Skip to content

Commit fe5a8fd

Browse files
stefan-awsstefan-aws
committed
Merge branch 'fisher-yates-model-correctness-unique-elements' of https://github.com/dafny-lang/dafny-vmc into fisher-yates-model-correctness-unique-elements
2 parents 2b79acf + 4f58d17 commit fe5a8fd

File tree

2 files changed

+43
-11
lines changed

2 files changed

+43
-11
lines changed

audit.log

Lines changed: 9 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,15 @@
11
src/DafnyVMC.dfy(23,6): UniformPowerOfTwoSample: Definition has `assume {:axiom}` statement in body.
22
src/Distributions/Bernoulli/Correctness.dfy(59,17): BernoulliCorrectnessCaseFalse: Declaration has explicit `{:axiom}` attribute.
33
src/Distributions/BernoulliExpNeg/Correctness.dfy(228,6): CorrectnessLe1: Definition has `assume {:axiom}` statement in body.
4-
src/Distributions/BernoulliExpNeg/Correctness.dfy(251,17): SampleLe1IsIndep: Declaration has explicit `{:axiom}` attribute.
5-
src/Distributions/BernoulliExpNeg/Correctness.dfy(303,17): Le1SeriesConvergesToExpNeg: Declaration has explicit `{:axiom}` attribute.
6-
src/Distributions/BernoulliExpNeg/Correctness.dfy(368,6): Le1LoopCutDecomposeProb: Definition has `assume {:axiom}` statement in body.
7-
src/Distributions/BernoulliExpNeg/Correctness.dfy(369,6): Le1LoopCutDecomposeProb: Definition has `assume {:axiom}` statement in body.
8-
src/Distributions/BernoulliExpNeg/Correctness.dfy(376,6): Le1LoopCutDecomposeProb: Definition has `assume {:axiom}` statement in body.
9-
src/Distributions/BernoulliExpNeg/Correctness.dfy(377,6): Le1LoopCutDecomposeProb: Definition has `assume {:axiom}` statement in body.
10-
src/Distributions/BernoulliExpNeg/Correctness.dfy(381,6): Le1LoopCutDecomposeProb: Definition has `assume {:axiom}` statement in body.
11-
src/Distributions/BernoulliExpNeg/Correctness.dfy(382,6): Le1LoopCutDecomposeProb: Definition has `assume {:axiom}` statement in body.
12-
src/Distributions/BernoulliExpNeg/Correctness.dfy(572,8): Le1LoopCorrectnessEq: Definition has `assume {:axiom}` statement in body.
13-
src/Distributions/BernoulliExpNeg/Correctness.dfy(573,8): Le1LoopCorrectnessEq: Definition has `assume {:axiom}` statement in body.
4+
src/Distributions/BernoulliExpNeg/Correctness.dfy(336,17): Le1SeriesConvergesToExpNeg: Declaration has explicit `{:axiom}` attribute.
5+
src/Distributions/BernoulliExpNeg/Correctness.dfy(401,6): Le1LoopCutDecomposeProb: Definition has `assume {:axiom}` statement in body.
6+
src/Distributions/BernoulliExpNeg/Correctness.dfy(402,6): Le1LoopCutDecomposeProb: Definition has `assume {:axiom}` statement in body.
7+
src/Distributions/BernoulliExpNeg/Correctness.dfy(409,6): Le1LoopCutDecomposeProb: Definition has `assume {:axiom}` statement in body.
8+
src/Distributions/BernoulliExpNeg/Correctness.dfy(410,6): Le1LoopCutDecomposeProb: Definition has `assume {:axiom}` statement in body.
9+
src/Distributions/BernoulliExpNeg/Correctness.dfy(414,6): Le1LoopCutDecomposeProb: Definition has `assume {:axiom}` statement in body.
10+
src/Distributions/BernoulliExpNeg/Correctness.dfy(415,6): Le1LoopCutDecomposeProb: Definition has `assume {:axiom}` statement in body.
11+
src/Distributions/BernoulliExpNeg/Correctness.dfy(605,8): Le1LoopCorrectnessEq: Definition has `assume {:axiom}` statement in body.
12+
src/Distributions/BernoulliExpNeg/Correctness.dfy(606,8): Le1LoopCorrectnessEq: Definition has `assume {:axiom}` statement in body.
1413
src/Distributions/BernoulliExpNeg/Model.dfy(112,10): Le1LoopTerminatesAlmostSurely: Definition has `assume {:axiom}` statement in body.
1514
src/Distributions/BernoulliExpNeg/Model.dfy(148,4): Le1LoopDivergenceProbabilityBound: Definition has `assume {:axiom}` statement in body.
1615
src/Distributions/BernoulliExpNeg/Model.dfy(161,8): Le1LoopDivergenceProbabilityBound: Definition has `assume {:axiom}` statement in body.

src/Distributions/BernoulliExpNeg/Correctness.dfy

Lines changed: 34 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -248,10 +248,43 @@ module BernoulliExpNeg.Correctness {
248248
}
249249
}
250250

251-
lemma {:axiom} SampleLe1IsIndep(gamma: Rationals.Rational)
251+
lemma SampleLe1IsIndep(gamma: Rationals.Rational)
252252
requires 0 <= gamma.numer <= gamma.denom
253253
ensures Independence.IsIndep(Model.SampleLe1(gamma))
254+
{
255+
Le1LoopIsIndep(gamma);
256+
Independence.MapIsIndep(Model.Le1Loop(gamma)((true, 0)), (ak: (bool, nat)) => ak.1 % 2 == 1);
257+
}
254258

259+
lemma Le1LoopIsIndep(gamma: Rationals.Rational)
260+
requires 0 <= gamma.numer <= gamma.denom
261+
ensures Independence.IsIndep(Model.Le1Loop(gamma)((true, 0)))
262+
{
263+
Model.Le1LoopTerminatesAlmostSurely(gamma);
264+
forall ak: (bool, nat) ensures Independence.IsIndep(Model.Le1LoopIter(gamma)(ak)) {
265+
Le1LoopIterIsIndep(gamma, ak);
266+
}
267+
Loops.WhileIsIndep(
268+
Model.Le1LoopCondition,
269+
Model.Le1LoopIter(gamma),
270+
(true, 0)
271+
);
272+
assert Independence.IsIndep(Model.Le1Loop(gamma)((true, 0))) by {
273+
reveal Model.Le1Loop();
274+
}
275+
}
276+
277+
lemma Le1LoopIterIsIndep(gamma: Rationals.Rational, ak: (bool, nat))
278+
requires 0 <= gamma.numer <= gamma.denom
279+
ensures Independence.IsIndep(Model.Le1LoopIter(gamma)(ak))
280+
{
281+
var k': nat := ak.1 + 1;
282+
Bernoulli.Correctness.SampleIsIndep(gamma.numer, k' * gamma.denom);
283+
Independence.MapIsIndep(
284+
Bernoulli.Model.Sample(gamma.numer, k' * gamma.denom),
285+
a => (a, k')
286+
);
287+
}
255288

256289
// Proves the correctness of `Model.Le1LoopIter`.
257290
// Correctness means that when run on an initial value of `(true, k)` it produces

0 commit comments

Comments
 (0)