘ betree_internal_left_fupd f) ∧ + ∀h g f. + betree_internal_left_fupd f ∘ betree_internal_pivot_fupd g ∘ h = + betree_internal_pivot_fupd g ∘ betree_internal_left_fupd f ∘ h) ∧ + ((∀g f. + betree_internal_right_fupd f ∘ betree_internal_id_fupd g = + betree_internal_id_fupd g ∘ betree_internal_right_fupd f) ∧ + ∀h g f. + betree_internal_right_fupd f ∘ betree_internal_id_fupd g ∘ h = + betree_internal_id_fupd g ∘ betree_internal_right_fupd f ∘ h) ∧ + ((∀g f. + betree_internal_right_fupd f ∘ betree_internal_pivot_fupd g = + betree_internal_pivot_fupd g ∘ betree_internal_right_fupd f) ∧ + ∀h g f. + betree_internal_right_fupd f ∘ betree_internal_pivot_fupd g ∘ h = + betree_internal_pivot_fupd g ∘ betree_internal_right_fupd f ∘ h) ∧ + (∀g f. + betree_internal_right_fupd f ∘ betree_internal_left_fupd g = + betree_internal_left_fupd g ∘ betree_internal_right_fupd f) ∧ + ∀h g f. + betree_internal_right_fupd f ∘ betree_internal_left_fupd g ∘ h = + betree_internal_left_fupd g ∘ betree_internal_right_fupd f ∘ h + + [betree_internal_t_fupdfupds] Theorem + + ⊢ (∀g f b. + b with + <|betree_internal_id updated_by f; + betree_internal_id updated_by g|> = + b with betree_internal_id updated_by f ∘ g) ∧ + (∀g f b. + b with + <|betree_internal_pivot updated_by f; + betree_internal_pivot updated_by g|> = + b with betree_internal_pivot updated_by f ∘ g) ∧ + (∀g f b. + b with + <|betree_internal_left updated_by f; + betree_internal_left updated_by g|> = + b with betree_internal_left updated_by f ∘ g) ∧ + ∀g f b. + b with + <|betree_internal_right updated_by f; + betree_internal_right updated_by g|> = + b with betree_internal_right updated_by f ∘ g + + [betree_internal_t_fupdfupds_comp] Theorem + + ⊢ ((∀g f. + betree_internal_id_fupd f ∘ betree_internal_id_fupd g = + betree_internal_id_fupd (f ∘ g)) ∧ + ∀h g f. + betree_internal_id_fupd f ∘ betree_internal_id_fupd g ∘ h = + betree_internal_id_fupd (f ∘ g) ∘ h) ∧ + ((∀g f. + betree_internal_pivot_fupd f ∘ betree_internal_pivot_fupd g = + betree_internal_pivot_fupd (f ∘ g)) ∧ + ∀h g f. + betree_internal_pivot_fupd f ∘ betree_internal_pivot_fupd g ∘ h = + betree_internal_pivot_fupd (f ∘ g) ∘ h) ∧ + ((∀g f. + betree_internal_left_fupd f ∘ betree_internal_left_fupd g = + betree_internal_left_fupd (f ∘ g)) ∧ + ∀h g f. + betree_internal_left_fupd f ∘ betree_internal_left_fupd g ∘ h = + betree_internal_left_fupd (f ∘ g) ∘ h) ∧ + (∀g f. + betree_internal_right_fupd f ∘ betree_internal_right_fupd g = + betree_internal_right_fupd (f ∘ g)) ∧ + ∀h g f. + betree_internal_right_fupd f ∘ betree_internal_right_fupd g ∘ h = + betree_internal_right_fupd (f ∘ g) ∘ h + + [betree_internal_t_induction] Theorem + + ⊢ ∀P0 P1. + (∀b b0. P1 b ∧ P1 b0 ⇒ ∀u u0. P0 (betree_internal_t u0 u b b0)) ∧ + (∀b. P0 b ⇒ P1 (BetreeNodeInternal b)) ∧ + (∀b. P1 (BetreeNodeLeaf b)) ⇒ + (∀b. P0 b) ∧ ∀b. P1 b + + [betree_internal_t_literal_11] Theorem + + ⊢ ∀u01 u1 b11 b01 u02 u2 b12 b02. + <|betree_internal_id := u01; betree_internal_pivot := u1; + betree_internal_left := b11; betree_internal_right := b01|> = + <|betree_internal_id := u02; betree_internal_pivot := u2; + betree_internal_left := b12; betree_internal_right := b02|> ⇔ + u01 = u02 ∧ u1 = u2 ∧ b11 = b12 ∧ b01 = b02 + + [betree_internal_t_literal_nchotomy] Theorem + + ⊢ ∀b. ∃u0 u b1 b0. + b = + <|betree_internal_id := u0; betree_internal_pivot := u; + betree_internal_left := b1; betree_internal_right := b0|> + + [betree_internal_t_nchotomy] Theorem + + ⊢ ∀bb. ∃u0 u b b0. bb = betree_internal_t u0 u b b0 + + [betree_internal_t_updates_eq_literal] Theorem + + ⊢ ∀b u0 u b1 b0. + b with + <|betree_internal_id := u0; betree_internal_pivot := u; + betree_internal_left := b1; betree_internal_right := b0|> = + <|betree_internal_id := u0; betree_internal_pivot := u; + betree_internal_left := b1; betree_internal_right := b0|> + + [betree_leaf_t_11] Theorem + + ⊢ ∀a0 a1 a0' a1'. + betree_leaf_t a0 a1 = betree_leaf_t a0' a1' ⇔ a0 = a0' ∧ a1 = a1' + + [betree_leaf_t_Axiom] Theorem + + ⊢ ∀f. ∃fn. ∀a0 a1. fn (betree_leaf_t a0 a1) = f a0 a1 + + [betree_leaf_t_accessors] Theorem + + ⊢ (∀u u0. (betree_leaf_t u u0).betree_leaf_id = u) ∧ + ∀u u0. (betree_leaf_t u u0).betree_leaf_size = u0 + + [betree_leaf_t_accfupds] Theorem + + ⊢ (∀f b. + (b with betree_leaf_size updated_by f).betree_leaf_id = + b.betree_leaf_id) ∧ + (∀f b. + (b with betree_leaf_id updated_by f).betree_leaf_size = + b.betree_leaf_size) ∧ + (∀f b. + (b with betree_leaf_id updated_by f).betree_leaf_id = + f b.betree_leaf_id) ∧ + ∀f b. + (b with betree_leaf_size updated_by f).betree_leaf_size = + f b.betree_leaf_size + + [betree_leaf_t_case_cong] Theorem + + ⊢ ∀M M' f. + M = M' ∧ (∀a0 a1. M' = betree_leaf_t a0 a1 ⇒ f a0 a1 = f' a0 a1) ⇒ + betree_leaf_t_CASE M f = betree_leaf_t_CASE M' f' + + [betree_leaf_t_case_eq] Theorem + + ⊢ betree_leaf_t_CASE x f = v ⇔ + ∃u u0. x = betree_leaf_t u u0 ∧ f u u0 = v + + [betree_leaf_t_component_equality] Theorem + + ⊢ ∀b1 b2. + b1 = b2 ⇔ + b1.betree_leaf_id = b2.betree_leaf_id ∧ + b1.betree_leaf_size = b2.betree_leaf_size + + [betree_leaf_t_fn_updates] Theorem + + ⊢ (∀f u u0. + betree_leaf_t u u0 with betree_leaf_id updated_by f = + betree_leaf_t (f u) u0) ∧ + ∀f u u0. + betree_leaf_t u u0 with betree_leaf_size updated_by f = + betree_leaf_t u (f u0) + + [betree_leaf_t_fupdcanon] Theorem + + ⊢ ∀g f b. + b with + <|betree_leaf_size updated_by f; betree_leaf_id updated_by g|> = + b with + <|betree_leaf_id updated_by g; betree_leaf_size updated_by f|> + + [betree_leaf_t_fupdcanon_comp] Theorem + + ⊢ (∀g f. + betree_leaf_size_fupd f ∘ betree_leaf_id_fupd g = + betree_leaf_id_fupd g ∘ betree_leaf_size_fupd f) ∧ + ∀h g f. + betree_leaf_size_fupd f ∘ betree_leaf_id_fupd g ∘ h = + betree_leaf_id_fupd g ∘ betree_leaf_size_fupd f ∘ h + + [betree_leaf_t_fupdfupds] Theorem + + ⊢ (∀g f b. + b with + <|betree_leaf_id updated_by f; betree_leaf_id updated_by g|> = + b with betree_leaf_id updated_by f ∘ g) ∧ + ∀g f b. + b with + <|betree_leaf_size updated_by f; betree_leaf_size updated_by g|> = + b with betree_leaf_size updated_by f ∘ g + + [betree_leaf_t_fupdfupds_comp] Theorem + + ⊢ ((∀g f. + betree_leaf_id_fupd f ∘ betree_leaf_id_fupd g = + betree_leaf_id_fupd (f ∘ g)) ∧ + ∀h g f. + betree_leaf_id_fupd f ∘ betree_leaf_id_fupd g ∘ h = + betree_leaf_id_fupd (f ∘ g) ∘ h) ∧ + (∀g f. + betree_leaf_size_fupd f ∘ betree_leaf_size_fupd g = + betree_leaf_size_fupd (f ∘ g)) ∧ + ∀h g f. + betree_leaf_size_fupd f ∘ betree_leaf_size_fupd g ∘ h = + betree_leaf_size_fupd (f ∘ g) ∘ h + + [betree_leaf_t_induction] Theorem + + ⊢ ∀P. (∀u u0. P (betree_leaf_t u u0)) ⇒ ∀b. P b + + [betree_leaf_t_literal_11] Theorem + + ⊢ ∀u01 u1 u02 u2. + <|betree_leaf_id := u01; betree_leaf_size := u1|> = + <|betree_leaf_id := u02; betree_leaf_size := u2|> ⇔ + u01 = u02 ∧ u1 = u2 + + [betree_leaf_t_literal_nchotomy] Theorem + + ⊢ ∀b. ∃u0 u. b = <|betree_leaf_id := u0; betree_leaf_size := u|> + + [betree_leaf_t_nchotomy] Theorem + + ⊢ ∀bb. ∃u u0. bb = betree_leaf_t u u0 + + [betree_leaf_t_updates_eq_literal] Theorem + + ⊢ ∀b u0 u. + b with <|betree_leaf_id := u0; betree_leaf_size := u|> = + <|betree_leaf_id := u0; betree_leaf_size := u|> + + [betree_list_t_11] Theorem + + ⊢ ∀a0 a1 a0' a1'. + BetreeListCons a0 a1 = BetreeListCons a0' a1' ⇔ + a0 = a0' ∧ a1 = a1' + + [betree_list_t_Axiom] Theorem + + ⊢ ∀f0 f1. ∃fn. + (∀a0 a1. fn (BetreeListCons a0 a1) = f0 a0 a1 (fn a1)) ∧ + fn BetreeListNil = f1 + + [betree_list_t_case_cong] Theorem + + ⊢ ∀M M' f v. + M = M' ∧ + (∀a0 a1. M' = BetreeListCons a0 a1 ⇒ f a0 a1 = f' a0 a1) ∧ + (M' = BetreeListNil ⇒ v = v') ⇒ + betree_list_t_CASE M f v = betree_list_t_CASE M' f' v' + + [betree_list_t_case_eq] Theorem + + ⊢ betree_list_t_CASE x f v = v' ⇔ + (∃t b. x = BetreeListCons t b ∧ f t b = v') ∨ + x = BetreeListNil ∧ v = v' + + [betree_list_t_distinct] Theorem + + ⊢ ∀a1 a0. BetreeListCons a0 a1 ≠ BetreeListNil + + [betree_list_t_induction] Theorem + + ⊢ ∀P. (∀b. P b ⇒ ∀t. P (BetreeListCons t b)) ∧ P BetreeListNil ⇒ + ∀b. P b + + [betree_list_t_nchotomy] Theorem + + ⊢ ∀bb. (∃t b. bb = BetreeListCons t b) ∨ bb = BetreeListNil + + [betree_message_t_11] Theorem + + ⊢ (∀a a'. BetreeMessageInsert a = BetreeMessageInsert a' ⇔ a = a') ∧ + ∀a a'. BetreeMessageUpsert a = BetreeMessageUpsert a' ⇔ a = a' + + [betree_message_t_Axiom] Theorem + + ⊢ ∀f0 f1 f2. ∃fn. + (∀a. fn (BetreeMessageInsert a) = f0 a) ∧ + fn BetreeMessageDelete = f1 ∧ + ∀a. fn (BetreeMessageUpsert a) = f2 a + + [betree_message_t_case_cong] Theorem + + ⊢ ∀M M' f v f1. + M = M' ∧ (∀a. M' = BetreeMessageInsert a ⇒ f a = f' a) ∧ + (M' = BetreeMessageDelete ⇒ v = v') ∧ + (∀a. M' = BetreeMessageUpsert a ⇒ f1 a = f1' a) ⇒ + betree_message_t_CASE M f v f1 = + betree_message_t_CASE M' f' v' f1' + + [betree_message_t_case_eq] Theorem + + ⊢ betree_message_t_CASE x f v f1 = v' ⇔ + (∃u. x = BetreeMessageInsert u ∧ f u = v') ∨ + x = BetreeMessageDelete ∧ v = v' ∨ + ∃b. x = BetreeMessageUpsert b ∧ f1 b = v' + + [betree_message_t_distinct] Theorem + + ⊢ (∀a. BetreeMessageInsert a ≠ BetreeMessageDelete) ∧ + (∀a' a. BetreeMessageInsert a ≠ BetreeMessageUpsert a') ∧ + ∀a. BetreeMessageDelete ≠ BetreeMessageUpsert a + + [betree_message_t_induction] Theorem + + ⊢ ∀P. (∀u. P (BetreeMessageInsert u)) ∧ P BetreeMessageDelete ∧ + (∀b. P (BetreeMessageUpsert b)) ⇒ + ∀b. P b + + [betree_message_t_nchotomy] Theorem + + ⊢ ∀bb. + (∃u. bb = BetreeMessageInsert u) ∨ bb = BetreeMessageDelete ∨ + ∃b. bb = BetreeMessageUpsert b + + [betree_node_id_counter_t_11] Theorem + + ⊢ ∀a a'. + betree_node_id_counter_t a = betree_node_id_counter_t a' ⇔ a = a' + + [betree_node_id_counter_t_Axiom] Theorem + + ⊢ ∀f. ∃fn. ∀a. fn (betree_node_id_counter_t a) = f a + + [betree_node_id_counter_t_accessors] Theorem + + ⊢ ∀u. (betree_node_id_counter_t u). + betree_node_id_counter_next_node_id = + u + + [betree_node_id_counter_t_accfupds] Theorem + + ⊢ ∀f b. + (b with betree_node_id_counter_next_node_id updated_by f). + betree_node_id_counter_next_node_id = + f b.betree_node_id_counter_next_node_id + + [betree_node_id_counter_t_case_cong] Theorem + + ⊢ ∀M M' f. + M = M' ∧ (∀a. M' = betree_node_id_counter_t a ⇒ f a = f' a) ⇒ + betree_node_id_counter_t_CASE M f = + betree_node_id_counter_t_CASE M' f' + + [betree_node_id_counter_t_case_eq] Theorem + + ⊢ betree_node_id_counter_t_CASE x f = v ⇔ + ∃u. x = betree_node_id_counter_t u ∧ f u = v + + [betree_node_id_counter_t_component_equality] Theorem + + ⊢ ∀b1 b2. + b1 = b2 ⇔ + b1.betree_node_id_counter_next_node_id = + b2.betree_node_id_counter_next_node_id + + [betree_node_id_counter_t_fn_updates] Theorem + + ⊢ ∀f u. + betree_node_id_counter_t u with + betree_node_id_counter_next_node_id updated_by f = + betree_node_id_counter_t (f u) + + [betree_node_id_counter_t_fupdfupds] Theorem + + ⊢ ∀g f b. + b with + <|betree_node_id_counter_next_node_id updated_by f; + betree_node_id_counter_next_node_id updated_by g|> = + b with betree_node_id_counter_next_node_id updated_by f ∘ g + + [betree_node_id_counter_t_fupdfupds_comp] Theorem + + ⊢ (∀g f. + betree_node_id_counter_next_node_id_fupd f ∘ + betree_node_id_counter_next_node_id_fupd g = + betree_node_id_counter_next_node_id_fupd (f ∘ g)) ∧ + ∀h g f. + betree_node_id_counter_next_node_id_fupd f ∘ + betree_node_id_counter_next_node_id_fupd g ∘ h = + betree_node_id_counter_next_node_id_fupd (f ∘ g) ∘ h + + [betree_node_id_counter_t_induction] Theorem + + ⊢ ∀P. (∀u. P (betree_node_id_counter_t u)) ⇒ ∀b. P b + + [betree_node_id_counter_t_literal_11] Theorem + + ⊢ ∀u1 u2. + <|betree_node_id_counter_next_node_id := u1|> = + <|betree_node_id_counter_next_node_id := u2|> ⇔ u1 = u2 + + [betree_node_id_counter_t_literal_nchotomy] Theorem + + ⊢ ∀b. ∃u. b = <|betree_node_id_counter_next_node_id := u|> + + [betree_node_id_counter_t_nchotomy] Theorem + + ⊢ ∀bb. ∃u. bb = betree_node_id_counter_t u + + [betree_node_id_counter_t_updates_eq_literal] Theorem + + ⊢ ∀b u. + b with betree_node_id_counter_next_node_id := u = + <|betree_node_id_counter_next_node_id := u|> + + [betree_node_t_11] Theorem + + ⊢ (∀a a'. BetreeNodeInternal a = BetreeNodeInternal a' ⇔ a = a') ∧ + ∀a a'. BetreeNodeLeaf a = BetreeNodeLeaf a' ⇔ a = a' + + [betree_node_t_Axiom] Theorem + + ⊢ ∀f0 f1 f2. ∃fn0 fn1. + (∀a0 a1 a2 a3. + fn0 (betree_internal_t a0 a1 a2 a3) = + f0 a0 a1 a2 a3 (fn1 a2) (fn1 a3)) ∧ + (∀a. fn1 (BetreeNodeInternal a) = f1 a (fn0 a)) ∧ + ∀a. fn1 (BetreeNodeLeaf a) = f2 a + + [betree_node_t_case_cong] Theorem + + ⊢ ∀M M' f f1. + M = M' ∧ (∀a. M' = BetreeNodeInternal a ⇒ f a = f' a) ∧ + (∀a. M' = BetreeNodeLeaf a ⇒ f1 a = f1' a) ⇒ + betree_node_t_CASE M f f1 = betree_node_t_CASE M' f' f1' + + [betree_node_t_case_eq] Theorem + + ⊢ betree_node_t_CASE x f f1 = v ⇔ + (∃b. x = BetreeNodeInternal b ∧ f b = v) ∨ + ∃b. x = BetreeNodeLeaf b ∧ f1 b = v + + [betree_node_t_distinct] Theorem + + ⊢ ∀a' a. BetreeNodeInternal a ≠ BetreeNodeLeaf a' + + [betree_node_t_induction] Theorem + + ⊢ ∀P0 P1. + (∀b b0. P1 b ∧ P1 b0 ⇒ ∀u u0. P0 (betree_internal_t u0 u b b0)) ∧ + (∀b. P0 b ⇒ P1 (BetreeNodeInternal b)) ∧ + (∀b. P1 (BetreeNodeLeaf b)) ⇒ + (∀b. P0 b) ∧ ∀b. P1 b + + [betree_node_t_nchotomy] Theorem + + ⊢ ∀bb. (∃b. bb = BetreeNodeInternal b) ∨ ∃b. bb = BetreeNodeLeaf b + + [betree_params_t_11] Theorem + + ⊢ ∀a0 a1 a0' a1'. + betree_params_t a0 a1 = betree_params_t a0' a1' ⇔ + a0 = a0' ∧ a1 = a1' + + [betree_params_t_Axiom] Theorem + + ⊢ ∀f. ∃fn. ∀a0 a1. fn (betree_params_t a0 a1) = f a0 a1 + + [betree_params_t_accessors] Theorem + + ⊢ (∀u u0. (betree_params_t u u0).betree_params_min_flush_size = u) ∧ + ∀u u0. (betree_params_t u u0).betree_params_split_size = u0 + + [betree_params_t_accfupds] Theorem + + ⊢ (∀f b. + (b with betree_params_split_size updated_by f). + betree_params_min_flush_size = + b.betree_params_min_flush_size) ∧ + (∀f b. + (b with betree_params_min_flush_size updated_by f). + betree_params_split_size = + b.betree_params_split_size) ∧ + (∀f b. + (b with betree_params_min_flush_size updated_by f). + betree_params_min_flush_size = + f b.betree_params_min_flush_size) ∧ + ∀f b. + (b with betree_params_split_size updated_by f). + betree_params_split_size = + f b.betree_params_split_size + + [betree_params_t_case_cong] Theorem + + ⊢ ∀M M' f. + M = M' ∧ + (∀a0 a1. M' = betree_params_t a0 a1 ⇒ f a0 a1 = f' a0 a1) ⇒ + betree_params_t_CASE M f = betree_params_t_CASE M' f' + + [betree_params_t_case_eq] Theorem + + ⊢ betree_params_t_CASE x f = v ⇔ + ∃u u0. x = betree_params_t u u0 ∧ f u u0 = v + + [betree_params_t_component_equality] Theorem + + ⊢ ∀b1 b2. + b1 = b2 ⇔ + b1.betree_params_min_flush_size = b2.betree_params_min_flush_size ∧ + b1.betree_params_split_size = b2.betree_params_split_size + + [betree_params_t_fn_updates] Theorem + + ⊢ (∀f u u0. + betree_params_t u u0 with + betree_params_min_flush_size updated_by f = + betree_params_t (f u) u0) ∧ + ∀f u u0. + betree_params_t u u0 with betree_params_split_size updated_by f = + betree_params_t u (f u0) + + [betree_params_t_fupdcanon] Theorem + + ⊢ ∀g f b. + b with + <|betree_params_split_size updated_by f; + betree_params_min_flush_size updated_by g|> = + b with + <|betree_params_min_flush_size updated_by g; + betree_params_split_size updated_by f|> + + [betree_params_t_fupdcanon_comp] Theorem + + ⊢ (∀g f. + betree_params_split_size_fupd f ∘ + betree_params_min_flush_size_fupd g = + betree_params_min_flush_size_fupd g ∘ + betree_params_split_size_fupd f) ∧ + ∀h g f. + betree_params_split_size_fupd f ∘ + betree_params_min_flush_size_fupd g ∘ h = + betree_params_min_flush_size_fupd g ∘ + betree_params_split_size_fupd f ∘ h + + [betree_params_t_fupdfupds] Theorem + + ⊢ (∀g f b. + b with + <|betree_params_min_flush_size updated_by f; + betree_params_min_flush_size updated_by g|> = + b with betree_params_min_flush_size updated_by f ∘ g) ∧ + ∀g f b. + b with + <|betree_params_split_size updated_by f; + betree_params_split_size updated_by g|> = + b with betree_params_split_size updated_by f ∘ g + + [betree_params_t_fupdfupds_comp] Theorem + + ⊢ ((∀g f. + betree_params_min_flush_size_fupd f ∘ + betree_params_min_flush_size_fupd g = + betree_params_min_flush_size_fupd (f ∘ g)) ∧ + ∀h g f. + betree_params_min_flush_size_fupd f ∘ + betree_params_min_flush_size_fupd g ∘ h = + betree_params_min_flush_size_fupd (f ∘ g) ∘ h) ∧ + (∀g f. + betree_params_split_size_fupd f ∘ + betree_params_split_size_fupd g = + betree_params_split_size_fupd (f ∘ g)) ∧ + ∀h g f. + betree_params_split_size_fupd f ∘ + betree_params_split_size_fupd g ∘ h = + betree_params_split_size_fupd (f ∘ g) ∘ h + + [betree_params_t_induction] Theorem + + ⊢ ∀P. (∀u u0. P (betree_params_t u u0)) ⇒ ∀b. P b + + [betree_params_t_literal_11] Theorem + + ⊢ ∀u01 u1 u02 u2. + <|betree_params_min_flush_size := u01; + betree_params_split_size := u1|> = + <|betree_params_min_flush_size := u02; + betree_params_split_size := u2|> ⇔ u01 = u02 ∧ u1 = u2 + + [betree_params_t_literal_nchotomy] Theorem + + ⊢ ∀b. ∃u0 u. + b = + <|betree_params_min_flush_size := u0; + betree_params_split_size := u|> + + [betree_params_t_nchotomy] Theorem + + ⊢ ∀bb. ∃u u0. bb = betree_params_t u u0 + + [betree_params_t_updates_eq_literal] Theorem + + ⊢ ∀b u0 u. + b with + <|betree_params_min_flush_size := u0; + betree_params_split_size := u|> = + <|betree_params_min_flush_size := u0; + betree_params_split_size := u|> + + [betree_upsert_fun_state_t_11] Theorem + + ⊢ (∀a a'. + BetreeUpsertFunStateAdd a = BetreeUpsertFunStateAdd a' ⇔ a = a') ∧ + ∀a a'. + BetreeUpsertFunStateSub a = BetreeUpsertFunStateSub a' ⇔ a = a' + + [betree_upsert_fun_state_t_Axiom] Theorem + + ⊢ ∀f0 f1. ∃fn. + (∀a. fn (BetreeUpsertFunStateAdd a) = f0 a) ∧ + ∀a. fn (BetreeUpsertFunStateSub a) = f1 a + + [betree_upsert_fun_state_t_case_cong] Theorem + + ⊢ ∀M M' f f1. + M = M' ∧ (∀a. M' = BetreeUpsertFunStateAdd a ⇒ f a = f' a) ∧ + (∀a. M' = BetreeUpsertFunStateSub a ⇒ f1 a = f1' a) ⇒ + betree_upsert_fun_state_t_CASE M f f1 = + betree_upsert_fun_state_t_CASE M' f' f1' + + [betree_upsert_fun_state_t_case_eq] Theorem + + ⊢ betree_upsert_fun_state_t_CASE x f f1 = v ⇔ + (∃u. x = BetreeUpsertFunStateAdd u ∧ f u = v) ∨ + ∃u. x = BetreeUpsertFunStateSub u ∧ f1 u = v + + [betree_upsert_fun_state_t_distinct] Theorem + + ⊢ ∀a' a. BetreeUpsertFunStateAdd a ≠ BetreeUpsertFunStateSub a' + + [betree_upsert_fun_state_t_induction] Theorem + + ⊢ ∀P. (∀u. P (BetreeUpsertFunStateAdd u)) ∧ + (∀u. P (BetreeUpsertFunStateSub u)) ⇒ + ∀b. P b + + [betree_upsert_fun_state_t_nchotomy] Theorem + + ⊢ ∀bb. + (∃u. bb = BetreeUpsertFunStateAdd u) ∨ + ∃u. bb = BetreeUpsertFunStateSub u + + [datatype_betree_be_tree_t] Theorem + + ⊢ DATATYPE + (record betree_be_tree_t betree_be_tree_params + betree_be_tree_node_id_cnt betree_be_tree_root) + + [datatype_betree_internal_t] Theorem + + ⊢ DATATYPE + (record betree_internal_t betree_internal_id + betree_internal_pivot betree_internal_left + betree_internal_right ∧ + betree_node_t BetreeNodeInternal BetreeNodeLeaf) + + [datatype_betree_leaf_t] Theorem + + ⊢ DATATYPE (record betree_leaf_t betree_leaf_id betree_leaf_size) + + [datatype_betree_list_t] Theorem + + ⊢ DATATYPE (betree_list_t BetreeListCons BetreeListNil) + + [datatype_betree_message_t] Theorem + + ⊢ DATATYPE + (betree_message_t BetreeMessageInsert BetreeMessageDelete + BetreeMessageUpsert) + + [datatype_betree_node_id_counter_t] Theorem + + ⊢ DATATYPE + (record betree_node_id_counter_t + betree_node_id_counter_next_node_id) + + [datatype_betree_params_t] Theorem + + ⊢ DATATYPE + (record betree_params_t betree_params_min_flush_size + betree_params_split_size) + + [datatype_betree_upsert_fun_state_t] Theorem + + ⊢ DATATYPE + (betree_upsert_fun_state_t BetreeUpsertFunStateAdd + BetreeUpsertFunStateSub) + + +*) +end -- cgit v1.2.3