isabelle


What happens during function proofs


I am trying to proof a property of the icmp6 checksum function (sum 16bit integers, add carry, invert 16bit integer).
I defined the functions in isabelle. (I know my proofs are terrible)
But for some reason, isabelle can't proof something about the icmp_csum function, it wants to have.
When I replace the oops in the paste with done it produces thousands of lines that just says:
"linarith_split_limit exceeded (current value is 9)"
theory Scratch
imports Main Int List
begin
fun norm_helper :: "nat ⇒ nat" where
"norm_helper x = (let y = divide x 65536 in (y + x - y * 65536))"
lemma "x ≥ 65536 ⟹ norm_helper x < x" by simp
lemma h: "norm_helper x ≤ x" by simp
fun normalize :: "nat ⇒ nat" where
"normalize x = (if x ≥ 65536
then normalize (norm_helper x)
else x)"
inductive norm_to :: "nat ⇒ nat ⇒ bool" where
"(x < 65536) ⟹ norm_to x x"
| "norm_to y z ⟹ y = norm_helper x ⟹ norm_to x z"
lemma ne: "norm_to x y ⟹ y = normalize x"
apply (induct x y rule: norm_to.induct) by simp+
lemma i: "norm_to x y ⟹ x ≥ y"
apply (induct x y rule: norm_to.induct) by simp+
lemma l: "norm_to x y ⟹ y < 65536"
apply (induct x y rule: norm_to.induct) by simp+
lemma en: "y = normalize x ⟹ norm_to x y"
apply (induct x rule: normalize.induct)
proof -
fix x :: nat
assume 1: "(x ≥ 65536 ⟹ y = Scratch.normalize (norm_helper x) ⟹ norm_to (norm_helper x) y)"
assume 2: "y = Scratch.normalize x"
show "norm_to x y"
proof (cases "x ≥ 65536")
show "¬ 65536 ≤ x ⟹ norm_to x y"
using norm_to.intros(1)[of x] 2 by simp
{
assume s: "65536 ≤ x"
have d: "y = normalize (norm_helper x)" using 2 s by simp
show "65536 ≤ x ⟹ norm_to x y"
using 1 d norm_to.intros(2)[of "norm_helper x" y x]
by blast
}
qed
qed
lemma "normalize x ≤ x" using en i by simp
lemma n[simp]: "normalize x < 65536" using en l by blast
fun sum :: "nat list ⇒ nat" where
"sum [] = 0"
| "sum (x#xs) = x + sum xs"
fun csum :: "nat list ⇒ nat" where
"csum xs = normalize (sum xs)"
fun invert :: "nat ⇒ nat" where
"invert x = 65535 - x"
lemma c: "csum xs ≤ 65535" using n[of "sum xs"] by simp
lemma ic: "invert (csum xs) ≥ 0" using c[of xs] by blast
lemma asdf:
assumes "xs = ys"
shows "invert (csum xs) = invert (csum ys)"
using HOL.arg_cong[of "csum xs" "csum ys" invert,
OF HOL.arg_cong[of xs ys csum]] assms(1)
by blast
function icmp_csum :: "nat list ⇒ nat" where
"icmp_csum xs = invert (csum xs)"
apply simp
apply (rule asdf)
apply simp
oops
end
I have no idea why there is tracing output from linarith there, but given that your definition is neither recursive nor performs pattern matching, you can write it as a definition:
definition icmp_csum :: "nat list ⇒ nat" where
"icmp_csum xs = invert (csum xs)"
Another possibility is to change invert to a definition instead of a fun. (In general, if it's neither recursive nor performs pattern matching, definition is preferable because it has much less overhead than fun.)
NB, just import Main, not Main Int List.
Edit: An explanation from Tobias Nipkow on the mailing list:
This is a known issue. In the outdated LNCS 2283 you can find a discussion what to do about it in Section 3.5.3 Simplification and Recursive Functions. The gist: don't use "if", use pattern matching or "case". Or disable if_split.

Related Links

Is it possible to run Isabelle 2005 proofs with Proof General?
Multicast using Isabelle
Mutual recursion in primcofix
How to prove that addition of a new variable to the expression doesn't change its semantics?
How to define functions with overlapping patterns?
Non-terminating inductive predicates
Parts of mathematics not yet formalized / Isabelle wishlist
Instantiating theorems in Isabelle
Proving a basic identity in Isabelle
Error in an Isabelle function definition taken from lecture notes
Proving the cardinality of a more involved set
Function returns 0 when it should return 1, eliminating parantheses
Isabelle return numbers instead of Suc(Suc( … 0 ))
Finding the `card` function
Time derivative for vectors and matrixes on the real field
Proving the cardinality of a finite set

Categories

HOME
java
wso2
netbeans
view
session
sqlite-net-extensions
analysis
spring-jdbc
survey
cross-browser
azure-storage-tables
uber-api
esper
wheelnav.js
windows-phone-7
hex-editors
flask-wtforms
transformation
windows-7-x64
ef-migrations
database-replication
google-cloud-speech
object-detection
jquery-ajaxq
kvc
zurb-foundation-6
restful-authentication
fish
intel-pin
pingfederate
log4js-node
wtx
kendo-datasource
nouislider
skia
lightswitch-2013
fabric8
media-queries
key-value-observing
preg-match-all
uisplitview
functor
stringtemplate
amazon-kinesis-kpl
serverside-rendering
ansible-playbook
android-tabhost
ncalc
pdf-reactor
google-closure
vao
executenonquery
xml-documentation
hibernate-tools
magma
mako
flow-control
ado.net-entity-data-model
sts-springsourcetoolsuite
thrust
plottable.js
websitepanel
nsviewcontroller
simplewebrtc
lua-5.1
testng-dataprovider
independentsoft
two-factor-authentication
xpath-1.0
cartesian-product
python-3.2
quicklisp
coveralls
muse
tableau-online
ibaction
interrupted-exception
fluid-dynamics
ami
mmc
oberon
web-controls
notify
truevault
fscommand
issuu
phpthumb
android-2.2-froyo
prettify
eventual-consistency
flashvars
jelly
hamiltonian-cycle
twrequest
ticoredatasync
adk
eclipse-templates
zpt
heartbeat
ecl
android-sdk-2.1
html-input
visitor-statistic
subviews
dmx512
forums
zend-tool
data-driven
avatar
ubuntu-9.04

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App