Theory PhiTest_Arithmetic

theory PhiTest_Arithmetic
  imports
    Phi_Semantics.PhiSem_CF_Routine
    Phi_Semantics.PhiSem_CF_Breakable
    Phi_Semantics.PhiSem_Variable
    Phi_Semantics.PhiSem_Int_ArbiPrec
    "HOL-Computational_Algebra.Primes"
begin

proc test_prime:
  input  ‹𝗏𝖺𝗅 x ⦂ ℕ›
  output ‹𝗏𝖺𝗅 prime x ⦂ 𝔹› ― ‹\<^term>‹prime :: nat => bool› is a predicate checking primes›
  is [routine]
❴
  if ‹$x ≤ 1›  ❴
    return (False)
  ❵
  ❴
    ‹2 ⦂ ℕ› → var v ;;

    while ‹i ⦂ 𝗏𝖺𝗋[v] ℕ 𝗌𝗎𝖻𝗃 i.
            Inv: (1 < i ∧ i ≤ x ∧ (∀j. 1 < j ∧ j < i ⟶ ¬ j dvd x)) ∧
            Guard: (i ≠ x) ∧
            End: (i = x)› ― ‹Specification of the loop›
          ( ‹$v ≠ $x› ) ― ‹Code for loop guard›
    ❴                   ― ‹Code for loop body›
      if ‹$x mod $v = 0› ❴
        return (False)
      ❵
      ❴
        ‹$v + 1› → $v
      ❵
    ❵
    return (True)
  ❵
❵.

thm test_prime_def ― ‹Semantic definition›
thm test_prime_φapp ― ‹Specification theorem›


proc test_prime':
  input  ‹𝗏𝖺𝗅 x ⦂ ℕ›
  output ‹𝗏𝖺𝗅 prime x ⦂ 𝔹›
  is [routine]
❴
  if ‹$x ≤ 1› ❴
    return (False)
  ❵
  ❴
    ‹2 ⦂ ℕ› → var v ;;
    (* In the previous example, the loop iterates from 2 to x, here we apply an optimization
       where the loop only needs to iterate to sqrt(x). *)
    while ‹i ⦂ 𝗏𝖺𝗋[v] ℕ 𝗌𝗎𝖻𝗃 i.
          Inv: (1 < i ∧ i ≤ x ∧ (∀j ∈ {1<..<i}. ¬ j dvd x)) ∧
          Guard: (i * i ≤ x) ∧
          End: (x < i * i)›
        ( ‹$v * $v ≤ $x› )
    ❴
      if ‹$x mod $v = 0› ❴
        return (False)  
      ❵
      ❴
        ‹$v + 1› → $v 
      ❵
    ❵

    return (True) (*with this optimization, the final obligation fails to be solved
                    automatically, but the manual proof is intuitive and semi-automated.*)
      certified proof simp
        have ‹False› if assm: ‹¬ prime x›
          proof -
            obtain k where ‹k dvd x ∧ 1 < k ∧ k < x› by auto_sledgehammer
            then have ‹k < ib ∨ x div k < ib› by auto_sledgehammer
            then show False by auto_sledgehammer
          qed
        then show ‹prime x›
          by fastforce
      qed
  ❵ ― ‹Close the top branch›
❵ ― ‹Close the function body› .


proc GCD:
  input  ‹x ⦂ 𝗏𝖺𝗅 ℕ❟ y ⦂ 𝗏𝖺𝗅 ℕ›
  output ‹gcd x y ⦂ 𝗏𝖺𝗅 ℕ› 
  is [recursive x y] ― ‹x, y are variable through recursive callings›
❴
  if ‹$x > $y› ❴ GCD ($y, $x) ❵
  ❴
    ‹$y mod $x› → val t
    if ‹$t = 0› ❴ $x ❵ ❴ GCD ($t, $x) ❵
  ❵
❵.

declare GCD_φapp[φsynthesis add] ― ‹So that we can use abstract spec ‹gcd› in synthesis›

proc Coprime:
  input  ‹x ⦂ 𝗏𝖺𝗅 ℕ❟ y ⦂ 𝗏𝖺𝗅 ℕ›
  output ‹coprime x y ⦂ 𝗏𝖺𝗅 𝔹›
❴
  ‹gcd $x $y = 1›
❵.


proc binary_search:
  requires F: ‹∀i v. 𝗉𝗋𝗈𝖼 F v ⦃ i ⦂ 𝗏𝖺𝗅[v] ℤ ⟼ f i ⦂ 𝗏𝖺𝗅 𝔹 ⦄› ― ‹v: raw value›
  premises ‹mono f›
  input  ‹lower ⦂ 𝗏𝖺𝗅 ℤ❟ upper ⦂ 𝗏𝖺𝗅 ℤ›
  premises ‹f upper› and ‹lower < upper›
  output ‹(LEAST i. lower ≤ i ∧ i ≤ upper ∧ f i) ⦂ 𝗏𝖺𝗅 ℤ›
  is [routine]
❴
  pure_fact ‹i ≤ j ⟹ f i ⟹ f j› for i j ;;

  if ( F($lower) ) ❴ return ($lower) ❵
  ❴  
    $lower, $upper → var $l, $u ;;
    while ‹l ⦂ 𝗏𝖺𝗋[l] ℤ❟ u ⦂ 𝗏𝖺𝗋[u] ℤ 𝗌𝗎𝖻𝗃 l u.
            Inv: (lower ≤ l ∧ l < u ∧ u ≤ upper ∧ ¬ f l ∧ f u) ∧
            Guard: (l + 1 < u) ∧
            End: (l + 1 = u)›
          ( ‹$l + 1 < $u› )
    ❴
      ‹($l + $u) div 2› → val m ;;
      if ( F($m) ) ❴ $m → $u ❵ ❴ $m → $l ❵
    ❵
    return ($u)
  ❵
❵.

end