Skip to content

Commit 65838db

Browse files
stefan-awsstefan-aws
committed
progress
1 parent 3b82daf commit 65838db

File tree

1 file changed

+34
-31
lines changed

1 file changed

+34
-31
lines changed

src/Util/FisherYates/Correctness.dfy

Lines changed: 34 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -370,42 +370,45 @@ module FisherYates.Correctness {
370370
requires s in e
371371
ensures s in Monad.BitstreamsWithValueIn(h, A) * Monad.BitstreamsWithRestIn(h, e')
372372
{
373-
var zs := Model.Shuffle(xs, i)(s).value;
374-
assert zs[i..] == p[i..];
375-
var k := Uniform.Model.IntervalSample(i, |xs|)(s).value;
376-
Uniform.Correctness.IntervalSampleBound(i, |xs|, s);
377-
var s' := Uniform.Model.IntervalSample(i, |xs|)(s).rest;
378-
assert s in Monad.BitstreamsWithValueIn(h, A) by {
379-
var ys' := Model.Swap(xs, i, k);
380-
var zs' := Model.Shuffle(ys', i+1)(s').value;
381-
assert zs == zs';
382-
calc {
383-
p[i];
384-
zs[i];
385-
zs'[i];
386-
{ assert Model.ShuffleInvariancePredicatePointwise(ys', Model.Shuffle(ys', i+1)(s'), i); }
387-
ys'[i];
388-
xs[k];
373+
assert s in Monad.BitstreamsWithValueIn(h, A) * Monad.BitstreamsWithRestIn(h, e') by {
374+
var zs := Model.Shuffle(xs, i)(s).value;
375+
assert zs[i..] == p[i..];
376+
var k := Uniform.Model.IntervalSample(i, |xs|)(s).value;
377+
Uniform.Correctness.IntervalSampleBound(i, |xs|, s);
378+
var s' := Uniform.Model.IntervalSample(i, |xs|)(s).rest;
379+
380+
assert s in Monad.BitstreamsWithValueIn(h, A) by {
381+
var ys' := Model.Swap(xs, i, k);
382+
var zs' := Model.Shuffle(ys', i+1)(s').value;
383+
assert zs == zs';
384+
calc {
385+
p[i];
386+
zs[i];
387+
zs'[i];
388+
{ assert Model.ShuffleInvariancePredicatePointwise(ys', Model.Shuffle(ys', i+1)(s'), i); }
389+
ys'[i];
390+
xs[k];
391+
}
392+
assert k in A;
389393
}
390-
assert k in A;
391-
}
392-
assert s in Monad.BitstreamsWithRestIn(h, e') by {
393-
assert Model.Shuffle(ys, i+1)(s').value[i+1..] == p[i+1..] by {
394-
forall j | 0 <= j < |xs| - (i+1) ensures Model.Shuffle(ys, i+1)(s').value[i+1..][j] == p[i+1..][j] {
395-
calc {
396-
Model.Shuffle(ys, i+1)(s').value[i+1..][j];
397-
Model.ShuffleCurried(ys, s', i+1).value[i+1..][j];
398-
Model.ShuffleCurried(xs, s, i).value[i+1..][j];
399-
Model.Shuffle(xs, i)(s).value[i+1..][j];
400-
Model.Shuffle(xs, i)(s).value[i..][j+1];
401-
{ assert Model.Shuffle(xs, i)(s).value[i..] == p[i..]; }
402-
p[i..][j+1];
403-
p[i+1..][j];
394+
395+
assert s in Monad.BitstreamsWithRestIn(h, e') by {
396+
assert Model.Shuffle(ys, i+1)(s').value[i+1..] == p[i+1..] by {
397+
forall j | 0 <= j < |xs| - (i+1) ensures Model.Shuffle(ys, i+1)(s').value[i+1..][j] == p[i+1..][j] {
398+
calc {
399+
Model.Shuffle(ys, i+1)(s').value[i+1..][j];
400+
Model.ShuffleCurried(ys, s', i+1).value[i+1..][j];
401+
Model.ShuffleCurried(xs, s, i).value[i+1..][j];
402+
Model.Shuffle(xs, i)(s).value[i+1..][j];
403+
Model.Shuffle(xs, i)(s).value[i..][j+1];
404+
{ assert Model.Shuffle(xs, i)(s).value[i..] == p[i..]; }
405+
p[i..][j+1];
406+
p[i+1..][j];
407+
}
404408
}
405409
}
406410
}
407411
}
408-
assert s in Monad.BitstreamsWithValueIn(h, A) * Monad.BitstreamsWithRestIn(h, e');
409412
}
410413

411414
lemma DecomposeEImplicationTwo<T(!new)>(xs: seq<T>, ys: seq<T>, p: seq<T>, i: nat, j: nat, h: Monad.Hurd<int>, A: iset<int>, e: iset<Rand.Bitstream>, e': iset<Rand.Bitstream>, s: Rand.Bitstream)

0 commit comments

Comments
 (0)