Page MenuHomeIsabelle/Phabricator
Files F1589991

No OneTemporary
Actions

View Options

This file is larger than 256 KB, so syntax highlighting was skipped.
diff --git a/metadata/authors.toml b/metadata/authors.toml
--- a/metadata/authors.toml
+++ b/metadata/authors.toml
@@ -1,6906 +1,6932 @@
[abdulaziz]
name = "Mohammad Abdulaziz"
[abdulaziz.emails]
[abdulaziz.emails.abdulaziz_email]
user = [
"mohammad",
"abdulaziz",
]
host = [
"in",
"tum",
"de",
]
[abdulaziz.emails.abdulaziz_email1]
user = [
"mohammad",
"abdulaziz8",
]
host = [
"gmail",
"com",
]
[abdulaziz.homepages]
abdulaziz_homepage = "http://home.in.tum.de/~mansour/"
[adelsberger]
name = "Stephan Adelsberger"
[adelsberger.emails]
[adelsberger.emails.adelsberger_email]
user = [
"stvienna",
]
host = [
"gmail",
"com",
]
[adelsberger.homepages]
adelsberger_homepage = "http://nm.wu.ac.at/nm/sadelsbe"
[aehlig]
name = "Klaus Aehlig"
[aehlig.emails]
[aehlig.homepages]
aehlig_homepage = "http://www.linta.de/~aehlig/"
[aissat]
name = "Romain Aissat"
[aissat.emails]
[aissat.homepages]
[amani]
name = "Sidney Amani"
[amani.emails]
[amani.emails.amani_email]
user = [
"sidney",
"amani",
]
host = [
"data61",
"csiro",
"au",
]
[amani.homepages]
[ammer]
name = "Thomas Ammer"
[ammer.emails]
[ammer.emails.ammer_email]
user = ["thomas","ammer"]
host = ["tum","de"]
[ammer.homepages]
[andronick]
name = "June Andronick"
[andronick.emails]
[andronick.homepages]
[aransay]
name = "Jesús Aransay"
[aransay.emails]
[aransay.emails.aransay_email]
user = [
"jesus-maria",
"aransay",
]
host = [
"unirioja",
"es",
]
[aransay.homepages]
aransay_homepage = "https://www.unirioja.es/cu/jearansa"
[argyraki]
name = "Angeliki Koutsoukou-Argyraki"
[argyraki.emails]
[argyraki.emails.argyraki_email]
user = [
"ak2110",
]
host = [
"cam",
"ac",
"uk",
]
[argyraki.homepages]
argyraki_homepage = "https://www.cl.cam.ac.uk/~ak2110/"
argyraki_homepage2 = "https://www.cst.cam.ac.uk/people/ak2110"
[armstrong]
name = "Alasdair Armstrong"
[armstrong.emails]
[armstrong.homepages]
[aspinall]
name = "David Aspinall"
[aspinall.emails]
[aspinall.homepages]
aspinall_homepage = "http://homepages.inf.ed.ac.uk/da/"
[ausaf]
name = "Fahad Ausaf"
[ausaf.emails]
[ausaf.homepages]
ausaf_homepage = "http://kcl.academia.edu/FahadAusaf"
[avigad]
name = "Jeremy Avigad"
[avigad.emails]
[avigad.emails.avigad_email]
user = [
"avigad",
]
host = [
"cmu",
"edu",
]
[avigad.homepages]
avigad_homepage = "http://www.andrew.cmu.edu/user/avigad/"
[back]
name = "Ralph-Johan Back"
[back.emails]
[back.homepages]
back_homepage = "http://users.abo.fi/Ralph-Johan.Back/"
[balbach]
name = "Frank J. Balbach"
[balbach.emails]
[balbach.emails.balbach_email]
user = [
"frank-balbach",
]
host = [
"gmx",
"de",
]
[balbach.homepages]
[ballarin]
name = "Clemens Ballarin"
[ballarin.emails]
[ballarin.emails.ballarin_email]
user = [
"ballarin",
]
host = [
"in",
"tum",
"de",
]
[ballarin.homepages]
ballarin_homepage = "http://www21.in.tum.de/~ballarin/"
[barsotti]
name = "Damián Barsotti"
[barsotti.emails]
[barsotti.homepages]
barsotti_homepage = "http://www.cs.famaf.unc.edu.ar/~damian/"
[bauer]
name = "Gertrud Bauer"
[bauer.emails]
[bauer.homepages]
[bauereiss]
name = "Thomas Bauereiss"
[bauereiss.emails]
[bauereiss.emails.bauereiss_email]
user = [
"thomas",
]
host = [
"bauereiss",
"name",
]
[bauereiss.homepages]
[bayer]
name = "Jonas Bayer"
[bayer.emails]
[bayer.emails.bayer_email]
user = [
"jonas",
"bayer999",
]
host = [
"gmail",
"com",
]
[bayer.homepages]
[becker]
name = "Heiko Becker"
[becker.emails]
[becker.emails.becker_email]
user = [
"hbecker",
]
host = [
"mpi-sws",
"org",
]
[becker.homepages]
[beeren]
name = "Joel Beeren"
[beeren.emails]
[beeren.homepages]
[bella]
name = "Giampaolo Bella"
[bella.emails]
[bella.emails.bella_email]
user = [
"giamp",
]
host = [
"dmi",
"unict",
"it",
]
[bella.homepages]
bella_homepage = "http://www.dmi.unict.it/~giamp/"
[bengtson]
name = "Jesper Bengtson"
[bengtson.emails]
[bengtson.homepages]
bengtson_homepage = "http://www.itu.dk/people/jebe"
[bentkamp]
name = "Alexander Bentkamp"
[bentkamp.emails]
[bentkamp.emails.bentkamp_email]
user = [
"bentkamp",
]
host = [
"gmail",
"com",
]
[bentkamp.emails.bentkamp_email1]
user = [
"a",
"bentkamp",
]
host = [
"vu",
"nl",
]
[bentkamp.homepages]
bentkamp_homepage = "https://www.cs.vu.nl/~abp290/"
[benzmueller]
name = "Christoph Benzmüller"
[benzmueller.emails]
[benzmueller.emails.benzmueller_email]
user = [
"c",
"benzmueller",
]
host = [
"gmail",
"com",
]
[benzmueller.emails.benzmueller_email1]
user = [
"c",
"benzmueller",
]
host = [
"fu-berlin",
"de",
]
[benzmueller.homepages]
benzmueller_homepage = "http://christoph-benzmueller.de"
benzmueller_homepage1 = "http://page.mi.fu-berlin.de/cbenzmueller/"
[beresford]
name = "Alastair R. Beresford"
[beresford.emails]
[beresford.emails.beresford_email]
user = [
"arb33",
]
host = [
"cam",
"ac",
"uk",
]
[beresford.homepages]
[berghofer]
name = "Stefan Berghofer"
[berghofer.emails]
[berghofer.emails.berghofer_email]
user = [
"berghofe",
]
host = [
"in",
"tum",
"de",
]
[berghofer.homepages]
berghofer_homepage = "http://www.in.tum.de/~berghofe"
[beringer]
name = "Lennart Beringer"
[beringer.emails]
[beringer.emails.beringer_email]
user = [
"lennart",
"beringer",
]
host = [
"ifi",
"lmu",
"de",
]
[beringer.homepages]
[bharadwaj]
name = "Abhijith Bharadwaj"
[bharadwaj.emails]
[bharadwaj.homepages]
[bhatt]
name = "Bhargav Bhatt"
[bhatt.emails]
[bhatt.emails.bhatt_email]
user = [
"bhargav",
"bhatt",
]
host = [
"inf",
"ethz",
"ch",
]
[bhatt.homepages]
[biendarra]
name = "Julian Biendarra"
[biendarra.emails]
[biendarra.homepages]
[bisping]
name = "Benjamin Bisping"
[bisping.emails]
[bisping.emails.bisping_email]
user = [
"benjamin",
"bisping",
]
host = [
"campus",
"tu-berlin",
"de",
]
[bisping.homepages]
[blanchette]
name = "Jasmin Christian Blanchette"
[blanchette.emails]
[blanchette.emails.blanchette_email]
user = [
"jasmin",
"blanchette",
]
host = [
"gmail",
"com",
]
[blanchette.emails.blanchette_email1]
user = [
"j",
"c",
"blanchette",
]
host = [
"vu",
"nl",
]
[blanchette.homepages]
blanchette_homepage = "http://www21.in.tum.de/~blanchet"
blanchette_homepage1 = "https://www.cs.vu.nl/~jbe248/"
[blasum]
name = "Holger Blasum"
[blasum.emails]
[blasum.emails.blasum_email]
user = [
"holger",
"blasum",
]
host = [
"sysgo",
"com",
]
[blasum.homepages]
[blumson]
name = "Ben Blumson"
[blumson.emails]
[blumson.emails.blumson_email]
user = [
"benblumson",
]
host = [
"gmail",
"com",
]
[blumson.homepages]
blumson_homepage = "https://philpeople.org/profiles/ben-blumson"
[bockenek]
name = "Joshua Bockenek"
[bockenek.emails]
[bockenek.homepages]
[boehme]
name = "Sascha Böhme"
[boehme.emails]
[boehme.emails.boehme_email]
user = [
"boehmes",
]
host = [
"in",
"tum",
"de",
]
[boehme.homepages]
boehme_homepage = "http://www21.in.tum.de/~boehmes/"
[bohrer]
name = "Rose Bohrer"
[bohrer.emails]
[bohrer.emails.bohrer_email]
user = [
"rose",
"bohrer",
"cs",
]
host = [
"gmail",
"com",
]
[bohrer.homepages]
[bordg]
name = "Anthony Bordg"
[bordg.emails]
[bordg.emails.bordg_email]
user = [
"apdb3",
]
host = [
"cam",
"ac",
"uk",
]
[bordg.homepages]
bordg_homepage = "https://sites.google.com/site/anthonybordg/"
[borgstroem]
name = "Johannes Borgström"
[borgstroem.emails]
[borgstroem.emails.borgstroem_email]
user = [
"johannes",
"borgstrom",
]
host = [
"it",
"uu",
"se",
]
[borgstroem.homepages]
[bortin]
name = "Maksym Bortin"
[bortin.emails]
[bortin.emails.bortin_email]
user = [
"maksym",
"bortin",
]
host = [
"nicta",
"com",
"au",
]
[bortin.emails.bortin_email1]
user = [
"mbortin",
]
host = [
"gmail",
"com",
]
[bortin.homepages]
[bottesch]
name = "Ralph Bottesch"
[bottesch.emails]
[bottesch.emails.bottesch_email]
user = [
"ralph",
"bottesch",
]
host = [
"uibk",
"ac",
"at",
]
[bottesch.homepages]
bottesch_homepage = "http://cl-informatik.uibk.ac.at/users/bottesch/"
[boulanger]
name = "Frédéric Boulanger"
[boulanger.emails]
[boulanger.emails.boulanger_email]
user = [
"frederic",
"boulanger",
]
host = [
"centralesupelec",
"fr",
]
[boulanger.homepages]
[bourke]
name = "Timothy Bourke"
[bourke.emails]
[bourke.emails.bourke_email]
user = [
"tim",
]
host = [
"tbrk",
"org",
]
[bourke.homepages]
bourke_homepage = "http://www.tbrk.org"
[boutry]
name = "Pierre Boutry"
[boutry.emails]
[boutry.emails.boutry_email]
user = [
"boutry",
]
host = [
"unistra",
"fr",
]
[boutry.homepages]
[boyton]
name = "Andrew Boyton"
[boyton.emails]
[boyton.emails.boyton_email]
user = [
"andrew",
"boyton",
]
host = [
"nicta",
"com",
"au",
]
[boyton.homepages]
[bracevac]
name = "Oliver Bračevac"
[bracevac.emails]
[bracevac.emails.bracevac_email]
user = [
"bracevac",
]
host = [
"st",
"informatik",
"tu-darmstadt",
"de",
]
[bracevac.homepages]
[brandt]
name = "Felix Brandt"
[brandt.emails]
[brandt.homepages]
brandt_homepage = "http://dss.in.tum.de/staff/brandt.html"
[breitner]
name = "Joachim Breitner"
[breitner.emails]
[breitner.emails.breitner_email]
user = [
"mail",
]
host = [
"joachim-breitner",
"de",
]
[breitner.emails.breitner_email1]
user = [
"joachim",
]
host = [
"cis",
"upenn",
"edu",
]
[breitner.homepages]
breitner_homepage = "http://pp.ipd.kit.edu/~breitner"
[brien]
name = "Nicolas Robinson-O'Brien"
[brien.emails]
[brien.homepages]
[brinkop]
name = "Hauke Brinkop"
[brinkop.emails]
[brinkop.emails.brinkop_email]
user = [
"hauke",
"brinkop",
]
host = [
"googlemail",
"com",
]
[brinkop.homepages]
[brodmann]
name = "Paul-David Brodmann"
[brodmann.emails]
[brodmann.emails.brodmann_email]
user = [
"p",
"brodmann",
]
host = [
"tu-berlin",
"de",
]
[brodmann.homepages]
[brucker]
name = "Achim D. Brucker"
[brucker.emails]
[brucker.emails.brucker_email]
user = [
"a",
"brucker",
]
host = [
"exeter",
"ac",
"uk",
]
[brucker.emails.brucker_email1]
user = [
"brucker",
]
host = [
"spamfence",
"net",
]
[brucker.emails.brucker_email2]
user = [
"adbrucker",
]
host = [
"0x5f",
"org",
]
[brucker.homepages]
brucker_homepage = "https://www.brucker.ch/"
[bruegger]
name = "Lukas Brügger"
[bruegger.emails]
[bruegger.emails.bruegger_email]
user = [
"lukas",
"a",
"bruegger",
]
host = [
"gmail",
"com",
]
[bruegger.homepages]
[brun]
name = "Matthias Brun"
[brun.emails]
[brun.emails.brun_email]
user = [
"matthias",
"brun",
]
host = [
"inf",
"ethz",
"ch",
]
[brun.homepages]
[brunner]
name = "Julian Brunner"
[brunner.emails]
[brunner.emails.brunner_email]
user = [
"brunnerj",
]
host = [
"in",
"tum",
"de",
]
[brunner.homepages]
brunner_homepage = "http://www21.in.tum.de/~brunnerj/"
[bulwahn]
name = "Lukas Bulwahn"
[bulwahn.emails]
[bulwahn.emails.bulwahn_email]
user = [
"lukas",
"bulwahn",
]
host = [
"gmail",
"com",
]
[bulwahn.homepages]
[butler]
name = "David Butler"
[butler.emails]
[butler.emails.butler_email]
user = [
"dbutler",
]
host = [
"turing",
"ac",
"uk",
]
[butler.homepages]
butler_homepage = "https://www.turing.ac.uk/people/doctoral-students/david-butler"
[buyse]
name = "Maxime Buyse"
[buyse.emails]
[buyse.emails.buyse_email]
user = [
"maxime",
"buyse",
]
host = [
"polytechnique",
"edu",
]
[buyse.homepages]
[caballero]
name = "José Manuel Rodríguez Caballero"
[caballero.emails]
[caballero.emails.caballero_email]
user = [
"jose",
"manuel",
"rodriguez",
"caballero",
]
host = [
"ut",
"ee",
]
[caballero.homepages]
caballero_homepage = "https://josephcmac.github.io/"
[caminati]
name = "Marco B. Caminati"
[caminati.emails]
[caminati.homepages]
[campo]
name = "Alejandro del Campo"
[campo.emails]
[campo.emails.campo_email]
user = [
"alejandro",
"del-campo",
]
host = [
"alum",
"unirioja",
"es",
]
[campo.homepages]
[chaieb]
name = "Amine Chaieb"
[chaieb.emails]
[chaieb.homepages]
[chapman]
name = "Peter Chapman"
[chapman.emails]
[chapman.emails.chapman_email]
user = [
"pc",
]
host = [
"cs",
"st-andrews",
"ac",
"uk",
]
[chapman.homepages]
[chen]
name = "L. Chen"
[chen.emails]
[chen.homepages]
[clouston]
name = "Ranald Clouston"
[clouston.emails]
[clouston.emails.clouston_email]
user = [
"ranald",
"clouston",
]
host = [
"cs",
"au",
"dk",
]
[clouston.homepages]
[cock]
name = "David Cock"
[cock.emails]
[cock.emails.cock_email]
user = [
"david",
"cock",
]
host = [
"nicta",
"com",
"au",
]
[cock.homepages]
[coghetto]
name = "Roland Coghetto"
[coghetto.emails]
[coghetto.emails.coghetto_email]
user = [
"roland_coghetto",
]
host = [
"hotmail",
"com",
]
[coghetto.homepages]
[coglio]
name = "Alessandro Coglio"
[coglio.emails]
[coglio.emails.coglio_email]
user = [
"coglio",
]
host = [
"kestrel",
"edu",
]
[coglio.homepages]
coglio_homepage = "http://www.kestrel.edu/~coglio"
[cohen]
name = "Ernie Cohen"
[cohen.emails]
[cohen.emails.cohen_email]
user = [
"ecohen",
]
host = [
"amazon",
"com",
]
[cohen.homepages]
[cordwell]
name = "Katherine Cordwell"
[cordwell.emails]
[cordwell.emails.cordwell_email]
user = [
"kcordwel",
]
host = [
"cs",
"cmu",
"edu",
]
[cordwell.homepages]
cordwell_homepage = "https://www.cs.cmu.edu/~kcordwel/"
[cousin]
name = "Marie Cousin"
[cousin.emails]
[cousin.emails.cousin_email]
user = [
"marie",
"cousin",
]
host = [
"grenoble-inp",
"org",
]
[cousin.homepages]
[cremer]
name = "Nils Cremer"
[cremer.emails]
[cremer.emails.cremer_email]
user = [
"nils",
"cremer",
]
host = [
"tum",
"de",
]
[cremer.homepages]
[crighton]
name = "Aaron Crighton"
[crighton.emails]
[crighton.emails.crighton_email]
user = [
"crightoa",
]
host = [
"mcmaster",
"ca",
]
[crighton.homepages]
[dardinier]
name = "Thibault Dardinier"
[dardinier.emails]
[dardinier.emails.dardinier_email]
user = [
"thibault",
"dardinier",
]
host = [
"inf",
"ethz",
"ch",
]
[dardinier.homepages]
dardinier_homepage = "https://dardinier.me/"
[david]
name = "Marco David"
[david.emails]
[david.emails.david_email]
user = [
"marco",
"david",
]
host = [
"hotmail",
"de",
]
[david.homepages]
[debrat]
name = "Henri Debrat"
[debrat.emails]
[debrat.emails.debrat_email]
user = [
"henri",
"debrat",
]
host = [
"loria",
"fr",
]
[debrat.homepages]
[decova]
name = "Sára Decova"
[decova.emails]
[decova.homepages]
[derrick]
name = "John Derrick"
[derrick.emails]
[derrick.emails.derrick_email]
user = [
"j",
"derrick",
]
host = [
"sheffield",
"ac",
"uk",
]
[derrick.homepages]
[desharnais]
name = "Martin Desharnais"
[desharnais.emails]
[desharnais.emails.desharnais_email]
user = [
"martin",
"desharnais",
]
host = [
"unibw",
"de",
]
[desharnais.homepages]
desharnais_homepage = "https://martin.desharnais.me"
[diaz]
name = "Javier Díaz"
[diaz.emails]
[diaz.emails.diaz_email]
user = [
"javier",
"diaz",
"manzi",
]
host = [
"gmail",
"com",
]
[diaz.homepages]
[diekmann]
name = "Cornelius Diekmann"
[diekmann.emails]
[diekmann.emails.diekmann_email]
user = [
"diekmann",
]
host = [
"net",
"in",
"tum",
"de",
]
[diekmann.homepages]
diekmann_homepage = "http://net.in.tum.de/~diekmann"
[dirix]
name = "Stefan Dirix"
[dirix.emails]
[dirix.homepages]
[dittmann]
name = "Christoph Dittmann"
[dittmann.emails]
[dittmann.emails.dittmann_email]
user = [
"isabelle",
]
host = [
"christoph-d",
"de",
]
[dittmann.homepages]
dittmann_homepage = "http://logic.las.tu-berlin.de/Members/Dittmann/"
[divason]
name = "Jose Divasón"
[divason.emails]
[divason.emails.divason_email]
user = [
"jose",
"divason",
]
host = [
"unirioja",
"es",
]
[divason.homepages]
divason_homepage = "https://www.unirioja.es/cu/jodivaso/"
[doczkal]
name = "Christian Doczkal"
[doczkal.emails]
[doczkal.emails.doczkal_email]
user = [
"doczkal",
]
host = [
"ps",
"uni-saarland",
"de",
]
[doczkal.homepages]
[dongol]
name = "Brijesh Dongol"
[dongol.emails]
[dongol.emails.dongol_email]
user = [
"brijesh",
"dongol",
]
host = [
"brunel",
"ac",
"uk",
]
[dongol.homepages]
[doty]
name = "Matthew Doty"
[doty.emails]
[doty.emails.doty_email]
user = [
"matt",
]
host = [
"w-d",
"org",
]
[doty.homepages]
[dubut]
name = "Jérémy Dubut"
[dubut.emails]
[dubut.emails.dubut_email]
user = [
"dubut",
]
host = [
"nii",
"ac",
"jp",
]
[dubut.homepages]
dubut_homepage = "http://group-mmm.org/~dubut/"
[dunaev]
name = "Georgy Dunaev"
[dunaev.emails]
[dunaev.emails.dunaev_email]
user = [
"georgedunaev",
]
host = [
"gmail",
"com",
]
[dunaev.homepages]
[dyckhoff]
name = "Roy Dyckhoff"
[dyckhoff.emails]
[dyckhoff.homepages]
dyckhoff_homepage = "https://rd.host.cs.st-andrews.ac.uk"
[eberl]
name = "Manuel Eberl"
orcid = "0000-0002-4263-6571"
[eberl.emails]
[eberl.emails.eberl_email]
user = [
"manuel",
]
host = [
"pruvisto",
"org",
]
[eberl.emails.eberl_email1]
user = [
"manuel",
"eberl",
]
host = [
"tum",
"de",
]
[eberl.emails.eberl_email2]
user = [
"manuel",
"eberl",
]
host = [
"uibk",
"ac",
"at",
]
[eberl.homepages]
eberl_homepage = "https://pruvisto.org/"
eberl_homepage2 = "https://www.in.tum.de/~eberlm"
[echenim]
name = "Mnacho Echenim"
[echenim.emails]
[echenim.emails.echenim_email]
user = [
"mnacho",
"echenim",
]
host = [
"univ-grenoble-alpes",
"fr",
]
[echenim.homepages]
echenim_homepage = "https://lig-membres.imag.fr/mechenim/"
[edmonds]
name = "Chelsea Edmonds"
[edmonds.emails]
[edmonds.emails.edmonds_email]
user = [
"cle47",
]
host = [
"cam",
"ac",
"uk",
]
[edmonds.homepages]
edmonds_homepage = "https://www.cst.cam.ac.uk/people/cle47"
[engelhardt]
name = "Kai Engelhardt"
[engelhardt.emails]
[engelhardt.homepages]
[eriksson]
name = "Lars-Henrik Eriksson"
[eriksson.emails]
[eriksson.emails.eriksson_email]
user = [
"lhe",
]
host = [
"it",
"uu",
"se",
]
[eriksson.homepages]
[esparza]
name = "Javier Esparza"
[esparza.emails]
[esparza.homepages]
esparza_homepage = "https://www7.in.tum.de/~esparza/"
[essmann]
name = "Robin Eßmann"
[essmann.emails]
[essmann.emails.essmann_email]
user = [
"robin",
"essmann",
]
host = [
"tum",
"de",
]
[essmann.homepages]
[felgenhauer]
name = "Bertram Felgenhauer"
[felgenhauer.emails]
[felgenhauer.emails.felgenhauer_email]
user = [
"bertram",
"felgenhauer",
]
host = [
"uibk",
"ac",
"at",
]
[felgenhauer.emails.felgenhauer_email1]
user = [
"int-e",
]
host = [
"gmx",
"de",
]
[felgenhauer.homepages]
[feliachi]
name = "Abderrahmane Feliachi"
[feliachi.emails]
[feliachi.emails.feliachi_email]
user = [
"abderrahmane",
"feliachi",
]
host = [
"lri",
"fr",
]
[feliachi.homepages]
[fell]
name = "Julian Fell"
[fell.emails]
[fell.emails.fell_email]
user = [
"julian",
"fell",
]
host = [
"uq",
"net",
"au",
]
[fell.homepages]
[fernandez]
name = "Matthew Fernandez"
[fernandez.emails]
[fernandez.homepages]
[fiedler]
name = "Ben Fiedler"
[fiedler.emails]
[fiedler.emails.fiedler_email]
user = [
"ben",
"fiedler",
]
host = [
"inf",
"ethz",
"ch",
]
[fiedler.homepages]
[fleuriot]
name = "Jacques D. Fleuriot"
[fleuriot.emails]
[fleuriot.emails.fleuriot_email]
user = [
"Jacques",
"Fleuriot",
]
host = [
"ed",
"ac",
"uk",
]
[fleuriot.emails.fleuriot_email1]
user = [
"jdf",
]
host = [
"ed",
"ac",
"uk",
]
[fleuriot.homepages]
fleuriot_homepage = "https://www.inf.ed.ac.uk/people/staff/Jacques_Fleuriot.html"
[fleury]
name = "Mathias Fleury"
[fleury.emails]
[fleury.emails.fleury_email]
user = [
"fleury",
]
host = [
"mpi-inf",
"mpg",
"de",
]
[fleury.emails.fleury_email1]
user = [
"mathias",
"fleury",
]
host = [
"jku",
"at",
]
[fleury.homepages]
fleury_homepage = "http://fmv.jku.at/fleury"
[foster]
name = "Michael Foster"
[foster.emails]
[foster.emails.foster_email]
user = [
"m",
"foster",
]
host = [
"sheffield",
"ac",
"uk",
]
[foster.homepages]
[fosterj]
name = "J. Nathan Foster"
[fosterj.emails]
[fosterj.homepages]
fosterj_homepage = "http://www.cs.cornell.edu/~jnfoster/"
[fosters]
name = "Simon Foster"
[fosters.emails]
[fosters.emails.fosters_email]
user = [
"simon",
"foster",
]
host = [
"york",
"ac",
"uk",
]
[fosters.homepages]
fosters_homepage = "https://www-users.cs.york.ac.uk/~simonf/"
[fouillard]
name = "Valentin Fouillard"
[fouillard.emails]
[fouillard.emails.fouillard_email]
user = [
"valentin",
"fouillard",
]
host = [
"limsi",
"fr",
]
[fouillard.homepages]
[friedrich]
name = "Stefan Friedrich"
[friedrich.emails]
[friedrich.homepages]
[from]
name = "Asta Halkjær From"
[from.emails]
[from.emails.from_email]
user = [
"ahfrom",
]
host = [
"dtu",
"dk",
]
[from.homepages]
from_homepage = "https://people.compute.dtu.dk/ahfrom/"
[fuenmayor]
name = "David Fuenmayor"
[fuenmayor.emails]
[fuenmayor.emails.fuenmayor_email]
user = [
"davfuenmayor",
]
host = [
"gmail",
"com",
]
[fuenmayor.homepages]
[furusawa]
name = "Hitoshi Furusawa"
[furusawa.emails]
[furusawa.homepages]
furusawa_homepage = "http://www.sci.kagoshima-u.ac.jp/~furusawa/"
[gammie]
name = "Peter Gammie"
[gammie.emails]
[gammie.emails.gammie_email]
user = [
"peteg42",
]
host = [
"gmail",
"com",
]
[gammie.homepages]
gammie_homepage = "http://peteg.org"
[gao]
name = "Xin Gao"
[gao.emails]
[gao.homepages]
[gaudel]
name = "Marie-Claude Gaudel"
[gaudel.emails]
[gaudel.emails.gaudel_email]
user = [
"mcg",
]
host = [
"lri",
"fr",
]
[gaudel.homepages]
[gay]
name = "Richard Gay"
[gay.emails]
[gay.emails.gay_email]
user = [
"gay",
]
host = [
"mais",
"informatik",
"tu-darmstadt",
"de",
]
[gay.homepages]
[georgescu]
name = "George Georgescu"
[georgescu.emails]
[georgescu.homepages]
[gheri]
name = "Lorenzo Gheri"
[gheri.emails]
[gheri.emails.gheri_email]
user = [
"lor",
"gheri",
]
host = [
"gmail",
"com",
]
[gheri.homepages]
[ghourabi]
name = "Fadoua Ghourabi"
[ghourabi.emails]
[ghourabi.emails.ghourabi_email]
user = [
"fadouaghourabi",
]
host = [
"gmail",
"com",
]
[ghourabi.homepages]
[gioiosa]
name = "Gianpaolo Gioiosa"
[gioiosa.emails]
[gioiosa.homepages]
[glabbeek]
name = "Rob van Glabbeek"
[glabbeek.emails]
[glabbeek.homepages]
glabbeek_homepage = "http://theory.stanford.edu/~rvg/"
[gomes]
name = "Victor B. F. Gomes"
[gomes.emails]
[gomes.emails.gomes_email]
user = [
"victor",
"gomes",
]
host = [
"cl",
"cam",
"ac",
"uk",
]
[gomes.emails.gomes_email2]
user = [
"victorborgesfg",
]
host = [
"gmail",
"com",
]
[gomes.emails.gomes_email4]
user = [
"vborgesferreiragomes1",
]
host = [
"sheffield",
"ac",
"uk",
]
[gomes.homepages]
gomes_homepage = "http://www.dcs.shef.ac.uk/~victor"
[gonzalez]
name = "Edgar Gonzàlez"
orcid = "0000-0002-9169-0769"
[gonzalez.emails]
[gonzalez.emails.gonzalez_email]
user = [
"edgargip",
]
host = [
"google",
"com",
]
[gonzalez.homepages]
[gore]
name = "Rajeev Gore"
[gore.emails]
[gore.emails.gore_email]
user = [
"rajeev",
"gore",
]
host = [
"anu",
"edu",
"au",
]
[gore.homepages]
[gouezel]
name = "Sebastien Gouezel"
[gouezel.emails]
[gouezel.emails.gouezel_email]
user = [
"sebastien",
"gouezel",
]
host = [
"univ-rennes1",
"fr",
]
[gouezel.homepages]
gouezel_homepage = "http://www.math.sciences.univ-nantes.fr/~gouezel/"
[grechuk]
name = "Bogdan Grechuk"
[grechuk.emails]
[grechuk.emails.grechuk_email]
user = [
"grechukbogdan",
]
host = [
"yandex",
"ru",
]
[grechuk.homepages]
[grewe]
name = "Sylvia Grewe"
[grewe.emails]
[grewe.emails.grewe_email]
user = [
"grewe",
]
host = [
"cs",
"tu-darmstadt",
"de",
]
[grewe.homepages]
[griebel]
name = "Simon Griebel"
[griebel.emails]
[griebel.emails.griebel_email]
user = [
"s",
"griebel",
]
host = [
"tum",
"de",
]
[griebel.homepages]
[grov]
name = "Gudmund Grov"
[grov.emails]
[grov.emails.grov_email]
user = [
"ggrov",
]
host = [
"inf",
"ed",
"ac",
"uk",
]
[grov.homepages]
grov_homepage = "http://homepages.inf.ed.ac.uk/ggrov"
[guerraoui]
name = "Rachid Guerraoui"
[guerraoui.emails]
[guerraoui.emails.guerraoui_email]
user = [
"rachid",
"guerraoui",
]
host = [
"epfl",
"ch",
]
[guerraoui.homepages]
[guiol]
name = "Hervé Guiol"
[guiol.emails]
[guiol.emails.guiol_email]
user = [
"herve",
"guiol",
]
host = [
"univ-grenoble-alpes",
"fr",
]
[guiol.homepages]
[gunther]
name = "Emmanuel Gunther"
[gunther.emails]
[gunther.emails.gunther_email]
user = [
"gunther",
]
host = [
"famaf",
"unc",
"edu",
"ar",
]
[gunther.homepages]
[gutkovas]
name = "Ramunas Gutkovas"
[gutkovas.emails]
[gutkovas.emails.gutkovas_email]
user = [
"ramunas",
"gutkovas",
]
host = [
"it",
"uu",
"se",
]
[gutkovas.homepages]
[guttmann]
name = "Walter Guttmann"
[guttmann.emails]
[guttmann.emails.guttmann_email]
user = [
"walter",
"guttmann",
]
host = [
"canterbury",
"ac",
"nz",
]
[guttmann.homepages]
guttmann_homepage = "https://www.cosc.canterbury.ac.nz/walter.guttmann/"
[guzman]
name = "Laura P. Gamboa Guzman"
[guzman.emails]
[guzman.emails.guzman_email]
user = [
"lpgamboa"
]
host = [
"iastate",
"edu"
]
[guzman.homepages]
guzman_homepage = "https://sites.google.com/view/lpgamboa/home"
[haftmann]
name = "Florian Haftmann"
[haftmann.emails]
[haftmann.emails.haftmann_email]
user = [
"florian",
"haftmann",
]
host = [
"informatik",
"tu-muenchen",
"de",
]
[haftmann.homepages]
haftmann_homepage = "http://isabelle.in.tum.de/~haftmann"
[haslbeck]
name = "Max W. Haslbeck"
[haslbeck.emails]
[haslbeck.emails.haslbeck_email]
user = [
"maximilian",
"haslbeck",
]
host = [
"uibk",
"ac",
"at",
]
[haslbeck.emails.haslbeck_email1]
user = [
"haslbecm",
]
host = [
"in",
"tum",
"de",
]
[haslbeck.emails.haslbeck_email2]
user = [
"max",
"haslbeck",
]
host = [
"gmx",
"de",
]
[haslbeck.homepages]
haslbeck_homepage = "http://cl-informatik.uibk.ac.at/users/mhaslbeck/"
[haslbeckm]
name = "Maximilian P. L. Haslbeck"
[haslbeckm.emails]
[haslbeckm.emails.haslbeckm_email]
user = [
"haslbema",
]
host = [
"in",
"tum",
"de",
]
[haslbeckm.homepages]
haslbeckm_homepage = "http://in.tum.de/~haslbema/"
[havle]
name = "Oto Havle"
[havle.emails]
[havle.emails.havle_email]
user = [
"oha",
]
host = [
"sysgo",
"com",
]
[havle.homepages]
[hayes]
name = "Ian J. Hayes"
[hayes.emails]
[hayes.emails.hayes_email]
user = [
"ian",
"hayes",
]
host = [
"itee",
"uq",
"edu",
"au",
]
[hayes.homepages]
[he]
name = "Yijun He"
[he.emails]
[he.emails.he_email]
user = [
"yh403",
]
host = [
"cam",
"ac",
"uk",
]
[he.homepages]
[heimes]
name = "Lukas Heimes"
[heimes.emails]
[heimes.emails.heimes_email]
user = [
"heimesl",
]
host = [
"student",
"ethz",
"ch",
]
[heimes.homepages]
[helke]
name = "Steffen Helke"
[helke.emails]
[helke.emails.helke_email]
user = [
"helke",
]
host = [
"cs",
"tu-berlin",
"de",
]
[helke.homepages]
[hellauer]
name = "Fabian Hellauer"
[hellauer.emails]
[hellauer.emails.hellauer_email]
user = [
"hellauer",
]
host = [
"in",
"tum",
"de",
]
[hellauer.homepages]
[heller]
name = "Armin Heller"
[heller.emails]
[heller.homepages]
[henrio]
name = "Ludovic Henrio"
[henrio.emails]
[henrio.emails.henrio_email]
user = [
"Ludovic",
"Henrio",
]
host = [
"sophia",
"inria",
"fr",
]
[henrio.homepages]
[herzberg]
name = "Michael Herzberg"
[herzberg.emails]
[herzberg.emails.herzberg_email]
user = [
"mail",
]
host = [
"michael-herzberg",
"de",
]
[herzberg.homepages]
herzberg_homepage = "http://www.dcs.shef.ac.uk/cgi-bin/makeperson?M.Herzberg"
[hess]
name = "Andreas V. Hess"
[hess.emails]
[hess.emails.hess_email]
user = [
"avhe",
]
host = [
"dtu",
"dk",
]
[hess.emails.hess_email1]
user = [
"andreasvhess",
]
host = [
"gmail",
"com",
]
[hess.homepages]
[hetzl]
name = "Stefan Hetzl"
[hetzl.emails]
[hetzl.emails.hetzl_email]
user = [
"hetzl",
]
host = [
"logic",
"at",
]
[hetzl.homepages]
hetzl_homepage = "http://www.logic.at/people/hetzl/"
[hibon]
name = "Quentin Hibon"
[hibon.emails]
[hibon.emails.hibon_email]
user = [
"qh225",
]
host = [
"cl",
"cam",
"ac",
"uk",
]
[hibon.homepages]
[hirata]
name = "Michikazu Hirata"
[hirata.emails]
[hirata.emails.hirata_email]
user = [
"hirata",
"m",
"ac",
]
host = [
"m",
"titech",
"ac",
"jp",
]
[hirata.homepages]
[hoefner]
name = "Peter Höfner"
[hoefner.emails]
[hoefner.emails.hoefner_email]
user = [
"peter",
]
host = [
"hoefner-online",
"de",
]
[hoefner.homepages]
hoefner_homepage = "http://www.hoefner-online.de/"
[hoelzl]
name = "Johannes Hölzl"
[hoelzl.emails]
[hoelzl.emails.hoelzl_email]
user = [
"hoelzl",
]
host = [
"in",
"tum",
"de",
]
[hoelzl.homepages]
hoelzl_homepage = "http://home.in.tum.de/~hoelzl"
[hofmann]
name = "Martin Hofmann"
[hofmann.emails]
[hofmann.homepages]
hofmann_homepage = "http://www.tcs.informatik.uni-muenchen.de/~mhofmann"
[holub]
name = "Štěpán Holub"
[holub.emails]
[holub.emails.holub_email]
user = [
"holub",
]
host = [
"karlin",
"mff",
"cuni",
"cz",
]
[holub.homepages]
holub_homepage = "https://www2.karlin.mff.cuni.cz/~holub/"
[hosking]
name = "Tony Hosking"
[hosking.emails]
[hosking.homepages]
hosking_homepage = "https://www.cs.purdue.edu/homes/hosking/"
[hou]
name = "Zhe Hou"
[hou.emails]
[hou.emails.hou_email]
user = [
"zhe",
"hou",
]
host = [
"ntu",
"edu",
"sg",
]
[hou.homepages]
[hu]
name = "Shuwei Hu"
[hu.emails]
[hu.emails.hu_email]
user = [
"shuwei",
"hu",
]
host = [
"tum",
"de",
]
[hu.homepages]
[huffman]
name = "Brian Huffman"
[huffman.emails]
[huffman.emails.huffman_email]
user = [
"huffman",
]
host = [
"in",
"tum",
"de",
]
[huffman.emails.huffman_email1]
user = [
"brianh",
]
host = [
"cs",
"pdx",
"edu",
]
[huffman.homepages]
huffman_homepage = "http://cs.pdx.edu/~brianh/"
[hupel]
name = "Lars Hupel"
[hupel.emails]
[hupel.emails.hupel_email]
user = [
"lars",
]
host = [
"hupel",
"info",
]
[hupel.homepages]
hupel_homepage = "https://lars.hupel.info/"
[ijbema]
name = "Mark Ijbema"
[ijbema.emails]
[ijbema.emails.ijbema_email]
user = [
"ijbema",
]
host = [
"fmf",
"nl",
]
[ijbema.homepages]
[immler]
name = "Fabian Immler"
[immler.emails]
[immler.emails.immler_email]
user = [
"immler",
]
host = [
"in",
"tum",
"de",
]
[immler.emails.immler_email1]
user = [
"fimmler",
]
host = [
"cs",
"cmu",
"edu",
]
[immler.homepages]
immler_homepage = "https://home.in.tum.de/~immler/"
[ito]
name = "Yosuke Ito"
[ito.emails]
[ito.emails.ito_email]
user = [
"glacier345",
]
host = [
"gmail",
"com",
]
[ito.homepages]
[iwama]
name = "Fumiya Iwama"
[iwama.emails]
[iwama.emails.iwama_email]
user = [
"d1623001",
]
host = [
"s",
"konan-u",
"ac",
"jp",
]
[iwama.homepages]
[jacobsen]
name = "Frederik Krogsdal Jacobsen"
[jacobsen.emails]
[jacobsen.emails.jacobsen_email]
user = [
"fkjac",
]
host = [
"dtu",
"dk",
]
[jacobsen.homepages]
jacobsen_homepage = "http://people.compute.dtu.dk/fkjac/"
[jaskelioff]
name = "Mauro Jaskelioff"
[jaskelioff.emails]
[jaskelioff.homepages]
jaskelioff_homepage = "http://www.fceia.unr.edu.ar/~mauro/"
[jaskolka]
name = "Jason Jaskolka"
[jaskolka.emails]
[jaskolka.emails.jaskolka_email]
user = [
"jason",
"jaskolka",
]
host = [
"carleton",
"ca",
]
[jaskolka.homepages]
jaskolka_homepage = "https://carleton.ca/jaskolka/"
[jensen]
name = "Alexander Birch Jensen"
[jensen.emails]
[jensen.emails.jensen_email]
user = [
"aleje",
]
host = [
"dtu",
"dk",
]
[jensen.homepages]
jensen_homepage = "https://people.compute.dtu.dk/aleje/"
[jiang]
name = "Nan Jiang"
[jiang.emails]
[jiang.emails.jiang_email]
user = [
"nanjiang",
]
host = [
"whu",
"edu",
"cn",
]
[jiang.homepages]
[jiangd]
name = "Dongchen Jiang"
[jiangd.emails]
[jiangd.emails.jiangd_email]
user = [
"dongchenjiang",
]
host = [
"googlemail",
"com",
]
[jiangd.homepages]
[joosten]
name = "Sebastiaan J. C. Joosten"
[joosten.emails]
[joosten.emails.joosten_email]
user = [
"sebastiaan",
"joosten",
]
host = [
"uibk",
"ac",
"at",
]
[joosten.emails.joosten_email1]
user = [
"sjcjoosten",
]
host = [
"gmail",
"com",
]
[joosten.emails.joosten_email2]
user = [
"s",
"j",
"c",
"joosten",
]
host = [
"utwente",
"nl",
]
[joosten.homepages]
joosten_homepage = "https://sjcjoosten.nl/"
[jungnickel]
name = "Tim Jungnickel"
[jungnickel.emails]
[jungnickel.emails.jungnickel_email]
user = [
"tim",
"jungnickel",
]
host = [
"tu-berlin",
"de",
]
[jungnickel.homepages]
[kadzioka]
name = "Maya Kądziołka"
[kadzioka.emails]
[kadzioka.emails.kadzioka_email]
user = [
"afp",
]
host = [
"compilercrim",
"es",
]
[kadzioka.homepages]
[kaliszyk]
name = "Cezary Kaliszyk"
[kaliszyk.emails]
[kaliszyk.emails.kaliszyk_email]
user = [
"cezary",
"kaliszyk",
]
host = [
"uibk",
"ac",
"at",
]
[kaliszyk.homepages]
kaliszyk_homepage = "http://cl-informatik.uibk.ac.at/users/cek/"
[kammueller]
name = "Florian Kammüller"
[kammueller.emails]
[kammueller.emails.kammueller_email]
user = [
"flokam",
]
host = [
"cs",
"tu-berlin",
"de",
]
[kammueller.emails.kammueller_email1]
user = [
"florian",
"kammuller",
]
host = [
"gmail",
"com",
]
[kammueller.homepages]
kammueller_homepage = "http://www.cs.mdx.ac.uk/people/florian-kammueller/"
[kappelmann]
name = "Kevin Kappelmann"
[kappelmann.emails]
[kappelmann.emails.kappelmann_email]
user = [
"kevin",
"kappelmann",
]
host = [
"tum",
"de",
]
[kappelmann.homepages]
kappelmann_homepage = "https://www21.in.tum.de/team/kappelmk/"
[karayel]
name = "Emin Karayel"
orcid = "0000-0003-3290-5034"
[karayel.emails]
[karayel.emails.karayel_email]
user = [
"me",
]
host = [
"eminkarayel",
"de",
]
[karayel.homepages]
karayel_homepage = "https://orcid.org/0000-0003-3290-5034"
[kastermans]
name = "Bart Kastermans"
[kastermans.emails]
[kastermans.homepages]
kastermans_homepage = "http://kasterma.net"
[katovsky]
name = "Alexander Katovsky"
[katovsky.emails]
[katovsky.emails.katovsky_email]
user = [
"apk32",
]
host = [
"cam",
"ac",
"uk",
]
[katovsky.emails.katovsky_email1]
user = [
"alexander",
"katovsky",
]
host = [
"cantab",
"net",
]
[katovsky.homepages]
[kaufmann]
name = "Daniela Kaufmann"
[kaufmann.emails]
[kaufmann.homepages]
kaufmann_homepage = "http://fmv.jku.at/kaufmann"
[keefe]
name = "Greg O'Keefe"
[keefe.emails]
[keefe.homepages]
keefe_homepage = "http://users.rsise.anu.edu.au/~okeefe/"
[keinholz]
name = "Jonas Keinholz"
[keinholz.emails]
[keinholz.homepages]
[kerber]
name = "Manfred Kerber"
[kerber.emails]
[kerber.emails.kerber_email]
user = [
"mnfrd",
"krbr",
]
host = [
"gmail",
"com",
]
[kerber.homepages]
kerber_homepage = "http://www.cs.bham.ac.uk/~mmk"
[ketland]
name = "Jeffrey Ketland"
[ketland.emails]
[ketland.emails.ketland_email]
user = [
"jeffreyketland",
]
host = [
"gmail",
"com",
]
[ketland.homepages]
[kirchner]
name = "Daniel Kirchner"
[kirchner.emails]
[kirchner.emails.kirchner_email]
user = [
"daniel",
]
host = [
"ekpyron",
"org",
]
[kirchner.homepages]
[klein]
name = "Gerwin Klein"
[klein.emails]
[klein.emails.klein_email]
user = [
"kleing",
]
host = [
"unsw",
"edu",
"au",
]
[klein.homepages]
klein_homepage = "http://www.cse.unsw.edu.au/~kleing/"
[klenze]
name = "Tobias Klenze"
[klenze.emails]
[klenze.emails.klenze_email]
user = [
"tobias",
"klenze",
]
host = [
"inf",
"ethz",
"ch",
]
[klenze.homepages]
[kleppmann]
name = "Martin Kleppmann"
[kleppmann.emails]
[kleppmann.emails.kleppmann_email]
user = [
"martin",
"kleppmann",
]
host = [
"cl",
"cam",
"ac",
"uk",
]
[kleppmann.homepages]
[kobayashi]
name = "Hidetsune Kobayashi"
[kobayashi.emails]
[kobayashi.homepages]
[koerner]
name = "Stefan Körner"
[koerner.emails]
[koerner.emails.koerner_email]
user = [
"s_koer03",
]
host = [
"uni-muenster",
"de",
]
[koerner.homepages]
[kolanski]
name = "Rafal Kolanski"
[kolanski.emails]
[kolanski.emails.kolanski_email]
user = [
"rafal",
"kolanski",
]
host = [
"nicta",
"com",
"au",
]
[kolanski.homepages]
[koller]
name = "Lukas Koller"
[koller.emails]
[koller.emails.koller_email]
user = [
"lukas",
"koller",
]
host = [
"tum",
"de",
]
[koller.homepages]
[krauss]
name = "Alexander Krauss"
[krauss.emails]
[krauss.emails.krauss_email]
user = [
"krauss",
]
host = [
"in",
"tum",
"de",
]
[krauss.homepages]
krauss_homepage = "http://www.in.tum.de/~krauss"
[kreuzer]
name = "Katharina Kreuzer"
[kreuzer.emails]
[kreuzer.emails.kreuzer_email]
user = [
"kreuzerk",
]
host = [
"in",
"tum",
"de",
]
[kreuzer.emails.kreuzer_email1]
user = [
"k",
"kreuzer",
]
host = [
"tum",
"de",
]
[kreuzer.homepages]
kreuzer_homepage = "https://www21.in.tum.de/team/kreuzer/"
[kuncak]
name = "Viktor Kuncak"
[kuncak.emails]
[kuncak.homepages]
kuncak_homepage = "http://lara.epfl.ch/~kuncak/"
[kuncar]
name = "Ondřej Kunčar"
[kuncar.emails]
[kuncar.homepages]
kuncar_homepage = "http://www21.in.tum.de/~kuncar/"
[kurz]
name = "Friedrich Kurz"
[kurz.emails]
[kurz.emails.kurz_email]
user = [
"friedrich",
"kurz",
]
host = [
"tum",
"de",
]
[kurz.homepages]
[lachnitt]
name = "Hanna Lachnitt"
[lachnitt.emails]
[lachnitt.emails.lachnitt_email]
user = [
"lachnitt",
]
host = [
"stanford",
"edu",
]
[lachnitt.homepages]
[lallemand]
name = "Joseph Lallemand"
[lallemand.emails]
[lallemand.emails.lallemand_email]
user = [
"joseph",
"lallemand",
]
host = [
"loria",
"fr",
]
[lallemand.homepages]
[lammich]
name = "Peter Lammich"
[lammich.emails]
[lammich.emails.lammich_email]
user = [
"lammich",
]
host = [
"in",
"tum",
"de",
]
[lammich.emails.lammich_email1]
user = [
"peter",
"lammich",
]
host = [
"uni-muenster",
"de",
]
[lammich.homepages]
lammich_homepage = "http://www21.in.tum.de/~lammich"
[lange]
name = "Christoph Lange"
[lange.emails]
[lange.emails.lange_email]
user = [
"math",
"semantic",
"web",
]
host = [
"gmail",
"com",
]
[lange.homepages]
[langenstein]
name = "Bruno Langenstein"
[langenstein.emails]
[langenstein.emails.langenstein_email]
user = [
"langenstein",
]
host = [
"dfki",
"de",
]
[langenstein.homepages]
[lattuada]
name = "Andrea Lattuada"
[lattuada.emails]
[lattuada.homepages]
lattuada_homepage = "https://andrea.lattuada.me"
[lee]
name = "Holden Lee"
[lee.emails]
[lee.emails.lee_email]
user = [
"holdenl",
]
host = [
"princeton",
"edu",
]
[lee.homepages]
[leustean]
name = "Laurentiu Leustean"
[leustean.emails]
[leustean.homepages]
[lewis]
name = "Corey Lewis"
[lewis.emails]
[lewis.emails.lewis_email]
user = [
"corey",
"lewis",
]
host = [
"data61",
"csiro",
"au",
]
[lewis.homepages]
[li]
name = "Wenda Li"
[li.emails]
[li.emails.li_email]
user = [
"wl302",
]
host = [
"cam",
"ac",
"uk",
]
[li.emails.li_email1]
user = [
"liwenda1990",
]
host = [
"hotmail",
"com",
]
[li.homepages]
li_homepage = "https://www.cl.cam.ac.uk/~wl302/"
[lim]
name = "Japheth Lim"
[lim.emails]
[lim.homepages]
[lindenberg]
name = "Christina Lindenberg"
[lindenberg.emails]
[lindenberg.homepages]
[linker]
name = "Sven Linker"
[linker.emails]
[linker.emails.linker_email]
user = [
"s",
"linker",
]
host = [
"liverpool",
"ac",
"uk",
]
[linker.homepages]
[liu]
name = "Junyi Liu"
[liu.emails]
[liu.homepages]
[liut]
name = "Tao Liu"
[liut.emails]
[liut.homepages]
[liuy]
name = "Yang Liu"
[liuy.emails]
[liuy.emails.liuy_email]
user = [
"yangliu",
]
host = [
"ntu",
"edu",
"sg",
]
[liuy.homepages]
[liy]
name = "Yangjia Li"
[liy.emails]
[liy.homepages]
[lochbihler]
name = "Andreas Lochbihler"
[lochbihler.emails]
[lochbihler.emails.lochbihler_email]
user = [
"andreas",
"lochbihler",
]
host = [
"digitalasset",
"com",
]
[lochbihler.emails.lochbihler_email1]
user = [
"mail",
]
host = [
"andreas-lochbihler",
"de",
]
[lochbihler.homepages]
lochbihler_homepage = "http://www.andreas-lochbihler.de/"
[lochmann]
name = "Alexander Lochmann"
[lochmann.emails]
[lochmann.emails.lochmann_email]
user = [
"alexander",
"lochmann",
]
host = [
"uibk",
"ac",
"at",
]
[lochmann.homepages]
[lohner]
name = "Denis Lohner"
[lohner.emails]
[lohner.emails.lohner_email]
user = [
"denis",
"lohner",
]
host = [
"kit",
"edu",
]
[lohner.homepages]
lohner_homepage = "http://pp.ipd.kit.edu/person.php?id=88"
[loibl]
name = "Matthias Loibl"
[loibl.emails]
[loibl.homepages]
[londono]
name = "Alejandro Gómez-Londoño"
[londono.emails]
[londono.emails.londono_email]
user = [
"alejandro",
"gomez",
]
host = [
"chalmers",
"se",
]
[londono.homepages]
[losa]
name = "Giuliano Losa"
[losa.emails]
[losa.emails.losa_email]
user = [
"giuliano",
"losa",
]
host = [
"epfl",
"ch",
]
[losa.emails.losa_email1]
user = [
"giuliano",
]
host = [
"galois",
"com",
]
[losa.emails.losa_email2]
user = [
"giuliano",
]
host = [
"losa",
"fr",
]
[losa.homepages]
[lutz]
name = "Bianca Lutz"
[lutz.emails]
[lutz.emails.lutz_email]
user = [
"sowilo",
]
host = [
"cs",
"tu-berlin",
"de",
]
[lutz.homepages]
[lux]
name = "Alexander Lux"
[lux.emails]
[lux.emails.lux_email]
user = [
"lux",
]
host = [
"mais",
"informatik",
"tu-darmstadt",
"de",
]
[lux.homepages]
[makarios]
name = "T. J. M. Makarios"
[makarios.emails]
[makarios.emails.makarios_email]
user = [
"tjm1983",
]
host = [
"gmail",
"com",
]
[makarios.homepages]
[maletzky]
name = "Alexander Maletzky"
[maletzky.emails]
[maletzky.emails.maletzky_email]
user = [
"alexander",
"maletzky",
]
host = [
"risc",
"jku",
"at",
]
[maletzky.emails.maletzky_email1]
user = [
"alexander",
"maletzky",
]
host = [
"risc-software",
"at",
]
[maletzky.homepages]
maletzky_homepage = "https://risc.jku.at/m/alexander-maletzky/"
[mansky]
name = "Susannah Mansky"
[mansky.emails]
[mansky.emails.mansky_email]
user = [
"sjohnsn2",
]
host = [
"illinois",
"edu",
]
[mansky.emails.mansky_email1]
user = [
"susannahej",
]
host = [
"gmail",
"com",
]
[mansky.homepages]
[mantel]
name = "Heiko Mantel"
[mantel.emails]
[mantel.emails.mantel_email]
user = [
"mantel",
]
host = [
"mais",
"informatik",
"tu-darmstadt",
"de",
]
[mantel.homepages]
[margetson]
name = "James Margetson"
[margetson.emails]
[margetson.homepages]
[maric]
name = "Ognjen Marić"
[maric.emails]
[maric.emails.maric_email]
user = [
"ogi",
"afp",
]
host = [
"mynosefroze",
"com",
]
[maric.homepages]
[maricf]
name = "Filip Marić"
[maricf.emails]
[maricf.emails.maricf_email]
user = [
"filip",
]
host = [
"matf",
"bg",
"ac",
"rs",
]
[maricf.homepages]
maricf_homepage = "http://www.matf.bg.ac.rs/~filip"
[marmsoler]
name = "Diego Marmsoler"
[marmsoler.emails]
[marmsoler.emails.marmsoler_email]
user = [
"diego",
"marmsoler",
]
host = [
"tum",
"de",
]
[marmsoler.emails.marmsoler_email1]
user = [
"d",
"marmsoler",
]
host = [
"exeter",
"ac",
"uk",
]
[marmsoler.homepages]
marmsoler_homepage = "http://marmsoler.com"
[matache]
name = "Cristina Matache"
[matache.emails]
[matache.emails.matache_email]
user = [
"cris",
"matache",
]
host = [
"gmail",
"com",
]
[matache.homepages]
[matichuk]
name = "Daniel Matichuk"
[matichuk.emails]
[matichuk.homepages]
[matiyasevich]
name = "Yuri Matiyasevich"
[matiyasevich.emails]
[matiyasevich.homepages]
[maximova]
name = "Alexandra Maximova"
[maximova.emails]
[maximova.emails.maximova_email]
user = [
"amaximov",
]
host = [
"student",
"ethz",
"ch",
]
[maximova.homepages]
[meis]
name = "Rene Meis"
[meis.emails]
[meis.emails.meis_email]
user = [
"rene",
"meis",
]
host = [
"uni-muenster",
"de",
]
[meis.emails.meis_email1]
user = [
"rene",
"meis",
]
host = [
"uni-due",
"de",
]
[meis.homepages]
[merz]
name = "Stephan Merz"
[merz.emails]
[merz.emails.merz_email]
user = [
"Stephan",
"Merz",
]
host = [
"loria",
"fr",
]
[merz.homepages]
merz_homepage = "http://www.loria.fr/~merz"
[messner]
name = "Florian Messner"
[messner.emails]
[messner.emails.messner_email]
user = [
"florian",
"g",
"messner",
]
host = [
"uibk",
"ac",
"at",
]
[messner.homepages]
[michaelis]
name = "Julius Michaelis"
[michaelis.emails]
[michaelis.emails.michaelis_email]
user = [
"isabelleopenflow",
]
host = [
"liftm",
"de",
]
[michaelis.emails.michaelis_email1]
user = [
"maintainafpppt",
]
host = [
"liftm",
"de",
]
[michaelis.emails.michaelis_email2]
user = [
"bdd",
]
host = [
"liftm",
"de",
]
[michaelis.emails.michaelis_email3]
user = [
"afp",
]
host = [
"liftm",
"de",
]
[michaelis.homepages]
michaelis_homepage = "http://liftm.de/"
[milehins]
name = "Mihails Milehins"
[milehins.emails]
[milehins.emails.milehins_email]
user = [
"mihailsmilehins",
]
host = [
"gmail",
"com",
]
[milehins.homepages]
[minamide]
name = "Yasuhiko Minamide"
[minamide.emails]
[minamide.emails.minamide_email]
user = [
"minamide",
]
host = [
"is",
"titech",
"ac",
"jp",
]
[minamide.homepages]
minamide_homepage = "https://sv.c.titech.ac.jp/minamide/index.en.html"
[mitchell]
name = "Neil Mitchell"
[mitchell.emails]
[mitchell.homepages]
[mitsch]
name = "Stefan Mitsch"
[mitsch.emails]
[mitsch.emails.mitsch_email]
user = [
"smitsch",
]
host = [
"cs",
"cmu",
"edu",
]
[mitsch.homepages]
[moedersheim]
name = "Sebastian Mödersheim"
[moedersheim.emails]
[moedersheim.emails.moedersheim_email]
user = [
"samo",
]
host = [
"dtu",
"dk",
]
[moedersheim.homepages]
moedersheim_homepage = "https://people.compute.dtu.dk/samo/"
[moeller]
name = "Bernhard Möller"
[moeller.emails]
[moeller.homepages]
moeller_homepage = "https://www.informatik.uni-augsburg.de/en/chairs/dbis/pmi/staff/moeller/"
[muendler]
name = "Niels Mündler"
[muendler.emails]
[muendler.emails.muendler_email]
user = [
"n",
"muendler",
]
host = [
"tum",
"de",
]
[muendler.homepages]
[mulligan]
name = "Dominic P. Mulligan"
[mulligan.emails]
[mulligan.emails.mulligan_email]
user = [
"dominic",
"p",
"mulligan",
]
host = [
"googlemail",
"com",
]
[mulligan.emails.mulligan_email1]
user = [
"Dominic",
"Mulligan",
]
host = [
"arm",
"com",
]
[mulligan.homepages]
[munive]
name = "Jonathan Julian Huerta y Munive"
[munive.emails]
[munive.emails.munive_email]
user = [
"jjhuertaymunive1",
]
host = [
"sheffield",
"ac",
"uk",
]
[munive.emails.munive_email1]
user = [
"jonjulian23",
]
host = [
"gmail",
"com",
]
[munive.homepages]
[murao]
name = "H. Murao"
[murao.emails]
[murao.homepages]
[murray]
name = "Toby Murray"
[murray.emails]
[murray.emails.murray_email]
user = [
"toby",
"murray",
]
host = [
"unimelb",
"edu",
"au",
]
[murray.homepages]
murray_homepage = "https://people.eng.unimelb.edu.au/tobym/"
[nagashima]
name = "Yutaka Nagashima"
[nagashima.emails]
[nagashima.emails.nagashima_email]
user = [
"Yutaka",
"Nagashima",
]
host = [
"data61",
"csiro",
"au",
]
[nagashima.homepages]
[nagele]
name = "Julian Nagele"
[nagele.emails]
[nagele.emails.nagele_email]
user = [
"julian",
"nagele",
]
host = [
"uibk",
"ac",
"at",
]
[nagele.homepages]
[naraschewski]
name = "Wolfgang Naraschewski"
[naraschewski.emails]
[naraschewski.homepages]
[nedzelsky]
name = "Michael Nedzelsky"
[nedzelsky.emails]
[nedzelsky.emails.nedzelsky_email]
user = [
"MichaelNedzelsky",
]
host = [
"yandex",
"ru",
]
[nedzelsky.homepages]
[nemeti]
name = "István Németi"
[nemeti.emails]
[nemeti.homepages]
nemeti_homepage = "http://www.renyi.hu/~nemeti/"
[nemouchi]
name = "Yakoub Nemouchi"
[nemouchi.emails]
[nemouchi.emails.nemouchi_email]
user = [
"nemouchi",
]
host = [
"lri",
"fr",
]
[nemouchi.emails.nemouchi_email1]
user = [
"yakoub",
"nemouchi",
]
host = [
"york",
"ac",
"uk",
]
[nemouchi.homepages]
[nestmann]
name = "Uwe Nestmann"
[nestmann.emails]
[nestmann.homepages]
nestmann_homepage = "https://www.mtv.tu-berlin.de/nestmann/"
[neumann]
name = "René Neumann"
[neumann.emails]
[neumann.emails.neumann_email]
user = [
"rene",
"neumann",
]
host = [
"in",
"tum",
"de",
]
[neumann.homepages]
[nielsen]
name = "Finn Nielsen"
[nielsen.emails]
[nielsen.emails.nielsen_email]
user = [
"finn",
"nielsen",
]
host = [
"uni-muenster",
"de",
]
[nielsen.homepages]
[nikiforov]
name = "Denis Nikiforov"
[nikiforov.emails]
[nikiforov.emails.nikiforov_email]
user = [
"denis",
"nikif",
]
host = [
"gmail",
"com",
]
[nikiforov.homepages]
[nipkow]
name = "Tobias Nipkow"
orcid = "0000-0003-0730-515X"
[nipkow.emails]
[nipkow.emails.nipkow_email]
user = [
"nipkow",
]
host = [
"in",
"tum",
"de",
]
[nipkow.homepages]
nipkow_homepage = "https://www.in.tum.de/~nipkow/"
[nishihara]
name = "Toshiaki Nishihara"
[nishihara.emails]
[nishihara.homepages]
[noce]
name = "Pasquale Noce"
[noce.emails]
[noce.emails.noce_email]
user = [
"pasquale",
"noce",
"lavoro",
]
host = [
"gmail",
"com",
]
[noce.homepages]
[nordhoff]
name = "Benedikt Nordhoff"
[nordhoff.emails]
[nordhoff.emails.nordhoff_email]
user = [
"b",
"n",
]
host = [
"wwu",
"de",
]
[nordhoff.emails.nordhoff_email1]
user = [
"b_nord01",
]
host = [
"uni-muenster",
"de",
]
[nordhoff.homepages]
[noschinski]
name = "Lars Noschinski"
[noschinski.emails]
[noschinski.emails.noschinski_email]
user = [
"noschinl",
]
host = [
"gmail",
"com",
]
[noschinski.homepages]
noschinski_homepage = "http://www21.in.tum.de/~noschinl/"
[obua]
name = "Steven Obua"
[obua.emails]
[obua.emails.obua_email]
user = [
"steven",
]
host = [
"recursivemind",
"com",
]
[obua.homepages]
[ogawa]
name = "Mizuhito Ogawa"
[ogawa.emails]
[ogawa.homepages]
[oldenburg]
name = "Lennart Oldenburg"
[oldenburg.emails]
[oldenburg.homepages]
[olm]
name = "Markus Müller-Olm"
[olm.emails]
[olm.homepages]
olm_homepage = "http://cs.uni-muenster.de/u/mmo/"
[oosterhuis]
name = "Roelof Oosterhuis"
[oosterhuis.emails]
[oosterhuis.emails.oosterhuis_email]
user = [
"roelofoosterhuis",
]
host = [
"gmail",
"com",
]
[oosterhuis.homepages]
[oostrom]
name = "Vincent van Oostrom"
[oostrom.emails]
[oostrom.homepages]
[ortner]
name = "Veronika Ortner"
[ortner.emails]
[ortner.homepages]
[overbeek]
name = "Roy Overbeek"
[overbeek.emails]
[overbeek.emails.overbeek_email]
user = [
"Roy",
"Overbeek",
]
host = [
"cwi",
"nl",
]
[overbeek.homepages]
[pagano]
name = "Miguel Pagano"
[pagano.emails]
[pagano.emails.pagano_email]
user = [
"miguel",
"pagano",
]
host = [
"unc",
"edu",
"ar",
]
[pagano.homepages]
pagano_homepage = "https://cs.famaf.unc.edu.ar/~mpagano/"
[pal]
name = "Abhik Pal"
[pal.emails]
[pal.homepages]
[paleo]
name = "Bruno Woltzenlogel Paleo"
[paleo.emails]
[paleo.homepages]
paleo_homepage = "http://www.logic.at/staff/bruno/"
[palmer]
name = "Jake Palmer"
[palmer.emails]
[palmer.emails.palmer_email]
user = [
"jake",
"palmer",
]
host = [
"ed",
"ac",
"uk",
]
[palmer.homepages]
[parkinson]
name = "Matthew Parkinson"
[parkinson.emails]
[parkinson.homepages]
parkinson_homepage = "http://research.microsoft.com/people/mattpark/"
[parrow]
name = "Joachim Parrow"
[parrow.emails]
[parrow.emails.parrow_email]
user = [
"joachim",
"parrow",
]
host = [
"it",
"uu",
"se",
]
[parrow.homepages]
[parsert]
name = "Julian Parsert"
[parsert.emails]
[parsert.emails.parsert_email]
user = [
"julian",
"parsert",
]
host = [
"gmail",
"com",
]
[parsert.emails.parsert_email1]
user = [
"julian",
"parsert",
]
host = [
"uibk",
"ac",
"at",
]
[parsert.homepages]
parsert_homepage = "http://www.parsert.com/"
[paulson]
name = "Lawrence C. Paulson"
[paulson.emails]
[paulson.emails.paulson_email]
user = [
"lp15",
]
host = [
"cam",
"ac",
"uk",
]
[paulson.homepages]
paulson_homepage = "https://www.cl.cam.ac.uk/~lp15/"
[peltier]
name = "Nicolas Peltier"
[peltier.emails]
[peltier.emails.peltier_email]
user = [
"Nicolas",
"Peltier",
]
host = [
"imag",
"fr",
]
[peltier.homepages]
peltier_homepage = "http://membres-lig.imag.fr/peltier/"
[peters]
name = "Kirstin Peters"
[peters.emails]
[peters.emails.peters_email]
user = [
"kirstin",
"peters",
]
host = [
"tu-berlin",
"de",
]
[peters.homepages]
[petrovic]
name = "Danijela Petrovic"
[petrovic.emails]
[petrovic.homepages]
petrovic_homepage = "http://www.matf.bg.ac.rs/~danijela"
[pierzchalski]
name = "Edward Pierzchalski"
[pierzchalski.emails]
[pierzchalski.homepages]
[platzer]
name = "André Platzer"
[platzer.emails]
[platzer.emails.platzer_email]
user = [
"aplatzer",
]
host = [
"cs",
"cmu",
"edu",
]
[platzer.homepages]
platzer_homepage = "https://www.cs.cmu.edu/~aplatzer/"
[pohjola]
name = "Johannes Åman Pohjola"
[pohjola.emails]
[pohjola.homepages]
[pollak]
name = "Florian Pollak"
[pollak.emails]
[pollak.emails.pollak_email]
user = [
"florian",
"pollak",
]
host = [
"gmail",
"com",
]
[pollak.homepages]
[popescu]
name = "Andrei Popescu"
[popescu.emails]
[popescu.emails.popescu_email]
user = [
"a",
"popescu",
]
host = [
"sheffield",
"ac",
"uk",
]
[popescu.emails.popescu_email1]
user = [
"uuomul",
]
host = [
"yahoo",
"com",
]
[popescu.emails.popescu_email2]
user = [
"a",
"popescu",
]
host = [
"mdx",
"ac",
"uk",
]
[popescu.homepages]
popescu_homepage = "https://www.andreipopescu.uk"
[porter]
name = "Benjamin Porter"
[porter.emails]
[porter.homepages]
[prathamesh]
name = "T.V.H. Prathamesh"
[prathamesh.emails]
[prathamesh.emails.prathamesh_email]
user = [
"prathamesh",
]
host = [
"imsc",
"res",
"in",
]
[prathamesh.homepages]
[preoteasa]
name = "Viorel Preoteasa"
[preoteasa.emails]
[preoteasa.emails.preoteasa_email]
user = [
"viorel",
"preoteasa",
]
host = [
"aalto",
"fi",
]
[preoteasa.homepages]
preoteasa_homepage = "http://users.abo.fi/vpreotea/"
[pusch]
name = "Cornelia Pusch"
[pusch.emails]
[pusch.homepages]
[rabe]
name = "Markus N. Rabe"
[rabe.emails]
[rabe.homepages]
rabe_homepage = "http://www.react.uni-saarland.de/people/rabe.html"
[raedle]
name = "Jonas Rädle"
[raedle.emails]
[raedle.emails.raedle_email]
user = [
"jonas",
"raedle",
]
host = [
"gmail",
"com",
]
[raedle.emails.raedle_email1]
user = [
"jonas",
"raedle",
]
host = [
"tum",
"de",
]
[raedle.homepages]
[raska]
name = "Martin Raška"
[raska.emails]
[raska.homepages]
[raszyk]
name = "Martin Raszyk"
[raszyk.emails]
[raszyk.emails.raszyk_email]
user = [
"martin",
"raszyk",
]
host = [
"inf",
"ethz",
"ch",
]
[raszyk.emails.raszyk_email1]
user = [
"m",
"raszyk",
]
host = [
"gmail",
"com",
]
[raszyk.homepages]
[rau]
name = "Martin Rau"
[rau.emails]
[rau.emails.rau_email]
user = [
"martin",
"rau",
]
host = [
"tum",
"de",
]
[rau.emails.rau_email1]
user = [
"mrtnrau",
]
host = [
"googlemail",
"com",
]
[rau.homepages]
[rauch]
name = "Nicole Rauch"
[rauch.emails]
[rauch.emails.rauch_email]
user = [
"rauch",
]
host = [
"informatik",
"uni-kl",
"de",
]
[rauch.homepages]
[raumer]
name = "Jakob von Raumer"
[raumer.emails]
[raumer.emails.raumer_email]
user = [
"psxjv4",
]
host = [
"nottingham",
"ac",
"uk",
]
[raumer.homepages]
[ravindran]
name = "Binoy Ravindran"
[ravindran.emails]
[ravindran.homepages]
[rawson]
name = "Michael Rawson"
[rawson.emails]
[rawson.emails.rawson_email]
user = [
"michaelrawson76",
]
host = [
"gmail",
"com",
]
[rawson.emails.rawson_email1]
user = [
"mr644",
]
host = [
"cam",
"ac",
"uk",
]
[rawson.homepages]
[raya]
name = "Rodrigo Raya"
[raya.emails]
[raya.homepages]
raya_homepage = "https://people.epfl.ch/rodrigo.raya"
[regensburger]
name = "Franz Regensburger"
[regensburger.emails]
[regensburger.emails.regensburger_email]
user = [
"Franz",
"Regensburger",
]
host = [
"thi",
"de"
]
[regensburger.homepages]
regensburger_homepage = "https://www.thi.de/suche/mitarbeiter/prof-dr-rer-nat-franz-regensburger"
[reiche]
name = "Sebastian Reiche"
[reiche.emails]
[reiche.homepages]
reiche_homepage = "https://www.linkedin.com/in/sebastian-reiche-0b2093178"
[reiter]
name = "Markus Reiter"
[reiter.emails]
[reiter.homepages]
[reynaud]
name = "Alban Reynaud"
[reynaud.emails]
[reynaud.homepages]
[ribeiro]
name = "Pedro Ribeiro"
[ribeiro.emails]
[ribeiro.homepages]
[richter]
name = "Stefan Richter"
[richter.emails]
[richter.emails.richter_email]
user = [
"richter",
]
host = [
"informatik",
"rwth-aachen",
"de",
]
[richter.homepages]
richter_homepage = "http://www-lti.informatik.rwth-aachen.de/~richter/"
[rickmann]
name = "Christina Rickmann"
[rickmann.emails]
[rickmann.emails.rickmann_email]
user = [
"c",
"rickmann",
]
host = [
"tu-berlin",
"de",
]
[rickmann.homepages]
[ridge]
name = "Tom Ridge"
[ridge.emails]
[ridge.homepages]
[rizaldi]
name = "Albert Rizaldi"
[rizaldi.emails]
[rizaldi.emails.rizaldi_email]
user = [
"albert",
"rizaldi",
]
host = [
"ntu",
"edu",
"sg",
]
[rizaldi.homepages]
[rizkallah]
name = "Christine Rizkallah"
[rizkallah.emails]
[rizkallah.homepages]
rizkallah_homepage = "https://www.mpi-inf.mpg.de/~crizkall/"
[robillard]
name = "Simon Robillard"
[robillard.emails]
[robillard.homepages]
robillard_homepage = "https://simon-robillard.net/"
[roessle]
name = "Ian Roessle"
[roessle.emails]
[roessle.homepages]
[romanos]
name = "Ralph Romanos"
[romanos.emails]
[romanos.emails.romanos_email]
user = [
"ralph",
"romanos",
]
host = [
"student",
"ecp",
"fr",
]
[romanos.homepages]
[rosskopf]
name = "Simon Roßkopf"
[rosskopf.emails]
[rosskopf.emails.rosskopf_email]
user = [
"rosskops",
]
host = [
"in",
"tum",
"de",
]
[rosskopf.homepages]
rosskopf_homepage = "http://www21.in.tum.de/~rosskops"
[rowat]
name = "Colin Rowat"
[rowat.emails]
[rowat.emails.rowat_email]
user = [
"c",
"rowat",
]
host = [
"bham",
"ac",
"uk",
]
[rowat.homepages]
[sabouret]
name = "Nicolas Sabouret"
[sabouret.emails]
[sabouret.homepages]
[sachtleben]
name = "Robert Sachtleben"
[sachtleben.emails]
[sachtleben.emails.sachtleben_email]
user = [
"rob_sac",
]
host = [
"uni-bremen",
"de",
]
[sachtleben.homepages]
[saile]
name = "Christian Saile"
[saile.emails]
[saile.homepages]
saile_homepage = "http://dss.in.tum.de/staff/christian-saile.html"
[sanan]
name = "David Sanan"
[sanan.emails]
[sanan.emails.sanan_email]
user = [
"sanan",
]
host = [
"ntu",
"edu",
"sg",
]
[sanan.homepages]
[sato]
name = "Tetsuya Sato"
[sato.emails]
[sato.emails.sato_email]
user = [
"tsato",
]
host = [
"c",
"titech",
"ac",
"jp",
]
[sato.homepages]
sato_homepage = "https://sites.google.com/view/tetsuyasato/"
[sauer]
name = "Jens Sauer"
[sauer.emails]
[sauer.emails.sauer_email]
user = [
"sauer",
]
host = [
"mais",
"informatik",
"tu-darmstadt",
"de",
]
[sauer.homepages]
[schaeffeler]
name = "Maximilian Schäffeler"
[schaeffeler.emails]
[schaeffeler.emails.schaeffeler_email]
user = [
"schaeffm",
]
host = [
"in",
"tum",
"de",
]
[schaeffeler.homepages]
[scharager]
name = "Matias Scharager"
[scharager.emails]
[scharager.emails.scharager_email]
user = [
"mscharag",
]
host = [
"cs",
"cmu",
"edu",
]
[scharager.homepages]
[schimpf]
name = "Alexander Schimpf"
[schimpf.emails]
[schimpf.emails.schimpf_email]
user = [
"schimpfa",
]
host = [
"informatik",
"uni-freiburg",
"de",
]
[schimpf.homepages]
[schirmer]
name = "Norbert Schirmer"
[schirmer.emails]
[schirmer.emails.schirmer_email]
user = [
"norbert",
"schirmer",
]
host = [
"web",
"de",
]
[schirmer.homepages]
[schleicher]
name = "Dierk Schleicher"
[schleicher.emails]
[schleicher.homepages]
[schlichtkrull]
name = "Anders Schlichtkrull"
[schlichtkrull.emails]
[schlichtkrull.emails.schlichtkrull_email]
user = [
"andschl",
]
host = [
"dtu",
"dk",
]
[schlichtkrull.homepages]
schlichtkrull_homepage = "https://people.compute.dtu.dk/andschl/"
[schmaltz]
name = "Julien Schmaltz"
[schmaltz.emails]
[schmaltz.emails.schmaltz_email]
user = [
"Julien",
"Schmaltz",
]
host = [
"ou",
"nl",
]
[schmaltz.homepages]
[schmidinger]
name = "Lukas Schmidinger"
[schmidinger.emails]
[schmidinger.homepages]
[schmoetten]
name = "Richard Schmoetten"
[schmoetten.emails]
[schmoetten.emails.schmoetten_email]
user = [
"s1311325",
]
host = [
"sms",
"ed",
"ac",
"uk",
]
[schmoetten.homepages]
[schneider]
name = "Joshua Schneider"
[schneider.emails]
[schneider.emails.schneider_email]
user = [
"joshua",
"schneider",
]
host = [
"inf",
"ethz",
"ch",
]
[schneider.homepages]
[schoepe]
name = "Daniel Schoepe"
[schoepe.emails]
[schoepe.emails.schoepe_email]
user = [
"daniel",
]
host = [
"schoepe",
"org",
]
[schoepe.homepages]
[schoepf]
name = "Jonas Schöpf"
[schoepf.emails]
[schoepf.emails.schoepf_email]
user = [
"jonas",
"schoepf",
]
host = [
"uibk",
"ac",
"at",
]
[schoepf.homepages]
[scott]
name = "Dana Scott"
[scott.emails]
[scott.homepages]
scott_homepage = "http://www.cs.cmu.edu/~scott/"
[sefidgar]
name = "S. Reza Sefidgar"
[sefidgar.emails]
[sefidgar.emails.sefidgar_email]
user = [
"reza",
"sefidgar",
]
host = [
"inf",
"ethz",
"ch",
]
[sefidgar.homepages]
[seidl]
name = "Benedikt Seidl"
[seidl.emails]
[seidl.emails.seidl_email]
user = [
"benedikt",
"seidl",
]
host = [
"tum",
"de",
]
[seidl.homepages]
[seidler]
name = "Henning Seidler"
[seidler.emails]
[seidler.emails.seidler_email]
user = [
"henning",
"seidler",
]
host = [
"mailbox",
"tu-berlin",
"de",
]
[seidler.homepages]
[sewell]
name = "Thomas Sewell"
[sewell.emails]
[sewell.homepages]
[sickert]
name = "Salomon Sickert"
[sickert.emails]
[sickert.emails.sickert_email]
user = [
"s",
"sickert",
]
host = [
"tum",
"de",
]
[sickert.homepages]
sickert_homepage = "https://www7.in.tum.de/~sickert"
[siek]
name = "Jeremy Siek"
[siek.emails]
[siek.emails.siek_email]
user = [
"jsiek",
]
host = [
"indiana",
"edu",
]
[siek.homepages]
siek_homepage = "http://homes.soic.indiana.edu/jsiek/"
[simic]
name = "Danijela Simić"
[simic.emails]
[simic.emails.simic_email]
user = [
"danijela",
]
host = [
"matf",
"bg",
"ac",
"rs",
]
[simic.homepages]
simic_homepage = "http://poincare.matf.bg.ac.rs/~danijela"
[sison]
name = "Robert Sison"
[sison.emails]
[sison.homepages]
[smaus]
name = "Jan-Georg Smaus"
[smaus.emails]
[smaus.homepages]
smaus_homepage = "http://www.irit.fr/~Jan-Georg.Smaus"
[smola]
name = "Filip Smola"
[smola.emails]
[smola.emails.smola_email]
user = [
"f",
"smola",
]
host = [
"sms",
"ed",
"ac",
"uk",
]
[smola.homepages]
[snelting]
name = "Gregor Snelting"
[snelting.emails]
[snelting.homepages]
snelting_homepage = "http://pp.info.uni-karlsruhe.de/personhp/gregor_snelting.php"
[somaini]
name = "Ivano Somaini"
[somaini.emails]
[somaini.homepages]
[somogyi]
name = "Dániel Somogyi"
[somogyi.emails]
[somogyi.homepages]
[spasic]
name = "Mirko Spasić"
[spasic.emails]
[spasic.emails.spasic_email]
user = [
"mirko",
]
host = [
"matf",
"bg",
"ac",
"rs",
]
[spasic.homepages]
[spichkova]
name = "Maria Spichkova"
[spichkova.emails]
[spichkova.emails.spichkova_email]
user = [
"maria",
"spichkova",
]
host = [
"rmit",
"edu",
"au",
]
[spichkova.homepages]
[sprenger]
name = "Christoph Sprenger"
[sprenger.emails]
[sprenger.emails.sprenger_email]
user = [
"sprenger",
]
host = [
"inf",
"ethz",
"ch",
]
[sprenger.homepages]
[stannett]
name = "Mike Stannett"
[stannett.emails]
[stannett.emails.stannett_email]
user = [
"m",
"stannett",
]
host = [
"sheffield",
"ac",
"uk",
]
[stannett.homepages]
[stark]
name = "Eugene W. Stark"
[stark.emails]
[stark.emails.stark_email]
user = [
"stark",
]
host = [
"cs",
"stonybrook",
"edu",
]
[stark.homepages]
[starosta]
name = "Štěpán Starosta"
[starosta.emails]
[starosta.emails.starosta_email]
user = [
"stepan",
"starosta",
]
host = [
"fit",
"cvut",
"cz",
]
[starosta.homepages]
starosta_homepage = "https://users.fit.cvut.cz/~staroste/"
[steinberg]
name = "Matías Steinberg"
[steinberg.emails]
[steinberg.emails.steinberg_email]
user = [
"matias",
"steinberg",
]
host = [
"mi",
"unc",
"edu",
"ar",
]
[steinberg.homepages]
[stephan]
name = "Werner Stephan"
[stephan.emails]
[stephan.emails.stephan_email]
user = [
"stephan",
]
host = [
"dfki",
"de",
]
[stephan.homepages]
[sternagel]
name = "Christian Sternagel"
[sternagel.emails]
[sternagel.emails.sternagel_email]
user = [
"c",
"sternagel",
]
host = [
"gmail",
"com",
]
[sternagel.emails.sternagel_email1]
user = [
"christian",
"sternagel",
]
host = [
"uibk",
"ac",
"at",
]
[sternagel.homepages]
sternagel_homepage = "http://cl-informatik.uibk.ac.at/users/griff/"
[sternagelt]
name = "Thomas Sternagel"
[sternagelt.emails]
[sternagelt.homepages]
[stevens]
name = "Lukas Stevens"
[stevens.emails]
+[stevens.emails.stevens_email]
+user = [
+ "lukas.stevens",
+]
+host = [
+ "in",
+ "tum",
+ "de"
+]
[stevens.homepages]
stevens_homepage = "https://www21.in.tum.de/team/stevensl"
[stock]
name = "Benedikt Stock"
[stock.emails]
[stock.emails.stock_email]
user = [
"benedikt1999",
]
host = [
"freenet",
"de",
]
[stock.homepages]
+[stoeckl]
+name = "Bernhard Stöckl"
+
+[stoeckl.emails]
+
+[stoeckl.emails.stoeckl_email]
+user = [
+ "stoeckl",
+]
+host = [
+ "in",
+ "tum",
+ "de"
+]
+
+[stoeckl.homepages]
+
[stricker]
name = "Christian Stricker"
[stricker.emails]
[stricker.homepages]
stricker_homepage = "http://dss.in.tum.de/staff/christian-stricker.html"
[strnisa]
name = "Rok Strniša"
[strnisa.emails]
[strnisa.emails.strnisa_email]
user = [
"rok",
]
host = [
"strnisa",
"com",
]
[strnisa.homepages]
strnisa_homepage = "http://rok.strnisa.com/lj/"
[struth]
name = "Georg Struth"
[struth.emails]
[struth.emails.struth_email]
user = [
"g",
"struth",
]
host = [
"sheffield",
"ac",
"uk",
]
[struth.homepages]
struth_homepage = "http://staffwww.dcs.shef.ac.uk/people/G.Struth/"
[stueber]
name = "Anke Stüber"
[stueber.emails]
[stueber.emails.stueber_email]
user = [
"anke",
"stueber",
]
host = [
"campus",
"tu-berlin",
"de",
]
[stueber.homepages]
[stuewe]
name = "Daniel Stüwe"
[stuewe.emails]
[stuewe.homepages]
[sudbrock]
name = "Henning Sudbrock"
[sudbrock.emails]
[sudbrock.emails.sudbrock_email]
user = [
"sudbrock",
]
host = [
"mais",
"informatik",
"tu-darmstadt",
"de",
]
[sudbrock.homepages]
[sudhof]
name = "Henry Sudhof"
[sudhof.emails]
[sudhof.emails.sudhof_email]
user = [
"hsudhof",
]
host = [
"cs",
"tu-berlin",
"de",
]
[sudhof.homepages]
[sulejmani]
name = "Ujkan Sulejmani"
[sulejmani.emails]
[sulejmani.emails.sulejmani_email]
user = [
"ujkan",
"sulejmani",
]
host = [
"tum",
"de",
]
[sulejmani.emails.sulejmani_email1]
user = [
"ujkan99",
]
host = [
"gmail",
"com",
]
[sulejmani.homepages]
[sylvestre]
name = "Jeremy Sylvestre"
[sylvestre.emails]
[sylvestre.emails.sylvestre_email]
user = [
"jeremy",
"sylvestre",
]
host = [
"ualberta",
"ca",
]
[sylvestre.emails.sylvestre_email1]
user = [
"jsylvest",
]
host = [
"ualberta",
"ca",
]
[sylvestre.homepages]
sylvestre_homepage = "http://ualberta.ca/~jsylvest/"
[taha]
name = "Safouan Taha"
[taha.emails]
[taha.emails.taha_email]
user = [
"safouan",
"taha",
]
host = [
"lri",
"fr",
]
[taha.homepages]
[tan]
name = "Yong Kiam Tan"
[tan.emails]
[tan.emails.tan_email]
user = [
"yongkiat",
]
host = [
"cs",
"cmu",
"edu",
]
[tan.homepages]
tan_homepage = "https://www.cs.cmu.edu/~yongkiat/"
[tasch]
name = "Markus Tasch"
[tasch.emails]
[tasch.emails.tasch_email]
user = [
"tasch",
]
host = [
"mais",
"informatik",
"tu-darmstadt",
"de",
]
[tasch.homepages]
[taylor]
name = "Ramsay G. Taylor"
[taylor.emails]
[taylor.emails.taylor_email]
user = [
"r",
"g",
"taylor",
]
host = [
"sheffield",
"ac",
"uk",
]
[taylor.homepages]
[terraf]
name = "Pedro Sánchez Terraf"
[terraf.emails]
[terraf.emails.terraf_email]
user = [
"psterraf",
]
host = [
"unc",
"edu",
"ar",
]
[terraf.homepages]
terraf_homepage = "https://cs.famaf.unc.edu.ar/~pedro/home_en.html"
[thiemann]
name = "René Thiemann"
[thiemann.emails]
[thiemann.emails.thiemann_email]
user = [
"rene",
"thiemann",
]
host = [
"uibk",
"ac",
"at",
]
[thiemann.homepages]
thiemann_homepage = "http://cl-informatik.uibk.ac.at/users/thiemann/"
[thommes]
name = "Joseph Thommes"
[thommes.emails]
[thommes.emails.thommes_email]
user = [
"joseph-thommes",
]
host = [
"gmx",
"de",
]
[thommes.homepages]
[thomson]
name = "Fox Thomson"
[thomson.emails]
[thomson.emails.thomson_email]
user = [
"foxthomson0",
]
host = [
"gmail",
"com",
]
[thomson.homepages]
[tiu]
name = "Alwen Tiu"
[tiu.emails]
[tiu.emails.tiu_email]
user = [
"ATiu",
]
host = [
"ntu",
"edu",
"sg",
]
[tiu.homepages]
tiu_homepage = "http://users.cecs.anu.edu.au/~tiu/"
[toth]
name = "Balazs Toth"
[toth.emails]
[toth.emails.toth_email]
user = [
"balazs",
"toth",
]
host = [
"tum",
"de",
]
[toth.homepages]
[tourret]
name = "Sophie Tourret"
[tourret.emails]
[tourret.emails.tourret_email]
user = [
"stourret",
]
host = [
"mpi-inf",
"mpg",
"de",
]
[tourret.homepages]
tourret_homepage = "https://www.mpi-inf.mpg.de/departments/automation-of-logic/people/sophie-tourret/"
[trachtenherz]
name = "David Trachtenherz"
[trachtenherz.emails]
[trachtenherz.homepages]
[traut]
name = "Christoph Traut"
[traut.emails]
[traut.homepages]
[traytel]
name = "Dmitriy Traytel"
[traytel.emails]
[traytel.emails.traytel_email]
user = [
"traytel",
]
host = [
"in",
"tum",
"de",
]
[traytel.emails.traytel_email1]
user = [
"traytel",
]
host = [
"inf",
"ethz",
"ch",
]
[traytel.emails.traytel_email2]
user = [
"traytel",
]
host = [
"di",
"ku",
"dk",
]
[traytel.homepages]
traytel_homepage = "https://traytel.bitbucket.io/"
[trelat]
name = "Vincent Trélat"
[trelat.emails]
[trelat.emails.trelat_email]
user = [
"vincent",
"trelat",
]
host = [
"depinfonancy",
"net",
]
[trelat.homepages]
[tuerk]
name = "Thomas Tuerk"
[tuerk.emails]
[tuerk.homepages]
[tuong]
name = "Frédéric Tuong"
[tuong.emails]
[tuong.emails.tuong_email]
user = [
"tuong",
]
host = [
"users",
"gforge",
"inria",
"fr",
]
[tuong.emails.tuong_email1]
user = [
"ftuong",
]
host = [
"lri",
"fr",
]
[tuong.homepages]
tuong_homepage = "https://www.lri.fr/~ftuong/"
[tuongj]
name = "Joseph Tuong"
[tuongj.emails]
[tuongj.homepages]
[tverdyshev]
name = "Sergey Tverdyshev"
[tverdyshev.emails]
[tverdyshev.emails.tverdyshev_email]
user = [
"stv",
]
host = [
"sysgo",
"com",
]
[tverdyshev.homepages]
[ullrich]
name = "Sebastian Ullrich"
[ullrich.emails]
[ullrich.emails.ullrich_email]
user = [
"sebasti",
]
host = [
"nullri",
"ch",
]
[ullrich.homepages]
[unruh]
name = "Dominique Unruh"
[unruh.emails]
[unruh.emails.unruh_email]
user = [
"unruh",
]
host = [
"ut",
"ee",
]
[unruh.homepages]
unruh_homepage = "https://www.ut.ee/~unruh/"
[urban]
name = "Christian Urban"
[urban.emails]
[urban.emails.urban_email]
user = [
"christian",
"urban",
]
host = [
"kcl",
"ac",
"uk",
]
[urban.homepages]
urban_homepage = "https://nms.kcl.ac.uk/christian.urban/"
[van]
name = "Hai Nguyen Van"
[van.emails]
[van.emails.van_email]
user = [
"hai",
"nguyenvan",
"phie",
]
host = [
"gmail",
"com",
]
[van.homepages]
[velykis]
name = "Andrius Velykis"
[velykis.emails]
[velykis.homepages]
velykis_homepage = "http://andrius.velykis.lt"
[verbeek]
name = "Freek Verbeek"
[verbeek.emails]
[verbeek.emails.verbeek_email]
user = [
"Freek",
"Verbeek",
]
host = [
"ou",
"nl",
]
[verbeek.emails.verbeek_email1]
user = [
"freek",
]
host = [
"vt",
"edu",
]
[verbeek.homepages]
[villadsen]
name = "Jørgen Villadsen"
[villadsen.emails]
[villadsen.emails.villadsen_email]
user = [
"jovi",
]
host = [
"dtu",
"dk",
]
[villadsen.homepages]
villadsen_homepage = "https://people.compute.dtu.dk/jovi/"
[voisin]
name = "Frederic Voisin"
[voisin.emails]
[voisin.homepages]
[vytiniotis]
name = "Dimitrios Vytiniotis"
[vytiniotis.emails]
[vytiniotis.homepages]
vytiniotis_homepage = "http://research.microsoft.com/en-us/people/dimitris/"
[wagner]
name = "Max Wagner"
[wagner.emails]
[wagner.emails.wagner_email]
user = [
"max",
]
host = [
"trollbu",
"de",
]
[wagner.homepages]
[waldmann]
name = "Uwe Waldmann"
[waldmann.emails]
[waldmann.emails.waldmann_email]
user = [
"waldmann",
]
host = [
"mpi-inf",
"mpg",
"de",
]
[waldmann.homepages]
[wand]
name = "Daniel Wand"
[wand.emails]
[wand.emails.wand_email]
user = [
"dwand",
]
host = [
"mpi-inf",
"mpg",
"de",
]
[wand.homepages]
[wang]
name = "Shuling Wang"
[wang.emails]
[wang.homepages]
[wassell]
name = "Mark Wassell"
[wassell.emails]
[wassell.emails.wassell_email]
user = [
"mpwassell",
]
host = [
"gmail",
"com",
]
[wassell.homepages]
[wasserrab]
name = "Daniel Wasserrab"
[wasserrab.emails]
[wasserrab.homepages]
wasserrab_homepage = "http://pp.info.uni-karlsruhe.de/personhp/daniel_wasserrab.php"
[watt]
name = "Conrad Watt"
[watt.emails]
[watt.emails.watt_email]
user = [
"caw77",
]
host = [
"cam",
"ac",
"uk",
]
[watt.homepages]
watt_homepage = "http://www.cl.cam.ac.uk/~caw77/"
[weber]
name = "Tjark Weber"
[weber.emails]
[weber.emails.weber_email]
user = [
"tjark",
"weber",
]
host = [
"it",
"uu",
"se",
]
[weber.homepages]
weber_homepage = "http://user.it.uu.se/~tjawe125/"
[weerwag]
name = "Timmy Weerwag"
[weerwag.emails]
[weerwag.homepages]
[weidner]
name = "Arno Wilhelm-Weidner"
[weidner.emails]
[weidner.emails.weidner_email]
user = [
"arno",
"wilhelm-weidner",
]
host = [
"tu-berlin",
"de",
]
[weidner.homepages]
[wenzel]
name = "Makarius Wenzel"
[wenzel.emails]
[wenzel.emails.wenzel_email]
user = [
"makarius",
]
host = [
"sketis",
"net",
]
[wenzel.homepages]
wenzel_homepage = "https://sketis.net"
[wickerson]
name = "John Wickerson"
[wickerson.emails]
[wickerson.homepages]
wickerson_homepage = "http://www.doc.ic.ac.uk/~jpw48"
[willenbrink]
name = "Sebastian Willenbrink"
[willenbrink.emails]
[willenbrink.emails.willenbrink_email]
user = [
"sebastian",
"willenbrink",
]
host = [
"tum",
"de",
]
[willenbrink.homepages]
[wimmer]
name = "Simon Wimmer"
[wimmer.emails]
[wimmer.emails.wimmer_email]
user = [
"simon",
"wimmer",
]
host = [
"tum",
"de",
]
[wimmer.homepages]
wimmer_homepage = "http://home.in.tum.de/~wimmers/"
[wirt]
name = "Kai Wirt"
[wirt.emails]
[wirt.homepages]
[wolff]
name = "Burkhart Wolff"
[wolff.emails]
[wolff.emails.wolff_email]
user = [
"burkhart",
"wolff",
]
host = [
"lri",
"fr",
]
[wolff.homepages]
wolff_homepage = "https://www.lri.fr/~wolff/"
[wu]
name = "Chunhan Wu"
[wu.emails]
[wu.homepages]
[xu]
name = "Jian Xu"
[xu.emails]
[xu.homepages]
[yamada]
name = "Akihisa Yamada"
[yamada.emails]
[yamada.emails.yamada_email]
user = [
"akihisa",
"yamada",
]
host = [
"uibk",
"ac",
"at",
]
[yamada.emails.yamada_email1]
user = [
"ayamada",
]
host = [
"trs",
"cm",
"is",
"nagoya-u",
"ac",
"jp",
]
[yamada.emails.yamada_email2]
user = [
"akihisa",
"yamada",
]
host = [
"aist",
"go",
"jp",
]
[yamada.emails.yamada_email3]
user = [
"akihisayamada",
]
host = [
"nii",
"ac",
"jp",
]
[yamada.homepages]
yamada_homepage = "http://group-mmm.org/~ayamada/"
[ye]
name = "Lina Ye"
[ye.emails]
[ye.emails.ye_email]
user = [
"lina",
"ye",
]
host = [
"lri",
"fr",
]
[ye.homepages]
[ying]
name = "Shenggang Ying"
[ying.emails]
[ying.homepages]
[yingm]
name = "Mingsheng Ying"
[yingm.emails]
[yingm.homepages]
[yu]
name = "Lei Yu"
[yu.emails]
[yu.emails.yu_email]
user = [
"ly271",
]
host = [
"cam",
"ac",
"uk",
]
[yu.homepages]
[zankl]
name = "Harald Zankl"
[zankl.emails]
[zankl.emails.zankl_email]
user = [
"Harald",
"Zankl",
]
host = [
"uibk",
"ac",
"at",
]
[zankl.homepages]
zankl_homepage = "http://cl-informatik.uibk.ac.at/users/hzankl"
[zee]
name = "Karen Zee"
[zee.emails]
[zee.emails.zee_email]
user = [
"kkz",
]
host = [
"mit",
"edu",
]
[zee.homepages]
zee_homepage = "http://www.mit.edu/~kkz/"
[zeller]
name = "Peter Zeller"
[zeller.emails]
[zeller.emails.zeller_email]
user = [
"p_zeller",
]
host = [
"cs",
"uni-kl",
"de",
]
[zeller.homepages]
[zeyda]
name = "Frank Zeyda"
[zeyda.emails]
[zeyda.emails.zeyda_email]
user = [
"frank",
"zeyda",
]
host = [
"york",
"ac",
"uk",
]
[zeyda.homepages]
[zhan]
name = "Bohua Zhan"
[zhan.emails]
[zhan.emails.zhan_email]
user = [
"bzhan",
]
host = [
"ios",
"ac",
"cn",
]
[zhan.homepages]
zhan_homepage = "http://lcs.ios.ac.cn/~bzhan/"
[zhang]
name = "Yu Zhang"
[zhang.emails]
[zhang.homepages]
[zhangx]
name = "Xingyuan Zhang"
[zhangx.emails]
[zhangx.homepages]
[zhann]
name = "Naijun Zhan"
[zhann.emails]
[zhann.homepages]
diff --git a/metadata/entries/Query_Optimization.toml b/metadata/entries/Query_Optimization.toml
new file mode 100644
--- /dev/null
+++ b/metadata/entries/Query_Optimization.toml
@@ -0,0 +1,34 @@
+title = "Verification of Query Optimization Algorithms"
+date = 2022-10-04
+topics = [
+ "Computer science/Data management systems",
+]
+abstract = """
+This formalization includes a general framework for query optimization
+consisting of the definitions of selectivities, query graphs, join
+trees, and cost functions. Furthermore, it implements the join
+ordering algorithm IKKBZ using these definitions. It verifies the
+correctness of these definitions and proves that IKKBZ produces an
+optimal solution within a restricted solution space."""
+license = "bsd"
+note = ""
+
+[authors]
+
+[authors.stevens]
+homepage = "stevens_homepage"
+
+[authors.stoeckl]
+email = "stoeckl_email"
+
+[contributors]
+
+[notify]
+stevens = "stevens_email"
+stoeckl = "stoeckl_email"
+
+[history]
+
+[extra]
+
+[related]
diff --git a/thys/Query_Optimization/CostFunctions.thy b/thys/Query_Optimization/CostFunctions.thy
new file mode 100644
--- /dev/null
+++ b/thys/Query_Optimization/CostFunctions.thy
@@ -0,0 +1,1204 @@
+(* Author: Bernhard Stöckl *)
+
+theory CostFunctions
+ imports Complex_Main JoinTree Selectivities
+begin
+
+section \<open>Cost Functions\<close>
+
+subsection \<open>General Cost Functions\<close>
+
+fun c_out :: "'a card \<Rightarrow> 'a selectivity \<Rightarrow> 'a joinTree \<Rightarrow> real" where
+ "c_out _ _ (Relation _) = 0"
+| "c_out cf f (Join l r) = card cf f (Join l r) + c_out cf f l + c_out cf f r"
+
+fun c_nlj :: "'a card \<Rightarrow> 'a selectivity \<Rightarrow> 'a joinTree \<Rightarrow> real" where
+ "c_nlj _ _ (Relation _) = 0"
+| "c_nlj cf f (Join l r) = card cf f l * card cf f r + c_nlj cf f l + c_nlj cf f r"
+
+fun c_hj :: "'a card \<Rightarrow> 'a selectivity \<Rightarrow> 'a joinTree \<Rightarrow> real" where
+ "c_hj _ _ (Relation _) = 0"
+| "c_hj cf f (Join l r) = 1.2 * card cf f l + c_hj cf f l + c_hj cf f r"
+
+fun c_smj :: "'a card \<Rightarrow> 'a selectivity \<Rightarrow> 'a joinTree \<Rightarrow> real" where
+ "c_smj _ _ (Relation _) = 0"
+| "c_smj cf f (Join l r) = card cf f l * log 2 (card cf f l) + card cf f r * log 2 (card cf f r)
+ + c_smj cf f l + c_smj cf f r"
+
+subsection \<open>Cost functions that are considered by IKKBZ.\<close>
+
+fun c_IKKBZ :: "('a \<Rightarrow> real \<Rightarrow> real) \<Rightarrow> 'a card \<Rightarrow> 'a selectivity \<Rightarrow> 'a joinTree \<Rightarrow> real" where
+ "c_IKKBZ _ _ _ (Relation _) = 0"
+| "c_IKKBZ h cf f (Join l (Relation rel)) = card cf f l * (h rel (cf rel)) + c_IKKBZ h cf f l"
+| "c_IKKBZ _ _ _ (Join l r) = undefined"
+
+text \<open>
+ A list of relations defines a unique left-deep tree. This functions computes a cost function
+ given by such a list representation of a tree according to the formula
+ @{text "\<Sum>\<^sub>i\<^sub>=\<^sub>2\<^sup>n n\<^sub>{\<^sub>1\<^sub>,\<^sub>2\<^sub>,\<^sub>\<dots>\<^sub>i\<^sub>-\<^sub>1\<^sub>} h\<^sub>i(n\<^sub>i)"}
+ where @{text "n\<^sub>{\<^sub>1\<^sub>,\<^sub>2\<^sub>,\<^sub>\<dots>\<^sub>i\<^sub>-\<^sub>1\<^sub>}"} = @{term "card subtree"} = @{term "ldeep_n f cf"} (list subtree)
+ The input list is expected to be in reversed order for easier recursive processing
+ i.e. the first element in xs is the rightmost element of the left-deep tree
+\<close>
+
+fun c_list' :: "'a selectivity \<Rightarrow> 'a card \<Rightarrow> ('a list \<Rightarrow> 'a \<Rightarrow> real) \<Rightarrow> 'a list \<Rightarrow> real" where
+ "c_list' _ _ _ [] = 0"
+| "c_list' _ _ _ [x] = 0"
+| "c_list' f cf h (x#xs) = ldeep_n f cf xs * h xs x + c_list' f cf h xs"
+
+text \<open>
+ Equivalent definition which allows splitting the list at any point.
+\<close>
+fun c_list :: "('a \<Rightarrow> real) \<Rightarrow> 'a card \<Rightarrow> ('a \<Rightarrow> real) \<Rightarrow> 'a \<Rightarrow> 'a list \<Rightarrow> real" where
+ "c_list _ _ _ _ [] = 0"
+| "c_list _ _ h r [x] = (if x=r then 0 else h x)"
+| "c_list sf cf h r (x#xs) = c_list sf cf h r xs + ldeep_T sf cf xs * c_list sf cf h r [x]"
+
+text \<open>
+ Maps the h function to a static version that doesn't require an input list.
+\<close>
+fun create_h_list :: "('a list \<Rightarrow> 'a \<Rightarrow> real) \<Rightarrow> 'a list \<Rightarrow> 'a \<Rightarrow> real" where
+ "create_h_list _ [] = (\<lambda>_. 1)"
+| "create_h_list h (x#xs) = (\<lambda>a. if a=x then h xs x else create_h_list h xs a)"
+
+subsection \<open>Properties of Cost Functions\<close>
+
+definition symmetric :: "('a joinTree \<Rightarrow> real) \<Rightarrow> bool" where
+ "symmetric f = (\<forall>x y. f (Join x y) = f (Join y x))"
+
+definition symmetric' :: "('a card \<Rightarrow> 'a selectivity \<Rightarrow> 'a joinTree \<Rightarrow> real) \<Rightarrow> bool" where
+ "symmetric' f = (\<forall>x y cf sf. sel_symm sf \<longrightarrow> (f cf sf (Join x y) = f cf sf (Join y x)))"
+
+text \<open>
+ Uses reversed lists since the last joined relation should only appear once. Therefore, it should
+ be the head of the list and by inductive reasoning the list should be reversed.
+ Furthermore, the root must be the first relation in the sequence (last in the reverse) or it must
+ not be contained at all.
+\<close>
+definition asi' :: "'a \<Rightarrow> ('a list \<Rightarrow> real) \<Rightarrow> bool" where
+ "asi' r c = (\<exists>rank :: ('a list \<Rightarrow> real).
+ (\<forall>A U V B. distinct (A@U@V@B) \<and> U \<noteq> [] \<and> V \<noteq> []
+ \<and> (r \<notin> set (A@U@V@B) \<or> (take 1 (A@U@V@B) = [r] \<and> take 1 (A@V@U@B) = [r]))
+ \<longrightarrow> (c (rev (A@U@V@B)) \<le> c (rev (A@V@U@B)) \<longleftrightarrow> rank (rev U) \<le> rank (rev V))))"
+
+definition asi :: "('a list \<Rightarrow> real) \<Rightarrow> 'a \<Rightarrow> ('a list \<Rightarrow> real) \<Rightarrow> bool" where
+ "asi rank r c = (\<forall>A U V B. distinct (A@U@V@B) \<and> U \<noteq> [] \<and> V \<noteq> []
+ \<and> (r \<notin> set (A@U@V@B) \<or> (take 1 (A@U@V@B) = [r] \<and> take 1 (A@V@U@B) = [r]))
+ \<longrightarrow> (c (rev (A@U@V@B)) \<le> c (rev (A@V@U@B)) \<longleftrightarrow> rank (rev U) \<le> rank (rev V)))"
+
+(* alternative asi definition with slightly changed preconditions related for r *)
+definition asi'' :: "('a list \<Rightarrow> real) \<Rightarrow> 'a \<Rightarrow> ('a list \<Rightarrow> real) \<Rightarrow> bool" where
+ "asi'' rank r c = ((\<forall>A U V B. distinct (A@U@V@B) \<and> U \<noteq> [] \<and> V \<noteq> [] \<and> U \<noteq> [r] \<and> V \<noteq> [r]
+ \<longrightarrow> (c (rev (A@U@V@B)) \<le> c (rev (A@V@U@B)) \<longleftrightarrow> rank (rev U) \<le> rank (rev V))))"
+
+
+subsection \<open>Proofs\<close>
+(** proofs that certain cost functions satisfy properties **)
+
+lemma c_out_symm: "sel_symm f \<Longrightarrow> symmetric (c_out cf f)"
+ by (simp add: symmetric_def list_sel_symm)
+
+lemma c_nlj_symm: "symmetric (c_nlj cf f)"
+ by (simp add: symmetric_def)
+
+lemma c_smj_symm: "symmetric (c_smj cf f)"
+ by (simp add: symmetric_def)
+
+subsubsection \<open>Equivalence Proofs\<close>
+
+theorem c_nlj_IKKBZ: "left_deep t \<Longrightarrow> c_nlj cf f t = c_IKKBZ (\<lambda>_. id) cf f t"
+proof(induction t)
+ case (Join l r)
+ then show ?case by(cases r) auto
+qed(simp)
+
+theorem c_hj_IKKBZ: "left_deep t \<Longrightarrow> c_hj cf f t = c_IKKBZ (\<lambda>_ _. 1.2) cf f t"
+proof(induction t)
+ case ind: (Join l r)
+ then show ?case by(cases r) auto
+qed(simp)
+
+lemma change_fun_order: "y\<noteq>rel
+ \<Longrightarrow> (\<lambda>a b. if a=rel then g a b else (\<lambda>c d. if c=y then h c d else f c d) a b)
+ = (\<lambda>a b. if a=y then h a b else (\<lambda>c d. if c=rel then g c d else f c d) a b)"
+ by fastforce
+
+lemma c_IKKBZ_fun_notelem:
+ assumes "left_deep t"
+ and "distinct_relations t"
+ and "y \<notin> relations t"
+ and "f' = (\<lambda>a b. if a=y then z b else f a b)"
+ shows "c_IKKBZ f' cf sf t = c_IKKBZ f cf sf t"
+using assms proof(induction t arbitrary: f' f z rule: left_deep.induct)
+ case (2 l rel)
+ then have 0: "rel \<noteq> y" by auto
+ have "c_IKKBZ f' cf sf (Join l (Relation rel))
+ = card cf sf l * (f' rel (cf rel)) + c_IKKBZ f' cf sf l" by simp
+ also have "\<dots> = card cf sf l * (f' rel (cf rel)) + c_IKKBZ f cf sf l"
+ using ldeep_trans distinct_trans_l 2 by fastforce
+ also have "\<dots> = card cf sf l * (f rel (cf rel)) + c_IKKBZ f cf sf l"
+ using "2.prems"(3,4) by fastforce
+ also have "\<dots> = c_IKKBZ f cf sf (Join l (Relation rel))" using "2.prems"(1) by simp
+ finally show ?case .
+qed (auto)
+
+lemma distinct_c_IKKBZ_ldeep_s_prepend:
+ "\<lbrakk>distinct(ys@revorder t); left_deep t\<rbrakk>
+ \<Longrightarrow> c_IKKBZ (\<lambda>a b. ldeep_s f (ys@revorder t) a * b) cf f t
+ = c_IKKBZ (\<lambda>a b. ldeep_s f (revorder t) a * b) cf f t"
+proof(induction t arbitrary: ys rule: left_deep.induct)
+ case (2 l rr)
+ let ?ylr = "ys @ revorder (Join l (Relation rr))"
+ let ?lr = "revorder (Join l (Relation rr))"
+ let ?h = "(\<lambda>a. (*) (ldeep_s f ?ylr a))"
+ let ?h' = "(\<lambda>a. (*) (ldeep_s f ?lr a))"
+ let ?h'' = "(\<lambda>a. (*) (ldeep_s f (revorder l) a))"
+ have "?lr = [rr]@revorder l" by simp
+ have 0: "distinct ?lr" using "2.prems"(1) by simp
+ have "c_IKKBZ ?h cf f (Join l (Relation rr))
+ = card cf f l * ((ldeep_s f ?ylr rr) * (cf rr)) + c_IKKBZ ?h cf f l"
+ by simp
+ also have "\<dots> = card cf f l * ((list_sel_aux' f (revorder l) rr) * (cf rr))
+ + c_IKKBZ ?h cf f l"
+ using "2.prems"(1) by (fastforce simp: distinct_ldeep_s_eq_aux)
+ also have "\<dots> = card cf f l * (?h' rr (cf rr)) + c_IKKBZ ?h cf f l" by simp
+ also have "\<dots> = card cf f l * (?h' rr (cf rr)) + c_IKKBZ ?h'' cf f l"
+ using "2.IH"[of "ys@[rr]"] "2.prems" by simp
+ also have "\<dots> = card cf f l * (?h' rr (cf rr)) + c_IKKBZ ?h' cf f l"
+ using "2.IH"[of "[rr]"] "2.prems"(2) 0 by simp
+ finally show ?case by simp
+qed (auto)
+
+lemma distinct_c_IKKBZ_ldeep_s_subtree:
+ assumes "distinct_relations (Join l (Relation rel))"
+ and "left_deep (Join l (Relation rel))"
+ shows "c_IKKBZ (\<lambda>a b. ldeep_s f (revorder (Join l (Relation rel))) a * b) cf f l
+ = c_IKKBZ (\<lambda>a b. ldeep_s f (revorder l) a * b) cf f l"
+proof -
+ have "distinct (revorder (Join l (Relation rel)))"
+ using assms(1) by (simp add: distinct_rels_alt inorder_eq_mset)
+ then have "distinct ([rel]@revorder l)" by simp
+ then show ?thesis using distinct_c_IKKBZ_ldeep_s_prepend[of "[rel]" l] assms(2) by simp
+qed
+
+theorem c_out_IKKBZ:
+ "\<lbrakk>distinct_relations t; reasonable_cards cf f t; left_deep t\<rbrakk>
+ \<Longrightarrow> c_IKKBZ (\<lambda>a b. ldeep_s f (revorder t) a * b) cf f t = c_out cf f t"
+proof(induction t)
+ case ind: (Join l r)
+ then show ?case
+ proof(cases r)
+ case (Relation rel)
+ let ?s = "(\<lambda>a b. ldeep_s f (revorder (Join l r)) a * b)"
+ let ?s' = "(\<lambda>a b. ldeep_s f (revorder l) a * b)"
+ have "c_IKKBZ ?s cf f l = c_IKKBZ ?s' cf f l"
+ using ind.prems distinct_c_IKKBZ_ldeep_s_subtree Relation by fast
+ then have 0: "c_IKKBZ ?s cf f l = c_out cf f l"
+ using ind ldeep_trans distinct_trans_l reasonable_trans by metis
+ have "c_IKKBZ ?s cf f (Join l r) = card cf f l * (?s rel (cf rel)) + c_IKKBZ ?s cf f l"
+ using Relation by simp
+ also have "\<dots> = card cf f l * ((list_sel_aux' f (revorder l) rel) * (cf rel))
+ + c_IKKBZ ?s cf f l"
+ using Relation by simp
+ also have "\<dots> = card cf f l * ((list_sel f (revorder l) [rel]) * (cf rel))
+ + c_IKKBZ ?s cf f l"
+ by (simp add: list_sel_sing_aux')
+ also have "\<dots> = card cf f l * ((list_sel f (inorder l) [rel]) * (cf rel))
+ + c_IKKBZ ?s cf f l"
+ using mset_x_eq_list_sel_eq[of "revorder l"] by (simp add: revorder_eq_rev_inorder)
+ also have "\<dots> = card cf f (Join l r) + c_IKKBZ ?s' cf f l"
+ using distinct_c_IKKBZ_ldeep_s_subtree ind.prems Relation by fastforce
+ also have "\<dots> = card cf f (Join l r) + c_out cf f l"
+ using ind reasonable_trans distinct_trans_l ldeep_trans by metis
+ finally show ?thesis using Relation by simp
+ next
+ case (Join lr rr)
+ then show ?thesis using ind by simp
+ qed
+qed(simp)
+
+theorem c_out_eq_c_list':
+ "\<lbrakk>distinct_relations t; reasonable_cards cf f t; left_deep t\<rbrakk>
+ \<Longrightarrow> c_list' f cf (\<lambda>xs x. (list_sel_aux' f xs x) * cf x) (revorder t) = c_out cf f t"
+proof(induction t rule: left_deep.induct)
+ case (2 l rr)
+ let ?h = "\<lambda>xs x. list_sel_aux' f xs x * cf x"
+ let ?ll = "revorder l"
+ have 1: "distinct_relations l" using "2.prems" distinct_trans_l by simp
+ have 2: "reasonable_cards cf f l" using "2.prems" reasonable_trans by blast
+ have 3: "left_deep l" using "2.prems" by simp
+ have "revorder (Join l (Relation rr)) = rr # ?ll" by simp
+ then have "c_list' f cf ?h (revorder (Join l (Relation rr)))
+ = ldeep_n f cf ?ll * ?h ?ll rr + c_list' f cf ?h ?ll"
+ using joinTree_cases_ldeep[OF 3] by auto
+ also have "\<dots> = card cf f l * ?h ?ll rr + c_list' f cf ?h ?ll"
+ using ldeep_n_eq_card_subtree "2.prems" by auto
+ also have "\<dots> = card cf f l * (list_sel_aux' f ?ll rr) * cf rr + c_list' f cf ?h ?ll"
+ using mset_x_eq_list_sel_aux'_eq mset_rev by fastforce
+ also have "\<dots> = card cf f (Join l (Relation rr)) + c_list' f cf ?h ?ll"
+ unfolding card_join_alt by (simp add: list_sel_sing_aux')
+ also have "\<dots> = card cf f (Join l (Relation rr)) + c_out cf f l" using "2.IH" 1 2 3 by simp
+ finally show ?case by simp
+qed (auto)
+
+lemma rev_first_last_elem: "(rev (x#x'#xs')) = (r#rs) \<Longrightarrow> x \<in># mset rs"
+ using in_multiset_in_set last_in_set last_snoc rev_singleton_conv
+ by (metis List.last.simps List.list.discI List.list.inject List.rev.simps(2))
+
+lemma distinct_first_uneq_last: "distinct (x#x'#xs') \<Longrightarrow> rev (x#x'#xs') = r#rs \<Longrightarrow> r \<noteq> x"
+ using rev_first_last_elem mset_rev set_mset_mset
+ by (metis List.distinct.simps(2) count_eq_zero_iff distinct_count_atmost_1)
+
+lemma distinct_create_eq_app:
+ "\<lbrakk>distinct (ys@xs); x \<in># mset xs\<rbrakk> \<Longrightarrow> create_h_list h xs x = create_h_list h (ys@xs) x"
+ by(induction ys) auto
+
+lemma c_list_single_h_list_not_elem_prepend:
+ "x \<notin> set ys
+ \<Longrightarrow> c_list f cf (create_h_list h (ys@x#xs)) r [x] = c_list f cf (create_h_list h (x#xs)) r [x]"
+ by(induction ys) auto
+
+lemma c_list_single_f_list_not_elem_prepend:
+ "x \<notin> set ys
+ \<Longrightarrow> c_list (ldeep_s f (ys@x#xs)) cf h r [x] = c_list (ldeep_s f (x#xs)) cf h r [x]"
+ by(induction ys) auto
+
+lemma c_list_prepend_h_disjunct:
+ assumes "distinct (ys@xs)"
+ shows "c_list f cf (create_h_list h (ys@xs)) r xs = c_list f cf (create_h_list h xs) r xs"
+using assms proof(induction xs arbitrary: ys)
+ case (Cons x xs)
+ then have 0: "distinct (ys @ [x] @ xs)" by simp
+ then have 1: "distinct ([x] @ xs)" by simp
+ let ?h = "create_h_list h (ys @ x # xs)"
+ let ?h' = "create_h_list h xs"
+ let ?h'' = "create_h_list h (x#xs)"
+ have 2: "x \<notin> set ys" using Cons.prems by simp
+ show ?case
+ proof(cases "xs=[]")
+ case True
+ then show ?thesis
+ using Cons distinct_create_eq_app in_multiset_in_set
+ by (metis CostFunctions.c_list.simps(2) List.list.set_intros(1))
+ next
+ case False
+ then obtain x' xs' where x'_def[simp]: "xs = x'#xs'" using List.list.exhaust_sel by auto
+ then have "c_list f cf ?h r (x # xs)
+ = c_list f cf ?h r xs + ldeep_T f cf xs * c_list f cf ?h r [x]" by simp
+ also have "\<dots> = c_list f cf ?h' r xs + ldeep_T f cf xs * c_list f cf ?h r [x]"
+ using Cons.IH[of "ys@[x]"] 0 by simp
+ also have "\<dots> = c_list f cf ?h'' r xs + ldeep_T f cf xs * c_list f cf ?h r [x]"
+ using Cons.IH[of "[x]"] 1 by simp
+ also have "\<dots> = c_list f cf ?h'' r xs + ldeep_T f cf xs * c_list f cf ?h'' r [x]"
+ using c_list_single_h_list_not_elem_prepend 2 by metis
+ finally show ?thesis by simp
+ qed
+qed(simp)
+
+lemma c_list_prepend_f_disjunct:
+ assumes "distinct (ys@xs)"
+ shows "c_list (ldeep_s f (ys@xs)) cf h r xs = c_list (ldeep_s f xs) cf h r xs"
+using assms proof(induction xs arbitrary: ys)
+ case (Cons x xs)
+ then have 0: "distinct(ys @ [x] @ xs)" by simp
+ then have 1: "distinct ([x] @ xs)" by simp
+ let ?f = "ldeep_s f (ys @ x # xs)"
+ let ?f' = "ldeep_s f xs"
+ let ?f'' = "ldeep_s f (x#xs)"
+ have 2: "x \<notin> set ys" using Cons.prems by simp
+ show ?case
+ proof(cases "xs=[]")
+ case False
+ then obtain x' xs' where x'_def[simp]: "xs = x'#xs'" using List.list.exhaust_sel by auto
+ have "ldeep_T ?f cf xs = ldeep_T ?f' cf xs"
+ using distinct_ldeep_T_prepend[of "ys@[x]" "xs" f cf] Cons.prems by simp
+ then have 3: "ldeep_T ?f cf xs = ldeep_T ?f'' cf xs"
+ using distinct_ldeep_T_prepend[of "[x]" "xs" f cf] Cons.prems 1 by simp
+ have "c_list ?f cf h r (x # xs)
+ = c_list ?f cf h r xs + ldeep_T ?f cf xs * c_list ?f cf h r [x]"
+ by simp
+ also have "\<dots> = c_list ?f' cf h r xs + ldeep_T ?f'' cf xs * c_list ?f cf h r [x]"
+ using Cons.IH[of "ys@[x]"] 0 3 by simp
+ also have "\<dots> = c_list ?f'' cf h r xs + ldeep_T ?f'' cf xs * c_list ?f cf h r [x]"
+ using Cons.IH[of "[x]"] 1 by simp
+ also have "\<dots> = c_list ?f'' cf h r xs + ldeep_T ?f'' cf xs * c_list ?f'' cf h r [x]"
+ using c_list_single_f_list_not_elem_prepend 2 by metis
+ finally show ?thesis by simp
+ qed(simp)
+qed(simp)
+
+lemma c_list'_eq_c_list:
+ assumes "distinct xs"
+ and "rev xs = r # rs"
+ shows "c_list (ldeep_s f xs) cf (create_h_list h xs) r xs = c_list' f cf h xs"
+using assms proof(induction xs arbitrary: rs)
+ case (Cons x xs)
+ then show ?case
+ proof(cases "xs=[]")
+ case False
+ then obtain x' xs' where x'_def[simp]: "xs = x'#xs'" using List.list.exhaust_sel by auto
+ then have 0: "x \<noteq> r" using distinct_first_uneq_last Cons by fast
+ have 1: "distinct xs" using Cons.prems(1) by simp
+ have "\<exists>rs'. rev xs = r # rs'"
+ using Cons.prems Nil_is_append_conv butlast_append
+ by (metis List.append.right_neutral List.butlast.simps(2) List.list.distinct(1)
+ List.rev.simps(2) \<open>\<And>thesis. (\<And>x' xs'. xs = x' # xs' \<Longrightarrow> thesis) \<Longrightarrow> thesis\<close>)
+ then obtain rs' where 2: "rev xs = r # rs'" by blast
+ let ?h = "create_h_list h (x # x' # xs')"
+ let ?h' = "create_h_list h (x' # xs')"
+ let ?f = "ldeep_s f (x'#xs')"
+ let ?f' = "ldeep_s f (x#x'#xs')"
+ have "c_list (ldeep_s f (x#xs)) cf (create_h_list h (x # xs)) r (x # xs)
+ = c_list ?f' cf ?h r (x # x' # xs')"
+ by simp
+ also have "\<dots> = c_list ?f' cf ?h r (x' # xs')
+ + ldeep_T ?f' cf (x' # xs') * c_list ?f' cf ?h r [x]"
+ by simp
+ also have "\<dots> = c_list ?f' cf ?h r (x' # xs') + ldeep_T ?f' cf (x' # xs') * h (x' # xs') x"
+ using 0 by simp
+ also have "\<dots> = c_list ?f' cf ?h r (x' # xs') + ldeep_T ?f cf (x' # xs') * h (x' # xs') x"
+ using distinct_ldeep_T_prepend[of "[x]" "x'#xs'"] Cons.prems(1) by simp
+ also have "\<dots> = c_list ?f' cf ?h r (x' # xs') + ldeep_n f cf (x' # xs') * h (x' # xs') x"
+ using ldeep_T_eq_ldeep_n 1 by fastforce
+ also have "\<dots> = c_list ?f cf ?h r (x' # xs') + ldeep_n f cf (x' # xs') * h (x' # xs') x"
+ using c_list_prepend_f_disjunct[of "[x]" "x'#xs'"] Cons.prems(1) by simp
+ also have "\<dots> = c_list ?f cf ?h' r (x' # xs') + ldeep_n f cf (x' # xs') * h (x' # xs') x"
+ using c_list_prepend_h_disjunct[of "[x]" "x'#xs'"] Cons.prems by simp
+ also have "\<dots> = c_list' f cf h (x' # xs') + ldeep_n f cf (x' # xs') * h (x' # xs') x"
+ using Cons.IH 1 2 by simp
+ also have "\<dots> = c_list' f cf h (x#x' # xs')"
+ using Cons.prems x'_def 1 2 by simp
+ finally show ?thesis by simp
+ qed(simp)
+qed(simp)
+
+lemma clist_eq_if_cf_eq:
+ "\<forall>x. set x \<subseteq> set xs \<longrightarrow> ldeep_T sf cf' x = ldeep_T sf cf x
+ \<Longrightarrow> c_list sf cf' h r xs = c_list sf cf h r xs"
+ by (induction sf cf' h r xs rule: c_list.induct) (auto simp: subset_insertI2)
+
+lemma ldeep_s_h_eq_list_sel_aux'_h:
+ "\<lbrakk>distinct xs; ys@x#zs = xs\<rbrakk>
+ \<Longrightarrow> (\<lambda>a. ldeep_s f xs a * cf a) x = (\<lambda>xs x. (list_sel_aux' f xs x) * cf x) zs x"
+ by (fastforce simp: distinct_ldeep_s_eq_aux)
+
+corollary ldeep_s_h_eq_list_sel_aux'_h':
+ "\<lbrakk>distinct_relations t; ys@x#zs = revorder t\<rbrakk>
+ \<Longrightarrow> (\<lambda>a. ldeep_s f (revorder t) a * cf a) x = (\<lambda>xs x. (list_sel_aux' f xs x) * cf x) zs x"
+ by (fastforce simp: distinct_rels_alt ldeep_s_h_eq_list_sel_aux'_h)
+
+lemma create_h_list_distinct_simp: "\<lbrakk>distinct xs; ys@x#zs = xs\<rbrakk> \<Longrightarrow> create_h_list h xs x = h zs x"
+ by (induction xs arbitrary: ys) (force simp: append_eq_Cons_conv)+
+
+lemma ldeep_s_h_eq_create_h_list:
+ "\<lbrakk>distinct xs; ys@x#zs = xs\<rbrakk>
+ \<Longrightarrow> (\<lambda>a. ldeep_s f xs a * cf a) x = create_h_list (\<lambda>xs x. (list_sel_aux' f xs x) * cf x) xs x"
+ by (simp add: distinct_relations_def create_h_list_distinct_simp ldeep_s_h_eq_list_sel_aux'_h)
+
+lemma ldeep_s_h_eq_create_h_list':
+ "\<lbrakk>distinct_relations t; ys@x#zs = revorder t\<rbrakk>
+ \<Longrightarrow> (\<lambda>a. ldeep_s f (revorder t) a * cf a) x
+ = create_h_list (\<lambda>xs x. (list_sel_aux' f xs x) * cf x) (revorder t) x"
+ by (simp add: distinct_rels_alt ldeep_s_h_eq_create_h_list)
+
+corollary ldeep_s_h_eq_create_h_list'':
+ "distinct_relations t \<Longrightarrow> \<forall>ys x zs. ys@x#zs = revorder t
+ \<longrightarrow> (\<lambda>a. ldeep_s f (revorder t) a * cf a) x
+ = create_h_list (\<lambda>xs x. (list_sel_aux' f xs x) * cf x) (revorder t) x"
+ using ldeep_s_h_eq_create_h_list' by fast
+
+lemma ldeep_s_h_eq_create_h_list''':
+ "\<lbrakk>distinct_relations t; x \<in> relations t\<rbrakk>
+ \<Longrightarrow> (\<lambda>a. ldeep_s f (revorder t) a * cf a) x
+ = create_h_list (\<lambda>xs x. (list_sel_aux' f xs x) * cf x) (revorder t) x"
+ using ldeep_s_eq_list_sel_aux'_split revorder_eq_set
+ by (fastforce simp add: distinct_rels_alt ldeep_s_h_eq_create_h_list)
+
+lemma cons2_if_2elems: "\<lbrakk>x \<in> set xs; y \<in> set xs; x \<noteq> y\<rbrakk> \<Longrightarrow> \<exists>y z zs. xs = y # z # zs"
+ using last.simps list.set_cases neq_Nil_conv by metis
+
+theorem c_IKKBZ_eq_c_list:
+ fixes t
+ defines "xs \<equiv> revorder t"
+ assumes "distinct_relations t"
+ and "reasonable_cards cf f t"
+ and "left_deep t"
+ and "\<forall>x \<in> relations t. h1 x (cf x) = h2 x"
+ shows "c_IKKBZ h1 cf f t = c_list (ldeep_s f xs) cf h2 (first_node t) xs"
+using assms proof(induction t arbitrary: xs rule: left_deep.induct)
+ case (2 l r)
+ let ?r = "first_node (Join l (Relation r))"
+ let ?xs = "revorder (Join l (Relation r))"
+ let ?ys = "revorder l"
+ let ?sf = "ldeep_s f ?xs"
+ have h1_h2_l: "\<forall>x \<in> relations l. h1 x (cf x) = h2 x" using "2.prems"(4) by simp
+ have "c_IKKBZ h1 cf f (Join l (Relation r)) = card cf f l * (h1 r (cf r)) + c_IKKBZ h1 cf f l"
+ by simp
+ then have "c_IKKBZ h1 cf f (Join l (Relation r))
+ = card cf f l * (h1 r (cf r)) + c_list (ldeep_s f ?ys) cf h2 ?r ?ys"
+ using "2.hyps" "2.prems"(2-3) distinct_trans_l[OF "2.prems"(1)] h1_h2_l by force
+ then have ind: "c_IKKBZ h1 cf f (Join l (Relation r))
+ = card cf f l * (h1 r (cf r)) + c_list ?sf cf h2 ?r ?ys"
+ using c_list_prepend_f_disjunct "2.prems"(1) unfolding distinct_rels_alt
+ by (metis revorder.simps(2))
+ have 0: "?r \<in> set ?xs" using first_node_last_revorder[of l] by force
+ moreover have 1: "r \<in> set ?xs" by simp
+ moreover have "distinct ?xs" using "2.prems"(1) distinct_rels_alt by force
+ ultimately have "?r \<noteq> r" using first_node_last_revorder[of l] by auto
+ then obtain z zs where z_def: "?xs = r # z # zs" using cons2_if_2elems[OF 0 1] by auto
+ then have "c_list ?sf cf h2 ?r ?xs
+ = c_list ?sf cf h2 ?r ?ys + ldeep_T ?sf cf ?ys * c_list ?sf cf h2 ?r [r]"
+ by simp
+ also have "\<dots> = c_list ?sf cf h2 ?r ?ys + ldeep_T ?sf cf ?ys * (h1 r (cf r))"
+ using \<open>?r \<noteq> r\<close> "2.prems"(4) by fastforce
+ also have "\<dots> = c_list ?sf cf h2 ?r ?ys + card cf f l * (h1 r (cf r))"
+ using "2.prems"(1,3) ldeep_T_eq_card distinct_rels_alt distinct_ldeep_T_prepend
+ by (metis revorder.simps(2) ldeep_trans distinct_trans_l)
+ finally show ?case using ind by simp
+qed(auto)
+
+lemma c_IKKBZ_eq_c_list_cout:
+ fixes f cf t
+ defines "xs \<equiv> revorder t"
+ defines "h \<equiv> (\<lambda>a. ldeep_s f xs a * cf a)"
+ assumes "distinct_relations t"
+ and "reasonable_cards cf f t"
+ and "left_deep t"
+ shows "c_IKKBZ (\<lambda>a b. ldeep_s f xs a * b) cf f t = c_list (ldeep_s f xs) cf h (first_node t) xs"
+ using assms c_IKKBZ_eq_c_list by fast
+
+lemma c_IKKBZ_eq_c_list_cout_hlist:
+ fixes f cf t
+ defines "h \<equiv> (\<lambda>xs x. (list_sel_aux' f xs x) * cf x)"
+ defines "xs \<equiv> revorder t"
+ assumes "distinct_relations t"
+ and "reasonable_cards cf f t"
+ and "left_deep t"
+ shows "c_IKKBZ (\<lambda>a b. ldeep_s f xs a * b) cf f t
+ = c_list (ldeep_s f xs) cf (create_h_list h xs) (first_node t) xs"
+ using assms c_IKKBZ_eq_c_list ldeep_s_h_eq_create_h_list'''[OF assms(3)] by fastforce
+
+theorem c_out_eq_c_list:
+ fixes f cf t
+ defines "xs \<equiv> revorder t"
+ defines "h \<equiv> (\<lambda>a. ldeep_s f xs a * cf a)"
+ assumes "distinct_relations t"
+ and "reasonable_cards cf f t"
+ and "left_deep t"
+ shows "c_list (ldeep_s f xs) cf h (first_node t) xs = c_out cf f t"
+ using c_IKKBZ_eq_c_list_cout c_out_IKKBZ assms by fastforce
+
+theorem c_out_eq_c_list_hlist:
+ fixes f cf t
+ defines "h \<equiv> (\<lambda>xs x. (list_sel_aux' f xs x) * cf x)"
+ defines "xs \<equiv> revorder t"
+ assumes "distinct_relations t"
+ and "reasonable_cards cf f t"
+ and "left_deep t"
+ shows "c_list (ldeep_s f xs) cf (create_h_list h xs) (first_node t) xs = c_out cf f t"
+ using c_IKKBZ_eq_c_list_cout_hlist c_out_IKKBZ assms by fastforce
+
+(* alternative proof using c_list' *)
+lemma c_out_eq_c_list_altproof:
+ fixes f cf t
+ defines "h \<equiv> (\<lambda>xs x. (list_sel_aux' f xs x) * cf x)"
+ defines "xs \<equiv> revorder t"
+ assumes "distinct_relations t"
+ and "reasonable_cards cf f t"
+ and "left_deep t"
+ shows "c_list (ldeep_s f xs) cf (create_h_list h xs) (first_node t) xs = c_out cf f t"
+proof -
+ obtain rs where rs_def[simp]: "rev (revorder t) = (first_node t) # rs"
+ unfolding revorder_eq_rev_inorder using first_node_first_inorder by auto
+ have 0: "distinct (revorder t)" using assms(3) distinct_rels_alt by auto
+ then have "c_list (ldeep_s f xs) cf (create_h_list h xs) (first_node t) xs
+ = c_list' f cf h (revorder t)"
+ using rs_def c_list'_eq_c_list xs_def by fast
+ then show ?thesis using assms c_out_eq_c_list' by auto
+qed
+
+text \<open>
+ Similarly, we can derive the equivalence for other cost functions like @{term c_nlj} and
+ @{term c_hj} by using the equivalence of @{term c_IKKBZ} and @{term c_list}.
+\<close>
+
+lemma c_IKKBZ_eq_c_list_hj:
+ fixes f cf t
+ defines "xs \<equiv> revorder t"
+ assumes "distinct_relations t"
+ and "reasonable_cards cf f t"
+ and "left_deep t"
+ shows "c_IKKBZ (\<lambda>_ _. 1.2) cf f t = c_list (ldeep_s f xs) cf (\<lambda>_. 1.2) (first_node t) xs"
+ using c_IKKBZ_eq_c_list assms by fast
+
+corollary c_hj_eq_c_list:
+ fixes f cf t
+ defines "xs \<equiv> revorder t"
+ assumes "distinct_relations t"
+ and "reasonable_cards cf f t"
+ and "left_deep t"
+ shows "c_list (ldeep_s f xs) cf (\<lambda>_. 1.2) (first_node t) xs = c_hj cf f t"
+ using c_IKKBZ_eq_c_list_hj c_hj_IKKBZ assms by fastforce
+
+lemma c_IKKBZ_eq_c_list_nlj:
+ fixes f cf t
+ defines "xs \<equiv> revorder t"
+ assumes "distinct_relations t"
+ and "reasonable_cards cf f t"
+ and "left_deep t"
+ shows "c_IKKBZ (\<lambda>_. id) cf f t = c_list (ldeep_s f xs) cf cf (first_node t) xs"
+ using c_IKKBZ_eq_c_list assms by fastforce
+
+corollary c_nlj_eq_c_list:
+ fixes f cf t
+ defines "xs \<equiv> revorder t"
+ assumes "distinct_relations t"
+ and "reasonable_cards cf f t"
+ and "left_deep t"
+ shows "c_list (ldeep_s f xs) cf cf (first_node t) xs = c_nlj cf f t"
+ using c_IKKBZ_eq_c_list_nlj c_nlj_IKKBZ assms by fastforce
+
+lemma c_list_app:
+ "c_list f cf h r (ys@xs) = c_list f cf h r xs + ldeep_T f cf xs * c_list f cf h r ys"
+proof(induction ys)
+ case (Cons y ys)
+ then show ?case
+ proof(cases "xs=[]")
+ case True
+ then show ?thesis using ldeep_T_empty by auto
+ next
+ case False
+ then obtain x' xs' where x'_def[simp]: "xs = x'#xs'" using List.list.exhaust_sel by blast
+ then have "c_list f cf h r (y#ys @ xs)
+ = c_list f cf h r (ys@xs) + ldeep_T f cf (ys@xs) * c_list f cf h r [y]"
+ by (metis CostFunctions.c_list.simps(3) Nil_is_append_conv neq_Nil_conv)
+ also have "\<dots> = c_list f cf h r xs + ldeep_T f cf xs * c_list f cf h r ys
+ + ldeep_T f cf (ys@xs) * c_list f cf h r [y]"
+ using Cons.IH by simp
+ also have "\<dots> = c_list f cf h r xs + ldeep_T f cf xs * c_list f cf h r ys
+ + ldeep_T f cf ys * ldeep_T f cf xs * c_list f cf h r [y]"
+ using ldeep_T_app by auto
+ also have "\<dots> = c_list f cf h r xs + ldeep_T f cf xs * (c_list f cf h r ys
+ + ldeep_T f cf ys * c_list f cf h r [y])"
+ by argo
+ also have "\<dots> = c_list f cf h r xs + ldeep_T f cf xs * (c_list f cf h r (y # ys))"
+ using False neq_Nil_conv List.append.left_neutral
+ by (metis CostFunctions.c_list.simps(3) calculation)
+ finally show ?thesis by simp
+ qed
+qed(simp)
+
+lemma create_h_list_pos:
+ "\<lbrakk>sel_reasonable sf; \<forall>x \<in> set xs. cf x > 0\<rbrakk>
+ \<Longrightarrow> (create_h_list (\<lambda>xs x. (list_sel_aux' sf xs x) * cf x) xs) x > 0"
+ by (induction xs) (auto simp: list_sel_aux'_reasonable)
+
+lemma c_list_not_neg:
+ assumes "sel_reasonable sf"
+ and "\<forall>x \<in> set ys. cf x > 0"
+ and "h = (\<lambda>a. ldeep_s sf xs a * cf a)"
+ shows "c_list (ldeep_s sf xs) cf h r ys \<ge> 0"
+using assms proof(induction ys arbitrary: xs)
+ case ind: (Cons y ys)
+ let ?sf = "ldeep_s sf xs"
+ show ?case
+ proof(cases ys)
+ case Nil
+ then show ?thesis using ind.prems by (simp add: ldeep_s_pos order_less_imp_le)
+ next
+ case (Cons y' ys')
+ show ?thesis
+ proof(cases "y=r")
+ case True
+ then show ?thesis using Cons ind by simp
+ next
+ case False
+ have "c_list ?sf cf h r (y # ys) = c_list ?sf cf h r ys + ldeep_T ?sf cf ys * h y"
+ using Cons False by simp
+ then have "c_list ?sf cf h r (y # ys) \<ge> ldeep_T ?sf cf ys * h y"
+ using ind by simp
+ moreover have "ldeep_T ?sf cf ys * h y > 0"
+ using ind.prems by (simp add: ldeep_T_pos ldeep_s_pos)
+ ultimately show ?thesis by simp
+ qed
+ qed
+qed(simp)
+
+lemma c_list_not_neg_hlist:
+ assumes "sel_reasonable sf"
+ and "\<forall>x \<in> set xs. cf x > 0"
+ and "\<forall>x \<in> set ys. cf x > 0"
+ and "h = create_h_list (\<lambda>xs x. (list_sel_aux' sf xs x) * cf x) xs"
+ shows "c_list (ldeep_s sf xs) cf h r ys \<ge> 0"
+using assms proof(induction ys arbitrary: xs)
+ case ind: (Cons y ys)
+ let ?sf = "ldeep_s sf xs"
+ show ?case
+ proof(cases ys)
+ case Nil
+ then show ?thesis
+ using ind.prems by(cases "y=r")(auto simp: create_h_list_pos less_eq_real_def)
+ next
+ case (Cons y' ys')
+ show ?thesis
+ proof(cases "y=r")
+ case True
+ then show ?thesis using Cons ind by simp
+ next
+ case False
+ have "c_list ?sf cf h r (y # ys) = c_list ?sf cf h r ys + ldeep_T ?sf cf ys * h y"
+ using Cons False by simp
+ then have "c_list ?sf cf h r (y # ys) \<ge> ldeep_T ?sf cf ys * h y"
+ using ind by simp
+ moreover have "ldeep_T ?sf cf ys * h y > 0"
+ using create_h_list_pos[of sf xs cf y] ind.prems by (simp add: ldeep_T_pos)
+ ultimately show ?thesis by simp
+ qed
+ qed
+qed(simp)
+
+lemma c_list_pos_if_h_pos:
+ "\<lbrakk>sel_reasonable sf; \<forall>x \<in> set xs. cf x > 0; \<forall>x \<in> set xs. h x > 0; r \<notin> set xs; xs \<noteq> []\<rbrakk>
+ \<Longrightarrow> c_list (ldeep_s sf ys) cf h r xs > 0"
+proof(induction "ldeep_s sf ys" cf h r xs rule: c_list.induct)
+ case (3 cf h r y x xs)
+ have "ldeep_T (ldeep_s sf ys) cf (x#xs) > 0" using ldeep_T_pos[of "x#xs"] "3.prems"(1,2) by simp
+ then have "ldeep_T (ldeep_s sf ys) cf (x#xs) * c_list (ldeep_s sf ys) cf h r [y] > 0"
+ using 3 by auto
+ moreover have "c_list (ldeep_s sf ys) cf h r (x#xs) > 0" using 3 by auto
+ ultimately show ?case by simp
+qed(auto)
+
+lemma c_list_pos_r_not_elem:
+ assumes "sel_reasonable sf"
+ and "\<forall>x \<in> set ys. cf x > 0"
+ and "ys \<noteq> []"
+ and "r \<notin> set ys"
+ and "h = (\<lambda>a. ldeep_s sf xs a * cf a)"
+ shows "c_list (ldeep_s sf xs) cf h r ys > 0"
+ using c_list_pos_if_h_pos ldeep_s_pos assms by fastforce
+
+lemma c_list_pos_r_not_elem_hlist:
+ assumes "sel_reasonable sf"
+ and "\<forall>x \<in> set xs. cf x > 0"
+ and "\<forall>x \<in> set ys. cf x > 0"
+ and "ys \<noteq> []"
+ and "r \<notin> set ys"
+ and "h = create_h_list (\<lambda>xs x. (list_sel_aux' sf xs x) * cf x) xs"
+ shows "c_list (ldeep_s sf xs) cf h r ys > 0"
+ using c_list_pos_if_h_pos create_h_list_pos[OF assms(1)] assms by fastforce
+
+lemma c_list_pos_not_root:
+ assumes "sel_reasonable sf"
+ and "\<forall>x \<in> set ys. cf x > 0"
+ and "ys \<noteq> []"
+ and "ys \<noteq> [r]"
+ and "distinct ys"
+ and "h = (\<lambda>a. ldeep_s sf xs a * cf a)"
+ shows "c_list (ldeep_s sf xs) cf h r ys > 0"
+using assms proof(induction ys arbitrary: xs)
+ case ind: (Cons y ys)
+ let ?sf = "ldeep_s sf xs"
+ show ?case
+ proof(cases ys)
+ case Nil
+ then have "c_list ?sf cf h r (y # ys) = h y" using ind.prems(4) by simp
+ then show ?thesis using ind.prems(1,2,6) by (simp add: ldeep_s_pos)
+ next
+ case (Cons y' ys')
+ show ?thesis
+ proof(cases "y=r")
+ case True
+ then have 0: "r \<notin> set ys" using ind.prems(5) by simp
+ have "c_list ?sf cf h r (y # ys) = c_list ?sf cf h r ys"
+ using Cons True by simp
+ then show ?thesis using ind.prems(1,2,4,6) 0 True by (fastforce intro: c_list_pos_r_not_elem)
+ next
+ case False
+ have "c_list ?sf cf h r (y # ys) = c_list ?sf cf h r ys + ldeep_T ?sf cf ys * h y"
+ using Cons False by simp
+ then have "c_list ?sf cf h r (y # ys) \<ge> ldeep_T ?sf cf ys * h y"
+ using c_list_not_neg ind.prems(1,2,3,6) by fastforce
+ moreover have "ldeep_T ?sf cf ys * h y > 0"
+ using ind.prems(1,2,6) by (simp add: ldeep_T_pos ldeep_s_pos)
+ ultimately show ?thesis by simp
+ qed
+ qed
+qed(simp)
+
+lemma c_list_pos_not_root_hlist:
+ assumes "sel_reasonable sf"
+ and "\<forall>x \<in> set xs. cf x > 0"
+ and "\<forall>x \<in> set ys. cf x > 0"
+ and "ys \<noteq> []"
+ and "ys \<noteq> [r]"
+ and "distinct ys"
+ and "h = create_h_list (\<lambda>xs x. (list_sel_aux' sf xs x) * cf x) xs"
+ shows "c_list (ldeep_s sf xs) cf h r ys > 0"
+using assms proof(induction ys arbitrary: xs)
+ case ind: (Cons y ys)
+ let ?sf = "ldeep_s sf xs"
+ show ?case
+ proof(cases ys)
+ case Nil
+ then have "c_list ?sf cf h r (y # ys) = h y" using ind.prems(5) by simp
+ then show ?thesis using create_h_list_pos ind.prems(1,2,7) by fastforce
+ next
+ case (Cons y' ys')
+ show ?thesis
+ proof(cases "y=r")
+ case True
+ then have 0: "r \<notin> set ys" using ind.prems(6) by simp
+ have "c_list ?sf cf h r (y # ys) = c_list ?sf cf h r ys"
+ using Cons True by simp
+ then show ?thesis
+ using c_list_pos_r_not_elem_hlist[of sf xs cf ys r h] 0 ind.prems(1,2,3,7) Cons by auto
+ next
+ case False
+ have "c_list ?sf cf h r (y # ys) = c_list ?sf cf h r ys + ldeep_T ?sf cf ys * h y"
+ using Cons False by simp
+ then have "c_list ?sf cf h r (y # ys) \<ge> ldeep_T ?sf cf ys * h y"
+ using c_list_not_neg_hlist ind.prems(1,2,3,7) by fastforce
+ moreover have "ldeep_T ?sf cf ys * h y > 0"
+ using ind.prems(1,2,3,7) by (simp add: ldeep_T_pos create_h_list_pos)
+ ultimately show ?thesis by simp
+ qed
+ qed
+qed(simp)
+
+lemma c_list_split_four:
+ assumes "T = ldeep_T f cf"
+ and "C = c_list f cf h r"
+ shows "C (rev (A @ U @ V @ B)) = C (rev A) + T (rev A) * C (rev U)
+ + T (rev A) * T (rev U) * C (rev V)
+ + T (rev A) * T (rev U) * T (rev V) * C (rev B)"
+proof -
+ let ?T = "ldeep_T f cf"
+ let ?C = "c_list f cf h r"
+ have "?C (rev (A @ U @ V @ B))
+ = ?C (rev A) + ?T (rev A) * ?C (rev (U @ V @ B))"
+ using c_list_app[where ys="rev (U@V@B)"] by simp
+ also have "\<dots> = ?C (rev A) + ?T (rev A) * (?C (rev U)
+ + ?T (rev U) * ?C (rev (V@B)))"
+ using c_list_app[where ys="rev (V@B)"] by simp
+ also have "\<dots> = ?C (rev A) + ?T (rev A) * ?C (rev U)
+ + ?T (rev A) * ?T (rev U) * ?C (rev (V@B))"
+ by argo
+ also have "\<dots> = ?C (rev A) + ?T (rev A) * ?C (rev U)
+ + ?T (rev A) * ?T (rev U) * (?C (rev V)
+ + ?T (rev V) * ?C (rev B))"
+ using c_list_app by force
+ finally have 0: "?C (rev (A @ U @ V @ B))
+ = ?C (rev A) + ?T (rev A) * ?C (rev U)
+ + ?T (rev A) * ?T (rev U) * ?C (rev V)
+ + ?T (rev A) * ?T (rev U) * ?T (rev V) * ?C (rev B)"
+ by argo
+ then show ?thesis using assms by simp
+qed
+
+lemma c_list_A_pos_asi:
+ assumes "c_list f cf h r (rev U) > 0"
+ and "c_list f cf h r (rev V) > 0"
+ and "ldeep_T f cf (rev A) > 0"
+ shows "c_list f cf h r (rev (A @ U @ V @ B)) \<le> c_list f cf h r (rev (A @ V @ U @ B))
+ \<longleftrightarrow> ((ldeep_T f cf (rev U) - 1) / c_list f cf h r (rev U)
+ \<le> (ldeep_T f cf (rev V) - 1) / c_list f cf h r (rev V))"
+proof -
+ let ?T = "ldeep_T f cf"
+ let ?C = "c_list f cf h r"
+ let ?rank = "(\<lambda>l. (?T l - 1) / ?C l)"
+ have 0: "?C (rev (A @ U @ V @ B))
+ = ?C (rev A) + ?T (rev A) * ?C (rev U)
+ + ?T (rev A) * ?T (rev U) * ?C (rev V)
+ + ?T (rev A) * ?T (rev U) * ?T (rev V) * ?C (rev B)"
+ using c_list_split_four by fastforce
+ have "?C (rev (A @ V @ U @ B))
+ = ?C (rev A) + ?T (rev A) * ?C (rev V)
+ + ?T (rev A) * ?T (rev V) * ?C (rev U)
+ + ?T (rev A) * ?T (rev V) * ?T (rev U) * ?C (rev B)"
+ using c_list_split_four by fastforce
+ then have "?C (rev (A@U@V@B)) - ?C (rev (A@V@U@B))
+ = ?T (rev A) * (?C (rev V) * (?T (rev U) - 1) - ?C (rev U) * (?T (rev V) - 1))"
+ using 0 by argo
+ also have "\<dots> = ?T (rev A) *
+ (?C (rev V) * (?T (rev U) - 1) * (?C (rev U) / ?C (rev U))
+ - ?C (rev U) * (?T (rev V) - 1) * (?C (rev V) / ?C (rev V)))"
+ using assms
+ by (metis Groups.monoid_mult_class.mult.right_neutral divide_self_if less_numeral_extra(3))
+ also have "\<dots> = ?T (rev A) * ?C (rev U) * ?C (rev V) * (?rank (rev U) - ?rank (rev V))"
+ by argo
+ finally have 1: "?C (rev (A@U@V@B)) - ?C (rev (A@V@U@B))
+ = ?T (rev A) * ?C (rev U) * ?C (rev V) * (?rank (rev U) - ?rank (rev V))".
+ then show ?thesis
+ proof(cases "?C (rev (A@U@V@B)) \<le> ?C (rev (A@V@U@B))")
+ case True
+ then show ?thesis by (smt (verit) assms 1 mult_pos_pos)
+ next
+ case False
+ then show ?thesis by (smt (z3) 1 assms mult_pos_pos zero_less_mult_pos)
+ qed
+qed
+
+lemma c_list_asi_aux:
+ assumes "sel_reasonable sf"
+ and "\<forall>x. cf x > 0"
+ and "c = c_list f cf h r"
+ and "f = (ldeep_s sf xs)"
+ and "\<forall>ys. (ys \<noteq> [] \<and> r \<notin> set ys) \<longrightarrow> c ys > 0"
+ and "distinct (A@U@V@B)"
+ and "U \<noteq> []"
+ and "V \<noteq> []"
+ and "rank = (\<lambda>l. (ldeep_T f cf l - 1) / c l)"
+ and "r \<notin> set (A@U@V@B) \<or> (take 1 (A@U@V@B) = [r] \<and> take 1 (A@V@U@B) = [r])"
+ shows "(c (rev (A@U@V@B)) \<le> c (rev (A@V@U@B)) \<longleftrightarrow> rank (rev U) \<le> rank (rev V))"
+proof (cases "r \<notin> set (A@U@V@B)")
+ case True
+ have 0: "ldeep_T f cf (rev A) > 0" using assms(1,2,4) ldeep_T_pos by fast
+ have "r \<notin> set (rev U)" using True by simp
+ then have 1: "c_list f cf h r (rev U) > 0"
+ using c_list_pos_r_not_elem assms(1-5,7) by fastforce
+ have "r \<notin> set (rev V)" using True by simp
+ then have "c_list f cf h r (rev V) > 0"
+ using c_list_pos_r_not_elem assms(1-5,8) by fastforce
+ then show ?thesis using c_list_A_pos_asi 0 1 assms(3,9) by fast
+next
+ case False
+ have 0: "ldeep_T f cf (rev A) > 0" using assms(1,2,4) ldeep_T_pos by fast
+ have r_first: "take 1 (A@U@V@B) = [r] \<and> take 1 (A@V@U@B) = [r]"
+ using assms(10) False by blast
+ then have "take 1 A = [r]" using assms(6-8) distinct_change_order_first_elem by metis
+ then have "r \<in> set A" by (metis List.list.set_intros(1) in_set_takeD)
+ then have 1: "r \<notin> set (U@V@B)" using assms(6) by auto
+ then have "r \<notin> set (rev U)" by simp
+ then have 2: "c_list f cf h r (rev U) > 0"
+ using c_list_pos_r_not_elem assms(1-5,7) by fastforce
+ have "r \<notin> set (rev V)" using 1 by simp
+ then have "c_list f cf h r (rev V) > 0"
+ using c_list_pos_r_not_elem assms(1-5,8) by fastforce
+ then show ?thesis using c_list_A_pos_asi 0 2 assms(3,9) by fast
+qed
+
+lemma c_list_pos_asi:
+ fixes sf cf h r xs
+ defines "f \<equiv> ldeep_s sf xs"
+ defines "rank \<equiv> (\<lambda>l. (ldeep_T f cf l - 1) / c_list f cf h r l)"
+ assumes "sel_reasonable sf"
+ and "\<forall>x. cf x > 0"
+ and "\<forall>ys. (ys \<noteq> [] \<and> r \<notin> set ys) \<longrightarrow> c_list f cf h r ys > 0"
+ shows "asi rank r (c_list f cf h r)"
+ unfolding asi_def using c_list_asi_aux[OF assms(3,4)] assms(1,2,5) by simp
+
+theorem c_list_asi:
+ fixes sf cf h r xs
+ defines "f \<equiv> ldeep_s sf xs"
+ defines "rank \<equiv> (\<lambda>l. (ldeep_T f cf l - 1) / c_list f cf h r l)"
+ assumes "sel_reasonable sf"
+ and "\<forall>x. cf x > 0"
+ and "\<forall>x. h x > 0"
+ shows "asi rank r (c_list f cf h r)"
+ using c_list_pos_asi assms c_list_pos_if_h_pos[OF assms(3)] by fastforce
+
+corollary c_out_asi:
+ fixes sf cf r xs
+ defines "f \<equiv> ldeep_s sf xs"
+ defines "h \<equiv> (\<lambda>a. ldeep_s sf xs a * cf a)"
+ defines "rank \<equiv> (\<lambda>l. (ldeep_T f cf l - 1) / c_list f cf h r l)"
+ assumes "sel_reasonable sf"
+ and "\<forall>x. cf x > 0"
+ shows "asi rank r (c_list f cf h r)"
+ using c_list_asi ldeep_s_pos assms by fastforce
+
+(* old alternative proof that proofs asi property directly for this specific h *)
+lemma c_out_asi_aux:
+ assumes "sel_reasonable sf"
+ and "\<forall>x. cf x > 0"
+ and "c = c_list f cf h r"
+ and "f = (ldeep_s sf xs)"
+ and "h = (\<lambda>a. ldeep_s sf xs a * cf a)"
+ and "distinct (A@U@V@B)"
+ and "U \<noteq> []"
+ and "V \<noteq> []"
+ and "rank = (\<lambda>l. (ldeep_T f cf l - 1) / c l)"
+ and "r \<notin> set (A@U@V@B) \<or> (take 1 (A@U@V@B) = [r] \<and> take 1 (A@V@U@B) = [r])"
+ shows "(c (rev (A@U@V@B)) \<le> c (rev (A@V@U@B)) \<longleftrightarrow> rank (rev U) \<le> rank (rev V))"
+proof (cases "r \<notin> set (A@U@V@B)")
+ case True
+ have 0: "ldeep_T f cf (rev A) > 0" using assms(1,2,4) ldeep_T_pos by fast
+ have "r \<notin> set (rev U)" using True by simp
+ then have 1: "c_list f cf h r (rev U) > 0"
+ using c_list_pos_r_not_elem assms(1,2,4,5,7) by fastforce
+ have "r \<notin> set (rev V)" using True by simp
+ then have "c_list f cf h r (rev V) > 0"
+ using c_list_pos_r_not_elem assms(1,2,4,5,8) by fastforce
+ then show ?thesis using c_list_A_pos_asi 0 1 assms(3,9) by fast
+next
+ case False
+ have 0: "ldeep_T f cf (rev A) > 0" using assms(1,2,4) ldeep_T_pos by fast
+ have r_first: "take 1 (A@U@V@B) = [r] \<and> take 1 (A@V@U@B) = [r]"
+ using assms(10) False by blast
+ then have "take 1 A = [r]" using assms(6-8) distinct_change_order_first_elem by metis
+ then have "r \<in> set A" by (metis List.list.set_intros(1) in_set_takeD)
+ then have 1: "r \<notin> set (U@V@B)" using assms(6) by auto
+ then have "r \<notin> set (rev U)" by simp
+ then have 2: "c_list f cf h r (rev U) > 0"
+ using c_list_pos_r_not_elem assms(1,2,4,5,7) by fastforce
+ have "r \<notin> set (rev V)" using 1 by simp
+ then have "c_list f cf h r (rev V) > 0"
+ using c_list_pos_r_not_elem assms(1,2,4,5,8) by fastforce
+ then show ?thesis using c_list_A_pos_asi 0 2 assms(3,9) by fast
+qed
+
+lemma c_out_asi_aux_hlist:
+ assumes "sel_reasonable sf"
+ and "\<forall>x. cf x > 0"
+ and "c = c_list f cf h r"
+ and "f = (ldeep_s sf xs)"
+ and "h = create_h_list (\<lambda>xs x. (list_sel_aux' sf xs x) * cf x) xs"
+ and "distinct (A@U@V@B)"
+ and "U \<noteq> []"
+ and "V \<noteq> []"
+ and "rank = (\<lambda>l. (ldeep_T f cf l - 1) / c l)"
+ and "r \<notin> set (A@U@V@B) \<or> (take 1 (A@U@V@B) = [r] \<and> take 1 (A@V@U@B) = [r])"
+ shows "(c (rev (A@U@V@B)) \<le> c (rev (A@V@U@B)) \<longleftrightarrow> rank (rev U) \<le> rank (rev V))"
+proof (cases "r \<notin> set (A@U@V@B)")
+ case True
+ have 0: "ldeep_T f cf (rev A) > 0" using assms(1,2,4) ldeep_T_pos by fast
+ have "r \<notin> set (rev U)" using True by simp
+ then have 1: "c_list f cf h r (rev U) > 0"
+ using c_list_pos_r_not_elem_hlist assms(1,2,4,5,7) by fastforce
+ have "r \<notin> set (rev V)" using True by simp
+ then have "c_list f cf h r (rev V) > 0"
+ using c_list_pos_r_not_elem_hlist assms(1,2,4,5,8) by fastforce
+ then show ?thesis using c_list_A_pos_asi 0 1 assms(3,9) by fast
+next
+ case False
+ have 0: "ldeep_T f cf (rev A) > 0" using assms(1,2,4) ldeep_T_pos by fast
+ have r_first: "take 1 (A@U@V@B) = [r] \<and> take 1 (A@V@U@B) = [r]"
+ using assms(10) False by blast
+ then have "take 1 A = [r]" using assms(6-8) distinct_change_order_first_elem by metis
+ then have "r \<in> set A" by (metis List.list.set_intros(1) in_set_takeD)
+ then have 1: "r \<notin> set (U@V@B)" using assms(6) by auto
+ then have "r \<notin> set (rev U)" by simp
+ then have 2: "c_list f cf h r (rev U) > 0"
+ using c_list_pos_r_not_elem_hlist assms(1,2,4,5,7) by fastforce
+ have "r \<notin> set (rev V)" using 1 by simp
+ then have "c_list f cf h r (rev V) > 0"
+ using c_list_pos_r_not_elem_hlist assms(1,2,4,5,8) by fastforce
+ then show ?thesis using c_list_A_pos_asi 0 2 assms(3,9) by fast
+qed
+
+theorem c_out_asi_altproof:
+ assumes "sel_reasonable sf"
+ and "\<forall>x. cf x > 0"
+ and "c = c_list f cf h r"
+ and "f = (ldeep_s sf xs)"
+ and "h = (\<lambda>a. ldeep_s sf xs a * cf a)"
+ shows "asi (\<lambda>l. (ldeep_T f cf l - 1) / c l) r (c_list f cf h r)"
+ unfolding asi_def using c_out_asi_aux[OF assms] assms(3) by blast
+
+theorem c_out_asi_hlist:
+ assumes "sel_reasonable sf"
+ and "\<forall>x. cf x > 0"
+ and "c = c_list f cf h r"
+ and "f = (ldeep_s sf xs)"
+ and "h = create_h_list (\<lambda>xs x. (list_sel_aux' sf xs x) * cf x) xs"
+ shows "asi (\<lambda>l. (ldeep_T f cf l - 1) / c l) r (c_list f cf h r)"
+ unfolding asi_def using c_out_asi_aux_hlist[OF assms] assms(3) by blast
+
+lemma asi_if_asi': "asi rank r c \<Longrightarrow> asi' r c"
+ unfolding asi'_def asi_def by auto
+
+corollary c_out_asi':
+ assumes "sel_reasonable sf"
+ and "\<forall>x. cf x > 0"
+ and "f = (ldeep_s sf xs)"
+ and "h = (\<lambda>a. ldeep_s sf xs a * cf a)"
+ shows "asi' r (c_list f cf h r)"
+ using asi_if_asi' c_out_asi[OF assms(1,2)] assms(3,4) by fast
+
+corollary c_out_asi'_hlist:
+ assumes "sel_reasonable sf"
+ and "\<forall>x. cf x > 0"
+ and "f = (ldeep_s sf xs)"
+ and "h = create_h_list (\<lambda>xs x. (list_sel_aux' sf xs x) * cf x) xs"
+ shows "asi' r (c_list f cf h r)"
+ using asi_if_asi' c_out_asi_hlist[OF assms(1,2)] assms(3,4) by fast
+
+lemma c_out_asi''_aux:
+ assumes "sel_reasonable sf"
+ and "\<forall>x. cf x > 0"
+ and "c = c_list f cf h r"
+ and "f = (ldeep_s sf xs)"
+ and "h = create_h_list (\<lambda>xs x. (list_sel_aux' sf xs x) * cf x) xs"
+ and "distinct (A@U@V@B)"
+ and "U \<noteq> []"
+ and "V \<noteq> []"
+ and "rank = (\<lambda>l. (ldeep_T f cf l - 1) / c l)"
+ and "U \<noteq> [r]"
+ and "V \<noteq> [r]"
+ shows "(c (rev (A@U@V@B)) \<le> c (rev (A@V@U@B)) \<longleftrightarrow> rank (rev U) \<le> rank (rev V))"
+proof (cases "r \<notin> set (A@U@V@B)")
+ case True
+ have 0: "ldeep_T f cf (rev A) > 0" using assms(1,2,4) ldeep_T_pos by fast
+ have "r \<notin> set (rev U)" using True by simp
+ then have 1: "c_list f cf h r (rev U) > 0"
+ using c_list_pos_r_not_elem_hlist assms(1,2,4,5,7) by fastforce
+ have "r \<notin> set (rev V)" using True by simp
+ then have "c_list f cf h r (rev V) > 0"
+ using c_list_pos_r_not_elem_hlist assms(1,2,4,5,8) by fastforce
+ then show ?thesis using c_list_A_pos_asi 0 1 assms(3,9) by fast
+next
+ case False
+ have 0: "ldeep_T f cf (rev A) > 0" using assms(1,2,4) ldeep_T_pos by fast
+ have 2: "c_list f cf h r (rev U) > 0"
+ using c_list_pos_not_root_hlist assms(1,2,4-7,10) by fastforce
+ have "c_list f cf h r (rev V) > 0"
+ using c_list_pos_not_root_hlist assms(1,2,4-6,8,11) by fastforce
+ then show ?thesis using c_list_A_pos_asi 0 2 assms(3,9) by fast
+qed
+
+theorem c_out_asi'':
+ assumes "sel_reasonable sf"
+ and "\<forall>x. cf x > 0"
+ and "c = c_list f cf h r"
+ and "f = (ldeep_s sf xs)"
+ and "h = create_h_list (\<lambda>xs x. (list_sel_aux' sf xs x) * cf x) xs"
+ shows "asi'' (\<lambda>l. (ldeep_T f cf l - 1) / c l) r (c_list f cf h r)"
+ unfolding asi''_def using c_out_asi''_aux[OF assms] assms(3) by blast
+
+subsubsection \<open>Additional ASI Proofs\<close>
+
+lemma asi_le_iff_notr:
+ "\<lbrakk>asi rank r cost; U \<noteq> []; V \<noteq> []; r \<notin> set (A @ U @ V @ B); distinct (A @ U @ V @ B)\<rbrakk>
+ \<Longrightarrow> rank (rev U) \<le> rank (rev V) \<longleftrightarrow> cost (rev (A@U@V@B)) \<le> cost (rev (A@V@U@B))"
+ unfolding asi_def by blast
+
+lemma asi_le_iff_rfst:
+ "\<lbrakk>asi rank r cost; U \<noteq> []; V \<noteq> [];
+ take 1 (A @ U @ V @ B) = [r]; take 1 (A @ V @ U @ B) = [r]; distinct (A @ U @ V @ B)\<rbrakk>
+ \<Longrightarrow> rank (rev U) \<le> rank (rev V) \<longleftrightarrow> cost (rev (A@U@V@B)) \<le> cost (rev (A@V@U@B))"
+ unfolding asi_def by blast
+
+lemma asi_le_notr:
+ "\<lbrakk>asi rank r cost; rank (rev U) \<le> rank (rev V); U\<noteq>[]; V\<noteq>[];
+ distinct (A@U@V@B); r \<notin> set (A@U@V@B)\<rbrakk>
+ \<Longrightarrow> cost (rev (A@U@V@B)) \<le> cost (rev (A@V@U@B))"
+ unfolding asi_def by blast
+
+lemma asi_le_rfst:
+ "\<lbrakk>asi rank r cost; rank (rev U) \<le> rank (rev V); U\<noteq>[]; V\<noteq>[]; distinct (A@U@V@B);
+ take 1 (A @ U @ V @ B) = [r]; take 1 (A @ V @ U @ B) = [r]\<rbrakk>
+ \<Longrightarrow> cost (rev (A@U@V@B)) \<le> cost (rev (A@V@U@B))"
+ unfolding asi_def by blast
+
+lemma asi_eq_notr:
+ assumes "asi rank r cost"
+ and "rank (rev U) = rank (rev V)"
+ and "U \<noteq> []"
+ and "V \<noteq> []"
+ and "r \<notin> set (A@U@V@B)"
+ and "distinct (A @ U @ V @ B)"
+ shows "cost (rev (A@U@V@B)) = cost (rev (A@V@U@B))"
+proof -
+ have 0: "distinct (A@V@U@B)" using assms(6) by auto
+ have 1: "r \<notin> set (A@V@U@B)" using assms(5) by auto
+ then show ?thesis
+ using asi_le_iff_notr[OF assms(1,3-6)] asi_le_iff_notr[OF assms(1,4,3) 1 0] assms(2) by simp
+qed
+
+lemma asi_eq_notr':
+ assumes "asi rank r cost"
+ and "cost (rev (A@U@V@B)) = cost (rev (A@V@U@B))"
+ and "U \<noteq> []"
+ and "V \<noteq> []"
+ and "r \<notin> set (A@U@V@B)"
+ and "distinct (A @ U @ V @ B)"
+ shows "rank (rev U) = rank (rev V)"
+proof -
+ have 0: "distinct (A@V@U@B)" using assms(6) by auto
+ have 1: "r \<notin> set (A@V@U@B)" using assms(5) by auto
+ show ?thesis
+ using asi_le_iff_notr[OF assms(1,3-6)] asi_le_iff_notr[OF assms(1,4,3) 1 0] assms(2) by simp
+qed
+
+lemma asi_eq_iff_notr:
+ "\<lbrakk>asi rank r cost; U \<noteq> []; V \<noteq> []; r \<notin> set (A@U@V@B); distinct (A@U@V@B)\<rbrakk>
+ \<Longrightarrow> rank (rev U) = rank (rev V) \<longleftrightarrow> cost (rev (A@U@V@B)) = cost (rev (A@V@U@B))"
+ using asi_eq_notr[of rank r cost] asi_eq_notr'[of rank r cost] by blast
+
+lemma asi_eq_rfst:
+ assumes "asi rank r cost"
+ and "rank (rev U) = rank (rev V)"
+ and "U \<noteq> []"
+ and "V \<noteq> []"
+ and "take 1 (A @ U @ V @ B) = [r]"
+ and "take 1 (A @ V @ U @ B) = [r]"
+ and "distinct (A @ U @ V @ B)"
+ shows "cost (rev (A@U@V@B)) = cost (rev (A@V@U@B))"
+proof -
+ have 0: "distinct (A@V@U@B)" using assms(7) by auto
+ show ?thesis
+ using asi_le_iff_rfst[OF assms(1,3-7)] asi_le_iff_rfst[OF assms(1,4,3,6,5) 0] assms(2) by simp
+qed
+
+lemma asi_eq_rfst':
+ assumes "asi rank r cost"
+ and "cost (rev (A@U@V@B)) = cost (rev (A@V@U@B))"
+ and "U \<noteq> []"
+ and "V \<noteq> []"
+ and "take 1 (A @ U @ V @ B) = [r]"
+ and "take 1 (A @ V @ U @ B) = [r]"
+ and "distinct (A @ U @ V @ B)"
+ shows "rank (rev U) = rank (rev V)"
+proof -
+ have 0: "distinct (A@V@U@B)" using assms(7) by auto
+ show ?thesis
+ using asi_le_iff_rfst[OF assms(1,3-7)] asi_le_iff_rfst[OF assms(1,4,3,6,5) 0] assms(2) by simp
+qed
+
+lemma asi_eq_iff_rfst:
+ "\<lbrakk>asi rank r cost; U \<noteq> []; V \<noteq> [];
+ take 1 (A @ U @ V @ B) = [r]; take 1 (A @ V @ U @ B) = [r]; distinct (A @ U @ V @ B)\<rbrakk>
+ \<Longrightarrow> rank (rev U) = rank (rev V) \<longleftrightarrow> cost (rev (A@U@V@B)) = cost (rev (A@V@U@B))"
+ using asi_eq_rfst[of rank r cost] asi_eq_rfst'[of rank r cost] by blast
+
+lemma asi_lt_iff_notr:
+ assumes "asi rank r cost"
+ and "U \<noteq> []" and "V \<noteq> []"
+ and "r \<notin> set (A @ U @ V @ B)"
+ and "distinct (A @ U @ V @ B)"
+ shows "rank (rev U) < rank (rev V) \<longleftrightarrow> cost (rev (A@U@V@B)) < cost (rev (A@V@U@B))"
+ using asi_le_iff_notr[OF assms] asi_eq_iff_notr[OF assms] by auto
+
+lemma asi_lt_iff_rfst:
+ assumes "asi rank r cost"
+ and "U \<noteq> []" and "V \<noteq> []"
+ and "take 1 (A @ U @ V @ B) = [r]"
+ and "take 1 (A @ V @ U @ B) = [r]"
+ and "distinct (A @ U @ V @ B)"
+ shows "rank (rev U) < rank (rev V) \<longleftrightarrow> cost (rev (A@U@V@B)) < cost (rev (A@V@U@B))"
+ using asi_le_iff_rfst[OF assms] asi_eq_iff_rfst[OF assms] by auto
+
+lemma asi_lt_notr:
+ "\<lbrakk>asi rank r cost; rank (rev U) < rank (rev V); U\<noteq>[]; V\<noteq>[];
+ distinct (A@U@V@B); r \<notin> set (A@U@V@B)\<rbrakk>
+ \<Longrightarrow> cost (rev (A@U@V@B)) < cost (rev (A@V@U@B))"
+ using asi_lt_iff_notr by fastforce
+
+lemma asi_lt_rfst:
+ "\<lbrakk>asi rank r cost; rank (rev U) < rank (rev V); U\<noteq>[]; V\<noteq>[]; distinct (A@U@V@B);
+ take 1 (A @ U @ V @ B) = [r]; take 1 (A @ V @ U @ B) = [r]\<rbrakk>
+ \<Longrightarrow> cost (rev (A@U@V@B)) < cost (rev (A@V@U@B))"
+ using asi_lt_iff_rfst by fastforce
+
+lemma asi''_simp_iff:
+ "\<lbrakk>asi'' rank r cost; U \<noteq> []; V \<noteq> []; U \<noteq> [r]; V \<noteq> [r]; distinct (A @ U @ V @ B)\<rbrakk>
+ \<Longrightarrow> rank (rev U) \<le> rank (rev V) \<longleftrightarrow> cost (rev (A@U@V@B)) \<le> cost (rev (A@V@U@B))"
+ unfolding asi''_def by blast
+
+lemma asi''_simp:
+ "\<lbrakk>asi'' rank r cost; rank (rev U) \<le> rank (rev V); U\<noteq>[]; V\<noteq>[]; distinct (A@U@V@B); U\<noteq>[r]; V\<noteq>[r]\<rbrakk>
+ \<Longrightarrow> cost (rev (A@U@V@B)) \<le> cost (rev (A@V@U@B))"
+ unfolding asi''_def by blast
+
+end
\ No newline at end of file
diff --git a/thys/Query_Optimization/Directed_Tree_Additions.thy b/thys/Query_Optimization/Directed_Tree_Additions.thy
new file mode 100644
--- /dev/null
+++ b/thys/Query_Optimization/Directed_Tree_Additions.thy
@@ -0,0 +1,1389 @@
+(* Author: Bernhard Stöckl *)
+
+theory Directed_Tree_Additions
+ imports "Graph_Additions" "Shortest_Path_Tree"
+begin
+
+section \<open>Directed Tree Additions\<close>
+
+context directed_tree
+begin
+
+lemma reachable1_not_reverse: "x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y \<Longrightarrow> \<not> y \<rightarrow>\<^sup>+\<^bsub>T\<^esub> x"
+ by (metis awalk_Nil_iff reachable1_awalk reachable1_in_verts(2) trancl_trans unique_awalk_All)
+
+lemma in_arcs_root: "in_arcs T root = {}"
+ using in_degree_root_zero by (auto simp: in_degree_def in_arcs_finite root_in_T)
+
+lemma dominated_not_root: "u \<rightarrow>\<^bsub>T\<^esub> v \<Longrightarrow> v \<noteq> root"
+ using adj_in_verts(1) reachable1_not_reverse reachable_from_root by blast
+
+lemma dominated_notin_awalk: "\<lbrakk>u \<rightarrow>\<^bsub>T\<^esub> v; awalk r p u\<rbrakk> \<Longrightarrow> v \<notin> set (awalk_verts r p)"
+ using awalk_verts_reachable_to reachable1_not_reverse by blast
+
+lemma apath_if_awalk: "awalk r p v \<Longrightarrow> apath r p v"
+ using apath_def awalk_cyc_decompE' closed_w_imp_cycle cycle_free by blast
+
+lemma awalk_verts_arc1_app: "tail T e \<in> set (awalk_verts r (p1@e#p2))"
+ using awalk_verts_arc1 by auto
+
+lemma apath_over_inarc_if_dominated:
+ assumes "u \<rightarrow>\<^bsub>T\<^esub> v"
+ shows "\<exists>p. apath root p v \<and> u \<in> set (awalk_verts root p)"
+proof -
+ obtain p where p_def: "awalk root p u" using assms unique_awalk by force
+ obtain e where e_def: "e \<in> arcs T" "tail T e = u" "head T e = v" using assms by blast
+ then have "awalk root (p@[e]) v" using p_def arc_implies_awalk by auto
+ then show ?thesis using apath_if_awalk e_def(2) awalk_verts_arc1_app by blast
+qed
+
+end
+
+locale finite_directed_tree = directed_tree + fin_digraph T
+
+text \<open>
+ Undirected, connected graphs are acyclic iff the number of edges is |verts| - 1. Since undirected
+ graphs are modelled as bidirected graphs the number of edges is doubled.
+\<close>
+
+locale undirected_tree = graph +
+ assumes connected: "connected G"
+ and acyclic: "card (arcs G) \<le> 2 * (card (verts G) - 1)"
+
+subsection \<open>Directed Trees of Connected Trees\<close>
+
+subsubsection \<open>Tranformation using BFS\<close>
+
+text \<open>
+ Assumes existence of a conversion function (like BFS) that contains all reachable vertices.
+\<close>
+
+locale bfs_tree = directed_tree T root + subgraph T G for G T root +
+ assumes root_in_G: "root \<in> verts G"
+ and all_reachables: "verts T = {v. root \<rightarrow>\<^sup>*\<^bsub>G\<^esub> v}"
+begin
+
+lemma dom_in_G: "u \<rightarrow>\<^bsub>T\<^esub> v \<Longrightarrow> u \<rightarrow>\<^bsub>G\<^esub> v"
+ by (simp add: G.adj_mono sub_G)
+
+lemma tailT_eq_tailG: "tail T = tail G"
+ using sub_G by (simp add: Digraph_Component.subgraph_def compatible_def)
+
+lemma headT_eq_headG: "head T = head G"
+ using sub_G by (simp add: Digraph_Component.subgraph_def compatible_def)
+
+lemma verts_T_subset_G: "verts T \<subseteq> verts G"
+ by (metis awalk_sub_imp_awalk G.awalk_last_in_verts subsetI unique_awalk)
+
+lemma reachable_verts_G_subset_T:
+ "\<forall>x\<in>verts G. root \<rightarrow>\<^sup>*\<^bsub>G\<^esub> x \<Longrightarrow> verts T \<supseteq> verts G"
+ using all_reachables by (simp add: subset_eq)
+
+lemma reachable_verts_G_eq_T: "\<forall>x\<in>verts G. root \<rightarrow>\<^sup>*\<^bsub>G\<^esub> x \<Longrightarrow> verts T = verts G"
+ by (simp add: reachable_verts_G_subset_T set_eq_subset verts_T_subset_G)
+
+lemma connected_verts_G_eq_T:
+ assumes "graph G" and "connected G"
+ shows "verts T = verts G"
+proof -
+ have "root \<in> verts G" using root_in_G by fast
+ then have "\<forall>x\<in>verts G. root \<rightarrow>\<^sup>*\<^bsub>G\<^esub> x" using graph.connected_iff_reachable assms(1,2) by blast
+ then show ?thesis using reachable_verts_G_eq_T by blast
+qed
+
+lemma Suc_card_if_fin: "fin_digraph G \<Longrightarrow> \<exists>n. Suc n = card (verts G)"
+ using root_in_G card_0_eq not0_implies_Suc[of "card (verts G)"] fin_digraph.finite_verts by force
+
+corollary Suc_card_if_graph: "graph G \<Longrightarrow> \<exists>n. Suc n = card (verts G)"
+ using Suc_card_if_fin graph.axioms(1) digraph.axioms(1) by blast
+
+lemma con_Suc_card_arcs_eq_card_verts:
+ "\<lbrakk>graph G; connected G\<rbrakk> \<Longrightarrow> Suc (card (arcs T)) = card (verts G)"
+ using Suc_card_arcs_eq_card_verts connected_verts_G_eq_T Suc_card_if_graph by fastforce
+
+lemma reverse_arc_in_G:
+ assumes "graph G" and "e1 \<in> arcs T"
+ shows "\<exists>e2 \<in> arcs G. head G e2 = tail G e1 \<and> head G e1 = tail G e2"
+proof -
+ interpret graph G using assms(1) .
+ have "e1 \<in> arcs G" using assms(2) sub_G by blast
+ then show ?thesis using sym_arcs symmetric_conv by fastforce
+qed
+
+lemma reverse_arc_notin_T:
+ assumes "e1 \<in> arcs T" and "head G e2 = tail G e1" and "head G e1 = tail G e2"
+ shows "e2 \<notin> arcs T"
+proof
+ assume asm: "e2 \<in> arcs T"
+ then have "tail T e2 \<rightarrow>\<^bsub>T\<^esub> head T e2" by (simp add: in_arcs_imp_in_arcs_ends)
+ then have "head G e1 \<rightarrow>\<^bsub>T\<^esub> tail G e1"
+ using assms(2,3) sub_G by(simp add: Digraph_Component.subgraph_def compatible_def)
+ moreover have "tail G e1 \<rightarrow>\<^bsub>T\<^esub> head G e1"
+ using assms(1) sub_G
+ by(simp add: Digraph_Component.subgraph_def compatible_def in_arcs_imp_in_arcs_ends)
+ ultimately show False using reachable1_not_reverse by blast
+qed
+
+lemma reverse_arc_in_G_only:
+ assumes "graph G" and "e1 \<in> arcs T"
+ shows "\<exists>e2 \<in> arcs G. head G e2 = tail G e1 \<and> head G e1 = tail G e2 \<and> e2 \<notin> arcs T"
+ using reverse_arc_in_G reverse_arc_notin_T assms by blast
+
+lemma no_multi_T_G:
+ assumes "e1 \<in> arcs T" and "e2 \<in> arcs T" and "e1 \<noteq> e2"
+ shows "head G e1 \<noteq> head G e2 \<or> tail G e1 \<noteq> tail G e2"
+ using nomulti.no_multi_arcs assms sub_G
+ by(auto simp: Digraph_Component.subgraph_def compatible_def arc_to_ends_def)
+
+lemma T_arcs_compl_fin:
+ assumes "fin_digraph G" and "es \<subseteq> arcs T"
+ shows "finite {e2\<in> arcs G. (\<exists>e1 \<in> es. head G e2 = tail G e1 \<and> head G e1 = tail G e2)}"
+ using assms fin_digraph.finite_arcs by fastforce
+
+corollary T_arcs_compl_fin':
+ assumes "graph G" and "es \<subseteq> arcs T"
+ shows "finite {e2\<in> arcs G. (\<exists>e1 \<in> es. head G e2 = tail G e1 \<and> head G e1 = tail G e2)}"
+ using assms T_arcs_compl_fin graph.axioms(1) digraph.axioms(1) by blast
+
+lemma fin_verts_T: "fin_digraph G \<Longrightarrow> finite (verts T)"
+ using fin_digraph.finite_verts finite_subset verts_T_subset_G by auto
+
+corollary fin_verts_T': "graph G \<Longrightarrow> finite (verts T)"
+ using fin_verts_T graph.axioms(1) digraph.axioms(1) by blast
+
+lemma fin_arcs_T: "fin_digraph G \<Longrightarrow> finite (arcs T)"
+ using fin_verts_T verts_finite_imp_arcs_finite by auto
+
+corollary fin_arcs_T': "graph G \<Longrightarrow> finite (arcs T)"
+ using fin_arcs_T graph.axioms(1) digraph.axioms(1) by blast
+
+lemma T_arcs_compl_card_eq:
+ assumes "graph G" and "es \<subseteq> arcs T"
+ shows "card {e2\<in> arcs G. (\<exists>e1 \<in> es. head G e2 = tail G e1 \<and> head G e1 = tail G e2)} = card es"
+ using finite_subset[OF assms(2) fin_arcs_T'[OF assms(1)]] assms
+proof(induction es rule: finite_induct)
+ case (insert e1 es)
+ let ?ees = "{e2 \<in> arcs G. \<exists>e1\<in>insert e1 es. head G e2 = tail G e1 \<and> head G e1 = tail G e2}"
+ let ?es = "{e2 \<in> arcs G. \<exists>e1\<in>es. head G e2 = tail G e1 \<and> head G e1 = tail G e2}"
+ obtain e2 where e2_def: "e2 \<in> arcs G" "head G e2 = tail G e1" "head G e1 = tail G e2"
+ using reverse_arc_in_G_only insert.prems by blast
+ then have e2_notin: "e2 \<notin> {e2 \<in> arcs G. \<exists>e1\<in>es. head G e2 = tail G e1 \<and> head G e1 = tail G e2}"
+ using insert.hyps(2) insert.prems(2) no_multi_T_G by fastforce
+ have "\<forall>e3 \<in> arcs G. e2 = e3 \<or> head G e3 \<noteq> head G e2 \<or> tail G e3 \<noteq> tail G e2"
+ using e2_def(1) nomulti_digraph.no_multi_alt digraph.axioms(3) graph.axioms(1) insert.prems(1)
+ by fast
+ then have "?ees = insert e2 ?es" using e2_def by auto
+ moreover have "finite ?es" using insert.prems T_arcs_compl_fin' by simp
+ ultimately have "card ?ees = Suc (card ?es)" using e2_notin by simp
+ then show ?case using insert by force
+qed(simp)
+
+lemma arcs_graph_G_ge_2vertsT:
+ assumes "graph G"
+ shows "card (arcs G) \<ge> 2 * (card (verts T) - 1)"
+proof -
+ let ?compl = "{e2\<in> arcs G. (\<exists>e1 \<in> arcs T. head G e2 = tail G e1 \<and> head G e1 = tail G e2)}"
+ interpret graph G by (rule assms)
+ have "\<forall>e1 \<in> arcs T. \<exists>e2 \<in> arcs G. head G e2 = tail G e1 \<and> head G e1 = tail G e2"
+ using reverse_arc_in_G_only assms by blast
+ have fin1: "finite ?compl" by simp
+ have "?compl \<inter> arcs T = {}" using reverse_arc_notin_T by blast
+ then have "card (?compl \<union> arcs T) = card ?compl + card (arcs T)"
+ using card_Un_disjoint[OF fin1 fin_arcs_T'] by blast
+ moreover have "?compl \<union> arcs T \<subseteq> arcs G" using sub_G by blast
+ moreover have "finite (arcs G)" by simp
+ ultimately have "card ?compl + card (arcs T) \<le> card (arcs G)"
+ using card_mono[of "arcs G" "?compl \<union> arcs T"] by presburger
+ moreover have "card (arcs T) = (card (verts T) - 1)"
+ using Suc_card_arcs_eq_card_verts assms by (simp add: fin_verts_T')
+ ultimately show ?thesis using T_arcs_compl_card_eq by fastforce
+qed
+
+lemma arcs_graph_G_ge_2vertsG:
+ "\<lbrakk>graph G; connected G\<rbrakk> \<Longrightarrow> card (arcs G) \<ge> 2 * (card (verts G) - 1)"
+ using arcs_graph_G_ge_2vertsT connected_verts_G_eq_T by simp
+
+lemma arcs_undir_G_eq_2vertsG:
+ "\<lbrakk>undirected_tree G\<rbrakk> \<Longrightarrow> card (arcs G) = 2 * (card (verts G) - 1)"
+ using arcs_graph_G_ge_2vertsG undirected_tree.acyclic undirected_tree.axioms(1)
+ undirected_tree.connected by fastforce
+
+lemma undir_arcs_compl_un_eq_arcs:
+ assumes "undirected_tree G"
+ shows "{e2\<in> arcs G. (\<exists>e1 \<in> arcs T. head G e2 = tail G e1 \<and> head G e1 = tail G e2)} \<union> arcs T
+ = arcs G"
+proof -
+ let ?compl = "{e2\<in> arcs G. (\<exists>e1 \<in> arcs T. head G e2 = tail G e1 \<and> head G e1 = tail G e2)}"
+ interpret undirected_tree G using assms(1) undirected_tree.axioms(1) by fast
+ have "?compl \<inter> arcs T = {}" using reverse_arc_notin_T by blast
+ then have 0: "card (?compl \<union> arcs T) = card ?compl + card (arcs T)"
+ by (simp add: card_Un_disjoint fin_arcs_T' graph_axioms)
+ have "card (arcs T) = (card (verts T) - 1)"
+ using Suc_card_arcs_eq_card_verts by (simp add: fin_verts_T' graph_axioms)
+ then have "card ?compl + card (arcs T) = 2 * (card (verts G) - 1)"
+ using T_arcs_compl_card_eq connected_verts_G_eq_T connected by fastforce
+ moreover have "card (arcs G) = 2 * (card (verts G) - 1)"
+ using assms arcs_undir_G_eq_2vertsG by blast
+ moreover have "?compl \<union> arcs T \<subseteq> arcs G" using sub_G by blast
+ ultimately show ?thesis by (simp add: 0 card_subset_eq)
+qed
+
+lemma split_fst_nonelem:
+ "\<lbrakk>\<not>set xs \<subseteq> X; set xs \<subseteq> Y\<rbrakk> \<Longrightarrow> \<exists>x ys zs. ys@x#zs=xs \<and> x \<notin> X \<and> x \<in> Y \<and> set ys \<subseteq> X"
+proof(induction xs)
+ case (Cons x xs)
+ then show ?case
+ proof(cases "x \<in> X")
+ case True
+ then obtain z ys zs where ys_def: "ys@z#zs=xs" "z \<notin> X" "z \<in> Y" "set ys \<subseteq> X" using Cons by auto
+ then have "set (x#ys) \<subseteq> X" using True by simp
+ then show ?thesis using ys_def(1-3) append_Cons by fast
+ next
+ case False
+ then show ?thesis using Cons.prems(2) by fastforce
+ qed
+qed(simp)
+
+lemma source_no_inarc_T: "head G e = root \<Longrightarrow> e \<notin> arcs T"
+ using in_arcs_root sub_G by (auto simp: Digraph_Component.subgraph_def compatible_def)
+
+lemma source_all_outarcs_T:
+ "\<lbrakk>undirected_tree G; tail G e = root; e \<in> arcs G\<rbrakk> \<Longrightarrow> e \<in> arcs T"
+ using source_no_inarc_T undir_arcs_compl_un_eq_arcs by blast
+
+lemma cas_G_T: "G.cas = cas"
+ using sub_G compatible_cas by fastforce
+
+lemma awalk_G_T: "u \<in> verts T \<Longrightarrow> set p \<subseteq> arcs T \<Longrightarrow> G.awalk u p = awalk u p"
+ using cas_G_T awalk_def G.awalk_def sub_G by fastforce
+
+corollary awalk_G_T_root: "set p \<subseteq> arcs T \<Longrightarrow> G.awalk root p = awalk root p"
+ using awalk_G_T root_in_T by blast
+
+lemma awalk_verts_G_T: "G.awalk_verts = awalk_verts"
+ using sub_G compatible_awalk_verts by blast
+
+lemma apath_sub_imp_apath: "apath u p v \<Longrightarrow> G.apath u p v"
+ by (simp add: G.apath_def apath_def awalk_sub_imp_awalk awalk_verts_G_T)
+
+lemma outarc_inT_if_head_not_inarc:
+ assumes "undirected_tree G"
+ and "tail G e2 = v" and "e2 \<in> arcs G" and "head G e2 \<noteq> u" and "u \<rightarrow>\<^bsub>T\<^esub> v"
+ shows "e2 \<in> arcs T"
+proof (rule ccontr)
+ let ?compl = "{e2\<in> arcs G. (\<exists>e1 \<in> arcs T. head G e2 = tail G e1 \<and> head G e1 = tail G e2)}"
+ assume "e2 \<notin> arcs T"
+ then have "e2 \<in> ?compl" using assms(3) undir_arcs_compl_un_eq_arcs[OF assms(1)] by blast
+ then obtain e1 where e1_def: "e1 \<in> arcs T" "head G e2 = tail T e1" "head T e1 = v"
+ using sub_G assms(2) by (auto simp: Digraph_Component.subgraph_def compatible_def)
+ obtain e where "e \<in> arcs T" "tail T e = u" "head T e = v" using assms(5) by blast
+ then show False using two_in_arcs_contr e1_def assms(4) by blast
+qed
+
+corollary reverse_arc_if_out_arc_undir:
+ "\<lbrakk>undirected_tree G; tail G e2 = v; e2 \<in> arcs G; e2 \<notin> arcs T; u \<rightarrow>\<^bsub>T\<^esub> v\<rbrakk> \<Longrightarrow> head G e2 = u"
+ using outarc_inT_if_head_not_inarc by blast
+
+lemma undir_path_in_dir:
+ assumes "undirected_tree G" "G.apath root p v"
+ shows "set p \<subseteq> arcs T"
+proof (rule ccontr)
+ assume asm: "\<not>set p \<subseteq> arcs T"
+ have "set p \<subseteq> arcs G" using assms(2) G.apath_def G.awalk_def by fast
+ then obtain e p1 p2 where e_def: "p1 @ e # p2 = p" "e \<notin> arcs T" "e \<in> arcs G" "set p1 \<subseteq> arcs T"
+ using split_fst_nonelem[OF asm, of "arcs G"] by auto
+ show False
+ proof(cases "p1=[]")
+ case True
+ then have "tail G e = root" using assms(2) e_def(1) G.apath_Cons_iff by auto
+ then show ?thesis using source_all_outarcs_T[OF assms(1)] e_def(2,3) by blast
+ next
+ case False
+ then have awalk_G: "G.awalk root (p1 @ e # p2) v"
+ using assms(2) pre_digraph.apath_def e_def(1) by fast
+ then have "G.awalk root p1 (tail G e)" by force
+ then have awalk_p1T: "awalk root p1 (tail T e)"
+ using e_def(4) sub_G cas_G_T root_in_T
+ by (simp add: Digraph_Component.subgraph_def pre_digraph.awalk_def compatible_def)
+ then have "root \<rightarrow>\<^sup>+\<^bsub>T\<^esub> tail T e" using False reachable1_awalkI by auto
+ then obtain u where u_def: "u \<rightarrow>\<^bsub>T\<^esub> tail T e" using tranclD2 by metis
+ have "tail T e = tail G e"
+ using sub_G by (simp add: Digraph_Component.subgraph_def compatible_def)
+ then have hd_e_u: "head G e = u"
+ using reverse_arc_if_out_arc_undir[OF assms(1)] u_def e_def(2,3) by simp
+ have "head T (last p1) = tail T e" using False awalk_p1T awalk_verts_conv by fastforce
+ then have "tail T (last p1) = u"
+ using False u_def e_def(4) two_in_arcs_contr last_in_set by fastforce
+ then have 0: "tail G (last p1) = u"
+ using sub_G by (simp add: Digraph_Component.subgraph_def compatible_def)
+ obtain ps where "ps @ [last p1] = p1" using False append_butlast_last_id by auto
+ then have ps_def: "ps @ [last p1] @ e # p2 = p" using e_def by auto
+ then have awalk_G: "G.awalk root (ps @ [last p1] @ e # p2) v"
+ using assms(2) by (simp add: pre_digraph.apath_def)
+ have "\<not>(distinct (G.awalk_verts root p))"
+ using G.not_distinct_if_head_eq_tail[OF 0 hd_e_u awalk_G] ps_def by simp
+ then show ?thesis using assms(2) G.apath_def by blast
+ qed
+qed
+
+lemma source_reach_all: "\<lbrakk>graph G; connected G; v \<in> verts G\<rbrakk> \<Longrightarrow> root \<rightarrow>\<^sup>*\<^bsub>G\<^esub> v"
+ by (simp add: graph.connected_iff_reachable root_in_G)
+
+lemma apath_if_in_verts: "\<lbrakk>graph G; connected G; v \<in> verts G\<rbrakk> \<Longrightarrow> \<exists>p. G.apath root p v"
+ using G.reachable_apath by (simp add: graph.connected_iff_reachable root_in_G)
+
+lemma undir_unique_awalk: "\<lbrakk>undirected_tree G; v \<in> verts G\<rbrakk> \<Longrightarrow> \<exists>!p. G.apath root p v"
+ using undir_path_in_dir apath_if_in_verts awalk_G_T_root Suc_card_if_graph
+ by (metis G.awalkI_apath unique_awalk_All undirected_tree.axioms(1) undirected_tree.connected)
+
+lemma apath_in_dir_if_apath_G:
+ assumes "undirected_tree G" "G.apath root p v"
+ shows "apath root p v"
+ using undir_path_in_dir[OF assms] assms(2) G.awalkI_apath apath_if_awalk awalk_G_T_root by force
+
+end
+
+locale bfs_locale =
+ fixes bfs :: "('a, 'b) pre_digraph \<Rightarrow> 'a \<Rightarrow> ('a, 'b) pre_digraph"
+ assumes bfs_correct: "\<lbrakk>wf_digraph G; r \<in> verts G; bfs G r = T\<rbrakk> \<Longrightarrow> bfs_tree G T r"
+
+locale undir_tree_todir = undirected_tree G + bfs_locale bfs
+ for G :: "('a, 'b) pre_digraph"
+ and bfs :: "('a, 'b) pre_digraph \<Rightarrow> 'a \<Rightarrow> ('a, 'b) pre_digraph"
+begin
+
+abbreviation dir_tree_r :: "'a \<Rightarrow> ('a, 'b) pre_digraph" where
+ "dir_tree_r \<equiv> bfs G"
+
+lemma directed_tree_r: "r \<in> verts G \<Longrightarrow> directed_tree (dir_tree_r r) r"
+ using bfs_correct bfs_tree.axioms(1) wf_digraph_axioms by fast
+
+lemma bfs_dir_tree_r: "r \<in> verts G \<Longrightarrow> bfs_tree G (dir_tree_r r) r"
+ using bfs_correct wf_digraph_axioms by blast
+
+lemma dir_tree_r_dom_in_G: "r \<in> verts G \<Longrightarrow> u \<rightarrow>\<^bsub>dir_tree_r r\<^esub> v \<Longrightarrow> u \<rightarrow>\<^bsub>G\<^esub> v "
+ using bfs_dir_tree_r bfs_tree.dom_in_G by fast
+
+lemma verts_nempty: "verts G \<noteq> {}"
+ using connected connected_iff_reachable by auto
+
+lemma card_gt0: "card (verts G) > 0"
+ using verts_nempty by auto
+
+lemma Suc_card_1_eq_card[intro]: "Suc (card (verts G) - 1) = card (verts G)"
+ using card_gt0 by simp
+
+lemma verts_dir_tree_r_eq[simp]: "r \<in> verts G \<Longrightarrow> verts (dir_tree_r r) = verts G"
+ using bfs_tree.connected_verts_G_eq_T[OF bfs_dir_tree_r graph_axioms connected] by blast
+
+lemma tail_dir_tree_r_eq: "r \<in> verts G \<Longrightarrow> tail (dir_tree_r r) e = tail G e"
+ using bfs_tree.tailT_eq_tailG[OF bfs_dir_tree_r] by simp
+
+lemma head_dir_tree_r_eq: "r \<in> verts G \<Longrightarrow> head (dir_tree_r r) e = head G e"
+ using bfs_tree.headT_eq_headG[OF bfs_dir_tree_r] by simp
+
+lemma awalk_verts_G_T: "r \<in> verts G \<Longrightarrow> awalk_verts = pre_digraph.awalk_verts (dir_tree_r r)"
+ using bfs_tree.awalk_verts_G_T bfs_dir_tree_r by fastforce
+
+lemma dir_tree_r_all_reach: "\<lbrakk>r \<in> verts G; v \<in> verts G\<rbrakk> \<Longrightarrow> r \<rightarrow>\<^sup>*\<^bsub>dir_tree_r r\<^esub> v"
+ using directed_tree.reachable_from_root directed_tree_r verts_dir_tree_r_eq by fast
+
+lemma fin_verts_dir_tree_r_eq: "r \<in> verts G \<Longrightarrow> finite (verts (dir_tree_r r))"
+ using verts_dir_tree_r_eq by auto
+
+lemma fin_arcs_dir_tree_r_eq: "r \<in> verts G \<Longrightarrow> finite (arcs (dir_tree_r r))"
+ using fin_verts_dir_tree_r_eq directed_tree.verts_finite_imp_arcs_finite directed_tree_r
+ by fast
+
+lemma fin_directed_tree_r: "r \<in> verts G \<Longrightarrow> finite_directed_tree (dir_tree_r r) r"
+ unfolding finite_directed_tree_def fin_digraph_def fin_digraph_axioms_def
+ using directed_tree.axioms(1) directed_tree_r fin_arcs_dir_tree_r_eq verts_dir_tree_r_eq
+ by force
+
+lemma arcs_eq_2verts: "card (arcs G) = 2 * (card (verts G) - 1)"
+ using bfs_tree.arcs_undir_G_eq_2vertsG[OF bfs_dir_tree_r undirected_tree_axioms] card_gt0
+ by fastforce
+
+lemma arcs_compl_un_eq_arcs:
+ "r \<in> verts G \<Longrightarrow>
+ {e2 \<in> arcs G. \<exists>e1\<in>arcs (dir_tree_r r). head G e2 = tail G e1 \<and> head G e1 = tail G e2}
+ \<union> arcs (dir_tree_r r) = arcs G"
+ using bfs_tree.undir_arcs_compl_un_eq_arcs[OF bfs_dir_tree_r undirected_tree_axioms] by blast
+
+lemma unique_apath: "\<lbrakk>u \<in> verts G; v \<in> verts G\<rbrakk> \<Longrightarrow> \<exists>!p. apath u p v"
+ using bfs_tree.undir_unique_awalk[OF bfs_dir_tree_r undirected_tree_axioms] by blast
+
+lemma apath_in_dir_if_apath_G: "apath r p v \<Longrightarrow> pre_digraph.apath (dir_tree_r r) r p v"
+ using bfs_tree.apath_in_dir_if_apath_G bfs_dir_tree_r undirected_tree_axioms awalkI_apath
+ by fast
+
+lemma apath_verts_sub_awalk:
+ "\<lbrakk>apath u p1 v; awalk u p2 v\<rbrakk> \<Longrightarrow> set (awalk_verts u p1) \<subseteq> set (awalk_verts u p2)"
+ using unique_apath_verts_sub_awalk unique_apath by blast
+
+lemma dir_tree_arc1_in_apath:
+ assumes "u \<rightarrow>\<^bsub>dir_tree_r r\<^esub> v" and "r \<in> verts G"
+ shows "\<exists>p. apath r p v \<and> u \<in> set (awalk_verts r p)"
+ using directed_tree.apath_over_inarc_if_dominated[OF directed_tree_r[OF assms(2)] assms(1)]
+ bfs_tree.apath_sub_imp_apath bfs_dir_tree_r[OF assms(2)] bfs_tree.awalk_verts_G_T
+ by fastforce
+
+lemma dir_tree_arc1_in_awalk:
+ "\<lbrakk>u \<rightarrow>\<^bsub>dir_tree_r r\<^esub> v; r \<in> verts G; awalk r p v\<rbrakk> \<Longrightarrow> u \<in> set (awalk_verts r p)"
+ using dir_tree_arc1_in_apath apath_verts_sub_awalk by blast
+
+end
+
+subsubsection \<open>Tranformation using PSP-Trees\<close>
+
+(* Alternative to bfs_tree *)
+
+text \<open>
+ Assumes existence of a conversion function that contains the n nearest nodes. This sections proves
+ that such a generated tree contains all vertices in a connected graph.
+\<close>
+
+locale find_psp_tree_locale =
+ fixes find_psp_tree :: "('a, 'b) pre_digraph \<Rightarrow> ('b \<Rightarrow> real) \<Rightarrow> 'a \<Rightarrow> nat \<Rightarrow> ('a, 'b) pre_digraph"
+ assumes find_psp_tree: "\<lbrakk>r \<in> verts G; find_psp_tree G w r n = T\<rbrakk> \<Longrightarrow> psp_tree G T w r n"
+
+context psp_tree
+begin
+
+lemma dom_in_G: "u \<rightarrow>\<^bsub>T\<^esub> v \<Longrightarrow> u \<rightarrow>\<^bsub>G\<^esub> v"
+ by (simp add: G.adj_mono sub_G)
+
+lemma tailT_eq_tailG: "tail T = tail G"
+ using sub_G by (simp add: Digraph_Component.subgraph_def compatible_def)
+
+lemma headT_eq_headG: "head T = head G"
+ using sub_G by (simp add: Digraph_Component.subgraph_def compatible_def)
+
+lemma verts_T_subset_G: "verts T \<subseteq> verts G"
+ by (metis awalk_sub_imp_awalk G.awalk_last_in_verts subsetI unique_awalk)
+
+lemma reachable_verts_G_subset_T:
+ assumes "fin_digraph G"
+ and "\<forall>x\<in>verts G. source \<rightarrow>\<^sup>*\<^bsub>G\<^esub> x"
+ and "Suc n = card (verts G)"
+ shows "verts T \<supseteq> verts G"
+proof(cases "card (verts G)")
+ case 0
+ have "finite (verts G)" using fin_digraph.finite_verts graph_def assms(1) by blast
+ then show ?thesis using assms(3) 0 by simp
+next
+ case (Suc n)
+ then have r_in_G: "source \<in> verts G" using source_in_G assms by blast
+ show ?thesis
+ proof(cases "n=0")
+ case True
+ then have "card (verts G) = 1" using assms(3) Suc by auto
+ then have "verts G = {source}" using mem_card1_singleton r_in_G by fast
+ then show ?thesis
+ using ex_sp_eq_dia in_sccs_verts_conv_reachable insert_not_empty G.reachable_in_verts(1)
+ by (metis G.reachable_mono non_empty reachable_refl sccs_verts_subsets singleton_iff sub_G)
+ next
+ case False
+ then obtain n' where n'_def[simp]: "n' = n - 1 \<and> n \<noteq> n'" by simp
+ show ?thesis
+ proof(rule ccontr)
+ assume "\<not>(verts T \<supseteq> verts G)"
+ then have strict_sub: "verts T \<subset> verts G" using psp_tree_axioms verts_T_subset_G by fast
+ then obtain x where x_def: "x \<notin> verts T \<and> x \<in> verts G" by blast
+ then have x_reach: "source \<rightarrow>\<^sup>*\<^bsub>G\<^esub> x" using assms(2) by simp
+ have "finite (verts G)" using fin_digraph.finite_verts graph_def assms(1) by blast
+ with strict_sub have T_lt_G: "card (verts T) < card (verts G)" by (simp add: psubset_card_mono)
+ then have T_le_n: "card (verts T) \<le> n" using Suc assms(3) by simp
+ have "G.n_nearest_verts w source n (verts T)"
+ using Suc assms(3) partial by simp
+ then have 1: "G.n_nearest_verts w source (Suc n') (verts T)" using n'_def by simp
+ then obtain U where U_def[simp]: "U \<subseteq> verts T \<and> G.n_nearest_verts w source n' U"
+ using Zero_not_Suc diff_Suc_1 equalityE G.nnvs_ind_cases subset_insertI by metis
+ then show "False"
+ proof(cases "G.unvisited_verts source U \<noteq> {}")
+ case True
+ then have "card U \<ge> Suc n'" using U_def fin_digraph.nnvs_card_ge_n assms(1) by fast
+ then have U_Suc_n': "card U = Suc n'" using 1 U_def G.nnvs_card_le_n by force
+ have "G.nearest_vert w source U \<in> G.unvisited_verts source U"
+ using True assms(1) by (simp add: fin_digraph.nearest_vert_unvis)
+ then have "G.nearest_vert w source U \<notin> U" using G.unvisited_verts_def by simp
+ then have U_ins_Suc2_n': "card (insert (G.nearest_vert w source U) U) = Suc (Suc n')"
+ using U_Suc_n' card_Suc_eq by blast
+ have "card (verts T) \<le> Suc n'" using T_le_n by simp
+ moreover have "card U \<le> card (verts T)" by (simp add: card_mono)
+ ultimately have T_Suc_n': "card (verts T) = Suc n'" using U_Suc_n' by simp
+ then have U_eq_T: "U = verts T" by (simp add: U_Suc_n' card_seteq)
+ have "card (insert (G.nearest_vert w source U) U) = card (verts T)"
+ using True U_eq_T U_ins_Suc2_n' 1 by (metis fin_digraph.nnvs_card_eq_n assms(1))
+ then show ?thesis using T_Suc_n' U_ins_Suc2_n' by linarith
+ next
+ case False
+ have "x \<notin> U" using x_def U_def by blast
+ then have "G.unvisited_verts source U \<noteq> {}"
+ using G.unvisited_verts_def x_def x_reach by blast
+ then show ?thesis using False by simp
+ qed
+ qed
+ qed
+qed
+
+lemma reachable_verts_G_eq_T:
+ "\<lbrakk>fin_digraph G; \<forall>x\<in>verts G. source \<rightarrow>\<^sup>*\<^bsub>G\<^esub> x; Suc n = card (verts G)\<rbrakk> \<Longrightarrow> verts T = verts G"
+ by (simp add: reachable_verts_G_subset_T set_eq_subset verts_T_subset_G)
+
+lemma connected_verts_G_eq_T:
+ assumes "graph G"
+ and "connected G"
+ and "Suc n = card (verts G)"
+ shows "verts T = verts G"
+proof -
+ have 0: "fin_digraph G" using assms(1) graph.axioms(1) digraph.axioms(1) by blast
+ have "source \<in> verts G" using source_in_G by fast
+ then have "\<forall>x\<in>verts G. source \<rightarrow>\<^sup>*\<^bsub>G\<^esub> x" using graph.connected_iff_reachable assms(1,2) by blast
+ then show ?thesis using assms(3) reachable_verts_G_eq_T 0 by blast
+qed
+
+lemma con_Suc_card_arcs_eq_card_verts:
+ assumes "graph G"
+ and "connected G"
+ and "Suc n = card (verts G)"
+ shows "Suc (card (arcs T)) = card (verts G)"
+ using Suc_card_arcs_eq_card_verts connected_verts_G_eq_T assms by fastforce
+
+lemma reverse_arc_in_G:
+ assumes "graph G" and "e1 \<in> arcs T"
+ shows "\<exists>e2 \<in> arcs G. head G e2 = tail G e1 \<and> head G e1 = tail G e2"
+proof -
+ interpret graph G using assms(1) .
+ have "e1 \<in> arcs G" using assms(2) sub_G by blast
+ then show ?thesis using sym_arcs symmetric_conv by fastforce
+qed
+
+lemma reverse_arc_notin_T:
+ assumes "e1 \<in> arcs T" and "head G e2 = tail G e1" and "head G e1 = tail G e2"
+ shows "e2 \<notin> arcs T"
+proof
+ assume asm: "e2 \<in> arcs T"
+ then have "tail T e2 \<rightarrow>\<^bsub>T\<^esub> head T e2" by (simp add: in_arcs_imp_in_arcs_ends)
+ then have "head G e1 \<rightarrow>\<^bsub>T\<^esub> tail G e1"
+ using assms(2,3) sub_G by(simp add: Digraph_Component.subgraph_def compatible_def)
+ moreover have "tail G e1 \<rightarrow>\<^bsub>T\<^esub> head G e1"
+ using assms(1) sub_G
+ by(simp add: Digraph_Component.subgraph_def compatible_def in_arcs_imp_in_arcs_ends)
+ ultimately show False using reachable1_not_reverse by blast
+qed
+
+lemma reverse_arc_in_G_only:
+ assumes "graph G" and "e1 \<in> arcs T"
+ shows "\<exists>e2 \<in> arcs G. head G e2 = tail G e1 \<and> head G e1 = tail G e2 \<and> e2 \<notin> arcs T"
+ using reverse_arc_in_G reverse_arc_notin_T assms by blast
+
+lemma no_multi_T_G:
+ assumes "e1 \<in> arcs T" and "e2 \<in> arcs T" and "e1 \<noteq> e2"
+ shows "head G e1 \<noteq> head G e2 \<or> tail G e1 \<noteq> tail G e2"
+ using nomulti.no_multi_arcs assms sub_G
+ by(auto simp: Digraph_Component.subgraph_def compatible_def arc_to_ends_def)
+
+lemma T_arcs_compl_fin:
+ assumes "fin_digraph G" and "es \<subseteq> arcs T"
+ shows "finite {e2\<in> arcs G. (\<exists>e1 \<in> es. head G e2 = tail G e1 \<and> head G e1 = tail G e2)}"
+ using assms fin_digraph.finite_arcs by fastforce
+
+corollary T_arcs_compl_fin':
+ assumes "graph G" and "es \<subseteq> arcs T"
+ shows "finite {e2\<in> arcs G. (\<exists>e1 \<in> es. head G e2 = tail G e1 \<and> head G e1 = tail G e2)}"
+ using assms T_arcs_compl_fin graph.axioms(1) digraph.axioms(1) by blast
+
+lemma T_arcs_compl_card_eq:
+ assumes "graph G" and "es \<subseteq> arcs T"
+ shows "card {e2\<in> arcs G. (\<exists>e1 \<in> es. head G e2 = tail G e1 \<and> head G e1 = tail G e2)} = card es"
+using finite_subset[OF assms(2) finite_arcs] assms proof(induction es rule: finite_induct)
+ case (insert e1 es)
+ let ?ees = "{e2 \<in> arcs G. \<exists>e1\<in>insert e1 es. head G e2 = tail G e1 \<and> head G e1 = tail G e2}"
+ let ?es = "{e2 \<in> arcs G. \<exists>e1\<in>es. head G e2 = tail G e1 \<and> head G e1 = tail G e2}"
+ obtain e2 where e2_def: "e2 \<in> arcs G" "head G e2 = tail G e1" "head G e1 = tail G e2"
+ using reverse_arc_in_G_only insert.prems by blast
+ then have e2_notin: "e2 \<notin> {e2 \<in> arcs G. \<exists>e1\<in>es. head G e2 = tail G e1 \<and> head G e1 = tail G e2}"
+ using insert.hyps(2) insert.prems(2) no_multi_T_G by fastforce
+ have "\<forall>e3 \<in> arcs G. e2 = e3 \<or> head G e3 \<noteq> head G e2 \<or> tail G e3 \<noteq> tail G e2"
+ using e2_def(1) nomulti_digraph.no_multi_alt digraph.axioms(3) graph.axioms(1) insert.prems(1)
+ by fast
+ then have "?ees = insert e2 ?es" using e2_def by auto
+ moreover have "finite ?es" using insert.prems T_arcs_compl_fin' by simp
+ ultimately have "card ?ees = Suc (card ?es)" using e2_notin by simp
+ then show ?case using insert by force
+qed(simp)
+
+lemma arcs_graph_G_ge_2vertsT:
+ assumes "graph G"
+ shows "card (arcs G) \<ge> 2 * (card (verts T) - 1)"
+proof -
+ let ?compl = "{e2\<in> arcs G. (\<exists>e1 \<in> arcs T. head G e2 = tail G e1 \<and> head G e1 = tail G e2)}"
+ interpret graph G by (rule assms)
+ have "\<forall>e1 \<in> arcs T. \<exists>e2 \<in> arcs G. head G e2 = tail G e1 \<and> head G e1 = tail G e2"
+ using reverse_arc_in_G_only assms by blast
+ have "?compl \<inter> arcs T = {}" using reverse_arc_notin_T by blast
+ then have "card (?compl \<union> arcs T) = card ?compl + card (arcs T)" by (simp add: card_Un_disjoint)
+ moreover have "?compl \<union> arcs T \<subseteq> arcs G" using sub_G by blast
+ moreover have "finite (arcs G)" by simp
+ ultimately have "card ?compl + card (arcs T) \<le> card (arcs G)"
+ using card_mono[of "arcs G" "?compl \<union> arcs T"] by presburger
+ moreover have "card (arcs T) = (card (verts T) - 1)"
+ using Suc_card_arcs_eq_card_verts assms by fastforce
+ ultimately show ?thesis using T_arcs_compl_card_eq by fastforce
+qed
+
+lemma arcs_graph_G_ge_2vertsG:
+ "\<lbrakk>graph G; connected G; Suc n = card (verts G)\<rbrakk> \<Longrightarrow> card (arcs G) \<ge> 2 * (card (verts G) - 1)"
+ using arcs_graph_G_ge_2vertsT connected_verts_G_eq_T by simp
+
+lemma arcs_undir_G_eq_2vertsG:
+ "\<lbrakk>undirected_tree G; Suc n = card (verts G)\<rbrakk> \<Longrightarrow> card (arcs G) = 2 * (card (verts G) - 1)"
+ using arcs_graph_G_ge_2vertsG undirected_tree.acyclic undirected_tree.axioms(1)
+ undirected_tree.connected by fastforce
+
+lemma undir_arcs_compl_un_eq_arcs:
+ assumes "undirected_tree G" and "Suc n = card (verts G)"
+ shows "{e2\<in> arcs G. (\<exists>e1 \<in> arcs T. head G e2 = tail G e1 \<and> head G e1 = tail G e2)} \<union> arcs T
+ = arcs G"
+proof -
+ let ?compl = "{e2\<in> arcs G. (\<exists>e1 \<in> arcs T. head G e2 = tail G e1 \<and> head G e1 = tail G e2)}"
+ interpret undirected_tree G using assms(1) undirected_tree.axioms(1) by fast
+ have "?compl \<inter> arcs T = {}" using reverse_arc_notin_T by blast
+ then have 0: "card (?compl \<union> arcs T) = card ?compl + card (arcs T)"
+ by (simp add: card_Un_disjoint)
+ have "card (arcs T) = (card (verts T) - 1)" using Suc_card_arcs_eq_card_verts assms by fastforce
+ then have "card ?compl + card (arcs T) = 2 * (card (verts G) - 1)"
+ using T_arcs_compl_card_eq connected_verts_G_eq_T connected assms(2) by fastforce
+ moreover have "card (arcs G) = 2 * (card (verts G) - 1)"
+ using assms arcs_undir_G_eq_2vertsG by blast
+ moreover have "?compl \<union> arcs T \<subseteq> arcs G" using sub_G by blast
+ ultimately show ?thesis by (simp add: 0 card_subset_eq)
+qed
+
+lemma split_fst_nonelem:
+ "\<lbrakk>\<not>set xs \<subseteq> X; set xs \<subseteq> Y\<rbrakk> \<Longrightarrow> \<exists>x ys zs. ys@x#zs=xs \<and> x \<notin> X \<and> x \<in> Y \<and> set ys \<subseteq> X"
+proof(induction xs)
+ case (Cons x xs)
+ then show ?case
+ proof(cases "x \<in> X")
+ case True
+ then obtain z ys zs where ys_def: "ys@z#zs=xs" "z \<notin> X" "z \<in> Y" "set ys \<subseteq> X" using Cons by auto
+ then have "set (x#ys) \<subseteq> X" using True by simp
+ then show ?thesis using ys_def(1-3) append_Cons by fast
+ next
+ case False
+ then show ?thesis using Cons.prems(2) by fastforce
+ qed
+qed(simp)
+
+lemma source_no_inarc_T: "head G e = source \<Longrightarrow> e \<notin> arcs T"
+ using in_arcs_root sub_G by (auto simp: Digraph_Component.subgraph_def compatible_def)
+
+lemma source_all_outarcs_T:
+ "\<lbrakk>undirected_tree G; Suc n = card (verts G); tail G e = source; e \<in> arcs G\<rbrakk> \<Longrightarrow> e \<in> arcs T"
+ using source_no_inarc_T undir_arcs_compl_un_eq_arcs by blast
+
+lemma cas_G_T: "G.cas = cas"
+ using sub_G compatible_cas by fastforce
+
+lemma awalk_G_T: "u \<in> verts T \<Longrightarrow> set p \<subseteq> arcs T \<Longrightarrow> G.awalk u p = awalk u p"
+ using cas_G_T awalk_def G.awalk_def sub_G by fastforce
+
+corollary awalk_G_T_root: "set p \<subseteq> arcs T \<Longrightarrow> G.awalk source p = awalk source p"
+ using awalk_G_T root_in_T by blast
+
+lemma awalk_verts_G_T: "G.awalk_verts = awalk_verts"
+ using sub_G compatible_awalk_verts by blast
+
+lemma apath_sub_imp_apath: "apath u p v \<Longrightarrow> G.apath u p v"
+ by (simp add: G.apath_def apath_def awalk_sub_imp_awalk awalk_verts_G_T)
+
+lemma outarc_inT_if_head_not_inarc:
+ assumes "undirected_tree G" and "Suc n = card (verts G)"
+ and "tail G e2 = v" and "e2 \<in> arcs G" and "head G e2 \<noteq> u" and "u \<rightarrow>\<^bsub>T\<^esub> v"
+ shows "e2 \<in> arcs T"
+proof (rule ccontr)
+ let ?compl = "{e2\<in> arcs G. (\<exists>e1 \<in> arcs T. head G e2 = tail G e1 \<and> head G e1 = tail G e2)}"
+ assume "e2 \<notin> arcs T"
+ then have "e2 \<in> ?compl" using assms(4) undir_arcs_compl_un_eq_arcs[OF assms(1-2)] by blast
+ then obtain e1 where e1_def: "e1 \<in> arcs T" "head G e2 = tail T e1" "head T e1 = v"
+ using sub_G assms(3) by (auto simp: Digraph_Component.subgraph_def compatible_def)
+ obtain e where "e \<in> arcs T" "tail T e = u" "head T e = v" using assms(6) by blast
+ then show False using two_in_arcs_contr e1_def assms(5) by blast
+qed
+
+corollary reverse_arc_if_out_arc_undir:
+ "\<lbrakk>undirected_tree G; Suc n = card (verts G); tail G e2 = v; e2 \<in> arcs G; e2 \<notin> arcs T; u \<rightarrow>\<^bsub>T\<^esub> v\<rbrakk>
+ \<Longrightarrow> head G e2 = u"
+ using outarc_inT_if_head_not_inarc by blast
+
+lemma undir_path_in_dir:
+ assumes "undirected_tree G" "Suc n = card (verts G)" "G.apath source p v"
+ shows "set p \<subseteq> arcs T"
+proof (rule ccontr)
+ assume asm: "\<not>set p \<subseteq> arcs T"
+ have "set p \<subseteq> arcs G" using assms(3) G.apath_def G.awalk_def by fast
+ then obtain e p1 p2 where e_def: "p1 @ e # p2 = p" "e \<notin> arcs T" "e \<in> arcs G" "set p1 \<subseteq> arcs T"
+ using split_fst_nonelem[OF asm, of "arcs G"] by auto
+ show False
+ proof(cases "p1=[]")
+ case True
+ then have "tail G e = source" using assms(3) e_def(1) G.apath_Cons_iff by auto
+ then show ?thesis using source_all_outarcs_T[OF assms(1-2)] e_def(2,3) by blast
+ next
+ case False
+ then have awalk_G: "G.awalk source (p1 @ e # p2) v"
+ using assms(3) pre_digraph.apath_def e_def(1) by fast
+ then have "G.awalk source p1 (tail G e)" by force
+ then have awalk_p1T: "awalk source p1 (tail T e)"
+ using e_def(4) sub_G cas_G_T root_in_T
+ by (simp add: Digraph_Component.subgraph_def pre_digraph.awalk_def compatible_def)
+ then have "source \<rightarrow>\<^sup>+\<^bsub>T\<^esub> tail T e" using False reachable1_awalkI by auto
+ then obtain u where u_def: "u \<rightarrow>\<^bsub>T\<^esub> tail T e" using tranclD2 by metis
+ have "tail T e = tail G e"
+ using sub_G by (simp add: Digraph_Component.subgraph_def compatible_def)
+ then have hd_e_u: "head G e = u"
+ using reverse_arc_if_out_arc_undir[OF assms(1-2)] u_def e_def(2,3) by simp
+ have "head T (last p1) = tail T e" using False awalk_p1T awalk_verts_conv by fastforce
+ then have "tail T (last p1) = u"
+ using False u_def e_def(4) two_in_arcs_contr last_in_set by fastforce
+ then have 0: "tail G (last p1) = u"
+ using sub_G by (simp add: Digraph_Component.subgraph_def compatible_def)
+ obtain ps where "ps @ [last p1] = p1" using False append_butlast_last_id by auto
+ then have ps_def: "ps @ [last p1] @ e # p2 = p" using e_def by auto
+ then have awalk_G: "G.awalk source (ps @ [last p1] @ e # p2) v"
+ using assms(3) by (simp add: pre_digraph.apath_def)
+ have "\<not>(distinct (G.awalk_verts source p))"
+ using G.not_distinct_if_head_eq_tail[OF 0 hd_e_u awalk_G] ps_def by simp
+ then show ?thesis using assms(3) G.apath_def by blast
+ qed
+qed
+
+lemma source_reach_all: "\<lbrakk>graph G; connected G; v \<in> verts G\<rbrakk> \<Longrightarrow> source \<rightarrow>\<^sup>*\<^bsub>G\<^esub> v"
+ by (simp add: graph.connected_iff_reachable source_in_G)
+
+lemma apath_if_in_verts: "\<lbrakk>graph G; connected G; v \<in> verts G\<rbrakk> \<Longrightarrow> \<exists>p. G.apath source p v"
+ using G.reachable_apath by (simp add: graph.connected_iff_reachable source_in_G)
+
+lemma undir_unique_awalk:
+ "\<lbrakk>undirected_tree G; Suc n = card (verts G); v \<in> verts G\<rbrakk> \<Longrightarrow> \<exists>!p. G.apath source p v"
+ using undir_path_in_dir apath_if_in_verts awalk_G_T_root
+ by (metis G.awalkI_apath unique_awalk_All undirected_tree.axioms(1) undirected_tree.connected)
+
+lemma apath_in_dir_if_apath_G:
+ assumes "undirected_tree G" "Suc n = card (verts G)" "G.apath source p v"
+ shows "apath source p v"
+ using undir_path_in_dir[OF assms] assms(3) G.awalkI_apath apath_if_awalk awalk_G_T_root by force
+
+end
+
+locale undir_tree_todir_psp = undirected_tree G + find_psp_tree_locale to_psp
+ for G :: "('a, 'b) pre_digraph"
+ and to_psp :: "('a, 'b) pre_digraph \<Rightarrow> ('b \<Rightarrow> real) \<Rightarrow> 'a \<Rightarrow> nat \<Rightarrow> ('a, 'b) pre_digraph"
+begin
+
+abbreviation dir_tree_r :: "'a \<Rightarrow> ('a, 'b) pre_digraph" where
+ "dir_tree_r r \<equiv> to_psp G (\<lambda>_. 1) r (Finite_Set.card (verts G) - 1)"
+
+lemma directed_tree_r: "r \<in> verts G \<Longrightarrow> directed_tree (dir_tree_r r) r"
+ using find_psp_tree psp_tree.axioms(1) by fast
+
+lemma psp_dir_tree_r:
+ "r \<in> verts G \<Longrightarrow> psp_tree G (dir_tree_r r) (\<lambda>_. 1) r (Finite_Set.card (verts G) - 1)"
+ using find_psp_tree by blast
+
+lemma dir_tree_r_dom_in_G: "r \<in> verts G \<Longrightarrow> u \<rightarrow>\<^bsub>dir_tree_r r\<^esub> v \<Longrightarrow> u \<rightarrow>\<^bsub>G\<^esub> v "
+ using psp_tree.dom_in_G psp_dir_tree_r by fast
+
+lemma verts_nempty: "verts G \<noteq> {}"
+ using connected connected_iff_reachable by auto
+
+lemma card_gt0: "card (verts G) > 0"
+ using verts_nempty by auto
+
+lemma Suc_card_1_eq_card[intro]: "Suc (card (verts G) - 1) = card (verts G)"
+ using card_gt0 by simp
+
+lemma verts_dir_tree_r_eq[simp]: "r \<in> verts G \<Longrightarrow> verts (dir_tree_r r) = verts G"
+ using psp_tree.connected_verts_G_eq_T[OF psp_dir_tree_r graph_axioms connected] by blast
+
+lemma tail_dir_tree_r_eq: "r \<in> verts G \<Longrightarrow> tail (dir_tree_r r) e = tail G e"
+ using psp_tree.tailT_eq_tailG[OF psp_dir_tree_r] by simp
+
+lemma head_dir_tree_r_eq: "r \<in> verts G \<Longrightarrow> head (dir_tree_r r) e = head G e"
+ using psp_tree.headT_eq_headG[OF psp_dir_tree_r] by simp
+
+lemma awalk_verts_G_T: "r \<in> verts G \<Longrightarrow> awalk_verts = pre_digraph.awalk_verts (dir_tree_r r)"
+ using psp_tree.awalk_verts_G_T psp_dir_tree_r by fastforce
+
+lemma dir_tree_r_all_reach: "\<lbrakk>r \<in> verts G; v \<in> verts G\<rbrakk> \<Longrightarrow> r \<rightarrow>\<^sup>*\<^bsub>dir_tree_r r\<^esub> v"
+ using directed_tree.reachable_from_root directed_tree_r verts_dir_tree_r_eq by fast
+
+lemma fin_verts_dir_tree_r_eq: "r \<in> verts G \<Longrightarrow> finite (verts (dir_tree_r r))"
+ using verts_dir_tree_r_eq by auto
+
+lemma fin_arcs_dir_tree_r_eq: "r \<in> verts G \<Longrightarrow> finite (arcs (dir_tree_r r))"
+ using fin_verts_dir_tree_r_eq directed_tree.verts_finite_imp_arcs_finite directed_tree_r
+ by fast
+
+lemma fin_directed_tree_r: "r \<in> verts G \<Longrightarrow> finite_directed_tree (dir_tree_r r) r"
+ unfolding finite_directed_tree_def fin_digraph_def fin_digraph_axioms_def
+ using directed_tree.axioms(1) directed_tree_r fin_arcs_dir_tree_r_eq verts_dir_tree_r_eq
+ by force
+
+lemma arcs_eq_2verts: "card (arcs G) = 2 * (card (verts G) - 1)"
+ using psp_tree.arcs_undir_G_eq_2vertsG[OF psp_dir_tree_r undirected_tree_axioms] card_gt0
+ by fastforce
+
+lemma arcs_compl_un_eq_arcs:
+ "r \<in> verts G \<Longrightarrow>
+ {e2 \<in> arcs G. \<exists>e1\<in>arcs (dir_tree_r r). head G e2 = tail G e1 \<and> head G e1 = tail G e2}
+ \<union> arcs (dir_tree_r r) = arcs G"
+ using psp_tree.undir_arcs_compl_un_eq_arcs[OF psp_dir_tree_r undirected_tree_axioms] by blast
+
+lemma unique_apath: "\<lbrakk>u \<in> verts G; v \<in> verts G\<rbrakk> \<Longrightarrow> \<exists>!p. apath u p v"
+ using psp_tree.undir_unique_awalk[OF psp_dir_tree_r undirected_tree_axioms] by blast
+
+lemma apath_in_dir_if_apath_G: "apath r p v \<Longrightarrow> pre_digraph.apath (dir_tree_r r) r p v"
+ using psp_tree.apath_in_dir_if_apath_G psp_dir_tree_r undirected_tree_axioms awalkI_apath
+ by fast
+
+lemma apath_verts_sub_awalk:
+ "\<lbrakk>apath u p1 v; awalk u p2 v\<rbrakk> \<Longrightarrow> set (awalk_verts u p1) \<subseteq> set (awalk_verts u p2)"
+ using unique_apath_verts_sub_awalk unique_apath by blast
+
+lemma dir_tree_arc1_in_apath:
+ assumes "u \<rightarrow>\<^bsub>dir_tree_r r\<^esub> v" and "r \<in> verts G"
+ shows "\<exists>p. apath r p v \<and> u \<in> set (awalk_verts r p)"
+ using directed_tree.apath_over_inarc_if_dominated[OF directed_tree_r[OF assms(2)] assms(1)]
+ psp_tree.apath_sub_imp_apath psp_dir_tree_r[OF assms(2)] psp_tree.awalk_verts_G_T
+ by fastforce
+
+lemma dir_tree_arc1_in_awalk:
+ "\<lbrakk>u \<rightarrow>\<^bsub>dir_tree_r r\<^esub> v; r \<in> verts G; awalk r p v\<rbrakk> \<Longrightarrow> u \<in> set (awalk_verts r p)"
+ using dir_tree_arc1_in_apath apath_verts_sub_awalk by blast
+
+end
+
+subsection \<open>Additions for Induction on Directed Trees\<close>
+
+lemma fin_dir_tree_single:
+ "finite_directed_tree \<lparr>verts = {r}, arcs = {}, tail = t, head = h\<rparr> r"
+ by unfold_locales (fastforce simp: pre_digraph.cas.simps(1) pre_digraph.awalk_def)+
+
+corollary dir_tree_single: "directed_tree \<lparr>verts = {r}, arcs = {}, tail = t, head = h\<rparr> r"
+ by (simp add: fin_dir_tree_single finite_directed_tree.axioms(1))
+
+lemma split_list_not_last: "\<lbrakk>y \<in> set xs; y \<noteq> last xs\<rbrakk> \<Longrightarrow> \<exists>as bs. as @ y # bs = xs \<and> bs \<noteq> []"
+ using split_list by fastforce
+
+lemma split_last_eq: "\<lbrakk>as @ y # bs = xs; bs \<noteq> []\<rbrakk> \<Longrightarrow> last bs = last xs"
+ by auto
+
+lemma split_list_last_sep: "\<lbrakk>y \<in> set xs; y \<noteq> last xs\<rbrakk> \<Longrightarrow> \<exists>as bs. as @ y # bs @ [last xs] = xs"
+ using split_list_not_last[of y xs] split_last_eq append_butlast_last_id by metis
+
+context directed_tree
+begin
+
+lemma root_if_all_reach: "\<forall>v \<in> verts T. x \<rightarrow>\<^sup>*\<^bsub>T\<^esub> v \<Longrightarrow> x = root"
+proof(rule ccontr)
+ assume assms: "\<forall>v \<in> verts T. x \<rightarrow>\<^sup>*\<^bsub>T\<^esub> v" "x \<noteq> root"
+ then have "x \<rightarrow>\<^sup>*\<^bsub>T\<^esub> root" by (simp add: root_in_T)
+ then have "\<exists>x. x \<rightarrow>\<^bsub>T\<^esub> root" using assms(2) by (auto elim: trancl.cases)
+ then show False using dominated_not_root by blast
+qed
+
+lemma add_leaf_cas_preserv:
+ fixes u v a
+ defines "T' \<equiv> \<lparr>verts = verts T \<union> {v}, arcs = arcs T \<union> {a},
+ tail = (tail T)(a := u), head = (head T)(a := v)\<rparr>"
+ assumes "a \<notin> arcs T" and "set p \<subseteq> arcs T" and "cas x p y"
+ shows "pre_digraph.cas T' x p y"
+using assms proof(induction p arbitrary: x)
+ case (Cons p ps)
+ then have "tail T' p = x" by auto
+ moreover have "pre_digraph.cas T' (head T' p) ps y" using Cons by force
+ ultimately show ?case using pre_digraph.cas.simps(2) by fast
+qed(simp add: pre_digraph.cas.simps(1))
+
+lemma add_leaf_awalk_preserv:
+ fixes u v a
+ defines "T' \<equiv> \<lparr>verts = verts T \<union> {v}, arcs = arcs T \<union> {a},
+ tail = (tail T)(a := u), head = (head T)(a := v)\<rparr>"
+ assumes "a \<notin> arcs T" and "awalk x p y"
+ shows "pre_digraph.awalk T' x p y"
+ using assms add_leaf_cas_preserv unfolding pre_digraph.awalk_def by auto
+
+lemma add_leaf_awalk_T:
+ fixes u v a
+ defines "T' \<equiv> \<lparr>verts = verts T \<union> {v}, arcs = arcs T \<union> {a},
+ tail = (tail T)(a := u), head = (head T)(a := v)\<rparr>"
+ assumes "a \<notin> arcs T" and "x \<in> verts T"
+ shows "\<exists>p. pre_digraph.awalk T' root p x"
+ using add_leaf_awalk_preserv assms unique_awalk[of x] by blast
+
+lemma (in pre_digraph) cas_append_if:
+ "\<lbrakk>cas x ps u; tail G p = u; head G p = v\<rbrakk> \<Longrightarrow> cas x (ps@[p]) v"
+ using cas_append_iff[of x ps] by (metis append.right_neutral cas.simps)
+
+lemma add_leaf_awalk_T_new:
+ fixes u v a
+ defines "T' \<equiv> \<lparr>verts = verts T \<union> {v}, arcs = arcs T \<union> {a},
+ tail = (tail T)(a := u), head = (head T)(a := v)\<rparr>"
+ assumes "a \<notin> arcs T" and "u \<in> verts T"
+ shows "\<exists>p. pre_digraph.awalk T' root p v"
+proof -
+ obtain ps where ps_def: "root \<in> verts T'" "set ps \<subseteq> arcs T'" "pre_digraph.cas T' root ps u"
+ using add_leaf_awalk_T assms unfolding pre_digraph.awalk_def by blast
+ have "pre_digraph.cas T' root (ps@[a]) v"
+ using pre_digraph.cas_append_if[OF ps_def(3)] assms(1) by simp
+ moreover have "set (ps@[a]) \<subseteq> arcs T'" using ps_def(2) assms(1) by simp
+ ultimately show ?thesis using ps_def(1) unfolding pre_digraph.awalk_def by blast
+qed
+
+lemma add_leaf_cas_orig:
+ fixes u v a
+ defines "T' \<equiv> \<lparr>verts = verts T \<union> {v}, arcs = arcs T \<union> {a},
+ tail = (tail T)(a := u), head = (head T)(a := v)\<rparr>"
+ assumes "a \<notin> arcs T" and "set p \<subseteq> arcs T" and "pre_digraph.cas T' x p y"
+ shows "cas x p y"
+using assms proof(induction p arbitrary: x)
+ case (Cons p ps)
+ then have "tail T' p = x" using pre_digraph.cas.simps(2) by fast
+ then have "tail T p = x" using Cons.prems(1,2) Cons.hyps(2) by auto
+ moreover have "head T' p = head T p" using Cons.prems(1,2) Cons.hyps(2) by auto
+ moreover have "pre_digraph.cas T' (head T' p) ps y"
+ using Cons.prems(3) pre_digraph.cas.simps(2) by fast
+ ultimately show ?case using Cons by simp
+qed(simp add: pre_digraph.cas.simps(1))
+
+lemma add_leaf_awalk_orig_aux:
+ fixes u v a
+ defines "T' \<equiv> \<lparr>verts = verts T \<union> {v}, arcs = arcs T \<union> {a},
+ tail = (tail T)(a := u), head = (head T)(a := v)\<rparr>"
+ assumes "a \<notin> arcs T" and "x \<in> verts T" and "set p \<subseteq> arcs T" and "pre_digraph.awalk T' x p y"
+ shows "awalk x p y"
+ using assms add_leaf_cas_orig unfolding pre_digraph.awalk_def by blast
+
+lemma add_leaf_cas_xT_if_yT:
+ fixes u v a
+ defines "T' \<equiv> \<lparr>verts = verts T \<union> {v}, arcs = arcs T \<union> {a},
+ tail = (tail T)(a := u), head = (head T)(a := v)\<rparr>"
+ assumes "u \<in> verts T" and "y \<in> verts T" and "set p \<subseteq> arcs T'" and "pre_digraph.cas T' x p y"
+ shows "x \<in> verts T"
+ using assms by (induction p arbitrary: x) (auto simp: pre_digraph.cas.simps)
+
+lemma add_leaf_cas_xT_arcsT_if_yT:
+ fixes u v a
+ defines "T' \<equiv> \<lparr>verts = verts T \<union> {v}, arcs = arcs T \<union> {a},
+ tail = (tail T)(a := u), head = (head T)(a := v)\<rparr>"
+ assumes "v \<notin> verts T" and "y \<in> verts T" and "set p \<subseteq> arcs T'" and "pre_digraph.cas T' x p y"
+ shows "set p \<subseteq> arcs T" and "x \<in> verts T"
+ using assms by (induction p arbitrary: x) (auto simp: pre_digraph.cas.simps)
+
+lemma add_leaf_awalk_orig:
+ fixes u v a
+ defines "T' \<equiv> \<lparr>verts = verts T \<union> {v}, arcs = arcs T \<union> {a},
+ tail = (tail T)(a := u), head = (head T)(a := v)\<rparr>"
+ assumes "a \<notin> arcs T" and "v \<notin> verts T" and "y \<in> verts T" and "pre_digraph.awalk T' x p y"
+ shows "awalk x p y"
+proof -
+ have 0: "x \<in> verts T" "set p \<subseteq> arcs T"
+ using assms add_leaf_cas_xT_arcsT_if_yT unfolding pre_digraph.awalk_def by blast+
+ then show ?thesis using add_leaf_awalk_orig_aux assms by blast
+qed
+
+lemma add_leaf_awalk_orig_unique:
+ fixes u v a
+ defines "T' \<equiv> \<lparr>verts = verts T \<union> {v}, arcs = arcs T \<union> {a},
+ tail = (tail T)(a := u), head = (head T)(a := v)\<rparr>"
+ assumes "a \<notin> arcs T" and "v \<notin> verts T" and "y \<in> verts T"
+ and "pre_digraph.awalk T' root ps y" and "pre_digraph.awalk T' root es y"
+ shows "es = ps"
+ using add_leaf_awalk_orig[OF assms(2,3)] assms(1,4,5,6) unique_awalk by fastforce
+
+lemma add_leaf_awalk_new_split':
+ fixes u v a
+ defines "T' \<equiv> \<lparr>verts = verts T \<union> {v}, arcs = arcs T \<union> {a},
+ tail = (tail T)(a := u), head = (head T)(a := v)\<rparr>"
+ assumes "v \<notin> verts T" and "p \<noteq> []" and "pre_digraph.awalk T' x p v"
+ shows "\<exists>as. as @ [a] = p"
+using assms proof(induction p arbitrary: x)
+ case (Cons p ps)
+ then show ?case
+ proof(cases "ps = []")
+ case True
+ then have "head T' p = v"
+ using Cons.prems(3) by (simp add: pre_digraph.awalk_def pre_digraph.cas.simps)
+ then have "head T p = v \<or> p = a" using Cons.hyps(2) by auto
+ moreover have "p \<in> arcs T \<or> p = a"
+ using Cons.hyps(2) Cons.prems(3) by (auto simp: pre_digraph.awalk_def)
+ ultimately show ?thesis using Cons.prems(1) head_in_verts True by blast
+ next
+ case False
+ then have "pre_digraph.cas T' (head T' p) ps v"
+ using Cons.prems(3) by (simp add: pre_digraph.awalk_def pre_digraph.cas.simps)
+ then have "pre_digraph.awalk T' (head T' p) ps v"
+ using Cons.hyps(2) Cons.prems(3) unfolding pre_digraph.awalk_def by auto
+ then obtain as where "as @ [a] = ps" using Cons False by blast
+ then show ?thesis by auto
+ qed
+qed(simp)
+
+lemma add_leaf_awalk_new_split:
+ fixes u v a
+ defines "T' \<equiv> \<lparr>verts = verts T \<union> {v}, arcs = arcs T \<union> {a},
+ tail = (tail T)(a := u), head = (head T)(a := v)\<rparr>"
+ assumes "v \<notin> verts T" and "u \<in> verts T" and "p \<noteq> []" and "pre_digraph.awalk T' x p v"
+ shows "\<exists>as. as @ [a] = p \<and> pre_digraph.awalk T' x as u"
+using assms proof(induction p arbitrary: x)
+ case (Cons p ps)
+ then show ?case
+ proof(cases "ps = []")
+ case True
+ then have "head T' p = v"
+ using Cons.prems(4) by (simp add: pre_digraph.awalk_def pre_digraph.cas.simps)
+ then have "head T p = v \<or> p = a" using Cons.hyps(2) by auto
+ moreover have "p \<in> arcs T \<or> p = a"
+ using Cons.hyps(2) Cons.prems(4) by (auto simp: pre_digraph.awalk_def)
+ ultimately have "p = a" using Cons.prems(1) by auto
+ then have "[] @ [a] = p # ps" using True by auto
+ have "tail T' p = u" using Cons.hyps(2) \<open>p = a\<close> by simp
+ then have "u = x"
+ using Cons.prems(4) by (simp add: pre_digraph.awalk_def pre_digraph.cas.simps(2))
+ then have "pre_digraph.awalk T' x [] u"
+ using Cons.hyps(2) Cons.prems(2) by (simp add: pre_digraph.awalk_def pre_digraph.cas.simps)
+ then show ?thesis using \<open>[] @ [a] = p # ps\<close> by blast
+ next
+ case False
+ then have "pre_digraph.cas T' (head T' p) ps v"
+ using Cons.prems(4) by (simp add: pre_digraph.awalk_def pre_digraph.cas.simps)
+ then have "pre_digraph.awalk T' (head T' p) ps v"
+ using Cons.hyps(2) Cons.prems(4) unfolding pre_digraph.awalk_def by auto
+ then obtain as where as_def: "as @ [a] = ps" "pre_digraph.awalk T' (head T' p) as u"
+ using Cons False by blast
+ then have "x \<in> verts T'" "set (p#as) \<subseteq> arcs T'" "tail T' p = x"
+ using Cons.prems(4) by (auto simp: pre_digraph.awalk_def pre_digraph.cas.simps)
+ then have "pre_digraph.cas T' x (p#as) u"
+ using as_def(2) pre_digraph.cas.simps(2) unfolding pre_digraph.awalk_def by fast
+ then have "pre_digraph.awalk T' x (p#as) u"
+ using \<open>x \<in> verts T'\<close> \<open>set (p#as) \<subseteq> arcs T'\<close> by (simp add: pre_digraph.awalk_def)
+ then show ?thesis using as_def(1) by auto
+ qed
+qed(simp)
+
+lemma add_leaf_awalk_new_unique:
+ fixes u v a
+ defines "T' \<equiv> \<lparr>verts = verts T \<union> {v}, arcs = arcs T \<union> {a},
+ tail = (tail T)(a := u), head = (head T)(a := v)\<rparr>"
+ assumes "a \<notin> arcs T" and "u \<in> verts T" and "v \<notin> verts T"
+ and "pre_digraph.awalk T' root ps v" and "pre_digraph.awalk T' root es v"
+ shows "es = ps"
+proof -
+ have "root \<noteq> v" using \<open>v \<notin> verts T\<close> root_in_T by blast
+ then have "ps \<noteq> []" "es \<noteq> []"
+ using assms(5,6) root_in_T pre_digraph.awalk_def pre_digraph.cas.simps(1) by fast+
+ then obtain as where as_def: "as @ [a] = ps" "pre_digraph.awalk T' root as u"
+ using add_leaf_awalk_new_split assms(1,3-5) by blast
+ obtain bs where bs_def: "bs @ [a] = es" "pre_digraph.awalk T' root bs u"
+ using \<open>es \<noteq> []\<close> add_leaf_awalk_new_split assms(1,3,4,6) by blast
+ then show ?thesis using as_def assms(1-4) add_leaf_awalk_orig_unique by blast
+qed
+
+lemma add_leaf_awalk_unique:
+ fixes u v a
+ defines "T' \<equiv> \<lparr>verts = verts T \<union> {v}, arcs = arcs T \<union> {a},
+ tail = (tail T)(a := u), head = (head T)(a := v)\<rparr>"
+ assumes "a \<notin> arcs T" and "u \<in> verts T" and "v \<notin> verts T" and "x \<in> verts T'"
+ shows "\<exists>!p. pre_digraph.awalk T' root p x"
+ using assms add_leaf_awalk_T add_leaf_awalk_T_new
+ by (auto simp: add_leaf_awalk_new_unique add_leaf_awalk_orig_unique)
+
+lemma add_leaf_dir_tree:
+ "\<lbrakk>a \<notin> arcs T; u \<in> verts T; v \<notin> verts T\<rbrakk>
+ \<Longrightarrow> directed_tree \<lparr>verts = verts T \<union> {v}, arcs = arcs T \<union> {a},
+ tail = (tail T)(a := u), head = (head T)(a := v)\<rparr> root"
+ using add_leaf_awalk_unique by unfold_locales (auto simp: root_in_T)
+
+lemma add_leaf_dom_preserv:
+ "\<lbrakk>a \<notin> arcs T; x \<rightarrow>\<^bsub>T\<^esub> y\<rbrakk>
+ \<Longrightarrow> x \<rightarrow>\<^bsub>\<lparr>verts = verts T \<union> {v}, arcs = arcs T \<union> {a},
+ tail = (tail T)(a := u), head = (head T)(a := v)\<rparr>\<^esub> y"
+ unfolding arcs_ends_def arc_to_ends_def by force
+
+end
+
+
+subsection \<open>Branching Points in Directed Trees\<close>
+
+text \<open>Proofs that show the existence of a last branching point given it is not a chain.\<close>
+
+context directed_tree
+begin
+
+lemma add_leaf_is_leaf:
+ assumes "T' = \<lparr>verts = V, arcs = A, tail = t, head = h\<rparr>"
+ and "T = \<lparr>verts = V \<union> {v}, arcs = A \<union> {a}, tail = t(a := u), head = h(a := v)\<rparr>"
+ and "u \<in> V"
+ and "v \<notin> V"
+ and "a \<notin> A"
+ and "directed_tree T' root'"
+ shows "leaf v"
+proof -
+ have 0: "wf_digraph T" by (simp add: wf_digraph_axioms)
+ have 1: "wf_digraph T'" using assms(6) directed_tree.axioms(1) by fast
+ then have "\<forall>a\<in>arcs T. tail T a \<noteq> v"
+ by (metis Un_insert_right assms(1-4) fun_upd_apply insert_iff
+ pre_digraph.select_convs(1-3) sup_bot_right wf_digraph.tail_in_verts)
+ then have "out_arcs T v = {}" using in_out_arcs_conv by fast
+ moreover have "v \<in> verts T" using assms(2) by simp
+ ultimately show ?thesis by (simp add: leaf_def)
+qed
+
+lemma reachable_via_child_impl_same:
+ assumes "x \<rightarrow>\<^sup>*\<^bsub>T\<^esub> v" and "y \<rightarrow>\<^sup>*\<^bsub>T\<^esub> v" and "u \<rightarrow>\<^bsub>T\<^esub> x" and "u \<rightarrow>\<^bsub>T\<^esub> y"
+ shows "x = y"
+proof (rule ccontr)
+ assume asm: "x \<noteq> y"
+ obtain p1 where p1_def: "awalk x p1 v" using assms(1) reachable_awalk by auto
+ then obtain e1 where e1_def: "awalk u (e1#p1) v" using assms(3) awalk_Cons_iff by blast
+ obtain p2 where p2_def: "awalk y p2 v" using assms(2) reachable_awalk by auto
+ then obtain e2 where e2_def: "awalk u (e2#p2) v" using assms(4) awalk_Cons_iff by blast
+ then have "e1#p1 \<noteq> e2#p2" using asm awalk_ends p1_def p2_def by blast
+ then show False using e1_def e2_def unique_awalk_All by auto
+qed
+
+lemma new_leaf_last_in_orig_if_arcs_in_orig:
+ assumes "x \<rightarrow>\<^sup>*\<^bsub>T\<^esub> y"
+ and "T = \<lparr>verts = V \<union> {v}, arcs = A \<union> {a}, tail = t(a := u), head = h(a := v)\<rparr>"
+ and "T' = \<lparr>verts = V, arcs = A, tail = t, head = h\<rparr>"
+ and "x \<in> V"
+ and "y \<in> V"
+ and "u \<in> V"
+ and "v \<notin> V"
+ and "a \<notin> A"
+ and "a1\<in>arcs T' \<and> a2\<in>arcs T' \<and> a1\<noteq>a2 \<and> t a1 = y \<and> t a2 = y"
+ and "finite (arcs T)"
+ and "\<lbrakk>\<exists>a\<in>wf_digraph.branching_points T'. x \<rightarrow>\<^sup>*\<^bsub>T'\<^esub> a; directed_tree T' r\<rbrakk>
+ \<Longrightarrow> \<exists>a\<in>wf_digraph.last_branching_points T'. x \<rightarrow>\<^sup>*\<^bsub>T'\<^esub> a"
+ and "directed_tree T' r"
+ shows "\<exists>y'\<in> last_branching_points. x \<rightarrow>\<^sup>*\<^bsub>T\<^esub> y'"
+proof -
+ have 1: "wf_digraph T'" using directed_tree.axioms(1) assms(12) by fast
+ have "a1\<in>arcs T' \<and> a2\<in>arcs T' \<and> a1\<noteq>a2 \<and> tail T' a1 = y \<and> tail T' a2 = y"
+ using assms(3,9) by simp
+ then have branching_point: "y \<in> wf_digraph.branching_points T'"
+ using wf_digraph.branching_points_def 1 by blast
+ then have "x \<rightarrow>\<^sup>*\<^bsub>T'\<^esub> y" using assms(1-8,10) 1 new_leaf_same_reachables_orig by blast
+ then have "\<exists>a \<in> wf_digraph.branching_points T'. x \<rightarrow>\<^sup>*\<^bsub>T'\<^esub> a" using branching_point by blast
+ then obtain a where a_def[simp]: "a\<in>wf_digraph.last_branching_points T' \<and> x \<rightarrow>\<^sup>*\<^bsub>T'\<^esub> a"
+ using assms(11,12) by blast
+ then have 2: "a\<in>wf_digraph.last_branching_points T' \<and> x \<rightarrow>\<^sup>*\<^bsub>T\<^esub> a"
+ using new_leaf_same_reachables_new assms(2-4,6-8) 1
+ by (metis branch_if_leaf_added new_leaf_no_branch wf_digraph.last_branch_is_branch)
+ have 3: "\<forall>y. a \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y \<longrightarrow> a\<noteq>y" using reachable1_not_reverse by blast
+ have "a \<in> verts T'"
+ using a_def 1 by (simp add: wf_digraph.branch_in_verts wf_digraph.last_branch_is_branch)
+ then show ?thesis
+ using new_leaf_last_branch_exists_preserv 1 2 3 assms(2,3,6-8,10)
+ by (metis pre_digraph.select_convs(1,2))
+qed
+
+lemma finite_branch_impl_last_branch:
+ assumes "finite (verts T)"
+ and "\<exists>y\<in>branching_points. x \<rightarrow>\<^sup>*\<^bsub>T\<^esub> y"
+ and "directed_tree T r"
+ shows "\<exists>z\<in>last_branching_points. x \<rightarrow>\<^sup>*\<^bsub>T\<^esub> z"
+using assms proof(induction arbitrary: r rule: finite_directed_tree_induct)
+ case (single_vert t h root)
+ let ?T = "\<lparr>verts = {root}, arcs = {}, tail = t, head = h\<rparr>"
+ have "directed_tree ?T r" using single_vert by simp
+ then have 0: "wf_digraph ?T" using directed_tree.axioms(1) by fast
+ obtain y where y_def[simp]: "y \<in> wf_digraph.branching_points ?T \<and> x \<rightarrow>\<^sup>*\<^bsub>?T\<^esub> y"
+ using single_vert by blast
+ have "y = root"
+ by (metis y_def empty_iff insert_iff pre_digraph.select_convs(1) reachable_in_vertsE)
+ then have "\<not>(\<exists>x \<in> verts ?T. x\<noteq>y)" by simp
+ then have "\<not>(\<exists>x \<in> wf_digraph.branching_points ?T. x\<noteq>y)"
+ using 0 wf_digraph.branch_in_verts by fast
+ then have "y \<in> wf_digraph.last_branching_points ?T"
+ using wf_digraph.last_branching_points_def 0 by fastforce
+ then show ?case by force
+next
+ case (add_leaf T' V A t h u root a v)
+ let ?T = "\<lparr>verts = V \<union> {v}, arcs = A \<union> {a}, tail = t(a := u), head = h(a := v)\<rparr>"
+ have 0: "wf_digraph ?T" using add_leaf.prems(2) directed_tree.axioms(1) by fast
+ have 1: "wf_digraph T'" using add_leaf.hyps(3) directed_tree.axioms(1) by fast
+ have 2: "finite (arcs ?T)"
+ using directed_tree.verts_finite_imp_arcs_finite add_leaf.hyps(1-3) by fastforce
+ obtain y where y_def[simp]: "y \<in> wf_digraph.branching_points ?T \<and> x \<rightarrow>\<^sup>*\<^bsub>?T\<^esub> y"
+ using add_leaf.prems by blast
+ then obtain a1 a2 where a12: "a1\<in>arcs ?T \<and> a2\<in>arcs ?T \<and> a1\<noteq>a2 \<and> tail ?T a1 = y \<and> tail ?T a2 = y"
+ using wf_digraph.branching_points_def 0 by blast
+ then have y_not_v: "y \<noteq> v"
+ using Un_insert_right add_leaf.hyps(1,3,5) directed_tree.axioms(1) fun_upd_apply insert_iff
+ by (metis pre_digraph.select_convs(1-3) sup_bot_right wf_digraph.tail_in_verts)
+ have "y \<in> verts ?T"
+ using y_def wf_digraph.branch_in_verts 0 by fast
+ then have y_in_T: "y \<in> verts T'" using y_not_v add_leaf.hyps(1) by simp
+ have "x \<in> verts ?T" using add_leaf.prems(1) reachable_in_vertsE by force
+ have leaf_v: "pre_digraph.leaf ?T v"
+ using directed_tree.add_leaf_is_leaf[of ?T] add_leaf.hyps(1,3-6) add_leaf.prems(2) by blast
+ then have "out_degree ?T v = 0"
+ using add_leaf.prems(2) directed_tree.leaf_out_degree_zero by fast
+ then have "x \<noteq> v"
+ using y_not_v y_def 0 Diff_empty add_leaf directed_tree.verts_finite_imp_arcs_finite
+ select_convs(1) wf_digraph.out_degree_0_only_self by fastforce
+ then have x_in_T': "x \<in> verts T'" using \<open>x \<in> verts ?T\<close> add_leaf.hyps(1) by auto
+ show ?case
+ proof(cases "a1=a \<or> a2=a")
+ case True
+ then have "y = u" using a12 by fastforce
+ show ?thesis
+ proof(cases "\<exists>y'\<in>wf_digraph.branching_points ?T. y \<noteq> y' \<and> y \<rightarrow>\<^sup>*\<^bsub>?T\<^esub> y'")
+ case True
+ then obtain y' where y'_def: "y'\<in>wf_digraph.branching_points ?T \<and> y \<noteq> y' \<and> y \<rightarrow>\<^sup>*\<^bsub>?T\<^esub> y'"
+ by blast
+ then obtain a1 a2 where a12: "a1\<in>arcs ?T \<and> a2\<in>arcs ?T \<and> a1\<noteq>a2 \<and> tail ?T a1 = y' \<and> tail ?T a2 = y'"
+ using wf_digraph.branching_points_def 0 by blast
+ then have "y' \<noteq> u" using \<open>y=u\<close> y'_def by blast
+ moreover have "tail ?T a = u" by simp
+ ultimately have "a1\<noteq>a \<and> a2\<noteq>a" using \<open>y=u\<close> a12 by fastforce
+ then have 3: "a1\<in>arcs T' \<and> a2\<in>arcs T' \<and> a1\<noteq>a2 \<and> t a1 = y' \<and> t a2 = y'"
+ using a12 add_leaf.hyps(1) by simp
+ then have branching_point: "y' \<in> wf_digraph.branching_points T'"
+ using wf_digraph.branching_points_def 1 add_leaf.hyps(1) by fastforce
+ have y'_in_T: "y' \<in> verts T'" by (simp add: 1 branching_point wf_digraph.branch_in_verts)
+ have "x \<rightarrow>\<^sup>*\<^bsub>?T\<^esub> y'" using y_def y'_def wf_digraph.reachable_trans 0 by fast
+ then show ?thesis
+ using directed_tree.new_leaf_last_in_orig_if_arcs_in_orig[of ?T r x y']
+ add_leaf.prems(2) 2 3 add_leaf.IH add_leaf.hyps(1,3-6) x_in_T' y'_in_T by simp
+ next
+ case False
+ then show ?thesis using wf_digraph.last_branching_points_def y_def 0 by fast
+ qed
+ next
+ case False
+ then have "a1\<in>arcs ?T \<and> a2\<in>arcs ?T \<and> a1\<noteq>a2 \<and> t a1 = y \<and> t a2 = y"
+ using a12 by simp
+ then have 3: "a1\<in>arcs T' \<and> a2\<in>arcs T' \<and> a1\<noteq>a2 \<and> t a1 = y \<and> t a2 = y"
+ using False a12 add_leaf.hyps(1) by auto
+ have "x \<rightarrow>\<^sup>*\<^bsub>?T\<^esub> y" using y_def by simp
+ then show ?thesis
+ using directed_tree.new_leaf_last_in_orig_if_arcs_in_orig[of ?T r x y]
+ add_leaf.prems(2) 2 3 add_leaf.IH add_leaf.hyps(1,3-6) x_in_T' y_in_T by simp
+ qed
+qed
+
+lemma subgraph_no_last_branch_chain:
+ assumes "subgraph C T"
+ and "finite (verts T)"
+ and "verts C \<subseteq> verts T - {x. \<exists>y\<in>last_branching_points. x \<rightarrow>\<^sup>*\<^bsub>T\<^esub> y}"
+ shows "wf_digraph.is_chain C"
+ using assms finite_branch_impl_last_branch subgraph_no_branch_chain last_branch_is_branch
+ by (smt (verit, ccfv_SIG) Collect_cong directed_tree_axioms)
+
+lemma reach_from_last_in_chain:
+ assumes "\<exists>y \<in> last_branching_points. y \<rightarrow>\<^sup>+\<^bsub>T\<^esub> x"
+ shows "x \<in> verts T - {x. \<exists>y\<in>last_branching_points. x \<rightarrow>\<^sup>*\<^bsub>T\<^esub> y}"
+ using assms last_branch_alt reachable1_not_reverse reachable1_reachable reachable1_reachable_trans
+ by (smt (verit, del_insts) Diff_iff last_branch_is_branch mem_Collect_eq reachable1_in_verts(2))
+
+text \<open>Directed Trees don't have merging points.\<close>
+
+lemma merging_empty: "merging_points = {}"
+ using two_in_arcs_contr merging_points_def by auto
+
+lemma subgraph_no_last_merge_chain:
+ assumes "subgraph C T"
+ shows "wf_digraph.is_chain' C"
+proof (rule ccontr)
+ assume asm: "\<not>wf_digraph.is_chain' C"
+ have "wf_digraph C" using assms(1) Digraph_Component.subgraph_def subgraph.sub_G by auto
+ then obtain x where x_def: "x \<in> wf_digraph.merging_points C"
+ using wf_digraph.is_chain'_def asm by blast
+ then have "x \<in> merging_points" using assms(1) merge_in_supergraph by simp
+ then show False using merging_empty by simp
+qed
+
+subsection \<open>Converting to Trees of Lists\<close>
+
+definition to_list_tree :: "('a list, 'b) pre_digraph" where
+ "to_list_tree =
+ \<lparr>verts = (\<lambda>x. [x]) ` verts T, arcs = arcs T, tail = (\<lambda>x. [tail T x]), head = (\<lambda>x. [head T x])\<rparr>"
+
+lemma to_list_tree_union_verts_eq: "\<Union>(set ` verts to_list_tree) = verts T"
+ using to_list_tree_def by simp
+
+lemma to_list_tree_cas: "cas u p v \<longleftrightarrow> pre_digraph.cas to_list_tree [u] p [v]"
+ by(induction p arbitrary: u) (auto simp: Arc_Walk.pre_digraph.cas.simps to_list_tree_def)
+
+lemma to_list_tree_awalk: "awalk u p v \<longleftrightarrow> pre_digraph.awalk to_list_tree [u] p [v]"
+ unfolding pre_digraph.awalk_def using to_list_tree_cas to_list_tree_def by auto
+
+lemma to_list_tree_awalk_if_in_verts:
+ assumes "v \<in> verts to_list_tree"
+ shows "\<exists>p. pre_digraph.awalk to_list_tree [root] p v"
+proof -
+ have "root \<in> verts T" using root_in_T by blast
+ obtain v' where 0: "v = [v']" using to_list_tree_def assms(1) by auto
+ then have "v' \<in> verts T" using assms to_list_tree_def by auto
+ then obtain p' where "awalk root p' v'" using unique_awalk by blast
+ then show ?thesis using to_list_tree_awalk 0 by auto
+qed
+
+lemma to_list_tree_root_awalk_unique:
+ assumes "v \<in> verts to_list_tree"
+ and "pre_digraph.awalk to_list_tree [root] p v"
+ and "pre_digraph.awalk to_list_tree [root] y v"
+ shows "p = y"
+proof (rule ccontr)
+ assume "p \<noteq> y"
+ obtain v' where v'_def: "v = [v']" using to_list_tree_def assms(1) by auto
+ then have "v' \<in> verts T" using assms(1) to_list_tree_def by auto
+ show False using to_list_tree_awalk assms \<open>p \<noteq> y\<close> assms(2,3) unique_awalk v'_def by blast
+qed
+
+lemma to_list_tree_directed_tree: "directed_tree to_list_tree [root]"
+ apply(unfold_locales)
+ apply(auto simp: to_list_tree_def root_in_T)[3]
+ by(auto intro: to_list_tree_awalk_if_in_verts to_list_tree_root_awalk_unique)
+
+lemma to_list_tree_disjoint_verts:
+ "\<lbrakk>u \<in> verts to_list_tree; v \<in> verts to_list_tree; u\<noteq>v\<rbrakk> \<Longrightarrow> set u \<inter> set v = {}"
+ unfolding to_list_tree_def by auto
+
+lemma to_list_tree_nempty: "v \<in> verts to_list_tree \<Longrightarrow> v \<noteq> []"
+ unfolding to_list_tree_def by auto
+
+lemma to_list_tree_single: "v \<in> verts to_list_tree \<Longrightarrow> \<exists>x. v = [x] \<and> x \<in> verts T"
+ unfolding to_list_tree_def by auto
+
+lemma to_list_tree_dom_iff: "x \<rightarrow>\<^bsub>T\<^esub> y \<longleftrightarrow> [x] \<rightarrow>\<^bsub>to_list_tree\<^esub> [y]"
+ unfolding to_list_tree_def arcs_ends_def arc_to_ends_def by auto
+
+end
+
+locale fin_list_directed_tree = finite_directed_tree T for T :: "('a list,'b) pre_digraph" +
+ assumes disjoint_verts: "\<lbrakk>u \<in> verts T; v \<in> verts T; u \<noteq> v\<rbrakk> \<Longrightarrow> set u \<inter> set v = {}"
+ and nempty_verts: "v \<in> verts T \<Longrightarrow> v \<noteq> []"
+
+context finite_directed_tree
+begin
+
+lemma to_list_tree_fin_digraph: "fin_digraph to_list_tree"
+ by (unfold_locales) (auto simp: to_list_tree_def)
+
+lemma to_list_tree_finite_directed_tree: "finite_directed_tree to_list_tree [root]"
+ by (simp add: finite_directed_tree_def to_list_tree_fin_digraph to_list_tree_directed_tree)
+
+lemma to_list_tree_fin_list_directed_tree: "fin_list_directed_tree [root] to_list_tree"
+ apply(simp add: fin_list_directed_tree_def to_list_tree_finite_directed_tree)
+ apply(unfold_locales)
+ by (auto simp: to_list_tree_disjoint_verts to_list_tree_nempty)
+
+end
+
+end
\ No newline at end of file
diff --git a/thys/Query_Optimization/Dtree.thy b/thys/Query_Optimization/Dtree.thy
new file mode 100644
--- /dev/null
+++ b/thys/Query_Optimization/Dtree.thy
@@ -0,0 +1,4547 @@
+(* Author: Bernhard Stöckl *)
+
+theory Dtree
+ imports Complex_Main "Directed_Tree_Additions" "HOL-Library.FSet"
+begin
+
+section \<open>Algebraic Type for Directed Trees\<close>
+
+datatype (dverts:'a, darcs: 'b) dtree = Node (root: 'a) (sucs: "(('a,'b) dtree \<times> 'b) fset")
+
+subsection \<open>Termination Proofs\<close>
+
+lemma fset_sum_ge_elem: "finite xs \<Longrightarrow> x \<in> xs \<Longrightarrow> (\<Sum>u\<in>xs. (f::'a \<Rightarrow> nat) u) \<ge> f x"
+ by (simp add: sum_nonneg_leq_bound)
+
+lemma dtree_size_decr_aux:
+ assumes "(x,y) \<in> fset xs"
+ shows "size x < size (Node r xs)"
+proof -
+ have 0: "((x,size x),y) \<in> (map_prod (\<lambda>u. (u, size u)) (\<lambda>u. u)) ` fset xs" using assms by fast
+ have "size x < Suc (size_prod snd (\<lambda>_. 0) ((x,size x),y))" by simp
+ also have
+ "\<dots> \<le> (\<Sum>u\<in>(map_prod (\<lambda>x. (x, size x)) (\<lambda>y. y)) ` fset xs. Suc (size_prod snd (\<lambda>_. 0) u)) + 1"
+ using fset_sum_ge_elem 0 finite_fset finite_imageI
+ by (metis (mono_tags, lifting) add_increasing2 zero_le_one)
+ finally show ?thesis by simp
+qed
+
+lemma dtree_size_decr_aux': "t1 \<in> fst ` fset xs \<Longrightarrow> size t1 < size (Node r xs)"
+ using dtree_size_decr_aux by fastforce
+
+lemma dtree_size_decr[termination_simp]:
+ assumes "(x, y) \<in> fset (xs:: (('a, 'b) dtree \<times> 'b) fset)"
+ shows "size x < Suc (\<Sum>u\<in>map_prod (\<lambda>x. (x, size x)) (\<lambda>y. y) ` fset xs. Suc (Suc (snd (fst u))))"
+proof -
+ let ?xs = "(map_prod (\<lambda>x. (x, size x)) (\<lambda>y. y)) ` fset xs"
+ have "size x < (\<Sum>u\<in>?xs. Suc (size_prod snd (\<lambda>_. 0) u)) + 1"
+ using dtree_size_decr_aux assms by fastforce
+ also have "\<dots> = Suc (\<Sum>u\<in>?xs. Suc (Suc (snd (fst u))))" by (simp add: size_prod_simp)
+ finally show ?thesis by blast
+qed
+
+subsection "Dtree Basic Functions"
+
+fun darcs_mset :: "('a,'b) dtree \<Rightarrow> 'b multiset" where
+ "darcs_mset (Node r xs) = (\<Sum>(t,e) \<in> fset xs. {#e#} + darcs_mset t)"
+
+fun dverts_mset :: "('a,'b) dtree \<Rightarrow> 'a multiset" where
+ "dverts_mset (Node r xs) = {#r#} + (\<Sum>(t,e) \<in> fset xs. dverts_mset t)"
+
+(* disjoint_darcs & wf_darcs' are old definitions equivalent to wf_darcs; still used for proofs *)
+abbreviation disjoint_darcs :: "(('a,'b) dtree \<times> 'b) fset \<Rightarrow> bool" where
+ "disjoint_darcs xs \<equiv> (\<forall>(x,e1) \<in> fset xs. e1 \<notin> darcs x \<and> (\<forall>(y,e2) \<in> fset xs.
+ (darcs x \<union> {e1}) \<inter> (darcs y \<union> {e2}) = {} \<or> (x,e1)=(y,e2)))"
+
+fun wf_darcs' :: "('a,'b) dtree \<Rightarrow> bool" where
+ "wf_darcs' (Node r xs) = (disjoint_darcs xs \<and> (\<forall>(x,e) \<in> fset xs. wf_darcs' x))"
+
+definition wf_darcs :: "('a,'b) dtree \<Rightarrow> bool" where
+ "wf_darcs t = (\<forall>x \<in># darcs_mset t. count (darcs_mset t) x = 1)"
+
+(* same here as with wf_darcs' *)
+fun wf_dverts' :: "('a,'b) dtree \<Rightarrow> bool" where
+ "wf_dverts' (Node r xs) = (\<forall>(x,e1) \<in> fset xs.
+ r \<notin> dverts x \<and> (\<forall>(y,e2) \<in> fset xs. (dverts x \<inter> dverts y = {} \<or> (x,e1)=(y,e2))) \<and> wf_dverts' x)"
+
+definition wf_dverts :: "('a,'b) dtree \<Rightarrow> bool" where
+ "wf_dverts t = (\<forall>x \<in># dverts_mset t. count (dverts_mset t) x = 1)"
+
+fun dtail :: "('a,'b) dtree \<Rightarrow> ('b \<Rightarrow> 'a) \<Rightarrow> 'b \<Rightarrow> 'a" where
+ "dtail (Node r xs) def = (\<lambda>e. if e \<in> snd ` fset xs then r
+ else (ffold (\<lambda>(x,e2) b.
+ if (x,e2) \<notin> fset xs \<or> e \<notin> darcs x \<or> \<not>wf_darcs (Node r xs)
+ then b else dtail x def) def xs) e)"
+ (* (x,y) \<in> fset case required for termination proof (always fulfilled)
+ disjointness requirement for commutativity *)
+
+fun dhead :: "('a,'b) dtree \<Rightarrow> ('b \<Rightarrow> 'a) \<Rightarrow> 'b \<Rightarrow> 'a" where
+ "dhead (Node r xs) def = (\<lambda>e. (ffold (\<lambda>(x,e2) b.
+ if (x,e2) \<notin> fset xs \<or> e \<notin> (darcs x \<union> {e2}) \<or> \<not>wf_darcs (Node r xs)
+ then b else if e=e2 then root x else dhead x def e) (def e) xs))"
+
+abbreviation from_dtree :: "('b \<Rightarrow> 'a) \<Rightarrow> ('b \<Rightarrow> 'a) \<Rightarrow> ('a,'b) dtree \<Rightarrow> ('a,'b) pre_digraph" where
+ "from_dtree deft defh t \<equiv>
+ \<lparr>verts = dverts t, arcs = darcs t, tail = dtail t deft, head = dhead t defh\<rparr>"
+
+abbreviation from_dtree' :: "('a,'b) dtree \<Rightarrow> ('a,'b) pre_digraph" where
+ "from_dtree' t \<equiv> from_dtree (\<lambda>_. root t) (\<lambda>_. root t) t"
+
+fun is_subtree :: "('a,'b) dtree \<Rightarrow> ('a,'b) dtree \<Rightarrow> bool" where
+ "is_subtree x (Node r xs) =
+ (x = Node r xs \<or> (\<exists>(y,e) \<in> fset xs. is_subtree x y))"
+
+definition strict_subtree :: "('a,'b) dtree \<Rightarrow> ('a,'b) dtree \<Rightarrow> bool" where
+ "strict_subtree t1 t2 \<longleftrightarrow> is_subtree t1 t2 \<and> t1 \<noteq> t2"
+
+fun num_leaves :: "('a,'b) dtree \<Rightarrow> nat" where
+ "num_leaves (Node r xs) = (if xs = {||} then 1 else (\<Sum>(t,e)\<in> fset xs. num_leaves t))"
+
+subsection "Dtree Basic Proofs"
+
+lemma finite_dverts: "finite (dverts t)"
+ by(induction t) auto
+
+lemma finite_darcs: "finite (darcs t)"
+ by(induction t) auto
+
+lemma dverts_child_subseteq: "x \<in> fst ` fset xs \<Longrightarrow> dverts x \<subseteq> dverts (Node r xs)"
+ by fastforce
+
+lemma dverts_suc_subseteq: "x \<in> fst ` fset (sucs t) \<Longrightarrow> dverts x \<subseteq> dverts t"
+ using dverts_child_subseteq[of x "sucs t" "root t"] by simp
+
+lemma dverts_root_or_child: "v \<in> dverts (Node r xs) \<Longrightarrow> v = r \<or> v \<in> (\<Union>(t,e) \<in> fset xs. dverts t)"
+ by auto
+
+lemma dverts_root_or_suc: "v \<in> dverts t \<Longrightarrow> v = root t \<or> (\<exists>(t,e) \<in> fset (sucs t).v \<in> dverts t)"
+ using dverts_root_or_child[of v "root t" "sucs t"] by auto
+
+lemma dverts_child_if_not_root:
+ "\<lbrakk>v \<in> dverts (Node r xs); v \<noteq> r\<rbrakk> \<Longrightarrow> \<exists>t\<in>fst ` fset xs. v \<in> dverts t"
+ by force
+
+lemma dverts_suc_if_not_root:
+ "\<lbrakk>v \<in> dverts t; v \<noteq> root t\<rbrakk> \<Longrightarrow> \<exists>t\<in>fst ` fset (sucs t). v \<in> dverts t"
+ using dverts_root_or_suc by force
+
+lemma darcs_child_subseteq: "x \<in> fst ` fset xs \<Longrightarrow> darcs x \<subseteq> darcs (Node r xs)"
+ by force
+
+lemma mset_sum_elem: "x \<in># (\<Sum>y \<in> fset Y. f y) \<Longrightarrow> \<exists>y \<in> fset Y. x \<in># f y"
+ by (induction Y) (auto simp: notin_fset)
+
+lemma mset_sum_elem_iff: "x \<in># (\<Sum>y \<in> fset Y. f y) \<longleftrightarrow> (\<exists>y \<in> fset Y. x \<in># f y)"
+ by (induction Y) (auto simp: notin_fset)
+
+lemma mset_sum_elemI: "\<lbrakk>y \<in> fset Y; x \<in># f y\<rbrakk> \<Longrightarrow> x \<in># (\<Sum>y \<in> fset Y. f y)"
+ by (induction Y) (auto simp: notin_fset)
+
+lemma darcs_mset_elem:
+ "x \<in># darcs_mset (Node r xs) \<Longrightarrow> \<exists>(t,e) \<in> fset xs. x \<in># darcs_mset t \<or> x = e"
+ using mset_sum_elem by fastforce
+
+lemma darcs_mset_if_nsnd:
+ "\<lbrakk>x \<in># darcs_mset (Node r xs); x \<notin> snd ` fset xs\<rbrakk> \<Longrightarrow> \<exists>(t1,e1) \<in> fset xs. x \<in># darcs_mset t1"
+ using darcs_mset_elem[of x r xs] by force
+
+lemma darcs_mset_suc_if_nsnd:
+ "\<lbrakk>x \<in># darcs_mset t; x \<notin> snd ` fset (sucs t)\<rbrakk> \<Longrightarrow> \<exists>(t1,e1) \<in> fset (sucs t). x \<in># darcs_mset t1"
+ using darcs_mset_if_nsnd[of x "root t" "sucs t"] by simp
+
+lemma darcs_mset_if_nchild:
+ "\<lbrakk>x \<in># darcs_mset (Node r xs); \<nexists>t1 e1. (t1,e1) \<in> fset xs \<and> x \<in># darcs_mset t1\<rbrakk>
+ \<Longrightarrow> x \<in> snd ` fset xs"
+ using mset_sum_elem by force
+
+lemma darcs_mset_if_nsuc:
+ "\<lbrakk>x \<in># darcs_mset t; \<nexists>t1 e1. (t1,e1) \<in> fset (sucs t) \<and> x \<in># darcs_mset t1\<rbrakk>
+ \<Longrightarrow> x \<in> snd ` fset (sucs t)"
+ using darcs_mset_if_nchild[of x "root t" "sucs t"] by simp
+
+lemma darcs_mset_if_snd[intro]: "x \<in> snd ` fset xs \<Longrightarrow> x \<in># darcs_mset (Node r xs)"
+ by (induction xs) (auto simp: notin_fset)
+
+lemma darcs_mset_suc_if_snd[intro]: "x \<in> snd ` fset (sucs t) \<Longrightarrow> x \<in># darcs_mset t"
+ using darcs_mset_if_snd[of x "sucs t" "root t"] by simp
+
+lemma darcs_mset_if_child[intro]:
+ "\<lbrakk>(t1,e1) \<in> fset xs; x \<in># darcs_mset t1\<rbrakk> \<Longrightarrow> x \<in># darcs_mset (Node r xs)"
+ by (induction xs) (auto simp: notin_fset)
+
+lemma darcs_mset_if_suc[intro]:
+ "\<lbrakk>(t1,e1) \<in> fset (sucs t); x \<in># darcs_mset t1\<rbrakk> \<Longrightarrow> x \<in># darcs_mset t"
+ using darcs_mset_if_child[of t1 e1 "sucs t" x "root t"] by simp
+
+lemma darcs_mset_sub_darcs: "set_mset (darcs_mset t) \<subseteq> darcs t"
+proof(standard, induction t rule: darcs_mset.induct)
+ case (1 r xs)
+ then show ?case
+ proof(cases "x \<in> snd ` fset xs")
+ case False
+ then obtain t1 e1 where "(t1,e1) \<in> fset xs \<and> x \<in># darcs_mset t1"
+ using "1.prems" darcs_mset_if_nsnd[of x r] by blast
+ then show ?thesis using "1.IH" by force
+ qed(force)
+qed
+
+lemma darcs_sub_darcs_mset: "darcs t \<subseteq> set_mset (darcs_mset t)"
+proof(standard, induction t rule: darcs_mset.induct)
+ case (1 r xs)
+ then show ?case
+ proof(cases "x \<in> snd ` fset xs")
+ case False
+ then obtain t1 e1 where "(t1,e1) \<in> fset xs \<and> x \<in> darcs t1"
+ using "1.prems" by force
+ then show ?thesis using "1.IH" by blast
+ qed(blast)
+qed
+
+lemma darcs_mset_eq_darcs[simp]: "set_mset (darcs_mset t) = darcs t"
+ using darcs_mset_sub_darcs darcs_sub_darcs_mset by force
+
+lemma dverts_mset_elem:
+ "x \<in># dverts_mset (Node r xs) \<Longrightarrow> (\<exists>(t,e) \<in> fset xs. x \<in># dverts_mset t) \<or> x = r"
+ using mset_sum_elem by fastforce
+
+lemma dverts_mset_if_nroot:
+ "\<lbrakk>x \<in># dverts_mset (Node r xs); x \<noteq> r\<rbrakk> \<Longrightarrow> \<exists>(t1,e1) \<in> fset xs. x \<in># dverts_mset t1"
+ using dverts_mset_elem[of x r xs] by blast
+
+lemma dverts_mset_suc_if_nroot:
+ "\<lbrakk>x \<in># dverts_mset t; x \<noteq> root t\<rbrakk> \<Longrightarrow> \<exists>(t1,e1) \<in> fset (sucs t). x \<in># dverts_mset t1"
+ using dverts_mset_if_nroot[of x "root t" "sucs t"] by simp
+
+lemma dverts_mset_if_nchild:
+ "\<lbrakk>x \<in># dverts_mset (Node r xs); \<nexists>t1 e1. (t1,e1) \<in> fset xs \<and> x \<in># dverts_mset t1\<rbrakk> \<Longrightarrow> x = r"
+ using mset_sum_elem by force
+
+lemma dverts_mset_if_nsuc:
+ "\<lbrakk>x \<in># dverts_mset t; \<nexists>t1 e1. (t1,e1) \<in> fset (sucs t) \<and> x \<in># dverts_mset t1\<rbrakk> \<Longrightarrow> x = root t"
+ using dverts_mset_if_nchild[of x "root t" "sucs t"] by simp
+
+lemma dverts_mset_if_root[intro]: "x = r \<Longrightarrow> x \<in># dverts_mset (Node r xs)"
+ by simp
+
+lemma dverts_mset_suc_if_root[intro]: "x = root t \<Longrightarrow> x \<in># dverts_mset t"
+ using dverts_mset_if_root[of x "root t" "sucs t"] by simp
+
+lemma dverts_mset_if_child[intro]:
+ "\<lbrakk>(t1,e1) \<in> fset xs; x \<in># dverts_mset t1\<rbrakk> \<Longrightarrow> x \<in># dverts_mset (Node r xs)"
+ by (induction xs) (auto simp: notin_fset)
+
+lemma dverts_mset_if_suc[intro]:
+ "\<lbrakk>(t1,e1) \<in> fset (sucs t); x \<in># dverts_mset t1\<rbrakk> \<Longrightarrow> x \<in># dverts_mset t"
+ using dverts_mset_if_child[of t1 e1 "sucs t" x "root t"] by simp
+
+lemma dverts_mset_sub_dverts: "set_mset (dverts_mset t) \<subseteq> dverts t"
+proof(standard, induction t)
+ case (Node r xs)
+ then show ?case
+ proof(cases "x = r")
+ case False
+ then obtain t1 e1 where "(t1,e1) \<in> fset xs \<and> x \<in># dverts_mset t1"
+ using Node.prems dverts_mset_if_nroot by fast
+ then show ?thesis using Node.IH by fastforce
+ qed(simp)
+qed
+
+lemma dverts_sub_dverts_mset: "dverts t \<subseteq> set_mset (dverts_mset t)"
+proof(standard, induction t rule: dverts_mset.induct)
+ case (1 r xs)
+ then show ?case
+ proof(cases "x = r")
+ case False
+ then obtain t1 e1 where "(t1,e1) \<in> fset xs \<and> x \<in> dverts t1"
+ using "1.prems" by force
+ then show ?thesis using "1.IH" by blast
+ qed(simp)
+qed
+
+lemma dverts_mset_eq_dverts[simp]: "set_mset (dverts_mset t) = dverts t"
+ using dverts_mset_sub_dverts dverts_sub_dverts_mset by force
+
+lemma mset_sum_count_le: "y \<in> fset Y \<Longrightarrow> count (f y) x \<le> count (\<Sum>y \<in> fset Y. f y) x"
+ by (induction Y) (auto simp: notin_fset)
+
+lemma darcs_mset_alt:
+ "darcs_mset (Node r xs) = (\<Sum>(t,e) \<in> fset xs. {#e#}) + (\<Sum>(t,e) \<in> fset xs. darcs_mset t)"
+ by (induction xs) (auto simp: notin_fset)
+
+lemma darcs_mset_ge_child:
+ "t1 \<in> fst ` fset xs \<Longrightarrow> count (darcs_mset t1) x \<le> count (darcs_mset (Node r xs)) x"
+ by (induction xs) (force simp: notin_fset)+
+
+lemma darcs_mset_ge_suc:
+ "t1 \<in> fst ` fset (sucs t) \<Longrightarrow> count (darcs_mset t1) x \<le> count (darcs_mset t) x"
+ using darcs_mset_ge_child[of t1 "sucs t" x "root t"] by simp
+
+lemma darcs_mset_count_sum_aux:
+ "(\<Sum>(t1,e1) \<in> fset xs. count (darcs_mset t1) x) = count ((\<Sum>(t,e) \<in> fset xs. darcs_mset t)) x"
+ by (smt (verit, ccfv_SIG) count_add_mset count_sum multi_self_add_other_not_self
+ prod.case prod.case_distrib split_cong sum.cong)
+
+lemma darcs_mset_count_sum_aux0:
+ "x \<notin> snd ` fset xs \<Longrightarrow> count ((\<Sum>(t, e)\<in>fset xs. {#e#})) x = 0"
+ by (induction xs) (auto simp: notin_fset)
+
+lemma darcs_mset_count_sum_eq:
+ "x \<notin> snd ` fset xs
+ \<Longrightarrow> (\<Sum>(t1,e1) \<in> fset xs. count (darcs_mset t1) x) = count (darcs_mset (Node r xs)) x"
+ unfolding darcs_mset_alt using darcs_mset_count_sum_aux darcs_mset_count_sum_aux0 by fastforce
+
+lemma darcs_mset_count_sum_ge:
+ "(\<Sum>(t1,e1) \<in> fset xs. count (darcs_mset t1) x) \<le> count (darcs_mset (Node r xs)) x"
+ by (induction xs) (auto simp: notin_fset split: prod.splits)
+
+lemma wf_darcs_alt: "wf_darcs t \<longleftrightarrow> (\<forall>x. count (darcs_mset t) x \<le> 1)"
+ unfolding wf_darcs_def by (metis count_greater_eq_one_iff dual_order.eq_iff linorder_le_cases)
+
+lemma disjoint_darcs_simp:
+ "\<lbrakk>(t1,e1) \<in> fset xs; (t2,e2) \<in> fset xs; (t1,e1) \<noteq> (t2,e2); disjoint_darcs xs\<rbrakk>
+ \<Longrightarrow> (darcs t1 \<union> {e1}) \<inter> (darcs t2 \<union> {e2}) = {}"
+ by fast
+
+lemma disjoint_darcs_single: "e \<notin> darcs t \<longleftrightarrow> disjoint_darcs {|(t,e)|}"
+ by simp
+
+lemma disjoint_darcs_insert: "disjoint_darcs (finsert x xs) \<Longrightarrow> disjoint_darcs xs"
+ by simp fast
+
+lemma wf_darcs_rec[dest]:
+ assumes "wf_darcs (Node r xs)" and "t1 \<in> fst ` fset xs"
+ shows "wf_darcs t1"
+unfolding wf_darcs_def proof (rule ccontr)
+ assume asm: "\<not> (\<forall>x \<in># darcs_mset t1. count (darcs_mset t1) x = 1)"
+ then obtain x where x_def: "x \<in># darcs_mset t1" "count (darcs_mset t1) x \<noteq> 1"
+ by blast
+ then have "count (darcs_mset t1) x > 1" by (simp add: order_le_neq_trans)
+ then have "count (darcs_mset (Node r xs)) x > 1"
+ using assms(2) darcs_mset_ge_child[of t1 xs x] by simp
+ moreover have "x \<in># (darcs_mset (Node r xs))"
+ using x_def(1) assms(2) by fastforce
+ ultimately show False using assms(1) unfolding wf_darcs_def by simp
+qed
+
+lemma disjoint_darcs_if_wf_aux1: "\<lbrakk>wf_darcs (Node r xs); (t1,e1) \<in> fset xs\<rbrakk> \<Longrightarrow> e1 \<notin> darcs t1"
+ apply (induction xs)
+ apply(auto simp: notin_fset wf_darcs_def split: if_splits prod.splits)[2]
+ by (metis UnI2 add_is_1 count_eq_zero_iff)
+
+lemma fset_sum_ge_elem2:
+ "\<lbrakk>x \<in> fset X; y \<in> fset X; x \<noteq> y\<rbrakk> \<Longrightarrow> (f :: 'a \<Rightarrow> nat) x + f y \<le> (\<Sum>x \<in> fset X. f x)"
+ by (induction X) (auto simp: notin_fset fset_sum_ge_elem)
+
+lemma darcs_children_count_ge2_aux:
+ assumes "(t1,e1) \<in> fset xs" and "(t2,e2) \<in> fset xs" and "(t1,e1) \<noteq> (t2,e2)"
+ and "e \<in> darcs t1" and "e \<in> darcs t2"
+ shows "(\<Sum>(t1, e1)\<in>fset xs. count (darcs_mset t1) e) \<ge> 2"
+proof -
+ have "2 \<le> 1 + count (darcs_mset t2) e"
+ using assms(2,5) by simp
+ also have "\<dots> \<le> count (darcs_mset t1) e + count (darcs_mset t2) e"
+ using assms(1,4) by simp
+ finally show ?thesis
+ using fset_sum_ge_elem2[OF assms(1-3), of "\<lambda>(t1,e1). count (darcs_mset t1) e"] by simp
+qed
+
+lemma darcs_children_count_ge2:
+ assumes "(t1,e1) \<in> fset xs" and "(t2,e2) \<in> fset xs" and "(t1,e1) \<noteq> (t2,e2)"
+ and "e \<in> darcs t1" and "e \<in> darcs t2"
+ shows "count (darcs_mset (Node r xs)) e \<ge> 2"
+ using darcs_children_count_ge2_aux[OF assms] darcs_mset_count_sum_ge dual_order.trans by fast
+
+lemma darcs_children_count_not1:
+ "\<lbrakk>(t1,e1) \<in> fset xs; (t2,e2) \<in> fset xs; (t1,e1) \<noteq> (t2,e2); e \<in> darcs t1; e \<in> darcs t2\<rbrakk>
+ \<Longrightarrow> count (darcs_mset (Node r xs)) e \<noteq> 1"
+ using darcs_children_count_ge2 by fastforce
+
+lemma disjoint_darcs_if_wf_aux2:
+ assumes "wf_darcs (Node r xs)"
+ and "(t1,e1) \<in> fset xs" and "(t2,e2) \<in> fset xs" and "(t1,e1) \<noteq> (t2,e2)"
+ shows "darcs t1 \<inter> darcs t2 = {}"
+proof(rule ccontr)
+ assume "darcs t1 \<inter> darcs t2 \<noteq> {}"
+ then obtain e where e_def: "e \<in> darcs t1" "e \<in> darcs t2" by blast
+ then have "e \<in> darcs (Node r xs)" using assms(2) by force
+ then have "e \<in># darcs_mset (Node r xs)" using darcs_mset_eq_darcs by fast
+ then show False
+ using darcs_children_count_ge2[OF assms(2-4) e_def] assms(1) unfolding wf_darcs_def by simp
+qed
+
+lemma darcs_child_count_ge1:
+ "\<lbrakk>(t1,e1) \<in> fset xs; e2 \<in> darcs t1\<rbrakk> \<Longrightarrow> count (\<Sum>(t, e)\<in>fset xs. darcs_mset t) e2 \<ge> 1"
+ by (simp add: mset_sum_elemI)
+
+lemma darcs_snd_count_ge1:
+ "(t2,e2) \<in> fset xs \<Longrightarrow> count (\<Sum>(t, e)\<in>fset xs. {#e#}) e2 \<ge> 1"
+ by (simp add: mset_sum_elemI)
+
+lemma darcs_child_count_ge2:
+ "\<lbrakk>(t1,e1) \<in> fset xs; (t2,e2) \<in> fset xs; e2 \<in> darcs t1\<rbrakk> \<Longrightarrow> count (darcs_mset (Node r xs)) e2 \<ge> 2"
+ unfolding darcs_mset_alt
+ by (metis darcs_child_count_ge1 darcs_snd_count_ge1 add_mono count_union one_add_one)
+
+lemma disjoint_darcs_if_wf_aux3:
+ assumes "wf_darcs (Node r xs)" and "(t1,e1) \<in> fset xs" and "(t2,e2) \<in> fset xs"
+ shows "e2 \<notin> darcs t1"
+proof
+ assume asm: "e2 \<in> darcs t1"
+ then have "e2 \<in> darcs (Node r xs)" using assms(2) by force
+ then have "e2 \<in># darcs_mset (Node r xs)" using darcs_mset_eq_darcs by fast
+ then show False using darcs_child_count_ge2 asm assms(1-3) unfolding wf_darcs_def by fastforce
+qed
+
+lemma darcs_snds_count_ge2_aux:
+ assumes "(t1,e1) \<in> fset xs" and "(t2,e2) \<in> fset xs" and "(t1,e1) \<noteq> (t2,e2)" and "e1 = e2"
+ shows "count (\<Sum>(t, e)\<in>fset xs. {#e#}) e2 \<ge> 2"
+using assms proof(induction xs)
+ case (insert x xs)
+ then consider "x = (t1,e1)" | "x = (t2,e2)" | "(t1,e1) \<in> fset xs" "(t2,e2) \<in> fset xs" by auto
+ then show ?case
+ proof(cases)
+ case 1
+ then have "count (\<Sum>(t, e)\<in>fset xs. {#e#}) e2 \<ge> 1"
+ using insert.prems(2,3) darcs_snd_count_ge1 by auto
+ then show ?thesis using insert.prems(4) insert.hyps 1 by (auto simp: notin_fset)
+ next
+ case 2
+ then have "count (\<Sum>(t, e)\<in>fset xs. {#e#}) e2 \<ge> 1"
+ using insert.prems(1,3,4) darcs_snd_count_ge1 by auto
+ then show ?thesis using insert.prems(4) insert.hyps 2 by (auto simp: notin_fset)
+ next
+ case 3
+ then show ?thesis using insert.IH insert.prems(3,4) insert.hyps by (auto simp: notin_fset)
+ qed
+qed(simp)
+
+lemma darcs_snds_count_ge2:
+ "\<lbrakk>(t1,e1) \<in> fset xs; (t2,e2) \<in> fset xs; (t1,e1) \<noteq> (t2,e2); e1 = e2\<rbrakk>
+ \<Longrightarrow> count (darcs_mset (Node r xs)) e2 \<ge> 2"
+ using darcs_snds_count_ge2_aux unfolding darcs_mset_alt by fastforce
+
+lemma disjoint_darcs_if_wf_aux4:
+ assumes "wf_darcs (Node r xs)"
+ and "(t1,e1) \<in> fset xs"
+ and "(t2,e2) \<in> fset xs"
+ and "(t1,e1) \<noteq> (t2,e2)"
+ shows "e1 \<noteq> e2"
+proof
+ assume asm: "e1 = e2"
+ have "e2 \<in># darcs_mset (Node r xs)" using assms(3) darcs_mset_if_snd by fastforce
+ then show False
+ using assms(1) darcs_snds_count_ge2[OF assms(2-4) asm] unfolding wf_darcs_def by simp
+qed
+
+lemma disjoint_darcs_if_wf_aux5:
+ "\<lbrakk>wf_darcs (Node r xs); (t1,e1) \<in> fset xs; (t2,e2) \<in> fset xs; (t1,e1) \<noteq> (t2,e2)\<rbrakk>
+ \<Longrightarrow>(darcs t1 \<union> {e1}) \<inter> (darcs t2 \<union> {e2}) = {}"
+ by (auto dest: disjoint_darcs_if_wf_aux4 disjoint_darcs_if_wf_aux3 disjoint_darcs_if_wf_aux2)
+
+lemma disjoint_darcs_if_wf_xs: "wf_darcs (Node r xs) \<Longrightarrow> disjoint_darcs xs"
+ by (auto dest: disjoint_darcs_if_wf_aux1 disjoint_darcs_if_wf_aux5)
+
+lemma disjoint_darcs_if_wf: "wf_darcs t \<Longrightarrow> disjoint_darcs (sucs t)"
+ using disjoint_darcs_if_wf_xs[of "root t" "sucs t"] by simp
+
+lemma wf_darcs'_if_darcs: "wf_darcs t \<Longrightarrow> wf_darcs' t"
+proof(induction t)
+ case (Node r xs)
+ then show ?case using disjoint_darcs_if_wf_xs[OF Node.prems] by fastforce
+qed
+
+lemma wf_darcs_if_darcs'_aux:
+ "\<lbrakk>\<forall>(x,e) \<in> fset xs. wf_darcs x; disjoint_darcs xs\<rbrakk> \<Longrightarrow> wf_darcs (Node r xs)"
+ apply(simp split: prod.splits)
+ apply(induction xs)
+ apply(auto simp: notin_fset wf_darcs_def count_eq_zero_iff)[2]
+ by (fastforce dest: mset_sum_elem)+
+
+lemma wf_darcs_if_darcs': "wf_darcs' t \<Longrightarrow> wf_darcs t"
+proof(induction t)
+ case (Node r xs)
+ then show ?case using wf_darcs_if_darcs'_aux[of xs] by fastforce
+qed
+
+corollary wf_darcs_iff_darcs': "wf_darcs t \<longleftrightarrow> wf_darcs' t"
+ using wf_darcs_if_darcs' wf_darcs'_if_darcs by blast
+
+lemma disjoint_darcs_subset:
+ assumes "xs |\<subseteq>| ys" and "disjoint_darcs ys"
+ shows "disjoint_darcs xs"
+proof (rule ccontr)
+ assume "\<not> disjoint_darcs xs"
+ then obtain x e1 y e2 where x_def: "(x,e1) \<in> fset xs" "(y,e2) \<in> fset xs"
+ "e1 \<in> darcs x \<or> (darcs x \<union> {e1}) \<inter> (darcs y \<union> {e2}) \<noteq> {} \<and> (x,e1)\<noteq>(y,e2)"
+ by blast
+ have "(x,e1) \<in> fset ys" "(y,e2) \<in> fset ys" using x_def(1,2) assms(1) less_eq_fset.rep_eq by fast+
+ then show False using assms(2) x_def(3) by fast
+qed
+
+lemma disjoint_darcs_img:
+ assumes "disjoint_darcs xs" and "\<forall>(t,e) \<in> fset xs. darcs (f t) \<subseteq> darcs t"
+ shows "disjoint_darcs ((\<lambda>(t,e). (f t,e)) |`| xs)" (is "disjoint_darcs ?xs")
+proof (rule ccontr)
+ assume "\<not> disjoint_darcs ?xs"
+ then obtain x1 e1 y1 e2 where asm: "(x1,e1) \<in> fset ?xs" "(y1,e2) \<in> fset ?xs"
+ "e1 \<in> darcs x1 \<or> (darcs x1 \<union> {e1}) \<inter> (darcs y1 \<union> {e2}) \<noteq> {} \<and> (x1,e1)\<noteq>(y1,e2)"
+ by blast
+ then obtain x2 where x2_def: "f x2 = x1" "(x2,e1) \<in> fset xs" by auto
+ obtain y2 where y2_def: "f y2 = y1" "(y2,e2) \<in> fset xs" using asm(2) by auto
+ have "darcs x1 \<subseteq> darcs x2" using assms(2) x2_def by fast
+ moreover have "darcs y1 \<subseteq> darcs y2" using assms(2) y2_def by fast
+ ultimately have "\<not> disjoint_darcs xs" using asm(3) x2_def y2_def by fast
+ then show False using assms(1) by blast
+qed
+
+lemma dverts_mset_count_sum_ge:
+ "(\<Sum>(t1,e1) \<in> fset xs. count (dverts_mset t1) x) \<le> count (dverts_mset (Node r xs)) x"
+ by (induction xs) (auto simp: notin_fset)
+
+lemma dverts_children_count_ge2_aux:
+ assumes "(t1,e1) \<in> fset xs" and "(t2,e2) \<in> fset xs" and "(t1,e1) \<noteq> (t2,e2)"
+ and "x \<in> dverts t1" and "x \<in> dverts t2"
+ shows "(\<Sum>(t1, e1)\<in>fset xs. count (dverts_mset t1) x) \<ge> 2"
+proof -
+ have "2 \<le> count (dverts_mset t1) x + 1" using assms(4) by simp
+ also have "\<dots> \<le> count (dverts_mset t1) x + count (dverts_mset t2) x" using assms(5) by simp
+ finally show ?thesis
+ using fset_sum_ge_elem2[OF assms(1-3), of "\<lambda>(t1,e1). count (dverts_mset t1) x"] by simp
+qed
+
+lemma dverts_children_count_ge2:
+ assumes "(t1,e1) \<in> fset xs" and "(t2,e2) \<in> fset xs" and "(t1,e1) \<noteq> (t2,e2)"
+ and "x \<in> dverts t1" and "x \<in> dverts t2"
+ shows "count (dverts_mset (Node r xs)) x \<ge> 2"
+ using dverts_children_count_ge2_aux[OF assms] dverts_mset_count_sum_ge le_trans by fast
+
+lemma disjoint_dverts_if_wf_aux:
+ assumes "wf_dverts (Node r xs)"
+ and "(t1,e1) \<in> fset xs" and "(t2,e2) \<in> fset xs" and "(t1,e1) \<noteq> (t2,e2)"
+ shows "dverts t1 \<inter> dverts t2 = {}"
+proof (rule ccontr)
+ assume "dverts t1 \<inter> dverts t2 \<noteq> {}"
+ then obtain x where x_def: "x \<in> dverts t1" "x \<in> dverts t2" by blast
+ then have "2 \<le> count (dverts_mset (Node r xs)) x"
+ using dverts_children_count_ge2[OF assms(2-4)] by blast
+ moreover have "x \<in># (dverts_mset (Node r xs))" using assms(2) x_def(1) by fastforce
+ ultimately show False using assms(1) unfolding wf_dverts_def by fastforce
+qed
+
+lemma disjoint_dverts_if_wf:
+ "wf_dverts (Node r xs)
+ \<Longrightarrow> \<forall>(x,e1) \<in> fset xs. \<forall>(y,e2) \<in> fset xs. (dverts x \<inter> dverts y = {} \<or> (x,e1)=(y,e2))"
+ using disjoint_dverts_if_wf_aux by fast
+
+lemma disjoint_dverts_if_wf_sucs:
+ "wf_dverts t
+ \<Longrightarrow> \<forall>(x,e1) \<in> fset (sucs t). \<forall>(y,e2) \<in> fset (sucs t).
+ (dverts x \<inter> dverts y = {} \<or> (x,e1)=(y,e2))"
+ using disjoint_dverts_if_wf[of "root t" "sucs t"] by simp
+
+lemma dverts_child_count_ge1:
+ "\<lbrakk>(t1,e1) \<in> fset xs; x \<in> dverts t1\<rbrakk> \<Longrightarrow> count (\<Sum>(t, e)\<in>fset xs. dverts_mset t) x \<ge> 1"
+ by (simp add: mset_sum_elemI)
+
+lemma root_not_child_if_wf_dverts: "\<lbrakk>wf_dverts (Node r xs); (t1,e1) \<in> fset xs\<rbrakk> \<Longrightarrow> r \<notin> dverts t1"
+ by (fastforce dest: dverts_child_count_ge1 simp: wf_dverts_def)
+
+lemma root_not_child_if_wf_dverts': "wf_dverts (Node r xs) \<Longrightarrow> \<forall>(t1,e1) \<in> fset xs. r \<notin> dverts t1"
+ by (fastforce dest: dverts_child_count_ge1 simp: wf_dverts_def)
+
+lemma dverts_mset_ge_child:
+ "t1 \<in> fst ` fset xs \<Longrightarrow> count (dverts_mset t1) x \<le> count (dverts_mset (Node r xs)) x"
+ by (induction xs) (force simp: notin_fset)+
+
+lemma wf_dverts_rec[dest]:
+ assumes "wf_dverts (Node r xs)" and "t1 \<in> fst ` fset xs"
+ shows "wf_dverts t1"
+unfolding wf_dverts_def proof (rule ccontr)
+ assume asm: "\<not> (\<forall>x \<in># dverts_mset t1. count (dverts_mset t1) x = 1)"
+ then obtain x where x_def: "x \<in># dverts_mset t1" "count (dverts_mset t1) x \<noteq> 1"
+ by blast
+ then have "count (dverts_mset t1) x > 1" by (simp add: order_le_neq_trans)
+ then have "count (dverts_mset (Node r xs)) x > 1"
+ using assms(2) dverts_mset_ge_child[of t1 xs x r] by simp
+ moreover have "x \<in># (dverts_mset (Node r xs))"
+ using x_def(1) assms(2) by fastforce
+ ultimately show False using assms(1) unfolding wf_dverts_def by fastforce
+qed
+
+lemma wf_dverts'_if_dverts: "wf_dverts t \<Longrightarrow> wf_dverts' t"
+proof(induction t)
+ case (Node r xs)
+ then have "\<forall>(x,e1)\<in>fset xs. wf_dverts' x" by auto
+ then show ?case
+ using disjoint_dverts_if_wf[OF Node.prems] root_not_child_if_wf_dverts'[OF Node.prems]
+ by fastforce
+qed
+
+lemma wf_dverts_if_dverts'_aux:
+ "\<lbrakk>\<forall>(x,e) \<in> fset xs. wf_dverts x;
+ \<forall>(x,e1) \<in> fset xs. r \<notin> dverts x \<and> (\<forall>(y,e2) \<in> fset xs.
+ (dverts x \<inter> dverts y = {} \<or> (x,e1)=(y,e2)))\<rbrakk>
+ \<Longrightarrow> wf_dverts (Node r xs)"
+ apply(simp split: prod.splits)
+ apply(induction xs)
+ apply(auto simp: notin_fset wf_dverts_def count_eq_zero_iff)[2]
+ by (fastforce dest: mset_sum_elem)+
+
+lemma wf_dverts_if_dverts': "wf_dverts' t \<Longrightarrow> wf_dverts t"
+proof(induction t)
+ case (Node r xs)
+ then show ?case using wf_dverts_if_dverts'_aux[of xs] by fastforce
+qed
+
+corollary wf_dverts_iff_dverts': "wf_dverts t \<longleftrightarrow> wf_dverts' t"
+ using wf_dverts_if_dverts' wf_dverts'_if_dverts by blast
+
+lemma wf_dverts_sub:
+ assumes "xs |\<subseteq>| ys" and "wf_dverts (Node r ys)"
+ shows "wf_dverts (Node r xs)"
+proof -
+ have "ys |\<union>| xs = ys" using assms(1) by blast
+ then have "wf_dverts (Node r (ys |\<union>| xs))" using assms(2) by simp
+ then show ?thesis unfolding wf_dverts_iff_dverts' by fastforce
+qed
+
+lemma count_subset_le:
+ "xs |\<subseteq>| ys \<Longrightarrow> count (\<Sum>x \<in> fset xs. f x) a \<le> count (\<Sum>x \<in> fset ys. f x) a"
+proof(induction ys arbitrary: xs)
+ case (insert y ys)
+ then show ?case
+ proof(cases "y |\<in>| xs")
+ case True
+ then obtain xs' where xs'_def: "finsert y xs' = xs" "y |\<notin>| xs'"
+ by blast
+ then have "xs' |\<subseteq>| ys" using insert.prems by blast
+ have "count (\<Sum>x \<in> fset xs. f x) a = count (\<Sum>x \<in> fset xs'. f x) a + count (f y) a"
+ using xs'_def by (auto simp: notin_fset)
+ also have "\<dots> \<le> count (\<Sum>x \<in> fset ys. f x) a + count (f y) a"
+ using \<open>xs' |\<subseteq>| ys\<close> insert.IH by simp
+ also have "\<dots> = count (\<Sum>x \<in> fset (finsert y ys). f x) a"
+ using insert.hyps by (auto simp: notin_fset)
+ finally show ?thesis .
+ next
+ case False
+ then have "count (\<Sum>x \<in> fset xs. f x) a \<le> count (\<Sum>x \<in> fset ys. f x) a"
+ using insert.prems insert.IH by blast
+ then show ?thesis using insert.hyps by (auto simp: notin_fset)
+ qed
+qed(simp)
+
+lemma darcs_mset_count_le_subset:
+ "xs |\<subseteq>| ys \<Longrightarrow> count (darcs_mset (Node r' xs)) x \<le> count (darcs_mset (Node r ys)) x"
+ using count_subset_le by fastforce
+
+lemma wf_darcs_sub: "\<lbrakk>xs |\<subseteq>| ys; wf_darcs (Node r' ys)\<rbrakk> \<Longrightarrow> wf_darcs (Node r xs)"
+ unfolding wf_darcs_def using darcs_mset_count_le_subset
+ by (smt (verit, best) count_greater_eq_one_iff le_trans verit_la_disequality)
+
+lemma wf_darcs_sucs: "\<lbrakk>wf_darcs t; x \<in> fset (sucs t)\<rbrakk> \<Longrightarrow> wf_darcs (Node r {|x|})"
+ using wf_darcs_sub[of "{|x|}" "sucs t" "root t"] by (simp add: less_eq_fset.rep_eq)
+
+lemma size_fset_alt:
+ "size_fset (size_prod snd (\<lambda>_. 0)) (map_prod (\<lambda>t. (t, size t)) (\<lambda>x. x) |`| xs)
+ = (\<Sum>(x,y)\<in> fset xs. size x + 2)"
+proof -
+ have "size_fset (size_prod snd (\<lambda>_. 0)) (map_prod (\<lambda>t. (t, size t)) (\<lambda>x. x) |`| xs)
+ = (\<Sum>u\<in>(\<lambda>(x,y). ((x,size x), y)) ` fset xs. snd (fst u) + 2)"
+ by (simp add: size_prod_simp map_prod_def)
+ also have "\<dots> = (\<Sum>(x,y) \<in> fset xs. size x + 2)"
+ using case_prod_beta' comm_monoid_add_class.sum.eq_general
+ by (smt (verit, del_insts) Pair_inject fstI imageE imageI prod_eqI snd_conv)
+ finally show ?thesis .
+qed
+
+lemma dtree_size_alt: "size (Node r xs) = (\<Sum>(x,y)\<in> fset xs. size x + 2) + 1"
+ using size_fset_alt by auto
+
+lemma dtree_size_eq_root: "size (Node r xs) = size (Node r' xs)"
+ by auto
+
+lemma size_combine_decr: "size (Node (r@root t1) (sucs t1)) < size (Node r {|(t1, e1)|})"
+ using dtree_size_eq_root[of "r@root t1" "sucs t1" "root t1"] by simp
+
+lemma size_le_if_child_subset: "xs |\<subseteq>| ys \<Longrightarrow> size (Node r xs) \<le> size (Node v ys)"
+ unfolding dtree_size_alt by (simp add: dtree_size_alt less_eq_fset.rep_eq sum.subset_diff)
+
+lemma size_le_if_sucs_subset: "sucs t1 |\<subseteq>| sucs t2 \<Longrightarrow> size t1 \<le> size t2"
+ using size_le_if_child_subset[of "sucs t1" "sucs t2" "root t1" "root t2"] by simp
+
+lemma combine_uneq: "Node r {|(t1, e1)|} \<noteq> Node (r@root t1) (sucs t1)"
+ using size_combine_decr[of r t1 e1] by fastforce
+
+lemma child_uneq: "t \<in> fst ` fset xs \<Longrightarrow> Node r xs \<noteq> t"
+ using dtree_size_decr_aux' by fast
+
+lemma suc_uneq: "t1 \<in> fst ` fset (sucs t) \<Longrightarrow> t \<noteq> t1"
+ using child_uneq[of t1 "sucs t" "root t"] by simp
+
+lemma singleton_uneq: "Node r {|(t,e)|} \<noteq> t"
+ using child_uneq[of t] by simp
+
+lemma child_uneq': "t \<in> fst ` fset xs \<Longrightarrow> Node r xs \<noteq> Node v (sucs t)"
+ using dtree_size_decr_aux'[of t] dtree_size_eq_root[of "root t" "sucs t"] by auto
+
+lemma suc_uneq': "t1 \<in> fst ` fset (sucs t) \<Longrightarrow> t \<noteq> Node v (sucs t1)"
+ using child_uneq'[of t1 "sucs t" "root t"] by simp
+
+lemma singleton_uneq': "Node r {|(t,e)|} \<noteq> Node v (sucs t)"
+ using child_uneq'[of t] by simp
+
+lemma singleton_suc: "t \<in> fst ` fset (sucs (Node r {|(t,e)|}))"
+ by simp
+
+lemma fcard_image_le: "fcard (f |`| xs) \<le> fcard xs"
+ by (simp add: FSet.fcard.rep_eq card_image_le)
+
+lemma sum_img_le:
+ assumes "\<forall>t \<in> fst ` fset xs. (g::'a \<Rightarrow> nat) (f t) \<le> g t"
+ shows "(\<Sum>(x,y)\<in> fset ((\<lambda>(t,e). (f t, e)) |`| xs). g x) \<le> (\<Sum>(x,y)\<in> fset xs. g x)"
+using assms proof(induction xs)
+ case (insert x xs)
+ obtain t e where t_def: "x = (t,e)" by fastforce
+ then show ?case
+ proof(cases "(f t,e) \<notin> fset ((\<lambda>(t,e). (f t, e)) |`| xs)")
+ case True
+ then have "(\<Sum>(x,y)\<in> fset ((\<lambda>(t,e). (f t, e)) |`| (finsert x xs)). g x)
+ = g (f t) + (\<Sum>(x,y)\<in> fset ((\<lambda>(t,e). (f t, e)) |`| xs). g x)"
+ using t_def by auto
+ also have "\<dots> \<le> g t + (\<Sum>(x,y)\<in> fset ((\<lambda>(t,e). (f t, e)) |`| xs). g x)"
+ using insert.prems t_def by auto
+ also have "\<dots> \<le> g t + (\<Sum>(x,y)\<in> fset xs. g x)" using insert by simp
+ finally show ?thesis using insert.hyps t_def notin_fset by fastforce
+ next
+ case False
+ then have "(\<Sum>(x,y)\<in> fset ((\<lambda>(t,e). (f t, e)) |`| (finsert x xs)). g x)
+ = (\<Sum>(x,y)\<in> fset ((\<lambda>(t,e). (f t, e)) |`| xs). g x)"
+ by (metis (no_types, lifting) t_def fimage_finsert finsert_absorb notin_fset prod.case)
+ also have "\<dots> \<le> (\<Sum>(x,y)\<in> fset xs. g x)" using insert by simp
+ finally show ?thesis using insert.hyps t_def notin_fset by fastforce
+ qed
+qed (simp)
+
+lemma dtree_size_img_le:
+ assumes "\<forall>t \<in> fst ` fset xs. size (f t) \<le> size t"
+ shows "size (Node r ((\<lambda>(t,e). (f t, e)) |`| xs)) \<le> size (Node r xs)"
+ using sum_img_le[of xs "\<lambda>x. size x + 2"] dtree_size_alt assms
+ by (metis (mono_tags, lifting) add_right_mono)
+
+lemma sum_img_lt:
+ assumes "\<forall>t \<in> fst ` fset xs. (g::'a \<Rightarrow> nat) (f t) \<le> g t"
+ and "\<exists>t \<in> fst ` fset xs. g (f t) < g t"
+ and "\<forall>t \<in> fst ` fset xs. g t > 0"
+ shows "(\<Sum>(x,y)\<in> fset ((\<lambda>(t,e). (f t, e)) |`| xs). g x) < (\<Sum>(x,y)\<in> fset xs. g x)"
+using assms proof(induction xs)
+ case (insert x xs)
+ obtain t e where t_def: "x = (t,e)" by fastforce
+ then show ?case
+ proof(cases "(f t,e) \<notin> fset ((\<lambda>(t,e). (f t, e)) |`| xs)")
+ case f_notin_xs: True
+ show ?thesis
+ proof(cases "g (f t) < g t")
+ case True
+ have "(\<Sum>(x,y)\<in> fset ((\<lambda>(t,e). (f t, e)) |`| (finsert x xs)). g x)
+ = g (f t) + (\<Sum>(x,y)\<in> fset ((\<lambda>(t,e). (f t, e)) |`| xs). g x)"
+ using t_def f_notin_xs by auto
+ also have "\<dots> < g t + (\<Sum>(x,y)\<in> fset ((\<lambda>(t,e). (f t, e)) |`| xs). g x)"
+ using True by simp
+ also have "\<dots> \<le> g t + (\<Sum>(x,y)\<in> fset xs. g x)" using sum_img_le insert.prems(1) by auto
+ finally show ?thesis using insert.hyps t_def notin_fset by fastforce
+ next
+ case False
+ then have 0: "\<exists>t \<in> fst ` fset xs. g (f t) < g t" using insert.prems(2) t_def by simp
+ have "(\<Sum>(x,y)\<in> fset ((\<lambda>(t,e). (f t, e)) |`| (finsert x xs)). g x)
+ = g (f t) + (\<Sum>(x,y)\<in> fset ((\<lambda>(t,e). (f t, e)) |`| xs). g x)"
+ using t_def f_notin_xs by auto
+ also have "\<dots> \<le> g t + (\<Sum>(x,y)\<in> fset ((\<lambda>(t,e). (f t, e)) |`| xs). g x)"
+ using t_def insert.prems(1) by simp
+ also have "\<dots> < g t + (\<Sum>(x,y)\<in> fset xs. g x)" using insert.IH insert.prems(1,3) 0 by simp
+ finally show ?thesis using insert.hyps t_def notin_fset by fastforce
+ qed
+ next
+ case False
+ then have "(\<Sum>(x,y)\<in> fset ((\<lambda>(t,e). (f t, e)) |`| (finsert x xs)). g x)
+ = (\<Sum>(x,y)\<in> fset ((\<lambda>(t,e). (f t, e)) |`| xs). g x)"
+ by (metis (no_types, lifting) t_def fimage_finsert finsert_absorb notin_fset prod.case)
+ also have "\<dots> \<le> (\<Sum>(x,y)\<in> fset xs. g x)" using sum_img_le insert.prems(1) by auto
+ also have "\<dots> < g t + (\<Sum>(x,y)\<in> fset xs. g x)" using insert.prems(3) t_def by simp
+ finally show ?thesis using insert.hyps t_def notin_fset by fastforce
+ qed
+qed (simp)
+
+lemma dtree_size_img_lt:
+ assumes "\<forall>t \<in> fst ` fset xs. size (f t) \<le> size t"
+ and "\<exists>t \<in> fst ` fset xs. size (f t) < size t"
+ shows "size (Node r ((\<lambda>(t,e). (f t, e)) |`| xs)) < size (Node r xs)"
+proof -
+ have 0: "\<forall>t \<in> fst ` fset xs. size (f t) + 2 \<le> size t + 2" using assms(1) by simp
+ have "\<forall>t\<in>fst ` fset xs. 0 < size t + 2" by simp
+ then show ?thesis using sum_img_lt[OF 0] dtree_size_alt assms(2) by (smt (z3) add_less_mono1)
+qed
+
+lemma sum_img_eq:
+ assumes "\<forall>t \<in> fst ` fset xs. (g::'a \<Rightarrow> nat) (f t) = g t"
+ and "fcard ((\<lambda>(t,e). (f t, e)) |`| xs) = fcard xs"
+ shows "(\<Sum>(x,y)\<in> fset ((\<lambda>(t,e). (f t, e)) |`| xs). g x) = (\<Sum>(x,y)\<in> fset xs. g x)"
+using assms proof(induction xs)
+ case (insert x xs)
+ obtain t e where t_def: "x = (t,e)" by fastforce
+ then have 0: "(f t,e) \<notin> fset ((\<lambda>(t,e). (f t, e)) |`| xs)"
+ using insert.prems(2) insert.hyps notin_fset fcard_finsert_if fcard_image_le
+ by (metis (mono_tags, lifting) case_prod_conv fimage_finsert leD lessI)
+ then have 1: "fcard ((\<lambda>(t,e). (f t, e)) |`| xs) = fcard xs "
+ using insert.prems(2) insert.hyps t_def notin_fset Suc_inject
+ by (metis (mono_tags, lifting) fcard_finsert_if fimage_finsert old.prod.case)
+ have "(\<Sum>(x,y)\<in> fset ((\<lambda>(t,e). (f t, e)) |`| (finsert x xs)). g x)
+ = g (f t) + (\<Sum>(x,y)\<in> fset ((\<lambda>(t,e). (f t, e)) |`| xs). g x)"
+ using t_def 0 by auto
+ also have "\<dots> = g t + (\<Sum>(x,y)\<in> fset ((\<lambda>(t,e). (f t, e)) |`| xs). g x)"
+ using insert.prems t_def by auto
+ also have "\<dots> = g t + (\<Sum>(x,y)\<in> fset xs. g x)" using insert.IH 1 insert.prems(1) by simp
+ finally show ?case using insert.hyps t_def notin_fset by fastforce
+qed (simp)
+
+lemma elem_neq_if_fset_neq:
+ "((\<lambda>(t,e). (f t, e)) |`| xs) \<noteq> xs \<Longrightarrow> \<exists>t \<in> fst ` fset xs. f t \<noteq> t"
+ by (smt (verit, ccfv_threshold) case_prod_eta case_prod_eta fimage.rep_eq fset_inject fst_conv
+ image_cong image_ident image_subset_iff old.prod.case prod.case_distrib split_cong subsetI)
+
+lemma ffold_commute_supset:
+ "\<lbrakk>xs |\<subseteq>| ys; P ys; \<And>ys xs. \<lbrakk>xs |\<subseteq>| ys; P ys\<rbrakk> \<Longrightarrow> P xs;
+ \<And>xs. comp_fun_commute (\<lambda>a b. if a \<notin> fset xs \<or> \<not>Q a b \<or> \<not>P xs then b else R a b)\<rbrakk>
+ \<Longrightarrow> ffold (\<lambda>a b. if a \<notin> fset ys \<or> \<not>Q a b \<or> \<not>P ys then b else R a b) acc xs
+ = ffold (\<lambda>a b. if a \<notin> fset xs \<or> \<not>Q a b \<or> \<not>P xs then b else R a b) acc xs"
+proof(induction xs arbitrary: ys)
+ case (insert x xs)
+ let ?f = "\<lambda>a b. if a \<notin> fset ys \<or> \<not>Q a b \<or> \<not>P ys then b else R a b"
+ let ?f' = "\<lambda>a b. if a \<notin> fset xs \<or> \<not>Q a b \<or> \<not>P xs then b else R a b"
+ let ?f1 = "\<lambda>a b. if a \<notin> fset (finsert x xs) \<or> \<not>Q a b \<or> \<not>P (finsert x xs) then b else R a b"
+ have 0: "P (finsert x xs)" using insert.prems by simp
+ have 1: "xs |\<subseteq>| (finsert x xs)" by blast
+ have 2: "comp_fun_commute ?f1" using insert.prems(4) by blast
+ have 3: "x \<in> fset ys" using insert.prems(1) notin_fset by fastforce
+ have "ffold ?f acc (finsert x xs) = ?f x (ffold ?f acc xs)"
+ using comp_fun_commute.ffold_finsert[of ?f] insert.prems(4) insert.hyps by blast
+ also have "\<dots> = ?f x (ffold ?f' acc xs)" using insert.IH[of ys] insert.prems by fastforce
+ also have "\<dots> = ?f x (ffold ?f1 acc xs)" using insert.IH[OF 1 0] insert.prems(3,4) by presburger
+ also have "\<dots> = ?f1 x (ffold ?f1 acc xs)" using 0 3 insert.prems(2) by fastforce
+ also have "\<dots> = ffold ?f1 acc (finsert x xs)"
+ using comp_fun_commute.ffold_finsert[of ?f1 x xs] 2 insert.hyps by presburger
+ finally show ?case .
+qed (smt (z3) comp_fun_commute.ffold_empty)
+
+lemma ffold_eq_fold: "\<lbrakk>finite xs; f = g\<rbrakk> \<Longrightarrow> ffold f acc (Abs_fset xs) = Finite_Set.fold g acc xs"
+ unfolding ffold_def by (simp add: Abs_fset_inverse)
+
+lemma Abs_fset_sub_if_sub:
+ assumes "finite ys" and "xs \<subseteq> ys"
+ shows "Abs_fset xs |\<subseteq>| Abs_fset ys"
+proof (rule ccontr)
+ assume "\<not>(Abs_fset xs |\<subseteq>| Abs_fset ys)"
+ then obtain x where x_def: "x |\<in>| Abs_fset xs" "x |\<notin>| Abs_fset ys" by blast
+ then have "x \<in> fset (Abs_fset xs) \<and> x \<notin> fset (Abs_fset ys)" using notin_fset by fast
+ moreover have "finite xs" using assms finite_subset by auto
+ ultimately show False using assms Abs_fset_inverse by blast
+qed
+
+lemma fold_commute_supset:
+ assumes "finite ys" and "xs \<subseteq> ys" and "P ys" and "\<And>ys xs. \<lbrakk>xs \<subseteq> ys; P ys\<rbrakk> \<Longrightarrow> P xs"
+ and "\<And>xs. comp_fun_commute (\<lambda>a b. if a \<notin> xs \<or> \<not>Q a b \<or> \<not>P xs then b else R a b)"
+ shows "Finite_Set.fold (\<lambda>a b. if a \<notin> ys \<or> \<not>Q a b \<or> \<not>P ys then b else R a b) acc xs
+ = Finite_Set.fold (\<lambda>a b. if a \<notin> xs \<or> \<not>Q a b \<or> \<not>P xs then b else R a b) acc xs"
+proof -
+ let ?f = "\<lambda>a b. if a \<notin> ys \<or> \<not>Q a b \<or> \<not>P ys then b else R a b"
+ let ?f' = "\<lambda>a b. if a \<notin> xs \<or> \<not>Q a b \<or> \<not>P xs then b else R a b"
+ let ?P = "\<lambda>xs. P (fset xs)"
+ let ?g = "\<lambda>a b. if a \<notin> fset (Abs_fset ys) \<or> \<not>Q a b \<or> \<not>(?P (Abs_fset ys)) then b else R a b"
+ let ?g' = "\<lambda>a b. if a \<notin> fset (Abs_fset xs) \<or> \<not>Q a b \<or> \<not>(?P (Abs_fset xs)) then b else R a b"
+ have 0: "finite xs" using assms(1,2) finite_subset by auto
+ then have 1: "Abs_fset xs |\<subseteq>| (Abs_fset ys)" using Abs_fset_sub_if_sub[OF assms(1,2)] by blast
+ have 2: "?P (Abs_fset ys)" by (simp add: Abs_fset_inverse assms(1,3))
+ have 3: "\<And>ys xs. \<lbrakk>xs |\<subseteq>| ys; ?P ys\<rbrakk> \<Longrightarrow> ?P xs" by (simp add: assms(4) less_eq_fset.rep_eq)
+ have 4: "\<And>xs. comp_fun_commute (\<lambda>a b. if a \<notin> fset xs \<or> \<not>Q a b \<or> \<not>(?P xs) then b else R a b)"
+ using assms(5) by (simp add: less_eq_fset.rep_eq)
+ have "?f' = ?g'" by (simp add: Abs_fset_inverse 0)
+ have "?f = ?g" by (simp add: Abs_fset_inverse assms(1))
+ then have "Finite_Set.fold (\<lambda>a b. if a \<notin> ys \<or> \<not>Q a b \<or> \<not>P ys then b else R a b) acc xs
+ = ffold ?g acc (Abs_fset xs)" by (simp add: 0 ffold_eq_fold)
+ also have "\<dots> = ffold ?g' acc (Abs_fset xs)"
+ using ffold_commute_supset[OF 1, of ?P, OF 2 3 4] by simp
+ finally show ?thesis using \<open>?f' = ?g'\<close> by (simp add: 0 ffold_eq_fold)
+qed
+
+lemma dtail_commute_aux:
+ fixes r xs e def
+ defines "f \<equiv> (\<lambda>(x,e2) b. if (x,e2) \<notin> fset xs \<or> e \<notin> darcs x \<or> \<not>wf_darcs (Node r xs)
+ then b else dtail x def)"
+ shows "(f y \<circ> f x) z = (f x \<circ> f y) z"
+proof -
+ obtain y1 y2 where y_def: "y = (y1,y2)" by fastforce
+ obtain x1 x2 where x_def: "x = (x1,x2)" by fastforce
+ show ?thesis
+ proof(cases "(x1,x2) \<in> fset xs \<and> (y1,y2) \<in> fset xs")
+ case 0: True
+ then show ?thesis
+ proof(cases "e \<in> darcs x1 \<and> e \<in> darcs y1")
+ case True
+ then have 1: "x1 = y1 \<or> \<not>wf_darcs (Node r xs)" using 0 disjoint_darcs_if_wf_aux2 by fast
+ then show ?thesis using assms by (cases "x1=y1")(auto simp: x_def y_def)
+ next
+ case False
+ then show ?thesis using assms by (simp add: x_def y_def)
+ qed
+ next
+ case False
+ then show ?thesis using assms by (simp add: x_def y_def)
+ qed
+qed
+
+lemma dtail_commute:
+ "comp_fun_commute (\<lambda>(x,e2) b. if (x,e2) \<notin> fset xs \<or> e \<notin> darcs x \<or> \<not>wf_darcs (Node r xs)
+ then b else dtail x def)"
+ using dtail_commute_aux[of xs] by unfold_locales blast
+
+lemma dtail_f_alt:
+ assumes "P = (\<lambda>xs. wf_darcs (Node r xs))"
+ and "Q = (\<lambda>(t1,e1) b. e \<in> darcs t1)"
+ and "R = (\<lambda>(t1,e1) b. dtail t1 def)"
+ shows "(\<lambda>(t1,e1) b. if (t1,e1) \<notin> fset xs \<or> e \<notin> darcs t1\<or> \<not>wf_darcs (Node r xs)
+ then b else dtail t1 def)
+ = (\<lambda>a b. if a \<notin> fset xs \<or> \<not> Q a b \<or> \<not> P xs then b else R a b)"
+ using assms by fast
+
+lemma dtail_f_alt_commute:
+ assumes "P = (\<lambda>xs. wf_darcs (Node r xs))"
+ and "Q = (\<lambda>(t1,e1) b. e \<in> darcs t1)"
+ and "R = (\<lambda>(t1,e1) b. dtail t1 def)"
+ shows "comp_fun_commute (\<lambda>a b. if a \<notin> fset xs \<or> \<not> Q a b \<or> \<not> P xs then b else R a b)"
+ using dtail_commute[of xs e r def] dtail_f_alt[OF assms] by simp
+
+lemma dtail_ffold_supset:
+ assumes "xs |\<subseteq>| ys" and "wf_darcs (Node r ys)"
+ shows "ffold (\<lambda>(x,e2) b. if (x,e2) \<notin> fset ys \<or> e \<notin> darcs x \<or> \<not>wf_darcs (Node r ys)
+ then b else dtail x def) def xs
+ = ffold (\<lambda>(x,e2) b. if (x,e2) \<notin> fset xs \<or> e \<notin> darcs x \<or> \<not>wf_darcs (Node r xs)
+ then b else dtail x def) def xs"
+proof -
+ let ?P = "\<lambda>xs. wf_darcs (Node r xs)"
+ let ?Q = "\<lambda>(t1,e1) b. e \<in> darcs t1"
+ let ?R = "\<lambda>(t1,e1) b. dtail t1 def"
+ have 0: "\<And>xs. comp_fun_commute (\<lambda>a b. if a \<notin> fset xs \<or> \<not> ?Q a b \<or> \<not> ?P xs then b else ?R a b)"
+ using dtail_f_alt_commute by fast
+ have "ffold (\<lambda>a b. if a \<notin> fset ys \<or> \<not> ?Q a b \<or> \<not> ?P ys then b else ?R a b) def xs
+ = ffold (\<lambda>a b. if a \<notin> fset xs \<or> \<not> ?Q a b \<or> \<not> ?P xs then b else ?R a b) def xs"
+ using ffold_commute_supset[OF assms(1),of ?P ?Q ?R,OF assms(2) wf_darcs_sub 0] by simp
+ then show ?thesis using dtail_f_alt[of ?P r ?Q e ?R] by simp
+qed
+
+lemma dtail_in_child_eq_child_ffold:
+ assumes "(t,e1) \<in> fset xs" and "e \<in> darcs t" and "wf_darcs (Node r xs)"
+ shows "ffold (\<lambda>(x,e2) b. if (x,e2) \<notin> fset xs \<or> e \<notin> darcs x \<or> \<not>wf_darcs (Node r xs)
+ then b else dtail x def) def xs
+ = dtail t def"
+using assms proof(induction xs)
+ case (insert x' xs)
+ let ?f = "(\<lambda>(x,e2) b.
+ if (x,e2) \<notin> fset (finsert x' xs) \<or> e \<notin> darcs x \<or> \<not>wf_darcs (Node r (finsert x' xs))
+ then b else dtail x def)"
+ let ?f' = "(\<lambda>(x,e2) b. if (x,e2) \<notin> fset xs \<or> e \<notin> darcs x \<or> \<not>wf_darcs (Node r xs)
+ then b else dtail x def)"
+ obtain x e3 where x_def: "x' = (x,e3)" by fastforce
+ show ?case
+ proof(cases "x=t")
+ case True
+ have "ffold ?f def (finsert x' xs) = (?f x' (ffold ?f def xs))"
+ using comp_fun_commute.ffold_finsert[of ?f x' xs def] dtail_commute insert.hyps by fast
+ also have "\<dots> = (?f (x,e3) (ffold ?f def xs))" using x_def by blast
+ also have "\<dots> = dtail x def" using x_def insert.prems(2,3) True by fastforce
+ finally show ?thesis using True by blast
+ next
+ case False
+ then have 0: "(t,e1) \<in> fset xs" using insert.prems(1) x_def by simp
+ have 1: "wf_darcs (Node r xs)" using wf_darcs_sub[OF fsubset_finsertI insert.prems(3)] .
+ have 2: "xs |\<subseteq>| (finsert x' xs)" by blast
+ have "(x,e3) \<in> fset (finsert x' xs)" using x_def by simp
+ have 3: "e \<notin> darcs x" using insert.prems(1-3) disjoint_darcs_if_wf x_def False by fastforce
+ have "ffold ?f def (finsert x' xs) = (?f x' (ffold ?f def xs))"
+ using comp_fun_commute.ffold_finsert[of ?f x' xs def] dtail_commute insert.hyps by fast
+ also have "\<dots> = (?f (x,e3) (ffold ?f def xs))" using x_def by blast
+ also have "\<dots> = (ffold ?f def xs)" using 3 by fastforce
+ also have "\<dots> = (ffold ?f' def xs)"
+ using dtail_ffold_supset[of xs "finsert x' xs"] insert.prems(3) 2 by simp
+ also have "\<dots> = dtail t def" using insert.IH 0 1 insert.prems(2) by fast
+ finally show ?thesis .
+ qed
+qed(simp)
+
+lemma dtail_in_child_eq_child:
+ assumes "(t,e1) \<in> fset xs" and "e \<in> darcs t" and "wf_darcs (Node r xs)"
+ shows "dtail (Node r xs) def e = dtail t def e"
+ using assms dtail_in_child_eq_child_ffold[OF assms] disjoint_darcs_if_wf_aux3 by fastforce
+
+lemma dtail_ffold_notelem_eq_def:
+ assumes "\<forall>(t,e1) \<in> fset xs. e \<notin> darcs t"
+ shows "ffold (\<lambda>(x,e2) b. if (x,e2) \<notin> fset ys \<or> e \<notin> darcs x \<or> \<not>wf_darcs (Node r ys)
+ then b else dtail x def) def xs = def"
+using assms proof(induction xs)
+ case (insert x' xs)
+ obtain x e3 where x_def: "x' = (x,e3)" by fastforce
+ let ?f = "(\<lambda>(x,e2) b. if (x,e2) \<notin> fset ys \<or> e \<notin> darcs x \<or> \<not>wf_darcs (Node r ys)
+ then b else dtail x def)"
+ have "ffold ?f def (finsert x' xs) = ?f x' (ffold ?f def xs)"
+ using comp_fun_commute.ffold_finsert[of ?f x' xs] dtail_commute insert.hyps by fast
+ also have "\<dots> = (ffold ?f def xs)" using insert.prems by auto
+ also have "\<dots> = def" using insert.IH insert.prems by simp
+ finally show ?case .
+qed(auto intro: dtail_commute comp_fun_commute.ffold_empty)
+
+lemma dtail_notelem_eq_def:
+ assumes "e \<notin> darcs t"
+ shows "dtail t def e = def e"
+proof -
+ obtain r xs where xs_def[simp]: "t = Node r xs" using dtree.exhaust by auto
+ let ?f = "(\<lambda>(x,e2) b. if (x,e2) \<notin> fset xs \<or> e \<notin> darcs x \<or> \<not>wf_darcs (Node r xs)
+ then b else dtail x def)"
+ have 0: "\<forall>(t, e1)\<in>fset xs. e \<notin> darcs t" using assms by auto
+ have "dtail (Node r xs) def e = ffold ?f def xs e" using assms by auto
+ then show ?thesis using dtail_ffold_notelem_eq_def 0 by fastforce
+qed
+
+lemma dhead_commute_aux:
+ fixes r xs e def
+ defines "f \<equiv> (\<lambda>(x,e2) b. if (x,e2) \<notin> fset xs \<or> e \<notin> (darcs x \<union> {e2}) \<or> \<not>wf_darcs (Node r xs)
+ then b else if e=e2 then root x else dhead x def e)"
+ shows "(f y \<circ> f x) z = (f x \<circ> f y) z"
+proof -
+ obtain x1 x2 where x_def: "x = (x1,x2)" by fastforce
+ obtain y1 y2 where y_def: "y = (y1,y2)" by fastforce
+ show ?thesis
+ proof(cases "(x1,x2) \<in> fset xs \<and> (y1,y2) \<in> fset xs")
+ case 0: True
+ then show ?thesis
+ proof(cases "e \<in> darcs x1 \<and> e \<in> darcs y1")
+ case True
+ then have 1: "(x1,x2) = (y1,y2) \<or> \<not>wf_darcs (Node r xs)"
+ using 0 disjoint_darcs_if_wf_aux2 by fast
+ then show ?thesis using assms x_def y_def by (smt (z3) case_prod_conv comp_apply)
+ next
+ case False
+ then show ?thesis
+ proof(cases "x2=e")
+ case True
+ then show ?thesis using assms x_def y_def disjoint_darcs_if_wf by force
+ next
+ case False
+ then show ?thesis using assms x_def y_def disjoint_darcs_if_wf by fastforce
+ qed
+ qed
+ next
+ case False
+ then show ?thesis using assms by (simp add: x_def y_def)
+ qed
+qed
+
+lemma dhead_commute:
+ "comp_fun_commute (\<lambda>(x,e2) b. if (x,e2) \<notin> fset xs \<or> e \<notin> (darcs x \<union> {e2}) \<or> \<not>wf_darcs (Node r xs)
+ then b else if e=e2 then root x else dhead x def e)"
+ using dhead_commute_aux[of xs] by unfold_locales blast
+
+lemma dhead_ffold_f_alt:
+ assumes "P = (\<lambda>xs. wf_darcs (Node r xs))" and "Q = (\<lambda>(x,e2) _. e \<in> (darcs x \<union> {e2}))"
+ and "R = (\<lambda>(x,e2) _. if e=e2 then root x else dhead x def e)"
+ shows "(\<lambda>(x,e2) b. if (x,e2) \<notin> fset xs \<or> e \<notin> (darcs x \<union> {e2}) \<or> \<not>wf_darcs (Node r xs) then b
+ else if e=e2 then root x else dhead x def e)
+ = (\<lambda>a b. if a \<notin> fset xs \<or> \<not> Q a b \<or> \<not> P xs then b else R a b)"
+ using assms by fast
+
+lemma dhead_ffold_f_alt_commute:
+ assumes "P = (\<lambda>xs. wf_darcs (Node r xs))" and "Q = (\<lambda>(x,e2) _. e \<in> (darcs x \<union> {e2}))"
+ and "R = (\<lambda>(x,e2) _. if e=e2 then root x else dhead x def e)"
+ shows "comp_fun_commute (\<lambda>a b. if a \<notin> fset xs \<or> \<not> Q a b \<or> \<not> P xs then b else R a b)"
+using dhead_commute[of xs e r def] dhead_ffold_f_alt[OF assms] by simp
+
+lemma dhead_ffold_supset:
+ assumes "xs |\<subseteq>| ys" and "wf_darcs (Node r ys)"
+ shows "ffold (\<lambda>(x,e2) b. if (x,e2) \<notin> fset ys \<or> e \<notin> (darcs x \<union> {e2}) \<or> \<not>wf_darcs (Node r ys) then b
+ else if e=e2 then root x else dhead x def e) (def e) xs
+ = ffold (\<lambda>(x,e2) b. if (x,e2) \<notin> fset xs \<or> e \<notin> (darcs x \<union> {e2}) \<or> \<not>wf_darcs (Node r xs) then b
+ else if e=e2 then root x else dhead x def e) (def e) xs"
+ (is "ffold ?f _ _ = ffold ?g _ _")
+proof -
+ let ?P = "\<lambda>xs. wf_darcs (Node r xs)"
+ let ?Q = "\<lambda>(x,e2) _. e \<in> (darcs x \<union> {e2})"
+ let ?R = "\<lambda>(x,e2) _. if e=e2 then root x else dhead x def e"
+ have 0: "\<And>xs. comp_fun_commute (\<lambda>a b. if a \<notin> fset xs \<or> \<not> ?Q a b \<or> \<not> ?P xs then b else ?R a b)"
+ using dhead_ffold_f_alt_commute by fast
+ have "ffold (\<lambda>a b. if a \<notin> fset ys \<or> \<not> ?Q a b \<or> \<not> ?P ys then b else ?R a b) (def e) xs
+ = ffold (\<lambda>a b. if a \<notin> fset xs \<or> \<not> ?Q a b \<or> \<not> ?P xs then b else ?R a b) (def e) xs"
+ using ffold_commute_supset[OF assms(1), of ?P ?Q ?R, OF assms(2) wf_darcs_sub 0] by simp
+ moreover have "?f = (\<lambda>a b. if a \<notin> fset ys \<or> \<not> ?Q a b \<or> \<not> ?P ys then b else ?R a b)" by fast
+ moreover have "?g = (\<lambda>a b. if a \<notin> fset xs \<or> \<not> ?Q a b \<or> \<not> ?P xs then b else ?R a b)" by fast
+ ultimately show ?thesis by argo
+qed
+
+lemma dhead_in_child_eq_child_ffold:
+ assumes "(t,e1) \<in> fset xs" and "e \<in> darcs t" and "wf_darcs (Node r xs)"
+ shows "ffold (\<lambda>(x,e2) b. if (x,e2) \<notin> fset xs \<or> e \<notin> (darcs x \<union> {e2}) \<or> \<not>wf_darcs (Node r xs)
+ then b else if e=e2 then root x else dhead x def e) (def e) xs
+ = dhead t def e"
+using assms proof(induction xs)
+ case (insert x' xs)
+ let ?f = "(\<lambda>(x,e2) b. if (x,e2) \<notin> fset (finsert x' xs) \<or> e \<notin> (darcs x \<union> {e2})
+ \<or> \<not>wf_darcs (Node r (finsert x' xs))
+ then b else if e=e2 then root x else dhead x def e)"
+ let ?f' = "(\<lambda>(x,e2) b. if (x,e2) \<notin> fset xs \<or> e \<notin> (darcs x \<union> {e2}) \<or> \<not>wf_darcs (Node r xs) then b
+ else if e=e2 then root x else dhead x def e)"
+ obtain x e3 where x_def: "x' = (x,e3)" by fastforce
+ show ?case
+ proof(cases "x=t")
+ case True
+ have "ffold ?f (def e) (finsert x' xs) = (?f x' (ffold ?f (def e) xs))"
+ using comp_fun_commute.ffold_finsert[of ?f x' xs "def e"] dhead_commute insert.hyps by fast
+ also have "\<dots> = (?f (x,e3) (ffold ?f (def e) xs))" using x_def by blast
+ also have "\<dots> = dhead x def e"
+ using x_def insert.prems(2,3) True disjoint_darcs_if_wf by fastforce
+ finally show ?thesis using True by blast
+ next
+ case False
+ then have 0: "(t,e1) \<in> fset xs" using insert.prems(1) x_def by simp
+ have 1: "wf_darcs (Node r xs)" using wf_darcs_sub[OF fsubset_finsertI insert.prems(3)] .
+ have 2: "xs |\<subseteq>| (finsert x' xs)" by blast
+ have 3: "e3 \<noteq> e" "e \<notin> darcs x"
+ using insert.prems(1-3) disjoint_darcs_if_wf x_def False by fastforce+
+ have "ffold ?f (def e) (finsert x' xs) = (?f x' (ffold ?f (def e) xs))"
+ using comp_fun_commute.ffold_finsert[of ?f x' xs "def e"] dhead_commute insert.hyps by fast
+ also have "\<dots> = (?f (x,e3) (ffold ?f (def e) xs))" using x_def by blast
+ also have "\<dots> = (ffold ?f (def e) xs)" using 3 by simp
+ also have "\<dots> = (ffold ?f' (def e) xs)"
+ using dhead_ffold_supset[of xs "finsert x' xs"] insert.prems(3) 2 by simp
+ also have "\<dots> = dhead t def e" using insert.IH 0 1 insert.prems(2) by fast
+ finally show ?thesis .
+ qed
+qed(simp)
+
+lemma dhead_in_child_eq_child:
+ assumes "(t,e1) \<in> fset xs" and "e \<in> darcs t" and "wf_darcs (Node r xs)"
+ shows "dhead (Node r xs) def e = dhead t def e"
+ using assms dhead_in_child_eq_child_ffold[of t] by simp
+
+lemma dhead_ffold_notelem_eq_def:
+ assumes "\<forall>(t,e1) \<in> fset xs. e \<notin> darcs t \<and> e \<noteq> e1"
+ shows "ffold (\<lambda>(x,e2) b. if (x,e2) \<notin> fset ys \<or> e \<notin> (darcs x \<union> {e2}) \<or> \<not>wf_darcs (Node r ys) then b
+ else if e=e2 then root x else dhead x def e) (def e) xs = def e"
+using assms proof(induction xs)
+ case (insert x' xs)
+ obtain x e3 where x_def: "x' = (x,e3)" by fastforce
+ let ?f = "(\<lambda>(x,e2) b. if (x,e2) \<notin> fset ys \<or> e \<notin> (darcs x \<union> {e2}) \<or> \<not>wf_darcs (Node r ys)
+ then b else if e=e2 then root x else dhead x def e)"
+ have "ffold ?f (def e) (finsert x' xs) = ?f x' (ffold ?f (def e) xs)"
+ using comp_fun_commute.ffold_finsert[of ?f x' xs] dhead_commute insert.hyps by fast
+ also have "\<dots> = (ffold ?f (def e) xs)" using insert.prems by auto
+ also have "\<dots> = def e" using insert.IH insert.prems by simp
+ finally show ?case .
+qed(auto intro: dtail_commute comp_fun_commute.ffold_empty)
+
+lemma dhead_notelem_eq_def:
+ assumes "e \<notin> darcs t"
+ shows "dhead t def e = def e"
+proof -
+ obtain r xs where xs_def[simp]: "t = Node r xs" using dtree.exhaust by auto
+ let ?f = "(\<lambda>(x,e2) b. if (x,e2) \<notin> fset xs \<or> e \<notin> (darcs x \<union> {e2}) \<or> \<not>wf_darcs (Node r xs)
+ then b else if e=e2 then root x else dhead x def e)"
+ have 0: "\<forall>(t, e1)\<in>fset xs. e \<notin> darcs t \<and> e1\<noteq>e" using assms by auto
+ have "dhead (Node r xs) def e = ffold ?f (def e) xs" by simp
+ then show ?thesis using dhead_ffold_notelem_eq_def 0 by fastforce
+qed
+
+lemma dhead_in_set_eq_root_ffold:
+ assumes "(t,e) \<in> fset xs" and "wf_darcs (Node r xs)"
+ shows "ffold (\<lambda>(x,e2) b. if (x,e2) \<notin> fset xs \<or> e \<notin> (darcs x \<union> {e2}) \<or> \<not>wf_darcs (Node r xs)
+ then b else if e=e2 then root x else dhead x def e) (def e) xs
+ = root t" (is "ffold ?f' _ _ = _")
+using assms proof(induction xs)
+ case (insert x' xs)
+ let ?f = "(\<lambda>(x,e2) b. if (x,e2) \<notin> fset (finsert x' xs) \<or> e \<notin> (darcs x \<union> {e2})
+ \<or> \<not>wf_darcs (Node r (finsert x' xs))
+ then b else if e=e2 then root x else dhead x def e)"
+ let ?f' = "(\<lambda>(x,e2) b. if (x,e2) \<notin> fset xs \<or> e \<notin> (darcs x \<union> {e2}) \<or> \<not>wf_darcs (Node r xs) then b
+ else if e=e2 then root x else dhead x def e)"
+ obtain x e3 where x_def: "x' = (x,e3)" by fastforce
+ show ?case
+ proof(cases "e3=e")
+ case True
+ then have "x=t" using insert.prems(1,2) x_def disjoint_darcs_if_wf by fastforce
+ have "ffold ?f (def e) (finsert x' xs) = (?f x' (ffold ?f (def e) xs))"
+ using comp_fun_commute.ffold_finsert[of ?f x' xs "def e"] dhead_commute insert.hyps by fast
+ also have "\<dots> = (?f (x,e3) (ffold ?f (def e) xs))" using x_def by blast
+ also have "\<dots> = root x" using x_def insert.prems(1,2) True by simp
+ finally show ?thesis using True \<open>x=t\<close> by blast
+ next
+ case False
+ then have 0: "(t,e) \<in> fset xs" using insert.prems(1) x_def by simp
+ have 1: "wf_darcs (Node r xs)" using wf_darcs_sub[OF fsubset_finsertI insert.prems(2)] .
+ have 2: "xs |\<subseteq>| (finsert x' xs)" by blast
+ have 3: "e3 \<noteq> e" using insert.prems(2) False by simp
+ have 4: "e \<notin> (darcs x \<union> {e3})"
+ using insert.prems(1-2) False x_def disjoint_darcs_if_wf by fastforce
+ have "ffold ?f (def e) (finsert x' xs) = (?f x' (ffold ?f (def e) xs))"
+ using comp_fun_commute.ffold_finsert[of ?f x' xs "def e"] dhead_commute insert.hyps by fast
+ also have "\<dots> = (?f (x,e3) (ffold ?f (def e) xs))" using x_def by blast
+ also have "\<dots> = (ffold ?f (def e) xs)" using 4 by auto
+ also have "\<dots> = (ffold ?f' (def e) xs)"
+ using dhead_ffold_supset[of xs "finsert x' xs"] insert.prems(2) 2 by simp
+ also have "\<dots> = root t" using insert.IH 0 1 insert.prems(2) by blast
+ finally show ?thesis .
+ qed
+qed(simp)
+
+lemma dhead_in_set_eq_root:
+ "\<lbrakk>(t,e) \<in> fset xs; wf_darcs (Node r xs)\<rbrakk> \<Longrightarrow> dhead (Node r xs) def e = root t"
+ using dhead_in_set_eq_root_ffold[of t] by simp
+
+lemma self_subtree: "is_subtree t t"
+ using is_subtree.elims(3) by blast
+
+lemma subtree_trans: "is_subtree x y \<Longrightarrow> is_subtree y z \<Longrightarrow> is_subtree x z"
+ by (induction z) fastforce+
+
+lemma subtree_trans': "transp is_subtree"
+ using subtree_trans transpI by auto
+
+lemma subtree_if_child: "x \<in> fst ` fset xs \<Longrightarrow> is_subtree x (Node r xs)"
+ using is_subtree.elims(3) by force
+
+lemma subtree_if_suc: "t1 \<in> fst ` fset (sucs t2) \<Longrightarrow> is_subtree t1 t2"
+ using subtree_if_child[of t1 "sucs t2" "root t2"] by simp
+
+lemma child_sub_if_strict_subtree:
+ "\<lbrakk>strict_subtree t1 (Node r xs)\<rbrakk> \<Longrightarrow> \<exists>t3 \<in> fst ` fset xs. is_subtree t1 t3"
+ unfolding strict_subtree_def by force
+
+lemma suc_sub_if_strict_subtree:
+ "strict_subtree t1 t2 \<Longrightarrow> \<exists>t3 \<in> fst ` fset (sucs t2). is_subtree t1 t3"
+ using child_sub_if_strict_subtree[of t1 "root t2"] by simp
+
+lemma subtree_size_decr: "\<lbrakk>is_subtree t1 t2; t1 \<noteq> t2\<rbrakk> \<Longrightarrow> size t1 < size t2"
+ using dtree_size_decr_aux by(induction t2) fastforce
+
+lemma subtree_size_decr': "strict_subtree t1 t2 \<Longrightarrow> size t1 < size t2"
+ unfolding strict_subtree_def using dtree_size_decr_aux by(induction t2) fastforce
+
+lemma subtree_size_le: "is_subtree t1 t2 \<Longrightarrow> size t1 \<le> size t2"
+ using subtree_size_decr by fastforce
+
+lemma subtree_antisym: "\<lbrakk>is_subtree t1 t2; is_subtree t2 t1\<rbrakk> \<Longrightarrow> t1 = t2"
+ using subtree_size_le subtree_size_decr by fastforce
+
+lemma subtree_antisym': "antisymp is_subtree"
+ using antisympI subtree_antisym by blast
+
+corollary subtree_eq_if_trans_eq1: "\<lbrakk>is_subtree t1 t2; is_subtree t2 t3; t1 = t3\<rbrakk> \<Longrightarrow> t1 = t2"
+ using subtree_antisym by blast
+
+corollary subtree_eq_if_trans_eq2: "\<lbrakk>is_subtree t1 t2; is_subtree t2 t3; t1 = t3\<rbrakk> \<Longrightarrow> t2 = t3"
+ using subtree_antisym by blast
+
+lemma subtree_partial_ord: "class.order is_subtree strict_subtree"
+ by standard (auto simp: self_subtree subtree_antisym strict_subtree_def intro: subtree_trans)
+
+lemma finite_subtrees: "finite {x. is_subtree x t}"
+ by (induction t) auto
+
+lemma subtrees_insert_union:
+ "{x. is_subtree x (Node r xs)} = insert (Node r xs) (\<Union>t1 \<in> fst ` fset xs. {x. is_subtree x t1})"
+ by fastforce
+
+lemma subtrees_insert_union_suc:
+ "{x. is_subtree x t} = insert t (\<Union>t1 \<in> fst ` fset (sucs t). {x. is_subtree x t1})"
+ using subtrees_insert_union[of "root t" "sucs t"] by simp
+
+lemma darcs_subtree_subset: "is_subtree x y \<Longrightarrow> darcs x \<subseteq> darcs y"
+ by(induction y) force
+
+lemma dverts_subtree_subset: "is_subtree x y \<Longrightarrow> dverts x \<subseteq> dverts y"
+ by(induction y) force
+
+lemma single_subtree_root_dverts:
+ "is_subtree (Node v2 {|(t2, e2)|}) t1 \<Longrightarrow> v2 \<in> dverts t1"
+ by (fastforce dest: dverts_subtree_subset)
+
+lemma single_subtree_child_root_dverts:
+ "is_subtree (Node v2 {|(t2, e2)|}) t1 \<Longrightarrow> root t2 \<in> dverts t1"
+ by (fastforce simp: dtree.set_sel(1) dest: dverts_subtree_subset)
+
+lemma subtree_root_if_dverts: "x \<in> dverts t \<Longrightarrow> \<exists>xs. is_subtree (Node x xs) t"
+ by(induction t) fastforce
+
+lemma subtree_child_if_strict_subtree:
+ "strict_subtree t1 t2 \<Longrightarrow> \<exists>r xs. is_subtree (Node r xs) t2 \<and> t1 \<in> fst ` fset xs"
+proof(induction t2)
+ case (Node r xs)
+ then obtain t e where t_def: "(t,e) \<in> fset xs" "is_subtree t1 t"
+ unfolding strict_subtree_def by auto
+ show ?case
+ proof(cases "t1 = t")
+ case True
+ then show ?thesis using t_def by force
+ next
+ case False
+ then show ?thesis using Node.IH[OF t_def(1)] t_def unfolding strict_subtree_def by auto
+ qed
+qed
+
+lemma subtree_child_if_dvert_notroot:
+ assumes "v \<noteq> r" and "v \<in> dverts (Node r xs)"
+ shows "\<exists>r' ys zs. is_subtree (Node r' ys) (Node r xs) \<and> Node v zs \<in> fst ` fset ys"
+proof -
+ obtain zs where sub: "is_subtree (Node v zs) (Node r xs)"
+ using assms(2) subtree_root_if_dverts by fast
+ then show ?thesis using subtree_child_if_strict_subtree strict_subtree_def assms(1) by fast
+qed
+
+lemma subtree_child_if_dvert_notelem:
+ "\<lbrakk>v \<noteq> root t; v \<in> dverts t\<rbrakk> \<Longrightarrow> \<exists>r' ys zs. is_subtree (Node r' ys) t \<and> Node v zs \<in> fst ` fset ys"
+ using subtree_child_if_dvert_notroot[of v "root t" "sucs t"] by simp
+
+lemma strict_subtree_subset:
+ assumes "strict_subtree t (Node r xs)" and "xs |\<subseteq>| ys"
+ shows "strict_subtree t (Node r ys)"
+proof -
+ obtain t1 e1 where t1_def: "(t1,e1) \<in> fset xs" "is_subtree t t1"
+ using assms(1) unfolding strict_subtree_def by auto
+ have "size t < size (Node r xs)" using subtree_size_decr'[OF assms(1)] by blast
+ then have "size t < size (Node r ys)" using size_le_if_child_subset[OF assms(2)] by simp
+ moreover have "is_subtree t (Node r ys)" using assms(2) t1_def notin_fset[of "(t1,e1)"] by auto
+ ultimately show ?thesis unfolding strict_subtree_def by blast
+qed
+
+lemma strict_subtree_singleton:
+ "\<lbrakk>strict_subtree t (Node r {|x|}); x |\<in>| xs\<rbrakk>
+ \<Longrightarrow> strict_subtree t (Node r xs)"
+ using strict_subtree_subset by fast
+
+subsubsection "Finite Directed Trees to Dtree"
+
+context finite_directed_tree
+begin
+
+lemma child_subtree:
+ assumes "e \<in> out_arcs T r"
+ shows "{x. (head T e) \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x} \<subseteq> {x. r \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x}"
+proof -
+ have "r \<rightarrow>\<^sup>*\<^bsub>T\<^esub> (head T e)" using assms in_arcs_imp_in_arcs_ends by auto
+ then show ?thesis by (metis Collect_mono reachable_trans)
+qed
+
+lemma child_strict_subtree:
+ assumes "e \<in> out_arcs T r"
+ shows "{x. (head T e) \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x} \<subset> {x. r \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x}"
+proof -
+ have "r \<rightarrow>\<^bsub>T\<^esub> (head T e)" using assms in_arcs_imp_in_arcs_ends by auto
+ then have "\<not> ((head T e) \<rightarrow>\<^sup>*\<^bsub>T\<^esub> r)" using reachable1_not_reverse by blast
+ then show ?thesis using child_subtree assms by auto
+qed
+
+lemma child_card_decr:
+ assumes "e \<in> out_arcs T r"
+ shows "Finite_Set.card {x. (head T e) \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x} < Finite_Set.card {x. r \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x}"
+ using assms child_strict_subtree by (meson psubset_card_mono reachable_verts_finite)
+
+function to_dtree_aux :: "'a \<Rightarrow> ('a,'b) dtree" where
+ "to_dtree_aux r = Node r (Abs_fset {(x,e).
+ (if e \<in> out_arcs T r then x = to_dtree_aux (head T e) else False)})"
+ by auto
+termination
+ by(relation "measure (\<lambda>r. Finite_Set.card {x. r \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x})") (auto simp: child_card_decr)
+
+definition to_dtree :: "('a,'b) dtree" where
+ "to_dtree = to_dtree_aux root"
+
+abbreviation from_dtree :: "('a,'b) dtree \<Rightarrow> ('a,'b) pre_digraph" where
+ "from_dtree t \<equiv> Dtree.from_dtree (tail T) (head T) t"
+
+lemma to_dtree_root_eq_root[simp]: "Dtree.root to_dtree = root"
+ unfolding to_dtree_def by simp
+
+lemma verts_fset_id: "fset (Abs_fset (verts T)) = verts T"
+ by (simp add: Abs_fset_inverse)
+
+lemma arcs_fset_id: "fset (Abs_fset (arcs T)) = arcs T"
+ by (simp add: Abs_fset_inverse)
+
+lemma dtree_leaf_child_empty:
+ "leaf r \<Longrightarrow> {(x,e). (if e \<in> out_arcs T r then x = to_dtree_aux (head T e) else False)} = {}"
+ unfolding leaf_def by simp
+
+lemma dtree_leaf_no_children: "leaf r \<Longrightarrow> to_dtree_aux r = Node r {||}"
+ using dtree_leaf_child_empty by (simp add: bot_fset.abs_eq)
+
+lemma dtree_children_alt:
+ "{(x,e). (if e \<in> out_arcs T r then x = to_dtree_aux (head T e) else False)}
+ = {(x,e). e \<in> out_arcs T r \<and> x = to_dtree_aux (head T e)}"
+ by metis
+
+lemma dtree_children_img_alt:
+ "(\<lambda>e. (to_dtree_aux (head T e),e)) ` (out_arcs T r)
+ = {(x,e). (if e \<in> out_arcs T r then x = to_dtree_aux (head T e) else False)}"
+ using dtree_children_alt by blast
+
+lemma dtree_children_fin:
+ "finite {(x,e). (if e \<in> out_arcs T r then x = to_dtree_aux (head T e) else False)}"
+ using finite_imageI[of "out_arcs T r" "(\<lambda>e. (to_dtree_aux (head T e),e))"]
+ dtree_children_img_alt finite_out_arcs by fastforce
+
+lemma dtree_children_fset_id:
+ assumes "to_dtree_aux r = Node r xs"
+ shows "fset xs = {(x,e). (if e \<in> out_arcs T r then x = to_dtree_aux (head T e) else False)}"
+proof -
+ let ?xs = "{(x,e). (if e \<in> out_arcs T r then x = to_dtree_aux (head T e) else False)}"
+ have "finite ?xs" using dtree_children_fin by simp
+ then have "fset (Abs_fset ?xs) = ?xs" using Abs_fset_inverse by blast
+ then show ?thesis using assms Abs_fset_inverse by simp
+qed
+
+lemma to_dtree_aux_empty_if_notT:
+ assumes "r \<notin> verts T"
+ shows "to_dtree_aux r = Node r {||}"
+proof(rule ccontr)
+ assume asm: "to_dtree_aux r \<noteq> Node r {||}"
+ then obtain xs where xs_def: "Node r xs = to_dtree_aux r" by simp
+ then have "xs \<noteq> {||}" using asm by simp
+ then obtain x e where x_def: "(x,e) \<in> fset xs" using notin_fset by fast
+ then have "e \<in> out_arcs T r" using xs_def dtree_children_fset_id[of r] by (auto split: if_splits)
+ then show False using assms by auto
+qed
+
+lemma to_dtree_aux_root: "Dtree.root (to_dtree_aux r) = r"
+ by simp
+
+lemma out_arc_if_child:
+ assumes "x \<in> (fst ` {(x,e). (if e \<in> out_arcs T r then x = to_dtree_aux (head T e) else False)})"
+ shows "\<exists>e. e \<in> out_arcs T r \<and> x = to_dtree_aux (head T e)"
+proof -
+ let ?xs = "{(x,e). (if e \<in> out_arcs T r then x = to_dtree_aux (head T e) else False)}"
+ have "\<exists>y. y \<in> ?xs \<and> fst y = x" using assms by blast
+ then show ?thesis by (smt (verit, best) case_prodE fst_conv mem_Collect_eq)
+qed
+
+lemma dominated_if_child_aux:
+ assumes "x \<in> (fst ` {(x,e). (if e \<in> out_arcs T r then x = to_dtree_aux (head T e) else False)})"
+ shows "r \<rightarrow>\<^bsub>T\<^esub> (Dtree.root x)"
+proof -
+ obtain e where "e \<in> out_arcs T r \<and> x = to_dtree_aux (head T e)"
+ using assms out_arc_if_child by blast
+ then show ?thesis using in_arcs_imp_in_arcs_ends by force
+qed
+
+lemma dominated_if_child:
+ "\<lbrakk>to_dtree_aux r = Node r xs; x \<in> fst ` fset xs\<rbrakk> \<Longrightarrow> r \<rightarrow>\<^bsub>T\<^esub> (Dtree.root x)"
+ using dominated_if_child_aux dtree_children_fset_id by simp
+
+lemma image_add_snd_snd_id: "snd ` ((\<lambda>e. (to_dtree_aux (head T e),e)) ` x) = x"
+ by (intro equalityI subsetI) (force simp: image_iff)+
+
+lemma to_dtree_aux_child_in_verts:
+ assumes "Node r' xs = to_dtree_aux r" and "x \<in> fst ` fset xs"
+ shows "Dtree.root x \<in> verts T"
+proof -
+ have "r \<rightarrow>\<^bsub>T\<^esub> Dtree.root x" using assms dominated_if_child by auto
+ then show ?thesis using adj_in_verts(2) by auto
+qed
+
+lemma to_dtree_aux_parent_in_verts:
+ assumes "Node r' xs = to_dtree_aux r" and "x \<in> fst ` fset xs"
+ shows "r \<in> verts T"
+proof -
+ have "r \<rightarrow>\<^bsub>T\<^esub> Dtree.root x" using assms dominated_if_child by auto
+ then show ?thesis using adj_in_verts(2) by auto
+qed
+
+lemma dtree_out_arcs:
+ "snd ` {(x,e). (if e \<in> out_arcs T r then x = to_dtree_aux (head T e) else False)} = out_arcs T r"
+ using dtree_children_img_alt by (metis image_add_snd_snd_id)
+
+lemma dtree_out_arcs_eq_snd:
+ assumes "to_dtree_aux r = Node r xs"
+ shows "(snd ` (fset xs)) = out_arcs T r"
+ using assms dtree_out_arcs dtree_children_fset_id by blast
+
+lemma dtree_aux_fst_head_snd_aux:
+ assumes "x \<in> {(x,e). (if e \<in> out_arcs T r then x = to_dtree_aux (head T e) else False)}"
+ shows "Dtree.root (fst x) = (head T (snd x))"
+ using assms by (metis (mono_tags, lifting) Collect_case_prodD to_dtree_aux_root)
+
+lemma dtree_aux_fst_head_snd:
+ assumes "to_dtree_aux r = Node r xs" and "x \<in> fset xs"
+ shows "Dtree.root (fst x) = (head T (snd x))"
+ using assms dtree_children_fset_id dtree_aux_fst_head_snd_aux by simp
+
+lemma child_if_dominated_aux:
+ assumes "r \<rightarrow>\<^bsub>T\<^esub> x"
+ shows "\<exists>y \<in> (fst ` {(x,e). (if e \<in> out_arcs T r then x = to_dtree_aux (head T e) else False)}).
+ Dtree.root y = x"
+proof -
+ let ?xs = "{(x,e). (if e \<in> out_arcs T r then x = to_dtree_aux (head T e) else False)}"
+ obtain e where e_def: "e \<in> out_arcs T r \<and> head T e = x" using assms by auto
+ then have "e \<in> snd ` ?xs" using dtree_out_arcs by auto
+ then obtain y where y_def: "y \<in> ?xs \<and> snd y = e" by blast
+ then have "Dtree.root (fst y) = head T e" using dtree_aux_fst_head_snd_aux by blast
+ then show ?thesis using e_def y_def by blast
+qed
+
+lemma child_if_dominated:
+ assumes "to_dtree_aux r = Node r xs" and "r \<rightarrow>\<^bsub>T\<^esub> x"
+ shows "\<exists>y \<in> (fst ` (fset xs)). Dtree.root y = x"
+ using assms child_if_dominated_aux dtree_children_fset_id by presburger
+
+lemma to_dtree_aux_reach_in_dverts: "\<lbrakk>t = to_dtree_aux r; r \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x\<rbrakk> \<Longrightarrow> x \<in> dverts t"
+proof(induction t arbitrary: r rule: darcs_mset.induct)
+ case (1 r' xs)
+ then have "r = r'" by simp
+ then show ?case
+ proof(cases "r=x")
+ case True
+ then show ?thesis using \<open>r = r'\<close> by simp
+ next
+ case False
+ then have "r \<rightarrow>\<^sup>+\<^bsub>T\<^esub> x" using "1.prems"(2) by blast
+ then have "\<exists>r'. r \<rightarrow>\<^bsub>T\<^esub> r' \<and> r' \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x"
+ by (metis False converse_reachable_cases reachable1_reachable)
+ then obtain x' where x'_def: "r \<rightarrow>\<^bsub>T\<^esub> x' \<and> x' \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x" by blast
+ then obtain y where y_def: "y \<in> fst ` fset xs \<and> Dtree.root y = x'"
+ using "1.prems"(1) child_if_dominated by fastforce
+ then obtain yp where yp_def: "fst yp = y \<and> yp \<in> fset xs" using y_def by blast
+ from y_def have "y = to_dtree_aux x'"
+ using "1.prems"(1) dtree_children_fset_id \<open>r=r'\<close>
+ by (metis (no_types, lifting) out_arc_if_child to_dtree_aux_root)
+ then have "x \<in> dverts y" using "1.IH" prod.exhaust_sel yp_def x'_def by metis
+ then show ?thesis using dtree.set_intros(2) y_def by auto
+ qed
+qed
+
+lemma to_dtree_aux_dverts_reachable:
+ "\<lbrakk>t = to_dtree_aux r; x \<in> dverts t; r \<in> verts T\<rbrakk> \<Longrightarrow> r \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x"
+proof(induction t arbitrary: r rule: darcs_mset.induct)
+ case (1 r' xs)
+ then have "r = r'" by simp
+ then show ?case
+ proof(cases "r=x")
+ case True
+ then show ?thesis using "1.prems"(3) by auto
+ next
+ case False
+ then obtain y where y_def: "y \<in> fst ` fset xs \<and> x \<in> dverts y"
+ using "1.prems"(2) \<open>r = r'\<close> by fastforce
+ then have 0: "r \<rightarrow>\<^bsub>T\<^esub> Dtree.root y" using "1.prems"(1) \<open>r = r'\<close> dominated_if_child by simp
+ then have 2: "Dtree.root y \<in> verts T" using adj_in_verts(2) by auto
+ obtain yp where yp_def: "fst yp = y \<and> yp \<in> fset xs" using y_def by blast
+ have "\<exists>yr. y = to_dtree_aux yr"
+ using "1.prems"(1) y_def dtree_children_fset_id
+ by (metis (no_types, lifting) \<open>r = r'\<close> out_arc_if_child)
+ then have "Dtree.root y \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x"
+ using "1.IH" 2 y_def yp_def surjective_pairing to_dtree_aux_root by metis
+ then show ?thesis using 0 adj_reachable_trans by auto
+ qed
+qed
+
+lemma dverts_eq_reachable: "r \<in> verts T \<Longrightarrow> dverts (to_dtree_aux r) = {x. r \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x}"
+ using to_dtree_aux_reach_in_dverts to_dtree_aux_dverts_reachable by blast
+
+lemma dverts_eq_reachable': "\<lbrakk>r \<in> verts T; t = to_dtree_aux r\<rbrakk> \<Longrightarrow> dverts t = {x. r \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x}"
+ using dverts_eq_reachable by blast
+
+lemma dverts_eq_verts: "dverts to_dtree = verts T"
+ unfolding to_dtree_def using dverts_eq_reachable reachable_from_root reachable_in_verts(2)
+ by (metis mem_Collect_eq root_in_T subsetI subset_antisym)
+
+lemma arc_out_arc: "e \<in> arcs T \<Longrightarrow> \<exists>v \<in> verts T. e \<in> out_arcs T v"
+ by simp
+
+lemma darcs_in_out_arcs: "t = to_dtree_aux r \<Longrightarrow> e \<in> darcs t \<Longrightarrow> \<exists>v\<in>dverts t. e \<in> out_arcs T v"
+proof(induction t arbitrary: r rule: darcs_mset.induct)
+ case (1 r' xs)
+ then show ?case
+ proof(cases "e \<in> snd ` fset xs")
+ case True
+ then show ?thesis
+ using "1.prems"(1) dtree_out_arcs_eq_snd to_dtree_aux_root
+ by (metis dtree.set_intros(1) dtree.sel(1))
+ next
+ case False
+ then have "\<exists>y \<in> fst ` fset xs. e \<in> darcs y" using "1.prems"(2) by force
+ then obtain y where y_def: "y \<in> fst ` fset xs \<and> e \<in> darcs y" by blast
+ obtain yp where yp_def: "fst yp = y \<and> yp \<in> fset xs" using y_def by blast
+ have 0: "(y, snd yp) = yp" using yp_def by auto
+ have "\<exists>yr. y = to_dtree_aux yr"
+ using "1.prems"(1) y_def dtree_children_fset_id
+ by (metis (no_types, lifting) dtree.sel(1) out_arc_if_child to_dtree_aux_root)
+ then have "\<exists>v\<in>dverts y. e \<in> out_arcs T v" using "1.IH" 0 y_def yp_def by blast
+ then obtain v where "v \<in> dverts y \<and> e \<in> out_arcs T v" by blast
+ then show ?thesis using y_def by auto
+ qed
+qed
+
+lemma darcs_in_arcs: "e \<in> darcs to_dtree \<Longrightarrow> e \<in> arcs T"
+ using darcs_in_out_arcs out_arcs_in_arcs to_dtree_def by fast
+
+lemma out_arcs_in_darcs: "t = to_dtree_aux r \<Longrightarrow> \<exists>v\<in>dverts t. e \<in> out_arcs T v \<Longrightarrow> e \<in> darcs t"
+proof(induction t arbitrary: r rule: darcs_mset.induct)
+ case (1 r' xs)
+ then have "r' = r" by simp
+ then obtain v where v_def: "v\<in>dverts (Node r xs) \<and> e \<in> out_arcs T v" using "1.prems"(2) by blast
+ then show ?case
+ proof(cases "e \<in> snd ` fset xs")
+ case True
+ then show ?thesis by force
+ next
+ case False
+ then have "e \<notin> out_arcs T r" using "1.prems"(1) \<open>r' = r\<close> dtree_out_arcs_eq_snd by metis
+ then have "v \<noteq> r" using v_def by blast
+ then obtain y where y_def: "y \<in> fst ` fset xs \<and> v \<in> dverts y" using v_def by force
+ then obtain yp where yp_def: "fst yp = y \<and> yp \<in> fset xs" by blast
+ have 0: "(y, snd yp) = yp" using yp_def by auto
+ have "\<exists>yr. y = to_dtree_aux yr"
+ using "1.prems"(1) y_def dtree_children_fset_id
+ by (metis (no_types, lifting) dtree.sel(1) out_arc_if_child to_dtree_aux_root)
+ then have "e \<in> darcs y" using "1.IH" 0 v_def y_def yp_def by blast
+ then show ?thesis using y_def by force
+ qed
+qed
+
+lemma arcs_in_darcs: "e \<in> arcs T \<Longrightarrow> e \<in> darcs to_dtree"
+ using arc_out_arc out_arcs_in_darcs dverts_eq_verts to_dtree_def by fast
+
+lemma darcs_eq_arcs: "darcs to_dtree = arcs T"
+ using arcs_in_darcs darcs_in_arcs by blast
+
+lemma to_dtree_aux_self:
+ assumes "Node r xs = to_dtree_aux r" and "(y,e) \<in> fset xs"
+ shows "y = to_dtree_aux (Dtree.root y)"
+proof -
+ have "\<exists>y'. y = to_dtree_aux y'"
+ using assms dtree_children_fset_id by (metis (mono_tags, lifting) case_prodD mem_Collect_eq)
+ then obtain y' where "y = to_dtree_aux y'" by blast
+ then show ?thesis by simp
+qed
+
+lemma to_dtree_aux_self_subtree:
+ "\<lbrakk>t1 = to_dtree_aux r; is_subtree t2 t1\<rbrakk> \<Longrightarrow> t2 = to_dtree_aux (Dtree.root t2)"
+proof(induction t1 arbitrary: r)
+ case (Node r' xs)
+ then show ?case
+ proof(cases "Node r' xs = t2")
+ case True
+ then show ?thesis using Node.prems(1) by force
+ next
+ case False
+ then obtain t e where t_def: "(t,e) \<in> fset xs" "is_subtree t2 t" using Node.prems(2) by auto
+ then have "t = to_dtree_aux (Dtree.root t)" using Node.prems(1) to_dtree_aux_self by simp
+ then show ?thesis using Node.IH[of "(t,e)" t "Dtree.root t"] t_def by simp
+ qed
+qed
+
+lemma to_dtree_self_subtree: "is_subtree t to_dtree \<Longrightarrow> t = to_dtree_aux (Dtree.root t)"
+ unfolding to_dtree_def using to_dtree_aux_self_subtree by blast
+
+lemma to_dtree_self_subtree': "is_subtree (Node r xs) to_dtree \<Longrightarrow> (Node r xs) = to_dtree_aux r"
+ using to_dtree_self_subtree[of "Node r xs"] by simp
+
+lemma child_if_dominated_to_dtree:
+ "\<lbrakk>is_subtree (Node r xs) to_dtree; r \<rightarrow>\<^bsub>T\<^esub> v\<rbrakk> \<Longrightarrow> \<exists>t. t \<in> fst ` fset xs \<and> Dtree.root t = v"
+ using child_if_dominated[of r] to_dtree_self_subtree' by simp
+
+lemma child_if_dominated_to_dtree':
+ "\<lbrakk>is_subtree (Node r xs) to_dtree; r \<rightarrow>\<^bsub>T\<^esub> v\<rbrakk> \<Longrightarrow> \<exists>ys. Node v ys \<in> fst ` fset xs"
+ using child_if_dominated_to_dtree dtree.exhaust dtree.sel(1) by metis
+
+lemma child_darc_tail_parent:
+ assumes "Node r xs = to_dtree_aux r" and "(x,e) \<in> fset xs"
+ shows "tail T e = r"
+proof -
+ have "e \<in> out_arcs T r"
+ using assms dtree_children_fset_id by (metis (no_types, lifting) case_prodD mem_Collect_eq)
+ then show ?thesis by simp
+qed
+
+lemma child_darc_head_root:
+ "\<lbrakk>Node r xs = to_dtree_aux r; (t,e) \<in> fset xs\<rbrakk> \<Longrightarrow> head T e = Dtree.root t"
+ using dtree_aux_fst_head_snd by force
+
+lemma child_darc_in_arcs:
+ assumes "Node r xs = to_dtree_aux r" and "(x,e) \<in> fset xs"
+ shows "e \<in> arcs T"
+proof -
+ have "e \<in> out_arcs T r"
+ using assms dtree_children_fset_id by (metis (no_types, lifting) case_prodD mem_Collect_eq)
+ then show ?thesis by simp
+qed
+
+lemma darcs_neq_if_dtrees_neq:
+ "\<lbrakk>Node r xs = to_dtree_aux r; (x,e1) \<in> fset xs; (y,e2) \<in> fset xs; x\<noteq>y\<rbrakk> \<Longrightarrow> e1 \<noteq> e2"
+ using dtree_children_fset_id by (metis (mono_tags, lifting) case_prodD mem_Collect_eq)
+
+lemma dtrees_neq_if_darcs_neq:
+ "\<lbrakk>Node r xs = to_dtree_aux r; (x,e1) \<in> fset xs; (y,e2) \<in> fset xs; e1\<noteq>e2\<rbrakk> \<Longrightarrow> x \<noteq> y"
+ using dtree_children_fset_id case_prodD dtree_aux_fst_head_snd fst_conv
+ by (metis (no_types, lifting) mem_Collect_eq out_arcs_in_arcs snd_conv two_in_arcs_contr)
+
+lemma dverts_disjoint:
+ assumes "Node r xs = to_dtree_aux r" and "(x,e1) \<in> fset xs" and "(y,e2) \<in> fset xs"
+ and "(x,e1)\<noteq>(y,e2)"
+ shows "dverts x \<inter> dverts y = {}"
+proof (rule ccontr)
+ assume "dverts x \<inter> dverts y \<noteq> {}"
+ then obtain v where v_def: "v \<in> dverts x \<and> v \<in> dverts y" by blast
+ have "x \<noteq> y" using dtrees_neq_if_darcs_neq assms by blast
+ have 0: "x = to_dtree_aux (Dtree.root x)" using to_dtree_aux_self assms(1,2) by blast
+ have 1: "r \<rightarrow>\<^bsub>T\<^esub> Dtree.root x"
+ using assms(1,2) dominated_if_child by (metis (no_types, opaque_lifting) fst_conv image_iff)
+ then have 2: "Dtree.root x \<in> verts T" using adj_in_verts(2) by simp
+ have 3: "y = to_dtree_aux (Dtree.root y)" using to_dtree_aux_self assms(1,3) by blast
+ have 4: "r \<rightarrow>\<^bsub>T\<^esub> Dtree.root y"
+ using assms(1,3) dominated_if_child by (metis (no_types, opaque_lifting) fst_conv image_iff)
+ then have 5: "Dtree.root y \<in> verts T" using adj_in_verts(2) by simp
+ have "Dtree.root x \<rightarrow>\<^sup>*\<^bsub>T\<^esub> v" using 0 2 to_dtree_aux_dverts_reachable v_def by blast
+ moreover have "Dtree.root y \<rightarrow>\<^sup>*\<^bsub>T\<^esub> v" using 3 5 to_dtree_aux_dverts_reachable v_def by blast
+ moreover have "Dtree.root x \<noteq> Dtree.root y" using 0 3 assms(4) \<open>x\<noteq>y\<close> by auto
+ ultimately show False using 1 4 reachable_via_child_impl_same by simp
+qed
+
+lemma wf_dverts_to_dtree_aux1: "r \<notin> verts T \<Longrightarrow> wf_dverts (to_dtree_aux r)"
+ using to_dtree_aux_empty_if_notT unfolding wf_dverts_iff_dverts' by simp
+
+lemma wf_dverts_to_dtree_aux2: "r \<in> verts T \<Longrightarrow> t = to_dtree_aux r \<Longrightarrow> wf_dverts t"
+proof(induction t arbitrary: r rule: darcs_mset.induct)
+ case (1 r' xs)
+ then have "r = r'" by simp
+ have "\<forall>(x,e) \<in> fset xs. wf_dverts x \<and> r \<notin> dverts x"
+ proof (standard, standard, standard)
+ fix xp x e
+ assume asm: "xp \<in> fset xs" "xp = (x,e)"
+ then have 0: "x = to_dtree_aux (Dtree.root x)" using to_dtree_aux_self "1.prems"(2) by simp
+ have 2: "r \<rightarrow>\<^bsub>T\<^esub> Dtree.root x" using asm "1.prems" \<open>r = r'\<close>
+ by (metis (no_types, opaque_lifting) dominated_if_child fst_conv image_iff)
+ then have 3: "Dtree.root x \<in> verts T" using adj_in_verts(2) by simp
+ then show "wf_dverts x" using "1.IH" asm 0 by blast
+ show "r \<notin> dverts x"
+ proof
+ assume "r \<in> dverts x"
+ then have "Dtree.root x \<rightarrow>\<^sup>*\<^bsub>T\<^esub> r" using 0 3 to_dtree_aux_dverts_reachable by blast
+ then have "r \<rightarrow>\<^sup>+\<^bsub>T\<^esub> r" using 2 by auto
+ then show False using reachable1_not_reverse by blast
+ qed
+ qed
+ then show ?case using dverts_disjoint \<open>r=r'\<close> "1.prems"(1,2) unfolding wf_dverts_iff_dverts'
+ by (smt (verit, del_insts) wf_dverts'.simps case_prodI2 case_prod_conv)
+qed
+
+lemma wf_dverts_to_dtree_aux: "wf_dverts (to_dtree_aux r)"
+ using wf_dverts_to_dtree_aux1 wf_dverts_to_dtree_aux2 by blast
+
+lemma wf_dverts_to_dtree_aux': "t = to_dtree_aux r \<Longrightarrow> wf_dverts t"
+ using wf_dverts_to_dtree_aux by blast
+
+lemma wf_dverts_to_dtree: "wf_dverts to_dtree"
+ using to_dtree_def wf_dverts_to_dtree_aux by simp
+
+lemma darcs_not_in_subtree:
+ assumes "Node r xs = to_dtree_aux r" and "(x,e) \<in> fset xs" and "(y,e2) \<in> fset xs"
+ shows "e \<notin> darcs y"
+proof
+ assume asm: "e \<in> darcs y"
+ have 0: "y = to_dtree_aux (Dtree.root y)" using to_dtree_aux_self assms(1,3) by blast
+ then obtain v where v_def: "v \<in> dverts y \<and> e \<in> out_arcs T v" using darcs_in_out_arcs asm by blast
+ have 1: "r \<rightarrow>\<^bsub>T\<^esub> Dtree.root y"
+ using assms(1,3) by (metis (no_types, opaque_lifting) dominated_if_child fst_conv image_iff)
+ then have "Dtree.root y \<in> verts T" using adj_in_verts(2) by auto
+ then have "Dtree.root y \<rightarrow>\<^sup>*\<^bsub>T\<^esub> v" using to_dtree_aux_dverts_reachable 0 v_def by blast
+ then have "r \<rightarrow>\<^sup>+\<^bsub>T\<^esub> v" using 1 by auto
+ then have "r \<noteq> v" using reachable1_not_reverse two_in_arcs_contr by blast
+ moreover have "tail T e = v" using v_def by simp
+ moreover have "tail T e = r" using assms(1,2) child_darc_tail_parent by blast
+ ultimately show False by blast
+qed
+
+lemma darcs_disjoint:
+ assumes "Node r xs = to_dtree_aux r" and "r \<in> verts T"
+ and "(x,e1) \<in> fset xs" and "(y,e2) \<in> fset xs" and "(x,e1)\<noteq>(y,e2)"
+ shows "(darcs x \<union> {e1}) \<inter> (darcs y \<union> {e2}) = {}"
+proof (rule ccontr)
+ assume "(darcs x \<union> {e1}) \<inter> (darcs y \<union> {e2}) \<noteq> {}"
+ moreover have "e1 \<notin> darcs y" using darcs_not_in_subtree assms(1-4) by blast
+ moreover have "e2 \<notin> darcs x" using darcs_not_in_subtree assms(1-4) by blast
+ moreover have "e1 \<noteq> e2" using darcs_neq_if_dtrees_neq assms by blast
+ ultimately have "darcs x \<inter> darcs y \<noteq> {}" by blast
+ then obtain e where e_def: "e \<in> darcs x \<and> e \<in> darcs y" by blast
+ have "x = to_dtree_aux (Dtree.root x)" using to_dtree_aux_self assms(1,3) by blast
+ then obtain v1 where v1_def: "v1 \<in> dverts x \<and> e \<in> out_arcs T v1"
+ using darcs_in_out_arcs e_def by blast
+ have "y = to_dtree_aux (Dtree.root y)" using to_dtree_aux_self assms(1,4) by blast
+ then obtain v2 where v2_def: "v2 \<in> dverts y \<and> e \<in> out_arcs T v2"
+ using darcs_in_out_arcs e_def by blast
+ then have "v2 \<noteq> v1" using v1_def v2_def dverts_disjoint assms dtrees_neq_if_darcs_neq by blast
+ then show False using v1_def v2_def by simp
+qed
+
+lemma wf_darcs_to_dtree_aux1: "r \<notin> verts T \<Longrightarrow> wf_darcs (to_dtree_aux r)"
+ using to_dtree_aux_empty_if_notT unfolding wf_darcs_def by simp
+
+lemma wf_darcs_to_dtree_aux2: "r \<in> verts T \<Longrightarrow> t = to_dtree_aux r \<Longrightarrow> wf_darcs t"
+proof(induction t arbitrary: r rule: darcs_mset.induct)
+ case (1 r' xs)
+ then have "r = r'" by simp
+ have "\<forall>(x,e) \<in> fset xs. wf_darcs x"
+ proof (standard, standard)
+ fix xp x e
+ assume asm: "xp \<in> fset xs" "xp = (x,e)"
+ then have 0: "x = to_dtree_aux (Dtree.root x)" using to_dtree_aux_self "1.prems"(2) by simp
+ have "r \<rightarrow>\<^bsub>T\<^esub> Dtree.root x" using asm "1.prems" \<open>r = r'\<close>
+ by (metis (no_types, opaque_lifting) dominated_if_child fst_conv image_iff)
+ then have "Dtree.root x \<in> verts T" using adj_in_verts(2) by simp
+ then show "wf_darcs x" using "1.IH" asm 0 by blast
+ qed
+ moreover have "\<forall>(x,e1) \<in> fset xs. (\<forall>(y,e2) \<in> fset xs.
+ (darcs x \<union> {e1}) \<inter> (darcs y \<union> {e2}) = {} \<or> (x,e1)=(y,e2))"
+ using darcs_disjoint "1.prems" \<open>r = r'\<close> by blast
+ ultimately show ?case using darcs_not_in_subtree "1.prems" \<open>r = r'\<close>
+ by (smt (verit) case_prodD case_prodI2 wf_darcs_if_darcs'_aux)
+qed
+
+lemma wf_darcs_to_dtree_aux: "wf_darcs (to_dtree_aux r)"
+ using wf_darcs_to_dtree_aux1 wf_darcs_to_dtree_aux2 by blast
+
+lemma wf_darcs_to_dtree_aux': "t = to_dtree_aux r \<Longrightarrow> wf_darcs t"
+ using wf_darcs_to_dtree_aux by blast
+
+lemma wf_darcs_to_dtree: "wf_darcs to_dtree"
+ using to_dtree_def wf_darcs_to_dtree_aux by simp
+
+lemma dtail_aux_elem_eq_tail:
+ "t = to_dtree_aux r \<Longrightarrow> e \<in> darcs t \<Longrightarrow> dtail t def e = tail T e"
+proof(induction t arbitrary: r rule: darcs_mset.induct)
+ case (1 r' xs)
+ then have "r = r'" by simp
+ let ?f = "(\<lambda>(x,e2) b. if (x,e2) \<notin> fset xs \<or> e \<notin> darcs x \<or> \<not>disjoint_darcs xs
+ then b else dtail x def)"
+ show ?case
+ proof(cases "e \<in> snd ` fset xs")
+ case True
+ then have 0: "dtail (Node r' xs) def e = r" using \<open>r=r'\<close> by simp
+ have "e \<in> out_arcs T r" using dtree_out_arcs_eq_snd "1.prems"(1) True by simp
+ then have "tail T e = r" by simp
+ then show ?thesis using 0 by blast
+ next
+ case False
+ then obtain x e1 where x_def: "(x,e1) \<in> fset xs \<and> e \<in> darcs x" using "1.prems"(2) by force
+ then have "x = to_dtree_aux (Dtree.root x)" using "1.prems"(1) \<open>r = r'\<close> to_dtree_aux_self by blast
+ then have 0: "dtail x def e = tail T e" using "1.IH" x_def by blast
+ have "wf_darcs (Node r xs)" using "1.prems"(1) wf_darcs_to_dtree_aux by simp
+ then have "dtail (Node r' xs) def e = dtail x def e"
+ using dtail_in_child_eq_child[of x] x_def "1.prems" by force
+ then show ?thesis using 0 by simp
+ qed
+qed
+
+lemma dtail_elem_eq_tail: "e \<in> darcs to_dtree \<Longrightarrow> dtail to_dtree def e = tail T e"
+ using dtail_aux_elem_eq_tail to_dtree_def by blast
+
+lemma to_dtree_dtail_eq_tail_aux: "dtail to_dtree (tail T) e = tail T e"
+ using dtail_notelem_eq_def dtail_elem_eq_tail by metis
+
+lemma to_dtree_dtail_eq_tail: "dtail to_dtree (tail T) = tail T"
+ using to_dtree_dtail_eq_tail_aux by blast
+
+lemma dhead_aux_elem_eq_head:
+ "t = to_dtree_aux r \<Longrightarrow> e \<in> darcs t \<Longrightarrow> dhead t def e = head T e"
+proof(induction t arbitrary: r rule: darcs_mset.induct)
+ case (1 r' xs)
+ then have "r = r'" by simp
+ let ?f = "(\<lambda>(x,e2) b. if (x,e2) \<notin> fset xs \<or> e \<notin> (darcs x \<union> {e2}) \<or> \<not>disjoint_darcs xs
+ then b else if e=e2 then Dtree.root x else dhead x def e)"
+ obtain child where "child \<in> fset xs" using "1.prems"(2) by auto
+ then have wf: "wf_darcs (Node r xs)" using "1.prems"(1) wf_darcs_to_dtree_aux by simp
+ show ?case
+ proof(cases "e \<in> snd ` fset xs")
+ case True
+ then obtain x where x_def: "(x,e) \<in> fset xs" by force
+ then have 0: "dhead (Node r' xs) def e = Dtree.root x"
+ using dhead_in_set_eq_root wf \<open>r=r'\<close> by fast
+ have "e \<in> out_arcs T r" using dtree_out_arcs_eq_snd "1.prems"(1) True by simp
+ then have "head T e = Dtree.root x" using x_def "1.prems"(1) dtree_aux_fst_head_snd by force
+ then show ?thesis using 0 by simp
+ next
+ case False
+ then obtain x e1 where x_def: "(x,e1) \<in> fset xs \<and> e \<in> darcs x" using "1.prems"(2) by force
+ then have "x = to_dtree_aux (Dtree.root x)" using "1.prems"(1) \<open>r = r'\<close> to_dtree_aux_self by blast
+ then have 0: "dhead x def e = head T e" using "1.IH" x_def by blast
+ have "dhead (Node r' xs) def e = dhead x def e"
+ using dhead_in_child_eq_child[of x] x_def wf \<open>r=r'\<close> by blast
+ then show ?thesis using 0 by simp
+ qed
+qed
+
+lemma dhead_elem_eq_head: "e \<in> darcs to_dtree \<Longrightarrow> dhead to_dtree def e = head T e"
+ using dhead_aux_elem_eq_head to_dtree_def by blast
+
+lemma to_dtree_dhead_eq_head_aux: "dhead to_dtree (head T) e = head T e"
+ using dhead_notelem_eq_def dhead_elem_eq_head by metis
+
+lemma to_dtree_dhead_eq_head: "dhead to_dtree (head T) = head T"
+ using to_dtree_dhead_eq_head_aux by blast
+
+lemma from_to_dtree_eq_orig: "from_dtree (to_dtree) = T"
+ using to_dtree_dhead_eq_head to_dtree_dtail_eq_tail darcs_eq_arcs dverts_eq_verts by simp
+
+lemma subtree_darc_tail_parent:
+ "\<lbrakk>is_subtree (Node r xs) to_dtree; (t,e) \<in> fset xs\<rbrakk> \<Longrightarrow> tail T e = r"
+ using child_darc_tail_parent to_dtree_self_subtree' by blast
+
+lemma subtree_darc_head_root:
+ "\<lbrakk>is_subtree (Node r xs) to_dtree; (t,e) \<in> fset xs\<rbrakk> \<Longrightarrow> head T e = Dtree.root t"
+ using child_darc_head_root to_dtree_self_subtree' by blast
+
+lemma subtree_darc_in_arcs:
+ "\<lbrakk>is_subtree (Node r xs) to_dtree; (t,e) \<in> fset xs\<rbrakk> \<Longrightarrow> e \<in> arcs T"
+ using to_dtree_self_subtree' child_darc_in_arcs by blast
+
+lemma subtree_child_dom: "\<lbrakk>is_subtree (Node r xs) to_dtree; (t,e) \<in> fset xs\<rbrakk> \<Longrightarrow> r \<rightarrow>\<^bsub>T\<^esub> Dtree.root t"
+ using subtree_darc_tail_parent subtree_darc_head_root subtree_darc_in_arcs
+ in_arcs_imp_in_arcs_ends by fastforce
+
+end
+
+subsubsection "Well-Formed Dtrees"
+
+locale wf_dtree =
+ fixes t :: "('a,'b) dtree"
+ assumes wf_arcs: "wf_darcs t"
+ and wf_verts: "wf_dverts t"
+
+begin
+
+lemma wf_dtree_rec: "Node r xs = t \<Longrightarrow> (x,e) \<in> fset xs \<Longrightarrow> wf_dtree x"
+ using wf_arcs wf_verts by (unfold_locales) auto
+
+lemma wf_dtree_sub: "is_subtree x t \<Longrightarrow> wf_dtree x"
+using wf_dtree_axioms proof(induction t rule: darcs_mset.induct)
+ case (1 r xs)
+ then interpret wf_dtree "Node r xs" by blast
+ show ?case
+ proof(cases "x = Node r xs")
+ case True
+ then show ?thesis by (simp add: wf_dtree_axioms)
+ next
+ case False
+ then show ?thesis using "1.IH" wf_dtree_rec "1.prems"(1) by auto
+ qed
+qed
+
+lemma root_not_subtree: "\<lbrakk>(Node r xs) = t; x \<in> fst ` fset xs\<rbrakk> \<Longrightarrow> r \<notin> dverts x"
+ using wf_verts root_not_child_if_wf_dverts by fastforce
+
+lemma dverts_child_subset: "\<lbrakk>(Node r xs) = t; x \<in> fst ` fset xs\<rbrakk> \<Longrightarrow> dverts x \<subset> dverts t"
+ using root_not_subtree by fastforce
+
+lemma child_arc_not_subtree: "\<lbrakk>(Node r xs) = t; (x,e1) \<in> fset xs\<rbrakk> \<Longrightarrow> e1 \<notin> darcs x"
+ using wf_arcs disjoint_darcs_if_wf_aux3 by fast
+
+lemma darcs_child_subset: "\<lbrakk>(Node r xs) = t; x \<in> fst ` fset xs\<rbrakk> \<Longrightarrow> darcs x \<subset> darcs t"
+ using child_arc_not_subtree by force
+
+lemma dtail_in_dverts: "e \<in> darcs t \<Longrightarrow> dtail t def e \<in> dverts t"
+using wf_arcs proof(induction t rule: darcs_mset.induct)
+ case (1 r xs)
+ show ?case
+ proof(cases "e \<in> snd ` fset xs")
+ case False
+ then obtain x e1 where x_def: "(x,e1) \<in> fset xs \<and> e \<in> darcs x" using "1.prems"(1) by force
+ then have "wf_darcs x" using "1.prems"(2) by auto
+ then have "dtail x def e \<in> dverts x" using "1.IH" x_def by blast
+ then have 0: "dtail x def e \<in> dverts (Node r xs)"
+ using x_def by (auto simp: dverts_child_subseteq)
+ have "dtail (Node r xs) def e = dtail x def e"
+ using dtail_in_child_eq_child[of x] x_def "1.prems"(2) by blast
+ then show ?thesis using 0 by argo
+ qed (simp)
+qed
+
+lemma dtail_in_childverts:
+ assumes "e \<in> darcs x" and "(x,e') \<in> fset xs" and "Node r xs = t"
+ shows "dtail t def e \<in> dverts x"
+proof -
+ interpret X: wf_dtree x using assms(2,3) wf_dtree_rec by blast
+ have "dtail t def e = dtail x def e"
+ using dtail_in_child_eq_child[of x] assms wf_arcs by force
+ then show ?thesis using assms(1) X.dtail_in_dverts by simp
+qed
+
+lemma dhead_in_dverts: "e \<in> darcs t \<Longrightarrow> dhead t def e \<in> dverts t"
+using wf_arcs proof(induction t rule: darcs_mset.induct)
+ case (1 r xs)
+ show ?case
+ proof(cases "e \<in> snd ` fset xs")
+ case True
+ then obtain x where x_def: "(x,e) \<in> fset xs" by force
+ then have "dhead (Node r xs) def e = root x"
+ using dhead_in_set_eq_root[of x] "1.prems"(2) by blast
+ then show ?thesis using dtree.set_sel(1) x_def by fastforce
+ next
+ case False
+ then obtain x e1 where x_def: "(x,e1) \<in> fset xs \<and> e \<in> darcs x" using "1.prems"(1) by force
+ then have "wf_darcs x" using "1.prems"(2) by auto
+ then have "dhead x def e \<in> dverts x" using "1.IH" x_def by blast
+ then have 0: "dhead x def e \<in> dverts (Node r xs)"
+ using x_def by (auto simp: dverts_child_subseteq)
+ have "dhead (Node r xs) def e = dhead x def e"
+ using dhead_in_child_eq_child[of x] x_def "1.prems"(2) by force
+ then show ?thesis using 0 by argo
+ qed
+qed
+
+lemma dhead_in_childverts:
+ assumes "e \<in> darcs x" and "(x,e') \<in> fset xs" and "Node r xs = t"
+ shows "dhead t def e \<in> dverts x"
+proof -
+ interpret X: wf_dtree x using wf_arcs wf_verts assms(2,3) by(unfold_locales) auto
+ have "dhead t def e = dhead x def e"
+ using dhead_in_child_eq_child[of x] assms wf_arcs by auto
+ then show ?thesis using assms(1) X.dhead_in_dverts by simp
+qed
+
+lemma dhead_in_dverts_no_root: "e \<in> darcs t \<Longrightarrow> dhead t def e \<in> (dverts t - {root t})"
+using wf_arcs wf_verts proof(induction t rule: darcs_mset.induct)
+ case (1 r xs)
+ interpret wf_dtree "Node r xs" using "1.prems"(2,3) by (unfold_locales) auto
+ show ?case
+ proof(cases "e \<in> snd ` fset xs")
+ case True
+ then obtain x where x_def: "(x,e) \<in> fset xs" by force
+ then have "dhead (Node r xs) def e = root x"
+ using dhead_in_set_eq_root[of x] "1.prems"(2) by simp
+ then show ?thesis using dtree.set_sel(1) x_def "1.prems"(3) wf_dverts_iff_dverts' by fastforce
+ next
+ case False
+ then obtain x e1 where x_def: "(x,e1) \<in> fset xs \<and> e \<in> darcs x" using "1.prems"(1) by force
+ then have "wf_darcs x" using "1.prems"(2) by auto
+ then have "dhead x def e \<in> dverts x" using "1.IH" x_def "1.prems"(3) by auto
+ moreover have "r \<notin> dverts x" using root_not_subtree x_def by fastforce
+ ultimately have 0: "dhead x def e \<in> dverts (Node r xs) - {root (Node r xs)}"
+ using x_def dverts_child_subseteq by fastforce
+ have "dhead (Node r xs) def e = dhead x def e"
+ using dhead_in_child_eq_child[of x] x_def "1.prems"(2) by force
+ then show ?thesis using 0 by argo
+ qed
+qed
+
+lemma dhead_in_childverts_no_root:
+ assumes "e \<in> darcs x" and "(x,e') \<in> fset xs" and "Node r xs = t"
+ shows "dhead t def e \<in> (dverts x - {root x})"
+proof -
+ interpret X: wf_dtree x using assms(2,3) wf_dtree_rec by blast
+ have "dhead t def e = dhead x def e"
+ using dhead_in_child_eq_child[of x] assms wf_arcs by auto
+ then show ?thesis using assms(1) X.dhead_in_dverts_no_root by simp
+qed
+
+lemma dtree_cas_iff_subtree:
+ assumes "(x,e1) \<in> fset xs" and "Node r xs = t" and "set p \<subseteq> darcs x"
+ shows "pre_digraph.cas (from_dtree dt dh x) u p v
+ \<longleftrightarrow> pre_digraph.cas (from_dtree dt dh t) u p v"
+ (is "pre_digraph.cas ?X _ _ _ \<longleftrightarrow> pre_digraph.cas ?T _ _ _")
+using assms proof(induction p arbitrary: u)
+ case Nil
+ then show ?case by(simp add: pre_digraph.cas.simps(1))
+next
+ case (Cons p ps)
+ note pre_digraph.cas.simps[simp]
+ have "pre_digraph.cas ?T u (p # ps) v = (tail ?T p = u \<and> pre_digraph.cas ?T (head ?T p) ps v)"
+ by simp
+ also have "\<dots> = (tail ?T p = u \<and> pre_digraph.cas ?X (head ?T p) ps v)"
+ using Cons.IH Cons.prems by simp
+ also have "\<dots> = (tail ?X p = u \<and> pre_digraph.cas ?X (head ?T p) ps v)"
+ using dtail_in_child_eq_child[of x] Cons.prems(1-3) wf_arcs by force
+ also have "\<dots> = (tail ?X p = u \<and> pre_digraph.cas ?X (head ?X p) ps v)"
+ using dhead_in_child_eq_child[of x] Cons.prems(1-3) wf_arcs by force
+ finally show ?case by simp
+qed
+
+lemma dtree_cas_exists:
+ "v \<in> dverts t \<Longrightarrow> \<exists>p. set p \<subseteq> darcs t \<and> pre_digraph.cas (from_dtree dt dh t) (root t) p v"
+using wf_dtree_axioms proof(induction t)
+ case (Node r xs)
+ then show ?case
+ proof(cases "r=v")
+ case True
+ then have "pre_digraph.cas (from_dtree dt dh (Node r xs)) (root (Node r xs)) [] v"
+ by (simp add: pre_digraph.cas.simps(1))
+ then show ?thesis by force
+ next
+ case False
+ then obtain x e where x_def: "(x,e) \<in> fset xs \<and> v \<in> dverts x" using Node.prems by auto
+ let ?T = "from_dtree dt dh (Node r xs)"
+ let ?X = "from_dtree dt dh x"
+ interpret wf_dtree "Node r xs" by (rule Node.prems(2))
+ have "wf_dtree x" using x_def wf_dtree_rec by blast
+ then obtain p where p_def: "set p \<subseteq> darcs x \<and> pre_digraph.cas ?X (root x) p v"
+ using Node.IH x_def by fastforce
+ then have "pre_digraph.cas ?T (root x) p v"
+ using dtree_cas_iff_subtree x_def Node.prems(2) by blast
+ moreover have "head ?T e = root x"
+ using x_def dhead_in_set_eq_root[of x] wf_arcs by simp
+ moreover have "tail ?T e = r" using x_def by force
+ ultimately have "pre_digraph.cas ?T (root (Node r xs)) (e#p) v"
+ by (simp add: pre_digraph.cas.simps(2))
+ moreover have "set (e#p) \<subseteq> darcs (Node r xs)" using p_def x_def by force
+ ultimately show ?thesis by blast
+ qed
+qed
+
+lemma dtree_awalk_exists:
+ assumes "v \<in> dverts t"
+ shows "\<exists>p. pre_digraph.awalk (from_dtree dt dh t) (root t) p v"
+unfolding pre_digraph.awalk_def using dtree_cas_exists assms dtree.set_sel(1) by fastforce
+
+lemma subtree_root_not_root: "t = Node r xs \<Longrightarrow> (x,e) \<in> fset xs \<Longrightarrow> root x \<noteq> r"
+ using dtree.set_sel(1) root_not_subtree by fastforce
+
+lemma dhead_not_root:
+ assumes "e \<in> darcs t"
+ shows "dhead t def e \<noteq> root t"
+proof -
+ obtain r xs where xs_def[simp]: "t = Node r xs" using dtree.exhaust by auto
+ show ?thesis
+ proof(cases "e \<in> snd ` fset xs")
+ case True
+ then obtain x where x_def: "(x,e) \<in> fset xs" by force
+ then have "dhead (Node r xs) def e = root x"
+ using dhead_in_set_eq_root[of x] wf_arcs by simp
+ then show ?thesis using x_def subtree_root_not_root by simp
+ next
+ case False
+ then obtain x e1 where x_def: "(x,e1) \<in> fset xs \<and> e \<in> darcs x" using assms by force
+ then interpret X: wf_dtree x using wf_dtree_rec by auto
+ have "dhead x def e \<in> dverts x" using x_def X.dhead_in_dverts by blast
+ moreover have "dhead (Node r xs) def e = dhead x def e"
+ using x_def dhead_in_child_eq_child[of x] wf_arcs by force
+ ultimately show ?thesis using x_def root_not_subtree by fastforce
+ qed
+qed
+
+lemma nohead_cas_no_arc_in_subset:
+ "\<lbrakk>\<forall>e\<in>darcs t. dhead t dh e \<noteq> v; p\<noteq>[]; pre_digraph.cas (from_dtree dt dh t) u p v\<rbrakk>
+ \<Longrightarrow> \<not>set p \<subseteq> darcs t"
+ by(induction p arbitrary: u) (fastforce simp: pre_digraph.cas.simps)+
+
+lemma dtail_root_in_set:
+ assumes "e \<in> darcs t" and "t = Node r xs" and "dtail t dt e = r"
+ shows "e \<in> snd ` fset xs"
+proof (rule ccontr)
+ assume "e \<notin> snd ` fset xs"
+ then obtain x e1 where x_def: "(x,e1) \<in> fset xs \<and> e \<in> darcs x" using assms(1,2) by force
+ interpret X: wf_dtree x using assms(2) x_def wf_dtree_rec by blast
+ have "dtail t dt e = dtail x dt e"
+ using dtail_in_child_eq_child[of x] wf_arcs assms(2) x_def by force
+ then have "dtail t dt e \<in> dverts x" using X.dtail_in_dverts x_def by simp
+ then show False using assms(2,3) wf_verts x_def unfolding wf_dverts_iff_dverts' by auto
+qed
+
+lemma dhead_notin_subtree_wo_root:
+ assumes "(x,e) \<in> fset xs" and "p \<notin> darcs x" and "p \<in> darcs t" and "t = Node r xs"
+ shows "dhead t dh p \<notin> (dverts x - {root x})"
+proof(cases "p \<in> snd ` fset xs")
+ case True
+ then obtain x' where x'_def: "(x',p) \<in> fset xs" by auto
+ then have 0: "dhead t dh p = root x'"
+ using dhead_in_set_eq_root[of x'] wf_arcs assms(4) by auto
+ have "root x' \<notin> (dverts x - {root x})"
+ proof(cases "x'=x")
+ case True
+ then show ?thesis by blast
+ next
+ case False
+ have "root x' \<in> dverts x'" by (simp add: dtree.set_sel(1))
+ then show ?thesis using wf_verts x'_def assms(1,4) unfolding wf_dverts_iff_dverts' by fastforce
+ qed
+ then show ?thesis using 0 by simp
+next
+ case False
+ then obtain x' e1 where x'_def: "(x',e1) \<in> fset xs \<and> p \<in> darcs x'" using assms(3,4) by force
+ then have 0: "dhead t dh p = dhead x' dh p"
+ using dhead_in_child_eq_child[of x'] wf_arcs assms(4) by auto
+ interpret X: wf_dtree x' using assms(4) x'_def wf_dtree_rec by blast
+ have 1: "dhead x' dh p \<in> dverts x'" using X.dhead_in_dverts x'_def by blast
+ moreover have "dverts x' \<inter> dverts x = {}"
+ using wf_verts x'_def assms(1,2,4) unfolding wf_dverts_iff_dverts' by fastforce
+ ultimately show ?thesis using 0 by auto
+qed
+
+lemma subtree_uneq_if_arc_uneq:
+ "\<lbrakk>(x1,e1) \<in> fset xs; (x2,e2) \<in> fset xs; e1\<noteq>e2; Node r xs = t\<rbrakk> \<Longrightarrow> x1 \<noteq> x2"
+ using dtree.set_sel(1) wf_verts disjoint_dverts_if_wf_aux by fast
+
+lemma arc_uneq_if_subtree_uneq:
+ "\<lbrakk>(x1,e1) \<in> fset xs; (x2,e2) \<in> fset xs; x1\<noteq>x2; Node r xs = t\<rbrakk> \<Longrightarrow> e1 \<noteq> e2"
+ using disjoint_darcs_if_wf[OF wf_arcs] by fastforce
+
+lemma dhead_unique: "e \<in> darcs t \<Longrightarrow> p \<in> darcs t \<Longrightarrow> e \<noteq> p \<Longrightarrow> dhead t dh e \<noteq> dhead t dh p"
+using wf_dtree_axioms proof(induction t rule: darcs_mset.induct)
+ case ind: (1 r xs)
+ then interpret wf_dtree "Node r xs" by blast
+ show ?case
+ proof(cases "\<exists>x \<in> fst ` fset xs. e \<in> darcs x \<and> p \<in> darcs x")
+ case True
+ then obtain x e1 where x_def: "(x,e1) \<in> fset xs \<and> e \<in> darcs x \<and> p \<in> darcs x" by force
+ then have "wf_dtree x" using ind.prems(4) wf_dtree_rec by blast
+ then have "dhead x dh e \<noteq> dhead x dh p" using ind x_def by blast
+ then show ?thesis using True dhead_in_child_eq_child[of x] wf_arcs x_def by force
+ next
+ case False
+ then consider "\<exists>x \<in> fst ` fset xs. e \<in> darcs x" | "\<exists>x \<in> fst ` fset xs. p \<in> darcs x"
+ | "e \<in> snd ` fset xs \<and> p \<in> snd ` fset xs"
+ using ind.prems(1,2) by force
+ then show ?thesis
+ proof(cases)
+ case 1
+ then obtain x e1 where x_def: "(x,e1) \<in> fset xs \<and> e \<in> darcs x \<and> p \<notin> darcs x"
+ using False by force
+ then interpret X: wf_dtree x using wf_dtree_rec by blast
+ have "dhead x dh e \<in> (dverts x - {root x})" using X.dhead_in_dverts_no_root x_def by blast
+ then have "dhead (Node r xs) dh e \<in> (dverts x - {root x})"
+ using dhead_in_child_eq_child[of x] wf_arcs x_def by force
+ moreover have "dhead (Node r xs) dh p \<notin> (dverts x - {root x})"
+ using x_def dhead_notin_subtree_wo_root ind.prems(2) by blast
+ ultimately show ?thesis by auto
+ next
+ case 2
+ then obtain x e1 where x_def: "(x,e1) \<in> fset xs \<and> p \<in> darcs x \<and> e \<notin> darcs x"
+ using False by force
+ then interpret X: wf_dtree x using wf_dtree_rec by blast
+ have "dhead x dh p \<in> (dverts x - {root x})" using X.dhead_in_dverts_no_root x_def by blast
+ then have "dhead (Node r xs) dh p \<in> (dverts x - {root x})"
+ using dhead_in_child_eq_child[of x] wf_arcs x_def by force
+ moreover have "dhead (Node r xs) dh e \<notin> (dverts x - {root x})"
+ using x_def dhead_notin_subtree_wo_root ind.prems(1) by blast
+ ultimately show ?thesis by auto
+ next
+ case 3
+ then obtain x1 x2 where x_def: "(x1,p) \<in> fset xs \<and> (x2,e) \<in> fset xs" by force
+ then have 0: "dhead (Node r xs) dh p = root x1 \<and> dhead (Node r xs) dh e = root x2"
+ using dhead_in_set_eq_root[of x1] dhead_in_set_eq_root[of x2] wf_arcs by simp
+ have "x1 \<noteq> x2" using subtree_uneq_if_arc_uneq x_def ind.prems(3) by blast
+ then have "root x1 \<noteq> root x2"
+ using wf_verts x_def dtree.set_sel(1) unfolding wf_dverts_iff_dverts' by fastforce
+ then show ?thesis using 0 by argo
+ qed
+ qed
+qed
+
+lemma arc_in_subtree_if_tail_in_subtree:
+ assumes "dtail t dt p \<in> dverts x"
+ and "p \<in> darcs t"
+ and "t = Node r xs"
+ and "(x,e) \<in> fset xs"
+ shows "p \<in> darcs x"
+proof (rule ccontr)
+ assume asm: "p \<notin> darcs x"
+ show False
+ proof(cases "p \<in> snd ` fset xs")
+ case True
+ then have "dtail t dt p = r" using assms(2,3) by simp
+ then show ?thesis using assms(1,3,4) root_not_subtree by force
+ next
+ case False
+ then obtain x' e1 where x'_def: "(x',e1) \<in> fset xs \<and> p \<in> darcs x'" using assms(2,3) by force
+ then have "x \<noteq> x'" using asm by blast
+ interpret X: wf_dtree x' using x'_def assms(3) wf_dtree_rec by blast
+ have "dtail t dt p = dtail x' dt p"
+ using dtail_in_child_eq_child[of x'] x'_def wf_arcs assms(3) by force
+ then have "dtail t dt p \<in> dverts x'" using X.dtail_in_dverts by (simp add: x'_def)
+ then have "dtail t dt p \<notin> dverts x"
+ using \<open>x\<noteq>x'\<close> wf_verts assms(3,4) x'_def unfolding wf_dverts_iff_dverts' by fastforce
+ then show ?thesis using assms(1) by blast
+ qed
+qed
+
+lemma dhead_in_verts_if_dtail:
+ assumes "dtail t dt p \<in> dverts x"
+ and "p \<in> darcs t"
+ and "t = Node r xs"
+ and "(x,e) \<in> fset xs"
+ shows "dhead t dh p \<in> dverts x"
+proof -
+ interpret X: wf_dtree x using assms(3,4) wf_dtree_rec by blast
+ have 0: "p \<in> darcs x" using assms arc_in_subtree_if_tail_in_subtree by blast
+ then have "dhead t dh p = dhead x dh p"
+ using dhead_in_child_eq_child[of x] assms(3,4) wf_arcs by simp
+ then show ?thesis using X.dhead_in_dverts 0 by simp
+qed
+
+lemma cas_darcs_in_subtree:
+ assumes "pre_digraph.cas (from_dtree dt dh t) u ps v"
+ and "set ps \<subseteq> darcs t"
+ and "t = Node r xs"
+ and "(x,e) \<in> fset xs"
+ and "u \<in> dverts x"
+ shows "set ps \<subseteq> darcs x"
+using assms proof(induction ps arbitrary: u)
+ case Nil
+ then show ?case by simp
+next
+ case (Cons p ps)
+ note pre_digraph.cas.simps[simp]
+ then have u_p: "dtail t dt p = u" using Cons.prems(1) by simp
+ have "p \<in> darcs t" using Cons.prems(2) by simp
+ then have 0: "p \<in> darcs x" using arc_in_subtree_if_tail_in_subtree Cons.prems(3-5) u_p by blast
+ have 1: "dhead t dh p \<in> dverts x" using dhead_in_verts_if_dtail Cons.prems(2-5) u_p by force
+ have "set ps \<subseteq> darcs t" using Cons.prems(2) by simp
+ have "pre_digraph.cas (from_dtree dt dh t) (dhead t dh p) ps v" using Cons.prems(1) by simp
+ then have "set ps \<subseteq> darcs x" using Cons.IH Cons.prems(2,3,4) 1 by simp
+ then show ?case using 0 by simp
+qed
+
+lemma dtree_cas_in_subtree:
+ assumes "pre_digraph.cas (from_dtree dt dh t) u ps v"
+ and "set ps \<subseteq> darcs t"
+ and "t = Node r xs"
+ and "(x,e) \<in> fset xs"
+ and "u \<in> dverts x"
+ shows "pre_digraph.cas (from_dtree dt dh x) u ps v"
+ using assms cas_darcs_in_subtree dtree_cas_iff_subtree by fast
+
+lemma cas_to_end_subtree:
+ assumes "set (p#ps) \<subseteq> darcs t" and "pre_digraph.cas (from_dtree dt dh t) (root t) (p#ps) v"
+ and "t = Node r xs" and "(x,e) \<in> fset xs" and "v \<in> dverts x"
+ shows "p = e"
+proof (rule ccontr)
+ assume asm: "p \<noteq> e"
+ note pre_digraph.cas.simps[simp]
+ have "dtail t dt p = r" using assms(2,3) by simp
+ then have "p \<in> snd ` fset xs" using dtail_root_in_set assms(1,3) list.set_intros(1) by fast
+ then obtain x' where x'_def: "(x',p) \<in> fset xs" by force
+ show False
+ proof(cases "ps=[]")
+ case True
+ then have "root x' = v"
+ using dhead_in_set_eq_root[of x'] x'_def assms(2,3) wf_arcs by simp
+ then have "x = x'"
+ using wf_verts x'_def assms(3,4,5) dtree.set_sel(1) by (fastforce simp: wf_dverts_iff_dverts')
+ then show ?thesis using asm assms(3,4) subtree_uneq_if_arc_uneq x'_def by blast
+ next
+ case False
+ interpret X: wf_dtree x' using wf_dtree_rec x'_def assms(3) by blast
+ have "x' \<noteq> x" using asm assms(3,4) subtree_uneq_if_arc_uneq x'_def by blast
+ then have x'_no_v: "\<forall>e\<in>darcs x'. dhead x' dh e \<noteq> v"
+ using X.dhead_in_dverts assms(3,4,5) x'_def wf_verts
+ by (fastforce simp: wf_dverts_iff_dverts')
+ have 0: "pre_digraph.cas (from_dtree dt dh t) (dhead t dh p) ps v" using assms(2) by simp
+ have 1: "dhead t dh p \<in> dverts x'"
+ using dhead_in_set_eq_root[of x'] x'_def assms(3) dtree.set_sel(1) wf_arcs by auto
+ then have "pre_digraph.cas (from_dtree dt dh x') (dhead t dh p) ps v"
+ using dtree_cas_in_subtree x'_def assms(1,3) 0 by force
+ then have "\<not> set ps \<subseteq> darcs x'" using X.nohead_cas_no_arc_in_subset x'_no_v False by blast
+ moreover have "set ps \<subseteq> darcs x'" using cas_darcs_in_subtree assms(1,3) x'_def 0 1 by simp
+ ultimately show ?thesis by blast
+ qed
+qed
+
+lemma cas_unique_in_darcs: "\<lbrakk>v \<in> dverts t; pre_digraph.cas (from_dtree dt dh t) (root t) ps v;
+ pre_digraph.cas (from_dtree dt dh t) (root t) es v\<rbrakk>
+ \<Longrightarrow> ps = es \<or> \<not>set ps \<subseteq> darcs t \<or> \<not>set es \<subseteq> darcs t"
+using wf_dtree_axioms proof(induction t arbitrary: ps es rule: darcs_mset.induct)
+ case ind: (1 r xs)
+ interpret wf_dtree "Node r xs" by (rule ind.prems(4))
+ show ?case
+ proof(cases "r=v")
+ case True
+ have 0: "\<forall>e \<in> darcs (Node r xs). dhead (Node r xs) dh e \<noteq> r" using dhead_not_root by force
+ consider "ps = [] \<and> es = []" | "ps \<noteq> []" | "es \<noteq> []" by blast
+ then show ?thesis
+ proof(cases)
+ case 1
+ then show ?thesis by blast
+ next
+ case 2
+ then show ?thesis using nohead_cas_no_arc_in_subset 0 ind.prems(2) True by blast
+ next
+ case 3
+ then show ?thesis using nohead_cas_no_arc_in_subset 0 ind.prems(3) True by blast
+ qed
+ next
+ case False
+ then obtain x e where x_def: "(x,e) \<in> fset xs" "v \<in> dverts x" using ind.prems by auto
+ then have wf_x: "wf_dtree x" using wf_dtree_rec by blast
+ note pre_digraph.cas.simps[simp]
+ have nempty: "ps \<noteq> [] \<and> es \<noteq> []" using ind.prems(2,3) False by force
+ then obtain p ps' where p_def: "ps = p # ps'" using list.exhaust_sel by auto
+ obtain e' es' where e'_def: "es = e' # es'" using list.exhaust_sel nempty by auto
+ show ?thesis
+ proof (rule ccontr)
+ assume "\<not>(ps = es \<or> \<not>set ps \<subseteq> darcs (Node r xs) \<or> \<not>set es \<subseteq> darcs (Node r xs))"
+ then have asm: "ps \<noteq> es \<and> set ps \<subseteq> darcs (Node r xs) \<and> set es \<subseteq> darcs (Node r xs)" by blast
+ then have "p = e" using cas_to_end_subtree p_def ind.prems(2) x_def by blast
+ moreover have "e' = e" using cas_to_end_subtree e'_def ind.prems(3) x_def asm by blast
+ ultimately have "p = e'" by blast
+ have "dhead (Node r xs) dh p = root x"
+ using dhead_in_set_eq_root[of x] x_def(1) \<open>p=e\<close> wf_arcs by simp
+ then have cas_p_r: "pre_digraph.cas (from_dtree dt dh (Node r xs)) (root x) ps' v"
+ using ind.prems(2) p_def by fastforce
+ moreover have 0: "root x \<in> dverts x" using dtree.set_sel(1) by blast
+ ultimately have cas_ps: "pre_digraph.cas (from_dtree dt dh x) (root x) ps' v"
+ using dtree_cas_in_subtree asm x_def(1) p_def dtree.set_sel(1) by force
+ have "dhead (Node r xs) dh e' = root x"
+ using dhead_in_set_eq_root[of x] x_def \<open>e'=e\<close> wf_arcs by simp
+ then have cas_e_r: "pre_digraph.cas (from_dtree dt dh (Node r xs)) (root x) es' v"
+ using ind.prems(3) e'_def by fastforce
+ then have "pre_digraph.cas (from_dtree dt dh x) (root x) es' v"
+ using dtree_cas_in_subtree asm x_def(1) e'_def 0 by force
+ then have "ps' = es' \<or> \<not> set ps' \<subseteq> darcs x \<or> \<not> set es' \<subseteq> darcs x"
+ using ind.IH cas_ps x_def wf_x by blast
+ moreover have "set ps' \<subseteq> darcs x"
+ using cas_darcs_in_subtree cas_p_r x_def(1) asm p_def 0 set_subset_Cons by fast
+ moreover have "set es' \<subseteq> darcs x"
+ using cas_darcs_in_subtree cas_e_r x_def(1) asm e'_def 0 set_subset_Cons by fast
+ ultimately have "ps' = es'" by blast
+ then show False using asm p_def e'_def \<open>p=e'\<close> by blast
+ qed
+ qed
+qed
+
+lemma dtree_awalk_unique:
+ "\<lbrakk>v \<in> dverts t; pre_digraph.awalk (from_dtree dt dh t) (root t) ps v;
+ pre_digraph.awalk (from_dtree dt dh t) (root t) es v\<rbrakk>
+ \<Longrightarrow> ps = es"
+ unfolding pre_digraph.awalk_def using cas_unique_in_darcs by fastforce
+
+lemma dtree_unique_awalk_exists:
+ assumes "v \<in> dverts t"
+ shows "\<exists>!p. pre_digraph.awalk (from_dtree dt dh t) (root t) p v"
+ using dtree_awalk_exists dtree_awalk_unique assms by blast
+
+lemma from_dtree_directed: "directed_tree (from_dtree dt dh t) (root t)"
+ apply(unfold_locales)
+ by(auto simp: dtail_in_dverts dhead_in_dverts dtree.set_sel(1) dtree_unique_awalk_exists)
+
+theorem from_dtree_fin_directed: "finite_directed_tree (from_dtree dt dh t) (root t)"
+ apply(unfold_locales)
+ by(auto simp: dtail_in_dverts dhead_in_dverts dtree.set_sel(1) dtree_unique_awalk_exists
+ finite_dverts finite_darcs)
+
+subsubsection "Identity of Transformation Operations"
+
+lemma dhead_img_eq_root_img:
+ "Node r xs = t
+ \<Longrightarrow> (\<lambda>e. ((dhead (Node r xs) dh e), e)) ` snd ` fset xs = (\<lambda>(x,e). (root x, e)) ` fset xs"
+ using dhead_in_set_eq_root wf_arcs snd_conv image_image disjoint_darcs_if_wf_xs
+ by (smt (verit) case_prodE case_prod_conv image_cong)
+
+lemma childarcs_in_out_arcs:
+ "\<lbrakk>Node r xs = t; e \<in> snd ` fset xs\<rbrakk> \<Longrightarrow> e \<in> out_arcs (from_dtree dt dh t) r"
+ by force
+
+lemma out_arcs_in_childarcs:
+ assumes "Node r xs = t" and "e \<in> out_arcs (from_dtree dt dh t) r"
+ shows "e \<in> snd ` fset xs"
+proof (rule ccontr)
+ assume asm: "e \<notin> snd ` fset xs"
+ have "e \<in> darcs t" using assms(2) by simp
+ then obtain x e1 where x_def: "(x,e1) \<in> fset xs \<and> e \<in> darcs x" using assms(1) asm by force
+ then have "dtail t dt e \<in> dverts x" using assms(1) dtail_in_childverts by blast
+ moreover have "r \<notin> dverts x" using assms(1) wf_verts x_def by (auto simp: wf_dverts_iff_dverts')
+ ultimately show False using assms(2) by simp
+qed
+
+lemma childarcs_eq_out_arcs:
+ "Node r xs = t \<Longrightarrow> snd ` fset xs = out_arcs (from_dtree dt dh t) r"
+ using childarcs_in_out_arcs out_arcs_in_childarcs by fast
+
+lemma dtail_in_subtree_eq_subtree:
+ "\<lbrakk>is_subtree t1 t; e \<in> darcs t1\<rbrakk> \<Longrightarrow> dtail t def e = dtail t1 def e"
+using wf_arcs proof(induction t rule: darcs_mset.induct)
+ case (1 r xs)
+ show ?case
+ proof(cases "Node r xs=t1")
+ case False
+ then obtain x e1 where x_def: "(x,e1) \<in> fset xs \<and> is_subtree t1 x" using "1.prems"(1) by auto
+ then have "e \<in> darcs x" using "1.prems"(2) darcs_subtree_subset by blast
+ then have "dtail (Node r xs) def e = dtail x def e"
+ using dtail_in_child_eq_child[of x] x_def "1.prems"(3) by blast
+ then show ?thesis using "1.IH" x_def "1.prems"(2-3) by fastforce
+ qed (simp)
+qed
+
+lemma dtail_in_subdverts:
+ assumes "e \<in> darcs x" and "is_subtree x t"
+ shows "dtail t def e \<in> dverts x"
+proof -
+ interpret X: wf_dtree x by (simp add: assms(2) wf_dtree_sub)
+ have "dtail t def e = dtail x def e" using dtail_in_subtree_eq_subtree assms(1,2) by blast
+ then show ?thesis using assms(1) X.dtail_in_dverts by simp
+qed
+
+lemma dhead_in_subtree_eq_subtree:
+ "\<lbrakk>is_subtree t1 t; e \<in> darcs t1\<rbrakk> \<Longrightarrow> dhead t def e = dhead t1 def e"
+using wf_arcs proof(induction t)
+ case (Node r xs)
+ show ?case
+ proof(cases "Node r xs=t1")
+ case False
+ then obtain x e1 where x_def: "(x,e1) \<in> fset xs \<and> is_subtree t1 x" using Node.prems(1) by auto
+ then have "e \<in> darcs x" using Node.prems(2) darcs_subtree_subset by blast
+ then have "dhead (Node r xs) def e = dhead x def e"
+ using dhead_in_child_eq_child[of x] x_def Node.prems(3) by force
+ then show ?thesis using Node.IH x_def Node.prems(2-3) by fastforce
+ qed (simp)
+qed
+
+lemma subarcs_in_out_arcs:
+ assumes "is_subtree (Node r xs) t" and "e \<in> snd ` fset xs"
+ shows "e \<in> out_arcs (from_dtree dt dh t) r"
+proof -
+ have "e \<in> darcs (Node r xs)" using assms(2) by force
+ then have "tail (from_dtree dt dh t) e = r"
+ using dtail_in_subtree_eq_subtree assms(1,2) by auto
+ then show ?thesis using darcs_subtree_subset assms(1,2) by fastforce
+qed
+
+lemma darc_in_sub_if_dtail_in_sub:
+ assumes "dtail t dt e = v" and "e \<in> darcs t" and "(x,e1) \<in> fset xs"
+ and "is_subtree t1 x" and "Node r xs = t" and "v \<in> dverts t1"
+ shows "e \<in> darcs x"
+proof (rule ccontr)
+ assume asm: "e \<notin> darcs x"
+ have "e \<notin> snd ` fset xs"
+ using assms(1-6) asm arc_in_subtree_if_tail_in_subtree dverts_subtree_subset by blast
+ then obtain x2 e2 where x2_def: "(x2,e2) \<in> fset xs \<and> e \<in> darcs x2" using assms(2,5) by force
+ then have "v \<in> dverts x" using assms(4,6) dverts_subtree_subset by fastforce
+ then have "v \<notin> dverts x2" using assms(1-3,5) arc_in_subtree_if_tail_in_subtree asm by blast
+ then have "dtail x2 dt e \<noteq> v" using assms(1,5) dtail_in_childverts x2_def by fast
+ then have "dtail t dt e = dtail x2 dt e"
+ using assms(1,5) x2_def \<open>v \<notin> dverts x2\<close> dtail_in_childverts by blast
+ then show False using assms(1) \<open>dtail x2 dt e \<noteq> v\<close> by simp
+qed
+
+lemma out_arcs_in_subarcs_aux:
+ assumes "is_subtree (Node r xs) t" and "dtail t dt e = r" and "e \<in> darcs t"
+ shows "e \<in> snd ` fset xs"
+using assms wf_dtree_axioms proof(induction t)
+ case (Node v ys)
+ then interpret wf_dtree "Node v ys" by blast
+ show ?case
+ proof(cases "Node v ys = Node r xs")
+ case True
+ then show ?thesis using dtail_root_in_set Node.prems(2,3) by blast
+ next
+ case False
+ then obtain x e1 where x_def: "(x,e1) \<in> fset ys \<and> is_subtree (Node r xs) x"
+ using Node.prems(1) by auto
+ then have "e \<in> darcs x"
+ using darc_in_sub_if_dtail_in_sub Node.prems(2,3) dtree.set_intros(1) by fast
+ moreover from this have "dtail x dt e = r"
+ using dtail_in_child_eq_child[of x] x_def Node.prems(2) wf_arcs by force
+ moreover from this have "wf_dtree x" using wf_verts wf_arcs x_def by(unfold_locales) auto
+ ultimately show ?thesis using Node.IH x_def by force
+ qed
+qed
+
+lemma out_arcs_in_subarcs:
+ assumes "is_subtree (Node r xs) t" and "e \<in> out_arcs (from_dtree dt dh t) r"
+ shows "e \<in> snd ` fset xs"
+ using assms out_arcs_in_subarcs_aux by auto
+
+lemma subarcs_eq_out_arcs:
+ "is_subtree (Node r xs) t \<Longrightarrow> snd ` fset xs = out_arcs (from_dtree dt dh t) r"
+ using subarcs_in_out_arcs out_arcs_in_subarcs by fast
+
+lemma dhead_sub_img_eq_root_img:
+ "is_subtree (Node v ys) t
+ \<Longrightarrow> (\<lambda>e. ((dhead t dh e), e)) ` snd ` fset ys = (\<lambda>(x,e). (root x, e)) ` fset ys"
+using wf_dtree_axioms proof(induction t)
+ case (Node r xs)
+ then interpret wf_dtree "Node r xs" by blast
+ show ?case
+ proof(cases "Node v ys = Node r xs")
+ case True
+ then show ?thesis using dhead_img_eq_root_img by simp
+ next
+ case False
+ then obtain x e where x_def: "(x,e) \<in> fset xs \<and> is_subtree (Node v ys) x"
+ using Node.prems(1) by auto
+ then interpret X: wf_dtree x using wf_verts wf_arcs by(unfold_locales) auto
+ have "\<forall>a \<in> snd ` fset ys. (\<lambda>e. ((dhead (Node r xs) dh e), e)) a = (\<lambda>e. ((dhead x dh e), e)) a"
+ proof
+ fix a
+ assume asm: "a \<in> snd ` fset ys"
+ then have "a \<in> darcs x" using x_def darcs_subtree_subset by fastforce
+ then show "(\<lambda>e. ((dhead (Node r xs) dh e), e)) a = (\<lambda>e. ((dhead x dh e), e)) a"
+ using dhead_in_child_eq_child[of x] x_def wf_arcs by auto
+ qed
+ then have "(\<lambda>e. ((dhead (Node r xs) dh e), e)) ` snd ` fset ys
+ = (\<lambda>e. ((dhead x dh e), e)) ` snd ` fset ys"
+ by (meson image_cong)
+ then show ?thesis using Node.IH x_def X.wf_dtree_axioms by force
+ qed
+qed
+
+lemma subtree_to_dtree_aux_eq:
+ assumes "is_subtree x t" and "v \<in> dverts x"
+ shows "finite_directed_tree.to_dtree_aux (from_dtree dt dh t) v
+ = finite_directed_tree.to_dtree_aux (from_dtree dt dh x) v
+ \<and> finite_directed_tree.to_dtree_aux (from_dtree dt dh x) (root x) = x"
+using assms wf_dtree_axioms proof(induction x arbitrary: t v rule: darcs_mset.induct)
+ case ind: (1 r xs)
+ then interpret wf_dtree t by blast
+ obtain r' xs' where r'_def: "t = Node r' xs'" using dtree.exhaust by auto
+ interpret R_xs: wf_dtree "Node r xs" using ind.prems(1,3) wf_dtree_sub by simp
+ let ?todt = "finite_directed_tree.to_dtree_aux"
+ let ?T = "(from_dtree dt dh t)"
+ let ?X = "(from_dtree dt dh (Node r xs))"
+ interpret DT: finite_directed_tree ?T "root t" using from_dtree_fin_directed by blast
+ interpret XT: finite_directed_tree ?X "root (Node r xs)"
+ using R_xs.from_dtree_fin_directed by blast
+
+ (* goal 2 *)
+ have ih: "\<forall>y \<in> fset xs. (\<lambda>(x,e). (XT.to_dtree_aux (root x), e)) y = y"
+ proof
+ fix y
+ assume asm: "y \<in> fset xs"
+ obtain x e where x_def: "y = (x,e)" by fastforce
+ then have "is_subtree x (Node r xs)" using subtree_if_child asm by fastforce
+ then have "?todt (from_dtree dt dh x) (root x) = x
+ \<and> XT.to_dtree_aux (root x) = ?todt (from_dtree dt dh x) (root x)"
+ using ind.IH R_xs.wf_dtree_axioms asm x_def dtree.set_sel(1) by blast
+ then have "XT.to_dtree_aux (root x) = x" by simp
+ then show "(\<lambda>(x,e). (XT.to_dtree_aux (root x), e)) y = y" using x_def by fast
+ qed
+ let ?f = "\<lambda>(x,e). (XT.to_dtree_aux x, e)"
+ let ?g = "\<lambda>e. ((dhead (Node r xs) dh e), e)"
+ obtain ys where ys_def: "XT.to_dtree_aux (root (Node r xs)) = Node r ys"
+ using dtree.exhaust dtree.sel(1) XT.to_dtree_aux_root by metis
+ then have "fset ys = (\<lambda>e. (XT.to_dtree_aux (head ?X e), e)) ` out_arcs ?X r"
+ using XT.dtree_children_img_alt XT.dtree_children_fset_id dtree.sel(1) by (smt (verit))
+ also have "\<dots> = (\<lambda>e. (XT.to_dtree_aux (dhead (Node r xs) dh e), e)) ` (snd ` fset xs)"
+ using R_xs.childarcs_eq_out_arcs by simp
+ also have "\<dots> = ?f ` ?g ` (snd ` fset xs)" by fast
+ also have "\<dots> = ?f ` (\<lambda>(x,e). (root x, e)) ` fset xs" using R_xs.dhead_img_eq_root_img by simp
+ also have "\<dots> = (\<lambda>(x,e). (XT.to_dtree_aux (root x), e)) ` fset xs" by fast
+ also have "\<dots> = fset xs" using ih by simp
+ finally have g2: "ys = xs" by (simp add: fset_inject)
+
+ show ?case
+ proof(cases "v = r")
+ case True
+ (* goal 1 *)
+ have 0: "\<forall>y \<in> fset xs. (\<lambda>(x,e). (DT.to_dtree_aux (root x), e)) y = y"
+ proof
+ fix y
+ assume asm: "y \<in> fset xs"
+ obtain x e where x_def: "y = (x,e)" by fastforce
+ then have "is_subtree x (Node r xs)" using subtree_if_child asm by fastforce
+ then have "is_subtree x t" using asm subtree_trans ind.prems(1) by blast
+ then have "?todt (from_dtree dt dh x) (root x) = x
+ \<and> DT.to_dtree_aux (root x) = ?todt (from_dtree dt dh x) (root x)"
+ using ind.IH wf_dtree_axioms asm x_def dtree.set_sel(1) by blast
+ then have "DT.to_dtree_aux (root x) = x" by simp
+ then show "(\<lambda>(x,e). (DT.to_dtree_aux (root x), e)) y = y" using x_def by fast
+ qed
+ let ?f = "\<lambda>(x,e). (DT.to_dtree_aux x, e)"
+ let ?g = "\<lambda>e. ((dhead (Node r' xs') dh e), e)"
+ obtain zs where zs_def: "DT.to_dtree_aux v = Node v zs"
+ using dtree.exhaust by simp
+ then have "fset zs = (\<lambda>e. (DT.to_dtree_aux (head ?T e), e)) ` out_arcs ?T r"
+ using DT.dtree_children_img_alt DT.dtree_children_fset_id True by presburger
+ also have "\<dots> = (\<lambda>e. (DT.to_dtree_aux (dhead t dh e), e)) ` (snd ` fset xs)"
+ using ind.prems(1) subarcs_eq_out_arcs by force
+ also have "\<dots> = ?f ` ?g ` (snd ` fset xs)" using r'_def by fast
+ also have "\<dots> = ?f ` (\<lambda>(x,e). (root x, e)) ` fset xs"
+ using dhead_sub_img_eq_root_img ind.prems(1) r'_def by blast
+ also have "\<dots> = (\<lambda>(x,e). (DT.to_dtree_aux (root x), e)) ` fset xs" by fast
+ also have "\<dots> = fset xs" using 0 by simp
+ finally have g1: "zs = xs" by (simp add: fset_inject)
+ then show ?thesis using zs_def True g2 ys_def by simp
+ next
+ case False
+ (* goal 1 *)
+ then obtain x1 e1 where x_def: "(x1,e1) \<in> fset xs" "v \<in> dverts x1" using ind.prems(2) by auto
+ then have "is_subtree x1 (Node r xs)" using subtree_if_child by fastforce
+ moreover from this have "is_subtree x1 t" using ind.prems(1) subtree_trans by blast
+ ultimately have g1: "DT.to_dtree_aux v = XT.to_dtree_aux v"
+ using ind.IH x_def by (metis R_xs.wf_dtree_axioms wf_dtree_axioms)
+ then show ?thesis using g1 g2 ys_def by blast
+ qed
+qed
+
+interpretation T: finite_directed_tree "from_dtree dt dh t" "root t"
+ using from_dtree_fin_directed by simp
+
+lemma to_from_dtree_aux_id: "T.to_dtree_aux dt dh (root t) = t"
+ using subtree_to_dtree_aux_eq dtree.set_sel(1) self_subtree by blast
+
+theorem to_from_dtree_id: "T.to_dtree dt dh = t"
+ using to_from_dtree_aux_id T.to_dtree_def by simp
+
+end
+
+context finite_directed_tree
+begin
+
+lemma wf_to_dtree_aux: "wf_dtree (to_dtree_aux r)"
+ unfolding wf_dtree_def using wf_dverts_to_dtree_aux wf_darcs_to_dtree_aux by blast
+
+theorem wf_to_dtree: "wf_dtree to_dtree"
+ unfolding to_dtree_def using wf_to_dtree_aux by blast
+
+end
+
+subsection \<open>Degrees of Nodes\<close>
+
+fun max_deg :: "('a,'b) dtree \<Rightarrow> nat" where
+ "max_deg (Node r xs) = (if xs = {||} then 0 else max (Max (max_deg ` fst ` fset xs)) (fcard xs))"
+
+lemma mdeg_eq_fcard_if_empty: "xs = {||} \<Longrightarrow> max_deg (Node r xs) = fcard xs"
+ by simp
+
+lemma mdeg0_if_fcard0: "fcard xs = 0 \<Longrightarrow> max_deg (Node r xs) = 0"
+ by simp
+
+lemma mdeg0_iff_fcard0: "fcard xs = 0 \<longleftrightarrow> max_deg (Node r xs) = 0"
+ by simp
+
+lemma nempty_if_mdeg_gt_fcard: "max_deg (Node r xs) > fcard xs \<Longrightarrow> xs \<noteq> {||}"
+ by auto
+
+lemma mdeg_img_nempty: "max_deg (Node r xs) > fcard xs \<Longrightarrow> max_deg ` fst ` fset xs \<noteq> {}"
+ using nempty_if_mdeg_gt_fcard notin_fset[where S=xs] by fast
+
+lemma mdeg_img_fin: "finite (max_deg ` fst ` fset xs)"
+ by simp
+
+lemma mdeg_Max_if_gt_fcard:
+ "max_deg (Node r xs) > fcard xs \<Longrightarrow> max_deg (Node r xs) = Max (max_deg ` fst ` fset xs)"
+ by (auto split: if_splits)
+
+lemma mdeg_child_if_gt_fcard:
+ "max_deg (Node r xs) > fcard xs \<Longrightarrow> \<exists>t \<in> fst ` fset xs. max_deg t = max_deg (Node r xs)"
+ unfolding mdeg_Max_if_gt_fcard using Max_in[OF mdeg_img_fin mdeg_img_nempty] by force
+
+lemma mdeg_child_if_wedge:
+ "\<lbrakk>max_deg (Node r xs) > n; fcard xs \<le> n \<or> \<not>(\<forall>t \<in> fst ` fset xs. max_deg t \<le> n)\<rbrakk>
+ \<Longrightarrow> \<exists>t \<in> fst ` fset xs. max_deg t > n"
+ using mdeg_child_if_gt_fcard by force
+
+lemma maxif_eq_Max: "finite X \<Longrightarrow> (if X \<noteq> {} then max x (Max X) else x) = Max (insert x X)"
+ by simp
+
+lemma mdeg_img_empty_iff: "max_deg ` fst ` fset xs = {} \<longleftrightarrow> xs = {||}"
+ using notin_fset by fast
+
+lemma mdeg_alt: "max_deg (Node r xs) = Max (insert (fcard xs) (max_deg ` fst ` fset xs))"
+ using maxif_eq_Max[OF mdeg_img_fin, of xs "fcard xs"] mdeg_img_empty_iff[of xs]
+ by (auto split: if_splits)
+
+lemma finite_fMax_union: "finite Y \<Longrightarrow> finite (\<Union>y\<in>Y. {Max (f y)})"
+ by blast
+
+lemma Max_union_Max_out:
+ assumes "finite Y" and "\<forall>y \<in> Y. finite (f y)" and "\<forall>y \<in> Y. f y \<noteq> {}" and "Y \<noteq> {}"
+ shows "Max (\<Union>y\<in>Y. {Max (f y)}) = Max (\<Union>y\<in>Y. f y)" (is "?M1=_")
+proof -
+ have "\<forall>y \<in> Y. \<forall>x \<in> f y. Max (f y) \<ge> x" using assms(2) by simp
+ moreover have "\<forall>x \<in> (\<Union>y\<in>Y. {Max (f y)}). ?M1 \<ge> x" using assms(1) by simp
+ moreover have M1_in: "?M1 \<in> (\<Union>y\<in>Y. {Max (f y)})"
+ using assms(1,4) Max_in[OF finite_fMax_union] by auto
+ ultimately have "\<forall>y \<in> Y. \<forall>x \<in> f y. ?M1 \<ge> x" by force
+ then have "\<forall>x \<in> (\<Union>y\<in>Y. f y). ?M1 \<ge> x" by blast
+ moreover have "?M1 \<in> (\<Union>y\<in>Y. (f y))" using M1_in assms(2-4) by force
+ ultimately show ?thesis using assms(1,2) Max_eqI finite_UN_I by metis
+qed
+
+lemma Max_union_Max_out_insert:
+ "\<lbrakk>finite Y; \<forall>y \<in> Y. finite (f y); \<forall>y \<in> Y. f y \<noteq> {}; Y \<noteq> {}\<rbrakk>
+ \<Longrightarrow> Max (insert x (\<Union>y\<in>Y. {Max (f y)})) = Max (insert x (\<Union>y\<in>Y. f y))"
+ using Max_union_Max_out[of Y f] by simp
+
+lemma mdeg_alt2: "max_deg t = Max {fcard (sucs x)|x. is_subtree x t}"
+proof(induction t rule: max_deg.induct)
+ case (1 r xs)
+ then show ?case
+ proof(cases "xs = {||}")
+ case False
+ let ?f = "(\<lambda>t1. {fcard (sucs x)|x. is_subtree x t1})"
+ let ?f' = "(\<lambda>t1. (\<lambda>x. fcard (sucs x)) ` {x. is_subtree x t1})"
+ have fin: "finite (fst ` fset xs)" by simp
+ have f_eq1: "?f = ?f'" by blast
+ then have f_eq: "\<forall>y\<in>fst ` fset xs. (?f y = ?f' y)" by blast
+ moreover have "\<forall>y\<in>fst ` fset xs. finite (?f' y)" using finite_subtrees by blast
+ ultimately have fin': "\<forall>y\<in>fst ` fset xs. finite (?f y)" by simp
+ have nempty: "\<forall>y\<in>fst ` fset xs. {fcard (sucs x) |x. is_subtree x y} \<noteq> {}"
+ using self_subtree by blast
+ have "max_deg ` fst ` fset xs = (\<Union>t1\<in>fst ` fset xs. {Max (?f t1)})"
+ using "1.IH"[OF False] by auto
+ then have "max_deg (Node r xs) = Max (insert (fcard xs) (\<Union>t1\<in>fst ` fset xs. {Max (?f t1)}))"
+ using mdeg_alt[of r xs] by simp
+ also have "\<dots> = Max (insert (fcard xs) (\<Union>t1\<in>fst ` fset xs. ?f t1))"
+ using Max_union_Max_out_insert[OF fin fin' nempty] by fastforce
+ also have "\<dots> = Max (insert (fcard xs) ((\<Union>t1\<in>fst ` fset xs. ?f' t1)))"
+ using f_eq by simp
+ also have "\<dots>
+ = Max (insert (fcard xs) ((\<Union>t1\<in>fst ` fset xs. fcard ` sucs ` {x. is_subtree x t1})))"
+ using image_image by metis
+ also have "\<dots>
+ = Max (insert (fcard xs) (fcard ` sucs ` (\<Union>t1\<in>fst ` fset xs. {x. is_subtree x t1})))"
+ by (metis image_UN)
+ also have "\<dots>
+ = Max (fcard ` sucs ` (insert (Node r xs) (\<Union>t1\<in>fst ` fset xs. {x. is_subtree x t1})))"
+ by force
+ also have "\<dots> = Max (fcard ` sucs ` {x. is_subtree x (Node r xs)})"
+ unfolding subtrees_insert_union by blast
+ finally show ?thesis using f_eq1 image_image by metis
+ qed(simp)
+qed
+
+lemma mdeg_singleton: "max_deg (Node r {|(t1,e1)|}) = max (max_deg t1) (fcard {|(t1,e1)|})"
+ by simp
+
+lemma mdeg_ge_child_aux: "(t1,e1) \<in> fset xs \<Longrightarrow> max_deg t1 \<le> Max (max_deg ` fst ` fset xs)"
+ using Max_ge[OF mdeg_img_fin] by fastforce
+
+lemma mdeg_ge_child: "(t1,e1) \<in> fset xs \<Longrightarrow> max_deg t1 \<le> max_deg (Node r xs)"
+ using mdeg_ge_child_aux by fastforce
+
+lemma mdeg_ge_child': "t1 \<in> fst ` fset xs \<Longrightarrow> max_deg t1 \<le> max_deg (Node r xs)"
+ using mdeg_ge_child[of t1] by force
+
+lemma mdeg_ge_sub: "is_subtree t1 t2 \<Longrightarrow> max_deg t1 \<le> max_deg t2"
+proof(induction t2)
+ case (Node r xs)
+ show ?case
+ proof(cases "Node r xs=t1")
+ case False
+ then obtain x e1 where x_def: "(x,e1) \<in> fset xs" "is_subtree t1 x" using Node.prems(1) by auto
+ then have "max_deg t1 \<le> max_deg x" using Node.IH by force
+ then show ?thesis using mdeg_ge_child[OF x_def(1)] by simp
+ qed(simp)
+qed
+
+lemma mdeg_gt_0_if_nempty: "xs \<noteq> {||} \<Longrightarrow> max_deg (Node r xs) > 0"
+ using fcard_fempty by auto
+
+corollary empty_if_mdeg_0: "max_deg (Node r xs) = 0 \<Longrightarrow> xs = {||}"
+ using mdeg_gt_0_if_nempty by (metis less_numeral_extra(3))
+
+lemma nempty_if_mdeg_n0: "max_deg (Node r xs) \<noteq> 0 \<Longrightarrow> xs \<noteq> {||}"
+ by auto
+
+corollary empty_iff_mdeg_0: "max_deg (Node r xs) = 0 \<longleftrightarrow> xs = {||}"
+ using nempty_if_mdeg_n0 empty_if_mdeg_0 by auto
+
+lemma mdeg_root: "max_deg (Node r xs) = max_deg (Node v xs)"
+ by simp
+
+lemma mdeg_ge_fcard: "fcard xs \<le> max_deg (Node r xs)"
+ by simp
+
+lemma mdeg_fcard_if_fcard_ge_child:
+ "\<forall>(t,e) \<in> fset xs. max_deg t \<le> fcard xs \<Longrightarrow> max_deg (Node r xs) = fcard xs"
+ using mdeg_child_if_gt_fcard[of xs r] mdeg_ge_fcard[of xs r] by fastforce
+
+lemma mdeg_fcard_if_fcard_ge_child':
+ "\<forall>t \<in> fst ` fset xs. max_deg t \<le> fcard xs \<Longrightarrow> max_deg (Node r xs) = fcard xs"
+ using mdeg_fcard_if_fcard_ge_child[of xs r] by fastforce
+
+lemma fcard_single_1: "fcard {|x|} = 1"
+ by (simp add: fcard_finsert)
+
+lemma fcard_single_1_iff: "fcard xs = 1 \<longleftrightarrow> (\<exists>x. xs = {|x|})"
+ by (metis all_not_fin_conv bot.extremum fcard_seteq fcard_single_1
+ finsert_fsubset le_numeral_extra(4))
+
+lemma fcard_not0_if_elem: "\<exists>x. x \<in> fset xs \<Longrightarrow> fcard xs \<noteq> 0"
+ by auto
+
+lemma fcard1_if_le1_elem: "\<lbrakk>fcard xs \<le> 1; x \<in> fset xs\<rbrakk> \<Longrightarrow> fcard xs = 1"
+ using fcard_not0_if_elem by fastforce
+
+lemma singleton_if_fcard_le1_elem: "\<lbrakk>fcard xs \<le> 1; x \<in> fset xs\<rbrakk> \<Longrightarrow> xs = {|x|}"
+ using fcard_single_1_iff[of xs] fcard1_if_le1_elem by fastforce
+
+lemma singleton_if_mdeg_le1_elem: "\<lbrakk>max_deg (Node r xs) \<le> 1; x \<in> fset xs\<rbrakk> \<Longrightarrow> xs = {|x|}"
+ using singleton_if_fcard_le1_elem[of xs] mdeg_ge_fcard[of xs] by simp
+
+lemma singleton_if_mdeg_le1_elem_suc: "\<lbrakk>max_deg t \<le> 1; x \<in> fset (sucs t)\<rbrakk> \<Longrightarrow> sucs t = {|x|}"
+ using singleton_if_mdeg_le1_elem[of "root t" "sucs t"] by simp
+
+lemma fcard0_if_le1_not_singleton: "\<lbrakk>\<forall>x. xs \<noteq> {|x|}; fcard xs \<le> 1\<rbrakk> \<Longrightarrow> fcard xs = 0"
+ using fcard_single_1_iff[of xs] by fastforce
+
+lemma empty_fset_if_fcard_le1_not_singleton: "\<lbrakk>\<forall>x. xs \<noteq> {|x|}; fcard xs \<le> 1\<rbrakk> \<Longrightarrow> xs = {||}"
+ using fcard0_if_le1_not_singleton by auto
+
+lemma fcard0_if_mdeg_le1_not_single: "\<lbrakk>\<forall>x. xs \<noteq> {|x|}; max_deg (Node r xs) \<le> 1\<rbrakk> \<Longrightarrow> fcard xs = 0"
+ using fcard0_if_le1_not_singleton[of xs] mdeg_ge_fcard[of xs] by simp
+
+lemma empty_fset_if_mdeg_le1_not_single: "\<lbrakk>\<forall>x. xs \<noteq> {|x|}; max_deg (Node r xs) \<le> 1\<rbrakk> \<Longrightarrow> xs = {||}"
+ using fcard0_if_mdeg_le1_not_single by auto
+
+lemma fcard0_if_mdeg_le1_not_single_suc:
+ "\<lbrakk>\<forall>x. sucs t \<noteq> {|x|}; max_deg t \<le> 1\<rbrakk> \<Longrightarrow> fcard (sucs t) = 0"
+ using fcard0_if_mdeg_le1_not_single[of "sucs t" "root t"] by simp
+
+lemma empty_fset_if_mdeg_le1_not_single_suc: "\<lbrakk>\<forall>x. sucs t \<noteq> {|x|}; max_deg t \<le> 1\<rbrakk> \<Longrightarrow> sucs t = {||}"
+ using fcard0_if_mdeg_le1_not_single_suc by auto
+
+lemma mdeg_1_singleton:
+ assumes "max_deg (Node r xs) = 1"
+ shows "\<exists>x. xs = {|x|}"
+proof -
+ obtain x where x_def: "x |\<in>| xs"
+ using assms by (metis all_not_fin_conv empty_iff_mdeg_0 zero_neq_one)
+ moreover have "fcard xs \<le> 1" using assms mdeg_ge_fcard by metis
+ ultimately have "xs = {|x|}"
+ by (metis order_bot_class.bot.not_eq_extremum diff_Suc_1 diff_is_0_eq' fcard_finsert_disjoint
+ less_nat_zero_code mk_disjoint_finsert pfsubset_fcard_mono)
+ then show ?thesis by simp
+qed
+
+lemma subtree_child_if_dvert_notr_mdeg_le1:
+ assumes "max_deg (Node r xs) \<le> 1" and "v \<noteq> r" and "v \<in> dverts (Node r xs)"
+ shows "\<exists>r' e zs. is_subtree (Node r' {|(Node v zs,e)|}) (Node r xs)"
+proof -
+ obtain r' ys zs where zs_def: "is_subtree (Node r' ys) (Node r xs)" "Node v zs \<in> fst ` fset ys"
+ using subtree_child_if_dvert_notroot[OF assms(2,3)] by blast
+ have 0: "max_deg (Node r' ys) \<le> 1" using mdeg_ge_sub[OF zs_def(1)] assms(1) by simp
+ obtain e where "{|(Node v zs,e)|} = ys"
+ using singleton_if_mdeg_le1_elem[OF 0] zs_def(2) by fastforce
+ then show ?thesis using zs_def(1) by blast
+qed
+
+lemma subtree_child_if_dvert_notroot_mdeg_le1:
+ "\<lbrakk>max_deg t \<le> 1; v \<noteq> root t; v \<in> dverts t\<rbrakk>
+ \<Longrightarrow> \<exists>r' e zs. is_subtree (Node r' {|(Node v zs,e)|}) t"
+ using subtree_child_if_dvert_notr_mdeg_le1[of "root t" "sucs t"] by simp
+
+lemma mdeg_child_sucs_eq_if_gt1:
+ assumes "max_deg (Node r {|(t,e)|}) > 1"
+ shows "max_deg (Node r {|(t,e)|}) = max_deg (Node v (sucs t))"
+proof -
+ have "fcard {|(t,e)|} = 1" using fcard_single_1 by fast
+ then have "max_deg (Node r {|(t,e)|}) = max_deg t" using assms by simp
+ then show ?thesis using mdeg_root[of "root t" "sucs t" v] dtree.exhaust_sel[of t] by argo
+qed
+
+lemma mdeg_child_sucs_le: "max_deg (Node v (sucs t)) \<le> max_deg (Node r {|(t,e)|})"
+ using mdeg_root[of v "sucs t" "root t"] by simp
+
+lemma mdeg_eq_child_if_singleton_gt1:
+ "max_deg (Node r {|(t1,e1)|}) > 1 \<Longrightarrow> max_deg (Node r {|(t1,e1)|}) = max_deg t1"
+ using mdeg_singleton[of r t1] by (auto simp: fcard_single_1 max_def)
+
+lemma fcard_gt1_if_mdeg_gt_child:
+ assumes "max_deg (Node r xs) > n" and "t1 \<in> fst ` fset xs" and "max_deg t1 \<le> n" and "n\<noteq>0"
+ shows "fcard xs > 1"
+proof(rule ccontr)
+ assume "\<not>fcard xs > 1"
+ then have "fcard xs \<le> 1" by simp
+ then have "\<exists>e1. xs = {|(t1,e1)|}" using assms(2) singleton_if_fcard_le1_elem by fastforce
+ then show False using mdeg_singleton[of r t1] assms(1,3,4) by (auto simp: fcard_single_1)
+qed
+
+lemma fcard_gt1_if_mdeg_gt_suc:
+ "\<lbrakk>max_deg t2 > n; t1 \<in> fst ` fset (sucs t2); max_deg t1 \<le> n; n\<noteq>0\<rbrakk> \<Longrightarrow> fcard (sucs t2) > 1"
+ using fcard_gt1_if_mdeg_gt_child[of n "root t2" "sucs t2"] by simp
+
+lemma fcard_gt1_if_mdeg_gt_child1:
+ "\<lbrakk>max_deg (Node r xs) > 1; t1 \<in> fst ` fset xs; max_deg t1 \<le> 1\<rbrakk> \<Longrightarrow> fcard xs > 1"
+ using fcard_gt1_if_mdeg_gt_child by auto
+
+lemma fcard_gt1_if_mdeg_gt_suc1:
+ "\<lbrakk>max_deg t2 > 1; t1 \<in> fst ` fset (sucs t2); max_deg t1 \<le> 1\<rbrakk> \<Longrightarrow> fcard (sucs t2) > 1"
+ using fcard_gt1_if_mdeg_gt_suc by blast
+
+lemma fcard_lt_non_inj_f:
+ "\<lbrakk>f a = f b; a \<in> fset xs; b \<in> fset xs; a\<noteq>b\<rbrakk> \<Longrightarrow> fcard (f |`| xs) < fcard xs"
+proof(induction xs)
+ case (insert x xs)
+ then consider "a \<in> fset xs" "b \<in> fset xs" | "a = x" "b \<in> fset xs" | "a \<in> fset xs" "b = x"
+ by auto
+ then show ?case
+ proof(cases)
+ case 1
+ then show ?thesis
+ using insert.IH insert.prems(1,4) by (simp add: fcard_finsert_if)
+ next
+ case 2
+ then show ?thesis
+ proof(cases "fcard (f |`| xs) = fcard xs")
+ case True
+ then show ?thesis
+ using 2 insert.hyps insert.prems(1)
+ by (metis fcard_finsert_disjoint fimage_finsert finsert_fimage lessI notin_fset)
+ next
+ case False
+ then have "fcard (f |`| xs) \<le> fcard xs" using fcard_image_le by auto
+ then have "fcard (f |`| xs) < fcard xs" using False by simp
+ then show ?thesis
+ using 2 insert.prems(1) notin_fset fcard_image_le fcard_mono fimage_finsert less_le_not_le
+ by (metis order_class.order.not_eq_order_implies_strict finsert_fimage fsubset_finsertI)
+ qed
+ next
+ case 3
+ then show ?thesis
+ proof(cases "fcard (f |`| xs) = fcard xs")
+ case True
+ then show ?thesis
+ using 3 insert.hyps insert.prems(1)
+ by (metis fcard_finsert_disjoint fimage_finsert finsert_fimage lessI notin_fset)
+ next
+ case False
+ then have "fcard (f |`| xs) \<le> fcard xs" using fcard_image_le by auto
+ then have "fcard (f |`| xs) < fcard xs" using False by simp
+ then show ?thesis
+ using 3 insert.prems(1) notin_fset fcard_image_le fcard_mono fimage_finsert less_le_not_le
+ by (metis order_class.order.not_eq_order_implies_strict finsert_fimage fsubset_finsertI)
+ qed
+ qed
+qed (simp)
+
+lemma mdeg_img_le:
+ assumes "\<forall>(t,e) \<in> fset xs. max_deg (fst (f (t,e))) \<le> max_deg t"
+ shows "max_deg (Node r (f |`| xs)) \<le> max_deg (Node r xs)"
+proof(cases "max_deg (Node r (f |`| xs)) = fcard (f |`| xs)")
+ case True
+ then show ?thesis using fcard_image_le[of f xs] by auto
+next
+ case False
+ then have "max_deg (Node r (f |`| xs)) > fcard (f |`| xs)"
+ using mdeg_ge_fcard[of "f |`| xs"] by simp
+ then obtain t1 e1 where t1_def:
+ "(t1,e1) \<in> fset (f |`| xs)" "max_deg t1 = max_deg (Node r (f |`| xs))"
+ using mdeg_child_if_gt_fcard[of "f |`| xs" r] by fastforce
+ then obtain t2 e2 where t2_def: "(t2,e2) \<in> fset xs" "f (t2,e2) = (t1,e1)" by auto
+ then have "max_deg t2 \<ge> max_deg (Node r (f |`| xs))" using t1_def(2) assms by fastforce
+ then show ?thesis using mdeg_ge_child[OF t2_def(1)] by simp
+qed
+
+lemma mdeg_img_le':
+ assumes "\<forall>(t,e) \<in> fset xs. max_deg (f t) \<le> max_deg t"
+ shows "max_deg (Node r ((\<lambda>(t,e). (f t, e)) |`| xs)) \<le> max_deg (Node r xs)"
+ using mdeg_img_le[of xs "\<lambda>(t,e). (f t, e)"] assms by simp
+
+lemma mdeg_le_if_fcard_and_child_le:
+ "\<lbrakk>\<forall>(t,e) \<in> fset xs. max_deg t \<le> m; fcard xs \<le> m\<rbrakk> \<Longrightarrow> max_deg (Node r xs) \<le> m"
+ using mdeg_ge_fcard mdeg_child_if_gt_fcard[of xs r] by fastforce
+
+lemma mdeg_child_if_child_max:
+ "\<lbrakk>\<forall>(t,e) \<in> fset xs. max_deg t \<le> max_deg t1; fcard xs \<le> max_deg t1; (t1,e1) \<in> fset xs\<rbrakk>
+ \<Longrightarrow> max_deg (Node r xs) = max_deg t1"
+ using mdeg_le_if_fcard_and_child_le[of xs "max_deg t1"] mdeg_ge_child[of t1 e1 xs] by simp
+
+corollary mdeg_child_if_child_max':
+ "\<lbrakk>\<forall>(t,e) \<in> fset xs. max_deg t \<le> max_deg t1; fcard xs \<le> max_deg t1; t1 \<in> fst ` fset xs\<rbrakk>
+ \<Longrightarrow> max_deg (Node r xs) = max_deg t1"
+ using mdeg_child_if_child_max[of xs t1] by force
+
+lemma mdeg_img_eq:
+ assumes "\<forall>(t,e) \<in> fset xs. max_deg (fst (f (t,e))) = max_deg t"
+ and "fcard (f |`| xs) = fcard xs"
+ shows "max_deg (Node r (f |`| xs)) = max_deg (Node r xs)"
+proof(cases "max_deg (Node r (f |`| xs)) = fcard (f |`| xs)")
+ case True
+ then have "\<forall>(t,e) \<in> fset (f |`| xs). max_deg t \<le> fcard (f |`| xs)"
+ using mdeg_ge_child by fastforce
+ then have "\<forall>(t,e) \<in> fset xs. max_deg t \<le> fcard xs" using assms by fastforce
+ then have "max_deg (Node r xs) = fcard xs" using mdeg_fcard_if_fcard_ge_child by fast
+ then show ?thesis using True assms(2) by simp
+next
+ case False
+ then have "max_deg (Node r (f |`| xs)) > fcard (f |`| xs)"
+ using mdeg_ge_fcard[of "f |`| xs"] by simp
+ then obtain t1 e1 where t1_def:
+ "(t1,e1) \<in> fset (f |`| xs)" "max_deg t1 = max_deg (Node r (f |`| xs))"
+ using mdeg_child_if_gt_fcard[of "f |`| xs" r] by fastforce
+ then obtain t2 e2 where t2_def: "(t2,e2) \<in> fset xs" "f (t2,e2) = (t1,e1)" by auto
+ then have mdeg_t21: "max_deg t2 = max_deg t1" using assms(1) by auto
+ have "\<forall>(t3,e3) \<in> fset (f |`| xs). max_deg t3 \<le> max_deg t1"
+ using t1_def(2) mdeg_ge_child[where xs="f |`| xs"] by force
+ then have "\<forall>(t3,e3) \<in> fset xs. max_deg (fst (f (t3,e3))) \<le> max_deg t1" by auto
+ then have "\<forall>(t3,e3) \<in> fset xs. max_deg t3 \<le> max_deg t2" using assms(1) mdeg_t21 by fastforce
+ moreover have "max_deg t2 \<ge> fcard xs" using t1_def(2) assms(2) mdeg_t21 by simp
+ ultimately have "max_deg (Node r xs) = max_deg t2"
+ using t2_def(1) mdeg_child_if_child_max by fast
+ then show ?thesis using t1_def(2) mdeg_t21 by simp
+qed
+
+lemma num_leaves_1_if_mdeg_1: "max_deg t \<le> 1 \<Longrightarrow> num_leaves t = 1"
+proof(induction t)
+ case (Node r xs)
+ then show ?case
+ proof(cases "max_deg (Node r xs) = 0")
+ case True
+ then show ?thesis using empty_iff_mdeg_0 by auto
+ next
+ case False
+ then have "max_deg (Node r xs) = 1" using Node.prems by simp
+ then obtain t e where t_def: "xs = {|(t,e)|}" "(t,e) \<in> fset xs"
+ using mdeg_1_singleton by fastforce
+ then have "max_deg t \<le> 1" using Node.prems mdeg_ge_child by fastforce
+ then show ?thesis using Node.IH t_def(1) by simp
+ qed
+qed
+
+lemma num_leaves_ge1: "num_leaves t \<ge> 1"
+proof(induction t)
+ case (Node r xs)
+ show ?case
+ proof(cases "xs = {||}")
+ case False
+ then obtain t e where t_def: "(t,e) \<in> fset xs" using notin_fset by fast
+ then have "1 \<le> num_leaves t" using Node by simp
+ then show ?thesis
+ using fset_sum_ge_elem[OF finite_fset[of xs] t_def, of "\<lambda>(t,e). num_leaves t"] by auto
+ qed (simp)
+qed
+
+lemma num_leaves_ge_card: "num_leaves (Node r xs) \<ge> fcard xs"
+proof(cases "xs = {||}")
+ case False
+ have "fcard xs = (\<Sum>x\<in> fset xs. 1)" using fcard.rep_eq by auto
+ also have "\<dots> \<le> (\<Sum>x\<in> fset xs. num_leaves (fst x))" using num_leaves_ge1 sum_mono by metis
+ finally show ?thesis using False by (simp add: fst_def prod.case_distrib)
+qed (simp add: fcard_fempty)
+
+lemma num_leaves_root: "num_leaves (Node r xs) = num_leaves (Node r' xs)"
+ by simp
+
+lemma num_leaves_singleton: "num_leaves (Node r {|(t,e)|}) = num_leaves t"
+ by simp
+
+subsection \<open>List Conversions\<close>
+
+function dtree_to_list :: "('a,'b) dtree \<Rightarrow> ('a\<times>'b) list" where
+ "dtree_to_list (Node r {|(t,e)|}) = (root t,e) # dtree_to_list t"
+| "\<forall>x. xs \<noteq> {|x|} \<Longrightarrow> dtree_to_list (Node r xs) = []"
+ by (metis darcs_mset.cases surj_pair) auto
+termination by lexicographic_order
+
+fun dtree_from_list :: "'a \<Rightarrow> ('a\<times>'b) list \<Rightarrow> ('a,'b) dtree" where
+ "dtree_from_list r [] = Node r {||}"
+| "dtree_from_list r ((v,e)#xs) = Node r {|(dtree_from_list v xs, e)|}"
+
+fun wf_list_arcs :: "('a\<times>'b) list \<Rightarrow> bool" where
+ "wf_list_arcs [] = True"
+| "wf_list_arcs ((v,e)#xs) = (e \<notin> snd ` set xs \<and> wf_list_arcs xs)"
+
+fun wf_list_verts :: "('a\<times>'b) list \<Rightarrow> bool" where
+ "wf_list_verts [] = True"
+| "wf_list_verts ((v,e)#xs) = (v \<notin> fst ` set xs \<and> wf_list_verts xs)"
+
+lemma dtree_to_list_sub_dverts_ins:
+ "insert (root t) (fst ` set (dtree_to_list t)) \<subseteq> dverts t"
+proof(induction t)
+ case (Node r xs)
+ show ?case
+ proof(cases "\<forall>x. xs \<noteq> {|x|}")
+ case False
+ then obtain t e where t_def: "xs = {|(t,e)|}"
+ using mdeg_1_singleton by fastforce
+ then show ?thesis using Node.IH by fastforce
+ qed (auto)
+qed
+
+lemma dtree_to_list_eq_dverts_ins:
+ "max_deg t \<le> 1 \<Longrightarrow> insert (root t) (fst ` set (dtree_to_list t)) = dverts t"
+proof(induction t)
+ case (Node r xs)
+ show ?case
+ proof(cases "max_deg (Node r xs) = 0")
+ case True
+ then have "xs = {||}" using empty_iff_mdeg_0 by auto
+ moreover from this have "\<forall>x. xs \<noteq> {|x|}" by blast
+ ultimately show ?thesis by simp
+ next
+ case False
+ then have "max_deg (Node r xs) = 1" using Node.prems by simp
+ then obtain t e where t_def: "xs = {|(t,e)|}" "(t,e) \<in> fset xs"
+ using mdeg_1_singleton by fastforce
+ then have "max_deg t \<le> 1" using Node.prems mdeg_ge_child by fastforce
+ then have "insert (root t) (fst ` set (dtree_to_list t)) = dverts t"
+ using Node.IH t_def(2) by auto
+ then show ?thesis using Node.prems(1) t_def(1) by simp
+ qed
+qed
+
+lemma dtree_to_list_eq_dverts_sucs:
+ "max_deg t \<le> 1 \<Longrightarrow> fst ` set (dtree_to_list t) = (\<Union>x \<in> fset (sucs t). dverts (fst x))"
+proof(induction t)
+ case (Node r xs)
+ show ?case
+ proof(cases "max_deg (Node r xs) = 0")
+ case True
+ then have "xs = {||}" using empty_iff_mdeg_0 by auto
+ moreover from this have "\<forall>x. xs \<noteq> {|x|}" by blast
+ ultimately show ?thesis by simp
+ next
+ case False
+ then have "max_deg (Node r xs) = 1" using Node.prems by simp
+ then obtain t e where t_def: "xs = {|(t,e)|}" "(t,e) \<in> fset xs"
+ using mdeg_1_singleton by fastforce
+ then have "max_deg t \<le> 1" using Node.prems mdeg_ge_child by fastforce
+ then have "fst ` set (dtree_to_list t) = (\<Union>x \<in> fset (sucs t). dverts (fst x))"
+ using Node.IH t_def(2) by auto
+ moreover from this have "dverts t = insert (root t) (\<Union>x \<in> fset (sucs t). dverts (fst x))"
+ using \<open>max_deg t \<le> 1\<close> dtree_to_list_eq_dverts_ins by fastforce
+ ultimately show ?thesis using Node.prems(1) t_def(1) by force
+ qed
+qed
+
+lemma dtree_to_list_sub_dverts:
+ "wf_dverts t \<Longrightarrow> fst ` set (dtree_to_list t) \<subseteq> dverts t - {root t}"
+proof(induction t)
+ case (Node r xs)
+ show ?case
+ proof(cases "\<forall>x. xs \<noteq> {|x|}")
+ case False
+ then obtain t e where t_def: "xs = {|(t,e)|}"
+ using mdeg_1_singleton by fastforce
+ then have "wf_dverts t" using Node.prems mdeg_ge_child by fastforce
+ then have "fst ` set (dtree_to_list t) \<subseteq> dverts t - {root t}" using Node.IH t_def(1) by auto
+ then have "fst ` set (dtree_to_list (Node r xs)) \<subseteq> dverts t"
+ using t_def(1) dtree.set_sel(1) by auto
+ then show ?thesis using Node.prems(1) t_def(1) by (simp add: wf_dverts_iff_dverts')
+ qed (auto)
+qed
+
+lemma dtree_to_list_eq_dverts:
+ "\<lbrakk>wf_dverts t; max_deg t \<le> 1\<rbrakk> \<Longrightarrow> fst ` set (dtree_to_list t) = dverts t - {root t}"
+proof(induction t)
+ case (Node r xs)
+ show ?case
+ proof(cases "max_deg (Node r xs) = 0")
+ case True
+ then have "xs = {||}" using empty_iff_mdeg_0 by auto
+ moreover from this have "\<forall>x. xs \<noteq> {|x|}" by blast
+ ultimately show ?thesis by simp
+ next
+ case False
+ then have "max_deg (Node r xs) = 1" using Node.prems by simp
+ then obtain t e where t_def: "xs = {|(t,e)|}" "(t,e) \<in> fset xs"
+ using mdeg_1_singleton by fastforce
+ then have "max_deg t \<le> 1 \<and> wf_dverts t" using Node.prems mdeg_ge_child by fastforce
+ then have "fst ` set (dtree_to_list t) = dverts t - {root t}" using Node.IH t_def(2) by auto
+ then have "fst ` set (dtree_to_list (Node r xs)) = dverts t"
+ using t_def(1) dtree.set_sel(1) by auto
+ then show ?thesis using Node.prems(1) t_def(1) by (simp add: wf_dverts_iff_dverts')
+ qed
+qed
+
+lemma dtree_to_list_eq_dverts_single:
+ "\<lbrakk>max_deg t \<le> 1; sucs t = {|(t1,e1)|}\<rbrakk> \<Longrightarrow> fst ` set (dtree_to_list t) = dverts t1"
+ by (simp add: dtree_to_list_eq_dverts_sucs)
+
+lemma dtree_to_list_sub_darcs: "snd ` set (dtree_to_list t) \<subseteq> darcs t"
+proof(induction t)
+ case (Node r xs)
+ show ?case
+ proof(cases "\<forall>x. xs \<noteq> {|x|}")
+ case False
+ then obtain t e where "xs = {|(t,e)|}"
+ using mdeg_1_singleton by fastforce
+ then show ?thesis using Node.IH by fastforce
+ qed (auto)
+qed
+
+lemma dtree_to_list_eq_darcs: "max_deg t \<le> 1 \<Longrightarrow> snd ` set (dtree_to_list t) = darcs t"
+proof(induction t)
+ case (Node r xs)
+ show ?case
+ proof(cases "max_deg (Node r xs) = 0")
+ case True
+ then have "xs = {||}" using empty_iff_mdeg_0 by auto
+ moreover from this have "\<forall>x. xs \<noteq> {|x|}" by blast
+ ultimately show ?thesis by simp
+ next
+ case False
+ then have "max_deg (Node r xs) = 1" using Node.prems by simp
+ then obtain t e where t_def: "xs = {|(t,e)|}" "(t,e) \<in> fset xs"
+ using mdeg_1_singleton by fastforce
+ then have "max_deg t \<le> 1" using Node.prems mdeg_ge_child by fastforce
+ then have "snd ` set (dtree_to_list t) = darcs t" using Node.IH t_def(2) by auto
+ then show ?thesis using t_def(1) by simp
+ qed
+qed
+
+lemma dtree_from_list_eq_dverts: "dverts (dtree_from_list r xs) = insert r (fst ` set xs)"
+ by(induction xs arbitrary: r) force+
+
+lemma dtree_from_list_eq_darcs: "darcs (dtree_from_list r xs) = snd ` set xs"
+ by(induction xs arbitrary: r) force+
+
+lemma dtree_from_list_root_r[simp]: "root (dtree_from_list r xs) = r"
+ using dtree.sel(1) dtree_from_list.elims by metis
+
+lemma dtree_from_list_v_eq_r:
+ "Node r xs = dtree_from_list v ys \<Longrightarrow> r = v"
+ using dtree.sel(1)[of r xs] by simp
+
+lemma dtree_from_list_fcard0_empty: "fcard (sucs (dtree_from_list r [])) = 0"
+ by simp
+
+lemma dtree_from_list_fcard0_iff_empty: "fcard (sucs (dtree_from_list r xs)) = 0 \<longleftrightarrow> xs = []"
+ by(induction xs) auto
+
+lemma dtree_from_list_fcard1_iff_nempty: "fcard (sucs (dtree_from_list r xs)) = 1 \<longleftrightarrow> xs \<noteq> []"
+ by(induction xs) (auto simp: fcard_single_1 fcard_fempty)
+
+lemma dtree_from_list_fcard_le1: "fcard (sucs (dtree_from_list r xs)) \<le> 1"
+ by(induction xs) (auto simp: fcard_single_1 fcard_fempty)
+
+lemma dtree_from_empty_deg_0: "max_deg (dtree_from_list r []) = 0"
+ by simp
+
+lemma dtree_from_list_deg_le_1: "max_deg (dtree_from_list r xs) \<le> 1"
+proof(induction xs arbitrary: r)
+ case Nil
+ have "max_deg (dtree_from_list r []) = 0" by simp
+ also have "\<dots> \<le> 1" by blast
+ finally show ?case by blast
+next
+ case (Cons x xs)
+ obtain v e where v_def: "x = (v,e)" by force
+ let ?xs = "{|(dtree_from_list v xs, e)|}"
+ have "dtree_from_list r (x#xs) = Node r ?xs" by (simp add: v_def)
+ moreover have "max_deg (dtree_from_list v xs) \<le> 1" using Cons by simp
+ moreover have "max_deg (Node r ?xs) = max (max_deg (dtree_from_list v xs)) (fcard ?xs)"
+ using mdeg_singleton by fast
+ ultimately show ?case by (simp add: fcard_finsert_if max_def)
+qed
+
+lemma dtree_from_list_deg_1: "xs \<noteq> [] \<longleftrightarrow> max_deg (dtree_from_list r xs) = 1"
+proof (cases xs)
+ case (Cons x xs)
+ obtain v e where v_def: "x = (v,e)" by force
+ let ?xs = "{|(dtree_from_list v xs, e)|}"
+ have "dtree_from_list r (x#xs) = Node r ?xs" by (simp add: v_def)
+ moreover have "max_deg (dtree_from_list v xs) \<le> 1" using dtree_from_list_deg_le_1 by fast
+ moreover have "max_deg (Node r ?xs) = max (max_deg (dtree_from_list v xs)) (fcard ?xs)"
+ using mdeg_singleton by fast
+ ultimately show ?thesis using Cons by (simp add: fcard_finsert_if max_def)
+qed (metis dtree_from_empty_deg_0 zero_neq_one)
+
+lemma dtree_from_list_singleton: "xs \<noteq> [] \<Longrightarrow> \<exists>t e. dtree_from_list r xs = Node r {|(t,e)|}"
+ using dtree_from_list.elims[of r xs] by fastforce
+
+lemma dtree_from_to_list_id: "max_deg t \<le> 1 \<Longrightarrow> dtree_from_list (root t) (dtree_to_list t) = t"
+proof(induction t)
+ case (Node r xs)
+ then show ?case
+ proof(cases "max_deg (Node r xs) = 0")
+ case True
+ then have "xs = {||}" using empty_iff_mdeg_0 by auto
+ moreover from this have "\<forall>x. xs \<noteq> {|x|}" by blast
+ ultimately show ?thesis using Node.prems by simp
+ next
+ case False
+ then have "max_deg (Node r xs) = 1" using Node.prems by simp
+ then obtain t e where t_def: "xs = {|(t,e)|}" "(t,e) \<in> fset xs"
+ using mdeg_1_singleton by fastforce
+ then have "max_deg t \<le> 1" using Node.prems mdeg_ge_child by fastforce
+ then show ?thesis using Node.IH t_def(1) by simp
+ qed
+qed
+
+lemma dtree_to_from_list_id: "dtree_to_list (dtree_from_list r xs) = xs"
+proof(induction xs arbitrary: r)
+ case Nil
+ then show ?case
+ using dtree_from_list_deg_1 dtree_from_list_deg_le_1 dtree_from_to_list_id by metis
+next
+ case (Cons x xs)
+ obtain v e where v_def: "x = (v,e)" by force
+ then have "dtree_to_list (dtree_from_list r (x#xs)) = (v,e)#dtree_to_list (dtree_from_list v xs)"
+ by (metis dtree_from_list.elims dtree_to_list.simps(1) dtree.sel(1) dtree_from_list.simps(2))
+ then show ?case by (simp add: v_def Cons)
+qed
+
+lemma dtree_from_list_eq_singleton_hd:
+ "Node r0 {|(t0,e0)|} = dtree_from_list v1 ys \<Longrightarrow> (\<exists>xs. (root t0, e0) # xs = ys)"
+ using dtree_to_list.simps(1)[of r0 t0 e0] dtree_to_from_list_id[of v1 ys] by simp
+
+lemma dtree_from_list_eq_singleton:
+ "Node r0 {|(t0,e0)|} = dtree_from_list v1 ys \<Longrightarrow> r0 = v1 \<and> (\<exists>xs. (root t0, e0) # xs = ys)"
+ using dtree_from_list_eq_singleton_hd by fastforce
+
+lemma dtree_from_list_uneq_sequence:
+ "\<lbrakk>is_subtree (Node r0 {|(t0,e0)|}) (dtree_from_list v1 ys);
+ Node r0 {|(t0,e0)|} \<noteq> dtree_from_list v1 ys\<rbrakk>
+ \<Longrightarrow> \<exists>e as bs. as @ (r0,e) # (root t0, e0) # bs = ys"
+proof(induction v1 ys rule: dtree_from_list.induct)
+ case (2 r v e xs)
+ then show ?case
+ proof(cases "Node r0 {|(t0,e0)|} = dtree_from_list v xs")
+ case True
+ then show ?thesis using dtree_from_list_eq_singleton by fast
+ next
+ case False
+ then obtain e1 as bs where "as @ (r0, e1) # (root t0, e0) # bs = xs" using 2 by auto
+ then have "((v,e)#as) @ (r0, e1) # (root t0, e0) # bs = (v, e) # xs" by simp
+ then show ?thesis by blast
+ qed
+qed(simp)
+
+lemma dtree_from_list_sequence:
+ "\<lbrakk>is_subtree (Node r0 {|(t0,e0)|}) (dtree_from_list v1 ys)\<rbrakk>
+ \<Longrightarrow> \<exists>e as bs. as @ (r0,e) # (root t0, e0) # bs = ((v1,e1)#ys)"
+ using dtree_from_list_uneq_sequence[of r0 t0 e0] dtree_from_list_eq_singleton append_Cons by fast
+
+lemma dtree_from_list_eq_empty:
+ "Node r {||} = dtree_from_list v ys \<Longrightarrow> r = v \<and> ys = []"
+ using dtree_to_from_list_id dtree_from_list_v_eq_r dtree_from_list.simps(1) by metis
+
+lemma dtree_from_list_sucs_cases:
+ "Node r xs = dtree_from_list v ys \<Longrightarrow> xs = {||} \<or> (\<exists>x. xs = {|x|})"
+ using dtree.inject dtree_from_list.simps(1) dtree_to_from_list_id dtree_to_list.simps(2) by metis
+
+lemma dtree_from_list_uneq_sequence_xs:
+ "strict_subtree (Node r0 xs0) (dtree_from_list v1 ys)
+ \<Longrightarrow> \<exists>e as bs. as @ (r0,e) # bs = ys \<and> Node r0 xs0 = dtree_from_list r0 bs"
+proof(induction v1 ys rule: dtree_from_list.induct)
+ case (2 r v e xs)
+ then show ?case
+ proof(cases "Node r0 xs0 = dtree_from_list v xs")
+ case True
+ then show ?thesis using dtree_from_list_root_r dtree.sel(1)[of r0 xs0] by fastforce
+ next
+ case False
+ then obtain e1 as bs where 0: "as @ (r0,e1) # bs = xs" "Node r0 xs0 = dtree_from_list r0 bs"
+ using 2 unfolding strict_subtree_def by auto
+ then have "((v,e)#as) @ (r0,e1) # bs = (v,e) # xs" by simp
+ then show ?thesis using 0(2) by blast
+ qed
+qed(simp add: strict_subtree_def)
+
+lemma dtree_from_list_sequence_xs:
+ "\<lbrakk>is_subtree (Node r xs) (dtree_from_list v1 ys)\<rbrakk>
+ \<Longrightarrow> \<exists>e as bs. as @ (r,e) # bs = ((v1,e1)#ys) \<and> Node r xs = dtree_from_list r bs"
+ using dtree_from_list_uneq_sequence_xs[of r xs] dtree_from_list_v_eq_r strict_subtree_def
+ by (fast intro!: append_Cons)
+
+lemma dtree_from_list_sequence_dverts:
+ "\<lbrakk>is_subtree (Node r xs) (dtree_from_list v1 ys)\<rbrakk>
+ \<Longrightarrow> \<exists>e as bs. as @ (r,e) # bs = ((v1,e1)#ys) \<and> dverts (Node r xs) = insert r (fst ` set bs)"
+ using dtree_from_list_sequence_xs[of r xs v1 ys e1] dtree_from_list_eq_dverts by metis
+
+lemma dtree_from_list_dverts_subset_set:
+ "set bs \<subseteq> set ds \<Longrightarrow> dverts (dtree_from_list r bs) \<subseteq> dverts (dtree_from_list r ds)"
+ by (auto simp: dtree_from_list_eq_dverts)
+
+lemma wf_darcs'_iff_wf_list_arcs: "wf_list_arcs xs \<longleftrightarrow> wf_darcs' (dtree_from_list r xs)"
+ by(induction xs arbitrary: r rule: wf_list_arcs.induct) (auto simp: dtree_from_list_eq_darcs)
+
+lemma wf_darcs_iff_wf_list_arcs: "wf_list_arcs xs \<longleftrightarrow> wf_darcs (dtree_from_list r xs)"
+ using wf_darcs'_iff_wf_list_arcs wf_darcs_iff_darcs' by fast
+
+lemma wf_dverts_iff_wf_list_verts:
+ "r \<notin> fst ` set xs \<and> wf_list_verts xs \<longleftrightarrow> wf_dverts (dtree_from_list r xs)"
+ by (induction xs arbitrary: r rule: wf_list_verts.induct)
+ (auto simp: dtree_from_list_eq_dverts wf_dverts_iff_dverts')
+
+theorem wf_dtree_iff_wf_list:
+ "wf_list_arcs xs \<and> r \<notin> fst ` set xs \<and> wf_list_verts xs \<longleftrightarrow> wf_dtree (dtree_from_list r xs)"
+ using wf_darcs_iff_wf_list_arcs wf_dverts_iff_wf_list_verts unfolding wf_dtree_def by fast
+
+lemma wf_list_arcs_if_wf_darcs: "wf_darcs t \<Longrightarrow> wf_list_arcs (dtree_to_list t)"
+proof(induction t)
+ case (Node r xs)
+ then show ?case
+ proof(cases "\<forall>x. xs \<noteq> {|x|}")
+ case True
+ then show ?thesis using dtree_to_list.simps(2) by simp
+ next
+ case False
+ then obtain t1 e1 where "xs = {|(t1,e1)|}" by auto
+ then show ?thesis
+ using Node dtree_to_list_sub_darcs unfolding wf_darcs_iff_darcs' by fastforce
+ qed
+qed
+
+lemma wf_list_verts_if_wf_dverts: "wf_dverts t \<Longrightarrow> wf_list_verts (dtree_to_list t)"
+proof(induction t)
+ case (Node r xs)
+ then show ?case
+ proof(cases "\<forall>x. xs \<noteq> {|x|}")
+ case True
+ then show ?thesis using dtree_to_list.simps(2) by simp
+ next
+ case False
+ then obtain t1 e1 where "xs = {|(t1,e1)|}" by auto
+ then show ?thesis using Node dtree_to_list_sub_dverts by (fastforce simp: wf_dverts_iff_dverts')
+ qed
+qed
+
+lemma distinct_if_wf_list_arcs: "wf_list_arcs xs \<Longrightarrow> distinct xs"
+ by (induction xs) force+
+
+lemma distinct_if_wf_list_verts: "wf_list_verts xs \<Longrightarrow> distinct xs"
+ by (induction xs) force+
+
+lemma wf_list_arcs_alt: "wf_list_arcs xs \<longleftrightarrow> distinct (map snd xs)"
+ by (induction xs) force+
+
+lemma wf_list_verts_alt: "wf_list_verts xs \<longleftrightarrow> distinct (map fst xs)"
+ by (induction xs) force+
+
+lemma subtree_from_list_split_eq_if_wfverts:
+ assumes "wf_list_verts (as@(r,e)#bs)"
+ and "v \<notin> fst ` set (as@(r,e)#bs)"
+ and "is_subtree (Node r xs) (dtree_from_list v (as@(r,e)#bs))"
+ shows "Node r xs = dtree_from_list r bs"
+proof -
+ have 0: "wf_list_verts ((v,e)#as@(r,e)#bs)" using assms(1,2) by simp
+ obtain as' e' bs' where as'_def:
+ "as'@(r,e')#bs' = (v,e)#as@(r,e)#bs" "Node r xs = dtree_from_list r bs'"
+ using assms(3) dtree_from_list_sequence_xs[of r xs] by blast
+ then have 0: "wf_list_verts (as'@(r,e')#bs')" using assms(1,2) by simp
+ have r_as': "r \<notin> fst ` set as'" using 0 unfolding wf_list_verts_alt by simp
+ moreover have r_bs': "r \<notin> fst ` set bs'" using 0 unfolding wf_list_verts_alt by simp
+ moreover have "(r,e) \<in> set (as'@(r,e')#bs')" using as'_def(1) by simp
+ ultimately have "(r,e')= (r,e)" by force
+ then show ?thesis
+ using r_as' r_bs' as'_def append_Cons_eq_iff[of "(r,e)" as' bs' "(v,e)#as" bs] by force
+qed
+
+lemma subtree_from_list_split_eq_if_wfdverts:
+ "\<lbrakk>wf_dverts (dtree_from_list v (as@(r,e)#bs));
+ is_subtree (Node r xs) (dtree_from_list v (as@(r,e)#bs))\<rbrakk>
+ \<Longrightarrow> Node r xs = dtree_from_list r bs"
+ using subtree_from_list_split_eq_if_wfverts wf_dverts_iff_wf_list_verts by fast
+
+lemma dtree_from_list_dverts_subset_wfdverts:
+ assumes "set bs \<subseteq> set ds"
+ and "wf_dverts (dtree_from_list v (as@(r,e1)#bs))"
+ and "wf_dverts (dtree_from_list v (cs@(r,e2)#ds))"
+ and "is_subtree (Node r xs) (dtree_from_list v (as@(r,e1)#bs))"
+ and "is_subtree (Node r ys) (dtree_from_list v (cs@(r,e2)#ds))"
+ shows "dverts (Node r xs) \<subseteq> dverts (Node r ys)"
+ using dtree_from_list_dverts_subset_set[OF assms(1)]
+ subtree_from_list_split_eq_if_wfdverts[OF assms(2,4)]
+ subtree_from_list_split_eq_if_wfdverts[OF assms(3,5)]
+ by simp
+
+lemma dtree_from_list_dverts_subset_wfdverts':
+ assumes "wf_dverts (dtree_from_list v as)"
+ and "wf_dverts (dtree_from_list v cs)"
+ and "is_subtree (Node r xs) (dtree_from_list v as)"
+ and "is_subtree (Node r ys) (dtree_from_list v cs)"
+ and "\<exists>as' e1 bs cs' e2 ds. as'@(r,e1)#bs = as \<and> cs'@(r,e2)#ds = cs \<and> set bs \<subseteq> set ds"
+ shows "dverts (Node r xs) \<subseteq> dverts (Node r ys)"
+ using dtree_from_list_dverts_subset_wfdverts assms by metis
+
+lemma dtree_to_list_sequence_subtree:
+ "\<lbrakk>max_deg t \<le> 1; strict_subtree (Node r xs) t\<rbrakk>
+ \<Longrightarrow> \<exists>as e bs. dtree_to_list t = as@(r,e)#bs \<and> Node r xs = dtree_from_list r bs"
+ by (metis dtree_from_list_uneq_sequence_xs dtree_from_to_list_id)
+
+lemma dtree_to_list_sequence_subtree':
+ "\<lbrakk>max_deg t \<le> 1; strict_subtree (Node r xs) t\<rbrakk>
+ \<Longrightarrow> \<exists>as e bs. dtree_to_list t = as@(r,e)#bs \<and> dtree_to_list (Node r xs) = bs"
+ using dtree_to_from_list_id[of r] dtree_to_list_sequence_subtree[of t r xs] by fastforce
+
+lemma dtree_to_list_subtree_dverts_eq_fsts:
+ "\<lbrakk>max_deg t \<le> 1; strict_subtree (Node r xs) t\<rbrakk>
+ \<Longrightarrow> \<exists>as e bs. dtree_to_list t = as@(r,e)#bs \<and> insert r (fst ` set bs) = dverts (Node r xs)"
+ by (metis dtree_from_list_eq_dverts dtree_to_list_sequence_subtree)
+
+lemma dtree_to_list_subtree_dverts_eq_fsts':
+ "\<lbrakk>max_deg t \<le> 1; strict_subtree (Node r xs) t\<rbrakk>
+ \<Longrightarrow> \<exists>as e bs. dtree_to_list t = as@(r,e)#bs \<and> (fst ` set ((r,e)#bs)) = dverts (Node r xs)"
+ using dtree_to_list_subtree_dverts_eq_fsts by fastforce
+
+lemma dtree_to_list_split_subtree:
+ assumes "as@(r,e)#bs = dtree_to_list t"
+ shows "\<exists>xs. strict_subtree (Node r xs) t \<and> dtree_to_list (Node r xs) = bs"
+using assms proof(induction t arbitrary: as rule: dtree_to_list.induct)
+ case (1 r1 t1 e1)
+ show ?case
+ proof(cases as)
+ case Nil
+ then have "dtree_to_list (Node r (sucs t1)) = bs" using "1.prems" by auto
+ moreover have "is_subtree (Node r (sucs t1)) (Node r1 {|(t1, e1)|})"
+ using subtree_if_child[of t1 "{|(t1, e1)|}"] "1.prems" Nil by simp
+ moreover have "Node r1 {|(t1, e1)|} \<noteq> (Node r (sucs t1))" by (blast intro!: singleton_uneq')
+ ultimately show ?thesis unfolding strict_subtree_def by blast
+ next
+ case (Cons a as')
+ then show ?thesis using 1 unfolding strict_subtree_def by fastforce
+ qed
+qed(simp)
+
+lemma dtree_to_list_split_subtree_dverts_eq_fsts:
+ assumes "max_deg t \<le> 1" and "as@(r,e)#bs = dtree_to_list t"
+ shows "\<exists>xs. strict_subtree (Node r xs) t \<and> dverts (Node r xs) = insert r (fst`set bs)"
+proof -
+ obtain xs where xs_def:
+ "is_subtree (Node r xs) t" "Node r xs \<noteq> t" "dtree_to_list (Node r xs) = bs"
+ using dtree_to_list_split_subtree[OF assms(2)] unfolding strict_subtree_def by blast
+ have "max_deg (Node r xs) \<le> 1" using mdeg_ge_sub[OF xs_def(1)] assms(1) by simp
+ then show ?thesis
+ using dtree_to_list_eq_dverts_ins[of "Node r xs"] xs_def strict_subtree_def by auto
+qed
+
+lemma dtree_to_list_split_subtree_dverts_eq_fsts':
+ assumes "max_deg t \<le> 1" and "as@(r,e)#bs = dtree_to_list t"
+ shows "\<exists>xs. strict_subtree (Node r xs) t \<and> dverts (Node r xs) = (fst ` set ((r,e)#bs))"
+ using dtree_to_list_split_subtree_dverts_eq_fsts[OF assms] by simp
+
+lemma dtree_from_list_dverts_subset_wfdverts1:
+ assumes "dverts t1 \<subseteq> fst ` set ((r,e2)#bs)"
+ and "wf_dverts (dtree_from_list v (as@(r,e2)#bs))"
+ and "is_subtree (Node r ys) (dtree_from_list v (as@(r,e2)#bs))"
+ shows "dverts t1 \<subseteq> dverts (Node r ys)"
+ using subtree_from_list_split_eq_if_wfdverts[OF assms(2,3)] assms(1) dtree_from_list_eq_dverts
+ by fastforce
+
+lemma dtree_from_list_dverts_subset_wfdverts1':
+ assumes "wf_dverts (dtree_from_list v cs)"
+ and "is_subtree (Node r ys) (dtree_from_list v cs)"
+ and "\<exists>as e bs. as@(r,e)#bs = cs \<and> dverts t1 \<subseteq> fst ` set ((r,e)#bs)"
+ shows "dverts t1 \<subseteq> dverts (Node r ys)"
+ using dtree_from_list_dverts_subset_wfdverts1 assms by fast
+
+lemma dtree_from_list_1_leaf: "num_leaves (dtree_from_list r xs) = 1"
+ using num_leaves_1_if_mdeg_1 dtree_from_list_deg_le_1 by fast
+
+subsection \<open>Inserting in Dtrees\<close>
+
+abbreviation insert_before ::
+ "'a \<Rightarrow> 'b \<Rightarrow> 'a \<Rightarrow> (('a,'b) dtree \<times> 'b) fset \<Rightarrow> (('a,'b) dtree \<times> 'b) fset" where
+ "insert_before v e y xs \<equiv> ffold (\<lambda>(t1,e1).
+ finsert (if root t1 = y then (Node v {|(t1,e1)|},e) else (t1,e1))) {||} xs"
+
+fun insert_between :: "'a \<Rightarrow> 'b \<Rightarrow> 'a \<Rightarrow> 'a \<Rightarrow> ('a,'b) dtree \<Rightarrow> ('a,'b) dtree" where
+ "insert_between v e x y (Node r xs) = (if x=r \<and> (\<exists>t. t \<in> fst ` fset xs \<and> root t = y)
+ then Node r (insert_before v e y xs)
+ else if x=r then Node r (finsert (Node v {||},e) xs)
+ else Node r ((\<lambda>(t,e1). (insert_between v e x y t,e1)) |`| xs))"
+
+lemma insert_between_id_if_notin: "x \<notin> dverts t \<Longrightarrow> insert_between v e x y t = t"
+proof(induction t)
+ case (Node r xs)
+ have "\<forall>(t,e) \<in> fset xs. x \<notin> dverts t" using Node.prems by force
+ then have "\<forall>(t,e1) \<in> fset xs. (\<lambda>(t,e1). (insert_between v e x y t,e1)) (t,e1) = (t,e1)"
+ using Node.IH by auto
+ then have "((\<lambda>(t,e1). (insert_between v e x y t,e1)) |`| xs) = xs"
+ by (smt (verit, ccfv_threshold) fset.map_cong0 case_prodE fimage_ident)
+ then show ?case using Node.prems by simp
+qed
+
+context wf_dtree
+begin
+
+lemma insert_before_commute_aux:
+ assumes "f = (\<lambda>(t1,e1). finsert (if root t1 = y1 then (Node v {|(t1,e1)|},e) else (t1,e1)))"
+ shows "(f y \<circ> f x) z = (f x \<circ> f y) z"
+proof -
+ obtain t1 e1 where y_def: "y = (t1, e1)" by fastforce
+ obtain t2 e2 where "x = (t2, e2)" by fastforce
+ then show ?thesis using assms y_def by auto
+qed
+
+lemma insert_before_commute:
+ "comp_fun_commute (\<lambda>(t1,e1). finsert (if root t1 = y1 then (Node v {|(t1,e1)|},e) else (t1,e1)))"
+ using comp_fun_commute_def insert_before_commute_aux by fastforce
+
+interpretation Comm:
+ comp_fun_commute "\<lambda>(t1,e1). finsert (if root t1 = y then (Node v {|(t1,e1)|},e) else (t1,e1))"
+ by (rule insert_before_commute)
+
+lemma root_not_new_in_orig:
+ "\<lbrakk>(t1,e1) \<in> fset (insert_before v e y xs); root t1 \<noteq> v\<rbrakk> \<Longrightarrow> (t1,e1) \<in> fset xs"
+proof(induction xs)
+ case empty
+ then show ?case by simp
+next
+ case (insert x xs)
+ let ?f = "(\<lambda>(t1,e1). if root t1 = y then (Node v {|(t1,e1)|},e) else (t1,e1))"
+ show ?case
+ proof(cases "(t1,e1) \<in> fset (insert_before v e y xs)")
+ case True
+ then show ?thesis using insert.IH insert.prems(2) by simp
+ next
+ case False
+ have "insert_before v e y (finsert x xs) = finsert (?f x) (insert_before v e y xs)"
+ by (simp add: insert.hyps prod.case_distrib)
+ then have "?f x = (t1,e1)" using False insert.prems(1) by force
+ then have "x = (t1,e1)"
+ by (smt (z3) insert.prems(2) dtree.sel(1) old.prod.exhaust prod.inject case_prod_conv)
+ then show ?thesis by simp
+ qed
+qed
+
+lemma root_not_y_in_new:
+ "\<lbrakk>(t1,e1) \<in> fset xs; root t1 \<noteq> y\<rbrakk> \<Longrightarrow> (t1,e1) \<in> fset (insert_before v e y xs)"
+proof(induction xs)
+ case empty
+ then show ?case by simp
+next
+ case (insert x xs)
+ let ?f = "(\<lambda>(t1,e1). if root t1 = y then (Node v {|(t1,e1)|},e) else (t1,e1))"
+ show ?case
+ proof(cases "(t1,e1) = x")
+ case True
+ then show ?thesis using insert by auto
+ next
+ case False
+ have "insert_before v e y (finsert x xs) = finsert (?f x) (insert_before v e y xs)"
+ by (simp add: insert.hyps prod.case_distrib)
+ then show ?thesis using insert.IH insert.prems by force
+ qed
+qed
+
+lemma root_noty_if_in_insert_before:
+ "\<lbrakk>(t1,e1) \<in> fset (insert_before v e y xs); v\<noteq>y\<rbrakk> \<Longrightarrow> root t1 \<noteq> y"
+proof(induction xs)
+ case empty
+ then show ?case by simp
+next
+ case (insert x xs)
+ let ?f = "(\<lambda>(t1,e1). if root t1 = y then (Node v {|(t1,e1)|},e) else (t1,e1))"
+ show ?case
+ proof(cases "(t1,e1) \<in> fset (insert_before v e y xs)")
+ case True
+ then show ?thesis using insert.IH insert.prems(2) by fast
+ next
+ case False
+ have "insert_before v e y (finsert x xs) = finsert (?f x) (insert_before v e y xs)"
+ by (simp add: insert.hyps prod.case_distrib)
+ then have 0: "?f x = (t1,e1)" using insert.prems False by simp
+ then show ?thesis
+ proof(cases "root t1 = v")
+ case True
+ then show ?thesis using insert.prems(2) by simp
+ next
+ case False
+ then show ?thesis by (smt (z3) dtree.sel(1) old.prod.exhaust prod.inject 0 case_prod_conv)
+ qed
+ qed
+qed
+
+lemma in_insert_before_child_in_orig:
+ "\<lbrakk>(t1,e1) \<in> fset (insert_before v e y xs); (t1,e1) \<notin> fset xs\<rbrakk>
+ \<Longrightarrow> \<exists>(t2,e2) \<in> fset xs. (Node v {|(t2,e2)|}) = t1 \<and> root t2 = y \<and> e1=e"
+proof(induction xs)
+ case empty
+ then show ?case by simp
+next
+ case (insert x xs)
+ let ?f = "(\<lambda>(t1,e1). if root t1 = y then (Node v {|(t1,e1)|},e) else (t1,e1))"
+ show ?case
+ proof(cases "(t1,e1) \<in> fset (insert_before v e y xs)")
+ case True
+ then show ?thesis using insert.IH insert.prems(2) by simp
+ next
+ case False
+ have "insert_before v e y (finsert x xs) = finsert (?f x) (insert_before v e y xs)"
+ by (simp add: insert.hyps prod.case_distrib)
+ then show ?thesis
+ by (smt (z3) False Pair_inject old.prod.case case_prodI2 finsert_iff insert.prems notin_fset)
+ qed
+qed
+
+lemma insert_before_not_y_id:
+ "\<not>(\<exists>t. t \<in> fst ` fset xs \<and> root t = y) \<Longrightarrow> insert_before v e y xs = xs"
+proof(induction xs)
+ case (insert x xs)
+ let ?f = "(\<lambda>(t1,e1). if root t1 = y then (Node v {|(t1,e1)|},e) else (t1,e1))"
+ have "insert_before v e y (finsert x xs) = finsert (?f x) (insert_before v e y xs)"
+ by (simp add: insert.hyps prod.case_distrib)
+ then have "insert_before v e y (finsert x xs) = finsert x (insert_before v e y xs)"
+ using notin_fset insert.prems
+ by (smt (z3) old.prod.exhaust case_prod_conv finsertCI fst_conv image_eqI)
+ moreover have "\<not>(\<exists>t. t \<in> fst ` fset xs \<and> root t = y)" using insert.prems by auto
+ ultimately show ?case using insert.IH by blast
+qed (simp)
+
+lemma insert_before_alt:
+ "insert_before v e y xs
+ = (\<lambda>(t1,e1). if root t1 = y then (Node v {|(t1,e1)|},e) else (t1,e1)) |`| xs"
+ by(induction xs) (auto simp: Product_Type.prod.case_distrib)
+
+lemma dverts_insert_before_aux:
+ "\<exists>t. t \<in> fst ` fset xs \<and> root t = y
+ \<Longrightarrow> (\<Union>x\<in>fset (insert_before v e y xs). \<Union> (dverts ` Basic_BNFs.fsts x))
+ = insert v (\<Union>x\<in>fset xs. \<Union> (dverts ` Basic_BNFs.fsts x))"
+proof(induction xs)
+ case empty
+ then show ?case by simp
+next
+ case (insert x xs)
+ let ?f = "(\<lambda>(t1,e1). if root t1 = y then (Node v {|(t1,e1)|},e) else (t1,e1))"
+ obtain t1 e1 where t1_def: "x = (t1,e1)" by fastforce
+ then show ?case
+ proof(cases "root t1 = y")
+ case True
+ then have "insert_before v e y (finsert x xs) = finsert (?f x) (insert_before v e y xs)"
+ by (simp add: insert.hyps prod.case_distrib)
+ then have "insert_before v e y (finsert x xs)
+ = finsert (Node v {|(t1,e1)|},e) (insert_before v e y xs)"
+ using t1_def True by simp
+ then have 0: "(\<Union>x\<in>fset (insert_before v e y (finsert x xs)). \<Union> (dverts ` Basic_BNFs.fsts x))
+ = insert v (dverts t1) \<union> (\<Union>x\<in>fset (insert_before v e y xs). \<Union> (dverts ` Basic_BNFs.fsts x))"
+ using t1_def by simp
+ have 1: "dverts (Node v {|(t1,e1)|}) = insert v (dverts t1)" by simp
+ show ?thesis
+ proof(cases "\<exists>t. t \<in> fst ` fset xs \<and> root t = y")
+ case True
+ then show ?thesis using t1_def 0 insert.IH by simp
+ next
+ case False
+ then show ?thesis using t1_def 0 insert_before_not_y_id by force
+ qed
+ next
+ case False
+ then have 0: "\<exists>t. t \<in> fst ` fset xs \<and> root t = y" using insert.prems t1_def by force
+ have "insert_before v e y (finsert x xs) = finsert (?f x) (insert_before v e y xs)"
+ by (simp add: insert.hyps prod.case_distrib)
+ then have "insert_before v e y (finsert x xs) = finsert x (insert_before v e y xs)"
+ by (simp add: False t1_def)
+ then show ?thesis using insert.IH insert.prems 0 by simp
+ qed
+qed
+
+lemma insert_between_add_v_if_x_in:
+ "x \<in> dverts t \<Longrightarrow> dverts (insert_between v e x y t) = insert v (dverts t)"
+using wf_verts proof(induction t)
+ case (Node r xs)
+ show ?case
+ proof(cases "x=r")
+ case False
+ then obtain t e1 where t_def: "(t,e1) \<in> fset xs" "x \<in> dverts t" using Node.prems(1) by auto
+ then have "\<forall>(t2,e2) \<in> fset xs. (t,e1) \<noteq> (t2,e2) \<longrightarrow> x \<notin> dverts t2"
+ using Node.prems(2) by (fastforce simp: wf_dverts_iff_dverts')
+ then have "\<forall>(t2,e2) \<in> fset xs. (t,e1) = (t2,e2) \<or> (insert_between v e x y t2) = t2"
+ using insert_between_id_if_notin by fast
+ moreover have "(insert_between v e x y t,e1)
+ \<in> fset ((\<lambda>(t,e1). (insert_between v e x y t,e1)) |`| xs)" using t_def(1) by force
+ moreover have "dverts (insert_between v e x y t) = insert v (dverts t)"
+ using Node.IH Node.prems(2) t_def by auto
+ ultimately show ?thesis using False by force
+ qed (auto simp: dverts_insert_before_aux)
+qed
+
+lemma insert_before_only1_new:
+ assumes "\<forall>(x,e1) \<in> fset xs. \<forall>(y,e2) \<in> fset xs. (dverts x \<inter> dverts y = {} \<or> (x,e1)=(y,e2))"
+ and "(t1,e1) \<noteq> (t2,e2)"
+ and "(t1,e1) \<in> fset (insert_before v e y xs)"
+ and "(t2,e2) \<in> fset (insert_before v e y xs)"
+ shows "(t1,e1) \<in> fset xs \<or> (t2,e2) \<in> fset xs"
+proof (rule ccontr)
+ assume "\<not>((t1,e1) \<in> fset xs \<or> (t2,e2) \<in> fset xs)"
+ then have asm: "(t1,e1) \<notin> fset xs" "(t2,e2) \<notin> fset xs" by auto
+ obtain t3 e3 where t3_def: "(t3, e3)\<in>fset xs" "Node v {|(t3, e3)|} = t1" "root t3 = y" "e1=e"
+ using in_insert_before_child_in_orig assms(3) asm(1) by fast
+ obtain t4 e4 where t4_def: "(t4, e4)\<in>fset xs" "Node v {|(t4, e4)|} = t2" "root t4 = y" "e2=e"
+ using in_insert_before_child_in_orig assms(4) asm(2) by fast
+ then have "dverts t3 \<inter> dverts t4 \<noteq> {}" using t3_def(3) dtree.set_sel(1) by force
+ then have "(t3,e3) = (t4,e4)" using assms(1) t3_def(1) t4_def(1) by fast
+ then show False using assms(2) t3_def(2,4) t4_def(2,4) by fast
+qed
+
+lemma disjoint_dverts_aux1:
+ assumes "\<forall>(t1,e1) \<in> fset xs. \<forall>(t2,e2) \<in> fset xs. (dverts t1 \<inter> dverts t2 = {} \<or> (t1,e1)=(t2,e2))"
+ and "v \<notin> dverts (Node r xs)"
+ and "(t1,e1) \<in> fset (insert_before v e y xs)"
+ and "(t2,e2) \<in> fset (insert_before v e y xs)"
+ and "(t1,e1) \<noteq> (t2,e2)"
+ shows "dverts t1 \<inter> dverts t2 = {}"
+proof -
+ consider "(t1,e1) \<in> fset xs" "(t2,e2) \<in> fset xs"
+ | "(t1,e1) \<notin> fset xs" "(t2,e2) \<in> fset xs"
+ | "(t1,e1) \<in> fset xs" "(t2,e2) \<notin> fset xs"
+ using insert_before_only1_new assms(1,3-5) by fast
+ then show ?thesis
+ proof(cases)
+ case 1
+ then show ?thesis using assms(1,5) by fast
+ next
+ case 2
+ obtain t3 e3 where t3_def: "(t3, e3)\<in>fset xs" "Node v {|(t3, e3)|} = t1" "root t3 = y" "e1=e"
+ using in_insert_before_child_in_orig assms(3) 2 by fast
+ then have "y\<noteq>v" using assms(2) dtree.set_sel(1) by force
+ then have "(t3,e3) \<noteq> (t2,e2)" using assms(4) t3_def(3) root_noty_if_in_insert_before by fast
+ then have "dverts t3 \<inter> dverts t2 = {}" using assms(1) 2(2) t3_def(1) by fast
+ then show ?thesis using assms(1,2) t3_def(1,2) 2(2) by force
+ next
+ case 3
+ obtain t3 e3 where t3_def: "(t3, e3)\<in>fset xs" "Node v {|(t3, e3)|} = t2" "root t3 = y" "e2=e"
+ using in_insert_before_child_in_orig assms(4) 3 by fast
+ then have "y\<noteq>v" using assms(2) dtree.set_sel(1) by force
+ then have "(t3,e3) \<noteq> (t1,e1)" using assms(3) t3_def(3) root_noty_if_in_insert_before by fast
+ then have "dverts t3 \<inter> dverts t1 = {}" using assms(1) 3(1) t3_def(1) by fast
+ then show ?thesis using assms(2) t3_def(2) 3(1) by force
+ qed
+qed
+
+lemma disjoint_dverts_aux1':
+ assumes "wf_dverts (Node r xs)" and "v \<notin> dverts (Node r xs)"
+ shows "\<forall>(x,e1) \<in> fset (insert_before v e y xs). \<forall>(y,e2) \<in> fset (insert_before v e y xs).
+ dverts x \<inter> dverts y = {} \<or> (x,e1) = (y,e2)"
+ using assms disjoint_dverts_aux1 disjoint_dverts_if_wf unfolding wf_dverts_iff_dverts' by fast
+
+lemma insert_before_wf_dverts:
+ "\<lbrakk>\<forall>(t,e1) \<in> fset xs. wf_dverts t; v \<notin> dverts(Node r xs); (t1,e1) \<in> fset (insert_before v e y xs)\<rbrakk>
+ \<Longrightarrow> wf_dverts t1"
+proof(induction xs)
+ case (insert x xs)
+ let ?f = "(\<lambda>(t1,e1). if root t1 = y then (Node v {|(t1,e1)|},e) else (t1,e1))"
+ show ?case
+ proof(cases "(t1,e1) \<in> fset (insert_before v e y xs)")
+ case in_xs: True
+ then show ?thesis
+ proof(cases "?f x = (t1,e1)")
+ case True
+ have "insert_before v e y (finsert x xs) = finsert (?f x) (insert_before v e y xs)"
+ by (simp add: insert.hyps prod.case_distrib)
+ then have "insert_before v e y (finsert x xs) = insert_before v e y xs"
+ using True in_xs notin_fset by fastforce
+ then show ?thesis using insert.IH insert.prems by simp
+ next
+ case False
+ then show ?thesis using in_xs insert.IH insert.prems(1,2) by auto
+ qed
+ next
+ case False
+ have "insert_before v e y (finsert x xs) = finsert (?f x) (insert_before v e y xs)"
+ by (simp add: insert.hyps prod.case_distrib)
+ then have "?f x = (t1,e1)" using False insert.prems(3) by fastforce
+ then show ?thesis
+ proof(cases "root t1 = v")
+ case True
+ then have "(t1,e1) \<notin> fset (finsert x xs)" using insert.prems(2) dtree.set_sel(1) by force
+ then obtain t2 e2 where
+ t2_def: "(t2, e2)\<in>fset (finsert x xs)" "Node v {|(t2, e2)|} = t1" "root t2 = y" "e1=e"
+ using in_insert_before_child_in_orig[of t1] insert.prems(3) by blast
+ then show ?thesis using insert.prems(1,2) by (fastforce simp: wf_dverts_iff_dverts')
+ next
+ case False
+ then have "(t1,e1) = x"
+ using insert.prems(1) notin_fset dtree.sel(1) \<open>?f x = (t1,e1)\<close>
+ by (smt (verit, ccfv_SIG) Pair_inject old.prod.case case_prodE finsertI1)
+ then show ?thesis using insert.prems(1) by auto
+ qed
+ qed
+qed (simp)
+
+lemma insert_before_root_nin_verts:
+ "\<lbrakk>\<forall>(t,e1)\<in>fset xs. r \<notin> dverts t; v \<notin> dverts (Node r xs); (t1,e1) \<in> fset (insert_before v e y xs)\<rbrakk>
+ \<Longrightarrow> r \<notin> dverts t1"
+proof(induction xs)
+ case (insert x xs)
+ let ?f = "(\<lambda>(t1,e1). if root t1 = y then (Node v {|(t1,e1)|},e) else (t1,e1))"
+ show ?case
+ proof(cases "(t1,e1) \<in> fset (insert_before v e y xs)")
+ case in_xs: True
+ then show ?thesis
+ proof(cases "?f x = (t1,e1)")
+ case True
+ have "insert_before v e y (finsert x xs) = finsert (?f x) (insert_before v e y xs)"
+ by (simp add: insert.hyps prod.case_distrib)
+ then have "insert_before v e y (finsert x xs) = insert_before v e y xs"
+ using True in_xs notin_fset by fastforce
+ then show ?thesis using insert.IH insert.prems by simp
+ next
+ case False
+ then show ?thesis using in_xs insert.IH insert.prems(1,2) by auto
+ qed
+ next
+ case False
+ have "insert_before v e y (finsert x xs) = finsert (?f x) (insert_before v e y xs)"
+ by (simp add: insert.hyps prod.case_distrib)
+ then have "?f x = (t1,e1)" using False insert.prems(3) by fastforce
+ then show ?thesis
+ proof(cases "root t1 = v")
+ case True
+ then have "(t1,e1) \<notin> fset (finsert x xs)" using insert.prems(2) dtree.set_sel(1) by force
+ then obtain t2 e2 where
+ t2_def: "(t2, e2)\<in>fset (finsert x xs)" "Node v {|(t2, e2)|} = t1" "root t2 = y" "e1=e"
+ using in_insert_before_child_in_orig[of t1] insert.prems(3) by blast
+ then show ?thesis using insert.prems(1,2) by fastforce
+ next
+ case False
+ then have "(t1,e1) = x"
+ using insert.prems(1) notin_fset dtree.sel(1) \<open>?f x = (t1,e1)\<close>
+ by (smt (verit, ccfv_SIG) Pair_inject old.prod.case case_prodE finsertI1)
+ then show ?thesis using insert.prems(1) by auto
+ qed
+ qed
+qed (simp)
+
+lemma disjoint_dverts_aux2:
+ assumes "wf_dverts (Node r xs)" and "v \<notin> dverts (Node r xs)"
+ shows "\<forall>(x,e1) \<in> fset (finsert (Node v {||},e) xs). \<forall>(y,e2) \<in> fset (finsert (Node v {||},e) xs).
+ dverts x \<inter> dverts y = {} \<or> (x,e1) = (y,e2)"
+ using assms by (fastforce simp: wf_dverts_iff_dverts')
+
+lemma disjoint_dverts_aux3:
+ assumes "(t2,e2) \<in> (\<lambda>(t1,e1). (insert_between v e x y t1, e1)) ` fset xs"
+ and "(t3,e3) \<in> (\<lambda>(t1,e1). (insert_between v e x y t1, e1)) ` fset xs"
+ and "(t2,e2)\<noteq>(t3,e3)"
+ and "(t,e1) \<in> fset xs"
+ and "x \<in> dverts t"
+ and "wf_dverts (Node r xs)"
+ and "v \<notin> dverts (Node r xs)"
+ shows "dverts t2 \<inter> dverts t3 = {}"
+proof -
+ have "\<forall>(t2,e2) \<in> fset xs. (t,e1)=(t2,e2) \<or> x \<notin> dverts t2"
+ using assms(4-6) by (fastforce simp: wf_dverts_iff_dverts')
+ then have nt1_id: "\<forall>(t2,e2) \<in> fset xs. (t,e1) = (t2,e2) \<or> insert_between v e x y t2 = t2"
+ using insert_between_id_if_notin by fastforce
+ have dverts_t1: "dverts (insert_between v e x y t) = insert v (dverts t)"
+ using assms(5-6) by (simp add: insert_between_add_v_if_x_in)
+ have t1_disj: "\<forall>(t2,e2) \<in> fset xs. (t,e1) = (t2,e2) \<or> dverts t2 \<inter> insert v (dverts t) = {}"
+ using assms(4-7) by (fastforce simp: wf_dverts_iff_dverts')
+ consider "(t2,e2) = (insert_between v e x y t,e1)"
+ | "(t3,e3) = (insert_between v e x y t,e1)"
+ | "(t2,e2) \<noteq> (insert_between v e x y t,e1)" "(t3,e3) \<noteq> (insert_between v e x y t,e1)"
+ by fast
+ then show ?thesis
+ proof(cases)
+ case 1
+ then have "(t3,e3) \<in> fset xs" using assms(2,3) nt1_id by fastforce
+ moreover have "(t3,e3) \<noteq> (t,e1)" using assms(2,3) 1 nt1_id by fastforce
+ ultimately show ?thesis using 1 t1_disj dverts_t1 by fastforce
+ next
+ case 2
+ then have "(t2,e2) \<in> fset xs" using assms(1,3) nt1_id by fastforce
+ moreover have "(t2,e2) \<noteq> (t,e1)" using assms(1,3) 2 nt1_id by auto
+ ultimately show ?thesis using 2 t1_disj dverts_t1 by fastforce
+ next
+ case 3
+ then have "(t2,e2) \<in> fset xs" using assms(1) nt1_id by fastforce
+ moreover have "(t3,e3) \<in> fset xs" using assms(2) 3(2) nt1_id by auto
+ ultimately show ?thesis using assms(3,6) by (fastforce simp: wf_dverts_iff_dverts')
+ qed
+qed
+
+lemma insert_between_wf_dverts: "v \<notin> dverts t \<Longrightarrow> wf_dverts (insert_between v e x y t)"
+using wf_dtree_axioms proof(induction t)
+ case (Node r xs)
+ then interpret wf_dtree "Node r xs" by blast
+ consider "x=r" "\<exists>t. t \<in> fst ` fset xs \<and> root t = y"
+ | "x=r" "\<not>(\<exists>t. t \<in> fst ` fset xs \<and> root t = y)" | "x\<noteq>r" by fast
+ then show ?case
+ proof(cases)
+ case 1
+ then have "insert_between v e x y (Node r xs) = Node r (insert_before v e y xs)" by simp
+ moreover have "\<forall>(x,e1) \<in> fset (insert_before v e y xs). r \<notin> dverts x"
+ using insert_before_root_nin_verts wf_verts Node.prems(1)
+ by (fastforce simp: wf_dverts_iff_dverts')
+ moreover have "\<forall>(x,e1) \<in> fset (insert_before v e y xs). wf_dverts x"
+ using insert_before_wf_dverts Node.prems(1) wf_verts by fastforce
+ moreover have "\<forall>(x, e1)\<in>fset (insert_before v e y xs).
+ \<forall>(y, e2)\<in>fset (insert_before v e y xs). dverts x \<inter> dverts y = {} \<or> (x, e1) = (y, e2)"
+ using disjoint_dverts_aux1' Node.prems(1) wf_verts unfolding wf_dverts_iff_dverts' by fast
+ ultimately show ?thesis by (fastforce simp: wf_dverts_iff_dverts')
+ next
+ case 2
+ then have "insert_between v e x y (Node r xs) = Node r (finsert (Node v {||},e) xs)" by simp
+ then show ?thesis
+ using disjoint_dverts_aux2[of r xs v] Node.prems(1) wf_verts
+ by (fastforce simp: wf_dverts_iff_dverts')
+ next
+ case 3
+ let ?f = "\<lambda>(t1,e1). (insert_between v e x y t1, e1)"
+ show ?thesis
+ proof(cases "\<exists>(t1,e1) \<in> fset xs. x \<in> dverts t1")
+ case True
+ then obtain t1 e1 where t1_def: "(t1,e1) \<in> fset xs" " x \<in> dverts t1" by blast
+ then interpret T: wf_dtree t1 using wf_dtree_rec by blast
+ have "\<forall>(t2,e2) \<in> ?f ` fset xs. \<forall>(t3,e3) \<in> ?f ` fset xs.
+ (t2,e2) = (t3,e3) \<or> dverts t2 \<inter> dverts t3 = {}"
+ using T.disjoint_dverts_aux3 Node.prems(1) t1_def wf_verts by blast
+ moreover have "\<And>t2 e2. (t2,e2) \<in> ?f ` fset xs \<longrightarrow> r \<notin> dverts t2 \<and> wf_dverts t2"
+ proof
+ fix t2 e2
+ assume asm: "(t2,e2) \<in> ?f ` fset xs"
+ then show "r \<notin> dverts t2 \<and> wf_dverts t2"
+ proof(cases "(t2,e2) = (insert_between v e x y t1,e1)")
+ case True
+ then have "wf_dverts (insert_between v e x y t1)"
+ using Node.IH Node.prems(1) T.wf_dtree_axioms t1_def(1) by auto
+ then show ?thesis
+ using Node.prems(1) wf_verts True T.insert_between_add_v_if_x_in t1_def
+ by (auto simp: wf_dverts_iff_dverts')
+ next
+ case False
+ have "\<forall>(t2,e2) \<in> fset xs. (t1,e1)=(t2,e2) \<or> x \<notin> dverts t2"
+ using wf_verts t1_def by (fastforce simp: wf_dverts_iff_dverts')
+ then have "\<forall>(t2,e2) \<in> fset xs. (t1,e1) = (t2,e2) \<or> insert_between v e x y t2 = t2"
+ using insert_between_id_if_notin by fastforce
+ then show ?thesis using wf_verts asm False by (fastforce simp: wf_dverts_iff_dverts')
+ qed
+ qed
+ ultimately show ?thesis using 3 by (fastforce simp: wf_dverts_iff_dverts')
+ next
+ case False
+ then show ?thesis
+ using wf_verts 3 insert_between_id_if_notin fst_conv
+ by (smt (verit, ccfv_threshold) fsts.cases dtree.inject dtree.set_cases(1) case_prodI2)
+ qed
+ qed
+qed
+
+lemma darcs_insert_before_aux:
+ "\<exists>t. t \<in> fst ` fset xs \<and> root t = y
+ \<Longrightarrow> (\<Union>x\<in>fset (insert_before v e y xs). \<Union> (darcs ` Basic_BNFs.fsts x) \<union> Basic_BNFs.snds x)
+ = insert e (\<Union>x\<in>fset xs. \<Union> (darcs ` Basic_BNFs.fsts x) \<union> Basic_BNFs.snds x)"
+proof(induction xs)
+ case (insert x xs)
+ let ?f = "(\<lambda>(t1,e1). if root t1 = y then (Node v {|(t1,e1)|},e) else (t1,e1))"
+ let ?xs = "insert_before v e y (finsert x xs)"
+ obtain t1 e1 where t1_def: "x = (t1,e1)" by fastforce
+ then show ?case
+ proof(cases "root t1 = y")
+ case True
+ then have "?xs = finsert (?f x) (insert_before v e y xs)"
+ by (simp add: insert.hyps prod.case_distrib)
+ then have "?xs = finsert (Node v {|(t1,e1)|},e) (insert_before v e y xs)"
+ using t1_def True by simp
+ then have 0: "(\<Union>x\<in>fset ?xs. \<Union> (darcs ` Basic_BNFs.fsts x) \<union> Basic_BNFs.snds x)
+ = (\<Union> (darcs ` {Node v {|(t1,e1)|}}) \<union> {e})
+ \<union> (\<Union>x\<in>fset (insert_before v e y xs). \<Union> (darcs ` Basic_BNFs.fsts x) \<union> Basic_BNFs.snds x)"
+ using t1_def by simp
+ have 1: "dverts (Node v {|(t1,e1)|}) = insert v (dverts t1)" by simp
+ show ?thesis
+ proof(cases "\<exists>t. t \<in> fst ` fset xs \<and> root t = y")
+ case True
+ then show ?thesis using t1_def 0 insert.IH by simp
+ next
+ case False
+ then show ?thesis using t1_def 0 insert_before_not_y_id by force
+ qed
+ next
+ case False
+ then have 0: "\<exists>t. t \<in> fst ` fset xs \<and> root t = y" using insert.prems t1_def by force
+ have "insert_before v e y (finsert x xs) = finsert (?f x) (insert_before v e y xs)"
+ by (simp add: insert.hyps prod.case_distrib)
+ then have "insert_before v e y (finsert x xs) = finsert x (insert_before v e y xs)"
+ by (simp add: False t1_def)
+ then show ?thesis using insert.IH insert.prems 0 by simp
+ qed
+qed (simp)
+
+lemma insert_between_add_e_if_x_in:
+ "x \<in> dverts t \<Longrightarrow> darcs (insert_between v e x y t) = insert e (darcs t)"
+using wf_verts proof(induction t)
+ case (Node r xs)
+ show ?case
+ proof(cases "x=r")
+ case False
+ then obtain t e1 where t_def: "(t,e1) \<in> fset xs" "x \<in> dverts t" using Node.prems(1) by auto
+ then have "\<forall>(t2,e2) \<in> fset xs. (t,e1) \<noteq> (t2,e2) \<longrightarrow> x \<notin> dverts t2"
+ using Node.prems(2) by (fastforce simp: wf_dverts_iff_dverts')
+ then have "\<forall>(t2,e2) \<in> fset xs. (t,e1) = (t2,e2) \<or> (insert_between v e x y t2) = t2"
+ using insert_between_id_if_notin by fast
+ moreover have "(insert_between v e x y t,e1)
+ \<in> fset ((\<lambda>(t,e1). (insert_between v e x y t,e1)) |`| xs)" using t_def(1) by force
+ moreover have "darcs (insert_between v e x y t) = insert e (darcs t)"
+ using Node.IH Node.prems(2) t_def by auto
+ ultimately show ?thesis using False by force
+ qed (auto simp: darcs_insert_before_aux)
+qed
+
+lemma disjoint_darcs_aux1_aux1:
+ assumes "disjoint_darcs xs"
+ and "wf_dverts (Node r xs)"
+ and "v \<notin> dverts (Node r xs)"
+ and "e \<notin> darcs (Node r xs)"
+ and "(t1,e1) \<in> fset (insert_before v e y xs)"
+ and "(t2,e2) \<in> fset (insert_before v e y xs)"
+ and "(t1,e1) \<noteq> (t2,e2)"
+ shows "(darcs t1 \<union> {e1}) \<inter> (darcs t2 \<union> {e2}) = {}"
+proof -
+ consider "(t1,e1) \<in> fset xs" "(t2,e2) \<in> fset xs"
+ | "(t1,e1) \<notin> fset xs" "(t2,e2) \<in> fset xs"
+ | "(t1,e1) \<in> fset xs" "(t2,e2) \<notin> fset xs"
+ using insert_before_only1_new assms(2,5-7) by (fastforce simp: wf_dverts_iff_dverts')
+ then show ?thesis
+ proof(cases)
+ case 1
+ then show ?thesis using assms(1,7) by fast
+ next
+ case 2
+ obtain t3 e3 where t3_def: "(t3, e3)\<in>fset xs" "Node v {|(t3, e3)|} = t1" "root t3 = y" "e1=e"
+ using in_insert_before_child_in_orig assms(5) 2 by fast
+ then have "v\<noteq>y" using assms(3) dtree.set_sel(1) by force
+ then have "(t3,e3) \<noteq> (t2,e2)" using assms(6) t3_def(3) root_noty_if_in_insert_before by fast
+ then have "(darcs t3 \<union> {e3}) \<inter> (darcs t2 \<union> {e2}) = {}" using assms(1) 2(2) t3_def(1) by fast
+ then show ?thesis using assms(4) t3_def(4) 2(2) t3_def(2) by force
+ next
+ case 3
+ obtain t3 e3 where t3_def: "(t3, e3)\<in>fset xs" "Node v {|(t3, e3)|} = t2" "root t3 = y" "e2=e"
+ using in_insert_before_child_in_orig assms(6) 3 by fast
+ then have "v\<noteq>y" using assms(3) dtree.set_sel(1) by force
+ then have "(t3,e3) \<noteq> (t1,e1)" using assms(5) t3_def(3) root_noty_if_in_insert_before by fast
+ then have "(darcs t3 \<union> {e3}) \<inter> (darcs t1 \<union> {e1}) = {}" using assms(1) 3(1) t3_def(1) by fast
+ then show ?thesis using assms(4) t3_def(4) 3(1) t3_def(2) by force
+ qed
+qed
+
+lemma disjoint_darcs_aux1_aux2:
+ assumes "disjoint_darcs xs"
+ and "e \<notin> darcs (Node r xs)"
+ and "(t1,e1) \<in> fset (insert_before v e y xs)"
+ shows "e1 \<notin> darcs t1"
+proof(cases "(t1,e1) \<in> fset xs")
+ case True
+ then show ?thesis using assms(1) by fast
+next
+ case False
+ then obtain t3 e3 where "(t3, e3)\<in>fset xs" "Node v {|(t3, e3)|} = t1" "e1=e"
+ using in_insert_before_child_in_orig assms(3) by fast
+ then show ?thesis using assms(2) by auto
+qed
+
+lemma disjoint_darcs_aux1:
+ assumes "wf_dverts (Node r xs)" and "v \<notin> dverts (Node r xs)"
+ and "wf_darcs (Node r xs)" and "e \<notin> darcs (Node r xs)"
+ shows "disjoint_darcs (insert_before v e y xs)" (is "disjoint_darcs ?xs")
+proof -
+ have 0: "disjoint_darcs xs" using assms(3) disjoint_darcs_if_wf_xs by simp
+ then have "\<forall>(t1,e1) \<in> fset ?xs. e1 \<notin> darcs t1"
+ using disjoint_darcs_aux1_aux2[of xs] assms(4) by fast
+ moreover have "\<forall>(t1,e1) \<in> fset ?xs. \<forall>(t2,e2) \<in> fset ?xs.
+ (darcs t1 \<union> {e1}) \<inter> (darcs t2 \<union> {e2}) = {} \<or> (t1,e1) = (t2,e2)"
+ using disjoint_darcs_aux1_aux1[of xs] assms(1,2,4) 0 by blast
+ ultimately show ?thesis by fast
+qed
+
+lemma insert_before_wf_darcs:
+ "\<lbrakk>wf_darcs (Node r xs); e \<notin> darcs (Node r xs); (t1,e1) \<in> fset (insert_before v e y xs)\<rbrakk>
+ \<Longrightarrow> wf_darcs t1"
+proof(induction xs)
+ case (insert x xs)
+ let ?f = "(\<lambda>(t1,e1). if root t1 = y then (Node v {|(t1,e1)|},e) else (t1,e1))"
+ show ?case
+ proof(cases "(t1,e1) \<in> fset (insert_before v e y xs)")
+ case in_xs: True
+ then show ?thesis
+ proof(cases "?f x = (t1,e1)")
+ case True
+ have "insert_before v e y (finsert x xs) = finsert (?f x) (insert_before v e y xs)"
+ by (simp add: insert.hyps prod.case_distrib)
+ then have "insert_before v e y (finsert x xs) = insert_before v e y xs"
+ using True in_xs notin_fset by fastforce
+ moreover have "disjoint_darcs xs"
+ using disjoint_darcs_insert[OF disjoint_darcs_if_wf_xs[OF insert.prems(1)]] .
+ ultimately show ?thesis
+ using insert.IH insert.prems unfolding wf_darcs_iff_darcs' by force
+ next
+ case False
+ have "disjoint_darcs xs"
+ using disjoint_darcs_insert[OF disjoint_darcs_if_wf_xs[OF insert.prems(1)]] .
+ then show ?thesis
+ using in_xs False insert.IH insert.prems(1,2) by (simp add: wf_darcs_iff_darcs')
+ qed
+ next
+ case False
+ have "insert_before v e y (finsert x xs) = finsert (?f x) (insert_before v e y xs)"
+ by (simp add: insert.hyps prod.case_distrib)
+ then have 0: "?f x = (t1,e1)" using False insert.prems(3) by fastforce
+ then show ?thesis
+ proof(cases "e1=e")
+ case True
+ then have "(t1,e1) \<notin> fset (finsert x xs)" using insert.prems(2) dtree.set_sel(1) by force
+ then obtain t2 e2 where
+ t2_def: "(t2, e2)\<in>fset (finsert x xs)" "Node v {|(t2, e2)|} = t1" "root t2 = y" "e1=e"
+ using in_insert_before_child_in_orig[of t1] insert.prems(3) by blast
+ then show ?thesis
+ using insert.prems(1) t2_def by (fastforce simp: wf_darcs_iff_darcs')
+ next
+ case False
+ then have "(t1,e1) = x"
+ by (smt (z3) 0 old.prod.exhaust prod.inject case_prod_Pair_iden case_prod_conv)
+ then show ?thesis using insert.prems(1) by auto
+ qed
+ qed
+qed (simp)
+
+lemma disjoint_darcs_aux2:
+ assumes "wf_darcs (Node r xs)" and "e \<notin> darcs (Node r xs)"
+ shows "disjoint_darcs (finsert (Node v {||},e) xs)"
+ using assms unfolding wf_darcs_iff_darcs' by fastforce
+
+lemma disjoint_darcs_aux3_aux1:
+ assumes "(t,e1) \<in> fset xs"
+ and "x \<in> dverts t"
+ and "wf_darcs (Node r xs)"
+ and "e \<notin> darcs (Node r xs)"
+ and "(t2,e2) \<in> (\<lambda>(t1,e1). (insert_between v e x y t1, e1)) ` fset xs"
+ and "(t3,e3) \<in> (\<lambda>(t1,e1). (insert_between v e x y t1, e1)) ` fset xs"
+ and "(t2,e2)\<noteq>(t3,e3)"
+ and "wf_dverts (Node r xs)"
+ shows "(darcs t2 \<union> {e2}) \<inter> (darcs t3 \<union> {e3}) = {}"
+proof -
+ have "\<forall>(t2,e2) \<in> fset xs. (t,e1)=(t2,e2) \<or> x \<notin> dverts t2"
+ using assms(1,2,8) by (fastforce simp: wf_dverts_iff_dverts')
+ then have nt1_id: "\<forall>(t2,e2) \<in> fset xs. (t,e1) = (t2,e2) \<or> insert_between v e x y t2 = t2"
+ using insert_between_id_if_notin by fastforce
+ have darcs_t: "darcs (insert_between v e x y t) = insert e (darcs t)"
+ using assms(2,3) by (simp add: insert_between_add_e_if_x_in)
+ consider "(t2,e2) = (insert_between v e x y t,e1)"
+ | "(t3,e3) = (insert_between v e x y t,e1)"
+ | "(t2,e2) \<noteq> (insert_between v e x y t,e1)" "(t3,e3) \<noteq> (insert_between v e x y t,e1)"
+ by fast
+ then show ?thesis
+ proof(cases)
+ case 1
+ then have "(t3,e3) \<in> fset xs" using assms(6,7) nt1_id by fastforce
+ moreover have "(t3,e3) \<noteq> (t,e1)" using assms(6,7) 1 nt1_id by fastforce
+ ultimately have "(darcs t \<union> {e1,e}) \<inter> (darcs t3 \<union> {e3}) = {}"
+ using assms(1,3,4) unfolding wf_darcs_iff_darcs' by fastforce
+ then show ?thesis using 1 darcs_t by auto
+ next
+ case 2
+ then have "(t2,e2) \<in> fset xs" using assms(5,7) nt1_id by fastforce
+ moreover have "(t2,e2) \<noteq> (t,e1)" using assms(5,7) 2 nt1_id by auto
+ ultimately have "(darcs t \<union> {e1,e}) \<inter> (darcs t2 \<union> {e2}) = {}"
+ using assms(1,3,4) unfolding wf_darcs_iff_darcs' by fastforce
+ then show ?thesis using 2 darcs_t by force
+ next
+ case 3
+ then have "(t2,e2) \<in> fset xs" using assms(5) nt1_id by fastforce
+ moreover have "(t3,e3) \<in> fset xs" using assms(6) 3(2) nt1_id by auto
+ ultimately show ?thesis using assms(3,7) unfolding wf_darcs_iff_darcs' by fastforce
+ qed
+qed
+
+lemma disjoint_darcs_aux3_aux2:
+ assumes "(t,e1) \<in> fset xs"
+ and "x \<in> dverts t"
+ and "wf_darcs (Node r xs)"
+ and "e \<notin> darcs (Node r xs)"
+ and "(t2,e2) \<in> (\<lambda>(t1,e1). (insert_between v e x y t1, e1)) ` fset xs"
+ and "wf_dverts (Node r xs)"
+ shows "e2 \<notin> darcs t2"
+proof(cases "(t2,e2) \<in> fset xs")
+ case True
+ then show ?thesis using assms(3) unfolding wf_darcs_iff_darcs' by auto
+next
+ case False
+ obtain t1 where t1_def: "insert_between v e x y t1 = t2" "(t1,e2) \<in> fset xs"
+ using assms(5) by fast
+ then have "x \<in> dverts t1" using insert_between_id_if_notin False by fastforce
+ then have "t = t1" using assms(1,2,6) t1_def(2) by (fastforce simp: wf_dverts_iff_dverts')
+ then have darcs_t: "darcs t2 = insert e (darcs t1)"
+ using insert_between_add_e_if_x_in assms(2) t1_def(1) by force
+ then show ?thesis using assms(3,4) t1_def(2) unfolding wf_darcs_iff_darcs' by fastforce
+qed
+
+lemma disjoint_darcs_aux3:
+ assumes "(t,e1) \<in> fset xs"
+ and "x \<in> dverts t"
+ and "wf_darcs (Node r xs)"
+ and "e \<notin> darcs (Node r xs)"
+ and "wf_dverts (Node r xs)"
+ shows "disjoint_darcs ((\<lambda>(t1,e1). (insert_between v e x y t1, e1)) |`| xs)"
+proof -
+ let ?xs = "(\<lambda>(t1,e1). (insert_between v e x y t1, e1)) |`| xs"
+ let ?xs' = "(\<lambda>(t1,e1). (insert_between v e x y t1, e1)) ` fset xs"
+ have 0: "fset ?xs = ?xs'" by simp
+ then have "\<forall>(t1,e1) \<in> fset ?xs. e1 \<notin> darcs t1"
+ using disjoint_darcs_aux3_aux2 assms by blast
+ moreover have "\<forall>(t1,e1) \<in> ?xs'. \<forall>(t2,e2) \<in> ?xs'.
+ (darcs t1 \<union> {e1}) \<inter> (darcs t2 \<union> {e2}) = {} \<or> (t1,e1) = (t2,e2)"
+ using disjoint_darcs_aux3_aux1 assms by blast
+ ultimately show ?thesis using 0 by fastforce
+qed
+
+lemma insert_between_wf_darcs:
+ "\<lbrakk>e \<notin> darcs t; v \<notin> dverts t \<rbrakk> \<Longrightarrow> wf_darcs (insert_between v e x y t)"
+using wf_dtree_axioms proof(induction t)
+ case (Node r xs)
+ then interpret wf_dtree "Node r xs" by blast
+ consider "x=r" "\<exists>t. t \<in> fst ` fset xs \<and> root t = y"
+ | "x=r" "\<not>(\<exists>t. t \<in> fst ` fset xs \<and> root t = y)" | "x\<noteq>r" by fast
+ then show ?case
+ proof(cases)
+ case 1
+ then have "insert_between v e x y (Node r xs) = Node r (insert_before v e y xs)" by simp
+ moreover have "\<forall>(x,e1) \<in> fset (insert_before v e y xs). wf_darcs x"
+ using insert_before_wf_darcs Node.prems(1) wf_arcs by fast
+ moreover have "disjoint_darcs (insert_before v e y xs)"
+ using disjoint_darcs_aux1[OF wf_verts Node.prems(2) wf_arcs Node.prems(1)] .
+ ultimately show ?thesis by (simp add: wf_darcs_if_darcs'_aux)
+ next
+ case 2
+ then have "insert_between v e x y (Node r xs) = Node r (finsert (Node v {||},e) xs)" by simp
+ then show ?thesis
+ using disjoint_darcs_aux2 Node.prems(1) wf_arcs by (simp add: wf_darcs_iff_darcs')
+ next
+ case 3
+ let ?f = "\<lambda>(t1,e1). (insert_between v e x y t1, e1)"
+ show ?thesis
+ proof(cases "\<exists>(t1,e1) \<in> fset xs. x \<in> dverts t1")
+ case True
+ then obtain t1 e1 where t1_def: "(t1,e1) \<in> fset xs" " x \<in> dverts t1" by blast
+ then interpret T: wf_dtree t1 using wf_dtree_rec by blast
+ have "\<And>t2 e2. (t2,e2) \<in> fset (?f |`| xs) \<longrightarrow> wf_darcs t2"
+ proof
+ fix t2 e2
+ assume asm: "(t2,e2) \<in> fset (?f |`| xs)"
+ then show "wf_darcs t2"
+ proof(cases "(t2,e2) = (insert_between v e x y t1,e1)")
+ case True
+ then have "wf_darcs (insert_between v e x y t1)"
+ using Node t1_def(1) T.wf_dtree_axioms
+ by (metis dtree.set_intros(2) dtree.set_intros(3) insertI1 prod_set_simps(1))
+ then show ?thesis using True by blast
+ next
+ case False
+ have "\<forall>(t2,e2) \<in> fset xs. (t1,e1)=(t2,e2) \<or> x \<notin> dverts t2"
+ using wf_verts t1_def by (fastforce simp: wf_dverts_iff_dverts')
+ then have "\<forall>(t2,e2) \<in> fset xs. (t1,e1) = (t2,e2) \<or> insert_between v e x y t2 = t2"
+ using insert_between_id_if_notin by fastforce
+ then show ?thesis using wf_arcs asm False by fastforce
+ qed
+ qed
+ moreover have "disjoint_darcs (?f |`| xs)"
+ using T.disjoint_darcs_aux3 Node.prems(1) t1_def wf_arcs wf_verts by presburger
+ ultimately show ?thesis using 3 by (fastforce simp: wf_darcs_iff_darcs')
+ next
+ case False
+ then show ?thesis
+ using wf_arcs 3 insert_between_id_if_notin fst_conv
+ by (smt (verit, ccfv_threshold) fsts.cases dtree.inject dtree.set_cases(1) case_prodI2)
+ qed
+ qed
+qed
+
+theorem insert_between_wf_dtree:
+ "\<lbrakk>e \<notin> darcs t; v \<notin> dverts t \<rbrakk> \<Longrightarrow> wf_dtree (insert_between v e x y t)"
+ by (simp add: insert_between_wf_dverts insert_between_wf_darcs wf_dtree_def)
+
+lemma snds_neq_card_eq_card_snd:
+ "\<forall>(t,e) \<in> fset xs. \<forall>(t2,e2) \<in> fset xs. e\<noteq>e2 \<or> (t,e) = (t2,e2) \<Longrightarrow> fcard xs = fcard (snd |`| xs)"
+proof(induction xs)
+ case empty
+ then have "(snd |`| {||}) = {||}" by blast
+ then show ?case by (simp add: fcard_fempty)
+next
+ case (insert x xs)
+ have "fcard xs = fcard (snd |`| xs)" using insert.IH insert.prems by fastforce
+ moreover have "snd x |\<notin>| snd |`| xs"
+ proof
+ assume asm: "snd x |\<in>| snd |`| xs"
+ then obtain t e where t_def: "x = (t,e)" by fastforce
+ then obtain t2 where t2_def: "(t2,e) |\<in>| xs" using asm by auto
+ then have "(t,e)\<noteq>(t2,e)" using insert.hyps t_def by blast
+ moreover have "(t,e) \<in> fset (finsert x xs)" using t_def notin_fset by simp
+ moreover have "(t2,e) \<in> fset (finsert x xs)" using t2_def notin_fset by fastforce
+ ultimately show False using insert.prems by fast
+ qed
+ ultimately show ?case by (simp add: fcard_finsert_disjoint local.insert.hyps)
+qed
+
+lemma snds_neq_img_snds_neq:
+ assumes "\<forall>(t,e) \<in> fset xs. \<forall>(t2,e2) \<in> fset xs. e\<noteq>e2 \<or> (t,e) = (t2,e2)"
+ shows "\<forall>(t1,e1) \<in> fset ((\<lambda>(t1,e1). (f t1, e1)) |`| xs).
+ \<forall>(t2,e2) \<in> fset ((\<lambda>(t1,e1). (f t1, e1)) |`| xs). e1\<noteq>e2 \<or> (t1,e1) = (t2,e2)"
+ using assms by auto
+
+lemma snds_neq_if_disjoint_darcs:
+ assumes "disjoint_darcs xs"
+ shows "\<forall>(t,e) \<in> fset xs. \<forall>(t2,e2) \<in> fset xs. e\<noteq>e2 \<or> (t,e) = (t2,e2)"
+ using assms by fast
+
+lemma snds_neq_img_card_eq:
+ assumes "\<forall>(t,e) \<in> fset xs. \<forall>(t2,e2) \<in> fset xs. e\<noteq>e2 \<or> (t,e) = (t2,e2)"
+ shows "fcard ((\<lambda>(t1,e1). (f t1, e1)) |`| xs) = fcard xs"
+proof -
+ let ?f = "\<lambda>(t1,e1). (f t1, e1)"
+ have "\<forall>(t,e) \<in> fset (?f |`| xs). \<forall>(t2,e2) \<in> fset (?f |`| xs). e\<noteq>e2 \<or> (t,e) = (t2,e2)"
+ using assms snds_neq_img_snds_neq by auto
+ then have "fcard (?f |`| xs) = fcard (snd |`| (?f |`| xs))"
+ using snds_neq_card_eq_card_snd by blast
+ moreover have "snd |`| (?f |`| xs) = snd |`| xs" by force
+ moreover have "fcard xs = fcard (snd |`| xs)" using snds_neq_card_eq_card_snd assms by blast
+ ultimately show ?thesis by simp
+qed
+
+lemma fst_neq_img_card_eq:
+ assumes "\<forall>(t,e) \<in> fset xs. \<forall>(t2,e2) \<in> fset xs. f t \<noteq> f t2 \<or> (t,e) = (t2,e2)"
+ shows "fcard ((\<lambda>(t1,e1). (f t1, e1)) |`| xs) = fcard xs"
+using assms proof(induction xs)
+ case empty
+ then have "(snd |`| {||}) = {||}" by blast
+ then show ?case by (simp add: fcard_fempty)
+next
+ case (insert x xs)
+ have "fcard xs = fcard ((\<lambda>(t1,e1). (f t1, e1)) |`| xs)" using insert by fastforce
+ moreover have "(\<lambda>(t1,e1). (f t1, e1)) x |\<notin>| (\<lambda>(t1,e1). (f t1, e1)) |`| xs"
+ proof
+ assume asm: "(\<lambda>(t1,e1). (f t1, e1)) x |\<in>| (\<lambda>(t1,e1). (f t1, e1)) |`| xs"
+ then obtain t e where t_def: "x = (t,e)" by fastforce
+ then obtain t2 e2 where t2_def:
+ "(t2,e2) |\<in>| xs" "(\<lambda>(t1,e1). (f t1, e1)) (t2,e2) = (\<lambda>(t1,e1). (f t1, e1)) (t,e)"
+ using asm by auto
+ then have "(t,e)\<noteq>(t2,e)" using insert.hyps t_def by fast
+ moreover have "(t,e) \<in> fset (finsert x xs)" using t_def notin_fset by simp
+ moreover have "(t2,e2) \<in> fset (finsert x xs)" using t2_def(1) notin_fset by fastforce
+ ultimately show False using insert.prems t2_def(2) by fast
+ qed
+ ultimately show ?case by (simp add: fcard_finsert_disjoint local.insert.hyps)
+qed
+
+lemma x_notin_insert_before:
+ assumes "x |\<notin>| xs" and "wf_dverts (Node r (finsert x xs))"
+ shows "(\<lambda>(t1,e1). if root t1 = y then (Node v {|(t1,e1)|},e) else (t1,e1)) x
+ |\<notin>| (insert_before v e y xs)" (is "?f x |\<notin>|_")
+proof (cases "root (fst x) = y")
+ case True
+ then obtain t1 e1 where t1_def: "x = (t1,e1)" "root t1 = y" by fastforce
+ then have 0: "\<forall>(t2,e2) \<in> fset xs. dverts t1 \<inter> dverts t2 = {}"
+ using assms notin_fset disjoint_dverts_if_wf_aux by fastforce
+ then have "\<forall>(t2,e2) \<in> fset xs. root t2 \<noteq> y"
+ by (smt (verit, del_insts) dtree.set_sel(1) t1_def(2) case_prodD case_prodI2 disjoint_iff)
+ then have 1: "(insert_before v e y xs) = xs" using insert_before_not_y_id by fastforce
+ have "?f x = (Node v {|(t1,e1)|},e)" using t1_def by simp
+ then have "\<forall>(t2,e2) \<in> fset xs. (fst (?f x)) \<noteq> t2" using 0 dtree.set_sel(1) by fastforce
+ then have "\<forall>(t2,e2) \<in> fset (insert_before v e y xs). ?f x \<noteq> (t2,e2)" using 1 by fastforce
+ then show ?thesis using notin_fset by fast
+next
+ case False
+ then have x_id: "?f x = x" by (smt (verit) old.prod.exhaust case_prod_conv fst_conv)
+ then show ?thesis
+ proof(cases "\<exists>t1. t1 \<in> fst ` fset xs \<and> root t1 = y")
+ case True
+ then obtain t1 e1 where t1_def: "(t1,e1) \<in> fset xs" "root t1 = y" by force
+ then have "(t1,e1) \<in> fset (finsert x xs)" by auto
+ then have 0: "\<forall>(t2,e2) \<in> fset (finsert x xs). (t1,e1) = (t2,e2) \<or> dverts t1 \<inter> dverts t2 = {}"
+ using assms(2) disjoint_dverts_if_wf_aux by fast
+ then have "\<forall>(t2,e2) \<in> fset (finsert x xs). (t1,e1) = (t2,e2) \<or> root t2 \<noteq> y"
+ using dtree.set_sel(1) t1_def(2) insert_not_empty
+ by (smt (verit, ccfv_threshold) Int_insert_right_if1 prod.case_eq_if insert_absorb)
+ then have "\<nexists>t. t \<in> fst ` fset (xs |-| {|(t1,e1)|}) \<and> root t = y" by fastforce
+ then have 1: "?f |`| (xs |-| {|(t1,e1)|}) = (xs |-| {|(t1,e1)|})"
+ using insert_before_not_y_id[of "xs |-| {|(t1,e1)|}"] by (simp add: insert_before_alt)
+ have "?f (t1,e1) = (Node v {|(t1,e1)|},e)" using t1_def by simp
+ then have "?f |`| xs = finsert (Node v {|(t1,e1)|},e) (?f |`| (xs |-| {|(t1,e1)|}))"
+ using t1_def(1) notin_fset by (metis (no_types, lifting) fimage_finsert finsert_fminus)
+ then have "?f |`| xs = finsert (Node v {|(t1,e1)|},e) (xs |-| {|(t1,e1)|})"
+ using 1 by simp
+ then have 2: "insert_before v e y xs = finsert (Node v {|(t1,e1)|},e) (xs |-| {|(t1,e1)|})"
+ by (simp add: insert_before_alt)
+ have "dverts t1 \<inter> dverts (fst x) = {}" using 0 assms(1) notin_fset t1_def(1) by fastforce
+ then have "(Node v {|(t1,e1)|},e) \<noteq> x" using dtree.set_sel(1) by fastforce
+ then show ?thesis using 2 assms(1) x_id by auto
+ next
+ case False
+ then have "(insert_before v e y xs) = xs" using insert_before_not_y_id by fastforce
+ then show ?thesis using assms(1) x_id by simp
+ qed
+qed
+
+end
+
+end
\ No newline at end of file
diff --git a/thys/Query_Optimization/Graph_Additions.thy b/thys/Query_Optimization/Graph_Additions.thy
new file mode 100644
--- /dev/null
+++ b/thys/Query_Optimization/Graph_Additions.thy
@@ -0,0 +1,580 @@
+(* Author: Bernhard Stöckl *)
+
+theory Graph_Additions
+ imports Complex_Main "Graph_Theory.Graph_Theory" "Shortest_Path_Tree"
+begin
+
+lemma two_elems_card_ge_2: "finite xs \<Longrightarrow> x \<in> xs \<and> y \<in> xs \<and> x\<noteq>y \<Longrightarrow> Finite_Set.card xs \<ge> 2"
+ using card_gt_0_iff mk_disjoint_insert not_less_eq_eq by fastforce
+
+section \<open>Graph Extensions\<close>
+
+context wf_digraph
+begin
+
+lemma awalk_dom_if_uneq: "\<lbrakk>u\<noteq>v; awalk u p v\<rbrakk> \<Longrightarrow> \<exists>x. x \<rightarrow>\<^bsub>G\<^esub> v"
+ using reachable_awalk[of u v] awalk_ends[of u p v] converse_reachable_induct by blast
+
+lemma awalk_verts_dom_if_uneq: "\<lbrakk>u\<noteq>v; awalk u p v\<rbrakk> \<Longrightarrow> \<exists>x. x \<rightarrow>\<^bsub>G\<^esub> v \<and> x \<in> set (awalk_verts u p)"
+ proof(induction p arbitrary: u)
+ case Nil
+ then show ?case using awalk_def by simp
+next
+ case (Cons p ps)
+ then show ?case
+ using awalk_Cons_iff[of u p ps v] awalk_verts.simps(2)[of u p ps] awalk_verts_non_Nil
+ by (metis in_arcs_imp_in_arcs_ends list.sel(1) list.set_intros(2) list.set_sel(1))
+qed
+
+lemma awalk_verts_append_distinct:
+ "\<lbrakk>\<exists>v. awalk r (p1@p2) v; distinct (awalk_verts r (p1@p2))\<rbrakk> \<Longrightarrow> distinct (awalk_verts r p1)"
+ using awalk_verts_append by auto
+
+lemma not_distinct_if_head_eq_tail:
+ assumes "tail G p = u" and "head G e = u" and "awalk r (ps@[p]@e#p2) v"
+ shows "\<not>(distinct (awalk_verts r (ps@[p]@e#p2)))"
+using assms proof(induction ps arbitrary: r)
+ case Nil
+ then have "u \<in> set (awalk_verts (head G p) (e#p2))"
+ by (metis append.left_neutral append_Cons awalk_Cons_iff awalk_verts_arc2 list.set_intros(1))
+ then show ?case by (simp add: Nil(1))
+next
+ case (Cons p ps)
+ then show ?case using awalk_Cons_iff by auto
+qed
+
+lemma awalk_verts_subset_if_p_sub:
+ "\<lbrakk>awalk u p1 v; awalk u p2 v; set p1 \<subseteq> set p2\<rbrakk>
+ \<Longrightarrow> set (awalk_verts u p1) \<subseteq> set (awalk_verts u p2)"
+ using awalk_verts_conv by fastforce
+
+lemma awalk_to_apath_verts_subset:
+ "awalk u p v \<Longrightarrow> set (awalk_verts u (awalk_to_apath p)) \<subseteq> set (awalk_verts u p)"
+ using awalk_verts_subset_if_p_sub awalk_to_apath_subset apath_awalk_to_apath awalkI_apath
+ by blast
+
+lemma unique_apath_verts_in_awalk:
+ "\<lbrakk>x \<in> set (awalk_verts u p1); apath u p1 v; awalk u p2 v; \<exists>!p. apath u p v\<rbrakk>
+ \<Longrightarrow> x \<in> set (awalk_verts u p2)"
+ using apath_awalk_to_apath awalk_to_apath_verts_subset by blast
+
+lemma unique_apath_verts_sub_awalk:
+ "\<lbrakk>apath u p v; awalk u q v; \<exists>!p. apath u p v\<rbrakk> \<Longrightarrow> set (awalk_verts u p) \<subseteq> set (awalk_verts u q)"
+ using unique_apath_verts_in_awalk by blast
+
+lemma awalk_verts_append3:
+ "\<lbrakk>awalk u (p@e#q) r; awalk v q r\<rbrakk> \<Longrightarrow> awalk_verts u (p@e#q) = awalk_verts u p @ awalk_verts v q"
+ using awalk_verts_conv by fastforce
+
+lemma verts_reachable_connected:
+ "verts G \<noteq> {} \<Longrightarrow> (\<forall>x\<in>verts G. \<forall>y\<in>verts G. x \<rightarrow>\<^sup>* y) \<Longrightarrow> connected G"
+ by (simp add: connected_def strongly_connected_def reachable_mk_symmetricI)
+
+lemma out_degree_0_no_arcs:
+ assumes "out_degree G v = 0" and "finite (arcs G)"
+ shows "\<forall>y. (v,y) \<notin> arcs_ends G"
+proof (rule ccontr)
+ assume "\<not>(\<forall>y. (v,y) \<notin> arcs_ends G)"
+ then obtain y where y_def: "(v,y) \<in> arcs_ends G" by blast
+ then obtain a where a_def: "a \<in> arcs G \<and> tail G a = v \<and> head G a = y" by auto
+ then have "a \<in> {e \<in> arcs G. tail G e = v}" by simp
+ then have "Finite_Set.card {e \<in> arcs G. tail G e = v} > 0" using assms(2) card_gt_0_iff by force
+ then show False using assms(1) by (metis less_nat_zero_code out_arcs_def out_degree_def)
+qed
+
+lemma out_degree_0_only_self: "finite (arcs G) \<Longrightarrow> out_degree G v = 0 \<Longrightarrow> v \<rightarrow>\<^sup>* x \<Longrightarrow> x = v"
+ using converse_reachable_cases out_degree_0_no_arcs by force
+
+lemma not_elem_no_out_arcs: "v \<notin> verts G \<Longrightarrow> out_arcs G v = {}"
+ by auto
+
+lemma not_elem_no_in_arcs: "v \<notin> verts G \<Longrightarrow> in_arcs G v = {}"
+ by auto
+
+lemma not_elem_out_0: "v \<notin> verts G \<Longrightarrow> out_degree G v = 0"
+ unfolding out_degree_def using not_elem_no_out_arcs by simp
+
+lemma not_elem_in_0: "v \<notin> verts G \<Longrightarrow> in_degree G v = 0"
+ unfolding in_degree_def using not_elem_no_in_arcs by simp
+
+lemma new_vert_only_no_arcs:
+ assumes "G = \<lparr>verts = V \<union> {v}, arcs = A, tail = t, head = h\<rparr>"
+ and "G' = \<lparr>verts = V, arcs = A, tail = t, head = h\<rparr>"
+ and "wf_digraph G'"
+ and "v \<notin> V"
+ and "finite (arcs G)"
+ shows "\<forall>u. (v,u) \<notin> arcs_ends G"
+proof -
+ have "out_degree G' v = 0" using assms(2-4) wf_digraph.not_elem_out_0 by fastforce
+ then have "out_degree G v = 0" unfolding out_degree_def out_arcs_def using assms(1,2) by simp
+ then show ?thesis using assms(5) out_degree_0_no_arcs by blast
+qed
+
+lemma new_leaf_out_sets_eq:
+ assumes "G = \<lparr>verts = V \<union> {v}, arcs = A \<union> {a}, tail = t(a := u), head = h(a := v)\<rparr>"
+ and "G' = \<lparr>verts = V, arcs = A, tail = t, head = h\<rparr>"
+ and "u \<in> V"
+ and "v \<notin> V"
+ and "a \<notin> A"
+ shows "{e \<in> arcs G. tail G e = v} = {e \<in> arcs G'. tail G' e = v}"
+ using assms by auto
+
+lemma new_leaf_out_0:
+ assumes "G = \<lparr>verts = V \<union> {v}, arcs = A \<union> {a}, tail = t(a := u), head = h(a := v)\<rparr>"
+ and "G' = \<lparr>verts = V, arcs = A, tail = t, head = h\<rparr>"
+ and "wf_digraph G'"
+ and "u \<in> V"
+ and "v \<notin> V"
+ and "a \<notin> A"
+ shows "out_degree G v = 0"
+proof -
+ have "tail G a = u" using assms(1) by simp
+ then have 0: "{e \<in> arcs G. tail G e = v} = {e \<in> arcs G'. tail G' e = v}"
+ using new_leaf_out_sets_eq assms(1,2,4-6) by blast
+ have "out_degree G' v = 0" using assms(2,3,5) wf_digraph.not_elem_out_0 by fastforce
+ then show ?thesis unfolding out_degree_def out_arcs_def using 0 by simp
+qed
+
+lemma new_leaf_no_arcs:
+ assumes "G = \<lparr>verts = V \<union> {v}, arcs = A \<union> {a}, tail = t(a := u), head = h(a := v)\<rparr>"
+ and "G' = \<lparr>verts = V, arcs = A, tail = t, head = h\<rparr>"
+ and "wf_digraph G'"
+ and "u \<in> V"
+ and "v \<notin> V"
+ and "a \<notin> A"
+ and "finite (arcs G)"
+ shows "\<forall>u. (v,u) \<notin> arcs_ends G"
+ using new_leaf_out_0 assms out_degree_0_no_arcs by presburger
+
+lemma tail_and_head_eq_impl_cas:
+ assumes "cas x p y"
+ and "\<forall>x \<in> set p. tail G x = tail G' x"
+ and "\<forall>x \<in> set p. head G x = head G' x"
+ shows "pre_digraph.cas G' x p y"
+using assms proof(induction p arbitrary: x y)
+ case Nil
+ show ?case using pre_digraph.cas.simps(1) Nil(1) by fastforce
+next
+ case (Cons p ps)
+ have 0: "tail G' p = x" using Cons.prems(1,2) by simp
+ have "cas (head G p) ps y" using Cons.prems(1) by simp
+ then have "pre_digraph.cas G' (head G' p) ps y" using Cons.IH Cons.prems(2,3) by simp
+ then show ?case using 0 by (simp add: pre_digraph.cas.simps(2))
+qed
+
+lemma new_leaf_same_reachables_orig:
+ assumes "x \<rightarrow>\<^sup>*\<^bsub>G\<^esub> y"
+ and "G = \<lparr>verts = V \<union> {v}, arcs = A \<union> {a}, tail = t(a := u), head = h(a := v)\<rparr>"
+ and "G' = \<lparr>verts = V, arcs = A, tail = t, head = h\<rparr>"
+ and "wf_digraph G'"
+ and "x \<in> V"
+ and "u \<in> V"
+ and "v \<notin> V"
+ and "y \<noteq> v"
+ and "a \<notin> A"
+ and "finite (arcs G)"
+ shows "x \<rightarrow>\<^sup>*\<^bsub>G'\<^esub> y"
+proof -
+ obtain p where p_def: "awalk x p y" using reachable_awalk assms(1) by auto
+ then have 0: "set p \<subseteq> arcs G" by blast
+ have v_0: "out_degree G v = 0" using new_leaf_out_0 assms by presburger
+ have a_notin_p: "a \<notin> set p"
+ proof
+ assume asm: "a \<in> set p"
+ have "head G a = v" using assms(2) by simp
+ then have "\<exists>p' p''. p'@p''=p \<and> awalk x p' v"
+ using asm awalk_decomp awalk_verts_arc2 p_def by metis
+ then obtain p' p'' where p'_def: "p'@p''=p \<and> awalk x p' v" by blast
+ then have "awalk v p'' y" using p_def by auto
+ then have "v \<rightarrow>\<^sup>* y" using reachable_awalk by auto
+ then have "v = y" using out_degree_0_only_self assms(10) v_0 by blast
+ then show False using assms(8) by simp
+ qed
+ then have 1: "set p \<subseteq> arcs G'" using assms(2,3) 0 by auto
+ have "\<forall>x \<in> set p. tail G x = tail G' x" using assms(2,3) a_notin_p by simp
+ moreover have "\<forall>x \<in> set p. head G x = head G' x" using assms(2,3) a_notin_p by simp
+ ultimately have "pre_digraph.cas G' x p y" using tail_and_head_eq_impl_cas p_def by blast
+ then have "pre_digraph.awalk G' x p y" unfolding pre_digraph.awalk_def using assms(3,5) 1 by simp
+ then show ?thesis using assms(4) wf_digraph.reachable_awalkI by fast
+qed
+
+lemma new_leaf_same_reachables_new:
+ assumes "x \<rightarrow>\<^sup>*\<^bsub>G'\<^esub> y"
+ and "G = \<lparr>verts = V \<union> {v}, arcs = A \<union> {a}, tail = t(a := u), head = h(a := v)\<rparr>"
+ and "G' = \<lparr>verts = V, arcs = A, tail = t, head = h\<rparr>"
+ and "wf_digraph G'"
+ and "x \<in> V"
+ and "u \<in> V"
+ and "v \<notin> V"
+ and "y \<noteq> v"
+ and "a \<notin> A"
+ shows "x \<rightarrow>\<^sup>*\<^bsub>G\<^esub> y"
+proof -
+ obtain p where p_def: "pre_digraph.awalk G' x p y"
+ using wf_digraph.reachable_awalk assms(1,4) by fast
+ then have 0: "set p \<subseteq> arcs G'" by (meson pre_digraph.awalk_def)
+ then have a_notin_p: "a \<notin> set p" using assms(3,9) by auto
+ have 1: "set p \<subseteq> arcs G" using assms(2,3) 0 by auto
+ have "\<forall>x \<in> set p. tail G x = tail G' x" using assms(2,3) a_notin_p by simp
+ moreover have "\<forall>x \<in> set p. head G x = head G' x" using assms(2,3) a_notin_p by simp
+ moreover have "pre_digraph.cas G' x p y" using p_def pre_digraph.awalk_def by fast
+ ultimately have "cas x p y" using assms(4) wf_digraph.tail_and_head_eq_impl_cas by fastforce
+ then have "awalk x p y" unfolding awalk_def using assms(2,5) 1 by simp
+ then show ?thesis using reachable_awalkI by simp
+qed
+
+lemma new_leaf_reach_impl_parent:
+ assumes "y \<rightarrow>\<^sup>* v"
+ and "G = \<lparr>verts = V \<union> {v}, arcs = A \<union> {a}, tail = t(a := u), head = h(a := v)\<rparr>"
+ and "G' = \<lparr>verts = V, arcs = A, tail = t, head = h\<rparr>"
+ and "wf_digraph G'"
+ and "y \<in> V"
+ and "v \<notin> V"
+ shows "y \<rightarrow>\<^sup>* u"
+proof -
+ have "\<forall>a \<in> A. h a \<noteq> v"
+ using assms(3,4,6) wf_digraph.head_in_verts by (metis pre_digraph.select_convs(1,2,4))
+ then have 0: "\<forall>x. (x,v) \<in> arcs_ends G \<longrightarrow> x = u" using assms(2) by fastforce
+ have "v \<noteq> y" using assms(5,6) by blast
+ then have "y \<rightarrow>\<^sup>+ v" using assms(1) by blast
+ then have "\<exists>x. y \<rightarrow>\<^sup>*x \<and> x \<rightarrow>\<^bsub>G\<^esub> v"
+ by (meson reachable1_in_verts(1) reachable_conv' tranclD2)
+ then obtain x where "y \<rightarrow>\<^sup>* x \<and> x \<rightarrow>\<^bsub>G\<^esub> v" by blast
+ then show ?thesis using 0 by blast
+qed
+
+end
+
+context graph
+begin
+
+abbreviation min_degree :: "'a set \<Rightarrow> 'a \<Rightarrow> bool" where
+ "min_degree xs x \<equiv> x\<in>xs \<and> (\<forall>y\<in>xs. out_degree G x \<le> out_degree G y)"
+
+lemma graph_del_vert_sym: "sym (arcs_ends (del_vert x))"
+ by (smt (z3) wf_digraph_del_vert mem_Collect_eq reachableE sym_digraph_axioms_def arcs_del_vert
+ symmetric_conv symI wf_digraph.in_arcs_imp_in_arcs_ends head_del_vert sym_arcs tail_del_vert)
+
+lemma graph_del_vert: "graph (del_vert x)"
+ apply(standard)
+ by (auto simp: arcs_del_vert2 tail_del_vert head_del_vert verts_del_vert
+ no_loops ends_del_vert no_multi_arcs symmetric_def graph_del_vert_sym)
+
+lemma connected_iff_reachable:
+ "connected G \<longleftrightarrow> ((\<forall>x\<in>verts G. \<forall>y\<in>verts G. x \<rightarrow>\<^sup>* y) \<and> verts G \<noteq> {})"
+ using symmetric_connected_imp_strongly_connected strongly_connected_def verts_reachable_connected
+ by(blast)
+
+end
+
+context nomulti_digraph
+begin
+
+lemma no_multi_alt:
+ "\<lbrakk>e1 \<in> arcs G; e2 \<in> arcs G; e1 \<noteq> e2\<rbrakk> \<Longrightarrow> head G e1 \<noteq> head G e2 \<or> tail G e1 \<noteq> tail G e2"
+ using no_multi_arcs by(auto simp: arc_to_ends_def)
+
+end
+
+subsection \<open>Vertices with Multiple Outgoing Arcs\<close>
+
+context wf_digraph
+begin
+
+definition branching_points :: "'a set" where
+ "branching_points = {x. \<exists>y\<in>arcs G. \<exists>z\<in>arcs G. y\<noteq>z \<and> tail G y = x \<and> tail G z = x}"
+
+definition is_chain :: "bool" where
+ "is_chain = (branching_points = {})"
+
+definition last_branching_points :: "'a set" where
+ "last_branching_points = {x. (x\<in>branching_points \<and> \<not>(\<exists>y \<in> branching_points. y\<noteq>x \<and> x \<rightarrow>\<^sup>* y))}"
+
+lemma branch_in_verts: "x \<in> branching_points \<Longrightarrow> x \<in> verts G"
+ unfolding branching_points_def by auto
+
+lemma last_branch_is_branch:
+ "(y\<in>last_branching_points \<Longrightarrow> y\<in>branching_points)"
+ unfolding last_branching_points_def by blast
+
+lemma last_branch_alt: "x \<in> last_branching_points \<Longrightarrow> (\<forall>z. x \<rightarrow>\<^sup>* z \<and> z\<noteq>x \<longrightarrow> z \<notin> branching_points)"
+ unfolding last_branching_points_def by blast
+
+lemma braching_points_alt:
+ assumes "finite (arcs G)"
+ shows "x \<in> branching_points \<longleftrightarrow> out_degree G x \<ge> 2" (is "?P \<longleftrightarrow> ?Q")
+proof
+ assume "?P"
+ then obtain a1 a2 where "a1\<in>arcs G \<and> a2\<in>arcs G \<and> a1\<noteq>a2 \<and> tail G a1 = x \<and> tail G a2 = x"
+ using branching_points_def by auto
+ then have 0: "a1 \<in> out_arcs G x \<and> a2 \<in> out_arcs G x \<and> a1\<noteq>a2" by simp
+ have "finite (out_arcs G x)" by (simp add: assms out_arcs_def)
+ then show "?Q" unfolding out_degree_def using 0 two_elems_card_ge_2 by fast
+next
+ assume 0: "?Q"
+ have "finite (out_arcs G x)" by (simp add: assms out_arcs_def)
+ then have "\<exists>a1 a2. a1 \<in> (out_arcs G x) \<and> a2 \<in> (out_arcs G x) \<and> a1\<noteq>a2"
+ using 0 out_degree_def by (metis Suc_n_not_le_n card_le_Suc0_iff_eq le_trans numeral_2_eq_2)
+ then show "?P" unfolding branching_points_def by auto
+qed
+
+lemma branch_in_supergraph:
+ assumes "subgraph C G"
+ and "x \<in> wf_digraph.branching_points C"
+ shows "x \<in> branching_points"
+proof -
+ have 0: "wf_digraph C" using assms(1) Digraph_Component.subgraph_def subgraph.sub_G by auto
+ have 1: "wf_digraph G" using assms(1) subgraph.sub_G by auto
+ obtain y z where arcs_C: "y\<in>arcs C \<and> z\<in>arcs C \<and> y\<noteq>z \<and> tail C y = x \<and> tail C z = x"
+ using assms(2) wf_digraph.branching_points_def 0 by blast
+ then have "y\<in>arcs G \<and> z\<in>arcs G \<and> y\<noteq>z \<and> tail C y = x \<and> tail C z = x"
+ using assms(1) subgraph.sub_G by blast
+ then have "y\<in>arcs G \<and> z\<in>arcs G \<and> y\<noteq>z \<and> tail G y = x \<and> tail G z = x"
+ using assms(1) subgraph.sub_G compatible_def by force
+ then show ?thesis using branching_points_def assms(1) subgraph.sub_G by blast
+qed
+
+lemma subgraph_no_branch_chain:
+ assumes "subgraph C G"
+ and "verts C \<subseteq> verts G - {x. \<exists>y\<in>branching_points. x \<rightarrow>\<^sup>*\<^bsub>G\<^esub> y}"
+ shows "wf_digraph.is_chain C"
+proof (rule ccontr)
+ assume asm: "\<not>wf_digraph.is_chain C"
+ let ?rem = "{x. \<exists>y\<in>branching_points. x \<rightarrow>\<^sup>*\<^bsub>G\<^esub> y}"
+ have "wf_digraph C" using assms(1) Digraph_Component.subgraph_def subgraph.sub_G by auto
+ then obtain x where x_def[simp]: "x \<in> wf_digraph.branching_points C"
+ using wf_digraph.is_chain_def asm by blast
+ then have "x \<in> branching_points" using assms(1) branch_in_supergraph by simp
+ moreover from this have "x \<in> verts G" using branch_in_verts by simp
+ moreover from this have "x \<rightarrow>\<^sup>*\<^bsub>G\<^esub> x" by simp
+ ultimately have "x \<in> ?rem" by blast
+ then show False using assms(2) \<open>wf_digraph C\<close> subsetD wf_digraph.branch_in_verts by fastforce
+qed
+
+lemma branch_if_leaf_added:
+ assumes "x\<in>wf_digraph.branching_points G'"
+ and "G = \<lparr>verts = V \<union> {v}, arcs = A \<union> {a}, tail = t(a := u), head = h(a := v)\<rparr>"
+ and "G' = \<lparr>verts = V, arcs = A, tail = t, head = h\<rparr>"
+ and "wf_digraph G'"
+ and "a \<notin> A"
+ shows "x \<in> branching_points"
+proof -
+ obtain a1 a2 where a12: "a1\<in>arcs G' \<and> a2\<in>arcs G' \<and> a1\<noteq>a2 \<and> tail G' a1 = x \<and> tail G' a2 = x"
+ using wf_digraph.branching_points_def assms(1,4) by blast
+ then have "a1 \<noteq> a \<and> a2 \<noteq> a" using assms(3,5) by auto
+ then have 0: "tail G a1 = tail G' a1 \<and> tail G a2 = tail G' a2" using assms(2,3) by simp
+ have "a1\<in>arcs G \<and> a2\<in>arcs G \<and> a1\<noteq>a2 \<and> a1\<noteq>a2 \<and> tail G' a1 = x \<and> tail G' a2 = x"
+ using assms(2,3) a12 by simp
+ then have "a1\<in>arcs G \<and> a2\<in>arcs G \<and> a1\<noteq>a2 \<and> tail G a1 = x \<and> tail G a2 = x"
+ using 0 by simp
+ then show ?thesis unfolding branching_points_def by blast
+qed
+
+lemma new_leaf_no_branch:
+ assumes "G = \<lparr>verts = V \<union> {v}, arcs = A \<union> {a}, tail = t(a := u), head = h(a := v)\<rparr>"
+ and "G' = \<lparr>verts = V, arcs = A, tail = t, head = h\<rparr>"
+ and "wf_digraph G'"
+ and "u \<in> V"
+ and "v \<notin> V"
+ and "a \<notin> A"
+ shows "v \<notin> branching_points"
+proof -
+ have "v \<noteq> u" using assms(4,5) by fast
+ have "\<forall>a\<in>arcs G'. tail G' a \<noteq> v"
+ using assms(2,3,5) pre_digraph.select_convs(1) wf_digraph_def by fast
+ moreover have "\<forall>x \<in> arcs G'. tail G x = tail G' x" using assms(1,2,6) by simp
+ ultimately have "\<forall>a\<in>arcs G'. tail G a \<noteq> v" by simp
+ then have "\<forall>a\<in>arcs G. tail G a \<noteq> v"
+ using assms(1,2,6) Un_iff pre_digraph.select_convs(2) singletonD \<open>v \<noteq> u\<close> by simp
+ then show ?thesis unfolding branching_points_def by blast
+qed
+
+lemma new_leaf_not_reach_last_branch:
+ assumes "y\<in>wf_digraph.last_branching_points G'"
+ and "\<not> y \<rightarrow>\<^sup>* u"
+ and "G = \<lparr>verts = V \<union> {v}, arcs = A \<union> {a}, tail = t(a := u), head = h(a := v)\<rparr>"
+ and "G' = \<lparr>verts = V, arcs = A, tail = t, head = h\<rparr>"
+ and "wf_digraph G'"
+ and "y \<in> V"
+ and "u \<in> V"
+ and "v \<notin> V"
+ and "a \<notin> A"
+ and "finite (arcs G)"
+ shows "\<not>(\<exists>z \<in> branching_points. z\<noteq>y \<and> y \<rightarrow>\<^sup>* z)"
+proof
+ assume "\<exists>z \<in> branching_points. z\<noteq>y \<and> y \<rightarrow>\<^sup>* z"
+ then obtain z where z_def: "z \<in> branching_points \<and> z\<noteq>y \<and> y \<rightarrow>\<^sup>* z" by blast
+ then have "z \<noteq> u" using assms(2) by blast
+ then obtain a1 a2 where a12: "a1\<in>arcs G \<and> a2\<in>arcs G \<and> a1\<noteq>a2 \<and> tail G a1 = z \<and> tail G a2 = z"
+ using branching_points_def z_def by blast
+ then have 0: "a1 \<noteq> a \<and> a2 \<noteq> a" using assms(3) \<open>z\<noteq>u\<close> by fastforce
+ then have 1: "tail G a1 = tail G' a1 \<and> tail G a2 = tail G' a2" using assms(3,4) by simp
+ have "a1\<in>arcs G' \<and> a2\<in>arcs G' \<and> a1\<noteq>a2 \<and> tail G a1 = z \<and> tail G a2 = z"
+ using assms(3,4) a12 0 by simp
+ then have "a1\<in>arcs G' \<and> a2\<in>arcs G' \<and> a1\<noteq>a2 \<and> tail G' a1 = z \<and> tail G' a2 = z"
+ using 1 by simp
+ then have 2: "z \<in> wf_digraph.branching_points G'"
+ using wf_digraph.branching_points_def assms(5) by auto
+ have "z \<noteq> v" using assms(2,3,4,5,6,8) z_def new_leaf_reach_impl_parent by blast
+ then have "y \<rightarrow>\<^sup>*\<^bsub>G'\<^esub> z" using new_leaf_same_reachables_orig z_def assms by blast
+ then have "\<exists>z\<in>wf_digraph.branching_points G'. z\<noteq>y \<and> y \<rightarrow>\<^sup>*\<^bsub>G'\<^esub> z" using 2 z_def by blast
+ then have "y \<notin> wf_digraph.last_branching_points G'"
+ using wf_digraph.last_branching_points_def assms(5) by blast
+ then show False using assms(1) by simp
+qed
+
+lemma new_leaf_parent_nbranch_in_orig:
+ assumes "y\<in>branching_points"
+ and "y \<noteq> u"
+ and "G = \<lparr>verts = V \<union> {v}, arcs = A \<union> {a}, tail = t(a := u), head = h(a := v)\<rparr>"
+ and "G' = \<lparr>verts = V, arcs = A, tail = t, head = h\<rparr>"
+ and "wf_digraph G'"
+ shows "y\<in>wf_digraph.branching_points G'"
+proof -
+ obtain a1 a2 where a12: "a1\<in>arcs G \<and> a2\<in>arcs G \<and> a1\<noteq>a2 \<and> tail G a1 = y \<and> tail G a2 = y"
+ using branching_points_def assms(1) by blast
+ then have 0: "a1 \<noteq> a \<and> a2 \<noteq> a" using assms(2,3) by fastforce
+ then have 1: "tail G a1 = tail G' a1 \<and> tail G a2 = tail G' a2" using assms(3,4) by simp
+ have "a1\<in>arcs G' \<and> a2\<in>arcs G' \<and> a1\<noteq>a2 \<and> tail G a1 = y \<and> tail G a2 = y"
+ using assms(3,4) a12 0 by auto
+ then have "a1\<in>arcs G' \<and> a2\<in>arcs G' \<and> a1\<noteq>a2 \<and> tail G' a1 = y \<and> tail G' a2 = y"
+ using 1 by simp
+ then show ?thesis using assms(5) wf_digraph.branching_points_def by auto
+qed
+
+lemma new_leaf_last_branch_exists_preserv:
+ assumes "y\<in>wf_digraph.last_branching_points G'"
+ and "x \<rightarrow>\<^sup>* y"
+ and "G = \<lparr>verts = V \<union> {v}, arcs = A \<union> {a}, tail = t(a := u), head = h(a := v)\<rparr>"
+ and "G' = \<lparr>verts = V, arcs = A, tail = t, head = h\<rparr>"
+ and "wf_digraph G'"
+ and "y \<in> V"
+ and "u \<in> V"
+ and "v \<notin> V"
+ and "a \<notin> A"
+ and "finite (arcs G)"
+ and "\<forall>x. y \<rightarrow>\<^sup>+ x \<longrightarrow> y\<noteq>x"
+ obtains y' where "y'\<in>last_branching_points \<and> x \<rightarrow>\<^sup>* y'"
+proof (cases "y \<rightarrow>\<^sup>* u")
+ case True
+ have "y \<in> wf_digraph.branching_points G'"
+ using assms(1,5) wf_digraph.last_branch_is_branch by fast
+ then have y_branch: "y \<in> branching_points" using branch_if_leaf_added assms(3-5,9) by blast
+ have v_nbranch: "v \<notin> branching_points" using new_leaf_no_branch assms(3-5,7-9) by blast
+ then show ?thesis
+ proof(cases "u \<in> branching_points")
+ case True
+ have "\<not>(\<exists>z \<in> branching_points. z\<noteq>u \<and> u \<rightarrow>\<^sup>* z)"
+ proof
+ assume "\<exists>z \<in> branching_points. z\<noteq>u \<and> u \<rightarrow>\<^sup>* z"
+ then obtain z where z_def: "z \<in> branching_points \<and> z\<noteq>u \<and> u \<rightarrow>\<^sup>* z" by blast
+ then have "z \<noteq> v" using v_nbranch by blast
+ then have "u \<rightarrow>\<^sup>*\<^bsub>G'\<^esub> z"
+ using new_leaf_same_reachables_orig assms(3-5,7-10) z_def by blast
+ moreover have "y \<rightarrow>\<^sup>*\<^bsub>G'\<^esub> u"
+ using new_leaf_same_reachables_orig \<open>y \<rightarrow>\<^sup>* u\<close> assms(3-10) by blast
+ ultimately have 0: "y \<rightarrow>\<^sup>*\<^bsub>G'\<^esub> z"
+ using assms(5) wf_digraph.reachable_trans by fast
+ have "y \<rightarrow>\<^sup>+ z"
+ using \<open>y \<rightarrow>\<^sup>* u\<close> z_def reachable_reachable1_trans reachable_neq_reachable1 by blast
+ then have "y \<noteq> z" using assms(11) by simp
+ have "z \<in> wf_digraph.branching_points G'"
+ using z_def new_leaf_parent_nbranch_in_orig assms(3-5) by blast
+ then have "y \<notin> wf_digraph.last_branching_points G'"
+ using 0 assms(5) wf_digraph.last_branch_alt \<open>y \<noteq> z\<close> by fast
+ then show False using assms(1) by simp
+ qed
+ then have "u \<in> last_branching_points" unfolding last_branching_points_def using True by blast
+ then show ?thesis using assms(2) \<open>y \<rightarrow>\<^sup>* u\<close> reachable_trans that by blast
+ next
+ case False
+ have "\<not>(\<exists>z \<in> branching_points. z\<noteq>y \<and> y \<rightarrow>\<^sup>* z)"
+ proof
+ assume "\<exists>z \<in> branching_points. z\<noteq>y \<and> y \<rightarrow>\<^sup>* z"
+ then obtain z where z_def: "z \<in> branching_points \<and> z\<noteq>y \<and> y \<rightarrow>\<^sup>* z" by blast
+ then have "z \<noteq> v" using v_nbranch by blast
+ then have 0: "y \<rightarrow>\<^sup>*\<^bsub>G'\<^esub> z"
+ using new_leaf_same_reachables_orig assms(3-10) z_def by blast
+ have "z \<noteq> u" using False z_def by blast
+ then have "z \<in> wf_digraph.branching_points G'"
+ using z_def new_leaf_parent_nbranch_in_orig assms(3-5) by blast
+ then have "y \<notin> wf_digraph.last_branching_points G'"
+ using 0 z_def assms(5) wf_digraph.last_branch_alt by fast
+ then show False using assms(1) by simp
+ qed
+ then have "y \<in> last_branching_points" using last_branching_points_def y_branch by simp
+ then show ?thesis using assms(2) that by blast
+ qed
+next
+ case False
+ have "y \<in> wf_digraph.branching_points G'"
+ using assms(1,5) wf_digraph.last_branch_is_branch by fast
+ then have "y \<in> branching_points" using branch_if_leaf_added assms(3-5,9) by blast
+ moreover have "\<not>(\<exists>z \<in> branching_points. z\<noteq>y \<and> y \<rightarrow>\<^sup>* z)"
+ using new_leaf_not_reach_last_branch assms(1,3-10) False by blast
+ ultimately have "y \<in> last_branching_points" unfolding last_branching_points_def by blast
+ then show ?thesis using assms(2) that by blast
+qed
+
+end
+
+subsection \<open>Vertices with Multiple Incoming Arcs\<close>
+
+context wf_digraph
+begin
+
+definition merging_points :: "'a set" where
+ "merging_points = {x. \<exists>y\<in>arcs G. \<exists>z\<in>arcs G. y\<noteq>z \<and> head G y = x \<and> head G z = x}"
+
+definition is_chain' :: "bool" where
+ "is_chain' = (merging_points = {})"
+
+definition last_merging_points :: "'a set" where
+ "last_merging_points = {x. (x\<in>merging_points \<and> \<not>(\<exists>y \<in> merging_points. y\<noteq>x \<and> x \<rightarrow>\<^sup>* y))}"
+
+lemma merge_in_verts: "x \<in> merging_points \<Longrightarrow> x \<in> verts G"
+ unfolding merging_points_def by auto
+
+lemma last_merge_is_merge:
+ "(y\<in>last_merging_points \<Longrightarrow> y\<in>merging_points)"
+ unfolding last_merging_points_def by blast
+
+lemma last_merge_alt: "x \<in> last_merging_points \<Longrightarrow> (\<forall>z. x \<rightarrow>\<^sup>* z \<and> z\<noteq>x \<longrightarrow> z \<notin> merging_points)"
+ unfolding last_merging_points_def using reachable_in_verts(2) by blast
+
+lemma merge_in_supergraph:
+ assumes "subgraph C G"
+ and "x \<in> wf_digraph.merging_points C"
+ shows "x \<in> merging_points"
+proof -
+ have 0: "wf_digraph C" using assms(1) Digraph_Component.subgraph_def subgraph.sub_G by auto
+ have 1: "wf_digraph G" using assms(1) subgraph.sub_G by auto
+ obtain y z where arcs_C: "y\<in>arcs C \<and> z\<in>arcs C \<and> y\<noteq>z \<and> head C y = x \<and> head C z = x"
+ using assms(2) wf_digraph.merging_points_def 0 by blast
+ then have "y\<in>arcs G \<and> z\<in>arcs G \<and> y\<noteq>z \<and> head C y = x \<and> head C z = x"
+ using assms(1) subgraph.sub_G by blast
+ then have "y\<in>arcs G \<and> z\<in>arcs G \<and> y\<noteq>z \<and> head G y = x \<and> head G z = x"
+ using assms(1) subgraph.sub_G compatible_def by force
+ then show ?thesis using merging_points_def assms(1) subgraph.sub_G by blast
+qed
+
+lemma subgraph_no_merge_chain:
+ assumes "subgraph C G"
+ and "verts C \<subseteq> verts G - {x. \<exists>y\<in>merging_points. x \<rightarrow>\<^sup>*\<^bsub>G\<^esub> y}"
+ shows "wf_digraph.is_chain' C"
+proof (rule ccontr)
+ assume asm: "\<not>wf_digraph.is_chain' C"
+ let ?rem = "{x. \<exists>y\<in>merging_points. x \<rightarrow>\<^sup>*\<^bsub>G\<^esub> y}"
+ have "wf_digraph C" using assms(1) Digraph_Component.subgraph_def subgraph.sub_G by auto
+ then obtain x where x_def[simp]: "x \<in> wf_digraph.merging_points C"
+ using wf_digraph.is_chain'_def asm by blast
+ then have "x \<in> merging_points" using assms(1) merge_in_supergraph by simp
+ moreover from this have "x \<in> verts G" using merge_in_verts by simp
+ moreover from this have "x \<rightarrow>\<^sup>*\<^bsub>G\<^esub> x" by simp
+ ultimately have "x \<in> ?rem" by blast
+ then show False using assms(2) \<open>wf_digraph C\<close> subsetD wf_digraph.merge_in_verts by fastforce
+qed
+
+end
+
+end
\ No newline at end of file
diff --git a/thys/Query_Optimization/Graph_Definitions.thy b/thys/Query_Optimization/Graph_Definitions.thy
new file mode 100644
--- /dev/null
+++ b/thys/Query_Optimization/Graph_Definitions.thy
@@ -0,0 +1,534 @@
+theory Graph_Definitions
+ imports "Graph_Theory.Digraph_Component" "Graph_Theory.Shortest_Path"
+ "Misc" "Graph_Theory_Batteries"
+begin
+
+context wf_digraph
+begin
+
+section \<open>K-neighborhood definition\<close>
+definition k_neighborhood :: "'b weight_fun \<Rightarrow> 'a \<Rightarrow> real \<Rightarrow> 'a set" where
+ "k_neighborhood w v k = {u \<in> verts G. \<mu> w v u \<le> k } - {v}"
+
+lemma k_nh_reachable: "u \<in> k_neighborhood w v k \<Longrightarrow> v \<rightarrow>\<^sup>* u"
+ unfolding k_neighborhood_def
+ using shortest_path_inf by fastforce
+
+lemma source_nmem_k_nh: "v \<notin> k_neighborhood w v k"
+ unfolding k_neighborhood_def by simp
+
+section \<open>Diameter and finite diameter\<close>
+text \<open>
+The diameter is defined as the longest shortest path in the corresponding graph. If there is no path
+between any two vertices in the graph, then the diameter is infinite.
+We also make use of the notion of a @{text fin_diameter} which only considers the shortest path
+between connected nodes.
+\<close>
+
+definition sp_costs :: "'b weight_fun \<Rightarrow> ereal set" where
+ "sp_costs f = {c | u v c. u \<in> verts G \<and> v \<in> verts G \<and> \<mu> f u v = c}"
+
+definition diameter :: "'b weight_fun \<Rightarrow> ereal" where
+ "diameter f = Sup (sp_costs f)"
+
+definition fin_sp_costs :: "'b weight_fun \<Rightarrow> ereal set" where
+ "fin_sp_costs f = {c | u v c. u \<in> verts G \<and> v \<in> verts G \<and> \<mu> f u v = c \<and> c < \<infinity>}"
+
+definition fin_diameter :: "'b weight_fun \<Rightarrow> ereal" where
+ "fin_diameter f = Sup (fin_sp_costs f)"
+
+
+subsection \<open>In general graphs\<close>
+
+lemma empty_imp_dia_minf: "verts G = {} \<Longrightarrow> diameter w = -\<infinity>"
+ unfolding diameter_def sp_costs_def
+ by (simp add: bot_ereal_def)
+
+lemma empty_imp_fin_dia_minf: "verts G = {} \<Longrightarrow> fin_diameter w = -\<infinity>"
+ unfolding fin_diameter_def fin_sp_costs_def
+ by (simp add: bot_ereal_def)
+
+lemma dia_eq_fin_dia_if_finite: "diameter f < \<infinity> \<Longrightarrow> diameter f = fin_diameter f"
+proof -
+ assume "diameter f < \<infinity>"
+ then have "\<infinity> \<notin> sp_costs f"
+ unfolding diameter_def using Sup_eq_PInfty by auto
+ then have "sp_costs f = fin_sp_costs f"
+ unfolding sp_costs_def fin_sp_costs_def by auto
+ then show ?thesis
+ unfolding diameter_def fin_diameter_def by simp
+qed
+
+lemma fin_dia_lowerB: "\<lbrakk> u \<in> verts G; v \<in> verts G; \<mu> w u v < \<infinity>\<rbrakk>
+ \<Longrightarrow> fin_diameter w \<ge> \<mu> w u v"
+ unfolding fin_diameter_def fin_sp_costs_def
+ by (metis (mono_tags, lifting) Sup_upper mem_Collect_eq)
+
+lemma dia_lowerB: "\<lbrakk> u \<in> verts G; v \<in> verts G \<rbrakk>
+ \<Longrightarrow> diameter w \<ge> \<mu> w u v"
+ unfolding diameter_def sp_costs_def
+ by (metis (mono_tags, lifting) Sup_upper mem_Collect_eq)
+
+
+subsection \<open>In finite graphs\<close>
+
+lemma (in fin_digraph) sp_costs_finite: "finite (sp_costs f)"
+ unfolding sp_costs_def by auto
+
+lemma (in fin_digraph) fin_sp_costs_finite: "finite (fin_sp_costs f)"
+ unfolding fin_sp_costs_def by auto
+
+lemma (in fin_digraph) ex_sp_eq_dia:
+ "verts G \<noteq> {} \<Longrightarrow> \<exists>u \<in> verts G. \<exists>v \<in> verts G. \<mu> f u v = diameter f"
+proof -
+ assume "verts G \<noteq> {}"
+ then have "sp_costs f \<noteq> {}"
+ unfolding sp_costs_def using \<mu>_reach_conv by fastforce
+
+ with sp_costs_finite have "\<exists>c \<in> sp_costs f. c = diameter f"
+ by (simp add: Sup_in_set diameter_def)
+ then show "?thesis" unfolding diameter_def
+ unfolding sp_costs_def by auto
+qed
+
+text \<open>Analogous to the proof of @{thm fin_digraph.ex_sp_eq_dia}.\<close>
+lemma (in fin_digraph) ex_sp_eq_fin_dia:
+ "verts G \<noteq> {} \<Longrightarrow> \<exists>u \<in> verts G. \<exists>v \<in> verts G. \<mu> f u v = fin_diameter f"
+proof -
+ assume "verts G \<noteq> {}"
+ then have "fin_sp_costs f \<noteq> {}"
+ unfolding fin_sp_costs_def using \<mu>_reach_conv by fastforce
+
+ with fin_sp_costs_finite have "\<exists>c \<in> fin_sp_costs f. c = fin_diameter f"
+ by (simp add: Sup_in_set fin_diameter_def)
+ then show "?thesis" unfolding fin_diameter_def
+ unfolding fin_sp_costs_def by auto
+qed
+
+
+lemma (in fin_digraph) fin_diameter_finite: "fin_diameter f < \<infinity>"
+proof(rule ccontr)
+ fix f assume dia_infty: "\<not> fin_diameter f < \<infinity>"
+
+ then have infty_cont: "\<infinity> \<in> fin_sp_costs f" if *: "fin_sp_costs f \<noteq> {}"
+ unfolding fin_diameter_def using *
+ by (metis ereal_infty_less(1) fin_sp_costs_finite infinite_growing less_Sup_iff)
+
+ then show "False"
+ proof(cases "fin_sp_costs f = {}")
+ case True
+ then have "fin_diameter f = -\<infinity>"
+ unfolding fin_diameter_def by (simp add: bot_ereal_def)
+ with dia_infty show ?thesis by simp
+ next
+ case False
+ from infty_cont[OF this] dia_infty show ?thesis
+ unfolding fin_diameter_def fin_sp_costs_def by auto
+ qed
+qed
+
+lemma (in fin_digraph) ex_min_apath_eq_fin_dia:
+ "\<lbrakk> verts G \<noteq> {}; \<forall>e \<in> arcs G. f e \<ge> 0 \<rbrakk>
+ \<Longrightarrow> \<exists>u \<in> verts G. \<exists>v \<in> verts G. \<exists>p. apath u p v \<and> awalk_cost f p = fin_diameter f"
+proof -
+ assume "verts G \<noteq> {}" and w_non_neg: "\<forall>e \<in> arcs G. f e \<ge> 0"
+ from ex_sp_eq_fin_dia[OF this(1)] obtain u v
+ where u_v: "u \<in> verts G" "v \<in> verts G" and sp_eq_dia: "\<mu> f u v = fin_diameter f"
+ by blast
+ from sp_eq_dia have "\<mu> f u v < \<infinity>" using fin_diameter_finite by auto
+ then have "u \<rightarrow>\<^sup>* v" using \<mu>_reach_conv by blast
+ from min_cost_awalk[OF this] w_non_neg obtain p
+ where "apath u p v" "\<mu> f u v = awalk_cost f p"
+ by auto
+ with u_v sp_eq_dia show ?thesis by auto
+qed
+
+subsection \<open>Relation between diameter and finite diameter\<close>
+
+theorem dia_eq_fin_dia_if_strongly_con: "strongly_connected G \<Longrightarrow> diameter = fin_diameter"
+proof
+ fix f assume strongly_con: "strongly_connected G"
+ then have "\<infinity> \<notin> sp_costs f"
+ unfolding sp_costs_def using \<mu>_reach_conv by auto
+ then have "sp_costs f = fin_sp_costs f"
+ unfolding fin_sp_costs_def sp_costs_def by auto
+ then show "diameter f = fin_diameter f"
+ unfolding diameter_def fin_diameter_def by auto
+qed
+
+end
+
+section \<open>N-nearest vertices\<close>
+text \<open>
+The definition of @{text n_nearest_verts} is used to formalize the abstract behaviour of the
+Dijkstra algorithm which iteratively visits the nearest undiscovered vertex until all
+vertices are discovered.
+\<close>
+context wf_digraph begin
+
+definition unvisited_verts :: "'a \<Rightarrow> 'a set \<Rightarrow> 'a set" where
+"unvisited_verts u U = {x. x \<in> verts G - U \<and> u \<rightarrow>\<^sup>* x}"
+
+definition nearest_vert :: "'b weight_fun \<Rightarrow> 'a \<Rightarrow> 'a set \<Rightarrow> 'a" where
+"nearest_vert w u U =
+ (SOME x. x \<in> unvisited_verts u U \<and> (\<forall>y \<in> unvisited_verts u U. \<mu> w u y \<ge> \<mu> w u x))"
+
+inductive n_nearest_verts :: "'b weight_fun \<Rightarrow> 'a \<Rightarrow> nat \<Rightarrow> 'a set \<Rightarrow> bool"
+ where
+zero_nnvs: "u \<in> verts G \<Longrightarrow> n_nearest_verts _ u 0 {u}" |
+n_nnvs_unvis: "\<lbrakk> n_nearest_verts w u n U; unvisited_verts u U \<noteq> {}\<rbrakk>
+ \<Longrightarrow> n_nearest_verts w u (Suc n) (insert (nearest_vert w u U) U)" |
+n_nnvs_vis: "\<lbrakk> n_nearest_verts w u n U; unvisited_verts u U = {} \<rbrakk>
+ \<Longrightarrow> n_nearest_verts w u (Suc n) U"
+
+inductive_cases nnvs_ind_cases: "n_nearest_verts w u n U"
+thm nnvs_ind_cases
+
+
+subsection \<open>In general graphs\<close>
+
+lemma source_mem_nnvs: "n_nearest_verts w u n U \<Longrightarrow> u \<in> verts G"
+ by (induction rule: n_nearest_verts.induct) auto
+
+lemma unvis_insert: "unvisited_verts u (insert x U) = (unvisited_verts u U) - {x}"
+ unfolding unvisited_verts_def by auto
+
+lemma disj_unvis_vis: "unvisited_verts u U \<inter> U = {}"
+ unfolding unvisited_verts_def by auto
+
+lemma nnvs_finite: "n_nearest_verts w u n U \<Longrightarrow> finite U"
+ by (induction rule: n_nearest_verts.induct) auto
+
+lemma nnvs_card_le_n: "n_nearest_verts w u n U \<Longrightarrow> card U \<le> Suc n"
+ by (induction rule: n_nearest_verts.induct) (auto simp: card_insert_le_m1)
+
+lemma nnvs_mem: "n_nearest_verts w u n U \<Longrightarrow> u \<in> U"
+ by (induction rule: n_nearest_verts.induct) auto
+
+lemma unvis_empty: "unvisited_verts u {a. u \<rightarrow>\<^sup>* a} = {}"
+ unfolding unvisited_verts_def by auto
+
+end
+
+subsection \<open>In finite graphs\<close>
+context fin_digraph begin
+
+lemma k_nh_finite: "finite (k_neighborhood w v k)"
+ unfolding k_neighborhood_def using finite_verts by force
+
+lemma unvis_finite: "finite (unvisited_verts u U)"
+ unfolding unvisited_verts_def using finite_verts by auto
+
+lemma ex_unvis_vert:"\<lbrakk> unvisited_verts u U \<noteq> {} \<rbrakk> \<Longrightarrow>
+ \<exists>x \<in> unvisited_verts u U. (\<forall>y \<in> unvisited_verts u U. \<mu> w u y \<ge> \<mu> w u x)"
+ unfolding nearest_vert_def using unvis_finite
+proof(induction "unvisited_verts u U" arbitrary: u U rule: finite_induct)
+ case (insert x F)
+ then have "F = unvisited_verts u U - {x}"
+ by auto
+ then have F: "F = unvisited_verts u (insert x U)"
+ using unvis_insert[symmetric] by simp
+
+ show ?case
+ proof(cases "unvisited_verts u (insert x U) = {}")
+ case True
+ with insert.prems show ?thesis using unvis_insert by auto
+ next
+ case False
+ from insert(3)[OF F this] obtain x' where "x' \<in> unvisited_verts u (insert x U)"
+ and "\<forall>y\<in>unvisited_verts u (insert x U). \<mu> w u x' \<le> \<mu> w u y" by blast
+ note x' = this
+
+ show ?thesis
+ proof(cases "\<mu> w u x' \<le> \<mu> w u x")
+ case True
+ from x' F insert.hyps(4) have "x' \<in> unvisited_verts u U" by blast
+ moreover
+ have "\<forall>y \<in> unvisited_verts u U. \<mu> w u x' \<le> \<mu> w u y"
+ using F True insert.hyps(4) x' by auto
+ ultimately show ?thesis by blast
+ next
+ case False
+ with x' have "\<forall>y \<in> unvisited_verts u (insert x U). \<mu> w u x \<le> \<mu> w u y"
+ by fastforce
+ with F insert.hyps(4) have "\<forall>y \<in> unvisited_verts u U. \<mu> w u x \<le> \<mu> w u y"
+ by fastforce
+ with insert.hyps(4) show ?thesis by blast
+ qed
+ qed
+qed blast
+
+lemma some_unvis_vert:
+ fixes x
+ assumes "unvisited_verts u U \<noteq> {}" and "x = nearest_vert w u U"
+ shows "x \<in> unvisited_verts u U"
+ and "\<forall>y \<in> unvisited_verts u U. \<mu> w u y \<ge> \<mu> w u x"
+proof -
+ define nv where "nv \<equiv> \<lambda>x. x \<in> unvisited_verts u U
+ \<and> (\<forall>y\<in>unvisited_verts u U. \<mu> w u x \<le> \<mu> w u y)"
+
+ from ex_unvis_vert[OF assms(1)]
+ obtain x' where "nv x'" unfolding nv_def
+ by blast
+ then have "nv (SOME x. nv x)" using some_eq_ex by blast
+ with assms(2) have "nv x" unfolding nearest_vert_def nv_def by blast
+ then show
+ "x \<in> unvisited_verts u U" and
+ "\<forall>y \<in> unvisited_verts u U. \<mu> w u y \<ge> \<mu> w u x"
+ unfolding nv_def by blast+
+qed
+
+lemma nearest_vert_unvis: "unvisited_verts u U \<noteq> {}
+ \<Longrightarrow> nearest_vert w u U \<in> unvisited_verts u U"
+ using some_unvis_vert by simp
+
+lemma nearest_vert_not_mem: "unvisited_verts u U \<noteq> {}
+ \<Longrightarrow> nearest_vert w u U \<notin> U"
+ using disj_unvis_vis some_unvis_vert(1) by fastforce
+
+lemma nearest_vert_reachable: "unvisited_verts u U \<noteq> {}
+ \<Longrightarrow> u \<rightarrow>\<^sup>* nearest_vert w u U"
+ using some_unvis_vert(1) unvisited_verts_def by auto
+
+lemma nnvs_card_ge_n: "\<lbrakk> n_nearest_verts w u n U; unvisited_verts u U \<noteq> {} \<rbrakk>
+ \<Longrightarrow> card U \<ge> Suc n"
+proof(induction rule: n_nearest_verts.induct)
+ case (n_nnvs_unvis w u n U)
+ have "nearest_vert w u U \<notin> U"
+ using nearest_vert_unvis[OF n_nnvs_unvis.hyps(2)] disj_unvis_vis by auto
+ then have "card (insert (nearest_vert w u U) U) = Suc (card U)"
+ using n_nnvs_unvis.hyps(1) nnvs_finite by auto
+ with n_nnvs_unvis.IH[OF n_nnvs_unvis.hyps(2)] show ?case by simp
+qed simp_all
+
+corollary nnvs_card_eq_n: "\<lbrakk> n_nearest_verts w u n U; unvisited_verts u U \<noteq> {} \<rbrakk>
+ \<Longrightarrow> card U = Suc n"
+ using nnvs_card_le_n nnvs_card_ge_n le_antisym by blast
+
+
+subsubsection \<open>Reachability and n-nearest vertices\<close>
+
+lemma reachable_subs_nnvs: "\<lbrakk> u \<in> verts G; Suc n \<le> card {x. u \<rightarrow>\<^sup>* x} \<rbrakk>
+ \<Longrightarrow> \<exists>A \<subseteq> {x. u \<rightarrow>\<^sup>* x}. card A = Suc n \<and> n_nearest_verts w u n A"
+proof(induction n)
+ case 0
+ then have "{u} \<subseteq> {x. u \<rightarrow>\<^sup>* x}" by simp
+ with zero_nnvs[OF \<open>u \<in> verts G\<close>] show ?case
+ by (metis card_Suc_eq card.empty empty_iff)
+next
+ case (Suc n)
+ from Suc.IH[OF Suc.prems(1)] obtain A
+ where "A \<subseteq> {a. u \<rightarrow>\<^sup>* a}" and "card A = Suc n" and "n_nearest_verts w u n A"
+ using Suc.prems(2) Suc_leD by blast
+ note A = this
+
+ show ?case
+ proof(cases "Suc n = card {a. u \<rightarrow>\<^sup>* a}")
+ case True
+ with A Suc.prems(2) show ?thesis by linarith
+ next
+ case False
+ with Suc.prems(2) have "Suc n < card {a. u \<rightarrow>\<^sup>* a}" by simp
+ with A have "\<exists>x \<in> {a. u \<rightarrow>\<^sup>* a}. x \<notin> A"
+ using subset_antisym by fastforce
+ then have unvis_non_empty: "unvisited_verts u A \<noteq> {}"
+ unfolding unvisited_verts_def using reachable_in_verts(2) by auto
+
+ let ?A' = "insert (nearest_vert w u A) A"
+
+ note n_nnvs_unvis[OF A(3) unvis_non_empty]
+ moreover
+ from A(1) have "?A' \<subseteq> {a. u \<rightarrow>\<^sup>* a}"
+ using some_unvis_vert[OF unvis_non_empty]
+ by (simp add: unvisited_verts_def)
+ moreover
+ note nearest_vert_not_mem[OF unvis_non_empty]
+ with A(2) card.insert[OF nnvs_finite[OF A(3)]] nnvs_finite
+ have "card ?A' = Suc (Suc n)" by auto
+
+ ultimately show ?thesis by blast
+ qed
+qed
+
+corollary all_reachable_eq_nnvs: "\<lbrakk> U = {x. u \<rightarrow>\<^sup>* x}; card U = Suc n \<rbrakk>
+ \<Longrightarrow> n_nearest_verts w u n U"
+ using reachable_subs_nnvs reachable_verts_finite reachable_in_verts(1)
+ by (metis card_Suc_eq card_subset_eq insertI1 le_Suc_eq mem_Collect_eq)
+
+lemma all_reachable_eq_nnvs_Suc:
+ assumes "u \<in> verts G" and "U = {x. u \<rightarrow>\<^sup>* x}" and "Suc n \<ge> card U"
+ shows "n_nearest_verts w u n U"
+proof -
+ note * = all_reachable_eq_nnvs le_Suc_eq
+ show ?thesis using assms
+ proof(induction n)
+ case 0
+ then show ?case using * reachable_verts_finite by auto
+ next
+ case (Suc n)
+ then show ?case using * n_nnvs_vis unvis_empty by auto
+ qed
+qed
+
+
+lemma nnvs_imp_reachable:"\<lbrakk> n_nearest_verts w u n A; Suc n \<le> card {x. u \<rightarrow>\<^sup>* x} \<rbrakk>
+ \<Longrightarrow> A \<subseteq> {x. u \<rightarrow>\<^sup>* x} \<and> card A = Suc n"
+proof(induction rule: n_nearest_verts.induct)
+ case (zero_nnvs u)
+ then show ?case using nearest_vert_reachable by simp
+next
+ case (n_nnvs_unvis w u n U)
+ then show ?case using nearest_vert_reachable
+ by (simp add: nearest_vert_not_mem nnvs_finite)
+next
+ case (n_nnvs_vis w u n U)
+ from n_nnvs_vis.hyps(2) have "{a. u \<rightarrow>\<^sup>* a} \<subseteq> U"
+ unfolding unvisited_verts_def using reachable_in_verts(2) by auto
+ moreover
+ from n_nnvs_vis have "U \<subseteq> {a. u \<rightarrow>\<^sup>* a}"
+ using Suc_leD by blast
+ ultimately show ?case
+ using n_nnvs_vis by auto
+qed
+
+corollary nnvs_imp_all_reachable:
+ "\<lbrakk> n_nearest_verts w u n U; Suc n = card {x. u \<rightarrow>\<^sup>* x} \<rbrakk>
+ \<Longrightarrow> U = {x. u \<rightarrow>\<^sup>* x}"
+ using nnvs_imp_reachable
+ by (simp add: card_subset_eq reachable_verts_finite)
+
+lemma nnvs_imp_all_reachable_Suc:
+ assumes "n_nearest_verts w u n U" "Suc n \<ge> card {x. u \<rightarrow>\<^sup>* x}"
+ shows "U = {x. u \<rightarrow>\<^sup>* x}"
+ using assms
+proof(induction rule: n_nearest_verts.induct)
+ case (zero_nnvs u)
+ have u_mem: "u \<in> {a. u \<rightarrow>\<^sup>* a}" by (simp add: zero_nnvs.hyps)
+ moreover
+ from u_mem have "card {a. u \<rightarrow>\<^sup>* a} = 1"
+ using le_Suc_eq reachable_verts_finite zero_nnvs.prems by force
+ ultimately show ?case by (metis card_1_singletonE singletonD)
+next
+ case (n_nnvs_unvis w u n U)
+ then show ?case
+ by (metis le_Suc_eq n_nearest_verts.n_nnvs_unvis
+ nnvs_imp_all_reachable unvis_empty)
+next
+ case (n_nnvs_vis w u n U)
+ then show ?case
+ by (metis le_Suc_eq n_nearest_verts.n_nnvs_vis
+ nnvs_imp_all_reachable)
+qed
+
+lemma nnvs_subs_verts: "n_nearest_verts w u n U \<Longrightarrow> U \<subseteq> verts G"
+proof(induction rule: n_nearest_verts.induct)
+ case (n_nnvs_unvis w u n U)
+ then have "nearest_vert w u U \<in> unvisited_verts u U"
+ by (simp add: nearest_vert_unvis)
+ then have "nearest_vert w u U \<in> verts G"
+ unfolding unvisited_verts_def by simp
+ with n_nnvs_unvis show ?case by blast
+qed auto
+
+subsubsection \<open>Relation between n-nearest vertices and k-neighborhood\<close>
+
+
+lemma unvis_nearest_vert_contr:
+ "\<lbrakk> n_nearest_verts w u n U; x \<in> U; x \<noteq> u; y \<in> unvisited_verts u U; \<mu> w u y < \<mu> w u x \<rbrakk>
+ \<Longrightarrow> False"
+proof(induction rule: n_nearest_verts.induct)
+ case (n_nnvs_unvis w u n U)
+ then obtain x where x: "x \<in> insert (nearest_vert w u U) U - {u}"
+ "\<exists>y\<in>unvisited_verts u (insert (nearest_vert w u U) U). \<mu> w u y < \<mu> w u x" by blast
+ then show ?case
+ proof(cases "x = nearest_vert w u U")
+ case True
+ with n_nnvs_unvis x show ?thesis
+ using some_unvis_vert unvis_insert by (metis DiffD1 not_le)
+ next
+ case False
+ with n_nnvs_unvis x show ?thesis
+ using unvis_insert by (auto, metis not_le some_unvis_vert(2))
+ qed
+qed blast
+
+lemma nnvs_subs_k_nh:
+ assumes nnvs: "n_nearest_verts w u n U"
+ and card_N: "card (k_neighborhood w u k) \<ge> n"
+ shows "U - {u} \<subseteq> k_neighborhood w u k"
+proof -
+ from nnvs_card_le_n[OF nnvs] have card_U: "card (U - {u}) \<le> n"
+ using nnvs_mem[OF nnvs] nnvs_finite[OF nnvs] by auto
+ show ?thesis
+ proof(rule ccontr, auto, rule ccontr)
+ fix x assume x: "x \<in> U" "x \<notin> k_neighborhood w u k" "x \<noteq> u"
+ then have "{x, u} \<subseteq> U" using nnvs_mem[OF nnvs] by auto
+ from card_mono[OF nnvs_finite[OF nnvs], OF this] have "card U \<ge> 2"
+ using x(3) by auto
+ then have "card (U - {u} - {x}) < card (U - {u})"
+ using nnvs nnvs_finite nnvs_mem x(1,3) by auto
+ also have "\<dots> \<le> card (k_neighborhood w u k)"
+ using card_N card_U by linarith
+ finally have "card (U - {u} - {x}) < card (k_neighborhood w u k)" .
+ then obtain y where y: "y \<in> k_neighborhood w u k" "y \<notin> U - {u} - {x}"
+ using nnvs_finite[OF nnvs] by (meson card_mono finite_Diff not_le subset_iff)
+ from k_nh_reachable[OF y(1)] y x(2) have y_unvis: "y \<in> unvisited_verts u U"
+ unfolding unvisited_verts_def k_neighborhood_def by blast
+
+ from y have "\<mu> w u y \<le> k" unfolding k_neighborhood_def by simp
+ moreover
+ from x have "\<mu> w u x > k" unfolding k_neighborhood_def
+ using nnvs_subs_verts[OF nnvs] by fastforce
+ ultimately have "\<mu> w u y < \<mu> w u x" by simp
+ from unvis_nearest_vert_contr[OF nnvs \<open>x \<in> U\<close> \<open>x \<noteq> u\<close> y_unvis this] show "False" .
+ qed
+qed
+
+lemma k_nh_subs_nnvs:
+ assumes nnvs: "n_nearest_verts w u n U"
+ and card_nh: "card (k_neighborhood w u k) < card U"
+ shows "k_neighborhood w u k \<subseteq> U"
+proof(rule ccontr)
+ assume "\<not> k_neighborhood w u k \<subseteq> U"
+ then obtain v where v: "v \<in> verts G" "v \<noteq> u" "\<mu> w u v \<le> k" "v \<notin> U"
+ unfolding k_neighborhood_def by auto
+ then have v_unvis: "v \<in> unvisited_verts u U"
+ unfolding unvisited_verts_def
+ using \<mu>_reach_conv[of w u v] PInfty_neq_ereal(1)[of k] by force
+
+ let ?close_verts = "{v \<in> verts G. \<mu> w u v \<le> k} - {u}"
+ let ?far_verts = "{v \<in> verts G. \<mu> w u v > k} - {u}"
+
+ have vert_part: "verts G - {u} = ?close_verts \<union> ?far_verts"
+ "?close_verts \<inter> ?far_verts = {}" by auto
+ with finite_verts have "finite ?close_verts" and "finite ?far_verts"
+ by auto
+
+ have "card (k_neighborhood w u k) \<le> card (U - {u})"
+ using card_nh nnvs nnvs_finite nnvs_mem by auto
+ then have "card ?close_verts \<le> card (U - {u})"
+ unfolding k_neighborhood_def
+ by (cases "\<mu> w u u \<le> k") (auto simp: insert_absorb source_mem_nnvs[OF nnvs])
+
+ have "?far_verts \<inter> (U - {u}) \<noteq> {}"
+ proof(rule ccontr, simp)
+ assume "?far_verts \<inter> (U - {u}) = {}"
+ then have "U - {u} \<subseteq> ?close_verts"
+ using nnvs_subs_verts[OF nnvs] by auto
+ then have "card (U - {u}) \<le> card ?close_verts"
+ by (simp add: card_mono)
+ with \<open>card ?close_verts \<le> card (U - {u})\<close> have "?close_verts = U - {u}"
+ using card_seteq[OF \<open>finite ?close_verts\<close> \<open>U - {u} \<subseteq> ?close_verts\<close>]
+ by blast
+ then show "False" using v by auto
+ qed
+ then obtain x where x: "x \<in> ?far_verts" "x \<in> U" "x \<noteq> u"
+ by auto
+ then have "\<mu> w u v < \<mu> w u x" using \<open>\<mu> w u v \<le> k\<close> by auto
+ from unvis_nearest_vert_contr[OF nnvs x(2,3) v_unvis this]
+ show "False" .
+qed
+
+end
+
+end
\ No newline at end of file
diff --git a/thys/Query_Optimization/Graph_Theory_Batteries.thy b/thys/Query_Optimization/Graph_Theory_Batteries.thy
new file mode 100644
--- /dev/null
+++ b/thys/Query_Optimization/Graph_Theory_Batteries.thy
@@ -0,0 +1,150 @@
+theory Graph_Theory_Batteries
+ imports "Graph_Theory.Graph_Theory"
+begin
+
+text \<open>This theory collects some useful lemmas which extend the graph library.\<close>
+
+lemma (in wf_digraph) sp_non_neg_if_w_non_neg:
+ assumes w_non_neg: "\<forall>e \<in> arcs G. w e \<ge> 0"
+ shows "\<mu> w u v \<ge> 0"
+proof(cases "u \<rightarrow>\<^sup>*\<^bsub>G\<^esub> v")
+ case True
+ have *: "awalk u p v \<Longrightarrow> awalk_cost w p \<ge> 0" for p
+ by (simp add: pos_cost_pos_awalk_cost w_non_neg)
+ then show ?thesis unfolding \<mu>_def
+ by (metis (mono_tags, lifting) INF_less_iff ereal_less_eq(5) mem_Collect_eq not_less)
+next
+ case False
+ then show ?thesis by (simp add: shortest_path_inf)
+qed
+
+
+lemma (in wf_digraph) sp_to_self_if_w_non_neg:
+ assumes w_non_neg: "\<forall>e \<in> arcs G. w e \<ge> 0" and "u \<in> verts G"
+ shows "\<mu> w u u = 0"
+proof -
+ have "awalk u [] u" and "awalk_cost w [] = 0"
+ by (auto simp: assms(2) awalk_Nil_iff)
+ moreover
+ have "\<mu> w u u \<ge> 0" by (simp add: sp_non_neg_if_w_non_neg w_non_neg)
+ ultimately show "\<mu> w u u = 0"
+ by (metis antisym ereal_eq_0(2) min_cost_le_walk_cost)
+qed
+
+lemma (in fin_digraph) reachable_verts_finite: "finite {x. u \<rightarrow>\<^sup>* x}"
+ using finite_verts
+ by (metis finite_subset mem_Collect_eq reachable_in_vertsE subsetI)
+
+lemma (in wf_digraph) awalk_not_distinct:
+ assumes "finite (verts G)" and "awalk u p v" and "length p \<ge> card (verts G)"
+ shows "\<not> distinct (awalk_verts u p)"
+proof -
+ have *: "length (awalk_verts u p) > length p"
+ by (induction p arbitrary: u) auto
+
+ show ?thesis
+ proof(cases "length p = 0")
+ case True
+ with assms show ?thesis unfolding awalk_def by simp
+ next
+ case False
+ with assms * have "length (awalk_verts u p) > card (verts G)"
+ by auto
+ moreover
+ have "set (awalk_verts u p) \<subseteq> verts G" using assms(2) by blast
+ ultimately show ?thesis using assms(1)
+ by (induction p arbitrary: u)
+ (auto, metis card_subset_eq distinct_card less_antisym)
+ qed
+qed
+
+lemma (in wf_digraph) awalk_del_vert:
+ "\<lbrakk> awalk u p v; x \<notin> set (awalk_verts u p) \<rbrakk> \<Longrightarrow> pre_digraph.awalk (del_vert x) u p v"
+proof(induction p arbitrary: u)
+ case Nil
+ then have "set (awalk_verts u []) = {u}" by auto
+ with Nil have "x \<noteq> u" by simp
+ moreover
+ from Nil have "u = v" unfolding awalk_def by auto
+ ultimately show ?case using Nil
+ by (simp add: awalk_hd_in_verts pre_digraph.verts_del_vert
+ wf_digraph.awalk_Nil_iff wf_digraph_del_vert)
+next
+ case (Cons a p)
+ then obtain u' where u': "pre_digraph.awalk (del_vert x) u' p v"
+ using awalk_Cons_iff by auto
+ moreover
+ from Cons.prems have "head G a \<noteq> x"
+ using hd_in_awalk_verts(1) awalk_Cons_iff by auto
+ ultimately show ?case using Cons
+ by (auto simp: awalk_Cons_iff head_del_vert pre_digraph.del_vert_simps(2)
+ tail_del_vert wf_digraph.awalk_Cons_iff wf_digraph_del_vert)
+qed
+
+text \<open>This is an alternative formulation of @{thm pre_digraph.arcs_del_vert}.\<close>
+lemma (in pre_digraph) arcs_del_vert2:
+ "arcs (del_vert v) = arcs G - in_arcs G v - out_arcs G v"
+ using arcs_del_vert by force
+
+lemma (in wf_digraph) strongly_con_imp_reachable_eq_verts:
+ "\<lbrakk> r \<in> verts G; strongly_connected G \<rbrakk> \<Longrightarrow> {x. r \<rightarrow>\<^sup>* x} = verts G"
+ unfolding strongly_connected_def using reachable_in_verts(2) by blast
+
+lemma (in wf_digraph) strongly_con_imp_sp_finite:
+ "\<lbrakk> u \<in> verts G; v \<in> verts G; strongly_connected G \<rbrakk> \<Longrightarrow> \<mu> w u v < \<infinity>"
+ unfolding strongly_connected_def using \<mu>_reach_conv by auto
+
+text \<open>This is an alternative formulation of @{thm fin_digraph.min_cost_awalk} with different
+ assumptions.\<close>
+lemma (in fin_digraph) min_cost_awalk2:
+ assumes "\<mu> w a b \<noteq> \<infinity>" "\<mu> w a b \<noteq> -\<infinity>"
+ shows "\<exists>p. apath a p b \<and> \<mu> w a b = awalk_cost w p"
+proof -
+ from assms have "a \<rightarrow>\<^sup>* b" using \<mu>_reach_conv by auto
+ then show ?thesis using no_neg_cyc_reach_imp_path
+ using assms(2) neg_cycle_imp_inf_\<mu> by blast
+qed
+
+lemma (in fin_digraph) sp_triangle:
+ assumes "a \<in> verts G" "b \<in> verts G" "c \<in> verts G"
+ and w_non_neg: "\<forall>e \<in> arcs G. w e \<ge> 0"
+ shows "\<mu> w a c \<le> \<mu> w a b + \<mu> w b c"
+proof(rule ccontr)
+ assume "\<not> \<mu> w a c \<le> \<mu> w a b + \<mu> w b c"
+ then have *: "\<mu> w a c > \<mu> w a b + \<mu> w b c"
+ using not_less by blast
+ consider (minf) "\<mu> w a c = -\<infinity>" | (pinf) "\<mu> w a c = \<infinity>"
+ | (fin) "\<mu> w a c \<noteq> -\<infinity> \<and> \<mu> w a c \<noteq> \<infinity>" by auto
+ then show "False"
+ proof(cases)
+ case minf
+ with * show ?thesis by auto
+ next
+ case pinf
+ with * have "\<mu> w a b < \<infinity>" "\<mu> w b c < \<infinity>"
+ by auto
+ then have "a \<rightarrow>\<^sup>* b" "b \<rightarrow>\<^sup>* c" using \<mu>_reach_conv by auto
+ then have "a \<rightarrow>\<^sup>* c" using reachable_trans by blast
+ then have "\<mu> w a c \<noteq> \<infinity>" using \<mu>_reach_conv by auto
+ with pinf show ?thesis by simp
+ next
+ case fin
+ with * have "\<mu> w a b \<noteq> \<infinity>" "\<mu> w b c \<noteq> \<infinity>" by auto
+ moreover
+ from fin * have "\<mu> w a b \<noteq> -\<infinity>" "\<mu> w b c \<noteq> -\<infinity>"
+ using w_non_neg sp_non_neg_if_w_non_neg by auto
+ ultimately have
+ "\<exists>p. awalk a p b \<and> awalk_cost w p = \<mu> w a b"
+ "\<exists>p. awalk b p c \<and> awalk_cost w p = \<mu> w b c"
+ using min_cost_awalk2 by (fastforce intro: awalkI_apath)+
+ then obtain p1 p2 where
+ "awalk a p1 b" "awalk_cost w p1 = \<mu> w a b" and
+ "awalk b p2 c" "awalk_cost w p2 = \<mu> w b c" by blast
+ then have "awalk a (p1@p2) c \<and> awalk_cost w (p1@p2) = \<mu> w a b + \<mu> w b c"
+ by (auto intro: awalk_appendI) (metis plus_ereal.simps(1))
+ then show ?thesis using min_cost_le_walk_cost
+ by (metis \<open>\<not> \<mu> w a c \<le> \<mu> w a b + \<mu> w b c\<close>)
+ qed
+qed
+
+end
\ No newline at end of file
diff --git a/thys/Query_Optimization/IKKBZ.thy b/thys/Query_Optimization/IKKBZ.thy
new file mode 100644
--- /dev/null
+++ b/thys/Query_Optimization/IKKBZ.thy
@@ -0,0 +1,2977 @@
+(* Author: Bernhard Stöckl *)
+
+theory IKKBZ
+ imports Complex_Main "CostFunctions" "QueryGraph" "List_Dtree" "HOL-Library.Sorting_Algorithms"
+begin
+
+section \<open>IKKBZ\<close>
+
+subsection \<open>Additional Proofs for Merging Lists\<close>
+
+lemma merge_comm_if_not_equiv: "\<forall>x \<in> set xs. \<forall>y \<in> set ys. compare cmp x y \<noteq> Equiv \<Longrightarrow>
+ Sorting_Algorithms.merge cmp xs ys = Sorting_Algorithms.merge cmp ys xs"
+ apply(induction xs ys rule: Sorting_Algorithms.merge.induct)
+ by(auto intro: compare.quasisym_not_greater simp: compare.asym_greater)
+
+lemma set_merge: "set xs \<union> set ys = set (Sorting_Algorithms.merge cmp xs ys)"
+ using mset_merge set_mset_mset set_mset_union by metis
+
+lemma input_empty_if_merge_empty: "Sorting_Algorithms.merge cmp xs ys = [] \<Longrightarrow> xs = [] \<and> ys = []"
+ using Un_empty set_empty2 set_merge by metis
+
+lemma merge_assoc:
+ "Sorting_Algorithms.merge cmp xs (Sorting_Algorithms.merge cmp ys zs)
+ = Sorting_Algorithms.merge cmp (Sorting_Algorithms.merge cmp xs ys) zs"
+ (is "?merge _ xs (?merge cmp _ zs) = _")
+proof(induction xs "?merge cmp ys zs" arbitrary: ys zs taking: cmp rule: Sorting_Algorithms.merge.induct)
+ case (2 cmp v vs)
+ show ?case using input_empty_if_merge_empty[OF 2[symmetric]] by simp
+next
+ case ind: (3 x xs r rs)
+ then show ?case
+ proof(induction ys zs taking: cmp rule: Sorting_Algorithms.merge.induct)
+ case (3 y ys z zs)
+ then show ?case
+ using ind compare.asym_greater
+ by (smt (verit, best) compare.trans_not_greater list.inject merge.simps(3))
+ qed (auto)
+qed (simp)
+
+lemma merge_comp_commute:
+ assumes "\<forall>x \<in> set xs. \<forall>y \<in> set ys. compare cmp x y \<noteq> Equiv"
+ shows "Sorting_Algorithms.merge cmp xs (Sorting_Algorithms.merge cmp ys zs)
+ = Sorting_Algorithms.merge cmp ys (Sorting_Algorithms.merge cmp xs zs)"
+ using assms merge_assoc merge_comm_if_not_equiv by metis
+
+lemma wf_list_arcs_merge:
+ "\<lbrakk>wf_list_arcs xs; wf_list_arcs ys; snd ` set xs \<inter> snd ` set ys = {}\<rbrakk>
+ \<Longrightarrow> wf_list_arcs (Sorting_Algorithms.merge cmp xs ys)"
+proof(induction xs ys taking: cmp rule: Sorting_Algorithms.merge.induct)
+ case (3 x xs y ys)
+ obtain v1 e1 where v1_def[simp]: "x = (v1,e1)" by force
+ obtain v2 e2 where v2_def[simp]: "y = (v2,e2)" by force
+ show ?case
+ proof(cases "compare cmp x y = Greater")
+ case True
+ have "e2 \<notin> snd ` set (x#xs)" using "3.prems"(3) by auto
+ moreover have "e2 \<notin> snd ` set ys" using "3.prems"(2) by simp
+ ultimately have "e2 \<notin> snd ` set (Sorting_Algorithms.merge cmp (x#xs) ys)"
+ using set_merge by fast
+ then show ?thesis using True 3 by force
+ next
+ case False
+ have "e1 \<notin> snd `set (y#ys)" using "3.prems"(3) by auto
+ moreover have "e1 \<notin> snd ` set xs" using "3.prems"(1) by simp
+ ultimately have "e1 \<notin> snd `set (Sorting_Algorithms.merge cmp xs (y#ys))"
+ using set_merge by fast
+ then show ?thesis using False 3 by force
+ qed
+qed (auto)
+
+lemma wf_list_lverts_merge:
+ "\<lbrakk>wf_list_lverts xs; wf_list_lverts ys;
+ \<forall>v1 \<in> fst ` set xs. \<forall>v2 \<in> fst ` set ys. set v1 \<inter> set v2 = {}\<rbrakk>
+ \<Longrightarrow> wf_list_lverts (Sorting_Algorithms.merge cmp xs ys)"
+proof(induction xs ys taking: cmp rule: Sorting_Algorithms.merge.induct)
+ case (3 x xs y ys)
+ obtain v1 e1 where v1_def[simp]: "x = (v1,e1)" by force
+ obtain v2 e2 where v2_def[simp]: "y = (v2,e2)" by force
+ show ?case
+ proof(cases "compare cmp x y = Greater")
+ case True
+ have "\<forall>v \<in> fst ` set (x#xs). set v2 \<inter> set v = {}" using "3.prems"(3) by auto
+ moreover have "\<forall>v \<in> fst ` set ys. set v2 \<inter> set v = {}" using "3.prems"(2) by simp
+ ultimately have "\<forall>v \<in> fst ` set (Sorting_Algorithms.merge cmp (x#xs) ys). set v2 \<inter> set v = {}"
+ using set_merge[of "x#xs"] by blast
+ then show ?thesis using True 3 by force
+ next
+ case False
+ have "\<forall>v \<in> fst ` set (y#ys). set v1 \<inter> set v = {}" using "3.prems"(3) by auto
+ moreover have "\<forall>v \<in> fst ` set xs. set v1 \<inter> set v = {}" using "3.prems"(1) by simp
+ ultimately have "\<forall>v \<in> fst ` set (Sorting_Algorithms.merge cmp xs (y#ys)). set v1 \<inter> set v = {}"
+ using set_merge[of xs] by auto
+ then show ?thesis using False 3 by force
+ qed
+qed (auto)
+
+lemma merge_hd_exists_preserv:
+ "\<lbrakk>\<exists>(t1,e1) \<in> fset xs. hd as = (root t1,e1); \<exists>(t1,e1) \<in> fset xs. hd bs = (root t1,e1)\<rbrakk>
+ \<Longrightarrow> \<exists>(t1,e1) \<in> fset xs. hd (Sorting_Algorithms.merge cmp as bs) = (root t1,e1)"
+ by(induction as bs rule: Sorting_Algorithms.merge.induct) auto
+
+lemma merge_split_supset:
+ assumes "as@r#bs = (Sorting_Algorithms.merge cmp xs ys)"
+ shows "\<exists>bs' as'. set bs' \<subseteq> set bs \<and> (as'@r#bs' = xs \<or> as'@r#bs' = ys)"
+using assms proof(induction xs ys arbitrary: as taking: cmp rule: Sorting_Algorithms.merge.induct)
+ case (3 x xs y ys)
+ let ?merge = "Sorting_Algorithms.merge cmp"
+ show ?case
+ proof(cases "compare cmp x y = Greater")
+ case True
+ then show ?thesis
+ proof(cases as)
+ case Nil
+ have "set ys \<subseteq> set (?merge (x#xs) ys)" using set_merge by fast
+ then show ?thesis using Nil True "3.prems" by auto
+ next
+ case (Cons c cs)
+ then have "cs@r#bs = ?merge (x#xs) ys" using True "3.prems" by simp
+ then obtain as' bs' where as_def: "set bs' \<subseteq> set bs" "as'@r#bs' = x#xs \<or> as'@r#bs' = ys"
+ using "3.IH"(1)[OF True] by blast
+ have "as'@r#bs' = x#xs \<or> (y#as')@r#bs' = y#ys" using as_def(2) by simp
+ then show ?thesis using as_def(1) by blast
+ qed
+ next
+ case False
+ then show ?thesis
+ proof(cases as)
+ case Nil
+ have "set xs \<subseteq> set (?merge xs (y#ys))" using set_merge by fast
+ then show ?thesis using Nil False "3.prems" by auto
+ next
+ case (Cons c cs)
+ then have "cs@r#bs = ?merge xs (y#ys)" using False "3.prems" by simp
+ then obtain as' bs' where as_def: "set bs' \<subseteq> set bs" "as'@r#bs' = xs \<or> as'@r#bs' = y#ys"
+ using "3.IH"(2)[OF False] by blast
+ have "(x#as')@r#bs' = x#xs \<or> as'@r#bs' = y#ys" using as_def(2) by simp
+ then show ?thesis using as_def(1) by blast
+ qed
+ qed
+qed(auto)
+
+lemma merge_split_supset_fst:
+ assumes "as@(r,e)#bs = (Sorting_Algorithms.merge cmp xs ys)"
+ shows "\<exists>as' bs'. set bs' \<subseteq> set bs \<and> (as'@(r,e)#bs' = xs \<or> as'@(r,e)#bs' = ys)"
+ using merge_split_supset[OF assms] by blast
+
+lemma merge_split_supset':
+ assumes "r \<in> set (Sorting_Algorithms.merge cmp xs ys)"
+ shows "\<exists>as bs as' bs'. as@r#bs = (Sorting_Algorithms.merge cmp xs ys)
+ \<and> set bs' \<subseteq> set bs \<and> (as'@r#bs' = xs \<or> as'@r#bs' = ys)"
+ using merge_split_supset split_list[OF assms] by metis
+
+lemma merge_split_supset_fst':
+ assumes "r \<in> fst ` set (Sorting_Algorithms.merge cmp xs ys)"
+ shows "\<exists>as e bs as' bs'. as@(r,e)#bs = (Sorting_Algorithms.merge cmp xs ys)
+ \<and> set bs' \<subseteq> set bs \<and> (as'@(r,e)#bs' = xs \<or> as'@(r,e)#bs' = ys)"
+proof -
+ obtain e where "(r,e) \<in> set (Sorting_Algorithms.merge cmp xs ys)" using assms by auto
+ then show ?thesis using merge_split_supset'[of "(r,e)"] by blast
+qed
+
+lemma merge_split_supset_subtree:
+ assumes "\<forall>as bs. as@(r,e)#bs = xs \<longrightarrow>
+ (\<exists>zs. is_subtree (Node r zs) t \<and> dverts (Node r zs) \<subseteq> fst ` set ((r,e)#bs))"
+ and "\<forall>as bs. as@(r,e)#bs = ys \<longrightarrow>
+ (\<exists>zs. is_subtree (Node r zs) t \<and> dverts (Node r zs) \<subseteq> fst ` set ((r,e)#bs))"
+ and "as@(r,e)#bs = (Sorting_Algorithms.merge cmp xs ys)"
+ shows "\<exists>zs. is_subtree (Node r zs) t \<and> dverts (Node r zs) \<subseteq> (fst ` set ((r,e)#bs))"
+proof -
+ obtain as' bs' where bs'_def: "set bs' \<subseteq> set bs" "as'@(r,e)#bs' = xs \<or> as'@(r,e)#bs' = ys"
+ using merge_split_supset[OF assms(3)] by blast
+ obtain zs where zs_def: "is_subtree (Node r zs) t" "dverts (Node r zs) \<subseteq> fst ` set ((r,e)#bs')"
+ using assms(1,2) bs'_def(2) by blast
+ then have "dverts (Node r zs) \<subseteq> fst ` set ((r,e)#bs)" using bs'_def(1) by auto
+ then show ?thesis using zs_def(1) by blast
+qed
+
+lemma merge_split_supset_strict_subtree:
+ assumes "\<forall>as bs. as@(r,e)#bs = xs \<longrightarrow> (\<exists>zs. strict_subtree (Node r zs) t
+ \<and> dverts (Node r zs) \<subseteq> fst ` set ((r,e)#bs))"
+ and "\<forall>as bs. as@(r,e)#bs = ys \<longrightarrow> (\<exists>zs. strict_subtree (Node r zs) t
+ \<and> dverts (Node r zs) \<subseteq> fst ` set ((r,e)#bs))"
+ and "as@(r,e)#bs = (Sorting_Algorithms.merge cmp xs ys)"
+ shows "\<exists>zs. strict_subtree (Node r zs) t
+ \<and> dverts (Node r zs) \<subseteq> (fst ` set ((r,e)#bs))"
+proof -
+ obtain as' bs' where bs'_def: "set bs' \<subseteq> set bs" "as'@(r,e)#bs' = xs \<or> as'@(r,e)#bs' = ys"
+ using merge_split_supset[OF assms(3)] by blast
+ obtain zs where zs_def:
+ "strict_subtree (Node r zs) t" "dverts (Node r zs) \<subseteq> fst ` set ((r,e)#bs')"
+ using assms(1,2) bs'_def(2) by blast
+ then have "dverts (Node r zs) \<subseteq> fst ` set ((r,e)#bs)" using bs'_def(1) by auto
+ then show ?thesis using zs_def(1,2) by blast
+qed
+
+lemma sorted_app_l: "sorted cmp (xs@ys) \<Longrightarrow> sorted cmp xs"
+ by(induction xs rule: sorted.induct) auto
+
+lemma sorted_app_r: "sorted cmp (xs@ys) \<Longrightarrow> sorted cmp ys"
+ by(induction xs) (auto simp: sorted_Cons_imp_sorted)
+
+subsection \<open>Merging Subtrees of Ranked Dtrees\<close>
+
+locale ranked_dtree = list_dtree t for t :: "('a list,'b) dtree" +
+ fixes rank :: "'a list \<Rightarrow> real"
+ fixes cmp :: "('a list\<times>'b) comparator"
+ assumes cmp_antisym:
+ "\<lbrakk>v1 \<noteq> []; v2 \<noteq> []; compare cmp (v1,e1) (v2,e2) = Equiv\<rbrakk> \<Longrightarrow> set v1 \<inter> set v2 \<noteq> {} \<or> e1=e2"
+begin
+
+lemma ranked_dtree_rec: "\<lbrakk>Node r xs = t; (x,e) \<in> fset xs\<rbrakk> \<Longrightarrow> ranked_dtree x cmp"
+ using wf_arcs wf_lverts by(unfold_locales) (auto dest: cmp_antisym)
+
+lemma ranked_dtree_rec_suc: "(x,e) \<in> fset (sucs t) \<Longrightarrow> ranked_dtree x cmp"
+ using ranked_dtree_rec[of "root t"] by force
+
+lemma ranked_dtree_subtree: "is_subtree x t \<Longrightarrow> ranked_dtree x cmp"
+using ranked_dtree_axioms proof(induction t)
+ case (Node r xs)
+ then interpret ranked_dtree "Node r xs" by blast
+ show ?case using Node ranked_dtree_rec by (cases "x = Node r xs") auto
+qed
+
+subsubsection \<open>Definitions\<close>
+
+lift_definition cmp' :: "('a list\<times>'b) comparator" is
+ "(\<lambda>x y. if rank (rev (fst x)) < rank (rev (fst y)) then Less
+ else if rank (rev (fst x)) > rank (rev (fst y)) then Greater
+ else compare cmp x y)"
+ by (smt (z3) comp.distinct(3) compare.less_iff_sym_greater compare.refl compare.trans_equiv
+ compare.trans_less comparator_def)
+
+abbreviation disjoint_sets :: "(('a list, 'b) dtree \<times> 'b) fset \<Rightarrow> bool" where
+ "disjoint_sets xs \<equiv> disjoint_darcs xs \<and> disjoint_dlverts xs \<and> (\<forall>(t,e) \<in> fset xs. [] \<notin> dverts t)"
+
+abbreviation merge_f :: "'a list \<Rightarrow> (('a list, 'b) dtree \<times> 'b) fset
+ \<Rightarrow> ('a list, 'b) dtree \<times> 'b \<Rightarrow> ('a list \<times> 'b) list \<Rightarrow> ('a list \<times> 'b) list" where
+ "merge_f r xs \<equiv> \<lambda>(t,e) b. if (t,e) \<in> fset xs \<and> list_dtree (Node r xs)
+ \<and> (\<forall>(v,e') \<in> set b. set v \<inter> dlverts t = {} \<and> v \<noteq> [] \<and> e' \<notin> darcs t \<union> {e})
+ then Sorting_Algorithms.merge cmp' (dtree_to_list (Node r {|(t,e)|})) b else b"
+
+definition merge :: "('a list,'b) dtree \<Rightarrow> ('a list,'b) dtree" where
+ "merge t1 \<equiv> dtree_from_list (root t1) (ffold (merge_f (root t1) (sucs t1)) [] (sucs t1))"
+
+subsubsection \<open>Commutativity Proofs\<close>
+
+lemma cmp_sets_not_dsjnt_if_equiv:
+ "\<lbrakk>v1 \<noteq> []; v2 \<noteq> []\<rbrakk> \<Longrightarrow> compare cmp' (v1,e1) (v2,e2) = Equiv \<Longrightarrow> set v1 \<inter> set v2 \<noteq> {} \<or> e1=e2"
+ by(auto simp: cmp'.rep_eq dest: cmp_antisym split: if_splits)
+
+lemma dtree_to_list_x_in_dverts:
+ "x \<in> fst ` set (dtree_to_list (Node r {|(t1,e1)|})) \<Longrightarrow> x \<in> dverts t1"
+ using dtree_to_list_sub_dverts_ins by auto
+
+lemma dtree_to_list_x_in_dlverts:
+ "x \<in> fst ` set (dtree_to_list (Node r {|(t1,e1)|})) \<Longrightarrow> set x \<subseteq> dlverts t1"
+ using dtree_to_list_x_in_dverts lverts_if_in_verts by fast
+
+lemma dtree_to_list_x1_disjoint:
+ "dlverts t1 \<inter> dlverts t2 = {}
+ \<Longrightarrow> \<forall>x1 \<in> fst ` set (dtree_to_list (Node r {|(t1,e1)|})). set x1 \<inter> dlverts t2 = {}"
+ using dtree_to_list_x_in_dlverts by fast
+
+lemma dtree_to_list_xs_disjoint:
+ "dlverts t1 \<inter> dlverts t2 = {}
+ \<Longrightarrow> \<forall>x1 \<in> fst ` set (dtree_to_list (Node r {|(t1,e1)|})).
+ \<forall>x2 \<in> fst ` set (dtree_to_list (Node r' {|(t2,e2)|})). set x1 \<inter> set x2 = {}"
+ using dtree_to_list_x_in_dlverts by (metis inf_mono subset_empty)
+
+lemma dtree_to_list_e_in_darcs:
+ "e \<in> snd ` set (dtree_to_list (Node r {|(t1,e1)|})) \<Longrightarrow> e \<in> darcs t1 \<union> {e1}"
+ using dtree_to_list_sub_darcs by fastforce
+
+lemma dtree_to_list_e_disjoint:
+ "(darcs t1 \<union> {e1}) \<inter> (darcs t2 \<union> {e2}) = {}
+ \<Longrightarrow> \<forall>e \<in> snd ` set (dtree_to_list (Node r {|(t1,e1)|})). e \<notin> darcs t2 \<union> {e2}"
+ using dtree_to_list_e_in_darcs by fast
+
+lemma dtree_to_list_es_disjoint:
+ "(darcs t1 \<union> {e1}) \<inter> (darcs t2 \<union> {e2}) = {}
+ \<Longrightarrow> \<forall>e3 \<in> snd ` set (dtree_to_list (Node r {|(t1,e1)|})).
+ \<forall>e4 \<in> snd ` set (dtree_to_list (Node r' {|(t2,e2)|})). e3 \<noteq> e4"
+ using dtree_to_list_e_disjoint dtree_to_list_e_in_darcs by fast
+
+lemma dtree_to_list_xs_not_equiv:
+ assumes "dlverts t1 \<inter> dlverts t2 = {}"
+ and "(darcs t1 \<union> {e3}) \<inter> (darcs t2 \<union> {e4}) = {}"
+ and "(x1,e1) \<in> set (dtree_to_list (Node r {|(t1,e3)|}))" and "x1 \<noteq> []"
+ and "(x2,e2) \<in> set (dtree_to_list (Node r' {|(t2,e4)|}))" and "x2 \<noteq> []"
+ shows "compare cmp' (x1,e1) (x2,e2) \<noteq> Equiv"
+ using dtree_to_list_xs_disjoint[OF assms(1)] cmp_sets_not_dsjnt_if_equiv[of x1 x2 e1 e2]
+ dtree_to_list_es_disjoint[OF assms(2)] assms(3-6) by fastforce
+
+lemma merge_dtree1_not_equiv:
+ assumes "dlverts t1 \<inter> dlverts t2 = {}"
+ and "(darcs t1 \<union> {e1}) \<inter> (darcs t2 \<union> {e2}) = {}"
+ and "[] \<notin> dverts t1"
+ and "[] \<notin> dverts t2"
+ and "xs = dtree_to_list (Node r {|(t1,e1)|})"
+ and "ys = dtree_to_list (Node r' {|(t2,e2)|})"
+ shows "\<forall>(x1,e1)\<in>set xs. \<forall>(x2,e2)\<in>set ys. compare cmp' (x1,e1) (x2,e2) \<noteq> Equiv"
+proof -
+ have "\<forall>(x1,e1)\<in>set xs. x1 \<noteq> []"
+ using assms(3,5) dtree_to_list_x_in_dverts
+ by (smt (verit) case_prod_conv case_prod_eta fst_conv pair_imageI surj_pair)
+ moreover have "\<forall>(x1,e1)\<in>set ys. x1 \<noteq> []"
+ using assms(4,6) dtree_to_list_x_in_dverts
+ by (smt (verit) case_prod_conv case_prod_eta fst_conv pair_imageI surj_pair)
+ ultimately show ?thesis using dtree_to_list_xs_not_equiv[of t1 t2] assms(1,2,5,6) by fast
+qed
+
+lemma merge_commute_aux1:
+ assumes "dlverts t1 \<inter> dlverts t2 = {}"
+ and "(darcs t1 \<union> {e1}) \<inter> (darcs t2 \<union> {e2}) = {}"
+ and "[] \<notin> dverts t1"
+ and "[] \<notin> dverts t2"
+ and "xs = dtree_to_list (Node r {|(t1,e1)|})"
+ and "ys = dtree_to_list (Node r' {|(t2,e2)|})"
+ shows "Sorting_Algorithms.merge cmp' xs ys = Sorting_Algorithms.merge cmp' ys xs"
+ using merge_dtree1_not_equiv merge_comm_if_not_equiv assms by fast
+
+lemma dtree_to_list_x1_list_disjoint:
+ "set x2 \<inter> dlverts t1 = {}
+ \<Longrightarrow> \<forall>x1 \<in> fst ` set (dtree_to_list (Node r {|(t1,e1)|})). set x1 \<inter> set x2 = {}"
+ using dtree_to_list_x_in_dlverts by fast
+
+lemma dtree_to_list_e1_list_disjoint':
+ "set x2 \<inter> darcs t1 \<union> {e1} = {}
+ \<Longrightarrow> \<forall>x1 \<in> snd ` set (dtree_to_list (Node r {|(t1,e1)|})). x1 \<notin> set x2"
+ using dtree_to_list_e_in_darcs by blast
+
+lemma dtree_to_list_e1_list_disjoint:
+ "e2 \<notin> darcs t1 \<union> {e1}
+ \<Longrightarrow> \<forall>x1 \<in> snd ` set (dtree_to_list (Node r {|(t1,e1)|})). x1 \<noteq> e2"
+ using dtree_to_list_e_in_darcs by fast
+
+lemma dtree_to_list_xs_list_not_equiv:
+ assumes "(x1,e1) \<in> set (dtree_to_list (Node r {|(t1,e3)|}))"
+ and "x1 \<noteq> []"
+ and "\<forall>(v,e) \<in> set ys. set v \<inter> dlverts t1 = {} \<and> v \<noteq> [] \<and> e \<notin> darcs t1 \<union> {e3}"
+ and "(x2,e2) \<in> set ys"
+ shows "compare cmp' (x1,e1) (x2,e2) \<noteq> Equiv"
+proof -
+ have "set x1 \<inter> set x2 = {}" using dtree_to_list_x1_list_disjoint assms(1,3,4) by fastforce
+ moreover have "e1 \<noteq> e2" using dtree_to_list_e1_list_disjoint assms(1,3,4) by fastforce
+ ultimately show ?thesis using cmp_sets_not_dsjnt_if_equiv assms(2-4) by auto
+qed
+
+lemma merge_commute_aux2:
+ assumes "[] \<notin> dverts t1"
+ and "xs = dtree_to_list (Node r {|(t1,e1)|})"
+ and "\<forall>(v,e) \<in> set ys. set v \<inter> dlverts t1 = {} \<and> v\<noteq>[] \<and> e \<notin> darcs t1 \<union> {e1}"
+ shows "Sorting_Algorithms.merge cmp' xs ys = Sorting_Algorithms.merge cmp' ys xs"
+proof -
+ have "\<forall>(x1,e1)\<in>set xs. x1 \<noteq> []"
+ using assms(1,2) dtree_to_list_x_in_dverts
+ by (smt (verit) case_prod_conv case_prod_eta fst_conv pair_imageI surj_pair)
+ then have "\<forall>(x1,e1)\<in>set xs. \<forall>(x2,e2)\<in>set ys. compare cmp' (x1,e1) (x2,e2) \<noteq> Equiv"
+ using assms(2,3) dtree_to_list_xs_list_not_equiv by force
+ then show ?thesis using merge_comm_if_not_equiv by fast
+qed
+
+lemma merge_inter_preserv':
+ assumes "f = (merge_f r xs)"
+ and "\<not>(\<forall>(v,_) \<in> set z. set v \<inter> dlverts t1 = {})"
+ shows "\<not>(\<forall>(v,_) \<in> set (f (t2,e2) z). set v \<inter> dlverts t1 = {})"
+proof(cases "f (t2,e2) z = z")
+ case False
+ then have "f (t2,e2) z = Sorting_Algorithms.merge cmp' (dtree_to_list (Node r {|(t2,e2)|})) z"
+ by(simp add: assms(1)) meson
+ then show ?thesis using assms(2) set_merge by force
+qed (simp add: assms(2))
+
+lemma merge_inter_preserv:
+ assumes "f = (merge_f r xs)"
+ and "\<not>(\<forall>(v,e) \<in> set z. set v \<inter> dlverts t1 = {} \<and> e \<notin> darcs t1 \<union> {e1})"
+ shows "\<not>(\<forall>(v,e) \<in> set (f (t2,e2) z). set v \<inter> dlverts t1 = {} \<and> e \<notin> darcs t1 \<union> {e1})"
+proof(cases "f (t2,e2) z = z")
+ case True
+ then show ?thesis using assms(2) by simp
+next
+ case False
+ then have "f (t2,e2) z = Sorting_Algorithms.merge cmp' (dtree_to_list (Node r {|(t2,e2)|})) z"
+ by(simp add: assms(1)) meson
+ then show ?thesis
+ using assms(2) set_merge[of "dtree_to_list (Node r {|(t2,e2)|})"] by simp blast
+qed
+
+lemma merge_f_eq_z_if_inter':
+ "\<not>(\<forall>(v,_) \<in> set z. set v \<inter> dlverts t1 = {}) \<Longrightarrow> (merge_f r xs) (t1,e1) z = z"
+ by auto
+
+lemma merge_f_eq_z_if_inter:
+ "\<not>(\<forall>(v,e) \<in> set z. set v \<inter> dlverts t1 = {} \<and> e \<notin> darcs t1 \<union> {e1})
+ \<Longrightarrow> (merge_f r xs) (t1,e1) z = z"
+ by auto
+
+lemma merge_empty_inter_preserv_aux:
+ assumes "f = (merge_f r xs)"
+ and "(t2,e2) \<in> fset xs"
+ and "\<forall>(v,e) \<in> set z. set v \<inter> dlverts t2 = {} \<and> v\<noteq>[] \<and> e \<notin> darcs t2 \<union> {e2}"
+ and "list_dtree (Node r xs)"
+ and "(t1,e1) \<in> fset xs"
+ and "(t1,e1) \<noteq> (t2,e2)"
+ and "\<forall>(v,e) \<in> set z. set v \<inter> dlverts t1 = {} \<and> v\<noteq>[] \<and> e \<notin> darcs t1 \<union> {e1}"
+ shows "\<forall>(v,e) \<in> set (f (t2,e2) z). set v \<inter> dlverts t1 = {} \<and> v\<noteq>[] \<and> e \<notin> darcs t1 \<union> {e1}"
+proof -
+ have 0: "f (t2,e2) z = Sorting_Algorithms.merge cmp' (dtree_to_list (Node r {|(t2,e2)|})) z"
+ using assms(1-6) by simp
+ let ?ys = "dtree_to_list (Node r {|(t2,e2)|})"
+ interpret list_dtree "Node r xs" using assms(4) .
+ have "disjoint_dlverts xs" using wf_lverts by simp
+ then have "\<forall>v\<in>fst ` set ?ys. set v \<inter> dlverts t1 = {}"
+ using dtree_to_list_x1_disjoint assms(2,5,6) by fast
+ then have 1: "\<forall>v\<in>fst ` set (Sorting_Algorithms.merge cmp' ?ys z). set v \<inter> dlverts t1 = {}"
+ using assms(7) set_merge[of ?ys] by fastforce
+ have "disjoint_darcs xs" using disjoint_darcs_if_wf_xs[OF wf_arcs] .
+ then have 2: "(darcs t2 \<union> {e2}) \<inter> (darcs t1 \<union> {e1}) = {}" using assms(2,5,6) by fast
+ have "\<forall>e\<in>snd ` set ?ys. e \<notin> darcs t1 \<union> {e1}" using dtree_to_list_e_disjoint[OF 2] by blast
+ then have 2: "\<forall>e\<in>snd ` set (Sorting_Algorithms.merge cmp' ?ys z). e \<notin> darcs t1 \<union> {e1}"
+ using assms(7) set_merge[of ?ys] by fastforce
+ have "[] \<notin> dverts t2" using assms(2) empty_notin_wf_dlverts wf_lverts by fastforce
+ then have "\<forall>v\<in>fst ` set ?ys. v \<noteq> []" by (metis dtree_to_list_x_in_dverts)
+ then have "\<forall>v\<in>fst ` set (Sorting_Algorithms.merge cmp' ?ys z). v \<noteq> []"
+ using assms(7) set_merge[of ?ys] by fastforce
+ then show ?thesis using 0 1 2 by fastforce
+qed
+
+lemma merge_empty_inter_preserv:
+ assumes "f = (merge_f r xs)"
+ and "\<forall>(v,e) \<in> set z. set v \<inter> dlverts t1 = {} \<and> v\<noteq>[] \<and> e \<notin> darcs t1 \<union> {e1}"
+ and "(t1,e1) \<in> fset xs"
+ and "(t1,e1) \<noteq> (t2,e2)"
+ shows "\<forall>(v,e) \<in> set (f (t2,e2) z). set v \<inter> dlverts t1 = {} \<and> v\<noteq>[] \<and> e \<notin> darcs t1 \<union> {e1}"
+proof(cases "f (t2,e2) z = z")
+ case True
+ then show ?thesis using assms(2) by simp
+next
+ case False
+ have "(t2,e2) \<in> fset xs" using False assms(1) by simp argo
+ moreover have "list_dtree (Node r xs)" using False assms(1) by simp argo
+ moreover have "\<forall>(v,e) \<in> set z. set v \<inter> dlverts t2 = {} \<and> v\<noteq>[] \<and> e \<notin> darcs t2 \<union> {e2}"
+ using False assms(1) by simp argo
+ ultimately show ?thesis using merge_empty_inter_preserv_aux assms by presburger
+qed
+
+lemma merge_commute_aux3:
+ assumes "f = (merge_f r xs)"
+ and "list_dtree (Node r xs)"
+ and "(t1,e1) \<noteq> (t2,e2)"
+ and "(\<forall>(v,e) \<in> set z. set v \<inter> dlverts t1 = {} \<and> v \<noteq> [] \<and> e \<notin> darcs t1 \<union> {e1})"
+ and "(\<forall>(v,e) \<in> set z. set v \<inter> dlverts t2 = {} \<and> v \<noteq> [] \<and> e \<notin> darcs t2 \<union> {e2})"
+ and "(t1,e1) \<in> fset xs"
+ and "(t2,e2) \<in> fset xs"
+ shows "(f (t2, e2) \<circ> f (t1, e1)) z = (f (t1, e1) \<circ> f (t2, e2)) z"
+proof -
+ let ?merge = "Sorting_Algorithms.merge"
+ let ?xs = "dtree_to_list (Node r {|(t1, e1)|})"
+ let ?ys = "dtree_to_list (Node r {|(t2, e2)|})"
+ interpret list_dtree "Node r xs" using assms(2) .
+ have disj: "dlverts t1 \<inter> dlverts t2 = {}" "[] \<notin> dverts t1" "[] \<notin> dverts t2"
+ using assms(3,6,7) disjoint_dlverts_if_wf[OF wf_lverts] empty_notin_wf_dlverts[OF wf_lverts]
+ by fastforce+
+ have disj2: "(darcs t1 \<union> {e1}) \<inter> (darcs t2 \<union> {e2}) = {}"
+ using assms(2,3,6,7) disjoint_darcs_if_wf_aux5[OF wf_arcs] by blast
+ have "f (t2, e2) z = Sorting_Algorithms.merge cmp' ?ys z" using assms(1,2,5,7) by simp
+ moreover have "\<forall>(v,e)\<in>set (f (t2,e2) z). set v \<inter> dlverts t1 = {} \<and> v \<noteq> [] \<and> e \<notin> darcs t1 \<union> {e1}"
+ using merge_empty_inter_preserv[OF assms(1)] assms(3,4,6) by simp
+ ultimately have 2: "(f (t1, e1) \<circ> f (t2, e2)) z = ?merge cmp' ?xs (?merge cmp' ?ys z)"
+ using assms(1-2,6) by auto
+ have "f (t1, e1) z = Sorting_Algorithms.merge cmp' ?xs z" using assms(1-2,4,6) by simp
+ moreover have "\<forall>(v,e)\<in>set (f (t1, e1) z). set v \<inter> dlverts t2 = {} \<and> v\<noteq>[] \<and> e \<notin> darcs t2 \<union> {e2}"
+ using merge_empty_inter_preserv[OF assms(1)] assms(3,5,7) by presburger
+ ultimately have 3: "(f (t2, e2) \<circ> f (t1,e1)) z = ?merge cmp' ?ys (?merge cmp' ?xs z)"
+ using assms(1-2,7) by simp
+ have "\<forall>x\<in>set ?xs. \<forall>y\<in>set ?ys. compare cmp' x y \<noteq> Equiv"
+ using merge_dtree1_not_equiv[OF disj(1) disj2] disj(2,3) by fast
+ then have "?merge cmp' ?xs (?merge cmp' ?ys z) = ?merge cmp' ?ys (?merge cmp' ?xs z)"
+ using merge_comp_commute by blast
+ then show ?thesis using 2 3 by simp
+qed
+
+lemma merge_commute_aux:
+ assumes "f = (merge_f r xs)"
+ shows "(f y \<circ> f x) z = (f x \<circ> f y) z"
+proof -
+ obtain t1 e1 where y_def[simp]: "x = (t1, e1)" by fastforce
+ obtain t2 e2 where x_def[simp]: "y = (t2, e2)" by fastforce
+ show ?thesis
+ proof(cases "(t1,e1) \<in> fset xs \<and> (t2,e2) \<in> fset xs")
+ case True
+ then consider "list_dtree (Node r xs)" "(t1,e1) \<noteq> (t2,e2)"
+ "(\<forall>(v,e) \<in> set z. set v \<inter> dlverts t1 = {} \<and> v \<noteq> [] \<and> e \<notin> darcs t1 \<union> {e1})"
+ "(\<forall>(v,e) \<in> set z. set v \<inter> dlverts t2 = {} \<and> v \<noteq> [] \<and> e \<notin> darcs t2 \<union> {e2})"
+ | "(t1,e1) = (t2,e2)"
+ | "\<not>list_dtree (Node r xs)"
+ | "\<not>(\<forall>(v,e) \<in> set z. set v \<inter> dlverts t1 = {} \<and> e \<notin> darcs t1 \<union> {e1})"
+ | "\<not>(\<forall>(v,e) \<in> set z. set v \<inter> dlverts t2 = {} \<and> e \<notin> darcs t2 \<union> {e2})"
+ | "\<not>(\<forall>(v,_) \<in> set z. v \<noteq> [])"
+ by fast
+ then show ?thesis
+ proof(cases)
+ case 1
+ then show ?thesis using merge_commute_aux3[OF assms] True by simp
+ next
+ case 4
+ then have "f x z = z" by(auto simp: assms)
+ then have 0: "(f y \<circ> f x) z = f y z" by simp
+ have "\<not>(\<forall>(v,e) \<in> set (f y z). set v \<inter> dlverts t1 = {} \<and> e \<notin> darcs t1 \<union> {e1})"
+ using merge_inter_preserv[OF assms 4] by simp
+ then have "(f x \<circ> f y) z = f y z" using assms merge_f_eq_z_if_inter by auto
+ then show ?thesis using 0 by simp
+ next
+ case 5
+ then have "f y z = z" by(auto simp: assms)
+ then have 0: "(f x \<circ> f y) z = f x z" by simp
+ have "\<not>(\<forall>(v,e) \<in> set (f x z). set v \<inter> dlverts t2 = {} \<and> e \<notin> darcs t2 \<union> {e2})"
+ using merge_inter_preserv[OF assms 5] by simp
+ then have "(f y \<circ> f x) z = f x z" using assms merge_f_eq_z_if_inter by simp
+ then show ?thesis using 0 by simp
+ next
+ case 6
+ then have "(f x \<circ> f y) z = z" by(auto simp: assms)
+ also have "z = (f y \<circ> f x) z" using 6 by(auto simp: assms)
+ finally show ?thesis by simp
+ qed(auto simp: assms)
+ next
+ case False
+ then have "(\<forall>z. f x z = z) \<or> (\<forall>z. f y z = z)" by(auto simp: assms)
+ then show ?thesis by force
+ qed
+qed
+
+lemma merge_commute: "comp_fun_commute (merge_f r xs)"
+ using comp_fun_commute_def merge_commute_aux by blast
+
+interpretation Comm: comp_fun_commute "merge_f r xs" by (rule merge_commute)
+
+subsubsection \<open>Merging Preserves Arcs and Verts\<close>
+
+lemma empty_list_valid_merge:
+ "(\<forall>(v,e) \<in> set []. set v \<inter> dlverts t1 = {} \<and> v \<noteq> [] \<and> e \<notin> darcs t1 \<union> {e1})"
+ by simp
+
+lemma disjoint_sets_sucs: "disjoint_sets (sucs t)"
+ using empty_notin_wf_dlverts list_dtree.wf_lverts list_dtree_rec dtree.collapse
+ disjoint_dlverts_if_wf[OF wf_lverts] disjoint_darcs_if_wf[OF wf_arcs] by blast
+
+lemma empty_not_elem_subset:
+ "\<lbrakk>xs |\<subseteq>| ys; \<forall>(t,e) \<in> fset ys. [] \<notin> dverts t\<rbrakk> \<Longrightarrow> \<forall>(t,e) \<in> fset xs. [] \<notin> dverts t"
+ by (meson less_eq_fset.rep_eq subset_iff)
+
+lemma disjoint_sets_subset:
+ assumes "xs |\<subseteq>| ys" and "disjoint_sets ys"
+ shows " disjoint_sets xs"
+ using disjoint_darcs_subset[OF assms(1)] disjoint_dlverts_subset[OF assms(1)]
+ empty_not_elem_subset[OF assms(1)] assms by fast
+
+lemma merge_mdeg_le_1: "max_deg (merge t1) \<le> 1"
+ unfolding merge_def by (rule dtree_from_list_deg_le_1)
+
+lemma merge_mdeg_le1_sub: "is_subtree t1 (merge t2) \<Longrightarrow> max_deg t1 \<le> 1"
+ using merge_mdeg_le_1 le_trans mdeg_ge_sub by fast
+
+lemma merge_fcard_le1: "fcard (sucs (merge t1)) \<le> 1"
+ unfolding merge_def by (rule dtree_from_list_fcard_le1)
+
+lemma merge_fcard_le1_sub: "is_subtree t1 (merge t2) \<Longrightarrow> fcard (sucs t1) \<le> 1"
+ using merge_mdeg_le1_sub mdeg_ge_fcard[of "sucs t1" "root t1"] by force
+
+lemma merge_f_alt:
+ assumes "P = (\<lambda>xs. list_dtree (Node r xs))"
+ and "Q = (\<lambda>(t,e) b. (\<forall>(v,e') \<in> set b. set v \<inter> dlverts t = {} \<and> v\<noteq>[] \<and> e' \<notin> darcs t \<union> {e}))"
+ and "R = (\<lambda>(t,e) b. Sorting_Algorithms.merge cmp' (dtree_to_list (Node r {|(t,e)|})) b)"
+ shows "merge_f r xs = (\<lambda>a b. if a \<notin> fset xs \<or> \<not> Q a b \<or> \<not> P xs then b else R a b)"
+ using assms by force
+
+lemma merge_f_alt_commute:
+ assumes "P = (\<lambda>xs. list_dtree (Node r xs))"
+ and "Q = (\<lambda>(t,e) b. (\<forall>(v,e') \<in> set b. set v \<inter> dlverts t = {} \<and> v \<noteq> [] \<and> e' \<notin> darcs t \<union> {e}))"
+ and "R = (\<lambda>(t,e) b. Sorting_Algorithms.merge cmp' (dtree_to_list (Node r {|(t,e)|})) b)"
+ shows "comp_fun_commute (\<lambda>a b. if a \<notin> fset xs \<or> \<not> Q a b \<or> \<not> P xs then b else R a b)"
+proof -
+ have "comp_fun_commute (merge_f r xs)" using merge_commute by fast
+ then show ?thesis using merge_f_alt[OF assms] by simp
+qed
+
+lemma merge_ffold_supset:
+ assumes "xs |\<subseteq>| ys" and "list_dtree (Node r ys)"
+ shows "ffold (merge_f r ys) acc xs = ffold (merge_f r xs) acc xs"
+proof -
+ let ?P = "\<lambda>xs. list_dtree (Node r xs)"
+ let ?Q = "\<lambda>(t,e) b. (\<forall>(v,e') \<in> set b. set v \<inter> dlverts t = {} \<and> v \<noteq> [] \<and> e' \<notin> darcs t \<union> {e})"
+ let ?R = "\<lambda>(t,e) b. Sorting_Algorithms.merge cmp' (dtree_to_list (Node r {|(t,e)|})) b"
+ have 0: "\<And>xs. comp_fun_commute (\<lambda>a b. if a \<notin> fset xs \<or> \<not> ?Q a b \<or> \<not> ?P xs then b else ?R a b)"
+ using merge_f_alt_commute by blast
+ have "ffold (\<lambda>a b. if a \<notin> fset ys \<or> \<not> ?Q a b \<or> \<not> ?P ys then b else ?R a b) acc xs
+ = ffold (\<lambda>a b. if a \<notin> fset xs \<or> \<not> ?Q a b \<or> \<not> ?P xs then b else ?R a b) acc xs"
+ using ffold_commute_supset[OF assms(1), of ?P ?Q ?R, OF assms(2) list_dtree_subset 0] by auto
+ then show ?thesis using merge_f_alt by presburger
+qed
+
+lemma merge_f_merge_if_not_snd:
+ "merge_f r xs (t1,e1) z \<noteq> z \<Longrightarrow>
+ merge_f r xs (t1,e1) z = Sorting_Algorithms.merge cmp' (dtree_to_list (Node r {|(t1,e1)|})) z"
+ by(simp) meson
+
+lemma merge_f_merge_if_conds:
+ "\<lbrakk>list_dtree (Node r xs); \<forall>(v,e) \<in> set z. set v \<inter> dlverts t1 = {} \<and> v\<noteq>[] \<and> e \<notin> darcs t1 \<union> {e1};
+ (t1,e1) \<in> fset xs\<rbrakk>
+ \<Longrightarrow> merge_f r xs (t1,e1) z = Sorting_Algorithms.merge cmp' (dtree_to_list (Node r {|(t1,e1)|})) z"
+ by force
+
+lemma merge_f_merge_if_conds_empty:
+ "\<lbrakk>list_dtree (Node r xs); (t1,e1) \<in> fset xs\<rbrakk>
+ \<Longrightarrow> merge_f r xs (t1,e1) []
+ = Sorting_Algorithms.merge cmp' (dtree_to_list (Node r {|(t1,e1)|})) []"
+ using merge_f_merge_if_conds by simp
+
+lemma merge_ffold_empty_inter_preserv:
+ "\<lbrakk>list_dtree (Node r ys); xs |\<subseteq>| ys;
+ \<forall>(v,e) \<in> set z. set v \<inter> dlverts t1 = {} \<and> v\<noteq>[] \<and> e \<notin> darcs t1 \<union> {e1};
+ (t1,e1) \<in> fset ys; (t1,e1) \<notin> fset xs; (v,e) \<in> set (ffold (merge_f r xs) z xs)\<rbrakk>
+ \<Longrightarrow> set v \<inter> dlverts t1 = {} \<and> v \<noteq> [] \<and> e \<notin> darcs t1 \<union> {e1}"
+proof(induction xs)
+ case (insert x xs)
+ let ?f = "merge_f r (finsert x xs)"
+ let ?f' = "merge_f r xs"
+ let ?merge = "Sorting_Algorithms.merge"
+ interpret list_dtree "Node r ys" using insert.prems(1) .
+ have 0: "list_dtree (Node r (finsert x xs))" using list_dtree_subset insert.prems(1,2) by blast
+ show ?case
+ proof(cases "ffold ?f z (finsert x xs) = ffold ?f' z xs")
+ case True
+ then have "(v,e) \<in> set (ffold ?f' z xs)" using insert.prems(6) by argo
+ then show ?thesis using insert.IH insert.prems by force
+ next
+ case not_right: False
+ obtain t2 e2 where t2_def[simp]: "x = (t2,e2)" by fastforce
+ show ?thesis
+ proof(cases "(v,e) \<in> set (dtree_to_list (Node r {|(t2,e2)|}))")
+ case True
+ have uneq: "(t2,e2) \<noteq> (t1,e1)" using insert.prems(5) t2_def by fastforce
+ moreover have 1: "(t2,e2) \<in> fset ys" using insert.prems(2) notin_fset by fastforce
+ ultimately have "dlverts t1 \<inter> dlverts t2 = {}" using insert.prems(4) wf_lverts by fastforce
+ then have 2: "\<forall>x1\<in>fst ` set (dtree_to_list (Node r {|(t2, e2)|})). set x1 \<inter> dlverts t1 = {}"
+ using dtree_to_list_x1_disjoint by fast
+ have "(darcs t1 \<union> {e1}) \<inter> (darcs t2 \<union> {e2}) = {}"
+ using insert.prems(4) uneq 1 disjoint_darcs_if_wf_aux5 wf_arcs by fast
+ then have 3: "\<forall>e\<in>snd ` set (dtree_to_list (Node r {|(t2, e2)|})). e \<notin> darcs t1 \<union> {e1}"
+ using dtree_to_list_e_disjoint by fast
+ have "[] \<notin> dverts t2" using 1 wf_lverts empty_notin_wf_dlverts by auto
+ then have "\<forall>x1\<in>fst ` set (dtree_to_list (Node r {|(t2, e2)|})). x1 \<noteq> []"
+ using 1 dtree_to_list_x_in_dverts by metis
+ then show ?thesis using True 2 3 by fastforce
+ next
+ case False
+ have "xs |\<subseteq>| finsert x xs" by blast
+ then have f_xs: "ffold ?f z xs = ffold ?f' z xs"
+ using merge_ffold_supset 0 by presburger
+ have "ffold ?f z (finsert x xs) = ?f x (ffold ?f z xs)"
+ using Comm.ffold_finsert[OF insert.hyps] by blast
+ then have 0: "ffold ?f z (finsert x xs) = ?f x (ffold ?f' z xs)" using f_xs by argo
+ then have "?f x (ffold ?f' z xs) \<noteq> ffold ?f' z xs" using not_right by argo
+ then have "?f (t2,e2) (ffold ?f' z xs)
+ = ?merge cmp' (dtree_to_list (Node r {|(t2,e2)|})) (ffold ?f' z xs)"
+ using merge_f_merge_if_not_snd t2_def by blast
+ then have "ffold ?f z (finsert x xs)
+ = ?merge cmp' (dtree_to_list (Node r {|(t2,e2)|})) (ffold ?f' z xs)"
+ using 0 t2_def by argo
+ then have "(v,e) \<in> set (?merge cmp' (dtree_to_list (Node r {|(t2,e2)|})) (ffold ?f' z xs))"
+ using insert.prems(6) by argo
+ then have "(v,e) \<in> set (ffold ?f' z xs)" using set_merge False by fast
+ then show ?thesis using insert.IH insert.prems by force
+ qed
+ qed
+qed(auto)
+
+lemma merge_ffold_empty_inter_preserv':
+ "\<lbrakk>list_dtree (Node r (finsert x xs));
+ \<forall>(v,e) \<in> set z. set v \<inter> dlverts t1 = {} \<and> v\<noteq>[] \<and> e \<notin> darcs t1 \<union> {e1};
+ (t1,e1) \<in> fset (finsert x xs); (t1,e1) \<notin> fset xs; (v,e) \<in> set (ffold (merge_f r xs) z xs)\<rbrakk>
+ \<Longrightarrow> set v \<inter> dlverts t1 = {} \<and> v \<noteq> [] \<and> e \<notin> darcs t1 \<union> {e1}"
+ using merge_ffold_empty_inter_preserv[of r "finsert x xs" xs z t1 e1 v e] by fast
+
+lemma merge_ffold_set_sub_union:
+ "list_dtree (Node r xs)
+ \<Longrightarrow> set (ffold (merge_f r xs) [] xs) \<subseteq> (\<Union>x\<in>fset xs. set (dtree_to_list (Node r {|x|})))"
+proof(induction xs)
+ case (insert x xs)
+ obtain t1 e1 where t1_def[simp]: "x = (t1,e1)" by fastforce
+ let ?f = "merge_f r (finsert x xs)"
+ let ?f' = "merge_f r xs"
+ have "(t1, e1) \<in> fset (finsert x xs)" by simp
+ moreover have "(t1, e1) \<notin> fset xs" using insert.hyps notin_fset by fastforce
+ ultimately have xs_val:
+ "(\<forall>(v,e) \<in> set (ffold ?f' [] xs). set v \<inter> dlverts t1 = {} \<and> v \<noteq> [] \<and> e \<notin> darcs t1 \<union> {e1})"
+ using merge_ffold_empty_inter_preserv'[OF insert.prems empty_list_valid_merge] by blast
+ have 0: "list_dtree (Node r xs)" using list_dtree_subset insert.prems by blast
+ have "ffold ?f [] (finsert x xs) = ?f x (ffold ?f [] xs)"
+ using Comm.ffold_finsert[OF insert.hyps] by blast
+ also have "\<dots> = ?f x (ffold ?f' [] xs)"
+ using merge_ffold_supset[of xs "finsert x xs" r "[]"] insert.prems by fastforce
+ finally have "ffold ?f [] (finsert x xs)
+ = Sorting_Algorithms.merge cmp' (dtree_to_list (Node r {|x|})) (ffold ?f' [] xs)"
+ using merge_f_merge_if_conds[OF insert.prems xs_val] by simp
+ then have "set (ffold ?f [] (finsert x xs))
+ = set (Sorting_Algorithms.merge cmp' (dtree_to_list (Node r {|x|})) (ffold ?f' [] xs))"
+ by argo
+ then have "set (ffold ?f [] (finsert x xs))
+ = (set (dtree_to_list (Node r {|x|})) \<union> set (ffold ?f' [] xs))" using set_merge by fast
+ then show ?case using 0 insert.IH insert.prems by auto
+qed (simp)
+
+lemma merge_ffold_nempty:
+ "\<lbrakk>list_dtree (Node r xs); xs \<noteq> {||}\<rbrakk> \<Longrightarrow> ffold (merge_f r xs) [] xs \<noteq> []"
+proof(induction xs)
+ case (insert x xs)
+ define f where "f = merge_f r (finsert x xs)"
+ define f' where "f' = merge_f r xs"
+ let ?merge = "Sorting_Algorithms.merge cmp'"
+ have 0: "list_dtree (Node r xs)" using list_dtree_subset insert.prems(1) by blast
+ obtain t2 e2 where t2_def[simp]: "x = (t2,e2)" by fastforce
+ have "(t2, e2) \<in> fset (finsert x xs)" by simp
+ moreover have "(t2, e2) \<notin> fset xs" using insert.hyps notin_fset by fastforce
+ ultimately have xs_val:
+ "(\<forall>(v,e) \<in> set (ffold f' [] xs). set v \<inter> dlverts t2 = {} \<and> v \<noteq> [] \<and> e \<notin> darcs t2 \<union> {e2})"
+ using merge_ffold_empty_inter_preserv'[OF insert.prems(1) empty_list_valid_merge] f'_def
+ by blast
+ have "ffold f [] (finsert x xs) = f x (ffold f [] xs)"
+ using Comm.ffold_finsert[OF insert.hyps] f_def by blast
+ also have "\<dots> = f x (ffold f' [] xs)"
+ using merge_ffold_supset[of xs "finsert x xs" r "[]"] insert.prems(1) f_def f'_def by fastforce
+ finally have "ffold f [] (finsert x xs) = ?merge (dtree_to_list (Node r {|x|})) (ffold f' [] xs)"
+ using xs_val insert.prems f_def by simp
+ then have merge: "ffold f [] (finsert x xs)
+ = ?merge (dtree_to_list (Node r {|(t2,e2)|})) (ffold f'[] xs)"
+ using t2_def by blast
+ then show ?case
+ using input_empty_if_merge_empty[of cmp' "dtree_to_list (Node r {|(t2,e2)|})"] f_def by auto
+qed(simp)
+
+lemma merge_f_ndisjoint_sets_aux:
+ "\<not>disjoint_sets xs
+ \<Longrightarrow> \<not>((t,e) \<in> fset xs \<and> disjoint_sets xs \<and> (\<forall>(v,_) \<in> set b. set v \<inter> dlverts t = {} \<and> v \<noteq> []))"
+ by blast
+
+lemma merge_f_not_list_dtree: "\<not>list_dtree (Node r xs) \<Longrightarrow> (merge_f r xs) a b = b"
+ using merge_f_alt by simp
+
+lemma merge_ffold_empty_if_nwf: "\<not>list_dtree (Node r ys) \<Longrightarrow> ffold (merge_f r ys) [] xs = []"
+proof(induction xs)
+ case (insert x xs)
+ define f where "f = merge_f r ys"
+ let ?f = "merge_f r ys"
+ let ?merge = "Sorting_Algorithms.merge cmp'"
+ obtain t2 e2 where t2_def[simp]: "x = (t2,e2)" by fastforce
+ have "ffold f [] (finsert x xs) = ?f x (ffold f [] xs)"
+ using Comm.ffold_finsert[OF insert.hyps] f_def by blast
+ then have "ffold f [] (finsert x xs) = ffold f [] xs"
+ using insert.prems merge_f_not_list_dtree by force
+ then show ?case using insert f_def by argo
+qed(simp)
+
+lemma merge_empty_if_nwf: "\<not>list_dtree (Node r xs) \<Longrightarrow> merge (Node r xs) = Node r {||}"
+ unfolding merge_def using merge_ffold_empty_if_nwf by simp
+
+lemma merge_empty_if_nwf_sucs: "\<not>list_dtree t1 \<Longrightarrow> merge t1 = Node (root t1) {||}"
+ using merge_empty_if_nwf[of "root t1" "sucs t1"] by simp
+
+lemma merge_empty: "merge (Node r {||}) = Node r {||}"
+ unfolding merge_def by simp
+
+lemma merge_empty_sucs: "sucs t1 = {||} \<Longrightarrow> merge t1 = Node (root t1) {||}"
+ unfolding merge_def by simp
+
+lemma merge_singleton_sucs:
+ assumes "list_dtree (Node (root t1) (sucs t1))" and "sucs t1 \<noteq> {||}"
+ shows "\<exists>t e. merge t1 = Node (root t1) {|(t,e)|}"
+ unfolding merge_def using merge_ffold_nempty[OF assms] dtree_from_list_singleton by fast
+
+lemma merge_singleton:
+ assumes "list_dtree (Node r xs)" and "xs \<noteq> {||}"
+ shows "\<exists>t e. merge (Node r xs) = Node r {|(t,e)|}"
+ unfolding merge_def dtree.sel(1) using merge_ffold_nempty[OF assms] dtree_from_list_singleton
+ by fastforce
+
+lemma merge_cases: "\<exists>t e. merge (Node r xs) = Node r {|(t,e)|} \<or> merge (Node r xs) = Node r {||}"
+ using merge_singleton merge_empty_if_nwf merge_empty by blast
+
+lemma merge_cases_sucs:
+ "\<exists>t e. merge t1 = Node (root t1) {|(t,e)|} \<or> merge t1 = Node (root t1) {||}"
+ using merge_singleton_sucs[of t1] merge_empty_if_nwf_sucs merge_empty_sucs by auto
+
+lemma merge_single_root:
+ "(t2,e2) \<in> fset (sucs (merge (Node r xs))) \<Longrightarrow> merge (Node r xs) = Node r {|(t2,e2)|}"
+ using merge_cases[of r xs] by fastforce
+
+lemma merge_single_root_sucs:
+ "(t2,e2) \<in> fset (sucs (merge t1)) \<Longrightarrow> merge t1 = Node (root t1) {|(t2,e2)|}"
+ using merge_cases_sucs[of t1] by auto
+
+lemma merge_single_root1:
+ "t2 \<in> fst ` fset (sucs (merge (Node r xs))) \<Longrightarrow> \<exists>e2. merge (Node r xs) = Node r {|(t2,e2)|}"
+ using merge_single_root by fastforce
+
+lemma merge_single_root1_sucs:
+ "t2 \<in> fst ` fset (sucs (merge t1)) \<Longrightarrow> \<exists>e2. merge t1 = Node (root t1) {|(t2,e2)|}"
+ using merge_single_root_sucs by fastforce
+
+lemma merge_nempty_sucs: "\<lbrakk>list_dtree t1; sucs t1 \<noteq> {||}\<rbrakk> \<Longrightarrow> sucs (merge t1) \<noteq> {||}"
+ using merge_singleton_sucs by fastforce
+
+lemma merge_nempty: "\<lbrakk>list_dtree (Node r xs); xs \<noteq> {||}\<rbrakk> \<Longrightarrow> sucs (merge (Node r xs)) \<noteq> {||}"
+ using merge_singleton by fastforce
+
+lemma merge_xs: "merge (Node r xs) = dtree_from_list r (ffold (merge_f r xs) [] xs)"
+ unfolding merge_def dtree.sel(1) dtree.sel(2) by blast
+
+lemma merge_root_eq[simp]: "root (merge t1) = root t1"
+ unfolding merge_def by simp
+
+lemma merge_ffold_fsts_in_childverts:
+ "\<lbrakk>list_dtree (Node r xs); y \<in> fst ` set (ffold (merge_f r xs) [] xs)\<rbrakk>
+ \<Longrightarrow> \<exists>t1 \<in> fst ` fset xs. y \<in> dverts t1"
+proof(induction xs)
+ case (insert x xs)
+ obtain t1 e1 where t1_def[simp]: "x = (t1,e1)" by fastforce
+ let ?f = "merge_f r (finsert x xs)"
+ let ?f' = "merge_f r xs"
+ have "(t1, e1) \<in> fset (finsert x xs)" by simp
+ moreover have "(t1, e1) \<notin> fset xs" using insert.hyps notin_fset by fastforce
+ ultimately have xs_val:
+ "(\<forall>(v,e) \<in> set (ffold ?f' [] xs). set v \<inter> dlverts t1 = {} \<and> v \<noteq> [] \<and> e \<notin> darcs t1 \<union> {e1})"
+ using merge_ffold_empty_inter_preserv'[OF insert.prems(1) empty_list_valid_merge] by blast
+ have 0: "list_dtree (Node r xs)" using list_dtree_subset insert.prems(1) by blast
+ then show ?case
+ proof(cases "y \<in> fst ` set (ffold (merge_f r xs) [] xs)")
+ case True
+ then show ?thesis using insert.IH[OF 0] by simp
+ next
+ case False
+ have "ffold ?f [] (finsert x xs) = ?f x (ffold ?f [] xs)"
+ using Comm.ffold_finsert[OF insert.hyps] by blast
+ also have "\<dots> = ?f x (ffold ?f' [] xs)"
+ using merge_ffold_supset[of xs "finsert x xs" r "[]"] insert.prems(1) by fastforce
+ finally have "ffold ?f [] (finsert x xs)
+ = Sorting_Algorithms.merge cmp' (dtree_to_list (Node r {|x|})) (ffold ?f' [] xs)"
+ using xs_val insert.prems by simp
+ then have "set (ffold ?f [] (finsert x xs))
+ = set (Sorting_Algorithms.merge cmp' (dtree_to_list (Node r {|x|})) (ffold ?f' [] xs))"
+ by argo
+ then have "set (ffold ?f [] (finsert x xs))
+ = (set (dtree_to_list (Node r {|x|})) \<union> set (ffold ?f' [] xs))"
+ using set_merge by fast
+ then have "y \<in> fst ` set (dtree_to_list (Node r {|x|}))" using False insert.prems by fast
+ then show ?thesis by (simp add: dtree_to_list_x_in_dverts)
+ qed
+qed (simp)
+
+lemma verts_child_if_merge_child:
+ assumes "t1 \<in> fst ` fset (sucs (merge t0))" and "x \<in> dverts t1"
+ shows "\<exists>t2 \<in> fst ` fset (sucs t0). x \<in> dverts t2"
+proof -
+ have 0: "list_dtree t0" using assms(1) merge_empty_if_nwf_sucs by fastforce
+ have "merge t0 \<noteq> Node (root t0) {||}" using assms(1) by force
+ then obtain e1 where e1_def: "merge t0 = Node (root t0) {|(t1,e1)|}"
+ using assms(1) merge_single_root1_sucs by blast
+ then obtain ys where ys_def:
+ "(root t1, e1) # ys = ffold (merge_f (root t0) (sucs t0)) [] (sucs t0)"
+ unfolding merge_def by (metis (no_types, lifting) dtree_to_list.simps(1) dtree_to_from_list_id)
+ then have "merge t0 = dtree_from_list (root t0) ((root t1, e1) # ys)" unfolding merge_def by simp
+ then have "t1 = dtree_from_list (root t1) ys" using e1_def by simp
+ then have "dverts t1 = (fst ` set ((root t1, e1) # ys))"
+ using dtree_from_list_eq_dverts[of "root t1" ys] by simp
+ then have "x \<in> fst ` set (ffold (merge_f (root t0) (sucs t0)) [] (sucs t0))"
+ using assms(2) ys_def by simp
+ then show ?thesis using merge_ffold_fsts_in_childverts[of "root t0"] 0 by simp
+qed
+
+lemma sucs_dverts_eq_dtree_list:
+ assumes "(t1,e1) \<in> fset (sucs t)" and "max_deg t1 \<le> 1"
+ shows "dverts (Node (root t) {|(t1,e1)|}) - {root t}
+ = fst ` set (dtree_to_list (Node (root t) {|(t1,e1)|}))"
+proof -
+ have "{|(t1,e1)|} |\<subseteq>| sucs t" using assms(1) notin_fset by fast
+ then have wf: "wf_dverts (Node (root t) {|(t1,e1)|})"
+ using wf_verts wf_dverts_sub by (metis dtree.exhaust_sel)
+ have "\<forall>(t1,e1) \<in> fset (sucs t) . fcard {|(t1,e1)|} = 1" using fcard_single_1 by fast
+ moreover have "max_deg (Node (root t) {|(t1,e1)|}) = max (max_deg t1) (fcard {|(t1,e1)|})"
+ using mdeg_singleton by fast
+ ultimately have "max_deg (Node (root t) {|(t1,e1)|}) \<le> 1"
+ using assms by fastforce
+ then show ?thesis using dtree_to_list_eq_dverts[OF wf] by simp
+qed
+
+lemma merge_ffold_set_eq_union:
+ "list_dtree (Node r xs)
+ \<Longrightarrow> set (ffold (merge_f r xs) [] xs) = (\<Union>x\<in>fset xs. set (dtree_to_list (Node r {|x|})))"
+proof(induction xs)
+ case (insert x xs)
+ obtain t1 e1 where t1_def[simp]: "x = (t1,e1)" by fastforce
+ let ?f = "merge_f r (finsert x xs)"
+ let ?f' = "merge_f r xs"
+ have "(t1, e1) \<in> fset (finsert x xs)" by simp
+ moreover have "(t1, e1) \<notin> fset xs" using insert.hyps notin_fset by fastforce
+ ultimately have xs_val:
+ "(\<forall>(v,e) \<in> set (ffold ?f' [] xs). set v \<inter> dlverts t1 = {} \<and> v \<noteq> [] \<and> e \<notin> darcs t1 \<union> {e1})"
+ using merge_ffold_empty_inter_preserv'[OF insert.prems(1) empty_list_valid_merge] by blast
+ have 1: "list_dtree (Node r xs)" using list_dtree_subset insert.prems(1) by blast
+ have "ffold ?f [] (finsert x xs) = ?f x (ffold ?f [] xs)"
+ using Comm.ffold_finsert[OF insert.hyps] by blast
+ also have "\<dots> = ?f x (ffold ?f' [] xs)"
+ using merge_ffold_supset[of xs "finsert x xs" r "[]"] insert.prems(1) by fastforce
+ finally have "ffold ?f [] (finsert x xs)
+ = Sorting_Algorithms.merge cmp' (dtree_to_list (Node r {|x|})) (ffold ?f' [] xs)"
+ using xs_val insert.prems by simp
+ then have "set (ffold ?f [] (finsert x xs))
+ = set (Sorting_Algorithms.merge cmp' (dtree_to_list (Node r {|x|})) (ffold ?f' [] xs))"
+ by argo
+ then have "set (ffold ?f [] (finsert x xs))
+ = (set (dtree_to_list (Node r {|x|})) \<union> set (ffold ?f' [] xs))" using set_merge by fast
+ then show ?case using 1 insert.IH by simp
+qed (simp)
+
+lemma sucs_dverts_no_root:
+ "(t1,e1) \<in> fset (sucs t) \<Longrightarrow> dverts (Node (root t) {|(t1,e1)|}) - {root t} = dverts t1"
+ using wf_verts wf_dverts'.simps unfolding wf_dverts_iff_dverts' by fastforce
+
+lemma dverts_merge_sub:
+ assumes "\<forall>t \<in> fst ` fset (sucs t0). max_deg t \<le> 1"
+ shows "dverts (merge t0) \<subseteq> dverts t0"
+proof
+ fix x
+ assume asm: "x \<in> dverts (merge t0)"
+ show "x \<in> dverts t0"
+ proof(cases "x = root (merge t0)")
+ case True
+ then show ?thesis by (simp add: dtree.set_sel(1))
+ next
+ case False
+ then obtain t1 e1 where t1_def: "merge t0 = Node (root t0) ({|(t1,e1)|})"
+ using merge_cases_sucs asm by fastforce
+ then have 0: "list_dtree (Node (root t0) (sucs t0))"
+ using merge_empty_if_nwf_sucs by fastforce
+ have "x \<in> fst ` set (ffold (merge_f (root t0) (sucs t0)) [] (sucs t0))"
+ using t1_def unfolding merge_def using False asm t1_def
+ dtree_from_list_eq_dverts[of "root t0" "ffold (merge_f (root t0) (sucs t0)) [] (sucs t0)"]
+ by auto
+ then obtain t2 e2 where t2_def:
+ "(t2,e2) \<in> fset (sucs t0)" "x \<in> fst ` set (dtree_to_list (Node (root t0) {|(t2,e2)|}))"
+ using merge_ffold_set_sub_union[OF 0] by fast
+ then have "x \<in> dverts t2" by (simp add: dtree_to_list_x_in_dverts)
+ then show ?thesis using t2_def(1) dtree.set_sel(2) by fastforce
+ qed
+qed
+
+lemma dverts_merge_eq[simp]:
+ assumes "\<forall>t \<in> fst ` fset (sucs t). max_deg t \<le> 1"
+ shows "dverts (merge t) = dverts t"
+proof -
+ have "\<forall>(t1,e1) \<in> fset (sucs t). dverts (Node (root t) {|(t1,e1)|}) - {root t}
+ = fst ` set (dtree_to_list (Node (root t) {|(t1,e1)|}))"
+ using sucs_dverts_eq_dtree_list assms
+ by (smt (verit, ccfv_threshold) case_prodI2 fst_conv image_iff)
+ then have "\<forall>(t1,e1) \<in> fset (sucs t). dverts t1
+ = fst ` set (dtree_to_list (Node (root t) {|(t1,e1)|}))"
+ by (metis (mono_tags, lifting) sucs_dverts_no_root case_prodD case_prodI2)
+ then have "(\<Union>x\<in>fset (sucs t). \<Union> (dverts ` Basic_BNFs.fsts x))
+ = (\<Union>x\<in>fset (sucs t). fst ` set (dtree_to_list (Node (root t) {|x|})))"
+ by force
+ then have "dverts t
+ = insert (root t) (\<Union>x\<in>fset (sucs t). fst ` set (dtree_to_list (Node (root t) {|x|})))"
+ using dtree.simps(6)[of "root t" "sucs t"] by auto
+ also have "\<dots> = insert (root t) (fst ` set (ffold (merge_f (root t) (sucs t)) [] (sucs t)))"
+ using merge_ffold_set_eq_union[of "root t" "sucs t"] list_dtree_axioms by auto
+ also have "\<dots> = dverts (dtree_from_list (root t) (ffold (merge_f (root t) (sucs t)) [] (sucs t)))"
+ using dtree_from_list_eq_dverts[of "root t"] by blast
+ finally show ?thesis unfolding merge_def by blast
+qed
+
+lemma dlverts_merge_eq[simp]:
+ assumes "\<forall>t \<in> fst ` fset (sucs t). max_deg t \<le> 1"
+ shows "dlverts (merge t) = dlverts t"
+ using dverts_merge_eq[OF assms] by (simp add: dlverts_eq_dverts_union)
+
+lemma sucs_darcs_eq_dtree_list:
+ assumes "(t1,e1) \<in> fset (sucs t)" and "max_deg t1 \<le> 1"
+ shows "darcs (Node (root t) {|(t1,e1)|}) = snd ` set (dtree_to_list (Node (root t) {|(t1,e1)|}))"
+proof -
+ have "\<forall>(t1,e1) \<in> fset (sucs t) . fcard {|(t1,e1)|} = 1" using fcard_single_1 by fast
+ moreover have "max_deg (Node (root t) {|(t1,e1)|}) = max (max_deg t1) (fcard {|(t1,e1)|})"
+ using mdeg_singleton by fast
+ ultimately have "max_deg (Node (root t) {|(t1,e1)|}) \<le> 1"
+ using assms by fastforce
+ then show ?thesis using dtree_to_list_eq_darcs by blast
+qed
+
+lemma darcs_merge_eq[simp]:
+ assumes "\<forall>t \<in> fst ` fset (sucs t). max_deg t \<le> 1"
+ shows "darcs (merge t) = darcs t"
+proof -
+ have 0: "list_dtree (Node (root t) (sucs t))" using list_dtree_axioms by simp
+ have "\<forall>(t1,e1) \<in> fset (sucs t). darcs (Node (root t) {|(t1,e1)|})
+ = snd ` set (dtree_to_list (Node (root t) {|(t1,e1)|}))"
+ using sucs_darcs_eq_dtree_list assms
+ by (smt (verit, ccfv_threshold) case_prodI2 fst_conv image_iff)
+ then have "\<forall>(t1,e1) \<in> fset (sucs t). darcs t1 \<union> {e1}
+ = snd ` set (dtree_to_list (Node (root t) {|(t1,e1)|}))"
+ by simp
+ moreover have "darcs t = (\<Union>(t1,e1)\<in>fset (sucs t). darcs t1 \<union> {e1})"
+ using dtree.simps(7)[of "root t" "sucs t"] by force
+ ultimately have "darcs t
+ = (\<Union>(t1,e1)\<in>fset (sucs t). snd ` set (dtree_to_list (Node (root t) {|(t1,e1)|})))"
+ by (smt (verit, best) Sup.SUP_cong case_prodE case_prod_conv)
+ also have "\<dots> = (snd ` set (ffold (merge_f (root t) (sucs t)) [] (sucs t)))"
+ using merge_ffold_set_eq_union[OF 0] by blast
+ also have "\<dots> = darcs (dtree_from_list (root t) (ffold (merge_f (root t) (sucs t)) [] (sucs t)))"
+ using dtree_from_list_eq_darcs[of "root t"] by fast
+ finally show ?thesis unfolding merge_def by blast
+qed
+
+subsubsection \<open>Merging Preserves Well-Formedness\<close>
+
+lemma dtree_to_list_x_in_darcs:
+ "x \<in> snd ` set (dtree_to_list (Node r {|(t1,e1)|})) \<Longrightarrow> x \<in> (darcs t1 \<union> {e1})"
+ using dtree_to_list_sub_darcs by fastforce
+
+lemma dtree_to_list_snds_disjoint:
+ "(darcs t1 \<union> {e1}) \<inter> (darcs t2 \<union> {e2}) = {}
+ \<Longrightarrow> snd ` set (dtree_to_list (Node r {|(t1,e1)|})) \<inter> (darcs t2 \<union> {e2}) = {}"
+ using dtree_to_list_x_in_darcs by fast
+
+lemma dtree_to_list_snds_disjoint2:
+ "(darcs t1 \<union> {e1}) \<inter> (darcs t2 \<union> {e2}) = {}
+ \<Longrightarrow> snd ` set (dtree_to_list (Node r {|(t1,e1)|}))
+ \<inter> snd ` set (dtree_to_list (Node r {|(t2,e2)|})) = {}"
+ using disjoint_iff dtree_to_list_x_in_darcs by metis
+
+lemma merge_ffold_arc_inter_preserv:
+ "\<lbrakk>list_dtree (Node r ys); xs |\<subseteq>| ys; (darcs t1 \<union> {e1}) \<inter> (snd ` set z) = {};
+ (t1,e1) \<in> fset ys; (t1,e1) \<notin> fset xs\<rbrakk>
+ \<Longrightarrow> (darcs t1 \<union> {e1}) \<inter> (snd ` set (ffold (merge_f r xs) z xs)) = {}"
+proof(induction xs)
+ case (insert x xs)
+ let ?f = "merge_f r (finsert x xs)"
+ let ?f' = "merge_f r xs"
+ let ?merge = "Sorting_Algorithms.merge"
+ show ?case
+ proof(cases "ffold ?f z (finsert x xs) = ffold ?f' z xs")
+ case True
+ then show ?thesis using insert.IH insert.prems by auto
+ next
+ case False
+ obtain t2 e2 where t2_def[simp]: "x = (t2,e2)" by fastforce
+ have 0: "list_dtree (Node r (finsert x xs))" using list_dtree_subset insert.prems(1,2) by blast
+ have "(t2,e2) \<noteq> (t1,e1)" using insert.prems(5) t2_def by fastforce
+ moreover have "(t2,e2) \<in> fset ys" using insert.prems(2) notin_fset by fastforce
+ moreover have "disjoint_darcs ys"
+ using disjoint_darcs_if_wf[OF list_dtree.wf_arcs [OF insert.prems(1)]] by simp
+ ultimately have "(darcs t1 \<union> {e1}) \<inter> (darcs t2 \<union> {e2}) = {}"
+ using insert.prems(4) by fast
+ then have 1: "(darcs t1 \<union> {e1}) \<inter> snd ` set (dtree_to_list (Node r {|(t2, e2)|})) = {}"
+ using dtree_to_list_snds_disjoint by fast
+ have 2: "(darcs t1 \<union> {e1}) \<inter> snd ` set (ffold ?f' z xs) = {}"
+ using insert.IH insert.prems by simp
+ have "xs |\<subseteq>| finsert x xs" by blast
+ then have f_xs: "ffold ?f z xs = ffold ?f' z xs"
+ using merge_ffold_supset 0 by presburger
+ have "ffold ?f z (finsert x xs) = ?f x (ffold ?f z xs)"
+ using Comm.ffold_finsert[OF insert.hyps] by blast
+ then have 0: "ffold ?f z (finsert x xs) = ?f x (ffold ?f' z xs)" using f_xs by argo
+ then have "?f x (ffold ?f' z xs) \<noteq> ffold ?f' z xs" using False by argo
+ then have "?f (t2,e2) (ffold ?f' z xs)
+ = ?merge cmp' (dtree_to_list (Node r {|(t2,e2)|})) (ffold ?f' z xs)"
+ using merge_f_merge_if_not_snd t2_def by blast
+ then have "ffold ?f z (finsert x xs)
+ = ?merge cmp' (dtree_to_list (Node r {|(t2,e2)|})) (ffold ?f' z xs)"
+ using 0 t2_def by argo
+ then have "set (ffold ?f z (finsert x xs))
+ = set (dtree_to_list (Node r {|(t2,e2)|})) \<union> set (ffold ?f' z xs)"
+ using set_merge[of "dtree_to_list (Node r {|(t2,e2)|})"] by presburger
+ then show ?thesis using 1 2 by fast
+ qed
+qed (auto)
+
+lemma merge_ffold_wf_list_arcs:
+ "\<lbrakk>\<And>x. x \<in> fset xs \<Longrightarrow> wf_darcs (Node r {|x|}); list_dtree (Node r xs)\<rbrakk>
+ \<Longrightarrow> wf_list_arcs (ffold (merge_f r xs) [] xs)"
+proof(induction xs)
+ case (insert x xs)
+ obtain t1 e1 where t1_def[simp]: "x = (t1,e1)" by fastforce
+ let ?f = "merge_f r (finsert x xs)"
+ let ?f' = "merge_f r xs"
+ have 0: "(t1, e1) \<in> fset (finsert x xs)" by simp
+ moreover have t1_not_xs: "(t1, e1) \<notin> fset xs" using insert.hyps notin_fset by fastforce
+ ultimately have xs_val:
+ "(\<forall>(v,e) \<in> set (ffold ?f' [] xs). set v \<inter> dlverts t1 = {} \<and> v \<noteq> [] \<and> e \<notin> darcs t1 \<union> {e1})"
+ using merge_ffold_empty_inter_preserv'[OF insert.prems(2) empty_list_valid_merge] by blast
+ have 1: "wf_list_arcs (dtree_to_list (Node r {|x|}))"
+ using insert.prems(1) 0 t1_def wf_list_arcs_if_wf_darcs by fast
+ have "list_dtree (Node r xs)" using list_dtree_subset insert.prems(2) by blast
+ then have 2: "wf_list_arcs (ffold ?f' [] xs)" using insert.IH insert.prems by auto
+ have "darcs (Node r {|x|}) \<inter> snd ` set (ffold ?f' [] xs) = {}"
+ using merge_ffold_arc_inter_preserv[OF insert.prems(2), of xs t1 e1 "[]"] t1_not_xs by auto
+ then have 3: "snd ` set (dtree_to_list (Node r {|x|})) \<inter> snd ` set (ffold ?f' [] xs) = {}"
+ using dtree_to_list_sub_darcs by fast
+ have "ffold ?f [] (finsert x xs) = ?f x (ffold ?f [] xs)"
+ using Comm.ffold_finsert[OF insert.hyps] by blast
+ also have "\<dots> = ?f x (ffold ?f' [] xs)"
+ using merge_ffold_supset[of xs "finsert x xs" r "[]"] insert.prems(2) by fastforce
+ finally have "ffold ?f [] (finsert x xs)
+ = Sorting_Algorithms.merge cmp' (dtree_to_list (Node r {|x|})) (ffold ?f' [] xs)"
+ using xs_val insert.prems by simp
+ then show ?case using wf_list_arcs_merge[OF 1 2 3] by presburger
+qed (simp)
+
+lemma merge_wf_darcs: "wf_darcs (merge t)"
+proof -
+ have "wf_list_arcs (ffold (merge_f (root t) (sucs t)) [] (sucs t))"
+ using merge_ffold_wf_list_arcs[OF wf_darcs_sucs[OF wf_arcs]] list_dtree_axioms by simp
+ then show ?thesis using wf_darcs_iff_wf_list_arcs merge_def by fastforce
+qed
+
+lemma merge_ffold_wf_list_lverts:
+ "\<lbrakk>\<And>x. x \<in> fset xs \<Longrightarrow> wf_dlverts (Node r {|x|}); list_dtree (Node r xs)\<rbrakk>
+ \<Longrightarrow> wf_list_lverts (ffold (merge_f r xs) [] xs)"
+proof(induction xs)
+ case (insert x xs)
+ obtain t1 e1 where t1_def[simp]: "x = (t1,e1)" by fastforce
+ let ?f = "merge_f r (finsert x xs)"
+ let ?f' = "merge_f r xs"
+ have 0: "(t1, e1) \<in> fset (finsert x xs)" by simp
+ moreover have "(t1, e1) \<notin> fset xs" using insert.hyps notin_fset by fastforce
+ ultimately have xs_val:
+ "(\<forall>(v,e) \<in> set (ffold ?f' [] xs). set v \<inter> dlverts t1 = {} \<and> v \<noteq> [] \<and> e \<notin> darcs t1 \<union> {e1})"
+ using merge_ffold_empty_inter_preserv'[OF insert.prems(2) empty_list_valid_merge] by blast
+ have 1: "wf_list_lverts (dtree_to_list (Node r {|x|}))"
+ using insert.prems(1) 0 t1_def wf_list_lverts_if_wf_dlverts by fast
+ have "list_dtree (Node r xs)" using list_dtree_subset insert.prems(2) by blast
+ then have 2: "wf_list_lverts (ffold ?f' [] xs)" using insert.IH insert.prems by auto
+ have "\<forall>v2\<in>fst ` set (ffold ?f' [] xs). set v2 \<inter> dlverts t1 = {}"
+ using xs_val by fastforce
+ then have 3: "\<forall>v1\<in>fst ` set (dtree_to_list (Node r {|x|})). \<forall>v2\<in>fst ` set (ffold ?f' [] xs).
+ set v1 \<inter> set v2 = {}"
+ using dtree_to_list_x1_list_disjoint t1_def by fast
+ have "ffold ?f [] (finsert x xs) = ?f x (ffold ?f [] xs)"
+ using Comm.ffold_finsert[OF insert.hyps] by blast
+ also have "\<dots> = ?f x (ffold ?f' [] xs)"
+ using merge_ffold_supset[of xs "finsert x xs" r "[]"] insert.prems(2) by fastforce
+ finally have "ffold ?f [] (finsert x xs)
+ = Sorting_Algorithms.merge cmp' (dtree_to_list (Node r {|x|})) (ffold ?f' [] xs)"
+ using xs_val insert.prems by simp
+ then show ?case using wf_list_lverts_merge[OF 1 2 3] by presburger
+qed (simp)
+
+lemma merge_ffold_root_inter_preserv:
+ "\<lbrakk>list_dtree (Node r xs); \<forall>t1 \<in> fst ` fset xs. set r' \<inter> dlverts t1 = {};
+ \<forall>v1 \<in> fst ` set z. set r' \<inter> set v1 = {}; (v,e) \<in> set (ffold (merge_f r xs) z xs)\<rbrakk>
+ \<Longrightarrow> set r' \<inter> set v = {}"
+proof(induction xs)
+ case (insert x xs)
+ let ?f = "merge_f r (finsert x xs)"
+ let ?f' = "merge_f r xs"
+ let ?merge = "Sorting_Algorithms.merge"
+ have 0: "list_dtree (Node r xs)" using insert.prems(1) list_dtree_subset by blast
+ show ?case
+ proof(cases "ffold ?f z (finsert x xs) = ffold ?f' z xs")
+ case True
+ then show ?thesis using insert.IH[OF 0] insert.prems(2-4) by simp
+ next
+ case not_right: False
+ obtain t2 e2 where t2_def[simp]: "x = (t2,e2)" by fastforce
+ show ?thesis
+ proof(cases "(v,e) \<in> set (dtree_to_list (Node r {|(t2,e2)|}))")
+ case True
+ then show ?thesis using dtree_to_list_x1_list_disjoint insert.prems(2) by fastforce
+ next
+ case False
+ have "xs |\<subseteq>| finsert x xs" by blast
+ then have f_xs: "ffold ?f z xs = ffold ?f' z xs"
+ using merge_ffold_supset[of xs "finsert x xs"] insert.prems(1) by blast
+ have "ffold ?f z (finsert x xs) = ?f x (ffold ?f z xs)"
+ using Comm.ffold_finsert[OF insert.hyps] by blast
+ then have 1: "ffold ?f z (finsert x xs) = ?f x (ffold ?f' z xs)" using f_xs by argo
+ then have "?f x (ffold ?f' z xs) \<noteq> ffold ?f' z xs" using not_right by argo
+ then have "?f (t2,e2) (ffold ?f' z xs)
+ = ?merge cmp' (dtree_to_list (Node r {|(t2,e2)|})) (ffold ?f' z xs)"
+ using merge_f_merge_if_not_snd t2_def by blast
+ then have "ffold ?f z (finsert x xs)
+ = ?merge cmp' (dtree_to_list (Node r {|(t2,e2)|})) (ffold ?f' z xs)"
+ using 1 t2_def by argo
+ then have "(v,e) \<in> set (?merge cmp' (dtree_to_list (Node r {|(t2,e2)|})) (ffold ?f' z xs))"
+ using insert.prems(4) by argo
+ then have "(v,e) \<in> set (ffold ?f' z xs)" using set_merge False by fast
+ then show ?thesis using insert.IH insert.prems(2-3) 0 by auto
+ qed
+ qed
+qed (fastforce)
+
+lemma merge_wf_dlverts: "wf_dlverts (merge t)"
+proof -
+ have 0: "list_dtree (Node (root t) (sucs t))" using list_dtree_axioms by simp
+ have 1: "\<forall>t1\<in>fst ` fset (sucs t). set (root t) \<inter> dlverts t1 = {}"
+ using wf_lverts wf_dlverts.simps[of "root t"] by fastforce
+ have "\<forall>v\<in>fst ` set (ffold (merge_f (root t) (sucs t)) [] (sucs t)). set (root t) \<inter> set v = {}"
+ using wf_lverts merge_ffold_root_inter_preserv[OF 0 1] by force
+ moreover have "wf_list_lverts (ffold (merge_f (root t) (sucs t)) [] (sucs t))"
+ using merge_ffold_wf_list_lverts[OF wf_dlverts_sucs[OF wf_lverts] 0] by simp
+ moreover have "root t \<noteq> []" using wf_lverts wf_dlverts.elims(2) by fastforce
+ ultimately show ?thesis unfolding merge_def using wf_dlverts_iff_wf_list_lverts by blast
+qed
+
+theorem merge_list_dtree: "list_dtree (merge t)"
+ using merge_wf_dlverts merge_wf_darcs list_dtree_def by blast
+
+corollary merge_ranked_dtree: "ranked_dtree (merge t) cmp"
+ using merge_list_dtree ranked_dtree_def ranked_dtree_axioms by auto
+
+subsubsection \<open>Additional Merging Properties\<close>
+
+lemma merge_ffold_distinct:
+ "\<lbrakk>list_dtree (Node r xs); \<forall>t1 \<in> fst ` fset xs. \<forall>v\<in>dverts t1. distinct v;
+ \<forall>v1 \<in> fst ` set z. distinct v1; v \<in> fst ` set (ffold (merge_f r xs) z xs)\<rbrakk>
+ \<Longrightarrow> distinct v"
+proof(induction xs)
+ case (insert x xs)
+ let ?f = "merge_f r (finsert x xs)"
+ let ?f' = "merge_f r xs"
+ let ?merge = "Sorting_Algorithms.merge"
+ have 0: "list_dtree (Node r xs)" using insert.prems(1) list_dtree_subset by blast
+ show ?case
+ proof(cases "ffold ?f z (finsert x xs) = ffold ?f' z xs")
+ case True
+ then show ?thesis using insert.IH[OF 0] insert.prems(2-4) by simp
+ next
+ case not_right: False
+ obtain t2 e2 where t2_def[simp]: "x = (t2,e2)" by fastforce
+ show ?thesis
+ proof(cases "v \<in> fst ` set (dtree_to_list (Node r {|(t2,e2)|}))")
+ case True
+ have "\<forall>v\<in>dverts t2. distinct v" using insert.prems(2) by simp
+ then have 2: "\<forall>v\<in>fst ` set (dtree_to_list (Node r {|(t2,e2)|})). distinct v"
+ by (simp add: dtree_to_list_x_in_dverts)
+ then show ?thesis using True by auto
+ next
+ case False
+ have "xs |\<subseteq>| finsert x xs" by blast
+ then have f_xs: "ffold ?f z xs = ffold ?f' z xs"
+ using merge_ffold_supset insert.prems(1) by presburger
+ have "ffold ?f z (finsert x xs) = ?f x (ffold ?f z xs)"
+ using Comm.ffold_finsert[OF insert.hyps] by blast
+ then have 1: "ffold ?f z (finsert x xs) = ?f x (ffold ?f' z xs)" using f_xs by argo
+ then have "?f x (ffold ?f' z xs) \<noteq> ffold ?f' z xs" using not_right by argo
+ then have "?f (t2,e2) (ffold ?f' z xs)
+ = ?merge cmp' (dtree_to_list (Node r {|(t2,e2)|})) (ffold ?f' z xs)"
+ using merge_f_merge_if_not_snd t2_def by blast
+ then have "ffold ?f z (finsert x xs)
+ = ?merge cmp' (dtree_to_list (Node r {|(t2,e2)|})) (ffold ?f' z xs)"
+ using 1 t2_def by argo
+ then have "v \<in> fst ` set (?merge cmp' (dtree_to_list (Node r {|(t2,e2)|})) (ffold ?f' z xs))"
+ using insert.prems(4) by argo
+ then have "v \<in> fst ` set (ffold ?f' z xs)" using set_merge False by fast
+ then show ?thesis using insert.IH[OF 0] insert.prems(2-3) by simp
+ qed
+ qed
+qed (fastforce)
+
+lemma distinct_merge:
+ assumes "\<forall>v\<in>dverts t. distinct v" and "v\<in>dverts (merge t)"
+ shows "distinct v"
+proof(cases "v = root t")
+ case True
+ then show ?thesis by (simp add: dtree.set_sel(1) assms(1))
+next
+ case False
+ then have 0: "v \<in> fst ` set (ffold (merge_f (root t) (sucs t)) [] (sucs t))"
+ using merge_def assms(2) dtree_from_list_eq_dverts[of "root t"] by auto
+ moreover have "\<forall>t1\<in>fst ` fset (sucs t). \<forall>v\<in>dverts t1. distinct v"
+ using assms(1) dverts_child_subset[of "root t" "sucs t"] by auto
+ moreover have "\<forall>v1\<in>fst ` set []. distinct v1" by simp
+ moreover have 0: "list_dtree (Node (root t) (sucs t))" using list_dtree_axioms by simp
+ ultimately show ?thesis using merge_ffold_distinct by fast
+qed
+
+lemma merge_hd_root_eq[simp]: "hd (root (merge t1)) = hd (root t1)"
+ unfolding merge_def by auto
+
+lemma merge_ffold_hd_is_child:
+ "\<lbrakk>list_dtree (Node r xs); xs \<noteq> {||}\<rbrakk>
+ \<Longrightarrow> \<exists>(t1,e1) \<in> fset xs. hd (ffold (merge_f r xs) [] xs) = (root t1,e1)"
+proof(induction xs)
+ case (insert x xs)
+ interpret Comm: comp_fun_commute "merge_f r (finsert x xs)" by (rule merge_commute)
+ define f where "f = merge_f r (finsert x xs)"
+ define f' where "f' = merge_f r xs"
+ let ?merge = "Sorting_Algorithms.merge cmp'"
+ have 0: "list_dtree (Node r xs)" using list_dtree_subset insert.prems(1) by blast
+ obtain t2 e2 where t2_def[simp]: "x = (t2,e2)" by fastforce
+ have i1: "\<exists>(t1, e1)\<in>fset (finsert x xs). hd (dtree_to_list (Node r {|(t2,e2)|})) = (root t1, e1)"
+ by simp
+ have "(t2, e2) \<in> fset (finsert x xs)" by simp
+ moreover have "(t2, e2) \<notin> fset xs" using insert.hyps notin_fset by fastforce
+ ultimately have xs_val:
+ "(\<forall>(v,e) \<in> set (ffold f' [] xs). set v \<inter> dlverts t2 = {} \<and> v \<noteq> [] \<and> e \<notin> darcs t2 \<union> {e2})"
+ using merge_ffold_empty_inter_preserv'[OF insert.prems(1) empty_list_valid_merge] f'_def
+ by blast
+ have "ffold f [] (finsert x xs) = f x (ffold f [] xs)"
+ using Comm.ffold_finsert[OF insert.hyps] f_def by blast
+ also have "\<dots> = f x (ffold f' [] xs)"
+ using merge_ffold_supset[of xs "finsert x xs" r "[]"] insert.prems(1) f_def f'_def by fastforce
+ finally have "ffold f [] (finsert x xs) = ?merge (dtree_to_list (Node r {|x|})) (ffold f' [] xs)"
+ using xs_val insert.prems f_def by simp
+ then have merge: "ffold f [] (finsert x xs)
+ = ?merge (dtree_to_list (Node r {|(t2,e2)|})) (ffold f'[] xs)"
+ using t2_def by blast
+ show ?case
+ proof(cases "xs = {||}")
+ case True
+ then show ?thesis using merge i1 f_def by auto
+ next
+ case False
+ then have i2: "\<exists>(t1,e1) \<in> fset (finsert x xs). hd (ffold f' [] xs) = (root t1,e1)"
+ using insert.IH[OF 0] f'_def by simp
+ show ?thesis using merge_hd_exists_preserv[OF i1 i2] merge f_def by simp
+ qed
+qed(simp)
+
+lemma merge_ffold_nempty_if_child:
+ assumes "(t1,e1) \<in> fset (sucs (merge t0))"
+ shows "ffold (merge_f (root t0) (sucs t0)) [] (sucs t0) \<noteq> []"
+ using assms unfolding merge_def by auto
+
+lemma merge_ffold_hd_eq_child:
+ assumes "(t1,e1) \<in> fset (sucs (merge t0))"
+ shows "hd (ffold (merge_f (root t0) (sucs t0)) [] (sucs t0)) = (root t1,e1)"
+proof -
+ have "merge t0 = (dtree_from_list (root t0) (ffold (merge_f (root t0) (sucs t0)) [] (sucs t0)))"
+ unfolding merge_def by blast
+ have "merge t0 = (Node (root t0) {|(t1,e1)|})" using merge_cases_sucs[of t0] assms by auto
+ have 0: "(Node (root t0) {|(t1,e1)|})
+ = (dtree_from_list (root t0) (ffold (merge_f (root t0) (sucs t0)) [] (sucs t0)))"
+ using merge_cases_sucs[of t0] assms unfolding merge_def by fastforce
+ then obtain ys where "(root t1, e1) # ys = ffold (merge_f (root t0) (sucs t0)) [] (sucs t0)"
+ using dtree_from_list_eq_singleton[OF 0] by blast
+ then show ?thesis using list.sel(1)[of "(root t1, e1)" ys] by simp
+qed
+
+lemma merge_child_in_orig:
+ assumes "(t1,e1) \<in> fset (sucs (merge t0))"
+ shows "\<exists>(t2,e2) \<in> fset (sucs t0). (root t2,e2) = (root t1,e1)"
+proof -
+ have 0: "list_dtree (Node (root t0) (sucs t0))" using assms merge_empty_if_nwf_sucs by fastforce
+ have "sucs t0 \<noteq> {||}" using assms merge_empty_sucs by fastforce
+ then obtain t2 e2 where t2_def: "(t2,e2) \<in> fset (sucs t0)"
+ "hd (ffold (merge_f (root t0) (sucs t0)) [] (sucs t0)) = (root t2,e2)"
+ using merge_ffold_hd_is_child[OF 0] by blast
+ then show ?thesis using merge_ffold_hd_eq_child[OF assms] by auto
+qed
+
+lemma ffold_singleton: "comp_fun_commute f \<Longrightarrow> ffold f z {|x|} = f x z"
+ using comp_fun_commute.ffold_finsert by fastforce
+
+lemma ffold_singleton1:
+ "\<lbrakk>comp_fun_commute (\<lambda>a b. if P a b then Q a b else R a b); P x z\<rbrakk>
+ \<Longrightarrow> ffold (\<lambda>a b. if P a b then Q a b else R a b) z {|x|} = Q x z"
+ using ffold_singleton by fastforce
+
+lemma ffold_singleton2:
+ "\<lbrakk>comp_fun_commute (\<lambda>a b. if P a b then Q a b else R a b); \<not>P x z\<rbrakk>
+ \<Longrightarrow> ffold (\<lambda>a b. if P a b then Q a b else R a b) z {|x|} = R x z"
+ using ffold_singleton by fastforce
+
+lemma merge_ffold_singleton_if_wf:
+ assumes "list_dtree (Node r {|(t1,e1)|})"
+ shows "ffold (merge_f r {|(t1,e1)|}) [] {|(t1,e1)|} = dtree_to_list (Node r {|(t1,e1)|})"
+proof -
+ interpret Comm: comp_fun_commute "merge_f r {|(t1,e1)|}" by (rule merge_commute)
+ define f where "f = merge_f r {|(t1,e1)|}"
+ have "ffold f [] {|(t1,e1)|} = f (t1,e1) (ffold f [] {||})"
+ using Comm.ffold_finsert f_def by blast
+ then show ?thesis using f_def assms by simp
+qed
+
+lemma merge_singleton_if_wf:
+ assumes "list_dtree (Node r {|(t1,e1)|})"
+ shows "merge (Node r {|(t1,e1)|}) = dtree_from_list r (dtree_to_list (Node r {|(t1,e1)|}))"
+ using merge_ffold_singleton_if_wf[OF assms] merge_xs by simp
+
+lemma merge_disjoint_if_child:
+ "merge (Node r {|(t1,e1)|}) = Node r {|(t2,e2)|} \<Longrightarrow> list_dtree (Node r {|(t1,e1)|})"
+ using merge_empty_if_nwf by fastforce
+
+lemma merge_root_child_eq:
+ "merge (Node r {|(t1,e1)|}) = Node r {|(t2,e2)|} \<Longrightarrow> root t1 = root t2"
+ using merge_singleton_if_wf[OF merge_disjoint_if_child] by fastforce
+
+lemma merge_ffold_split_subtree:
+ "\<lbrakk>\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1; list_dtree (Node r xs);
+ as@(v,e)#bs = ffold (merge_f r xs) [] xs\<rbrakk>
+ \<Longrightarrow> \<exists>ys. strict_subtree (Node v ys) (Node r xs) \<and> dverts (Node v ys) \<subseteq> (fst ` set ((v,e)#bs))"
+proof(induction xs arbitrary: as bs)
+ case (insert x xs)
+ obtain t1 e1 where t1_def[simp]: "x = (t1,e1)" by fastforce
+ define f' where "f' = merge_f r xs"
+ let ?f = "merge_f r (finsert x xs)"
+ let ?f' = "merge_f r xs"
+ have "(t1, e1) \<in> fset (finsert x xs)" by simp
+ moreover have "(t1, e1) \<notin> fset xs" using insert.hyps notin_fset by fastforce
+ ultimately have xs_val:
+ "(\<forall>(v,e) \<in> set (ffold ?f' [] xs). set v \<inter> dlverts t1 = {} \<and> v \<noteq> [] \<and> e \<notin> darcs t1 \<union> {e1})"
+ using merge_ffold_empty_inter_preserv'[OF insert.prems(2) empty_list_valid_merge] by blast
+ have 0: "\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1" using insert.prems(1) by simp
+ have 1: "list_dtree (Node r xs)" using list_dtree_subset insert.prems(2) by blast
+ have "ffold ?f [] (finsert x xs) = ?f x (ffold ?f [] xs)"
+ using Comm.ffold_finsert[OF insert.hyps] by blast
+ also have "\<dots> = ?f x (ffold ?f' [] xs)"
+ using merge_ffold_supset[of xs "finsert x xs" r "[]"] insert.prems(2) by fastforce
+ finally have ind: "ffold ?f [] (finsert x xs)
+ = Sorting_Algorithms.merge cmp' (dtree_to_list (Node r {|x|})) (ffold f' [] xs)"
+ using insert.prems(2) xs_val f'_def by simp
+ have "max_deg (fst x) \<le> 1" using insert.prems(1) by simp
+ then have "max_deg (Node r {|x|}) \<le> 1"
+ using mdeg_child_sucs_eq_if_gt1[of r "fst x" "snd x" "root (fst x)"] by fastforce
+ then have "\<forall>as bs. as@(v,e)#bs = dtree_to_list (Node r {|x|}) \<longrightarrow>
+ (\<exists>zs. strict_subtree (Node v zs) (Node r {|x|})
+ \<and> dverts (Node v zs) \<subseteq> fst ` set ((v,e)#bs))"
+ using dtree_to_list_split_subtree_dverts_eq_fsts' by fast
+ then have left: "\<forall>as bs. as@(v,e)#bs = dtree_to_list (Node r {|x|}) \<longrightarrow>
+ (\<exists>zs. strict_subtree (Node v zs) (Node r (finsert x xs))
+ \<and> dverts (Node v zs) \<subseteq> fst ` set ((v,e)#bs))"
+ using strict_subtree_singleton[where xs="finsert x xs"] by blast
+ have "\<forall>as bs. as@(v,e)#bs = ffold f' [] xs \<longrightarrow>
+ (\<exists>zs. strict_subtree (Node v zs) (Node r xs)
+ \<and> dverts (Node v zs) \<subseteq> fst ` set ((v,e)#bs))"
+ using insert.IH[OF 0 1] f'_def by blast
+ then have right: "\<forall>as bs. as@(v,e)#bs = ffold f' [] xs \<longrightarrow>
+ (\<exists>zs. strict_subtree (Node v zs) (Node r (finsert x xs))
+ \<and> dverts (Node v zs) \<subseteq> fst ` set ((v,e)#bs))"
+ using strict_subtree_subset[where r=r and xs=xs and ys="finsert x xs"] by fast
+ then show ?case using merge_split_supset_strict_subtree[OF left right] ind insert.prems(3) by simp
+qed (simp)
+
+lemma merge_strict_subtree_dverts_sup:
+ assumes "\<forall>t \<in> fst ` fset (sucs t). max_deg t \<le> 1"
+ and "strict_subtree (Node r xs) (merge t)"
+ shows "\<exists>ys. is_subtree (Node r ys) t \<and> dverts (Node r ys) \<subseteq> dverts (Node r xs)"
+proof -
+ have 0: "list_dtree (Node (root t) (sucs t))" using list_dtree_axioms by simp
+ have "\<forall>as r e bs. as@(r,e)#bs = ffold (merge_f (root t) (sucs t)) [] (sucs t)
+ \<longrightarrow> (\<exists>ys. strict_subtree (Node r ys) (Node (root t) (sucs t))
+ \<and> dverts (Node r ys) \<subseteq> fst ` set ((r,e)#bs))"
+ using merge_ffold_split_subtree[OF assms(1) 0] by blast
+ then have "\<forall>as r e bs. as@(r,e)#bs = ffold (merge_f (root t) (sucs t)) [] (sucs t) \<longrightarrow>
+ (\<exists>ys. strict_subtree (Node r ys) t \<and> dverts (Node r ys) \<subseteq> fst ` set ((r,e)#bs))"
+ by simp
+ obtain as e bs where bs_def: "as@(r,e)#bs = ffold (merge_f (root t) (sucs t)) [] (sucs t)"
+ using assms(2) dtree_from_list_uneq_sequence_xs[of r] unfolding merge_def by blast
+ have "wf_dverts (merge t)" by (simp add: merge_wf_dlverts wf_dverts_if_wf_dlverts)
+ then have wf: "wf_dverts (dtree_from_list (root t) (as@(r,e)#bs))"
+ unfolding merge_def bs_def .
+ moreover obtain ys where
+ "strict_subtree (Node r ys) t" "dverts (Node r ys) \<subseteq> fst ` set ((r,e)#bs)"
+ using merge_ffold_split_subtree[OF assms(1) 0 bs_def] by auto
+ moreover have "strict_subtree (Node r xs) (dtree_from_list (root t) (as@(r,e)#bs))"
+ using assms(2) unfolding bs_def merge_def .
+ ultimately show ?thesis
+ using dtree_from_list_dverts_subset_wfdverts1 unfolding strict_subtree_def by fast
+qed
+
+lemma merge_subtree_dverts_supset:
+ assumes "\<forall>t\<in>fst ` fset (sucs t). max_deg t \<le> 1" and "is_subtree (Node r xs) (merge t)"
+ shows "\<exists>ys. is_subtree (Node r ys) t \<and> dverts (Node r ys) \<subseteq> dverts (Node r xs)"
+proof(cases "Node r xs = merge t")
+ case True
+ then obtain ys where "t = Node r ys" using merge_root_eq dtree.exhaust_sel dtree.sel(1) by metis
+ then show ?thesis using dverts_merge_eq[OF assms(1)] True by auto
+next
+ case False
+ then show ?thesis using merge_strict_subtree_dverts_sup assms strict_subtree_def by blast
+qed
+
+lemma merge_subtree_dlverts_supset:
+ assumes "\<forall>t\<in>fst ` fset (sucs t). max_deg t \<le> 1" and "is_subtree (Node r xs) (merge t)"
+ shows "\<exists>ys. is_subtree (Node r ys) t \<and> dlverts (Node r ys) \<subseteq> dlverts (Node r xs)"
+proof -
+ obtain ys where "is_subtree (Node r ys) t" "dverts (Node r ys) \<subseteq> dverts (Node r xs)"
+ using merge_subtree_dverts_supset[OF assms] by blast
+ then show ?thesis using dlverts_eq_dverts_union[of "Node r ys"] dlverts_eq_dverts_union by fast
+qed
+
+end
+
+subsection \<open>Normalizing Dtrees\<close>
+
+context ranked_dtree
+begin
+
+subsubsection \<open>Definitions\<close>
+
+function normalize1 :: "('a list,'b) dtree \<Rightarrow> ('a list,'b) dtree" where
+ "normalize1 (Node r {|(t1,e)|}) =
+ (if rank (rev (root t1)) < rank (rev r) then Node (r@root t1) (sucs t1)
+ else Node r {|(normalize1 t1,e)|})"
+| "\<forall>x. xs \<noteq> {|x|} \<Longrightarrow> normalize1 (Node r xs) = Node r ((\<lambda>(t,e). (normalize1 t,e)) |`| xs)"
+ by (metis darcs_mset.cases old.prod.exhaust) fast+
+termination by lexicographic_order
+
+lemma normalize1_size_decr[termination_simp]:
+ "normalize1 t1 \<noteq> t1 \<Longrightarrow> size (normalize1 t1) < size t1"
+proof(induction t1 rule: normalize1.induct)
+ case (1 r t e)
+ then show ?case
+ proof(cases "rank (rev (root t)) < rank (rev r)")
+ case True
+ then show ?thesis using dtree_size_eq_root[of "root t" "sucs t"] by simp
+ next
+ case False
+ then show ?thesis using dtree_size_img_le 1 by auto
+ qed
+next
+ case (2 xs r)
+ then have 0: "\<forall>t \<in> fst ` fset xs. size (normalize1 t) \<le> size t" by fastforce
+ moreover have "\<exists>t \<in> fst ` fset xs. size (normalize1 t) < size t"
+ using elem_neq_if_fset_neq[of normalize1 xs] 2 by fastforce
+ ultimately show ?case using dtree_size_img_lt "2.hyps" by auto
+qed
+
+lemma normalize1_size_le: "size (normalize1 t1) \<le> size t1"
+ by(cases "normalize1 t1=t1") (auto dest: normalize1_size_decr)
+
+fun normalize :: "('a list,'b) dtree \<Rightarrow> ('a list,'b) dtree" where
+ "normalize t1 = (let t2 = normalize1 t1 in if t1 = t2 then t2 else normalize t2)"
+
+subsubsection \<open>Basic Proofs\<close>
+
+lemma root_normalize1_eq1:
+ "\<not>rank (rev (root t1)) < rank (rev r) \<Longrightarrow> root (normalize1 (Node r {|(t1,e1)|})) = r"
+ by simp
+
+lemma root_normalize1_eq1':
+ "\<not>rank (rev (root t1)) \<le> rank (rev r) \<Longrightarrow> root (normalize1 (Node r {|(t1,e1)|})) = r"
+ by simp
+
+lemma root_normalize1_eq2: "\<forall>x. xs \<noteq> {|x|} \<Longrightarrow> root (normalize1 (Node r xs)) = r"
+ by simp
+
+lemma fset_img_eq: "\<forall>x \<in> fset xs. f x = x \<Longrightarrow> f |`| xs = xs"
+ using fset_inject[of xs "f |`| xs"] by simp
+
+lemma fset_img_uneq: "f |`| xs \<noteq> xs \<Longrightarrow> \<exists>x \<in> fset xs. f x \<noteq> x"
+ using fset_img_eq by fastforce
+
+lemma fset_img_uneq_prod: "(\<lambda>(t,e). (f t, e)) |`| xs \<noteq> xs \<Longrightarrow> \<exists>(t,e) \<in> fset xs. f t \<noteq> t"
+ using fset_img_uneq[of "\<lambda>(t,e). (f t, e)" xs] by auto
+
+lemma contr_if_normalize1_uneq:
+ "normalize1 t1 \<noteq> t1
+ \<Longrightarrow> \<exists>v t2 e2. is_subtree (Node v {|(t2,e2)|}) t1 \<and> rank (rev (root t2)) < rank (rev v)"
+proof(induction t1 rule: normalize1.induct)
+ case (2 xs r)
+ then show ?case using fset_img_uneq_prod[of normalize1 xs] by fastforce
+qed(fastforce)
+
+lemma contr_before_normalize1:
+ "\<lbrakk>is_subtree (Node v {|(t1,e1)|}) (normalize1 t3); rank (rev (root t1)) < rank (rev v)\<rbrakk>
+ \<Longrightarrow> \<exists>v' t2 e2. is_subtree (Node v' {|(t2,e2)|}) t3 \<and> rank (rev (root t2)) < rank (rev v')"
+ using contr_if_normalize1_uneq by force
+
+subsubsection \<open>Normalizing Preserves Well-Formedness\<close>
+
+lemma normalize1_darcs_sub: "darcs (normalize1 t1) \<subseteq> darcs t1"
+proof(induction t1 rule: normalize1.induct)
+ case (1 r t e)
+ then show ?case
+ proof(cases "rank (rev (root t)) < rank (rev r)")
+ case True
+ then have "darcs (normalize1 (Node r {|(t,e)|})) = darcs (Node (r@root t) (sucs t))" by simp
+ also have "\<dots> = darcs (Node (root t) (sucs t))" using darcs_sub_if_children_sub by fast
+ finally show ?thesis by auto
+ next
+ case False
+ then show ?thesis using 1 by auto
+ qed
+qed (fastforce)
+
+lemma disjoint_darcs_normalize1:
+ "wf_darcs t1 \<Longrightarrow> disjoint_darcs ((\<lambda>(t,e). (normalize1 t,e)) |`| (sucs t1))"
+ using disjoint_darcs_img[OF disjoint_darcs_if_wf, of t1 normalize1]
+ by (simp add: normalize1_darcs_sub)
+
+lemma wf_darcs_normalize1: "wf_darcs t1 \<Longrightarrow> wf_darcs (normalize1 t1)"
+proof(induction t1 rule: normalize1.induct)
+ case (1 r t e)
+ show ?case
+ proof(cases "rank (rev (root t)) < rank (rev r)")
+ case True
+ then show ?thesis
+ using "1.prems" dtree.collapse singletonI finsert.rep_eq case_prodD
+ unfolding wf_darcs_iff_darcs'
+ by (metis (no_types, lifting) wf_darcs'.simps bot_fset.rep_eq normalize1.simps(1))
+ next
+ case False
+ have "disjoint_darcs {|(normalize1 t,e)|}"
+ using normalize1_darcs_sub disjoint_darcs_if_wf_xs[OF "1.prems"] by auto
+ then show ?thesis using 1 False unfolding wf_darcs_iff_darcs' by force
+ qed
+next
+ case (2 xs r)
+ then show ?case
+ using disjoint_darcs_normalize1[OF "2.prems"]
+ by (fastforce simp: wf_darcs_iff_darcs')
+qed
+
+lemma normalize1_dlverts_eq[simp]: "dlverts (normalize1 t1) = dlverts t1"
+proof(induction t1 rule: normalize1.induct)
+ case (1 r t e)
+ then show ?case
+ proof(cases "rank (rev (root t)) < rank (rev r)")
+ case True
+ then show ?thesis using dlverts.simps[of "root t" "sucs t"] by force
+ next
+ case False
+ then show ?thesis using 1 by auto
+ qed
+qed (fastforce)
+
+lemma normalize1_dverts_contr_subtree:
+ "\<lbrakk>v \<in> dverts (normalize1 t1); v \<notin> dverts t1\<rbrakk>
+ \<Longrightarrow> \<exists>v2 t2 e2. is_subtree (Node v2 {|(t2,e2)|}) t1
+ \<and> v2 @ root t2 = v \<and> rank (rev (root t2)) < rank (rev v2)"
+proof(induction t1 rule: normalize1.induct)
+ case (1 r t e)
+ show ?case
+ proof(cases "rank (rev (root t)) < rank (rev r)")
+ case True
+ then show ?thesis using "1.prems" dverts_suc_subseteq by fastforce
+ next
+ case False
+ then show ?thesis using 1 by auto
+ qed
+qed(fastforce)
+
+lemma normalize1_dverts_app_contr:
+ "\<lbrakk>v \<in> dverts (normalize1 t1); v \<notin> dverts t1\<rbrakk>
+ \<Longrightarrow> \<exists>v1\<in>dverts t1. \<exists>v2\<in>dverts t1. v1 @ v2 = v \<and> rank (rev v2) < rank (rev v1)"
+ using normalize1_dverts_contr_subtree
+ by (fastforce simp: single_subtree_root_dverts single_subtree_child_root_dverts)
+
+lemma disjoint_dlverts_img:
+ assumes "disjoint_dlverts xs" and "\<forall>(t,e) \<in> fset xs. dlverts (f t) \<subseteq> dlverts t"
+ shows "disjoint_dlverts ((\<lambda>(t,e). (f t,e)) |`| xs)" (is "disjoint_dlverts ?xs")
+proof (rule ccontr)
+ assume "\<not> disjoint_dlverts ?xs"
+ then obtain x1 e1 y1 e2 where asm: "(x1,e1) \<in> fset ?xs" "(y1,e2) \<in> fset ?xs"
+ "dlverts x1 \<inter> dlverts y1 \<noteq> {} \<and> (x1,e1)\<noteq>(y1,e2)" by blast
+ then obtain x2 where x2_def: "f x2 = x1" "(x2,e1) \<in> fset xs" by auto
+ obtain y2 where y2_def: "f y2 = y1" "(y2,e2) \<in> fset xs" using asm(2) by auto
+ have "dlverts x1 \<subseteq> dlverts x2" using assms(2) x2_def by fast
+ moreover have "dlverts y1 \<subseteq> dlverts y2" using assms(2) y2_def by fast
+ ultimately have "\<not> disjoint_dlverts xs" using asm(3) x2_def y2_def by blast
+ then show False using assms(1) by blast
+qed
+
+lemma disjoint_dlverts_normalize1:
+ "disjoint_dlverts xs \<Longrightarrow> disjoint_dlverts ((\<lambda>(t,e). (normalize1 t,e)) |`| xs)"
+ using disjoint_dlverts_img[of xs] by simp
+
+lemma disjoint_dlverts_normalize1_sucs:
+ "disjoint_dlverts (sucs t1) \<Longrightarrow> disjoint_dlverts ((\<lambda>(t,e). (normalize1 t,e)) |`| (sucs t1))"
+ using disjoint_dlverts_img[of "sucs t1"] by simp
+
+lemma disjoint_dlverts_normalize1_wf:
+ "wf_dlverts t1 \<Longrightarrow> disjoint_dlverts ((\<lambda>(t,e). (normalize1 t,e)) |`| (sucs t1))"
+ using disjoint_dlverts_img[OF disjoint_dlverts_if_wf, of t1] by simp
+
+lemma disjoint_dlverts_normalize1_wf':
+ "wf_dlverts (Node r xs) \<Longrightarrow> disjoint_dlverts ((\<lambda>(t,e). (normalize1 t,e)) |`| xs)"
+ using disjoint_dlverts_img[OF disjoint_dlverts_if_wf, of "Node r xs"] by simp
+
+lemma root_empty_inter_dlverts_normalize1:
+ assumes "wf_dlverts t1" and "(x1,e1) \<in> fset ((\<lambda>(t,e). (normalize1 t,e)) |`| (sucs t1))"
+ shows "set (root t1) \<inter> dlverts x1 = {}"
+proof (rule ccontr)
+ assume asm: "set (root t1) \<inter> dlverts x1 \<noteq> {}"
+ obtain x2 where x2_def: "normalize1 x2 = x1" "(x2,e1) \<in> fset (sucs t1)" using assms(2) by auto
+ have "set (root t1) \<inter> dlverts x2 \<noteq> {}" using x2_def(1) asm by force
+ then show False using x2_def(2) assms(1) wf_dlverts.simps[of "root t1" "sucs t1"] by auto
+qed
+
+lemma wf_dlverts_normalize1: "wf_dlverts t1 \<Longrightarrow> wf_dlverts (normalize1 t1)"
+proof(induction t1 rule: normalize1.induct)
+ case (1 r t e)
+ show ?case
+ proof(cases "rank (rev (root t)) < rank (rev r)")
+ case True
+ have 0: "\<forall>(t1,e1) \<in> fset (sucs t). wf_dlverts t1"
+ using "1.prems" wf_dlverts.simps[of "root t" "sucs t"] by auto
+ have "\<forall>(t1,e1) \<in> fset (sucs t). set (root t) \<inter> dlverts t1 = {}"
+ using "1.prems" wf_dlverts.simps[of "root t"] by fastforce
+ then have "\<forall>(t1,e1) \<in> fset (sucs t). set (r@root t) \<inter> dlverts t1 = {}"
+ using suc_in_dlverts "1.prems" by fastforce
+ then show ?thesis using True 0 disjoint_dlverts_if_wf[of t] "1.prems" by auto
+ next
+ case False
+ then show ?thesis
+ using root_empty_inter_dlverts_normalize1[OF "1.prems"] disjoint_dlverts_normalize1 1 by auto
+ qed
+next
+ case (2 xs r)
+ have "\<forall>(t1,e1) \<in> fset ((\<lambda>(t, e). (normalize1 t, e)) |`| xs). set r \<inter> dlverts t1 = {}"
+ using root_empty_inter_dlverts_normalize1[OF "2.prems"] by force
+ then show ?case using disjoint_dlverts_normalize1 2 by auto
+qed
+
+corollary list_dtree_normalize1: "list_dtree (normalize1 t)"
+ using wf_dlverts_normalize1[OF wf_lverts] wf_darcs_normalize1[OF wf_arcs] list_dtree_def by blast
+
+corollary ranked_dtree_normalize1: "ranked_dtree (normalize1 t) cmp"
+ using list_dtree_normalize1 ranked_dtree_def ranked_dtree_axioms by blast
+
+lemma normalize_darcs_sub: "darcs (normalize t1) \<subseteq> darcs t1"
+ apply(induction t1 rule: normalize.induct)
+ by (smt (verit) normalize1_darcs_sub normalize.simps subset_trans)
+
+lemma normalize_dlverts_eq: "dlverts (normalize t1) = dlverts t1"
+ by(induction t1 rule: normalize.induct) (metis (full_types) normalize.elims normalize1_dlverts_eq)
+
+theorem ranked_dtree_normalize: "ranked_dtree (normalize t) cmp"
+ using ranked_dtree_axioms apply(induction t rule: normalize.induct)
+ by (smt (verit) ranked_dtree.normalize.elims ranked_dtree.ranked_dtree_normalize1)
+
+subsubsection \<open>Distinctness and hd preserved\<close>
+
+lemma distinct_normalize1: "\<lbrakk>\<forall>v\<in>dverts t. distinct v; v\<in>dverts (normalize1 t)\<rbrakk> \<Longrightarrow> distinct v"
+using ranked_dtree_axioms proof(induction t rule: normalize1.induct)
+ case (1 r t e)
+ then interpret R: ranked_dtree "Node r {|(t, e)|}" rank by blast
+ show ?case
+ proof(cases "rank (rev (root t)) < rank (rev r)")
+ case True
+ interpret T: ranked_dtree t rank using R.ranked_dtree_rec by auto
+ have "set r \<inter> set (root t) = {}"
+ using R.wf_lverts dlverts.simps[of "root t" "sucs t"] by auto
+ then have "distinct (r@root t)" by (auto simp: dtree.set_sel(1) "1.prems"(1))
+ moreover have "\<forall>v \<in> (\<Union>(t, e)\<in>fset (sucs t). dverts t). distinct v"
+ using "1.prems"(1) dtree.set(1)[of "root t" "sucs t"] by fastforce
+ ultimately show ?thesis using dverts_root_or_child "1.prems"(2) True by auto
+ next
+ case False
+ then show ?thesis using R.ranked_dtree_rec 1 by auto
+ qed
+next
+ case (2 xs r)
+ then interpret R: ranked_dtree "Node r xs" rank by blast
+ show ?case using R.ranked_dtree_rec 2 by fastforce
+qed
+
+lemma distinct_normalize: "\<forall>v\<in>dverts t. distinct v \<Longrightarrow> \<forall>v\<in>dverts (normalize t). distinct v"
+using ranked_dtree_axioms proof(induction t rule: normalize.induct)
+ case (1 t)
+ then interpret T1: ranked_dtree "t" rank by blast
+ interpret T2: ranked_dtree "normalize1 t" rank by (simp add: T1.ranked_dtree_normalize1)
+ show ?case
+ by (smt (verit, del_insts) 1 T1.distinct_normalize1 T2.ranked_dtree_axioms normalize.simps)
+qed
+
+lemma normalize1_hd_root_eq[simp]:
+ assumes "root t1 \<noteq> []"
+ shows "hd (root (normalize1 t1)) = hd (root t1)"
+proof(cases "\<forall>x. sucs t1 \<noteq> {|x|}")
+ case True
+ then show ?thesis using normalize1.simps(2)[of "sucs t1" "root t1"] by simp
+next
+ case False
+ then obtain t e where "{|(t, e)|} = sucs t1" by auto
+ then show ?thesis using normalize1.simps(1)[of "root t1" t e] assms by simp
+qed
+
+corollary normalize1_hd_root_eq':
+ "wf_dlverts t1 \<Longrightarrow> hd (root (normalize1 t1)) = hd (root t1)"
+ using normalize1_hd_root_eq[of t1] wf_dlverts.simps[of "root t1" "sucs t1"] by simp
+
+lemma normalize1_root_nempty:
+ assumes "root t1 \<noteq> []"
+ shows "root (normalize1 t1) \<noteq> []"
+proof(cases "\<forall>x. sucs t1 \<noteq> {|x|}")
+ case True
+ then show ?thesis using normalize1.simps(2)[of "sucs t1" "root t1"] assms by simp
+next
+ case False
+ then obtain t e where "{|(t, e)|} = sucs t1" by auto
+ then show ?thesis using normalize1.simps(1)[of "root t1" t e] assms by simp
+qed
+
+lemma normalize_hd_root_eq[simp]: "root t1 \<noteq> [] \<Longrightarrow> hd (root (normalize t1)) = hd (root t1)"
+using ranked_dtree_axioms proof(induction t1 rule: normalize.induct)
+ case (1 t)
+ then show ?case
+ proof(cases "t = normalize1 t")
+ case False
+ then have "normalize t = normalize (normalize1 t)" by (simp add: Let_def)
+ then show ?thesis using 1 normalize1_root_nempty by force
+ qed(simp)
+qed
+
+corollary normalize_hd_root_eq'[simp]: "wf_dlverts t1 \<Longrightarrow> hd (root (normalize t1)) = hd (root t1)"
+ using normalize_hd_root_eq wf_dlverts.simps[of "root t1" "sucs t1"] by simp
+
+subsubsection \<open>Normalize and Sorting\<close>
+
+lemma normalize1_uneq_if_contr:
+ "\<lbrakk>is_subtree (Node r1 {|(t1,e1)|}) t2; rank (rev (root t1)) < rank (rev r1); wf_darcs t2\<rbrakk>
+ \<Longrightarrow> t2 \<noteq> normalize1 t2"
+proof(induction t2 rule: normalize1.induct)
+ case (1 r t e)
+ then show ?case
+ proof(cases "rank (rev (root t)) < rank (rev r)")
+ case True
+ then show ?thesis using combine_uneq by fastforce
+ next
+ case False
+ then show ?thesis using 1 by auto
+ qed
+next
+ case (2 xs r)
+ then obtain t e where t_def: "(t,e) \<in> fset xs" "is_subtree (Node r1 {|(t1,e1)|}) t" by auto
+ then have "t \<noteq> normalize1 t" using 2 by fastforce
+ then have "(normalize1 t, e) \<notin> fset xs"
+ using "2.prems"(3) t_def(1) by (auto simp: wf_darcs_iff_darcs')
+ moreover have "(normalize1 t, e) \<in> fset ((\<lambda>(t,e). (normalize1 t,e)) |`| xs)"
+ using t_def(1) by auto
+ ultimately have "(\<lambda>(t,e). (normalize1 t,e)) |`| xs \<noteq> xs" using t_def(1) by fastforce
+ then show ?case using "2.hyps" by simp
+qed
+
+lemma sorted_ranks_if_normalize1_eq:
+ "\<lbrakk>wf_darcs t2; is_subtree (Node r1 {|(t1,e1)|}) t2; t2 = normalize1 t2\<rbrakk>
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (root t1))"
+ using normalize1_uneq_if_contr by fastforce
+
+lemma normalize_sorted_ranks:
+ "\<lbrakk>is_subtree (Node r {|(t1,e1)|}) (normalize t)\<rbrakk> \<Longrightarrow> rank (rev r) \<le> rank (rev (root t1))"
+using ranked_dtree_axioms proof(induction t rule: normalize.induct)
+ case (1 t)
+ then interpret T: ranked_dtree t by blast
+ show ?case
+ using 1 sorted_ranks_if_normalize1_eq[OF T.wf_arcs]
+ by (smt (verit, ccfv_SIG) T.ranked_dtree_normalize1 normalize.simps)
+qed
+
+lift_definition cmp'' :: "('a list\<times>'b) comparator" is
+ "(\<lambda>x y. if rank (rev (fst x)) < rank (rev (fst y)) then Less
+ else if rank (rev (fst x)) > rank (rev (fst y)) then Greater
+ else Equiv)"
+ by (simp add: comparator_def)
+
+lemma dtree_to_list_sorted_if_no_contr:
+ "\<lbrakk>\<And>r1 t1 e1. is_subtree (Node r1 {|(t1,e1)|}) t2 \<Longrightarrow> rank (rev r1) \<le> rank (rev (root t1))\<rbrakk>
+ \<Longrightarrow> sorted cmp'' (dtree_to_list (Node r {|(t2,e2)|}))"
+proof(induction cmp'' "dtree_to_list (Node r {|(t2,e2)|})" arbitrary: r t2 e2 rule: sorted.induct)
+ case (2 x)
+ then show ?case using sorted_single[of cmp'' x] by simp
+next
+ case (3 y x xs)
+ then obtain r1 t1 e1 where r1_def: "t2 = Node r1 {|(t1,e1)|}"
+ using dtree_to_list.elims[of t2] by fastforce
+ have "y = (root t2,e2)" using "3.hyps"(2) r1_def by simp
+ moreover have "x = (root t1,e1)" using "3.hyps"(2) r1_def by simp
+ moreover have "rank (rev (root t2)) \<le> rank (rev (root t1))" using "3.prems" r1_def by auto
+ ultimately have "compare cmp'' y x \<noteq> Greater" using cmp''.rep_eq by simp
+ moreover have "sorted cmp'' (dtree_to_list t2)" using 3 r1_def by auto
+ ultimately show ?case using 3 r1_def by simp
+qed(simp)
+
+lemma dtree_to_list_sorted_if_no_contr':
+ "\<lbrakk>\<And>r1 t1 e1. is_subtree (Node r1 {|(t1,e1)|}) t2 \<Longrightarrow> rank (rev r1) \<le> rank (rev (root t1))\<rbrakk>
+ \<Longrightarrow> sorted cmp'' (dtree_to_list t2)"
+ using dtree_to_list_sorted_if_no_contr[of t2] sorted_Cons_imp_sorted by fastforce
+
+lemma dtree_to_list_sorted_if_subtree:
+ "\<lbrakk>is_subtree t1 t2;
+ \<And>r1 t1 e1. is_subtree (Node r1 {|(t1,e1)|}) t2 \<Longrightarrow> rank (rev r1) \<le> rank (rev (root t1))\<rbrakk>
+ \<Longrightarrow> sorted cmp'' (dtree_to_list (Node r {|(t1,e1)|}))"
+ using dtree_to_list_sorted_if_no_contr subtree_trans by blast
+
+lemma dtree_to_list_sorted_if_subtree':
+ "\<lbrakk>is_subtree t1 t2;
+ \<And>r1 t1 e1. is_subtree (Node r1 {|(t1,e1)|}) t2 \<Longrightarrow> rank (rev r1) \<le> rank (rev (root t1))\<rbrakk>
+ \<Longrightarrow> sorted cmp'' (dtree_to_list t1)"
+ using dtree_to_list_sorted_if_no_contr' subtree_trans by blast
+
+lemma normalize_dtree_to_list_sorted:
+ "is_subtree t1 (normalize t) \<Longrightarrow> sorted cmp'' (dtree_to_list (Node r {|(t1,e1)|}))"
+ using dtree_to_list_sorted_if_subtree normalize_sorted_ranks by blast
+
+lemma normalize_dtree_to_list_sorted':
+ "is_subtree t1 (normalize t) \<Longrightarrow> sorted cmp'' (dtree_to_list t1)"
+ using dtree_to_list_sorted_if_subtree' normalize_sorted_ranks by blast
+
+lemma gt_if_rank_contr: "rank (rev r0) < rank (rev r) \<Longrightarrow> compare cmp'' (r, e) (r0, e0) = Greater"
+ by (auto simp: cmp''.rep_eq)
+
+lemma rank_le_if_ngt: "compare cmp'' (r, e) (r0, e0) \<noteq> Greater \<Longrightarrow> rank (rev r) \<le> rank (rev r0)"
+ using gt_if_rank_contr by force
+
+lemma rank_le_if_sorted_from_list:
+ assumes "sorted cmp'' ((v1,e1)#ys)" and "is_subtree (Node r0 {|(t0,e0)|}) (dtree_from_list v1 ys)"
+ shows "rank (rev r0) \<le> rank (rev (root t0))"
+proof -
+ obtain e as bs where e_def: "as @ (r0, e) # (root t0, e0) # bs = ((v1,e1)#ys)"
+ using dtree_from_list_sequence[OF assms(2)] by blast
+ then have "sorted cmp'' (as @ (r0, e) # (root t0, e0) # bs)" using assms(1) by simp
+ then have "sorted cmp'' ((r0, e) # (root t0, e0) # bs)" using sorted_app_r by blast
+ then show ?thesis using rank_le_if_ngt by auto
+qed
+
+lemma cmp'_gt_if_cmp''_gt: "compare cmp'' x y = Greater \<Longrightarrow> compare cmp' x y = Greater"
+ by (auto simp: cmp'.rep_eq cmp''.rep_eq split: if_splits)
+
+lemma cmp'_lt_if_cmp''_lt: "compare cmp'' x y = Less \<Longrightarrow> compare cmp' x y = Less"
+ by (auto simp: cmp'.rep_eq cmp''.rep_eq)
+
+lemma cmp''_ge_if_cmp'_gt:
+ "compare cmp' x y = Greater \<Longrightarrow> compare cmp'' x y = Greater \<or> compare cmp'' x y = Equiv"
+ by (auto simp: cmp'.rep_eq cmp''.rep_eq split: if_splits)
+
+lemma cmp''_nlt_if_cmp'_gt: "compare cmp' x y = Greater \<Longrightarrow> compare cmp'' y x \<noteq> Greater"
+ by (auto simp: cmp'.rep_eq cmp''.rep_eq)
+
+interpretation Comm: comp_fun_commute "merge_f r xs" by (rule merge_commute)
+
+lemma sorted_cmp''_merge:
+ "\<lbrakk>sorted cmp'' xs; sorted cmp'' ys\<rbrakk> \<Longrightarrow> sorted cmp'' (Sorting_Algorithms.merge cmp' xs ys)"
+proof(induction xs ys taking: cmp' rule: Sorting_Algorithms.merge.induct)
+ case (3 x xs y ys)
+ let ?merge = "Sorting_Algorithms.merge cmp'"
+ show ?case
+ proof(cases "compare cmp' x y = Greater")
+ case True
+ have "?merge (x # xs) (y#ys) = y # (?merge (x # xs) ys)" using True by simp
+ moreover have "sorted cmp'' (?merge (x # xs) ys)" using 3 True sorted_Cons_imp_sorted by fast
+ ultimately show ?thesis
+ using cmp''_nlt_if_cmp'_gt[OF True] "3.prems" sorted_rec[of cmp'' y]
+ merge.elims[of cmp' "x#xs" ys "?merge (x # xs) ys"]
+ by metis
+ next
+ case False
+ have "?merge (x#xs) (y#ys) = x # (?merge xs (y#ys))" using False by simp
+ moreover have "sorted cmp'' (?merge xs (y#ys))" using 3 False sorted_Cons_imp_sorted by fast
+ ultimately show ?thesis
+ using cmp'_gt_if_cmp''_gt False "3.prems" sorted_rec[of cmp'' x]
+ merge.elims[of cmp' xs "y#ys" "?merge xs (y#ys)"]
+ by metis
+ qed
+qed(auto)
+
+lemma merge_ffold_sorted:
+ "\<lbrakk>list_dtree (Node r xs); \<And>t2 r1 t1 e1. \<lbrakk>t2 \<in> fst ` fset xs; is_subtree (Node r1 {|(t1,e1)|}) t2\<rbrakk>
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (root t1))\<rbrakk>
+ \<Longrightarrow> sorted cmp'' (ffold (merge_f r xs) [] xs)"
+proof(induction xs)
+ case (insert x xs)
+ interpret Comm: comp_fun_commute "merge_f r (finsert x xs)" by (rule merge_commute)
+ define f where "f = merge_f r (finsert x xs)"
+ define f' where "f' = merge_f r xs"
+ let ?merge = "Sorting_Algorithms.merge cmp'"
+ have 0: "list_dtree (Node r xs)" using list_dtree_subset insert.prems(1) by blast
+ obtain t2 e2 where t2_def[simp]: "x = (t2,e2)" by fastforce
+ have ind1: "sorted cmp'' (dtree_to_list (Node r {|(t2,e2)|}))"
+ using dtree_to_list_sorted_if_no_contr insert.prems(2) by fastforce
+ have "\<And>t2 r1 t1 e1. \<lbrakk>t2 \<in> fst ` fset xs; is_subtree (Node r1 {|(t1, e1)|}) t2\<rbrakk>
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (root t1))"
+ using insert.prems(2) by fastforce
+ then have ind2: "sorted cmp'' (ffold f' [] xs)" using insert.IH[OF 0] f'_def by blast
+ have "(t2, e2) \<in> fset (finsert x xs)" by simp
+ moreover have "(t2, e2) \<notin> fset xs" using insert.hyps notin_fset by fastforce
+ ultimately have xs_val:
+ "(\<forall>(v,e) \<in> set (ffold f' [] xs). set v \<inter> dlverts t2 = {} \<and> v \<noteq> [] \<and> e \<notin> darcs t2 \<union> {e2})"
+ using merge_ffold_empty_inter_preserv'[OF insert.prems(1) empty_list_valid_merge] f'_def
+ by blast
+ have "ffold f [] (finsert x xs) = f x (ffold f [] xs)"
+ using Comm.ffold_finsert[OF insert.hyps] f_def by blast
+ also have "\<dots> = f x (ffold f' [] xs)"
+ using merge_ffold_supset[of xs "finsert x xs" r "[]"] insert.prems(1) f_def f'_def by fastforce
+ finally have "ffold f [] (finsert x xs) = ?merge (dtree_to_list (Node r {|x|})) (ffold f' [] xs)"
+ using xs_val insert.prems f_def by simp
+ then have merge: "ffold f [] (finsert x xs)
+ = ?merge (dtree_to_list (Node r {|(t2,e2)|})) (ffold f'[] xs)"
+ using t2_def by blast
+ then show ?case using sorted_cmp''_merge[OF ind1 ind2] f_def by auto
+qed(simp)
+
+lemma not_single_subtree_if_nwf:
+ "\<not>list_dtree (Node r xs) \<Longrightarrow> \<not>is_subtree (Node r1 {|(t1,e1)|}) (merge (Node r xs))"
+ using merge_empty_if_nwf by simp
+
+lemma not_single_subtree_if_nwf_sucs:
+ "\<not>list_dtree t2 \<Longrightarrow> \<not>is_subtree (Node r1 {|(t1,e1)|}) (merge t2)"
+ using merge_empty_if_nwf_sucs by simp
+
+lemma merge_strict_subtree_nocontr:
+ assumes "\<And>t2 r1 t1 e1. \<lbrakk>t2 \<in> fst ` fset xs; is_subtree (Node r1 {|(t1,e1)|}) t2\<rbrakk>
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (root t1))"
+ and "strict_subtree (Node r1 {|(t1,e1)|}) (merge (Node r xs))"
+ shows "rank (rev r1) \<le> rank (rev (root t1))"
+proof(cases "list_dtree (Node r xs)")
+ case True
+ obtain e as bs where e_def: "as @ (r1, e) # (root t1, e1) # bs = ffold (merge_f r xs) [] xs"
+ using dtree_from_list_uneq_sequence assms(2) unfolding merge_def dtree.sel strict_subtree_def
+ by fast
+ have "sorted cmp'' (ffold (merge_f r xs) [] xs)"
+ using merge_ffold_sorted[OF True assms(1)] by simp
+ then have "sorted cmp'' ((r1, e) # (root t1, e1) # bs)"
+ using e_def sorted_app_r[of cmp'' as "(r1, e) # (root t1, e1) # bs"] by simp
+ then show ?thesis using rank_le_if_sorted_from_list by fastforce
+next
+ case False
+ then show ?thesis using not_single_subtree_if_nwf assms(2) by (simp add: strict_subtree_def)
+qed
+
+lemma merge_strict_subtree_nocontr2:
+ assumes "\<And>r1 t1 e1. is_subtree (Node r1 {|(t1,e1)|}) (Node r xs)
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (root t1))"
+ and "strict_subtree (Node r1 {|(t1,e1)|}) (merge (Node r xs))"
+ shows "rank (rev r1) \<le> rank (rev (root t1))"
+ using merge_strict_subtree_nocontr[OF assms] by fastforce
+
+lemma merge_strict_subtree_nocontr_sucs:
+ assumes "\<And>t2 r1 t1 e1. \<lbrakk>t2 \<in> fst ` fset (sucs t0); is_subtree (Node r1 {|(t1,e1)|}) t2\<rbrakk>
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (root t1))"
+ and "strict_subtree (Node r1 {|(t1,e1)|}) (merge t0)"
+ shows "rank (rev r1) \<le> rank (rev (root t1))"
+ using merge_strict_subtree_nocontr[of "sucs t0" r1 t1 e1 "root t0"] assms by simp
+
+lemma merge_strict_subtree_nocontr_sucs2:
+ assumes "\<And>r1 t1 e1. is_subtree (Node r1 {|(t1,e1)|}) t2 \<Longrightarrow> rank (rev r1) \<le> rank (rev (root t1))"
+ and "strict_subtree (Node r1 {|(t1,e1)|}) (merge t2)"
+ shows "rank (rev r1) \<le> rank (rev (root t1))"
+ using merge_strict_subtree_nocontr2[of "root t2" "sucs t2"] assms by auto
+
+lemma no_contr_imp_parent:
+ "\<lbrakk>is_subtree (Node r1 {|(t1,e1)|}) (Node r xs) \<Longrightarrow> rank (rev r1) \<le> rank (rev (root t1));
+ t2 \<in> fst ` fset xs; is_subtree (Node r1 {|(t1,e1)|}) t2\<rbrakk>
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (root t1))"
+ using subtree_if_child subtree_trans by fast
+
+lemma no_contr_imp_subtree:
+ "\<lbrakk>\<And>t2 r1 t1 e1. \<lbrakk>t2 \<in> fst ` fset xs; is_subtree (Node r1 {|(t1,e1)|}) t2\<rbrakk>
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (root t1));
+ is_subtree (Node r1 {|(t1,e1)|}) (Node r xs); \<forall>x. xs \<noteq> {|x|}\<rbrakk>
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (root t1))"
+ by fastforce
+
+lemma no_contr_imp_subtree_fcard:
+ "\<lbrakk>\<And>t2 r1 t1 e1. \<lbrakk>t2 \<in> fst ` fset xs; is_subtree (Node r1 {|(t1,e1)|}) t2\<rbrakk>
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (root t1));
+ is_subtree (Node r1 {|(t1,e1)|}) (Node r xs); fcard xs \<noteq> 1\<rbrakk>
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (root t1))"
+ using fcard_single_1_iff[of xs] by fastforce
+
+end
+
+subsection \<open>Removing Wedges\<close>
+
+context ranked_dtree
+begin
+
+fun merge1 :: "('a list,'b) dtree \<Rightarrow> ('a list,'b) dtree" where
+ "merge1 (Node r xs) = (
+ if fcard xs > 1 \<and> (\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1) then merge (Node r xs)
+ else Node r ((\<lambda>(t,e). (merge1 t,e)) |`| xs))"
+
+lemma merge1_dverts_eq[simp]: "dverts (merge1 t) = dverts t"
+using ranked_dtree_axioms proof(induction t)
+ case (Node r xs)
+ then interpret R: ranked_dtree "Node r xs" rank by blast
+ show ?case
+ proof(cases "fcard xs > 1 \<and> (\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1)")
+ case True
+ then show ?thesis by simp
+ next
+ case False
+ then show ?thesis using Node.IH R.ranked_dtree_rec by auto
+ qed
+qed
+
+lemma merge1_dlverts_eq[simp]: "dlverts (merge1 t) = dlverts t"
+using ranked_dtree_axioms proof(induction t)
+ case (Node r xs)
+ then interpret R: ranked_dtree "Node r xs" rank by blast
+ show ?case
+ proof(cases "fcard xs > 1 \<and> (\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1)")
+ case True
+ then show ?thesis by simp
+ next
+ case False
+ then show ?thesis using Node.IH R.ranked_dtree_rec by auto
+ qed
+qed
+
+lemma dverts_merge1_img_sub:
+ "\<forall>(t2,e2) \<in> fset xs. dverts (merge1 t2) \<subseteq> dverts t2
+ \<Longrightarrow> dverts (Node r ((\<lambda>(t,e). (merge1 t,e)) |`| xs)) \<subseteq> dverts (Node r xs)"
+ by fastforce
+
+lemma merge1_dverts_sub: "dverts (merge1 t1) \<subseteq> dverts t1"
+proof(induction t1)
+ case (Node r xs)
+ show ?case
+ proof(cases "fcard xs > 1 \<and> (\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1)")
+ case True
+ then show ?thesis using dverts_merge_sub by force
+ next
+ case False
+ then have "\<forall>(t2,e2) \<in> fset xs. dverts (merge1 t2) \<subseteq> dverts t2" using Node by fastforce
+ then show ?thesis using False dverts_merge1_img_sub by auto
+ qed
+qed
+
+lemma disjoint_dlverts_merge1: "disjoint_dlverts ((\<lambda>(t,e). (merge1 t,e)) |`| (sucs t))"
+proof -
+ have "\<forall>(t, e)\<in>fset (sucs t). dlverts (merge1 t) \<subseteq> dlverts t"
+ using ranked_dtree.merge1_dlverts_eq ranked_dtree_rec[of "root t"] by force
+ then show ?thesis using disjoint_dlverts_img[OF disjoint_dlverts_if_wf[OF wf_lverts]] by simp
+qed
+
+lemma root_empty_inter_dlverts_merge1:
+ assumes "(x1,e1) \<in> fset ((\<lambda>(t,e). (merge1 t,e)) |`| (sucs t))"
+ shows "set (root t) \<inter> dlverts x1 = {}"
+proof (rule ccontr)
+ assume asm: "set (root t) \<inter> dlverts x1 \<noteq> {}"
+ obtain x2 where x2_def: "merge1 x2 = x1" "(x2,e1) \<in> fset (sucs t)" using assms by auto
+ then interpret X: ranked_dtree x2 using ranked_dtree_rec dtree.collapse by blast
+ have "set (root t) \<inter> dlverts x2 \<noteq> {}" using X.merge1_dlverts_eq x2_def(1) asm by argo
+ then show False using x2_def(2) wf_lverts wf_dlverts.simps[of "root t" "sucs t"] by auto
+qed
+
+lemma wf_dlverts_merge1: "wf_dlverts (merge1 t)"
+using ranked_dtree_axioms proof(induction t)
+ case (Node r xs)
+ then interpret R: ranked_dtree "Node r xs" rank by blast
+ show ?case
+ proof(cases "fcard xs > 1 \<and> (\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1)")
+ case True
+ then show ?thesis using R.merge_wf_dlverts by simp
+ next
+ case False
+ have "(\<forall>(t,e) \<in> fset ((\<lambda>(t,e). (merge1 t,e)) |`| xs). set r \<inter> dlverts t = {} \<and> wf_dlverts t)"
+ using R.ranked_dtree_rec Node.IH R.root_empty_inter_dlverts_merge1 by fastforce
+ then show ?thesis using R.disjoint_dlverts_merge1 R.wf_lverts False by auto
+ qed
+qed
+
+lemma merge1_darcs_eq[simp]: "darcs (merge1 t) = darcs t"
+using ranked_dtree_axioms proof(induction t)
+ case (Node r xs)
+ then interpret R: ranked_dtree "Node r xs" rank by blast
+ show ?case using Node.IH R.ranked_dtree_rec by auto
+qed
+
+lemma disjoint_darcs_merge1: "disjoint_darcs ((\<lambda>(t,e). (merge1 t,e)) |`| (sucs t))"
+proof -
+ have "\<forall>(t, e)\<in>fset (sucs t). darcs (merge1 t) \<subseteq> darcs t"
+ using ranked_dtree.merge1_darcs_eq ranked_dtree_rec[of "root t"] by force
+ then show ?thesis using disjoint_darcs_img[OF disjoint_darcs_if_wf[OF wf_arcs]] by simp
+qed
+
+lemma wf_darcs_merge1: "wf_darcs (merge1 t)"
+using ranked_dtree_axioms proof(induction t)
+ case (Node r xs)
+ then interpret R: ranked_dtree "Node r xs" rank by blast
+ show ?case
+ proof(cases "fcard xs > 1 \<and> (\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1)")
+ case True
+ then show ?thesis using R.merge_wf_darcs by simp
+ next
+ case False
+ then show ?thesis
+ using R.disjoint_darcs_merge1 R.ranked_dtree_rec Node.IH
+ by (auto simp: wf_darcs_iff_darcs')
+ qed
+qed
+
+theorem ranked_dtree_merge1: "ranked_dtree (merge1 t) cmp"
+ by(unfold_locales) (auto simp: wf_darcs_merge1 wf_dlverts_merge1 dest: cmp_antisym)
+
+lemma distinct_merge1:
+ "\<lbrakk>\<forall>v\<in>dverts t. distinct v; v\<in>dverts (merge1 t)\<rbrakk> \<Longrightarrow> distinct v"
+using ranked_dtree_axioms proof(induction t arbitrary: v rule: merge1.induct)
+ case (1 r xs)
+ then interpret R: ranked_dtree "Node r xs" rank by blast
+ show ?case
+ proof(cases "fcard xs > 1 \<and> (\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1)")
+ case True
+ then show ?thesis using R.distinct_merge[OF "1.prems"(1)] "1.prems"(2) by simp
+ next
+ case ind: False
+ then show ?thesis
+ proof(cases "v = r")
+ case False
+ have "v\<in>dverts (merge1 (Node r xs)) \<longleftrightarrow> v \<in> dverts (Node r ((\<lambda>(t,e). (merge1 t,e)) |`| xs))"
+ using ind by auto
+ then obtain t e where t_def: "(t,e) \<in> fset xs" "v \<in> dverts (merge1 t)"
+ using False "1.prems"(2) by auto
+ then have "\<forall>v\<in>dverts t. distinct v" using "1.prems"(1) by force
+ then show ?thesis using "1.IH"[OF ind] t_def R.ranked_dtree_rec by fast
+ qed(simp add: "1.prems"(1))
+ qed
+qed
+
+lemma merge1_root_eq[simp]: "root (merge1 t1) = root t1"
+ by(induction t1) simp
+
+lemma merge1_hd_root_eq[simp]: "hd (root (merge1 t1)) = hd (root t1)"
+ by simp
+
+lemma merge1_mdeg_le: "max_deg (merge1 t1) \<le> max_deg t1"
+proof(induction t1)
+ case (Node r xs)
+ then show ?case
+ proof(cases "fcard xs > 1 \<and> (\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1)")
+ case True
+ then have "max_deg (merge1 (Node r xs)) \<le> 1" using merge_mdeg_le_1 by simp
+ then show ?thesis using mdeg_ge_fcard[of xs] True by simp
+ next
+ case False
+ have 0: "\<forall>(t,e) \<in> fset xs. max_deg (merge1 t) \<le> max_deg t" using Node by force
+ have "merge1 (Node r xs) = (Node r ((\<lambda>(t, e). (merge1 t, e)) |`| xs))"
+ using False by auto
+ then show ?thesis using mdeg_img_le'[OF 0] by simp
+ qed
+qed
+
+lemma merge1_childdeg_gt1_if_fcard_gt1:
+ "fcard (sucs (merge1 t1)) > 1 \<Longrightarrow> \<exists>t \<in> fst ` fset (sucs t1). max_deg t > 1"
+proof(induction t1)
+ case (Node r xs)
+ have 0: "\<not>(fcard xs > 1 \<and> (\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1))"
+ using merge_fcard_le1[of "Node r xs"] Node.prems(1) by fastforce
+ then have "fcard (sucs (merge1 (Node r xs))) \<le> fcard xs" using fcard_image_le by auto
+ then show ?case using 0 Node.prems(1) by fastforce
+qed
+
+lemma merge1_fcard_le: "fcard (sucs (merge1 (Node r xs))) \<le> fcard xs"
+ using fcard_image_le merge_fcard_le1[of "Node r xs"] by auto
+
+lemma merge1_subtree_if_fcard_gt1:
+ "\<lbrakk>is_subtree (Node r xs) (merge1 t1); fcard xs > 1\<rbrakk>
+ \<Longrightarrow> \<exists>ys. merge1 (Node r ys) = Node r xs \<and> is_subtree (Node r ys) t1 \<and> fcard xs \<le> fcard ys"
+proof(induction t1)
+ case (Node r1 xs1)
+ have 0: "\<not>(fcard xs1 > 1 \<and> (\<forall>t \<in> fst ` fset xs1. max_deg t \<le> 1))"
+ using merge_fcard_le1_sub Node.prems by fastforce
+ then have eq: "merge1 (Node r1 xs1) = Node r1 ((\<lambda>(t,e). (merge1 t,e)) |`| xs1)" by auto
+ show ?case
+ proof(cases "Node r xs = merge1 (Node r1 xs1)")
+ case True
+ moreover have "r = r1" using True eq by auto
+ moreover have "fcard xs \<le> fcard xs1" using merge1_fcard_le True dtree.sel(2)[of r xs] by auto
+ ultimately show ?thesis using self_subtree Node.prems(2) by auto
+ next
+ case False
+ then obtain t2 e2 where "(t2,e2) \<in> fset xs1" "is_subtree (Node r xs) (merge1 t2)"
+ using eq Node.prems(1) by auto
+ then show ?thesis using Node.IH[of "(t2,e2)" t2] Node.prems(2) by fastforce
+ qed
+qed
+
+lemma merge1_childdeg_gt1_if_fcard_gt1_sub:
+ "\<lbrakk>is_subtree (Node r xs) (merge1 t1); fcard xs > 1\<rbrakk>
+ \<Longrightarrow> \<exists>ys. merge1 (Node r ys) = Node r xs \<and> is_subtree (Node r ys) t1
+ \<and> (\<exists>t \<in> fst ` fset ys. max_deg t > 1)"
+ using merge1_subtree_if_fcard_gt1 merge1_childdeg_gt1_if_fcard_gt1 dtree.sel(2) by metis
+
+lemma merge1_img_eq: "\<forall>(t2,e2) \<in> fset xs. merge1 t2 = t2 \<Longrightarrow> ((\<lambda>(t,e). (merge1 t,e)) |`| xs) = xs"
+ using fset_img_eq[of xs "\<lambda>(t,e). (merge1 t,e)"] by force
+
+lemma merge1_wedge_if_uneq:
+ "merge1 t1 \<noteq> t1
+ \<Longrightarrow> \<exists>r xs. is_subtree (Node r xs) t1 \<and> fcard xs > 1 \<and> (\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1)"
+proof(induction t1)
+ case (Node r xs)
+ show ?case
+ proof(cases "fcard xs > 1 \<and> (\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1)")
+ case True
+ then show ?thesis by auto
+ next
+ case False
+ then have "merge1 (Node r xs) = Node r ((\<lambda>(t,e). (merge1 t,e)) |`| xs)" by auto
+ then obtain t2 e2 where "(t2,e2) \<in> fset xs" "merge1 t2 \<noteq> t2"
+ using Node.prems merge1_img_eq[of xs] by auto
+ then show ?thesis using Node.IH[of "(t2,e2)"] by auto
+ qed
+qed
+
+lemma merge1_mdeg_gt1_if_uneq:
+ assumes "merge1 t1 \<noteq> t1"
+ shows "max_deg t1 > 1"
+proof -
+ obtain r xs where r_def: "is_subtree (Node r xs) t1" "1 < fcard xs"
+ using merge1_wedge_if_uneq[OF assms] by fast
+ then show ?thesis using mdeg_ge_fcard[of xs] mdeg_ge_sub by force
+qed
+
+corollary merge1_eq_if_mdeg_le1: "max_deg t1 \<le> 1 \<Longrightarrow> merge1 t1 = t1"
+ using merge1_mdeg_gt1_if_uneq by fastforce
+
+lemma merge1_not_merge_if_fcard_gt1:
+ "\<lbrakk>merge1 (Node r ys) = Node r xs; fcard xs > 1\<rbrakk> \<Longrightarrow> merge (Node r ys) \<noteq> Node r xs"
+ using merge_fcard_le1[of "Node r ys"] by auto
+
+lemma merge1_img_if_not_merge:
+ "merge1 (Node r xs) \<noteq> merge (Node r xs)
+ \<Longrightarrow> merge1 (Node r xs) = Node r ((\<lambda>(t,e). (merge1 t,e)) |`| xs)"
+ by auto
+
+lemma merge1_img_if_fcard_gt1:
+ "\<lbrakk>merge1 (Node r ys) = Node r xs; fcard xs > 1\<rbrakk>
+ \<Longrightarrow> merge1 (Node r ys) = Node r ((\<lambda>(t,e). (merge1 t,e)) |`| ys)"
+ using merge1_img_if_not_merge merge1_not_merge_if_fcard_gt1[of r ys] by simp
+
+lemma merge1_elem_in_img_if_fcard_gt1:
+ "\<lbrakk>merge1 (Node r ys) = Node r xs; fcard xs > 1; (t2,e2) \<in> fset xs\<rbrakk>
+ \<Longrightarrow> \<exists>t1. (t1,e2) \<in> fset ys \<and> merge1 t1 = t2"
+ using merge1_img_if_fcard_gt1 by fastforce
+
+lemma child_mdeg_gt1_if_sub_fcard_gt1:
+ "\<lbrakk>is_subtree (Node r xs) (Node v ys); Node r xs \<noteq> Node v ys; fcard xs > 1\<rbrakk>
+ \<Longrightarrow> \<exists>t1 e2. (t1,e2) \<in> fset ys \<and> max_deg t1 > 1"
+ using mdeg_ge_fcard[of xs] mdeg_ge_sub by force
+
+lemma merge1_subtree_if_mdeg_gt1:
+ "\<lbrakk>is_subtree (Node r xs) (merge1 t1); max_deg (Node r xs) > 1\<rbrakk>
+ \<Longrightarrow> \<exists>ys. merge1 (Node r ys) = Node r xs \<and> is_subtree (Node r ys) t1"
+proof(induction t1)
+ case (Node r1 xs1)
+ then have 0: "\<not>(fcard xs1 > 1 \<and> (\<forall>t \<in> fst ` fset xs1. max_deg t \<le> 1))"
+ using merge_mdeg_le1_sub by fastforce
+ then have eq: "merge1 (Node r1 xs1) = Node r1 ((\<lambda>(t,e). (merge1 t,e)) |`| xs1)" by auto
+ show ?case
+ proof(cases "Node r xs = merge1 (Node r1 xs1)")
+ case True
+ moreover have "r = r1" using True eq by auto
+ moreover have "fcard xs \<le> fcard xs1" using merge1_fcard_le True dtree.sel(2)[of r xs] by auto
+ ultimately show ?thesis using self_subtree Node.prems(2) by auto
+ next
+ case False
+ then obtain t2 e2 where "(t2,e2) \<in> fset xs1" "is_subtree (Node r xs) (merge1 t2)"
+ using eq Node.prems(1) by auto
+ then show ?thesis using Node.IH[of "(t2,e2)" t2] Node.prems(2) by fastforce
+ qed
+qed
+
+lemma merge1_child_in_orig:
+ assumes "merge1 (Node r ys) = Node r xs" and "(t1,e1) \<in> fset xs"
+ shows "\<exists>t2. (t2,e1) \<in> fset ys \<and> root t2 = root t1"
+proof(cases "fcard ys > 1 \<and> (\<forall>t \<in> fst ` fset ys. max_deg t \<le> 1)")
+ case True
+ then show ?thesis using merge_child_in_orig[of t1 e1 "Node r ys"] assms by auto
+next
+ case False
+ then have "merge1 (Node r ys) = Node r ((\<lambda>(t,e). (merge1 t,e)) |`| ys)" by auto
+ then show ?thesis using assms by fastforce
+qed
+
+lemma dverts_if_subtree_merge1:
+ "is_subtree (Node r xs) (merge1 t1) \<Longrightarrow> r \<in> dverts t1"
+ using merge1_dverts_sub dverts_subtree_subset by fastforce
+
+lemma subtree_merge1_orig:
+ "is_subtree (Node r xs) (merge1 t1) \<Longrightarrow> \<exists>ys. is_subtree (Node r ys) t1"
+ using dverts_if_subtree_merge1 subtree_root_if_dverts by fast
+
+lemma merge1_subtree_dlverts_supset:
+ "is_subtree (Node r xs) (merge1 t)
+ \<Longrightarrow> \<exists>ys. is_subtree (Node r ys) t \<and> dlverts (Node r ys) \<subseteq> dlverts (Node r xs)"
+using ranked_dtree_axioms proof(induction t)
+ case (Node r1 xs1)
+ then interpret R: ranked_dtree "Node r1 xs1" by simp
+ show ?case
+ proof(cases "Node r xs = merge1 (Node r1 xs1)")
+ case True
+ then have "dlverts (Node r1 xs1) \<subseteq> dlverts (Node r xs)" using R.merge1_dlverts_eq by simp
+ moreover have "r = r1" using True dtree.sel(1)[of r xs] by auto
+ ultimately show ?thesis by auto
+ next
+ case uneq: False
+ show ?thesis
+ proof(cases "fcard xs1 > 1 \<and> (\<forall>t \<in> fst ` fset xs1. max_deg t \<le> 1)")
+ case True
+ then show ?thesis using R.merge_subtree_dlverts_supset Node.prems by simp
+ next
+ case False
+ then have eq: "merge1 (Node r1 xs1) = Node r1 ((\<lambda>(t,e). (merge1 t,e)) |`| xs1)" by auto
+ then obtain t2 e2 where "(t2,e2) \<in> fset xs1" "is_subtree (Node r xs) (merge1 t2)"
+ using Node.prems(1) uneq by auto
+ then show ?thesis using Node.IH[of "(t2,e2)"] R.ranked_dtree_rec by auto
+ qed
+ qed
+qed
+
+end
+
+subsection \<open>IKKBZ-Sub\<close>
+
+function denormalize :: "('a list, 'b) dtree \<Rightarrow> 'a list" where
+ "denormalize (Node r {|(t,e)|}) = r @ denormalize t"
+| "\<forall>x. xs \<noteq> {|x|} \<Longrightarrow> denormalize (Node r xs) = r"
+ using dtree_to_list.cases by blast+
+termination by lexicographic_order
+
+lemma denormalize_set_eq_dlverts: "max_deg t1 \<le> 1 \<Longrightarrow> set (denormalize t1) = dlverts t1"
+proof(induction t1 rule: denormalize.induct)
+ case (1 r t e)
+ then show ?case using mdeg_ge_child[of t e "{|(t, e)|}"] by force
+next
+ case (2 xs r)
+ then have "max_deg (Node r xs) = 0" using mdeg_1_singleton[of r xs] by fastforce
+ then have "xs = {||}" by (auto intro!: empty_if_mdeg_0)
+ then show ?case using 2 by auto
+qed
+
+lemma denormalize_set_sub_dlverts: "set (denormalize t1) \<subseteq> dlverts t1"
+ by(induction t1 rule: denormalize.induct) auto
+
+lemma denormalize_distinct:
+ "\<lbrakk>\<forall>v \<in> dverts t1. distinct v; wf_dlverts t1\<rbrakk> \<Longrightarrow> distinct (denormalize t1)"
+proof(induction t1 rule: denormalize.induct)
+ case (1 r t e)
+ then have "set r \<inter> set (denormalize t) = {}" using denormalize_set_sub_dlverts by fastforce
+ then show ?case using 1 by auto
+next
+ case (2 xs r)
+ then show ?case by simp
+qed
+
+lemma denormalize_hd_root:
+ assumes "root t \<noteq> []"
+ shows "hd (denormalize t) = hd (root t)"
+proof(cases "\<forall>x. sucs t \<noteq> {|x|}")
+ case True
+ then show ?thesis using denormalize.simps(2)[of "sucs t" "root t"] by simp
+next
+ case False
+ then obtain t1 e where "{|(t1, e)|} = sucs t" by auto
+ then show ?thesis using denormalize.simps(1)[of "root t" t1 e] assms by simp
+qed
+
+lemma denormalize_hd_root_wf: "wf_dlverts t \<Longrightarrow> hd (denormalize t) = hd (root t)"
+ using denormalize_hd_root empty_notin_wf_dlverts dtree.set_sel(1)[of t] by force
+
+lemma denormalize_nempty_if_wf: "wf_dlverts t \<Longrightarrow> denormalize t \<noteq> []"
+ by (induction t rule: denormalize.induct) auto
+
+context ranked_dtree
+begin
+
+lemma fcard_normalize_img_if_disjoint:
+ "disjoint_darcs xs \<Longrightarrow> fcard ((\<lambda>(t,e). (normalize1 t,e)) |`| xs) = fcard xs"
+ using snds_neq_img_card_eq[of xs] by fast
+
+lemma fcard_merge1_img_if_disjoint:
+ "disjoint_darcs xs \<Longrightarrow> fcard ((\<lambda>(t,e). (merge1 t,e)) |`| xs) = fcard xs"
+ using snds_neq_img_card_eq[of xs] by fast
+
+lemma fsts_uneq_if_disjoint_lverts_nempty:
+ "\<lbrakk>disjoint_dlverts xs; \<forall>(t, e)\<in>fset xs. dlverts t \<noteq> {}\<rbrakk>
+ \<Longrightarrow> \<forall>(t, e)\<in>fset xs. \<forall>(t2, e2)\<in>fset xs. t \<noteq> t2 \<or> (t, e) = (t2, e2)"
+ by fast
+
+lemma normalize1_dlverts_nempty:
+ "\<forall>(t, e)\<in>fset xs. dlverts t \<noteq> {}
+ \<Longrightarrow> \<forall>(t, e)\<in>fset ((\<lambda>(t, e). (normalize1 t, e)) |`| xs). dlverts t \<noteq> {}"
+ by auto
+
+lemma normalize1_fsts_uneq:
+ assumes "disjoint_dlverts xs" and "\<forall>(t, e)\<in>fset xs. dlverts t \<noteq> {}"
+ shows "\<forall>(t, e)\<in>fset xs. \<forall>(t2, e2)\<in>fset xs. normalize1 t \<noteq> normalize1 t2 \<or> (t,e) = (t2,e2)"
+ by (smt (verit) assms Int_absorb case_prodD case_prodI2 normalize1_dlverts_eq)
+
+lemma fcard_normalize_img_if_disjoint_lverts:
+ "\<lbrakk>disjoint_dlverts xs; \<forall>(t, e)\<in>fset xs. dlverts t \<noteq> {}\<rbrakk>
+ \<Longrightarrow> fcard ((\<lambda>(t,e). (normalize1 t,e)) |`| xs) = fcard xs"
+ using fst_neq_img_card_eq[of xs normalize1] normalize1_fsts_uneq by auto
+
+lemma fcard_normalize_img_if_wf_dlverts:
+ "wf_dlverts (Node r xs) \<Longrightarrow> fcard ((\<lambda>(t,e). (normalize1 t,e)) |`| xs) = fcard xs"
+ using dlverts_nempty_if_wf fcard_normalize_img_if_disjoint_lverts[of xs] by force
+
+lemma fcard_normalize_img_if_wf_dlverts_sucs:
+ "wf_dlverts t1 \<Longrightarrow> fcard ((\<lambda>(t,e). (normalize1 t,e)) |`| (sucs t1)) = fcard (sucs t1)"
+ using fcard_normalize_img_if_wf_dlverts[of "root t1" "sucs t1"] by simp
+
+lemma singleton_normalize1:
+ assumes "disjoint_darcs xs" and "\<forall>x. xs \<noteq> {|x|}"
+ shows "\<forall>x. (\<lambda>(t,e). (normalize1 t,e)) |`| xs \<noteq> {|x|}"
+proof (rule ccontr)
+ assume "\<not>(\<forall>x. (\<lambda>(t,e). (normalize1 t,e)) |`| xs \<noteq> {|x|})"
+ then obtain x where "(\<lambda>(t,e). (normalize1 t,e)) |`| xs = {|x|}" by blast
+ then have "fcard ((\<lambda>(t,e). (normalize1 t,e)) |`| xs) = 1" using fcard_single_1 by force
+ then have "fcard xs = 1" using fcard_normalize_img_if_disjoint[OF assms(1)] by simp
+ then have "\<exists>x. xs = {|x|}" using fcard_single_1_iff by fast
+ then show False using assms(2) by simp
+qed
+
+lemma num_leaves_normalize1_eq[simp]: "wf_darcs t1 \<Longrightarrow> num_leaves (normalize1 t1) = num_leaves t1"
+proof(induction t1)
+ case (Node r xs)
+ then show ?case
+ proof(cases "\<forall>x. xs \<noteq> {|x|}")
+ case True
+ have "fcard ((\<lambda>(t,e). (normalize1 t,e)) |`| xs) = fcard xs"
+ using fcard_normalize_img_if_disjoint Node.prems
+ by (auto simp: wf_darcs_iff_darcs')
+ moreover have "\<forall>t\<in>fst ` fset xs. num_leaves (normalize1 t) = num_leaves t"
+ using Node by fastforce
+ ultimately show ?thesis using Node sum_img_eq[of xs] True by force
+ next
+ case False
+ then obtain t e where t_def: "xs = {|(t,e)|}" by auto
+ show ?thesis
+ proof(cases "rank (rev (root t)) < rank (rev r)")
+ case True
+ then show ?thesis
+ using t_def num_leaves_singleton num_leaves_root[of "root t" "sucs t"] by simp
+ next
+ case False
+ then show ?thesis
+ using num_leaves_singleton t_def Node by (simp add: wf_darcs_iff_darcs')
+ qed
+ qed
+qed
+
+lemma num_leaves_normalize_eq[simp]: "wf_darcs t1 \<Longrightarrow> num_leaves (normalize t1) = num_leaves t1"
+proof(induction t1 rule: normalize.induct)
+ case (1 t)
+ then have "num_leaves (normalize1 t) = num_leaves t" using num_leaves_normalize1_eq by blast
+ then show ?case using 1 wf_darcs_normalize1 by (smt (verit, best) normalize.simps)
+qed
+
+lemma num_leaves_normalize1_le: "num_leaves (normalize1 t1) \<le> num_leaves t1"
+proof(induction t1)
+ case (Node r xs)
+ then show ?case
+ proof(cases "\<forall>x. xs \<noteq> {|x|}")
+ case True
+ have fcard_le: "fcard ((\<lambda>(t,e). (normalize1 t,e)) |`| xs) \<le> fcard xs"
+ by (simp add: fcard_image_le)
+ moreover have xs_le: "\<forall>t\<in>fst ` fset xs. num_leaves (normalize1 t) \<le> num_leaves t"
+ using Node by fastforce
+ ultimately show ?thesis using Node sum_img_le[of xs] xs_le \<open>\<forall>x. xs \<noteq> {|x|}\<close> by simp
+ next
+ case False
+ then obtain t e where t_def: "xs = {|(t,e)|}" by auto
+ show ?thesis
+ proof(cases "rank (rev (root t)) < rank (rev r)")
+ case True
+ then show ?thesis
+ using t_def num_leaves_singleton num_leaves_root[of "root t" "sucs t"] by simp
+ next
+ case False
+ then show ?thesis using num_leaves_singleton t_def Node by simp
+ qed
+ qed
+qed
+
+lemma num_leaves_normalize_le: "num_leaves (normalize t1) \<le> num_leaves t1"
+proof(induction t1 rule: normalize.induct)
+ case (1 t)
+ then have "num_leaves (normalize1 t) \<le> num_leaves t" using num_leaves_normalize1_le by blast
+ then show ?case using 1 by (smt (verit) le_trans normalize.simps)
+qed
+
+lemma num_leaves_merge1_le: "num_leaves (merge1 t1) \<le> num_leaves t1"
+proof(induction t1)
+ case (Node r xs)
+ then show ?case
+ proof(cases "fcard xs > 1 \<and> (\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1)")
+ case True
+ then have "merge1 (Node r xs) = merge (Node r xs)" by simp
+ then have "num_leaves (merge1 (Node r xs)) = 1"
+ unfolding merge_def using dtree_from_list_1_leaf by fastforce
+ also have "\<dots> < fcard xs" using True by blast
+ also have "\<dots> \<le> num_leaves (Node r xs)" using num_leaves_ge_card by fast
+ finally show ?thesis by simp
+ next
+ case False
+ have "\<forall>t \<in> fst ` fset xs. num_leaves (merge1 t) \<le> num_leaves t" using Node by force
+ then show ?thesis using sum_img_le False by auto
+ qed
+qed
+
+lemma num_leaves_merge1_lt: "max_deg t1 > 1 \<Longrightarrow> num_leaves (merge1 t1) < num_leaves t1"
+proof(induction t1)
+ case (Node r xs)
+ show ?case
+ proof(cases "fcard xs > 1 \<and> (\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1)")
+ case True
+ then have "merge1 (Node r xs) = merge (Node r xs)" by simp
+ then have "num_leaves (merge1 (Node r xs)) = 1"
+ unfolding merge_def using dtree_from_list_1_leaf by fastforce
+ also have "\<dots> < fcard xs" using True by blast
+ finally show ?thesis using num_leaves_ge_card less_le_trans by fast
+ next
+ case False
+ have 0: "xs \<noteq> {||}" using Node.prems by (metis nempty_if_mdeg_n0 not_one_less_zero)
+ have 1: "\<forall>t \<in> fst ` fset xs. num_leaves (merge1 t) \<le> num_leaves t"
+ using num_leaves_merge1_le by blast
+ have "\<exists>t \<in> fst ` fset xs. max_deg t > 1" using Node.prems False mdeg_child_if_wedge by auto
+ then have 2: "\<exists>t \<in> fst ` fset xs. num_leaves (merge1 t) < num_leaves t" using Node.IH by force
+ have 3: "\<forall>t\<in>fst ` fset xs. 0 < num_leaves t"
+ using num_leaves_ge1 by (metis neq0_conv not_one_le_zero)
+ from False have "merge1 (Node r xs) = Node r ((\<lambda>(t,e). (merge1 t,e)) |`| xs)" by auto
+ then have "num_leaves (merge1 (Node r xs))
+ = (\<Sum>(t,e)\<in> fset ((\<lambda>(t,e). (merge1 t,e)) |`| xs). num_leaves t)" using 0 by auto
+ then show ?thesis using 0 sum_img_lt[OF 1 2 3] by simp
+ qed
+qed
+
+lemma ikkbz_num_leaves_decr:
+ "max_deg t1 > 1 \<Longrightarrow> num_leaves (merge1 (normalize t1)) < num_leaves t1"
+ using num_leaves_merge1_lt num_leaves_normalize_le num_leaves_1_if_mdeg_1 num_leaves_ge1
+ by (metis antisym_conv2 dual_order.antisym dual_order.trans not_le_imp_less num_leaves_merge1_le)
+
+function ikkbz_sub :: "('a list,'b) dtree \<Rightarrow> ('a list,'b) dtree" where
+ "ikkbz_sub t1 = (if max_deg t1 \<le> 1 then t1 else ikkbz_sub (merge1 (normalize t1)))"
+ by auto
+termination using ikkbz_num_leaves_decr by(relation "measure (\<lambda>t. num_leaves t)") auto
+
+lemma ikkbz_sub_darcs_sub: "darcs (ikkbz_sub t) \<subseteq> darcs t"
+using ranked_dtree_axioms proof(induction t rule: ikkbz_sub.induct)
+ case (1 t)
+ show ?case
+ proof(cases "max_deg t \<le> 1")
+ case False
+ have "darcs (merge1 (normalize t)) = darcs (normalize t)"
+ using ranked_dtree.merge1_darcs_eq ranked_dtree.ranked_dtree_normalize "1.prems" by blast
+ moreover have "ranked_dtree (merge1 (normalize t)) cmp"
+ using ranked_dtree.ranked_dtree_normalize "1.prems" ranked_dtree.ranked_dtree_merge1 by blast
+ moreover have "\<not> (max_deg t \<le> 1 \<or> \<not> list_dtree t)" using False ranked_dtree_def "1.prems" by blast
+ ultimately show ?thesis using "1.IH" normalize_darcs_sub by force
+ qed(simp)
+qed
+
+lemma ikkbz_sub_dlverts_eq[simp]: "dlverts (ikkbz_sub t) = dlverts t"
+using ranked_dtree_axioms proof(induction t rule: ikkbz_sub.induct)
+ case (1 t)
+ show ?case
+ proof(cases "max_deg t \<le> 1")
+ case True
+ then show ?thesis by simp
+ next
+ case False
+ then show ?thesis
+ using 1 ranked_dtree.merge1_dlverts_eq[of "normalize t"] normalize_dlverts_eq
+ ranked_dtree.ranked_dtree_normalize ranked_dtree.ranked_dtree_merge1 ikkbz_sub.elims by metis
+ qed
+qed
+
+lemma ikkbz_sub_wf_darcs: "wf_darcs (ikkbz_sub t)"
+using ranked_dtree_axioms proof(induction t rule: ikkbz_sub.induct)
+ case (1 t)
+ then show ?case
+ proof(cases "max_deg t \<le> 1")
+ case True
+ then show ?thesis using "1.prems" list_dtree_def ranked_dtree_def by auto
+ next
+ case False
+ then show ?thesis
+ using 1 ranked_dtree.ranked_dtree_normalize ranked_dtree.ranked_dtree_merge1
+ by (metis ikkbz_sub.simps)
+ qed
+qed
+
+lemma ikkbz_sub_wf_dlverts: "wf_dlverts (ikkbz_sub t)"
+using ranked_dtree_axioms proof(induction t rule: ikkbz_sub.induct)
+ case (1 t)
+ then show ?case
+ proof(cases "max_deg t \<le> 1")
+ case True
+ then show ?thesis using "1.prems" list_dtree_def ranked_dtree_def by auto
+ next
+ case False
+ then show ?thesis
+ using 1 ranked_dtree.ranked_dtree_normalize ranked_dtree.ranked_dtree_merge1
+ by (metis ikkbz_sub.simps)
+ qed
+qed
+
+theorem ikkbz_sub_list_dtree: "list_dtree (ikkbz_sub t)"
+ using ikkbz_sub_wf_darcs ikkbz_sub_wf_dlverts list_dtree_def by blast
+
+corollary ikkbz_sub_ranked_dtree: "ranked_dtree (ikkbz_sub t) cmp"
+ using ikkbz_sub_list_dtree ranked_dtree_def ranked_dtree_axioms by blast
+
+lemma ikkbz_sub_mdeg_le1: "max_deg (ikkbz_sub t1) \<le> 1"
+ by (induction t1 rule: ikkbz_sub.induct) simp
+
+corollary denormalize_ikkbz_eq_dlverts: "set (denormalize (ikkbz_sub t)) = dlverts t"
+ using denormalize_set_eq_dlverts ikkbz_sub_mdeg_le1 ikkbz_sub_dlverts_eq by blast
+
+lemma distinct_ikkbz_sub: "\<lbrakk>\<forall>v\<in>dverts t. distinct v; v\<in>dverts (ikkbz_sub t)\<rbrakk> \<Longrightarrow> distinct v"
+using list_dtree_axioms proof(induction t arbitrary: v rule: ikkbz_sub.induct)
+ case (1 t)
+ then interpret T1: ranked_dtree t rank cmp
+ using ranked_dtree_axioms by (simp add: ranked_dtree_def)
+ show ?case
+ using 1 T1.ranked_dtree_normalize T1.distinct_normalize ranked_dtree.merge1_dverts_eq
+ ranked_dtree.wf_dlverts_merge1 ranked_dtree.wf_darcs_merge1
+ by (metis ikkbz_sub.elims list_dtree_def)
+qed
+
+corollary distinct_denormalize_ikkbz_sub:
+ "\<forall>v\<in>dverts t. distinct v \<Longrightarrow> distinct (denormalize (ikkbz_sub t))"
+ using distinct_ikkbz_sub ikkbz_sub_wf_dlverts denormalize_distinct by blast
+
+lemma ikkbz_sub_hd_root[simp]: "hd (root (ikkbz_sub t)) = hd (root t)"
+using list_dtree_axioms proof(induction t rule: ikkbz_sub.induct)
+ case (1 t)
+ then interpret T1: ranked_dtree t rank cmp
+ using ranked_dtree_axioms by (simp add: ranked_dtree_def)
+ show ?case
+ using 1 merge1_hd_root_eq ranked_dtree.axioms(1) ranked_dtree.ranked_dtree_merge1
+ by (metis T1.ranked_dtree_normalize T1.wf_lverts ikkbz_sub.simps normalize_hd_root_eq')
+qed
+
+corollary denormalize_ikkbz_sub_hd_root[simp]: "hd (denormalize (ikkbz_sub t)) = hd (root t)"
+ using ikkbz_sub_hd_root denormalize_hd_root
+ by (metis dtree.set_sel(1) empty_notin_wf_dlverts ikkbz_sub_wf_dlverts)
+
+end
+
+locale precedence_graph = finite_directed_tree +
+ fixes rank :: "'a list \<Rightarrow> real"
+ fixes cost :: "'a list \<Rightarrow> real"
+ fixes cmp :: "('a list\<times>'b) comparator"
+ assumes asi_rank: "asi rank root cost"
+ and cmp_antisym:
+ "\<lbrakk>v1 \<noteq> []; v2 \<noteq> []; compare cmp (v1,e1) (v2,e2) = Equiv\<rbrakk> \<Longrightarrow> set v1 \<inter> set v2 \<noteq> {} \<or> e1=e2"
+begin
+
+definition to_list_dtree :: "('a list, 'b) dtree" where
+ "to_list_dtree = finite_directed_tree.to_dtree to_list_tree [root]"
+
+lemma to_list_dtree_single: "v \<in> dverts to_list_dtree \<Longrightarrow> \<exists>x. v = [x] \<and> x \<in> verts T"
+ unfolding to_list_dtree_def using to_list_tree_single
+ by (simp add: finite_directed_tree.dverts_eq_verts to_list_tree_finite_directed_tree)
+
+lemma to_list_dtree_wf_dverts: "wf_dverts to_list_dtree"
+ using finite_directed_tree.wf_dverts_to_dtree[OF to_list_tree_finite_directed_tree]
+ by(simp add: to_list_dtree_def)
+
+lemma to_list_dtree_wf_dlverts: "wf_dlverts to_list_dtree"
+ unfolding to_list_dtree_def
+ by (simp add: to_list_tree_fin_list_directed_tree fin_list_directed_tree.wf_dlverts_to_dtree)
+
+lemma to_list_dtree_wf_darcs: "wf_darcs to_list_dtree"
+ using finite_directed_tree.wf_darcs_to_dtree[OF to_list_tree_finite_directed_tree]
+ by(simp add: to_list_dtree_def)
+
+lemma to_list_dtree_list_dtree: "list_dtree to_list_dtree"
+ by(simp add: list_dtree_def to_list_dtree_wf_dlverts to_list_dtree_wf_darcs)
+
+lemma to_list_dtree_ranked_dtree: "ranked_dtree to_list_dtree cmp"
+ by(auto simp: ranked_dtree_def to_list_dtree_list_dtree ranked_dtree_axioms_def dest: cmp_antisym)
+
+interpretation t: ranked_dtree to_list_dtree by (rule to_list_dtree_ranked_dtree)
+
+definition ikkbz_sub :: "'a list" where
+ "ikkbz_sub = denormalize (t.ikkbz_sub to_list_dtree)"
+
+lemma dverts_eq_verts_to_list_tree: "dverts to_list_dtree = pre_digraph.verts to_list_tree"
+ unfolding to_list_dtree_def
+ by (simp add: finite_directed_tree.dverts_eq_verts to_list_tree_finite_directed_tree)
+
+lemma dverts_eq_verts_img: "dverts to_list_dtree = (\<lambda>x. [x]) ` verts T"
+ by (simp add: dverts_eq_verts_to_list_tree to_list_tree_def)
+
+lemma dlverts_eq_verts: "dlverts to_list_dtree = verts T"
+ by (simp add: dverts_eq_verts_img dlverts_eq_dverts_union)
+
+theorem ikkbz_set_eq_verts: "set ikkbz_sub = verts T"
+ using dlverts_eq_verts ikkbz_sub_def t.denormalize_ikkbz_eq_dlverts by simp
+
+lemma distinct_to_list_tree: "\<forall>v\<in>verts to_list_tree. distinct v"
+ unfolding to_list_tree_def by simp
+
+lemma distinct_to_list_dtree: "\<forall>v\<in>dverts to_list_dtree. distinct v"
+ using distinct_to_list_tree dverts_eq_verts_to_list_tree by blast
+
+theorem distinct_ikkbz_sub: "distinct ikkbz_sub"
+ unfolding ikkbz_sub_def
+ using distinct_to_list_dtree t.distinct_denormalize_ikkbz_sub by blast
+
+lemma to_list_dtree_root_eq_root: "Dtree.root (to_list_dtree) = [root]"
+ unfolding to_list_dtree_def
+ by (simp add: finite_directed_tree.to_dtree_root_eq_root to_list_tree_finite_directed_tree)
+
+lemma to_list_dtree_hd_root_eq_root[simp]: "hd (Dtree.root to_list_dtree) = root"
+ by (simp add: to_list_dtree_root_eq_root)
+
+theorem ikkbz_sub_hd_eq_root[simp]: "hd ikkbz_sub = root"
+ unfolding ikkbz_sub_def using t.denormalize_ikkbz_sub_hd_root to_list_dtree_root_eq_root by simp
+
+end
+
+subsection \<open>Full IKKBZ\<close>
+
+locale tree_query_graph = undir_tree_todir G + query_graph G for G
+
+locale cmp_tree_query_graph = tree_query_graph +
+ fixes cmp :: "('a list\<times>'b) comparator"
+ assumes cmp_antisym:
+ "\<lbrakk>v1 \<noteq> []; v2 \<noteq> []; compare cmp (v1,e1) (v2,e2) = Equiv\<rbrakk> \<Longrightarrow> set v1 \<inter> set v2 \<noteq> {} \<or> e1=e2"
+
+locale ikkbz_query_graph = cmp_tree_query_graph +
+ fixes cost :: "'a joinTree \<Rightarrow> real"
+ fixes cost_r :: "'a \<Rightarrow> ('a list \<Rightarrow> real)"
+ fixes rank_r :: "'a \<Rightarrow> ('a list \<Rightarrow> real)"
+ assumes asi_rank: "r \<in> verts G \<Longrightarrow> asi (rank_r r) r (cost_r r)"
+ and cost_correct:
+ "\<lbrakk>valid_tree t; no_cross_products t; left_deep t\<rbrakk>
+ \<Longrightarrow> cost_r (first_node t) (revorder t) = cost t"
+begin
+
+abbreviation ikkbz_sub :: "'a \<Rightarrow> 'a list" where
+ "ikkbz_sub r \<equiv> precedence_graph.ikkbz_sub (dir_tree_r r) r (rank_r r) cmp"
+
+abbreviation cost_l :: "'a list \<Rightarrow> real" where
+ "cost_l xs \<equiv> cost (create_ldeep xs)"
+
+lemma precedence_graph_r:
+ "r \<in> verts G \<Longrightarrow> precedence_graph (dir_tree_r r) r (rank_r r) (cost_r r) cmp"
+ using fin_directed_tree_r cmp_antisym
+ by (simp add: precedence_graph_def precedence_graph_axioms_def asi_rank)
+
+lemma nempty_if_set_eq_verts: "set xs = verts G \<Longrightarrow> xs \<noteq> []"
+ using verts_nempty by force
+
+lemma revorder_if_set_eq_verts: "set xs = verts G \<Longrightarrow> revorder (create_ldeep xs) = rev xs"
+ using nempty_if_set_eq_verts create_ldeep_order unfolding revorder_eq_rev_inorder by blast
+
+lemma cost_correct':
+ "\<lbrakk>set xs = verts G; distinct xs; no_cross_products (create_ldeep xs)\<rbrakk>
+ \<Longrightarrow> cost_r (hd xs) (rev xs) = cost_l xs"
+ using cost_correct[of "create_ldeep xs"] revorder_if_set_eq_verts create_ldeep_ldeep[of xs]
+ unfolding valid_tree_def distinct_relations_def
+ by (simp add: create_ldeep_order create_ldeep_relations first_node_eq_hd nempty_if_set_eq_verts)
+
+lemma ikkbz_sub_verts_eq: "r \<in> verts G \<Longrightarrow> set (ikkbz_sub r) = verts G"
+ using precedence_graph.ikkbz_set_eq_verts precedence_graph_r verts_dir_tree_r_eq by fast
+
+lemma ikkbz_sub_distinct: "r \<in> verts G \<Longrightarrow> distinct (ikkbz_sub r)"
+ using precedence_graph.distinct_ikkbz_sub precedence_graph_r by fast
+
+lemma ikkbz_sub_hd_eq_root: "r \<in> verts G \<Longrightarrow> hd (ikkbz_sub r) = r"
+ using precedence_graph.ikkbz_sub_hd_eq_root precedence_graph_r by fast
+
+definition ikkbz :: "'a list" where
+ "ikkbz \<equiv> arg_min_on cost_l {ikkbz_sub r|r. r \<in> verts G}"
+
+lemma ikkbz_sub_set_fin: "finite {ikkbz_sub r|r. r \<in> verts G}"
+ by simp
+
+lemma ikkbz_sub_set_nempty: "{ikkbz_sub r|r. r \<in> verts G} \<noteq> {}"
+ by (simp add: verts_nempty)
+
+lemma ikkbz_in_ikkbz_sub_set: "ikkbz \<in> {ikkbz_sub r|r. r \<in> verts G}"
+ unfolding ikkbz_def using ikkbz_sub_set_fin ikkbz_sub_set_nempty arg_min_if_finite by blast
+
+lemma ikkbz_eq_ikkbz_sub: "\<exists>r \<in> verts G. ikkbz = ikkbz_sub r"
+ using ikkbz_in_ikkbz_sub_set by blast
+
+lemma ikkbz_min_ikkbz_sub: "r \<in> verts G \<Longrightarrow> cost_l ikkbz \<le> cost_l (ikkbz_sub r)"
+ unfolding ikkbz_def using ikkbz_sub_set_fin arg_min_least by fast
+
+lemma ikkbz_distinct: "distinct ikkbz"
+ using ikkbz_eq_ikkbz_sub ikkbz_sub_distinct by fastforce
+
+lemma ikkbz_set_eq_verts: "set ikkbz = verts G"
+ using ikkbz_eq_ikkbz_sub ikkbz_sub_verts_eq by force
+
+lemma ikkbz_nempty: "ikkbz \<noteq> []"
+ using ikkbz_set_eq_verts verts_nempty by fastforce
+
+lemma ikkbz_hd_in_verts: "hd ikkbz \<in> verts G"
+ using ikkbz_nempty ikkbz_set_eq_verts by fastforce
+
+lemma inorder_ikkbz: "inorder (create_ldeep ikkbz) = ikkbz"
+ using create_ldeep_order ikkbz_nempty by blast
+
+lemma inorder_ikkbz_distinct: "distinct (inorder (create_ldeep ikkbz))"
+ using ikkbz_distinct inorder_ikkbz by simp
+
+lemma inorder_relations_eq_verts: "relations (create_ldeep ikkbz) = verts G"
+ using ikkbz_set_eq_verts create_ldeep_relations ikkbz_nempty by blast
+
+theorem ikkbz_valid_tree: "valid_tree (create_ldeep ikkbz)"
+ unfolding valid_tree_def distinct_relations_def
+ using inorder_ikkbz_distinct inorder_relations_eq_verts by blast
+
+end
+
+(* non commutative merging based on inserting (INCOMPLETE) *)
+
+locale old = list_dtree t for t :: "('a list,'b) dtree" +
+ fixes rank :: "'a list \<Rightarrow> real"
+begin
+
+function find_pos_aux :: "'a list \<Rightarrow> 'a list \<Rightarrow> ('a list,'b) dtree \<Rightarrow> ('a list \<times> 'a list)" where
+ "find_pos_aux v p (Node r {|(t1,_)|}) =
+ (if rank (rev v) \<le> rank (rev r) then (p,r) else find_pos_aux v r t1)"
+| "\<forall>x. xs \<noteq> {|x|} \<Longrightarrow> find_pos_aux v p (Node r xs) =
+ (if rank (rev v) \<le> rank (rev r) then (p,r) else (r,r))"
+ by (metis combine.cases old.prod.exhaust) auto
+termination by lexicographic_order
+
+function find_pos :: "'a list \<Rightarrow> ('a list,'b) dtree \<Rightarrow> ('a list \<times> 'a list)" where
+ "find_pos v (Node r {|(t1,_)|}) = find_pos_aux v r t1"
+| "\<forall>x. xs \<noteq> {|x|} \<Longrightarrow> find_pos v (Node r xs) = (r,r)"
+ by (metis dtree.exhaust surj_pair) auto
+termination by lexicographic_order
+
+abbreviation insert_chain :: "('a list\<times>'b) list \<Rightarrow> ('a list,'b) dtree \<Rightarrow> ('a list,'b) dtree" where
+ "insert_chain xs t1 \<equiv>
+ foldr (\<lambda>(v,e) t2. case find_pos v t2 of (x,y) \<Rightarrow> insert_between v e x y t2) xs t1"
+
+fun merge :: "('a list,'b) dtree \<Rightarrow> ('a list,'b) dtree" where
+ "merge (Node r xs) = ffold (\<lambda>(t,e) b. case b of Node r xs \<Rightarrow>
+ if xs = {||} then Node r {|(t,e)|} else insert_chain (dtree_to_list t) b)
+ (Node r {||}) xs"
+
+lemma ffold_if_False_eq_acc:
+ "\<lbrakk>\<forall>a. \<not>P a; comp_fun_commute (\<lambda>a b. if \<not>P a then b else Q a b)\<rbrakk>
+ \<Longrightarrow> ffold (\<lambda>a b. if \<not>P a then b else Q a b) acc xs = acc"
+proof(induction xs)
+ case (insert x xs)
+ let ?f = "\<lambda>a b. if \<not>P a then b else Q a b"
+ have "ffold ?f acc (finsert x xs) = ?f x (ffold ?f acc xs)"
+ using insert.hyps by (simp add: comp_fun_commute.ffold_finsert insert.prems(2))
+ then have "ffold ?f acc (finsert x xs) = ffold ?f acc xs" using insert.prems by simp
+ then show ?case using insert.IH insert.prems by simp
+qed(simp add: comp_fun_commute.ffold_empty)
+
+lemma find_pos_rank_less: "rank (rev v) \<le> rank (rev r) \<Longrightarrow> find_pos_aux v p (Node r xs) = (p,r)"
+ by(cases "\<exists>x. xs = {|x|}") auto
+
+lemma find_pos_y_in_dverts: "(x,y) = find_pos_aux v p t1 \<Longrightarrow> y \<in> dverts t1"
+proof(induction t1 arbitrary: p)
+ case (Node r xs)
+ then show ?case
+ proof(cases "rank (rev v) \<le> rank (rev r)")
+ case True
+ then show ?thesis using Node.prems by(cases "\<exists>x. xs = {|x|}") auto
+ next
+ case False
+ then show ?thesis using Node by(cases "\<exists>x. xs = {|x|}") fastforce+
+ qed
+qed
+
+lemma find_pos_x_in_dverts: "(x,y) = find_pos_aux v p t1 \<Longrightarrow> x \<in> dverts t1 \<or> p=x"
+proof(induction t1 arbitrary: p)
+ case (Node r xs)
+ then show ?case
+ proof(cases "rank (rev v) \<le> rank (rev r)")
+ case True
+ then show ?thesis using Node.prems by(cases "\<exists>x. xs = {|x|}") auto
+ next
+ case False
+ then show ?thesis using Node by(cases "\<exists>x. xs = {|x|}") fastforce+
+ qed
+qed
+
+end
+
+end
\ No newline at end of file
diff --git a/thys/Query_Optimization/IKKBZ_Examples.thy b/thys/Query_Optimization/IKKBZ_Examples.thy
new file mode 100644
--- /dev/null
+++ b/thys/Query_Optimization/IKKBZ_Examples.thy
@@ -0,0 +1,632 @@
+(* Author: Bernhard Stöckl *)
+
+theory IKKBZ_Examples
+ imports IKKBZ_Optimality
+begin
+
+section \<open>Examples of Applying IKKBZ\<close>
+
+subsection \<open>Computing Contributing Selectivity without Lists\<close>
+
+context directed_tree
+begin
+
+definition contr_sel :: "'a selectivity \<Rightarrow> 'a \<Rightarrow> real" where
+ "contr_sel sel y = (if \<exists>x. x \<rightarrow>\<^bsub>T\<^esub> y then sel (THE x. x \<rightarrow>\<^bsub>T\<^esub> y) y else 1)"
+
+definition tree_sel :: "'a selectivity \<Rightarrow> bool" where
+ "tree_sel sel = (\<forall>x y. \<not>(x \<rightarrow>\<^bsub>T\<^esub> y \<or> y \<rightarrow>\<^bsub>T\<^esub> x) \<longrightarrow> sel x y = 1)"
+
+lemma contr_sel_gt0: "sel_reasonable sf \<Longrightarrow> contr_sel sf x > 0"
+ unfolding contr_sel_def sel_reasonable_def by simp
+
+lemma contr_sel_le1: "sel_reasonable sf \<Longrightarrow> contr_sel sf x \<le> 1"
+ unfolding contr_sel_def sel_reasonable_def by simp
+
+lemma nempty_if_not_fwd_conc: "\<not>forward_arcs (y#xs) \<Longrightarrow> xs \<noteq> []"
+ by auto
+
+lemma len_gt1_if_not_fwd_conc: "\<not>forward_arcs (y#xs) \<Longrightarrow> length (y#xs) > 1"
+ by auto
+
+lemma two_elems_if_not_fwd_conc: "\<not>forward_arcs (y#xs) \<Longrightarrow> \<exists>a b cs. a # b # cs = y#xs"
+ by (metis forward_arcs.cases forward_arcs.simps(2))
+
+lemma hd_reach_all_if_nfwd_app_fwd:
+ "\<lbrakk>\<not>forward_arcs (y#xs); forward_arcs (y#ys@xs); x \<in> set (y#ys@xs)\<rbrakk>
+ \<Longrightarrow> hd (rev (y#ys@xs)) \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x"
+ using hd_reach_all_forward'[of "rev (y#ys@xs)"] len_gt1_if_not_fwd_conc forward_arcs_alt by auto
+
+lemma hd_not_y_if_if_nfwd_app_fwd:
+ assumes "\<not>forward_arcs (y#xs)" and "forward_arcs (y#ys@xs)"
+ shows "hd (rev (y#ys@xs)) \<noteq> y"
+proof -
+ obtain a where a_def: "a \<in> set (ys@xs)" "a \<rightarrow>\<^bsub>T\<^esub> y"
+ by (metis assms Nil_is_append_conv forward_arcs.simps(3) neq_Nil_conv)
+ then have "hd (rev (y#ys@xs)) \<rightarrow>\<^sup>*\<^bsub>T\<^esub> a" using hd_reach_all_if_nfwd_app_fwd[OF assms] by simp
+ then show ?thesis
+ using a_def(2) reachable1_not_reverse
+ by (metis loopfree.adj_not_same reachable_adjI reachable_neq_reachable1)
+qed
+
+lemma hd_reach1_y_if_nfwd_app_fwd:
+ "\<lbrakk>\<not>forward_arcs (y#xs); forward_arcs (y#ys@xs)\<rbrakk> \<Longrightarrow> hd (rev (y#ys@xs)) \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+ using hd_not_y_if_if_nfwd_app_fwd hd_reach_all_if_nfwd_app_fwd by auto
+
+lemma not_fwd_if_skip1:
+ "\<lbrakk>\<not> forward_arcs (y#x#x'#xs); forward_arcs (x#x'#xs)\<rbrakk> \<Longrightarrow> \<not> forward_arcs (y#x'#xs)"
+ by auto
+
+lemma fwd_arcs_conc_nlast_elem:
+ assumes "forward_arcs xs" and "y \<in> set xs" and "y \<noteq> last xs"
+ shows "forward_arcs (y#xs)"
+proof -
+ obtain as bs where as_def: "as @ y # bs = xs" "bs \<noteq> []"
+ using split_list_not_last[OF assms(2,3)] by blast
+ then have "forward_arcs (y#bs)" using assms(1) forward_arcs_split by blast
+ then obtain x where x_def: "x \<in> set bs" "x \<rightarrow>\<^bsub>T\<^esub> y"
+ using as_def(2) by (force intro: list.exhaust)
+ then have "x \<in> set xs" using as_def(1) by auto
+ then show ?thesis using assms(1) x_def(2) forward_arcs.elims(3) by blast
+qed
+
+lemma fwd_app_nhead_elem: "\<lbrakk>forward xs; y \<in> set xs; y \<noteq> hd xs\<rbrakk> \<Longrightarrow> forward (xs@[y])"
+ using fwd_arcs_conc_nlast_elem forward_arcs_alt by (simp add: last_rev)
+
+lemma hd_last_not_fwd_arcs: "\<not>forward_arcs (x#xs@[x])"
+proof
+ assume asm: "forward_arcs (x#xs@[x])"
+ then obtain y where y_def: "y \<in> set (xs@[x])" "y \<rightarrow>\<^bsub>T\<^esub> x"
+ by (metis append_is_Nil_conv forward_arcs.simps(3) no_back_arcs.cases)
+ then have hd_in_verts: "hd (rev (xs @ [x])) \<in> verts T" by auto
+ have "forward_arcs (xs@[x])" using asm forward_arcs_split[of "[x]" "xs@[x]"] by simp
+ then have "x \<rightarrow>\<^sup>*\<^bsub>T\<^esub> y" using hd_reach_all_forward[OF hd_in_verts] y_def forward_arcs_alt by simp
+ then show False using y_def(2) reachable1_not_reverse by auto
+qed
+
+lemma hd_not_fwd_arcs: "\<not>forward_arcs (ys@x#xs@[x])"
+ using hd_last_not_fwd_arcs forward_arcs_split by blast
+
+lemma hd_last_not_fwd: "\<not>forward (x#xs@[x])"
+ using hd_last_not_fwd_arcs forward_arcs_alt by simp
+
+lemma hd_not_fwd: "\<not>forward (x#xs@[x]@ys)"
+ using hd_not_fwd_arcs forward_arcs_alt by simp
+
+lemma y_not_dom_if_nfwd_app_fwd:
+ "\<lbrakk>\<not>forward_arcs (y#xs); forward_arcs (y#ys@xs); x \<in> set xs\<rbrakk> \<Longrightarrow> \<not> x \<rightarrow>\<^bsub>T\<^esub> y"
+ using forward_arcs_split[of "y#ys" xs] two_elems_if_not_fwd_conc by force
+
+lemma not_y_dom_if_nfwd_app_fwd:
+ "\<lbrakk>\<not>forward_arcs (y#xs); forward_arcs (y#ys@xs); x \<in> set xs\<rbrakk> \<Longrightarrow> \<not> y \<rightarrow>\<^bsub>T\<^esub> x"
+ by (smt (verit, ccfv_threshold) append_is_Nil_conv forward_arcs_alt' forward_arcs_split
+ forward_cons fwd_app_nhead_elem hd_append hd_reach1_y_if_nfwd_app_fwd
+ hd_reachable1_from_outside' list.distinct(1) reachable1_not_reverse reachable_adjI
+ reachable_neq_reachable1 rev.simps(2) rev_append set_rev split_list)
+
+lemma list_sel_aux'1_if_tree_sel_nfwd:
+ "\<lbrakk>tree_sel sel; \<not>forward_arcs (y#xs); forward_arcs (y#ys@xs)\<rbrakk>
+ \<Longrightarrow> list_sel_aux' sel xs y = 1"
+proof(induction xs arbitrary: ys rule: forward_arcs.induct)
+ case (2 x)
+ then show ?case using not_y_dom_if_nfwd_app_fwd[OF 2(2,3)] by (auto simp: tree_sel_def)
+next
+ case (3 x x' xs)
+ then have "forward_arcs (x # x' # xs)"
+ using forward_arcs_split[of "y#ys" "x#x'#xs"] by simp
+ then have "\<not> forward_arcs (y # x' # xs)" using not_fwd_if_skip1 "3.prems"(2) by blast
+ moreover have "forward_arcs (y # (ys@[x]) @ x' # xs)" using 3 by simp
+ ultimately have "list_sel_aux' sel (x' # xs) y = 1" using "3.IH"[OF "3.prems"(1)] by blast
+ then show ?case
+ using "3.prems"(1) y_not_dom_if_nfwd_app_fwd[OF "3.prems"(2,3)]
+ not_y_dom_if_nfwd_app_fwd[OF "3.prems"(2,3)]
+ by (simp add: tree_sel_def)
+qed(simp)
+
+lemma contr_sel_eq_list_sel_aux'_if_tree_sel:
+ "\<lbrakk>tree_sel sel; distinct (y#xs); forward_arcs (y#xs); xs \<noteq> []\<rbrakk>
+ \<Longrightarrow> contr_sel sel y = list_sel_aux' sel xs y"
+proof(induction xs rule: forward_arcs.induct)
+ case (2 x)
+ then have "x \<rightarrow>\<^bsub>T\<^esub> y" by simp
+ then have "(THE x. x \<rightarrow>\<^bsub>T\<^esub> y) = x" using two_in_arcs_contr by blast
+ then show ?case using \<open>x \<rightarrow>\<^bsub>T\<^esub> y\<close> unfolding contr_sel_def by auto
+next
+ case (3 x x' xs)
+ then show ?case
+ proof(cases "x \<rightarrow>\<^bsub>T\<^esub> y")
+ case True
+ then have "(THE x. x \<rightarrow>\<^bsub>T\<^esub> y) = x" using two_in_arcs_contr by blast
+ then have contr_sel: "contr_sel sel y = sel x y" using True unfolding contr_sel_def by auto
+ have "\<not>forward_arcs (y#x'#xs)" using True "3.prems"(2) two_in_arcs_contr by auto
+ then have "list_sel_aux' sel (x'#xs) y = 1"
+ using list_sel_aux'1_if_tree_sel_nfwd[of sel y "x'#xs" "[x]"] "3.prems"(1,3) by auto
+ then show ?thesis using contr_sel by simp
+ next
+ case False
+ have "\<not>y \<rightarrow>\<^bsub>T\<^esub> x"
+ using "3.prems"(2,3) forward_arcs_alt' no_back_arc_if_fwd_dstct
+ by (metis distinct_rev list.set_intros(1) rev.simps(2) set_rev)
+ then have "sel x y = 1" using "3.prems"(1) False unfolding tree_sel_def by blast
+ then show ?thesis using 3 False by simp
+ qed
+qed(simp)
+
+corollary contr_sel_eq_list_sel_aux'_if_tree_sel':
+ "\<lbrakk>tree_sel sel; distinct (xs@[y]); forward (xs@[y]); xs \<noteq> []\<rbrakk>
+ \<Longrightarrow> contr_sel sel y = list_sel_aux' sel (rev xs) y"
+ by (simp add: contr_sel_eq_list_sel_aux'_if_tree_sel forward_arcs_alt)
+
+corollary contr_sel_eq_list_sel_aux'_if_tree_sel'':
+ "\<lbrakk>tree_sel sel; distinct (xs@[y]); forward (xs@[y]); xs \<noteq> []\<rbrakk>
+ \<Longrightarrow> contr_sel sel y = list_sel_aux' sel xs y"
+ by (simp add: contr_sel_eq_list_sel_aux'_if_tree_sel' mset_x_eq_list_sel_aux'_eq[of "rev xs"])
+
+lemma contr_sel_root[simp]: "contr_sel sel root = 1"
+ by (auto simp: contr_sel_def dest: dominated_not_root)
+
+lemma contr_sel_notvert[simp]: "v \<notin> verts T \<Longrightarrow> contr_sel sel v = 1"
+ by (auto simp: contr_sel_def)
+
+lemma hd_reach_all_forward_verts:
+ "\<lbrakk>forward xs; set xs = verts T; v \<in> verts T\<rbrakk> \<Longrightarrow> hd xs \<rightarrow>\<^sup>*\<^bsub>T\<^esub> v"
+ using hd_reach_all_forward list.set_sel(1)[of xs] by force
+
+lemma hd_eq_root_if_forward_verts: "\<lbrakk>forward xs; set xs = verts T\<rbrakk> \<Longrightarrow> hd xs = root"
+ using hd_reach_all_forward_verts root_if_all_reach by simp
+
+lemma contr_sel_eq_ldeep_s_if_tree_dst_fwd_verts:
+ assumes "tree_sel sel" and "distinct xs" and "forward xs" and "set xs = verts T"
+ shows "contr_sel sel y = ldeep_s sel (rev xs) y"
+proof -
+ have hd_root: "hd xs = root" using hd_eq_root_if_forward_verts assms(3,4) by blast
+ consider "y \<in> set xs" "y = root" | "y \<in> set xs" "y \<noteq> root" | "y \<notin> set xs" by blast
+ then show ?thesis
+ proof(cases)
+ case 1
+ then show ?thesis using hd_root ldeep_s_revhd1_if_distinct assms(2) by auto
+ next
+ case 2
+ then obtain as bs where as_def: "as @ y # bs = xs" using split_list[of y] by fastforce
+ then have "forward (as@[y])" using assms(3) forward_split[of "as@[y]"] by auto
+ moreover have "distinct (as@[y])" using assms(2) as_def by auto
+ moreover have "as \<noteq> []" using 2 hd_root as_def by fastforce
+ ultimately have "contr_sel sel y = list_sel_aux' sel (rev as) y"
+ using contr_sel_eq_list_sel_aux'_if_tree_sel'[OF assms(1)] by blast
+ then show ?thesis using as_def distinct_ldeep_s_eq_aux'[of "rev xs"] assms(2) by auto
+ next
+ case 3
+ then have "contr_sel sel y = 1" using assms(4) by simp
+ then show ?thesis using 3 ldeep_s_1_if_nelem set_rev by fastforce
+ qed
+qed
+
+corollary contr_sel_eq_ldeep_s_if_tree_dst_fwd_verts':
+ "\<lbrakk>tree_sel sel; distinct xs; forward xs; set xs = verts T\<rbrakk>
+ \<Longrightarrow> contr_sel sel = ldeep_s sel (rev xs)"
+ using contr_sel_eq_ldeep_s_if_tree_dst_fwd_verts by blast
+
+lemma add_leaf_forward_arcs_preserv:
+ "\<lbrakk>a \<notin> arcs T; u \<in> verts T; v \<notin> verts T; forward_arcs xs\<rbrakk>
+ \<Longrightarrow> directed_tree.forward_arcs \<lparr>verts = verts T \<union> {v}, arcs = arcs T \<union> {a},
+ tail = (tail T)(a := u), head = (head T)(a := v)\<rparr> xs"
+proof(induction xs rule: forward_arcs.induct)
+ case 1
+ then show ?case using directed_tree.forward_arcs.simps(1) add_leaf_dir_tree by fast
+next
+ case (2 x)
+ then show ?case using directed_tree.forward_arcs.simps(2) add_leaf_dir_tree by fast
+next
+ case (3 x y xs)
+ let ?T = "\<lparr>verts = verts T \<union> {v}, arcs = arcs T \<union> {a},
+ tail = (tail T)(a := u), head = (head T)(a := v)\<rparr>"
+ interpret T: directed_tree ?T root using add_leaf_dir_tree[OF "3.prems"(1-3)] by blast
+ have "T.forward_arcs (y # xs)" using 3 by fastforce
+ then show ?case
+ using T.forward_arcs.simps(3)[of x y xs] add_leaf_dom_preserv "3.prems"(1,4) by fastforce
+qed
+
+end
+
+subsection \<open>Contributing Selectivity Satisfies ASI Property\<close>
+
+context finite_directed_tree
+begin
+
+lemma dst_fwd_arcs_all_verts_ex: "\<exists>xs. forward_arcs xs \<and> distinct xs \<and> set xs = verts T"
+using finite_verts proof(induction rule: finite_directed_tree_induct)
+ case (single_vert t h root)
+ then show ?case using directed_tree.forward_arcs.simps(2)[OF dir_tree_single] by fastforce
+next
+ case (add_leaf T' V A t h u root a v)
+ define T where "T \<equiv> \<lparr>verts = V \<union> {v}, arcs = A \<union> {a}, tail = t(a := u), head = h(a := v)\<rparr>"
+ interpret T': directed_tree T' root using add_leaf.hyps(3) by blast
+ interpret T: directed_tree T root using add_leaf.hyps(1,4-6) T'.add_leaf_dir_tree T_def by simp
+ obtain xs where xs_def: "T'.forward_arcs xs" "distinct xs" "set xs = verts T'"
+ using add_leaf.IH by blast
+ then have "T.forward_arcs xs"
+ using T'.add_leaf_forward_arcs_preserv add_leaf.hyps(1,4,5,6) T_def by simp
+ moreover have "\<exists>y\<in>set xs. y \<rightarrow>\<^bsub>T\<^esub> v"
+ using add_leaf.hyps(1,4) T_def xs_def(3) unfolding arcs_ends_def arc_to_ends_def by force
+ ultimately have "T.forward_arcs (v#xs)" using T.forward_arcs.elims(3) by blast
+ then show ?case using xs_def(2,3) add_leaf.hyps(1,5) T_def by auto
+qed
+
+lemma dst_fwd_all_verts_ex: "\<exists>xs. forward xs \<and> distinct xs \<and> set xs = verts T"
+ using dst_fwd_arcs_all_verts_ex forward_arcs_alt'[symmetric] by auto
+
+lemma c_list_asi_if_tree_sel:
+ fixes sf cf h r
+ defines "rank \<equiv> (\<lambda>l. (ldeep_T (contr_sel sf) cf l - 1) / c_list (contr_sel sf) cf h r l)"
+ assumes "tree_sel sf"
+ and "sel_reasonable sf"
+ and "\<forall>x. cf x > 0"
+ and "\<forall>x. h x > 0"
+ shows "asi rank r (c_list (contr_sel sf) cf h r)"
+ using c_list_asi assms contr_sel_eq_ldeep_s_if_tree_dst_fwd_verts' dst_fwd_all_verts_ex
+ by fastforce
+
+end
+
+context tree_query_graph
+begin
+
+abbreviation sel_r :: "'a \<Rightarrow> 'a \<Rightarrow> real" where
+ "sel_r r \<equiv> directed_tree.contr_sel (dir_tree_r r) match_sel"
+
+text \<open>
+ Since cf is only required to be positive for verts of G, we map all others to 1.
+\<close>
+
+definition cf' :: "'a \<Rightarrow> real" where
+ "cf' x = (if x \<in> verts G then cf x else 1)"
+
+definition c_list_r :: "('a \<Rightarrow> real) \<Rightarrow> 'a \<Rightarrow> 'a list \<Rightarrow> real" where
+ "c_list_r h r = c_list (sel_r r) cf' h r"
+
+definition rank_r :: "('a \<Rightarrow> real) \<Rightarrow> 'a \<Rightarrow> 'a list \<Rightarrow> real" where
+ "rank_r h r xs = (ldeep_T (sel_r r) cf' xs - 1) / c_list_r h r xs"
+
+lemma dom_in_dir_tree_r:
+ assumes "r \<in> verts G" and "x \<rightarrow>\<^bsub>G\<^esub> y"
+ shows "x \<rightarrow>\<^bsub>dir_tree_r r\<^esub> y \<or> y \<rightarrow>\<^bsub>dir_tree_r r\<^esub> x"
+proof -
+ obtain e1 where e1_def: "e1 \<in> arcs G" "tail G e1 = x" "head G e1 = y"
+ using assms(2) unfolding arcs_ends_def arc_to_ends_def by blast
+ then show ?thesis
+ proof(cases "e1 \<in> arcs (dir_tree_r r)")
+ case True
+ moreover have "tail (dir_tree_r r) e1 = x"
+ using e1_def(2) tail_dir_tree_r_eq[OF assms(1)] by blast
+ moreover have "head (dir_tree_r r) e1 = y"
+ using e1_def(3) head_dir_tree_r_eq[OF assms(1)] by blast
+ ultimately show ?thesis using e1_def(1) unfolding arcs_ends_def arc_to_ends_def by blast
+ next
+ case False
+ then obtain e2 where e2_def: "e2 \<in> arcs (dir_tree_r r)" "tail G e2 = y" "head G e2 = x"
+ using arcs_compl_un_eq_arcs[OF assms(1)] e1_def by force
+ have "tail (dir_tree_r r) e2 = y"
+ using e2_def(2) tail_dir_tree_r_eq[OF assms(1)] by blast
+ moreover have "head (dir_tree_r r) e2 = x"
+ using e2_def(3) head_dir_tree_r_eq[OF assms(1)] by blast
+ ultimately show ?thesis using e2_def(1) unfolding arcs_ends_def arc_to_ends_def by blast
+ qed
+qed
+
+lemma dom_in_dir_tree_r_iff_aux:
+ "r \<in> verts G \<Longrightarrow> (x \<rightarrow>\<^bsub>dir_tree_r r\<^esub> y \<or> y \<rightarrow>\<^bsub>dir_tree_r r\<^esub> x) \<longleftrightarrow> (x \<rightarrow>\<^bsub>G\<^esub> y \<or> y \<rightarrow>\<^bsub>G\<^esub> x)"
+ using dir_tree_r_dom_in_G dom_in_dir_tree_r by blast
+
+lemma dom_in_dir_tree_r_iff:
+ "r \<in> verts G \<Longrightarrow> (x \<rightarrow>\<^bsub>dir_tree_r r\<^esub> y \<or> y \<rightarrow>\<^bsub>dir_tree_r r\<^esub> x) \<longleftrightarrow> x \<rightarrow>\<^bsub>G\<^esub> y"
+ using dom_in_dir_tree_r_iff_aux dominates_sym by blast
+
+lemma dir_tree_sel[intro]: "r \<in> verts G \<Longrightarrow> directed_tree.tree_sel (dir_tree_r r) match_sel"
+ unfolding directed_tree.tree_sel_def[OF directed_tree_r]
+ using match_sel1_if_no_arc dom_in_dir_tree_r_iff by blast
+
+lemma pos_cards'[intro!]: "\<forall>x. cf' x > 0"
+ unfolding cf'_def using pos_cards by simp
+
+theorem c_list_asi: "\<lbrakk>r \<in> verts G; \<forall>x. h x > 0\<rbrakk> \<Longrightarrow> asi (rank_r h r) r (c_list_r h r)"
+ using finite_directed_tree.c_list_asi_if_tree_sel[OF fin_directed_tree_r]
+ unfolding c_list_r_def rank_r_def by blast
+
+subsection \<open>Applying IKKBZ\<close>
+
+lemma cf'_simp: "x \<in> verts G \<Longrightarrow> cf' x = cf x"
+ unfolding cf'_def by simp
+
+lemma ldeep_T_cf'_eq: "set xs \<subseteq> verts G \<Longrightarrow> ldeep_T sf cf' xs = ldeep_T sf cf xs"
+ using ldeep_T_eq_if_cf_eq[of xs] cf'_simp by blast
+
+lemma clist_cf'_eq: "set xs \<subseteq> verts G \<Longrightarrow> c_list sf cf' h r xs = c_list sf cf h r xs"
+ by (simp add: clist_eq_if_cf_eq ldeep_T_cf'_eq)
+
+lemma card_cf'_eq: "matching_rels t \<Longrightarrow> card cf' f t = card cf f t"
+ by (induction cf' f t rule: card.induct) (auto simp: matching_rels_def cf'_simp)
+
+lemma c_IKKBZ_cf'_eq: "matching_rels t \<Longrightarrow> c_IKKBZ h cf' sf t = c_IKKBZ h cf sf t"
+ by (induction h cf' sf t rule: c_IKKBZ.induct) (auto simp: card_cf'_eq cf'_simp matching_rels_def)
+
+lemma c_IKKBZ_cf'_eq': "valid_tree t \<Longrightarrow> c_IKKBZ h cf' sf t = c_IKKBZ h cf sf t"
+ by (simp add: c_IKKBZ_cf'_eq matching_rels_def valid_tree_def)
+
+lemma c_out_cf'_eq: "matching_rels t \<Longrightarrow> c_out cf' sf t = c_out cf sf t"
+ by (induction cf' sf t rule: c_out.induct) (auto simp: card_cf'_eq cf'_simp matching_rels_def)
+
+lemma c_out_cf'_eq': "valid_tree t \<Longrightarrow> c_out cf' sf t = c_out cf sf t"
+ by (simp add: c_out_cf'_eq matching_rels_def valid_tree_def)
+
+lemma joinTree_card'_pos[intro]: "pos_rel_cards cf' t"
+ by (induction t) (auto simp: pos_cards' pos_rel_cards_def)
+
+lemma match_reasonable_cards'[intro]: "reasonable_cards cf' match_sel t"
+ using pos_sel_reason_impl_reason by blast
+
+lemma sel_r_gt0: "r \<in> verts G \<Longrightarrow> sel_r r x > 0"
+ using directed_tree.contr_sel_gt0[OF directed_tree_r] by blast
+
+lemma sel_r_le1: "r \<in> verts G \<Longrightarrow> sel_r r x \<le> 1"
+ using directed_tree.contr_sel_le1[OF directed_tree_r] by blast
+
+lemma sel_r_eq_ldeep_s_if_dst_fwd_verts:
+ "\<lbrakk>r \<in> verts G; distinct xs; directed_tree.forward (dir_tree_r r) xs; set xs = verts G\<rbrakk>
+ \<Longrightarrow> sel_r r = ldeep_s match_sel (rev xs)"
+ using directed_tree.contr_sel_eq_ldeep_s_if_tree_dst_fwd_verts'[OF directed_tree_r]
+ verts_dir_tree_r_eq
+ by blast
+
+lemma sel_r_eq_ldeep_s_if_valid_fwd:
+ "\<lbrakk>r \<in> verts G; valid_tree t; directed_tree.forward (dir_tree_r r) (inorder t)\<rbrakk>
+ \<Longrightarrow> sel_r r = ldeep_s match_sel (revorder t)"
+ unfolding valid_tree_def distinct_relations_def inorder_eq_set[symmetric] revorder_eq_rev_inorder
+ using sel_r_eq_ldeep_s_if_dst_fwd_verts by blast
+
+lemma sel_r_eq_ldeep_s_if_valid_no_cross:
+ "\<lbrakk>valid_tree t; no_cross_products t; left_deep t\<rbrakk>
+ \<Longrightarrow> sel_r (first_node t) = ldeep_s match_sel (revorder t)"
+ using sel_r_eq_ldeep_s_if_valid_fwd forward_if_ldeep_no_cross'
+ valid_tree_def first_node_in_verts_if_valid
+ by blast
+
+lemma c_list_ldeep_s_eq_c_list_r_if_valid_no_cross:
+ "\<lbrakk>valid_tree t; no_cross_products t; left_deep t\<rbrakk>
+ \<Longrightarrow> c_list (ldeep_s match_sel (revorder t)) cf' h (first_node t) xs
+ = c_list_r h (first_node t) xs"
+ using sel_r_eq_ldeep_s_if_valid_no_cross c_list_r_def by simp
+
+lemma c_IKKBZ_list_correct_if_simple_h:
+ assumes "valid_tree t" and "no_cross_products t" and "left_deep t"
+ shows "c_list_r (\<lambda>x. h x (cf' x)) (first_node t) (revorder t) = c_IKKBZ h cf match_sel t"
+proof -
+ have "(\<lambda>t. c_IKKBZ h cf' match_sel t) t
+ = c_list (ldeep_s match_sel (revorder t)) cf' (\<lambda>x. h x (cf' x)) (first_node t) (revorder t)"
+ using c_IKKBZ_eq_c_list assms(1,3) valid_tree_def by fast
+ then show ?thesis
+ using c_list_ldeep_s_eq_c_list_r_if_valid_no_cross assms by (simp add: c_IKKBZ_cf'_eq')
+qed
+
+end
+
+subsubsection \<open>Applying IKKBZ on Simple Cost Functions\<close>
+
+text \<open>
+ For simple cost functions like @{term c_nlj} and @{term c_hj} that do not depend on the
+ contributing selectivies as @{term c_out} does, the h function does not change. Therefore, we can
+ apply it directly using @{term c_IKKBZ} and @{term c_list}.
+\<close>
+
+context cmp_tree_query_graph
+begin
+
+context
+ fixes h :: "'a \<Rightarrow> real \<Rightarrow> real"
+ assumes h_pos: "\<forall>x. h x (cf' x) > 0"
+begin
+
+theorem ikkbz_query_graph_if_simple_h:
+ defines "cost \<equiv> c_IKKBZ h cf match_sel"
+ defines "h' \<equiv> (\<lambda>x. h x (cf' x))"
+ shows "ikkbz_query_graph bfs sel cf G cmp cost (c_list_r h') (rank_r h')"
+ unfolding ikkbz_query_graph_def ikkbz_query_graph_axioms_def assms
+ by (auto simp: cmp_tree_query_graph_axioms c_list_asi c_IKKBZ_list_correct_if_simple_h h_pos)
+
+interpretation ikkbz_query_graph bfs sel cf G cmp
+ "c_IKKBZ h cf match_sel" "c_list_r (\<lambda>x. h x (cf' x))" "rank_r (\<lambda>x. h x (cf' x))"
+ by (fact ikkbz_query_graph_if_simple_h)
+
+corollary ikkbz_simple_h_nempty: "ikkbz \<noteq> []"
+ by (rule ikkbz_nempty)
+
+corollary ikkbz_simple_h_valid_tree: "valid_tree (create_ldeep ikkbz)"
+ by (rule ikkbz_valid_tree)
+
+corollary ikkbz_simple_h_no_cross:
+ "no_cross_products (create_ldeep ikkbz)"
+ by (rule ikkbz_no_cross)
+
+theorem ikkbz_simple_h_optimal:
+ "\<lbrakk>valid_tree t; no_cross_products t; left_deep t\<rbrakk>
+ \<Longrightarrow> c_IKKBZ h cf match_sel (create_ldeep ikkbz) \<le> c_IKKBZ h cf match_sel t"
+ by (rule ikkbz_optimal_tree)
+
+abbreviation ikkbz_simple_h :: "'a list" where
+ "ikkbz_simple_h \<equiv> ikkbz"
+end
+
+text \<open>
+ We can now apply these results directly to valid cost functions like @{term c_nlj} and
+ @{term c_hj}.
+\<close>
+
+lemma id_cf'_gt0: "\<forall>x. id (cf' x) > 0"
+ by auto
+
+corollary ikkbz_nempty_nlj: "ikkbz_simple_h (\<lambda>_. id) \<noteq> []"
+ using ikkbz_simple_h_nempty[of "\<lambda>_. id", OF id_cf'_gt0] by blast
+
+corollary ikkbz_valid_tree_nlj: "valid_tree (create_ldeep (ikkbz_simple_h (\<lambda>_. id)))"
+ using ikkbz_simple_h_valid_tree[of "\<lambda>_. id", OF id_cf'_gt0] by blast
+
+corollary ikkbz_no_cross_nlj: "no_cross_products (create_ldeep (ikkbz_simple_h (\<lambda>_. id)))"
+ using ikkbz_simple_h_no_cross[of "\<lambda>_. id", OF id_cf'_gt0] by blast
+
+corollary ikkbz_optimal_nlj:
+ "\<lbrakk>valid_tree t; no_cross_products t; left_deep t\<rbrakk>
+ \<Longrightarrow> c_nlj cf match_sel (create_ldeep (ikkbz_simple_h (\<lambda>_. id))) \<le> c_nlj cf match_sel t"
+ using ikkbz_simple_h_optimal[of "\<lambda>_. id", OF id_cf'_gt0] ikkbz_nempty_nlj
+ by (fastforce simp: c_nlj_IKKBZ create_ldeep_ldeep)
+
+corollary ikkbz_nempty_hj: "ikkbz_simple_h (\<lambda>_ _. 1.2) \<noteq> []"
+ using ikkbz_simple_h_nempty by force
+
+corollary ikkbz_valid_tree_hj: "valid_tree (create_ldeep (ikkbz_simple_h (\<lambda>_ _. 1.2)))"
+ using ikkbz_simple_h_valid_tree by force
+
+corollary ikkbz_no_cross_hj: "no_cross_products (create_ldeep (ikkbz_simple_h (\<lambda>_ _. 1.2)))"
+ using ikkbz_simple_h_no_cross by force
+
+corollary ikkbz_optimal_hj:
+ "\<lbrakk>valid_tree t; no_cross_products t; left_deep t\<rbrakk>
+ \<Longrightarrow> c_hj cf match_sel (create_ldeep (ikkbz_simple_h (\<lambda>_ _. 1.2))) \<le> c_hj cf match_sel t"
+ using ikkbz_simple_h_optimal[of "\<lambda>_ _. 1.2"] ikkbz_nempty_hj
+ by (fastforce simp: c_hj_IKKBZ create_ldeep_ldeep)
+
+end
+
+subsubsection \<open>Applying IKKBZ on C\_out\<close>
+
+text \<open>
+ Since @{term c_out} uses the contributing selectivity as part of its h, we can not use the general
+ approach we used for the "simple" cost functions. Instead, we show the applicability directly.
+\<close>
+
+context tree_query_graph
+begin
+
+definition c_out_list_r :: "'a \<Rightarrow> 'a list \<Rightarrow> real" where
+ "c_out_list_r r = c_list_r (\<lambda>a. sel_r r a * cf' a) r"
+
+definition c_out_rank_r :: "'a \<Rightarrow> 'a list \<Rightarrow> real" where
+ "c_out_rank_r r = rank_r (\<lambda>a. sel_r r a * cf' a) r"
+
+lemma c_out_eq_c_list_cf':
+ fixes t
+ defines "xs \<equiv> revorder t"
+ defines "h \<equiv> (\<lambda>a. ldeep_s match_sel xs a * cf' a)"
+ assumes "distinct_relations t" and "left_deep t"
+ shows "c_list (ldeep_s match_sel xs) cf' h (first_node t) xs = c_out cf' match_sel t"
+ using c_out_eq_c_list assms by blast
+
+lemma c_out_list_correct_cf':
+ fixes t
+ defines "h \<equiv> (\<lambda>a. sel_r (first_node t) a * cf' a)"
+ assumes "valid_tree t" and "no_cross_products t" and "left_deep t"
+ shows "c_list_r h (first_node t) (revorder t) = c_out cf' match_sel t"
+ using c_out_eq_c_list_cf' assms sel_r_eq_ldeep_s_if_valid_no_cross
+ by (fastforce simp: valid_tree_def c_list_ldeep_s_eq_c_list_r_if_valid_no_cross)
+
+lemma c_out_list_correct_cf:
+ fixes t
+ defines "h \<equiv> (\<lambda>a. sel_r (first_node t) a * cf' a)"
+ assumes "valid_tree t" and "no_cross_products t" and "left_deep t"
+ shows "c_list_r h (first_node t) (revorder t) = c_out cf match_sel t"
+ using c_out_list_correct_cf' c_out_cf'_eq' assms by simp
+
+lemma c_out_list_correct:
+ "\<lbrakk>valid_tree t; no_cross_products t; left_deep t\<rbrakk>
+ \<Longrightarrow> c_out_list_r (first_node t) (revorder t) = c_out cf match_sel t"
+ using c_out_list_correct_cf c_out_list_r_def by simp
+
+lemma c_out_h_gt0: "r \<in> verts G \<Longrightarrow> (\<lambda>a. sel_r r a * cf' a) x > 0"
+ using sel_r_gt0 by (simp add: pos_cards')
+
+lemma c_out_r_asi: "r \<in> verts G \<Longrightarrow> asi (c_out_rank_r r) r (c_out_list_r r)"
+ using c_out_h_gt0 by (simp add: c_list_asi c_out_list_r_def c_out_rank_r_def)
+
+end
+
+context cmp_tree_query_graph
+begin
+
+theorem ikkbz_query_graph_c_out:
+ "ikkbz_query_graph bfs sel cf G cmp (c_out cf match_sel) c_out_list_r c_out_rank_r"
+ unfolding ikkbz_query_graph_def ikkbz_query_graph_axioms_def
+ by (auto simp: cmp_tree_query_graph_axioms c_out_r_asi c_out_list_correct)
+
+interpretation QG\<^sub>o\<^sub>u\<^sub>t:
+ ikkbz_query_graph bfs sel cf G cmp "c_out cf match_sel" c_out_list_r c_out_rank_r
+ by (rule ikkbz_query_graph_c_out)
+
+corollary ikkbz_nempty_cout: "QG\<^sub>o\<^sub>u\<^sub>t.ikkbz \<noteq> []"
+ using QG\<^sub>o\<^sub>u\<^sub>t.ikkbz_nempty .
+
+corollary ikkbz_valid_tree_cout: "valid_tree (create_ldeep QG\<^sub>o\<^sub>u\<^sub>t.ikkbz)"
+ using QG\<^sub>o\<^sub>u\<^sub>t.ikkbz_valid_tree .
+
+corollary ikkbz_no_cross_cout: "no_cross_products (create_ldeep QG\<^sub>o\<^sub>u\<^sub>t.ikkbz)"
+ using QG\<^sub>o\<^sub>u\<^sub>t.ikkbz_no_cross .
+
+corollary ikkbz_optimal_cout:
+ "\<lbrakk>valid_tree t; no_cross_products t; left_deep t\<rbrakk>
+ \<Longrightarrow> c_out cf match_sel (create_ldeep QG\<^sub>o\<^sub>u\<^sub>t.ikkbz) \<le> c_out cf match_sel t"
+ using QG\<^sub>o\<^sub>u\<^sub>t.ikkbz_optimal_tree .
+
+end
+
+subsection \<open>Instantiating Comparators with Linorders\<close>
+
+(* possible cmp definition based on 'a::linorder *)
+locale alin_tree_query_graph = tree_query_graph bfs sel cf G
+ for bfs sel and cf :: "'a :: linorder \<Rightarrow> real" and G
+begin
+
+lift_definition cmp :: "('a list\<times>'b) comparator" is
+ "(\<lambda>x y. if hd (fst x) < hd (fst y) then Less
+ else if hd (fst x) > hd (fst y) then Greater else Equiv)"
+ by(unfold_locales) (auto split: if_splits)
+
+lemma cmp_hd_eq_if_equiv: "compare cmp (v1,e1) (v2,e2) = Equiv \<Longrightarrow> hd v1 = hd v2"
+ by(auto simp: cmp.rep_eq split: if_splits)
+
+lemma cmp_sets_not_dsjnt_if_equiv:
+ "\<lbrakk>v1 \<noteq> []; v2 \<noteq> []; compare cmp (v1,e1) (v2,e2) = Equiv\<rbrakk> \<Longrightarrow> set v1 \<inter> set v2 \<noteq> {}"
+ using cmp_hd_eq_if_equiv disjoint_iff_not_equal hd_in_set[of v1] by auto
+
+lemma cmp_tree_qg: "cmp_tree_query_graph bfs sel cf G cmp"
+ by standard (simp add: cmp_sets_not_dsjnt_if_equiv)
+
+interpretation cmp_tree_query_graph bfs sel cf G cmp
+ by (rule cmp_tree_qg)
+
+(* The results are now useable: *)
+thm ikkbz_optimal_hj ikkbz_optimal_cout
+
+end
+
+(* possible cmp definition based on 'b::linorder *)
+locale blin_tree_query_graph = tree_query_graph bfs sel cf G
+ for bfs and sel :: "'b :: linorder \<Rightarrow> real" and cf G
+begin
+
+lift_definition cmp :: "('a list\<times>'b) comparator" is
+ "(\<lambda>x y. if snd x < snd y then Less
+ else if snd x > snd y then Greater else Equiv)"
+ by(unfold_locales) (auto split: if_splits)
+
+lemma cmp_arcs_eq_if_equiv: "compare cmp (v1,e1) (v2,e2) = Equiv \<Longrightarrow> e1 = e2"
+ by(auto simp: cmp.rep_eq split: if_splits)
+
+lemma cmp_tree_qg: "cmp_tree_query_graph bfs sel cf G cmp"
+ by standard (simp add: cmp_arcs_eq_if_equiv)
+
+interpretation cmp_tree_query_graph bfs sel cf G cmp
+ by (rule cmp_tree_qg)
+
+(* The results are now useable: *)
+thm ikkbz_optimal_hj ikkbz_optimal_cout
+
+end
+
+end
\ No newline at end of file
diff --git a/thys/Query_Optimization/IKKBZ_Optimality.thy b/thys/Query_Optimization/IKKBZ_Optimality.thy
new file mode 100644
--- /dev/null
+++ b/thys/Query_Optimization/IKKBZ_Optimality.thy
@@ -0,0 +1,6239 @@
+(* Author: Bernhard Stöckl *)
+
+theory IKKBZ_Optimality
+ imports Complex_Main "CostFunctions" "QueryGraph" "IKKBZ" "HOL-Library.Sublist"
+begin
+
+section \<open>Optimality of IKKBZ\<close>
+
+context directed_tree
+begin
+fun forward_arcs :: "'a list \<Rightarrow> bool" where
+ "forward_arcs [] = True"
+| "forward_arcs [x] = True"
+| "forward_arcs (x#xs) = ((\<exists>y \<in> set xs. y \<rightarrow>\<^bsub>T\<^esub> x) \<and> forward_arcs xs)"
+
+fun no_back_arcs :: "'a list \<Rightarrow> bool" where
+ "no_back_arcs [] = True"
+| "no_back_arcs (x#xs) = ((\<nexists>y. y \<in> set xs \<and> y \<rightarrow>\<^bsub>T\<^esub> x) \<and> no_back_arcs xs)"
+
+definition forward :: "'a list \<Rightarrow> bool" where
+ "forward xs = (\<forall>i \<in> {1..(length xs - 1)}. \<exists>j < i. xs!j \<rightarrow>\<^bsub>T\<^esub> xs!i)"
+
+definition no_back :: "'a list \<Rightarrow> bool" where
+ "no_back xs = (\<nexists>i j. i < j \<and> j < length xs \<and> xs!j \<rightarrow>\<^bsub>T\<^esub> xs!i)"
+
+definition seq_conform :: "'a list \<Rightarrow> bool" where
+ "seq_conform xs \<equiv> forward_arcs (rev xs) \<and> no_back_arcs xs"
+
+definition before :: "'a list \<Rightarrow> 'a list \<Rightarrow> bool" where
+ "before s1 s2 \<equiv> seq_conform s1 \<and> seq_conform s2 \<and> set s1 \<inter> set s2 = {}
+ \<and> (\<exists>x \<in> set s1. \<exists>y \<in> set s2. x \<rightarrow>\<^bsub>T\<^esub> y)"
+
+definition before2 :: "'a list \<Rightarrow> 'a list \<Rightarrow> bool" where
+ "before2 s1 s2 \<equiv> seq_conform s1 \<and> seq_conform s2 \<and> set s1 \<inter> set s2 = {}
+ \<and> (\<exists>x \<in> set s1. \<exists>y \<in> set s2. x \<rightarrow>\<^bsub>T\<^esub> y)
+ \<and> (\<forall>x \<in> set s1. \<forall>v \<in> verts T - set s1 - set s2. \<not> x \<rightarrow>\<^bsub>T\<^esub> v)"
+
+lemma before_alt1:
+ "(\<exists>i < length s1. \<exists>j < length s2. s1!i \<rightarrow>\<^bsub>T\<^esub> s2!j) \<longleftrightarrow> (\<exists>x \<in> set s1. \<exists>y \<in> set s2. x \<rightarrow>\<^bsub>T\<^esub> y)"
+ using in_set_conv_nth by metis
+
+lemma before_alt2:
+ "(\<forall>i < length s1. \<forall>v \<in> verts T - set s1 - set s2. \<not> s1!i \<rightarrow>\<^bsub>T\<^esub> v)
+ \<longleftrightarrow> (\<forall>x \<in> set s1. \<forall>v \<in> verts T - set s1 - set s2. \<not> x \<rightarrow>\<^bsub>T\<^esub> v)"
+ using in_set_conv_nth by metis
+
+lemma no_back_alt_aux: "(\<forall>i j. i \<ge> j \<or> j \<ge> length xs \<or> \<not>(xs!j \<rightarrow>\<^bsub>T\<^esub> xs!i)) \<Longrightarrow> no_back xs"
+ using less_le_not_le no_back_def by auto
+
+lemma no_back_alt: "(\<forall>i j. i \<ge> j \<or> j \<ge> length xs \<or> \<not>(xs!j \<rightarrow>\<^bsub>T\<^esub> xs!i)) \<longleftrightarrow> no_back xs"
+ using no_back_alt_aux by (auto simp: no_back_def)
+
+lemma no_back_arcs_alt_aux1: "\<lbrakk>no_back_arcs xs; i < j; j < length xs\<rbrakk> \<Longrightarrow> \<not>(xs!j \<rightarrow>\<^bsub>T\<^esub> xs!i)"
+proof(induction xs arbitrary: i j)
+ case (Cons x xs)
+ then show ?case
+ proof(cases "i = 0")
+ case True
+ then show ?thesis using Cons.prems by simp
+ next
+ case False
+ then show ?thesis using Cons by auto
+ qed
+qed(simp)
+
+lemma no_back_insert_aux:
+ "(\<forall>i j. i \<ge> j \<or> j \<ge> length (x#xs) \<or> \<not>((x#xs)!j \<rightarrow>\<^bsub>T\<^esub> (x#xs)!i))
+ \<Longrightarrow> (\<forall>i j. i \<ge> j \<or> j \<ge> length xs \<or> \<not>(xs!j \<rightarrow>\<^bsub>T\<^esub> xs!i))"
+ by force
+
+lemma no_back_insert: "no_back (x#xs) \<Longrightarrow> no_back xs"
+ using no_back_alt no_back_insert_aux by blast
+
+lemma no_arc_fst_if_no_back:
+ assumes "no_back (x#xs)" and "y \<in> set xs"
+ shows "\<not> y \<rightarrow>\<^bsub>T\<^esub> x"
+proof -
+ have 0: "(x#xs)!0 = x" by simp
+ obtain j where "xs!j = y" "j < length xs" using assms(2) by (auto simp: in_set_conv_nth)
+ then have "(x#xs)!(Suc j) = y \<and> Suc j < length (x#xs)" by simp
+ then show ?thesis using assms(1) 0 by (metis no_back_def zero_less_Suc)
+qed
+
+lemma no_back_arcs_alt_aux2: "no_back xs \<Longrightarrow> no_back_arcs xs"
+ by(induction xs) (auto simp: no_back_insert no_arc_fst_if_no_back)
+
+lemma no_back_arcs_alt: "no_back xs \<longleftrightarrow> no_back_arcs xs"
+ using no_back_arcs_alt_aux1 no_back_arcs_alt_aux2 no_back_alt by fastforce
+
+lemma forward_arcs_alt_aux1:
+ "\<lbrakk>forward_arcs xs; i \<in> {1..(length (rev xs) - 1)}\<rbrakk> \<Longrightarrow> \<exists>j < i. (rev xs)!j \<rightarrow>\<^bsub>T\<^esub> (rev xs)!i"
+proof(induction xs rule: forward_arcs.induct)
+ case (3 x x' xs)
+ then show ?case
+ proof(cases "i = length (rev (x#x'#xs)) - 1")
+ case True
+ then have i: "(rev (x#x'#xs))!i = x" by (simp add: nth_append)
+ then obtain y where y_def: "y\<in>set (x'#xs)" "y \<rightarrow>\<^bsub>T\<^esub> x" using "3.prems" by auto
+ then obtain j where j_def: "rev (x'#xs)!j = y" "j < length (rev (x'#xs))"
+ using in_set_conv_nth[of y] by fastforce
+ then have "rev (x#x'#xs)!j = y" by (auto simp: nth_append)
+ then show ?thesis using y_def(2) i j_def(2) True by auto
+ next
+ case False
+ then obtain j where j_def: "j < i" "rev (x' # xs)!j \<rightarrow>\<^bsub>T\<^esub> rev (x' # xs)!i" using 3 by auto
+ then have "rev (x#x'#xs)!j = rev (x'#xs)!j" using "3.prems"(2) by (auto simp: nth_append)
+ moreover have "rev (x#x'#xs)!i = rev (x'#xs)!i"
+ using "3.prems"(2) False by (auto simp: nth_append)
+ ultimately show ?thesis using j_def by auto
+ qed
+qed(auto)
+
+lemma forward_split_aux:
+ assumes "forward (xs@ys)" and "i\<in>{1..length xs - 1}"
+ shows "\<exists>j<i. xs!j \<rightarrow>\<^bsub>T\<^esub> xs!i"
+proof -
+ obtain j where "j < i \<and> (xs@ys)!j \<rightarrow>\<^bsub>T\<^esub> (xs@ys)!i" using assms forward_def by force
+ moreover have "i < length xs" using assms(2) by auto
+ ultimately show ?thesis by (auto simp: nth_append)
+qed
+
+lemma forward_split: "forward (xs@ys) \<Longrightarrow> forward xs"
+ using forward_split_aux forward_def by blast
+
+lemma forward_cons:
+ "forward (rev (x#xs)) \<Longrightarrow> forward (rev xs)"
+ using forward_split by simp
+
+lemma arc_to_lst_if_forward:
+ assumes "forward (rev (x#xs))" and "xs = y#ys"
+ shows "\<exists>y \<in> set xs. y \<rightarrow>\<^bsub>T\<^esub> x"
+proof -
+ have "(x#xs)!0 = x" by simp
+ have "(rev xs@[x])!(length xs) = (xs@[x])!(length xs)" by (metis length_rev nth_append_length)
+ then have i: "rev (x#xs)!(length xs) = x" by simp
+ have "length xs \<in> {1..(length (rev (x#xs)) - 1)}" using assms(2) by simp
+ then obtain j where j_def: "j < length xs \<and> (rev (x#xs))!j \<rightarrow>\<^bsub>T\<^esub> (rev (x#xs))!length xs"
+ using assms(1) forward_def[of "rev (x#xs)"] by blast
+ then have "rev xs!j \<in> set xs" using length_rev nth_mem set_rev by metis
+ then have "rev (x#xs)!j \<in> set xs" by (auto simp: j_def nth_append)
+ then show ?thesis using i j_def by auto
+qed
+
+lemma forward_arcs_alt_aux2: "forward (rev xs) \<Longrightarrow> forward_arcs xs"
+proof(induction xs rule: forward_arcs.induct)
+ case (3 x y xs)
+ then have "forward_arcs (y # xs)" using forward_cons by blast
+ then show ?case using arc_to_lst_if_forward "3.prems" by simp
+qed(auto)
+
+lemma forward_arcs_alt: "forward xs \<longleftrightarrow> forward_arcs (rev xs)"
+ using forward_arcs_alt_aux1 forward_arcs_alt_aux2 forward_def by fastforce
+
+corollary forward_arcs_alt': "forward (rev xs) \<longleftrightarrow> forward_arcs xs"
+ using forward_arcs_alt by simp
+
+corollary forward_arcs_split: "forward_arcs (ys@xs) \<Longrightarrow> forward_arcs xs"
+ using forward_split[of "rev xs" "rev ys"] forward_arcs_alt by simp
+
+lemma seq_conform_alt: "seq_conform xs \<longleftrightarrow> forward xs \<and> no_back xs"
+ using forward_arcs_alt no_back_arcs_alt seq_conform_def by simp
+
+lemma forward_app_aux:
+ assumes "forward s1" "forward s2" "\<exists>x\<in>set s1. x \<rightarrow>\<^bsub>T\<^esub> hd s2" "i\<in>{1..length (s1@s2) - 1}"
+ shows "\<exists>j<i. (s1@s2)!j \<rightarrow>\<^bsub>T\<^esub> (s1@s2)!i"
+proof -
+ consider "i\<in>{1..length s1 - 1}" | "i = length s1" | "i\<in>{length s1 + 1..length s1 + length s2 - 1}"
+ using assms(4) by fastforce
+ then show ?thesis
+ proof(cases)
+ case 1
+ then obtain j where j_def: "j < i" "s1!j \<rightarrow>\<^bsub>T\<^esub> s1!i" using assms(1) forward_def by blast
+ moreover have "(s1@s2)!i = s1!i" using 1 by (auto simp: nth_append)
+ moreover have "(s1@s2)!j = s1!j" using 1 j_def(1) by (auto simp: nth_append)
+ ultimately show ?thesis by auto
+ next
+ case 2
+ then have "s2 \<noteq> []" using assms(4) by force
+ then have "(s1@s2)!i = hd s2" using 2 assms(4) by (simp add: hd_conv_nth nth_append)
+ then obtain x where x_def: "x\<in>set s1" "x \<rightarrow>\<^bsub>T\<^esub> (s1@s2)!i" using assms(3) by force
+ then obtain j where "s1!j = x" "j < length s1" by (auto simp: in_set_conv_nth)
+ then show ?thesis using x_def(2) 2 by (auto simp: nth_append)
+ next
+ case 3
+ then have "i-length s1 \<in> {1..length s2 - 1}" by fastforce
+ then obtain j where j_def: "j < (i-length s1)" "s2!j \<rightarrow>\<^bsub>T\<^esub> s2!(i-length s1)"
+ using assms(2) forward_def by blast
+ moreover have "(s1@s2)!i = s2!(i-length s1)" using 3 by (auto simp: nth_append)
+ moreover have "(s1@s2)!(j+length s1) = s2!j" using 3 j_def(1) by (auto simp: nth_append)
+ ultimately have "(j+length s1) < i \<and> (s1@s2)!(j+length s1) \<rightarrow>\<^bsub>T\<^esub> (s1@s2)!i" by force
+ then show ?thesis by blast
+ qed
+qed
+
+lemma forward_app: "\<lbrakk>forward s1; forward s2; \<exists>x\<in>set s1. x \<rightarrow>\<^bsub>T\<^esub> hd s2\<rbrakk> \<Longrightarrow> forward (s1@s2)"
+ by (simp add: forward_def forward_app_aux)
+
+lemma before_conform1I: "before s1 s2 \<Longrightarrow> seq_conform s1"
+ unfolding before_def by blast
+
+lemma before_forward1I: "before s1 s2 \<Longrightarrow> forward s1"
+ unfolding before_def seq_conform_alt by blast
+
+lemma before_no_back1I: "before s1 s2 \<Longrightarrow> no_back s1"
+ unfolding before_def seq_conform_alt by blast
+
+lemma before_ArcI: "before s1 s2 \<Longrightarrow> \<exists>x \<in> set s1. \<exists>y \<in> set s2. x \<rightarrow>\<^bsub>T\<^esub> y"
+ unfolding before_def by blast
+
+lemma before_conform2I: "before s1 s2 \<Longrightarrow> seq_conform s2"
+ unfolding before_def by blast
+
+lemma before_forward2I: "before s1 s2 \<Longrightarrow> forward s2"
+ unfolding before_def seq_conform_alt by blast
+
+lemma before_no_back2I: "before s1 s2 \<Longrightarrow> no_back s2"
+ unfolding before_def seq_conform_alt by blast
+
+lemma hd_reach_all_forward_arcs:
+ "\<lbrakk>hd (rev xs) \<in> verts T; forward_arcs xs; x \<in> set xs\<rbrakk> \<Longrightarrow> hd (rev xs) \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x"
+proof(induction xs arbitrary: x rule: forward_arcs.induct)
+ case (3 z y ys)
+ then have 0: "(\<exists>y \<in> set (y#ys). y \<rightarrow>\<^bsub>T\<^esub> z)" "forward_arcs (y#ys)" by auto
+ have hd_eq: "hd (rev (z # y # ys)) = hd (rev (y # ys))"
+ using hd_rev[of "y#ys"] by (auto simp: last_ConsR)
+ then show ?case
+ proof(cases "x = z")
+ case True
+ then obtain x' where x'_def: "x' \<in> set (y#ys)" "x' \<rightarrow>\<^bsub>T\<^esub> x" using "3.prems"(2) by auto
+ then have "hd (rev (z # y # ys)) \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x'" using 3 hd_eq by simp
+ then show ?thesis using x'_def(2) reachable_adj_trans by blast
+ next
+ case False
+ then show ?thesis using 3 hd_eq by simp
+ qed
+qed(auto)
+
+lemma hd_reach_all_forward:
+ "\<lbrakk>hd xs \<in> verts T; forward xs; x \<in> set xs\<rbrakk> \<Longrightarrow> hd xs \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x"
+ using hd_reach_all_forward_arcs[of "rev xs"] by (simp add: forward_arcs_alt)
+
+lemma hd_in_verts_if_forward: "forward (x#y#xs) \<Longrightarrow> hd (x#y#xs) \<in> verts T"
+ unfolding forward_def by fastforce
+
+lemma two_elems_if_length_gt1: "length xs > 1 \<Longrightarrow> \<exists>x y ys. x#y#ys=xs"
+ by (metis create_ldeep_rev.cases list.size(3) One_nat_def length_Cons less_asym zero_less_Suc)
+
+lemma hd_in_verts_if_forward': "\<lbrakk>length xs > 1; forward xs\<rbrakk> \<Longrightarrow> hd xs \<in> verts T"
+ using two_elems_if_length_gt1 hd_in_verts_if_forward by blast
+
+lemma hd_reach_all_forward':
+ "\<lbrakk>length xs > 1; forward xs; x \<in> set xs\<rbrakk> \<Longrightarrow> hd xs \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x"
+ by (simp add: hd_in_verts_if_forward' hd_reach_all_forward)
+
+lemma hd_reach_all_forward'':
+ "\<lbrakk>forward (x#y#xs); z \<in> set (x#y#xs)\<rbrakk> \<Longrightarrow> hd (x#y#xs) \<rightarrow>\<^sup>*\<^bsub>T\<^esub> z"
+ using hd_in_verts_if_forward hd_reach_all_forward by blast
+
+lemma no_back_if_distinct_forward: "\<lbrakk>forward xs; distinct xs\<rbrakk> \<Longrightarrow> no_back xs"
+unfolding no_back_def proof
+ assume "\<exists>i j. i < j \<and> j < length xs \<and> xs!j \<rightarrow>\<^bsub>T\<^esub> xs!i" and assms: "forward xs" "distinct xs"
+ then obtain i j where i_def: "i < j" "j < length xs" "xs!j \<rightarrow>\<^bsub>T\<^esub> xs!i" by blast
+ show False
+ proof(cases "i=0")
+ case True
+ then have "xs!i = hd xs" using i_def(1,2) hd_conv_nth[of xs] by fastforce
+ then have "xs!i \<rightarrow>\<^sup>*\<^bsub>T\<^esub> xs!j" using i_def(1,2) assms(1) hd_reach_all_forward' by simp
+ then have "xs!i \<rightarrow>\<^sup>+\<^bsub>T\<^esub> xs!j" using reachable_neq_reachable1 i_def(3) by force
+ then show ?thesis using i_def(3) reachable1_not_reverse by blast
+ next
+ case False
+ then have "i \<in> {1 .. length xs - 1}" using i_def(1,2) by simp
+ then obtain j' where j'_def: "j' < i" "xs!j' \<rightarrow>\<^bsub>T\<^esub> xs!i"
+ using assms(1) unfolding forward_def by blast
+ have "xs!j' = xs!j" using i_def(3) j'_def(2) two_in_arcs_contr by fastforce
+ moreover have "xs!j' \<noteq> xs!j"
+ using j'_def(1) i_def(1,2) assms(2) nth_eq_iff_index_eq by fastforce
+ ultimately show ?thesis by blast
+ qed
+qed
+
+corollary seq_conform_if_dstnct_fwd: "\<lbrakk>forward xs; distinct xs\<rbrakk> \<Longrightarrow> seq_conform xs"
+ using no_back_if_distinct_forward seq_conform_def forward_arcs_alt no_back_arcs_alt by blast
+
+lemma forward_arcs_single: "forward_arcs [x]"
+ by simp
+
+lemma forward_single: "forward [x]"
+ unfolding forward_def by simp
+
+lemma no_back_arcs_single: "no_back_arcs [x]"
+ by simp
+
+lemma no_back_single: "no_back [x]"
+ unfolding no_back_def by simp
+
+lemma seq_conform_single: "seq_conform [x]"
+ unfolding seq_conform_def by simp
+
+lemma forward_arc_to_head':
+ assumes "forward ys" and "x \<notin> set ys" and "y \<in> set ys" and "x \<rightarrow>\<^bsub>T\<^esub> y"
+ shows "y = hd ys"
+proof (rule ccontr)
+ assume asm: "y \<noteq> hd ys"
+ obtain i where i_def: "i < length ys" "ys!i = y" using assms(3) by (auto simp: in_set_conv_nth)
+ then have "i \<noteq> 0" using asm by (metis drop0 hd_drop_conv_nth)
+ then have "i \<in> {1..(length ys - 1)}" using i_def(1) by simp
+ then obtain j where j_def: "j < i" "ys!j \<rightarrow>\<^bsub>T\<^esub> ys!i"
+ using assms(1) forward_def by blast
+ then show False using assms(4,2) j_def(2) i_def two_in_arcs_contr by fastforce
+qed
+
+corollary forward_arc_to_head:
+ "\<lbrakk>forward ys; set xs \<inter> set ys = {}; x \<in> set xs; y \<in> set ys; x \<rightarrow>\<^bsub>T\<^esub> y\<rbrakk>
+ \<Longrightarrow> y = hd ys"
+ using forward_arc_to_head' by blast
+
+lemma forward_app':
+ "\<lbrakk>forward s1; forward s2; set s1 \<inter> set s2 = {}; \<exists>x\<in>set s1. \<exists>y\<in>set s2. x \<rightarrow>\<^bsub>T\<^esub> y\<rbrakk>
+ \<Longrightarrow> forward (s1@s2)"
+ using forward_app[of s1 s2] forward_arc_to_head by blast
+
+lemma reachable1_from_outside_dom:
+ "\<lbrakk>x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y; x \<notin> set ys; y \<in> set ys\<rbrakk> \<Longrightarrow> \<exists>x'. \<exists>y' \<in> set ys. x' \<notin> set ys \<and> x' \<rightarrow>\<^bsub>T\<^esub> y'"
+ by (induction x y rule: trancl.induct) auto
+
+lemma hd_reachable1_from_outside':
+ "\<lbrakk>x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y; forward ys; x \<notin> set ys; y \<in> set ys\<rbrakk> \<Longrightarrow> \<exists>y' \<in> set ys. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> hd ys"
+ apply(induction x y rule: trancl.induct)
+ using forward_arc_to_head' by force+
+
+lemma hd_reachable1_from_outside:
+ "\<lbrakk>x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y; forward ys; set xs \<inter> set ys = {}; x \<in> set xs; y \<in> set ys\<rbrakk>
+ \<Longrightarrow> \<exists>y' \<in> set ys. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> hd ys"
+ using hd_reachable1_from_outside' by blast
+
+lemma reachable1_append_old_if_arc:
+ assumes "\<exists>x\<in>set xs. \<exists>y\<in>set ys. x \<rightarrow>\<^bsub>T\<^esub> y"
+ and "z \<notin> set xs"
+ and "forward xs"
+ and "y\<in>set (xs @ ys)"
+ and "z \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+ shows "\<exists>y\<in>set ys. z \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+proof(cases "y \<in> set ys")
+ case True
+ then show ?thesis using assms(5) by blast
+next
+ case False
+ then have "y \<in> set xs" using assms(4) by simp
+ then have 0: "z \<rightarrow>\<^sup>+\<^bsub>T\<^esub> hd xs" using hd_reachable1_from_outside'[OF assms(5,3,2)] by blast
+ then have 1: "hd xs \<in> verts T" using reachable1_in_verts(2) by auto
+ obtain x y where x_def: "x\<in>set xs" "y\<in>set ys" "x \<rightarrow>\<^bsub>T\<^esub> y" using assms(1) by blast
+ then have "hd xs \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x" using hd_reach_all_forward[OF 1 assms(3)] by simp
+ then have "hd xs \<rightarrow>\<^sup>*\<^bsub>T\<^esub> y" using x_def(3) by force
+ then show ?thesis using reachable1_reachable_trans[OF 0] x_def(2) by blast
+qed
+
+lemma reachable1_append_old_if_arcU:
+ "\<lbrakk>\<exists>x\<in>set xs. \<exists>y\<in>set ys. x \<rightarrow>\<^bsub>T\<^esub> y; set U \<inter> set xs = {}; z \<in> set U;
+ forward xs; y\<in>set (xs @ ys); z \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y\<rbrakk>
+ \<Longrightarrow> \<exists>y\<in>set ys. z \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+ using reachable1_append_old_if_arc[of xs ys] by auto
+
+lemma before_arc_to_hd: "before xs ys \<Longrightarrow> \<exists>x \<in> set xs. x \<rightarrow>\<^bsub>T\<^esub> hd ys"
+ using forward_arc_to_head before_def seq_conform_alt by auto
+
+lemma no_back_backarc_app1:
+ "\<lbrakk>j < length (xs@ys); j \<ge> length xs; i < j; no_back ys; (xs@ys)!j \<rightarrow>\<^bsub>T\<^esub> (xs@ys)!i\<rbrakk>
+ \<Longrightarrow> i < length xs"
+ by (rule ccontr) (auto simp add: no_back_def nth_append)
+
+lemma no_back_backarc_app2: "\<lbrakk>no_back xs; i < j; (xs@ys)!j \<rightarrow>\<^bsub>T\<^esub> (xs@ys)!i\<rbrakk> \<Longrightarrow> j \<ge> length xs"
+ by (rule ccontr) (auto simp add: no_back_def nth_append)
+
+lemma no_back_backarc_i_in_xs:
+ "\<lbrakk>no_back ys; j < length (xs@ys); i < j; (xs@ys)!j \<rightarrow>\<^bsub>T\<^esub> (xs@ys)!i\<rbrakk>
+ \<Longrightarrow> xs!i \<in> set xs \<and> (xs@ys)!i = xs!i"
+ by (auto simp add: no_back_def nth_append)
+
+lemma no_back_backarc_j_in_ys:
+ "\<lbrakk>no_back xs; j < length (xs@ys); i < j; (xs@ys)!j \<rightarrow>\<^bsub>T\<^esub> (xs@ys)!i\<rbrakk>
+ \<Longrightarrow> ys!(j-length xs) \<in> set ys \<and> (xs@ys)!j = ys!(j-length xs)"
+ by (auto simp add: no_back_def nth_append)
+
+lemma no_back_backarc_difsets:
+ assumes "no_back xs" and "no_back ys"
+ and "i < j" and "j < length (xs @ ys)" and "(xs @ ys) ! j \<rightarrow>\<^bsub>T\<^esub> (xs @ ys) ! i"
+ shows "\<exists>x \<in> set xs. \<exists>y \<in> set ys. y \<rightarrow>\<^bsub>T\<^esub> x"
+ using no_back_backarc_i_in_xs[OF assms(2,4,3)] no_back_backarc_j_in_ys[OF assms(1,4,3)] assms(5)
+ by auto
+
+lemma no_back_backarc_difsets':
+ "\<lbrakk>no_back xs; no_back ys; \<exists>i j. i < j \<and> j < length (xs@ys) \<and> (xs@ys)!j \<rightarrow>\<^bsub>T\<^esub> (xs@ys)!i\<rbrakk>
+ \<Longrightarrow> \<exists>x \<in> set xs. \<exists>y \<in> set ys. y \<rightarrow>\<^bsub>T\<^esub> x"
+ using no_back_backarc_difsets by blast
+
+lemma no_back_before_aux:
+ assumes "seq_conform xs" and "seq_conform ys"
+ and "set xs \<inter> set ys = {}" and "(\<exists>x\<in>set xs. \<exists>y\<in>set ys. x \<rightarrow>\<^bsub>T\<^esub> y)"
+ shows "no_back (xs @ ys)"
+ unfolding no_back_def by (metis assms adj_in_verts(2) forward_arc_to_head hd_reach_all_forward
+ inf_commute reachable1_not_reverse reachable_rtranclI rtrancl_into_trancl1 seq_conform_alt
+ no_back_backarc_difsets')
+
+lemma no_back_before: "before xs ys \<Longrightarrow> no_back (xs@ys)"
+ using before_def no_back_before_aux by simp
+
+lemma seq_conform_if_before: "before xs ys \<Longrightarrow> seq_conform (xs@ys)"
+ using no_back_before before_def seq_conform_alt forward_app before_arc_to_hd by simp
+
+lemma no_back_arc_if_fwd_dstct:
+ assumes "forward (as@bs)" and "distinct (as@bs)"
+ shows "\<not>(\<exists>x\<in>set bs. \<exists>y\<in>set as. x \<rightarrow>\<^bsub>T\<^esub> y)"
+proof
+ assume "\<exists>x\<in>set bs. \<exists>y\<in>set as. x \<rightarrow>\<^bsub>T\<^esub> y"
+ then obtain x y where x_def: "x\<in>set bs" "y\<in>set as" "x \<rightarrow>\<^bsub>T\<^esub> y" by blast
+ then obtain i where i_def: "as!i = y" "i < length as" by (auto simp: in_set_conv_nth)
+ obtain j where j_def: "bs!j = x" "j < length bs" using x_def(1) by (auto simp: in_set_conv_nth)
+ then have "(as@bs)!(j+length as) = x" by (simp add: nth_append)
+ moreover have "(as@bs)!i = y" using i_def by (simp add: nth_append)
+ moreover have "i < (j+length as)" using i_def(2) by simp
+ moreover have "(j+length as) < length (as @ bs)" using j_def by simp
+ ultimately show False
+ using no_back_if_distinct_forward[OF assms] x_def(3) unfolding no_back_def by blast
+qed
+
+lemma no_back_reach1_if_fwd_dstct:
+ assumes "forward (as@bs)" and "distinct (as@bs)"
+ shows "\<not>(\<exists>x\<in>set bs. \<exists>y\<in>set as. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y)"
+proof
+ assume "\<exists>x\<in>set bs. \<exists>y\<in>set as. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+ then obtain x y where x_def: "x\<in>set bs" "y\<in>set as" "x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y" by blast
+ have fwd_as: "forward as" using forward_split[OF assms(1)] by blast
+ have x_as: "x \<notin> set as" using x_def(1) assms(2) by auto
+ show False
+ using assms(1) x_def append.assoc list.distinct(1) Nil_is_append_conv append_Nil2[of "as@bs"]
+ append_eq_append_conv2[of "as@bs" "as@bs" bs as] forward_arc_to_head' hd_append2
+ hd_reach_all_forward hd_reachable1_from_outside'[OF x_def(3) fwd_as x_as x_def(2)]
+ in_set_conv_decomp_first[of y as] in_set_conv_decomp_last reachable1_from_outside_dom
+ reachable1_in_verts(2) reachable1_not_reverse reachable1_reachable_trans
+ by metis
+qed
+
+lemma split_length_i: "i \<le> length bs \<Longrightarrow> \<exists>xs ys. xs@ys = bs \<and> length xs = i"
+ using length_take append_take_drop_id min_absorb2 by metis
+
+lemma split_length_i_prefix:
+ assumes "length as \<le> i" "i < length (as@bs)"
+ shows "\<exists>xs ys. xs@ys = bs \<and> length (as@xs) = i"
+proof -
+ obtain n where n_def: "n + length as = i"
+ using assms(1) ab_semigroup_add_class.add.commute le_Suc_ex by blast
+ then have "n \<le> length bs" using assms(2) by simp
+ then show ?thesis using split_length_i n_def by fastforce
+qed
+
+lemma forward_alt_aux1:
+ assumes "i \<in> {1..length xs - 1}" and "j<i" and "xs!j \<rightarrow>\<^bsub>T\<^esub> xs!i"
+ shows "\<exists>as bs. as@bs = xs \<and> length as = i \<and> (\<exists>x \<in> set as. x \<rightarrow>\<^bsub>T\<^esub> xs!i)"
+proof -
+ obtain as bs where "as@bs = xs \<and> length as = i"
+ using assms(1) atLeastAtMost_iff diff_le_self le_trans split_length_i[of i xs] by metis
+ then show ?thesis using assms(2,3) nth_append[of as bs j] by force
+qed
+
+lemma forward_alt_aux1':
+ "forward xs
+ \<Longrightarrow> \<forall>i \<in> {1..length xs - 1}. \<exists>as bs. as@bs = xs \<and> length as = i \<and> (\<exists>x \<in> set as. x \<rightarrow>\<^bsub>T\<^esub> xs!i)"
+ using forward_alt_aux1 unfolding forward_def by fastforce
+
+lemma forward_alt_aux2:
+ "\<lbrakk>as@bs = xs; length as = i; \<exists>x \<in> set as. x \<rightarrow>\<^bsub>T\<^esub> xs!i\<rbrakk> \<Longrightarrow> \<exists>j<i. xs!j \<rightarrow>\<^bsub>T\<^esub> xs!i"
+ by (auto simp add: nth_append in_set_conv_nth)
+
+lemma forward_alt_aux2':
+ "\<forall>i \<in> {1..length xs - 1}. \<exists>as bs. as@bs = xs \<and> length as = i \<and> (\<exists>x \<in> set as. x \<rightarrow>\<^bsub>T\<^esub> xs!i)
+ \<Longrightarrow> forward xs"
+ using forward_alt_aux2 unfolding forward_def by blast
+
+corollary forward_alt:
+ "\<forall>i \<in> {1..length xs - 1}. \<exists>as bs. as@bs = xs \<and> length as = i \<and> (\<exists>x \<in> set as. x \<rightarrow>\<^bsub>T\<^esub> xs!i)
+ \<longleftrightarrow> forward xs"
+ using forward_alt_aux1'[of xs] forward_alt_aux2' by blast
+
+lemma move_mid_forward_if_noarc_aux:
+ assumes "as \<noteq> []"
+ and "\<not>(\<exists>x \<in> set U. \<exists>y \<in> set bs. x \<rightarrow>\<^bsub>T\<^esub> y)"
+ and "forward (as@U@bs@cs)"
+ and "i \<in> {1..length (as@bs@U@cs) - 1}"
+ shows "\<exists>j<i. (as@bs@U@cs) ! j \<rightarrow>\<^bsub>T\<^esub> (as@bs@U@cs) ! i"
+proof -
+ have 0: "i \<in> {1..length (as@U@bs@cs) - 1}" using assms(4) by auto
+ consider "i < length as" | "i \<in> {length as..length (as@bs) - 1}"
+ | "i \<in> {length (as@bs)..length (as@bs@U) - 1}"
+ | "i \<ge> length (as@bs@U)"
+ by fastforce
+ then show ?thesis
+ proof(cases)
+ case 1
+ then have "(as@U@bs@cs)!i = (as@bs@U@cs)!i" by (simp add: nth_append)
+ then obtain j where j_def: "j<i" "(as@U@bs@cs)!j \<rightarrow>\<^bsub>T\<^esub> ((as@bs)@U@cs)!i"
+ using assms(3) 0 unfolding forward_def by fastforce
+ then have "(as@U@bs@cs)!j = ((as@bs)@U@cs)!j" using 1 by (simp add: nth_append)
+ then show ?thesis using j_def by auto
+ next
+ case 2
+ have "((as@bs)@U@cs)!i = bs!(i - length as)"
+ using 2 assms(4) nth_append root_in_T directed_tree_axioms in_degree_root_zero
+ by (metis directed_tree.in_deg_one_imp_not_root atLeastAtMost_iff diff_diff_cancel
+ diff_is_0_eq diff_le_self diff_less_mono neq0_conv zero_less_diff)
+ then have i_in_bs: "((as@bs)@U@cs)!i \<in> set bs" using assms(4) 2 by auto
+ have "(i - length as) < length bs" using 2 assms(4) by force
+ then have "((as@bs)@U@cs)!i = (as@U@bs@cs)!(i + length U)"
+ using 2 by (auto simp: nth_append)
+ moreover have "(i + length U) \<in> {1.. length (as@U@bs@cs) - 1}" using 2 0 by force
+ ultimately obtain j where j_def:
+ "j < (i + length U)" "(as@U@bs@cs)!j \<rightarrow>\<^bsub>T\<^esub> ((as@bs)@U@cs)!i"
+ using assms(3) unfolding forward_def by fastforce
+ have "i < length (as@bs)" using \<open>i - length as < length bs\<close> by force
+ moreover have "length as \<le> i" using 2 by simp
+ ultimately obtain xs ys where xs_def: "bs = xs@ys" "length (as@xs) = i"
+ using split_length_i_prefix by blast
+ then have "j < (length (as@U@xs))" using 2 j_def(1) by simp
+ then have "(as@U@bs@cs)!j \<in> set (as@U@xs)" by (auto simp: xs_def(1) nth_append)
+ then have "(as@U@bs@cs)!j \<in> set (as@xs)" using assms(2) j_def(2) i_in_bs by auto
+ then obtain j' where j'_def: "j' < length (as@xs)" "(as@xs)!j' = (as@U@bs@cs)!j"
+ using in_set_conv_nth[of "(as@U@bs@cs)!j"] nth_append by blast
+ then have "((as@bs)@U@cs)!j' = (as@U@bs@cs)!j"
+ using nth_append[of "as@xs"] xs_def(1) by simp
+ then show ?thesis using j_def(2) j'_def(1) xs_def(2) by force
+ next
+ case 3
+ then have i_len_U: "i - length (as@bs) < length U" using assms(4) by fastforce
+ have i_len_asU: "i - length bs < length (as@U)" using 3 assms(4) by force
+ have "((as@bs)@U@cs)!i = (U@cs)!(i - length (as@bs))"
+ using 3 by (auto simp: nth_append)
+ also have "\<dots> = (as@U)!(i - length bs)"
+ using 3 i_len_U by (auto simp: ab_semigroup_add_class.add.commute nth_append)
+ also have "\<dots> = (as@U@bs@cs)!(i - length bs)"
+ using i_len_asU nth_append[of "as@U"] by simp
+ finally have 1: "((as@bs)@U@cs)!i = (as@U@bs@cs)!(i - length bs)" .
+ have "(i - length bs) \<ge> length as" using 3 by auto
+ then have "(i - length bs) \<ge> 1" using assms(1) length_0_conv[of as] by force
+ then have "(i - length bs) \<in> {1.. length (as@U@bs@cs) - 1}" using 0 by auto
+ then obtain j where j_def: "j < (i - length bs)" "(as@U@bs@cs)!j \<rightarrow>\<^bsub>T\<^esub> ((as@bs)@U@cs)!i"
+ using assms(3) 1 unfolding forward_def by fastforce
+ have "length as \<le> (i - length bs)" using 3 by auto
+ then obtain xs ys where xs_def: "U = xs@ys" "length (as@xs) = (i - length bs)"
+ using split_length_i_prefix[of as] i_len_asU by blast
+ then have "j < (length (as@xs))" using 3 j_def(1) by simp
+ then have "(as@U@bs@cs)!j \<in> set (as@bs@xs)" by (auto simp: xs_def(1) nth_append)
+ then obtain j' where j'_def: "j' < length (as@bs@xs)" "(as@bs@xs)!j' = (as@U@bs@cs)!j"
+ using in_set_conv_nth[of "(as@U@bs@cs)!j"] by blast
+ then have "((as@bs)@U@cs)!j' = (as@U@bs@cs)!j"
+ using nth_append[of "as@bs@xs"] xs_def(1) by simp
+ moreover have "j' < i" using j'_def(1) xs_def(2) 3 by auto
+ ultimately show ?thesis using j_def(2) by force
+ next
+ case 4
+ have len_eq: "length (as@U@bs) = length (as@bs@U)" by simp
+ have "((as@bs)@U@cs)!i = cs!(i - length (as@bs@U))"
+ using 4 nth_append[of "as@bs@U"] by simp
+ also have "\<dots> = cs!(i - length (as@U@bs))" using len_eq by argo
+ finally have "((as@bs)@U@cs)!i = ((as@U@bs)@cs)!i" using 4 nth_append[of "as@U@bs"] by simp
+ then obtain j where j_def: "j < i" "(as@U@bs@cs)!j \<rightarrow>\<^bsub>T\<^esub> ((as@bs)@U@cs)!i"
+ using assms(3) 0 unfolding forward_def by fastforce
+ have "length (as@U@bs) \<le> i" using 4 by auto
+ moreover have "i < length ((as@U@bs)@cs)" using 0 by auto
+ ultimately obtain xs ys where xs_def: "xs@ys = cs" "length ((as@U@bs) @ xs) = i"
+ using split_length_i_prefix[of "as@U@bs" i] by blast
+ then have "j < (length (as@U@bs@xs))" using 4 j_def(1) by simp
+ then have "(as@U@bs@cs)!j \<in> set (as@bs@U@xs)" by (auto simp: xs_def(1)[symmetric] nth_append)
+ then obtain j' where j'_def: "j' < length (as@bs@U@xs)" "(as@bs@U@xs)!j' = (as@U@bs@cs)!j"
+ using in_set_conv_nth[of "(as@U@bs@cs)!j"] by blast
+ then have "((as@bs)@U@cs)!j' = (as@U@bs@cs)!j"
+ using nth_append[of "as@bs@U@xs"] xs_def(1)[symmetric] by simp
+ moreover have "j' < i" using j'_def(1) xs_def(2) 4 by auto
+ ultimately show ?thesis using j_def(2) by auto
+ qed
+qed
+
+lemma move_mid_forward_if_noarc:
+ "\<lbrakk>as \<noteq> []; \<not>(\<exists>x \<in> set U. \<exists>y \<in> set bs. x \<rightarrow>\<^bsub>T\<^esub> y); forward (as@U@bs@cs)\<rbrakk>
+ \<Longrightarrow> forward (as@bs@U@cs)"
+ using move_mid_forward_if_noarc_aux unfolding forward_def by blast
+
+lemma move_mid_backward_if_noarc_aux:
+ assumes "\<exists>x\<in>set U. x \<rightarrow>\<^bsub>T\<^esub> hd V"
+ and "forward V"
+ and "forward (as@U@bs@V@cs)"
+ and "i \<in> {1..length (as@U@V@bs@cs) - 1}"
+ shows "\<exists>j<i. (as@U@V@bs@cs) ! j \<rightarrow>\<^bsub>T\<^esub> (as@U@V@bs@cs) ! i"
+proof -
+ have 0: "i \<in> {1..length (as@U@bs@V@cs) - 1}" using assms(4) by auto
+ consider "i < length (as@U)" | "i = length (as@U)" "i \<le> length (as@U@V) - 1"
+ | "i \<in> {length (as@U) + 1..length (as@U@V) - 1}"
+ | "i \<in> {length (as@U@V)..length (as@U@V@bs) - 1}"
+ | "i \<ge> length (as@U@V@bs)"
+ by fastforce
+ then show ?thesis
+ proof(cases)
+ case 1
+ then have "(as@U@bs@V@cs)!i = (as@U@V@bs@cs)!i" by (simp add: nth_append)
+ then obtain j where j_def: "j<i" "(as@U@bs@V@cs)!j \<rightarrow>\<^bsub>T\<^esub> (as@U@V@bs@cs)!i"
+ using assms(3) 0 unfolding forward_def by fastforce
+ then have "(as@U@V@bs@cs)!j = (as@U@bs@V@cs)!j" using 1 by (simp add: nth_append)
+ then show ?thesis using j_def by auto
+ next
+ case 2
+ have "(as@U@V@bs@cs)!i = (V@bs@cs)!0" using 2(1) by (auto simp: nth_append)
+ then have "(as@U@V@bs@cs)!i = hd V"
+ using 2 assms(4) hd_append hd_conv_nth Suc_n_not_le_n atLeastAtMost_iff le_diff_conv2
+ by (metis ab_semigroup_add_class.add.commute append.right_neutral Suc_eq_plus1_left)
+ then obtain x where x_def: "x \<in> set U" "x \<rightarrow>\<^bsub>T\<^esub> (as@U@V@bs@cs)!i" using assms(1) by auto
+ then obtain j where j_def: "(as@U)!j = x" "j < i" using in_set_conv_nth[of x] 2 by fastforce
+ then have "(as@U@V@bs@cs)!j = x" using 2(1) by (auto simp: nth_append)
+ then show ?thesis using j_def(2) x_def(2) by blast
+ next
+ case 3
+ have "i - length (as@U) \<in> {1 .. length V - 1}" using 3 by force
+ then obtain j where j_def: "j < (i - length (as@U))" "V!j \<rightarrow>\<^bsub>T\<^esub> V!(i - length (as@U))"
+ using assms(2) unfolding forward_def by blast
+ then have "(as@U@V@bs@cs)!(j+length (as@U)) = V!j"
+ using 3 nth_append[of "as@U"] nth_append[of V] by auto
+ moreover have "(as@U@V@bs@cs)!i = V!(i - length (as@U))"
+ using 3 nth_append[of "as@U"] nth_append[of V] by auto
+ moreover have "j+length (as@U) < i" using j_def(1) by simp
+ ultimately show ?thesis using j_def(2) by auto
+ next
+ case 4
+ have "(as@U@V@bs@cs)!i = (bs@cs)!(i - length (as@U@V))" using 4 nth_append[of "as@U@V"] by simp
+ also have "\<dots> = bs!(i - length (as@U@V))" using 4 assms(4) by (auto simp: nth_append)
+ also have "\<dots> = (as@U@bs)!(i - length (as@U@V) + length (as@U))" by (simp add: nth_append)
+ also have "\<dots> = (as@U@bs)!(i - length V)" using 4 by simp
+ finally have 1: "(as@U@V@bs@cs)!i = (as@U@bs@V@cs)!(i - length V)"
+ using 4 assms(4) nth_append[of "as@U@bs"] by auto
+ have "(i - length V) \<ge> length (as@U)" using 4 by auto
+ then have "(i - length V) \<ge> 1" using assms(1) length_0_conv by fastforce
+ then have "(i - length V) \<in> {1.. length (as@U@bs@V@cs) - 1}" using 0 by auto
+ then obtain j where j_def: "j < i - length V" "(as@U@bs@V@cs)!j \<rightarrow>\<^bsub>T\<^esub> (as@U@V@bs@cs)!i"
+ using assms(3) 1 unfolding forward_def by fastforce
+ have "length (as@U) \<le> (i - length V)" using 4 by fastforce
+ moreover have "(i - length V) < length ((as@U)@bs)" using 4 assms(4) by auto
+ ultimately obtain xs ys where xs_def: "xs@ys = bs" "length ((as@U)@ xs) = i - length V"
+ using split_length_i_prefix[of "as@U"] by blast
+ then have "j < (length (as@U@xs))" using 4 j_def(1) by simp
+ then have "(as@U@bs@V@cs)!j \<in> set (as@U@V@xs)" by (auto simp: xs_def(1)[symmetric] nth_append)
+ then obtain j' where j'_def: "j' < length (as@U@V@xs)" "(as@U@V@xs)!j' = (as@U@bs@V@cs)!j"
+ using in_set_conv_nth[of "(as@U@bs@V@cs)!j"] by blast
+ then have "(as@U@V@bs@cs)!j' = (as@U@bs@V@cs)!j"
+ using nth_append[of "as@U@V@xs"] xs_def(1) by auto
+ moreover have "j' < i" using j'_def(1) xs_def(2) 4 by auto
+ ultimately show ?thesis using j_def(2) by auto
+ next
+ case 5
+ have len_eq: "length (as@U@bs@V) = length (as@U@V@bs)" by simp
+ have "(as@U@V@bs@cs)!i = cs!(i - length (as@U@V@bs))"
+ using 5 nth_append[of "as@U@V@bs"] by auto
+ also have "\<dots> = cs!(i - length (as@U@bs@V))" using len_eq by argo
+ finally have "(as@U@V@bs@cs)!i = ((as@U@bs@V)@cs)!i"
+ using 5 nth_append[of "as@U@bs@V"] by simp
+ then obtain j where j_def: "j < i" "(as@U@bs@V@cs)!j \<rightarrow>\<^bsub>T\<^esub> (as@U@V@bs@cs)!i"
+ using assms(3) 0 unfolding forward_def by fastforce
+ have "length (as@U@bs@V) \<le> i" using 5 by auto
+ moreover have "i < length ((as@U@bs@V)@cs)" using 0 by auto
+ ultimately obtain xs ys where xs_def: "xs@ys = cs" "length ((as@U@bs@V) @ xs) = i"
+ using split_length_i_prefix[of "as@U@bs@V" i] by blast
+ then have "j < (length (as@U@bs@V@xs))" using 5 j_def(1) by simp
+ then have "(as@U@bs@V@cs)!j \<in> set (as@U@V@bs@xs)"
+ by (auto simp: xs_def(1)[symmetric] nth_append)
+ then obtain j' where j'_def: "j' < length (as@U@V@bs@xs)" "(as@U@V@bs@xs)!j' = (as@U@bs@V@cs)!j"
+ using in_set_conv_nth[of "(as@U@bs@V@cs)!j"] by blast
+ then have "(as@U@V@bs@cs)!j' = (as@U@bs@V@cs)!j"
+ using nth_append[of "as@U@V@bs@xs"] xs_def(1) by force
+ moreover have "j' < i" using j'_def(1) xs_def(2) 5 by auto
+ ultimately show ?thesis using j_def(2) by auto
+ qed
+qed
+
+lemma move_mid_backward_if_noarc:
+ "\<lbrakk>before U V; forward (as@U@bs@V@cs)\<rbrakk> \<Longrightarrow> forward (as@U@V@bs@cs)"
+ using before_forward2I
+ by (simp add: forward_def before_arc_to_hd move_mid_backward_if_noarc_aux)
+
+lemma move_mid_backward_if_noarc':
+ "\<lbrakk>\<exists>x\<in>set U. \<exists>y\<in>set V. x \<rightarrow>\<^bsub>T\<^esub> y; forward V; set U \<inter> set V = {}; forward (as@U@bs@V@cs)\<rbrakk>
+ \<Longrightarrow> forward (as@U@V@bs@cs)"
+ using move_mid_backward_if_noarc_aux[of U V as bs cs] forward_arc_to_head[of V U] forward_def
+ by blast
+
+end
+
+subsection \<open>Sublist Additions\<close>
+
+lemma fst_sublist_if_not_snd_sublist:
+ "\<lbrakk>xs@ys=A@B; \<not> sublist B ys\<rbrakk> \<Longrightarrow> \<exists>as bs. as @ bs = xs \<and> bs @ ys = B"
+ by (metis suffix_append suffix_def suffix_imp_sublist)
+
+lemma sublist_before_if_mid:
+ assumes "sublist U (A@V)" and "A @ V @ B = xs" and "set U \<inter> set V = {}" and "U\<noteq>[]"
+ shows "\<exists>as bs cs. as @ U @ bs @ V @ cs = xs"
+proof -
+ obtain C D where C_def: "(C @ U) @ D = A @ V" using assms(1) by (auto simp: sublist_def)
+ have "sublist V D"
+ using assms(3,4) fst_sublist_if_not_snd_sublist[OF C_def] disjoint_iff_not_equal last_appendR
+ by (metis Int_iff Un_Int_eq(1) append_Nil2 append_self_conv2 set_append last_in_set sublist_def)
+ then show ?thesis using assms(2) C_def sublist_def append.assoc by metis
+qed
+
+lemma list_empty_if_subset_dsjnt: "\<lbrakk>set xs \<subseteq> set ys; set xs \<inter> set ys = {}\<rbrakk> \<Longrightarrow> xs = []"
+ using semilattice_inf_class.inf.orderE by fastforce
+
+lemma empty_if_sublist_dsjnt: "\<lbrakk>sublist xs ys; set xs \<inter> set ys = {}\<rbrakk> \<Longrightarrow> xs = []"
+ using set_mono_sublist list_empty_if_subset_dsjnt by fast
+
+lemma sublist_snd_if_fst_dsjnt:
+ assumes "sublist U (V@B)" and "set U \<inter> set V = {}"
+ shows "sublist U B"
+proof -
+ consider "sublist U V" | "sublist U B" | "(\<exists>xs1 xs2. U = xs1@xs2 \<and> suffix xs1 V \<and> prefix xs2 B)"
+ using assms(1) sublist_append by blast
+ then show ?thesis
+ proof(cases)
+ case 1
+ then show ?thesis using assms(2) empty_if_sublist_dsjnt by blast
+ next
+ case 2
+ then show ?thesis by simp
+ next
+ case 3
+ then obtain xs ys where xs_def: "U = xs@ys" "suffix xs V" "prefix ys B" by blast
+ then have "set xs \<subseteq> set V" by (simp add: set_mono_suffix)
+ then have "xs = []" using xs_def(1) assms(2) list_empty_if_subset_dsjnt by fastforce
+ then show ?thesis using xs_def(1,3) by simp
+ qed
+qed
+
+lemma sublist_fst_if_snd_dsjnt:
+ assumes "sublist U (B@V)" and "set U \<inter> set V = {}"
+ shows "sublist U B"
+proof -
+ consider "sublist U V" | "sublist U B" | "(\<exists>xs1 xs2. U = xs1@xs2 \<and> suffix xs1 B \<and> prefix xs2 V)"
+ using assms(1) sublist_append by blast
+ then show ?thesis
+ proof(cases)
+ case 1
+ then show ?thesis using assms(2) empty_if_sublist_dsjnt by blast
+ next
+ case 2
+ then show ?thesis by simp
+ next
+ case 3
+ then obtain xs ys where xs_def: "U = xs@ys" "suffix xs B" "prefix ys V" by blast
+ then have "set ys \<subseteq> set V" by (simp add: set_mono_prefix)
+ then have "ys = []" using xs_def(1) assms(2) list_empty_if_subset_dsjnt by fastforce
+ then show ?thesis using xs_def(1,2) by simp
+ qed
+qed
+
+lemma sublist_app: "sublist (A @ B) C \<Longrightarrow> sublist A C \<and> sublist B C"
+ using sublist_order.dual_order.trans by blast
+
+lemma sublist_Cons: "sublist (A # B) C \<Longrightarrow> sublist [A] C \<and> sublist B C"
+ using sublist_app[of "[A]"] by simp
+
+lemma sublist_set_elem: "\<lbrakk>sublist xs (A@B); x \<in> set xs\<rbrakk> \<Longrightarrow> x \<in> set A \<or> x \<in> set B"
+ using set_mono_sublist by fastforce
+
+lemma subset_snd_if_hd_notin_fst:
+ assumes "sublist ys (V @ B)" and "hd ys \<notin> set V" and "ys \<noteq> []"
+ shows "set ys \<subseteq> set B"
+proof -
+ have "\<not> sublist ys V" using assms(2,3) by(auto simp: sublist_def)
+ then consider "sublist ys B" | "(\<exists>xs1 xs2. ys = xs1@xs2 \<and> suffix xs1 V \<and> prefix xs2 B)"
+ using assms(1) sublist_append by blast
+ then show ?thesis
+ proof(cases)
+ case 1
+ then show ?thesis using set_mono_sublist by blast
+ next
+ case 2
+ then obtain xs zs where xs_def: "ys = xs@zs" "suffix xs V" "prefix zs B" by blast
+ then have "set xs \<subseteq> set V" by (simp add: set_mono_suffix)
+ then have "xs = []" using xs_def(1) assms(2,3) hd_append hd_in_set subsetD by fastforce
+ then show ?thesis using xs_def(1,3) by (simp add: set_mono_prefix)
+ qed
+qed
+
+lemma suffix_ndjsnt_snd_if_nempty: "\<lbrakk>suffix xs (A@V); V \<noteq> []; xs \<noteq> []\<rbrakk> \<Longrightarrow> set xs \<inter> set V \<noteq> {}"
+ using empty_if_sublist_dsjnt disjoint_iff
+ by (metis sublist_append_leftI suffix_append suffix_imp_sublist)
+
+lemma sublist_not_mid:
+ assumes "sublist U ((A @ V) @ B)" and "set U \<inter> set V = {}" and "V \<noteq> []"
+ shows "sublist U A \<or> sublist U B"
+proof -
+ consider "sublist U A" | "sublist U V" | "(\<exists>xs1 xs2. U = xs1@xs2 \<and> suffix xs1 A \<and> prefix xs2 V)"
+ | "sublist U B" | "(\<exists>xs1 xs2. U = xs1@xs2 \<and> suffix xs1 (A@V) \<and> prefix xs2 B)"
+ using assms(1) sublist_append by metis
+ then show ?thesis
+ proof(cases)
+ case 2
+ then show ?thesis using assms(2) empty_if_sublist_dsjnt by blast
+ next
+ case 3
+ then show ?thesis using assms(2) sublist_append sublist_fst_if_snd_dsjnt by blast
+ next
+ case 5
+ then obtain xs ys where xs_def: "U = xs@ys" "suffix xs (A@V)" "prefix ys B" by blast
+ then have "set xs \<inter> set V \<noteq> {} \<or> xs = []" using suffix_ndjsnt_snd_if_nempty assms(3) by blast
+ then have "xs = []" using xs_def(1) assms(2) by auto
+ then show ?thesis using xs_def(1,3) by simp
+ qed(auto)
+qed
+
+lemma sublist_Y_cases_UV:
+ assumes "\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}"
+ and "U \<in> Y"
+ and "V \<in> Y"
+ and "U \<noteq> []"
+ and "V \<noteq> []"
+ and "(\<forall>xs \<in> Y. sublist xs (as@U@bs@V@cs))"
+ and "xs \<in> Y"
+ shows "sublist xs as \<or> sublist xs bs \<or> sublist xs cs \<or> U = xs \<or> V = xs"
+ using assms append_assoc sublist_not_mid by metis
+
+lemma sublist_behind_if_nbefore:
+ assumes "sublist U xs" "sublist V xs" "\<nexists>as bs cs. as @ U @ bs @ V @ cs = xs" "set U \<inter> set V = {}"
+ shows "\<exists>as bs cs. as @ V @ bs @ U @ cs = xs"
+proof -
+ have "V \<noteq> []" using assms(1,3) unfolding sublist_def by blast
+ obtain A B where A_def: "A @ V @ B = xs" using assms(2) by (auto simp: sublist_def)
+ then have "\<not>sublist U A" unfolding sublist_def using assms(3) by fastforce
+ moreover have "sublist U ((A @ V) @ B)" using assms(1) A_def by simp
+ ultimately have "sublist U B" using assms(4) sublist_not_mid \<open>V\<noteq>[]\<close> by blast
+ then show ?thesis unfolding sublist_def using A_def by blast
+qed
+
+lemma sublists_preserv_move_U:
+ "\<lbrakk>set xs \<inter> set U = {}; set xs \<inter> set V = {}; V\<noteq>[]; sublist xs (as@U@bs@V@cs)\<rbrakk>
+ \<Longrightarrow> sublist xs (as@bs@U@V@cs)"
+ using append_assoc self_append_conv2 sublist_def sublist_not_mid by metis
+
+lemma sublists_preserv_move_UY:
+ "\<lbrakk>\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}; xs \<in> Y; U \<in> Y; V \<in> Y;
+ V \<noteq> []; sublist xs (as@U@bs@V@cs)\<rbrakk>
+ \<Longrightarrow> sublist xs (as@bs@U@V@cs)"
+ using sublists_preserv_move_U append_assoc sublist_appendI by metis
+
+lemma sublists_preserv_move_UY_all:
+ "\<lbrakk>\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}; U \<in> Y; V \<in> Y;
+ V \<noteq> []; \<forall>xs \<in> Y. sublist xs (as@U@bs@V@cs)\<rbrakk>
+ \<Longrightarrow> \<forall>xs \<in> Y. sublist xs (as@bs@U@V@cs)"
+ using sublists_preserv_move_UY[of Y] by simp
+
+lemma sublists_preserv_move_V:
+ "\<lbrakk>set xs \<inter> set U = {}; set xs \<inter> set V = {}; U\<noteq>[]; sublist xs (as@U@bs@V@cs)\<rbrakk>
+ \<Longrightarrow> sublist xs (as@U@V@bs@cs)"
+ using append_assoc self_append_conv2 sublist_def sublist_not_mid by metis
+
+lemma sublists_preserv_move_VY:
+ "\<lbrakk>\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}; xs \<in> Y; U \<in> Y; V \<in> Y;
+ U \<noteq> []; sublist xs (as@U@bs@V@cs)\<rbrakk>
+ \<Longrightarrow> sublist xs (as@U@V@bs@cs)"
+ using sublists_preserv_move_V append_assoc sublist_appendI by metis
+
+lemma sublists_preserv_move_VY_all:
+ "\<lbrakk>\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}; U \<in> Y; V \<in> Y;
+ U \<noteq> []; \<forall>xs \<in> Y. sublist xs (as@U@bs@V@cs)\<rbrakk>
+ \<Longrightarrow> \<forall>xs \<in> Y. sublist xs (as@U@V@bs@cs)"
+ using sublists_preserv_move_VY[of Y] by simp
+
+lemma distinct_sublist_first:
+ "\<lbrakk>sublist as (x#xs); distinct (x#xs); x \<in> set as\<rbrakk> \<Longrightarrow> take (length as) (x#xs) = as"
+ unfolding sublist_def using distinct_app_trans_l distinct_ys_not_xs hd_in_set
+ by (metis list.sel(1) append_assoc append_eq_conv_conj append_self_conv2 hd_append2)
+
+lemma distinct_sublist_first_remainder:
+ "\<lbrakk>sublist as (x#xs); distinct (x#xs); x \<in> set as\<rbrakk> \<Longrightarrow> as @ drop (length as) (x#xs) = x#xs"
+ using distinct_sublist_first append_take_drop_id[of "length as" "x#xs"] by fastforce
+
+lemma distinct_set_diff: "distinct (xs@ys) \<Longrightarrow> set ys = set (xs@ys) - set xs"
+ by auto
+
+lemma list_of_sublist_concat_eq:
+ assumes "\<forall>as \<in> Y. \<forall>bs \<in> Y. as = bs \<or> set as \<inter> set bs = {}"
+ and "\<forall>as \<in> Y. sublist as xs"
+ and "distinct xs"
+ and "set xs = \<Union>(set ` Y)"
+ and "finite Y"
+ shows "\<exists>ys. set ys = Y \<and> concat ys = xs \<and> distinct ys"
+using assms proof(induction "Finite_Set.card Y" arbitrary: Y xs)
+ case (Suc n)
+ show ?case
+ proof(cases xs)
+ case Nil
+ then have "Y = {[]} \<or> Y = {}" using Suc.prems(4) by auto
+ then have "set [[]] = Y \<and> concat [[]] = xs \<and> distinct [[]]" using Nil Suc.hyps(2) by auto
+ then show ?thesis by blast
+ next
+ case (Cons x xs')
+ then obtain as where as_def: "x \<in> set as" "as \<in> Y" using Suc.prems(4) by auto
+ then have 0: "as @ (drop (length as) xs) = xs"
+ using Suc.prems(2,3) distinct_sublist_first_remainder Cons by fast
+ then have "\<forall>bs \<in> (Y - {as}). sublist bs (drop (length as) xs)"
+ using Suc.prems(1,2) as_def(2) by (metis DiffE insertI1 sublist_snd_if_fst_dsjnt)
+ moreover have "\<forall>cs \<in> (Y - {as}). \<forall>bs \<in> (Y - {as}). cs = bs \<or> set cs \<inter> set bs = {}"
+ using Suc.prems(1) by simp
+ moreover have "distinct (drop (length as) xs)" using Suc.prems(3) by simp
+ moreover have "set (drop (length as) xs) = \<Union> (set ` (Y-{as}))"
+ using Suc.prems(1,3,4) distinct_set_diff[of as "drop (length as) xs"] as_def(2) 0 by auto
+ moreover have "n = Finite_Set.card (Y-{as})" using Suc.hyps(2) as_def(2) Suc.prems(5) by simp
+ ultimately obtain ys where ys_def:
+ "set ys = (Y-{as})" "concat ys = drop (length as) xs" "distinct ys"
+ using Suc.hyps(1) Suc.prems(5) by blast
+ then have "set (as#ys) = Y \<and> concat (as#ys) = xs \<and> distinct (as#ys)" using 0 as_def(2) by auto
+ then show ?thesis by blast
+ qed
+qed(auto)
+
+lemma extract_length_decr[termination_simp]:
+ "List.extract P xs = Some (as,x,bs) \<Longrightarrow> length bs < length xs"
+ by (simp add: extract_Some_iff)
+
+fun separate_P :: "('a \<Rightarrow> bool) \<Rightarrow> 'a list \<Rightarrow> 'a list \<Rightarrow> 'a list \<times> 'a list" where
+ "separate_P P acc xs = (case List.extract P xs of
+ None \<Rightarrow> (acc,xs)
+ | Some (as,x,bs) \<Rightarrow> (case separate_P P (x#acc) bs of (acc',xs') \<Rightarrow> (acc', as@xs')))"
+
+lemma separate_not_P_snd: "separate_P P acc xs = (as,bs) \<Longrightarrow> \<forall>x \<in> set bs. \<not>P x"
+proof(induction P acc xs arbitrary: as bs rule: separate_P.induct)
+ case (1 P acc xs)
+ then show ?case
+ proof(cases "List.extract P xs")
+ case None
+ then have "bs = xs" using "1.prems" by simp
+ then show ?thesis using None by (simp add: extract_None_iff)
+ next
+ case (Some a)
+ then obtain cs x ds where x_def[simp]: "a = (cs,x,ds)" by(cases a) auto
+ then obtain acc' xs' where acc'_def: "separate_P P (x#acc) ds = (acc',xs')" by fastforce
+ then have "(acc', cs@xs') = (as,bs)" using "1.prems" Some by simp
+ moreover have "\<forall>x \<in> set xs'. \<not>P x" using "1.IH" acc'_def Some x_def by blast
+ ultimately show ?thesis using Some by (auto simp: extract_Some_iff)
+ qed
+qed
+
+lemma separate_input_impl_none: "separate_P P acc xs = (acc,xs) \<Longrightarrow> List.extract P xs = None"
+ using extract_None_iff separate_not_P_snd by fast
+
+lemma separate_input_iff_none: "List.extract P xs = None \<longleftrightarrow> separate_P P acc xs = (acc,xs)"
+ using separate_input_impl_none by auto
+
+lemma separate_P_fst_acc:
+ "separate_P P acc xs = (as,bs) \<Longrightarrow> \<exists>as'. as = as'@acc \<and> (\<forall>x \<in> set as'. P x)"
+proof(induction P acc xs arbitrary: as bs rule: separate_P.induct)
+ case (1 P acc xs)
+ then show ?case
+ proof(cases "List.extract P xs")
+ case None
+ then show ?thesis using "1.prems" by simp
+ next
+ case (Some a)
+ then obtain cs x ds where x_def[simp]: "a = (cs,x,ds)" by(cases a) auto
+ then obtain acc' xs' where acc'_def: "separate_P P (x#acc) ds = (acc',xs')" by fastforce
+ then have "(acc', cs@xs') = (as,bs)" using "1.prems" Some by simp
+ then have "\<exists>as'. as = as'@(x#acc) \<and> (\<forall>x \<in> set as'. P x)"
+ using "1.IH" acc'_def Some x_def by blast
+ then show ?thesis using Some by (auto simp: extract_Some_iff)
+ qed
+qed
+
+lemma separate_P_fst: "separate_P P [] xs = (as,bs) \<Longrightarrow> \<forall>x \<in> set as. P x"
+ using separate_P_fst_acc by fastforce
+
+subsection \<open>Optimal Solution for Lists of Fixed Sets\<close>
+
+lemma distinct_seteq_set_length_eq:
+ "x \<in> {ys. set ys = xs \<and> distinct ys} \<Longrightarrow> length x = Finite_Set.card xs"
+ using distinct_card by fastforce
+
+lemma distinct_seteq_set_Cons:
+ "\<lbrakk>Finite_Set.card xs = Suc n; x \<in> {ys. set ys = xs \<and> distinct ys}\<rbrakk>
+ \<Longrightarrow> \<exists>y ys. y # ys = x \<and> length ys = n \<and> distinct ys \<and> finite (set ys)"
+ using distinct_seteq_set_length_eq[of x] Suc_length_conv[of n x] by force
+
+lemma distinct_seteq_set_Cons':
+ "\<lbrakk>Finite_Set.card xs = Suc n; x \<in> {ys. set ys = xs \<and> distinct ys}\<rbrakk>
+ \<Longrightarrow> \<exists>y ys zs. y # ys = x \<and> Finite_Set.card zs = n \<and> distinct ys \<and> set ys = zs"
+ using distinct_seteq_set_length_eq[of x] Suc_length_conv[of n x] by force
+
+lemma distinct_seteq_set_Cons'':
+ "\<lbrakk>Finite_Set.card xs = Suc n; x \<in> {ys. set ys = xs \<and> distinct ys}\<rbrakk>
+ \<Longrightarrow> \<exists>y ys zs. y # ys = x \<and> y \<in> xs
+ \<and> set ys = zs \<and> Finite_Set.card zs = n \<and> distinct ys \<and> finite zs"
+ using distinct_seteq_set_Cons by fastforce
+
+lemma distinct_seteq_set_Cons_in_set:
+ "\<lbrakk>Finite_Set.card xs = Suc n; x \<in> {ys. set ys = xs \<and> distinct ys}\<rbrakk>
+ \<Longrightarrow> \<exists>y ys zs. y#ys = x \<and> y \<in> xs \<and> Finite_Set.card zs = n \<and> ys\<in>{ys. set ys = zs \<and> distinct ys}"
+ using distinct_seteq_set_Cons'' by auto
+
+lemma distinct_seteq_set_Cons_in_set':
+ "\<lbrakk>Finite_Set.card xs = Suc n; x \<in> {ys. set ys = xs \<and> distinct ys}\<rbrakk>
+ \<Longrightarrow> \<exists>y ys. x = y#ys \<and> y \<in> xs \<and> ys\<in>{ys. set ys = (xs - {y}) \<and> distinct ys}"
+ using distinct_seteq_set_Cons'' by fastforce
+
+lemma distinct_seteq_eq_set_union:
+ "Finite_Set.card xs = Suc n
+ \<Longrightarrow> {ys. set ys = xs \<and> distinct ys}
+ = {y # ys |y ys. y \<in> xs \<and> ys \<in> {as. set as = (xs - {y}) \<and> distinct as}}"
+ using distinct_seteq_set_Cons_in_set' by force
+
+lemma distinct_seteq_sub_set_union:
+ "Finite_Set.card xs = Suc n
+ \<Longrightarrow> {ys. set ys = xs \<and> distinct ys}
+ \<subseteq> {y # ys |y ys. y \<in> xs \<and> ys \<in> {as. \<exists>a \<in> xs. set as = (xs - {a}) \<and> distinct as}}"
+ using distinct_seteq_set_Cons_in_set' by fast
+
+lemma finite_set_union: "\<lbrakk>finite ys; \<forall>y \<in> ys. finite y\<rbrakk> \<Longrightarrow> finite (\<Union>y \<in> ys. y)"
+ by simp
+
+lemma Cons_set_eq_union_set:
+ "{x # y | x y y'. x \<in> xs \<and> y \<in> y' \<and> y' \<in> ys} = {x # y | x y. x \<in> xs \<and> y \<in> (\<Union>y \<in> ys. y)}"
+ by blast
+
+lemma finite_set_Cons_union_finite:
+ "\<lbrakk>finite xs; finite ys; \<forall>y \<in> ys. finite y\<rbrakk>
+ \<Longrightarrow> finite {x # y | x y. x \<in> xs \<and> y \<in> (\<Union>y \<in> ys. y)}"
+ by (simp add: finite_image_set2)
+
+lemma finite_set_Cons_finite:
+ "\<lbrakk>finite xs; finite ys; \<forall>y \<in> ys. finite y\<rbrakk>
+ \<Longrightarrow> finite {x # y | x y y'. x \<in> xs \<and> y \<in> y' \<and> y' \<in> ys}"
+ using Cons_set_eq_union_set[of xs] by (simp add: finite_image_set2)
+
+lemma finite_set_Cons_finite':
+ "\<lbrakk>finite xs; finite ys\<rbrakk> \<Longrightarrow> finite {x # y |x y. x \<in> xs \<and> y \<in> ys}"
+ by (auto simp add: finite_image_set2)
+
+lemma Cons_set_alt: "{x # y |x y. x \<in> xs \<and> y \<in> ys} = {zs. \<exists>x y. x # y = zs \<and> x \<in> xs \<and> y \<in> ys}"
+ by blast
+
+lemma Cons_set_sub:
+ assumes "Finite_Set.card xs = Suc n"
+ shows "{ys. set ys = xs \<and> distinct ys}
+ \<subseteq> {x # y |x y. x \<in> xs \<and> y \<in> (\<Union>y \<in> xs. {as. set as = xs - {y} \<and> distinct as})}"
+ using distinct_seteq_eq_set_union[OF assms] by auto
+
+lemma distinct_seteq_finite: "finite xs \<Longrightarrow> finite {ys. set ys = xs \<and> distinct ys}"
+proof(induction "Finite_Set.card xs" arbitrary: xs)
+ case (Suc n)
+ have "finite (\<Union>y \<in> xs. {as. set as = xs - {y} \<and> distinct as})" using Suc by simp
+ then have "finite {x # y |x y. x \<in> xs \<and> y \<in> (\<Union>y \<in> xs. {as. set as = xs - {y} \<and> distinct as})}"
+ using finite_set_Cons_finite'[OF Suc.prems] by blast
+ then show ?case using finite_subset[OF Cons_set_sub] Suc.hyps(2)[symmetric] by blast
+qed(simp)
+
+lemma distinct_setsub_split:
+ "{ys. set ys \<subseteq> xs \<and> distinct ys}
+ = {ys. set ys = xs \<and> distinct ys} \<union> (\<Union>y \<in> xs. {ys. set ys \<subseteq> (xs-{y}) \<and> distinct ys})"
+ by blast
+
+lemma distinct_setsub_finite: "finite xs \<Longrightarrow> finite {ys. set ys \<subseteq> xs \<and> distinct ys}"
+proof(induction "Finite_Set.card xs" arbitrary: xs)
+ case (Suc x)
+ then show ?case using distinct_seteq_finite distinct_setsub_split[of xs] by auto
+qed(simp)
+
+lemma valid_UV_lists_finite:
+ "finite xs \<Longrightarrow> finite {x. \<exists>as bs cs. as@U@bs@V@cs = x \<and> set x = xs \<and> distinct x}"
+ using distinct_seteq_finite by force
+
+lemma valid_UV_lists_r_subset:
+ "{x. \<exists>as bs cs. as@U@bs@V@cs = x \<and> set x = xs \<and> distinct x \<and> take 1 x = [r]}
+ \<subseteq> {x. \<exists>as bs cs. as@U@bs@V@cs = x \<and> set x = xs \<and> distinct x}"
+ by blast
+
+lemma valid_UV_lists_r_finite:
+ "finite xs \<Longrightarrow> finite {x. \<exists>as bs cs. as@U@bs@V@cs = x \<and> set x = xs \<and> distinct x \<and> take 1 x = [r]}"
+ using valid_UV_lists_finite finite_subset[OF valid_UV_lists_r_subset] by fast
+
+lemma valid_UV_lists_arg_min_ex_aux:
+ "\<lbrakk>finite ys; ys \<noteq> {}; ys = {x. \<exists>as bs cs. as@U@bs@V@cs = x \<and> set x = xs \<and> distinct x}\<rbrakk>
+ \<Longrightarrow> \<exists>y \<in> ys. \<forall>z \<in> ys. (f :: 'a list \<Rightarrow> real) y \<le> f z"
+ using arg_min_if_finite(1)[of ys f] arg_min_least[of ys, where ?f = f] by auto
+
+lemma valid_UV_lists_arg_min_ex:
+ "\<lbrakk>finite xs; ys \<noteq> {}; ys = {x. \<exists>as bs cs. as@U@bs@V@cs = x \<and> set x = xs \<and> distinct x}\<rbrakk>
+ \<Longrightarrow> \<exists>y \<in> ys. \<forall>z \<in> ys. (f :: 'a list \<Rightarrow> real) y \<le> f z"
+ using valid_UV_lists_finite valid_UV_lists_arg_min_ex_aux[of ys] by blast
+
+lemma valid_UV_lists_arg_min_r_ex_aux:
+ "\<lbrakk>finite ys; ys \<noteq> {};
+ ys = {x. \<exists>as bs cs. as@U@bs@V@cs = x \<and> set x = xs \<and> distinct x \<and> take 1 x = [r]}\<rbrakk>
+ \<Longrightarrow> \<exists>y \<in> ys. \<forall>z \<in> ys. (f :: 'a list \<Rightarrow> real) y \<le> f z"
+ using arg_min_if_finite(1)[of ys f] arg_min_least[of ys, where ?f = f] by auto
+
+lemma valid_UV_lists_arg_min_r_ex:
+ "\<lbrakk>finite xs; ys \<noteq> {};
+ ys = {x. \<exists>as bs cs. as@U@bs@V@cs = x \<and> set x = xs \<and> distinct x \<and> take 1 x = [r]}\<rbrakk>
+ \<Longrightarrow> \<exists>y \<in> ys. \<forall>z \<in> ys. (f :: 'a list \<Rightarrow> real) y \<le> f z"
+ using valid_UV_lists_r_finite[of xs] valid_UV_lists_arg_min_r_ex_aux[of ys] by blast
+
+lemma valid_UV_lists_nemtpy:
+ assumes "finite xs" "set (U@V) \<subseteq> xs" "distinct (U@V)"
+ shows "{x. \<exists>as bs cs. as@U@bs@V@cs = x \<and> set x = xs \<and> distinct x} \<noteq> {}"
+proof -
+ obtain cs where "set cs = xs - set (U@V) \<and> distinct cs"
+ using assms(1) finite_distinct_list[of "xs - set (U@V)"] by blast
+ then have "[]@U@[]@V@cs = U@V@cs" "set (U@V@cs) = xs" "distinct (U@V@cs)" using assms by auto
+ then show ?thesis by blast
+qed
+
+lemma valid_UV_lists_nemtpy':
+ "\<lbrakk>finite xs; set U \<inter> set V = {}; set U \<subseteq> xs; set V \<subseteq> xs; distinct U; distinct V\<rbrakk>
+ \<Longrightarrow> {x. \<exists>as bs cs. as@U@bs@V@cs = x \<and> set x = xs \<and> distinct x} \<noteq> {}"
+ using valid_UV_lists_nemtpy[of xs] by simp
+
+lemma valid_UV_lists_nemtpy_r:
+ assumes "finite xs" and "set (U@V) \<subseteq> xs" and "distinct (U@V)"
+ and "take 1 U = [r] \<or> r \<notin> set U \<union> set V" and "r \<in> xs"
+ shows "{x. (\<exists>as bs cs. as@U@bs@V@cs = x) \<and> set x = xs \<and> distinct x \<and> take 1 x = [r]} \<noteq> {}"
+proof(cases "take 1 U = [r]")
+ case True
+ obtain cs where "set cs = xs - set (U@V) \<and> distinct cs"
+ using assms(1) finite_distinct_list by auto
+ then have "[]@U@[]@V@cs = U@V@cs" "set (U@V@cs) = xs" "distinct (U@V@cs)" using assms by auto
+ then show ?thesis using True take1_singleton_app by fast
+next
+ case False
+ obtain cs where cs_def: "set cs = xs - ({r} \<union> set (U@V)) \<and> distinct cs"
+ using assms(1) finite_distinct_list by auto
+ then have "[r]@U@[]@V@cs = [r]@U@V@cs" "set ([r]@U@V@cs) = xs" "distinct ([r]@U@V@cs)"
+ "take 1 ([r]@U@V@cs) = [r]"
+ using assms False by auto
+ then show ?thesis by (smt (verit, del_insts) empty_Collect_eq)
+qed
+
+lemma valid_UV_lists_nemtpy_r':
+ "\<lbrakk>finite xs; set U \<inter> set V = {}; set U \<subseteq> xs; set V \<subseteq> xs; distinct U; distinct V;
+ take 1 U = [r] \<or> r \<notin> set U \<union> set V; r \<in> xs\<rbrakk>
+ \<Longrightarrow> {x. \<exists>as bs cs. as@U@bs@V@cs = x \<and> set x = xs \<and> distinct x \<and> take 1 x = [r]} \<noteq> {}"
+ using valid_UV_lists_nemtpy_r[of xs] by simp
+
+lemma valid_UV_lists_arg_min_ex':
+ "\<lbrakk>finite xs; set U \<inter> set V = {}; set U \<subseteq> xs; set V \<subseteq> xs; distinct U; distinct V;
+ ys = {x. (\<exists>as bs cs. as@U@bs@V@cs = x) \<and> set x = xs \<and> distinct x}\<rbrakk>
+ \<Longrightarrow> \<exists>y \<in> ys. \<forall>z \<in> ys. (f :: 'a list \<Rightarrow> real) y \<le> f z"
+ using valid_UV_lists_arg_min_ex[of xs] valid_UV_lists_nemtpy'[of xs] by simp
+
+lemma valid_UV_lists_arg_min_r_ex':
+ "\<lbrakk>finite xs; set U \<inter> set V = {}; set U \<subseteq> xs; set V \<subseteq> xs; distinct U; distinct V;
+ take 1 U = [r] \<or> r \<notin> set U \<union> set V; r \<in> xs;
+ ys = {x. (\<exists>as bs cs. as@U@bs@V@cs = x) \<and> set x = xs \<and> distinct x \<and> take 1 x = [r]}\<rbrakk>
+ \<Longrightarrow> \<exists>y \<in> ys. \<forall>z \<in> ys. (f :: 'a list \<Rightarrow> real) y \<le> f z"
+ using valid_UV_lists_arg_min_r_ex[of xs] valid_UV_lists_nemtpy_r'[of xs] by simp
+
+lemma valid_UV_lists_alt:
+ assumes "P = (\<lambda>x. (\<exists>as bs cs. as@U@bs@V@cs = x) \<and> set x = xs \<and> distinct x)"
+ shows "{x. (\<exists>as bs cs. as@U@bs@V@cs = x) \<and> set x = xs \<and> distinct x} = {ys. P ys}"
+ using assms by simp
+
+lemma valid_UV_lists_argmin_ex:
+ fixes cost :: "'a list \<Rightarrow> real"
+ assumes "P = (\<lambda>x. (\<exists>as bs cs. as@U@bs@V@cs = x) \<and> set x = xs \<and> distinct x)"
+ and "finite xs"
+ and "set U \<inter> set V = {}"
+ and "set U \<subseteq> xs"
+ and "set V \<subseteq> xs"
+ and "distinct U"
+ and "distinct V"
+ shows "\<exists>as' bs' cs'. P (as'@U@bs'@V@cs') \<and>
+ (\<forall>as bs cs. P (as@U@bs@V@cs) \<longrightarrow> cost (as'@U@bs'@V@cs') \<le> cost (as@U@bs@V@cs))"
+proof -
+ obtain y where "y \<in> {ys. P ys} \<and> (\<forall>z \<in> {ys. P ys}. cost y \<le> cost z)"
+ using valid_UV_lists_arg_min_ex'[OF assms(2-7)] assms(1) by fastforce
+ then show ?thesis using assms(1) by blast
+qed
+
+lemma valid_UV_lists_argmin_ex_noP:
+ fixes cost :: "'a list \<Rightarrow> real"
+ assumes "finite xs"
+ and "set U \<inter> set V = {}"
+ and "set U \<subseteq> xs"
+ and "set V \<subseteq> xs"
+ and "distinct U"
+ and "distinct V"
+ shows "\<exists>as' bs' cs'. set (as' @ U @ bs' @ V @ cs') = xs \<and> distinct (as' @ U @ bs' @ V @ cs')
+ \<and> (\<forall>as bs cs. set (as @ U @ bs @ V @ cs) = xs \<and> distinct (as @ U @ bs @ V @ cs)
+ \<longrightarrow> cost (as' @ U @ bs' @ V @ cs') \<le> cost (as @ U @ bs @ V @ cs))"
+ using valid_UV_lists_argmin_ex[OF refl assms] by metis
+
+lemma valid_UV_lists_argmin_r_ex:
+ fixes cost :: "'a list \<Rightarrow> real"
+ assumes "P = (\<lambda>x. (\<exists>as bs cs. as@U@bs@V@cs = x) \<and> set x = xs \<and> distinct x \<and> take 1 x = [r])"
+ and "finite xs"
+ and "set U \<inter> set V = {}"
+ and "set U \<subseteq> xs"
+ and "set V \<subseteq> xs"
+ and "distinct U"
+ and "distinct V"
+ and "take 1 U = [r] \<or> r \<notin> set U \<union> set V"
+ and "r \<in> xs"
+ shows "\<exists>as' bs' cs'. P (as'@U@bs'@V@cs') \<and>
+ (\<forall>as bs cs. P (as@U@bs@V@cs) \<longrightarrow> cost (as'@U@bs'@V@cs') \<le> cost (as@U@bs@V@cs))"
+proof -
+ obtain y where "y \<in> {ys. P ys} \<and> (\<forall>z \<in> {ys. P ys}. cost y \<le> cost z)"
+ using valid_UV_lists_arg_min_r_ex'[OF assms(2-9)] assms(1) by fastforce
+ then show ?thesis using assms(1) by blast
+qed
+
+lemma valid_UV_lists_argmin_r_ex_noP:
+ fixes cost :: "'a list \<Rightarrow> real"
+ assumes "finite xs"
+ and "set U \<inter> set V = {}"
+ and "set U \<subseteq> xs"
+ and "set V \<subseteq> xs"
+ and "distinct U"
+ and "distinct V"
+ and "take 1 U = [r] \<or> r \<notin> set U \<union> set V"
+ and "r \<in> xs"
+ shows "\<exists>as' bs' cs'. set (as' @ U @ bs' @ V @ cs') = xs
+ \<and> distinct (as' @ U @ bs' @ V @ cs') \<and> take 1 (as' @ U @ bs' @ V @ cs') = [r]
+ \<and> (\<forall>as bs cs. set (as @ U @ bs @ V @ cs) = xs
+ \<and> distinct (as @ U @ bs @ V @ cs) \<and> take 1 (as @ U @ bs @ V @ cs) = [r]
+ \<longrightarrow> cost (as' @ U @ bs' @ V @ cs') \<le> cost (as @ U @ bs @ V @ cs))"
+ using valid_UV_lists_argmin_r_ex[OF refl assms] by metis
+
+lemma valid_UV_lists_argmin_r_ex_noP':
+ fixes cost :: "'a list \<Rightarrow> real"
+ assumes "finite xs"
+ and "set U \<inter> set V = {}"
+ and "set U \<subseteq> xs"
+ and "set V \<subseteq> xs"
+ and "distinct U"
+ and "distinct V"
+ and "take 1 U = [r] \<or> r \<notin> set U \<union> set V"
+ and "r \<in> xs"
+ shows "\<exists>as' bs' cs'. set (as' @ U @ bs' @ V @ cs') = xs
+ \<and> distinct (as' @ U @ bs' @ V @ cs') \<and> take 1 (as' @ U @ bs' @ V @ cs') = [r]
+ \<and> (\<forall>as bs cs. set (as @ U @ bs @ V @ cs) = xs
+ \<and> distinct (as @ U @ bs @ V @ cs) \<and> take 1 (as @ U @ bs @ V @ cs) = [r]
+ \<longrightarrow> cost (rev (as' @ U @ bs' @ V @ cs')) \<le> cost (rev (as @ U @ bs @ V @ cs)))"
+ using valid_UV_lists_argmin_r_ex_noP[OF assms] by meson
+
+lemma take1_split_nempty: "ys \<noteq> [] \<Longrightarrow> take 1 (xs@ys@zs) = take 1 (xs@ys)"
+ by (metis append.assoc append_Nil2 gr_zeroI length_0_conv less_one same_append_eq
+ take_append take_eq_Nil zero_less_diff)
+
+lemma take1_elem: "\<lbrakk>take 1 (xs@ys) = [r]; r \<in> set xs\<rbrakk> \<Longrightarrow> take 1 xs = [r]"
+ using in_set_conv_decomp_last[of r xs] by auto
+
+lemma take1_nelem: "\<lbrakk>take 1 (xs@ys) = [r]; r \<notin> set ys\<rbrakk> \<Longrightarrow> take 1 xs = [r]"
+ using take1_elem[of xs ys r] append_self_conv2[of xs] hd_in_set[of ys]
+ by (fastforce dest: hd_eq_take1)
+
+lemma take1_split_nelem_nempty: "\<lbrakk>take 1 (xs@ys@zs) = [r]; ys \<noteq> []; r \<notin> set ys\<rbrakk> \<Longrightarrow> take 1 xs = [r]"
+ using take1_split_nempty take1_nelem by fastforce
+
+lemma take1_empty_if_nelem: "\<lbrakk>take 1 (as@bs@cs) = [r]; r \<notin> set as\<rbrakk> \<Longrightarrow> as = []"
+ using take1_split_nelem_nempty[of "[]" as "bs@cs"] by auto
+
+lemma take1_empty_if_mid: "\<lbrakk>take 1 (as@bs@cs) = [r]; r \<in> set bs; distinct (as@bs@cs)\<rbrakk> \<Longrightarrow> as = []"
+ using take1_empty_if_nelem by fastforce
+
+lemma take1_mid_if_elem:
+ "\<lbrakk>take 1 (as@bs@cs) = [r]; r \<in> set bs; distinct (as@bs@cs)\<rbrakk> \<Longrightarrow> take 1 bs = [r]"
+ using take1_empty_if_mid[of as bs cs] by (fastforce intro: take1_elem)
+
+lemma contr_optimal_nogap_no_r:
+ assumes "asi rank r cost"
+ and "rank (rev V) \<le> rank (rev U)"
+ and "finite xs"
+ and "set U \<inter> set V = {}"
+ and "set U \<subseteq> xs"
+ and "set V \<subseteq> xs"
+ and "distinct U"
+ and "distinct V"
+ and "r \<notin> set U \<union> set V"
+ and "r \<in> xs"
+ shows "\<exists>as' cs'. distinct (as' @ U @ V @ cs') \<and> take 1 (as' @ U @ V @ cs') = [r]
+ \<and> set (as' @ U @ V @ cs') = xs \<and> (\<forall>as bs cs. set (as @ U @ bs @ V @ cs) = xs
+ \<and> distinct (as @ U @ bs @ V @ cs) \<and> take 1 (as @ U @ bs @ V @ cs) = [r]
+ \<longrightarrow> cost (rev (as' @ U @ V @ cs')) \<le> cost (rev (as @ U @ bs @ V @ cs)))"
+proof -
+ define P where "P ys \<equiv> set ys = xs \<and> distinct ys \<and> take 1 ys = [r]" for ys
+ obtain as' bs' cs' where bs'_def:
+ "set (as'@U@bs'@V@cs') = xs" "distinct (as'@U@bs'@V@cs')" "take 1 (as'@U@bs'@V@cs') = [r]"
+ "\<forall>as bs cs. P (as @ U @ bs @ V @ cs) \<longrightarrow>
+ cost (rev (as' @ U @ bs' @ V @ cs')) \<le> cost (rev (as @ U @ bs @ V @ cs))"
+ using valid_UV_lists_argmin_r_ex_noP'[OF assms(3-8)] assms(9,10) unfolding P_def by blast
+ then consider "U = []" | "V = [] \<or> bs' = []"
+ | "rank (rev bs') \<le> rank (rev U)" "U \<noteq> []" "bs' \<noteq> []"
+ | "rank (rev U) \<le> rank (rev bs')" "U \<noteq> []" "V \<noteq> []" "bs' \<noteq> []"
+ by fastforce
+ then show ?thesis
+ proof(cases)
+ case 1
+ then have "\<forall>as bs cs. P (as @ U @ bs @ V @ cs) \<longrightarrow>
+ cost (rev ((as'@bs')@U@V@cs')) \<le> cost (rev (as @ U @ bs @ V @ cs))"
+ using bs'_def(4) by simp
+ moreover have "set ((as'@bs')@U@V@cs') = xs" using bs'_def(1) by auto
+ moreover have "distinct ((as'@bs')@U@V@cs')" using bs'_def(2) by auto
+ moreover have "take 1 ((as'@bs')@U@V@cs') = [r]" using bs'_def(3) 1 by auto
+ ultimately show ?thesis unfolding P_def by blast
+ next
+ case 2
+ then have "\<forall>as bs cs. P (as @ U @ bs @ V @ cs) \<longrightarrow>
+ cost (rev (as'@U@V@bs'@cs')) \<le> cost (rev (as @ U @ bs @ V @ cs))" using bs'_def(4) by auto
+ moreover have "set (as'@U@V@bs'@cs') = xs" using bs'_def(1) by auto
+ moreover have "distinct (as'@U@V@bs'@cs')" using bs'_def(2) by auto
+ moreover have "take 1 (as'@U@V@bs'@cs') = [r]" using bs'_def(3) 2 by auto
+ ultimately show ?thesis unfolding P_def by blast
+ next
+ case 3
+ have 0: "distinct (as'@bs'@U@V@cs')" using bs'_def(2) by auto
+ have 1: "take 1 (as'@bs'@U@V@cs') = [r]"
+ using bs'_def(3) assms(9) 3(2) take1_split_nelem_nempty[of as' U "bs'@V@cs'"] by simp
+ then have "cost (rev (as'@bs'@U@V@cs')) \<le> cost (rev (as'@U@bs'@V@cs'))"
+ using asi_le_rfst[OF assms(1) 3(1,3,2) 0] bs'_def(3) by blast
+ then have "\<forall>as bs cs. P (as @ U @ bs @ V @ cs) \<longrightarrow>
+ cost (rev ((as'@bs')@U@V@cs')) \<le> cost (rev (as @ U @ bs @ V @ cs))"
+ using bs'_def(4) by fastforce
+ moreover have "set ((as'@bs')@U@V@cs') = xs" using bs'_def(1) by auto
+ moreover have "distinct ((as'@bs')@U@V@cs')" using 0 by simp
+ moreover have "take 1 ((as'@bs')@U@V@cs') = [r]" using 1 by simp
+ ultimately show ?thesis using P_def by blast
+ next
+ case 4
+ then have 3: "rank (rev V) \<le> rank (rev bs')" using assms(2) by simp
+ have 0: "distinct ((as'@U)@V@bs'@cs')" using bs'_def(2) by auto
+ have 1: "take 1 (as'@U@V@bs'@cs') = [r]"
+ using bs'_def(3) assms(9) 4(2) take1_split_nelem_nempty[of as' U "bs'@V@cs'"] by simp
+ then have "cost (rev (as'@U@V@bs'@cs')) \<le> cost (rev ((as'@U)@bs'@V@cs'))"
+ using asi_le_rfst[OF assms(1) 3 4(3,4) 0] bs'_def(3) by simp
+ then have "\<forall>as bs cs. P (as @ U @ bs @ V @ cs) \<longrightarrow>
+ cost (rev (as'@U@V@bs'@cs')) \<le> cost (rev (as @ U @ bs @ V @ cs))"
+ using bs'_def(4) by fastforce
+ moreover have "set (as'@U@V@bs'@cs') = xs" using bs'_def(1) by auto
+ moreover have "distinct (as'@U@V@bs'@cs')" using 0 by simp
+ ultimately show ?thesis using P_def 1 by blast
+ qed
+qed
+
+fun combine_lists_P :: "('a list \<Rightarrow> bool) \<Rightarrow> 'a list \<Rightarrow> 'a list list \<Rightarrow> 'a list list" where
+ "combine_lists_P _ y [] = [y]"
+| "combine_lists_P P y (x#xs) = (if P (x@y) then combine_lists_P P (x@y) xs else (x@y)#xs)"
+
+fun make_list_P :: "('a list \<Rightarrow> bool) \<Rightarrow> 'a list list \<Rightarrow> 'a list list \<Rightarrow> 'a list list" where
+ "make_list_P P acc xs = (case List.extract P xs of
+ None \<Rightarrow> rev acc @ xs
+ | Some (as,y,bs) \<Rightarrow> make_list_P P (combine_lists_P P y (rev as @ acc)) bs)"
+
+lemma combine_lists_concat_rev_eq: "concat (rev (combine_lists_P P y xs)) = concat (rev xs) @ y"
+ by (induction P y xs rule: combine_lists_P.induct) auto
+
+lemma make_list_concat_rev_eq: "concat (make_list_P P acc xs) = concat (rev acc) @ concat xs"
+proof(induction P acc xs rule: make_list_P.induct)
+ case (1 P acc xs)
+ then show ?case
+ proof(cases "List.extract P xs")
+ case (Some a)
+ then obtain as x bs where x_def[simp]: "a = (as,x,bs)" by(cases a) auto
+ then have "concat (make_list_P P acc xs)
+ = concat (rev (combine_lists_P P x (rev as @ acc))) @ concat bs"
+ using 1 Some by simp
+ also have "\<dots> = concat (rev acc) @ concat (as@x#bs)"
+ using combine_lists_concat_rev_eq[of P] by simp
+ finally show ?thesis using Some extract_SomeE by force
+ qed(simp)
+qed
+
+lemma combine_lists_sublists:
+ "\<exists>x \<in> {y} \<union> set xs. sublist as x \<Longrightarrow> \<exists>x \<in> set (combine_lists_P P y xs). sublist as x"
+proof (induction P y xs rule: combine_lists_P.induct)
+ case (2 P y x xs)
+ then show ?case
+ proof(cases "sublist as x \<or> sublist as y")
+ case True
+ then have "sublist as (x@y)" using sublist_order.dual_order.trans by blast
+ then show ?thesis using 2 by force
+ next
+ case False
+ then show ?thesis using 2 by simp
+ qed
+qed(simp)
+
+lemma make_list_sublists:
+ "\<exists>x \<in> set acc \<union> set xs. sublist cs x \<Longrightarrow> \<exists>x \<in> set (make_list_P P acc xs). sublist cs x"
+proof(induction P acc xs rule: make_list_P.induct)
+ case (1 P acc xs)
+ then show ?case
+ proof(cases "List.extract P xs")
+ case (Some a)
+ then obtain as x bs where x_def[simp]: "a = (as,x,bs)" by(cases a) auto
+ then have "make_list_P P acc xs = make_list_P P (combine_lists_P P x (rev as @ acc)) bs"
+ using Some by simp
+ then have "\<exists>a \<in> set (combine_lists_P P x (rev as @ acc)) \<union> set bs. sublist cs a"
+ using Some combine_lists_sublists[of x "rev as @ acc" cs] "1.prems"
+ by (auto simp: extract_Some_iff)
+ then show ?thesis using 1 Some by simp
+ qed(simp)
+qed
+
+lemma combine_lists_nempty: "\<lbrakk>[] \<notin> set xs; y \<noteq> []\<rbrakk> \<Longrightarrow> [] \<notin> set (combine_lists_P P y xs)"
+ by (induction P y xs rule: combine_lists_P.induct) auto
+
+lemma make_list_nempty:
+ "\<lbrakk>[] \<notin> set acc; [] \<notin> set xs\<rbrakk> \<Longrightarrow> [] \<notin> set (make_list_P P acc xs)"
+proof (induction P acc xs rule: make_list_P.induct)
+ case (1 P acc xs)
+ show ?case
+ proof(cases "List.extract P xs")
+ case None
+ then show ?thesis using 1 by simp
+ next
+ case (Some a)
+ then show ?thesis using 1 by (auto simp: extract_Some_iff combine_lists_nempty)
+ qed
+qed
+
+lemma combine_lists_notP:
+ "\<forall>x\<in>set xs. \<not>P x \<Longrightarrow> (\<exists>x. combine_lists_P P y xs = [x]) \<or> (\<forall>x\<in>set (combine_lists_P P y xs). \<not>P x)"
+ by (induction P y xs rule: combine_lists_P.induct) auto
+
+lemma combine_lists_single: "xs = [x] \<Longrightarrow> combine_lists_P P y xs = [x@y]"
+ by auto
+
+lemma combine_lists_lastP:
+ "P (last xs) \<Longrightarrow> (\<exists>x. combine_lists_P P y xs = [x]) \<or> (P (last (combine_lists_P P y xs)))"
+ by (induction P y xs rule: combine_lists_P.induct) auto
+
+lemma make_list_notP:
+ "\<lbrakk>(\<forall>x \<in> set acc. \<not>P x) \<or> P (last acc)\<rbrakk>
+ \<Longrightarrow> (\<forall>x\<in>set (make_list_P P acc xs). \<not>P x) \<or> (\<exists>y ys. make_list_P P acc xs = y # ys \<and> P y)"
+proof(induction P acc xs rule: make_list_P.induct)
+ case (1 P acc xs)
+ then show ?case
+ proof(cases "List.extract P xs")
+ case None
+ then show ?thesis
+ proof(cases "\<forall>x \<in> set acc. \<not>P x")
+ case True
+ from None have "\<forall>x \<in> set xs. \<not> P x" by (simp add: extract_None_iff)
+ then show ?thesis using True "1.prems" None by auto
+ next
+ case False
+ then have "acc \<noteq> []" by auto
+ then have "make_list_P P acc xs = last acc # rev (butlast acc) @ xs" using None by simp
+ then show ?thesis using False "1.prems" by blast
+ qed
+ next
+ case (Some a)
+ then obtain as x bs where x_def[simp]: "a = (as,x,bs)" by(cases a) auto
+ show ?thesis
+ proof(cases "\<forall>x \<in> set acc. \<not>P x")
+ case True
+ then have "\<forall>x \<in> set (rev as @ acc). \<not>P x" using Some by (auto simp: extract_Some_iff)
+ then have "(\<forall>x\<in>set (combine_lists_P P x (rev as @ acc)). \<not> P x)
+ \<or> P (last (combine_lists_P P x (rev as @ acc)))"
+ using combine_lists_notP[of "rev as @ acc" P] by force
+ then show ?thesis using "1.IH" Some by simp
+ next
+ case False
+ then have "P (last acc) \<and> acc \<noteq> []" using "1.prems" by auto
+ then have "P (last (rev as @ acc))" using "1.prems" by simp
+ then have "(\<forall>x\<in>set (combine_lists_P P x (rev as @ acc)). \<not> P x)
+ \<or> P (last (combine_lists_P P x (rev as @ acc)))"
+ using combine_lists_lastP[of P] by force
+ then show ?thesis using "1.IH" Some by simp
+ qed
+ qed
+qed
+
+corollary make_list_notP_empty_acc:
+ "(\<forall>x\<in>set (make_list_P P [] xs). \<not>P x) \<or> (\<exists>y ys. make_list_P P [] xs = y # ys \<and> P y)"
+ using make_list_notP[of "[]"] by auto
+
+definition unique_set_r :: "'a \<Rightarrow> 'a list set \<Rightarrow> 'a list \<Rightarrow> bool" where
+ "unique_set_r r Y ys \<longleftrightarrow> set ys = \<Union>(set ` Y) \<and> distinct ys \<and> take 1 ys = [r]"
+
+context directed_tree
+begin
+
+definition fwd_sub :: "'a \<Rightarrow> 'a list set \<Rightarrow> 'a list \<Rightarrow> bool" where
+ "fwd_sub r Y ys \<longleftrightarrow> unique_set_r r Y ys \<and> forward ys \<and> (\<forall>xs \<in> Y. sublist xs ys)"
+
+lemma distinct_mid_unique1: "\<lbrakk>distinct (xs@U@ys); U\<noteq>[]; xs@U@ys = as@U@bs\<rbrakk> \<Longrightarrow> as = xs"
+ using distinct_app_trans_r distinct_ys_not_xs[of xs "U@ys"] hd_append2[of U] append_is_Nil_conv[of U]
+ by (metis append_Cons_eq_iff distinct.simps(2) list.exhaust_sel list.set_sel(1))
+
+lemma distinct_mid_unique2: "\<lbrakk>distinct (xs@U@ys); U\<noteq>[]; xs@U@ys = as@U@bs\<rbrakk> \<Longrightarrow> ys = bs"
+ using distinct_mid_unique1 by blast
+
+lemma concat_all_sublist: "\<forall>x \<in> set xs. sublist x (concat xs)"
+ using split_list by force
+
+lemma concat_all_sublist_rev: "\<forall>x \<in> set xs. sublist x (concat (rev xs))"
+ using split_list by force
+
+lemma concat_all_sublist1:
+ assumes "distinct (as@U@bs)"
+ and "concat cs @ U @ concat ds = as@U@bs"
+ and "U \<noteq> []"
+ and "set (cs@U#ds) = Y"
+ shows "\<exists>X. X \<subseteq> Y \<and> set as = \<Union>(set ` X) \<and> (\<forall>xs \<in> X. sublist xs as)"
+proof -
+ have eq: "concat cs = as"
+ using distinct_mid_unique1[of "concat cs" U "concat ds"] assms(1-3) by simp
+ then have "\<forall>xs \<in> set cs. sublist xs as" using concat_all_sublist by blast
+ then show ?thesis using eq assms(4) by fastforce
+qed
+
+lemma concat_all_sublist2:
+ assumes "distinct (as@U@bs)"
+ and "concat cs @ U @ concat ds = as@U@bs"
+ and "U \<noteq> []"
+ and "set (cs@U#ds) = Y"
+ shows "\<exists>X. X \<subseteq> Y \<and> set bs = \<Union>(set ` X) \<and> (\<forall>xs \<in> X. sublist xs bs)"
+proof -
+ have eq: "concat ds = bs"
+ using distinct_mid_unique1[of "concat cs" U "concat ds"] assms(1-3) by simp
+ then have "\<forall>xs \<in> set ds. sublist xs bs" using concat_all_sublist by blast
+ then show ?thesis using eq assms(4) by fastforce
+qed
+
+lemma concat_split_mid:
+ assumes "\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}"
+ and "finite Y"
+ and "U \<in> Y"
+ and "distinct (as@U@bs)"
+ and "set (as@U@bs) = \<Union>(set ` Y)"
+ and "\<forall>xs \<in> Y. sublist xs (as@U@bs)"
+ and "U \<noteq> []"
+ shows "\<exists>cs ds. concat cs = as \<and> concat ds = bs \<and> set (cs@U#ds) = Y \<and> distinct (cs@U#ds)"
+proof -
+ obtain ys where ys_def: "set ys = Y" "concat ys = as@U@bs" "distinct ys"
+ using list_of_sublist_concat_eq[OF assms(1,6,4,5,2)] by blast
+ then obtain cs ds where cs_def: "cs@U#ds = ys"
+ using assms(3) in_set_conv_decomp_first[of U ys] by blast
+ then have "List.extract ((=) U) ys = Some (cs,U,ds)"
+ using extract_Some_iff[of "(=) U"] ys_def(3) by auto
+ then have "concat cs @ U @ concat ds = as@U@bs" using ys_def(2) cs_def by auto
+ then have "concat cs = as \<and> concat ds = bs"
+ using distinct_mid_unique1[of "concat cs" U] assms(4,7) by auto
+ then show ?thesis using ys_def(1,3) cs_def by blast
+qed
+
+lemma mid_all_sublists_set1:
+ assumes "\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}"
+ and "finite Y"
+ and "U \<in> Y"
+ and "distinct (as@U@bs)"
+ and "set (as@U@bs) = \<Union>(set ` Y)"
+ and "\<forall>xs \<in> Y. sublist xs (as@U@bs)"
+ and "U \<noteq> []"
+ shows "\<exists>X. X \<subseteq> Y \<and> set as = \<Union>(set ` X) \<and> (\<forall>xs \<in> X. sublist xs as)"
+proof -
+ obtain ys where ys_def: "set ys = Y" "concat ys = as@U@bs" "distinct ys"
+ using list_of_sublist_concat_eq[OF assms(1,6,4,5,2)] by blast
+ then obtain cs ds where cs_def: "cs@U#ds = ys"
+ using assms(3) in_set_conv_decomp_first[of U ys] by blast
+ then have "List.extract ((=) U) ys = Some (cs,U,ds)"
+ using extract_Some_iff[of "(=) U"] ys_def(3) by auto
+ then have "concat cs @ U @ concat ds = as@U@bs" using ys_def(2) cs_def by auto
+ then show ?thesis using cs_def ys_def(1) concat_all_sublist1[OF assms(4)] assms(7) by force
+qed
+
+lemma mid_all_sublists_set2:
+ assumes "\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}"
+ and "finite Y"
+ and "U \<in> Y"
+ and "distinct (as@U@bs)"
+ and "set (as@U@bs) = \<Union>(set ` Y)"
+ and "\<forall>xs \<in> Y. sublist xs (as@U@bs)"
+ and "U \<noteq> []"
+ shows "\<exists>X. X \<subseteq> Y \<and> set bs = \<Union>(set ` X) \<and> (\<forall>xs \<in> X. sublist xs bs)"
+proof -
+ obtain ys where ys_def: "set ys = Y" "concat ys = as@U@bs" "distinct ys"
+ using list_of_sublist_concat_eq[OF assms(1,6,4,5,2)] by blast
+ then obtain cs ds where cs_def: "cs@U#ds = ys"
+ using assms(3) in_set_conv_decomp_first[of U ys] by blast
+ then have "List.extract ((=) U) ys = Some (cs,U,ds)"
+ using extract_Some_iff[of "(=) U"] ys_def(3) by auto
+ then have "concat cs @ U @ concat ds = as@U@bs" using ys_def(2) cs_def by auto
+ then show ?thesis using cs_def ys_def(1) concat_all_sublist2[OF assms(4)] assms(7) by force
+qed
+
+lemma nonempty_notin_distinct_prefix:
+ assumes "distinct (as@bs@V@cs)" and "concat as' = as" and "V \<noteq> []"
+ shows "V \<notin> set as'"
+proof
+ assume "V \<in> set as'"
+ then have "set V \<subseteq> set as" using assms(2) by auto
+ then have "set as \<inter> set V \<noteq> {}" using assms(3) by (simp add: Int_absorb1)
+ then show False using assms(1) by auto
+qed
+
+lemma concat_split_UV:
+ assumes "\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}"
+ and "finite Y"
+ and "U \<in> Y"
+ and "V \<in> Y"
+ and "distinct (as@U@bs@V@cs)"
+ and "set (as@U@bs@V@cs) = \<Union>(set ` Y)"
+ and "\<forall>xs \<in> Y. sublist xs (as@U@bs@V@cs)"
+ and "U \<noteq> []"
+ and "V \<noteq> []"
+ shows "\<exists>as' bs' cs'. concat as' = as \<and> concat bs' = bs \<and> concat cs' = cs
+ \<and> set (as'@U#bs'@V#cs') = Y \<and> distinct (as'@U#bs'@V#cs')"
+proof -
+ obtain as' ds where as'_def:
+ "concat as' = as" "concat ds = bs@V@cs" "set (as'@U#ds) = Y" "distinct (as'@U#ds)"
+ using concat_split_mid[OF assms(1-3,5-8)] by auto
+ have 0: "distinct (bs@V@cs)" using assms(5) by simp
+ have "V \<notin> set as'"
+ using assms(5,9) as'_def(1) nonempty_notin_distinct_prefix[of as "U@bs"] by auto
+ moreover have "V \<noteq> U" using assms(5,8,9) empty_if_sublist_dsjnt[of U] by auto
+ ultimately have "V \<in> set ds" using as'_def(3) assms(4) by auto
+ then show ?thesis
+ using as'_def 0 assms(9) concat_append distinct_mid_unique1
+ by (metis concat.simps(2) distinct_mid_unique2 split_list)
+qed
+
+lemma cost_decr_if_noarc_lessrank:
+ assumes "asi rank r cost"
+ and "b \<noteq> []"
+ and "r \<notin> set U"
+ and "U \<noteq> []"
+ and "set (as@U@bs@cs) = \<Union>(set ` Y)"
+ and "distinct (as@U@bs@cs)"
+ and "take 1 (as@U@bs@cs) = [r]"
+ and "forward (as@U@bs@cs)"
+ and "concat (b#bs') = bs"
+ and "(\<forall>xs \<in> Y. sublist xs as \<or> sublist xs U
+ \<or> (\<exists>x \<in> set (b#bs'). sublist xs x) \<or> sublist xs cs)"
+ and "\<not>(\<exists>x \<in> set U. \<exists>y \<in> set b. x \<rightarrow>\<^bsub>T\<^esub> y)"
+ and "rank (rev b) < rank (rev U)"
+ shows "fwd_sub r Y (as@b@U@concat bs'@cs)
+ \<and> cost (rev (as@b@U@concat bs'@cs)) < cost (rev (as@U@bs@cs))"
+proof -
+ have rank_yU: "rank (rev b) < rank (rev U)" using assms(12) by simp
+ have 0: "take 1 (as@b@U@concat bs'@cs) = [r]"
+ using take1_singleton_app take1_split_nelem_nempty[OF assms(7,4,3)] by fast
+ have 1: "distinct (as@b@U@ concat bs'@cs)" using assms(6,9) by force
+ have "take 1 (as@U@b@concat bs'@cs) = [r]" using assms(7,9) by force
+ then have cost_lt: "cost (rev (as@b@U@concat bs'@cs)) < cost (rev (as@U@bs@cs))"
+ using asi_lt_rfst[OF assms(1) rank_yU assms(2,4) 1 0] assms(9) by fastforce
+ have P: "set (as@b@U@concat bs'@cs) = \<Union>(set ` Y)" using assms(5,9) by fastforce
+ then have P: "unique_set_r r Y (as@b@U@concat bs'@cs)"
+ using 0 1 unfolding unique_set_r_def by blast
+ have "(\<forall>xs \<in> Y. sublist xs as \<or> sublist xs U \<or> sublist xs b
+ \<or> sublist xs (concat bs') \<or> sublist xs cs)"
+ using assms(10) concat_all_sublist[of bs']
+ sublist_order.dual_order.trans[where a = "concat bs'"] by auto
+ then have all_sub: "\<forall>xs \<in> Y. sublist xs (as@b@U@concat bs'@cs)"
+ by (metis sublist_order.order.trans sublist_append_leftI sublist_append_rightI)
+ have "as \<noteq> []" using take1_split_nelem_nempty[OF assms(7,4,3)] by force
+ then have "forward (as@b@U@concat bs'@cs)"
+ using move_mid_forward_if_noarc assms(8,9,11) by auto
+ then show ?thesis using assms(12) P all_sub cost_lt fwd_sub_def by blast
+qed
+
+lemma cost_decr_if_noarc_lessrank':
+ assumes "asi rank r cost"
+ and "b \<noteq> []"
+ and "r \<notin> set U"
+ and "U \<noteq> []"
+ and "set (as@U@bs@cs) = \<Union>(set ` Y)"
+ and "distinct (as@U@bs@cs)"
+ and "take 1 (as@U@bs@cs) = [r]"
+ and "forward (as@U@bs@cs)"
+ and "concat (b#bs') = bs"
+ and "(\<forall>xs \<in> Y. sublist xs as \<or> sublist xs U
+ \<or> (\<exists>x \<in> set (b#bs'). sublist xs x) \<or> sublist xs cs)"
+ and "\<not>(\<exists>x \<in> set U. \<exists>y \<in> set b. x \<rightarrow>\<^bsub>T\<^esub> y)"
+ and "rank (rev b) < rank (rev V)"
+ and "rank (rev V) \<le> rank (rev U)"
+ shows "fwd_sub r Y (as@b@U@concat bs'@cs)
+ \<and> cost (rev (as@b@U@concat bs'@cs)) < cost (rev (as@U@bs@cs))"
+ using cost_decr_if_noarc_lessrank[OF assms(1-11)] assms(12,13) by simp
+
+lemma sublist_exists_append:
+ "\<exists>a\<in>set ((x # xs) @ [b]). sublist ys a \<Longrightarrow> \<exists>a\<in>set(xs @ [x@b]). sublist ys a"
+ using sublist_order.dual_order.trans by auto
+
+lemma sublist_set_concat_cases:
+ "\<exists>a\<in>set ((x # xs) @ [b]). sublist ys a \<Longrightarrow> sublist ys (concat (rev xs)) \<or> sublist ys x \<or> sublist ys b"
+ using sublist_order.dual_order.trans concat_all_sublist_rev[of xs] by auto
+
+lemma sublist_set_concat_or_cases_aux1:
+ "sublist ys as \<or> sublist ys U \<or> sublist ys cs
+ \<Longrightarrow> sublist ys (as @ U @ concat (rev xs)) \<or> sublist ys cs"
+ using sublist_order.dual_order.trans by blast
+
+lemma sublist_set_concat_or_cases_aux2:
+ "\<exists>a\<in>set ((x # xs) @ [b]). sublist ys a
+ \<Longrightarrow> sublist ys (as @ U @ concat (rev xs)) \<or> sublist ys x \<or> sublist ys b"
+ using sublist_set_concat_cases[of x xs b ys] sublist_order.dual_order.trans by blast
+
+lemma sublist_set_concat_or_cases:
+ "sublist ys as \<or> sublist ys U \<or> (\<exists>a\<in>set ((x#xs) @ [b]). sublist ys a) \<or> sublist ys cs \<Longrightarrow>
+ sublist ys (as@U@ concat (rev xs)) \<or> sublist ys x \<or> (\<exists>a\<in>set [b]. sublist ys a) \<or> sublist ys cs"
+ using sublist_set_concat_or_cases_aux1[of ys as U cs] sublist_set_concat_or_cases_aux2[of x xs b ys]
+ by auto
+
+corollary not_reachable1_append_if_not_old:
+ "\<lbrakk>\<not> (\<exists>z\<in>set U. \<exists>y\<in>set b. z \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y); set U \<inter> set x = {}; forward x;
+ \<exists>z\<in>set x. \<exists>y\<in>set b. z \<rightarrow>\<^bsub>T\<^esub> y\<rbrakk>
+ \<Longrightarrow> \<not> (\<exists>z\<in>set U. \<exists>y\<in>set (x@b). z \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y)"
+ using reachable1_append_old_if_arcU[of x b U] by auto
+
+lemma combine_lists_notP:
+ assumes "asi rank r cost"
+ and "b \<noteq> []"
+ and "r \<notin> set U"
+ and "U \<noteq> []"
+ and "set (as@U@bs@cs) = \<Union>(set ` Y)"
+ and "distinct (as@U@bs@cs)"
+ and "take 1 (as@U@bs@cs) = [r]"
+ and "forward (as@U@bs@cs)"
+ and "concat (rev ys @ [b]) = bs"
+ and "(\<forall>xs \<in> Y. sublist xs as \<or> sublist xs U
+ \<or> (\<exists>x \<in> set (ys @ [b]). sublist xs x) \<or> sublist xs cs)"
+ and "rank (rev V) \<le> rank (rev U)"
+ and "\<not>(\<exists>x \<in> set U. \<exists>y \<in> set b. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y)"
+ and "rank (rev b) < rank (rev V)"
+ and "P = (\<lambda>x. rank (rev x) < rank (rev V))"
+ and "\<forall>x\<in>set ys. \<not>P x"
+ and "\<forall>xs. fwd_sub r Y xs \<longrightarrow> cost (rev (as@U@bs@cs)) \<le> cost (rev xs)"
+ and "\<forall>x \<in> set ys. x \<noteq> []"
+ and "\<forall>x \<in> set ys. forward x"
+ and "forward b"
+ shows "\<forall>x\<in>set (combine_lists_P P b ys). \<not>P x \<and> forward x"
+using assms proof(induction P b ys rule: combine_lists_P.induct)
+ case (1 P b)
+ have 0: "concat (b#[]) = bs" using "1.prems"(9) by simp
+ have 2: "(\<forall>xs \<in> Y. sublist xs as \<or> sublist xs U
+ \<or> (\<exists>x \<in> set ([b]). sublist xs x) \<or> sublist xs cs)" using "1.prems"(10) by simp
+ have 3: "\<not> (\<exists>x\<in>set U. \<exists>y\<in>set b. x \<rightarrow>\<^bsub>T\<^esub> y)" using "1.prems"(12) by blast
+ show ?case
+ using cost_decr_if_noarc_lessrank'[OF 1(1-8) 0 2 3 1(13,11)] 1(16) by auto
+next
+ case (2 P b x xs)
+ have "take 1 as = [r]" using "2.prems"(3,4,7) take1_split_nelem_nempty by fast
+ then have "r \<in> set as" using in_set_takeD[of r 1] by simp
+ then have "r \<notin> set x" using "2.prems"(6,9) by force
+ then have "x \<noteq> []" using "2.prems"(17) by simp
+ text \<open>Arc between x and b otherwise not optimal.\<close>
+ have 4: "as@U@bs@cs = (as@U@concat (rev xs)) @ x @ b @ cs" using "2.prems"(9) by simp
+ have set: "set ((as@U@concat (rev xs)) @ x @ b @ cs) = \<Union> (set ` Y)"
+ using "2.prems"(5) 4 by simp
+ have dst: "distinct ((as@U@concat (rev xs)) @ x @ b @ cs)" using "2.prems"(6) 4 by simp
+ have tk1: "take 1 ((as@U@concat (rev xs)) @ x @ b @ cs) = [r]" using "2.prems"(7) 4 by simp
+ have fwd: "forward ((as@U@concat (rev xs)) @ x @ b @ cs)" using "2.prems"(8) 4 by simp
+ have cnct: "concat (b # []) = b" by simp
+ have sblst: "\<forall>xs' \<in> Y. sublist xs' (as @ U @ concat (rev xs)) \<or> sublist xs' x
+ \<or> (\<exists>a\<in>set [b]. sublist xs' a) \<or> sublist xs' cs"
+ using "2.prems"(10) sublist_set_concat_or_cases[where as = as] by simp
+ have "rank (rev b) < rank (rev x)" using "2.prems"(13-15) by simp
+ then have arc_xb: "\<exists>z\<in>set x. \<exists>y\<in>set b. z \<rightarrow>\<^bsub>T\<^esub> y"
+ using "2.prems"(16) 4
+ cost_decr_if_noarc_lessrank[OF 2(2,3) \<open>r\<notin>set x\<close> \<open>x\<noteq>[]\<close> set dst tk1 fwd cnct sblst]
+ by fastforce
+ have "set x \<inter> set b = {}" using dst by auto
+ then have fwd: "forward (x@b)" using forward_app' arc_xb "2.prems"(18,19) by simp
+ show ?case
+ proof(cases "P (x @ b)")
+ case True
+ have 0: "x @ b \<noteq> []" using "2.prems"(2) by blast
+ have 1: "concat (rev xs @ [x @ b]) = bs" using "2.prems"(9) by simp
+ have 3: "\<forall>xs' \<in> Y. sublist xs' as \<or> sublist xs' U
+ \<or> (\<exists>a\<in>set (xs @ [x @ b]). sublist xs' a) \<or> sublist xs' cs"
+ using "2.prems"(10) sublist_exists_append by fast
+ have "set U \<inter> set x = {}" using 4 "2.prems"(6) by force
+ then have 4: "\<not> (\<exists>z\<in>set U. \<exists>y\<in>set (x @ b). z \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y)"
+ using not_reachable1_append_if_not_old[OF "2.prems"(12)] "2.prems"(18) arc_xb by simp
+ have 5: "rank (rev (x @ b)) < rank (rev V)" using True "2.prems"(14) by simp
+ show ?thesis
+ using "2.IH"[OF True 2(2) 0 2(4-9) 1 3 2(12) 4 5 2(15)] 2(16-19) fwd by auto
+ next
+ case False
+ then show ?thesis using "2.prems"(15,18) fwd by simp
+ qed
+qed
+
+lemma sublist_app_l: "sublist ys cs \<Longrightarrow> sublist ys (xs @ cs)"
+ using sublist_order.dual_order.trans by blast
+
+lemma sublist_split_concat:
+ assumes "a \<in> set (acc @ (as@x#bs))" and "sublist ys a"
+ shows "(\<exists>a\<in>set (rev acc @ as @ [x]). sublist ys a) \<or> sublist ys (concat bs @ cs)"
+proof(cases "a \<in> set (rev acc @ as @ [x])")
+ case True
+ then show ?thesis using assms(2) by blast
+next
+ case False
+ then have "a \<in> set bs" using assms(1) by simp
+ then show ?thesis
+ using assms(2) concat_all_sublist[of bs]
+ sublist_order.dual_order.trans[where c = ys, where b = "concat bs"]
+ by fastforce
+qed
+
+lemma sublist_split_concat':
+ "\<exists>a \<in> set (acc @ (as@x#bs)). sublist ys a \<or> sublist ys cs
+ \<Longrightarrow> (\<exists>a\<in>set (rev acc @ as @ [x]). sublist ys a) \<or> sublist ys (concat bs @ cs)"
+ using sublist_split_concat sublist_app_l[of ys cs] by blast
+
+lemma make_list_notP:
+ assumes "asi rank r cost"
+ and "r \<notin> set U"
+ and "U \<noteq> []"
+ and "set (as@U@bs@cs) = \<Union>(set ` Y)"
+ and "distinct (as@U@bs@cs)"
+ and "take 1 (as@U@bs@cs) = [r]"
+ and "forward (as@U@bs@cs)"
+ and "concat (rev acc @ ys) = bs"
+ and "(\<forall>xs \<in> Y. sublist xs as \<or> sublist xs U
+ \<or> (\<exists>x \<in> set (acc @ ys). sublist xs x) \<or> sublist xs cs)"
+ and "rank (rev V) \<le> rank (rev U)"
+ and "\<And>xs. \<lbrakk>xs \<in> set ys; \<exists>x \<in> set U. \<exists>y \<in> set xs. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y\<rbrakk>
+ \<Longrightarrow> rank (rev V) \<le> rank (rev xs)"
+ and "P = (\<lambda>x. rank (rev x) < rank (rev V))"
+ and "\<forall>xs. fwd_sub r Y xs \<longrightarrow> cost (rev (as@U@bs@cs)) \<le> cost (rev xs)"
+ and "\<forall>x \<in> set ys. x \<noteq> []"
+ and "\<forall>x \<in> set ys. forward x"
+ and "\<forall>x \<in> set acc. x \<noteq> []"
+ and "\<forall>x \<in> set acc. forward x"
+ and "\<forall>x \<in> set acc. \<not>P x"
+ shows "\<forall>x\<in>set (make_list_P P acc ys). \<not>P x"
+using assms proof(induction P acc ys rule: make_list_P.induct)
+ case (1 P acc xs)
+ then show ?case
+ proof(cases "List.extract P xs")
+ case None
+ then have "\<forall>x \<in> set xs. \<not> P x" by (simp add: extract_None_iff)
+ then show ?thesis using "1.prems"(18) None by auto
+ next
+ case (Some a)
+ then obtain as' x bs' where x_def[simp]: "a = (as',x,bs')" by(cases a) auto
+ then have x: "\<forall>x \<in> set (rev as' @ acc). \<not>P x" "xs = as'@x#bs'" "rank (rev x) < rank (rev V)"
+ using Some "1.prems"(12,18) by (auto simp: extract_Some_iff)
+ have "x \<noteq> []" using "1.prems"(14) Some by (simp add: extract_Some_iff)
+ have eq: "as@U@bs@cs = as@U@(concat (rev acc @ as' @ [x])) @ (concat bs' @ cs)"
+ using "1.prems"(8) Some by (simp add: extract_Some_iff)
+ then have 0: "set (as@U@(concat (rev acc @ as' @ [x])) @ (concat bs' @ cs)) = \<Union> (set ` Y)"
+ using "1.prems"(4) by argo
+ have 2: "distinct (as@U@(concat (rev acc @ as' @ [x])) @ (concat bs' @ cs))"
+ using "1.prems"(5) eq by argo
+ have 3: "take 1 (as@U@(concat (rev acc @ as' @ [x])) @ (concat bs' @ cs)) = [r]"
+ using "1.prems"(6) eq by argo
+ have 4: "forward (as@U@(concat (rev acc @ as' @ [x])) @ (concat bs' @ cs))"
+ using "1.prems"(7) eq by argo
+ have 5: "concat (rev (rev as' @ acc) @ [x]) = concat (rev acc @ as' @ [x])" by simp
+ have 6: "\<forall>xs\<in>Y. sublist xs as \<or> sublist xs U
+ \<or> (\<exists>x\<in>set ((rev as' @ acc) @ [x]). sublist xs x) \<or> sublist xs (concat bs' @ cs)"
+ using "1.prems"(9) x(2) sublist_split_concat'[of acc as' x bs', where cs = cs]
+ by auto
+ have 7: "\<not> (\<exists>x'\<in>set U. \<exists>y\<in>set x. x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y)" using "1.prems"(11) x(2,3) by fastforce
+ have 8: "\<forall>xs. fwd_sub r Y xs
+ \<longrightarrow> cost (rev (as@U@concat(rev acc@as'@[x])@concat bs'@cs)) \<le> cost (rev xs)"
+ using "1.prems"(13) eq by simp
+ have notP: "\<forall>x\<in>set (combine_lists_P P x (rev as' @ acc)). \<not> P x \<and> forward x"
+ using "1.prems"(14-17) x(2)
+ combine_lists_notP[OF 1(2) \<open>x\<noteq>[]\<close> 1(3,4) 0 2 3 4 5 6 1(11) 7 x(3) 1(13) x(1) 8]
+ by auto
+ have cnct: "concat (rev (combine_lists_P P x (rev as' @ acc)) @ bs') = bs"
+ using "1.prems"(8) combine_lists_concat_rev_eq[of P] x(2) by simp
+ have sblst: "\<forall>xs\<in>Y. sublist xs as \<or> sublist xs U
+ \<or> (\<exists>a\<in>set (combine_lists_P P x (rev as' @ acc) @ bs'). sublist xs a) \<or> sublist xs cs"
+ using "1.prems"(9) x(2) combine_lists_sublists[of x "rev as'@acc", where P=P] by auto
+ have "\<forall>x\<in>set (combine_lists_P P x (rev as' @ acc)). x \<noteq> []"
+ using combine_lists_nempty[of "rev as' @ acc"] "1.prems"(14,16) x(2) by auto
+ then have "\<forall>x\<in>set (make_list_P P (combine_lists_P P x (rev as' @ acc)) bs'). \<not> P x"
+ using "1.IH"[OF Some x_def[symmetric] refl 1(2-8) cnct sblst 1(11-14)] notP x(2) 1(15,16)
+ by simp
+ then show ?thesis using Some by simp
+ qed
+qed
+
+lemma no_back_reach1_if_fwd_dstct_bs:
+ "\<lbrakk>forward (as@concat bs@V@cs); distinct (as@concat bs@V@cs); xs \<in> set bs\<rbrakk>
+ \<Longrightarrow> \<not>(\<exists>x'\<in>set V. \<exists>y\<in>set xs. x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y)"
+ using no_back_reach1_if_fwd_dstct[of "as@concat bs" "V@cs"] by auto
+
+lemma mid_ranks_ge_if_reach1:
+ assumes "[] \<notin> Y"
+ and "U \<in> Y"
+ and "distinct (as@U@bs@V@cs)"
+ and "forward (as@U@bs@V@cs)"
+ and "concat bs' = bs"
+ and "concat cs' = cs"
+ and "set (as'@U#bs'@V#cs') = Y"
+ and "\<And>xs. \<lbrakk>xs \<in> Y; \<exists>y\<in>set xs. \<not>(\<exists>x'\<in>set V. x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> (\<exists>x\<in>set U. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y); xs \<noteq> U\<rbrakk>
+ \<Longrightarrow> rank (rev V) \<le> rank (rev xs)"
+ shows "\<forall>xs \<in> set bs'. (\<exists>x\<in>set U. \<exists>y\<in>set xs. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<longrightarrow> rank (rev V) \<le> rank (rev xs)"
+proof -
+ have "\<forall>xs \<in> set bs'. \<forall>y\<in>set xs. \<not>(\<exists>x\<in>set V. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y)"
+ using assms(3-6) no_back_reach1_if_fwd_dstct_bs[of "as@U"] by fastforce
+ then have 0: "\<forall>xs \<in> set bs'. (\<exists>y\<in>set xs. \<exists>x\<in>set U. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y)
+ \<longrightarrow> (\<exists>y\<in>set xs. \<exists>x\<in>set U. \<not> (\<exists>x'\<in>set V. x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y)"
+ by blast
+ have "\<forall>xs \<in> set bs'. xs \<noteq> U"
+ using assms(1-3,5) concat_all_sublist empty_if_sublist_dsjnt[of U U] by fastforce
+ then have "\<And>xs. \<lbrakk>xs \<in> set bs'; \<exists>y\<in>set xs. \<exists>x\<in>set U. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y\<rbrakk>
+ \<Longrightarrow> xs \<noteq> U \<and> (\<exists>y\<in>set xs. \<exists>x\<in>set U. \<not> (\<exists>x'\<in>set V. x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> xs \<in> Y"
+ using 0 assms(7) by auto
+ then show ?thesis using assms(8) by blast
+qed
+
+lemma bs_ranks_only_ge:
+ assumes "asi rank r cost"
+ and "\<forall>xs \<in> Y. forward xs"
+ and "[] \<notin> Y"
+ and "r \<notin> set U"
+ and "U \<in> Y"
+ and "set (as@U@bs@V@cs) = \<Union>(set ` Y)"
+ and "distinct (as@U@bs@V@cs)"
+ and "take 1 (as@U@bs@V@cs) = [r]"
+ and "forward (as@U@bs@V@cs)"
+ and "concat as' = as"
+ and "concat bs' = bs"
+ and "concat cs' = cs"
+ and "set (as'@U#bs'@V#cs') = Y"
+ and "rank (rev V) \<le> rank (rev U)"
+ and "\<forall>zs. fwd_sub r Y zs \<longrightarrow> cost (rev (as@U@bs@V@cs)) \<le> cost (rev zs)"
+ and "\<And>xs. \<lbrakk>xs \<in> Y; \<exists>y\<in>set xs. \<not>(\<exists>x'\<in>set V. x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> (\<exists>x\<in>set U. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y); xs \<noteq> U\<rbrakk>
+ \<Longrightarrow> rank (rev V) \<le> rank (rev xs)"
+ shows "\<exists>zs. concat zs = bs \<and> (\<forall>z \<in> set zs. rank (rev V) \<le> rank (rev z)) \<and> [] \<notin> set zs"
+proof -
+ let ?P = "\<lambda>x. rank (rev x) < rank (rev V)"
+ have "U \<noteq> []" using assms(3,5) by blast
+ have cnct: "concat (rev [] @ bs') = bs" using assms(11) by simp
+ have "\<forall>xs\<in>Y. sublist xs as \<or> xs = U \<or> xs = V
+ \<or> (\<exists>x\<in>set ([] @ bs'). sublist xs x) \<or> sublist xs cs"
+ using assms(10,12,13) concat_all_sublist by auto
+ then have sblst:
+ "\<forall>xs\<in>Y. sublist xs as \<or> sublist xs U \<or> (\<exists>x\<in>set ([] @ bs'). sublist xs x) \<or> sublist xs (V@cs)"
+ using sublist_app_l by fast
+ have 0: "\<And>xs. \<lbrakk>xs \<in> set bs'; \<exists>x\<in>set U. \<exists>y\<in>set xs. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y\<rbrakk> \<Longrightarrow> rank (rev V) \<le> rank (rev xs)"
+ using mid_ranks_ge_if_reach1[OF assms(3,5,7,9,11-13)] assms(16) by blast
+ have "\<forall>x\<in>set bs'. x \<noteq> []" using assms(3,13) by auto
+ moreover have 2: "\<forall>x\<in>set bs'. forward x" using assms(2,13) by auto
+ ultimately have "(\<forall>x\<in>set (make_list_P ?P [] bs'). rank (rev V) \<le> rank (rev x))"
+ using assms(15)
+ make_list_notP[OF assms(1,4) \<open>U\<noteq>[]\<close> assms(6-9) cnct sblst assms(14) 0 refl]
+ by fastforce
+ then show ?thesis
+ using assms(3,11,13) make_list_concat_rev_eq[of ?P "[]"] make_list_nempty[of "[]" bs'] by auto
+qed
+
+lemma cost_ge_if_all_bs_ge:
+ assumes "asi rank r cost"
+ and "V \<noteq> []"
+ and "distinct (as@ds@concat bs@V@cs)"
+ and "take 1 as = [r]"
+ and "forward V"
+ and "\<forall>z\<in>set bs. rank (rev V) \<le> rank (rev z)"
+ and "[] \<notin> set bs"
+ shows "cost (rev (as@ds@V@concat bs@cs)) \<le> cost (rev (as@ds@concat bs@V@cs))"
+using assms proof(induction bs arbitrary: ds)
+ case (Cons b bs)
+ have 0: "distinct (as@(ds@b)@concat bs@V@cs)" using Cons.prems(3) by simp
+ have r_b: "rank (rev V) \<le> rank (rev b)" using Cons.prems(6) by simp
+ have "b \<noteq> []" using Cons.prems(7) by auto
+ have dst: "distinct ((as@ds)@V@b@concat bs@cs)" using Cons.prems(3) by auto
+ have "take 1 ((as@ds)@V@b@concat bs@cs) = [r]"
+ using Cons.prems(4) take1_singleton_app by metis
+ moreover have "take 1 ((as@ds)@b@V@concat bs@cs) = [r]"
+ using Cons.prems(4) take1_singleton_app by metis
+ ultimately have "cost (rev (as@ds@V@b@concat bs@cs)) \<le> cost (rev (as@ds@b@V@concat bs@cs))"
+ using asi_le_rfst[OF Cons.prems(1) r_b Cons.prems(2) \<open>b\<noteq>[]\<close> dst] by simp
+ then show ?case using Cons.IH[OF Cons.prems(1,2) 0] Cons.prems(4-7) by simp
+qed(simp)
+
+lemma bs_ge_if_all_ge:
+ assumes "asi rank r cost"
+ and "V \<noteq> []"
+ and "distinct (as@bs@V@cs)"
+ and "take 1 as = [r]"
+ and "forward V"
+ and "concat bs' = bs"
+ and "\<forall>z\<in>set bs'. rank (rev V) \<le> rank (rev z)"
+ and "[] \<notin> set bs'"
+ and "bs \<noteq> []"
+ shows "rank (rev V) \<le> rank (rev bs)"
+proof -
+ have dst: "distinct (as@[]@concat bs'@V@cs)" using assms(3,6) by simp
+ then have cost_le: "cost (rev (as@V@bs@cs)) \<le> cost (rev (as@bs@V@cs))"
+ using cost_ge_if_all_bs_ge[OF assms(1,2) dst] assms(3-9) by simp
+ have tk1: "take 1 ((as)@bs@V@cs) = [r]" using assms(4) take1_singleton_app by metis
+ have tk1': "take 1 ((as)@V@bs@cs) = [r]" using assms(4) take1_singleton_app by metis
+ have dst: "distinct ((as)@V@bs@cs)" using assms(3) by auto
+ show ?thesis using asi_le_iff_rfst[OF assms(1,2,9) tk1' tk1 dst] cost_le by simp
+qed
+
+lemma bs_ge_if_optimal:
+ assumes "asi rank r cost"
+ and "\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}"
+ and "\<forall>xs \<in> Y. forward xs"
+ and "[] \<notin> Y"
+ and "finite Y"
+ and "r \<notin> set U"
+ and "U \<in> Y"
+ and "V \<in> Y"
+ and "distinct (as@U@bs@V@cs)"
+ and "set (as@U@bs@V@cs) = \<Union>(set ` Y)"
+ and "\<forall>xs \<in> Y. sublist xs (as@U@bs@V@cs)"
+ and "take 1 (as@U@bs@V@cs) = [r]"
+ and "forward (as@U@bs@V@cs)"
+ and "bs \<noteq> []"
+ and "rank (rev V) \<le> rank (rev U)"
+ and "\<forall>zs. fwd_sub r Y zs \<longrightarrow> cost (rev (as@U@bs@V@cs)) \<le> cost (rev zs)"
+ and "\<And>xs. \<lbrakk>xs \<in> Y; \<exists>y\<in>set xs. \<not>(\<exists>x'\<in>set V. x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> (\<exists>x\<in>set U. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y); xs \<noteq> U\<rbrakk>
+ \<Longrightarrow> rank (rev V) \<le> rank (rev xs)"
+ shows "rank (rev V) \<le> rank (rev bs)"
+proof -
+ obtain as' bs' cs' where bs'_def: "concat as' = as" "concat bs' = bs" "concat cs' = cs"
+ "set (as'@U#bs'@V#cs') = Y"
+ using concat_split_UV[OF assms(2,5,7-11)] assms(4,7,8) by blast
+ obtain bs2 where bs2_def:
+ "concat bs2 = bs" "(\<forall>z\<in>set bs2. rank (rev V) \<le> rank (rev z))" "[] \<notin> set bs2"
+ using bs_ranks_only_ge[OF assms(1,3,4,6,7,10,9,12,13) bs'_def assms(15-17)] by blast
+ have "V \<noteq> []" using assms(4,8) by blast
+ have "take 1 as = [r]" using take1_split_nelem_nempty[OF assms(12)] assms(4,6,7) by blast
+ then have "take 1 (as@U) = [r]" using take1_singleton_app by fast
+ then show ?thesis
+ using bs_ge_if_all_ge[OF assms(1) \<open>V\<noteq>[]\<close>, of "as@U"] bs2_def assms(3,8,9,14) by auto
+qed
+
+lemma bs_ranks_only_ge_r:
+ assumes "[] \<notin> Y"
+ and "distinct (as@U@bs@V@cs)"
+ and "forward (as@U@bs@V@cs)"
+ and "as = []"
+ and "concat bs' = bs"
+ and "concat cs' = cs"
+ and "set (U#bs'@V#cs') = Y"
+ and "\<And>xs. \<lbrakk>xs \<in> Y; \<exists>y\<in>set xs. \<not>(\<exists>x'\<in>set V. x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> (\<exists>x\<in>set U. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y); xs \<noteq> U\<rbrakk>
+ \<Longrightarrow> rank (rev V) \<le> rank (rev xs)"
+ shows "\<forall>z \<in> set bs'. rank (rev V) \<le> rank (rev z)"
+proof -
+ have "U \<in> Y" using assms(7) by auto
+ then have "U \<noteq> []" using assms(1) by blast
+ have "V \<noteq> []" using assms(1,7) by auto
+ have 0: "\<And>xs. \<lbrakk>xs \<in> set bs'; \<exists>x\<in>set U. \<exists>y\<in>set xs. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y\<rbrakk> \<Longrightarrow> rank (rev V) \<le> rank (rev xs)"
+ using mid_ranks_ge_if_reach1[OF assms(1) \<open>U\<in>Y\<close> assms(2,3,5,6), of "[]"] assms(7,8) by auto
+ have "\<exists>x y ys. x#y#ys= as@U@bs@V@cs"
+ using \<open>U\<noteq>[]\<close> \<open>V\<noteq>[]\<close> append_Cons append.left_neutral list.exhaust by metis
+ then have hd_T: "hd (as@U@bs@V@cs) \<in> verts T" using hd_in_verts_if_forward assms(3) by metis
+ moreover have "\<forall>x\<in>set bs'. \<forall>y\<in>set x. y \<in> set (as@U@bs@V@cs)" using assms(5) by auto
+ ultimately have "\<forall>x\<in>set bs'. \<forall>y\<in>set x. hd (U@bs@V@cs) \<rightarrow>\<^sup>*\<^bsub>T\<^esub> y"
+ using hd_reach_all_forward assms(3,4) by auto
+ then have 1: "\<forall>x\<in>set bs'. \<forall>y\<in>set x. hd U \<rightarrow>\<^sup>*\<^bsub>T\<^esub> y" using assms(1,7) by auto
+ have "\<forall>x\<in>set bs'. \<forall>y\<in>set x. y \<notin> set U" using assms(2,5) by auto
+ then have "\<forall>x\<in>set bs'. \<forall>y\<in>set x. y \<noteq> hd U" using assms(1,7) by fastforce
+ then have "\<forall>x\<in>set bs'. \<forall>y\<in>set x. hd U \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y" using 1 by blast
+ then have "\<forall>x\<in>set bs'. \<exists>y\<in>set x. hd U \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y" using assms(1,7) by auto
+ then show ?thesis using 0 \<open>U \<noteq> []\<close> hd_in_set by blast
+qed
+
+lemma bs_ge_if_rU:
+ assumes "asi rank r cost"
+ and "\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}"
+ and "\<forall>xs \<in> Y. forward xs"
+ and "[] \<notin> Y"
+ and "finite Y"
+ and "r \<in> set U"
+ and "U \<in> Y"
+ and "V \<in> Y"
+ and "distinct (as@U@bs@V@cs)"
+ and "set (as@U@bs@V@cs) = \<Union>(set ` Y)"
+ and "\<forall>xs \<in> Y. sublist xs (as@U@bs@V@cs)"
+ and "take 1 (as@U@bs@V@cs) = [r]"
+ and "forward (as@U@bs@V@cs)"
+ and "bs \<noteq> []"
+ and "\<And>xs. \<lbrakk>xs \<in> Y; \<exists>y\<in>set xs. \<not>(\<exists>x'\<in>set V. x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> (\<exists>x\<in>set U. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y); xs \<noteq> U\<rbrakk>
+ \<Longrightarrow> rank (rev V) \<le> rank (rev xs)"
+ shows "rank (rev V) \<le> rank (rev bs)"
+proof -
+ obtain as' bs' cs' where bs'_def: "concat as' = as" "concat bs' = bs" "concat cs' = cs"
+ "set (as'@U#bs'@V#cs') = Y"
+ using concat_split_UV[OF assms(2,5,7-11)] assms(4,7,8) by blast
+ have "take 1 U = [r]" using take1_mid_if_elem[OF assms(12,6,9)] .
+ moreover have "as = []" using take1_empty_if_mid[OF assms(12,6,9)] .
+ ultimately have tk1: "take 1 (as@U) = [r]" by simp
+ then have "set (U#bs'@V#cs') = Y" using bs'_def(1,4) assms(4) \<open>as=[]\<close> by auto
+ then have 0: "(\<forall>z\<in>set bs'. rank (rev V) \<le> rank (rev z))"
+ using bs_ranks_only_ge_r[OF assms(4,9,13) \<open>as=[]\<close> bs'_def(2,3)] assms(15) by blast
+ have "V \<noteq> []" using assms(4,8) by blast
+ have "[] \<notin> set bs'" using assms(4) bs'_def(2,4) by auto
+ then show ?thesis
+ using bs_ge_if_all_ge[OF assms(1) \<open>V\<noteq>[]\<close>, of "as@U"] 0 bs'_def(2) tk1 assms(3,8,9,14) by auto
+qed
+
+lemma sublist_before_if_before:
+ assumes "hd xs = root" and "forward xs" and "distinct xs"
+ and "sublist U xs" and "sublist V xs" and "before U V"
+ shows "\<exists>as bs cs. as @ U @ bs @ V @ cs = xs"
+proof (rule ccontr)
+ assume "\<nexists>as bs cs. as @ U @ bs @ V @ cs = xs"
+ then obtain as bs cs where V_bf_U: "xs = as @ V @ bs @ U @ cs"
+ using sublist_behind_if_nbefore[OF assms(4,5)] assms(6) before_def by blast
+ obtain x y where x_def: "x \<in> set U" "y \<in> set V" "x \<rightarrow>\<^bsub>T\<^esub> y"
+ using assms(6) before_def by auto
+ then obtain i where i_def: "V!i = y" "i < length V" by (auto simp: in_set_conv_nth)
+ then have i_xs: "(as@V@bs@U@cs)!(i + length as) = y" by (simp add: nth_append)
+ have "root \<noteq> y" using x_def(3) dominated_not_root by auto
+ then have "i + length as > 0" using i_def(2) i_xs assms(1,5) V_bf_U hd_conv_nth[of xs] by force
+ then have "i + length as \<ge> 1" by linarith
+ then have "i + length as \<in> {1..length (as@V@bs@U@cs) - 1}" using i_def(2) by simp
+ then obtain j where j_def: "j < i + length as" "(as@V@bs@U@cs)!j \<rightarrow>\<^bsub>T\<^esub> y"
+ using assms(2) V_bf_U i_xs unfolding forward_def by blast
+ then have "(as@V@bs@U@cs)!j = (as@V)!j" using i_def(2) by (auto simp: nth_append)
+ then have "(as@V@bs@U@cs)!j \<in> set (as@V)" using i_def(2) j_def(1) nth_mem[of "j" "as@V"] by simp
+ then have "(as@V@bs@U@cs)!j \<noteq> x" using assms(3) V_bf_U x_def(1) by auto
+ then show False using j_def(2) x_def(3) two_in_arcs_contr by fastforce
+qed
+
+lemma forward_UV_lists_subset:
+ "{x. set x = X \<and> distinct x \<and> take 1 x = [r] \<and> forward x \<and> (\<forall>xs \<in> Y. sublist xs x)}
+ \<subseteq> {x. set x = X \<and> distinct x}"
+ by blast
+
+lemma forward_UV_lists_finite:
+ "finite xs
+ \<Longrightarrow> finite {x. set x = xs \<and> distinct x \<and> take 1 x = [r] \<and> forward x \<and> (\<forall>xs \<in> Y. sublist xs x)}"
+ using distinct_seteq_finite finite_subset[OF forward_UV_lists_subset] by auto
+
+lemma forward_UV_lists_arg_min_ex_aux:
+ "\<lbrakk>finite ys; ys \<noteq> {};
+ ys = {x. set x = xs \<and> distinct x \<and> take 1 x = [r] \<and> forward x \<and> (\<forall>xs \<in> Y. sublist xs x)}\<rbrakk>
+ \<Longrightarrow> \<exists>y \<in> ys. \<forall>z \<in> ys. (f :: 'a list \<Rightarrow> real) y \<le> f z"
+ using arg_min_if_finite(1)[of ys f] arg_min_least[of ys, where ?f = f] by auto
+
+lemma forward_UV_lists_arg_min_ex:
+ "\<lbrakk>finite xs; ys \<noteq> {};
+ ys = {x. set x = xs \<and> distinct x \<and> take 1 x = [r] \<and> forward x \<and> (\<forall>xs \<in> Y. sublist xs x)}\<rbrakk>
+ \<Longrightarrow> \<exists>y \<in> ys. \<forall>z \<in> ys. (f :: 'a list \<Rightarrow> real) y \<le> f z"
+ using forward_UV_lists_finite forward_UV_lists_arg_min_ex_aux by auto
+
+lemma forward_UV_lists_argmin_ex':
+ fixes f :: "'a list \<Rightarrow> real"
+ assumes "P = (\<lambda>x. set x = X \<and> distinct x \<and> take 1 x = [r])"
+ and "Q = (\<lambda>ys. P ys \<and> forward ys \<and> (\<forall>xs \<in> Y. sublist xs ys))"
+ and "\<exists>x. Q x"
+ shows "\<exists>zs. Q zs \<and> (\<forall>as. Q as \<longrightarrow> f zs \<le> f as)"
+ using forward_UV_lists_arg_min_ex[of X "{x. Q x}"] using assms by fastforce
+
+lemma forward_UV_lists_argmin_ex:
+ fixes f :: "'a list \<Rightarrow> real"
+ assumes "\<exists>x. fwd_sub r Y x"
+ shows "\<exists>zs. fwd_sub r Y zs \<and> (\<forall>as. fwd_sub r Y as \<longrightarrow> f zs \<le> f as)"
+ using forward_UV_lists_argmin_ex' assms unfolding fwd_sub_def unique_set_r_def by simp
+
+lemma no_gap_if_contr_seq_fwd:
+ assumes "asi rank root cost"
+ and "\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}"
+ and "\<forall>xs \<in> Y. forward xs"
+ and "[] \<notin> Y"
+ and "finite Y"
+ and "U \<in> Y"
+ and "V \<in> Y"
+ and "before U V"
+ and "rank (rev V) \<le> rank (rev U)"
+ and "\<And>xs. \<lbrakk>xs \<in> Y; \<exists>y\<in>set xs. \<not>(\<exists>x'\<in>set V. x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> (\<exists>x\<in>set U. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y); xs \<noteq> U\<rbrakk>
+ \<Longrightarrow> rank (rev V) \<le> rank (rev xs)"
+ and "\<exists>x. fwd_sub root Y x"
+ shows "\<exists>zs. fwd_sub root Y zs \<and> sublist (U@V) zs
+ \<and> (\<forall>as. fwd_sub root Y as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+proof -
+ obtain zs where zs_def:
+ "set zs = \<Union>(set ` Y)" "distinct zs" "take 1 zs = [root]" "forward zs"
+ "(\<forall>xs \<in> Y. sublist xs zs)" "(\<forall>as. fwd_sub root Y as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+ using forward_UV_lists_argmin_ex[OF assms(11), of "\<lambda>xs. cost (rev xs)"]
+ unfolding unique_set_r_def fwd_sub_def by blast
+ then have "hd zs = root" using hd_eq_take1 by fast
+ then obtain as bs cs where bs_def: "as @ U @ bs @ V @ cs = zs"
+ using sublist_before_if_before zs_def(2,4,5) assms(6-8) by blast
+ then have bs_prems: "distinct (as@U@bs@V@cs)" "set (as@U@bs@V@cs) = \<Union>(set ` Y)"
+ "\<forall>xs\<in>Y. sublist xs (as@U@bs@V@cs)" "take 1 (as@U@bs@V@cs) = [root]" "forward (as@U@bs@V@cs)"
+ using zs_def(1-5) by auto
+ show ?thesis
+ proof(cases "bs = []")
+ case True
+ then have "sublist (U@V) zs" using bs_def sublist_def by force
+ then show ?thesis using zs_def unfolding unique_set_r_def fwd_sub_def by blast
+ next
+ case bs_nempty: False
+ then have rank_le: "rank (rev V) \<le> rank (rev bs)"
+ proof(cases "root \<in> set U")
+ case True
+ then show ?thesis
+ using bs_ge_if_rU[OF assms(1-5) True assms(6,7) bs_prems bs_nempty assms(10)]
+ by blast
+ next
+ case False
+ have "\<forall>zs. fwd_sub root Y zs \<longrightarrow> cost (rev (as@U@bs@V@cs)) \<le> cost (rev zs)"
+ using zs_def(6) bs_def by blast
+ then show ?thesis
+ using bs_ge_if_optimal[OF assms(1-5)] bs_nempty bs_prems False assms(6,7,9,10)
+ by blast
+ qed
+ have 0: "distinct ((as@U)@V@bs@cs)" using bs_def zs_def(2) by auto
+ have "take 1 (as@U) = [root]"
+ using bs_def assms(4,6) take1_split_nempty[of U as] zs_def(3) by fastforce
+ then have 1: "take 1 (as@U@V@bs@cs) = [root]"
+ using take1_singleton_app[of "as@U" root "V@bs@cs"] by simp
+ have 2: "\<forall>xs\<in>Y. sublist xs (as@U@V@bs@cs)"
+ using zs_def(5) bs_def sublists_preserv_move_VY_all[OF assms(2,6,7)] assms(4,6) by blast
+ have "V \<noteq> []" using assms(4,7) by blast
+ have "cost (rev (as@U@V@bs@cs)) \<le> cost (rev zs)"
+ using asi_le_rfst[OF assms(1) rank_le \<open>V\<noteq>[]\<close> bs_nempty 0] 1 zs_def(3) bs_def by simp
+ then have cost_le: "\<forall>ys. fwd_sub root Y ys \<longrightarrow> cost (rev (as@U@V@bs@cs)) \<le> cost (rev ys)"
+ using zs_def(6) by fastforce
+ have "forward (as@U@V@bs@cs)"
+ using move_mid_backward_if_noarc assms(8) zs_def(4) bs_def by blast
+ moreover have "set (as@U@V@bs@cs) = \<Union> (set ` Y)"
+ unfolding zs_def(1)[symmetric] bs_def[symmetric] by force
+ ultimately have "fwd_sub root Y (as@U@V@bs@cs)"
+ unfolding unique_set_r_def fwd_sub_def using 0 1 2 by fastforce
+ moreover have "sublist (U@V) (as@U@V@bs@cs)" unfolding sublist_def by fastforce
+ ultimately show ?thesis using cost_le by blast
+ qed
+qed
+
+lemma combine_union_sets_alt:
+ fixes X Y
+ defines "Z \<equiv> X \<union> {x. x \<in> Y \<and> set x \<inter> \<Union>(set ` X) = {}}"
+ assumes "\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}"
+ and "\<forall>xs \<in> X. \<forall>ys \<in> X. xs = ys \<or> set xs \<inter> set ys = {}"
+ shows "Z = X \<union> (Y - {x. set x \<inter> \<Union>(set ` X) \<noteq> {}})"
+ unfolding assms(1) using assms(2,3) by fast
+
+lemma combine_union_sets_disjoint:
+ fixes X Y
+ defines "Z \<equiv> X \<union> {x. x \<in> Y \<and> set x \<inter> \<Union>(set ` X) = {}}"
+ assumes "\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}"
+ and "\<forall>xs \<in> X. \<forall>ys \<in> X. xs = ys \<or> set xs \<inter> set ys = {}"
+ shows "\<forall>xs \<in> Z. \<forall>ys \<in> Z. xs = ys \<or> set xs \<inter> set ys = {}"
+ unfolding Z_def using assms(2,3) by force
+
+lemma combine_union_sets_set_sub1_aux:
+ assumes "\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}"
+ and "\<forall>ys \<in> X. \<exists>U \<in> Y. \<exists>V \<in> Y. U@V = ys"
+ and "x \<in> \<Union>(set ` Y)"
+ shows "x \<in> \<Union>(set ` (X \<union> {x. x \<in> Y \<and> set x \<inter> \<Union>(set ` X) = {}}))"
+proof -
+ let ?Z = "X \<union> {x. x \<in> Y \<and> set x \<inter> \<Union>(set ` X) = {}}"
+ obtain ys where ys_def: "x \<in> set ys" "ys \<in> Y" using assms(3) by blast
+ then show ?thesis
+ proof(cases "ys \<in> {x. x \<in> Y \<and> set x \<inter> \<Union>(set ` X) = {}}")
+ case True
+ then show ?thesis using ys_def(1) by auto
+ next
+ case False
+ then obtain U V where U_def: "U \<in> Y" "V \<in> Y" "U@V \<in> X" "set ys \<inter> set (U@V) \<noteq> {}"
+ using ys_def(2) assms(2) by fast
+ then consider "set ys \<inter> set U \<noteq> {}" | "set ys \<inter> set V \<noteq> {}" by fastforce
+ then show ?thesis
+ proof(cases)
+ case 1
+ then have "U = ys" using assms(1) U_def(1) ys_def(2) by blast
+ then show ?thesis using ys_def(1) U_def(3) by fastforce
+ next
+ case 2
+ then have "V = ys" using assms(1) U_def(2) ys_def(2) by blast
+ then show ?thesis using ys_def(1) U_def(3) by fastforce
+ qed
+ qed
+qed
+
+lemma combine_union_sets_set_sub1:
+ assumes "\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}"
+ and "\<forall>ys \<in> X. \<exists>U \<in> Y. \<exists>V \<in> Y. U@V = ys"
+ shows "\<Union>(set ` Y) \<subseteq> \<Union>(set ` (X \<union> {x. x \<in> Y \<and> set x \<inter> \<Union>(set ` X) = {}}))"
+ using combine_union_sets_set_sub1_aux[OF assms] by blast
+
+lemma combine_union_sets_set_sub2:
+ assumes "\<forall>ys \<in> X. \<exists>U \<in> Y. \<exists>V \<in> Y. U@V = ys"
+ shows "\<Union>(set ` (X \<union> {x. x \<in> Y \<and> set x \<inter> \<Union>(set ` X) = {}})) \<subseteq> \<Union>(set ` Y)"
+ using assms by fastforce
+
+lemma combine_union_sets_set_eq:
+ assumes "\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}"
+ and "\<forall>ys \<in> X. \<exists>U \<in> Y. \<exists>V \<in> Y. U@V = ys"
+ shows "\<Union>(set ` (X \<union> {x. x \<in> Y \<and> set x \<inter> \<Union>(set ` X) = {}})) = \<Union>(set ` Y)"
+ using combine_union_sets_set_sub1[OF assms] combine_union_sets_set_sub2[OF assms(2)] by blast
+
+lemma combine_union_sets_sublists:
+ assumes "sublist x ys"
+ and "\<forall>xs \<in> X \<union> {x. x \<in> Y \<and> set x \<inter> \<Union>(set ` X) = {}}. sublist xs ys"
+ and "xs \<in> insert x X \<union> {xs. xs \<in> Y \<and> set xs \<inter> \<Union>(set ` (insert x X)) = {}}"
+ shows "sublist xs ys"
+ using assms by auto
+
+lemma combine_union_sets_optimal_cost:
+ assumes "asi rank root cost"
+ and "\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}"
+ and "\<forall>xs \<in> Y. forward xs"
+ and "[] \<notin> Y"
+ and "finite Y"
+ and "\<exists>x. fwd_sub root Y x"
+ and "\<forall>ys \<in> X. \<exists>U \<in> Y. \<exists>V \<in> Y. U@V = ys \<and> before U V \<and> rank (rev V) \<le> rank (rev U)
+ \<and> (\<forall>xs \<in> Y. (\<exists>y\<in>set xs. \<not>(\<exists>x'\<in>set V. x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> (\<exists>x\<in>set U. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> xs \<noteq> U)
+ \<longrightarrow> rank (rev V) \<le> rank (rev xs))"
+ and "\<forall>xs \<in> X. \<forall>ys \<in> X. xs = ys \<or> set xs \<inter> set ys = {}"
+ and "\<forall>xs \<in> X. \<forall>ys \<in> X. xs = ys \<or> \<not>(\<exists>x\<in>set xs. \<exists>y\<in>set ys. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y)"
+ and "finite X"
+ shows "\<exists>zs. fwd_sub root (X \<union> {x. x \<in> Y \<and> set x \<inter> \<Union>(set ` X) = {}}) zs
+ \<and> (\<forall>as. fwd_sub root Y as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+using assms(10,1-9) proof(induction X rule: finite_induct)
+ case empty
+ then show ?case using forward_UV_lists_argmin_ex by simp
+next
+ case (insert x X)
+ let ?Y = "X \<union> {xs. xs \<in> Y \<and> set xs \<inter> \<Union>(set ` X) = {}}"
+ let ?X = "insert x X \<union> {xs. xs \<in> Y \<and> set xs \<inter> \<Union>(set ` (insert x X)) = {}}"
+ obtain zs where zs_def:
+ "fwd_sub root ?Y zs" "(\<forall>as. fwd_sub root Y as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+ using insert.IH[OF insert(4-9)] insert.prems(7,8,9) by auto
+ obtain U V where U_def: "U \<in> Y" "V \<in> Y" "U@V = x" "before U V" "rank (rev V) \<le> rank (rev U)"
+ "\<forall>xs \<in> Y. (\<exists>y\<in>set xs. \<not>(\<exists>x'\<in>set V. x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> (\<exists>x\<in>set U. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> xs \<noteq> U)
+ \<longrightarrow> rank (rev V) \<le> rank (rev xs)"
+ using insert.prems(7) by auto
+ then have U: "U \<in> ?Y" using insert.prems(2,8) insert.hyps(2) by fastforce
+ have V: "V \<in> ?Y" using U_def(2,3) insert.prems(8) insert.hyps(2) by fastforce
+ have disj: "\<forall>xs \<in> ?Y. \<forall>ys \<in> ?Y. xs = ys \<or> set xs \<inter> set ys = {}"
+ using combine_union_sets_disjoint[of Y X] insert.prems(2,8) by blast
+ have fwd: "\<forall>xs \<in> ?Y. forward xs"
+ using insert.prems(3,7) seq_conform_alt seq_conform_if_before by fastforce
+ have nempty: "[] \<notin> ?Y" using insert.prems(4,7) by blast
+ have fin: "finite ?Y" using insert.prems(5) insert.hyps(1) by simp
+ have 0: "\<And>xs. \<lbrakk>xs \<in> ?Y; \<exists>y\<in>set xs. \<not> (\<exists>x'\<in>set V. x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> (\<exists>x\<in>set U. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y); xs \<noteq> U\<rbrakk>
+ \<Longrightarrow> rank (rev V) \<le> rank (rev xs)"
+ using U_def(3,6) insert.prems(9) insert.hyps(2) by auto
+ then have "\<exists>zs. fwd_sub root ?Y zs \<and> sublist (U@V) zs
+ \<and> (\<forall>as. fwd_sub root ?Y as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+ using no_gap_if_contr_seq_fwd[OF insert.prems(1) disj fwd nempty fin U V U_def(4,5)] zs_def(1)
+ unfolding fwd_sub_def unique_set_r_def by blast
+ then obtain xs where xs_def:
+ "fwd_sub root ?Y xs" "sublist (U@V) xs"
+ "(\<forall>as. fwd_sub root ?Y as \<longrightarrow> cost (rev xs) \<le> cost (rev as))"
+ by blast
+ then have cost: "(\<forall>as. fwd_sub root Y as \<longrightarrow> cost (rev xs) \<le> cost (rev as))"
+ using zs_def by fastforce
+ have 0: "\<forall>ys \<in> (insert x X). \<exists>U \<in> Y. \<exists>V \<in> Y. U@V = ys" using insert.prems(7) by fastforce
+ then have "\<forall>ys \<in> X. \<exists>U \<in> Y. \<exists>V \<in> Y. U@V = ys" by simp
+ then have "\<Union>(set ` ?Y) = \<Union>(set ` Y)"
+ using combine_union_sets_set_eq[OF insert.prems(2)] by simp
+ then have "\<Union>(set ` ?X) = \<Union>(set ` ?Y)"
+ using combine_union_sets_set_eq[OF insert.prems(2) 0] by simp
+ then have P_eq: "unique_set_r root ?X = unique_set_r root ?Y" unfolding unique_set_r_def by simp
+ have "\<And>ys. \<lbrakk>sublist (U@V) ys; (\<forall>xs \<in> ?Y. sublist xs ys)\<rbrakk> \<Longrightarrow> (\<forall>xs \<in> ?X. sublist xs ys)"
+ using combine_union_sets_sublists[of x, where Y=Y and X=X] U_def(3) by blast
+ then have "\<And>ys. \<lbrakk>sublist (U@V) ys; fwd_sub root ?Y ys\<rbrakk> \<Longrightarrow> fwd_sub root ?X ys"
+ unfolding P_eq fwd_sub_def by blast
+ then show ?case using xs_def(1,2) cost by blast
+qed
+
+lemma bs_ge_if_geV:
+ assumes "asi rank r cost"
+ and "\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}"
+ and "\<forall>xs \<in> Y. forward xs"
+ and "[] \<notin> Y"
+ and "finite Y"
+ and "U \<in> Y"
+ and "V \<in> Y"
+ and "distinct (as@U@bs@V@cs)"
+ and "set (as@U@bs@V@cs) = \<Union>(set ` Y)"
+ and "\<forall>xs \<in> Y. sublist xs (as@U@bs@V@cs)"
+ and "take 1 (as@U@bs@V@cs) = [r]"
+ and "bs \<noteq> []"
+ and "\<forall>xs \<in> Y. xs \<noteq> U \<longrightarrow> rank (rev V) \<le> rank (rev xs)"
+ shows "rank (rev V) \<le> rank (rev bs)"
+proof -
+ obtain as' bs' cs' where bs'_def: "concat as' = as" "concat bs' = bs" "concat cs' = cs"
+ "set (as'@U#bs'@V#cs') = Y"
+ using concat_split_UV[OF assms(2,5-10)] assms(4,6,7) by blast
+ have tk1: "take 1 (as@U) = [r]"
+ using take1_split_nempty[of U as] assms(4,6,11) by force
+ have "\<forall>z\<in>set bs'. z \<noteq> U"
+ using bs'_def(2) assms(4,6,8) concat_all_sublist by (fastforce dest!: empty_if_sublist_dsjnt)
+ then have 0: "\<forall>z\<in>set bs'. rank (rev V) \<le> rank (rev z)"
+ using assms(13) bs'_def(4) by auto
+ have "V \<noteq> []" using assms(4,7) by blast
+ have "[] \<notin> set bs'" using assms(4) bs'_def(2,4) by auto
+ then show ?thesis
+ using bs_ge_if_all_ge[OF assms(1) \<open>V\<noteq>[]\<close>, of "as@U"] 0 bs'_def(2) tk1 assms(3,7,8,12) by auto
+qed
+
+lemma no_gap_if_geV:
+ assumes "asi rank root cost"
+ and "\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}"
+ and "\<forall>xs \<in> Y. forward xs"
+ and "[] \<notin> Y"
+ and "finite Y"
+ and "U \<in> Y"
+ and "V \<in> Y"
+ and "before U V"
+ and "\<forall>xs \<in> Y. xs \<noteq> U \<longrightarrow> rank (rev V) \<le> rank (rev xs)"
+ and "\<exists>x. fwd_sub root Y x"
+ shows "\<exists>zs. fwd_sub root Y zs \<and> sublist (U@V) zs
+ \<and> (\<forall>as. fwd_sub root Y as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+proof -
+ obtain zs where zs_def:
+ "set zs = \<Union>(set ` Y)" "distinct zs" "take 1 zs = [root]" "forward zs"
+ "(\<forall>xs \<in> Y. sublist xs zs)" "(\<forall>as. fwd_sub root Y as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+ using forward_UV_lists_argmin_ex[OF assms(10), of "\<lambda>x. cost (rev x)"]
+ unfolding fwd_sub_def unique_set_r_def by blast
+ then have "hd zs = root" using hd_eq_take1 by fast
+ then obtain as bs cs where bs_def: "as @ U @ bs @ V @ cs = zs"
+ using sublist_before_if_before zs_def(2,4,5) assms(6-8) by blast
+ then have bs_prems: "distinct (as@U@bs@V@cs)" "set (as@U@bs@V@cs) = \<Union>(set ` Y)"
+ "\<forall>xs\<in>Y. sublist xs (as@U@bs@V@cs)" "take 1 (as@U@bs@V@cs) = [root]"
+ using zs_def(1-5) by auto
+ show ?thesis
+ proof(cases "bs = []")
+ case True
+ then have "sublist (U@V) zs" using bs_def sublist_def by force
+ then show ?thesis using zs_def unfolding fwd_sub_def unique_set_r_def by blast
+ next
+ case False
+ then have rank_le: "rank (rev V) \<le> rank (rev bs)"
+ using bs_ge_if_geV[OF assms(1-7) bs_prems False assms(9)] by blast
+ have 0: "distinct ((as@U)@V@bs@cs)" using bs_def zs_def(2) by auto
+ have "take 1 (as@U) = [root]"
+ using bs_def assms(4,6) take1_split_nempty[of U as] zs_def(3) by fastforce
+ then have 1: "take 1 (as@U@V@bs@cs) = [root]"
+ using take1_singleton_app[of "as@U" root "V@bs@cs"] by simp
+ have 2: "\<forall>xs\<in>Y. sublist xs (as@U@V@bs@cs)"
+ using zs_def(5) bs_def sublists_preserv_move_VY_all[OF assms(2,6,7)] assms(4,6) by blast
+ have "V \<noteq> []" using assms(4,7) by blast
+ have "cost (rev (as@U@V@bs@cs)) \<le> cost (rev zs)"
+ using asi_le_rfst[OF assms(1) rank_le \<open>V\<noteq>[]\<close> False 0] 1 zs_def(3) bs_def by simp
+ then have cost_le: "\<forall>ys. fwd_sub root Y ys \<longrightarrow> cost (rev (as@U@V@bs@cs)) \<le> cost (rev ys)"
+ using zs_def(6) by fastforce
+ have "forward (as@U@V@bs@cs)"
+ using move_mid_backward_if_noarc assms(8) zs_def(4) bs_def by blast
+ moreover have "set (as@U@V@bs@cs) = \<Union>(set ` Y)" using bs_def zs_def(1) by fastforce
+ ultimately have "fwd_sub root Y (as@U@V@bs@cs)"
+ unfolding fwd_sub_def unique_set_r_def using 0 1 2 by auto
+ moreover have "sublist (U@V) (as@U@V@bs@cs)" unfolding sublist_def by fastforce
+ ultimately show ?thesis using cost_le by blast
+ qed
+qed
+
+lemma app_UV_set_optimal_cost:
+ assumes "asi rank root cost"
+ and "\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}"
+ and "\<forall>xs \<in> Y. forward xs"
+ and "[] \<notin> Y"
+ and "finite Y"
+ and "U \<in> Y"
+ and "V \<in> Y"
+ and "before U V"
+ and "\<forall>xs \<in> Y. xs \<noteq> U \<longrightarrow> rank (rev V) \<le> rank (rev xs)"
+ and "\<exists>x. fwd_sub root Y x"
+ shows "\<exists>zs. fwd_sub root ({U@V} \<union> {x. x \<in> Y \<and> x \<noteq> U \<and> x \<noteq> V}) zs
+ \<and> (\<forall>as. fwd_sub root Y as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+proof -
+ have P_eq: "unique_set_r root Y = unique_set_r root ({U@V} \<union> {x. x \<in> Y \<and> x \<noteq> U \<and> x \<noteq> V})"
+ unfolding unique_set_r_def using assms(6,7) by auto
+ have "\<exists>zs. fwd_sub root Y zs \<and> sublist (U@V) zs
+ \<and> (\<forall>as. fwd_sub root Y as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+ using no_gap_if_geV[OF assms(1-10)] by blast
+ then show ?thesis unfolding P_eq fwd_sub_def by blast
+qed
+
+end
+
+context tree_query_graph
+begin
+
+lemma no_cross_ldeep_rev_if_forward:
+ assumes "xs \<noteq> []" and "r \<in> verts G" and "directed_tree.forward (dir_tree_r r) (rev xs)"
+ shows "no_cross_products (create_ldeep_rev xs)"
+using assms proof(induction xs rule: create_ldeep_rev.induct)
+ case (3 x y ys)
+ then interpret T: directed_tree "dir_tree_r r" r using directed_tree_r by blast
+ have split: "create_ldeep_rev (x#y#ys) = Join (create_ldeep_rev (y#ys)) (Relation x)" by simp
+ have "rev (x#y#ys) ! (length (y#ys)) = x" using nth_append_length[of "rev (y#ys)"] by simp
+ moreover have "length (y#ys) \<in> {1..length (rev (x#y#ys)) - 1}" by simp
+ ultimately obtain j where j_def: "j < (length (y#ys))" "rev (x#y#ys)!j \<rightarrow>\<^bsub>dir_tree_r r\<^esub> x"
+ using "3.prems"(3) unfolding T.forward_def by fastforce
+ then have "rev (x#y#ys)!j \<in> set (y#ys)"
+ using nth_mem[of j "rev (y#ys)"] by (auto simp add: nth_append)
+ then have "\<exists>x'\<in>relations (create_ldeep_rev (y#ys)). x' \<rightarrow>\<^bsub>dir_tree_r r\<^esub> x"
+ using j_def(2) create_ldeep_rev_relations[of "y#ys"] by blast
+ then have 1: "\<exists>x'\<in>relations (create_ldeep_rev (y#ys)). x' \<rightarrow>\<^bsub>G\<^esub>x"
+ using assms(2) dir_tree_r_dom_in_G by blast
+ have "T.forward (rev (y#ys))" using "3.prems"(3) T.forward_cons by blast
+ then show ?case using 1 3 by simp
+qed(auto)
+
+lemma no_cross_ldeep_if_forward:
+ "\<lbrakk>xs \<noteq> []; r \<in> verts G; directed_tree.forward (dir_tree_r r) xs\<rbrakk>
+ \<Longrightarrow> no_cross_products (create_ldeep xs)"
+ unfolding create_ldeep_def using no_cross_ldeep_rev_if_forward by simp
+
+lemma no_cross_ldeep_if_forward':
+ "\<lbrakk>set xs = verts G; r \<in> verts G; directed_tree.forward (dir_tree_r r) xs\<rbrakk>
+ \<Longrightarrow> no_cross_products (create_ldeep xs)"
+ using no_cross_ldeep_if_forward[of xs] by fastforce
+
+lemma forward_if_ldeep_rev_no_cross:
+ assumes "r \<in> verts G" and "no_cross_products (create_ldeep_rev xs)"
+ and "hd (rev xs) = r" and "distinct xs"
+ shows "directed_tree.forward_arcs (dir_tree_r r) xs"
+using assms proof(induction xs rule: create_ldeep_rev.induct)
+ case 1
+ then show ?case using directed_tree_r directed_tree.forward_arcs.simps(1) by fast
+next
+ case (2 x)
+ then show ?case using directed_tree_r directed_tree.forward_arcs.simps(2) by fast
+next
+ case (3 x y ys)
+ then interpret T: directed_tree "dir_tree_r r" r using directed_tree_r by blast
+ have "hd (rev (y # ys)) = r" using "3.prems"(3) hd_append2[of "rev (y#ys)" "[x]"] by simp
+ then have ind: "T.forward_arcs (y#ys)" using 3 by fastforce
+ have matching: "matching_rels (create_ldeep_rev (x#y#ys))"
+ using matching_rels_if_no_cross "3.prems"(2) by simp
+ have "r \<in> relations (create_ldeep_rev (x#y#ys))" using "3.prems"(3)
+ using create_ldeep_rev_relations[of "x#y#ys"] hd_rev[of "x#y#ys"] by simp
+ then obtain p' where p'_def:
+ "awalk r p' x \<and> set (awalk_verts r p') \<subseteq> relations (create_ldeep_rev (x#y#ys))"
+ using no_cross_awalk[OF matching "3.prems"(2)] by force
+ then obtain p where p_def:
+ "apath r p x" "set (awalk_verts r p) \<subseteq> relations (create_ldeep_rev (x#y#ys))"
+ using apath_awalk_to_apath awalk_to_apath_verts_subset by blast
+ then have "pre_digraph.apath (dir_tree_r r) r p x" using apath_in_dir_if_apath_G by blast
+ moreover have "r \<noteq> x"
+ using "3.prems"(3,4) T.no_back_arcs.cases[of "rev (x#y#ys)"] distinct_first_uneq_last[of x]
+ by fastforce
+ ultimately obtain u where u_def:
+ "u \<rightarrow>\<^bsub>dir_tree_r r\<^esub> x" "u \<in> set (pre_digraph.awalk_verts (dir_tree_r r) r p)"
+ using p_def(2) T.awalk_verts_dom_if_uneq T.awalkI_apath by blast
+ then have "u \<in> relations (create_ldeep_rev (x#y#ys))"
+ using awalk_verts_G_T "3.prems"(1) p_def(2) by auto
+ then have "u \<in> set (x#y#ys)" by (simp add: create_ldeep_rev_relations)
+ then show ?case using u_def(1) ind T.forward_arcs.simps(3) T.loopfree.adj_not_same by auto
+qed
+
+lemma forward_if_ldeep_no_cross:
+ "\<lbrakk>r \<in> verts G; no_cross_products (create_ldeep xs); hd xs = r; distinct xs\<rbrakk>
+ \<Longrightarrow> directed_tree.forward (dir_tree_r r) xs"
+ using forward_if_ldeep_rev_no_cross directed_tree.forward_arcs_alt directed_tree_r
+ by (fastforce simp: create_ldeep_def)
+
+lemma no_cross_ldeep_iff_forward:
+ "\<lbrakk>xs \<noteq> []; r \<in> verts G; hd xs = r; distinct xs\<rbrakk>
+ \<Longrightarrow> no_cross_products (create_ldeep xs) \<longleftrightarrow> directed_tree.forward (dir_tree_r r) xs"
+ using forward_if_ldeep_no_cross no_cross_ldeep_if_forward by blast
+
+lemma no_cross_if_fwd_ldeep:
+ "\<lbrakk>r \<in> verts G; left_deep t; directed_tree.forward (dir_tree_r r) (inorder t)\<rbrakk>
+ \<Longrightarrow> no_cross_products t"
+ using no_cross_ldeep_if_forward[OF inorder_nempty] by fastforce
+
+lemma forward_if_ldeep_no_cross':
+ "\<lbrakk>first_node t \<in> verts G; distinct_relations t; left_deep t; no_cross_products t\<rbrakk>
+ \<Longrightarrow> directed_tree.forward (dir_tree_r (first_node t)) (inorder t)"
+ using forward_if_ldeep_no_cross by (simp add: first_node_eq_hd distinct_relations_def)
+
+lemma no_cross_iff_forward_ldeep:
+ "\<lbrakk>first_node t \<in> verts G; distinct_relations t; left_deep t\<rbrakk>
+ \<Longrightarrow> no_cross_products t \<longleftrightarrow> directed_tree.forward (dir_tree_r (first_node t)) (inorder t)"
+ using no_cross_if_fwd_ldeep forward_if_ldeep_no_cross' by blast
+
+lemma sublist_before_if_before:
+ assumes "hd xs = r" and "no_cross_products (create_ldeep xs)" and "r \<in> verts G" and "distinct xs"
+ and "sublist U xs" and "sublist V xs" and "directed_tree.before (dir_tree_r r) U V"
+ shows "\<exists>as bs cs. as @ U @ bs @ V @ cs = xs"
+ using directed_tree.sublist_before_if_before[OF directed_tree_r] forward_if_ldeep_no_cross assms
+ by blast
+
+lemma nocross_UV_lists_subset:
+ "{x. set x = X \<and> distinct x \<and> take 1 x = [r]
+ \<and> no_cross_products (create_ldeep x) \<and> (\<forall>xs \<in> Y. sublist xs x)}
+ \<subseteq> {x. set x = X \<and> distinct x}"
+ by blast
+
+lemma nocross_UV_lists_finite:
+ "finite xs
+ \<Longrightarrow> finite {x. set x = xs \<and> distinct x \<and> take 1 x = [r]
+ \<and> no_cross_products (create_ldeep x) \<and> (\<forall>xs \<in> Y. sublist xs x)}"
+ using distinct_seteq_finite finite_subset[OF nocross_UV_lists_subset] by auto
+
+lemma nocross_UV_lists_arg_min_ex_aux:
+ "\<lbrakk>finite ys; ys \<noteq> {};
+ ys = {x. set x = xs \<and> distinct x \<and> take 1 x = [r]
+ \<and> no_cross_products (create_ldeep x) \<and> (\<forall>xs \<in> Y. sublist xs x)}\<rbrakk>
+ \<Longrightarrow> \<exists>y \<in> ys. \<forall>z \<in> ys. (f :: 'a list \<Rightarrow> real) y \<le> f z"
+ using arg_min_if_finite(1)[of ys f] arg_min_least[of ys, where ?f = f] by auto
+
+lemma nocross_UV_lists_arg_min_ex:
+ "\<lbrakk>finite xs; ys \<noteq> {};
+ ys = {x. set x = xs \<and> distinct x \<and> take 1 x = [r]
+ \<and> no_cross_products (create_ldeep x) \<and> (\<forall>xs \<in> Y. sublist xs x)}\<rbrakk>
+ \<Longrightarrow> \<exists>y \<in> ys. \<forall>z \<in> ys. (f :: 'a list \<Rightarrow> real) y \<le> f z"
+ using nocross_UV_lists_finite nocross_UV_lists_arg_min_ex_aux by auto
+
+lemma nocross_UV_lists_argmin_ex:
+ fixes f :: "'a list \<Rightarrow> real"
+ assumes "P = (\<lambda>x. set x = X \<and> distinct x \<and> take 1 x = [r])"
+ and "Q = (\<lambda>ys. P ys \<and> no_cross_products (create_ldeep ys) \<and> (\<forall>xs \<in> Y. sublist xs ys))"
+ and "\<exists>x. Q x"
+ shows "\<exists>zs. Q zs \<and> (\<forall>as. Q as \<longrightarrow> f zs \<le> f as)"
+ using nocross_UV_lists_arg_min_ex[of X "{x. Q x}"] using assms by fastforce
+
+lemma no_gap_if_contr_seq:
+ fixes Y r
+ defines "X \<equiv> \<Union>(set ` Y)"
+ defines "P \<equiv> (\<lambda>ys. set ys = X \<and> distinct ys \<and> take 1 ys = [r])"
+ defines "Q \<equiv> (\<lambda>ys. P ys \<and> no_cross_products (create_ldeep ys) \<and> (\<forall>xs \<in> Y. sublist xs ys))"
+ assumes "asi rank r c"
+ and "\<forall>xs \<in> Y. \<forall>ys \<in> Y. xs = ys \<or> set xs \<inter> set ys = {}"
+ and "\<forall>xs \<in> Y. directed_tree.forward (dir_tree_r r) xs"
+ and "[] \<notin> Y"
+ and "finite Y"
+ and "U \<in> Y"
+ and "V \<in> Y"
+ and "r \<in> verts G"
+ and "directed_tree.before (dir_tree_r r) U V"
+ and "rank (rev V) \<le> rank (rev U)"
+ and "\<And>xs. \<lbrakk>xs \<in> Y; \<exists>y\<in>set xs. \<not>(\<exists>x'\<in>set V. x' \<rightarrow>\<^sup>+\<^bsub>dir_tree_r r\<^esub> y)
+ \<and> (\<exists>x\<in>set U. x \<rightarrow>\<^sup>+\<^bsub>dir_tree_r r\<^esub> y); xs \<noteq> U\<rbrakk>
+ \<Longrightarrow> rank (rev V) \<le> rank (rev xs)"
+ and "\<exists>x. Q x"
+ shows "\<exists>zs. Q zs \<and> sublist (U@V) zs \<and> (\<forall>as. Q as \<longrightarrow> c (rev zs) \<le> c (rev as))"
+proof -
+ interpret T: directed_tree "dir_tree_r r" r using assms(11) directed_tree_r by auto
+ let ?Q = "(\<lambda>ys. P ys \<and> T.forward ys \<and> (\<forall>xs \<in> Y. sublist xs ys))"
+ have "?Q = Q"
+ using no_cross_ldeep_iff_forward assms(11,2,3) hd_eq_take1 nempty_if_take1[where r=r] by fast
+ then show ?thesis
+ using T.no_gap_if_contr_seq_fwd[OF assms(4-10,12-14)] assms(15,1,2)
+ unfolding T.fwd_sub_def unique_set_r_def by auto
+qed
+
+end
+
+subsection "Arc Invariants"
+
+function path_lverts :: "('a list,'b) dtree \<Rightarrow> 'a \<Rightarrow> 'a set" where
+ "path_lverts (Node r {|(t,e)|}) x = (if x \<in> set r then {} else set r \<union> path_lverts t x)"
+| "\<forall>x. xs \<noteq> {|x|} \<Longrightarrow> path_lverts (Node r xs) x = (if x \<in> set r then {} else set r)"
+ by (metis darcs_mset.cases old.prod.exhaust) fast+
+termination by lexicographic_order
+
+definition path_lverts_list :: "('a list \<times> 'b) list \<Rightarrow> 'a \<Rightarrow> 'a set" where
+ "path_lverts_list xs x = (\<Union>(t,e)\<in> set (takeWhile (\<lambda>(t,e). x \<notin> set t) xs). set t)"
+
+definition dom_children :: "('a list,'b) dtree \<Rightarrow> ('a,'b) pre_digraph \<Rightarrow> bool" where
+ "dom_children t1 T = (\<forall>t \<in> fst ` fset (sucs t1). \<forall>x \<in> dverts t.
+ \<exists>r \<in> set (root t1) \<union> path_lverts t (hd x). r \<rightarrow>\<^bsub>T\<^esub> hd x)"
+
+abbreviation children_deg1 :: "(('a,'b) dtree \<times> 'b) fset \<Rightarrow> (('a,'b) dtree \<times> 'b) set" where
+ "children_deg1 xs \<equiv> {(t,e). (t,e) \<in> fset xs \<and> max_deg t \<le> 1}"
+
+lemma path_lverts_subset_dlverts: "path_lverts t x \<subseteq> dlverts t"
+ by(induction t x rule: path_lverts.induct) auto
+
+lemma path_lverts_to_list_eq:
+ "path_lverts t x = path_lverts_list (dtree_to_list (Node r0 {|(t,e)|})) x"
+ by (induction t rule: dtree_to_list.induct) (auto simp: path_lverts_list_def)
+
+lemma path_lverts_from_list_eq:
+ "path_lverts (dtree_from_list r0 ys) x = path_lverts_list ((r0,e0)#ys) x"
+ unfolding path_lverts_list_def using path_lverts.simps(2)[of "{||}"]
+ by (induction ys rule: dtree_from_list.induct) (force, cases "x \<in> set r0", auto)
+
+lemma path_lverts_child_union_root_sub:
+ assumes "t2 \<in> fst ` fset (sucs t1)"
+ shows "path_lverts t1 x \<subseteq> set (root t1) \<union> path_lverts t2 x"
+proof(cases "\<forall>x. sucs t1 \<noteq> {|x|}")
+ case True
+ then show ?thesis using path_lverts.simps(2)[of "sucs t1" "root t1"] by simp
+next
+ case False
+ then obtain e2 where "sucs t1 = {|(t2,e2)|}" using assms by fastforce
+ then show ?thesis
+ using path_lverts.simps(1)[of "root t1" t2 e2] dtree.collapse[of t1]
+ by(cases "x \<in> set (root t1)") fastforce+
+qed
+
+lemma path_lverts_simps1_sucs:
+ "\<lbrakk>x \<notin> set (root t1); sucs t1 = {|(t2,e2)|}\<rbrakk>
+ \<Longrightarrow> set (root t1) \<union> path_lverts t2 x = path_lverts t1 x"
+ using path_lverts.simps(1)[of "root t1" t2 e2 x] dtree.exhaust_sel[of t1] by argo
+
+lemma subtree_path_lverts_sub:
+ "\<lbrakk>wf_dlverts t1; max_deg t1 \<le> 1; is_subtree (Node r xs) t1; t2 \<in> fst ` fset xs; x\<in>set (root t2)\<rbrakk>
+ \<Longrightarrow> set r \<subseteq> path_lverts t1 x"
+proof(induction t1)
+ case (Node r1 xs1)
+ then have "xs1 \<noteq> {||}" by force
+ then have "max_deg (Node r1 xs1) = 1"
+ using Node.prems(2) empty_if_mdeg_0[of r1 xs1] by fastforce
+ then obtain t e where t_def: "xs1 = {|(t,e)|}" using mdeg_1_singleton by fastforce
+ have x_t2: "x \<in> dlverts t2" using Node.prems(5) lverts_if_in_verts dtree.set_sel(1) by fast
+ show ?case
+ proof(cases "Node r1 xs1 = Node r xs")
+ case True
+ then show ?thesis using Node.prems(1,4) x_t2 t_def by force
+ next
+ case False
+ then have 0: "is_subtree (Node r xs) t" using t_def Node.prems(3) by force
+ moreover have "max_deg t \<le> 1" using t_def Node.prems(2) mdeg_ge_child[of t e xs1] by simp
+ moreover have "x \<notin> set r1" using t_def x_t2 Node.prems(1,4) 0 subtree_in_dlverts by force
+ ultimately show ?thesis using Node.IH t_def Node.prems(1,4,5) by auto
+ qed
+qed
+
+lemma path_lverts_empty_if_roothd:
+ assumes "root t \<noteq> []"
+ shows "path_lverts t (hd (root t)) = {}"
+proof(cases "\<forall>x. sucs t \<noteq> {|x|}")
+ case True
+ then show ?thesis using path_lverts.simps(2)[of "sucs t" "root t"] by force
+next
+ case False
+ then obtain t1 e1 where t1_def: "sucs t = {|(t1, e1)|}" by auto
+ then have "path_lverts t (hd (root t)) =
+ (if hd (root t) \<in> set (root t) then {} else set (root t) \<union> path_lverts t1 (hd (root t)))"
+ using path_lverts.simps(1) dtree.collapse by metis
+ then show ?thesis using assms by simp
+qed
+
+lemma path_lverts_subset_root_if_childhd:
+ assumes "t1 \<in> fst ` fset (sucs t)" and "root t1 \<noteq> []"
+ shows "path_lverts t (hd (root t1)) \<subseteq> set (root t)"
+proof(cases "\<forall>x. sucs t \<noteq> {|x|}")
+ case True
+ then show ?thesis using path_lverts.simps(2)[of "sucs t" "root t"] by simp
+next
+ case False
+ then obtain e1 where "sucs t = {|(t1, e1)|}" using assms(1) by fastforce
+ then have "path_lverts t (hd (root t1)) =
+ (if hd (root t1) \<in> set (root t) then {} else set (root t) \<union> path_lverts t1 (hd (root t1)))"
+ using path_lverts.simps(1) dtree.collapse by metis
+ then show ?thesis using path_lverts_empty_if_roothd[OF assms(2)] by auto
+qed
+
+lemma path_lverts_list_merge_supset_xs_notin:
+ "\<forall>v \<in> fst ` set ys. a \<notin> set v
+ \<Longrightarrow> path_lverts_list xs a \<subseteq> path_lverts_list (Sorting_Algorithms.merge cmp xs ys) a"
+proof(induction xs ys taking: cmp rule: Sorting_Algorithms.merge.induct)
+ case (3 x xs y ys)
+ obtain v1 e1 where v1_def[simp]: "x = (v1,e1)" by force
+ obtain v2 e2 where "y = (v2,e2)" by force
+ then show ?case using 3 by (auto simp: path_lverts_list_def)
+qed (auto simp: path_lverts_list_def)
+
+lemma path_lverts_list_merge_supset_ys_notin:
+ "\<forall>v \<in> fst ` set xs. a \<notin> set v
+ \<Longrightarrow> path_lverts_list ys a \<subseteq> path_lverts_list (Sorting_Algorithms.merge cmp xs ys) a"
+proof(induction xs ys taking: cmp rule: Sorting_Algorithms.merge.induct)
+ case (3 x xs y ys)
+ obtain v1 e1 where v1_def[simp]: "x = (v1,e1)" by force
+ obtain v2 e2 where "y = (v2,e2)" by force
+ then show ?case using 3 by (auto simp: path_lverts_list_def)
+qed (auto simp: path_lverts_list_def)
+
+lemma path_lverts_list_merge_supset_xs:
+ "\<lbrakk>\<exists>v \<in> fst ` set xs. a \<in> set v; \<forall>v1 \<in> fst ` set xs. \<forall>v2 \<in> fst ` set ys. set v1 \<inter> set v2 = {}\<rbrakk>
+ \<Longrightarrow> path_lverts_list xs a \<subseteq> path_lverts_list (Sorting_Algorithms.merge cmp xs ys) a"
+ using path_lverts_list_merge_supset_xs_notin by fast
+
+lemma path_lverts_list_merge_supset_ys:
+ "\<lbrakk>\<exists>v \<in> fst ` set ys. a \<in> set v; \<forall>v1 \<in> fst ` set xs. \<forall>v2 \<in> fst ` set ys. set v1 \<inter> set v2 = {}\<rbrakk>
+ \<Longrightarrow> path_lverts_list ys a \<subseteq> path_lverts_list (Sorting_Algorithms.merge cmp xs ys) a"
+ using path_lverts_list_merge_supset_ys_notin by fast
+
+lemma dom_children_if_all_singletons:
+ "\<forall>(t1,e1) \<in> fset xs. dom_children (Node r {|(t1, e1)|}) T \<Longrightarrow> dom_children (Node r xs) T"
+ by (auto simp: dom_children_def)
+
+lemma dom_children_all_singletons:
+ "\<lbrakk>dom_children (Node r xs) T; (t1,e1) \<in> fset xs\<rbrakk> \<Longrightarrow> dom_children (Node r {|(t1, e1)|}) T"
+ by (auto simp: dom_children_def)
+
+lemma dom_children_all_singletons':
+ "\<lbrakk>dom_children (Node r xs) T; t1\<in> fst ` fset xs\<rbrakk> \<Longrightarrow> dom_children (Node r {|(t1, e1)|}) T"
+ by (auto simp: dom_children_def)
+
+lemma root_arc_if_dom_root_child_nempty:
+ "\<lbrakk>dom_children (Node r xs) T; t1 \<in> fst ` fset xs; root t1 \<noteq> []\<rbrakk>
+ \<Longrightarrow> \<exists>x\<in>set r. \<exists>y\<in>set (root t1). x \<rightarrow>\<^bsub>T\<^esub> y"
+ unfolding dom_children_def using dtree.set_sel(1) path_lverts_empty_if_roothd[of t1]
+ by fastforce
+
+lemma root_arc_if_dom_root_child_wfdlverts:
+ "\<lbrakk>dom_children (Node r xs) T; t1 \<in> fst ` fset xs; wf_dlverts t1\<rbrakk>
+ \<Longrightarrow> \<exists>x\<in>set r. \<exists>y\<in>set (root t1). x \<rightarrow>\<^bsub>T\<^esub> y"
+ using root_arc_if_dom_root_child_nempty dtree.set_sel(1)[of t1] empty_notin_wf_dlverts
+ by fastforce
+
+lemma root_arc_if_dom_wfdlverts:
+ "\<lbrakk>dom_children (Node r xs) T; t1 \<in> fst ` fset xs; wf_dlverts (Node r xs)\<rbrakk>
+ \<Longrightarrow> \<exists>x\<in>set r. \<exists>y\<in>set (root t1). x \<rightarrow>\<^bsub>T\<^esub> y"
+ using root_arc_if_dom_root_child_wfdlverts[of r xs T t1] by fastforce
+
+lemma children_deg1_sub_xs: "{(t,e). (t,e) \<in> fset xs \<and> max_deg t \<le> 1} \<subseteq> (fset xs)"
+ by blast
+
+lemma finite_children_deg1: "finite {(t,e). (t,e) \<in> fset xs \<and> max_deg t \<le> 1}"
+ using children_deg1_sub_xs[of xs] by (simp add: finite_subset)
+
+lemma finite_children_deg1': "{(t,e). (t,e) \<in> fset xs \<and> max_deg t \<le> 1} \<in> {A. finite A}"
+ using finite_children_deg1 by blast
+
+lemma children_deg1_fset_id[simp]: "fset (Abs_fset (children_deg1 xs)) = children_deg1 xs"
+ using Abs_fset_inverse[OF finite_children_deg1'] by auto
+
+lemma xs_sub_children_deg1: "\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1 \<Longrightarrow> (fset xs) \<subseteq> children_deg1 xs"
+ by auto
+
+lemma children_deg1_full:
+ "\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1 \<Longrightarrow> (Abs_fset (children_deg1 xs)) = xs"
+ using xs_sub_children_deg1[of xs] children_deg1_sub_xs[of xs] by (simp add: fset_inverse)
+
+locale ranked_dtree_with_orig = ranked_dtree t rank cmp + directed_tree T root
+ for t :: "('a list, 'b) dtree" and rank cost cmp and T :: "('a, 'b) pre_digraph" and root +
+ assumes asi_rank: "asi rank root cost"
+ and dom_mdeg_gt1:
+ "\<lbrakk>is_subtree (Node r xs) t; t1 \<in> fst ` fset xs; max_deg (Node r xs) > 1\<rbrakk>
+ \<Longrightarrow> \<exists>v \<in> set r. v \<rightarrow>\<^bsub>T\<^esub> hd (Dtree.root t1)"
+ and dom_sub_contr:
+ "\<lbrakk>is_subtree (Node r xs) t; t1 \<in> fst ` fset xs;
+ \<exists>v t2 e2. is_subtree (Node v {|(t2,e2)|}) (Node r xs) \<and> rank (rev (Dtree.root t2)) < rank (rev v)\<rbrakk>
+ \<Longrightarrow> \<exists>v \<in> set r. v \<rightarrow>\<^bsub>T\<^esub> hd (Dtree.root t1)"
+ and dom_contr:
+ "\<lbrakk>is_subtree (Node r {|(t1,e1)|}) t; rank (rev (Dtree.root t1)) < rank (rev r);
+ max_deg (Node r {|(t1,e1)|}) = 1\<rbrakk>
+ \<Longrightarrow> dom_children (Node r {|(t1,e1)|}) T"
+ and dom_wedge:
+ "\<lbrakk>is_subtree (Node r xs) t; fcard xs > 1\<rbrakk>
+ \<Longrightarrow> dom_children (Node r (Abs_fset (children_deg1 xs))) T"
+ and arc_in_dlverts:
+ "\<lbrakk>is_subtree (Node r xs) t; x \<in> set r; x \<rightarrow>\<^bsub>T\<^esub> y\<rbrakk> \<Longrightarrow> y \<in> dlverts (Node r xs)"
+ and verts_conform: "v \<in> dverts t \<Longrightarrow> seq_conform v"
+ and verts_distinct: "v \<in> dverts t \<Longrightarrow> distinct v"
+begin
+
+lemma dom_contr':
+ "\<lbrakk>is_subtree (Node r {|(t1,e1)|}) t; rank (rev (Dtree.root t1)) < rank (rev r);
+ max_deg (Node r {|(t1,e1)|}) \<le> 1\<rbrakk>
+ \<Longrightarrow> dom_children (Node r {|(t1,e1)|}) T"
+ using dom_contr mdeg_ge_sub mdeg_singleton[of r t1] by (simp add: fcard_single_1)
+
+lemma dom_self_contr:
+ "\<lbrakk>is_subtree (Node r {|(t1,e1)|}) t; rank (rev (Dtree.root t1)) < rank (rev r)\<rbrakk>
+ \<Longrightarrow> \<exists>v \<in> set r. v \<rightarrow>\<^bsub>T\<^esub> hd (Dtree.root t1)"
+ using dom_sub_contr by fastforce
+
+lemma dom_wedge_full:
+ "\<lbrakk>is_subtree (Node r xs) t; fcard xs > 1; \<forall>t \<in> fst ` fset xs. max_deg t \<le> 1\<rbrakk>
+ \<Longrightarrow> dom_children (Node r xs) T"
+ using dom_wedge children_deg1_full by fastforce
+
+lemma dom_wedge_singleton:
+ "\<lbrakk>is_subtree (Node r xs) t; fcard xs > 1; t1 \<in> fst ` fset xs; max_deg t1 \<le> 1\<rbrakk>
+ \<Longrightarrow> dom_children (Node r {|(t1,e1)|}) T"
+ using dom_children_all_singletons' dom_wedge children_deg1_fset_id by fastforce
+
+lemma arc_to_dverts_in_subtree:
+ "\<lbrakk>is_subtree (Node r xs) t; x \<in> set r; x \<rightarrow>\<^bsub>T\<^esub> y; y \<in> set v; v \<in> dverts t\<rbrakk>
+ \<Longrightarrow> v \<in> dverts (Node r xs)"
+ using list_in_verts_if_lverts[OF arc_in_dlverts] dverts_same_if_set_wf[OF wf_lverts]
+ dverts_subtree_subset by blast
+
+lemma dlverts_arc_in_dlverts:
+ "\<lbrakk>is_subtree t1 t; x \<rightarrow>\<^bsub>T\<^esub> y; x \<in> dlverts t1\<rbrakk> \<Longrightarrow> y \<in> dlverts t1"
+proof(induction t1)
+ case (Node r xs)
+ then show ?case
+ proof(cases "x \<in> set r")
+ case True
+ then show ?thesis using arc_in_dlverts Node.prems(1,2) by blast
+ next
+ case False
+ then obtain t2 e2 where t2_def: "(t2,e2) \<in> fset xs" "x \<in> dlverts t2"
+ using Node.prems(3) by auto
+ then have "is_subtree t2 (Node r xs)" using subtree_if_child by fastforce
+ then have "is_subtree t2 t" using Node.prems(1) subtree_trans by blast
+ then show ?thesis using Node.IH Node.prems(2) t2_def by fastforce
+ qed
+qed
+
+lemma dverts_arc_in_dlverts:
+ "\<lbrakk>is_subtree t1 t; v1 \<in> dverts t1; x \<in> set v1; x \<rightarrow>\<^bsub>T\<^esub> y\<rbrakk> \<Longrightarrow> y \<in> dlverts t1"
+ using dlverts_arc_in_dlverts by (simp add: lverts_if_in_verts)
+
+lemma dverts_arc_in_dverts:
+ assumes "is_subtree t1 t"
+ and "v1 \<in> dverts t1"
+ and "x \<in> set v1"
+ and "x \<rightarrow>\<^bsub>T\<^esub> y"
+ and "y \<in> set v2"
+ and "v2 \<in> dverts t"
+ shows "v2 \<in> dverts t1"
+proof -
+ have "x \<in> dlverts t1" using assms(2,3) lverts_if_in_verts by fast
+ then obtain v where v_def: "v\<in>dverts t1" "y \<in> set v"
+ using list_in_verts_if_lverts[OF dlverts_arc_in_dlverts] assms(1-4) lverts_if_in_verts by blast
+ then show ?thesis
+ using dverts_same_if_set_wf[OF wf_lverts] assms(1,5,6) dverts_subtree_subset by blast
+qed
+
+lemma dlverts_reach1_in_dlverts:
+ "\<lbrakk>x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y; is_subtree t1 t; x \<in> dlverts t1\<rbrakk> \<Longrightarrow> y \<in> dlverts t1"
+ by(induction x y rule: trancl.induct) (auto simp: dlverts_arc_in_dlverts)
+
+lemma dlverts_reach_in_dlverts:
+ "\<lbrakk>x \<rightarrow>\<^sup>*\<^bsub>T\<^esub> y; is_subtree t1 t; x \<in> dlverts t1\<rbrakk> \<Longrightarrow> y \<in> dlverts t1"
+ using dlverts_reach1_in_dlverts by blast
+
+lemma dverts_reach1_in_dlverts:
+ "\<lbrakk>is_subtree t1 t; v1 \<in> dverts t1; x \<in> set v1; x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y\<rbrakk> \<Longrightarrow> y \<in> dlverts t1"
+ using dlverts_reach1_in_dlverts by (simp add: lverts_if_in_verts)
+
+lemma dverts_reach_in_dlverts:
+ "\<lbrakk>is_subtree t1 t; v1 \<in> dverts t1; x \<in> set v1; x \<rightarrow>\<^sup>*\<^bsub>T\<^esub> y\<rbrakk> \<Longrightarrow> y \<in> dlverts t1"
+ using list_in_verts_iff_lverts dverts_reach1_in_dlverts by (cases "x=y",fastforce,blast)
+
+lemma dverts_reach1_in_dverts:
+ "\<lbrakk>is_subtree t1 t; v1 \<in> dverts t1; x \<in> set v1; x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y; y \<in> set v2; v2 \<in> dverts t\<rbrakk>
+ \<Longrightarrow> v2 \<in> dverts t1"
+ by (meson dverts_reach1_in_dlverts dverts_arc_in_dverts list_in_verts_if_lverts tranclE)
+
+lemma dverts_same_if_set_subtree:
+ "\<lbrakk>is_subtree t1 t; v1 \<in> dverts t1; x \<in> set v1; x \<in> set v2; v2 \<in> dverts t\<rbrakk> \<Longrightarrow> v1 = v2"
+ using dverts_same_if_set_wf[OF wf_lverts] dverts_subtree_subset by blast
+
+lemma dverts_reach_in_dverts:
+ "\<lbrakk>is_subtree t1 t; v1 \<in> dverts t1; x \<in> set v1; x \<rightarrow>\<^sup>*\<^bsub>T\<^esub> y; y \<in> set v2; v2 \<in> dverts t\<rbrakk>
+ \<Longrightarrow> v2 \<in> dverts t1"
+ using dverts_same_if_set_subtree dverts_reach1_in_dverts by blast
+
+lemma dverts_reach1_in_dverts_root:
+ "\<lbrakk>is_subtree t1 t; v \<in> dverts t; \<exists>x\<in>set (Dtree.root t1). \<exists>y\<in>set v. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y\<rbrakk>
+ \<Longrightarrow> v \<in> dverts t1"
+ using dverts_reach1_in_dverts dtree.set_sel(1) by blast
+
+lemma dverts_reach1_in_dverts_r:
+ "\<lbrakk>is_subtree (Node r xs) t; v \<in> dverts t; \<exists>x\<in>set r. \<exists>y\<in>set v. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y\<rbrakk>
+ \<Longrightarrow> v \<in> dverts (Node r xs)"
+ using dverts_reach1_in_dverts[of "Node r xs"] by (auto intro: dtree.set_intros(1))
+
+lemma dom_mdeg_gt1_subtree:
+ "\<lbrakk>is_subtree tn t; is_subtree (Node r xs) tn; t1 \<in> fst ` fset xs; max_deg (Node r xs) > 1\<rbrakk>
+ \<Longrightarrow> \<exists>v \<in> set r. v \<rightarrow>\<^bsub>T\<^esub> hd (Dtree.root t1)"
+ using dom_mdeg_gt1 subtree_trans by blast
+
+lemma dom_sub_contr_subtree:
+ "\<lbrakk>is_subtree tn t; is_subtree (Node r xs) tn; t1 \<in> fst ` fset xs;
+ \<exists>v t2 e2. is_subtree (Node v {|(t2,e2)|}) (Node r xs) \<and> rank (rev (Dtree.root t2)) < rank (rev v)\<rbrakk>
+ \<Longrightarrow> \<exists>v \<in> set r. v \<rightarrow>\<^bsub>T\<^esub> hd (Dtree.root t1)"
+ using dom_sub_contr subtree_trans by blast
+
+lemma dom_contr_subtree:
+ "\<lbrakk>is_subtree tn t; is_subtree (Node r {|(t1,e1)|}) tn; rank (rev (Dtree.root t1)) < rank (rev r);
+ max_deg (Node r {|(t1,e1)|}) = 1\<rbrakk>
+ \<Longrightarrow> dom_children (Node r {|(t1,e1)|}) T"
+ using dom_contr subtree_trans by blast
+
+lemma dom_wedge_subtree:
+ "\<lbrakk>is_subtree tn t; is_subtree (Node r xs) tn; fcard xs > 1\<rbrakk>
+ \<Longrightarrow> dom_children (Node r (Abs_fset (children_deg1 xs))) T"
+ using dom_wedge subtree_trans by blast
+
+corollary dom_wedge_subtree':
+ "is_subtree tn t \<Longrightarrow>\<forall>r xs. is_subtree (Node r xs) tn \<longrightarrow> fcard xs > 1
+ \<longrightarrow> dom_children (Node r (Abs_fset {(t, e). (t, e) \<in> fset xs \<and> max_deg t \<le> Suc 0})) T"
+ by (auto simp only: dom_wedge_subtree One_nat_def[symmetric])
+
+lemma dom_wedge_full_subtree:
+ "\<lbrakk>is_subtree tn t; is_subtree (Node r xs) tn; fcard xs > 1; \<forall>t \<in> fst ` fset xs. max_deg t \<le> 1\<rbrakk>
+ \<Longrightarrow> dom_children (Node r xs) T"
+ using dom_wedge_full subtree_trans by fast
+
+lemma arc_in_dlverts_subtree:
+ "\<lbrakk>is_subtree tn t; is_subtree (Node r xs) tn; x \<in> set r; x \<rightarrow>\<^bsub>T\<^esub> y\<rbrakk> \<Longrightarrow> y \<in> dlverts (Node r xs)"
+ using arc_in_dlverts subtree_trans by blast
+
+corollary arc_in_dlverts_subtree':
+ "is_subtree tn t \<Longrightarrow> \<forall>r xs. is_subtree (Node r xs) tn \<longrightarrow> (\<forall>x. x \<in> set r
+ \<longrightarrow> (\<forall>y. x \<rightarrow>\<^bsub>T\<^esub> y \<longrightarrow> y \<in> set r \<or> (\<exists>c\<in>fset xs. y \<in> dlverts (fst c))))"
+ using arc_in_dlverts_subtree by simp
+
+lemma verts_conform_subtree: "\<lbrakk>is_subtree tn t; v \<in> dverts tn\<rbrakk> \<Longrightarrow> seq_conform v"
+ using verts_conform dverts_subtree_subset by blast
+
+lemma verts_distinct_subtree: "\<lbrakk>is_subtree tn t; v \<in> dverts tn\<rbrakk> \<Longrightarrow> distinct v"
+ using verts_distinct dverts_subtree_subset by blast
+
+lemma ranked_dtree_orig_subtree: "is_subtree x t \<Longrightarrow> ranked_dtree_with_orig x rank cost cmp T root"
+ unfolding ranked_dtree_with_orig_def ranked_dtree_with_orig_axioms_def
+ by (simp add: ranked_dtree_subtree directed_tree_axioms dom_mdeg_gt1_subtree dom_contr_subtree
+ dom_sub_contr_subtree dom_wedge_subtree' arc_in_dlverts_subtree'
+ verts_conform_subtree verts_distinct_subtree asi_rank)
+
+corollary ranked_dtree_orig_rec:
+ "\<lbrakk>Node r xs = t; (x,e) \<in> fset xs\<rbrakk> \<Longrightarrow> ranked_dtree_with_orig x rank cost cmp T root"
+ using ranked_dtree_orig_subtree[of x] subtree_if_child[of x xs] by force
+
+lemma child_disjoint_root:
+ "\<lbrakk>is_subtree (Node r xs) t; t1 \<in> fst ` fset xs\<rbrakk> \<Longrightarrow> set r \<inter> set (Dtree.root t1) = {}"
+ using wf_dlverts_subtree[OF wf_lverts] dlverts_eq_dverts_union dtree.set_sel(1) by fastforce
+
+lemma distint_verts_subtree:
+ assumes "is_subtree (Node r xs) t" and "t1 \<in> fst ` fset xs"
+ shows "distinct (r @ Dtree.root t1)"
+proof -
+ have "(Dtree.root t1) \<in> dverts t" using dtree.set_sel(1) assms dverts_subtree_subset by fastforce
+ then show ?thesis
+ using verts_distinct assms(1) dverts_subtree_subset child_disjoint_root[OF assms] by force
+qed
+
+corollary distint_verts_singleton_subtree:
+ "is_subtree (Node r {|(t1,e1)|}) t \<Longrightarrow> distinct (r @ Dtree.root t1)"
+ using distint_verts_subtree by simp
+
+lemma dom_between_child_roots:
+ assumes "is_subtree (Node r {|(t1,e1)|}) t" and "rank (rev (Dtree.root t1)) < rank (rev r)"
+ shows "\<exists>x\<in>set r. \<exists>y\<in>set (Dtree.root t1). x \<rightarrow>\<^bsub>T\<^esub> y"
+ using dom_self_contr[OF assms] wf_dlverts_subtree[OF wf_lverts assms(1)]
+ hd_in_set[of "Dtree.root t1"] dtree.set_sel(1)[of t1] empty_notin_wf_dlverts[of t1] by fastforce
+
+lemma contr_before:
+ assumes "is_subtree (Node r {|(t1,e1)|}) t" and "rank (rev (Dtree.root t1)) < rank (rev r)"
+ shows "before r (Dtree.root t1)"
+proof -
+ have "(Dtree.root t1) \<in> dverts t" using dtree.set_sel(1) assms(1) dverts_subtree_subset by fastforce
+ then have "seq_conform (Dtree.root t1)" using verts_conform by simp
+ moreover have "seq_conform r" using verts_conform assms(1) dverts_subtree_subset by force
+ ultimately show ?thesis
+ using before_def dom_between_child_roots[OF assms] child_disjoint_root[OF assms(1)] by auto
+qed
+
+lemma contr_forward:
+ assumes "is_subtree (Node r {|(t1,e1)|}) t" and "rank (rev (Dtree.root t1)) < rank (rev r)"
+ shows "forward (r@Dtree.root t1)"
+proof -
+ have "(Dtree.root t1) \<in> dverts t" using dtree.set_sel(1) assms(1) dverts_subtree_subset by fastforce
+ then have "seq_conform (Dtree.root t1)" using verts_conform by simp
+ moreover have "seq_conform r" using verts_conform assms(1) dverts_subtree_subset by force
+ ultimately show ?thesis
+ using seq_conform_def forward_arcs_alt dom_self_contr assms forward_app by simp
+qed
+
+lemma contr_seq_conform:
+ "\<lbrakk>is_subtree (Node r {|(t1,e1)|}) t; rank (rev (Dtree.root t1)) < rank (rev r)\<rbrakk>
+ \<Longrightarrow> seq_conform (r @ Dtree.root t1)"
+ using seq_conform_if_before contr_before by simp
+
+lemma verts_forward: "\<forall>v \<in> dverts t. forward v"
+ using seq_conform_alt verts_conform by simp
+
+lemma dverts_reachable1_if_dom_children_aux_root:
+ assumes "\<forall>v\<in>dverts (Node r xs). \<exists>x\<in>set r0 \<union> X \<union> path_lverts (Node r xs) (hd v). x \<rightarrow>\<^bsub>T\<^esub> hd v"
+ and "\<forall>y\<in>X. \<exists>x\<in>set r0. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+ and "forward r"
+ shows "\<forall>y\<in>set r. \<exists>x\<in>set r0. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+proof(cases "r = []")
+ case False
+ then have "path_lverts (Node r xs) (hd r) = {}"
+ using path_lverts_empty_if_roothd[of "Node r xs"] by simp
+ then obtain x where x_def: "x\<in>set r0 \<union> X" "x \<rightarrow>\<^bsub>T\<^esub> hd r" using assms(1) by auto
+ then have "hd r \<in> verts T" using adj_in_verts(2) by auto
+ then have "\<forall>y\<in>set r. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+ using hd_reach_all_forward x_def(2) assms(3) reachable1_reachable_trans by blast
+ moreover obtain y where "y \<in> set r0" "y \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x" using assms(2) x_def by auto
+ ultimately show ?thesis using reachable_reachable1_trans by blast
+qed(simp)
+
+lemma dverts_reachable1_if_dom_children_aux:
+ "\<lbrakk>\<forall>v\<in>dverts t1. \<exists>x\<in>set r0 \<union> X \<union> path_lverts t1 (hd v). x \<rightarrow>\<^bsub>T\<^esub> hd v;
+ \<forall>y\<in>X. \<exists>x\<in>set r0. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y; \<forall>v\<in>dverts t1. forward v; v\<in>dverts t1\<rbrakk>
+ \<Longrightarrow> \<forall>y\<in>set v. \<exists>x\<in>set r0. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+proof(induction t1 arbitrary: X rule: dtree_to_list.induct)
+ case (1 r t e)
+ have r_reachable1: "\<forall>y\<in>set r. \<exists>x\<in>set r0. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+ using dverts_reachable1_if_dom_children_aux_root[OF "1.prems"(1,2)] "1.prems"(3) by simp
+ then show ?case
+ proof(cases "r = v")
+ case True
+ then show ?thesis using r_reachable1 by simp
+ next
+ case False
+ have r_reach1: "\<forall>y\<in>set r \<union> X. \<exists>x\<in>set r0. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y" using "1.prems"(2) r_reachable1 by blast
+ have "\<forall>x. path_lverts (Node r {|(t, e)|}) x \<subseteq> set r \<union> path_lverts t x"
+ by simp
+ then have 0: "\<forall>v\<in>dverts t. \<exists>x\<in>set r0 \<union> (set r \<union> X) \<union> (path_lverts t (hd v)). x \<rightarrow>\<^bsub>T\<^esub> hd v"
+ using "1.prems"(1) by fastforce
+ then show ?thesis using "1.IH"[OF 0 r_reach1] "1.prems"(3,4) False by simp
+ qed
+next
+ case (2 xs r)
+ then show ?case
+ proof(cases "\<exists>x\<in>set r0 \<union> X. x \<rightarrow>\<^bsub>T\<^esub> hd v")
+ case True
+ then obtain x where x_def: "x\<in>set r0 \<union> X" "x \<rightarrow>\<^bsub>T\<^esub> hd v" using "2.prems"(1,4) by blast
+ then have "hd v \<in> verts T" using x_def(2) adj_in_verts(2) by auto
+ moreover have "forward v" using "2.prems"(3,4) by blast
+ ultimately have v_reach1: "\<forall>y\<in>set v. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+ using hd_reach_all_forward x_def(2) reachable1_reachable_trans by blast
+ then show ?thesis using "2.prems"(2) x_def(1) reachable_reachable1_trans by blast
+ next
+ case False
+ then obtain x where x_def: "x \<in> path_lverts (Node r xs) (hd v)" "x \<rightarrow>\<^bsub>T\<^esub> hd v"
+ using "2.prems"(1,4) by blast
+ then have "x \<in> set r" using path_lverts.simps(2)[OF "2.hyps"] empty_iff by metis
+ then obtain x' where x'_def: "x'\<in>set r0" "x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> x"
+ using dverts_reachable1_if_dom_children_aux_root[OF "2.prems"(1,2)] "2.prems"(3) by auto
+ then have x'_v: "x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> hd v" using x_def(2) by simp
+ then have "hd v \<in> verts T" using x_def(2) adj_in_verts(2) by auto
+ moreover have "forward v" using "2.prems"(3,4) by blast
+ ultimately have v_reach1: "\<forall>y\<in>set v. x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+ using hd_reach_all_forward x'_v reachable1_reachable_trans by blast
+ then show ?thesis using x'_def(1) by blast
+ qed
+qed
+
+lemma dlverts_reachable1_if_dom_children_aux:
+ "\<lbrakk>\<forall>v\<in>dverts t1. \<exists>x\<in>set r \<union> X \<union> path_lverts t1 (hd v). x \<rightarrow>\<^bsub>T\<^esub> hd v;
+ \<forall>y\<in>X. \<exists>x\<in>set r. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y; \<forall>v\<in>dverts t1. forward v; y\<in>dlverts t1\<rbrakk>
+ \<Longrightarrow> \<exists>x\<in>set r. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+ using dverts_reachable1_if_dom_children_aux list_in_verts_iff_lverts[of y t1] by blast
+
+lemma dverts_reachable1_if_dom_children:
+ assumes "dom_children t1 T" and "v \<in> dverts t1" and "v \<noteq> Dtree.root t1" and "\<forall>v\<in>dverts t1. forward v"
+ shows "\<forall>y\<in>set v. \<exists>x\<in>set (Dtree.root t1). x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+proof -
+ obtain t2 where t2_def: "t2 \<in> fst ` fset (sucs t1)" "v \<in> dverts t2"
+ using assms(2,3) dverts_root_or_suc by force
+ then have 0: "\<forall>v\<in>dverts t2. \<exists>x\<in>set (Dtree.root t1) \<union> {} \<union> path_lverts t2 (hd v). x \<rightarrow>\<^bsub>T\<^esub> hd v"
+ using assms(1) unfolding dom_children_def by blast
+ moreover have "\<forall>v\<in>dverts t2. forward v" using assms(4) t2_def(1) dverts_suc_subseteq by blast
+ ultimately show ?thesis using dverts_reachable1_if_dom_children_aux t2_def(2) by blast
+qed
+
+lemma subtree_dverts_reachable1_if_mdeg_gt1:
+ "\<lbrakk>is_subtree t1 t; max_deg t1 > 1; v \<in> dverts t1; v \<noteq> Dtree.root t1\<rbrakk>
+ \<Longrightarrow> \<forall>y\<in>set v. \<exists>x\<in>set (Dtree.root t1). x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+proof(induction t1)
+ case (Node r xs)
+ then obtain t2 e2 where t2_def: "(t2,e2) \<in> fset xs" "v \<in> dverts t2" by auto
+ then obtain x where x_def: "x\<in>set r" "x \<rightarrow>\<^bsub>T\<^esub> hd (Dtree.root t2)"
+ using dom_mdeg_gt1 Node.prems(1,2) by fastforce
+ then have t2_T: "hd (Dtree.root t2) \<in> verts T" using adj_in_verts(2) by simp
+ have "is_subtree t2 (Node r xs)" using subtree_if_child[of t2 xs r] t2_def(1) by force
+ then have subt2: "is_subtree t2 t" using subtree_trans Node.prems(1) by blast
+ have "Dtree.root t2 \<in> dverts t"
+ using subt2 dverts_subtree_subset by (fastforce simp: dtree.set_sel(1))
+ then have fwd_t2: "forward (Dtree.root t2)" by (simp add: verts_forward)
+ then have t2_reach1: "\<forall>y\<in>set (Dtree.root t2). x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+ using hd_reach_all_forward[OF t2_T fwd_t2] x_def(2) reachable1_reachable_trans by blast
+ then consider "Dtree.root t2 = v" | "Dtree.root t2 \<noteq> v" "max_deg t2 > 1" | "Dtree.root t2 \<noteq> v" "max_deg t2 \<le> 1"
+ by fastforce
+ then show ?case
+ proof(cases)
+ case 1
+ then show ?thesis using t2_reach1 x_def(1) by auto
+ next
+ case 2
+ then have "\<forall>y\<in>set v. \<exists>x\<in>set (Dtree.root t2). x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y" using Node.IH subt2 t2_def by simp
+ then show ?thesis
+ using t2_reach1 x_def(1) reachable1_reachable reachable1_reachable_trans
+ unfolding dtree.sel(1) by blast
+ next
+ case 3
+ then have "fcard xs > 1" using Node.prems(2) t2_def(1) fcard_gt1_if_mdeg_gt_child1 by fastforce
+ then have dom: "dom_children (Node r {|(t2,e2)|}) T"
+ using dom_wedge_singleton[OF Node.prems(1)] t2_def(1) 3(2) by fastforce
+ have "\<forall>v \<in> dverts (Node r xs). forward v"
+ using Node.prems(1) seq_conform_alt verts_conform_subtree by blast
+ then have "\<forall>v \<in> dverts (Node r {|(t2, e2)|}). forward v" using t2_def(1) by simp
+ then show ?thesis
+ using dverts_reachable1_if_dom_children[OF dom] t2_def(2) Node.prems(4)
+ unfolding dtree.sel(1) by simp
+ qed
+qed
+
+lemma subtree_dverts_reachable1_if_mdeg_gt1_singleton:
+ assumes "is_subtree (Node r {|(t1,e1)|}) t"
+ and "max_deg (Node r {|(t1,e1)|}) > 1"
+ and "v \<in> dverts t1"
+ and "v \<noteq> Dtree.root t1"
+ shows "\<forall>y\<in>set v. \<exists>x\<in>set (Dtree.root t1). x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+proof -
+ have "is_subtree t1 t" using subtree_trans[OF subtree_if_child assms(1)] by simp
+ then show ?thesis
+ using assms(2-4) mdeg_eq_child_if_singleton_gt1[OF assms(2)]
+ subtree_dverts_reachable1_if_mdeg_gt1 by simp
+qed
+
+lemma subtree_dverts_reachable1_if_mdeg_le1_subcontr:
+ "\<lbrakk>is_subtree t1 t; max_deg t1 \<le> 1; is_subtree (Node v2 {|(t2,e2)|}) t1;
+ rank (rev (Dtree.root t2)) < rank (rev v2); v \<in> dverts t1; v \<noteq> Dtree.root t1\<rbrakk>
+ \<Longrightarrow> \<forall>y\<in>set v. \<exists>x\<in>set (Dtree.root t1). x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+proof(induction t1)
+ case (Node r xs)
+ then show ?case
+ proof(cases "Node v2 {|(t2,e2)|} = Node r xs")
+ case True
+ then have "dom_children (Node r xs) T" using dom_contr' Node.prems(1,2,4) by blast
+ moreover have "\<forall>v \<in> dverts (Node r xs). forward v"
+ using Node.prems(1) seq_conform_alt verts_conform_subtree by blast
+ ultimately show ?thesis using dverts_reachable1_if_dom_children Node.prems(5,6) by blast
+ next
+ case False
+ then obtain t3 e3 where t3_def: "(t3,e3) \<in> fset xs" "is_subtree (Node v2 {|(t2,e2)|}) t3"
+ using Node.prems(3) by auto
+ then have t3_xs: "xs = {|(t3,e3)|}"
+ using Node.prems(2) by (simp add: singleton_if_mdeg_le1_elem)
+ then have v_t3: "v \<in> dverts t3" using Node.prems(5,6) by simp
+ then have t3_dom: "\<exists>x\<in>set r. x \<rightarrow>\<^bsub>T\<^esub> hd (Dtree.root t3)"
+ using dom_sub_contr Node.prems(1,3,4) t3_xs by fastforce
+ then have t3_T: "hd (Dtree.root t3) \<in> verts T" using adj_in_verts(2) by blast
+ have "is_subtree t3 (Node r xs)" using subtree_if_child[of t3 xs] t3_xs by simp
+ then have sub_t3: "is_subtree t3 t" using subtree_trans Node.prems(1) by blast
+ then have "Dtree.root t3 \<in> dverts t"
+ using dverts_subtree_subset by (fastforce simp: dtree.set_sel(1))
+ then have "forward (Dtree.root t3)" by (simp add: verts_forward)
+ then have t3_reach1: "\<exists>x\<in>set r. \<forall>y\<in>set(Dtree.root t3). x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+ using hd_reach_all_forward[OF t3_T] t3_dom reachable1_reachable_trans by blast
+ show ?thesis
+ proof(cases "v = Dtree.root t3")
+ case True
+ then show ?thesis using t3_reach1 by auto
+ next
+ case False
+ moreover have "max_deg t3 \<le> 1" using Node.prems(2) t3_def(1) mdeg_ge_child by fastforce
+ ultimately have "\<forall>y\<in>set v. \<exists>x\<in>set (Dtree.root t3). x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+ using Node.IH sub_t3 t3_def Node.prems(4) v_t3 by simp
+ then show ?thesis
+ using t3_reach1 reachable1_reachable_trans reachable1_reachable unfolding dtree.sel(1)
+ by blast
+ qed
+ qed
+qed
+
+lemma subtree_y_reach_if_mdeg_gt1_notroot_reach:
+ assumes "is_subtree (Node r {|(t1,e1)|}) t"
+ and "max_deg (Node r {|(t1,e1)|}) > 1"
+ and "v \<noteq> r"
+ and "v \<in> dverts t"
+ and "v \<noteq> Dtree.root t1"
+ and "y \<in> set v"
+ and "\<exists>x\<in>set r. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+ shows "\<exists>x'\<in>set (Dtree.root t1). x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+proof -
+ have "v \<in> dverts (Node r {|(t1,e1)|})" using dverts_reach1_in_dverts_r assms(1,4,6,7) by blast
+ then show ?thesis using subtree_dverts_reachable1_if_mdeg_gt1_singleton assms(1-3,5,6) by simp
+qed
+
+lemma subtree_eqroot_if_mdeg_gt1_reach:
+ "\<lbrakk>is_subtree (Node r {|(t1,e1)|}) t; max_deg (Node r {|(t1,e1)|}) > 1; v \<in> dverts t;
+ \<exists>y\<in>set v. \<not>(\<exists>x'\<in>set (Dtree.root t1). x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> (\<exists>x\<in>set r. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y); v \<noteq> r\<rbrakk>
+ \<Longrightarrow> Dtree.root t1 = v"
+ using subtree_y_reach_if_mdeg_gt1_notroot_reach by blast
+
+lemma subtree_rank_ge_if_mdeg_gt1_reach:
+ "\<lbrakk>is_subtree (Node r {|(t1,e1)|}) t; max_deg (Node r {|(t1,e1)|}) > 1; v \<in> dverts t;
+ \<exists>y\<in>set v. \<not>(\<exists>x'\<in>set (Dtree.root t1). x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> (\<exists>x\<in>set r. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y); v \<noteq> r\<rbrakk>
+ \<Longrightarrow> rank (rev (Dtree.root t1)) \<le> rank (rev v)"
+ using subtree_eqroot_if_mdeg_gt1_reach by blast
+
+lemma subtree_y_reach_if_mdeg_le1_notroot_subcontr:
+ assumes "is_subtree (Node r {|(t1,e1)|}) t"
+ and "max_deg (Node r {|(t1,e1)|}) \<le> 1"
+ and "is_subtree (Node v2 {|(t2,e2)|}) t1"
+ and "rank (rev (Dtree.root t2)) < rank (rev v2)"
+ and "v \<noteq> r"
+ and "v \<in> dverts t"
+ and "v \<noteq> Dtree.root t1"
+ and "y \<in> set v"
+ and "\<exists>x\<in>set r. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+ shows "\<exists>x'\<in>set (Dtree.root t1). x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+proof -
+ have 0: "is_subtree t1 (Node r {|(t1,e1)|})" using subtree_if_child[of t1 "{|(t1,e1)|}"] by simp
+ then have subt1: "is_subtree t1 t" using assms(1) subtree_trans by blast
+ have "v \<in> dverts (Node r {|(t1,e1)|})"
+ using dverts_reach1_in_dverts_r assms(1,6,8,9) by blast
+ then have "v \<in> dverts t1" using assms(5) by simp
+ moreover have "max_deg t1 \<le> 1" using assms(2) mdeg_ge_sub[OF 0] by simp
+ ultimately show ?thesis
+ using subtree_dverts_reachable1_if_mdeg_le1_subcontr[OF subt1] assms(3,4,7,8) by blast
+qed
+
+lemma rank_ge_if_mdeg_le1_dvert_nocontr:
+ assumes "max_deg t1 \<le> 1"
+ and "\<nexists>v2 t2 e2. is_subtree (Node v2 {|(t2,e2)|}) t1 \<and> rank (rev (Dtree.root t2)) < rank (rev v2)"
+ and "v \<in> dverts t1"
+ shows "rank (rev (Dtree.root t1)) \<le> rank (rev v)"
+using assms proof(induction t1)
+ case (Node r xs)
+ then show ?case
+ proof(cases "v = r")
+ case False
+ then obtain t2 e2 where t2_def: "xs = {|(t2,e2)|}" "v \<in> dverts t2"
+ using Node.prems(1,3) singleton_if_mdeg_le1_elem by fastforce
+ have "max_deg t2 \<le> 1" using Node.prems(1) mdeg_ge_child[of t2 e2 xs] t2_def(1) by simp
+ then have "rank (rev (Dtree.root t2)) \<le> rank (rev v)"
+ using Node.IH t2_def Node.prems(2) by fastforce
+ then show ?thesis using Node.prems(2) t2_def(1) by fastforce
+ qed(simp)
+qed
+
+lemma subtree_rank_ge_if_mdeg_le1_nocontr:
+ assumes "is_subtree (Node r {|(t1,e1)|}) t"
+ and "max_deg (Node r {|(t1,e1)|}) \<le> 1"
+ and "\<nexists>v2 t2 e2. is_subtree (Node v2 {|(t2,e2)|}) t1 \<and> rank (rev (Dtree.root t2)) < rank (rev v2)"
+ and "v \<noteq> r"
+ and "v \<in> dverts t"
+ and "y \<in> set v"
+ and "\<exists>x\<in>set r. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y"
+ shows "rank (rev (Dtree.root t1)) \<le> rank (rev v)"
+proof -
+ have 0: "is_subtree t1 (Node r {|(t1,e1)|})" using subtree_if_child[of t1 "{|(t1,e1)|}"] by simp
+ then have 0: "max_deg t1 \<le> 1" using assms(2) mdeg_ge_sub[OF 0] by simp
+ have "v \<in> dverts (Node r {|(t1,e1)|})" using dverts_reach1_in_dverts_r assms(1,5-7) by blast
+ then have "v \<in> dverts t1" using assms(4) by simp
+ then show ?thesis using rank_ge_if_mdeg_le1_dvert_nocontr 0 assms(3) by blast
+qed
+
+lemma subtree_rank_ge_if_mdeg_le1':
+ "\<lbrakk>is_subtree (Node r {|(t1,e1)|}) t; max_deg (Node r {|(t1,e1)|}) \<le> 1; v \<noteq> r;
+ v \<in> dverts t; y \<in> set v; \<exists>x\<in>set r. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y; \<not>(\<exists>x'\<in>set (Dtree.root t1). x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y)\<rbrakk>
+ \<Longrightarrow> rank (rev (Dtree.root t1)) \<le> rank (rev v)"
+ using subtree_y_reach_if_mdeg_le1_notroot_subcontr subtree_rank_ge_if_mdeg_le1_nocontr
+ apply(cases "\<exists>v2 t2 e2. is_subtree (Node v2 {|(t2,e2)|}) t1 \<and> rank (rev (Dtree.root t2))<rank (rev v2)")
+ by blast+
+
+lemma subtree_rank_ge_if_mdeg_le1:
+ "\<lbrakk>is_subtree (Node r {|(t1,e1)|}) t; max_deg (Node r {|(t1,e1)|}) \<le> 1; v \<noteq> r;
+ v \<in> dverts t; \<exists>y \<in> set v. \<not>(\<exists>x'\<in>set (Dtree.root t1). x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> (\<exists>x\<in>set r. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y)\<rbrakk>
+ \<Longrightarrow> rank (rev (Dtree.root t1)) \<le> rank (rev v)"
+ using subtree_y_reach_if_mdeg_le1_notroot_subcontr subtree_rank_ge_if_mdeg_le1_nocontr
+ apply(cases "\<exists>v2 t2 e2. is_subtree (Node v2 {|(t2,e2)|}) t1 \<and> rank (rev (Dtree.root t2))<rank (rev v2)")
+ by blast+
+
+lemma subtree_rank_ge_if_reach:
+ "\<lbrakk>is_subtree (Node r {|(t1,e1)|}) t; v \<noteq> r; v \<in> dverts t;
+ \<exists>y \<in> set v. \<not>(\<exists>x'\<in>set (Dtree.root t1). x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> (\<exists>x\<in>set r. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y)\<rbrakk>
+ \<Longrightarrow> rank (rev (Dtree.root t1)) \<le> rank (rev v)"
+ using subtree_rank_ge_if_mdeg_le1 subtree_rank_ge_if_mdeg_gt1_reach
+ by (cases "max_deg (Node r {|(t1,e1)|}) \<le> 1") (auto simp del: max_deg.simps)
+
+lemma subtree_rank_ge_if_reach':
+ "is_subtree (Node r {|(t1,e1)|}) t \<Longrightarrow> \<forall>v \<in> dverts t.
+ (\<exists>y\<in>set v. \<not> (\<exists>x'\<in>set (Dtree.root t1). x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> (\<exists>x\<in>set r. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> v \<noteq> r)
+ \<longrightarrow> rank (rev (Dtree.root t1)) \<le> rank (rev v)"
+ using subtree_rank_ge_if_reach by blast
+
+subsubsection \<open>Normalizing preserves Arc Invariants\<close>
+
+lemma normalize1_mdeg_le: "max_deg (normalize1 t1) \<le> max_deg t1"
+proof(induction t1 rule: normalize1.induct)
+ case (1 r t e)
+ then show ?case
+ proof(cases "rank (rev (Dtree.root t)) < rank (rev r)")
+ case True
+ then show ?thesis using mdeg_child_sucs_le by fastforce
+ next
+ case False
+ then have "max_deg (normalize1 (Node r {|(t, e)|}))
+ = max (max_deg (normalize1 t)) (fcard {|(normalize1 t, e)|})"
+ using mdeg_singleton by force
+ then show ?thesis using mdeg_singleton[of r t] 1 False by (simp add: fcard_single_1)
+ qed
+next
+ case (2 xs r)
+ then have 0: "\<forall>(t,e) \<in> fset xs. max_deg (normalize1 t) \<le> max_deg t" by fastforce
+ have "max_deg (normalize1 (Node r xs)) = max_deg (Node r ((\<lambda>(t,e). (normalize1 t,e)) |`| xs))"
+ using "2.hyps" by simp
+ then show ?case using mdeg_img_le'[OF 0] by simp
+qed
+
+lemma normalize1_mdeg_eq:
+ "wf_darcs t1
+ \<Longrightarrow> max_deg (normalize1 t1) = max_deg t1 \<or> (max_deg (normalize1 t1) = 0 \<and> max_deg t1 = 1)"
+proof(induction t1 rule: normalize1.induct)
+ case ind: (1 r t e)
+ then have 0: "max_deg (Node r {|(t, e)|}) \<ge> 1"
+ using mdeg_ge_fcard[of "{|(t, e)|}"] by (simp add: fcard_single_1)
+ then consider "rank (rev (Dtree.root t)) < rank (rev r)"
+ | "\<not>rank (rev (Dtree.root t)) < rank (rev r)" "max_deg (normalize1 t) \<le> 1"
+ | "\<not>rank (rev (Dtree.root t)) < rank (rev r)" "max_deg (normalize1 t) > 1" by linarith
+ then show ?case
+ proof(cases)
+ case 1
+ then show ?thesis
+ using mdeg_singleton mdeg_root fcard_single_1
+ by (metis max_def nle_le dtree.exhaust_sel leI less_one normalize1.simps(1))
+ next
+ case 2
+ then have "max_deg (normalize1 (Node r {|(t, e)|})) = 1"
+ using mdeg_singleton[of r "normalize1 t"] by (auto simp: fcard_single_1)
+ moreover have "max_deg (Node r {|(t, e)|}) = 1 "
+ using mdeg_singleton[of r t] ind 2
+ by (auto simp: fcard_single_1 wf_darcs_iff_darcs')
+ ultimately show ?thesis by simp
+ next
+ case 3
+ then show ?thesis
+ using mdeg_singleton[of r t] mdeg_singleton[of r "normalize1 t"] ind
+ by (auto simp: fcard_single_1)
+ qed
+next
+ case ind: (2 xs r)
+ then consider "max_deg (Node r xs) \<le> 1"
+ | "max_deg (Node r xs) > 1" "max_deg (Node r xs) = fcard xs"
+ | "max_deg (Node r xs) > 1" "fcard xs < max_deg (Node r xs)"
+ using mdeg_ge_fcard[of xs] by fastforce
+ then show ?case
+ proof(cases)
+ case 1
+ then show ?thesis using normalize1_mdeg_le[of "Node r xs"] by fastforce
+ next
+ case 2
+ then have "max_deg (Node r xs) \<le> max_deg (normalize1 (Node r xs))"
+ using mdeg_ge_fcard[of "(\<lambda>(t, e). (normalize1 t, e)) |`| xs"] ind
+ by (simp add: fcard_normalize_img_if_disjoint wf_darcs_iff_darcs')
+ then show ?thesis using normalize1_mdeg_le[of "Node r xs"] by simp
+ next
+ case 3
+ then obtain t e where t_def: "(t,e) \<in> fset xs" "max_deg (Node r xs) = max_deg t"
+ using mdeg_child_if_gt_fcard by fastforce
+ have "max_deg (normalize1 t) \<le> max_deg (Node r ((\<lambda>(t,e). (normalize1 t,e)) |`| xs))"
+ using mdeg_ge_child[of "normalize1 t" e "(\<lambda>(t,e). (normalize1 t,e)) |`| xs" r] t_def(1)
+ by fastforce
+ then have "max_deg (Node r xs) \<le> max_deg (normalize1 (Node r xs))"
+ using ind.hyps ind.IH[OF t_def(1) refl] ind.prems 3(1) t_def
+ by (fastforce simp: wf_darcs_iff_darcs')
+ then show ?thesis using normalize1_mdeg_le[of "Node r xs"] by simp
+ qed
+qed
+
+lemma normalize1_mdeg_eq':
+ "wf_dlverts t1
+ \<Longrightarrow> max_deg (normalize1 t1) = max_deg t1 \<or> (max_deg (normalize1 t1) = 0 \<and> max_deg t1 = 1)"
+proof(induction t1 rule: normalize1.induct)
+ case ind: (1 r t e)
+ then have 0: "max_deg (Node r {|(t, e)|}) \<ge> 1"
+ using mdeg_ge_fcard[of "{|(t, e)|}"] by (simp add: fcard_single_1)
+ then consider "rank (rev (Dtree.root t)) < rank (rev r)"
+ | "\<not>rank (rev (Dtree.root t)) < rank (rev r)" "max_deg (normalize1 t) \<le> 1"
+ | "\<not>rank (rev (Dtree.root t)) < rank (rev r)" "max_deg (normalize1 t) > 1" by linarith
+ then show ?case
+ proof(cases)
+ case 1
+ then show ?thesis
+ using mdeg_singleton[of r t] mdeg_root[of "Dtree.root t" "sucs t"]
+ by (auto simp: fcard_single_1 simp del: max_deg.simps)
+ next
+ case 2
+ then have "max_deg (normalize1 (Node r {|(t, e)|})) = 1"
+ using mdeg_singleton[of r "normalize1 t"] by (auto simp: fcard_single_1)
+ moreover have "max_deg (Node r {|(t, e)|}) = 1 "
+ using mdeg_singleton[of r t] ind 2 by (auto simp: fcard_single_1)
+ ultimately show ?thesis by simp
+ next
+ case 3
+ then show ?thesis
+ using mdeg_singleton[of r t] mdeg_singleton[of r "normalize1 t"] ind
+ by (auto simp: fcard_single_1)
+ qed
+next
+ case ind: (2 xs r)
+ consider "max_deg (Node r xs) \<le> 1"
+ | "max_deg (Node r xs) > 1" "max_deg (Node r xs) = fcard xs"
+ | "max_deg (Node r xs) > 1" "fcard xs < max_deg (Node r xs)"
+ using mdeg_ge_fcard[of xs] by fastforce
+ then show ?case
+ proof(cases)
+ case 1
+ then show ?thesis using normalize1_mdeg_le[of "Node r xs"] by (auto simp del: max_deg.simps)
+ next
+ case 2
+ have 0: "\<forall>(t, e)\<in>fset xs. dlverts t \<noteq> {}" using dlverts_nempty_if_wf ind.prems by auto
+ then have "max_deg (Node r xs) \<le> max_deg (normalize1 (Node r xs))"
+ using mdeg_ge_fcard[of "(\<lambda>(t, e). (normalize1 t, e)) |`| xs"] ind 2
+ by (simp add: fcard_normalize_img_if_disjoint_lverts)
+ then show ?thesis using normalize1_mdeg_le[of "Node r xs"] by simp
+ next
+ case 3
+ then obtain t e where t_def: "(t,e) \<in> fset xs" "max_deg (Node r xs) = max_deg t"
+ using mdeg_child_if_gt_fcard by fastforce
+ have "max_deg (normalize1 t) \<le> max_deg (Node r ((\<lambda>(t,e). (normalize1 t,e)) |`| xs))"
+ using mdeg_ge_child[of "normalize1 t" e "(\<lambda>(t,e). (normalize1 t,e)) |`| xs"] t_def(1)
+ by (force simp del: max_deg.simps)
+ then have "max_deg (Node r xs) \<le> max_deg (normalize1 (Node r xs))"
+ using ind 3(1) t_def by (fastforce simp del: max_deg.simps)
+ then show ?thesis using normalize1_mdeg_le[of "Node r xs"] by simp
+ qed
+qed
+
+lemma normalize1_dom_mdeg_gt1:
+ "\<lbrakk>is_subtree (Node r xs) (normalize1 t); t1 \<in> fst ` fset xs; max_deg (Node r xs) > 1\<rbrakk>
+ \<Longrightarrow> \<exists>v \<in> set r. v \<rightarrow>\<^bsub>T\<^esub> hd (Dtree.root t1)"
+using ranked_dtree_with_orig_axioms proof(induction t rule: normalize1.induct)
+ case (1 r1 t e)
+ then interpret R: ranked_dtree_with_orig "Node r1 {|(t,e)|}" by blast
+ have sub_t: "is_subtree t (Node r1 {|(t,e)|})" using subtree_if_child[of t "{|(t,e)|}"] by simp
+ show ?case
+ proof(cases "Node r xs = normalize1 (Node r1 {|(t,e)|})")
+ case eq: True
+ then have 0: "max_deg (Node r1 {|(t,e)|}) > 1"
+ by (metis normalize1_mdeg_le "1.prems"(3) less_le_trans)
+ then have max_t: "max_deg t > 1" by (metis dtree.exhaust_sel mdeg_child_sucs_eq_if_gt1)
+ then show ?thesis
+ proof(cases "rank (rev (Dtree.root t)) < rank (rev r1)")
+ case True
+ then have eq: "Node r xs = Node (r1@Dtree.root t) (sucs t)" using eq by simp
+ then have "t1 \<in> fst ` fset (sucs t)" using "1.prems"(2) by simp
+ then obtain v where "v \<in> set (Dtree.root t)" "v \<rightarrow>\<^bsub>T\<^esub> hd (Dtree.root t1)"
+ using R.dom_mdeg_gt1[of "Dtree.root t" "sucs t"] sub_t max_t by auto
+ then show ?thesis using eq by auto
+ next
+ case False
+ obtain v where v_def: "v \<in> set r1" "v \<rightarrow>\<^bsub>T\<^esub> hd (Dtree.root t)"
+ using max_t R.dom_mdeg_gt1[of r1 "{|(t, e)|}"] 0 by auto
+ interpret T: ranked_dtree_with_orig t using R.ranked_dtree_orig_rec by simp
+ have eq: "Node r xs = Node r1 {|(normalize1 t, e)|}" using False eq by simp
+ then have "t1 = normalize1 t" using "1.prems"(2) by simp
+ moreover have "Dtree.root t \<noteq> []"
+ using empty_notin_wf_dlverts[OF T.wf_lverts] dtree.set_sel(1)[of t] by auto
+ ultimately have "hd (Dtree.root t1) = hd (Dtree.root t)" using normalize1_hd_root_eq by blast
+ then show ?thesis using v_def eq by auto
+ qed
+ next
+ case uneq: False
+ show ?thesis
+ proof(cases "rank (rev (Dtree.root t)) < rank (rev r1)")
+ case True
+ then have "normalize1 (Node r1 {|(t,e)|}) = Node (r1@Dtree.root t) (sucs t)" by simp
+ then obtain t2 where t2_def: "t2 \<in> fst ` fset (sucs t)" "is_subtree (Node r xs) t2"
+ using uneq "1.prems"(1) by fastforce
+ then have "is_subtree t2 t" using subtree_if_suc by blast
+ then have "is_subtree (Node r xs) (Node r1 {|(t,e)|})"
+ using subtree_trans subtree_if_suc t2_def(2) by auto
+ then show ?thesis using R.dom_mdeg_gt1 "1.prems" by blast
+ next
+ case False
+ then have "normalize1 (Node r1 {|(t,e)|}) = Node r1 {|(normalize1 t, e)|}" by simp
+ then have "is_subtree (Node r xs) (normalize1 t)" using uneq "1.prems"(1) by auto
+ then show ?thesis using "1.IH" False "1.prems"(2,3) R.ranked_dtree_orig_rec by simp
+ qed
+ qed
+next
+ case (2 xs1 r1)
+ then interpret R: ranked_dtree_with_orig "Node r1 xs1" by blast
+ show ?case
+ proof(cases "Node r xs = normalize1 (Node r1 xs1)")
+ case True
+ then have 0: "max_deg (Node r1 xs1) > 1"
+ using normalize1_mdeg_le "2.prems"(3) less_le_trans by (fastforce simp del: max_deg.simps)
+ then obtain t where t_def: "t \<in> fst ` fset xs1" "normalize1 t = t1"
+ using "2.prems"(2) "2.hyps" True by fastforce
+ then have sub_t: "is_subtree t (Node r1 xs1)" using subtree_if_child by fast
+ then obtain v where v_def: "v \<in> set r1" "v \<rightarrow>\<^bsub>T\<^esub> hd (Dtree.root t)"
+ using R.dom_mdeg_gt1[of r1] t_def(1) 0 by auto
+ interpret T: ranked_dtree_with_orig t using R.ranked_dtree_orig_rec t_def(1) by force
+ have "Dtree.root t \<noteq> []"
+ using empty_notin_wf_dlverts[OF T.wf_lverts] dtree.set_sel(1)[of t] by auto
+ then have "hd (Dtree.root t1) = hd (Dtree.root t)" using normalize1_hd_root_eq t_def(2) by blast
+ then show ?thesis using v_def "2.hyps" True by auto
+ next
+ case False
+ then show ?thesis using 2 R.ranked_dtree_orig_rec by auto
+ qed
+qed
+
+lemma child_contr_if_new_contr:
+ assumes "\<not>rank (rev (Dtree.root t1)) < rank (rev r)"
+ and "rank (rev (Dtree.root (normalize1 t1))) < rank (rev r)"
+ shows "\<exists>t2 e2. sucs t1 = {|(t2,e2)|} \<and> rank (rev (Dtree.root t2)) < rank (rev (Dtree.root t1))"
+proof -
+ obtain t2 e2 where t2_def: "sucs t1 = {|(t2,e2)|}"
+ using root_normalize1_eq2[of "sucs t1" "Dtree.root t1"] assms by fastforce
+ then show ?thesis
+ using root_normalize1_eq1[of t2 "Dtree.root t1" e2] assms dtree.collapse[of t1] by fastforce
+qed
+
+lemma sub_contr_if_new_contr:
+ assumes "\<not>rank (rev (Dtree.root t1)) < rank (rev r)"
+ and "rank (rev (Dtree.root (normalize1 t1))) < rank (rev r)"
+ shows "\<exists>v t2 e2. is_subtree (Node v {|(t2,e2)|}) t1 \<and> rank (rev (Dtree.root t2)) < rank (rev v)"
+proof -
+ obtain t2 e2 where t2_def: "sucs t1 = {|(t2,e2)|}" "rank (rev (Dtree.root t2)) < rank (rev (Dtree.root t1))"
+ using child_contr_if_new_contr[OF assms] by blast
+ then have "is_subtree (Node (Dtree.root t1) {|(t2,e2)|}) t1"
+ using is_subtree.simps[of "Node (Dtree.root t1) {|(t2,e2)|}" "Dtree.root t1" "sucs t1"] by fastforce
+ then show ?thesis using t2_def(2) by blast
+qed
+
+lemma normalize1_subtree_same_hd:
+ "\<lbrakk>is_subtree (Node v {|(t1,e1)|}) (normalize1 t)\<rbrakk>
+ \<Longrightarrow> \<exists>t3 e3. (is_subtree (Node v {|(t3,e3)|}) t \<and> hd (Dtree.root t1) = hd (Dtree.root t3))
+ \<or> (\<exists>v2. v = v2 @ Dtree.root t3 \<and> sucs t3 = {|(t1,e1)|}
+ \<and> is_subtree (Node v2 {|(t3,e3)|}) t \<and> rank (rev (Dtree.root t3)) < rank (rev v2))"
+using wf_lverts wf_arcs proof(induction t rule: normalize1.induct)
+ case (1 r t e)
+ show ?case
+ proof(cases "Node v {|(t1,e1)|} = normalize1 (Node r {|(t,e)|})")
+ case eq: True
+ then show ?thesis
+ proof(cases "rank (rev (Dtree.root t)) < rank (rev r)")
+ case True
+ then show ?thesis using 1 eq by auto
+ next
+ case False
+ then have eq: "Node v {|(t1,e1)|} = Node r {|(normalize1 t,e)|}" using eq by simp
+ then show ?thesis using normalize1_hd_root_eq' "1.prems"(2) by auto
+ qed
+ next
+ case uneq: False
+ then show ?thesis
+ proof(cases "rank (rev (Dtree.root t)) < rank (rev r)")
+ case True
+ then obtain t2 e2 where "(t2,e2) \<in> fset (sucs t)" "is_subtree (Node v {|(t1,e1)|}) t2"
+ using "1.prems"(1) uneq by auto
+ then show ?thesis using is_subtree.simps[of "Node v {|(t1,e1)|}" "Dtree.root t" "sucs t"] by auto
+ next
+ case False
+ then have "is_subtree (Node v {|(t1,e1)|}) (normalize1 t)" using "1.prems"(1) uneq by auto
+ then show ?thesis
+ using "1.IH" "1.prems"(2,3) False by (auto simp: wf_darcs_iff_darcs')
+ qed
+ qed
+next
+ case (2 xs r)
+ then have "\<forall>x. ((\<lambda>(t,e). (normalize1 t,e)) |`| xs) \<noteq> {|x|}"
+ using singleton_normalize1 by (simp add: wf_darcs_iff_darcs')
+ then have "Node v {|(t1,e1)|} \<noteq> Node r ((\<lambda>(t,e). (normalize1 t,e)) |`| xs)" by auto
+ then obtain t2 e2 where "(t2,e2) \<in> fset xs \<and> is_subtree (Node v {|(t1,e1)|}) (normalize1 t2)"
+ using "2.prems"(1) "2.hyps" by auto
+ then show ?case using "2.IH" "2.prems"(2,3) by (fastforce simp: wf_darcs_iff_darcs')
+qed
+
+lemma normalize1_dom_sub_contr:
+ "\<lbrakk>is_subtree (Node r xs) (normalize1 t); t1 \<in> fst ` fset xs;
+ \<exists>v t2 e2. is_subtree (Node v {|(t2,e2)|}) (Node r xs) \<and> rank (rev (Dtree.root t2)) < rank (rev v)\<rbrakk>
+ \<Longrightarrow> \<exists>v \<in> set r. v \<rightarrow>\<^bsub>T\<^esub> hd (Dtree.root t1)"
+using ranked_dtree_with_orig_axioms proof(induction t rule: normalize1.induct)
+ case (1 r1 t e)
+ then interpret R: ranked_dtree_with_orig "Node r1 {|(t,e)|}" by blast
+ interpret T: ranked_dtree_with_orig t using R.ranked_dtree_orig_rec by simp
+ have sub_t: "is_subtree (Node (Dtree.root t) (sucs t)) (Node r1 {|(t,e)|})"
+ using subtree_if_child[of t "{|(t,e)|}"] by simp
+ obtain v t2 e2 where v_def:
+ "is_subtree (Node v {|(t2,e2)|}) (Node r xs)" "rank (rev (Dtree.root t2)) < rank (rev v)"
+ using "1.prems"(3) by blast
+ show ?case
+ proof(cases "Node r xs = normalize1 (Node r1 {|(t,e)|})")
+ case eq: True
+ then show ?thesis
+ proof(cases "rank (rev (Dtree.root t)) < rank (rev r1)")
+ case True
+ then have eq: "Node r xs = Node (r1@Dtree.root t) (sucs t)" using eq by simp
+ then consider "Node r xs = Node v {|(t2,e2)|}" "max_deg (Node r xs) \<le> 1"
+ | "Node r xs \<noteq> Node v {|(t2,e2)|}" | "max_deg (Node r xs) > 1"
+ by linarith
+ then show ?thesis
+ proof(cases)
+ case 1
+ then have "max_deg (Node (r1@Dtree.root t) (sucs t)) \<le> 1" using eq by blast
+ then have "max_deg t \<le> 1" using mdeg_root[of "Dtree.root t" "sucs t"] by simp
+ then have "max_deg (Node r1 {|(t,e)|}) = 1"
+ using mdeg_singleton[of r1 t] by (simp add: fcard_single_1)
+ then have dom: "dom_children (Node r1 {|(t, e)|}) T" using R.dom_contr True by auto
+ have 0: "t1 \<in> fst ` fset (sucs t)" using eq "1.prems"(2) by blast
+ then have "Dtree.root t1 \<in> dverts t"
+ using dtree.set_sel(1) T.dverts_child_subset dtree.exhaust_sel psubsetD by metis
+ then obtain r2 where r2_def:
+ "r2 \<in> set r1 \<union> path_lverts t (hd (Dtree.root t1))" "r2 \<rightarrow>\<^bsub>T\<^esub> (hd (Dtree.root t1))"
+ using dom unfolding dom_children_def by auto
+ have "Dtree.root t1 \<noteq> []"
+ using empty_notin_wf_dlverts T.wf_lverts 0 T.dverts_child_subset
+ by (metis dtree.exhaust_sel dtree.set_sel(1) psubsetD)
+ then have "r2 \<in> set r1 \<union> set (Dtree.root t)"
+ using path_lverts_subset_root_if_childhd[OF 0] r2_def(1) by fast
+ then show ?thesis using r2_def(2) eq by auto
+ next
+ case 2
+ then obtain t3 e3 where t3_def:
+ "(t3,e3) \<in> fset (sucs t)" "is_subtree (Node v {|(t2,e2)|}) t3"
+ using eq v_def(1) by auto
+ have "is_subtree t3 t" using t3_def(1) subtree_if_suc by fastforce
+ then have "is_subtree (Node v {|(t2,e2)|}) (Node (Dtree.root t) (sucs t))"
+ using t3_def(2) subtree_trans by auto
+ moreover have "t1 \<in> fst ` fset (sucs t)" using eq "1.prems"(2) by blast
+ ultimately obtain v where v_def: "v \<in> set (Dtree.root t) \<and> v \<rightarrow>\<^bsub>T\<^esub> hd (Dtree.root t1)"
+ using R.dom_sub_contr[OF sub_t] v_def(2) eq by blast
+ then show ?thesis using eq by auto
+ next
+ case 3
+ then show ?thesis using R.normalize1_dom_mdeg_gt1 "1.prems"(1,2) by blast
+ qed
+ next
+ case False
+ then have eq: "Node r xs = Node r1 {|(normalize1 t, e)|}" using eq by simp
+ have hd: "hd (Dtree.root (normalize1 t)) = hd (Dtree.root t)"
+ using normalize1_hd_root_eq' T.wf_lverts by blast
+ have "\<exists>v t2 e2. is_subtree (Node v {|(t2,e2)|}) t \<and> rank (rev (Dtree.root t2)) < rank (rev v)"
+ using contr_before_normalize1 eq v_def sub_contr_if_new_contr False by auto
+ then show ?thesis using R.dom_sub_contr[of r1 "{|(t,e)|}"] eq "1.prems"(2) hd by auto
+ qed
+ next
+ case uneq: False
+ show ?thesis
+ proof(cases "rank (rev (Dtree.root t)) < rank (rev r1)")
+ case True
+ then have "normalize1 (Node r1 {|(t,e)|}) = Node (r1@Dtree.root t) (sucs t)" by simp
+ then obtain t2 where t2_def: "t2 \<in> fst ` fset (sucs t)" "is_subtree (Node r xs) t2"
+ using uneq "1.prems"(1) by fastforce
+ then have "is_subtree t2 t" using subtree_if_suc by blast
+ then have "is_subtree (Node r xs) (Node r1 {|(t,e)|})"
+ using subtree_trans subtree_if_child t2_def(2) by auto
+ then show ?thesis using R.dom_sub_contr "1.prems"(2,3) by fast
+ next
+ case False
+ then have "normalize1 (Node r1 {|(t,e)|}) = Node r1 {|(normalize1 t, e)|}" by simp
+ then have "is_subtree (Node r xs) (normalize1 t)" using uneq "1.prems"(1) by auto
+ then show ?thesis using "1.IH" False "1.prems"(2,3) R.ranked_dtree_orig_rec by simp
+ qed
+ qed
+next
+ case (2 xs1 r1)
+ then interpret R: ranked_dtree_with_orig "Node r1 xs1" by blast
+ show ?case
+ proof(cases "Node r xs = normalize1 (Node r1 xs1)")
+ case True
+ then have eq: "Node r xs = Node r1 ((\<lambda>(t,e). (normalize1 t,e)) |`| xs1)" using "2.hyps" by simp
+ obtain v t2 e2 where v_def:
+ "is_subtree (Node v {|(t2,e2)|}) (Node r xs)" "rank (rev (Dtree.root t2)) < rank (rev v)"
+ using "2.prems"(3) by blast
+ obtain t where t_def: "t \<in> fst ` fset xs1" "normalize1 t = t1" using "2.prems"(2) eq by force
+ then interpret T: ranked_dtree_with_orig t using R.ranked_dtree_orig_rec by force
+ have "\<exists>v t2 e2. is_subtree (Node v {|(t2,e2)|}) (Node r1 xs1)
+ \<and> rank (rev (Dtree.root t2)) < rank (rev v)"
+ using True contr_before_normalize1 v_def by presburger
+ moreover have "hd (Dtree.root t1) = hd (Dtree.root t)"
+ using normalize1_hd_root_eq' T.wf_lverts t_def(2) by blast
+ ultimately show ?thesis using R.dom_sub_contr[of r1 xs1] t_def(1) eq by auto
+ next
+ case False
+ then obtain t e where "(t,e) \<in> fset xs1 \<and> is_subtree (Node r xs) (normalize1 t)"
+ using "2.prems"(1) "2.hyps" by auto
+ then show ?thesis using "2.IH" "2.prems"(2,3) R.ranked_dtree_orig_rec by fast
+ qed
+qed
+
+lemma dom_children_combine_aux:
+ assumes "dom_children (Node r {|(t1, e1)|}) T"
+ and "t2 \<in> fst ` fset (sucs t1)"
+ and "x \<in> dverts t2"
+ shows "\<exists>v \<in> set (r @ Dtree.root t1) \<union> path_lverts t2 (hd x). v \<rightarrow>\<^bsub>T\<^esub> (hd x)"
+ using path_lverts_child_union_root_sub[OF assms(2)] assms dtree.set_sel(2)
+ unfolding dom_children_def by fastforce
+
+lemma dom_children_combine:
+ "dom_children (Node r {|(t1, e1)|}) T \<Longrightarrow> dom_children (Node (r@Dtree.root t1) (sucs t1)) T"
+ using dom_children_combine_aux by (simp add: dom_children_def)
+
+lemma path_lverts_normalize1_sub:
+ "\<lbrakk>wf_dlverts t1; x \<in> dverts (normalize1 t1); max_deg (normalize1 t1) \<le> 1\<rbrakk>
+ \<Longrightarrow> path_lverts t1 (hd x) \<subseteq> path_lverts (normalize1 t1) (hd x)"
+proof(induction t1 rule: normalize1.induct)
+ case (1 r t e)
+ then show ?case
+ proof(cases "rank (rev (Dtree.root t)) < rank (rev r)")
+ case True
+ then have eq: "normalize1 (Node r {|(t, e)|}) = Node (r@Dtree.root t) (sucs t)" by simp
+ then show ?thesis
+ proof(cases "x = r@Dtree.root t")
+ case True
+ then show ?thesis using 1 by auto
+ next
+ case False
+ then obtain t1 e1 where t1_def: "(t1,e1) \<in> fset (sucs t)" "x \<in> dverts t1"
+ using "1.prems"(2) eq by auto
+ then have 0: "hd x \<in> dlverts t1"
+ using hd_in_lverts_if_wf "1.prems"(1) wf_dlverts_sucs by force
+ then have "hd x \<in> dlverts t" using t1_def(1) suc_in_dlverts by fast
+ then have 2: "hd x \<notin> set r" using "1.prems"(1) by auto
+ have "wf_dlverts t" using "1.prems"(1) by simp
+ then have "hd x \<notin> set (Dtree.root t)" using 0 t1_def(1) wf_dlverts.simps[of "Dtree.root t"] by fastforce
+ then have hd_nin: "hd x \<notin> set (r @ Dtree.root t)" using 2 by auto
+ then obtain t2 e2 where "sucs t = {|(t2,e2)|}"
+ using "1.prems"(3) \<open>hd x \<in> dlverts t\<close> \<open>hd x \<notin> set (Dtree.root t)\<close> mdeg_root eq
+ by (metis dtree.collapse denormalize.simps(2) denormalize_set_eq_dlverts surj_pair)
+ then show ?thesis using eq hd_nin path_lverts_simps1_sucs by fastforce
+ qed
+ next
+ case uneq: False
+ then have "normalize1 (Node r {|(t, e)|}) = Node r {|(normalize1 t, e)|}" by simp
+ then have "max_deg (normalize1 t) \<le> 1"
+ using "1.prems"(3) mdeg_singleton[of r "normalize1 t"] fcard_single_1 max_def by auto
+ then show ?thesis using uneq 1 by auto
+ qed
+next
+ case (2 xs r)
+ then have "max_deg (normalize1 (Node r xs)) = max_deg (Node r xs) \<or> max_deg (Node r xs) = 1"
+ using normalize1_mdeg_eq' by blast
+ then have "max_deg (Node r xs) \<le> 1" using "2.prems"(3) by (auto simp del: max_deg.simps)
+ then have "fcard xs = 0"
+ using mdeg_ge_fcard[of xs r] fcard_single_1_iff[of xs] "2.hyps" by fastforce
+ then show ?case using 2 by simp
+qed
+
+lemma dom_children_normalize1_aux_1:
+ assumes "dom_children (Node r {|(t1, e1)|}) T"
+ and "sucs t1 = {|(t2,e2)|}"
+ and "wf_dlverts t1"
+ and "normalize1 t1 = Node (Dtree.root t1 @ Dtree.root t2) (sucs t2)"
+ and "max_deg t1 = 1"
+ and "x \<in> dverts (normalize1 t1)"
+ shows "\<exists>v \<in> set r \<union> path_lverts (normalize1 t1) (hd x). v \<rightarrow>\<^bsub>T\<^esub> (hd x)"
+proof(cases "x = Dtree.root t1 @ Dtree.root t2")
+ case True
+ then have 0: "hd x = hd (Dtree.root t1)" using assms(3,4) normalize1_hd_root_eq' by fastforce
+ then obtain v where v_def: "v \<in> set r \<union> path_lverts t1 (hd x)" "v \<rightarrow>\<^bsub>T\<^esub> (hd x)"
+ using assms(1) dtree.set_sel(1) unfolding dom_children_def by auto
+ have "Dtree.root t1 \<noteq> []" using assms(3) wf_dlverts.simps[of "Dtree.root t1" "sucs t1"] by simp
+ then show ?thesis using v_def 0 path_lverts_empty_if_roothd by auto
+next
+ case False
+ then obtain t3 e3 where t3_def: "(t3,e3) \<in> fset (sucs t2)" "x \<in> dverts t3"
+ using assms(2,4,6) by auto
+ then have "x \<in> dverts t2" using dtree.set(1)[of "Dtree.root t2" "sucs t2"] by fastforce
+ then have "x \<in> dverts (Node (Dtree.root t1) {|(t2,e2)|})" by auto
+ then have "x \<in> dverts t1" using assms(2) dtree.exhaust_sel by metis
+ then obtain v where v_def: "v \<in> set r \<union> path_lverts t1 (hd x)" "v \<rightarrow>\<^bsub>T\<^esub> (hd x)"
+ using assms(1) dtree.set_sel(1) unfolding dom_children_def by auto
+ have "path_lverts t1 (hd x) \<subseteq> path_lverts (Node (Dtree.root t1 @ Dtree.root t2) (sucs t2)) (hd x)"
+ using assms(3-6) normalize1_mdeg_le path_lverts_normalize1_sub by metis
+ then show ?thesis using v_def assms(4) by auto
+qed
+
+lemma dom_children_normalize1_1:
+ "\<lbrakk>dom_children (Node r {|(t1, e1)|}) T; sucs t1 = {|(t2,e2)|}; wf_dlverts t1;
+ normalize1 t1 = Node (Dtree.root t1 @ Dtree.root t2) (sucs t2); max_deg t1 = 1\<rbrakk>
+ \<Longrightarrow> dom_children (Node r {|(normalize1 t1, e1)|}) T"
+ using dom_children_normalize1_aux_1 by (simp add: dom_children_def)
+
+lemma dom_children_normalize1_aux:
+ assumes "\<forall>x\<in>dverts t1. \<exists>v \<in> set r0 \<union> path_lverts t1 (hd x). v \<rightarrow>\<^bsub>T\<^esub> hd x"
+ and "wf_dlverts t1"
+ and "max_deg t1 \<le> 1"
+ and "x \<in> dverts (normalize1 t1)"
+ shows "\<exists>v \<in> set r0 \<union> path_lverts (normalize1 t1) (hd x). v \<rightarrow>\<^bsub>T\<^esub> (hd x)"
+using assms proof(induction t1 arbitrary: r0 rule: normalize1.induct)
+ case (1 r t e)
+ have deg1: "max_deg (Node r {|(t, e)|}) = 1"
+ using "1.prems"(3) mdeg_ge_fcard[of "{|(t, e)|}"] by (simp add: fcard_single_1)
+ then show ?case
+ proof(cases "rank (rev (Dtree.root t)) < rank (rev r)")
+ case True
+ have 0: "dom_children (Node r0 {|(Node r {|(t, e)|}, e)|}) T"
+ using "1.prems"(1) unfolding dom_children_def by simp
+ show ?thesis using dom_children_normalize1_aux_1[OF 0] "1.prems"(1,2,4) deg1 True by auto
+ next
+ case ncontr: False
+ show ?thesis
+ proof(cases "x = r")
+ case True
+ then show ?thesis using "1.prems"(1,2) by auto
+ next
+ case False
+ have "wf_dlverts (normalize1 t)" using "1.prems"(2) wf_dlverts_normalize1 by auto
+ then have "hd x \<in> dlverts (normalize1 t)"
+ using hd_in_lverts_if_wf False ncontr "1.prems"(1,4) by fastforce
+ then have hd: "hd x \<notin> set r" using "1.prems"(2) ncontr wf_dlverts_normalize1 by fastforce
+ then have eq: "path_lverts (Node r {|(t, e)|}) (hd x) = set r \<union> path_lverts t (hd x)" by simp
+ then have eq1: "path_lverts (Node r {|(normalize1 t, e)|}) (hd x)
+ = set r \<union> path_lverts (normalize1 t) (hd x)" by auto
+ have "\<forall>x\<in>dverts t. path_lverts (Node r {|(t, e)|}) (hd x) \<subseteq> set r \<union> path_lverts t (hd x)"
+ using path_lverts_child_union_root_sub by simp
+ then have 2: "\<forall>x\<in>dverts t. \<exists>v\<in>set (r0@r) \<union> path_lverts t (hd x). v \<rightarrow>\<^bsub>T\<^esub> hd x"
+ using "1.prems"(1) by fastforce
+ have "max_deg t \<le> 1" using "1.prems"(3) mdeg_ge_child[of t e "{|(t, e)|}"] by simp
+ then show ?thesis using "1.IH"[OF ncontr 2] "1.prems"(2,4) ncontr hd by auto
+ qed
+ qed
+next
+ case (2 xs r)
+ then have "fcard xs \<le> 1" using mdeg_ge_fcard[of xs] by simp
+ then have "fcard xs = 0" using "2.hyps" fcard_single_1_iff[of xs] by fastforce
+ then show ?case using 2 by auto
+qed
+
+lemma dom_children_normalize1:
+ "\<lbrakk>dom_children (Node r0 {|(t1,e1)|}) T; wf_dlverts t1; max_deg t1 \<le> 1\<rbrakk>
+ \<Longrightarrow> dom_children (Node r0 {|(normalize1 t1,e1)|}) T"
+ using dom_children_normalize1_aux by (simp add: dom_children_def)
+
+lemma dom_children_child_self_aux:
+ assumes "dom_children t1 T"
+ and "sucs t1 = {|(t2, e2)|}"
+ and "rank (rev (Dtree.root t2)) < rank (rev (Dtree.root t1))"
+ and "t = Node r {|(t1, e1)|}"
+ and "x \<in> dverts t1"
+ shows "\<exists>v \<in> set r \<union> path_lverts t1 (hd x). v \<rightarrow>\<^bsub>T\<^esub> hd x"
+proof(cases "x = Dtree.root t1")
+ case True
+ have "is_subtree (Node (Dtree.root t1) {|(t2, e2)|}) (Node r {|(t1, e1)|})"
+ using subtree_if_child[of "t1" "{|(t1, e1)|}"] assms(2) dtree.collapse[of t1] by simp
+ then show ?thesis using dom_sub_contr[of r "{|(t1, e1)|}"] assms(3,4) True by auto
+next
+ case False
+ then have "x \<in> (\<Union>y\<in>fset (sucs t1). \<Union> (dverts ` Basic_BNFs.fsts y))"
+ using assms(5) dtree.set(1)[of "Dtree.root t1" "sucs t1"] by auto
+ then have "x \<in> dverts t2" using assms(2) by auto
+ then obtain v where v_def: "v \<in> set (Dtree.root t1) \<union> path_lverts t2 (hd x)" "v \<rightarrow>\<^bsub>T\<^esub> (hd x)"
+ using assms(1,2) dtree.set_sel(1) unfolding dom_children_def by auto
+ interpret T1: list_dtree t1 using list_dtree_rec assms(4) by simp
+ interpret T2: list_dtree t2 using T1.list_dtree_rec_suc assms(2) by simp
+ have "hd x \<in> dlverts t2" using \<open>x \<in> dverts t2\<close> by (simp add: hd_in_lverts_if_wf T2.wf_lverts)
+ then have "hd x \<notin> set (Dtree.root t1)"
+ using T1.wf_lverts wf_dlverts.simps[of "Dtree.root t1" "sucs t1"] assms(2) by fastforce
+ then have "path_lverts t1 (hd x) = set (Dtree.root t1) \<union> path_lverts t2 (hd x)"
+ using assms(2) by (simp add: path_lverts_simps1_sucs)
+ then show ?thesis using v_def by auto
+qed
+
+lemma dom_children_child_self:
+ assumes "dom_children t1 T"
+ and "sucs t1 = {|(t2, e2)|}"
+ and "rank (rev (Dtree.root t2)) < rank (rev (Dtree.root t1))"
+ and "t = Node r {|(t1, e1)|}"
+ shows "dom_children (Node r {|(t1, e1)|}) T"
+ using dom_children_child_self_aux[OF assms] by (simp add: dom_children_def)
+
+lemma normalize1_dom_contr:
+ "\<lbrakk>is_subtree (Node r {|(t1,e1)|}) (normalize1 t); rank (rev (Dtree.root t1)) < rank (rev r);
+ max_deg (Node r {|(t1,e1)|}) = 1\<rbrakk>
+ \<Longrightarrow> dom_children (Node r {|(t1,e1)|}) T"
+using ranked_dtree_with_orig_axioms proof(induction t rule: normalize1.induct)
+ case (1 r1 t e)
+ then interpret R: ranked_dtree_with_orig "Node r1 {|(t,e)|}" by blast
+ interpret T: ranked_dtree_with_orig t using R.ranked_dtree_orig_rec by simp
+ have sub_t: "is_subtree (Node (Dtree.root t) (sucs t)) (Node r1 {|(t,e)|})"
+ using subtree_if_child[of t "{|(t,e)|}"] by simp
+ show ?case
+ proof(cases "Node r {|(t1,e1)|} = normalize1 (Node r1 {|(t,e)|})")
+ case eq: True
+ then show ?thesis
+ proof(cases "rank (rev (Dtree.root t)) < rank (rev r1)")
+ case True
+ then have eq: "Node r {|(t1,e1)|} = Node (r1@Dtree.root t) (sucs t)" using eq by simp
+ then have "max_deg t = 1" using mdeg_root[of "Dtree.root t" "sucs t"] 1 by simp
+ then have "max_deg (Node r1 {|(t,e)|}) = 1"
+ using mdeg_singleton[of r1 t] by (simp add: fcard_single_1)
+ then have "dom_children (Node r1 {|(t, e)|}) T" using R.dom_contr[of r1 t e] True by simp
+ then show ?thesis using dom_children_combine eq by simp
+ next
+ case False
+ then have eq: "Node r {|(t1,e1)|} = Node r1 {|(normalize1 t, e)|}" using eq by simp
+ then obtain t2 e2 where t2_def:
+ "sucs t = {|(t2, e2)|}" "rank (rev (Dtree.root t2)) < rank (rev (Dtree.root t))"
+ using child_contr_if_new_contr False "1.prems"(2) by blast
+ then have "is_subtree (Node (Dtree.root t) {|(t2, e2)|}) (Node r1 {|(t, e)|})" using sub_t by simp
+ have "max_deg t = 1"
+ using "1.prems"(3) eq mdeg_singleton mdeg_root t2_def
+ by (metis dtree.collapse fcard_single_1 normalize1.simps(1))
+ then have "max_deg (Node (Dtree.root t) {|(t2, e2)|}) = 1"
+ using t2_def(1) dtree.collapse[of t] by simp
+ then have "dom_children (Node (Dtree.root t) (sucs t)) T"
+ using R.dom_contr sub_t t2_def "1.prems"(3) by simp
+ then have "dom_children t T" using dtree.exhaust_sel by simp
+ then have "dom_children (Node r1 {|(t,e)|}) T"
+ using R.dom_children_child_self t2_def by simp
+ then show ?thesis using dom_children_normalize1 \<open>max_deg t = 1\<close> T.wf_lverts eq by auto
+ qed
+ next
+ case uneq: False
+ show ?thesis
+ proof(cases "rank (rev (Dtree.root t)) < rank (rev r1)")
+ case True
+ then have "normalize1 (Node r1 {|(t,e)|}) = Node (r1@Dtree.root t) (sucs t)" by simp
+ then obtain t2 where t2_def: "t2 \<in> fst ` fset (sucs t)" "is_subtree (Node r {|(t1,e1)|}) t2"
+ using uneq "1.prems"(1) by fastforce
+ then have "is_subtree t2 t" using subtree_if_suc by blast
+ then have "is_subtree (Node r {|(t1,e1)|}) (Node r1 {|(t,e)|})"
+ using subtree_trans subtree_if_child t2_def(2) by auto
+ then show ?thesis using R.dom_contr "1.prems"(2,3) by blast
+ next
+ case False
+ then have "normalize1 (Node r1 {|(t,e)|}) = Node r1 {|(normalize1 t, e)|}" by simp
+ then have "is_subtree (Node r {|(t1,e1)|}) (normalize1 t)" using uneq "1.prems"(1) by auto
+ then show ?thesis using "1.IH" False "1.prems"(2,3) R.ranked_dtree_orig_rec by simp
+ qed
+ qed
+next
+ case (2 xs r1)
+ then have eq: "normalize1 (Node r1 xs) = Node r1 ((\<lambda>(t,e). (normalize1 t,e)) |`| xs)"
+ using "2.hyps" by simp
+ interpret R: ranked_dtree_with_orig "Node r1 xs" using "2.prems"(4) by blast
+ have "\<forall>x. ((\<lambda>(t,e). (normalize1 t,e)) |`| xs) \<noteq> {|x|}"
+ using singleton_normalize1 "2.hyps" disjoint_darcs_if_wf_xs[OF R.wf_arcs] by auto
+ then have "Node r {|(t1,e1)|} \<noteq> Node r1 ((\<lambda>(t,e). (normalize1 t,e)) |`| xs)" by auto
+ then obtain t3 e3 where t3_def:
+ "(t3,e3) \<in> fset xs" "is_subtree (Node r {|(t1, e1)|}) (normalize1 t3)"
+ using "2.prems"(1) eq by auto
+ then show ?case using "2.IH" "2.prems"(2,3) R.ranked_dtree_orig_rec by simp
+qed
+
+lemma dom_children_normalize1_img_full:
+ assumes "dom_children (Node r xs) T"
+ and "\<forall>(t1,e1) \<in> fset xs. wf_dlverts t1"
+ and "\<forall>(t1,e1) \<in> fset xs. max_deg t1 \<le> 1"
+ shows "dom_children (Node r ((\<lambda>(t1,e1). (normalize1 t1,e1)) |`| xs)) T"
+proof -
+ have "\<forall>(t1, e1) \<in> fset xs. dom_children (Node r {|(t1, e1)|}) T"
+ using dom_children_all_singletons[OF assms(1)] by blast
+ then have "\<forall>(t1, e1) \<in> fset xs. dom_children (Node r {|(normalize1 t1, e1)|}) T"
+ using dom_children_normalize1 assms(2,3) by fast
+ then show ?thesis
+ using dom_children_if_all_singletons[of "(\<lambda>(t1,e1). (normalize1 t1,e1)) |`| xs"] by fastforce
+qed
+
+lemma children_deg1_normalize1_sub:
+ "(\<lambda>(t1,e1). (normalize1 t1,e1)) ` children_deg1 xs
+ \<subseteq> children_deg1 ((\<lambda>(t1,e1). (normalize1 t1,e1)) |`| xs)"
+ using normalize1_mdeg_le order_trans by auto
+
+lemma normalize1_children_deg1_sub_if_wfarcs:
+ "\<forall>(t1,e1)\<in>fset xs. wf_darcs t1
+ \<Longrightarrow> children_deg1 ((\<lambda>(t1,e1). (normalize1 t1,e1)) |`| xs)
+ \<subseteq> (\<lambda>(t1,e1). (normalize1 t1,e1)) ` children_deg1 xs"
+ using normalize1_mdeg_eq by fastforce
+
+lemma normalize1_children_deg1_eq_if_wfarcs:
+ "\<forall>(t1,e1)\<in>fset xs. wf_darcs t1
+ \<Longrightarrow> (\<lambda>(t1,e1). (normalize1 t1,e1)) ` children_deg1 xs
+ = children_deg1 ((\<lambda>(t1,e1). (normalize1 t1,e1)) |`| xs)"
+ using children_deg1_normalize1_sub normalize1_children_deg1_sub_if_wfarcs by fast
+
+lemma normalize1_children_deg1_sub_if_wflverts:
+ "\<forall>(t1,e1)\<in>fset xs. wf_dlverts t1
+ \<Longrightarrow> children_deg1 ((\<lambda>(t1,e1). (normalize1 t1,e1)) |`| xs)
+ \<subseteq> (\<lambda>(t1,e1). (normalize1 t1,e1)) ` children_deg1 xs"
+ using normalize1_mdeg_eq' by fastforce
+
+lemma normalize1_children_deg1_eq_if_wflverts:
+ "\<forall>(t1,e1)\<in>fset xs. wf_dlverts t1
+ \<Longrightarrow> (\<lambda>(t1,e1). (normalize1 t1,e1)) ` children_deg1 xs
+ = children_deg1 ((\<lambda>(t1,e1). (normalize1 t1,e1)) |`| xs)"
+ using children_deg1_normalize1_sub normalize1_children_deg1_sub_if_wflverts by fast
+
+lemma dom_children_normalize1_img:
+ assumes "dom_children (Node r (Abs_fset (children_deg1 xs))) T"
+ and "\<forall>(t1,e1) \<in> fset xs. wf_dlverts t1"
+ shows "dom_children (Node r (Abs_fset (children_deg1 ((\<lambda>(t1,e1). (normalize1 t1,e1)) |`| xs)))) T"
+proof -
+ have "\<forall>(t1, e1) \<in> children_deg1 xs. dom_children (Node r {|(t1, e1)|}) T"
+ using dom_children_all_singletons[OF assms(1)] children_deg1_fset_id by blast
+ then have "\<forall>(t2, e2) \<in> (\<lambda>(t1,e1). (normalize1 t1,e1)) ` children_deg1 xs.
+ dom_children (Node r {|(t2, e2)|}) T"
+ using dom_children_normalize1 assms(2) by fast
+ then have "\<forall>(t2, e2) \<in> children_deg1 ((\<lambda>(t1,e1). (normalize1 t1,e1)) |`| xs).
+ dom_children (Node r {|(t2, e2)|}) T"
+ using normalize1_children_deg1_eq_if_wflverts[of xs] assms(2) by blast
+ then show ?thesis using dom_children_if_all_singletons children_deg1_fset_id by fast
+qed
+
+lemma normalize1_dom_wedge:
+ "\<lbrakk>is_subtree (Node r xs) (normalize1 t); fcard xs > 1\<rbrakk>
+ \<Longrightarrow> dom_children (Node r (Abs_fset (children_deg1 xs))) T"
+using ranked_dtree_with_orig_axioms proof(induction t rule: normalize1.induct)
+ case (1 r1 t e)
+ then interpret R: ranked_dtree_with_orig "Node r1 {|(t,e)|}" by blast
+ have sub_t: "is_subtree (Node (Dtree.root t) (sucs t)) (Node r1 {|(t,e)|})"
+ using subtree_if_child[of t "{|(t,e)|}"] by simp
+ show ?case
+ proof(cases "rank (rev (Dtree.root t)) < rank (rev r1)")
+ case True
+ then have eq: "normalize1 (Node r1 {|(t,e)|}) = Node (r1@Dtree.root t) (sucs t)" by simp
+ then show ?thesis
+ proof(cases "Node r xs = normalize1 (Node r1 {|(t,e)|})")
+ case True
+ then have "Node r xs = Node (r1@Dtree.root t) (sucs t)" using eq by simp
+ then show ?thesis using R.dom_wedge[OF sub_t] "1.prems"(2) unfolding dom_children_def by auto
+ next
+ case False
+ then obtain t2 e2 where t2_def: "(t2,e2) \<in> fset (sucs t)" "is_subtree (Node r xs) t2"
+ using "1.prems"(1) eq by auto
+ then have "is_subtree (Node r xs) t" using subtree_if_suc subtree_trans by fastforce
+ then show ?thesis using R.dom_wedge sub_t "1.prems"(2) by simp
+ qed
+ next
+ case False
+ then show ?thesis using 1 R.ranked_dtree_orig_rec by (auto simp: fcard_single_1)
+ qed
+next
+ case (2 xs1 r1)
+ then have eq: "normalize1 (Node r1 xs1) = Node r1 ((\<lambda>(t,e). (normalize1 t,e)) |`| xs1)"
+ using "2.hyps" by simp
+ interpret R: ranked_dtree_with_orig "Node r1 xs1" using "2.prems"(3) by blast
+ have "\<forall>x. ((\<lambda>(t,e). (normalize1 t,e)) |`| xs1) \<noteq> {|x|}"
+ using singleton_normalize1 "2.hyps" disjoint_darcs_if_wf_xs[OF R.wf_arcs] by auto
+ then show ?case
+ proof(cases "Node r xs = normalize1 (Node r1 xs1)")
+ case True
+ then have "1 < fcard xs1" using eq "2.prems"(2) fcard_image_le less_le_trans by fastforce
+ then have "dom_children (Node r1 (Abs_fset (children_deg1 xs1))) T" using R.dom_wedge by simp
+ then show ?thesis using dom_children_normalize1_img eq R.wf_lverts True by fastforce
+ next
+ case False
+ then show ?thesis using 2 R.ranked_dtree_orig_rec by fastforce
+ qed
+qed
+
+corollary normalize1_dom_wedge':
+ "\<forall>r xs. is_subtree (Node r xs) (normalize1 t) \<longrightarrow> fcard xs > 1
+ \<longrightarrow> dom_children (Node r (Abs_fset {(t, e). (t, e) \<in> fset xs \<and> max_deg t \<le> Suc 0})) T"
+ by (auto simp only: normalize1_dom_wedge One_nat_def[symmetric])
+
+lemma normalize1_verts_conform: "v \<in> dverts (normalize1 t) \<Longrightarrow> seq_conform v"
+using ranked_dtree_with_orig_axioms proof(induction t rule: normalize1.induct)
+ case ind: (1 r t e)
+ then interpret R: ranked_dtree_with_orig "Node r {|(t, e)|}" by blast
+ consider "rank (rev (Dtree.root t)) < rank (rev r)" "v = r@Dtree.root t"
+ | "rank (rev (Dtree.root t)) < rank (rev r)" "v \<noteq> r@Dtree.root t"
+ | "\<not>rank (rev (Dtree.root t)) < rank (rev r)"
+ by blast
+ then show ?case
+ proof(cases)
+ case 1
+ then show ?thesis using R.contr_seq_conform by auto
+ next
+ case 2
+ then have "v \<in> dverts (Node r {|(t, e)|})" using dverts_suc_subseteq ind.prems by fastforce
+ then show ?thesis using R.verts_conform by blast
+ next
+ case 3
+ then show ?thesis using R.verts_conform ind R.ranked_dtree_orig_rec by auto
+ qed
+next
+ case (2 xs r)
+ then interpret R: ranked_dtree_with_orig "Node r xs" by blast
+ show ?case using R.verts_conform 2 R.ranked_dtree_orig_rec by auto
+qed
+
+corollary normalize1_verts_distinct: "v \<in> dverts (normalize1 t) \<Longrightarrow> distinct v"
+ using distinct_normalize1 verts_distinct by auto
+
+lemma dom_mdeg_le1_aux:
+ assumes "max_deg t \<le> 1"
+ and "is_subtree (Node v {|(t2, e2)|}) t"
+ and "rank (rev (Dtree.root t2)) < rank (rev v)"
+ and "t1 \<in> fst ` fset (sucs t)"
+ and "x \<in> dverts t1"
+ shows "\<exists>r\<in>set (Dtree.root t) \<union> path_lverts t1 (hd x). r \<rightarrow>\<^bsub>T\<^esub> hd x"
+using assms ranked_dtree_with_orig_axioms proof(induction t arbitrary: t1)
+ case (Node r xs)
+ then interpret R: ranked_dtree_with_orig "Node r xs" by blast
+ interpret T1: ranked_dtree_with_orig t1 using Node.prems(4) R.ranked_dtree_orig_rec by force
+ have "fcard xs > 0" using Node.prems(4) fcard_seteq by fastforce
+ then have "fcard xs = 1" using mdeg_ge_fcard[of xs] Node.prems(1) by simp
+ then obtain e1 where e1_def: "xs = {|(t1,e1)|}"
+ using Node.prems(4) fcard_single_1_iff[of xs] by auto
+ have mdeg1: "max_deg (Node r xs) = 1"
+ using Node.prems(1) mdeg_ge_fcard[of xs] \<open>fcard xs = 1\<close> by simp
+ show ?case
+ proof(cases "Node v {|(t2, e2)|} = Node r xs")
+ case True
+ then have "dom_children (Node r xs) T"
+ using mdeg1 Node.prems(2,3) R.dom_contr_subtree by blast
+ then show ?thesis unfolding dom_children_def using e1_def Node.prems(5) by simp
+ next
+ case False
+ then have sub_t1: "is_subtree (Node v {|(t2, e2)|}) t1"
+ using Node.prems(2) e1_def is_subtree.simps[of "Node v {|(t2, e2)|}"] by force
+ show ?thesis
+ proof(cases "x = Dtree.root t1")
+ case True
+ then show ?thesis using R.dom_sub_contr[OF self_subtree] Node.prems(3) e1_def sub_t1 by auto
+ next
+ case False
+ then obtain t3 where t3_def: "t3 \<in> fst ` fset (sucs t1)" "x \<in> dverts t3"
+ using Node.prems(5) dverts_root_or_child[of x "Dtree.root t1" "sucs t1"] by fastforce
+ have mdeg_t1: "max_deg t1 \<le> 1" using mdeg_ge_child[of t1 e1 xs] e1_def mdeg1 by simp
+ moreover have "fcard (sucs t1) > 0" using t3_def fcard_seteq by fastforce
+ ultimately have "fcard (sucs t1) = 1" using mdeg_ge_fcard[of "sucs t1" "Dtree.root t1"] by simp
+ then obtain e3 where e3_def: "sucs t1 = {|(t3, e3)|}"
+ using t3_def fcard_single_1_iff[of "sucs t1"] by fastforce
+ have ind: "\<exists>r\<in>set (Dtree.root t1) \<union> path_lverts t3 (hd x). r \<rightarrow>\<^bsub>T\<^esub> hd x"
+ using Node.IH mdeg_t1 e1_def sub_t1 Node.prems(3) t3_def T1.ranked_dtree_with_orig_axioms
+ by auto
+ have "hd x \<in> dlverts t3" using t3_def hd_in_lverts_if_wf T1.wf_lverts wf_dlverts_suc by blast
+ then have "hd x \<notin> set (Dtree.root t1)"
+ using t3_def dlverts_notin_root_sucs[OF T1.wf_lverts] by blast
+ then have "path_lverts t1 (hd x) = set (Dtree.root t1) \<union> path_lverts t3 (hd x)"
+ using path_lverts_simps1_sucs e3_def by fastforce
+ then show ?thesis using ind by blast
+ qed
+ qed
+qed
+
+lemma dom_mdeg_le1:
+ assumes "max_deg t \<le> 1"
+ and "is_subtree (Node v {|(t2, e2)|}) t"
+ and "rank (rev (Dtree.root t2)) < rank (rev v)"
+ shows "dom_children t T"
+ using dom_mdeg_le1_aux[OF assms] unfolding dom_children_def by blast
+
+lemma dom_children_normalize1_preserv:
+ assumes "max_deg (normalize1 t1) \<le> 1" and "dom_children t1 T" and "wf_dlverts t1"
+ shows "dom_children (normalize1 t1) T"
+using assms proof(induction t1 rule: normalize1.induct)
+ case (1 r t e)
+ then show ?case
+ proof(cases "rank (rev (Dtree.root t)) < rank (rev r)")
+ case True
+ then show ?thesis using 1 dom_children_combine by force
+ next
+ case False
+ then have "max_deg (normalize1 t) \<le> 1"
+ using "1.prems"(1) mdeg_ge_child[of "normalize1 t" e "{|(normalize1 t,e)|}"] by simp
+ then have "max_deg t \<le> 1" using normalize1_mdeg_eq' "1.prems"(3) by fastforce
+ then show ?thesis using dom_children_normalize1 False "1.prems"(2,3) by simp
+ qed
+next
+ case (2 xs r)
+ have "max_deg (Node r xs) \<le> 1"
+ using normalize1_mdeg_eq'[OF "2.prems"(3)] "2.prems"(1) by fastforce
+ then have "fcard xs \<le> 1" using mdeg_ge_fcard[of xs] by simp
+ then have "fcard xs = 0" using fcard_single_1_iff[of xs] "2.hyps" by fastforce
+ then have "normalize1 (Node r xs) = Node r xs" using "2.hyps" by simp
+ then show ?case using "2.prems"(2) by simp
+qed
+
+lemma dom_mdeg_le1_normalize1:
+ assumes "max_deg (normalize1 t) \<le> 1" and "normalize1 t \<noteq> t"
+ shows "dom_children (normalize1 t) T"
+proof -
+ obtain v t2 e2 where "is_subtree (Node v {|(t2, e2)|}) t" "rank (rev (Dtree.root t2)) < rank (rev v)"
+ using contr_if_normalize1_uneq assms(2) by blast
+ moreover have "max_deg t \<le> 1" using assms(1) normalize1_mdeg_eq wf_arcs by fastforce
+ ultimately show ?thesis
+ using dom_mdeg_le1 dom_children_normalize1_preserv assms(1) wf_lverts by blast
+qed
+
+lemma normalize_mdeg_eq:
+ "wf_darcs t1
+ \<Longrightarrow> max_deg (normalize t1) = max_deg t1 \<or> (max_deg (normalize t1) = 0 \<and> max_deg t1 = 1)"
+ apply (induction t1 rule: normalize.induct)
+ by (smt (verit, ccfv_threshold) normalize1_mdeg_eq wf_darcs_normalize1 normalize.simps)
+
+lemma normalize_mdeg_eq':
+ "wf_dlverts t1
+ \<Longrightarrow> max_deg (normalize t1) = max_deg t1 \<or> (max_deg (normalize t1) = 0 \<and> max_deg t1 = 1)"
+ apply (induction t1 rule: normalize.induct)
+ by (smt (verit, ccfv_threshold) normalize1_mdeg_eq' wf_dlverts_normalize1 normalize.simps)
+
+corollary mdeg_le1_normalize:
+ "\<lbrakk>max_deg (normalize t1) \<le> 1; wf_dlverts t1\<rbrakk> \<Longrightarrow> max_deg t1 \<le> 1"
+ using normalize_mdeg_eq' by fastforce
+
+lemma dom_children_normalize_preserv:
+ assumes "max_deg (normalize t1) \<le> 1" and "dom_children t1 T" and "wf_dlverts t1"
+ shows "dom_children (normalize t1) T"
+using assms proof(induction t1 rule: normalize.induct)
+ case (1 t1)
+ then show ?case
+ proof(cases "t1 = normalize1 t1")
+ case True
+ then show ?thesis using "1.prems" dom_children_normalize1_preserv by simp
+ next
+ case False
+ have "max_deg t1 \<le> 1" using mdeg_le1_normalize "1.prems"(1,3) by blast
+ then have "max_deg (normalize1 t1) \<le> 1"
+ using normalize1_mdeg_eq' "1.prems"(3) by fastforce
+ then have "dom_children (normalize1 t1) T"
+ using dom_children_normalize1_preserv "1.prems"(2,3) by blast
+ then show ?thesis using 1 False by (simp add: Let_def wf_dlverts_normalize1)
+ qed
+qed
+
+lemma dom_mdeg_le1_normalize:
+ assumes "max_deg (normalize t) \<le> 1" and "normalize t \<noteq> t"
+ shows "dom_children (normalize t) T"
+using assms ranked_dtree_with_orig_axioms proof(induction t rule: normalize.induct)
+ case (1 t)
+ then interpret T: ranked_dtree_with_orig t by blast
+ show ?case
+ using 1 T.dom_mdeg_le1_normalize1 T.wf_lverts wf_dlverts_normalize1
+ by (smt (verit) dom_children_normalize_preserv normalize.elims mdeg_le1_normalize)
+qed
+
+lemma normalize1_arc_in_dlverts:
+ "\<lbrakk>is_subtree (Node v ys) (normalize1 t); x \<in> set v; x \<rightarrow>\<^bsub>T\<^esub> y\<rbrakk> \<Longrightarrow> y \<in> dlverts (Node v ys)"
+using ranked_dtree_with_orig_axioms proof(induction t rule: normalize1.induct)
+ case ind: (1 r t e)
+ then interpret R: ranked_dtree_with_orig "Node r {|(t, e)|}" by blast
+ show ?case
+ proof(cases "rank (rev (Dtree.root t)) < rank (rev r)")
+ case True
+ then have eq: "normalize1 (Node r {|(t, e)|}) = Node (r@Dtree.root t) (sucs t)" by simp
+ then show ?thesis
+ proof(cases "Node v ys = Node (r@Dtree.root t) (sucs t)")
+ case True
+ then consider "x \<in> set r" | "x \<in> set (Dtree.root t)" using ind.prems(2) by auto
+ then show ?thesis
+ proof(cases)
+ case 1
+ then have "y \<in> dlverts (Node r {|(t, e)|})"
+ using R.arc_in_dlverts ind.prems(3) by fastforce
+ then show ?thesis using eq normalize1_dlverts_eq[of "Node r {|(t, e)|}"] True by simp
+ next
+ case 2
+ then have "y \<in> dlverts t"
+ using R.arc_in_dlverts[of "Dtree.root t" "sucs t"] ind.prems(3)
+ subtree_if_child[of t "{|(t, e)|}"] by simp
+ then show ?thesis using eq normalize1_dlverts_eq[of "Node r {|(t, e)|}"] True by simp
+ qed
+ next
+ case False
+ then obtain t2 where t2_def: "t2 \<in> fst ` fset (sucs t)" "is_subtree (Node v ys) t2"
+ using ind.prems(1) eq by force
+ then have "is_subtree (Node v ys) (Node r {|(t, e)|})"
+ using subtree_trans[OF t2_def(2)] subtree_if_suc by auto
+ then show ?thesis using R.arc_in_dlverts ind.prems(2,3) by blast
+ qed
+ next
+ case nocontr: False
+ then show ?thesis
+ proof(cases "Node v ys = Node r {|(normalize1 t, e)|}")
+ case True
+ then have "y \<in> dlverts (Node r {|(t, e)|})"
+ using R.arc_in_dlverts ind.prems(2,3) by fastforce
+ then show ?thesis using nocontr True by simp
+ next
+ case False
+ then have "is_subtree (Node v ys) (normalize1 t)" using ind.prems(1) nocontr by auto
+ then show ?thesis using ind.IH[OF nocontr] ind.prems(2,3) R.ranked_dtree_orig_rec by simp
+ qed
+ qed
+next
+ case (2 xs r)
+ then interpret R: ranked_dtree_with_orig "Node r xs" by blast
+ have eq: "normalize1 (Node r xs) = Node r ((\<lambda>(t,e). (normalize1 t,e)) |`| xs)"
+ using "2.hyps" by simp
+ show ?case
+ proof(cases "Node v ys = normalize1 (Node r xs)")
+ case True
+ then have "y \<in> dlverts (Node r xs)" using R.arc_in_dlverts "2.hyps" "2.prems"(2,3) by simp
+ then show ?thesis using True by simp
+ next
+ case False
+ then obtain t2 e2 where t2_def: "(t2,e2) \<in> fset xs" "is_subtree (Node v ys) (normalize1 t2)"
+ using "2.hyps" "2.prems"(1) by auto
+ then show ?thesis using "2.IH" "2.prems"(2,3) R.ranked_dtree_orig_rec by simp
+ qed
+qed
+
+lemma normalize1_arc_in_dlverts':
+ "\<forall>r xs. is_subtree (Node r xs) (normalize1 t) \<longrightarrow> (\<forall>x. x \<in> set r
+ \<longrightarrow> (\<forall>y. x \<rightarrow>\<^bsub>T\<^esub> y \<longrightarrow> y \<in> set r \<or> (\<exists>x\<in>fset xs. y \<in> dlverts (fst x))))"
+ using normalize1_arc_in_dlverts by simp
+
+theorem ranked_dtree_orig_normalize1: "ranked_dtree_with_orig (normalize1 t) rank cost cmp T root"
+ by (simp add: ranked_dtree_with_orig_def ranked_dtree_with_orig_axioms_def asi_rank
+ normalize1_dom_contr normalize1_dom_mdeg_gt1 normalize1_dom_sub_contr
+ normalize1_dom_wedge' directed_tree_axioms normalize1_arc_in_dlverts'
+ ranked_dtree_normalize1 normalize1_verts_conform normalize1_verts_distinct)
+
+theorem ranked_dtree_orig_normalize: "ranked_dtree_with_orig (normalize t) rank cost cmp T root"
+using ranked_dtree_with_orig_axioms proof(induction t rule: normalize.induct)
+ case (1 t)
+ then interpret T: ranked_dtree_with_orig t by blast
+ show ?case using "1.IH" T.ranked_dtree_orig_normalize1 by(auto simp: Let_def)
+qed
+
+subsubsection \<open>Merging preserves Arc Invariants\<close>
+
+interpretation Comm: comp_fun_commute "merge_f r xs" by (rule merge_commute)
+
+lemma path_lverts_supset_z:
+ "\<lbrakk>list_dtree (Node r xs); \<forall>t1 \<in> fst ` fset xs. a \<notin> dlverts t1\<rbrakk>
+ \<Longrightarrow> path_lverts_list z a \<subseteq> path_lverts_list (ffold (merge_f r xs) z xs) a"
+proof(induction xs)
+ case (insert x xs)
+ interpret Comm: comp_fun_commute "merge_f r (finsert x xs)" by (rule merge_commute)
+ define f where "f = merge_f r (finsert x xs)"
+ define f' where "f' = merge_f r xs"
+ let ?merge = "Sorting_Algorithms.merge cmp'"
+ have 0: "list_dtree (Node r xs)" using list_dtree_subset insert.prems(1) by blast
+ show ?case
+ proof(cases "ffold f z (finsert x xs) = ffold f' z xs")
+ case True
+ then show ?thesis using insert.IH 0 insert.prems(2) f_def f'_def by auto
+ next
+ case False
+ obtain t2 e2 where t2_def[simp]: "x = (t2,e2)" by fastforce
+ have 1: "\<forall>v\<in>fst ` set (dtree_to_list (Node r {|(t2, e2)|})). a \<notin> set v"
+ using insert.prems(2) dtree_to_list_x_in_dlverts by auto
+ have "xs |\<subseteq>| finsert x xs" by blast
+ then have f_xs: "ffold f z xs = ffold f' z xs"
+ using merge_ffold_supset insert.prems(1) f_def f'_def by presburger
+ have "ffold f z (finsert x xs) = f x (ffold f z xs)"
+ using Comm.ffold_finsert[OF insert.hyps] f_def by blast
+ then have 2: "ffold f z (finsert x xs) = f x (ffold f' z xs)" using f_xs by argo
+ then have "f x (ffold f' z xs) \<noteq> ffold f' z xs" using False f_def f'_def by argo
+ then have "f (t2,e2) (ffold f' z xs)
+ = ?merge (dtree_to_list (Node r {|(t2,e2)|})) (ffold f' z xs)"
+ using merge_f_merge_if_not_snd t2_def f_def by blast
+ then have "ffold f z (finsert x xs)
+ = ?merge (dtree_to_list (Node r {|(t2,e2)|})) (ffold f' z xs)"
+ using 2 t2_def by argo
+ then have "path_lverts_list (ffold f' z xs) a \<subseteq> path_lverts_list (ffold f z (finsert x xs)) a"
+ using path_lverts_list_merge_supset_ys_notin[OF 1] by presburger
+ then show ?thesis using insert.IH 0 insert.prems(2) f_def f'_def by auto
+ qed
+qed(simp)
+
+lemma path_lverts_merge_ffold_sup:
+ "\<lbrakk>list_dtree (Node r xs); t1 \<in> fst ` fset xs; a \<in> dlverts t1\<rbrakk>
+ \<Longrightarrow> path_lverts t1 a \<subseteq> path_lverts_list (ffold (merge_f r xs) [] xs) a"
+proof(induction xs)
+ case (insert x xs)
+ interpret Comm: comp_fun_commute "merge_f r (finsert x xs)" by (rule merge_commute)
+ define f where "f = merge_f r (finsert x xs)"
+ define f' where "f' = merge_f r xs"
+ let ?merge = "Sorting_Algorithms.merge cmp'"
+ have 0: "list_dtree (Node r xs)" using list_dtree_subset insert.prems(1) by blast
+ obtain t2 e2 where t2_def[simp]: "x = (t2,e2)" by fastforce
+ have "(t2, e2) \<in> fset (finsert x xs)" by simp
+ moreover have "(t2, e2) \<notin> fset xs" using insert.hyps notin_fset by fastforce
+ ultimately have xs_val:
+ "(\<forall>(v,e) \<in> set (ffold f' [] xs). set v \<inter> dlverts t2 = {} \<and> v \<noteq> [] \<and> e \<notin> darcs t2 \<union> {e2})"
+ using merge_ffold_empty_inter_preserv'[OF insert.prems(1) empty_list_valid_merge] f'_def
+ by blast
+ have "ffold f [] (finsert x xs) = f x (ffold f [] xs)"
+ using Comm.ffold_finsert[OF insert.hyps] f_def by blast
+ also have "\<dots> = f x (ffold f' [] xs)"
+ using merge_ffold_supset[of xs "finsert x xs" r "[]"] insert.prems(1) f_def f'_def by fastforce
+ finally have "ffold f [] (finsert x xs) = ?merge (dtree_to_list (Node r {|x|})) (ffold f' [] xs)"
+ using merge_f_merge_if_conds xs_val insert.prems f_def by simp
+ then have merge: "ffold f [] (finsert x xs)
+ = ?merge (dtree_to_list (Node r {|(t2,e2)|})) (ffold f'[] xs)"
+ using t2_def by blast
+ show ?case
+ proof(cases "t1 = t2")
+ case True
+ then have "\<forall>v\<in>fst ` set (ffold f' [] xs). a \<notin> set v"
+ using insert.prems(3) xs_val by fastforce
+ then have "path_lverts_list (dtree_to_list (Node r {|(t2,e2)|})) a
+ \<subseteq> path_lverts_list (ffold f [] (finsert x xs)) a"
+ using merge path_lverts_list_merge_supset_xs_notin by fastforce
+ then show ?thesis using True f_def path_lverts_to_list_eq by force
+ next
+ case False
+ then have "a \<notin> dlverts t2" using insert.prems list_dtree.wf_lverts by fastforce
+ then have 1: "\<forall>v\<in>fst ` set (dtree_to_list (Node r {|(t2, e2)|})). a \<notin> set v"
+ using dtree_to_list_x_in_dlverts by fast
+ have "path_lverts t1 a \<subseteq> path_lverts_list (ffold f' [] xs) a"
+ using insert.IH[OF 0] insert.prems(2,3) False f'_def by simp
+ then show ?thesis using f_def merge path_lverts_list_merge_supset_ys_notin[OF 1] by auto
+ qed
+qed(simp)
+
+lemma path_lverts_merge_sup_aux:
+ assumes "list_dtree (Node r xs)" and "t1 \<in> fst ` fset xs" and "a \<in> dlverts t1"
+ and "ffold (merge_f r xs) [] xs = (v1, e1) # ys"
+ shows "path_lverts t1 a \<subseteq> path_lverts (dtree_from_list v1 ys) a"
+proof -
+ have "xs \<noteq> {||}" using assms(2) by auto
+ have "path_lverts t1 a \<subseteq> path_lverts_list (ffold (merge_f r xs) [] xs) a"
+ using path_lverts_merge_ffold_sup[OF assms(1-3)] .
+ then show ?thesis using path_lverts_from_list_eq assms(4) by fastforce
+qed
+
+lemma path_lverts_merge_sup:
+ assumes "list_dtree (Node r xs)" and "t1 \<in> fst ` fset xs" and "a \<in> dlverts t1"
+ shows "\<exists>t2 e2. merge (Node r xs) = Node r {|(t2,e2)|}
+ \<and> path_lverts t1 a \<subseteq> path_lverts t2 a"
+proof -
+ have "xs \<noteq> {||}" using assms(2) by auto
+ then obtain t2 e2 where t2_def: "merge (Node r xs) = Node r {|(t2,e2)|}"
+ using merge_singleton[OF assms(1)] by blast
+ obtain y ys where y_def: "ffold (merge_f r xs) [] xs = y # ys"
+ using merge_ffold_nempty[OF assms(1) \<open>xs \<noteq> {||}\<close>] list.exhaust_sel by blast
+ obtain v1 e1 where "y = (v1,e1)" by fastforce
+ then show ?thesis using merge_xs path_lverts_merge_sup_aux[OF assms] t2_def y_def by fastforce
+qed
+
+lemma path_lverts_merge_sup_sucs:
+ assumes "list_dtree t0" and "t1 \<in> fst ` fset (sucs t0)" and "a \<in> dlverts t1"
+ shows "\<exists>t2 e2. merge t0 = Node (Dtree.root t0) {|(t2,e2)|}
+ \<and> path_lverts t1 a \<subseteq> path_lverts t2 a"
+ using path_lverts_merge_sup[of "Dtree.root t0" "sucs t0"] assms by simp
+
+lemma merge_dom_children_aux:
+ assumes "list_dtree t0"
+ and "\<forall>x\<in>dverts t1. \<exists>v \<in> set (Dtree.root t0) \<union> path_lverts t1 (hd x). v \<rightarrow>\<^bsub>T\<^esub> hd x"
+ and "t1 \<in> fst ` fset (sucs t0)"
+ and "wf_dlverts t1"
+ and "x \<in> dverts t1"
+ shows "\<exists>!t2 \<in> fst ` fset (sucs (merge t0)).
+ \<exists>v \<in> set (Dtree.root (merge t0)) \<union> path_lverts t2 (hd x). v \<rightarrow>\<^bsub>T\<^esub> (hd x)"
+proof -
+ have "hd x \<in> dlverts t1" using assms(4,5) by (simp add: hd_in_lverts_if_wf)
+ then obtain t2 e2 where t2_def:
+ "merge t0 = Node (Dtree.root t0) {|(t2,e2)|}" "path_lverts t1 (hd x) \<subseteq> path_lverts t2 (hd x)"
+ using path_lverts_merge_sup_sucs[OF assms(1,3)] by blast
+ then show ?thesis using assms(2,5) by force
+qed
+
+lemma merge_dom_children_aux':
+ assumes "dom_children t0 T"
+ and "\<forall>t1 \<in> fst ` fset (sucs t0). wf_dlverts t1"
+ and "t2 \<in> fst ` fset (sucs (merge t0))"
+ and "x \<in> dverts t2"
+ shows "\<exists>v\<in>set (Dtree.root (merge t0)) \<union> path_lverts t2 (hd x). v \<rightarrow>\<^bsub>T\<^esub> hd x"
+proof -
+ have disj: "list_dtree t0"
+ using assms(3) merge_empty_if_nwf_sucs[of t0] by fastforce
+ obtain t1 where t1_def: "t1 \<in> fst ` fset (sucs t0)" "x \<in> dverts t1"
+ using verts_child_if_merge_child[OF assms(3,4)] by blast
+ then have 0: "\<forall>x\<in>dverts t1. \<exists>v\<in>set (Dtree.root t0) \<union> path_lverts t1 (hd x). v \<rightarrow>\<^bsub>T\<^esub> hd x"
+ using assms(1) unfolding dom_children_def by blast
+ then have "wf_dlverts t1" using t1_def(1) assms(2) by blast
+ then obtain t3 where t3_def: "t3 \<in> fst ` fset (sucs (merge t0))"
+ "(\<exists>v\<in>set (Dtree.root (merge t0)) \<union> path_lverts t3 (hd x). v \<rightarrow>\<^bsub>T\<^esub> hd x)"
+ using merge_dom_children_aux[OF disj 0] t1_def by blast
+ then have "t3 = t2" using assms(3) merge_single_root1_sucs by fastforce
+ then show ?thesis using t3_def(2) by blast
+qed
+
+lemma merge_dom_children_sucs:
+ assumes "dom_children t0 T" and "\<forall>t1 \<in> fst ` fset (sucs t0). wf_dlverts t1"
+ shows "dom_children (merge t0) T"
+ using merge_dom_children_aux'[OF assms] dom_children_def by fast
+
+lemma merge_dom_children:
+ "\<lbrakk>dom_children (Node r xs) T; \<forall>t1 \<in> fst ` fset xs. wf_dlverts t1\<rbrakk>
+ \<Longrightarrow> dom_children (merge (Node r xs)) T"
+ using merge_dom_children_sucs by auto
+
+lemma merge_dom_children_if_ndisjoint:
+ "\<not>list_dtree (Node r xs) \<Longrightarrow> dom_children (merge (Node r xs)) T"
+ using merge_empty_if_nwf unfolding dom_children_def by simp
+
+lemma merge_subtree_fcard_le1: "is_subtree (Node r xs) (merge t1) \<Longrightarrow> fcard xs \<le> 1"
+ using merge_mdeg_le1_sub le_trans mdeg_ge_fcard by fast
+
+lemma merge_dom_mdeg_gt1:
+ "\<lbrakk>is_subtree (Node r xs) (merge t2); t1 \<in> fst ` fset xs; max_deg (Node r xs) > 1\<rbrakk>
+ \<Longrightarrow> \<exists>v \<in> set r. v \<rightarrow>\<^bsub>T\<^esub> hd (Dtree.root t1)"
+ using merge_mdeg_le1_sub by fastforce
+
+lemma merge_root_if_contr:
+ "\<lbrakk>\<And>r1 t2 e2. is_subtree (Node r1 {|(t2,e2)|}) t1 \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t2));
+ is_subtree (Node v {|(t2,e2)|}) (merge t1); rank (rev (Dtree.root t2)) < rank (rev v)\<rbrakk>
+ \<Longrightarrow> Node v {|(t2,e2)|} = merge t1"
+ using merge_strict_subtree_nocontr_sucs2[of t1 v] strict_subtree_def by fastforce
+
+lemma merge_new_contr_fcard_gt1:
+ assumes "\<And>r1 t2 e2. is_subtree (Node r1 {|(t2,e2)|}) t1 \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t2))"
+ and "Node v {|(t2,e2)|} = (merge t1)"
+ and "rank (rev (Dtree.root t2)) < rank (rev v)"
+ shows "fcard (sucs t1) > 1"
+proof -
+ have t_v: "Dtree.root t1 = v" using assms(2) dtree.sel(1)[of v "{|(t2,e2)|}"] by simp
+ have "\<forall>t2 e2. Node v {|(t2,e2)|} \<noteq> t1"
+ using assms merge_root_child_eq self_subtree less_le_not_le by metis
+ then have "\<forall>x. sucs t1 \<noteq> {|x|}" using t_v dtree.collapse[of t1] by force
+ moreover have "sucs t1 \<noteq> {||}" using assms(2) merge_empty_sucs by force
+ ultimately show ?thesis using fcard_single_1_iff[of "sucs t1"] fcard_0_eq[of "sucs t1"] by force
+qed
+
+lemma merge_dom_sub_contr_if_nocontr:
+ assumes "\<And>r1 t2 e2. is_subtree (Node r1 {|(t2,e2)|}) t \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t2))"
+ and "is_subtree (Node r xs) (merge t)"
+ and "t1 \<in> fst ` fset xs"
+ and "\<exists>v t2 e2. is_subtree (Node v {|(t2,e2)|}) (Node r xs)
+ \<and> rank (rev (Dtree.root t2)) < rank (rev v)"
+ shows "\<exists>v \<in> set r. v \<rightarrow>\<^bsub>T\<^esub> hd (Dtree.root t1)"
+proof -
+ obtain v t2 e2 where t2_def:
+ "is_subtree (Node v {|(t2,e2)|}) (Node r xs)" "rank (rev (Dtree.root t2)) < rank (rev v)"
+ using assms(4) by blast
+ then have "is_subtree (Node v {|(t2,e2)|}) (merge t)" using assms(2) subtree_trans by blast
+ then have eq: "Node v {|(t2,e2)|} = merge t" using merge_root_if_contr assms(1) t2_def(2) by blast
+ then have t_v: "Dtree.root t = v" using dtree.sel(1)[of v "{|(t2,e2)|}"] by simp
+ have eq2: "Node v {|(t2,e2)|} = Node r xs"
+ using eq assms(2) t2_def(1) subtree_antisym[of "Node v {|(t2, e2)|}"] by simp
+ have "fcard (sucs t) > 1" using merge_new_contr_fcard_gt1[OF assms(1) eq t2_def(2)] by simp
+ then have mdeg: "max_deg t > 1" using mdeg_ge_fcard[of "sucs t" "Dtree.root t"] by simp
+ have sub: "is_subtree (Node (Dtree.root t) (sucs t)) t" using self_subtree[of t] by simp
+ obtain e1 where e1_def: "(t1, e1)\<in>fset (sucs (merge t))"
+ using assms(3) eq eq2 dtree.sel(2)[of r xs] by force
+ then obtain t3 where t3_def: "(t3, e1)\<in>fset (sucs t)" "Dtree.root t3 = Dtree.root t1"
+ using merge_child_in_orig[OF e1_def] by blast
+ then have "\<exists>v\<in>set (Dtree.root t). v \<rightarrow>\<^bsub>T\<^esub> hd (Dtree.root t1)" using dom_mdeg_gt1 sub mdeg by fastforce
+ then show ?thesis using t_v eq2 by blast
+qed
+
+lemma merge_dom_contr_if_nocontr_mdeg_le1:
+ assumes "\<And>r1 t2 e2. is_subtree (Node r1 {|(t2,e2)|}) t \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t2))"
+ and "is_subtree (Node r {|(t1,e1)|}) (merge t)"
+ and "rank (rev (Dtree.root t1)) < rank (rev r)"
+ and "\<forall>t \<in> fst ` fset (sucs t). max_deg t \<le> 1"
+ shows "dom_children (Node r {|(t1,e1)|}) T"
+proof -
+ have eq: "Node r {|(t1,e1)|} = merge t" using merge_root_if_contr[OF assms(1-3)] .
+ have 0: "\<forall>t1\<in>fst ` fset (sucs t). wf_dlverts t1" using wf_lverts wf_dlverts_suc by auto
+ have "fcard (sucs t) > 1" using merge_new_contr_fcard_gt1[OF assms(1) eq assms(3)] by simp
+ then have "dom_children t T" using dom_wedge_full[of "Dtree.root t"] assms(4) self_subtree by force
+ then show ?thesis using merge_dom_children_sucs 0 eq by simp
+qed
+
+lemma merge_dom_wedge:
+ "\<lbrakk>is_subtree (Node r xs) (merge t1); fcard xs > 1; \<forall>t \<in> fst ` fset xs. max_deg t \<le> 1\<rbrakk>
+ \<Longrightarrow> dom_children (Node r xs) T"
+ using merge_subtree_fcard_le1 by fastforce
+
+subsubsection \<open>Merge1 preserves Arc Invariants\<close>
+
+lemma merge1_dom_mdeg_gt1:
+ assumes "is_subtree (Node r xs) (merge1 t)" and "t1 \<in> fst ` fset xs" and "max_deg (Node r xs) > 1"
+ shows "\<exists>v \<in> set r. v \<rightarrow>\<^bsub>T\<^esub> hd (Dtree.root t1)"
+proof -
+ obtain ys where ys_def: "merge1 (Node r ys) = Node r xs" "is_subtree (Node r ys) t"
+ using merge1_subtree_if_mdeg_gt1[OF assms(1,3)] by blast
+ then obtain t3 where t3_def: "t3 \<in> fst ` fset ys" "Dtree.root t3 = Dtree.root t1"
+ using assms(2) merge1_child_in_orig by fastforce
+ have "max_deg (Node r ys) > 1" using merge1_mdeg_le[of "Node r ys"] ys_def(1) assms(3) by simp
+ then show ?thesis using dom_mdeg_gt1[OF ys_def(2) t3_def(1)] t3_def by simp
+qed
+
+lemma max_deg1_gt_1_if_new_contr:
+ assumes "\<And>r1 t2 e2. is_subtree (Node r1 {|(t2,e2)|}) t0 \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t2))"
+ and "is_subtree (Node r {|(t1,e1)|}) (merge1 t0)"
+ and "rank (rev (Dtree.root t1)) < rank (rev r)"
+ shows "max_deg t0 > 1"
+ using assms merge1_mdeg_gt1_if_uneq by force
+
+lemma merge1_subtree_if_new_contr:
+ assumes "\<And>r1 t2 e2. is_subtree (Node r1 {|(t2,e2)|}) t0 \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t2))"
+ and "is_subtree (Node r xs) (merge1 t0)"
+ and "is_subtree (Node v {|(t1,e1)|}) (Node r xs)"
+ and "rank (rev (Dtree.root t1)) < rank (rev v)"
+ shows "\<exists>ys. is_subtree (Node r ys) t0 \<and> merge1 (Node r ys) = Node r xs"
+using assms proof(induction t0)
+ case (Node r' ys)
+ then consider "fcard ys > 1" "(\<forall>t \<in> fst ` fset ys. max_deg t \<le> 1)"
+ | "\<not>(fcard ys > 1 \<and> (\<forall>t \<in> fst ` fset ys. max_deg t \<le> 1))" "Node r xs = merge1 (Node r' ys)"
+ | "\<not>(fcard ys > 1 \<and> (\<forall>t \<in> fst ` fset ys. max_deg t \<le> 1))" "Node r xs \<noteq> merge1 (Node r' ys)"
+ by blast
+ then show ?case
+ proof(cases)
+ case 1
+ then have "is_subtree (Node v {|(t1, e1)|}) (merge (Node r' ys))"
+ using subtree_trans[OF Node.prems(3,2)] by force
+ then have "Node v {|(t1, e1)|} = merge (Node r' ys)"
+ using merge_root_if_contr Node.prems(1,4) by blast
+ then have "Node r xs = merge1 (Node r' ys)"
+ using Node.prems(2,3) 1 subtree_eq_if_trans_eq1 by fastforce
+ then show ?thesis using 1 dtree.sel(1)[of r xs] by auto
+ next
+ case 2
+ then have "r = r'" using dtree.sel(1)[of r xs] by force
+ then show ?thesis using 2(2) by auto
+ next
+ case 3
+ then have "merge1 (Node r' ys) = Node r' ((\<lambda>(t,e). (merge1 t,e)) |`| ys)" by auto
+ then obtain t2 e2 where t2_def: "(t2,e2) \<in> fset ys" "is_subtree (Node r xs) (merge1 t2)"
+ using Node.prems(2) 3(2) by auto
+ then have subt2: "is_subtree t2 (Node r' ys)" using subtree_if_child by fastforce
+ then have "\<And>r1 t3 e3. is_subtree (Node r1 {|(t3, e3)|}) t2
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t3))"
+ using Node.prems(1) subtree_trans by blast
+ then obtain ys' where ys_def: "is_subtree (Node r ys') t2" "merge1 (Node r ys') = Node r xs"
+ using Node.IH[OF t2_def(1)] Node.prems(3,4) t2_def(2) by auto
+ then show ?thesis using subtree_trans subt2 by blast
+ qed
+qed
+
+lemma merge1_dom_sub_contr:
+ assumes "\<And>r1 t2 e2. is_subtree (Node r1 {|(t2,e2)|}) t \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t2))"
+ and "is_subtree (Node r xs) (merge1 t)"
+ and "t1 \<in> fst ` fset xs"
+ and "\<exists>v t2 e2. is_subtree (Node v {|(t2,e2)|}) (Node r xs)\<and>rank (rev (Dtree.root t2))<rank (rev v)"
+ shows "\<exists>v \<in> set r. v \<rightarrow>\<^bsub>T\<^esub> hd (Dtree.root t1)"
+proof -
+ obtain ys where ys_def: "is_subtree (Node r ys) t" "merge1 (Node r ys) = Node r xs"
+ using merge1_subtree_if_new_contr assms(1,2,4) by blast
+ then interpret R: ranked_dtree_with_orig "Node r ys" using ranked_dtree_orig_subtree by blast
+ obtain v t2 e2 where v_def:
+ "is_subtree (Node v {|(t2,e2)|}) (Node r xs)" "rank (rev (Dtree.root t2)) < rank (rev v)"
+ using assms(4) by blast
+ then have "is_subtree (Node v {|(t2,e2)|}) (merge1 (Node r ys))" using ys_def by simp
+ then have mdeg_gt1: "max_deg (Node r ys) > 1"
+ using max_deg1_gt_1_if_new_contr assms(1) v_def(2) subtree_trans ys_def(1) by blast
+ obtain t3 where t3_def: "t3 \<in> fst ` fset ys" "Dtree.root t3 = Dtree.root t1"
+ using ys_def(2) assms(3) merge1_child_in_orig by fastforce
+ then show ?thesis using R.dom_mdeg_gt1[OF self_subtree] mdeg_gt1 by fastforce
+qed
+
+lemma merge1_merge_point_if_new_contr:
+ assumes "\<And>r1 t2 e2. is_subtree (Node r1 {|(t2,e2)|}) t0 \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t2))"
+ and "wf_darcs t0"
+ and "is_subtree (Node r {|(t1,e1)|}) (merge1 t0)"
+ and "rank (rev (Dtree.root t1)) < rank (rev r)"
+ shows "\<exists>ys. is_subtree (Node r ys) t0 \<and> fcard ys > 1 \<and> (\<forall>t\<in> fst ` fset ys. max_deg t \<le> 1)
+ \<and> merge1 (Node r ys) = Node r {|(t1,e1)|}"
+using assms proof(induction t0)
+ case (Node v xs)
+ then consider "fcard xs > 1" "(\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1)"
+ | "fcard xs \<le> 1" | "fcard xs > 1" "\<not>(\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1)"
+ by linarith
+ then show ?case
+ proof(cases)
+ case 1
+ then have "is_subtree (Node r {|(t1, e1)|}) (merge (Node v xs))" using Node.prems(3) by simp
+ then have "Node r {|(t1, e1)|} = merge (Node v xs)"
+ using merge_root_if_contr Node.prems(1,4) by blast
+ then show ?thesis using 1 dtree.sel(1)[of r "{|(t1, e1)|}"] by auto
+ next
+ case 2
+ then have "merge1 (Node v xs) = Node v ((\<lambda>(t,e). (merge1 t,e)) |`| xs)" by auto
+ then have "xs \<noteq> {||}" using Node.prems(3) by force
+ then have "fcard xs = 1" using 2 le_Suc_eq by auto
+ then obtain t2 e2 where t2_def: "xs = {|(t2,e2)|}" using fcard_single_1_iff[of xs] by fast
+ then have "Node r {|(t1, e1)|} \<noteq> merge1 (Node v {|(t2,e2)|})" using Node.prems(1,4) 2 by force
+ then have "is_subtree (Node r {|(t1, e1)|}) (merge1 t2)" using Node.prems(3) t2_def 2 by auto
+ moreover have "\<And>r1 t3 e3. is_subtree (Node r1 {|(t3, e3)|}) t2
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t3))"
+ using Node.prems(1) t2_def by fastforce
+ ultimately show ?thesis using Node.IH[of "(t2,e2)"] Node.prems(2,4) t2_def by fastforce
+ next
+ case 3
+ then have "fcard ((\<lambda>(t,e). (merge1 t,e)) |`| xs) > 1"
+ using fcard_merge1_img_if_disjoint disjoint_darcs_if_wf_xs[OF Node.prems(2)] by simp
+ then have "Node r {|(t1,e1)|} \<noteq> merge1 (Node v xs)"
+ using fcard_single_1_iff[of "(\<lambda>(t,e). (merge1 t,e)) |`| xs"] 3(2) by auto
+ moreover have "merge1 (Node v xs) = Node v ((\<lambda>(t,e). (merge1 t,e)) |`| xs)" using 3(2) by auto
+ ultimately obtain t2 e2 where t2_def:
+ "(t2,e2) \<in> fset xs" "is_subtree (Node r {|(t1, e1)|}) (merge1 t2)"
+ using Node.prems(3) by auto
+ then have "is_subtree t2 (Node v xs)" using subtree_if_child by fastforce
+ then have "\<And>r1 t3 e3. is_subtree (Node r1 {|(t3, e3)|}) t2
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t3))"
+ using Node.prems(1) subtree_trans by blast
+ then obtain ys where ys_def: "is_subtree (Node r ys) t2" "1 < fcard ys"
+ "(\<forall>t\<in>fst ` fset ys. max_deg t \<le> 1)" "merge1 (Node r ys) = Node r {|(t1, e1)|}"
+ using Node.IH[OF t2_def(1)] Node.prems(2,4) t2_def by fastforce
+ then show ?thesis using t2_def(1) by auto
+ qed
+qed
+
+lemma merge1_dom_contr:
+ assumes "\<And>r1 t2 e2. is_subtree (Node r1 {|(t2,e2)|}) t \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t2))"
+ and "is_subtree (Node r {|(t1,e1)|}) (merge1 t)"
+ and "rank (rev (Dtree.root t1)) < rank (rev r)"
+ and "max_deg (Node r {|(t1,e1)|}) = 1"
+ shows "dom_children (Node r {|(t1,e1)|}) T"
+proof -
+ obtain ys where ys_def: "is_subtree (Node r ys) t" "fcard ys > 1"
+ "\<forall>t\<in>fst ` fset ys. max_deg t \<le> 1" "merge1 (Node r ys) = Node r {|(t1,e1)|}"
+ using merge1_merge_point_if_new_contr wf_arcs assms(1-3) by blast
+ have "\<forall>t1\<in>fst ` fset ys. wf_dlverts t1"
+ using ys_def(1) list_dtree.wf_lverts list_dtree_sub by fastforce
+ then show ?thesis using merge_dom_children_sucs[OF dom_wedge_full] ys_def by fastforce
+qed
+
+lemma merge1_dom_children_merge_sub_aux:
+ assumes "merge1 t = t2"
+ and "is_subtree (Node r' xs') t"
+ and "fcard xs' > 1"
+ and "(\<forall>t\<in>fst ` fset xs'. max_deg t \<le> 1)"
+ and "max_deg t2 \<le> 1"
+ and "x \<in> dverts t2"
+ and "x \<noteq> Dtree.root t2"
+ shows "\<exists>v \<in> path_lverts t2 (hd x). v \<rightarrow>\<^bsub>T\<^esub> hd x"
+using assms ranked_dtree_with_orig_axioms proof(induction t arbitrary: t2)
+ case (Node r xs)
+ then interpret R: ranked_dtree_with_orig "Node r xs" by blast
+ obtain t1 e1 where t1_def: "(t1,e1) \<in> fset (sucs t2)" "x \<in> dverts t1"
+ by (metis Node.prems(6,7) fsts.simps dtree.sel dtree.set_cases(1) fst_conv surj_pair)
+ then have t2_sucs: "sucs t2 = {|(t1,e1)|}"
+ using Node.prems(5) empty_iff_mdeg_0[of "Dtree.root t2" "sucs t2"]
+ mdeg_1_singleton[of "Dtree.root t2" "sucs t2"] by auto
+ have wf_t2: "wf_dlverts t2" using Node.prems(1) R.wf_dlverts_merge1 by blast
+ then have "wf_dlverts t1" using t1_def(1) wf_dlverts_suc by fastforce
+ then have "hd x \<in> dlverts t1" using t1_def(2) hd_in_lverts_if_wf by blast
+ then have "hd x \<notin> set (Dtree.root t2)" using dlverts_notin_root_sucs[OF wf_t2] t1_def(1) by fastforce
+ then have path_t2: "path_lverts t2 (hd x) = set (Dtree.root t2) \<union> path_lverts t1 (hd x)"
+ using path_lverts_simps1_sucs t2_sucs by fastforce
+ show ?case
+ proof(cases "Node r xs = Node r' xs'")
+ case True
+ then have "merge (Node r' xs') = t2" using Node.prems(1,3,4) by simp
+ then have "dom_children t2 T"
+ using R.dom_wedge_full[OF Node.prems(2-4)] merge_dom_children R.wf_lverts True by fastforce
+ then have "\<exists>v\<in>set (Dtree.root t2) \<union> path_lverts t1 (hd x). v \<rightarrow>\<^bsub>T\<^esub> hd x"
+ using t1_def unfolding dom_children_def by auto
+ then show ?thesis using path_t2 by blast
+ next
+ case False
+ then have "\<not>(fcard xs > 1 \<and> (\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1))"
+ using Node.prems(3,4) child_mdeg_gt1_if_sub_fcard_gt1[OF Node.prems(2)] by force
+ then have eq: "merge1 (Node r xs) = Node r ((\<lambda>(t,e). (merge1 t,e)) |`| xs)" by auto
+ then obtain t3 e3 where t3_def: "(t3,e3) \<in> fset xs" "is_subtree (Node r' xs') t3"
+ using Node.prems(2) False by auto
+ have "fcard ((\<lambda>(t,e). (merge1 t,e)) |`| xs) = 1"
+ using Node.prems(1) eq t2_sucs fcard_single_1 by fastforce
+ then have "fcard xs = 1"
+ using fcard_merge1_img_if_disjoint disjoint_darcs_if_wf_xs[OF R.wf_arcs] by simp
+ then have "xs = {|(t3,e3)|}" using fcard_single_1_iff[of xs] t3_def(1) by auto
+ then have t13: "merge1 t3 = t1" using t2_sucs eq Node.prems(1) by force
+ then have mdegt3: "max_deg t1 \<le> 1"
+ using Node.prems(5) mdeg_ge_child[of t1 e1 "sucs t2" "Dtree.root t2"] t2_sucs by fastforce
+ have mdeg_gt1: "max_deg (Node r xs) > 1"
+ using mdeg_ge_fcard[of xs' r'] Node.prems(2,3) mdeg_ge_sub[of "Node r' xs'" "Node r xs"]
+ by simp
+ show ?thesis
+ proof(cases "x = Dtree.root t1")
+ case True
+ then have "\<exists>v\<in>set r. v \<rightarrow>\<^bsub>T\<^esub> hd x"
+ using R.dom_mdeg_gt1[of r xs] t3_def(1) mdeg_gt1 t13 by fastforce
+ then show ?thesis using path_t2 Node.prems(1) by auto
+ next
+ case False
+ then have "\<exists>v\<in>path_lverts t1 (hd x). v \<rightarrow>\<^bsub>T\<^esub> hd x"
+ using Node.IH t1_def(2) t3_def t13 assms(3,4) mdegt3 R.ranked_dtree_orig_rec by simp
+ then show ?thesis using path_t2 by blast
+ qed
+ qed
+qed
+
+lemma merge1_dom_children_fcard_gt1_aux:
+ assumes "dom_children (Node r (Abs_fset (children_deg1 ys))) T"
+ and "is_subtree (Node r ys) t"
+ and "merge1 (Node r ys) = Node r xs"
+ and "fcard xs > 1"
+ and "max_deg t2 \<le> 1"
+ and "t2 \<in> fst ` fset xs"
+ and "x \<in> dverts t2"
+ shows "\<exists>v\<in>set r \<union> path_lverts t2 (hd x). v \<rightarrow>\<^bsub>T\<^esub> hd x"
+proof -
+ obtain t1 where t1_def: "t1 \<in> fst ` fset ys" "merge1 t1 = t2"
+ using merge1_elem_in_img_if_fcard_gt1[OF assms(3,4)] assms(6) by fastforce
+ then have x_t: "x \<in> dverts t1" using merge1_dverts_sub assms(7) by blast
+ show ?thesis
+ proof(cases "max_deg t1 \<le> 1")
+ case True
+ then have "t1 \<in> fst ` fset (sucs (Node r (Abs_fset (children_deg1 ys))))"
+ using t1_def(1) children_deg1_fset_id by force
+ then have "\<exists>v\<in>set r \<union> path_lverts t1 (hd x). v \<rightarrow>\<^bsub>T\<^esub> hd x"
+ using assms(1) x_t unfolding dom_children_def by auto
+ then show ?thesis using t1_def(2) merge1_mdeg_gt1_if_uneq[of t1] True by force
+ next
+ case False
+ then obtain r' xs' where r'_def:
+ "is_subtree (Node r' xs') t1" "1 < fcard xs'" "(\<forall>t\<in>fst ` fset xs'. max_deg t \<le> 1)"
+ using merge1_wedge_if_uneq[of t1] assms(5) t1_def(2) by fastforce
+ interpret R: ranked_dtree_with_orig "Node r ys" using ranked_dtree_orig_subtree assms(2) .
+ interpret T: ranked_dtree_with_orig t1 using R.ranked_dtree_orig_rec t1_def(1) by force
+ have "max_deg (Node r ys) > 1"
+ using assms(3,4) merge1_fcard_le[of r ys] mdeg_ge_fcard[of ys] by simp
+ show ?thesis
+ proof (cases "x = Dtree.root t2")
+ case True
+ have "max_deg (Node r ys) > 1"
+ using assms(3,4) merge1_fcard_le[of r ys] mdeg_ge_fcard[of ys] by simp
+ then show ?thesis using dom_mdeg_gt1[OF assms(2) t1_def(1)] True t1_def(2) by auto
+ next
+ case False
+ then show ?thesis
+ using T.merge1_dom_children_merge_sub_aux[OF t1_def(2) r'_def assms(5,7)] by blast
+ qed
+ qed
+qed
+
+lemma merge1_dom_children_fcard_gt1:
+ assumes "dom_children (Node r (Abs_fset (children_deg1 ys))) T"
+ and "is_subtree (Node r ys) t"
+ and "merge1 (Node r ys) = Node r xs"
+ and "fcard xs > 1"
+ shows "dom_children (Node r (Abs_fset (children_deg1 xs))) T"
+ unfolding dom_children_def
+ using merge1_dom_children_fcard_gt1_aux[OF assms] children_deg1_fset_id[of xs] by fastforce
+
+lemma merge1_dom_wedge:
+ assumes "is_subtree (Node r xs) (merge1 t)" and "fcard xs > 1"
+ shows "dom_children (Node r (Abs_fset (children_deg1 xs))) T"
+proof -
+ obtain ys where ys_def:
+ "merge1 (Node r ys) = Node r xs" "is_subtree (Node r ys) t" "fcard xs \<le> fcard ys"
+ using merge1_subtree_if_fcard_gt1[OF assms] by blast
+ have "dom_children (Node r (Abs_fset (children_deg1 ys))) T"
+ using dom_wedge ys_def(2,3) assms(2) by simp
+ then show ?thesis using merge1_dom_children_fcard_gt1 ys_def(2,1) assms(2) by blast
+qed
+
+corollary merge1_dom_wedge':
+ "\<forall>r xs. is_subtree (Node r xs) (merge1 t) \<longrightarrow> fcard xs > 1
+ \<longrightarrow> dom_children (Node r (Abs_fset {(t, e). (t, e) \<in> fset xs \<and> max_deg t \<le> Suc 0})) T"
+ by (auto simp only: merge1_dom_wedge One_nat_def[symmetric])
+
+corollary merge1_verts_conform: "v \<in> dverts (merge1 t) \<Longrightarrow> seq_conform v"
+ by (simp add: verts_conform)
+
+corollary merge1_verts_distinct: "\<lbrakk>v \<in> dverts (merge1 t)\<rbrakk> \<Longrightarrow> distinct v"
+ using distinct_merge1 verts_distinct by auto
+
+lemma merge1_mdeg_le1_wedge_if_fcard_gt1:
+ assumes "max_deg (merge1 t1) \<le> 1"
+ and "wf_darcs t1"
+ and "is_subtree (Node v ys) t1"
+ and "fcard ys > 1"
+ shows "(\<forall>t \<in> fst ` fset ys. max_deg t \<le> 1)"
+using assms proof(induction t1 rule: merge1.induct)
+ case (1 r xs)
+ then show ?case
+ proof(cases "fcard xs > 1 \<and> (\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1)")
+ case True
+ then have "Node v ys = Node r xs"
+ using "1.prems"(3,4) mdeg_ge_sub mdeg_ge_fcard[of ys] by fastforce
+ then show ?thesis using True by simp
+ next
+ case False
+ then have eq: "merge1 (Node r xs) = Node r ((\<lambda>(t, e). (merge1 t, e)) |`| xs)" by auto
+ have "fcard ((\<lambda>(t, e). (merge1 t, e)) |`| xs) = fcard xs"
+ using fcard_merge1_img_if_disjoint disjoint_darcs_if_wf_xs[OF "1.prems"(2)] by simp
+ then have "fcard xs \<le> 1"
+ by (metis "1.prems"(1) False merge1.simps num_leaves_1_if_mdeg_1 num_leaves_ge_card)
+ then have "Node v ys \<noteq> Node r xs" using "1.prems"(4) by auto
+ then obtain t2 e2 where t2_def: "(t2,e2) \<in> fset xs" "is_subtree (Node v ys) t2"
+ using "1.prems"(3) by auto
+ then have "max_deg (merge1 t2) \<le> 1"
+ using "1.prems"(1) False eq
+ mdeg_ge_child[of "merge1 t2" e2 "(\<lambda>(t, e). (merge1 t, e)) |`| xs"]
+ by fastforce
+ then show ?thesis using "1.IH"[OF False t2_def(1) refl] t2_def "1.prems"(2,4) by fastforce
+ qed
+qed
+
+lemma dom_mdeg_le1_merge1_aux:
+ assumes "max_deg (merge1 t) \<le> 1"
+ and "merge1 t \<noteq> t"
+ and "t1 \<in> fst ` fset (sucs (merge1 t))"
+ and "x \<in> dverts t1"
+ shows "\<exists>r\<in>set (Dtree.root (merge1 t)) \<union> path_lverts t1 (hd x). r \<rightarrow>\<^bsub>T\<^esub> hd x"
+using assms ranked_dtree_with_orig_axioms proof(induction t arbitrary: t1 rule: merge1.induct)
+ case (1 r xs)
+ then interpret R: ranked_dtree_with_orig "Node r xs" by blast
+ show ?case
+ proof(cases "fcard xs > 1")
+ case True
+ then have 0: "(\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1)"
+ using merge1_mdeg_le1_wedge_if_fcard_gt1[OF "1.prems"(1) R.wf_arcs] by auto
+ then have "dom_children (merge (Node r xs)) T"
+ using True merge_dom_children_sucs R.dom_wedge_full R.wf_lverts self_subtree wf_dlverts_suc
+ by fast
+ then show ?thesis unfolding dom_children_def using "1.prems"(3,4) 0 True by auto
+ next
+ case False
+ then have rec: "\<not>(fcard xs > 1 \<and> (\<forall>t \<in> fst ` fset xs. max_deg t \<le> 1))" by simp
+ then have eq: "merge1 (Node r xs) = Node r ((\<lambda>(t,e). (merge1 t,e)) |`| xs)" by auto
+ obtain t2 e2 where t2_def: "xs = {|(t2,e2)|}" "merge1 t2 = t1"
+ using "1.prems"(3) False singleton_if_fcard_le1_elem[of xs] by fastforce
+ show ?thesis
+ proof(cases "x = Dtree.root t1")
+ case True
+ have "max_deg (Node r xs) > 1" using merge1_mdeg_gt1_if_uneq "1.prems"(2) by blast
+ then show ?thesis using True R.dom_mdeg_gt1[OF self_subtree] t2_def by auto
+ next
+ case False
+ then obtain t3 where t3_def: "t3 \<in> fst ` fset (sucs (merge1 t2))" "x \<in> dverts t3"
+ using "1.prems"(4) t2_def(2) dverts_root_or_suc by fastforce
+ have mdeg1: "max_deg (merge1 t2) \<le> 1"
+ using "1.prems"(1) mdeg_ge_child[of t1 e2 "(\<lambda>(t,e). (merge1 t,e)) |`| xs"] eq t2_def
+ by simp
+ then have 0: "\<exists>r\<in>set (Dtree.root (merge1 t2)) \<union> path_lverts t3 (hd x). r \<rightarrow>\<^bsub>T\<^esub> hd x"
+ using "1.IH" rec mdeg1 t3_def "1.prems"(2) eq t2_def R.ranked_dtree_orig_rec by auto
+ obtain e3 where e3_def: "sucs t1 = {|(t3, e3)|}"
+ using t3_def singleton_if_mdeg_le1_elem_suc mdeg1 t2_def(2) by fastforce
+ have "wf_dlverts t1" using wf_dlverts_suc "1.prems"(3) R.wf_dlverts_merge1 by blast
+ then have "hd x \<in> dlverts t3"
+ using t3_def(2) "1.prems"(4) list_in_verts_iff_lverts hd_in_set[of x] empty_notin_wf_dlverts
+ by fast
+ then have "hd x \<notin> set (Dtree.root t1)"
+ using t3_def(1) dlverts_notin_root_sucs[OF \<open>wf_dlverts t1\<close>] t2_def(2) by blast
+ then show ?thesis using 0 path_lverts_simps1_sucs[of "hd x" t1] e3_def t2_def(2) by blast
+ qed
+ qed
+qed
+
+lemma dom_mdeg_le1_merge1:
+ "\<lbrakk>max_deg (merge1 t) \<le> 1; merge1 t \<noteq> t\<rbrakk> \<Longrightarrow> dom_children (merge1 t) T"
+ unfolding dom_children_def using dom_mdeg_le1_merge1_aux by blast
+
+lemma merge1_arc_in_dlverts:
+ "\<lbrakk>is_subtree (Node r xs) (merge1 t); x \<in> set r; x \<rightarrow>\<^bsub>T\<^esub> y\<rbrakk> \<Longrightarrow> y \<in> dlverts (Node r xs)"
+ using merge1_subtree_dlverts_supset arc_in_dlverts by blast
+
+theorem merge1_ranked_dtree_orig:
+ assumes "\<And>r1 t2 e2. is_subtree (Node r1 {|(t2,e2)|}) t \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t2))"
+ shows "ranked_dtree_with_orig (merge1 t) rank cost cmp T root"
+ using assms merge1_arc_in_dlverts
+ unfolding ranked_dtree_with_orig_def ranked_dtree_with_orig_axioms_def
+ by(simp add: directed_tree_axioms ranked_dtree_merge1 merge1_verts_distinct merge1_verts_conform
+ merge1_dom_mdeg_gt1 merge1_dom_contr merge1_dom_sub_contr merge1_dom_wedge' asi_rank)
+
+theorem merge1_normalize_ranked_dtree_orig:
+ "ranked_dtree_with_orig (merge1 (normalize t)) rank cost cmp T root"
+ using ranked_dtree_with_orig.merge1_ranked_dtree_orig[OF ranked_dtree_orig_normalize]
+ by (simp add: normalize_sorted_ranks)
+
+theorem ikkbz_sub_ranked_dtree_orig: "ranked_dtree_with_orig (ikkbz_sub t) rank cost cmp T root"
+using ranked_dtree_with_orig_axioms proof(induction t rule: ikkbz_sub.induct)
+ case (1 t)
+ then show ?case
+ proof(cases "max_deg t \<le> 1")
+ case True
+ then show ?thesis using "1.prems" by auto
+ next
+ case False
+ then show ?thesis
+ by (metis 1 ranked_dtree_with_orig.merge1_normalize_ranked_dtree_orig ikkbz_sub.simps)
+ qed
+qed
+
+subsection \<open>Optimality of IKKBZ-Sub result constrained to Invariants\<close>
+
+lemma dtree_size_skip_decr[termination_simp]: "size (Node r (sucs t1)) < size (Node v {|(t1,e1)|})"
+ using dtree_size_eq_root[of "Dtree.root t1" "sucs t1"] by auto
+
+lemma dtree_size_skip_decr1: "size (Node (r @ Dtree.root t1) (sucs t1)) < size (Node r {|(t1,e1)|})"
+ using dtree_size_skip_decr by auto
+
+function normalize_full :: "('a list,'b) dtree \<Rightarrow> ('a list,'b) dtree" where
+ "normalize_full (Node r {|(t1,e1)|}) = normalize_full (Node (r@Dtree.root t1) (sucs t1))"
+| "\<forall>x. xs \<noteq> {|x|} \<Longrightarrow> normalize_full (Node r xs) = Node r xs"
+ using dtree_to_list.cases by blast+
+termination using dtree_size_skip_decr "termination" in_measure wf_measure by metis
+
+subsubsection \<open>Result fulfills the requirements\<close>
+
+lemma ikkbz_sub_eq_if_mdeg_le1: "max_deg t1 \<le> 1 \<Longrightarrow> ikkbz_sub t1 = t1"
+ by simp
+
+lemma ikkbz_sub_eq_iff_mdeg_le1: "max_deg t1 \<le> 1 \<longleftrightarrow> ikkbz_sub t1 = t1"
+ using ikkbz_sub_mdeg_le1[of t1] by fastforce
+
+lemma dom_mdeg_le1_ikkbz_sub: "ikkbz_sub t \<noteq> t \<Longrightarrow> dom_children (ikkbz_sub t) T"
+using ranked_dtree_with_orig_axioms proof(induction t rule: ikkbz_sub.induct)
+ case (1 t)
+ then interpret T: ranked_dtree_with_orig t by simp
+ interpret NT: ranked_dtree_with_orig "normalize t"
+ using T.ranked_dtree_orig_normalize by blast
+ interpret MT: ranked_dtree_with_orig "merge1 (normalize t)"
+ using T.merge1_normalize_ranked_dtree_orig by blast
+ show ?case
+ proof(cases "max_deg t \<le> 1")
+ case True
+ then show ?thesis using "1.prems" by auto
+ next
+ case False
+ then show ?thesis
+ proof(cases "max_deg (merge1 (normalize t)) \<le> 1")
+ case True
+ then show ?thesis
+ using NT.dom_mdeg_le1_merge1 T.dom_mdeg_le1_normalize T.list_dtree_axioms False
+ by force
+ next
+ case False
+ then have "ikkbz_sub (merge1 (normalize t)) \<noteq> (merge1 (normalize t))"
+ using ikkbz_sub_mdeg_le1[of "merge1 (normalize t)"] by force
+ then show ?thesis using 1 MT.ranked_dtree_with_orig_axioms by auto
+ qed
+ qed
+qed
+
+lemma combine_denormalize_eq:
+ "denormalize (Node r {|(t1,e1)|}) = denormalize (Node (r@Dtree.root t1) (sucs t1))"
+ by (induction t1 rule: denormalize.induct) auto
+
+lemma normalize1_denormalize_eq: "wf_dlverts t1 \<Longrightarrow> denormalize (normalize1 t1) = denormalize t1"
+proof(induction t1 rule: normalize1.induct)
+ case (1 r t e)
+ then show ?case using combine_denormalize_eq[of r t] by simp
+next
+ case (2 xs r)
+ then show ?case
+ using fcard_single_1_iff[of "(\<lambda>(t,e). (normalize1 t,e)) |`| xs"] fcard_single_1_iff[of xs]
+ by (auto simp: fcard_normalize_img_if_wf_dlverts)
+qed
+
+lemma normalize1_denormalize_eq': "wf_darcs t1 \<Longrightarrow> denormalize (normalize1 t1) = denormalize t1"
+proof(induction t1 rule: normalize1.induct)
+ case (1 r t e)
+ then show ?case using combine_denormalize_eq[of r t] by (auto simp: wf_darcs_iff_darcs')
+next
+ case (2 xs r)
+ then show ?case
+ using fcard_single_1_iff[of "(\<lambda>(t,e). (normalize1 t,e)) |`| xs"] fcard_single_1_iff[of xs]
+ by (auto simp: fcard_normalize_img_if_disjoint wf_darcs_iff_darcs')
+qed
+
+lemma normalize_denormalize_eq: "wf_dlverts t1 \<Longrightarrow> denormalize (normalize t1) = denormalize t1"
+ apply (induction t1 rule: normalize.induct)
+ by (smt (verit) normalize1_denormalize_eq normalize.simps wf_dlverts_normalize1)
+
+lemma normalize_denormalize_eq': "wf_darcs t1 \<Longrightarrow> denormalize (normalize t1) = denormalize t1"
+ apply (induction t1 rule: normalize.induct)
+ by (smt (verit) normalize1_denormalize_eq' normalize.simps wf_darcs_normalize1)
+
+lemma normalize_full_denormalize_eq[simp]: "denormalize (normalize_full t1) = denormalize t1"
+proof(induction t1 rule: normalize_full.induct)
+ case (1 r t e)
+ then show ?case using combine_denormalize_eq[of r t] by simp
+qed(simp)
+
+lemma combine_dlverts_eq: "dlverts (Node r {|(t1,e1)|}) = dlverts (Node (r@Dtree.root t1) (sucs t1))"
+ using dlverts.simps[of "Dtree.root t1" "sucs t1"] by auto
+
+lemma normalize_full_dlverts_eq[simp]: "dlverts (normalize_full t1) = dlverts t1"
+ using combine_dlverts_eq by(induction t1 rule: normalize_full.induct) fastforce+
+
+lemma combine_darcs_sub: "darcs (Node (r@Dtree.root t1) (sucs t1)) \<subseteq> darcs (Node r {|(t1,e1)|})"
+ using dtree.set(2)[of "Dtree.root t1" "sucs t1"] by auto
+
+lemma normalize_full_darcs_sub: "darcs (normalize_full t1) \<subseteq> darcs t1"
+ using combine_darcs_sub by(induction t1 rule: normalize_full.induct) fastforce+
+
+lemma combine_nempty_if_wf_dlverts: "wf_dlverts (Node r {|(t1,e1)|}) \<Longrightarrow> r @ Dtree.root t1 \<noteq> []"
+ by simp
+
+lemma combine_empty_inter_if_wf_dlverts:
+ assumes "wf_dlverts (Node r {|(t1,e1)|})"
+ shows "\<forall>(x, e1)\<in>fset (sucs t1). set (r @ Dtree.root t1) \<inter> dlverts x = {} \<and> wf_dlverts x"
+proof -
+ have "\<forall>(x, e1)\<in>fset (sucs t1). set r \<inter> dlverts x = {}" using suc_in_dlverts assms by fastforce
+ then show ?thesis using wf_dlverts.simps[of "Dtree.root t1" "sucs t1"] assms by auto
+qed
+
+lemma combine_disjoint_if_wf_dlverts:
+ "wf_dlverts (Node r {|(t1,e1)|}) \<Longrightarrow> disjoint_dlverts (sucs t1)"
+ using wf_dlverts.simps[of "Dtree.root t1" "sucs t1"] by simp
+
+lemma combine_wf_dlverts:
+ "wf_dlverts (Node r {|(t1,e1)|}) \<Longrightarrow> wf_dlverts (Node (r@Dtree.root t1) (sucs t1))"
+ using combine_empty_inter_if_wf_dlverts[of r t1] wf_dlverts.simps[of "Dtree.root t1" "sucs t1"]
+ by force
+
+lemma combine_distinct:
+ assumes "\<forall>v \<in> dverts (Node r {|(t1,e1)|}). distinct v"
+ and "wf_dlverts (Node r {|(t1,e1)|})"
+ and "v \<in> dverts (Node (r@Dtree.root t1) (sucs t1))"
+ shows "distinct v"
+proof(cases "v = r @ Dtree.root t1")
+ case True
+ have "(Dtree.root t1) \<in> dverts t1" by (simp add: dtree.set_sel(1))
+ moreover from this have "set r \<inter> set (Dtree.root t1) = {}"
+ using assms(2) lverts_if_in_verts by fastforce
+ ultimately show ?thesis using True assms(1) by simp
+next
+ case False
+ then show ?thesis using assms(1,3) dverts_suc_subseteq by fastforce
+qed
+
+lemma normalize_full_wfdlverts: "wf_dlverts t1 \<Longrightarrow> wf_dlverts (normalize_full t1)"
+proof(induction t1 rule: normalize_full.induct)
+ case (1 r t1 e1)
+ then show ?case using combine_wf_dlverts[of r t1] by simp
+qed(simp)
+
+corollary normalize_full_wfdverts: "wf_dlverts t1 \<Longrightarrow> wf_dverts (normalize_full t1)"
+ using normalize_full_wfdlverts by (simp add: wf_dverts_if_wf_dlverts)
+
+lemma combine_wf_arcs: "wf_darcs (Node r {|(t1,e1)|}) \<Longrightarrow> wf_darcs (Node (r@Dtree.root t1) (sucs t1))"
+ using wf_darcs'.simps[of "Dtree.root t1" "sucs t1"] by (simp add: wf_darcs_iff_darcs')
+
+lemma normalize_full_wfdarcs: "wf_darcs t1 \<Longrightarrow> wf_darcs (normalize_full t1)"
+ using combine_wf_arcs by(induction t1 rule: normalize_full.induct) fastforce+
+
+lemma normalize_full_dom_preserv: "dom_children t1 T \<Longrightarrow> dom_children (normalize_full t1) T"
+ by (induction t1 rule: normalize_full.induct) (auto simp: dom_children_combine)
+
+lemma combine_forward:
+ assumes "dom_children (Node r {|(t1,e1)|}) T"
+ and "\<forall>v \<in> dverts (Node r {|(t1,e1)|}). forward v"
+ and "wf_dlverts (Node r {|(t1,e1)|})"
+ and "v \<in> dverts (Node (r@Dtree.root t1) (sucs t1))"
+ shows "forward v"
+proof(cases "v = r @ Dtree.root t1")
+ case True
+ have 0: "(Dtree.root t1) \<in> dverts t1" by (simp add: dtree.set_sel(1))
+ then have fwd_t1: "forward (Dtree.root t1)" using assms(2) by simp
+ moreover have "set r \<inter> set (Dtree.root t1) = {}" using assms(3) 0 lverts_if_in_verts by fastforce
+ moreover have "\<exists>x\<in>set r. \<exists>y\<in>set (Dtree.root t1). x \<rightarrow>\<^bsub>T\<^esub> y"
+ using assms(1,3) root_arc_if_dom_wfdlverts by fastforce
+ ultimately have "\<exists>x\<in>set r. x \<rightarrow>\<^bsub>T\<^esub> hd (Dtree.root t1)" using forward_arc_to_head by blast
+ moreover have fwd_r: "forward r" using assms(2) by simp
+ ultimately show ?thesis using forward_app fwd_t1 True by simp
+next
+ case False
+ then show ?thesis using assms(2,4) dverts_suc_subseteq by fastforce
+qed
+
+lemma normalize_full_forward:
+ "\<lbrakk>dom_children t1 T; \<forall>v \<in> dverts t1. forward v; wf_dlverts t1\<rbrakk>
+ \<Longrightarrow> \<forall>v \<in> dverts (normalize_full t1). forward v"
+proof(induction t1 rule: normalize_full.induct)
+ case (1 r t e)
+ have "\<forall>v \<in> dverts (Node (r@Dtree.root t) (sucs t)). forward v"
+ using combine_forward[OF "1.prems"(1,2,3)] by blast
+ moreover have "dom_children (Node (r@Dtree.root t) (sucs t)) T"
+ using dom_children_combine "1.prems"(1) by simp
+ ultimately show ?case using "1.IH" "1.prems"(3) combine_wf_dlverts[of r t e] by fastforce
+qed(auto)
+
+lemma normalize_full_max_deg0: "max_deg t1 \<le> 1 \<Longrightarrow> max_deg (normalize_full t1) = 0"
+proof(induction t1 rule: normalize_full.induct)
+ case (1 r t e)
+ then show ?case using mdeg_child_sucs_le by (fastforce dest: order_trans)
+next
+ case (2 xs r)
+ then show ?case using empty_fset_if_mdeg_le1_not_single by auto
+qed
+
+lemma normalize_full_mdeg_eq: "max_deg t1 > 1 \<Longrightarrow> max_deg (normalize_full t1) = max_deg t1"
+proof(induction t1 rule: normalize_full.induct)
+ case (1 r t e)
+ then show ?case using mdeg_child_sucs_eq_if_gt1 by force
+qed(auto)
+
+lemma normalize_full_empty_sucs: "max_deg t1 \<le> 1 \<Longrightarrow> \<exists>r. normalize_full t1 = Node r {||}"
+proof(induction t1 rule: normalize_full.induct)
+ case (1 r t e)
+ then show ?case using mdeg_child_sucs_le by (fastforce dest: order_trans)
+next
+ case (2 xs r)
+ then show ?case using empty_fset_if_mdeg_le1_not_single by auto
+qed
+
+lemma normalize_full_forward_singleton:
+ "\<lbrakk>max_deg t1 \<le> 1; dom_children t1 T; \<forall>v \<in> dverts t1. forward v; wf_dlverts t1\<rbrakk>
+ \<Longrightarrow> \<exists>r. normalize_full t1 = Node r {||} \<and> forward r"
+ using normalize_full_empty_sucs normalize_full_forward by fastforce
+
+lemma denormalize_empty_sucs_simp: "denormalize (Node r {||}) = r"
+ using denormalize.simps(2) by blast
+
+lemma normalize_full_dverts_eq_denormalize:
+ assumes "max_deg t1 \<le> 1"
+ shows "dverts (normalize_full t1) = {denormalize t1}"
+proof -
+ obtain r where r_def[simp]: "normalize_full t1 = Node r {||}"
+ using assms normalize_full_empty_sucs by blast
+ then have "denormalize (normalize_full t1) = r" by (simp add: denormalize_empty_sucs_simp)
+ then have "r = denormalize t1" using normalize_full_denormalize_eq by blast
+ then show ?thesis by simp
+qed
+
+lemma normalize_full_normalize_dverts_eq_denormalize:
+ assumes "wf_dlverts t1" and "max_deg t1 \<le> 1"
+ shows "dverts (normalize_full (normalize t1)) = {denormalize t1}"
+proof -
+ have "max_deg (normalize t1) \<le> 1" using assms normalize_mdeg_eq' by fastforce
+ then show ?thesis
+ using normalize_full_dverts_eq_denormalize normalize_denormalize_eq assms(1) by simp
+qed
+
+lemma normalize_full_normalize_dverts_eq_denormalize':
+ assumes "wf_darcs t1" and "max_deg t1 \<le> 1"
+ shows "dverts (normalize_full (normalize t1)) = {denormalize t1}"
+proof -
+ have "max_deg (normalize t1) \<le> 1" using assms normalize_mdeg_eq by fastforce
+ then show ?thesis
+ using normalize_full_dverts_eq_denormalize normalize_denormalize_eq' assms(1) by simp
+qed
+
+lemma denormalize_full_forward:
+ "\<lbrakk>max_deg t1 \<le> 1; dom_children t1 T; \<forall>v \<in> dverts t1. forward v; wf_dlverts t1\<rbrakk>
+ \<Longrightarrow> forward (denormalize (normalize_full t1))"
+ by (metis denormalize_empty_sucs_simp normalize_full_forward_singleton)
+
+lemma denormalize_forward:
+ "\<lbrakk>max_deg t1 \<le> 1; dom_children t1 T; \<forall>v \<in> dverts t1. forward v; wf_dlverts t1\<rbrakk>
+ \<Longrightarrow> forward (denormalize t1)"
+ using denormalize_full_forward by simp
+
+lemma ikkbz_sub_forward_if_uneq: "ikkbz_sub t \<noteq> t \<Longrightarrow> forward (denormalize (ikkbz_sub t))"
+ using denormalize_forward ikkbz_sub_mdeg_le1 dom_mdeg_le1_ikkbz_sub ikkbz_sub_wf_dlverts
+ ranked_dtree_with_orig.verts_forward ikkbz_sub_ranked_dtree_orig
+ by fast
+
+theorem ikkbz_sub_forward:
+ "\<lbrakk>max_deg t \<le> 1 \<Longrightarrow> dom_children t T\<rbrakk> \<Longrightarrow> forward (denormalize (ikkbz_sub t))"
+ using ikkbz_sub_forward_if_uneq ikkbz_sub_eq_iff_mdeg_le1[of t]
+ by (fastforce simp: verts_forward wf_lverts denormalize_forward)
+
+lemma root_arc_singleton:
+ assumes "dom_children (Node r {|(t1,e1)|}) T" and "wf_dlverts (Node r {|(t1,e1)|})"
+ shows "\<exists>x\<in>set r. \<exists>y\<in>set (Dtree.root t1). x \<rightarrow>\<^bsub>T\<^esub> y"
+ using root_arc_if_dom_wfdlverts assms by fastforce
+
+lemma before_if_dom_children_wf_conform:
+ assumes "dom_children (Node r {|(t1,e1)|}) T"
+ and "\<forall>v \<in> dverts (Node r {|(t1,e1)|}). seq_conform v"
+ and "wf_dlverts (Node r {|(t1,e1)|})"
+ shows "before r (Dtree.root t1)"
+proof -
+ have "seq_conform (Dtree.root t1)" using dtree.set_sel(1) assms(2) by auto
+ moreover have "seq_conform r" using assms(2) by auto
+ moreover have "set r \<inter> set (Dtree.root t1) = {}"
+ using assms(3) dlverts_eq_dverts_union dtree.set_sel(1) by fastforce
+ ultimately show ?thesis unfolding before_def using root_arc_singleton assms(1,3) by blast
+qed
+
+lemma root_arc_singleton':
+ assumes "Node r {|(t1,e1)|} = t" and "dom_children t T"
+ shows "\<exists>x\<in>set r. \<exists>y\<in>set (Dtree.root t1). x \<rightarrow>\<^bsub>T\<^esub> y"
+ using assms root_arc_singleton wf_lverts by blast
+
+lemma root_before_if_dom:
+ assumes "Node r {|(t1,e1)|} = t" and "dom_children t T"
+ shows "before r (Dtree.root t1)"
+proof -
+ have "(Dtree.root t1) \<in> dverts t" using dtree.set_sel(1) assms(1) by fastforce
+ then have "seq_conform (Dtree.root t1)" using verts_conform by simp
+ moreover have "seq_conform r" using verts_conform assms(1) by auto
+ ultimately show ?thesis
+ using before_def child_disjoint_root root_arc_singleton' assms by fastforce
+qed
+
+lemma combine_conform:
+ "\<lbrakk>dom_children (Node r {|(t1,e1)|}) T; \<forall>v \<in> dverts (Node r {|(t1,e1)|}). seq_conform v;
+ wf_dlverts (Node r {|(t1,e1)|}); v \<in> dverts (Node (r@Dtree.root t1) (sucs t1))\<rbrakk>
+ \<Longrightarrow> seq_conform v"
+ apply(cases "v = r@Dtree.root t1")
+ using before_if_dom_children_wf_conform seq_conform_if_before apply fastforce
+ using dverts_suc_subseteq by fastforce
+
+lemma denormalize_full_set_eq_dlverts:
+ "max_deg t1 \<le> 1 \<Longrightarrow> set (denormalize (normalize_full t1)) = dlverts t1"
+ using denormalize_set_eq_dlverts by auto
+
+lemma denormalize_full_set_eq_dverts_union:
+ "max_deg t1 \<le> 1 \<Longrightarrow> set (denormalize (normalize_full t1)) = \<Union>(set ` dverts t1)"
+ using denormalize_full_set_eq_dlverts dlverts_eq_dverts_union by fastforce
+
+corollary hd_eq_denormalize_full:
+ "wf_dlverts t1 \<Longrightarrow> hd (denormalize (normalize_full t1)) = hd (Dtree.root t1)"
+ using denormalize_hd_root_wf by auto
+
+corollary denormalize_full_nempty_if_wf:
+ "wf_dlverts t1 \<Longrightarrow> denormalize (normalize_full t1) \<noteq> []"
+ using denormalize_nempty_if_wf by auto
+
+lemma take1_eq_denormalize_full:
+ "wf_dlverts t1 \<Longrightarrow> take 1 (denormalize (normalize_full t1)) = [hd (Dtree.root t1)]"
+ using hd_eq_denormalize_full take1_eq_hd denormalize_full_nempty_if_wf by fast
+
+lemma P_denormalize_full:
+ assumes "wf_dlverts t1"
+ and "\<forall>v \<in> dverts t1. distinct v"
+ and "hd (Dtree.root t1) = root"
+ and "max_deg t1 \<le> 1"
+ shows "unique_set_r root (dverts t1) (denormalize (normalize_full t1))"
+ using assms unique_set_r_def denormalize_full_set_eq_dverts_union
+ denormalize_distinct normalize_full_wfdlverts take1_eq_denormalize_full
+ by fastforce
+
+lemma P_denormalize:
+ fixes t1 :: "('a list,'b) dtree"
+ assumes "wf_dlverts t1"
+ and "\<forall>v \<in> dverts t1. distinct v"
+ and "hd (Dtree.root t1) = root"
+ and "max_deg t1 \<le> 1"
+ shows "unique_set_r root (dverts t1) (denormalize t1)"
+ using assms P_denormalize_full by auto
+
+lemma denormalize_full_fwd:
+ assumes "wf_dlverts t1"
+ and "max_deg t1 \<le> 1"
+ and "\<forall>xs \<in> (dverts t1). seq_conform xs"
+ and "dom_children t1 T"
+ shows "forward (denormalize (normalize_full t1))"
+ using assms denormalize_forward forward_arcs_alt seq_conform_def by auto
+
+lemma normalize_full_verts_sublist:
+ "v \<in> dverts t1 \<Longrightarrow> \<exists>v2 \<in> dverts (normalize_full t1). sublist v v2"
+proof(induction t1 arbitrary: v rule: normalize_full.induct)
+ case ind: (1 r t e)
+ then consider "v = r \<or> v = Dtree.root t" | "\<exists>t1 \<in> fst ` fset (sucs t). v \<in> dverts t1"
+ using dverts_root_or_suc by fastforce
+ then show ?case
+ proof(cases)
+ case 1
+ have "\<exists>a\<in>dverts (normalize_full (Node (r @ Dtree.root t) (sucs t))). sublist (r@Dtree.root t) a"
+ using ind.IH by simp
+ moreover have "sublist v (r@Dtree.root t)" using 1 by blast
+ ultimately show ?thesis using sublist_order.dual_order.trans by auto
+ next
+ case 2
+ then show ?thesis using ind.IH[of v] by fastforce
+ qed
+next
+ case (2 xs r)
+ then show ?case by fastforce
+qed
+
+lemma normalize_full_sublist_preserv:
+ "\<lbrakk>sublist xs v; v \<in> dverts t1\<rbrakk> \<Longrightarrow> \<exists>v2 \<in> dverts (normalize_full t1). sublist xs v2"
+ using normalize_full_verts_sublist sublist_order.dual_order.trans by fast
+
+lemma denormalize_full_sublist_preserv:
+ assumes "sublist xs v" and "v \<in> dverts t1" and "max_deg t1 \<le> 1"
+ shows "sublist xs (denormalize (normalize_full t1))"
+proof -
+ obtain r where r_def[simp]: "normalize_full t1 = Node r {||}"
+ using assms(3) normalize_full_empty_sucs by blast
+ have "sublist xs r" using normalize_full_sublist_preserv[OF assms(1,2)] by simp
+ then show ?thesis by (simp add: denormalize_empty_sucs_simp)
+qed
+
+corollary denormalize_sublist_preserv:
+ "\<lbrakk>sublist xs v; v \<in> dverts (t1::('a list,'b) dtree); max_deg t1 \<le> 1\<rbrakk>
+ \<Longrightarrow> sublist xs (denormalize t1)"
+ using denormalize_full_sublist_preserv by simp
+
+lemma Q_denormalize_full:
+ assumes "wf_dlverts t1"
+ and "\<forall>v \<in> dverts t1. distinct v"
+ and "hd (Dtree.root t1) = root"
+ and "max_deg t1 \<le> 1"
+ and "\<forall>xs \<in> (dverts t1). seq_conform xs"
+ and "dom_children t1 T"
+ shows "fwd_sub root (dverts t1) (denormalize (normalize_full t1))"
+ using P_denormalize_full[OF assms(1-4)] assms(1,4-6) denormalize_full_sublist_preserv
+ by (auto dest: denormalize_full_fwd simp: fwd_sub_def)
+
+corollary Q_denormalize:
+ assumes "wf_dlverts t1"
+ and "\<forall>v \<in> dverts t1. distinct v"
+ and "hd (Dtree.root t1) = root"
+ and "max_deg t1 \<le> 1"
+ and "\<forall>xs \<in> (dverts t1). seq_conform xs"
+ and "dom_children t1 T"
+ shows "fwd_sub root (dverts t1) (denormalize t1)"
+ using Q_denormalize_full assms by simp
+
+corollary Q_denormalize_t:
+ assumes "hd (Dtree.root t) = root"
+ and "max_deg t \<le> 1"
+ and "dom_children t T"
+ shows "fwd_sub root (dverts t) (denormalize t)"
+ using Q_denormalize wf_lverts assms verts_conform verts_distinct by blast
+
+lemma P_denormalize_ikkbz_sub:
+ assumes "hd (Dtree.root t) = root"
+ shows "unique_set_r root (dverts t) (denormalize (ikkbz_sub t))"
+proof -
+ interpret T: ranked_dtree_with_orig "ikkbz_sub t" using ikkbz_sub_ranked_dtree_orig by auto
+ have "\<forall>v\<in>dverts (ikkbz_sub t). distinct v" using T.verts_distinct by simp
+ then show ?thesis
+ using P_denormalize T.wf_lverts ikkbz_sub_mdeg_le1 assms ikkbz_sub_hd_root
+ unfolding unique_set_r_def denormalize_ikkbz_eq_dlverts dlverts_eq_dverts_union
+ by blast
+qed
+
+lemma merge1_sublist_preserv:
+ "\<lbrakk>sublist xs v; v \<in> dverts t\<rbrakk> \<Longrightarrow> \<exists>v2 \<in> dverts (merge1 t). sublist xs v2"
+ using sublist_order.dual_order.trans by auto
+
+lemma normalize1_verts_sublist: "v \<in> dverts t1 \<Longrightarrow> \<exists>v2 \<in> dverts (normalize1 t1). sublist v v2"
+proof(induction t1 arbitrary: v rule: normalize1.induct)
+ case ind: (1 r t e)
+ show ?case
+ proof(cases "rank (rev (Dtree.root t)) < rank (rev r)")
+ case True
+ consider "v = r \<or> v = Dtree.root t" | "\<exists>t1 \<in> fst ` fset (sucs t). v \<in> dverts t1"
+ using dverts_root_or_suc using ind.prems by fastforce
+ then show ?thesis
+ proof(cases)
+ case 1
+ then show ?thesis using True by auto
+ next
+ case 2
+ then show ?thesis using True by fastforce
+ qed
+ next
+ case False
+ then show ?thesis using ind by auto
+ qed
+next
+ case (2 xs r)
+ then show ?case by fastforce
+qed
+
+lemma normalize1_sublist_preserv:
+ "\<lbrakk>sublist xs v; v \<in> dverts t1\<rbrakk> \<Longrightarrow> \<exists>v2 \<in> dverts (normalize1 t1). sublist xs v2"
+ using normalize1_verts_sublist sublist_order.dual_order.trans by fast
+
+lemma normalize_verts_sublist: "v \<in> dverts t1 \<Longrightarrow> \<exists>v2 \<in> dverts (normalize t1). sublist v v2"
+proof(induction t1 arbitrary: v rule: normalize.induct)
+ case (1 t1)
+ then show ?case
+ proof(cases "t1 = normalize1 t1")
+ case True
+ then show ?thesis using "1.prems" by auto
+ next
+ case False
+ then have eq: "normalize (normalize1 t1) = normalize t1" by (auto simp: Let_def)
+ then obtain v2 where v2_def: "v2 \<in> dverts (normalize1 t1)" "sublist v v2"
+ using normalize1_verts_sublist "1.prems" by blast
+ then show ?thesis
+ using "1.IH"[OF refl False v2_def(1)] eq sublist_order.dual_order.trans by auto
+ qed
+qed
+
+lemma normalize_sublist_preserv:
+ "\<lbrakk>sublist xs v; v \<in> dverts t1\<rbrakk> \<Longrightarrow> \<exists>v2 \<in> dverts (normalize t1). sublist xs v2"
+ using normalize_verts_sublist sublist_order.dual_order.trans by fast
+
+lemma ikkbz_sub_verts_sublist: "v \<in> dverts t \<Longrightarrow> \<exists>v2 \<in> dverts (ikkbz_sub t). sublist v v2"
+using ranked_dtree_with_orig_axioms proof(induction t arbitrary: v rule: ikkbz_sub.induct)
+ case (1 t)
+ then interpret T: ranked_dtree_with_orig t by simp
+ interpret NT: ranked_dtree_with_orig "normalize t"
+ using T.ranked_dtree_orig_normalize by blast
+ show ?case
+ proof(cases "max_deg t \<le> 1")
+ case True
+ then show ?thesis using "1.prems"(1) by auto
+ next
+ case False
+ then have 0: "\<not> (max_deg t \<le> 1 \<or> \<not> list_dtree t)" using T.list_dtree_axioms by auto
+ obtain v1 where v1_def: "v1 \<in> dverts (normalize t)" "sublist v v1"
+ using normalize_verts_sublist "1.prems"(1) by blast
+ then have "v1 \<in> dverts (merge1 (normalize t))" using NT.merge1_dverts_eq by blast
+ then obtain v2 where v2_def: "v2 \<in> dverts (ikkbz_sub t)" "sublist v1 v2"
+ using 1 0 T.merge1_normalize_ranked_dtree_orig by force
+ then show ?thesis using v1_def(2) sublist_order.dual_order.trans by blast
+ qed
+qed
+
+lemma ikkbz_sub_sublist_preserv:
+ "\<lbrakk>sublist xs v; v \<in> dverts t\<rbrakk> \<Longrightarrow> \<exists>v2 \<in> dverts (ikkbz_sub t). sublist xs v2"
+ using ikkbz_sub_verts_sublist sublist_order.dual_order.trans by fast
+
+lemma denormalize_ikkbz_sub_verts_sublist:
+ "\<forall>xs \<in> (dverts t). sublist xs (denormalize (ikkbz_sub t))"
+ using ikkbz_sub_verts_sublist denormalize_sublist_preserv ikkbz_sub_mdeg_le1 by blast
+
+lemma denormalize_ikkbz_sub_sublist_preserv:
+ "\<lbrakk>sublist xs v; v \<in> dverts t\<rbrakk> \<Longrightarrow> sublist xs (denormalize (ikkbz_sub t))"
+ using denormalize_ikkbz_sub_verts_sublist sublist_order.dual_order.trans by blast
+
+lemma Q_denormalize_ikkbz_sub:
+ "\<lbrakk>hd (Dtree.root t) = root; max_deg t \<le> 1 \<Longrightarrow> dom_children t T\<rbrakk>
+ \<Longrightarrow> fwd_sub root (dverts t) (denormalize (ikkbz_sub t))"
+ using P_denormalize_ikkbz_sub ikkbz_sub_forward denormalize_ikkbz_sub_verts_sublist fwd_sub_def
+ by blast
+
+subsubsection \<open>Minimal Cost of the result\<close>
+
+lemma normalize1_dverts_app_before_contr:
+ "\<lbrakk>v \<in> dverts (normalize1 t); v \<notin> dverts t\<rbrakk>
+ \<Longrightarrow> \<exists>v1\<in>dverts t. \<exists>v2\<in>dverts t. v1 @ v2 = v \<and> before v1 v2 \<and> rank (rev v2) < rank (rev v1)"
+ by (fastforce dest: normalize1_dverts_contr_subtree
+ simp: single_subtree_root_dverts single_subtree_child_root_dverts contr_before)
+
+lemma normalize1_dverts_app_bfr_cntr_rnks:
+ assumes "v \<in> dverts (normalize1 t)" and "v \<notin> dverts t"
+ shows "\<exists>U\<in>dverts t. \<exists>V\<in>dverts t. U @ V = v \<and> before U V \<and> rank (rev V) < rank (rev U)
+ \<and> (\<forall>xs \<in> dverts t. (\<exists>y\<in>set xs. \<not> (\<exists>x'\<in>set V. x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> (\<exists>x\<in>set U. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> xs \<noteq> U)
+ \<longrightarrow> rank (rev V) \<le> rank (rev xs))"
+ using normalize1_dverts_contr_subtree[OF assms] subtree_rank_ge_if_reach'
+ by (fastforce simp: single_subtree_root_dverts single_subtree_child_root_dverts contr_before)
+
+lemma normalize1_dverts_app_bfr_cntr_rnks':
+ assumes "v \<in> dverts (normalize1 t)" and "v \<notin> dverts t"
+ shows "\<exists>U\<in>dverts t. \<exists>V\<in>dverts t. U @ V = v \<and> before U V \<and> rank (rev V) \<le> rank (rev U)
+ \<and> (\<forall>xs \<in> dverts t. (\<exists>y\<in>set xs. \<not> (\<exists>x'\<in>set V. x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> (\<exists>x\<in>set U. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> xs \<noteq> U)
+ \<longrightarrow> rank (rev V) \<le> rank (rev xs))"
+ using normalize1_dverts_contr_subtree[OF assms] subtree_rank_ge_if_reach'
+ by (fastforce simp: single_subtree_root_dverts single_subtree_child_root_dverts contr_before)
+
+lemma normalize1_dverts_split:
+ "dverts (normalize1 t1)
+ = {v \<in> dverts (normalize1 t1). v \<notin> dverts t1} \<union> {v \<in> dverts (normalize1 t1). v \<in> dverts t1}"
+ by blast
+
+lemma normalize1_dlverts_split:
+ "dlverts (normalize1 t1)
+ = \<Union>(set ` {v \<in> dverts (normalize1 t1). v \<notin> dverts t1})
+ \<union> \<Union>(set ` {v \<in> dverts (normalize1 t1). v \<in> dverts t1})"
+ using dlverts_eq_dverts_union by fastforce
+
+lemma normalize1_dsjnt_in_dverts:
+ assumes "wf_dlverts t1"
+ and "v \<in> dverts t1"
+ and "set v \<inter> \<Union>(set ` {v \<in> dverts (normalize1 t1). v \<notin> dverts t1}) = {}"
+ shows "v \<in> dverts (normalize1 t1)"
+proof -
+ have "set v \<subseteq> dlverts (normalize1 t1)" using assms(2) lverts_if_in_verts by fastforce
+ then have sub: "set v \<subseteq> \<Union>(set ` {v \<in> dverts (normalize1 t1). v \<in> dverts t1})"
+ using normalize1_dlverts_split assms(3) by auto
+ have "v \<noteq> []" using assms(1,2) empty_notin_wf_dlverts by auto
+ then obtain x where x_def: "x \<in> set v" by fastforce
+ then show ?thesis using dverts_same_if_set_wf[OF assms(1,2)] x_def sub by blast
+qed
+
+lemma normalize1_dsjnt_subset_split1:
+ fixes t1
+ defines "X \<equiv> {v \<in> dverts (normalize1 t1). v \<notin> dverts t1}"
+ assumes "wf_dlverts t1"
+ shows "{x. x\<in>dverts t1 \<and> set x \<inter> \<Union>(set ` X) = {}} \<subseteq> {v \<in> dverts (normalize1 t1). v \<in> dverts t1}"
+ using assms normalize1_dsjnt_in_dverts by blast
+
+lemma normalize1_dsjnt_subset_split2:
+ fixes t1
+ defines "X \<equiv> {v \<in> dverts (normalize1 t1). v \<notin> dverts t1}"
+ assumes "wf_dlverts t1"
+ shows "{v \<in> dverts (normalize1 t1). v \<in> dverts t1} \<subseteq> {x. x\<in>dverts t1 \<and> set x \<inter> \<Union>(set ` X) = {}}"
+ using dverts_same_if_set_wf[OF wf_dlverts_normalize1] assms by blast
+
+lemma normalize1_dsjnt_subset_eq_split:
+ fixes t1
+ defines "X \<equiv> {v \<in> dverts (normalize1 t1). v \<notin> dverts t1}"
+ assumes "wf_dlverts t1"
+ shows "{v \<in> dverts (normalize1 t1). v \<in> dverts t1} = {x. x\<in>dverts t1 \<and> set x \<inter> \<Union>(set ` X) = {}}"
+ using normalize1_dsjnt_subset_split1 normalize1_dsjnt_subset_split2 assms
+ by blast
+
+lemma normalize1_dverts_split2:
+ fixes t1
+ defines "X \<equiv> {v \<in> dverts (normalize1 t1). v \<notin> dverts t1}"
+ assumes "wf_dlverts t1"
+ shows "X \<union> {x. x \<in> dverts t1 \<and> set x \<inter> \<Union>(set ` X) = {}} = dverts (normalize1 t1)"
+ unfolding assms(1) using normalize1_dsjnt_subset_eq_split[OF assms(2)] by blast
+
+lemma set_subset_if_normalize1_vert: "v1 \<in> dverts (normalize1 t1) \<Longrightarrow> set v1 \<subseteq> dlverts t1"
+ using lverts_if_in_verts by fastforce
+
+lemma normalize1_new_verts_not_reach1:
+ assumes "v1 \<in> dverts (normalize1 t)" and "v1 \<notin> dverts t"
+ and "v2 \<in> dverts (normalize1 t)" and "v2 \<notin> dverts t"
+ and "v1 \<noteq> v2"
+ shows "\<not>(\<exists>x\<in>set v1. \<exists>y\<in>set v2. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y)"
+using assms ranked_dtree_with_orig_axioms proof(induction t rule: normalize1.induct)
+ case (1 r t e)
+ then interpret R: ranked_dtree_with_orig "Node r {|(t, e)|}" by blast
+ show ?case
+ proof(cases "rank (rev (Dtree.root t)) < rank (rev r)")
+ case True
+ then have eq: "normalize1 (Node r {|(t, e)|}) = Node (r@Dtree.root t) (sucs t)" by simp
+ have "v1 = r @ Dtree.root t"
+ using "1.prems"(1,2) dverts_suc_subseteq unfolding eq by fastforce
+ moreover have "v2 = r @ Dtree.root t"
+ using "1.prems"(3,4) dverts_suc_subseteq unfolding eq by fastforce
+ ultimately show ?thesis using "1.prems"(5) by simp
+ next
+ case False
+ then show ?thesis using 1 R.ranked_dtree_orig_rec by simp
+ qed
+next
+ case (2 xs r)
+ then interpret R: ranked_dtree_with_orig "Node r xs" by blast
+ have eq: "normalize1 (Node r xs) = Node r ((\<lambda>(t,e). (normalize1 t,e)) |`| xs)"
+ using "2.hyps" by simp
+ obtain t1 e1 where t1_def: "(t1,e1) \<in> fset xs" "v1 \<in> dverts (normalize1 t1)"
+ using "2.hyps" "2.prems"(1,2) by auto
+ obtain t2 e2 where t2_def: "(t2,e2) \<in> fset xs" "v2 \<in> dverts (normalize1 t2)"
+ using "2.hyps" "2.prems"(3,4) by auto
+ show ?case
+ proof(cases "t1 = t2")
+ case True
+ have "v1 \<notin> dverts t1 \<and> v2 \<notin> dverts t2"
+ using "2.hyps" "2.prems"(2,4) t1_def(1) t2_def(1) by simp
+ then show ?thesis using "2.IH" t1_def t2_def True "2.prems"(5) R.ranked_dtree_orig_rec by simp
+ next
+ case False
+ have sub: "is_subtree t1 (Node r xs)" using t1_def(1) subtree_if_child by fastforce
+ have "set v1 \<subseteq> dlverts t1" using set_subset_if_normalize1_vert t1_def(2) by simp
+ then have reach_t1: "\<forall>x \<in> set v1. \<forall>y. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y \<longrightarrow> y \<in> dlverts t1"
+ using R.dlverts_reach1_in_dlverts sub by blast
+ have "dlverts t1 \<inter> dlverts t2 = {}"
+ using R.wf_lverts t2_def(1) t1_def(1) wf_dlverts.simps[of r] False by fast
+ then have "set v2 \<inter> dlverts t1 = {}" using set_subset_if_normalize1_vert t2_def(2) by auto
+ then show ?thesis using reach_t1 by blast
+ qed
+qed
+
+lemma normalize1_dverts_split_optimal:
+ defines "X \<equiv> {v \<in> dverts (normalize1 t). v \<notin> dverts t}"
+ assumes "\<exists>x. fwd_sub root (dverts t) x"
+ shows "\<exists>zs. fwd_sub root (X \<union> {x. x \<in> dverts t \<and> set x \<inter> \<Union>(set ` X) = {}}) zs
+ \<and> (\<forall>as. fwd_sub root (dverts t) as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+proof -
+ let ?Y = "dverts t"
+ have dsjt: "\<forall>xs \<in> ?Y. \<forall>ys \<in> ?Y. xs = ys \<or> set xs \<inter> set ys = {}"
+ using dverts_same_if_set_wf[OF wf_lverts] by blast
+ have fwd: "\<forall>xs \<in> ?Y. forward xs" by (simp add: verts_forward)
+ have nempty: "[] \<notin> ?Y" by (simp add: empty_notin_wf_dlverts wf_lverts)
+ have fin: "finite ?Y" by (simp add: finite_dverts)
+ have "\<forall>ys \<in> X. \<exists>U \<in> ?Y. \<exists>V \<in> ?Y. U@V = ys \<and> before U V \<and> rank (rev V) \<le> rank (rev U)
+ \<and> (\<forall>xs \<in> ?Y. (\<exists>y\<in>set xs. \<not>(\<exists>x'\<in>set V. x' \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> (\<exists>x\<in>set U. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y) \<and> xs \<noteq> U)
+ \<longrightarrow> rank (rev V) \<le> rank (rev xs))"
+ unfolding X_def using normalize1_dverts_app_bfr_cntr_rnks' by blast
+ moreover have "\<forall>xs \<in> X. \<forall>ys \<in> X. xs = ys \<or> set xs \<inter> set ys = {}"
+ unfolding X_def using dverts_same_if_set_wf[OF wf_dlverts_normalize1] wf_lverts by blast
+ moreover have "\<forall>xs \<in> X. \<forall>ys \<in> X. xs = ys \<or> \<not>(\<exists>x\<in>set xs. \<exists>y\<in>set ys. x \<rightarrow>\<^sup>+\<^bsub>T\<^esub> y)"
+ unfolding X_def using normalize1_new_verts_not_reach1 by blast
+ moreover have "finite X" by (simp add: X_def finite_dverts)
+ ultimately show ?thesis
+ using combine_union_sets_optimal_cost[OF asi_rank dsjt fwd nempty fin assms(2)] by simp
+qed
+
+corollary normalize1_dverts_optimal:
+ assumes "\<exists>x. fwd_sub root (dverts t) x"
+ shows "\<exists>zs. fwd_sub root (dverts (normalize1 t)) zs
+ \<and> (\<forall>as. fwd_sub root (dverts t) as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+ using normalize1_dverts_split_optimal assms normalize1_dverts_split2[OF wf_lverts] by simp
+
+lemma normalize_dverts_optimal:
+ assumes "\<exists>x. fwd_sub root (dverts t) x"
+ shows "\<exists>zs. fwd_sub root (dverts (normalize t)) zs
+ \<and> (\<forall>as. fwd_sub root (dverts t) as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+using assms ranked_dtree_with_orig_axioms proof(induction t rule: normalize.induct)
+ case (1 t)
+ then interpret T: ranked_dtree_with_orig t by blast
+ obtain zs where zs_def:
+ "fwd_sub root (dverts (normalize1 t)) zs"
+ "\<forall>as. fwd_sub root (dverts t) as \<longrightarrow> cost (rev zs) \<le> cost (rev as)"
+ using "1.prems" T.normalize1_dverts_optimal by auto
+ show ?case
+ proof(cases "t = normalize1 t")
+ case True
+ then show ?thesis using zs_def by auto
+ next
+ case False
+ then have eq: "normalize (normalize1 t) = normalize t" by (auto simp: Let_def)
+ have "\<exists>zs. fwd_sub root (dverts (normalize (normalize1 t))) zs
+ \<and> (\<forall>as. fwd_sub root (dverts (normalize1 t)) as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+ using "1.IH" False zs_def(1) T.ranked_dtree_orig_normalize1 by blast
+ then show ?thesis using zs_def eq by force
+ qed
+qed
+
+lemma merge1_dverts_optimal:
+ assumes "\<exists>x. fwd_sub root (dverts t) x"
+ shows "\<exists>zs. fwd_sub root (dverts (merge1 t)) zs
+ \<and> (\<forall>as. fwd_sub root (dverts t) as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+ using assms forward_UV_lists_argmin_ex by simp
+
+theorem ikkbz_sub_dverts_optimal:
+ assumes "\<exists>x. fwd_sub root (dverts t) x"
+ shows "\<exists>zs. fwd_sub root (dverts (ikkbz_sub t)) zs
+ \<and> (\<forall>as. fwd_sub root (dverts t) as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+using assms ranked_dtree_with_orig_axioms proof(induction t rule: ikkbz_sub.induct)
+ case (1 t)
+ then interpret T: ranked_dtree_with_orig t by simp
+ interpret NT: ranked_dtree_with_orig "normalize t"
+ using T.ranked_dtree_orig_normalize by blast
+ show ?case
+ proof(cases "max_deg t \<le> 1")
+ case True
+ then show ?thesis using "1.prems"(1) forward_UV_lists_argmin_ex by auto
+ next
+ case False
+ then have 0: "\<not> (max_deg t \<le> 1 \<or> \<not> list_dtree t)" using T.list_dtree_axioms by auto
+ obtain zs where zs_def: "fwd_sub root (dverts (merge1 (normalize t))) zs"
+ "\<forall>as. fwd_sub root (dverts t) as \<longrightarrow> cost (rev zs) \<le> cost (rev as)"
+ using "1.prems" T.normalize_dverts_optimal NT.merge1_dverts_eq by auto
+ have "\<exists>zs. fwd_sub root (dverts (ikkbz_sub (merge1 (normalize t)))) zs
+ \<and> (\<forall>as. fwd_sub root (dverts (merge1 (normalize t))) as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+ using "1.IH" 0 zs_def(1) T.merge1_normalize_ranked_dtree_orig by blast
+ then show ?thesis using zs_def 0 by force
+ qed
+qed
+
+lemma ikkbz_sub_dverts_optimal':
+ assumes "hd (Dtree.root t) = root" and "max_deg t \<le> 1 \<Longrightarrow> dom_children t T"
+ shows "\<exists>zs. fwd_sub root (dverts (ikkbz_sub t)) zs
+ \<and> (\<forall>as. fwd_sub root (dverts t) as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+ using ikkbz_sub_dverts_optimal Q_denormalize_ikkbz_sub assms by blast
+
+lemma combine_strict_subtree_orig:
+ assumes "strict_subtree (Node r1 {|(t2,e2)|}) (Node (r@Dtree.root t1) (sucs t1))"
+ shows "is_subtree (Node r1 {|(t2,e2)|}) (Node r {|(t1,e1)|})"
+proof -
+ obtain t3 where t3_def: "t3 \<in> fst ` fset (sucs t1)" "is_subtree (Node r1 {|(t2,e2)|}) t3"
+ using assms unfolding strict_subtree_def by force
+ then show ?thesis using subtree_trans subtree_if_suc[OF t3_def(1)] by auto
+qed
+
+lemma combine_subtree_orig_uneq:
+ assumes "is_subtree (Node r1 {|(t2,e2)|}) (Node (r@Dtree.root t1) (sucs t1))"
+ shows "Node r1 {|(t2,e2)|} \<noteq> Node r {|(t1,e1)|}"
+proof -
+ have "size (Node r1 {|(t2,e2)|}) \<le> size (Node (r@Dtree.root t1) (sucs t1))"
+ using assms(1) subtree_size_le by blast
+ also have "size (Node (r@Dtree.root t1) (sucs t1)) < size (Node r {|(t1,e1)|})"
+ using dtree_size_skip_decr1 by fast
+ finally show ?thesis by blast
+qed
+
+lemma combine_strict_subtree_ranks_le:
+ assumes "\<And>r1 t2 e2. strict_subtree (Node r1 {|(t2,e2)|}) (Node r {|(t1,e1)|})
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t2))"
+ and "strict_subtree (Node r1 {|(t2,e2)|}) (Node (r@Dtree.root t1) (sucs t1))"
+ shows "rank (rev r1) \<le> rank (rev (Dtree.root t2))"
+ using combine_strict_subtree_orig assms unfolding strict_subtree_def
+ by (fast intro!: combine_subtree_orig_uneq )
+
+lemma subtree_child_uneq:
+ "\<lbrakk>is_subtree t1 t2; t2 \<in> fst ` fset xs\<rbrakk> \<Longrightarrow> t1 \<noteq> Node r xs"
+ using child_uneq subtree_antisym subtree_if_child by fast
+
+lemma subtree_singleton_child_uneq:
+ "is_subtree t1 t2 \<Longrightarrow> t1 \<noteq> Node r {|(t2,e2)|}"
+ using subtree_child_uneq[of t1] by simp
+
+lemma child_subtree_ranks_le_if_strict_subtree:
+ assumes "\<And>r1 t2 e2. strict_subtree (Node r1 {|(t2,e2)|}) (Node r {|(t1,e1)|})
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t2))"
+ and "is_subtree (Node r1 {|(t2,e2)|}) t1"
+ shows "rank (rev r1) \<le> rank (rev (Dtree.root t2))"
+ using assms subtree_trans subtree_singleton_child_uneq unfolding strict_subtree_def by fastforce
+
+lemma verts_ge_child_if_sorted:
+ assumes "\<And>r1 t2 e2. strict_subtree (Node r1 {|(t2,e2)|}) (Node r {|(t1,e1)|})
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t2))"
+ and "max_deg (Node r {|(t1,e1)|}) \<le> 1"
+ and "v \<in> dverts t1"
+ shows "rank (rev (Dtree.root t1)) \<le> rank (rev v)"
+proof -
+ have "\<And>r1 t2 e2. is_subtree (Node r1 {|(t2,e2)|}) t1 \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t2))"
+ using child_subtree_ranks_le_if_strict_subtree[OF assms(1)] by simp
+ moreover have "max_deg t1 \<le> 1" using mdeg_ge_child[of t1 e1 "{|(t1,e1)|}"] assms(2) by simp
+ ultimately show ?thesis using rank_ge_if_mdeg_le1_dvert_nocontr assms(3) by fastforce
+qed
+
+lemma verts_ge_child_if_sorted':
+ assumes "\<And>r1 t2 e2. strict_subtree (Node r1 {|(t2,e2)|}) (Node r {|(t1,e1)|})
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t2))"
+ and "max_deg (Node r {|(t1,e1)|}) \<le> 1"
+ and "v \<in> dverts (Node r {|(t1,e1)|})"
+ and "v \<noteq> r"
+ shows "rank (rev (Dtree.root t1)) \<le> rank (rev v)"
+ using verts_ge_child_if_sorted[OF assms(1,2)] assms(3,4) by simp
+
+lemma not_combined_sub_dverts_combine:
+ "{r@Dtree.root t1} \<union> {x. x \<in> dverts (Node r {|(t1,e1)|}) \<and> x \<noteq> r \<and> x \<noteq> Dtree.root t1}
+ \<subseteq> dverts (Node (r @ Dtree.root t1) (sucs t1))"
+ using dverts_suc_subseteq dverts_root_or_suc by fastforce
+
+lemma dverts_combine_orig_not_combined:
+ assumes "wf_dlverts (Node r {|(t1,e1)|})" and "x \<in> dverts (Node (r @ Dtree.root t1) (sucs t1))" and "x \<noteq> r@Dtree.root t1"
+ shows "x \<in> dverts (Node r {|(t1,e1)|}) \<and> x \<noteq> r \<and> x \<noteq> Dtree.root t1"
+proof -
+ obtain t2 where t2_def: "t2 \<in> fst ` fset (sucs t1)" "x \<in> dverts t2" using assms(2,3) by fastforce
+ have "set r \<inter> dlverts t2 = {}" using assms(1) suc_in_dlverts'[OF t2_def(1)] by auto
+ then have "x \<noteq> r" using assms(1) t2_def(2) nempty_inter_notin_dverts by auto
+ have "Dtree.root t1 \<noteq> []"
+ using assms(1) empty_notin_wf_dlverts single_subtree_child_root_dverts[OF self_subtree, of t1]
+ by force
+ moreover have "set (Dtree.root t1) \<inter> dlverts t2 = {}"
+ using assms(1) t2_def(1) notin_dlverts_suc_if_wf_in_root by fastforce
+ ultimately have "x \<noteq> Dtree.root t1" using nempty_inter_notin_dverts t2_def(2) by blast
+ then show ?thesis using \<open>x \<noteq> r\<close> t2_def dverts_suc_subseteq by auto
+qed
+
+lemma dverts_combine_sub_not_combined:
+ "wf_dlverts (Node r {|(t1,e1)|}) \<Longrightarrow> dverts (Node (r @ Dtree.root t1) (sucs t1))
+ \<subseteq> {r@Dtree.root t1} \<union> {x. x \<in> dverts (Node r {|(t1,e1)|}) \<and> x \<noteq> r \<and> x \<noteq> Dtree.root t1}"
+ using dverts_combine_orig_not_combined by fast
+
+lemma dverts_combine_eq_not_combined:
+ "wf_dlverts (Node r {|(t1,e1)|}) \<Longrightarrow> dverts (Node (r @ Dtree.root t1) (sucs t1))
+ = {r@Dtree.root t1} \<union> {x. x \<in> dverts (Node r {|(t1,e1)|}) \<and> x \<noteq> r \<and> x \<noteq> Dtree.root t1}"
+ using dverts_combine_sub_not_combined not_combined_sub_dverts_combine by fast
+
+lemma normalize_full_dverts_optimal_if_sorted:
+ assumes "asi rank root cost"
+ and "wf_dlverts t1"
+ and "\<forall>xs \<in> (dverts t1). distinct xs"
+ and "\<forall>xs \<in> (dverts t1). seq_conform xs"
+ and "\<And>r1 t2 e2. strict_subtree (Node r1 {|(t2,e2)|}) t1
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t2))"
+ and "max_deg t1 \<le> 1"
+ and "hd (Dtree.root t1) = root"
+ and "dom_children t1 T"
+ shows "\<exists>zs. fwd_sub root (dverts (normalize_full t1)) zs
+ \<and> (\<forall>as. fwd_sub root (dverts t1) as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+using assms proof(induction t1 rule: normalize_full.induct)
+ case (1 r t e)
+ let ?Y = "dverts (Node r {|(t,e)|})"
+ have dsjt: "\<forall>xs \<in> ?Y. \<forall>ys \<in> ?Y. xs = ys \<or> set xs \<inter> set ys = {}"
+ using dverts_same_if_set_wf[OF "1.prems"(2)] by blast
+ have fwd: "\<forall>xs \<in> ?Y. forward xs" using "1.prems"(4) seq_conform_alt by blast
+ have nempty: "[] \<notin> ?Y" using empty_notin_wf_dlverts "1.prems"(2) by blast
+ have fin: "finite ?Y" by (simp add: finite_dverts)
+ have U: "r \<in> dverts (Node r {|(t, e)|})" by simp
+ have V: "Dtree.root t \<in> dverts (Node r {|(t, e)|})"
+ using single_subtree_child_root_dverts self_subtree by fast
+ have ge: "\<forall>xs\<in>dverts (Node r {|(t, e)|}). xs \<noteq> r \<longrightarrow> rank (rev (Dtree.root t)) \<le> rank (rev xs)"
+ using verts_ge_child_if_sorted'[OF "1.prems"(5,6)] by fast
+ moreover have bfr: "before r (Dtree.root t)"
+ using before_if_dom_children_wf_conform[OF "1.prems"(8,4,2)].
+ moreover have Ex: "\<exists>x. fwd_sub root ?Y x" using Q_denormalize_full "1.prems"(1-8) by blast
+ ultimately obtain zs where zs_def:
+ "fwd_sub root ({r@Dtree.root t} \<union> {x. x \<in> ?Y \<and> x \<noteq> r \<and> x \<noteq> Dtree.root t}) zs"
+ "(\<forall>as. fwd_sub root ?Y as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+ using app_UV_set_optimal_cost[OF "1.prems"(1) dsjt fwd nempty fin U V] by blast
+ have wf: "wf_dlverts (Node (r @ Dtree.root t) (sucs t))" using "1.prems"(2) combine_wf_dlverts by fast
+ moreover have dst: "\<forall>v\<in>dverts (Node (r @ Dtree.root t) (sucs t)). distinct v"
+ using "1.prems"(2,3) combine_distinct by fast
+ moreover have seq: "\<forall>v\<in>dverts (Node (r @ Dtree.root t) (sucs t)). seq_conform v"
+ using "1.prems"(2,4,8) combine_conform by blast
+ moreover have rnk: "\<And>r1 t2 e2. strict_subtree (Node r1 {|(t2,e2)|}) (Node (r @ Dtree.root t) (sucs t))
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t2))"
+ using combine_strict_subtree_ranks_le[OF "1.prems"(5)] by simp
+ moreover have mdeg: "max_deg (Node (r @ Dtree.root t) (sucs t)) \<le> 1"
+ using "1.prems"(6) mdeg_child_sucs_le
+ by (fastforce dest: order_trans simp del: max_deg.simps)
+ moreover have hd: "hd (Dtree.root (Node (r @ Dtree.root t) (sucs t))) = root"
+ using "1.prems"(2,7) by simp
+ moreover have dom: "dom_children (Node (r @ Dtree.root t) (sucs t)) T"
+ using "1.prems"(8) dom_children_combine by auto
+ ultimately obtain xs where xs_def:
+ "fwd_sub root (dverts (normalize_full (Node (r @ Dtree.root t) (sucs t)))) xs"
+ "(\<forall>as. fwd_sub root (dverts (Node (r @ Dtree.root t) (sucs t))) as
+ \<longrightarrow> cost (rev xs) \<le> cost (rev as))"
+ using "1.IH" "1.prems"(1) by blast
+ then show ?case using dverts_combine_eq_not_combined[OF "1.prems"(2)] zs_def by force
+next
+ case (2 xs r)
+ have Ex: "\<exists>x. fwd_sub root (dverts (Node r xs)) x"
+ using Q_denormalize_full "2.prems"(1-8) by blast
+ then show ?case using "2.hyps"(1) forward_UV_lists_argmin_ex by simp
+qed
+
+corollary normalize_full_dverts_optimal_if_sorted':
+ assumes "max_deg t \<le> 1"
+ and "hd (Dtree.root t) = root"
+ and "dom_children t T"
+ and "\<And>r1 t2 e2. strict_subtree (Node r1 {|(t2,e2)|}) t
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t2))"
+ shows "\<exists>zs. fwd_sub root (dverts (normalize_full t)) zs
+ \<and> (\<forall>as. fwd_sub root (dverts t) as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+ using normalize_full_dverts_optimal_if_sorted asi_rank wf_lverts assms
+ by (blast intro: verts_distinct verts_conform)
+
+lemma normalize_full_normalize_dverts_optimal:
+ assumes "max_deg t \<le> 1"
+ and "hd (Dtree.root t) = root"
+ and "dom_children t T"
+ shows "\<exists>zs. fwd_sub root (dverts (normalize_full (normalize t))) zs
+ \<and> (\<forall>as. fwd_sub root (dverts t) as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+proof -
+ interpret NT: ranked_dtree_with_orig "normalize t"
+ using ranked_dtree_orig_normalize by auto
+ have mdeg: "max_deg (normalize t) \<le> 1" using assms(1) normalize_mdeg_eq wf_arcs by fastforce
+ moreover from this have dom: "dom_children (normalize t) T"
+ using assms(3) dom_mdeg_le1_normalize by fastforce
+ moreover have hd: "hd (Dtree.root (normalize t)) = root"
+ using assms(2) normalize_hd_root_eq' wf_lverts by blast
+ moreover have "\<And>r1 t2 e2. \<lbrakk>is_subtree (Node r1 {|(t2,e2)|}) (normalize t)\<rbrakk>
+ \<Longrightarrow> rank (rev r1) \<le> rank (rev (Dtree.root t2))"
+ by (simp add: normalize_sorted_ranks)
+ ultimately obtain xs where xs_def: "fwd_sub root (dverts (normalize_full (normalize t))) xs"
+ "(\<forall>as. fwd_sub root (dverts (normalize t)) as \<longrightarrow> cost (rev xs) \<le> cost (rev as))"
+ using NT.normalize_full_dverts_optimal_if_sorted' strict_subtree_def by blast
+ obtain zs where zs_def: "fwd_sub root (dverts (normalize t)) zs"
+ "(\<forall>as. fwd_sub root (dverts t) as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+ using normalize_dverts_optimal Q_denormalize_t assms by blast
+ then show ?thesis using xs_def by force
+qed
+
+lemma single_set_distinct_sublist: "\<lbrakk>set ys = set x; distinct ys; sublist x ys\<rbrakk> \<Longrightarrow> x = ys"
+ unfolding sublist_def
+ by (metis DiffD2 append.assoc append.left_neutral append.right_neutral list.set_intros(1)
+ append_Cons distinct_set_diff neq_Nil_conv distinct_app_trans_l)
+
+lemma denormalize_optimal_if_mdeg_le1:
+ assumes "max_deg t \<le> 1" and "hd (Dtree.root t) = root" and "dom_children t T"
+ shows "\<forall>as. fwd_sub root (dverts t) as \<longrightarrow> cost (rev (denormalize t)) \<le> cost (rev as)"
+proof -
+ obtain zs where zs_def: "fwd_sub root (dverts (normalize_full (normalize t))) zs"
+ "(\<forall>as. fwd_sub root (dverts t) as \<longrightarrow> cost (rev zs) \<le> cost (rev as))"
+ using normalize_full_normalize_dverts_optimal assms by blast
+ have "dverts (normalize_full (normalize t)) = {denormalize t}"
+ using normalize_full_normalize_dverts_eq_denormalize wf_lverts assms(1) by blast
+ then show ?thesis
+ using zs_def single_set_distinct_sublist by (auto simp: fwd_sub_def unique_set_r_def)
+qed
+
+theorem denormalize_ikkbz_sub_optimal:
+ assumes "hd (Dtree.root t) = root" and "max_deg t \<le> 1 \<Longrightarrow> dom_children t T"
+ shows "(\<forall>as. fwd_sub root (dverts t) as
+ \<longrightarrow> cost (rev (denormalize (ikkbz_sub t))) \<le> cost (rev as))"
+proof -
+ obtain zs where zs_def: "fwd_sub root (dverts (ikkbz_sub t)) zs"
+ "\<forall>as. fwd_sub root (dverts t) as \<longrightarrow> cost (rev zs) \<le> cost (rev as)"
+ using ikkbz_sub_dverts_optimal' assms by blast
+ interpret T: ranked_dtree_with_orig "ikkbz_sub t" using ikkbz_sub_ranked_dtree_orig by simp
+ have "max_deg (ikkbz_sub t) \<le> 1" using ikkbz_sub_mdeg_le1 by auto
+ have "hd (Dtree.root (ikkbz_sub t)) = root" using assms(1) ikkbz_sub_hd_root by auto
+ moreover have "dom_children (ikkbz_sub t) T"
+ using assms(2) dom_mdeg_le1_ikkbz_sub ikkbz_sub_eq_iff_mdeg_le1 by auto
+ ultimately have "\<forall>as. fwd_sub root (dverts (ikkbz_sub t)) as
+ \<longrightarrow> cost (rev (denormalize (ikkbz_sub t))) \<le> cost (rev as)"
+ using T.denormalize_optimal_if_mdeg_le1[OF ikkbz_sub_mdeg_le1] by blast
+ then show ?thesis using zs_def order_trans by blast
+qed
+
+end
+
+subsection \<open>Arc Invariants hold for Conversion to Dtree\<close>
+
+context precedence_graph
+begin
+
+interpretation t: ranked_dtree to_list_dtree by (rule to_list_dtree_ranked_dtree)
+
+lemma subtree_to_list_dtree_tree_dom:
+ "\<lbrakk>is_subtree (Node r xs) to_list_dtree; t \<in> fst ` fset xs\<rbrakk> \<Longrightarrow> r \<rightarrow>\<^bsub>to_list_tree\<^esub> Dtree.root t"
+ unfolding to_list_dtree_def
+ using finite_directed_tree.subtree_child_dom to_list_tree_finite_directed_tree by fastforce
+
+lemma subtree_to_list_dtree_dom:
+ assumes "is_subtree (Node r xs) to_list_dtree" and "t \<in> fst ` fset xs"
+ shows "hd r \<rightarrow>\<^bsub>T\<^esub> hd (Dtree.root t)"
+proof -
+ interpret T: directed_tree to_list_tree "[root]" by (rule to_list_tree_directed_tree)
+ have 0: "r \<rightarrow>\<^bsub>to_list_tree\<^esub> Dtree.root t" using subtree_to_list_dtree_tree_dom assms by blast
+ then obtain x where x_def: "r = [x] \<and> x \<in> verts T" using to_list_tree_single by force
+ obtain y where "Dtree.root t = [y]" using 0 to_list_tree_single T.adj_in_verts(2) by blast
+ then show ?thesis using 0 to_list_tree_def x_def(1) in_arcs_imp_in_arcs_ends by force
+qed
+
+lemma to_list_dtree_nempty_root: "is_subtree (Node r xs) to_list_dtree \<Longrightarrow> r \<noteq> []"
+ using list_dtree.list_dtree_sub list_dtree.wf_lverts to_list_dtree_list_dtree by force
+
+lemma dom_children_aux:
+ assumes "is_subtree (Node r xs) to_list_dtree"
+ and "max_deg t1 \<le> 1"
+ and "(t1,e1) \<in> fset xs"
+ and "x \<in> dlverts t1"
+ shows "\<exists>v \<in> set r \<union> path_lverts t1 x. v \<rightarrow>\<^bsub>T\<^esub> x"
+proof(cases "x \<in> set (Dtree.root t1)")
+ case True
+ have "Dtree.root t1 \<in> dverts to_list_dtree"
+ using assms(1,3) dverts_subtree_subset dtree.set_sel(1) by fastforce
+ then have "Dtree.root t1 = [x]" using to_list_dtree_single True by fastforce
+ then have 0: "hd r \<rightarrow>\<^bsub>T\<^esub> x" using subtree_to_list_dtree_dom assms(1,3) by fastforce
+ have "r \<in> dverts to_list_dtree" using assms(1) dverts_subtree_subset by force
+ then have "r = [hd r]" using to_list_dtree_single True by fastforce
+ then have "hd r \<in> set r" using hd_in_set[of r] by blast
+ then show ?thesis using 0 by blast
+next
+ case False
+ obtain t2 where t2_def: "is_subtree t2 t1" "x \<in> set (Dtree.root t2)"
+ using assms(4) subtree_root_if_dlverts by fastforce
+ then obtain r1 xs1 where r1_def: "is_subtree (Node r1 xs1) t1" "t2 \<in> fst ` fset xs1"
+ using subtree_child_if_strict_subtree t2_def False unfolding strict_subtree_def by blast
+ have "is_subtree (Node r1 xs1) (Node r xs)" using r1_def(1) assms(3) by auto
+ then have sub_r1: "is_subtree (Node r1 xs1) to_list_dtree" using assms(1) subtree_trans by blast
+ have sub_t1_r: "is_subtree t1 (Node r xs)"
+ using subtree_if_child[of t1 xs] assms(3) by force
+ then have "is_subtree t2 to_list_dtree" using assms(1) subtree_trans t2_def(1) by blast
+ then have "Dtree.root t2 \<in> dverts to_list_dtree"
+ using assms(1) dverts_subtree_subset dtree.set_sel(1) by fastforce
+ then have "Dtree.root t2 = [x]" using to_list_dtree_single t2_def(2) by force
+ then have 0: "hd r1 \<rightarrow>\<^bsub>T\<^esub> x" using subtree_to_list_dtree_dom[OF sub_r1] r1_def(2) by fastforce
+ have sub_t1_to: "is_subtree t1 to_list_dtree" using sub_t1_r assms(1) subtree_trans by blast
+ then have "wf_dlverts t1" using t.wf_lverts list_dtree_def t.list_dtree_sub by blast
+ moreover have "max_deg t1 \<le> 1" using assms(2) sub_t1_r le_trans mdeg_ge_sub by blast
+ ultimately have "set r1 \<subseteq> path_lverts t1 x"
+ using subtree_path_lverts_sub r1_def t2_def(2) by fast
+ then show ?thesis
+ using 0 sub_r1 dverts_subtree_subset hd_in_set[of r1] to_list_dtree_single by force
+qed
+
+lemma hd_dverts_in_dlverts:
+ "\<lbrakk>is_subtree (Node r xs) to_list_dtree; (t1,e1) \<in> fset xs; x \<in> dverts t1\<rbrakk> \<Longrightarrow> hd x \<in> dlverts t1"
+ using list_dtree.list_dtree_rec list_dtree.wf_lverts hd_in_lverts_if_wf t.list_dtree_sub
+ by fastforce
+
+lemma dom_children_aux2:
+ "\<lbrakk>is_subtree (Node r xs) to_list_dtree; max_deg t1 \<le> 1; (t1,e1) \<in> fset xs; x \<in> dverts t1\<rbrakk>
+ \<Longrightarrow> \<exists>v \<in> set r \<union> path_lverts t1 (hd x). v \<rightarrow>\<^bsub>T\<^esub> (hd x)"
+ using dom_children_aux hd_dverts_in_dlverts by blast
+
+lemma dom_children_full:
+ "\<lbrakk>is_subtree (Node r xs) to_list_dtree; \<forall>t \<in> fst ` fset xs. max_deg t \<le> 1\<rbrakk>
+ \<Longrightarrow> dom_children (Node r xs) T"
+ unfolding dom_children_def using dom_children_aux2 by auto
+
+lemma dom_children':
+ "is_subtree (Node r xs) to_list_dtree \<Longrightarrow> dom_children (Node r (Abs_fset (children_deg1 xs))) T"
+ unfolding dom_children_def using dom_children_aux2 children_deg1_fset_id by fastforce
+
+lemma dom_children_maxdeg_1:
+ "\<lbrakk>is_subtree (Node r xs) to_list_dtree; max_deg (Node r xs) \<le> 1\<rbrakk>
+ \<Longrightarrow> dom_children (Node r xs) T"
+ using dom_children_full mdeg_ge_child by fastforce
+
+lemma dom_child_subtree:
+ "\<lbrakk>is_subtree (Node r xs) to_list_dtree; t \<in> fst ` fset xs\<rbrakk> \<Longrightarrow> \<exists>v\<in>set r. v \<rightarrow>\<^bsub>T\<^esub> hd (Dtree.root t)"
+ using subtree_to_list_dtree_dom hd_in_set to_list_dtree_nempty_root by blast
+
+lemma dom_children_maxdeg_1_self:
+ "max_deg to_list_dtree \<le> 1 \<Longrightarrow> dom_children to_list_dtree T"
+ using dom_children_maxdeg_1[of "Dtree.root to_list_dtree" "sucs to_list_dtree"] self_subtree by auto
+
+lemma seq_conform_list_tree: "\<forall>v\<in>verts to_list_tree. seq_conform v"
+ by (simp add: to_list_tree_def seq_conform_single)
+
+lemma conform_list_dtree: "\<forall>v\<in>dverts to_list_dtree. seq_conform v"
+ using seq_conform_list_tree dverts_eq_verts_to_list_tree by blast
+
+lemma to_list_dtree_vert_single: "\<lbrakk>v \<in> dverts to_list_dtree; x \<in> set v\<rbrakk> \<Longrightarrow> v = [x] \<and> x \<in> verts T"
+ using to_list_dtree_single by fastforce
+
+lemma to_list_dtree_vert_single_sub:
+ "\<lbrakk>is_subtree (Node r xs) to_list_dtree; x \<in> set r\<rbrakk> \<Longrightarrow> r = [x] \<and> x \<in> verts T"
+ using to_list_dtree_vert_single dverts_subtree_subset by fastforce
+
+lemma to_list_dtree_child_if_to_list_tree_arc:
+ "\<lbrakk>is_subtree (Node r xs) to_list_dtree; r \<rightarrow>\<^bsub>to_list_tree\<^esub> v\<rbrakk> \<Longrightarrow> \<exists>ys. (Node v ys) \<in> fst ` fset xs"
+ using finite_directed_tree.child_if_dominated_to_dtree'[OF to_list_tree_finite_directed_tree]
+ unfolding to_list_dtree_def by simp
+
+lemma to_list_dtree_child_if_arc:
+ "\<lbrakk>is_subtree (Node r xs) to_list_dtree; x \<in> set r; x \<rightarrow>\<^bsub>T\<^esub> y\<rbrakk>
+ \<Longrightarrow> \<exists>ys. Node [y] ys \<in> fst ` fset xs"
+ using to_list_dtree_child_if_to_list_tree_arc to_list_tree_dom_iff to_list_dtree_vert_single_sub
+ by auto
+
+lemma to_list_dtree_dverts_if_arc:
+ "\<lbrakk>is_subtree (Node r xs) to_list_dtree; x \<in> set r; x \<rightarrow>\<^bsub>T\<^esub> y\<rbrakk> \<Longrightarrow> [y] \<in> dverts (Node r xs)"
+ using to_list_dtree_child_if_arc[of r xs x y] by fastforce
+
+lemma to_list_dtree_dlverts_if_arc:
+ "\<lbrakk>is_subtree (Node r xs) to_list_dtree; x \<in> set r; x \<rightarrow>\<^bsub>T\<^esub> y\<rbrakk> \<Longrightarrow> y \<in> dlverts (Node r xs)"
+ using to_list_dtree_child_if_arc[of r xs x y] by fastforce
+
+theorem to_list_dtree_ranked_orig: "ranked_dtree_with_orig to_list_dtree rank cost cmp T root"
+ using dom_children' to_list_dtree_dlverts_if_arc asi_rank apply(unfold_locales)
+ by (auto simp: dom_children_maxdeg_1 dom_child_subtree distinct_to_list_dtree conform_list_dtree)
+
+interpretation t: ranked_dtree_with_orig to_list_dtree by (rule to_list_dtree_ranked_orig)
+
+lemma forward_ikkbz_sub: "forward ikkbz_sub"
+ using ikkbz_sub_def dom_children_maxdeg_1_self t.ikkbz_sub_forward by simp
+
+subsection \<open>Optimality of IKKBZ-Sub\<close>
+
+lemma ikkbz_sub_optimal_Q:
+ "(\<forall>as. fwd_sub root (verts to_list_tree) as \<longrightarrow> cost (rev ikkbz_sub) \<le> cost (rev as))"
+ using t.denormalize_ikkbz_sub_optimal to_list_dtree_hd_root_eq_root dom_children_maxdeg_1_self
+ unfolding dverts_eq_verts_to_list_tree ikkbz_sub_def by blast
+
+lemma to_list_tree_sublist_if_set_eq:
+ assumes "set ys = \<Union>(set ` verts to_list_tree)" and "xs \<in> verts to_list_tree"
+ shows "sublist xs ys"
+proof -
+ obtain x where x_def: "xs = [x]" "x \<in> verts T" using to_list_tree_single assms(2) by blast
+ then have "x \<in> set ys" using assms(1) to_list_tree_def by simp
+ then show ?thesis using x_def(1) split_list[of x ys] sublist_Cons sublist_append_leftI by fast
+qed
+
+lemma hd_eq_tk1_if_set_eq_verts: "set xs = verts T \<Longrightarrow> hd xs = root \<longleftrightarrow> take 1 xs = [root]"
+ using hd_eq_take1 take1_eq_hd[of xs] non_empty by fastforce
+
+lemma ikkbz_sub_optimal:
+ "\<lbrakk>set xs = verts T; distinct xs; forward xs; hd xs = root\<rbrakk>
+ \<Longrightarrow> cost (rev ikkbz_sub) \<le> cost (rev xs)"
+ using ikkbz_sub_optimal_Q to_list_tree_sublist_if_set_eq
+ by (simp add: hd_eq_tk1_if_set_eq_verts to_list_tree_union_verts_eq fwd_sub_def unique_set_r_def)
+
+end
+
+subsection \<open>Optimality of IKKBZ\<close>
+
+context ikkbz_query_graph
+begin
+
+text \<open>
+Optimality only with respect to valid solutions (i.e. contain every relation exactly once).
+Furthermore, only join trees without cross products are considered.
+\<close>
+
+lemma ikkbz_sub_optimal_cost_r:
+ "\<lbrakk>set xs = verts G; distinct xs; no_cross_products (create_ldeep xs); hd xs = r; r \<in> verts G\<rbrakk>
+ \<Longrightarrow> cost_r r (rev (ikkbz_sub r)) \<le> cost_r r (rev xs)"
+ using precedence_graph.ikkbz_sub_optimal verts_dir_tree_r_eq
+ by (fast intro: forward_if_ldeep_no_cross precedence_graph_r)
+
+lemma ikkbz_sub_no_cross: "r \<in> verts G \<Longrightarrow> no_cross_products (create_ldeep (ikkbz_sub r))"
+ using precedence_graph.forward_ikkbz_sub ikkbz_sub_verts_eq
+ by (fastforce intro: no_cross_ldeep_if_forward' precedence_graph_r)
+
+lemma ikkbz_sub_cost_r_eq_cost:
+ "r \<in> verts G \<Longrightarrow> cost_r r (rev (ikkbz_sub r)) = cost_l (ikkbz_sub r)"
+ using ikkbz_sub_verts_eq ikkbz_sub_distinct ikkbz_sub_no_cross ikkbz_sub_hd_eq_root
+ by (fastforce dest: cost_correct')
+
+corollary ikkbz_sub_optimal:
+ "\<lbrakk>set xs = verts G; distinct xs; no_cross_products (create_ldeep xs); hd xs = r; r \<in> verts G\<rbrakk>
+ \<Longrightarrow> cost_l (ikkbz_sub r) \<le> cost_l xs"
+ using ikkbz_sub_optimal_cost_r cost_correct' ikkbz_sub_cost_r_eq_cost by fastforce
+
+lemma ikkbz_no_cross: "no_cross_products (create_ldeep ikkbz)"
+ using ikkbz_eq_ikkbz_sub ikkbz_sub_no_cross by force
+
+lemma hd_in_verts_if_set_eq: "set xs = verts G \<Longrightarrow> hd xs \<in> verts G"
+ using verts_nempty set_empty2[of xs] by force
+
+lemma ikkbz_optimal:
+ "\<lbrakk>set xs = verts G; distinct xs; no_cross_products (create_ldeep xs)\<rbrakk>
+ \<Longrightarrow> cost_l ikkbz \<le> cost_l xs"
+ using ikkbz_min_ikkbz_sub ikkbz_sub_optimal by (fastforce intro: hd_in_verts_if_set_eq)
+
+theorem ikkbz_optimal_tree:
+ "\<lbrakk>valid_tree t; no_cross_products t; left_deep t\<rbrakk> \<Longrightarrow> cost (create_ldeep ikkbz) \<le> cost t"
+ using ikkbz_optimal inorder_eq_set by (fastforce simp: distinct_relations_def valid_tree_def)
+
+end
+
+end
\ No newline at end of file
diff --git a/thys/Query_Optimization/JoinTree.thy b/thys/Query_Optimization/JoinTree.thy
new file mode 100644
--- /dev/null
+++ b/thys/Query_Optimization/JoinTree.thy
@@ -0,0 +1,803 @@
+(* Author: Bernhard Stöckl *)
+
+theory JoinTree
+ imports Complex_Main "HOL-Library.Multiset" "Selectivities"
+begin
+
+section \<open>Join Tree\<close>
+
+text\<open>
+ Relations have an identifier and cardinalities. Joins have two children and a result cardinality.
+ The datatype only represents the structure while cardinalities are given by a separate function.
+\<close>
+datatype (relations:'a) joinTree = Relation 'a | Join "'a joinTree" "'a joinTree"
+
+type_synonym 'a card = "'a \<Rightarrow> real"
+
+subsection \<open>Functions\<close>
+
+subsubsection \<open>Functions for Information Retrieval\<close>
+
+fun inorder :: "'a joinTree \<Rightarrow> 'a list" where
+ "inorder (Relation rel) = [rel]"
+| "inorder (Join l r) = inorder l @ inorder r"
+
+fun revorder :: "'a joinTree \<Rightarrow> 'a list" where
+ "revorder (Relation rel) = [rel]"
+| "revorder (Join l r) = revorder r @ revorder l"
+
+fun relations_mset :: "'a joinTree \<Rightarrow> 'a multiset" where
+ "relations_mset (Relation rel) = {#rel#}"
+| "relations_mset (Join l r) = relations_mset l + relations_mset r"
+
+fun card :: "'a card \<Rightarrow> 'a selectivity \<Rightarrow> 'a joinTree \<Rightarrow> real" where
+ "card cf f (Relation rel) = cf rel"
+| "card cf f (Join l r) =
+ list_sel f (inorder l) (inorder r) * card cf f l * card cf f r"
+
+fun cards_list :: "'a card \<Rightarrow> 'a joinTree \<Rightarrow> ('a\<times>real) list" where
+ "cards_list cf (Relation rel) = [(rel,cf rel)]"
+| "cards_list cf (Join l r) = cards_list cf l @ cards_list cf r"
+
+fun height :: "'a joinTree \<Rightarrow> nat" where
+ "height (Relation _) = 0"
+| "height (Join l r) = max (height l) (height r) + 1"
+
+fun num_relations :: "'a joinTree \<Rightarrow> nat" where
+ "num_relations (Relation _) = 1"
+| "num_relations (Join l r) = num_relations l + num_relations r"
+
+fun first_node :: "'a joinTree \<Rightarrow> 'a" where
+ "first_node (Relation r) = r"
+| "first_node (Join l _) = first_node l"
+
+
+subsubsection \<open>Functions for Correctness Checks\<close>
+
+text \<open>
+ Cardinalities must be positive and selectivities need to be @{text "\<in> (0,1]"}.
+\<close>
+fun reasonable_cards :: "'a card \<Rightarrow> 'a selectivity \<Rightarrow> 'a joinTree \<Rightarrow> bool" where
+ "reasonable_cards cf f (Relation rel) = (cf rel > 0)"
+| "reasonable_cards cf f (Join l r) = (let c = card cf f (Join l r) in
+ c \<le> card cf f l * card cf f r \<and> c > 0 \<and> reasonable_cards cf f l \<and> reasonable_cards cf f r)"
+
+definition pos_rel_cards :: "'a card \<Rightarrow> 'a joinTree \<Rightarrow> bool" where
+ "pos_rel_cards cf t = (\<forall>(_,c)\<in>set (cards_list cf t). c > 0)"
+
+definition pos_list_cards :: "'a card \<Rightarrow> 'a list \<Rightarrow> bool" where
+ "pos_list_cards cf xs = (\<forall>x\<in>set xs. cf x > 0)"
+
+text\<open>
+ Each node should have a unique identifier.
+\<close>
+definition distinct_relations :: "'a joinTree \<Rightarrow> bool" where
+ "distinct_relations t = distinct (inorder t)"
+
+subsubsection \<open>Functions for Modifications\<close>
+
+fun mirror :: "'a joinTree \<Rightarrow> 'a joinTree" where
+ "mirror (Relation rel) = Relation rel"
+| "mirror (Join l r) = Join (mirror r) (mirror l)"
+
+fun create_rdeep :: "'a list \<Rightarrow> 'a joinTree" where
+ "create_rdeep [] = undefined"
+| "create_rdeep [x] = Relation x"
+| "create_rdeep (x#xs) = Join (Relation x) (create_rdeep xs)"
+
+fun create_ldeep_rev :: "'a list \<Rightarrow> 'a joinTree" where
+ "create_ldeep_rev [] = undefined"
+| "create_ldeep_rev [x] = Relation x"
+| "create_ldeep_rev (x#xs) = Join (create_ldeep_rev xs) (Relation x)"
+
+definition create_ldeep :: "'a list \<Rightarrow> 'a joinTree" where
+ "create_ldeep xs = create_ldeep_rev (rev xs)"
+
+subsubsection \<open>Additional properties\<close>
+(** functions that check for certain properties **)
+
+fun left_deep :: "'a joinTree \<Rightarrow> bool" where
+ "left_deep (Relation _) = True"
+| "left_deep (Join l (Relation _)) = left_deep l"
+| "left_deep _ = False"
+
+fun right_deep :: "'a joinTree \<Rightarrow> bool" where
+ "right_deep (Relation _) = True"
+| "right_deep (Join (Relation _) r) = right_deep r"
+| "right_deep _ = False"
+
+fun zig_zag :: "'a joinTree \<Rightarrow> bool" where
+ "zig_zag (Relation _) = True"
+| "zig_zag (Join l (Relation _)) = zig_zag l"
+| "zig_zag (Join (Relation _) r) = zig_zag r"
+| "zig_zag _ = False"
+
+subsubsection \<open>Cardinality Calculations for Left-deep Trees\<close>
+
+text \<open>
+ Expects a reversed list of relations rs and calculates the cardinality of a left-deep tree.
+\<close>
+
+fun ldeep_n :: "'a selectivity \<Rightarrow> 'a card \<Rightarrow> 'a list \<Rightarrow> real" where
+ "ldeep_n f cf [] = 1"
+| "ldeep_n f cf (r#rs) = cf r * (list_sel_aux' f rs r) * ldeep_n f cf rs"
+
+definition ldeep_T :: "('a \<Rightarrow> real) \<Rightarrow> 'a card \<Rightarrow> 'a list \<Rightarrow> real" where
+ "ldeep_T sf cf xs = foldl (\<lambda>a b. a * cf b * sf b) 1 xs"
+
+fun ldeep_T' :: "('a \<Rightarrow> real) \<Rightarrow> 'a card \<Rightarrow> 'a list \<Rightarrow> real" where
+ "ldeep_T' f cf [] = 1"
+| "ldeep_T' f cf (r#rs) = cf r * f r * ldeep_T' f cf rs"
+
+
+subsection \<open>Proofs\<close>
+(** proofs that properties are maintained **)
+
+lemma ldeep_eq_rdeep: "left_deep t = right_deep (mirror t)"
+ by(induction t rule: left_deep.induct) (auto)
+
+lemma mirror_twice_id[simp]: "mirror (mirror t) = t"
+ by(induction t) auto
+
+lemma rdeep_eq_ldeep: "right_deep t = left_deep (mirror t)"
+ apply(induction t rule: right_deep.induct)
+ by(auto)
+
+lemma mirror_zig_zag_preserv: "zig_zag (mirror t) = zig_zag t"
+ apply(induction t rule: zig_zag.induct)
+ using zig_zag.elims(2) by fastforce+
+
+lemma ldeep_zig_zag: "left_deep t \<Longrightarrow> zig_zag t"
+ by(induction t rule: zig_zag.induct) auto
+
+lemma rdeep_zig_zag: "right_deep t \<Longrightarrow> zig_zag t"
+ using rdeep_eq_ldeep ldeep_zig_zag mirror_zig_zag_preserv by blast
+
+lemma relations_nempty: "relations t \<noteq> {}"
+ by (induction t) auto
+
+lemma set_implies_mset: "x \<in> relations t \<Longrightarrow> x \<in># relations_mset t"
+ by(induction t) (auto)
+
+lemma mset_implies_set: "x \<in># relations_mset t \<Longrightarrow> x \<in> relations t"
+ by(induction t) (auto)
+
+lemma inorder_eq_mset: "mset (inorder t) = relations_mset t"
+ by(induction t) (auto)
+
+lemma relations_set_eq_mset: "set_mset (relations_mset t) = relations t"
+ using mset_implies_set set_implies_mset by fast
+
+lemma inorder_eq_set: "set (inorder t) = relations t"
+ by(induction t) (auto)
+
+lemma revorder_eq_mset: "mset (revorder t) = relations_mset t"
+ by(induction t) (auto)
+
+lemma revorder_eq_set: "set (revorder t) = relations t"
+ by(induction t) (auto)
+
+lemma revorder_eq_rev_inorder: "revorder t = rev (inorder t)"
+ by(induction t) (auto)
+
+lemma inorder_eq_rev_revorder: "inorder t = rev (revorder t)"
+ by(induction t) (auto)
+
+lemma mirror_mset_eq[simp]: "relations_mset (mirror t) = relations_mset t"
+ by(induction t) auto
+
+lemma distinct_rels_alt: "distinct_relations t \<longleftrightarrow> distinct (revorder t)"
+ unfolding distinct_relations_def inorder_eq_rev_revorder by simp
+
+lemma distinct_rels_alt':
+ "distinct_relations t \<longleftrightarrow> (let multi=relations_mset t in \<forall>x\<in># multi. count multi x = 1)"
+ using distinct_relations_def inorder_eq_mset distinct_alt by metis
+
+lemma inorder_nempty: "inorder t \<noteq> []"
+ by (induction t) auto
+
+lemma revorder_nempty: "revorder t \<noteq> []"
+ by (induction t) auto
+
+lemma mirror_distinct: "distinct_relations t \<Longrightarrow> distinct_relations (mirror t)"
+ by(simp add: distinct_rels_alt')
+
+lemma mirror_set_eq[simp]: "relations (mirror t) = relations t"
+ by(induction t) auto
+
+lemma mirror_inorder_rev: "inorder (mirror t) = rev (inorder t)"
+ by(induction t) auto
+
+lemma mirror_revorder_rev: "revorder (mirror t) = rev (revorder t)"
+ by(induction t) auto
+
+corollary mirror_revorder_inorder: "revorder (mirror t) = inorder t"
+ unfolding mirror_revorder_rev inorder_eq_rev_revorder by simp
+
+corollary mirror_inorder_revorder: "inorder (mirror t) = revorder t"
+ unfolding mirror_inorder_rev revorder_eq_rev_inorder by simp
+
+lemma mirror_card_eq[simp]: "sel_symm f \<Longrightarrow> card cf f (mirror t) = card cf f t"
+proof(induction t)
+ case (Join l r)
+ let ?r = "mirror r" and ?l = "mirror l"
+ have 0: "mset (inorder ?r) = mset (inorder r)" by (simp add: inorder_eq_mset)
+ have 1: "mset (inorder ?l) = mset (inorder l)" by (simp add: inorder_eq_mset)
+ have "card cf f (mirror (Join l r)) = card cf f (Join (mirror r) (mirror l))" by simp
+ also have "\<dots> = list_sel f (inorder ?r) (inorder ?l) * card cf f r * card cf f l"
+ using Join by simp
+ also have "\<dots> = list_sel f (inorder r) (inorder ?l) * card cf f r * card cf f l"
+ using 0 mset_x_eq_list_sel_eq by auto
+ also have "\<dots> = list_sel f (inorder r) (inorder l) * card cf f r * card cf f l"
+ using 1 mset_y_eq_list_sel_eq by auto
+ finally show ?case using list_sel_symm Join.prems by auto
+qed(simp)
+
+lemma mirror_reasonable_cards:
+ "\<lbrakk>sel_symm f; reasonable_cards cf f t\<rbrakk> \<Longrightarrow> reasonable_cards cf f (mirror t)"
+proof(induction t)
+ case (Join l r)
+ let ?r = "mirror r" and ?l = "mirror l"
+ let ?c = "card cf f (mirror (Join l r))"
+ let ?c' = "card cf f (Join l r)"
+ have "reasonable_cards cf f (mirror (Join l r))
+ = reasonable_cards cf f (Join (mirror r) (mirror l))" by simp
+ also have "\<dots> = (?c \<le> card cf f ?r * card cf f ?l \<and> ?c>0
+ \<and> reasonable_cards cf f ?l \<and> reasonable_cards cf f ?r)"
+ by (auto simp: Let_def)
+ also have "\<dots> = (?c \<le> card cf f ?r * card cf f ?l \<and> ?c>0)"
+ using Join by fastforce
+ also have "\<dots> = (?c' \<le> card cf f r * card cf f l \<and> ?c'>0)"
+ using mirror_card_eq Join.prems by metis
+ also have "\<dots> = (?c' \<le> card cf f r * card cf f l \<and> ?c'>0
+ \<and> reasonable_cards cf f l \<and> reasonable_cards cf f r)"
+ using Join.prems by auto
+ also have "\<dots> = (?c' \<le> card cf f l * card cf f r \<and> ?c'>0
+ \<and> reasonable_cards cf f l \<and> reasonable_cards cf f r)"
+ by argo
+ finally show ?case using Join.prems by force
+qed(simp)
+
+lemma joinTree_cases: "(\<exists>r. t=(Relation r)) \<or> (\<exists>l rr. t=(Join l (Relation rr)))
+ \<or> (\<exists>l lr rr. t=(Join l (Join lr rr)))"
+ apply(cases t)
+ apply(auto)[2]
+ by (meson joinTree.exhaust)
+
+lemma joinTree_cases_ldeep: "left_deep t
+ \<Longrightarrow> (\<exists>r. t=(Relation r)) \<or> (\<exists>l rr. t=(Join l (Relation rr)))"
+ apply(cases t)
+ apply(auto)[2]
+ using joinTree_cases by fastforce
+
+lemma ldeep_trans: "left_deep (Join l r) \<Longrightarrow> left_deep l"
+ by(cases r) auto
+
+lemma subtree_elem_count_l:
+ assumes "\<forall>x\<in># (relations_mset (Join l r)). count (relations_mset (Join l r)) x = 1"
+ and "x \<in># relations_mset l"
+ shows "count (relations_mset l) x = 1"
+proof -
+ have 0: "count (relations_mset l) x \<ge> 1" using assms by auto
+ have "count (relations_mset l) x \<le> 1" using assms by force
+ then show ?thesis using 0 by linarith
+qed
+
+lemma subtree_elem_count_r:
+ assumes "\<forall>x\<in># (relations_mset (Join l r)). count (relations_mset (Join l r)) x = 1"
+ and "x \<in># relations_mset r"
+ shows "count (relations_mset r) x = 1"
+proof -
+ have 0: "count (relations_mset r) x \<ge> 1" using assms by auto
+ have "count (relations_mset r) x \<le> 1" using assms by force
+ then show ?thesis using 0 by linarith
+qed
+
+lemma first_node_first_inorder: "\<exists>xs. inorder t = first_node t # xs"
+ by(induction t) auto
+
+lemma first_node_last_revorder: "\<exists>xs. revorder t = xs @ [first_node t]"
+ by(induction t) auto
+
+lemma first_node_eq_hd: "first_node t = hd (inorder t)"
+ using first_node_first_inorder[of t] by auto
+
+lemma distinct_elem_right_not_left:
+ assumes "distinct_relations (Join l r)"
+ and "x \<in> relations r"
+ shows "x \<notin> relations l"
+proof
+ assume "x \<in> relations l"
+ then have "x \<in># relations_mset l" using set_implies_mset by fast
+ then have 0: "count (relations_mset l) x \<ge> 1" by simp
+ have "x \<in># relations_mset r" using set_implies_mset assms(2) by fast
+ then have "count (relations_mset r) x \<ge> 1" by simp
+ moreover have "count (relations_mset l + relations_mset r) x
+ = count (relations_mset l) x + count (relations_mset r) x" by simp
+ ultimately have "count (relations_mset l + relations_mset r) x \<ge> 2" using 0 by linarith
+ then have "count (relations_mset (Join l r)) x \<ge> 2" by simp
+ then have 1: "count (relations_mset (Join l r)) x \<noteq> 1" by simp
+ let ?multi = "(relations_mset (Join l r))"
+ have "distinct_relations (Join l r) = (\<forall>y\<in># ?multi. count ?multi y = 1)"
+ by (simp add: distinct_rels_alt')
+ then show False using 1 assms set_implies_mset by fastforce
+qed
+
+lemma distinct_elem_left_not_right:
+ assumes "distinct_relations (Join l r)"
+ and "x \<in> relations l"
+ shows "x \<notin> relations r"
+ using distinct_elem_right_not_left assms by fast
+
+lemma distinct_relations_disjoint: "distinct_relations (Join l r) \<Longrightarrow> relations l \<inter> relations r = {}"
+ using distinct_elem_right_not_left by fast
+
+lemma distinct_trans_l: "distinct_relations (Join l r) \<Longrightarrow> distinct_relations l"
+ using subtree_elem_count_l by (fastforce simp: distinct_rels_alt)
+
+lemma distinct_trans_r: "distinct_relations (Join l r) \<Longrightarrow> distinct_relations r"
+ using subtree_elem_count_r by (fastforce simp: distinct_rels_alt)
+
+lemma distinct_and_disjoint_impl_count1:
+ assumes "distinct_relations l"
+ and "distinct_relations r"
+ and "relations l \<inter> relations r = {}"
+ and "x \<in># relations_mset (Join l r)"
+ shows "count (relations_mset (Join l r)) x = 1"
+proof -
+ show ?thesis
+ proof(cases "x\<in>relations l")
+ case True
+ then have "x\<in># relations_mset l" using set_implies_mset by fast
+ then have 0: "count (relations_mset l) x = 1" using assms(1) distinct_rels_alt' by metis
+ have "x\<notin># relations_mset r" using True assms(3) disjoint_iff mset_implies_set by fast
+ then have "count (relations_mset r) x = 0" by (simp add: count_eq_zero_iff)
+ then show ?thesis using 0 by simp
+ next
+ case False
+ have "x\<in># relations_mset r" using False assms(4) using mset_implies_set by force
+ then have 0: "count (relations_mset r) x = 1" using assms(2) distinct_rels_alt' by metis
+ have "x\<notin># relations_mset l" using False assms(3) disjoint_iff mset_implies_set by fast
+ then have "count (relations_mset l) x = 0" by (simp add: count_eq_zero_iff)
+ then show ?thesis using 0 by simp
+ qed
+qed
+
+lemma distinct_and_disjoint_impl_distinct:
+ "\<lbrakk>distinct_relations l; distinct_relations r; relations l \<inter> relations r = {}\<rbrakk>
+ \<Longrightarrow> distinct_relations (Join l r)"
+ using distinct_and_disjoint_impl_count1 distinct_rels_alt' by fastforce
+
+lemma reasonable_trans:
+ "reasonable_cards cf f (Join l r) \<Longrightarrow> reasonable_cards cf f l \<and> reasonable_cards cf f r"
+ by (simp add: Let_def)
+
+lemma mirror_height_eq: "height (mirror t) = height t"
+ by(induction t) auto
+
+lemma height_0_rel: "height t = 0 \<Longrightarrow> \<exists>r. t = Relation r"
+ by(cases t) auto
+
+lemma height_gt_0_join: "height t > 0 \<Longrightarrow> \<exists>l r. t = Join l r"
+ by(cases t) auto
+
+lemma height_decr_l: "height (Join l r) > height l"
+ by simp
+
+lemma height_decr_r: "height (Join l r) > height r"
+ by simp
+
+lemma mirror_num_relations_eq: "num_relations (mirror t) = num_relations t"
+ by(induction t) auto
+
+lemma zig_zag_num_relations_height: "zig_zag t \<Longrightarrow> num_relations t = height t + 1"
+ by(induction t rule: zig_zag.induct) auto
+
+lemma ldeep_num_relations_height: "left_deep t \<Longrightarrow> num_relations t = height t + 1"
+ by (simp add: zig_zag_num_relations_height ldeep_zig_zag)
+
+lemma rdeep_num_relations_height: "right_deep t \<Longrightarrow> num_relations t = height t + 1"
+ by (simp add: zig_zag_num_relations_height rdeep_zig_zag)
+
+lemma num_relations_eq_length: "num_relations t = length (inorder t)"
+ by(induction t) auto
+
+lemma reasonable_impl_pos: "reasonable_cards cf f t \<Longrightarrow> pos_rel_cards cf t"
+ by(induction t) (auto simp: pos_rel_cards_def Let_def)
+
+lemma cards_list_eq_inorder: "map (\<lambda>(a,_). a) (cards_list cf t) = inorder t"
+ by(induction t) auto
+
+lemma cards_list_eq_relations: "(\<lambda>(a,_). a) ` set (cards_list cf t) = relations t"
+ by (simp add: cards_list_eq_inorder image_set inorder_eq_set)
+
+lemma cards_eq_c: "(rel,c)\<in>set(cards_list cf t) \<Longrightarrow> cf rel = c"
+ by(induction t) auto
+
+lemma finite_trans: "finite (relations (Join l r)) \<Longrightarrow> finite (relations l) \<and> finite (relations r)"
+ by simp
+
+lemma distinct_impl_card_eq_length:
+ "finite (relations t) \<Longrightarrow> height t \<le> n \<Longrightarrow> distinct_relations t
+ \<Longrightarrow> Finite_Set.card (relations t) = length (inorder t)"
+proof(induction n arbitrary: t)
+ case 0
+ then obtain r where "Relation r = t" using height_0_rel by auto
+ then show ?case using distinct_relations_def by force
+next
+ case (Suc n)
+ then show ?case
+ proof(cases "height t = Suc n")
+ case True
+ then have "0 < height t" by simp
+ then obtain l r where join[simp]: "Join l r = t" using height_gt_0_join by blast
+ then have 0: "finite (relations l) \<and> finite (relations r)"
+ using Suc.prems(1) finite_trans by blast
+ have 1: "height l \<le> n" using True join by (metis height_decr_l less_Suc_eq_le)
+ have 2: "height r \<le> n" using True join by (metis height_decr_r less_Suc_eq_le)
+ have "Finite_Set.card (relations t) + Finite_Set.card (relations l \<inter> relations r)
+ = Finite_Set.card (relations l) + Finite_Set.card (relations r)"
+ using card_Un_Int join 0 by (metis JoinTree.joinTree.simps(16))
+ then have "Finite_Set.card (relations t)
+ = Finite_Set.card (relations l) + Finite_Set.card (relations r)"
+ by (simp add: local.Suc.prems(3) distinct_relations_disjoint)
+ moreover have "length (inorder t)
+ = length (inorder l) + length (inorder r)"
+ by (metis JoinTree.inorder.simps(2) join length_append)
+ moreover have "Finite_Set.card (relations l) = length (inorder l)"
+ using Suc.IH Suc.prems(3) distinct_trans_l 0 1 join by blast
+ moreover have "Finite_Set.card (relations r) = length (inorder r)"
+ using Suc.IH Suc.prems(3) distinct_trans_r 0 2 join by blast
+ ultimately show ?thesis by simp
+ next
+ case False
+ then show ?thesis using Suc by simp
+ qed
+qed
+
+lemma card_le_length: "Finite_Set.card (relations t) \<le> length (inorder t)"
+ apply(induction t)
+ apply(auto)[2]
+ by (meson add_mono card_Un_le le_trans)
+
+lemma card_eq_length_impl_disjunct:
+ assumes "finite (relations (Join l r))"
+ and "Finite_Set.card (relations (Join l r)) = length (inorder (Join l r))"
+ shows "relations l \<inter> relations r = {}"
+proof (rule ccontr)
+ assume 0: "relations l \<inter> relations r \<noteq> {}"
+ have 1: "finite (relations l) \<and> finite (relations r)" using assms(1) by simp
+ then have 2: "Finite_Set.card (relations (Join l r)) + Finite_Set.card (relations l \<inter> relations r)
+ = Finite_Set.card (relations l) + Finite_Set.card (relations r)"
+ using card_Un_Int by (metis JoinTree.joinTree.simps(16))
+ moreover have "Finite_Set.card (relations l \<inter> relations r) > 0" using 0 1 by auto
+ ultimately have "Finite_Set.card (relations (Join l r))
+ < Finite_Set.card (relations l) + Finite_Set.card (relations r)" by simp
+ also have "\<dots> \<le> length (inorder l) + Finite_Set.card (relations r)"
+ by (simp add: card_le_length)
+ also have "\<dots> \<le> length (inorder l) + length (inorder r)"
+ by (simp add: card_le_length)
+ finally have "Finite_Set.card (relations (Join l r)) < length (inorder (Join l r))"
+ by simp
+ then show "False" using assms(2) by simp
+qed
+
+lemma card_eq_length_trans_l:
+ assumes "finite (relations (Join l r))"
+ and "Finite_Set.card (relations (Join l r)) = length (inorder (Join l r))"
+ shows "Finite_Set.card (relations l) = length (inorder l)"
+proof (rule ccontr)
+ assume 0: "Finite_Set.card (relations l) \<noteq> length (inorder l)"
+ have "Finite_Set.card (relations (Join l r))
+ = length (inorder l) + length (inorder r)"
+ using assms(2) by simp
+ have "finite (relations l) \<and> finite (relations r)" using assms(1) by simp
+ then have "Finite_Set.card (relations (Join l r)) + Finite_Set.card (relations l \<inter> relations r)
+ = Finite_Set.card (relations l) + Finite_Set.card (relations r)"
+ using card_Un_Int by (metis JoinTree.joinTree.simps(16))
+ then have "Finite_Set.card (relations (Join l r))
+ = Finite_Set.card (relations l) + Finite_Set.card (relations r)"
+ using assms by (simp add: card_eq_length_impl_disjunct)
+ moreover have "Finite_Set.card (relations l) < length (inorder l)"
+ using 0 card_le_length le_imp_less_or_eq by blast
+ ultimately have "Finite_Set.card (relations (Join l r))
+ < length (inorder l) + Finite_Set.card (relations r)"
+ by simp
+ also have "\<dots> \<le> length (inorder l) + length (inorder r)"
+ by (simp add: card_le_length)
+ finally have "Finite_Set.card (relations (Join l r)) < length (inorder (Join l r))"
+ by simp
+ then show "False" using assms(2) by simp
+qed
+
+lemma card_eq_length_trans_r:
+ assumes "finite (relations (Join l r))"
+ and "Finite_Set.card (relations (Join l r)) = length (inorder (Join l r))"
+ shows "Finite_Set.card (relations r) = length (inorder r)"
+ using assms card_eq_length_trans_l mirror_set_eq
+ by (metis JoinTree.mirror.simps(2) mirror_num_relations_eq num_relations_eq_length)
+
+lemma card_eq_length_impl_distinct:
+ "\<lbrakk>finite (relations t); height t \<le> n; Finite_Set.card (relations t) = length (inorder t)\<rbrakk>
+ \<Longrightarrow> distinct_relations t"
+proof(induction n arbitrary: t)
+ case 0
+ then obtain r where "Relation r = t" using height_0_rel by auto
+ then show ?case using distinct_relations_def by force
+next
+ case (Suc n)
+ then show ?case
+ proof(cases "height t = Suc n")
+ case True
+ then have "0 < height t" by simp
+ then obtain l r where join[simp]: "Join l r = t" using height_gt_0_join by blast
+ then have 0: "finite (relations l) \<and> finite (relations r)"
+ using Suc.prems(1) finite_trans by blast
+ have 1: "height l \<le> n" using True join by (metis height_decr_l less_Suc_eq_le)
+ have 2: "height r \<le> n" using True join by (metis height_decr_r less_Suc_eq_le)
+ have "Finite_Set.card (relations t) + Finite_Set.card (relations l \<inter> relations r)
+ = Finite_Set.card (relations l) + Finite_Set.card (relations r)"
+ using card_Un_Int join 0 by (metis JoinTree.joinTree.simps(16))
+ then have "Finite_Set.card (relations t)
+ = Finite_Set.card (relations l) + Finite_Set.card (relations r)"
+ using Suc.prems(1,3) by (simp add: card_eq_length_impl_disjunct)
+
+ have "Finite_Set.card (relations l) = length (inorder l)"
+ using Suc.prems(1,3) card_eq_length_trans_l join by blast
+ then have 3: "distinct_relations l" using Suc.IH 0 1 by blast
+ have "Finite_Set.card (relations r) = length (inorder r)"
+ using Suc.IH Suc.prems(1,3) card_eq_length_trans_r join by blast
+ then have 4: "distinct_relations r" using Suc.IH 0 2 by blast
+ have "relations l \<inter> relations r = {}"
+ using card_eq_length_impl_disjunct join Suc.prems(1,3) by blast
+ then show ?thesis using 3 4 distinct_and_disjoint_impl_distinct by fastforce
+ next
+ case False
+ then show ?thesis using Suc by simp
+ qed
+qed
+
+lemma list_sel_revorder_eq_inorder_x: "list_sel f (revorder l) ys = list_sel f (inorder l) ys"
+ unfolding revorder_eq_rev_inorder using mset_x_eq_list_sel_eq mset_rev by blast
+
+lemma list_sel_revorder_eq_inorder_y: "list_sel f xs (revorder r) = list_sel f xs (inorder r)"
+ unfolding revorder_eq_rev_inorder using mset_y_eq_list_sel_eq mset_rev by blast
+
+lemma list_sel_revorder_eq_inorder:
+ "list_sel f (revorder l) (revorder r) = list_sel f (inorder l) (inorder r)"
+ unfolding list_sel_revorder_eq_inorder_x list_sel_revorder_eq_inorder_y by simp
+
+lemma card_join_alt:
+ "card cf f (Join l r) = list_sel f (revorder l) (revorder r) * card cf f l * card cf f r"
+ unfolding list_sel_revorder_eq_inorder by simp
+
+lemma distinct_alt:
+ "finite (relations t)
+ \<Longrightarrow> distinct_relations t \<longleftrightarrow> Finite_Set.card (relations t) = length (inorder t)"
+ using card_eq_length_impl_distinct distinct_impl_card_eq_length by auto
+
+lemma distinct_alt2:
+ "distinct_relations (Join l r)
+ \<longleftrightarrow> distinct_relations l \<and> distinct_relations r \<and> relations l \<inter> relations r = {}"
+ using distinct_relations_disjoint distinct_trans_l distinct_trans_r
+ by (auto elim: distinct_and_disjoint_impl_distinct)
+
+lemma pos_rel_cards_subtrees:
+ "pos_rel_cards cf (Join l r) = (pos_rel_cards cf l \<and> pos_rel_cards cf r)"
+proof -
+ have "pos_rel_cards cf (Join l r) = (\<forall>(_,c)\<in>set (cards_list cf (Join l r)). c>0)"
+ by (simp add: pos_rel_cards_def)
+ also have "\<dots> = (\<forall>(_,c)\<in>set (cards_list cf l @ cards_list cf r). c>0)" by simp
+ also have "\<dots> = ((\<forall>(_,c)\<in>set (cards_list cf l). c>0) \<and> (\<forall>(_,c)\<in>set (cards_list cf r). c>0))"
+ by auto
+ also have "\<dots> = (pos_rel_cards cf l \<and> pos_rel_cards cf r)"
+ by (simp add: pos_rel_cards_def)
+ finally show ?thesis by simp
+qed
+
+lemma pos_rel_cards_eq_pos_list_cards:
+ "pos_rel_cards cf t \<longleftrightarrow> pos_list_cards cf (inorder t)"
+ by(induction t) (auto simp: pos_rel_cards_def pos_list_cards_def)
+
+lemma pos_list_cards_split:
+ "pos_list_cards cf (xs@ys) \<longleftrightarrow> pos_list_cards cf xs \<and> pos_list_cards cf ys"
+ by(induction xs) (auto simp: pos_list_cards_def)
+
+lemma pos_sel_reason_impl_reason:
+ "\<lbrakk>pos_rel_cards cf t; sel_reasonable sel\<rbrakk> \<Longrightarrow> reasonable_cards cf sel t"
+proof(induction t)
+ case (Join l r)
+ then have "pos_rel_cards cf l \<and> pos_rel_cards cf r" using pos_rel_cards_subtrees by blast
+ then have 0: "reasonable_cards cf sel l \<and> reasonable_cards cf sel r" using Join by simp
+ have "list_sel sel (inorder l) (inorder r) \<le> 1"
+ using Join.prems(2) sel_reasonable_def list_sel_reasonable by fast
+ obtain c where 1:
+ "list_sel sel (inorder l) (inorder r) * card cf sel l * card cf sel r = c"
+ by simp
+ then have "c = list_sel sel (inorder l) (inorder r) * card cf sel l * card cf sel r"
+ by simp
+ then have 2: "c \<le> 1 * card cf sel l * card cf sel r"
+ using Join.prems(2) list_sel_reasonable 0 mult_left_le_one_le mult_right_less_imp_less
+ by (smt (verit, ccfv_SIG) card.simps(1) card.simps(2) reasonable_cards.elims(2))
+ from 1 have "c > 0 * card cf sel l * card cf sel r"
+ using Join.prems(2) list_sel_reasonable 0 mult_pos_pos
+ by (metis card.simps(1) card.simps(2) mult_eq_0_iff reasonable_cards.elims(2))
+ then show ?case using 0 1 2 by simp
+qed(simp add: pos_rel_cards_def)
+
+lemma create_rdeep_order: "xs \<noteq> [] \<Longrightarrow> inorder (create_rdeep xs) = xs"
+proof(induction xs)
+ case (Cons x xs)
+ then show ?case by(cases xs) auto
+qed(simp)
+
+lemma create_ldeep_rev_order: "xs \<noteq> [] \<Longrightarrow> inorder (create_ldeep_rev xs) = rev xs"
+proof(induction xs)
+ case (Cons x xs)
+ then show ?case by(cases xs) auto
+qed(simp)
+
+lemma create_ldeep_order: "xs \<noteq> [] \<Longrightarrow> inorder (create_ldeep xs) = xs"
+ by (simp add: create_ldeep_def create_ldeep_rev_order)
+
+lemma create_rdeep_rdeep: "xs \<noteq> [] \<Longrightarrow> right_deep (create_rdeep xs)"
+proof(induction xs)
+ case (Cons x xs)
+ then show ?case by(cases xs) auto
+qed(simp)
+
+lemma create_ldeep_rev_ldeep: "xs \<noteq> [] \<Longrightarrow> left_deep (create_ldeep_rev xs)"
+proof(induction xs)
+ case (Cons x xs)
+ then show ?case by(cases xs) auto
+qed(simp)
+
+lemma create_ldeep_ldeep: "xs \<noteq> [] \<Longrightarrow> left_deep (create_ldeep xs)"
+ by (simp add: create_ldeep_rev_ldeep create_ldeep_def)
+
+lemma create_ldeep_rev_relations: "xs \<noteq> [] \<Longrightarrow> relations (create_ldeep_rev xs) = set xs"
+ using create_ldeep_rev_order[of xs] inorder_eq_set by force
+
+lemma create_ldeep_relations: "xs \<noteq> [] \<Longrightarrow> relations (create_ldeep xs) = set xs"
+ by (simp add: create_ldeep_rev_relations create_ldeep_def)
+
+lemma create_ldeep_rev_Cons:
+ "xs \<noteq> [] \<Longrightarrow> create_ldeep_rev (x#xs) = Join (create_ldeep_rev xs) (Relation x)"
+ using create_ldeep_rev.simps(3) neq_Nil_conv by metis
+
+lemma create_ldeep_snoc: "xs \<noteq> [] \<Longrightarrow> create_ldeep (xs@[x]) = Join (create_ldeep xs) (Relation x)"
+ by (simp add: create_ldeep_rev_Cons create_ldeep_def)
+
+lemma create_ldeep_inorder[simp]: "left_deep t \<Longrightarrow> create_ldeep (inorder t) = t"
+ apply(induction t)
+ apply (simp add: create_ldeep_def)
+ by (metis Nil_is_append_conv create_ldeep_snoc inorder.simps
+ ldeep_trans left_deep.simps(3) not_Cons_self2 relations_mset.cases)
+
+lemma create_rdeep_inorder[simp]: "right_deep t \<Longrightarrow> create_rdeep (inorder t) = t"
+ apply(induction t)
+ apply simp
+ by (metis create_rdeep.simps(3) create_rdeep_order first_node_first_inorder
+ joinTree.distinct(1) joinTree.inject(2) neq_Nil_conv right_deep.elims(2))
+
+lemma ldeep_div_eq_sel:
+ assumes "reasonable_cards cf f (Join l (Relation rel))"
+ and "c = card cf f (Join l (Relation rel))"
+ and "cr = card cf f (Relation rel)"
+ shows "c / (card cf f l * cr) = list_sel f (inorder l) [rel]"
+ using assms by auto
+
+lemma ldeep_n_eq_card:
+ "\<lbrakk>distinct_relations t; left_deep t\<rbrakk> \<Longrightarrow> ldeep_n f cf (revorder t) = card cf f t"
+proof(induction t arbitrary: cf rule: left_deep.induct)
+ case (2 l rr)
+ let ?rev = "revorder (Join l (Relation rr))"
+ have "?rev = rr # revorder l" by simp
+ have "ldeep_n f cf ?rev = ldeep_n f cf (rr#revorder l)" by simp
+ also have "\<dots> = list_sel_aux' f (revorder l) rr
+ * cf rr * ldeep_n f cf (revorder l)" by simp
+ also have "\<dots> = list_sel_aux' f (inorder l) rr * cf rr
+ * ldeep_n f cf (revorder l)"
+ using mset_x_eq_list_sel_aux'_eq mset_rev by (fastforce simp: revorder_eq_rev_inorder)
+ also have "\<dots> = list_sel_aux' f (inorder l) rr * cf rr * card cf f l"
+ using 2 distinct_trans_l by auto
+ finally show ?case
+ using list_sel_sing_aux' card.simps mult.commute
+ by (metis ab_semigroup_mult_class.mult_ac(1) inorder.simps(1))
+qed(auto)
+
+lemma ldeep_n_eq_card_subtree:
+ "\<lbrakk>distinct_relations (Join t r'); left_deep t\<rbrakk> \<Longrightarrow> ldeep_n f cf (revorder t) = card cf f t"
+ using ldeep_n_eq_card distinct_trans_l by blast
+
+
+lemma distinct_ldeep_T'_prepend:
+ "distinct (ys@xs) \<Longrightarrow> ldeep_T' (ldeep_s f (ys@xs)) cf xs = ldeep_T' (ldeep_s f xs) cf xs"
+proof(induction xs arbitrary: ys)
+ case (Cons x xs)
+ then have 0: "distinct (x#xs)" by simp
+ have "ldeep_T' (ldeep_s f (ys@x#xs)) cf (x#xs)
+ = cf x * (ldeep_s f (ys@x#xs)) x * ldeep_T' (ldeep_s f (ys@x#xs)) cf xs" by simp
+ also have "\<dots> = cf x * (ldeep_s f (ys@x#xs)) x * ldeep_T' (ldeep_s f xs) cf xs"
+ using Cons.IH[of "ys@[x]"] Cons.prems by simp
+ also have "\<dots> = cf x * list_sel_aux' f xs x * ldeep_T' (ldeep_s f xs) cf xs"
+ using distinct_ldeep_s_eq_aux[OF Cons.prems] by simp
+ also have "\<dots> = cf x * (ldeep_s f (x#xs)) x * ldeep_T' (ldeep_s f xs) cf xs"
+ using distinct_ldeep_s_eq_aux Cons.prems by simp
+ also have "\<dots> = cf x * (ldeep_s f (x#xs)) x * ldeep_T' (ldeep_s f (x#xs)) cf xs"
+ using Cons.IH[of "[x]"] 0 by simp
+ finally show ?case by simp
+qed(simp)
+
+lemma ldeep_T'_eq_ldeep_n: "distinct xs \<Longrightarrow> ldeep_T' (ldeep_s f xs) cf xs = ldeep_n f cf xs"
+proof(induction xs)
+ case (Cons x xs)
+ then have 0: "distinct xs" by simp
+ have "ldeep_T' (ldeep_s f (x # xs)) cf (x # xs)
+ = cf x * (ldeep_s f (x # xs)) x * ldeep_T' (ldeep_s f (x # xs)) cf xs" by simp
+ also have "\<dots> = cf x * list_sel_aux' f xs x * ldeep_T' (ldeep_s f (x # xs)) cf xs" by simp
+ also have "\<dots> = cf x * list_sel_aux' f xs x * ldeep_T' (ldeep_s f xs) cf xs"
+ using distinct_ldeep_T'_prepend[of "[x]"] Cons.prems by simp
+ also have "\<dots> = cf x * list_sel_aux' f xs x * ldeep_n f cf xs"
+ using Cons.IH 0 by simp
+ finally show ?case by simp
+qed(simp)
+
+lemma ldeep_T'_eq_foldl: "acc * ldeep_T' f cf xs = foldl (\<lambda>a b. a * cf b * f b) acc xs"
+proof(induction xs arbitrary: acc)
+ case (Cons x xs)
+ have "acc * ldeep_T' f cf (x # xs) = acc * cf x * f x * ldeep_T' f cf xs" by simp
+ also have "\<dots> = foldl (\<lambda>a b. a * cf b * f b) (acc * cf x * f x) xs" using Cons by simp
+ finally show ?case by simp
+qed(simp)
+
+lemma distinct_ldeep_T_prepend:
+ "distinct (ys@xs) \<Longrightarrow> ldeep_T (ldeep_s f (ys@xs)) cf xs = ldeep_T (ldeep_s f xs) cf xs"
+ using ldeep_T'_eq_foldl[of 1 "ldeep_s f (ys@xs)" cf xs]
+ by (simp add: distinct_ldeep_T'_prepend ldeep_T_def ldeep_T'_eq_foldl)
+
+lemma ldeep_T_eq_ldeep_T'_aux: "ldeep_T sf cf xs = ldeep_T' sf cf xs"
+ using ldeep_T'_eq_foldl[of 1 sf] ldeep_T_def by fastforce
+
+lemma ldeep_T_eq_ldeep_T': "ldeep_T = ldeep_T'"
+ using ldeep_T_eq_ldeep_T'_aux by blast
+
+lemma ldeep_T_eq_ldeep_n: "distinct xs \<Longrightarrow> ldeep_T (ldeep_s f xs) cf xs = ldeep_n f cf xs"
+ by (simp add: ldeep_T_eq_ldeep_T' ldeep_T'_eq_ldeep_n)
+
+lemma ldeep_T_app: "ldeep_T f cf (xs@ys) = ldeep_T f cf xs * ldeep_T f cf ys"
+ using ldeep_T_def foldl_append ldeep_T'_eq_foldl
+ by (metis (mono_tags, lifting) monoid.left_neutral mult.monoid_axioms)
+
+lemma ldeep_T_empty: "ldeep_T f cf [] = 1"
+ by (simp add: ldeep_T_def)
+
+lemma ldeep_T_eq_if_cf_eq: "\<forall>x \<in> set xs. f x = g x \<Longrightarrow> ldeep_T sf f xs = ldeep_T sf g xs"
+ unfolding ldeep_T_eq_ldeep_T' by (induction xs) auto
+
+lemma ldeep_n_pos: "\<lbrakk>pos_list_cards cf xs; sel_reasonable f\<rbrakk> \<Longrightarrow> ldeep_n f cf xs > 0"
+proof(induction xs)
+ case Nil
+ then show ?case by simp
+next
+ case (Cons x xs)
+ then show ?case
+ using list_sel_aux'_reasonable pos_list_cards_def mult_pos_pos set_subset_Cons
+ by (metis list.set_intros(1) ldeep_n.simps(2) subset_code(1))
+qed
+
+lemma ldeep_T_eq_card:
+ "\<lbrakk>distinct_relations t; left_deep t\<rbrakk>
+ \<Longrightarrow> ldeep_T (ldeep_s f (revorder t)) cf (revorder t) = card cf f t"
+ using ldeep_T_eq_ldeep_n[of "revorder t"] ldeep_n_eq_card distinct_rels_alt by fastforce
+
+lemma ldeep_T_pos':
+ "\<lbrakk>distinct xs; pos_list_cards cf xs; sel_reasonable f\<rbrakk> \<Longrightarrow> ldeep_T (ldeep_s f xs) cf xs > 0"
+ by (simp add: ldeep_T_eq_ldeep_n ldeep_n_pos)
+
+lemma ldeep_T_pos: "\<lbrakk>\<forall>x\<in> set ys. cf x > 0; sel_reasonable f\<rbrakk> \<Longrightarrow> ldeep_T (ldeep_s f xs) cf ys > 0"
+ apply(induction ys arbitrary: xs)
+ apply(auto simp: ldeep_T_def)[2]
+ by (metis Groups.comm_monoid_mult_class.mult_1 ldeep_T'_eq_foldl ldeep_s_pos zero_less_mult_iff)
+
+end
\ No newline at end of file
diff --git a/thys/Query_Optimization/List_Dtree.thy b/thys/Query_Optimization/List_Dtree.thy
new file mode 100644
--- /dev/null
+++ b/thys/Query_Optimization/List_Dtree.thy
@@ -0,0 +1,1035 @@
+(* Author: Bernhard Stöckl *)
+
+theory List_Dtree
+ imports Complex_Main "Graph_Additions" "Dtree"
+begin
+
+section \<open>Dtrees of Lists\<close>
+
+subsection \<open>Functions\<close>
+
+abbreviation remove_child :: "'a \<Rightarrow> (('a,'b) dtree \<times> 'b) fset \<Rightarrow> (('a,'b) dtree \<times> 'b) fset" where
+ "remove_child x xs \<equiv> ffilter (\<lambda>(t,e). root t \<noteq> x) xs"
+
+abbreviation child2 ::
+ "'a \<Rightarrow> (('a,'b) dtree \<times> 'b) fset \<Rightarrow> (('a,'b) dtree \<times> 'b) fset \<Rightarrow> (('a,'b) dtree \<times> 'b) fset" where
+ "child2 x zs xs \<equiv> ffold (\<lambda>(t,_) b. case t of Node r ys \<Rightarrow> if r = x then ys |\<union>| b else b) zs xs"
+
+text \<open>Combine children sets to a single set and append element to list.\<close>
+
+fun combine :: "'a list \<Rightarrow> 'a list \<Rightarrow> ('a list,'b) dtree \<Rightarrow> ('a list,'b) dtree" where
+ "combine x y (Node r xs) = (if x=r \<and> (\<exists>t. t \<in> fst ` fset xs \<and> root t = y)
+ then Node (r@y) (child2 y (remove_child y xs) xs)
+ else Node r ((\<lambda>(t,e). (combine x y t,e)) |`| xs))"
+
+text \<open>Basic @{term wf_dverts} property is not strong enough to be preserved in combine operation.\<close>
+
+fun dlverts :: "('a list,'b) dtree \<Rightarrow> 'a set" where
+ "dlverts (Node r xs) = set r \<union> (\<Union>x\<in>fset xs. dlverts (fst x))"
+
+abbreviation disjoint_dlverts :: "(('a list, 'b) dtree \<times> 'b) fset \<Rightarrow> bool" where
+ "disjoint_dlverts xs \<equiv>
+ (\<forall>(x,e1) \<in> fset xs. \<forall>(y,e2) \<in> fset xs. dlverts x \<inter> dlverts y = {} \<or> (x,e1)=(y,e2))"
+
+fun wf_dlverts :: "('a list,'b) dtree \<Rightarrow> bool" where
+ "wf_dlverts (Node r xs) =
+ (r \<noteq> [] \<and> (\<forall>(x,e1) \<in> fset xs. set r \<inter> dlverts x = {} \<and> wf_dlverts x) \<and> disjoint_dlverts xs)"
+
+definition wf_dlverts' :: "('a list,'b) dtree \<Rightarrow> bool" where
+ "wf_dlverts' t \<longleftrightarrow>
+ wf_dverts t \<and> [] \<notin> dverts t \<and> (\<forall>v1\<in>dverts t. \<forall>v2\<in>dverts t. set v1 \<inter> set v2 = {} \<or> v1=v2)"
+
+fun wf_list_lverts :: "('a list\<times>'b) list \<Rightarrow> bool" where
+ "wf_list_lverts [] = True"
+| "wf_list_lverts ((v,e)#xs) =
+ (v \<noteq> [] \<and> (\<forall>v2 \<in> fst ` set xs. set v \<inter> set v2 = {}) \<and> wf_list_lverts xs)"
+
+subsection \<open>List Dtrees as Well-Formed Dtrees\<close>
+
+lemma list_in_verts_if_lverts: "x \<in> dlverts t \<Longrightarrow> (\<exists>v \<in> dverts t. x \<in> set v)"
+ by(induction t) fastforce
+
+lemma list_in_verts_iff_lverts: "x \<in> dlverts t \<longleftrightarrow> (\<exists>v \<in> dverts t. x \<in> set v)"
+ by(induction t) fastforce
+
+lemma lverts_if_in_verts: "\<lbrakk>v \<in> dverts t; x \<in> set v\<rbrakk> \<Longrightarrow> x \<in> dlverts t"
+ by(induction t) fastforce
+
+lemma nempty_inter_notin_dverts: "\<lbrakk>v \<noteq> []; set v \<inter> dlverts t = {}\<rbrakk> \<Longrightarrow> v \<notin> dverts t"
+ using lverts_if_in_verts disjoint_iff_not_equal equals0I set_empty by metis
+
+lemma empty_notin_wf_dlverts: "wf_dlverts t \<Longrightarrow> [] \<notin> dverts t"
+ by(induction t) auto
+
+lemma wf_dlverts'_rec: "\<lbrakk>wf_dlverts' (Node r xs); t1 \<in> fst ` fset xs\<rbrakk> \<Longrightarrow> wf_dlverts' t1"
+ unfolding wf_dlverts'_def using wf_dverts_rec[of r xs t1] dverts_child_subseteq[of t1 xs] by blast
+
+lemma wf_dlverts'_suc: "\<lbrakk>wf_dlverts' t; t1 \<in> fst ` fset (sucs t)\<rbrakk> \<Longrightarrow> wf_dlverts' t1"
+ using wf_dlverts'_rec[of "root t" "sucs t"] by simp
+
+lemma wf_dlverts_suc: "\<lbrakk>wf_dlverts t; t1 \<in> fst ` fset (sucs t)\<rbrakk> \<Longrightarrow> wf_dlverts t1"
+ using wf_dlverts.simps[of "root t" "sucs t"] by auto
+
+lemma wf_dlverts_subtree: "\<lbrakk>wf_dlverts t; is_subtree t1 t\<rbrakk> \<Longrightarrow> wf_dlverts t1"
+ by (induction t) auto
+
+lemma dlverts_eq_dverts_union: "dlverts t = \<Union> (set ` dverts t)"
+ by (induction t) fastforce
+
+lemma dlverts_eq_dverts_union': "dlverts t = (\<Union>x\<in> dverts t. set x)"
+ using dlverts_eq_dverts_union by simp
+
+lemma dverts_nempty: "dverts t \<noteq> {}"
+ using dtree.set(1)[of "root t" "sucs t"] by simp
+
+lemma dlverts_nempty_aux: "[] \<notin> dverts t \<Longrightarrow> dlverts t \<noteq> {}"
+ using dverts_nempty dlverts_eq_dverts_union[of t] by fastforce
+
+lemma dlverts_nempty_if_wf: "wf_dlverts t \<Longrightarrow> dlverts t \<noteq> {}"
+ using dlverts_nempty_aux empty_notin_wf_dlverts by blast
+
+lemma nempty_root_in_lverts: "root t \<noteq> [] \<Longrightarrow> hd (root t) \<in> dlverts t"
+ using dtree.set_sel(1) list_in_verts_iff_lverts by fastforce
+
+lemma roothd_in_lverts_if_wf: "wf_dlverts t \<Longrightarrow> hd (root t) \<in> dlverts t"
+ using wf_dlverts.simps[of "root t" "sucs t"] nempty_root_in_lverts by auto
+
+lemma hd_in_lverts_if_wf: "\<lbrakk>wf_dlverts t; v \<in> dverts t\<rbrakk> \<Longrightarrow> hd v \<in> dlverts t"
+ using empty_notin_wf_dlverts hd_in_set[of v] lverts_if_in_verts by fast
+
+lemma dlverts_notin_root_sucs:
+ "\<lbrakk>wf_dlverts t; t1 \<in> fst ` fset (sucs t); x \<in> dlverts t1\<rbrakk> \<Longrightarrow> x \<notin> set (root t)"
+ using wf_dlverts.simps[of "root t" "sucs t"] by fastforce
+
+lemma dverts_inter_empty_if_verts_inter:
+ assumes "dlverts x \<inter> dlverts y = {}" and "wf_dlverts x"
+ shows "dverts x \<inter> dverts y = {}"
+proof (rule ccontr)
+ assume asm: "dverts x \<inter> dverts y \<noteq> {}"
+ then obtain r where r_def: "r \<in> dverts x" "r \<in> dverts y" by blast
+ then have "r \<noteq> []" using assms(2) by(auto simp: empty_notin_wf_dlverts)
+ then obtain v where v_def: "v \<in> set r" by fastforce
+ then show False using r_def assms(1) lverts_if_in_verts by (metis IntI all_not_in_conv)
+qed
+
+lemma disjoint_dlverts_if_wf: "wf_dlverts t \<Longrightarrow> disjoint_dlverts (sucs t)"
+ using wf_dlverts.simps[of "root t" "sucs t"] by simp
+
+lemma disjoint_dlverts_subset:
+ assumes "xs |\<subseteq>| ys" and "disjoint_dlverts ys"
+ shows "disjoint_dlverts xs"
+proof (rule ccontr)
+ assume "\<not> disjoint_dlverts xs"
+ then obtain x e1 y e2 where x_def: "(x,e1) \<in> fset xs" "(y,e2) \<in> fset xs"
+ "dlverts x \<inter> dlverts y \<noteq> {} \<and> (x,e1)\<noteq>(y,e2)"
+ by blast
+ have "(x,e1) \<in> fset ys" "(y,e2) \<in> fset ys" using x_def(1,2) assms(1) less_eq_fset.rep_eq by fast+
+ then show False using assms(2) x_def(3) by fast
+qed
+
+lemma root_empty_inter_subset:
+ assumes "xs |\<subseteq>| ys" and "\<forall>(x,e1) \<in> fset ys. set r \<inter> dlverts x = {}"
+ shows "\<forall>(x,e1) \<in> fset xs. set r \<inter> dlverts x = {}"
+ using assms less_eq_fset.rep_eq by force
+
+lemma wf_dlverts_sub:
+ assumes "xs |\<subseteq>| ys" and "wf_dlverts (Node r ys)"
+ shows "wf_dlverts (Node r xs)"
+proof (rule ccontr)
+ assume asm: "\<not>wf_dlverts (Node r xs)"
+ have "disjoint_dlverts xs" using assms(2) disjoint_dlverts_subset[OF assms(1)] by simp
+ moreover have "r \<noteq> []" using assms(2) by simp
+ moreover have "(\<forall>(x,e1) \<in> fset xs. set r \<inter> dlverts x = {})"
+ using assms(2) root_empty_inter_subset[OF assms(1)] by fastforce
+ ultimately obtain x e where x_def: "(x,e) \<in> fset xs" "\<not>wf_dlverts x" using asm by auto
+ then have "(x,e) \<in> fset ys" using assms(1) notin_fset fin_mono by metis
+ then show False using assms(2) x_def(2) by fastforce
+qed
+
+lemma wf_dlverts_sucs: "\<lbrakk>wf_dlverts t; x \<in> fset (sucs t)\<rbrakk> \<Longrightarrow> wf_dlverts (Node (root t) {|x|})"
+ using wf_dlverts_sub[of "{|x|}" "sucs t" "root t"] by (simp add: less_eq_fset.rep_eq)
+
+lemma wf_dverts_if_wf_dlverts: "wf_dlverts t \<Longrightarrow> wf_dverts t"
+proof(induction t)
+ case (Node r xs)
+ then have "\<forall>(x,e) \<in> fset xs. wf_dverts x" by auto
+ moreover have "\<forall>(x,e) \<in> fset xs. r \<notin> dverts x"
+ using nempty_inter_notin_dverts Node.prems by fastforce
+ ultimately show ?case
+ using Node.prems dverts_inter_empty_if_verts_inter wf_dverts_iff_dverts'
+ by (smt (verit, del_insts) wf_dlverts.simps wf_dverts'.simps case_prodD case_prodI2)
+qed
+
+lemma notin_dlverts_child_if_wf_in_root:
+ "\<lbrakk>wf_dlverts (Node r xs); x \<in> set r; t \<in> fst ` fset xs\<rbrakk> \<Longrightarrow> x \<notin> dlverts t"
+ by fastforce
+
+lemma notin_dlverts_suc_if_wf_in_root:
+ "\<lbrakk>wf_dlverts t1; x \<in> set (root t1); t2 \<in> fst ` fset (sucs t1)\<rbrakk> \<Longrightarrow> x \<notin> dlverts t2"
+ using notin_dlverts_child_if_wf_in_root[of "root t1" "sucs t1"] by simp
+
+lemma root_if_same_lvert_wf:
+ "\<lbrakk>wf_dlverts (Node r xs); x \<in> set r; v \<in> dverts (Node r xs); x \<in> set v\<rbrakk> \<Longrightarrow> v = r"
+ by (fastforce simp: lverts_if_in_verts dverts_child_if_not_root notin_dlverts_child_if_wf_in_root)
+
+lemma dverts_same_if_set_wf:
+ "\<lbrakk>wf_dlverts t; v1 \<in> dverts t; v2 \<in> dverts t; x \<in> set v1; x \<in> set v2\<rbrakk> \<Longrightarrow> v1 = v2"
+proof(induction t)
+ case (Node r xs)
+ then show ?case
+ proof(cases "x \<in> set r")
+ case True
+ then show ?thesis using Node.prems(2,3,4,5) root_if_same_lvert_wf[OF Node.prems(1)] by blast
+ next
+ case False
+ then obtain t2 e2 where t2_def: "(t2,e2) \<in> fset xs" "x \<in> dlverts t2"
+ using Node.prems(2,4) lverts_if_in_verts by fastforce
+ then have "\<forall>(t3,e3)\<in>fset xs. (t3,e3) = (t2,e2) \<or> x \<notin> dlverts t3"
+ using Node.prems(1) by fastforce
+ then have "v1 \<in> dverts t2 \<and> v2 \<in> dverts t2"
+ using Node.prems(2-5) lverts_if_in_verts False by force
+ then show ?thesis using Node.IH t2_def(1) Node.prems(1,4,5) by auto
+ qed
+qed
+
+lemma dtree_from_list_empty_inter_iff:
+ "(\<forall>v \<in> fst ` set ((v, e) # xs). set r \<inter> set v = {})
+ \<longleftrightarrow> (\<forall>(x,e1) \<in> fset {|(dtree_from_list v xs,e)|}. set r \<inter> dlverts x = {})" (is "?P \<longleftrightarrow> ?Q")
+proof
+ assume asm: "?P"
+ have "dverts (dtree_from_list v xs) = fst ` set ((v,e)#xs)"
+ by(simp add: dtree_from_list_eq_dverts)
+ then show ?Q using list_in_verts_if_lverts asm by fastforce
+next
+ assume asm: "?Q"
+ have "dverts (dtree_from_list v xs) = fst ` set ((v,e)#xs)"
+ by(simp add: dtree_from_list_eq_dverts)
+ moreover have "(dtree_from_list v xs,e) \<in> fset {|(dtree_from_list v xs, e)|}" by simp
+ ultimately show "?P" using asm lverts_if_in_verts by fast
+qed
+
+lemma wf_dlverts_iff_wf_list_lverts:
+ "(\<forall>v \<in> fst ` set xs. set r \<inter> set v = {}) \<and> r \<noteq> [] \<and> wf_list_lverts xs
+ \<longleftrightarrow> wf_dlverts (dtree_from_list r xs)"
+proof(induction xs arbitrary: r rule: wf_list_lverts.induct)
+ case (2 v e xs)
+ then show ?case using dtree_from_list_empty_inter_iff[of v e] by auto
+qed (simp)
+
+lemma vert_disjoint_if_not_root:
+ assumes "wf_dlverts t"
+ and "v \<in> dverts t - {root t}"
+ shows "set (root t) \<inter> set v = {}"
+proof -
+ obtain t1 e1 where t1_def: "(t1,e1) \<in> fset (sucs t)" "v \<in> dverts t1"
+ using assms(2) dtree.set_cases(1) by force
+ then show ?thesis using assms(1) wf_dlverts.simps[of "root t"] lverts_if_in_verts by fastforce
+qed
+
+lemma vert_disjoint_if_to_list:
+ "\<lbrakk>wf_dlverts (Node r {|(t1,e1)|}); v \<in> fst ` set (dtree_to_list t1)\<rbrakk>
+ \<Longrightarrow> set (root t1) \<inter> set v = {}"
+ using vert_disjoint_if_not_root dtree_to_list_sub_dverts wf_dverts_if_wf_dlverts by fastforce
+
+lemma wf_list_lverts_if_wf_dlverts: "wf_dlverts t \<Longrightarrow> wf_list_lverts (dtree_to_list t)"
+proof(induction t)
+ case (Node r xs)
+ then show ?case
+ proof(cases "\<forall>x. xs \<noteq> {|x|}")
+ case True
+ then show ?thesis using dtree_to_list.simps(2) by simp
+ next
+ case False
+ then obtain t1 e1 where t1_def: "xs = {|(t1,e1)|}" by auto
+ then have "wf_dlverts t1" using Node.prems by simp
+ then have "root t1 \<noteq> []" using wf_dlverts.simps[of "root t1" "sucs t1"] by simp
+ then show ?thesis using Node vert_disjoint_if_to_list t1_def by fastforce
+ qed
+qed
+
+lemma child_in_dlverts: "(t1,e) \<in> fset xs \<Longrightarrow> dlverts t1 \<subseteq> dlverts (Node r xs)"
+ by force
+
+lemma suc_in_dlverts: "(t1,e) \<in> fset (sucs t2) \<Longrightarrow> dlverts t1 \<subseteq> dlverts t2"
+ using child_in_dlverts[of t1 e "sucs t2" "root t2"] by auto
+
+lemma suc_in_dlverts': "t1 \<in> fst ` fset (sucs t2) \<Longrightarrow> dlverts t1 \<subseteq> dlverts t2"
+ using suc_in_dlverts by fastforce
+
+lemma subtree_in_dlverts: "is_subtree t1 t2 \<Longrightarrow> dlverts t1 \<subseteq> dlverts t2"
+ by(induction t2) fastforce
+
+lemma subtree_root_if_dlverts: "x \<in> dlverts t \<Longrightarrow> \<exists>r xs. is_subtree (Node r xs) t \<and> x \<in> set r"
+ using subtree_root_if_dverts list_in_verts_if_lverts by fast
+
+lemma x_not_root_strict_subtree:
+ assumes "x \<in> dlverts t" and "x \<notin> set (root t)"
+ shows "\<exists>r xs t1. is_subtree (Node r xs) t \<and> t1 \<in> fst ` fset xs \<and> x \<in> set (root t1)"
+proof -
+ obtain r xs where r_def: "is_subtree (Node r xs) t" "x \<in> set r"
+ using subtree_root_if_dlverts[OF assms(1)] by fast
+ then have sub: "strict_subtree (Node r xs) t" using assms(2) strict_subtree_def by fastforce
+ then show ?thesis using assms(2) subtree_child_if_strict_subtree[OF sub] r_def(2) by force
+qed
+
+lemma dverts_disj_if_wf_dlverts:
+ "\<lbrakk>wf_dlverts t; v1 \<in> dverts t; v2 \<in> dverts t; v1 \<noteq> v2\<rbrakk> \<Longrightarrow> set v1 \<inter> set v2 = {}"
+ using dverts_same_if_set_wf by fast
+
+thm empty_notin_wf_dlverts
+
+lemma wf_dlverts'_if_dlverts: "wf_dlverts t \<Longrightarrow> wf_dlverts' t"
+ using wf_dlverts'_def empty_notin_wf_dlverts dverts_disj_if_wf_dlverts wf_dverts_if_wf_dlverts
+ by blast
+
+lemma disjoint_dlverts_if_wf'_aux:
+ assumes "wf_dlverts' (Node r xs)"
+ and "(t1,e1) \<in> fset xs"
+ and "(t2,e2) \<in> fset xs"
+ and "(t1,e1) \<noteq> (t2,e2)"
+ shows "dlverts t1 \<inter> dlverts t2 = {}"
+proof(rule ccontr)
+ assume "dlverts t1 \<inter> dlverts t2 \<noteq> {}"
+ then obtain x y where x_def: "x \<in> dverts t1" "y \<in> dverts t2" "set x \<inter> set y \<noteq> {}"
+ using dlverts_eq_dverts_union[of t1] dlverts_eq_dverts_union[of t2] by auto
+ then have "x \<in> dverts (Node r xs)" "y \<in> dverts (Node r xs)"
+ using dverts_child_subseteq assms(2,3) by auto
+ moreover have "x \<noteq> y"
+ using assms(1) disjoint_dverts_if_wf_aux[rotated, OF assms(2-4)] x_def(1,2)
+ unfolding wf_dlverts'_def by blast
+ ultimately show False using assms(1) x_def(3) unfolding wf_dlverts'_def by blast
+qed
+
+lemma disjoint_dlverts_if_wf': "wf_dlverts' (Node r xs) \<Longrightarrow> disjoint_dlverts xs"
+ using disjoint_dlverts_if_wf'_aux by fast
+
+lemma root_nempty_if_wf': "wf_dlverts' (Node r xs) \<Longrightarrow> r \<noteq> []"
+ unfolding wf_dlverts'_def by fastforce
+
+lemma disjoint_root_if_wf'_aux:
+ assumes "wf_dlverts' (Node r xs)"
+ and "(t1,e1) \<in> fset xs"
+ shows "set r \<inter> dlverts t1 = {}"
+proof(rule ccontr)
+ assume "set r \<inter> dlverts t1 \<noteq> {}"
+ then obtain x where x_def: "x \<in> dverts t1" "set x \<inter> set r \<noteq> {}"
+ using dlverts_eq_dverts_union by fast
+ then have "x \<in> dverts (Node r xs)" using dverts_child_subseteq assms(2) by auto
+ moreover have "r \<in> dverts (Node r xs)" by simp
+ moreover have "x \<noteq> r"
+ using assms x_def(1) root_not_child_if_wf_dverts unfolding wf_dlverts'_def by fast
+ ultimately show False using assms(1) x_def(2) unfolding wf_dlverts'_def by blast
+qed
+
+lemma disjoint_root_if_wf':
+ "wf_dlverts' (Node r xs) \<Longrightarrow> \<forall>(t1,e1) \<in> fset xs. set r \<inter> dlverts t1 = {}"
+ using disjoint_root_if_wf'_aux by fast
+
+lemma wf_dlverts_if_dlverts': "wf_dlverts' t \<Longrightarrow> wf_dlverts t"
+proof(induction t)
+ case (Node r xs)
+ then have "\<forall>(t1,e1) \<in> fset xs. set r \<inter> dlverts t1 = {}"
+ using disjoint_root_if_wf' by blast
+ moreover have "r \<noteq> [] \<and> disjoint_dlverts xs"
+ using disjoint_dlverts_if_wf' Node.prems root_nempty_if_wf' by fast
+ moreover have "\<forall>(t1,e1) \<in> fset xs. wf_dlverts t1"
+ using Node wf_dlverts'_rec by fastforce
+ ultimately show ?case by auto
+qed
+
+lemma wf_dlverts_iff_dlverts': "wf_dlverts t \<longleftrightarrow> wf_dlverts' t"
+ using wf_dlverts_if_dlverts' wf_dlverts'_if_dlverts by blast
+
+locale list_dtree =
+ fixes t :: "('a list,'b) dtree"
+ assumes wf_arcs: "wf_darcs t"
+ and wf_lverts: "wf_dlverts t"
+
+sublocale list_dtree \<subseteq> wf_dtree
+ using wf_arcs wf_lverts wf_dverts_if_wf_dlverts by(unfold_locales) auto
+
+theorem list_dtree_iff_wf_list:
+ "wf_list_arcs xs \<and> (\<forall>v \<in> fst ` set xs. set r \<inter> set v = {}) \<and> r \<noteq> [] \<and> wf_list_lverts xs
+ \<longleftrightarrow> list_dtree (dtree_from_list r xs)"
+ using wf_darcs_iff_wf_list_arcs wf_dlverts_iff_wf_list_lverts list_dtree_def by metis
+
+lemma list_dtree_subset:
+ assumes "xs |\<subseteq>| ys" and "list_dtree (Node r ys)"
+ shows "list_dtree (Node r xs)"
+ using wf_dlverts_sub[OF assms(1)] wf_darcs_sub[OF assms(1)] assms(2)
+ by (unfold_locales) (fast dest: list_dtree.wf_lverts list_dtree.wf_arcs)+
+
+context fin_list_directed_tree
+begin
+
+lemma dlverts_disjoint:
+ assumes "r \<in> verts T" and "(Node r xs) = to_dtree_aux r"
+ and "(x,e1) \<in> fset xs" and "(y,e2) \<in> fset xs" and "(x,e1)\<noteq>(y,e2)"
+ shows "dlverts x \<inter> dlverts y = {}"
+proof (rule ccontr)
+ assume "dlverts x \<inter> dlverts y \<noteq> {}"
+ then obtain v where v_def[simp]: "v \<in> dlverts x" "v \<in> dlverts y" by blast
+ obtain x1 where x1_def: "v \<in> set x1" "x1 \<in> dverts x" using list_in_verts_if_lverts by force
+ obtain y1 where y1_def: "v \<in> set y1" "y1 \<in> dverts y" using list_in_verts_if_lverts by force
+ have 0: "y = to_dtree_aux (Dtree.root y)" using to_dtree_aux_self assms(2,4) by blast
+ have "r \<rightarrow>\<^bsub>T\<^esub> Dtree.root y"
+ using assms(2,4) dominated_if_child by (metis (no_types, opaque_lifting) fst_conv image_iff)
+ then have 1: "Dtree.root y \<in> verts T" using adj_in_verts(2) by simp
+ have "r \<rightarrow>\<^bsub>T\<^esub> Dtree.root x"
+ using assms(2,3) dominated_if_child by (metis (no_types, opaque_lifting) fst_conv image_iff)
+ then have "Dtree.root x \<in> verts T" using adj_in_verts(2) by simp
+ moreover have "x = to_dtree_aux (Dtree.root x)" using to_dtree_aux_self assms(2,3) by blast
+ ultimately have "Dtree.root x \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x1" using to_dtree_aux_dverts_reachable x1_def(2) by blast
+ moreover have "Dtree.root y \<rightarrow>\<^sup>*\<^bsub>T\<^esub> y1" using 0 1 to_dtree_aux_dverts_reachable y1_def(2) by blast
+ ultimately have "x1 = y1" using disjoint_verts reachable_in_verts(2) x1_def(1) y1_def(1) by auto
+ then show False using dverts_disjoint[OF assms(2-5)] x1_def(2) y1_def(2) by blast
+qed
+
+lemma wf_dlverts_to_dtree_aux: "\<lbrakk>r \<in> verts T; t = to_dtree_aux r\<rbrakk> \<Longrightarrow> wf_dlverts t"
+proof(induction t arbitrary: r rule: darcs_mset.induct)
+ case (1 r' xs)
+ then have "r = r'" by simp
+ have "\<forall>(x,e) \<in> fset xs. wf_dlverts x \<and> set r \<inter> dlverts x = {}"
+ proof (standard, standard, standard)
+ fix xp x e
+ assume asm: "xp \<in> fset xs" "xp = (x,e)"
+ then have 0: "x = to_dtree_aux (Dtree.root x)" using to_dtree_aux_self "1.prems"(2) by simp
+ have 2: "r \<rightarrow>\<^bsub>T\<^esub> Dtree.root x" using asm "1.prems" \<open>r = r'\<close>
+ by (metis (no_types, opaque_lifting) dominated_if_child fst_conv image_iff)
+ then have 3: "Dtree.root x \<in> verts T" using adj_in_verts(2) by simp
+ then show "wf_dlverts x" using "1.IH" asm 0 by blast
+ have "r \<notin> dverts x"
+ proof
+ assume "r \<in> dverts x"
+ then have "Dtree.root x \<rightarrow>\<^sup>*\<^bsub>T\<^esub> r" using 0 3 to_dtree_aux_dverts_reachable by blast
+ then have "r \<rightarrow>\<^sup>+\<^bsub>T\<^esub> r" using 2 by auto
+ then show False using reachable1_not_reverse by blast
+ qed
+ then show "set r \<inter> dlverts x = {}"
+ using 0 "1.prems"(1) 3 disjoint_iff_not_equal disjoint_verts list_in_verts_if_lverts
+ by (metis reachable_in_verts(2) to_dtree_aux_dverts_reachable)
+ qed
+ moreover have "disjoint_dlverts xs" using dlverts_disjoint "1.prems" by fastforce
+ ultimately show ?case using \<open>r = r'\<close> by (auto simp add: "1.prems"(1) nempty_verts)
+qed
+
+lemma wf_dlverts_to_dtree: "wf_dlverts to_dtree"
+ using to_dtree_def wf_dlverts_to_dtree_aux root_in_T by blast
+
+theorem list_dtree_to_dtree: "list_dtree to_dtree"
+ using list_dtree_def wf_dlverts_to_dtree wf_darcs_to_dtree by blast
+
+end
+
+context list_dtree
+begin
+
+lemma list_dtree_rec: "\<lbrakk>Node r xs = t; (x,e) \<in> fset xs\<rbrakk> \<Longrightarrow> list_dtree x"
+ using wf_arcs wf_lverts by(unfold_locales) auto
+
+lemma list_dtree_rec_suc: "(x,e) \<in> fset (sucs t) \<Longrightarrow> list_dtree x"
+ using list_dtree_rec[of "root t"] by force
+
+lemma list_dtree_sub: "is_subtree x t \<Longrightarrow> list_dtree x"
+using list_dtree_axioms proof(induction t rule: darcs_mset.induct)
+ case (1 r xs)
+ then interpret list_dtree "Node r xs" by blast
+ show ?case
+ proof(cases "x = Node r xs")
+ case True
+ then show ?thesis by (simp add: "1.prems")
+ next
+ case False
+ then show ?thesis using "1.IH" list_dtree_rec "1.prems"(1) by auto
+ qed
+qed
+
+theorem from_dtree_fin_list_dir: "fin_list_directed_tree (root t) (from_dtree dt dh t)"
+ unfolding fin_list_directed_tree_def fin_list_directed_tree_axioms_def
+ by (auto simp: from_dtree_fin_directed empty_notin_wf_dlverts[OF wf_lverts]
+ intro: wf_lverts dverts_same_if_set_wf)
+
+subsection \<open>Combining Preserves Well-Formedness\<close>
+
+lemma remove_child_sub: "remove_child x xs |\<subseteq>| xs"
+ by auto
+
+lemma child2_commute_aux:
+ assumes "f = (\<lambda>(t,_) b. case t of Node r ys \<Rightarrow> if r = a then ys |\<union>| b else b)"
+ shows "(f y \<circ> f x) z = (f x \<circ> f y) z"
+proof -
+ obtain r1 ys1 e1 where y_def: "y = (Node r1 ys1, e1)" by (metis dtree.exhaust eq_snd_iff)
+ obtain r2 ys2 e2 where "x = (Node r2 ys2, e2)" by (metis dtree.exhaust eq_snd_iff)
+ then show ?thesis by (simp add: assms funion_left_commute y_def)
+qed
+
+lemma child2_commute:
+ "comp_fun_commute (\<lambda>(t,_) b. case t of Node r ys \<Rightarrow> if r = x then ys |\<union>| b else b)"
+ using comp_fun_commute_def child2_commute_aux by fastforce
+
+interpretation Comm:
+ comp_fun_commute "\<lambda>(t,_) b. case t of Node r ys \<Rightarrow> if r = x then ys |\<union>| b else b"
+ by (rule child2_commute)
+
+lemma input_in_child2:
+ "zs |\<subseteq>| child2 x zs ys"
+proof(induction ys)
+ case empty
+ then show ?case using Comm.ffold_empty by simp
+next
+ case (insert y ys)
+ then obtain r xs e where r_def: "(Node r xs,e) = y" by (metis dtree.exhaust surj_pair)
+ let ?f = "(\<lambda>(t,_) b. case t of Node r ys \<Rightarrow> if r = x then ys |\<union>| b else b)"
+ show ?case
+ proof(cases "r=x")
+ case True
+ then have "ffold ?f zs (finsert y ys) = xs |\<union>| (ffold ?f zs ys)"
+ using r_def insert.hyps by force
+ then show ?thesis using insert.IH by blast
+ next
+ case False
+ then have "ffold ?f zs (finsert y ys) = (ffold ?f zs ys)" using r_def insert.hyps by force
+ then show ?thesis using insert.IH by blast
+ qed
+qed
+
+lemma child2_subset_if_input1:
+ "zs' |\<subseteq>| zs \<Longrightarrow> child2 x zs' ys |\<subseteq>| child2 x zs ys"
+proof(induction ys)
+ case (insert y ys)
+ obtain r xs e where r_def: "(Node r xs, e) = y" by (metis dtree.exhaust surj_pair)
+ let ?f = "(\<lambda>(t,_) b. case t of Node r ys \<Rightarrow> if r = x then ys |\<union>| b else b)"
+ show ?case
+ proof(cases "r=x")
+ case True
+ then have "ffold ?f zs (finsert y ys) = xs |\<union>| (ffold ?f zs ys)"
+ using r_def insert.hyps by force
+ moreover have "ffold ?f zs' (finsert y ys) = xs |\<union>| (ffold ?f zs' ys)"
+ using r_def insert.hyps True by force
+ ultimately show ?thesis using insert by blast
+ next
+ case False
+ then have "ffold ?f zs (finsert y ys) = (ffold ?f zs ys)" using r_def insert.hyps by force
+ moreover have "ffold ?f zs' (finsert y ys) = (ffold ?f zs' ys)"
+ using r_def insert.hyps False by force
+ ultimately show ?thesis using insert by blast
+ qed
+qed (simp)
+
+lemma child2_subset_if_input2:
+ "ys' |\<subseteq>| ys \<Longrightarrow> child2 x xs ys' |\<subseteq>| child2 x xs ys"
+proof(induction "fcard ys" arbitrary: ys)
+ case (Suc n)
+ show ?case
+ proof(cases "ys' = ys")
+ case False
+ then obtain z where z_def: "z |\<in>| ys \<and> z |\<notin>| ys'" using Suc.prems by blast
+ then obtain zs where zs_def: "finsert z zs = ys \<and> z |\<notin>| zs" by blast
+ then have "ys' |\<subseteq>| zs \<and> fcard zs = n"
+ using Suc.prems(1) Suc.hyps(2) z_def fcard_finsert_disjoint by fastforce
+ then have 0: "child2 x xs ys' |\<subseteq>| child2 x xs zs" using Suc.hyps(1) by blast
+ obtain r rs e where r_def: "(Node r rs, e) = z" by (metis dtree.exhaust surj_pair)
+ then show ?thesis using 0 zs_def by force
+ qed (simp)
+qed (simp)
+
+lemma darcs_split: "darcs (Node r (xs|\<union>|ys)) = darcs (Node r xs) \<union> darcs (Node r ys)"
+ by simp
+
+lemma darcs_sub_if_children_sub: "xs |\<subseteq>| ys \<Longrightarrow> darcs (Node r xs) \<subseteq> darcs (Node v ys)"
+proof(induction "fcard ys" arbitrary: ys)
+ case (Suc n)
+ then show ?case
+ proof(cases "ys = xs")
+ case False
+ then obtain z where z_def: "z |\<in>| ys \<and> z |\<notin>| xs" using Suc.prems by blast
+ then obtain zs where zs_def: "finsert z zs = ys \<and> z |\<notin>| zs" by blast
+ then have "xs |\<subseteq>| zs \<and> fcard zs = n"
+ using Suc.prems(1) Suc.hyps(2) z_def fcard_finsert_disjoint by fastforce
+ then have "darcs (Node r xs) \<subseteq> darcs (Node v zs)" using Suc.hyps(1) by blast
+ then show ?thesis using zs_def darcs_split[of v "{|z|}" zs] by auto
+ qed (simp)
+qed (simp)
+
+lemma darc_in_child2_snd_if_nin_fst:
+ "e \<in> darcs (Node x (child2 a xs ys)) \<Longrightarrow> e \<notin> darcs (Node v ys) \<Longrightarrow> e \<in> darcs (Node r xs)"
+proof(induction "ys")
+ case (insert y ys)
+ obtain r rs e1 where r_def: "(Node r rs, e1) = y" by (metis dtree.exhaust surj_pair)
+ then have e_not_rs: "e \<notin> darcs (Node x rs)" using insert.prems(2) by fastforce
+ show ?case
+ proof(cases "r = a")
+ case True
+ then have "darcs (Node x (child2 a xs (finsert y ys)))
+ = darcs (Node x (rs |\<union>| (child2 a xs ys)))"
+ using r_def insert.hyps(1) by force
+ moreover have "\<dots> = darcs (Node x rs) \<union> darcs (Node x (child2 a xs ys))" by simp
+ ultimately have "e \<in> darcs (Node x (child2 a xs ys))" using insert.prems(1) e_not_rs by blast
+ then show ?thesis using insert.IH insert.prems(2) by simp
+ next
+ case False
+ then have "darcs (Node x (child2 a xs (finsert y ys))) = darcs (Node x (child2 a xs ys))"
+ using r_def insert.hyps(1) by force
+ then show ?thesis using insert.IH insert.prems by simp
+ qed
+qed (simp)
+
+lemma darc_in_child2_fst_if_nin_snd:
+ "e \<in> darcs (Node x (child2 a xs ys)) \<Longrightarrow> e \<notin> darcs (Node v xs) \<Longrightarrow> e \<in> darcs (Node r ys)"
+ using darc_in_child2_snd_if_nin_fst by fast
+
+lemma darcs_child2_sub: "darcs (Node x (child2 y xs ys)) \<subseteq> darcs (Node r xs) \<union> darcs (Node r' ys)"
+ using darc_in_child2_snd_if_nin_fst by fast
+
+lemma darcs_combine_sub_orig: "darcs (combine x y t1) \<subseteq> darcs t1"
+proof(induction t1)
+ case ind: (Node r xs)
+ show ?case
+ proof(cases "x=r \<and> (\<exists>t. t \<in> fst ` fset xs \<and> root t = y)")
+ case True
+ then have "darcs (combine x y (Node r xs))
+ = darcs (Node (x@y) (child2 y (remove_child y xs) xs))" by simp
+ also have "\<dots> \<subseteq> darcs (Node x (child2 y xs xs))"
+ using darcs_sub_if_children_sub[of "child2 y (remove_child y xs) xs" "child2 y xs xs"]
+ child2_subset_if_input1[of "remove_child y xs" xs] remove_child_sub by fast
+ finally show ?thesis using darcs_child2_sub by fast
+ next
+ case False
+ then have "darcs (combine x y (Node r xs))
+ = darcs (Node r ((\<lambda>(t,e). (combine x y t,e)) |`| xs))"
+ by auto
+ also have "\<dots> \<subseteq> (\<Union>(t,e)\<in>fset xs. \<Union> (darcs ` {t}) \<union> {e})"
+ using ind.IH wf_dtree_rec by fastforce
+ finally show ?thesis by force
+ qed
+qed
+
+lemma child2_in_child:
+ "\<lbrakk>b \<in> fset (child2 a ys xs); b |\<notin>| ys\<rbrakk> \<Longrightarrow> \<exists>rs e. (Node a rs, e) \<in> fset xs \<and> b |\<in>| rs"
+proof(induction xs)
+ case (insert x xs)
+ obtain r rs e1 where r_def: "(Node r rs, e1) = x" by (metis dtree.exhaust surj_pair)
+ show ?case
+ proof(cases "r = a")
+ case ra: True
+ then have 0: "child2 a ys (finsert x xs) = rs |\<union>| (child2 a ys xs)"
+ using r_def insert.hyps(1) by force
+ show ?thesis
+ proof(cases "b |\<in>| rs")
+ case True
+ then show ?thesis using r_def ra by auto
+ next
+ case False
+ then have "b \<in> fset (child2 a ys xs)" using insert.prems(1) 0 notin_fset by force
+ then show ?thesis using insert.IH insert.prems(2) by auto
+ qed
+ next
+ case False
+ then show ?thesis using insert r_def by force
+ qed
+qed (simp add: notin_fset)
+
+lemma child_in_darcs: "(y,e2) \<in> fset xs \<Longrightarrow> darcs y \<union> {e2} \<subseteq> darcs (Node r xs)"
+ by force
+
+lemma disjoint_darcs_child2:
+ assumes "wf_darcs (Node r xs)"
+ shows "disjoint_darcs (child2 a (remove_child a xs) xs)" (is "disjoint_darcs ?P")
+proof (rule ccontr)
+ assume "\<not> disjoint_darcs ?P"
+ then obtain x e1 y e2 where asm: "(x,e1) \<in> fset ?P" "(y,e2) \<in> fset ?P" "(e1 \<in> darcs x \<or>
+ ((darcs x \<union> {e1}) \<inter> (darcs y \<union> {e2}) \<noteq> {} \<and> (x,e1)\<noteq>(y,e2)))" by blast
+ note wf_darcs_iff_darcs'[simp]
+ consider "(x,e1) \<in> fset (remove_child a xs)" "e1 \<in> darcs x"
+ | "(x,e1) \<in> fset (remove_child a xs)" "e1 \<notin> darcs x" "(y,e2) \<in> fset (remove_child a xs)"
+ | "(x,e1) \<in> fset (remove_child a xs)" "e1 \<notin> darcs x" "(y,e2) |\<notin>| (remove_child a xs)"
+ | "(x,e1) |\<notin>| (remove_child a xs)" "e1 \<in> darcs x"
+ | "(x,e1) |\<notin>| (remove_child a xs)" "e1 \<notin> darcs x" "(y,e2) \<in> fset (remove_child a xs)"
+ | "(x,e1) |\<notin>| (remove_child a xs)" "e1 \<notin> darcs x" "(y,e2) |\<notin>| (remove_child a xs)"
+ by (auto simp: notin_fset)
+ then show False
+ proof(cases)
+ case 1
+ then show ?thesis using assms by auto
+ next
+ case 2
+ then show ?thesis using assms asm(3) by fastforce
+ next
+ case 3
+ then have x_xs: "(x,e1) \<in> fset xs" by simp
+ obtain rs2 re2 where r2_def: "(Node a rs2, re2) \<in> fset xs" "(y,e2) |\<in>| rs2"
+ using child2_in_child asm(2) 3(3) by fast
+ then have "darcs y \<union> {e2} \<subseteq> darcs (Node a rs2)" using child_in_darcs notin_fset by fast
+ then have "(darcs x \<union> {e1}) \<inter> (darcs (Node a rs2) \<union> {re2}) \<noteq> {}" using 3(2) asm(3) by blast
+ moreover have "(x,e1)\<noteq>(Node a rs2, re2)" using 3(1) by force
+ ultimately have "\<not> disjoint_darcs xs" using r2_def(1) x_xs by fast
+ then show ?thesis using assms by simp
+ next
+ case 4
+ then obtain rs1 re1 where r1_def: "(Node a rs1, re1) \<in> fset xs" "(x,e1) |\<in>| rs1"
+ using child2_in_child asm(1) by fast
+ then have "\<not>disjoint_darcs rs1" using notin_fset 4(2) by fast
+ then show ?thesis using assms r1_def(1) by fastforce
+ next
+ case 5
+ then obtain rs1 re1 where r1_def: "(Node a rs1, re1) \<in> fset xs" "(x,e1) |\<in>| rs1"
+ using child2_in_child asm(1) by fast
+ have 1: "(darcs (Node a rs1) \<union> {re1}) \<inter> (darcs y \<union> {e2}) \<noteq> {}"
+ using r1_def(2) asm(3) 5(2) child_in_darcs notin_fset by fast
+ have y_xs: "(y,e2) \<in> fset xs" using 5(3) by simp
+ then have "(Node a rs1, re1)\<noteq>(y,e2)" using 5(3) by force
+ then have "\<not> disjoint_darcs xs" using r1_def(1) y_xs 1 by fast
+ then show ?thesis using assms by simp
+ next
+ case 6
+ then obtain rs1 re1 where r1_def: "(Node a rs1, re1) \<in> fset xs" "(x,e1) |\<in>| rs1"
+ using child2_in_child asm(1) by fast
+ then have 1: "(darcs (Node a rs1) \<union> {re1}) \<inter> (darcs y \<union> {e2}) \<noteq> {}"
+ using asm(3) 6(2) child_in_darcs notin_fset by fast
+ obtain rs2 re2 where r2_def: "(Node a rs2, re2) \<in> fset xs" "(y,e2) |\<in>| rs2"
+ using child2_in_child asm(2) 6(3) by fast
+ then have "darcs y \<union> {e2} \<subseteq> darcs (Node a rs2)" using child_in_darcs notin_fset by fast
+ then have 1: "(darcs (Node a rs1) \<union> {re1}) \<inter> (darcs (Node a rs2) \<union> {re2}) \<noteq> {}"
+ using 1 asm(3) 6(2) child_in_darcs notin_fset by blast
+ then show ?thesis
+ proof(cases "(Node a rs1, re1) = (Node a rs2, re2)")
+ case True
+ then have "(x,e1) \<in> fset rs1 \<and> (y,e2) \<in> fset rs1"
+ using r1_def(2) r2_def(2) notin_fset by fast
+ then show ?thesis using assms r1_def asm(3) 6(2) by fastforce
+ next
+ case False
+ then have "\<not> disjoint_darcs xs" using r1_def(1) r2_def(1) 1 by fast
+ then show ?thesis using assms by simp
+ qed
+ qed
+qed
+
+lemma wf_darcs_child2:
+ assumes "wf_darcs (Node r xs)" and "(x,e) \<in> fset (child2 a (remove_child a xs) xs)"
+ shows "wf_darcs x"
+proof(cases "(x,e) |\<in>| remove_child a xs")
+ case True
+ then show ?thesis using assms(1) notin_fset by (fastforce simp: wf_darcs_iff_darcs')
+next
+ case False
+ then obtain r rs e1 where "(Node r rs, e1) \<in> fset xs \<and> (x,e) |\<in>| rs \<and> r = a"
+ using child2_in_child assms(2) by fast
+ then show ?thesis using assms notin_fset by (fastforce simp: wf_darcs_iff_darcs')
+qed
+
+lemma disjoint_darcs_combine:
+ assumes "Node r xs = t"
+ shows "disjoint_darcs ((\<lambda>(t,e). (combine x y t,e)) |`| xs)"
+proof -
+ have "disjoint_darcs xs" using wf_arcs assms by (fastforce simp: wf_darcs_iff_darcs')
+ then show ?thesis
+ using disjoint_darcs_img[of xs "combine x y"] by (simp add: darcs_combine_sub_orig)
+qed
+
+lemma wf_darcs_combine: "wf_darcs (combine x y t)"
+using list_dtree_axioms proof(induction t)
+ case ind: (Node r xs)
+ then interpret list_dtree "Node r xs" using ind.prems by blast
+ show ?case
+ proof(cases "x=r \<and> (\<exists>t. t \<in> fst ` fset xs \<and> root t = y)")
+ case True
+ have "disjoint_darcs (child2 y (remove_child y xs) xs)"
+ using disjoint_darcs_child2[OF wf_arcs] by simp
+ moreover have "\<forall>(x,e) \<in> fset (child2 y (remove_child y xs) xs). wf_darcs x"
+ using wf_darcs_child2 wf_arcs by fast
+ ultimately show ?thesis using True by (simp add: wf_darcs_iff_darcs')
+ next
+ case False
+ have "disjoint_darcs ((\<lambda>(t,e). (combine x y t, e)) |`| xs)"
+ using disjoint_darcs_combine ind.prems by simp
+ moreover have "\<forall>(x,e) \<in> fset xs. list_dtree x" using list_dtree_rec by blast
+ ultimately show ?thesis using False ind.IH ind.prems by (auto simp: wf_darcs_iff_darcs')
+ qed
+qed
+
+lemma v_in_dlverts_if_in_comb: "v \<in> dlverts (combine x y t) \<Longrightarrow> v \<in> dlverts t"
+using list_dtree_axioms proof(induction t)
+ case ind: (Node r xs)
+ then interpret list_dtree "Node r xs" using ind.prems by blast
+ show ?case
+ proof(cases "x=r \<and> (\<exists>t. t \<in> fst ` fset xs \<and> root t = y)")
+ case x_and_y: True
+ show ?thesis
+ proof(cases "v \<in> set x \<union> set y")
+ case True
+ then show ?thesis using x_and_y dtree.set_sel(1) lverts_if_in_verts by fastforce
+ next
+ case False
+ then obtain t e where t_def: "(t,e) \<in> fset (child2 y (remove_child y xs) xs)" "v \<in> dlverts t"
+ using x_and_y ind.prems by auto
+ then show ?thesis
+ proof(cases "(t,e) |\<in>| (remove_child y xs)")
+ case True
+ then have "(t,e) \<in> fset (remove_child y xs)" using notin_fset by fast
+ then show ?thesis using t_def(2) by force
+ next
+ case False
+ then obtain r1 rs1 re1 where r1_def: "(Node r1 rs1, re1) \<in> fset xs" "(t,e) |\<in>| rs1"
+ using child2_in_child t_def(1) by fast
+ have "is_subtree t (Node r1 rs1)" using subtree_if_child notin_fset r1_def(2) by fastforce
+ moreover have "is_subtree (Node r1 rs1) (Node r xs)"
+ using subtree_if_child r1_def(1) by fastforce
+ ultimately have "is_subtree t (Node r xs)" using subtree_trans by blast
+ then show ?thesis using t_def(2) subtree_in_dlverts by blast
+ qed
+ qed
+ next
+ case rec: False
+ then show ?thesis
+ proof(cases "v \<in> set r")
+ case False
+ then have "\<exists>(t,e) \<in> fset xs. v \<in> dlverts (combine x y t)"
+ using ind.prems list_dtree_rec rec by force
+ then show ?thesis using ind.IH list_dtree_rec by fastforce
+ qed (simp)
+ qed
+qed
+
+lemma ex_subtree_if_in_lverts: "v \<in> dlverts t1 \<Longrightarrow> \<exists>t2. is_subtree t2 t1 \<and> v \<in> set (root t2)"
+ apply(induction t1)
+ apply(cases)
+ apply simp
+ by fastforce
+
+lemma child'_in_child2:
+ assumes "(Node y rs1,e1) \<in> fset xs" and "(t2,e2) \<in> fset rs1"
+ shows "(t2,e2) \<in> fset (child2 y ys xs)"
+using assms proof(induction xs)
+ case (insert x xs)
+ obtain r rs re where r_def: "(Node r rs, re) = x" by (metis dtree.exhaust surj_pair)
+ show ?case
+ proof(cases "r = y")
+ case ry: True
+ then have 0: "child2 y ys (finsert x xs) = rs |\<union>| (child2 y ys xs)"
+ using r_def insert.hyps(1) by force
+ then show ?thesis using insert by fastforce
+ next
+ case False
+ then show ?thesis using insert r_def by force
+ qed
+qed (simp)
+
+lemma v_in_comb_if_in_dlverts: "v \<in> dlverts t \<Longrightarrow> v \<in> dlverts (combine x y t)"
+using list_dtree_axioms proof(induction t)
+ case ind: (Node r xs)
+ then interpret list_dtree "Node r xs" using ind.prems by blast
+ show ?case
+ proof(cases "x=r \<and> (\<exists>t. t \<in> fst ` fset xs \<and> root t = y)")
+ case x_and_y: True
+ then have 0: "combine x y (Node r xs) = Node (x@y) (child2 y (remove_child y xs) xs)" by simp
+ show ?thesis
+ proof(cases "v \<in> set x \<union> set y")
+ case True
+ then show ?thesis using x_and_y dtree.set_sel(1) lverts_if_in_verts by fastforce
+ next
+ case False
+ obtain t where t_def: "is_subtree t (Node r xs)" "v \<in> set (root t)"
+ using ex_subtree_if_in_lverts ind.prems by fast
+ then have "Node r xs \<noteq> t" using False x_and_y by fastforce
+ then obtain t1 e1 where t1_def: "is_subtree t t1" "(t1,e1) \<in> fset xs"
+ using t_def(1) by force
+ then show ?thesis
+ proof(cases "root t1 = y")
+ case True
+ then have "t1 \<noteq> t" using False t_def(2) by blast
+ then obtain rs1 where rs1_def: "t1 = Node y rs1" using True dtree.exhaust_sel by blast
+ then obtain t2 e2 where t2_def: "is_subtree t t2" "(t2,e2) \<in> fset rs1"
+ using \<open>t1\<noteq>t\<close> t1_def(1) by auto
+ have "(t2,e2) \<in> fset (child2 y (remove_child y xs) xs)"
+ using t2_def(2) rs1_def t1_def(2) child'_in_child2 by fast
+ then have "is_subtree t2 (combine x y (Node r xs))" using subtree_if_child 0 by fastforce
+ then have "is_subtree t (combine x y (Node r xs))" using subtree_trans t2_def(1) by blast
+ then show ?thesis
+ using t_def(2) t2_def(1) subtree_in_dlverts dtree.set_sel(1) lverts_if_in_verts by fast
+ next
+ case False
+ then have "(t1,e1) \<in> fset (remove_child y xs)" using t1_def(2) by simp
+ then have "(t1,e1) \<in> fset (child2 y (remove_child y xs) xs)"
+ using less_eq_fset.rep_eq input_in_child2 by fast
+ then have "is_subtree t (combine x y (Node r xs))"
+ using 0 subtree_if_child subtree_trans t1_def(1) by auto
+ then show ?thesis
+ using t_def(2) subtree_in_dlverts dtree.set_sel(1) lverts_if_in_verts by fast
+ qed
+ qed
+ next
+ case rec: False
+ then show ?thesis
+ proof(cases "v \<in> set r")
+ case False
+ then obtain t e where t_def: "(t,e) \<in> fset xs" "v \<in> dlverts t" using ind.prems by auto
+ then have "v \<in> dlverts (combine x y t)" using ind.IH list_dtree_rec by auto
+ then show ?thesis using rec t_def(1) by force
+ qed (simp)
+ qed
+qed
+
+lemma dlverts_comb_id[simp]: "dlverts (combine x y t) = dlverts t"
+ using v_in_comb_if_in_dlverts v_in_dlverts_if_in_comb by blast
+
+lemma wf_dlverts_comb_aux:
+ assumes "\<forall>(t,e) \<in> fset xs. dlverts (combine x y t) = dlverts t"
+ and "\<forall>(t1,e1) \<in> fset xs. \<forall>(t2,e2) \<in> fset xs. dlverts t1 \<inter> dlverts t2 = {} \<or> (t1,e1)=(t2,e2)"
+ and "(t1,e1) \<in> fset ((\<lambda>(t,e). (combine x y t, e)) |`| xs)"
+ and "(t2,e2) \<in> fset ((\<lambda>(t,e). (combine x y t, e)) |`| xs)"
+ shows "dlverts t1 \<inter> dlverts t2 = {} \<or> (t1,e1)=(t2,e2)"
+proof -
+ obtain t1' where t1_def: "combine x y t1' = t1" "(t1',e1) \<in> fset xs" using assms(3) by auto
+ obtain t2' where t2_def: "combine x y t2' = t2" "(t2',e2) \<in> fset xs" using assms(4) by auto
+ show ?thesis
+ proof(cases "dlverts t1' \<inter> dlverts t2' = {}")
+ case True
+ then show ?thesis using assms(1) t1_def t2_def by blast
+ next
+ case False
+ then show ?thesis using assms(2) t1_def t2_def by fast
+ qed
+qed
+
+lemma wf_dlverts_child2:
+ assumes "(t1,e) \<in> fset (child2 y (remove_child y xs) xs)"
+ and "\<forall>(t,e) \<in> fset xs. wf_dlverts t"
+ shows "wf_dlverts t1"
+proof(cases "(t1,e) |\<in>| (remove_child y xs)")
+ case True
+ then show ?thesis using assms(2) notin_fset by fastforce
+next
+ case False
+ then obtain rs re where r_def: "(Node y rs, re) \<in> fset xs" "(t1,e)|\<in>| rs"
+ using child2_in_child assms(1) by fast
+ then show ?thesis using assms(2) notin_fset by fastforce
+qed
+
+lemma wf_dlverts_child2_aux1:
+ assumes "(t1,e1) \<in> fset (child2 y (remove_child y xs) xs)"
+ and "\<exists>t. t \<in> fst ` fset xs \<and> root t = y"
+ and "wf_dlverts (Node r xs)"
+ shows "set (r@y) \<inter> dlverts t1 = {}"
+proof(cases "(t1,e1) |\<in>| (remove_child y xs)")
+ case True
+ then have t1_def: "root t1 \<noteq> y" "(t1,e1) \<in> fset xs" using notin_fset by fastforce+
+ obtain t et where t_def: "(t,et) \<in> fset xs" "root t = y" using assms(2) by force
+ have "\<forall>y'\<in> set y. y' \<notin> dlverts t1"
+ proof
+ fix y'
+ assume "y' \<in> set y"
+ then have asm: "y' \<in> dlverts t" using t_def(2) dtree.set_sel(1) lverts_if_in_verts by fastforce
+ have "dlverts t1 \<inter> dlverts t = {}" using assms(3) t1_def t_def by fastforce
+ then show "y' \<notin> dlverts t1" using asm by blast
+ qed
+ then show ?thesis using assms(3) t1_def(2) by auto
+next
+ case False
+ then obtain rs1 re1 where r_def: "(Node y rs1, re1) \<in> fset xs" "(t1,e1)|\<in>| rs1"
+ using child2_in_child assms(1) by fast
+ have "\<forall>y'\<in> set y. y' \<notin> dlverts t1" using assms(3) r_def notin_fset by fastforce
+ then show ?thesis using assms(3) notin_fset r_def by fastforce
+qed
+
+lemma wf_dlverts_child2_aux2:
+ assumes "\<forall>(t1,e1) \<in> fset xs. \<forall>(t2,e2) \<in> fset xs. dlverts t1 \<inter> dlverts t2 = {} \<or> (t1,e1)=(t2,e2)"
+ and "\<forall>(t,e) \<in> fset xs. wf_dlverts t"
+ and "(t1,e1) \<in> fset (child2 y (remove_child y xs) xs)"
+ and "(t2,e2) \<in> fset (child2 y (remove_child y xs) xs)"
+ and "(t1,e1)\<noteq>(t2,e2)"
+ shows "dlverts t1 \<inter> dlverts t2 = {}"
+proof(cases "(t1,e1) |\<in>| (remove_child y xs)")
+ case t1_r: True
+ then show ?thesis
+ proof(cases "(t2,e2) |\<in>| (remove_child y xs)")
+ case True
+ then show ?thesis
+ by (smt (verit, ccfv_threshold) t1_r assms(1,5) Int_iff case_prodD filter_fset notin_fset)
+ next
+ case False
+ then obtain rs2 re2 where r_def: "(Node y rs2, re2) \<in> fset xs" "(t2,e2)|\<in>| rs2"
+ using child2_in_child assms(4) by fast
+ then show ?thesis
+ using t1_r assms(1) notin_fset ffmember_filter inf_assoc inf_bot_right inf_commute
+ by (smt (z3) dtree.sel(1) semilattice_inf_class.inf.absorb_iff2 case_prodD child_in_dlverts)
+ qed
+next
+ case False
+ then obtain rs1 re1 where r1_def: "(Node y rs1, re1) \<in> fset xs" "(t1,e1)|\<in>| rs1"
+ using child2_in_child assms(3) by fast
+ show ?thesis
+ proof(cases "(t2,e2) |\<in>| (remove_child y xs)")
+ case True
+ then show ?thesis
+ using r1_def assms(1) notin_fset ffmember_filter inf_assoc inf_bot_right inf_commute
+ by (smt (z3) dtree.sel(1) semilattice_inf_class.inf.absorb_iff2 case_prodD child_in_dlverts)
+ next
+ case False
+ then obtain rs2 re2 where r2_def: "(Node y rs2, re2) \<in> fset xs" "(t2,e2) |\<in>| rs2"
+ using child2_in_child assms(4) by fast
+ then show ?thesis
+ proof(cases "rs1=rs2")
+ case True
+ have "\<forall>(t1,e1) \<in> fset rs1. \<forall>(t2,e2) \<in> fset rs1.
+ dlverts t1 \<inter> dlverts t2 = {} \<or> (t1,e1)=(t2,e2)"
+ using r1_def(1) assms(2) by fastforce
+ then show ?thesis
+ using r1_def(2) r2_def(2) assms(5) True notin_fset
+ by (metis (mono_tags, lifting) case_prodD)
+ next
+ case False
+ then have "dlverts (Node y rs1) \<inter> dlverts (Node y rs2) = {}"
+ using assms(1) r1_def(1) r2_def(1) by fast
+ then show ?thesis
+ using r1_def(2) r2_def(2) child_in_dlverts notin_fset
+ by (metis order_bot_class.bot.extremum_uniqueI inf_mono)
+ qed
+ qed
+qed
+
+lemma wf_dlverts_combine: "wf_dlverts (combine x y t)"
+using list_dtree_axioms proof(induction t)
+ case ind: (Node r xs)
+ then interpret list_dtree "Node r xs" using ind.prems by blast
+ show ?case
+ proof(cases "x=r \<and> (\<exists>t. t \<in> fst ` fset xs \<and> root t = y)")
+ case True
+ let ?xs = "child2 y (remove_child y xs) xs"
+ have "\<forall>(t1,e1) \<in> fset xs. \<forall>(t2,e2) \<in> fset xs.
+ dlverts t1 \<inter> dlverts t2 = {} \<or> (t1,e1)=(t2,e2)" using wf_lverts by fastforce
+ moreover have "\<forall>(t1,e1) \<in> fset xs. wf_dlverts t1" using wf_lverts by fastforce
+ ultimately have "\<forall>(t1,e1) \<in> fset ?xs. \<forall>(t2,e2) \<in> fset ?xs.
+ dlverts t1 \<inter> dlverts t2 = {} \<or> (t1,e1)=(t2,e2)"
+ using wf_dlverts_child2_aux2[of xs] by blast
+ moreover have "\<forall>(x,e) \<in> fset ?xs. wf_dlverts x" using wf_dlverts_child2 wf_lverts by fastforce
+ moreover have "(x@y) \<noteq> []" using True wf_lverts by simp
+ moreover have "\<forall>(t1,e1) \<in> fset ?xs. set (x@y) \<inter> dlverts t1 = {}"
+ using wf_dlverts_child2_aux1 wf_lverts True by fast
+ ultimately have "wf_dlverts (Node (x@y) ?xs)" by fastforce
+ moreover have "combine x y (Node r xs) = Node (x@y) ?xs" using True by simp
+ ultimately show ?thesis by argo
+ next
+ case False
+ let ?xs = "(\<lambda>(t,e). (combine x y t, e)) |`| xs"
+ have 0: "\<forall>(t,e) \<in> fset xs. dlverts (combine x y t) = dlverts t"
+ using list_dtree.dlverts_comb_id list_dtree_rec by fast
+ have 1: "\<forall>(t,e) \<in> fset ?xs. wf_dlverts t" using ind.IH list_dtree_rec by auto
+ have 2: "\<forall>(t,e) \<in> fset ?xs. set r \<inter> dlverts t = {}" using 0 wf_lverts by fastforce
+ have "\<forall>(t1,e1) \<in> fset xs. \<forall>(t2,e2) \<in> fset xs.
+ dlverts t1 \<inter> dlverts t2 = {} \<or> (t1,e1)=(t2,e2)" using wf_lverts by fastforce
+ then have 3: "\<forall>(t1,e1) \<in> fset ?xs. \<forall>(t2,e2) \<in> fset ?xs.
+ dlverts t1 \<inter> dlverts t2 = {} \<or> (t1,e1)=(t2,e2)"
+ using 0 wf_dlverts_comb_aux[of xs] by blast
+ have 4: "combine x y (Node r xs) = Node r ?xs" using False by auto
+ have "r \<noteq> []" using wf_lverts by simp
+ then show ?thesis using 1 2 3 4 by fastforce
+ qed
+qed
+
+theorem list_dtree_comb: "list_dtree (combine x y t)"
+ by(unfold_locales) (auto simp: wf_darcs_combine wf_dlverts_combine)
+
+end
+
+end
\ No newline at end of file
diff --git a/thys/Query_Optimization/Misc.thy b/thys/Query_Optimization/Misc.thy
new file mode 100644
--- /dev/null
+++ b/thys/Query_Optimization/Misc.thy
@@ -0,0 +1,74 @@
+theory Misc
+ imports Main "Graph_Theory.Shortest_Path"
+begin
+
+text \<open>These are some utility lemmas which are not directly concerned with the graph library.\<close>
+
+lemma Sup_in_set:
+"\<lbrakk> finite (A::('a::complete_linorder) set); A \<noteq> {}; a = Sup A\<rbrakk>
+ \<Longrightarrow> a \<in> A"
+proof(induction A arbitrary: a rule: finite_induct)
+ case (insert x F)
+ show ?case
+ proof(cases "F = {}")
+ case False
+ with insert.IH have "\<exists>y. Sup F = y \<and> y \<in> F" by simp
+ then obtain y where y_def: "Sup F = y" and y_in_F: "y \<in> F" by blast
+
+ have [simp]: "Sup (insert x F) = sup x (Sup F)"
+ using insert.hyps(1)
+ by (induction F rule: finite_induct) (auto)
+
+ with insert show ?thesis
+ proof(cases "y \<le> x")
+ case True
+ then have "Sup (insert x F) = x"
+ by (simp add: sup.absorb_iff1 y_def)
+ with insert.prems(2) show ?thesis by blast
+ next
+ case False
+ with y_def have "Sup (insert x F) = y"
+ by (simp add: sup.absorb2)
+ with insert.prems(2) y_in_F show ?thesis by blast
+ qed
+ qed (simp add: insert.prems)
+qed simp
+
+text \<open>Analogous to the proof of @{thm Sup_in_set}.\<close>
+lemma Inf_in_set:
+"\<lbrakk> finite (A::('a::complete_linorder) set); A \<noteq> {}; a = Inf A\<rbrakk>
+ \<Longrightarrow> a \<in> A"
+proof(induction A arbitrary: a rule: finite_induct)
+ case (insert x F)
+ show ?case
+ proof(cases "F = {}")
+ case False
+ with insert.IH have "\<exists>y. Inf F = y \<and> y \<in> F" by simp
+ then obtain y where y_def: "Inf F = y" and y_in_F: "y \<in> F" by blast
+
+ have [simp]: "Inf (insert x F) = inf x (Inf F)"
+ using insert.hyps(1)
+ by (induction F rule: finite_induct) (auto)
+
+ with insert show ?thesis
+ proof(cases "y \<ge> x")
+ case True
+ then have "Inf (insert x F) = x"
+ by (simp add: inf.absorb_iff1 y_def)
+ with insert.prems(2) show ?thesis by blast
+ next
+ case False
+ with y_def have "Inf (insert x F) = y"
+ by (simp add: inf.absorb2)
+ with insert.prems(2) y_in_F show ?thesis by blast
+ qed
+ qed (simp add: insert.prems)
+qed simp
+
+lemma mem_card1_singleton: "\<lbrakk> u \<in> U; card U = 1 \<rbrakk> \<Longrightarrow> U = {u}"
+ by (metis card_1_singletonE singletonD)
+
+lemma finite_Union: "\<lbrakk> finite A; \<forall>x \<in> A. finite (a x) \<rbrakk> \<Longrightarrow> finite (\<Union>{a x|x. x \<in> A})"
+ by (induction A rule: finite_induct) (auto)
+
+end
\ No newline at end of file
diff --git a/thys/Query_Optimization/QueryGraph.thy b/thys/Query_Optimization/QueryGraph.thy
new file mode 100644
--- /dev/null
+++ b/thys/Query_Optimization/QueryGraph.thy
@@ -0,0 +1,379 @@
+(* Author: Bernhard Stöckl *)
+
+theory QueryGraph
+ imports Complex_Main "Graph_Additions" "Selectivities" "JoinTree"
+begin
+
+section \<open>Query Graphs\<close>
+
+locale query_graph = graph +
+ fixes sel :: "'b weight_fun"
+ fixes cf :: "'a \<Rightarrow> real"
+ assumes sel_sym: "\<lbrakk>tail G e\<^sub>1 = head G e\<^sub>2; head G e\<^sub>1 = tail G e\<^sub>2\<rbrakk> \<Longrightarrow> sel e\<^sub>1 = sel e\<^sub>2"
+ and not_arc_sel_1: "e \<notin> arcs G \<Longrightarrow> sel e = 1"
+ and sel_pos: "sel e > 0"
+ and sel_leq_1: "sel e \<le> 1"
+ and pos_cards: "x \<in> verts G \<Longrightarrow> cf x > 0"
+
+begin
+
+subsection \<open>Function for Join Trees and Selectivities\<close>
+
+definition matching_sel :: "'a selectivity \<Rightarrow> bool" where
+ "matching_sel f = (\<forall>x y.
+ (\<exists>e. (tail G e) = x \<and> (head G e) = y \<and> f x y = sel e)
+ \<or> ((\<nexists>e. (tail G e) = x \<and> (head G e) = y) \<and> f x y = 1))"
+
+definition match_sel :: "'a selectivity" where
+ "match_sel x y =
+ (if \<exists>e \<in> arcs G. (tail G e) = x \<and> (head G e) = y
+ then sel (THE e. e \<in> arcs G \<and> (tail G e) = x \<and> (head G e) = y) else 1)"
+
+definition matching_rels :: "'a joinTree \<Rightarrow> bool" where
+ "matching_rels t = (relations t \<subseteq> verts G)"
+
+definition remove_sel :: "'a \<Rightarrow> 'b weight_fun" where
+ "remove_sel x = (\<lambda>b. if b\<in>{a \<in> arcs G. tail G a = x \<or> head G a = x} then 1 else sel b)"
+
+definition valid_tree :: "'a joinTree \<Rightarrow> bool" where
+ "valid_tree t = (relations t = verts G \<and> distinct_relations t)"
+
+fun no_cross_products :: "'a joinTree \<Rightarrow> bool" where
+ "no_cross_products (Relation rel) = True"
+| "no_cross_products (Join l r) = ((\<exists>x\<in>relations l. \<exists>y\<in>relations r. x \<rightarrow>\<^bsub>G\<^esub> y)
+ \<and> no_cross_products l \<and> no_cross_products r)"
+
+subsection "Proofs"
+
+text \<open>
+ Proofs that a query graph satisifies basic properties of join trees and selectivities.
+\<close>
+
+lemma sel_less_arc: "sel x < 1 \<Longrightarrow> x \<in> arcs G"
+ using not_arc_sel_1 by force
+
+lemma joinTree_card_pos: "matching_rels t \<Longrightarrow> pos_rel_cards cf t"
+ by(induction t) (auto simp: pos_cards pos_rel_cards_def matching_rels_def)
+
+lemma symmetric_arcs: "x\<in>arcs G \<Longrightarrow> \<exists>y. head G x = tail G y \<and> tail G x = head G y"
+ using sym_arcs symmetric_conv by fast
+
+lemma arc_ends_eq_impl_sel_eq: "head G x = head G y \<Longrightarrow> tail G x = tail G y \<Longrightarrow> sel x = sel y"
+ using sel_sym symmetric_arcs not_arc_sel_1 by metis
+
+lemma arc_ends_eq_impl_arc_eq:
+ "\<lbrakk>e1 \<in> arcs G; e2 \<in> arcs G; head G e1 = head G e2; tail G e1 = tail G e2\<rbrakk> \<Longrightarrow> e1 = e2"
+ using no_multi_alt by blast
+
+lemma matching_sel_simp_if_not1:
+ "\<lbrakk>matching_sel sf; sf x y \<noteq> 1\<rbrakk> \<Longrightarrow> \<exists>e \<in> arcs G. tail G e = x \<and> head G e = y \<and> sf x y = sel e"
+ using not_arc_sel_1 unfolding matching_sel_def by fastforce
+
+lemma matching_sel_simp_if_arc:
+ "\<lbrakk>matching_sel sf; e \<in> arcs G\<rbrakk> \<Longrightarrow> sf (tail G e) (head G e) = sel e"
+ unfolding matching_sel_def by (metis arc_ends_eq_impl_sel_eq)
+
+lemma matching_sel1_if_no_arc: "matching_sel sf \<Longrightarrow> \<not>(x \<rightarrow>\<^bsub>G\<^esub> y \<or> y \<rightarrow>\<^bsub>G\<^esub> x) \<Longrightarrow> sf x y = 1"
+ using not_arc_sel_1 unfolding arcs_ends_def arc_to_ends_def matching_sel_def image_iff by metis
+
+lemma matching_sel_alt_aux1:
+ "matching_sel f
+ \<Longrightarrow> (\<forall>x y. (\<exists>e \<in> arcs G. (tail G e) = x \<and> (head G e) = y \<and> f x y = sel e)
+ \<or> ((\<nexists>e. e \<in> arcs G \<and> (tail G e) = x \<and> (head G e) = y) \<and> f x y = 1))"
+ by (metis matching_sel_def arc_ends_eq_impl_sel_eq not_arc_sel_1)
+
+lemma matching_sel_alt_aux2:
+ "(\<forall>x y.(\<exists>e \<in> arcs G. (tail G e) = x \<and> (head G e) = y \<and> f x y = sel e)
+ \<or> ((\<nexists>e. e \<in> arcs G \<and> (tail G e) = x \<and> (head G e) = y) \<and> f x y = 1))
+ \<Longrightarrow> matching_sel f"
+ by (fastforce simp: not_arc_sel_1 matching_sel_def)
+
+lemma matching_sel_alt:
+ "matching_sel f
+ = (\<forall>x y. (\<exists>e \<in> arcs G. (tail G e) = x \<and> (head G e) = y \<and> f x y = sel e)
+ \<or> ((\<nexists>e. e \<in> arcs G \<and> (tail G e) = x \<and> (head G e) = y) \<and> f x y = 1))"
+ using matching_sel_alt_aux1 matching_sel_alt_aux2 by blast
+
+lemma matching_sel_symm:
+ assumes "matching_sel f"
+ shows "sel_symm f"
+ unfolding sel_symm_def
+proof (standard, standard)
+ fix x y
+ show "f x y = f y x"
+ proof(cases "\<exists>e\<in>arcs G. (head G e) = x \<and> (tail G e) = y")
+ case True
+ then show ?thesis using assms symmetric_arcs sel_sym unfolding matching_sel_def by metis
+ next
+ case False
+ then show ?thesis by (metis assms symmetric_arcs matching_sel_def not_arc_sel_1 sel_sym)
+ qed
+qed
+
+lemma matching_sel_reasonable: "matching_sel f \<Longrightarrow> sel_reasonable f"
+ using sel_reasonable_def matching_sel_def sel_pos sel_leq_1
+ by (metis le_numeral_extra(4) less_numeral_extra(1))
+
+lemma matching_reasonable_cards:
+ "\<lbrakk>matching_sel f; matching_rels t\<rbrakk> \<Longrightarrow> reasonable_cards cf f t"
+ by (simp add: joinTree_card_pos matching_sel_reasonable pos_sel_reason_impl_reason)
+
+lemma matching_sel_unique_aux:
+ assumes "matching_sel f" "matching_sel g"
+ shows "f x y = g x y"
+proof(cases "\<exists>e. tail G e = x \<and> head G e = y")
+ case True
+ then show ?thesis
+ using assms arc_ends_eq_impl_sel_eq unfolding matching_sel_def by metis
+next
+ case False
+ then show ?thesis using assms unfolding matching_sel_def by fastforce
+qed
+
+lemma matching_sel_unique: "\<lbrakk>matching_sel f; matching_sel g\<rbrakk> \<Longrightarrow> f = g"
+ using matching_sel_unique_aux by blast
+
+lemma match_sel_matching[intro]: "matching_sel match_sel"
+ unfolding matching_sel_alt
+proof(standard,standard)
+ fix x y
+ show "(\<exists>e\<in>arcs G. tail G e = x \<and> head G e = y \<and> match_sel x y = sel e) \<or>
+ ((\<nexists>e. e \<in> arcs G \<and> tail G e = x \<and> head G e = y) \<and> match_sel x y = 1)"
+ proof(cases "\<exists>e \<in> arcs G. tail G e = x \<and> head G e = y")
+ case True
+ then obtain e where e_def: "e \<in> arcs G" "tail G e = x" "head G e = y" by blast
+ then have "match_sel x y = sel (THE e. e \<in> arcs G \<and> tail G e = x \<and> head G e = y)"
+ unfolding match_sel_def by auto
+ moreover have "(THE e. e \<in> arcs G \<and> tail G e = x \<and> head G e = y) = e"
+ using e_def arc_ends_eq_impl_arc_eq by blast
+ ultimately show ?thesis using e_def by blast
+ next
+ case False
+ then show ?thesis unfolding match_sel_def by auto
+ qed
+qed
+
+corollary match_sel_unique: "matching_sel f \<Longrightarrow> f = match_sel"
+ using matching_sel_unique by blast
+
+corollary match_sel1_if_no_arc: "\<not>(x \<rightarrow>\<^bsub>G\<^esub> y \<or> y \<rightarrow>\<^bsub>G\<^esub> x) \<Longrightarrow> match_sel x y = 1"
+ using matching_sel1_if_no_arc by blast
+
+corollary match_sel_symm[intro]: "sel_symm match_sel"
+ using matching_sel_symm by blast
+
+corollary match_sel_reasonable[intro]: "sel_reasonable match_sel"
+ using matching_sel_reasonable by blast
+
+corollary match_reasonable_cards: "matching_rels t \<Longrightarrow> reasonable_cards cf match_sel t"
+ using matching_reasonable_cards by blast
+
+lemma matching_rels_trans: "matching_rels (Join l r) = (matching_rels l \<and> matching_rels r)"
+ using matching_rels_def by simp
+
+lemma first_node_in_verts_if_rels_eq_verts: "relations t = verts G \<Longrightarrow> first_node t \<in> verts G"
+ unfolding first_node_eq_hd using inorder_eq_set hd_in_set[OF inorder_nempty] by fast
+
+lemma first_node_in_verts_if_valid: "valid_tree t \<Longrightarrow> first_node t \<in> verts G"
+ using first_node_in_verts_if_rels_eq_verts valid_tree_def by simp
+
+lemma dominates_sym: "(x \<rightarrow>\<^bsub>G\<^esub> y) \<longleftrightarrow> (y \<rightarrow>\<^bsub>G\<^esub> x)"
+ using graph_symmetric by blast
+
+lemma no_cross_mirror_eq: "no_cross_products (mirror t) = no_cross_products t"
+ using graph_symmetric by(induction t) auto
+
+lemma no_cross_create_ldeep_rev_app:
+ "\<lbrakk>ys\<noteq>[]; no_cross_products (create_ldeep_rev (xs@ys))\<rbrakk> \<Longrightarrow> no_cross_products (create_ldeep_rev ys)"
+proof(induction "xs@ys" arbitrary: xs rule: create_ldeep_rev.induct)
+ case (2 x)
+ then show ?case by (metis append_eq_Cons_conv append_is_Nil_conv)
+next
+ case (3 x y zs)
+ then show ?case
+ proof(cases xs)
+ case Nil
+ then show ?thesis using "3.prems"(2) by simp
+ next
+ case (Cons x' xs')
+ have "no_cross_products (Join (create_ldeep_rev (y#zs)) (Relation x))"
+ using "3.hyps"(2) "3.prems"(2) create_ldeep_rev.simps(3)[of x y zs] by simp
+ then have "no_cross_products (create_ldeep_rev (y#zs))" by simp
+ then show ?thesis using "3.hyps" "3.prems"(1) Cons by simp
+ qed
+qed(simp)
+
+lemma no_cross_create_ldeep_app:
+ "\<lbrakk>xs\<noteq>[]; no_cross_products (create_ldeep (xs@ys))\<rbrakk> \<Longrightarrow> no_cross_products (create_ldeep xs)"
+ by (simp add: create_ldeep_def no_cross_create_ldeep_rev_app)
+
+lemma matching_rels_if_no_cross: "\<lbrakk>\<forall>r. t \<noteq> Relation r; no_cross_products t\<rbrakk> \<Longrightarrow> matching_rels t"
+ unfolding matching_rels_def by(induction t) fastforce+
+
+lemma no_cross_awalk:
+ "\<lbrakk>matching_rels t; no_cross_products t; x \<in> relations t; y \<in> relations t\<rbrakk>
+ \<Longrightarrow> \<exists>p. awalk x p y \<and> set (awalk_verts x p) \<subseteq> relations t"
+proof(induction t arbitrary: x y)
+ case (Relation rel)
+ then have "x \<in> verts G" using matching_rels_def by blast
+ then have "awalk x [] x" by (simp add: awalk_Nil_iff)
+ then show ?case using Relation(3,4) by force
+next
+ case (Join l r)
+ then consider "x \<in> relations l" "y \<in> relations l" | "x \<in> relations r" "y \<in> relations l"
+ | "x \<in> relations l" "y \<in> relations r" | "x \<in> relations r" "y \<in> relations r"
+ by force
+ then show ?case
+ proof(cases)
+ case 1
+ then show ?thesis using Join.IH(1)[of x y] Join.prems(1,2) matching_rels_trans by auto
+ next
+ case 2
+ then obtain x' y' e where e_def:
+ "x' \<in> relations r" "y' \<in> relations l" "tail G e = y'" "head G e = x'" "e \<in> arcs G"
+ using Join.prems(2) by auto
+ then obtain e2 where e2_def: "tail G e2 = x'" "head G e2 = y'" "e2 \<in> arcs G"
+ using symmetric_conv by force
+ obtain p1 where p1_def: "awalk y' p1 y \<and> set (awalk_verts y' p1) \<subseteq> relations l"
+ using Join.IH(1) Join.prems(1,2) 2(2) matching_rels_trans e_def(2) by fastforce
+ obtain p2 where p2_def: "awalk x p2 x' \<and> set (awalk_verts x p2) \<subseteq> relations r"
+ using Join.IH(2) Join.prems(1,2) 2(1) matching_rels_trans e_def(1) by fastforce
+ have "awalk x (p2@[e2]@p1) y"
+ using e2_def p1_def p2_def awalk_appendI arc_implies_awalk by blast
+ moreover from this have "set (awalk_verts x (p2@[e2]@p1)) \<subseteq> relations (Join l r)"
+ using p1_def p2_def awalk_verts_append3 by auto
+ ultimately show ?thesis by blast
+ next
+ case 3
+ then obtain x' y' e where e_def:
+ "x' \<in> relations l" "y' \<in> relations r" "tail G e = x'" "head G e = y'" "e \<in> arcs G"
+ using Join.prems(2) by auto
+ obtain p1 where p1_def: "awalk y' p1 y \<and> set (awalk_verts y' p1) \<subseteq> relations r"
+ using Join.IH(2) Join.prems(1,2) 3(2) matching_rels_trans e_def(2) by fastforce
+ obtain p2 where p2_def: "awalk x p2 x' \<and> set (awalk_verts x p2) \<subseteq> relations l"
+ using Join.IH(1) Join.prems(1,2) 3(1) matching_rels_trans e_def(1) by fastforce
+ have "awalk x (p2@[e]@p1) y"
+ using e_def(3-5) p1_def p2_def awalk_appendI arc_implies_awalk by blast
+ moreover from this have "set (awalk_verts x (p2@[e]@p1)) \<subseteq> relations (Join l r)"
+ using p1_def p2_def awalk_verts_append3 by auto
+ ultimately show ?thesis by blast
+ next
+ case 4
+ then show ?thesis using Join.IH(2)[of x y] Join.prems(1,2) matching_rels_trans by auto
+ qed
+qed
+
+lemma no_cross_apath:
+ "\<lbrakk>matching_rels t; no_cross_products t; x \<in> relations t; y \<in> relations t\<rbrakk>
+ \<Longrightarrow> \<exists>p. apath x p y \<and> set (awalk_verts x p) \<subseteq> relations t"
+ using no_cross_awalk apath_awalk_to_apath awalk_to_apath_verts_subset by blast
+
+lemma no_cross_reachable:
+ "\<lbrakk>matching_rels t; no_cross_products t; x \<in> relations t; y \<in> relations t\<rbrakk> \<Longrightarrow> x \<rightarrow>\<^sup>* y"
+ using no_cross_awalk reachable_awalk by blast
+
+corollary reachable_if_no_cross:
+ "\<lbrakk>\<exists>t. relations t = verts G \<and> no_cross_products t; x \<in> verts G; y \<in> verts G\<rbrakk> \<Longrightarrow> x \<rightarrow>\<^sup>* y"
+ using no_cross_reachable matching_rels_def by blast
+
+lemma remove_sel_sym:
+ "\<lbrakk>tail G e\<^sub>1 = head G e\<^sub>2; head G e\<^sub>1 = tail G e\<^sub>2\<rbrakk> \<Longrightarrow> (remove_sel x) e\<^sub>1 = (remove_sel x) e\<^sub>2"
+ by(metis (no_types, lifting) mem_Collect_eq not_arc_sel_1 remove_sel_def sel_sym)+
+
+lemma remove_sel_1: "e \<notin> arcs G \<Longrightarrow> (remove_sel x) e = 1"
+ apply(cases "e\<in>{a \<in> arcs G. tail G a = x \<or> head G a = x}")
+ by(auto simp: not_arc_sel_1 sel_sym remove_sel_def)
+
+lemma del_vert_remove_sel_1:
+ assumes "e \<notin> arcs ((del_vert x))"
+ shows "(remove_sel x) e = 1"
+proof(cases "e\<in>{a \<in> arcs G. tail G a = x \<or> head G a = x}")
+ case True
+ then show ?thesis by (simp add: remove_sel_def)
+next
+ case False
+ then have "e \<notin> arcs G" using assms arcs_del_vert by simp
+ then show ?thesis using remove_sel_def not_arc_sel_1 by simp
+qed
+
+lemma remove_sel_pos: "remove_sel x e > 0"
+ by(cases "e\<in>{a \<in> arcs G. tail G a = x \<or> head G a = x}") (auto simp: remove_sel_def sel_pos)
+
+lemma remove_sel_leq_1: "remove_sel x e \<le> 1"
+ by(cases "e\<in>{a \<in> arcs G. tail G a = x \<or> head G a = x}") (auto simp: remove_sel_def sel_leq_1)
+
+lemma del_vert_pos_cards: "x \<in> verts (del_vert y) \<Longrightarrow> cf x > 0"
+ by(cases "x=y") (auto simp: remove_sel_def del_vert_def pos_cards)
+
+lemma del_vert_remove_sel_query_graph:
+ "query_graph G sel cf \<Longrightarrow> query_graph (del_vert x) (remove_sel x) cf"
+ by (simp add: del_vert_pos_cards del_vert_remove_sel_1 graph_del_vert remove_sel_sym
+ remove_sel_leq_1 remove_sel_pos query_graph.intro graph_axioms head_del_vert
+ query_graph_axioms_def tail_del_vert)
+
+lemma finite_nempty_set_min:
+ assumes "xs \<noteq> {}" and "finite xs"
+ shows "\<exists>x. min_degree xs x"
+proof -
+ have "finite xs" using assms(2) by simp
+ then show ?thesis
+ using assms proof (induction "xs" rule: finite_induct)
+ case empty
+ then show ?case by simp
+ next
+ case ind: (insert x xs)
+ then show ?case
+ proof(cases xs)
+ case emptyI
+ then show ?thesis by (metis order_refl singletonD singletonI)
+ next
+ case (insertI xs' x')
+ then have "\<exists>a. min_degree xs a" using ind by simp
+ then show ?thesis
+ using ind by (metis order_trans insert_iff le_cases)
+ qed
+ qed
+qed
+
+lemma no_cross_reachable_graph':
+ "\<lbrakk>\<exists>t. relations t = verts G \<and> no_cross_products t; x\<in>verts G; y\<in>verts G\<rbrakk>
+ \<Longrightarrow> x \<rightarrow>\<^sup>*\<^bsub>mk_symmetric G\<^esub> y"
+ by (simp add: reachable_mk_symmetricI reachable_if_no_cross)
+
+lemma verts_nempty_if_tree: "\<exists>t. relations t \<subseteq> verts G \<Longrightarrow> verts G \<noteq> {}"
+ using relations_nempty by fast
+
+lemma connected_if_tree: "\<exists>t. relations t = verts G \<and> no_cross_products t \<Longrightarrow> connected G"
+ using no_cross_reachable_graph' connected_def strongly_connected_def verts_nempty_if_tree
+ by fastforce
+
+end
+
+locale nempty_query_graph = query_graph +
+ assumes non_empty: "verts G \<noteq> {}"
+
+subsection \<open>Pair Query Graph\<close>
+
+text \<open>Alternative definition based on pair graphs\<close>
+
+locale pair_query_graph = pair_graph +
+ fixes sel :: "('a \<times> 'a) weight_fun"
+ fixes cf :: "'a \<Rightarrow> real"
+ assumes sel_sym: "\<lbrakk>tail G e\<^sub>1 = head G e\<^sub>2; head G e\<^sub>1 = tail G e\<^sub>2\<rbrakk> \<Longrightarrow> sel e\<^sub>1 = sel e\<^sub>2"
+ and not_arc_sel_1: "e \<notin> parcs G \<Longrightarrow> sel e = 1"
+ and sel_pos: "sel e > 0"
+ and sel_leq_1: "sel e \<le> 1"
+ and pos_cards: "x \<in> pverts G \<Longrightarrow> cf x > 0"
+
+sublocale pair_query_graph \<subseteq> query_graph
+ by(unfold_locales) (auto simp: sel_sym not_arc_sel_1 sel_pos sel_leq_1 pos_cards)
+
+context pair_query_graph
+begin
+
+lemma "matching_sel f \<longleftrightarrow> (\<forall>x y. sel (x,y) = f x y)"
+ using matching_sel_def sel_sym by fastforce
+
+end
+
+end
\ No newline at end of file
diff --git a/thys/Query_Optimization/ROOT b/thys/Query_Optimization/ROOT
new file mode 100644
--- /dev/null
+++ b/thys/Query_Optimization/ROOT
@@ -0,0 +1,31 @@
+chapter AFP
+
+session "Query_Optimization" (AFP) = "Graph_Theory" +
+ options [timeout=1200]
+
+ sessions
+ "HOL-Data_Structures"
+ "Graph_Theory"
+
+ theories [document = false]
+ "Misc"
+ "Graph_Theory_Batteries"
+ "Graph_Definitions"
+ "Shortest_Path_Tree"
+
+ theories
+ "Selectivities"
+ "JoinTree"
+ "CostFunctions"
+ "Graph_Additions"
+ "QueryGraph"
+ "Directed_Tree_Additions"
+ "Dtree"
+ "List_Dtree"
+ "IKKBZ"
+ "IKKBZ_Optimality"
+ "IKKBZ_Examples"
+
+ document_files
+ "root.bib"
+ "root.tex"
diff --git a/thys/Query_Optimization/Selectivities.thy b/thys/Query_Optimization/Selectivities.thy
new file mode 100644
--- /dev/null
+++ b/thys/Query_Optimization/Selectivities.thy
@@ -0,0 +1,425 @@
+(* Author: Bernhard Stöckl *)
+
+theory Selectivities
+ imports Complex_Main "HOL-Library.Multiset"
+begin
+
+section \<open>Selectivities\<close>
+
+type_synonym 'a selectivity = "'a \<Rightarrow> 'a \<Rightarrow> real"
+
+definition sel_symm :: "'a selectivity \<Rightarrow> bool" where
+ "sel_symm sel = (\<forall>x y. sel x y = sel y x)"
+
+definition sel_reasonable :: "'a selectivity \<Rightarrow> bool" where
+ "sel_reasonable sel = (\<forall>x y. sel x y \<le> 1 \<and> sel x y > 0)"
+
+subsection \<open>Selectivity Functions\<close>
+
+fun list_sel_aux :: "'a selectivity \<Rightarrow> 'a \<Rightarrow> 'a list \<Rightarrow> real" where
+ "list_sel_aux sel x [] = 1"
+| "list_sel_aux sel x (y#ys) = sel x y * list_sel_aux sel x ys"
+
+fun list_sel :: "'a selectivity \<Rightarrow> 'a list \<Rightarrow> 'a list \<Rightarrow> real" where
+ "list_sel sel [] y = 1"
+| "list_sel sel (x#xs) y = list_sel_aux sel x y * list_sel sel xs y"
+
+fun list_sel_aux' :: "'a selectivity \<Rightarrow> 'a list \<Rightarrow> 'a \<Rightarrow> real" where
+ "list_sel_aux' sel [] y = 1"
+| "list_sel_aux' sel (x#xs) y = sel x y * list_sel_aux' sel xs y"
+
+fun list_sel':: "'a selectivity \<Rightarrow> 'a list \<Rightarrow> 'a list \<Rightarrow> real" where
+ "list_sel' sel x [] = 1"
+| "list_sel' sel x (y#ys) = list_sel_aux' sel x y * list_sel' sel x ys"
+
+definition set_sel_aux :: "'a selectivity \<Rightarrow> 'a \<Rightarrow> 'a set \<Rightarrow> real" where
+ "set_sel_aux sel x Y = (\<Prod>y \<in> Y. sel x y)"
+
+definition set_sel :: "'a selectivity \<Rightarrow> 'a set \<Rightarrow> 'a set \<Rightarrow> real" where
+ "set_sel sel X Y = (\<Prod>x \<in> X. set_sel_aux sel x Y)"
+
+definition set_sel_aux' :: "'a selectivity \<Rightarrow> 'a set \<Rightarrow> 'a \<Rightarrow> real" where
+ "set_sel_aux' sel X y = (\<Prod>x \<in> X. sel x y)"
+
+definition set_sel' :: "'a selectivity \<Rightarrow> 'a set \<Rightarrow> 'a set \<Rightarrow> real" where
+ "set_sel' sel X Y = (\<Prod>y \<in> Y. set_sel_aux' sel X y)"
+
+fun ldeep_s :: "'a selectivity \<Rightarrow> 'a list \<Rightarrow> 'a \<Rightarrow> real" where
+ "ldeep_s f [] = (\<lambda>_. 1)"
+| "ldeep_s f (x#xs) = (\<lambda>a. if a=x then list_sel_aux' f xs a else ldeep_s f xs a)"
+
+subsection \<open>Proofs\<close>
+
+lemma distinct_alt: "(\<forall>x\<in># mset xs. count (mset xs) x = 1) \<longleftrightarrow> distinct xs"
+ by(induction xs) auto
+
+lemma mset_y_eq_list_sel_aux_eq: "mset y = mset z \<Longrightarrow> list_sel_aux f x y = list_sel_aux f x z"
+proof(induction "length y" arbitrary: y z)
+ case 0
+ then show ?case by simp
+next
+ case (Suc n)
+ then have "length y > 0" by auto
+ then obtain y' ys where y_def[simp]: "y=y'#ys" using list.exhaust_sel by blast
+ have "length z > 0" using Suc by auto
+ then obtain z' zs where z_def[simp]: "z=z'#zs" using list.exhaust_sel by blast
+ then have "length zs = n" using Suc by (metis length_Cons mset_eq_length nat.inject)
+ then show ?case
+ proof(cases "y'=z'")
+ case True
+ then show ?thesis using Suc by simp
+ next
+ case False
+ have "y' \<in># mset y" by simp
+ moreover have "z' \<in># mset y" using Suc by simp
+ ultimately have "\<exists>c. mset y = mset (y'#z'#c)"
+ using False ex_mset in_set_member multi_member_split set_mset_mset
+ by (metis (mono_tags, opaque_lifting) member_rec(1) mset.simps(2))
+ then obtain c where c_def[simp]: "mset y = mset (y'#z'#c)" by blast
+ then have 0: "mset ys = mset (z'#c)" by simp
+ then have 1: "mset zs = mset (y'#c)" using Suc.prems by simp
+ have "list_sel_aux f x y = list_sel_aux f x (y' # ys)" by simp
+ also have "\<dots> = f x y' * list_sel_aux f x ys" by simp
+ also have "\<dots> = f x y' * list_sel_aux f x (z'#c)" using Suc.hyps 0 by fastforce
+ also have "\<dots> = f x z' * list_sel_aux f x (y'#c)" by simp
+ also have "\<dots> = f x z' * list_sel_aux f x zs"
+ using 1 Suc.hyps(1) \<open>length zs = n\<close> by presburger
+ finally show ?thesis by simp
+ qed
+qed
+
+lemma mset_y_eq_list_sel_eq: "mset y = mset y' \<Longrightarrow> list_sel f x y = list_sel f x y'"
+ apply(induction x)
+ apply(auto)[2]
+ using mset_y_eq_list_sel_aux_eq by fast
+
+lemma mset_x_eq_list_sel_eq: "mset x = mset z \<Longrightarrow> list_sel f x y = list_sel f z y"
+proof(induction "length x" arbitrary: x z)
+ case 0
+ then show ?case by simp
+next
+ case (Suc n)
+ then have "length x > 0" by auto
+ then obtain x' xs where y_def[simp]: "x=x'#xs" using list.exhaust_sel by blast
+ have "length z > 0" using Suc by auto
+ then obtain z' zs where z_def[simp]: "z=z'#zs" using list.exhaust_sel by blast
+ then have "length zs = n" using Suc by (metis length_Cons mset_eq_length nat.inject)
+ then show ?case
+ proof(cases "x'=z'")
+ case True
+ then show ?thesis using Suc by simp
+ next
+ case False
+ have "x' \<in># mset x" by simp
+ moreover have "z' \<in># mset x" using Suc by simp
+ ultimately have "\<exists>c. mset x = mset (x'#z'#c)"
+ using False ex_mset in_set_member multi_member_split set_mset_mset
+ by (metis (mono_tags, opaque_lifting) member_rec(1) mset.simps(2))
+ then obtain c where c_def[simp]: "mset x = mset (x'#z'#c)" by blast
+ then have 0: "mset xs = mset (z'#c)" by simp
+ then have 1: "mset zs = mset (x'#c)" using Suc.prems by simp
+ have "list_sel f x y = list_sel f (x'#xs) y" by simp
+ also have "\<dots> = list_sel_aux f x' y * list_sel f xs y" by simp
+ also have "\<dots> = list_sel_aux f x' y * list_sel f (z'#c) y" using Suc.hyps 0 by fastforce
+ also have "\<dots> = list_sel_aux f z' y * list_sel f (x'#c) y" by simp
+ also have "\<dots> = list_sel_aux f z' y * list_sel f zs y"
+ using 1 Suc.hyps(1) \<open>length zs = n\<close> by presburger
+ finally show ?thesis by simp
+ qed
+qed
+
+lemma list_sel_empty: "list_sel f x [] = 1"
+ by(induction x) auto
+
+lemma list_sel'_empty: "list_sel' f [] y = 1"
+ by(induction y) auto
+
+lemma list_sel_symm_app:
+ "sel_symm f \<Longrightarrow> list_sel_aux f x y * list_sel f y xs = list_sel f y (x # xs)"
+ by(induction y) (auto simp: sel_symm_def)
+
+lemma list_sel_symm: "sel_symm f \<Longrightarrow> list_sel f x y = list_sel f y x"
+ by(induction x) (auto simp: sel_symm_def list_sel_empty list_sel_symm_app)
+
+lemma list_sel_symm_aux_eq': "sel_symm f \<Longrightarrow> list_sel_aux f x y = list_sel_aux' f y x"
+ by(induction y) (auto simp: sel_symm_def)
+
+lemma list_sel_sing_aux': "list_sel f x [y] = list_sel_aux' f x y"
+ by(induction x) auto
+
+lemma list_sel_sing_aux: "list_sel f [x] y = list_sel_aux f x y"
+ by(induction y) auto
+
+lemma list_sel'_sing_aux': "list_sel' f x [y] = list_sel_aux' f x y"
+ by(induction x) auto
+
+lemma list_sel'_sing_aux: "list_sel' f [x] y = list_sel_aux f x y"
+ by(induction y) auto
+
+lemma list_sel'_split_aux: "list_sel' f (x#xs) y = list_sel_aux f x y * list_sel' f xs y"
+ by(induction y) auto
+
+lemma list_sel_eq': "list_sel f x y = list_sel' f x y"
+ by(induction x) (auto simp: list_sel'_empty list_sel'_split_aux)
+
+lemma mset_x_eq_list_sel_aux'_eq: "mset x = mset z \<Longrightarrow> list_sel_aux' f x y = list_sel_aux' f z y"
+ using list_sel_sing_aux' mset_x_eq_list_sel_eq by metis
+
+lemma foldl_acc_extr: "foldl (\<lambda>a b. a * f x b) z y = z * foldl (\<lambda>a b. a * f x b) (1::real) y"
+proof(induction y arbitrary: z)
+ case Nil
+ then show ?case by simp
+next
+ case (Cons y ys)
+ have "foldl (\<lambda>a b. a * f x b) z (y # ys) = foldl (\<lambda>a b. a * f x b) (z * f x y) ys" by simp
+ also have "\<dots> = (z * f x y) * foldl (\<lambda>a b. a * f x b) 1 ys" using Cons by blast
+ also have "\<dots> = z * foldl (\<lambda>a b. a * f x b) 1 (y#ys)"
+ by (smt (verit, ccfv_SIG) Cons.IH foldl_Cons mult.assoc mult.left_commute)
+ finally show ?case .
+qed
+
+lemma list_sel_aux_eq_foldl: "list_sel_aux f x y = foldl (\<lambda>a b. a * f x b) 1 y"
+ apply(induction y)
+ apply(auto)[2]
+ using foldl_acc_extr by metis
+
+lemma list_sel_eq_foldl: "list_sel f x y = foldl (\<lambda>a b. a * list_sel_aux f b y) 1 x"
+ apply(induction x)
+ apply(auto)[2]
+ using foldl_acc_extr by metis
+
+corollary list_sel_eq_foldl2: "list_sel f x y = foldl (\<lambda>a x. a * foldl (\<lambda>a b. a * f x b) 1 y) 1 x"
+ by (simp add: list_sel_aux_eq_foldl list_sel_eq_foldl)
+
+lemma list_sel_aux_eq_foldr: "list_sel_aux f x y = foldr (\<lambda>b a. a * f x b) y 1"
+ by(induction y) auto
+
+lemma sel_foldl_eq_foldr:
+ "foldl (\<lambda>a b. a * f x b) 1 y = foldr (\<lambda>b a. a * (f::'a selectivity) x b) y 1"
+ using list_sel_aux_eq_foldl list_sel_aux_eq_foldr by metis
+
+lemma list_sel_eq_foldr: "list_sel f x y = foldr (\<lambda>b a. a * list_sel_aux f b y) x 1"
+ by(induction x) auto
+
+lemma list_sel_eq_foldr2: "list_sel f x y = foldr (\<lambda>x a. a * foldr (\<lambda>b a. a * f x b) y 1) x 1"
+ by (simp add: list_sel_aux_eq_foldr list_sel_eq_foldr)
+
+lemma list_sel_aux_reasonable:
+ "sel_reasonable f \<Longrightarrow> list_sel_aux f x y \<le> 1 \<and> list_sel_aux f x y > 0"
+ by(induction y) (auto simp: sel_reasonable_def mult_le_one)
+
+lemma list_sel_aux'_reasonable:
+ "sel_reasonable f \<Longrightarrow> list_sel_aux' f x y \<le> 1 \<and> list_sel_aux' f x y > 0"
+ by(induction x) (auto simp: sel_reasonable_def mult_le_one)
+
+lemma list_sel_reasonable: "sel_reasonable f \<Longrightarrow> list_sel f x y \<le> 1 \<and> list_sel f x y > 0"
+ by(induction x) (auto simp: sel_reasonable_def mult_le_one list_sel_aux_reasonable)
+
+lemma list_sel'_reasonable: "sel_reasonable f \<Longrightarrow> list_sel' f x y \<le> 1 \<and> list_sel' f x y > 0"
+ using list_sel_eq' list_sel_reasonable by metis
+
+lemma list_sel_aux_eq_set_sel_aux:
+ "distinct ys \<Longrightarrow> list_sel_aux f x ys = set_sel_aux f x (set ys)"
+ by(induction ys) (auto simp: set_sel_aux_def)
+
+lemma list_sel_eq_set_sel:
+ "\<lbrakk>distinct xs; distinct ys\<rbrakk> \<Longrightarrow> list_sel f xs ys = set_sel f (set xs) (set ys)"
+ by(induction xs) (auto simp: set_sel_def list_sel_aux_eq_set_sel_aux list_sel_empty)
+
+lemma list_sel'_eq_set_sel:
+ "\<lbrakk>distinct xs; distinct ys\<rbrakk> \<Longrightarrow> list_sel' f xs ys = set_sel f (set xs) (set ys)"
+ by (auto simp add: list_sel_eq' dest: list_sel_eq_set_sel)
+
+lemma set_sel_symm_if_finite: "\<lbrakk>finite X; finite Y; sel_symm f\<rbrakk> \<Longrightarrow> set_sel f X Y = set_sel f Y X"
+ using finite_distinct_list list_sel_symm list_sel_eq_set_sel by metis
+
+lemma set_sel_aux_1_if_notfin: "\<not>finite Y \<Longrightarrow> set_sel_aux f x Y = 1"
+ unfolding set_sel_aux_def by simp
+
+lemma set_sel_1_if_notfin1: "\<not>finite X \<Longrightarrow> set_sel f X Y = 1"
+ unfolding set_sel_def set_sel_aux_def by simp
+
+lemma set_sel_1_if_notfin2: "\<not>finite Y \<Longrightarrow> set_sel f X Y = 1"
+ unfolding set_sel_def set_sel_aux_def by simp
+
+lemma set_sel_symm: "sel_symm f \<Longrightarrow> set_sel f X Y = set_sel f Y X"
+ using set_sel_symm_if_finite[of X Y]
+ by (fastforce simp: set_sel_1_if_notfin1 set_sel_1_if_notfin2)
+
+lemma list_sel_aux'_eq_set_sel_aux':
+ "distinct xs \<Longrightarrow> list_sel_aux' f xs x = set_sel_aux' f (set xs) x"
+ by(induction xs) (auto simp: set_sel_aux'_def)
+
+lemma list_sel'_eq_set_sel':
+ "\<lbrakk>distinct xs; distinct ys\<rbrakk> \<Longrightarrow> list_sel' f xs ys = set_sel' f (set xs) (set ys)"
+ by(induction ys) (auto simp: set_sel'_def list_sel_aux'_eq_set_sel_aux' list_sel_empty)
+
+lemma list_sel_eq_set_sel':
+ "\<lbrakk>distinct xs; distinct ys\<rbrakk> \<Longrightarrow> list_sel f xs ys = set_sel' f (set xs) (set ys)"
+ by (simp add: list_sel'_eq_set_sel' list_sel_eq')
+
+lemma set_sel'_symm_if_finite: "\<lbrakk>finite X; finite Y; sel_symm f\<rbrakk> \<Longrightarrow> set_sel' f X Y = set_sel' f Y X"
+ using finite_distinct_list list_sel_symm list_sel_eq_set_sel' by metis
+
+lemma set_sel_aux'_1_if_notfin: "\<not>finite X \<Longrightarrow> set_sel_aux' f X y = 1"
+ unfolding set_sel_aux'_def by simp
+
+lemma set_sel'_1_if_notfin1: "\<not>finite X \<Longrightarrow> set_sel' f X Y = 1"
+ unfolding set_sel'_def set_sel_aux'_def by simp
+
+lemma set_sel'_1_if_notfin2: "\<not>finite Y \<Longrightarrow> set_sel' f X Y = 1"
+ unfolding set_sel'_def set_sel_aux'_def by simp
+
+lemma set_sel'_symm: "sel_symm f \<Longrightarrow> set_sel' f X Y = set_sel' f Y X"
+ using set_sel'_symm_if_finite[of X Y]
+ by (fastforce simp: set_sel'_1_if_notfin1 set_sel'_1_if_notfin2)
+
+lemma set_sel'_eq_set_sel: "set_sel' f X Y = set_sel f X Y"
+ unfolding set_sel_def set_sel_aux_def set_sel'_def set_sel_aux'_def using prod.swap by fast
+
+lemma set_sel_aux_reasonable_fin:
+ "\<lbrakk>finite y; sel_reasonable f\<rbrakk> \<Longrightarrow> set_sel_aux f x y \<le> 1 \<and> set_sel_aux f x y > 0"
+ unfolding set_sel_aux_def
+ by(induction y rule: finite_induct) (auto simp: sel_reasonable_def mult_le_one)
+
+lemma set_sel_aux_reasonable:
+ "sel_reasonable f \<Longrightarrow> set_sel_aux f x y \<le> 1 \<and> set_sel_aux f x y > 0"
+ by(cases "finite y") (auto simp: set_sel_aux_reasonable_fin set_sel_aux_1_if_notfin)
+
+lemma set_sel_aux'_reasonable_fin:
+ "\<lbrakk>finite x; sel_reasonable f\<rbrakk> \<Longrightarrow> set_sel_aux' f x y \<le> 1 \<and> set_sel_aux' f x y > 0"
+ unfolding set_sel_aux'_def
+ by(induction x rule: finite_induct) (auto simp: sel_reasonable_def mult_le_one)
+
+lemma set_sel_aux'_reasonable:
+ "sel_reasonable f \<Longrightarrow> set_sel_aux' f x y \<le> 1 \<and> set_sel_aux' f x y > 0"
+ by(cases "finite x") (auto simp: set_sel_aux'_reasonable_fin set_sel_aux'_1_if_notfin)
+
+lemma set_sel_reasonable_fin:
+ "\<lbrakk>finite x; sel_reasonable f\<rbrakk> \<Longrightarrow> set_sel f x y \<le> 1 \<and> set_sel f x y > 0"
+ unfolding set_sel_def
+ apply(induction x rule: finite_induct)
+ using set_sel_aux'_reasonable_fin apply(simp)
+ by (smt (verit) prod_le_1 prod_pos set_sel_aux_reasonable)
+
+lemma set_sel_reasonable: "sel_reasonable f \<Longrightarrow> set_sel f x y \<le> 1 \<and> set_sel f x y > 0"
+ by(cases "finite x") (auto simp: set_sel_reasonable_fin set_sel_1_if_notfin1)
+
+lemma set_sel'_reasonable_fin:
+ "\<lbrakk>finite y; sel_reasonable f\<rbrakk> \<Longrightarrow> set_sel' f x y \<le> 1 \<and> set_sel' f x y > 0"
+ unfolding set_sel'_def
+ apply(induction y rule: finite_induct)
+ using set_sel_aux'_reasonable_fin apply(simp)
+ by (smt (verit) prod_le_1 prod_pos set_sel_aux'_reasonable)
+
+lemma set_sel'_reasonable: "sel_reasonable f \<Longrightarrow> set_sel' f x y \<le> 1 \<and> set_sel' f x y > 0"
+ by (cases "finite y") (auto simp: set_sel'_reasonable_fin set_sel'_1_if_notfin2)
+
+lemma ldeep_s_pos: "sel_reasonable f \<Longrightarrow> ldeep_s f xs x > 0"
+ by (induction xs) (auto simp: list_sel_aux'_reasonable)
+
+lemma distinct_app_trans_r: "distinct (ys@xs) \<Longrightarrow> distinct xs"
+ by simp
+
+lemma distinct_app_trans_l: "distinct (ys@xs) \<Longrightarrow> distinct ys"
+ by simp
+
+lemma ldeep_s_reasonable: "sel_reasonable f \<Longrightarrow> ldeep_s f xs y \<le> 1 \<and> ldeep_s f xs y > 0"
+ by (induction xs) (auto simp: list_sel_aux'_reasonable)
+
+lemma ldeep_s_eq_list_sel_aux'_split:
+ "y \<in> set xs \<Longrightarrow> \<exists>as bs. as @ y # bs = xs \<and> ldeep_s sel xs y = list_sel_aux' sel bs y"
+proof(induction xs)
+ case (Cons x xs)
+ then show ?case
+ proof(cases "x = y")
+ case False
+ then obtain as bs where as_def: "as @ y # bs = xs" "ldeep_s sel xs y = list_sel_aux' sel bs y"
+ using Cons by auto
+ then have "(x#as) @ y # bs = x#xs" by simp
+ then show ?thesis using False as_def(2) by fastforce
+ qed(auto)
+qed(simp)
+
+lemma distinct_ldeep_s_eq_aux:
+ "distinct xs \<Longrightarrow> \<exists>xs'. xs'@y#ys=xs \<Longrightarrow> ldeep_s f xs y = list_sel_aux' f ys y"
+proof(induction xs arbitrary: ys)
+ case (Cons x xs)
+ then show ?case
+ proof(cases "x=y \<and> ys=xs")
+ case True
+ then show ?thesis using Cons.prems by simp
+ next
+ case False
+ then have "\<exists>xs'. xs'@y#ys=x#xs \<and> xs' \<noteq> []" using Cons.prems by auto
+ then have 0: "\<exists>xs''. x#xs''@y#ys=x#xs" by (metis list.sel(3) tl_append2)
+ have 1: "distinct xs" using Cons.prems(1) by fastforce
+ then show ?thesis
+ proof(cases "x=y")
+ case True
+ then have "count (mset (x#xs)) x \<ge> 2" using 0 by auto
+ then show ?thesis using Cons.prems by simp
+ next
+ case False
+ then have "ldeep_s f (x # xs) y
+ = (\<lambda>a. if a=x then list_sel_aux' f xs a else ldeep_s f xs a) y" by simp
+ also have "\<dots> = ldeep_s f xs y" using False by simp
+ finally show ?thesis using Cons.IH 0 1 by simp
+ qed
+ qed
+qed(simp)
+
+lemma distinct_ldeep_s_eq_aux':
+ "\<lbrakk>distinct xs; as @ y # bs = xs\<rbrakk> \<Longrightarrow> ldeep_s sel xs y = list_sel_aux' sel bs y"
+ using distinct_ldeep_s_eq_aux by fast
+
+lemma ldeep_s_last1_if_distinct: "distinct xs \<Longrightarrow> ldeep_s sel xs (last xs) = 1"
+ by (induction xs) auto
+
+lemma ldeep_s_revhd1_if_distinct: "distinct xs \<Longrightarrow> ldeep_s sel (rev xs) (hd xs) = 1"
+ using ldeep_s_last1_if_distinct[of "rev xs"] by (simp add: last_rev)
+
+lemma ldeep_s_1_if_nelem: "x \<notin> set xs \<Longrightarrow> ldeep_s sel xs x = 1"
+ by (induction xs) auto
+
+lemma distinct_xs_not_ys: "distinct (xs@ys) \<Longrightarrow> x \<in> set xs \<Longrightarrow> x \<notin> set ys"
+ by auto
+
+lemma distinct_ys_not_xs: "distinct (xs@ys) \<Longrightarrow> x \<in> set ys \<Longrightarrow> x \<notin> set xs"
+ by auto
+
+lemma distinct_change_order_first_eq_nempty:
+ assumes "distinct (xs@ys@zs@rs)"
+ and "ys \<noteq> []"
+ and "zs \<noteq> []"
+ and "take 1 (xs@ys@zs@rs) = take 1 (xs@zs@ys@rs)"
+ shows "xs \<noteq> []"
+proof
+ assume "xs = []"
+ then have "take 1 (ys@zs@rs) = take 1 (zs@ys@rs)" using assms(4) by simp
+ then have "\<exists>r rs1 rs2. ys@zs@rs = r#rs1 \<and> zs@ys@rs = r#rs2"
+ by (metis append_Cons append_take_drop_id assms(3) neq_Nil_conv take_eq_Nil zero_neq_one)
+ then obtain r rs1 rs2 where r_def: "ys@zs@rs = r#rs1 \<and> zs@ys@rs = r#rs2" by blast
+ then have 0: "r \<in> set ys \<and> r \<in> set zs"
+ using assms(2,3) by (metis Cons_eq_append_conv list.set_intros(1))
+ then show False using 0 assms(1) by auto
+qed
+
+lemma distinct_change_order_first_elem:
+ "\<lbrakk>distinct (xs@ys@zs@rs); ys \<noteq> []; zs \<noteq> []; take 1 (xs@ys@zs@rs) = take 1 (xs@zs@ys@rs)\<rbrakk>
+ \<Longrightarrow> take 1 (xs@ys@zs@rs) = take 1 xs"
+ by (cases xs) (fastforce dest!: distinct_change_order_first_eq_nempty)+
+
+lemma take1_singleton_app: "take 1 xs = [r] \<Longrightarrow> take 1 (xs@ys) = [r]"
+ by (induction xs) (auto)
+
+lemma hd_eq_take1: "take 1 xs = [r] \<Longrightarrow> hd xs = r"
+ using hd_take[of 1 xs] by simp
+
+lemma take1_eq_hd: "\<lbrakk>xs \<noteq> []; hd xs = r\<rbrakk> \<Longrightarrow> take 1 xs = [r]"
+ by (simp add: take_Suc)
+
+lemma nempty_if_take1: "take 1 xs = [r] \<Longrightarrow> xs \<noteq> []"
+ by force
+
+end
\ No newline at end of file
diff --git a/thys/Query_Optimization/Shortest_Path_Tree.thy b/thys/Query_Optimization/Shortest_Path_Tree.thy
new file mode 100644
--- /dev/null
+++ b/thys/Query_Optimization/Shortest_Path_Tree.thy
@@ -0,0 +1,677 @@
+theory Shortest_Path_Tree
+ imports "Graph_Theory.Graph_Theory" "Graph_Definitions" "Graph_Theory_Batteries" "Misc"
+begin
+
+text \<open>
+This theory defines the notion of a partial shortest path tree in the locale @{text psp_tree}.
+A partial shortest path tree contains the s nearest notes with respect to some weight function.
+Since, at the time of writing, the definition of @{const forest} only guarantees acyclicity
+and the definition of @{const tree} is also incorrect by extension, we develop our own definition
+of a directed tree in the locale @{text directed_tree}.
+\<close>
+
+section \<open>Directed tree\<close>
+
+text \<open>
+The following locale defines the notion of a rooted directed tree. The tree property is
+established by asserting a unique walk from the root to each vertex. Note that we need
+@{const pre_digraph.awalk} and not @{const pre_digraph.apath} here since we want to have only one
+incoming arc for each vertex. In the locale all the usual properties of trees are established, e.g.
+non-existence of @{const pre_digraph.cycle}, absence of loops with @{locale loopfree_digraph} and
+multi-arcs with @{locale nomulti_digraph}.
+We also prove the admissibility of an induction rule for finite trees which constructs any tree
+inductively by starting with a single node (the root) and consecutively adding leaves.
+Finally we define the depth of a tree.
+\<close>
+locale directed_tree =
+ wf_digraph T for T +
+fixes
+ root :: 'a
+assumes
+ root_in_T: "root \<in> verts T" and
+ unique_awalk: "v \<in> verts T \<Longrightarrow> \<exists>!p. awalk root p v"
+begin
+
+subsection \<open>General properties of trees\<close>
+
+lemma reachable_from_root: "v \<in> verts T \<Longrightarrow> root \<rightarrow>\<^sup>*\<^bsub>T\<^esub> v"
+ using unique_awalk reachable_awalkI by blast
+
+lemma non_empty: "verts T \<noteq> {}"
+ using root_in_T by blast
+
+theorem cycle_free: "\<nexists>c. cycle c"
+proof
+ assume "\<exists>c. cycle c"
+ then obtain c where c: "cycle c" by blast
+ from unique_awalk[of "awhd root c", OF awhd_in_verts[OF root_in_T, of c]]
+ obtain p where p: "awalk root p (awhd root c)"
+ using c[unfolded cycle_conv] unfolding awalk_conv by auto
+ from c p awalk_appendI have "awalk root (p@c) (awhd root c)"
+ by (metis awalkE' cycle_def awalk_verts_ne_eq)
+ with unique_awalk p c show "False"
+ using awalk_last_in_verts unfolding cycle_def by blast
+qed
+
+sublocale loopfree: loopfree_digraph T
+proof(standard, rule ccontr)
+ fix e assume arc: "e \<in> arcs T" and loop: "\<not> tail T e \<noteq> head T e"
+ then have "cycle [e]"
+ unfolding cycle_conv
+ using arc_implies_awalk by force
+ with cycle_free show "False" by blast
+qed
+
+sublocale nomulti: nomulti_digraph T
+proof(standard, rule ccontr, goal_cases)
+ case (1 e1 e2)
+ let ?u = "tail T e1" and ?v = "head T e1"
+ from unique_awalk obtain p where "awalk root p ?u"
+ using 1 tail_in_verts by blast
+ with 1 have "awalk root (p@[e1]) ?v" and "awalk root (p@[e2]) ?v"
+ unfolding arc_to_ends_def
+ using arc_implies_awalk by (fastforce)+
+
+ with unique_awalk show "False"
+ using \<open>e1 \<noteq> e2\<close> by blast
+qed
+
+
+lemma connected': "\<lbrakk> u \<in> verts T; v \<in> verts T \<rbrakk> \<Longrightarrow> u \<rightarrow>\<^sup>*\<^bsub>mk_symmetric T\<^esub> v"
+proof -
+ let ?T' = "mk_symmetric T"
+ fix u v assume "u \<in> verts T" and "v \<in> verts T"
+ then have "\<exists>up. awalk root up u" and "\<exists>vp. awalk root vp v"
+ using unique_awalk by blast+
+ then obtain up vp where up: "awalk root up u" and vp: "awalk root vp v" by blast
+ then have "u \<rightarrow>\<^sup>*\<^bsub>mk_symmetric T\<^esub> root" and "root \<rightarrow>\<^sup>*\<^bsub>mk_symmetric T\<^esub> v"
+ by (meson reachable_awalkI reachable_mk_symmetricI
+ symmetric_mk_symmetric symmetric_reachable)+
+ then show "u \<rightarrow>\<^sup>*\<^bsub>mk_symmetric T\<^esub> v"
+ by (meson wellformed_mk_symmetric wf_digraph.reachable_trans wf_digraph_wp_iff)
+qed
+
+theorem connected: "connected T"
+ unfolding connected_def strongly_connected_def
+ using connected' root_in_T by auto
+
+lemma unique_awalk_All: "\<exists>p. awalk u p v \<Longrightarrow> \<exists>!p. awalk u p v"
+proof(rule ccontr, goal_cases)
+ case 1
+ then have "\<exists>p q. awalk u p v \<and> awalk u q v \<and> p \<noteq> q"
+ by blast
+ then obtain p q where
+ p: "awalk u p v" and q: "awalk u q v" and "p \<noteq> q" by blast
+ from unique_awalk obtain w where w: "awalk root w u"
+ using \<open>awalk u p v\<close> by blast
+ then have "awalk root (w@p) v" and "awalk root (w@q) v" and "(w@p) \<noteq> (w@q)"
+ using \<open>awalk u p v\<close> \<open>awalk u q v\<close> \<open>p \<noteq> q\<close> awalk_appendI by auto
+ with unique_awalk show ?case by blast
+qed
+
+lemma unique_arc:
+ shows "u \<rightarrow>\<^bsub>T\<^esub> v \<Longrightarrow> \<exists>!e \<in> arcs T. tail T e = u \<and> head T e = v"
+ and "(\<nexists>e. e \<in> arcs T \<and> tail T e = u \<and> head T e = v) \<Longrightarrow> \<not> u \<rightarrow>\<^bsub>T\<^esub> v"
+ using unique_awalk_All nomulti.no_multi_arcs unfolding arc_to_ends_def
+ by auto
+
+lemma unique_arc_set:
+ fixes u v
+ defines "A \<equiv> {e \<in> arcs T. tail T e = u \<and> head T e = v}"
+ shows "A = {} \<or> (\<exists>e. A = {e})"
+proof(cases "u \<rightarrow>\<^bsub>T\<^esub> v")
+ case True
+ note unique_arc(1)[OF True]
+ then show ?thesis unfolding A_def by blast
+next
+ case False
+ then have "\<nexists>e. e \<in> arcs T \<and> tail T e = u \<and> head T e = v"
+ using in_arcs_imp_in_arcs_ends arcs_ends_def by blast
+ then show ?thesis unfolding A_def by auto
+qed
+
+
+lemma sp_eq_awalk_cost: "awalk a p b \<Longrightarrow> awalk_cost w p = \<mu> w a b"
+proof -
+ assume "awalk a p b"
+ with unique_awalk_All have "{p. awalk a p b} = {p}"
+ by blast
+ then show ?thesis unfolding \<mu>_def
+ by (metis cInf_singleton image_empty image_insert)
+qed
+
+lemma sp_cost_finite: "awalk a p b \<Longrightarrow> \<mu> w a b > -\<infinity> \<and> \<mu> w a b < \<infinity>"
+ using sp_eq_awalk_cost[symmetric] by simp
+
+theorem sp_append:
+ "\<lbrakk> awalk a p b; awalk b q c \<rbrakk> \<Longrightarrow> \<mu> w a c = \<mu> w a b + \<mu> w b c"
+proof -
+ assume p: "awalk a p b" and q: "awalk b q c"
+ then have p_q: "awalk a (p@q) c" by auto
+ then have "awalk_cost w (p@q) = awalk_cost w p + awalk_cost w q"
+ using awalk_cost_append by blast
+
+ with p q p_q show ?thesis using sp_eq_awalk_cost
+ by (metis plus_ereal.simps(1))
+qed
+
+text \<open>Convenience lemma which reformulates @{thm sp_append} to use reachability as assumptions.\<close>
+lemma sp_append2: "\<lbrakk> v1 \<rightarrow>\<^sup>*\<^bsub>T\<^esub> v2; v2 \<rightarrow>\<^sup>*\<^bsub>T\<^esub> v3 \<rbrakk>
+ \<Longrightarrow> \<mu> w v1 v3 = \<mu> w v1 v2 + \<mu> w v2 v3"
+ using reachable_awalk sp_append by auto
+
+theorem connected_minimal: "e \<in> arcs T \<Longrightarrow> \<not> (tail T e) \<rightarrow>\<^sup>*\<^bsub>(del_arc e)\<^esub> (head T e)"
+proof
+ let ?T' = "del_arc e" and ?u = "tail T e" and ?v = "head T e"
+ assume "e \<in> arcs T" and "?u \<rightarrow>\<^sup>*\<^bsub>?T'\<^esub> ?v"
+ note e = this
+ then have T'_wf: "wf_digraph ?T'" by blast
+
+ from e have "awalk ?u [e] ?v"
+ by (simp add: arc_implies_awalk)
+ moreover
+ note wf_digraph.reachable_awalk[OF T'_wf, of ?u ?v]
+ with e obtain p where p: "pre_digraph.awalk ?T' ?u p ?v" by blast
+
+ from e have "e \<notin> arcs ?T'" by simp
+ with e p have "e \<notin> set p" by (meson T'_wf subsetCE wf_digraph.awalkE')
+ with p have "[e] \<noteq> p" and "awalk ?u p ?v"
+ by (auto simp: subgraph_awalk_imp_awalk subgraph_del_arc)
+
+ ultimately show False using unique_awalk_All by blast
+qed
+
+lemma All_arcs_in_path: "e \<in> arcs T \<Longrightarrow> \<exists>p u v. awalk u p v \<and> e \<in> set p"
+ by (meson arc_implies_awalk list.set_intros(1))
+
+subsection \<open>An induction rule for finite trees\<close>
+text \<open>
+In this section we develop an induction rule for finite trees. Since this induction rule works by
+inductively adding trees we first need to define the notion of a leaf and prove numerous facts
+about them.
+\<close>
+
+definition (in pre_digraph) leaf :: "'a \<Rightarrow> bool" where
+ "leaf v \<equiv> v \<in> verts G \<and> out_arcs G v = {}"
+
+lemma in_degree_root_zero: "in_degree T root = 0"
+proof(rule ccontr)
+ assume "in_degree T root \<noteq> 0"
+ then obtain e u where e: "tail T e = u" "head T e = root" "u \<in> verts T" "e \<in> arcs T"
+ by (metis tail_in_verts all_not_in_conv card.empty in_degree_def in_in_arcs_conv)
+ with unique_awalk obtain p where p: "awalk root p u" by blast
+ with e have "awalk root (p@[e]) root"
+ using awalk_appendI arc_implies_awalk by auto
+ moreover
+ have "awalk root [] root" by (simp add: awalk_Nil_iff root_in_T)
+ ultimately show "False" using unique_awalk by blast
+qed
+
+lemma leaf_out_degree_zero: "leaf v \<Longrightarrow> out_degree T v = 0"
+ unfolding leaf_def out_degree_def by auto
+
+lemma two_in_arcs_contr:
+ assumes "e1 \<in> arcs T" "e2 \<in> arcs T" and "e1 \<noteq> e2" and "head T e1 = head T e2"
+ shows "False"
+proof -
+ from unique_awalk assms obtain p1 p2
+ where "awalk root p1 (tail T e1)" and "awalk root p2 (tail T e2)"
+ by (meson tail_in_verts in_in_arcs_conv)
+ with assms have "awalk root (p1@[e1]) (head T e1)" and "awalk root (p2@[e2]) (head T e1)"
+ unfolding in_arcs_def
+ using arc_implies_awalk by force+
+ with unique_awalk \<open>e1 \<noteq> e2\<close> show "False" by blast
+qed
+
+lemma in_arcs_finite: "v \<in> verts T \<Longrightarrow> finite (in_arcs T v)"
+proof(rule ccontr)
+ assume "\<not> finite (in_arcs T v)"
+ then obtain e1 e2
+ where e1_e2: "e1 \<in> in_arcs T v" "e2 \<in> in_arcs T v" "e1 \<noteq> e2"
+ by (metis finite.emptyI finite_insert finite_subset insertI1 subsetI)
+ with two_in_arcs_contr show "False" unfolding in_arcs_def by auto
+qed
+
+lemma not_root_imp_in_deg_one: "\<lbrakk> v \<in> verts T; v \<noteq> root \<rbrakk> \<Longrightarrow> in_degree T v = 1"
+proof(rule ccontr)
+ assume "v \<noteq> root" and "v \<in> verts T" and "in_degree T v \<noteq> 1"
+ then have "in_degree T v \<noteq> 0"
+ proof -
+ from unique_awalk \<open>v \<in> verts T\<close> obtain p where "awalk root p v" by blast
+ with \<open>v \<noteq> root\<close> have "root \<rightarrow>\<^sup>+\<^bsub>T\<^esub> v" using reachable_awalkI by blast
+ then have "\<exists>u. u \<rightarrow>\<^bsub>T\<^esub> v" by (meson tranclD2)
+ then show ?thesis
+ using in_arcs_finite[OF \<open>v \<in> verts T\<close>] unfolding in_degree_def
+ using card_eq_0_iff by fastforce
+ qed
+ moreover
+ have "\<not> in_degree T v \<ge> 2"
+ proof
+ assume in_deg_ge_2: "in_degree T v \<ge> 2"
+ have "\<exists>e1 e2. e1 \<in> in_arcs T v \<and> e2 \<in> in_arcs T v \<and> e1 \<noteq> e2"
+ proof(cases "in_arcs T v = {}")
+ case True
+ then show ?thesis using in_deg_ge_2[unfolded in_degree_def] by simp
+ next
+ case False
+ then obtain e1 where "e1 \<in> in_arcs T v" by blast
+ then have "card (in_arcs T v) = 1" if "\<forall>e2 \<in> in_arcs T v. e1 = e2"
+ using that by(auto simp: card_Suc_eq[where ?A="(in_arcs T v)"])
+ then show ?thesis
+ using in_deg_ge_2[unfolded in_degree_def] \<open>e1 \<in> in_arcs T v\<close> by force
+ qed
+ with two_in_arcs_contr show "False" unfolding in_arcs_def by auto
+ qed
+ ultimately show "False" using \<open>in_degree T v \<noteq> 1\<close> by linarith
+qed
+
+lemma in_deg_one_imp_not_root: "\<lbrakk> v \<in> verts T; in_degree T v = 1 \<rbrakk> \<Longrightarrow> v \<noteq> root"
+ using in_degree_root_zero by auto
+
+corollary in_deg_one_iff: "v \<in> verts T \<Longrightarrow> v \<noteq> root \<longleftrightarrow> in_degree T v = 1"
+ using not_root_imp_in_deg_one in_deg_one_imp_not_root by blast
+
+lemma ex_in_arc: "\<lbrakk> v \<noteq> root; v \<in> verts T \<rbrakk> \<Longrightarrow> \<exists>e. in_arcs T v = {e}"
+ using not_root_imp_in_deg_one unfolding in_degree_def
+ by (auto simp: card_Suc_eq)
+
+lemma ex_leaf: "finite (verts T) \<Longrightarrow> \<exists>v \<in> verts T. leaf v"
+proof(rule ccontr, simp)
+ assume verts_fin: "finite (verts T)" and no_leaves: "\<forall>x\<in>verts T. \<not> leaf x"
+ then have "\<forall>x \<in> verts T. \<exists>e. e \<in> out_arcs T x"
+ unfolding leaf_def by (simp add: out_arcs_def)
+ then have "\<forall>x \<in> verts T. \<exists>x' e. awalk x [e] x'"
+ unfolding out_arcs_def using arc_implies_awalk by force
+ then have extend: "\<exists>p v'. awalk u (ps@[p]) v'" if "awalk u ps v" for u ps v
+ using that by force
+ have "\<exists>u p v. awalk u p v \<and> length p = n" for n
+ proof(induction n)
+ case 0
+ from root_in_T have "awalk root [] root"
+ by (simp add: awalk_Nil_iff)
+ then show ?case by blast
+ next
+ case (Suc n)
+ then obtain u p v where "awalk u p v" and "length p = n" by blast
+ from extend[OF this(1)] obtain e v' where "awalk u (p@[e]) v'" and "length (p@[e]) = Suc n"
+ using length_append_singleton \<open>length p = n\<close> by auto
+ then show ?case by blast
+ qed
+ with awalk_not_distinct[OF verts_fin] have "\<exists>p. cycle p"
+ using awalk_cyc_decompE' closed_w_imp_cycle by (metis order_refl)
+ with cycle_free show False by blast
+qed
+
+lemma verts_finite_imp_arcs_finite: "finite (verts T) \<Longrightarrow> finite (arcs T)"
+proof -
+ assume "finite (verts T)"
+ then have "finite (verts T \<times> verts T)" by simp
+ let ?a = "\<lambda>(u,v). {e \<in> arcs T. tail T e = u \<and> head T e = v}"
+ let ?A = "\<Union>{?a e |e. e \<in> verts T \<times> verts T}"
+ have "arcs T \<subseteq> ?A"
+ proof
+ fix e assume e: "e \<in> arcs T"
+ then have "tail T e \<in> verts T" and "head T e \<in> verts T"
+ using wellformed by auto
+ with e show "e \<in> ?A" by blast
+ qed
+ moreover
+ have "finite (?a (u,v))" for u v
+ using unique_arc_set[of u v] finite.simps by auto
+ with finite_Union[OF \<open>finite (verts T \<times> verts T)\<close>] have "finite ?A"
+ by blast
+ ultimately show "finite (arcs T)" using finite_subset by blast
+qed
+
+lemma root_leaf_iff: "leaf root \<longleftrightarrow> verts T = {root}"
+proof
+ from root_in_T show "verts T = {root} \<Longrightarrow> leaf root"
+ using leaf_def ex_leaf by auto
+ show "leaf root \<Longrightarrow> (verts T = {root})"
+ proof(rule ccontr)
+ assume "leaf root" and "verts T \<noteq> {root}"
+ with non_empty obtain u where u: "u \<in> verts T" "u \<noteq>root"
+ by blast
+ with unique_awalk obtain p where p: "awalk root p u" by blast
+ with \<open>u \<noteq> root\<close> obtain e where e: "e = hd p" "tail T e = root"
+ by (metis awalkE' awalk_ends pre_digraph.cas_simp)
+ with u p have "e \<in> out_arcs T root" unfolding out_arcs_def
+ by (simp, metis awalkE awalk_ends hd_in_set subset_iff)
+ with \<open>leaf root\<close> show "False"
+ unfolding leaf_def out_degree_def by auto
+ qed
+qed
+
+lemma leaf_not_mem_awalk:
+ "\<lbrakk> leaf x; awalk u p v; v \<noteq> x \<rbrakk> \<Longrightarrow> x \<notin> set (awalk_verts u p)"
+proof(induction p arbitrary: u)
+ case Nil
+ then have "u = v" unfolding awalk_conv by simp
+ with Nil show ?case by auto
+next
+ case (Cons a p)
+ then have "x \<notin> set (awalk_verts (head T a) p)" by (simp add: awalk_Cons_iff)
+ moreover
+ from Cons.prems have "tail T a \<noteq> x"
+ unfolding leaf_def out_arcs_def by auto
+ ultimately show ?case by simp
+qed
+
+lemma tree_del_vert:
+ assumes "v \<noteq> root" and "leaf v"
+ shows "directed_tree (del_vert v) root"
+proof(unfold_locales)
+ from \<open>v \<noteq> root\<close> show "root \<in> verts (del_vert v)" using verts_del_vert root_in_T by auto
+
+ have "u\<in>verts (del_vert v) \<Longrightarrow> \<exists>!p. pre_digraph.awalk (del_vert v) root p u" for u
+ proof -
+ assume "u \<in> verts (del_vert v)"
+ then have "u \<in> verts T" "u \<noteq> v" by (simp_all add: verts_del_vert)
+ then obtain p where p: "awalk root p u" "\<forall>p'. awalk root p' u \<longrightarrow> p = p'"
+ using unique_awalk[OF \<open>u \<in> verts T\<close>] by auto
+ then have "v \<notin> set (awalk_verts root p)"
+ using leaf_not_mem_awalk[OF \<open>leaf v\<close> _ \<open>u \<noteq> v\<close>] by blast
+ with p have
+ "pre_digraph.awalk (del_vert v) root p u"
+ "\<forall>p'. pre_digraph.awalk (del_vert v) root p' u \<longrightarrow> p = p'"
+ using awalk_del_vert subgraph_awalk_imp_awalk subgraph_del_vert by blast+
+ then show ?thesis by blast
+ qed
+ then show "\<And>va. va \<in> verts (del_vert v)
+ \<Longrightarrow> \<exists>!p. pre_digraph.awalk (del_vert v) root p va" by blast
+qed (meson wf_digraph_del_vert wf_digraph_def)+
+
+lemma arcs_del_leaf:
+ assumes e: "e \<in> arcs T" "head T e = v" and v: "leaf v"
+ shows "arcs (del_vert v) = arcs T - {e}"
+proof -
+ from v have "out_arcs T v = {}"
+ unfolding pre_digraph.leaf_def by simp
+ moreover
+ from e v have "v \<noteq> root"
+ using loopfree.no_loops root_leaf_iff by fastforce
+ from ex_in_arc[OF this] v have "in_arcs T v = {e}"
+ unfolding pre_digraph.leaf_def using e e two_in_arcs_contr by fastforce
+ ultimately show ?thesis unfolding out_arcs_def in_arcs_def
+ using arcs_del_vert2 by auto
+qed
+
+lemma finite_directed_tree_induct[consumes 1, case_names single_vert add_leaf]:
+ assumes "finite (verts T)"
+ assumes base: "\<And>t h root. P \<lparr> verts = {root}, arcs = {}, tail = t, head = h \<rparr>"
+ and add_leaf: "\<And>T' V A t h u root a v. \<lbrakk>T' = \<lparr> verts = V, arcs = A, tail = t, head = h \<rparr>; finite (verts T');
+ directed_tree T' root; P T'; u \<in> V; v \<notin> V; a \<notin> A\<rbrakk>
+ \<Longrightarrow> P \<lparr> verts = V \<union> {v}, arcs = A \<union> {a}, tail = t(a := u), head = h(a := v) \<rparr>"
+ shows "P T"
+ using assms(1) directed_tree_axioms
+proof(induction "card (verts T)" arbitrary: T root)
+ case 0
+ then have "verts T = {}" using card_eq_0_iff by simp
+ with directed_tree.non_empty[OF \<open>directed_tree T root\<close>] show ?case by blast
+next
+ case (Suc n)
+ then interpret tree_T: directed_tree T root by simp
+ show ?case
+ proof(cases "n = 0")
+ case True
+ with \<open>Suc n = card (verts T)\<close> have "card (verts T) = 1" by simp
+ from mem_card1_singleton[OF tree_T.root_in_T this] have "verts T = {root}" .
+ then have "arcs T = {}"
+ using tree_T.loopfree.no_loops tree_T.tail_in_verts by fastforce
+ with \<open>verts T = {root}\<close> have "T = \<lparr> verts = {root}, arcs = {}, tail = tail T, head = head T \<rparr>"
+ by simp
+ with base[of root "tail T" "head T"] show ?thesis by simp
+ next
+ case False
+
+ from Suc.prems(1) have "finite (verts T)"
+ using finite_insert by simp
+ from tree_T.ex_leaf[OF this]
+ obtain v where v: "tree_T.leaf v" by blast
+ with False have "v \<noteq> root"
+ using tree_T.root_leaf_iff Suc.hyps(2) by fastforce
+ note v = \<open>tree_T.leaf v\<close> \<open>v \<noteq> root\<close>
+
+ let ?T' = "tree_T.del_vert v"
+ have T': "?T' = \<lparr> verts = verts ?T', arcs = arcs ?T', tail = tail ?T', head = head ?T' \<rparr>"
+ by simp
+ note tree_T.tree_del_vert[OF v(2,1)]
+ moreover
+ have "finite (verts ?T')"
+ by (simp add: tree_T.verts_del_vert \<open>finite (verts T)\<close>)
+ moreover
+ from \<open>finite (verts ?T')\<close> Suc.hyps(2) Suc.prems(1) have "card (verts ?T') = n"
+ using tree_T.verts_del_vert v(1)[unfolded tree_T.leaf_def] by auto
+ moreover
+ from tree_T.ex_in_arc[OF v(2)]
+ obtain e where e: "in_arcs T v = {e}" "tail T e \<in> verts T"
+ using v(1)[unfolded tree_T.leaf_def] by force
+ then have "tail T e \<in> verts ?T'"
+ unfolding in_arcs_def using tree_T.arcs_del_vert[of v]
+ using tree_T.loopfree.no_loops tree_T.verts_del_vert[of v]
+ using v(1)[unfolded tree_T.leaf_def] by fastforce
+ moreover
+ from Suc.hyps(1) have "P ?T'" using calculation by blast
+ moreover
+ note tree_T.verts_del_vert[of v]
+ moreover
+ from e have "head T e = v" unfolding in_arcs_def by blast
+ then have "e \<notin> arcs ?T'" unfolding tree_T.arcs_del_vert by simp
+
+ ultimately have "P \<lparr> verts = verts ?T' \<union> {v}, arcs = arcs ?T' \<union> {e},
+ tail = (tail ?T')(e := (tail T e)), head = (head ?T')(e := v) \<rparr>"
+ using add_leaf[OF T'] by blast
+ moreover
+ have "T = \<lparr> verts = verts ?T' \<union> {v}, arcs = arcs ?T' \<union> {e},
+ tail = (tail ?T')(e := (tail T e)), head = (head ?T')(e := v) \<rparr>"
+ proof -
+ have "verts T = verts ?T' \<union> {v}"
+ using v(1)[unfolded tree_T.leaf_def] tree_T.verts_del_vert[of v] by fastforce
+ moreover
+ have "arcs ?T' = arcs T - out_arcs T v - in_arcs T v"
+ using tree_T.arcs_del_vert2 by fastforce
+ with e v(1)[unfolded pre_digraph.leaf_def] have "arcs T = arcs ?T' \<union> {e}" by auto
+ moreover
+ have "tail T = (tail ?T')(e := (tail T e))"
+ by (simp add: tree_T.tail_del_vert)
+ moreover
+ from e[unfolded in_arcs_def] have "head T = (head ?T')(e := v)"
+ using tree_T.head_del_vert \<open>head T e = v\<close> by auto
+ ultimately show ?thesis by simp
+ qed
+ ultimately show ?thesis by simp
+ qed
+qed
+
+text \<open>A simple consequence of the induction rule is that a tree with n vertices has n-1 arcs.\<close>
+lemma Suc_card_arcs_eq_card_verts:
+ assumes "finite (verts T)"
+ shows "Suc (card (arcs T)) = card (verts T)"
+using assms
+proof(induction rule: finite_directed_tree_induct)
+ case (single_vert)
+ then show ?case by simp
+next
+ case (add_leaf)
+ then show ?case
+ using directed_tree.verts_finite_imp_arcs_finite
+ by fastforce
+qed
+
+subsection \<open>Depth of a tree\<close>
+
+definition depth where "depth w \<equiv> Sup {\<mu> w root v|v. v \<in> verts T}"
+
+context
+ fixes w :: "'b weight_fun"
+ assumes "\<forall>e \<in> arcs T. w e \<ge> 0"
+begin
+
+lemma sp_from_root_le: "u \<rightarrow>\<^sup>*\<^bsub>T\<^esub> v \<Longrightarrow> \<mu> w root v \<ge> \<mu> w u v"
+proof -
+ assume "u \<rightarrow>\<^sup>*\<^bsub>T\<^esub> v"
+
+ have "\<mu> w root u \<ge> 0"
+ using \<open>\<forall>e\<in>arcs T. 0 \<le> w e\<close> sp_non_neg_if_w_non_neg by simp
+ moreover
+ have "root \<rightarrow>\<^sup>*\<^bsub>T\<^esub> u"
+ using \<open>u \<rightarrow>\<^sup>*\<^bsub>T\<^esub> v\<close> reachable_from_root reachable_in_verts(1) by auto
+ ultimately show ?thesis
+ using \<open>u \<rightarrow>\<^sup>*\<^bsub>T\<^esub> v\<close> sp_append2 ereal_le_add_self2 by auto
+qed
+
+lemma depth_lowerB: "v \<in> verts T \<Longrightarrow> depth w \<ge> \<mu> w root v"
+proof -
+ assume "v \<in> verts T"
+ then have "\<mu> w root v \<in> {\<mu> w root v|v. v \<in> verts T}" by auto
+ then show "depth w \<ge> \<mu> w root v"
+ unfolding depth_def by (simp add: Sup_upper)
+qed
+
+lemma depth_upperB: "\<forall>v \<in> verts T. \<mu> w root v \<le> d \<Longrightarrow> depth w \<le> d"
+proof -
+ assume "\<forall>v \<in> verts T. \<mu> w root v \<le> d"
+ then have "\<forall>x \<in> {\<mu> w root v |v. v \<in> verts T}. x \<le> d"
+ by auto
+ then show ?thesis
+ unfolding depth_def using Sup_least by fast
+qed
+
+text \<open>
+This relation between depth of a tree and its diameter is later used to establish the
+correctness of the diameter estimate.
+\<close>
+lemma depth_eq_fin_dia: "fin_digraph T \<Longrightarrow> depth w = fin_diameter w"
+proof -
+ assume "fin_digraph T"
+ have "\<forall>v \<in> verts T. \<mu> w root v < \<infinity>"
+ using \<mu>_reach_conv reachable_from_root by blast
+ then have "{\<mu> w root v|v. v \<in> verts T} \<subseteq> fin_sp_costs w"
+ unfolding fin_sp_costs_def using root_in_T by blast
+ then have "depth w \<le> fin_diameter w"
+ unfolding depth_def fin_diameter_def by (simp add: Sup_subset_mono)
+ moreover
+ have "\<not> depth w < fin_diameter w"
+ proof
+ assume "depth w < fin_diameter w"
+ obtain u v where "\<mu> w u v = fin_diameter w" "u \<in> verts T" "v \<in> verts T"
+ using fin_digraph.ex_sp_eq_fin_dia[OF \<open>fin_digraph T\<close> non_empty] by blast
+ then have "u \<rightarrow>\<^sup>*\<^bsub>T\<^esub> v"
+ by (metis \<mu>_reach_conv fin_digraph.fin_diameter_finite[OF \<open>fin_digraph T\<close>])
+ then have "\<mu> w u v \<le> \<mu> w root v" using sp_from_root_le by blast
+ also have "\<dots> \<le> depth w" using depth_lowerB[OF \<open>v \<in> verts T\<close>] by simp
+ finally have "fin_diameter w \<le> depth w"
+ using \<open>\<mu> w u v = fin_diameter w\<close> by simp
+ with \<open>depth w < fin_diameter w\<close> show False by simp
+ qed
+ ultimately show ?thesis by simp
+qed
+
+end
+
+end
+
+section \<open>Subgraph locale\<close>
+
+locale subgraph =
+ G: wf_digraph G for T G +
+assumes
+ sub_G: "subgraph T G"
+begin
+
+sublocale wf_digraph T
+ using sub_G unfolding subgraph_def by blast
+
+lemma awalk_sub_imp_awalk:
+ "awalk a p b \<Longrightarrow> G.awalk a p b"
+ using G.subgraph_awalk_imp_awalk sub_G by force
+
+end
+
+section \<open>Partial shortest path three\<close>
+
+locale psp_tree =
+ directed_tree T source + subgraph T G for G T w source n +
+ assumes
+ source_in_G: "source \<in> verts G" and
+ partial: "G.n_nearest_verts w source n (verts T)" and
+ sp: "u \<in> verts T \<Longrightarrow> \<mu> w source u = G.\<mu> w source u"
+begin
+
+text \<open>
+Here we formalize the notion of a partial shortest path tree. This is a shortest path tree where
+only the @{term n} nearest nodes in the graph @{term G} are explored.
+Consequently, a partial shortest path tree is a subtree of the complete shortest path tree.
+We can obtain the complete shortest path tree by choosing n to be larger than the cardinality
+of the graph @{term G}.
+\<close>
+
+sublocale fin_digraph T
+proof(unfold_locales)
+ show "finite (verts T)" using G.nnvs_finite[OF partial] .
+ from verts_finite_imp_arcs_finite[OF this] show "finite (arcs T)" .
+qed
+
+lemma card_verts_le: "card (verts T) \<le> Suc n"
+ using G.nnvs_card_le_n partial by auto
+
+lemma reachable_subs: "{x. r \<rightarrow>\<^sup>*\<^bsub>T\<^esub> x} \<subseteq> {x. r \<rightarrow>\<^sup>*\<^bsub>G\<^esub> x}"
+ by (simp add: Collect_mono G.reachable_mono sub_G)
+
+text \<open>The following lemma proves that we explore all nodes if we set @{term n} large enough.\<close>
+lemma sp_tree:
+ assumes "fin_digraph G"
+ assumes card_reachable: "Suc n \<ge> card {x. source \<rightarrow>\<^sup>*\<^bsub>G\<^esub> x}"
+ shows "verts T = {x. source \<rightarrow>\<^sup>*\<^bsub>G\<^esub> x}"
+ using fin_digraph.nnvs_imp_all_reachable_Suc[OF \<open>fin_digraph G\<close> partial card_reachable] .
+
+corollary sp_tree2:
+ assumes "fin_digraph G"
+ assumes "Suc n \<ge> card (verts G)"
+ shows "verts T = {x. source \<rightarrow>\<^sup>*\<^bsub>G\<^esub> x}"
+proof -
+ have "{x. source \<rightarrow>\<^sup>*\<^bsub>G\<^esub> x} \<subseteq> verts G"
+ using source_in_G G.reachable_in_verts(2) by blast
+ then have "Suc n \<ge> card {x. source \<rightarrow>\<^sup>*\<^bsub>G\<^esub> x}"
+ using \<open>Suc n \<ge> card (verts G)\<close> fin_digraph.finite_verts[OF \<open>fin_digraph G\<close>]
+ by (meson card_mono dual_order.trans)
+ from sp_tree[OF \<open>fin_digraph G\<close> this] show ?thesis .
+qed
+
+lemma strongly_con_imp_card_verts_eq:
+ assumes "fin_digraph G"
+ assumes "strongly_connected G"
+ assumes card_verts: "Suc n \<le> card (verts G)"
+ shows "card (verts T) = Suc n"
+proof -
+ have verts_G: "verts G = {x. source \<rightarrow>\<^sup>*\<^bsub>G\<^esub> x}"
+ using G.strongly_con_imp_reachable_eq_verts
+ [OF source_in_G \<open>strongly_connected G\<close>, symmetric] .
+ with card_verts have "Suc n \<le> card {x. source \<rightarrow>\<^sup>*\<^bsub>G\<^esub> x}" by simp
+
+ from fin_digraph.nnvs_imp_reachable[OF \<open>fin_digraph G\<close> partial this]
+ show ?thesis by blast
+qed
+
+lemma depth_fin_dia_lB:
+ assumes "\<forall>e \<in> arcs G. w e \<ge> 0"
+ shows "depth w \<le> G.fin_diameter w"
+proof(rule ccontr)
+ assume "\<not> depth w \<le> G.fin_diameter w"
+ then have "depth w > G.fin_diameter w"
+ by auto
+ then have "\<exists>v \<in> verts T. \<mu> w source v > G.fin_diameter w"
+ unfolding depth_def by (auto simp: less_Sup_iff)
+ then obtain v where v: "v \<in> verts T" "v \<in> verts G" "\<mu> w source v > G.fin_diameter w"
+ using sub_G by blast
+ moreover
+ have "\<mu> w source v < \<infinity>"
+ using reachable_from_root \<mu>_reach_conv v(1) by blast
+ ultimately show "False"
+ using source_in_G G.fin_dia_lowerB[OF source_in_G \<open>v \<in> verts G\<close>] sp v
+ by (simp add: leD)
+qed
+
+end
+
+end
\ No newline at end of file
diff --git a/thys/Query_Optimization/document/root.bib b/thys/Query_Optimization/document/root.bib
new file mode 100644
--- /dev/null
+++ b/thys/Query_Optimization/document/root.bib
@@ -0,0 +1,162 @@
+@article{Ibaraki,
+ author = {Toshihide Ibaraki and
+ Tiko Kameda},
+ title = {On the Optimal Nesting Order for Computing N-Relational Joins},
+ journal = {{ACM} Trans. Database Syst.},
+ volume = {9},
+ number = {3},
+ pages = {482--502},
+ year = {1984},
+ url = {https://doi.org/10.1145/1270.1498},
+ doi = {10.1145/1270.1498},
+ timestamp = {Tue, 06 Nov 2018 12:51:47 +0100},
+ biburl = {https://dblp.org/rec/journals/tods/IbarakiK84.bib},
+ bibsource = {dblp computer science bibliography, https://dblp.org}
+}
+
+@inproceedings{Nonrecursive,
+ author = {Ravi Krishnamurthy and
+ Haran Boral and
+ Carlo Zaniolo},
+ title = {Optimization of Nonrecursive Queries},
+ booktitle = {VLDB'86 Twelfth International Conference on Very Large Data Bases,
+ August 25-28, 1986, Kyoto, Japan, Proceedings},
+ pages = {128--137},
+ year = {1986},
+ crossref = {DBLP:conf/vldb/86},
+ url = {http://www.vldb.org/conf/1986/P128.PDF},
+ timestamp = {Wed, 29 Mar 2017 16:45:23 +0200},
+ biburl = {https://dblp.org/rec/conf/vldb/KrishnamurthyBZ86.bib},
+ bibsource = {dblp computer science bibliography, https://dblp.org}
+}
+
+@proceedings{DBLP:conf/vldb/86,
+ editor = {Wesley W. Chu and
+ Georges Gardarin and
+ Setsuo Ohsuga and
+ Yahiko Kambayashi},
+ title = {VLDB'86 Twelfth International Conference on Very Large Data Bases,
+ August 25-28, 1986, Kyoto, Japan, Proceedings},
+ publisher = {Morgan Kaufmann},
+ year = {1986},
+ isbn = {0-934613-18-4},
+ timestamp = {Tue, 10 Aug 2021 14:51:32 +0200},
+ biburl = {https://dblp.org/rec/conf/vldb/86.bib},
+ bibsource = {dblp computer science bibliography, https://dblp.org}
+}
+
+@online{QueryCompilers,
+ author = {Guido Moerkotte},
+ title = {Building Query Compilers},
+ year = {2020},
+ url = {https://pi3.informatik.uni-mannheim.de/~moer/querycompiler.pdf},
+ urldate = {2021-12-20},
+ timestamp = {Mon, 20 Dec 2021 12:04:47 +0100}
+}
+
+@inproceedings{QueryOptimizationOverview,
+ author = {Surajit Chaudhuri},
+ editor = {Alberto O. Mendelzon and
+ Jan Paredaens},
+ title = {An Overview of Query Optimization in Relational Systems},
+ booktitle = {Proceedings of the Seventeenth {ACM} {SIGACT-SIGMOD-SIGART} Symposium
+ on Principles of Database Systems, June 1-3, 1998, Seattle, Washington,
+ {USA}},
+ pages = {34--43},
+ publisher = {{ACM} Press},
+ year = {1998},
+ url = {https://doi.org/10.1145/275487.275492},
+ doi = {10.1145/275487.275492},
+ timestamp = {Thu, 15 Nov 2018 10:37:42 +0100},
+ biburl = {https://dblp.org/rec/conf/pods/Chaudhuri98.bib},
+ bibsource = {dblp computer science bibliography, https://dblp.org}
+}
+
+@online{ShortestDiameter,
+ title = {Fast Diameter Estimation},
+ author = {Lukas Stevens and Mohammad Abdulaziz},
+ urldate = {2022-02-04},
+ url = {https://gitlab.lrz.de/ls21/lukas-stevens/fast-diameter-estimation},
+}
+
+@online{QueryOptimization,
+ title = {Query Optimization Lecture},
+ author = {Thomas Neumann and Bernhard Radke},
+ urldate = {2021-12-22},
+ url = {https://db.in.tum.de/teaching/ws2021/queryopt/},
+}
+
+@online{QueryOptimization-Slide,
+ title = {Query Optimization Lecture - Chapter 3},
+ author = {Thomas Neumann and Bernhard Radke},
+ urldate = {2021-12-22},
+ url = {https://db.in.tum.de/teaching/ws2021/queryopt/slides/chapter3.pdf},
+}
+
+@article{Graph_Theory-AFP,
+ author = {Lars Noschinski},
+ title = {Graph Theory},
+ journal = {Archive of Formal Proofs},
+ month = apr,
+ year = 2013,
+ note = {\url{https://isa-afp.org/entries/Graph_Theory.html},
+ Formal proof development},
+ ISSN = {2150-914x},
+}
+
+@book{Isabelle-Paper,
+ author = {Lawrence C. Paulson},
+ title = {Isabelle - {A} Generic Theorem Prover},
+ series = {Lecture Notes in Computer Science},
+ volume = {828},
+ publisher = {Springer},
+ year = {1994},
+ url = {https://doi.org/10.1007/BFb0030541},
+ doi = {10.1007/BFb0030541},
+ isbn = {3-540-58244-4},
+ timestamp = {Tue, 14 May 2019 10:00:35 +0200},
+ biburl = {https://dblp.org/rec/books/sp/Paulson94.bib},
+ bibsource = {dblp computer science bibliography, https://dblp.org}
+}
+
+@inproceedings{goo,
+ author = {Leonidas Fegaras},
+ editor = {Gerald Quirchmayr and
+ Erich Schweighofer and
+ Trevor J. M. Bench{-}Capon},
+ title = {A New Heuristic for Optimizing Large Queries},
+ booktitle = {Database and Expert Systems Applications, 9th International Conference,
+ {DEXA} '98, Vienna, Austria, August 24-28, 1998, Proceedings},
+ series = {Lecture Notes in Computer Science},
+ volume = {1460},
+ pages = {726--735},
+ publisher = {Springer},
+ year = {1998},
+ url = {https://doi.org/10.1007/BFb0054528},
+ doi = {10.1007/BFb0054528},
+ timestamp = {Tue, 14 May 2019 10:00:46 +0200},
+ biburl = {https://dblp.org/rec/conf/dexa/Fegaras98.bib},
+ bibsource = {dblp computer science bibliography, https://dblp.org}
+}
+
+@online{progprove,
+ title = {Programming and Proving in Isabelle/HOL},
+ author = {Tobias Nipkow},
+ year = 2021,
+ urldate = {2022-02-07},
+ url = {https://isabelle.in.tum.de/dist/Isabelle2021-1/doc/prog-prove.pdf},
+}
+
+@online{locales,
+ title = {Tutorial to Locales and Locale Interpretation},
+ author = {Clemens Ballarin},
+ urldate = {2022-02-07},
+ url = {https://isabelle.in.tum.de/dist/Isabelle2021-1/doc/locales.pdf},
+}
+
+@online{functions,
+ title = {Defining Recursive Functions in Isabelle/HOL},
+ author = {Alexander Krauss},
+ urldate = {2022-02-08},
+ url = {https://isabelle.in.tum.de/dist/Isabelle2021-1/doc/functions.pdf},
+}
\ No newline at end of file
diff --git a/thys/Query_Optimization/document/root.tex b/thys/Query_Optimization/document/root.tex
new file mode 100644
--- /dev/null
+++ b/thys/Query_Optimization/document/root.tex
@@ -0,0 +1,69 @@
+\documentclass[11pt,a4paper]{article}
+\usepackage{isabelle,isabellesym}
+\usepackage{amssymb}
+
+% further packages required for unusual symbols (see also
+% isabellesym.sty), use only when needed
+
+%\usepackage{amssymb}
+ %for \<leadsto>, \<box>, \<diamond>, \<sqsupset>, \<mho>, \<Join>,
+ %\<lhd>, \<lesssim>, \<greatersim>, \<lessapprox>, \<greaterapprox>,
+ %\<triangleq>, \<yen>, \<lozenge>
+
+%\usepackage{eurosym}
+ %for \<euro>
+
+%\usepackage[only,bigsqcap]{stmaryrd}
+ %for \<Sqinter>
+
+%\usepackage{eufrak}
+ %for \<AA> ... \<ZZ>, \<aa> ... \<zz> (also included in amssymb)
+
+%\usepackage{textcomp}
+ %for \<onequarter>, \<onehalf>, \<threequarters>, \<degree>, \<cent>,
+ %\<currency>
+
+% this should be the last package used
+\usepackage{pdfsetup}
+
+% urls in roman style, theory text in math-similar italics
+\urlstyle{rm}
+\isabellestyle{it}
+
+% for uniform font size
+%\renewcommand{\isastyle}{\isastyleminor}
+
+
+\begin{document}
+
+\title{Verification of Query Optimization Algorithms}
+\author{Bernhard Stöckl}
+\maketitle
+
+\begin{abstract}
+ This formalization includes a general framework for query optimization consisting of the definitions of
+ selectivities, query graphs, join trees, and cost functions. Furthermore, it implements the join ordering
+ algorithm IKKBZ using these definitions. It verifies the correctness of these definitions and proves that IKKBZ
+ produces an optimal solution within a restricted solution space.
+
+\end{abstract}
+
+\tableofcontents
+
+% sane default for proof documents
+\parindent 0pt\parskip 0.5ex
+
+% generated text of all theories
+\input{session}
+
+% optional bibliography
+\nocite{*}
+\bibliographystyle{abbrv}
+\bibliography{root}
+
+\end{document}
+
+%%% Local Variables:
+%%% mode: latex
+%%% TeX-master: t
+%%% End:
\ No newline at end of file
diff --git a/thys/ROOTS b/thys/ROOTS
--- a/thys/ROOTS
+++ b/thys/ROOTS
@@ -1,709 +1,710 @@
ADS_Functor
AI_Planning_Languages_Semantics
AODV
AVL-Trees
AWN
Abortable_Linearizable_Modules
Abs_Int_ITP2012
Abstract-Hoare-Logics
Abstract-Rewriting
Abstract_Completeness
Abstract_Soundness
Ackermanns_not_PR
Actuarial_Mathematics
Adaptive_State_Counting
Affine_Arithmetic
Aggregation_Algebras
Akra_Bazzi
Algebraic_Numbers
Algebraic_VCs
Allen_Calculus
Amicable_Numbers
Amortized_Complexity
AnselmGod
Applicative_Lifting
Approximation_Algorithms
Architectural_Design_Patterns
Aristotles_Assertoric_Syllogistic
Arith_Prog_Rel_Primes
ArrowImpossibilityGS
Attack_Trees
Auto2_HOL
Auto2_Imperative_HOL
AutoFocus-Stream
Automated_Stateful_Protocol_Verification
Automatic_Refinement
AxiomaticCategoryTheory
BDD
BD_Security_Compositional
BNF_CC
BNF_Operations
BTree
Banach_Steinhaus
Belief_Revision
Bell_Numbers_Spivey
BenOr_Kozen_Reif
Berlekamp_Zassenhaus
Bernoulli
Bertrands_Postulate
Bicategory
BinarySearchTree
Binding_Syntax_Theory
Binomial-Heaps
Binomial-Queues
BirdKMP
Blue_Eyes
Bondy
Boolean_Expression_Checkers
Boolos_Curious_Inference
Bounded_Deducibility_Security
Buchi_Complementation
Budan_Fourier
Buffons_Needle
Buildings
BytecodeLogicJmlTypes
C2KA_DistributedSystems
CAVA_Automata
CAVA_LTL_Modelchecker
CCS
CISC-Kernel
CRYSTALS-Kyber
CRDT
CSP_RefTK
CYK
CZH_Elementary_Categories
CZH_Foundations
CZH_Universal_Constructions
CakeML
CakeML_Codegen
Call_Arity
Card_Equiv_Relations
Card_Multisets
Card_Number_Partitions
Card_Partitions
Cartan_FP
Case_Labeling
Catalan_Numbers
Category
Category2
Category3
Cauchy
Cayley_Hamilton
Certification_Monads
Chandy_Lamport
Chord_Segments
Circus
Clean
Clique_and_Monotone_Circuits
ClockSynchInst
Closest_Pair_Points
CoCon
CoSMeDis
CoSMed
CofGroups
Coinductive
Coinductive_Languages
Collections
Combinable_Wands
Combinatorics_Words
Combinatorics_Words_Graph_Lemma
Combinatorics_Words_Lyndon
Commuting_Hermitian
Comparison_Sort_Lower_Bound
Compiling-Exceptions-Correctly
Complete_Non_Orders
Completeness
Complex_Bounded_Operators
Complex_Geometry
Complx
ComponentDependencies
ConcurrentGC
ConcurrentIMP
Concurrent_Ref_Alg
Concurrent_Revisions
Conditional_Simplification
Conditional_Transfer_Rule
Consensus_Refined
Constructive_Cryptography
Constructive_Cryptography_CM
Constructor_Funs
Containers
CoreC++
Core_DOM
Core_SC_DOM
Correctness_Algebras
Cotangent_PFD_Formula
Count_Complex_Roots
CryptHOL
CryptoBasedCompositionalProperties
Cubic_Quartic_Equations
DFS_Framework
DOM_Components
DPT-SAT-Solver
DataRefinementIBP
Datatype_Order_Generator
Decl_Sem_Fun_PL
Decreasing-Diagrams
Decreasing-Diagrams-II
Dedekind_Real
Deep_Learning
Delta_System_Lemma
Density_Compiler
Dependent_SIFUM_Refinement
Dependent_SIFUM_Type_Systems
Depth-First-Search
Derangements
Deriving
Descartes_Sign_Rule
Design_Theory
Dict_Construction
Differential_Dynamic_Logic
Differential_Game_Logic
Digit_Expansions
Dijkstra_Shortest_Path
Diophantine_Eqns_Lin_Hom
Dirichlet_L
Dirichlet_Series
DiscretePricing
Discrete_Summation
DiskPaxos
Dominance_CHK
DPRM_Theorem
DynamicArchitectures
Dynamic_Tables
E_Transcendental
Echelon_Form
EdmondsKarp_Maxflow
Efficient-Mergesort
Elliptic_Curves_Group_Law
Encodability_Process_Calculi
Epistemic_Logic
Equivalence_Relation_Enumeration
Ergodic_Theory
Error_Function
Euler_MacLaurin
Euler_Partition
Eval_FO
Example-Submission
Extended_Finite_State_Machine_Inference
Extended_Finite_State_Machines
FFT
FLP
FOL-Fitting
FOL_Axiomatic
FOL_Harrison
FOL_Seq_Calc1
FOL_Seq_Calc2
FOL_Seq_Calc3
FSM_Tests
Factor_Algebraic_Polynomial
Factored_Transition_System_Bounding
Falling_Factorial_Sum
Farkas
FeatherweightJava
Featherweight_OCL
Fermat3_4
FileRefinement
FinFun
Finger-Trees
Finite-Map-Extras
Finite_Automata_HF
Finite_Fields
Finitely_Generated_Abelian_Groups
First_Order_Terms
First_Welfare_Theorem
Fishburn_Impossibility
Fisher_Yates
Fishers_Inequality
Flow_Networks
Floyd_Warshall
Flyspeck-Tame
FocusStreamsCaseStudies
Forcing
Formal_Puiseux_Series
Formal_SSA
Formula_Derivatives
Foundation_of_geometry
Fourier
FO_Theory_Rewriting
Free-Boolean-Algebra
Free-Groups
Frequency_Moments
Fresh_Identifiers
FunWithFunctions
FunWithTilings
Functional-Automata
Functional_Ordered_Resolution_Prover
Furstenberg_Topology
GPU_Kernel_PL
Gabow_SCC
GaleStewart_Games
Gale_Shapley
Game_Based_Crypto
Gauss-Jordan-Elim-Fun
Gauss_Jordan
Gauss_Sums
Gaussian_Integers
GenClock
General-Triangle
Generalized_Counting_Sort
Generic_Deriving
Generic_Join
GewirthPGCProof
Girth_Chromatic
GoedelGod
Goedel_HFSet_Semantic
Goedel_HFSet_Semanticless
Goedel_Incompleteness
Goodstein_Lambda
GraphMarkingIBP
Graph_Saturation
Graph_Theory
Green
Groebner_Bases
Groebner_Macaulay
Gromov_Hyperbolicity
Grothendieck_Schemes
Group-Ring-Module
HOL-CSP
HOLCF-Prelude
HRB-Slicing
Hahn_Jordan_Decomposition
Hales_Jewett
Heard_Of
Hello_World
HereditarilyFinite
Hermite
Hermite_Lindemann
Hidden_Markov_Models
Higher_Order_Terms
Hoare_Time
Hood_Melville_Queue
HotelKeyCards
Huffman
Hybrid_Logic
Hybrid_Multi_Lane_Spatial_Logic
Hybrid_Systems_VCs
HyperCTL
Hyperdual
IEEE_Floating_Point
IFC_Tracking
IMAP-CRDT
IMO2019
IMP2
IMP2_Binary_Heap
IMP_Compiler
IMP_Compiler_Reuse
IP_Addresses
Imperative_Insertion_Sort
Implicational_Logic
Impossible_Geometry
Incompleteness
Incredible_Proof_Machine
Independence_CH
Inductive_Confidentiality
Inductive_Inference
InfPathElimination
InformationFlowSlicing
InformationFlowSlicing_Inter
Integration
Interpolation_Polynomials_HOL_Algebra
Interpreter_Optimizations
Interval_Arithmetic_Word32
Intro_Dest_Elim
Involutions2Squares
Iptables_Semantics
Irrational_Series_Erdos_Straus
Irrationality_J_Hancl
Irrationals_From_THEBOOK
IsaGeoCoq
Isabelle_C
Isabelle_Marries_Dirac
Isabelle_Meta_Model
IsaNet
Jacobson_Basic_Algebra
Jinja
JinjaDCI
JinjaThreads
JiveDataStoreModel
Jordan_Hoelder
Jordan_Normal_Form
KAD
KAT_and_DRA
KBPs
KD_Tree
Key_Agreement_Strong_Adversaries
Khovanskii_Theorem
Kleene_Algebra
Knights_Tour
Knot_Theory
Knuth_Bendix_Order
Knuth_Morris_Pratt
Koenigsberg_Friendship
Kruskal
Kuratowski_Closure_Complement
LLL_Basis_Reduction
LLL_Factorization
LOFT
LTL
LTL_Master_Theorem
LTL_Normal_Form
LTL_to_DRA
LTL_to_GBA
Lam-ml-Normalization
LambdaAuth
LambdaMu
Lambda_Free_EPO
Lambda_Free_KBOs
Lambda_Free_RPOs
Lambert_W
Landau_Symbols
Laplace_Transform
Latin_Square
LatticeProperties
Launchbury
Laws_of_Large_Numbers
Lazy-Lists-II
Lazy_Case
Lehmer
Lifting_Definition_Option
Lifting_the_Exponent
LightweightJava
LinearQuantifierElim
Linear_Inequalities
Linear_Programming
Linear_Recurrences
Liouville_Numbers
List-Index
List-Infinite
List_Interleaving
List_Inversions
List_Update
LocalLexing
Localization_Ring
Locally-Nameless-Sigma
Logging_Independent_Anonymity
Lowe_Ontological_Argument
Lower_Semicontinuous
Lp
LP_Duality
Lucas_Theorem
MDP-Algorithms
MDP-Rewards
MFMC_Countable
MFODL_Monitor_Optimized
MFOTL_Monitor
MSO_Regex_Equivalence
Markov_Models
Marriage
Mason_Stothers
Matrices_for_ODEs
Matrix
Matrix_Tensor
Matroids
Maximum_Segment_Sum
Max-Card-Matching
Median_Method
Median_Of_Medians_Selection
Menger
Mereology
Mersenne_Primes
Metalogic_ProofChecker
MiniML
MiniSail
Minimal_SSA
Minkowskis_Theorem
Minsky_Machines
Modal_Logics_for_NTS
Modular_Assembly_Kit_Security
Modular_arithmetic_LLL_and_HNF_algorithms
Monad_Memo_DP
Monad_Normalisation
MonoBoolTranAlgebra
MonoidalCategory
Monomorphic_Monad
MuchAdoAboutTwo
Multiset_Ordering_NPC
Multi_Party_Computation
Multirelations
Myhill-Nerode
Name_Carrying_Type_Inference
Nano_JSON
Nash_Williams
Nat-Interval-Logic
Native_Word
Nested_Multisets_Ordinals
Network_Security_Policy_Verification
Neumann_Morgenstern_Utility
No_FTL_observers
Nominal2
Noninterference_CSP
Noninterference_Concurrent_Composition
Noninterference_Generic_Unwinding
Noninterference_Inductive_Unwinding
Noninterference_Ipurge_Unwinding
Noninterference_Sequential_Composition
NormByEval
Nullstellensatz
Number_Theoretic_Transform
Octonions
OpSets
Open_Induction
Optics
Optimal_BST
Orbit_Stabiliser
Order_Lattice_Props
Ordered_Resolution_Prover
Ordinal
Ordinal_Partitions
Ordinals_and_Cardinals
Ordinary_Differential_Equations
PAC_Checker
Package_logic
PAL
PCF
PLM
POPLmark-deBruijn
PSemigroupsConvolution
Padic_Ints
Padic_Field
Pairing_Heap
Paraconsistency
Parity_Game
Partial_Function_MR
Partial_Order_Reduction
Password_Authentication_Protocol
Pell
Perfect-Number-Thm
Perron_Frobenius
Physical_Quantities
Pi_Calculus
Pi_Transcendental
Planarity_Certificates
Pluennecke_Ruzsa_Inequality
Poincare_Bendixson
Poincare_Disc
Polynomial_Factorization
Polynomial_Interpolation
Polynomials
Pop_Refinement
Posix-Lexing
Possibilistic_Noninterference
Power_Sum_Polynomials
Pratt_Certificate
Prefix_Free_Code_Combinators
Presburger-Automata
Prim_Dijkstra_Simple
Prime_Distribution_Elementary
Prime_Harmonic_Series
Prime_Number_Theorem
Priority_Queue_Braun
Priority_Search_Trees
Probabilistic_Noninterference
Probabilistic_Prime_Tests
Probabilistic_System_Zoo
Probabilistic_Timed_Automata
Probabilistic_While
Program-Conflict-Analysis
Progress_Tracking
Projective_Geometry
Projective_Measurements
Promela
Proof_Strategy_Language
PropResPI
Propositional_Proof_Systems
Prpu_Maxflow
PseudoHoops
Psi_Calculi
Ptolemys_Theorem
Public_Announcement_Logic
QHLProver
QR_Decomposition
Quantales
Quasi_Borel_Spaces
Quaternions
+Query_Optimization
Quick_Sort_Cost
RIPEMD-160-SPARK
ROBDD
RSAPSS
Ramsey-Infinite
Random_BSTs
Random_Graph_Subgraph_Threshold
Randomised_BSTs
Randomised_Social_Choice
Rank_Nullity_Theorem
Real_Impl
Real_Power
Real_Time_Deque
Recursion-Addition
Recursion-Theory-I
Refine_Imperative_HOL
Refine_Monadic
RefinementReactive
Regex_Equivalence
Registers
Regression_Test_Selection
Regular-Sets
Regular_Algebras
Regular_Tree_Relations
Relation_Algebra
Relational-Incorrectness-Logic
Relational_Disjoint_Set_Forests
Relational_Forests
Relational_Method
Relational_Minimum_Spanning_Trees
Relational_Paths
Rep_Fin_Groups
ResiduatedTransitionSystem
Residuated_Lattices
Resolution_FOL
Rewrite_Properties_Reduction
Rewriting_Z
Ribbon_Proofs
Risk_Free_Lending
Robbins-Conjecture
Robinson_Arithmetic
Root_Balanced_Tree
Roth_Arithmetic_Progressions
Routing
Roy_Floyd_Warshall
SATSolverVerification
SC_DOM_Components
SDS_Impossibility
SIFPL
SIFUM_Type_Systems
SPARCv8
Safe_Distance
Safe_OCL
Safe_Range_RC
Saturation_Framework
Saturation_Framework_Extensions
SCC_Bloemen_Sequential
Schutz_Spacetime
Secondary_Sylow
Security_Protocol_Refinement
Selection_Heap_Sort
SenSocialChoice
Separata
Separation_Algebra
Separation_Logic_Imperative_HOL
Separation_Logic_Unbounded
SequentInvertibility
Shadow_DOM
Shadow_SC_DOM
Shivers-CFA
ShortestPath
Show
Sigma_Commit_Crypto
Signature_Groebner
Simpl
Simple_Firewall
Simplex
Simplicial_complexes_and_boolean_functions
SimplifiedOntologicalArgument
Skew_Heap
Skip_Lists
Slicing
Sliding_Window_Algorithm
Smith_Normal_Form
Smooth_Manifolds
Sophomores_Dream
Solidity
Sort_Encodings
Source_Coding_Theorem
SpecCheck
Special_Function_Bounds
Splay_Tree
Sqrt_Babylonian
Stable_Matching
Stalnaker_Logic
Statecharts
Stateful_Protocol_Composition_and_Typing
Stellar_Quorums
Stern_Brocot
Stewart_Apollonius
Stirling_Formula
Stochastic_Matrices
Stone_Algebras
Stone_Kleene_Relation_Algebras
Stone_Relation_Algebras
Store_Buffer_Reduction
Stream-Fusion
Stream_Fusion_Code
Strong_Security
Sturm_Sequences
Sturm_Tarski
Stuttering_Equivalence
Subresultants
Subset_Boolean_Algebras
SumSquares
Sunflowers
SuperCalc
Surprise_Paradox
Symmetric_Polynomials
Syntax_Independent_Logic
Szemeredi_Regularity
Szpilrajn
TESL_Language
TLA
Tail_Recursive_Functions
Tarskis_Geometry
Taylor_Models
Three_Circles
Timed_Automata
Topological_Semantics
Topology
TortoiseHare
Transcendence_Series_Hancl_Rucki
Transformer_Semantics
Transition_Systems_and_Automata
Transitive-Closure
Transitive-Closure-II
Transitive_Models
Treaps
Tree-Automata
Tree_Decomposition
Triangle
Trie
Twelvefold_Way
Tycon
Types_Tableaus_and_Goedels_God
Types_To_Sets_Extension
UPF
UPF_Firewall
UTP
Undirected_Graph_Theory
Universal_Hash_Families
Universal_Turing_Machine
UpDown_Scheme
Valuation
Van_Emde_Boas_Trees
Van_der_Waerden
VectorSpace
VeriComp
Verified-Prover
Verified_SAT_Based_AI_Planning
VerifyThis2018
VerifyThis2019
Vickrey_Clarke_Groves
Virtual_Substitution
VolpanoSmith
VYDRA_MDL
WHATandWHERE_Security
WOOT_Strong_Eventual_Consistency
WebAssembly
Weight_Balanced_Trees
Weighted_Arithmetic_Geometric_Mean
Weighted_Path_Order
Well_Quasi_Orders
Wetzels_Problem
Winding_Number_Eval
Word_Lib
WorkerWrapper
X86_Semantics
XML
Youngs_Inequality
ZFC_in_HOL
Zeta_3_Irrational
Zeta_Function
pGCL
diff --git a/web/authors/index.html b/web/authors/index.html
--- a/web/authors/index.html
+++ b/web/authors/index.html
@@ -1,954 +1,956 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><meta property="og:title" content="Authors" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Authors"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon"><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>A</span>uthors</h1>
<div>
</div>
</header><div>
<table class="entries">
<tbody>
<tr>
<td>
<ul>
<li><a href="../authors/abdulaziz/">Mohammad Abdulaziz</a></li>
<li><a href="../authors/adelsberger/">Stephan Adelsberger</a></li>
<li><a href="../authors/aehlig/">Klaus Aehlig</a></li>
<li><a href="../authors/aissat/">Romain Aissat</a></li>
<li><a href="../authors/amani/">Sidney Amani</a></li>
<li><a href="../authors/ammer/">Thomas Ammer</a></li>
<li><a href="../authors/andronick/">June Andronick</a></li>
<li><a href="../authors/aransay/">Jesús Aransay</a></li>
<li><a href="../authors/argyraki/">Angeliki Koutsoukou-Argyraki</a></li>
<li><a href="../authors/armstrong/">Alasdair Armstrong</a></li>
<li><a href="../authors/aspinall/">David Aspinall</a></li>
<li><a href="../authors/ausaf/">Fahad Ausaf</a></li>
<li><a href="../authors/avigad/">Jeremy Avigad</a></li>
<li><a href="../authors/back/">Ralph-Johan Back</a></li>
<li><a href="../authors/balbach/">Frank J. Balbach</a></li>
<li><a href="../authors/ballarin/">Clemens Ballarin</a></li>
<li><a href="../authors/barsotti/">Damián Barsotti</a></li>
<li><a href="../authors/bauer/">Gertrud Bauer</a></li>
<li><a href="../authors/bauereiss/">Thomas Bauereiss</a></li>
<li><a href="../authors/bayer/">Jonas Bayer</a></li>
<li><a href="../authors/becker/">Heiko Becker</a></li>
<li><a href="../authors/beeren/">Joel Beeren</a></li>
<li><a href="../authors/bella/">Giampaolo Bella</a></li>
<li><a href="../authors/bengtson/">Jesper Bengtson</a></li>
<li><a href="../authors/bentkamp/">Alexander Bentkamp</a></li>
<li><a href="../authors/benzmueller/">Christoph Benzmüller</a></li>
<li><a href="../authors/beresford/">Alastair R. Beresford</a></li>
<li><a href="../authors/berghofer/">Stefan Berghofer</a></li>
<li><a href="../authors/beringer/">Lennart Beringer</a></li>
<li><a href="../authors/bharadwaj/">Abhijith Bharadwaj</a></li>
<li><a href="../authors/bhatt/">Bhargav Bhatt</a></li>
<li><a href="../authors/biendarra/">Julian Biendarra</a></li>
<li><a href="../authors/bisping/">Benjamin Bisping</a></li>
<li><a href="../authors/blanchette/">Jasmin Christian Blanchette</a></li>
<li><a href="../authors/blasum/">Holger Blasum</a></li>
<li><a href="../authors/blumson/">Ben Blumson</a></li>
<li><a href="../authors/bockenek/">Joshua Bockenek</a></li>
<li><a href="../authors/boehme/">Sascha Böhme</a></li>
<li><a href="../authors/bohrer/">Rose Bohrer</a></li>
<li><a href="../authors/bordg/">Anthony Bordg</a></li>
<li><a href="../authors/borgstroem/">Johannes Borgström</a></li>
<li><a href="../authors/bortin/">Maksym Bortin</a></li>
<li><a href="../authors/bottesch/">Ralph Bottesch</a></li>
<li><a href="../authors/boulanger/">Frédéric Boulanger</a></li>
<li><a href="../authors/bourke/">Timothy Bourke</a></li>
<li><a href="../authors/boutry/">Pierre Boutry</a></li>
<li><a href="../authors/boyton/">Andrew Boyton</a></li>
<li><a href="../authors/bracevac/">Oliver Bračevac</a></li>
<li><a href="../authors/brandt/">Felix Brandt</a></li>
<li><a href="../authors/breitner/">Joachim Breitner</a></li>
<li><a href="../authors/brien/">Nicolas Robinson-O&#39;Brien</a></li>
<li><a href="../authors/brinkop/">Hauke Brinkop</a></li>
<li><a href="../authors/brodmann/">Paul-David Brodmann</a></li>
<li><a href="../authors/brucker/">Achim D. Brucker</a></li>
<li><a href="../authors/bruegger/">Lukas Brügger</a></li>
<li><a href="../authors/brun/">Matthias Brun</a></li>
<li><a href="../authors/brunner/">Julian Brunner</a></li>
<li><a href="../authors/bulwahn/">Lukas Bulwahn</a></li>
<li><a href="../authors/butler/">David Butler</a></li>
<li><a href="../authors/buyse/">Maxime Buyse</a></li>
<li><a href="../authors/caballero/">José Manuel Rodríguez Caballero</a></li>
<li><a href="../authors/caminati/">Marco B. Caminati</a></li>
<li><a href="../authors/campo/">Alejandro del Campo</a></li>
<li><a href="../authors/chapman/">Peter Chapman</a></li>
<li><a href="../authors/chen/">L. Chen</a></li>
<li><a href="../authors/clouston/">Ranald Clouston</a></li>
<li><a href="../authors/cock/">David Cock</a></li>
<li><a href="../authors/coghetto/">Roland Coghetto</a></li>
<li><a href="../authors/coglio/">Alessandro Coglio</a></li>
<li><a href="../authors/cohen/">Ernie Cohen</a></li>
<li><a href="../authors/cordwell/">Katherine Cordwell</a></li>
<li><a href="../authors/cousin/">Marie Cousin</a></li>
<li><a href="../authors/cremer/">Nils Cremer</a></li>
<li><a href="../authors/crighton/">Aaron Crighton</a></li>
<li><a href="../authors/dardinier/">Thibault Dardinier</a></li>
<li><a href="../authors/david/">Marco David</a></li>
<li><a href="../authors/debrat/">Henri Debrat</a></li>
<li><a href="../authors/decova/">Sára Decova</a></li>
<li><a href="../authors/derrick/">John Derrick</a></li>
<li><a href="../authors/desharnais/">Martin Desharnais</a></li>
<li><a href="../authors/diaz/">Javier Díaz</a></li>
<li><a href="../authors/diekmann/">Cornelius Diekmann</a></li>
<li><a href="../authors/dirix/">Stefan Dirix</a></li>
<li><a href="../authors/dittmann/">Christoph Dittmann</a></li>
<li><a href="../authors/divason/">Jose Divasón</a></li>
<li><a href="../authors/doczkal/">Christian Doczkal</a></li>
<li><a href="../authors/dongol/">Brijesh Dongol</a></li>
<li><a href="../authors/doty/">Matthew Doty</a></li>
<li><a href="../authors/dubut/">Jérémy Dubut</a></li>
<li><a href="../authors/dunaev/">Georgy Dunaev</a></li>
<li><a href="../authors/dyckhoff/">Roy Dyckhoff</a></li>
<li><a href="../authors/eberl/">Manuel Eberl</a></li>
<li><a href="../authors/echenim/">Mnacho Echenim</a></li>
<li><a href="../authors/edmonds/">Chelsea Edmonds</a></li>
<li><a href="../authors/engelhardt/">Kai Engelhardt</a></li>
<li><a href="../authors/eriksson/">Lars-Henrik Eriksson</a></li>
<li><a href="../authors/esparza/">Javier Esparza</a></li>
<li><a href="../authors/essmann/">Robin Eßmann</a></li>
<li><a href="../authors/felgenhauer/">Bertram Felgenhauer</a></li>
<li><a href="../authors/feliachi/">Abderrahmane Feliachi</a></li>
<li><a href="../authors/fell/">Julian Fell</a></li>
<li><a href="../authors/fernandez/">Matthew Fernandez</a></li>
<li><a href="../authors/fiedler/">Ben Fiedler</a></li>
<li><a href="../authors/fleuriot/">Jacques D. Fleuriot</a></li>
<li><a href="../authors/fleury/">Mathias Fleury</a></li>
<li><a href="../authors/foster/">Michael Foster</a></li>
<li><a href="../authors/fosterj/">J. Nathan Foster</a></li>
<li><a href="../authors/fosters/">Simon Foster</a></li>
<li><a href="../authors/fouillard/">Valentin Fouillard</a></li>
<li><a href="../authors/friedrich/">Stefan Friedrich</a></li>
<li><a href="../authors/from/">Asta Halkjær From</a></li>
<li><a href="../authors/fuenmayor/">David Fuenmayor</a></li>
<li><a href="../authors/furusawa/">Hitoshi Furusawa</a></li>
<li><a href="../authors/gammie/">Peter Gammie</a></li>
<li><a href="../authors/gao/">Xin Gao</a></li>
<li><a href="../authors/gaudel/">Marie-Claude Gaudel</a></li>
<li><a href="../authors/gay/">Richard Gay</a></li>
<li><a href="../authors/georgescu/">George Georgescu</a></li>
<li><a href="../authors/gheri/">Lorenzo Gheri</a></li>
<li><a href="../authors/ghourabi/">Fadoua Ghourabi</a></li>
<li><a href="../authors/gioiosa/">Gianpaolo Gioiosa</a></li>
<li><a href="../authors/glabbeek/">Rob van Glabbeek</a></li>
<li><a href="../authors/gomes/">Victor B. F. Gomes</a></li>
<li><a href="../authors/gonzalez/">Edgar Gonzàlez</a></li>
<li><a href="../authors/gore/">Rajeev Gore</a></li>
<li><a href="../authors/gouezel/">Sebastien Gouezel</a></li>
<li><a href="../authors/grechuk/">Bogdan Grechuk</a></li>
<li><a href="../authors/grewe/">Sylvia Grewe</a></li>
<li><a href="../authors/griebel/">Simon Griebel</a></li>
<li><a href="../authors/grov/">Gudmund Grov</a></li>
<li><a href="../authors/guerraoui/">Rachid Guerraoui</a></li>
<li><a href="../authors/guiol/">Hervé Guiol</a></li>
<li><a href="../authors/gunther/">Emmanuel Gunther</a></li>
<li><a href="../authors/gutkovas/">Ramunas Gutkovas</a></li>
<li><a href="../authors/guttmann/">Walter Guttmann</a></li>
<li><a href="../authors/guzman/">Laura P. Gamboa Guzman</a></li>
<li><a href="../authors/haftmann/">Florian Haftmann</a></li>
<li><a href="../authors/haslbeck/">Max W. Haslbeck</a></li>
<li><a href="../authors/haslbeckm/">Maximilian P. L. Haslbeck</a></li>
<li><a href="../authors/havle/">Oto Havle</a></li>
<li><a href="../authors/hayes/">Ian J. Hayes</a></li>
<li><a href="../authors/he/">Yijun He</a></li>
<li><a href="../authors/heimes/">Lukas Heimes</a></li>
<li><a href="../authors/helke/">Steffen Helke</a></li>
<li><a href="../authors/hellauer/">Fabian Hellauer</a></li>
<li><a href="../authors/heller/">Armin Heller</a></li>
<li><a href="../authors/henrio/">Ludovic Henrio</a></li>
<li><a href="../authors/herzberg/">Michael Herzberg</a></li>
<li><a href="../authors/hess/">Andreas V. Hess</a></li>
<li><a href="../authors/hetzl/">Stefan Hetzl</a></li>
<li><a href="../authors/hibon/">Quentin Hibon</a></li>
<li><a href="../authors/hirata/">Michikazu Hirata</a></li>
<li><a href="../authors/hoefner/">Peter Höfner</a></li>
<li><a href="../authors/hoelzl/">Johannes Hölzl</a></li>
<li><a href="../authors/hofmann/">Martin Hofmann</a></li>
<li><a href="../authors/holub/">Štěpán Holub</a></li>
<li><a href="../authors/hosking/">Tony Hosking</a></li>
<li><a href="../authors/hou/">Zhe Hou</a></li>
<li><a href="../authors/hu/">Shuwei Hu</a></li>
<li><a href="../authors/huffman/">Brian Huffman</a></li>
<li><a href="../authors/hupel/">Lars Hupel</a></li>
<li><a href="../authors/ijbema/">Mark Ijbema</a></li>
<li><a href="../authors/immler/">Fabian Immler</a></li>
<li><a href="../authors/ito/">Yosuke Ito</a></li>
<li><a href="../authors/iwama/">Fumiya Iwama</a></li>
<li><a href="../authors/jacobsen/">Frederik Krogsdal Jacobsen</a></li>
<li><a href="../authors/jaskelioff/">Mauro Jaskelioff</a></li>
<li><a href="../authors/jaskolka/">Jason Jaskolka</a></li>
<li><a href="../authors/jensen/">Alexander Birch Jensen</a></li>
<li><a href="../authors/jiang/">Nan Jiang</a></li>
<li><a href="../authors/jiangd/">Dongchen Jiang</a></li>
<li><a href="../authors/joosten/">Sebastiaan J. C. Joosten</a></li>
<li><a href="../authors/jungnickel/">Tim Jungnickel</a></li>
<li><a href="../authors/kadzioka/">Maya Kądziołka</a></li>
<li><a href="../authors/kaliszyk/">Cezary Kaliszyk</a></li>
<li><a href="../authors/kammueller/">Florian Kammüller</a></li>
<li><a href="../authors/kappelmann/">Kevin Kappelmann</a></li>
<li><a href="../authors/karayel/">Emin Karayel</a></li>
<li><a href="../authors/kastermans/">Bart Kastermans</a></li>
<li><a href="../authors/katovsky/">Alexander Katovsky</a></li>
<li><a href="../authors/kaufmann/">Daniela Kaufmann</a></li>
<li><a href="../authors/keefe/">Greg O&#39;Keefe</a></li>
<li><a href="../authors/keinholz/">Jonas Keinholz</a></li>
<li><a href="../authors/kerber/">Manfred Kerber</a></li>
<li><a href="../authors/ketland/">Jeffrey Ketland</a></li>
<li><a href="../authors/kirchner/">Daniel Kirchner</a></li>
<li><a href="../authors/klein/">Gerwin Klein</a></li>
<li><a href="../authors/klenze/">Tobias Klenze</a></li>
<li><a href="../authors/kleppmann/">Martin Kleppmann</a></li>
<li><a href="../authors/kobayashi/">Hidetsune Kobayashi</a></li>
<li><a href="../authors/koerner/">Stefan Körner</a></li>
<li><a href="../authors/kolanski/">Rafal Kolanski</a></li>
<li><a href="../authors/koller/">Lukas Koller</a></li>
<li><a href="../authors/krauss/">Alexander Krauss</a></li>
<li><a href="../authors/kreuzer/">Katharina Kreuzer</a></li>
<li><a href="../authors/kuncak/">Viktor Kuncak</a></li>
<li><a href="../authors/kuncar/">Ondřej Kunčar</a></li>
<li><a href="../authors/kurz/">Friedrich Kurz</a></li>
<li><a href="../authors/lachnitt/">Hanna Lachnitt</a></li>
<li><a href="../authors/lallemand/">Joseph Lallemand</a></li>
<li><a href="../authors/lammich/">Peter Lammich</a></li>
<li><a href="../authors/lange/">Christoph Lange</a></li>
<li><a href="../authors/langenstein/">Bruno Langenstein</a></li>
<li><a href="../authors/lattuada/">Andrea Lattuada</a></li>
<li><a href="../authors/lee/">Holden Lee</a></li>
<li><a href="../authors/leustean/">Laurentiu Leustean</a></li>
<li><a href="../authors/lewis/">Corey Lewis</a></li>
<li><a href="../authors/li/">Wenda Li</a></li>
<li><a href="../authors/lim/">Japheth Lim</a></li>
<li><a href="../authors/lindenberg/">Christina Lindenberg</a></li>
<li><a href="../authors/linker/">Sven Linker</a></li>
<li><a href="../authors/liu/">Junyi Liu</a></li>
<li><a href="../authors/liut/">Tao Liu</a></li>
<li><a href="../authors/liuy/">Yang Liu</a></li>
<li><a href="../authors/liy/">Yangjia Li</a></li>
<li><a href="../authors/lochbihler/">Andreas Lochbihler</a></li>
<li><a href="../authors/lochmann/">Alexander Lochmann</a></li>
<li><a href="../authors/lohner/">Denis Lohner</a></li>
<li><a href="../authors/loibl/">Matthias Loibl</a></li>
<li><a href="../authors/londono/">Alejandro Gómez-Londoño</a></li>
<li><a href="../authors/losa/">Giuliano Losa</a></li>
<li><a href="../authors/lutz/">Bianca Lutz</a></li>
<li><a href="../authors/lux/">Alexander Lux</a></li>
<li><a href="../authors/makarios/">T. J. M. Makarios</a></li>
<li><a href="../authors/maletzky/">Alexander Maletzky</a></li>
<li><a href="../authors/mansky/">Susannah Mansky</a></li>
<li><a href="../authors/mantel/">Heiko Mantel</a></li>
<li><a href="../authors/margetson/">James Margetson</a></li>
<li><a href="../authors/maric/">Ognjen Marić</a></li>
<li><a href="../authors/maricf/">Filip Marić</a></li>
<li><a href="../authors/marmsoler/">Diego Marmsoler</a></li>
<li><a href="../authors/matache/">Cristina Matache</a></li>
<li><a href="../authors/matichuk/">Daniel Matichuk</a></li>
<li><a href="../authors/matiyasevich/">Yuri Matiyasevich</a></li>
<li><a href="../authors/maximova/">Alexandra Maximova</a></li>
<li><a href="../authors/meis/">Rene Meis</a></li>
<li><a href="../authors/merz/">Stephan Merz</a></li>
<li><a href="../authors/messner/">Florian Messner</a></li>
<li><a href="../authors/michaelis/">Julius Michaelis</a></li>
<li><a href="../authors/milehins/">Mihails Milehins</a></li>
<li><a href="../authors/minamide/">Yasuhiko Minamide</a></li>
<li><a href="../authors/mitchell/">Neil Mitchell</a></li>
<li><a href="../authors/mitsch/">Stefan Mitsch</a></li>
<li><a href="../authors/moedersheim/">Sebastian Mödersheim</a></li>
<li><a href="../authors/moeller/">Bernhard Möller</a></li>
<li><a href="../authors/muendler/">Niels Mündler</a></li>
<li><a href="../authors/mulligan/">Dominic P. Mulligan</a></li>
<li><a href="../authors/munive/">Jonathan Julian Huerta y Munive</a></li>
<li><a href="../authors/murao/">H. Murao</a></li>
<li><a href="../authors/murray/">Toby Murray</a></li>
<li><a href="../authors/nagashima/">Yutaka Nagashima</a></li>
<li><a href="../authors/nagele/">Julian Nagele</a></li>
<li><a href="../authors/naraschewski/">Wolfgang Naraschewski</a></li>
<li><a href="../authors/nedzelsky/">Michael Nedzelsky</a></li>
<li><a href="../authors/nemeti/">István Németi</a></li>
<li><a href="../authors/nemouchi/">Yakoub Nemouchi</a></li>
<li><a href="../authors/nestmann/">Uwe Nestmann</a></li>
<li><a href="../authors/neumann/">René Neumann</a></li>
<li><a href="../authors/nielsen/">Finn Nielsen</a></li>
<li><a href="../authors/nikiforov/">Denis Nikiforov</a></li>
<li><a href="../authors/nipkow/">Tobias Nipkow</a></li>
<li><a href="../authors/nishihara/">Toshiaki Nishihara</a></li>
<li><a href="../authors/noce/">Pasquale Noce</a></li>
<li><a href="../authors/nordhoff/">Benedikt Nordhoff</a></li>
<li><a href="../authors/noschinski/">Lars Noschinski</a></li>
<li><a href="../authors/obua/">Steven Obua</a></li>
<li><a href="../authors/ogawa/">Mizuhito Ogawa</a></li>
<li><a href="../authors/oldenburg/">Lennart Oldenburg</a></li>
<li><a href="../authors/olm/">Markus Müller-Olm</a></li>
<li><a href="../authors/oosterhuis/">Roelof Oosterhuis</a></li>
<li><a href="../authors/oostrom/">Vincent van Oostrom</a></li>
<li><a href="../authors/ortner/">Veronika Ortner</a></li>
<li><a href="../authors/overbeek/">Roy Overbeek</a></li>
<li><a href="../authors/pagano/">Miguel Pagano</a></li>
<li><a href="../authors/pal/">Abhik Pal</a></li>
<li><a href="../authors/paleo/">Bruno Woltzenlogel Paleo</a></li>
<li><a href="../authors/palmer/">Jake Palmer</a></li>
<li><a href="../authors/parkinson/">Matthew Parkinson</a></li>
<li><a href="../authors/parrow/">Joachim Parrow</a></li>
<li><a href="../authors/parsert/">Julian Parsert</a></li>
<li><a href="../authors/paulson/">Lawrence C. Paulson</a></li>
<li><a href="../authors/peltier/">Nicolas Peltier</a></li>
<li><a href="../authors/peters/">Kirstin Peters</a></li>
<li><a href="../authors/petrovic/">Danijela Petrovic</a></li>
<li><a href="../authors/pierzchalski/">Edward Pierzchalski</a></li>
<li><a href="../authors/platzer/">André Platzer</a></li>
<li><a href="../authors/pollak/">Florian Pollak</a></li>
<li><a href="../authors/popescu/">Andrei Popescu</a></li>
<li><a href="../authors/porter/">Benjamin Porter</a></li>
<li><a href="../authors/prathamesh/">T.V.H. Prathamesh</a></li>
<li><a href="../authors/preoteasa/">Viorel Preoteasa</a></li>
<li><a href="../authors/pusch/">Cornelia Pusch</a></li>
<li><a href="../authors/rabe/">Markus N. Rabe</a></li>
<li><a href="../authors/raedle/">Jonas Rädle</a></li>
<li><a href="../authors/raska/">Martin Raška</a></li>
<li><a href="../authors/raszyk/">Martin Raszyk</a></li>
<li><a href="../authors/rau/">Martin Rau</a></li>
<li><a href="../authors/rauch/">Nicole Rauch</a></li>
<li><a href="../authors/raumer/">Jakob von Raumer</a></li>
<li><a href="../authors/ravindran/">Binoy Ravindran</a></li>
<li><a href="../authors/rawson/">Michael Rawson</a></li>
<li><a href="../authors/raya/">Rodrigo Raya</a></li>
<li><a href="../authors/regensburger/">Franz Regensburger</a></li>
<li><a href="../authors/reiche/">Sebastian Reiche</a></li>
<li><a href="../authors/reiter/">Markus Reiter</a></li>
<li><a href="../authors/reynaud/">Alban Reynaud</a></li>
<li><a href="../authors/ribeiro/">Pedro Ribeiro</a></li>
<li><a href="../authors/richter/">Stefan Richter</a></li>
<li><a href="../authors/rickmann/">Christina Rickmann</a></li>
<li><a href="../authors/ridge/">Tom Ridge</a></li>
<li><a href="../authors/rizaldi/">Albert Rizaldi</a></li>
<li><a href="../authors/rizkallah/">Christine Rizkallah</a></li>
<li><a href="../authors/robillard/">Simon Robillard</a></li>
<li><a href="../authors/roessle/">Ian Roessle</a></li>
<li><a href="../authors/romanos/">Ralph Romanos</a></li>
<li><a href="../authors/rosskopf/">Simon Roßkopf</a></li>
<li><a href="../authors/rowat/">Colin Rowat</a></li>
<li><a href="../authors/sabouret/">Nicolas Sabouret</a></li>
<li><a href="../authors/sachtleben/">Robert Sachtleben</a></li>
<li><a href="../authors/saile/">Christian Saile</a></li>
<li><a href="../authors/sanan/">David Sanan</a></li>
<li><a href="../authors/sato/">Tetsuya Sato</a></li>
<li><a href="../authors/sauer/">Jens Sauer</a></li>
<li><a href="../authors/schaeffeler/">Maximilian Schäffeler</a></li>
<li><a href="../authors/scharager/">Matias Scharager</a></li>
<li><a href="../authors/schimpf/">Alexander Schimpf</a></li>
<li><a href="../authors/schirmer/">Norbert Schirmer</a></li>
<li><a href="../authors/schleicher/">Dierk Schleicher</a></li>
<li><a href="../authors/schlichtkrull/">Anders Schlichtkrull</a></li>
<li><a href="../authors/schmaltz/">Julien Schmaltz</a></li>
<li><a href="../authors/schmidinger/">Lukas Schmidinger</a></li>
<li><a href="../authors/schmoetten/">Richard Schmoetten</a></li>
<li><a href="../authors/schneider/">Joshua Schneider</a></li>
<li><a href="../authors/schoepe/">Daniel Schoepe</a></li>
<li><a href="../authors/schoepf/">Jonas Schöpf</a></li>
<li><a href="../authors/scott/">Dana Scott</a></li>
<li><a href="../authors/sefidgar/">S. Reza Sefidgar</a></li>
<li><a href="../authors/seidl/">Benedikt Seidl</a></li>
<li><a href="../authors/seidler/">Henning Seidler</a></li>
<li><a href="../authors/sewell/">Thomas Sewell</a></li>
<li><a href="../authors/sickert/">Salomon Sickert</a></li>
<li><a href="../authors/siek/">Jeremy Siek</a></li>
<li><a href="../authors/simic/">Danijela Simić</a></li>
<li><a href="../authors/sison/">Robert Sison</a></li>
<li><a href="../authors/smaus/">Jan-Georg Smaus</a></li>
<li><a href="../authors/smola/">Filip Smola</a></li>
<li><a href="../authors/snelting/">Gregor Snelting</a></li>
<li><a href="../authors/somaini/">Ivano Somaini</a></li>
<li><a href="../authors/somogyi/">Dániel Somogyi</a></li>
<li><a href="../authors/spasic/">Mirko Spasić</a></li>
<li><a href="../authors/spichkova/">Maria Spichkova</a></li>
<li><a href="../authors/sprenger/">Christoph Sprenger</a></li>
<li><a href="../authors/stannett/">Mike Stannett</a></li>
<li><a href="../authors/stark/">Eugene W. Stark</a></li>
<li><a href="../authors/starosta/">Štěpán Starosta</a></li>
<li><a href="../authors/steinberg/">Matías Steinberg</a></li>
<li><a href="../authors/stephan/">Werner Stephan</a></li>
<li><a href="../authors/sternagel/">Christian Sternagel</a></li>
<li><a href="../authors/sternagelt/">Thomas Sternagel</a></li>
<li><a href="../authors/stevens/">Lukas Stevens</a></li>
<li><a href="../authors/stock/">Benedikt Stock</a></li>
+ <li><a href="../authors/stoeckl/">Bernhard Stöckl</a></li>
+
<li><a href="../authors/stricker/">Christian Stricker</a></li>
<li><a href="../authors/strnisa/">Rok Strniša</a></li>
<li><a href="../authors/struth/">Georg Struth</a></li>
<li><a href="../authors/stueber/">Anke Stüber</a></li>
<li><a href="../authors/stuewe/">Daniel Stüwe</a></li>
<li><a href="../authors/sudbrock/">Henning Sudbrock</a></li>
<li><a href="../authors/sudhof/">Henry Sudhof</a></li>
<li><a href="../authors/sulejmani/">Ujkan Sulejmani</a></li>
<li><a href="../authors/sylvestre/">Jeremy Sylvestre</a></li>
<li><a href="../authors/taha/">Safouan Taha</a></li>
<li><a href="../authors/tan/">Yong Kiam Tan</a></li>
<li><a href="../authors/tasch/">Markus Tasch</a></li>
<li><a href="../authors/taylor/">Ramsay G. Taylor</a></li>
<li><a href="../authors/terraf/">Pedro Sánchez Terraf</a></li>
<li><a href="../authors/thiemann/">René Thiemann</a></li>
<li><a href="../authors/thommes/">Joseph Thommes</a></li>
<li><a href="../authors/thomson/">Fox Thomson</a></li>
<li><a href="../authors/tiu/">Alwen Tiu</a></li>
<li><a href="../authors/toth/">Balazs Toth</a></li>
<li><a href="../authors/tourret/">Sophie Tourret</a></li>
<li><a href="../authors/trachtenherz/">David Trachtenherz</a></li>
<li><a href="../authors/traut/">Christoph Traut</a></li>
<li><a href="../authors/traytel/">Dmitriy Traytel</a></li>
<li><a href="../authors/trelat/">Vincent Trélat</a></li>
<li><a href="../authors/tuong/">Frédéric Tuong</a></li>
<li><a href="../authors/tuongj/">Joseph Tuong</a></li>
<li><a href="../authors/tverdyshev/">Sergey Tverdyshev</a></li>
<li><a href="../authors/ullrich/">Sebastian Ullrich</a></li>
<li><a href="../authors/unruh/">Dominique Unruh</a></li>
<li><a href="../authors/urban/">Christian Urban</a></li>
<li><a href="../authors/van/">Hai Nguyen Van</a></li>
<li><a href="../authors/velykis/">Andrius Velykis</a></li>
<li><a href="../authors/verbeek/">Freek Verbeek</a></li>
<li><a href="../authors/villadsen/">Jørgen Villadsen</a></li>
<li><a href="../authors/voisin/">Frederic Voisin</a></li>
<li><a href="../authors/vytiniotis/">Dimitrios Vytiniotis</a></li>
<li><a href="../authors/wagner/">Max Wagner</a></li>
<li><a href="../authors/waldmann/">Uwe Waldmann</a></li>
<li><a href="../authors/wand/">Daniel Wand</a></li>
<li><a href="../authors/wang/">Shuling Wang</a></li>
<li><a href="../authors/wassell/">Mark Wassell</a></li>
<li><a href="../authors/wasserrab/">Daniel Wasserrab</a></li>
<li><a href="../authors/watt/">Conrad Watt</a></li>
<li><a href="../authors/weber/">Tjark Weber</a></li>
<li><a href="../authors/weerwag/">Timmy Weerwag</a></li>
<li><a href="../authors/weidner/">Arno Wilhelm-Weidner</a></li>
<li><a href="../authors/wenzel/">Makarius Wenzel</a></li>
<li><a href="../authors/wickerson/">John Wickerson</a></li>
<li><a href="../authors/willenbrink/">Sebastian Willenbrink</a></li>
<li><a href="../authors/wimmer/">Simon Wimmer</a></li>
<li><a href="../authors/wirt/">Kai Wirt</a></li>
<li><a href="../authors/wolff/">Burkhart Wolff</a></li>
<li><a href="../authors/wu/">Chunhan Wu</a></li>
<li><a href="../authors/xu/">Jian Xu</a></li>
<li><a href="../authors/yamada/">Akihisa Yamada</a></li>
<li><a href="../authors/ye/">Lina Ye</a></li>
<li><a href="../authors/ying/">Shenggang Ying</a></li>
<li><a href="../authors/yingm/">Mingsheng Ying</a></li>
<li><a href="../authors/yu/">Lei Yu</a></li>
<li><a href="../authors/zankl/">Harald Zankl</a></li>
<li><a href="../authors/zee/">Karen Zee</a></li>
<li><a href="../authors/zeller/">Peter Zeller</a></li>
<li><a href="../authors/zeyda/">Frank Zeyda</a></li>
<li><a href="../authors/zhan/">Bohua Zhan</a></li>
<li><a href="../authors/zhang/">Yu Zhang</a></li>
<li><a href="../authors/zhangx/">Xingyuan Zhang</a></li>
<li><a href="../authors/zhann/">Naijun Zhan</a></li>
</ul>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/index.json b/web/authors/index.json
--- a/web/authors/index.json
+++ b/web/authors/index.json
@@ -1,1 +1,1 @@
-[{"id":0,"link":"/authors/abdulaziz/","name":"Mohammad Abdulaziz"},{"id":1,"link":"/authors/adelsberger/","name":"Stephan Adelsberger"},{"id":2,"link":"/authors/aehlig/","name":"Klaus Aehlig"},{"id":3,"link":"/authors/aissat/","name":"Romain Aissat"},{"id":4,"link":"/authors/amani/","name":"Sidney Amani"},{"id":5,"link":"/authors/ammer/","name":"Thomas Ammer"},{"id":6,"link":"/authors/andronick/","name":"June Andronick"},{"id":7,"link":"/authors/aransay/","name":"Jesús Aransay"},{"id":8,"link":"/authors/argyraki/","name":"Angeliki Koutsoukou-Argyraki"},{"id":9,"link":"/authors/armstrong/","name":"Alasdair Armstrong"},{"id":10,"link":"/authors/aspinall/","name":"David Aspinall"},{"id":11,"link":"/authors/ausaf/","name":"Fahad Ausaf"},{"id":12,"link":"/authors/avigad/","name":"Jeremy Avigad"},{"id":13,"link":"/authors/back/","name":"Ralph-Johan Back"},{"id":14,"link":"/authors/balbach/","name":"Frank J. Balbach"},{"id":15,"link":"/authors/ballarin/","name":"Clemens Ballarin"},{"id":16,"link":"/authors/barsotti/","name":"Damián Barsotti"},{"id":17,"link":"/authors/bauer/","name":"Gertrud Bauer"},{"id":18,"link":"/authors/bauereiss/","name":"Thomas Bauereiss"},{"id":19,"link":"/authors/bayer/","name":"Jonas Bayer"},{"id":20,"link":"/authors/becker/","name":"Heiko Becker"},{"id":21,"link":"/authors/beeren/","name":"Joel Beeren"},{"id":22,"link":"/authors/bella/","name":"Giampaolo Bella"},{"id":23,"link":"/authors/bengtson/","name":"Jesper Bengtson"},{"id":24,"link":"/authors/bentkamp/","name":"Alexander Bentkamp"},{"id":25,"link":"/authors/benzmueller/","name":"Christoph Benzmüller"},{"id":26,"link":"/authors/beresford/","name":"Alastair R. Beresford"},{"id":27,"link":"/authors/berghofer/","name":"Stefan Berghofer"},{"id":28,"link":"/authors/beringer/","name":"Lennart Beringer"},{"id":29,"link":"/authors/bharadwaj/","name":"Abhijith Bharadwaj"},{"id":30,"link":"/authors/bhatt/","name":"Bhargav Bhatt"},{"id":31,"link":"/authors/biendarra/","name":"Julian Biendarra"},{"id":32,"link":"/authors/bisping/","name":"Benjamin Bisping"},{"id":33,"link":"/authors/blanchette/","name":"Jasmin Christian Blanchette"},{"id":34,"link":"/authors/blasum/","name":"Holger Blasum"},{"id":35,"link":"/authors/blumson/","name":"Ben Blumson"},{"id":36,"link":"/authors/bockenek/","name":"Joshua Bockenek"},{"id":37,"link":"/authors/boehme/","name":"Sascha Böhme"},{"id":38,"link":"/authors/bohrer/","name":"Rose Bohrer"},{"id":39,"link":"/authors/bordg/","name":"Anthony Bordg"},{"id":40,"link":"/authors/borgstroem/","name":"Johannes Borgström"},{"id":41,"link":"/authors/bortin/","name":"Maksym Bortin"},{"id":42,"link":"/authors/bottesch/","name":"Ralph Bottesch"},{"id":43,"link":"/authors/boulanger/","name":"Frédéric Boulanger"},{"id":44,"link":"/authors/bourke/","name":"Timothy Bourke"},{"id":45,"link":"/authors/boutry/","name":"Pierre Boutry"},{"id":46,"link":"/authors/boyton/","name":"Andrew Boyton"},{"id":47,"link":"/authors/bracevac/","name":"Oliver Bračevac"},{"id":48,"link":"/authors/brandt/","name":"Felix Brandt"},{"id":49,"link":"/authors/breitner/","name":"Joachim Breitner"},{"id":50,"link":"/authors/brien/","name":"Nicolas Robinson-O'Brien"},{"id":51,"link":"/authors/brinkop/","name":"Hauke Brinkop"},{"id":52,"link":"/authors/brodmann/","name":"Paul-David Brodmann"},{"id":53,"link":"/authors/brucker/","name":"Achim D. Brucker"},{"id":54,"link":"/authors/bruegger/","name":"Lukas Brügger"},{"id":55,"link":"/authors/brun/","name":"Matthias Brun"},{"id":56,"link":"/authors/brunner/","name":"Julian Brunner"},{"id":57,"link":"/authors/bulwahn/","name":"Lukas Bulwahn"},{"id":58,"link":"/authors/butler/","name":"David Butler"},{"id":59,"link":"/authors/buyse/","name":"Maxime Buyse"},{"id":60,"link":"/authors/caballero/","name":"José Manuel Rodríguez Caballero"},{"id":61,"link":"/authors/caminati/","name":"Marco B. Caminati"},{"id":62,"link":"/authors/campo/","name":"Alejandro del Campo"},{"id":63,"link":"/authors/chapman/","name":"Peter Chapman"},{"id":64,"link":"/authors/chen/","name":"L. Chen"},{"id":65,"link":"/authors/clouston/","name":"Ranald Clouston"},{"id":66,"link":"/authors/cock/","name":"David Cock"},{"id":67,"link":"/authors/coghetto/","name":"Roland Coghetto"},{"id":68,"link":"/authors/coglio/","name":"Alessandro Coglio"},{"id":69,"link":"/authors/cohen/","name":"Ernie Cohen"},{"id":70,"link":"/authors/cordwell/","name":"Katherine Cordwell"},{"id":71,"link":"/authors/cousin/","name":"Marie Cousin"},{"id":72,"link":"/authors/cremer/","name":"Nils Cremer"},{"id":73,"link":"/authors/crighton/","name":"Aaron Crighton"},{"id":74,"link":"/authors/dardinier/","name":"Thibault Dardinier"},{"id":75,"link":"/authors/david/","name":"Marco David"},{"id":76,"link":"/authors/debrat/","name":"Henri Debrat"},{"id":77,"link":"/authors/decova/","name":"Sára Decova"},{"id":78,"link":"/authors/derrick/","name":"John Derrick"},{"id":79,"link":"/authors/desharnais/","name":"Martin Desharnais"},{"id":80,"link":"/authors/diaz/","name":"Javier Díaz"},{"id":81,"link":"/authors/diekmann/","name":"Cornelius Diekmann"},{"id":82,"link":"/authors/dirix/","name":"Stefan Dirix"},{"id":83,"link":"/authors/dittmann/","name":"Christoph Dittmann"},{"id":84,"link":"/authors/divason/","name":"Jose Divasón"},{"id":85,"link":"/authors/doczkal/","name":"Christian Doczkal"},{"id":86,"link":"/authors/dongol/","name":"Brijesh Dongol"},{"id":87,"link":"/authors/doty/","name":"Matthew Doty"},{"id":88,"link":"/authors/dubut/","name":"Jérémy Dubut"},{"id":89,"link":"/authors/dunaev/","name":"Georgy Dunaev"},{"id":90,"link":"/authors/dyckhoff/","name":"Roy Dyckhoff"},{"id":91,"link":"/authors/eberl/","name":"Manuel Eberl"},{"id":92,"link":"/authors/echenim/","name":"Mnacho Echenim"},{"id":93,"link":"/authors/edmonds/","name":"Chelsea Edmonds"},{"id":94,"link":"/authors/engelhardt/","name":"Kai Engelhardt"},{"id":95,"link":"/authors/eriksson/","name":"Lars-Henrik Eriksson"},{"id":96,"link":"/authors/esparza/","name":"Javier Esparza"},{"id":97,"link":"/authors/essmann/","name":"Robin Eßmann"},{"id":98,"link":"/authors/felgenhauer/","name":"Bertram Felgenhauer"},{"id":99,"link":"/authors/feliachi/","name":"Abderrahmane Feliachi"},{"id":100,"link":"/authors/fell/","name":"Julian Fell"},{"id":101,"link":"/authors/fernandez/","name":"Matthew Fernandez"},{"id":102,"link":"/authors/fiedler/","name":"Ben Fiedler"},{"id":103,"link":"/authors/fleuriot/","name":"Jacques D. Fleuriot"},{"id":104,"link":"/authors/fleury/","name":"Mathias Fleury"},{"id":105,"link":"/authors/foster/","name":"Michael Foster"},{"id":106,"link":"/authors/fosterj/","name":"J. Nathan Foster"},{"id":107,"link":"/authors/fosters/","name":"Simon Foster"},{"id":108,"link":"/authors/fouillard/","name":"Valentin Fouillard"},{"id":109,"link":"/authors/friedrich/","name":"Stefan Friedrich"},{"id":110,"link":"/authors/from/","name":"Asta Halkjær From"},{"id":111,"link":"/authors/fuenmayor/","name":"David Fuenmayor"},{"id":112,"link":"/authors/furusawa/","name":"Hitoshi Furusawa"},{"id":113,"link":"/authors/gammie/","name":"Peter Gammie"},{"id":114,"link":"/authors/gao/","name":"Xin Gao"},{"id":115,"link":"/authors/gaudel/","name":"Marie-Claude Gaudel"},{"id":116,"link":"/authors/gay/","name":"Richard Gay"},{"id":117,"link":"/authors/georgescu/","name":"George Georgescu"},{"id":118,"link":"/authors/gheri/","name":"Lorenzo Gheri"},{"id":119,"link":"/authors/ghourabi/","name":"Fadoua Ghourabi"},{"id":120,"link":"/authors/gioiosa/","name":"Gianpaolo Gioiosa"},{"id":121,"link":"/authors/glabbeek/","name":"Rob van Glabbeek"},{"id":122,"link":"/authors/gomes/","name":"Victor B. F. Gomes"},{"id":123,"link":"/authors/gonzalez/","name":"Edgar Gonzàlez"},{"id":124,"link":"/authors/gore/","name":"Rajeev Gore"},{"id":125,"link":"/authors/gouezel/","name":"Sebastien Gouezel"},{"id":126,"link":"/authors/grechuk/","name":"Bogdan Grechuk"},{"id":127,"link":"/authors/grewe/","name":"Sylvia Grewe"},{"id":128,"link":"/authors/griebel/","name":"Simon Griebel"},{"id":129,"link":"/authors/grov/","name":"Gudmund Grov"},{"id":130,"link":"/authors/guerraoui/","name":"Rachid Guerraoui"},{"id":131,"link":"/authors/guiol/","name":"Hervé Guiol"},{"id":132,"link":"/authors/gunther/","name":"Emmanuel Gunther"},{"id":133,"link":"/authors/gutkovas/","name":"Ramunas Gutkovas"},{"id":134,"link":"/authors/guttmann/","name":"Walter Guttmann"},{"id":135,"link":"/authors/guzman/","name":"Laura P. Gamboa Guzman"},{"id":136,"link":"/authors/haftmann/","name":"Florian Haftmann"},{"id":137,"link":"/authors/haslbeck/","name":"Max W. Haslbeck"},{"id":138,"link":"/authors/haslbeckm/","name":"Maximilian P. L. Haslbeck"},{"id":139,"link":"/authors/havle/","name":"Oto Havle"},{"id":140,"link":"/authors/hayes/","name":"Ian J. Hayes"},{"id":141,"link":"/authors/he/","name":"Yijun He"},{"id":142,"link":"/authors/heimes/","name":"Lukas Heimes"},{"id":143,"link":"/authors/helke/","name":"Steffen Helke"},{"id":144,"link":"/authors/hellauer/","name":"Fabian Hellauer"},{"id":145,"link":"/authors/heller/","name":"Armin Heller"},{"id":146,"link":"/authors/henrio/","name":"Ludovic Henrio"},{"id":147,"link":"/authors/herzberg/","name":"Michael Herzberg"},{"id":148,"link":"/authors/hess/","name":"Andreas V. Hess"},{"id":149,"link":"/authors/hetzl/","name":"Stefan Hetzl"},{"id":150,"link":"/authors/hibon/","name":"Quentin Hibon"},{"id":151,"link":"/authors/hirata/","name":"Michikazu Hirata"},{"id":152,"link":"/authors/hoefner/","name":"Peter Höfner"},{"id":153,"link":"/authors/hoelzl/","name":"Johannes Hölzl"},{"id":154,"link":"/authors/hofmann/","name":"Martin Hofmann"},{"id":155,"link":"/authors/holub/","name":"Štěpán Holub"},{"id":156,"link":"/authors/hosking/","name":"Tony Hosking"},{"id":157,"link":"/authors/hou/","name":"Zhe Hou"},{"id":158,"link":"/authors/hu/","name":"Shuwei Hu"},{"id":159,"link":"/authors/huffman/","name":"Brian Huffman"},{"id":160,"link":"/authors/hupel/","name":"Lars Hupel"},{"id":161,"link":"/authors/ijbema/","name":"Mark Ijbema"},{"id":162,"link":"/authors/immler/","name":"Fabian Immler"},{"id":163,"link":"/authors/ito/","name":"Yosuke Ito"},{"id":164,"link":"/authors/iwama/","name":"Fumiya Iwama"},{"id":165,"link":"/authors/jacobsen/","name":"Frederik Krogsdal Jacobsen"},{"id":166,"link":"/authors/jaskelioff/","name":"Mauro Jaskelioff"},{"id":167,"link":"/authors/jaskolka/","name":"Jason Jaskolka"},{"id":168,"link":"/authors/jensen/","name":"Alexander Birch Jensen"},{"id":169,"link":"/authors/jiang/","name":"Nan Jiang"},{"id":170,"link":"/authors/jiangd/","name":"Dongchen Jiang"},{"id":171,"link":"/authors/joosten/","name":"Sebastiaan J. C. Joosten"},{"id":172,"link":"/authors/jungnickel/","name":"Tim Jungnickel"},{"id":173,"link":"/authors/kadzioka/","name":"Maya Kądziołka"},{"id":174,"link":"/authors/kaliszyk/","name":"Cezary Kaliszyk"},{"id":175,"link":"/authors/kammueller/","name":"Florian Kammüller"},{"id":176,"link":"/authors/kappelmann/","name":"Kevin Kappelmann"},{"id":177,"link":"/authors/karayel/","name":"Emin Karayel"},{"id":178,"link":"/authors/kastermans/","name":"Bart Kastermans"},{"id":179,"link":"/authors/katovsky/","name":"Alexander Katovsky"},{"id":180,"link":"/authors/kaufmann/","name":"Daniela Kaufmann"},{"id":181,"link":"/authors/keefe/","name":"Greg O'Keefe"},{"id":182,"link":"/authors/keinholz/","name":"Jonas Keinholz"},{"id":183,"link":"/authors/kerber/","name":"Manfred Kerber"},{"id":184,"link":"/authors/ketland/","name":"Jeffrey Ketland"},{"id":185,"link":"/authors/kirchner/","name":"Daniel Kirchner"},{"id":186,"link":"/authors/klein/","name":"Gerwin Klein"},{"id":187,"link":"/authors/klenze/","name":"Tobias Klenze"},{"id":188,"link":"/authors/kleppmann/","name":"Martin Kleppmann"},{"id":189,"link":"/authors/kobayashi/","name":"Hidetsune Kobayashi"},{"id":190,"link":"/authors/koerner/","name":"Stefan Körner"},{"id":191,"link":"/authors/kolanski/","name":"Rafal Kolanski"},{"id":192,"link":"/authors/koller/","name":"Lukas Koller"},{"id":193,"link":"/authors/krauss/","name":"Alexander Krauss"},{"id":194,"link":"/authors/kreuzer/","name":"Katharina Kreuzer"},{"id":195,"link":"/authors/kuncak/","name":"Viktor Kuncak"},{"id":196,"link":"/authors/kuncar/","name":"Ondřej Kunčar"},{"id":197,"link":"/authors/kurz/","name":"Friedrich Kurz"},{"id":198,"link":"/authors/lachnitt/","name":"Hanna Lachnitt"},{"id":199,"link":"/authors/lallemand/","name":"Joseph Lallemand"},{"id":200,"link":"/authors/lammich/","name":"Peter Lammich"},{"id":201,"link":"/authors/lange/","name":"Christoph Lange"},{"id":202,"link":"/authors/langenstein/","name":"Bruno Langenstein"},{"id":203,"link":"/authors/lattuada/","name":"Andrea Lattuada"},{"id":204,"link":"/authors/lee/","name":"Holden Lee"},{"id":205,"link":"/authors/leustean/","name":"Laurentiu Leustean"},{"id":206,"link":"/authors/lewis/","name":"Corey Lewis"},{"id":207,"link":"/authors/li/","name":"Wenda Li"},{"id":208,"link":"/authors/lim/","name":"Japheth Lim"},{"id":209,"link":"/authors/lindenberg/","name":"Christina Lindenberg"},{"id":210,"link":"/authors/linker/","name":"Sven Linker"},{"id":211,"link":"/authors/liu/","name":"Junyi Liu"},{"id":212,"link":"/authors/liut/","name":"Tao Liu"},{"id":213,"link":"/authors/liuy/","name":"Yang Liu"},{"id":214,"link":"/authors/liy/","name":"Yangjia Li"},{"id":215,"link":"/authors/lochbihler/","name":"Andreas Lochbihler"},{"id":216,"link":"/authors/lochmann/","name":"Alexander Lochmann"},{"id":217,"link":"/authors/lohner/","name":"Denis Lohner"},{"id":218,"link":"/authors/loibl/","name":"Matthias Loibl"},{"id":219,"link":"/authors/londono/","name":"Alejandro Gómez-Londoño"},{"id":220,"link":"/authors/losa/","name":"Giuliano Losa"},{"id":221,"link":"/authors/lutz/","name":"Bianca Lutz"},{"id":222,"link":"/authors/lux/","name":"Alexander Lux"},{"id":223,"link":"/authors/makarios/","name":"T. J. M. Makarios"},{"id":224,"link":"/authors/maletzky/","name":"Alexander Maletzky"},{"id":225,"link":"/authors/mansky/","name":"Susannah Mansky"},{"id":226,"link":"/authors/mantel/","name":"Heiko Mantel"},{"id":227,"link":"/authors/margetson/","name":"James Margetson"},{"id":228,"link":"/authors/maric/","name":"Ognjen Marić"},{"id":229,"link":"/authors/maricf/","name":"Filip Marić"},{"id":230,"link":"/authors/marmsoler/","name":"Diego Marmsoler"},{"id":231,"link":"/authors/matache/","name":"Cristina Matache"},{"id":232,"link":"/authors/matichuk/","name":"Daniel Matichuk"},{"id":233,"link":"/authors/matiyasevich/","name":"Yuri Matiyasevich"},{"id":234,"link":"/authors/maximova/","name":"Alexandra Maximova"},{"id":235,"link":"/authors/meis/","name":"Rene Meis"},{"id":236,"link":"/authors/merz/","name":"Stephan Merz"},{"id":237,"link":"/authors/messner/","name":"Florian Messner"},{"id":238,"link":"/authors/michaelis/","name":"Julius Michaelis"},{"id":239,"link":"/authors/milehins/","name":"Mihails Milehins"},{"id":240,"link":"/authors/minamide/","name":"Yasuhiko Minamide"},{"id":241,"link":"/authors/mitchell/","name":"Neil Mitchell"},{"id":242,"link":"/authors/mitsch/","name":"Stefan Mitsch"},{"id":243,"link":"/authors/moedersheim/","name":"Sebastian Mödersheim"},{"id":244,"link":"/authors/moeller/","name":"Bernhard Möller"},{"id":245,"link":"/authors/muendler/","name":"Niels Mündler"},{"id":246,"link":"/authors/mulligan/","name":"Dominic P. Mulligan"},{"id":247,"link":"/authors/munive/","name":"Jonathan Julian Huerta y Munive"},{"id":248,"link":"/authors/murao/","name":"H. Murao"},{"id":249,"link":"/authors/murray/","name":"Toby Murray"},{"id":250,"link":"/authors/nagashima/","name":"Yutaka Nagashima"},{"id":251,"link":"/authors/nagele/","name":"Julian Nagele"},{"id":252,"link":"/authors/naraschewski/","name":"Wolfgang Naraschewski"},{"id":253,"link":"/authors/nedzelsky/","name":"Michael Nedzelsky"},{"id":254,"link":"/authors/nemeti/","name":"István Németi"},{"id":255,"link":"/authors/nemouchi/","name":"Yakoub Nemouchi"},{"id":256,"link":"/authors/nestmann/","name":"Uwe Nestmann"},{"id":257,"link":"/authors/neumann/","name":"René Neumann"},{"id":258,"link":"/authors/nielsen/","name":"Finn Nielsen"},{"id":259,"link":"/authors/nikiforov/","name":"Denis Nikiforov"},{"id":260,"link":"/authors/nipkow/","name":"Tobias Nipkow"},{"id":261,"link":"/authors/nishihara/","name":"Toshiaki Nishihara"},{"id":262,"link":"/authors/noce/","name":"Pasquale Noce"},{"id":263,"link":"/authors/nordhoff/","name":"Benedikt Nordhoff"},{"id":264,"link":"/authors/noschinski/","name":"Lars Noschinski"},{"id":265,"link":"/authors/obua/","name":"Steven Obua"},{"id":266,"link":"/authors/ogawa/","name":"Mizuhito Ogawa"},{"id":267,"link":"/authors/oldenburg/","name":"Lennart Oldenburg"},{"id":268,"link":"/authors/olm/","name":"Markus Müller-Olm"},{"id":269,"link":"/authors/oosterhuis/","name":"Roelof Oosterhuis"},{"id":270,"link":"/authors/oostrom/","name":"Vincent van Oostrom"},{"id":271,"link":"/authors/ortner/","name":"Veronika Ortner"},{"id":272,"link":"/authors/overbeek/","name":"Roy Overbeek"},{"id":273,"link":"/authors/pagano/","name":"Miguel Pagano"},{"id":274,"link":"/authors/pal/","name":"Abhik Pal"},{"id":275,"link":"/authors/paleo/","name":"Bruno Woltzenlogel Paleo"},{"id":276,"link":"/authors/palmer/","name":"Jake Palmer"},{"id":277,"link":"/authors/parkinson/","name":"Matthew Parkinson"},{"id":278,"link":"/authors/parrow/","name":"Joachim Parrow"},{"id":279,"link":"/authors/parsert/","name":"Julian Parsert"},{"id":280,"link":"/authors/paulson/","name":"Lawrence C. Paulson"},{"id":281,"link":"/authors/peltier/","name":"Nicolas Peltier"},{"id":282,"link":"/authors/peters/","name":"Kirstin Peters"},{"id":283,"link":"/authors/petrovic/","name":"Danijela Petrovic"},{"id":284,"link":"/authors/pierzchalski/","name":"Edward Pierzchalski"},{"id":285,"link":"/authors/platzer/","name":"André Platzer"},{"id":286,"link":"/authors/pollak/","name":"Florian Pollak"},{"id":287,"link":"/authors/popescu/","name":"Andrei Popescu"},{"id":288,"link":"/authors/porter/","name":"Benjamin Porter"},{"id":289,"link":"/authors/prathamesh/","name":"T.V.H. Prathamesh"},{"id":290,"link":"/authors/preoteasa/","name":"Viorel Preoteasa"},{"id":291,"link":"/authors/pusch/","name":"Cornelia Pusch"},{"id":292,"link":"/authors/rabe/","name":"Markus N. Rabe"},{"id":293,"link":"/authors/raedle/","name":"Jonas Rädle"},{"id":294,"link":"/authors/raska/","name":"Martin Raška"},{"id":295,"link":"/authors/raszyk/","name":"Martin Raszyk"},{"id":296,"link":"/authors/rau/","name":"Martin Rau"},{"id":297,"link":"/authors/rauch/","name":"Nicole Rauch"},{"id":298,"link":"/authors/raumer/","name":"Jakob von Raumer"},{"id":299,"link":"/authors/ravindran/","name":"Binoy Ravindran"},{"id":300,"link":"/authors/rawson/","name":"Michael Rawson"},{"id":301,"link":"/authors/raya/","name":"Rodrigo Raya"},{"id":302,"link":"/authors/regensburger/","name":"Franz Regensburger"},{"id":303,"link":"/authors/reiche/","name":"Sebastian Reiche"},{"id":304,"link":"/authors/reiter/","name":"Markus Reiter"},{"id":305,"link":"/authors/reynaud/","name":"Alban Reynaud"},{"id":306,"link":"/authors/ribeiro/","name":"Pedro Ribeiro"},{"id":307,"link":"/authors/richter/","name":"Stefan Richter"},{"id":308,"link":"/authors/rickmann/","name":"Christina Rickmann"},{"id":309,"link":"/authors/ridge/","name":"Tom Ridge"},{"id":310,"link":"/authors/rizaldi/","name":"Albert Rizaldi"},{"id":311,"link":"/authors/rizkallah/","name":"Christine Rizkallah"},{"id":312,"link":"/authors/robillard/","name":"Simon Robillard"},{"id":313,"link":"/authors/roessle/","name":"Ian Roessle"},{"id":314,"link":"/authors/romanos/","name":"Ralph Romanos"},{"id":315,"link":"/authors/rosskopf/","name":"Simon Roßkopf"},{"id":316,"link":"/authors/rowat/","name":"Colin Rowat"},{"id":317,"link":"/authors/sabouret/","name":"Nicolas Sabouret"},{"id":318,"link":"/authors/sachtleben/","name":"Robert Sachtleben"},{"id":319,"link":"/authors/saile/","name":"Christian Saile"},{"id":320,"link":"/authors/sanan/","name":"David Sanan"},{"id":321,"link":"/authors/sato/","name":"Tetsuya Sato"},{"id":322,"link":"/authors/sauer/","name":"Jens Sauer"},{"id":323,"link":"/authors/schaeffeler/","name":"Maximilian Schäffeler"},{"id":324,"link":"/authors/scharager/","name":"Matias Scharager"},{"id":325,"link":"/authors/schimpf/","name":"Alexander Schimpf"},{"id":326,"link":"/authors/schirmer/","name":"Norbert Schirmer"},{"id":327,"link":"/authors/schleicher/","name":"Dierk Schleicher"},{"id":328,"link":"/authors/schlichtkrull/","name":"Anders Schlichtkrull"},{"id":329,"link":"/authors/schmaltz/","name":"Julien Schmaltz"},{"id":330,"link":"/authors/schmidinger/","name":"Lukas Schmidinger"},{"id":331,"link":"/authors/schmoetten/","name":"Richard Schmoetten"},{"id":332,"link":"/authors/schneider/","name":"Joshua Schneider"},{"id":333,"link":"/authors/schoepe/","name":"Daniel Schoepe"},{"id":334,"link":"/authors/schoepf/","name":"Jonas Schöpf"},{"id":335,"link":"/authors/scott/","name":"Dana Scott"},{"id":336,"link":"/authors/sefidgar/","name":"S. Reza Sefidgar"},{"id":337,"link":"/authors/seidl/","name":"Benedikt Seidl"},{"id":338,"link":"/authors/seidler/","name":"Henning Seidler"},{"id":339,"link":"/authors/sewell/","name":"Thomas Sewell"},{"id":340,"link":"/authors/sickert/","name":"Salomon Sickert"},{"id":341,"link":"/authors/siek/","name":"Jeremy Siek"},{"id":342,"link":"/authors/simic/","name":"Danijela Simić"},{"id":343,"link":"/authors/sison/","name":"Robert Sison"},{"id":344,"link":"/authors/smaus/","name":"Jan-Georg Smaus"},{"id":345,"link":"/authors/smola/","name":"Filip Smola"},{"id":346,"link":"/authors/snelting/","name":"Gregor Snelting"},{"id":347,"link":"/authors/somaini/","name":"Ivano Somaini"},{"id":348,"link":"/authors/somogyi/","name":"Dániel Somogyi"},{"id":349,"link":"/authors/spasic/","name":"Mirko Spasić"},{"id":350,"link":"/authors/spichkova/","name":"Maria Spichkova"},{"id":351,"link":"/authors/sprenger/","name":"Christoph Sprenger"},{"id":352,"link":"/authors/stannett/","name":"Mike Stannett"},{"id":353,"link":"/authors/stark/","name":"Eugene W. Stark"},{"id":354,"link":"/authors/starosta/","name":"Štěpán Starosta"},{"id":355,"link":"/authors/steinberg/","name":"Matías Steinberg"},{"id":356,"link":"/authors/stephan/","name":"Werner Stephan"},{"id":357,"link":"/authors/sternagel/","name":"Christian Sternagel"},{"id":358,"link":"/authors/sternagelt/","name":"Thomas Sternagel"},{"id":359,"link":"/authors/stevens/","name":"Lukas Stevens"},{"id":360,"link":"/authors/stock/","name":"Benedikt Stock"},{"id":361,"link":"/authors/stricker/","name":"Christian Stricker"},{"id":362,"link":"/authors/strnisa/","name":"Rok Strniša"},{"id":363,"link":"/authors/struth/","name":"Georg Struth"},{"id":364,"link":"/authors/stueber/","name":"Anke Stüber"},{"id":365,"link":"/authors/stuewe/","name":"Daniel Stüwe"},{"id":366,"link":"/authors/sudbrock/","name":"Henning Sudbrock"},{"id":367,"link":"/authors/sudhof/","name":"Henry Sudhof"},{"id":368,"link":"/authors/sulejmani/","name":"Ujkan Sulejmani"},{"id":369,"link":"/authors/sylvestre/","name":"Jeremy Sylvestre"},{"id":370,"link":"/authors/taha/","name":"Safouan Taha"},{"id":371,"link":"/authors/tan/","name":"Yong Kiam Tan"},{"id":372,"link":"/authors/tasch/","name":"Markus Tasch"},{"id":373,"link":"/authors/taylor/","name":"Ramsay G. Taylor"},{"id":374,"link":"/authors/terraf/","name":"Pedro Sánchez Terraf"},{"id":375,"link":"/authors/thiemann/","name":"René Thiemann"},{"id":376,"link":"/authors/thommes/","name":"Joseph Thommes"},{"id":377,"link":"/authors/thomson/","name":"Fox Thomson"},{"id":378,"link":"/authors/tiu/","name":"Alwen Tiu"},{"id":379,"link":"/authors/toth/","name":"Balazs Toth"},{"id":380,"link":"/authors/tourret/","name":"Sophie Tourret"},{"id":381,"link":"/authors/trachtenherz/","name":"David Trachtenherz"},{"id":382,"link":"/authors/traut/","name":"Christoph Traut"},{"id":383,"link":"/authors/traytel/","name":"Dmitriy Traytel"},{"id":384,"link":"/authors/trelat/","name":"Vincent Trélat"},{"id":385,"link":"/authors/tuong/","name":"Frédéric Tuong"},{"id":386,"link":"/authors/tuongj/","name":"Joseph Tuong"},{"id":387,"link":"/authors/tverdyshev/","name":"Sergey Tverdyshev"},{"id":388,"link":"/authors/ullrich/","name":"Sebastian Ullrich"},{"id":389,"link":"/authors/unruh/","name":"Dominique Unruh"},{"id":390,"link":"/authors/urban/","name":"Christian Urban"},{"id":391,"link":"/authors/van/","name":"Hai Nguyen Van"},{"id":392,"link":"/authors/velykis/","name":"Andrius Velykis"},{"id":393,"link":"/authors/verbeek/","name":"Freek Verbeek"},{"id":394,"link":"/authors/villadsen/","name":"Jørgen Villadsen"},{"id":395,"link":"/authors/voisin/","name":"Frederic Voisin"},{"id":396,"link":"/authors/vytiniotis/","name":"Dimitrios Vytiniotis"},{"id":397,"link":"/authors/wagner/","name":"Max Wagner"},{"id":398,"link":"/authors/waldmann/","name":"Uwe Waldmann"},{"id":399,"link":"/authors/wand/","name":"Daniel Wand"},{"id":400,"link":"/authors/wang/","name":"Shuling Wang"},{"id":401,"link":"/authors/wassell/","name":"Mark Wassell"},{"id":402,"link":"/authors/wasserrab/","name":"Daniel Wasserrab"},{"id":403,"link":"/authors/watt/","name":"Conrad Watt"},{"id":404,"link":"/authors/weber/","name":"Tjark Weber"},{"id":405,"link":"/authors/weerwag/","name":"Timmy Weerwag"},{"id":406,"link":"/authors/weidner/","name":"Arno Wilhelm-Weidner"},{"id":407,"link":"/authors/wenzel/","name":"Makarius Wenzel"},{"id":408,"link":"/authors/wickerson/","name":"John Wickerson"},{"id":409,"link":"/authors/willenbrink/","name":"Sebastian Willenbrink"},{"id":410,"link":"/authors/wimmer/","name":"Simon Wimmer"},{"id":411,"link":"/authors/wirt/","name":"Kai Wirt"},{"id":412,"link":"/authors/wolff/","name":"Burkhart Wolff"},{"id":413,"link":"/authors/wu/","name":"Chunhan Wu"},{"id":414,"link":"/authors/xu/","name":"Jian Xu"},{"id":415,"link":"/authors/yamada/","name":"Akihisa Yamada"},{"id":416,"link":"/authors/ye/","name":"Lina Ye"},{"id":417,"link":"/authors/ying/","name":"Shenggang Ying"},{"id":418,"link":"/authors/yingm/","name":"Mingsheng Ying"},{"id":419,"link":"/authors/yu/","name":"Lei Yu"},{"id":420,"link":"/authors/zankl/","name":"Harald Zankl"},{"id":421,"link":"/authors/zee/","name":"Karen Zee"},{"id":422,"link":"/authors/zeller/","name":"Peter Zeller"},{"id":423,"link":"/authors/zeyda/","name":"Frank Zeyda"},{"id":424,"link":"/authors/zhan/","name":"Bohua Zhan"},{"id":425,"link":"/authors/zhang/","name":"Yu Zhang"},{"id":426,"link":"/authors/zhangx/","name":"Xingyuan Zhang"},{"id":427,"link":"/authors/zhann/","name":"Naijun Zhan"}]
\ No newline at end of file
+[{"id":0,"link":"/authors/abdulaziz/","name":"Mohammad Abdulaziz"},{"id":1,"link":"/authors/adelsberger/","name":"Stephan Adelsberger"},{"id":2,"link":"/authors/aehlig/","name":"Klaus Aehlig"},{"id":3,"link":"/authors/aissat/","name":"Romain Aissat"},{"id":4,"link":"/authors/amani/","name":"Sidney Amani"},{"id":5,"link":"/authors/ammer/","name":"Thomas Ammer"},{"id":6,"link":"/authors/andronick/","name":"June Andronick"},{"id":7,"link":"/authors/aransay/","name":"Jesús Aransay"},{"id":8,"link":"/authors/argyraki/","name":"Angeliki Koutsoukou-Argyraki"},{"id":9,"link":"/authors/armstrong/","name":"Alasdair Armstrong"},{"id":10,"link":"/authors/aspinall/","name":"David Aspinall"},{"id":11,"link":"/authors/ausaf/","name":"Fahad Ausaf"},{"id":12,"link":"/authors/avigad/","name":"Jeremy Avigad"},{"id":13,"link":"/authors/back/","name":"Ralph-Johan Back"},{"id":14,"link":"/authors/balbach/","name":"Frank J. Balbach"},{"id":15,"link":"/authors/ballarin/","name":"Clemens Ballarin"},{"id":16,"link":"/authors/barsotti/","name":"Damián Barsotti"},{"id":17,"link":"/authors/bauer/","name":"Gertrud Bauer"},{"id":18,"link":"/authors/bauereiss/","name":"Thomas Bauereiss"},{"id":19,"link":"/authors/bayer/","name":"Jonas Bayer"},{"id":20,"link":"/authors/becker/","name":"Heiko Becker"},{"id":21,"link":"/authors/beeren/","name":"Joel Beeren"},{"id":22,"link":"/authors/bella/","name":"Giampaolo Bella"},{"id":23,"link":"/authors/bengtson/","name":"Jesper Bengtson"},{"id":24,"link":"/authors/bentkamp/","name":"Alexander Bentkamp"},{"id":25,"link":"/authors/benzmueller/","name":"Christoph Benzmüller"},{"id":26,"link":"/authors/beresford/","name":"Alastair R. Beresford"},{"id":27,"link":"/authors/berghofer/","name":"Stefan Berghofer"},{"id":28,"link":"/authors/beringer/","name":"Lennart Beringer"},{"id":29,"link":"/authors/bharadwaj/","name":"Abhijith Bharadwaj"},{"id":30,"link":"/authors/bhatt/","name":"Bhargav Bhatt"},{"id":31,"link":"/authors/biendarra/","name":"Julian Biendarra"},{"id":32,"link":"/authors/bisping/","name":"Benjamin Bisping"},{"id":33,"link":"/authors/blanchette/","name":"Jasmin Christian Blanchette"},{"id":34,"link":"/authors/blasum/","name":"Holger Blasum"},{"id":35,"link":"/authors/blumson/","name":"Ben Blumson"},{"id":36,"link":"/authors/bockenek/","name":"Joshua Bockenek"},{"id":37,"link":"/authors/boehme/","name":"Sascha Böhme"},{"id":38,"link":"/authors/bohrer/","name":"Rose Bohrer"},{"id":39,"link":"/authors/bordg/","name":"Anthony Bordg"},{"id":40,"link":"/authors/borgstroem/","name":"Johannes Borgström"},{"id":41,"link":"/authors/bortin/","name":"Maksym Bortin"},{"id":42,"link":"/authors/bottesch/","name":"Ralph Bottesch"},{"id":43,"link":"/authors/boulanger/","name":"Frédéric Boulanger"},{"id":44,"link":"/authors/bourke/","name":"Timothy Bourke"},{"id":45,"link":"/authors/boutry/","name":"Pierre Boutry"},{"id":46,"link":"/authors/boyton/","name":"Andrew Boyton"},{"id":47,"link":"/authors/bracevac/","name":"Oliver Bračevac"},{"id":48,"link":"/authors/brandt/","name":"Felix Brandt"},{"id":49,"link":"/authors/breitner/","name":"Joachim Breitner"},{"id":50,"link":"/authors/brien/","name":"Nicolas Robinson-O'Brien"},{"id":51,"link":"/authors/brinkop/","name":"Hauke Brinkop"},{"id":52,"link":"/authors/brodmann/","name":"Paul-David Brodmann"},{"id":53,"link":"/authors/brucker/","name":"Achim D. Brucker"},{"id":54,"link":"/authors/bruegger/","name":"Lukas Brügger"},{"id":55,"link":"/authors/brun/","name":"Matthias Brun"},{"id":56,"link":"/authors/brunner/","name":"Julian Brunner"},{"id":57,"link":"/authors/bulwahn/","name":"Lukas Bulwahn"},{"id":58,"link":"/authors/butler/","name":"David Butler"},{"id":59,"link":"/authors/buyse/","name":"Maxime Buyse"},{"id":60,"link":"/authors/caballero/","name":"José Manuel Rodríguez Caballero"},{"id":61,"link":"/authors/caminati/","name":"Marco B. Caminati"},{"id":62,"link":"/authors/campo/","name":"Alejandro del Campo"},{"id":63,"link":"/authors/chapman/","name":"Peter Chapman"},{"id":64,"link":"/authors/chen/","name":"L. Chen"},{"id":65,"link":"/authors/clouston/","name":"Ranald Clouston"},{"id":66,"link":"/authors/cock/","name":"David Cock"},{"id":67,"link":"/authors/coghetto/","name":"Roland Coghetto"},{"id":68,"link":"/authors/coglio/","name":"Alessandro Coglio"},{"id":69,"link":"/authors/cohen/","name":"Ernie Cohen"},{"id":70,"link":"/authors/cordwell/","name":"Katherine Cordwell"},{"id":71,"link":"/authors/cousin/","name":"Marie Cousin"},{"id":72,"link":"/authors/cremer/","name":"Nils Cremer"},{"id":73,"link":"/authors/crighton/","name":"Aaron Crighton"},{"id":74,"link":"/authors/dardinier/","name":"Thibault Dardinier"},{"id":75,"link":"/authors/david/","name":"Marco David"},{"id":76,"link":"/authors/debrat/","name":"Henri Debrat"},{"id":77,"link":"/authors/decova/","name":"Sára Decova"},{"id":78,"link":"/authors/derrick/","name":"John Derrick"},{"id":79,"link":"/authors/desharnais/","name":"Martin Desharnais"},{"id":80,"link":"/authors/diaz/","name":"Javier Díaz"},{"id":81,"link":"/authors/diekmann/","name":"Cornelius Diekmann"},{"id":82,"link":"/authors/dirix/","name":"Stefan Dirix"},{"id":83,"link":"/authors/dittmann/","name":"Christoph Dittmann"},{"id":84,"link":"/authors/divason/","name":"Jose Divasón"},{"id":85,"link":"/authors/doczkal/","name":"Christian Doczkal"},{"id":86,"link":"/authors/dongol/","name":"Brijesh Dongol"},{"id":87,"link":"/authors/doty/","name":"Matthew Doty"},{"id":88,"link":"/authors/dubut/","name":"Jérémy Dubut"},{"id":89,"link":"/authors/dunaev/","name":"Georgy Dunaev"},{"id":90,"link":"/authors/dyckhoff/","name":"Roy Dyckhoff"},{"id":91,"link":"/authors/eberl/","name":"Manuel Eberl"},{"id":92,"link":"/authors/echenim/","name":"Mnacho Echenim"},{"id":93,"link":"/authors/edmonds/","name":"Chelsea Edmonds"},{"id":94,"link":"/authors/engelhardt/","name":"Kai Engelhardt"},{"id":95,"link":"/authors/eriksson/","name":"Lars-Henrik Eriksson"},{"id":96,"link":"/authors/esparza/","name":"Javier Esparza"},{"id":97,"link":"/authors/essmann/","name":"Robin Eßmann"},{"id":98,"link":"/authors/felgenhauer/","name":"Bertram Felgenhauer"},{"id":99,"link":"/authors/feliachi/","name":"Abderrahmane Feliachi"},{"id":100,"link":"/authors/fell/","name":"Julian Fell"},{"id":101,"link":"/authors/fernandez/","name":"Matthew Fernandez"},{"id":102,"link":"/authors/fiedler/","name":"Ben Fiedler"},{"id":103,"link":"/authors/fleuriot/","name":"Jacques D. Fleuriot"},{"id":104,"link":"/authors/fleury/","name":"Mathias Fleury"},{"id":105,"link":"/authors/foster/","name":"Michael Foster"},{"id":106,"link":"/authors/fosterj/","name":"J. Nathan Foster"},{"id":107,"link":"/authors/fosters/","name":"Simon Foster"},{"id":108,"link":"/authors/fouillard/","name":"Valentin Fouillard"},{"id":109,"link":"/authors/friedrich/","name":"Stefan Friedrich"},{"id":110,"link":"/authors/from/","name":"Asta Halkjær From"},{"id":111,"link":"/authors/fuenmayor/","name":"David Fuenmayor"},{"id":112,"link":"/authors/furusawa/","name":"Hitoshi Furusawa"},{"id":113,"link":"/authors/gammie/","name":"Peter Gammie"},{"id":114,"link":"/authors/gao/","name":"Xin Gao"},{"id":115,"link":"/authors/gaudel/","name":"Marie-Claude Gaudel"},{"id":116,"link":"/authors/gay/","name":"Richard Gay"},{"id":117,"link":"/authors/georgescu/","name":"George Georgescu"},{"id":118,"link":"/authors/gheri/","name":"Lorenzo Gheri"},{"id":119,"link":"/authors/ghourabi/","name":"Fadoua Ghourabi"},{"id":120,"link":"/authors/gioiosa/","name":"Gianpaolo Gioiosa"},{"id":121,"link":"/authors/glabbeek/","name":"Rob van Glabbeek"},{"id":122,"link":"/authors/gomes/","name":"Victor B. F. Gomes"},{"id":123,"link":"/authors/gonzalez/","name":"Edgar Gonzàlez"},{"id":124,"link":"/authors/gore/","name":"Rajeev Gore"},{"id":125,"link":"/authors/gouezel/","name":"Sebastien Gouezel"},{"id":126,"link":"/authors/grechuk/","name":"Bogdan Grechuk"},{"id":127,"link":"/authors/grewe/","name":"Sylvia Grewe"},{"id":128,"link":"/authors/griebel/","name":"Simon Griebel"},{"id":129,"link":"/authors/grov/","name":"Gudmund Grov"},{"id":130,"link":"/authors/guerraoui/","name":"Rachid Guerraoui"},{"id":131,"link":"/authors/guiol/","name":"Hervé Guiol"},{"id":132,"link":"/authors/gunther/","name":"Emmanuel Gunther"},{"id":133,"link":"/authors/gutkovas/","name":"Ramunas Gutkovas"},{"id":134,"link":"/authors/guttmann/","name":"Walter Guttmann"},{"id":135,"link":"/authors/guzman/","name":"Laura P. Gamboa Guzman"},{"id":136,"link":"/authors/haftmann/","name":"Florian Haftmann"},{"id":137,"link":"/authors/haslbeck/","name":"Max W. Haslbeck"},{"id":138,"link":"/authors/haslbeckm/","name":"Maximilian P. L. Haslbeck"},{"id":139,"link":"/authors/havle/","name":"Oto Havle"},{"id":140,"link":"/authors/hayes/","name":"Ian J. Hayes"},{"id":141,"link":"/authors/he/","name":"Yijun He"},{"id":142,"link":"/authors/heimes/","name":"Lukas Heimes"},{"id":143,"link":"/authors/helke/","name":"Steffen Helke"},{"id":144,"link":"/authors/hellauer/","name":"Fabian Hellauer"},{"id":145,"link":"/authors/heller/","name":"Armin Heller"},{"id":146,"link":"/authors/henrio/","name":"Ludovic Henrio"},{"id":147,"link":"/authors/herzberg/","name":"Michael Herzberg"},{"id":148,"link":"/authors/hess/","name":"Andreas V. Hess"},{"id":149,"link":"/authors/hetzl/","name":"Stefan Hetzl"},{"id":150,"link":"/authors/hibon/","name":"Quentin Hibon"},{"id":151,"link":"/authors/hirata/","name":"Michikazu Hirata"},{"id":152,"link":"/authors/hoefner/","name":"Peter Höfner"},{"id":153,"link":"/authors/hoelzl/","name":"Johannes Hölzl"},{"id":154,"link":"/authors/hofmann/","name":"Martin Hofmann"},{"id":155,"link":"/authors/holub/","name":"Štěpán Holub"},{"id":156,"link":"/authors/hosking/","name":"Tony Hosking"},{"id":157,"link":"/authors/hou/","name":"Zhe Hou"},{"id":158,"link":"/authors/hu/","name":"Shuwei Hu"},{"id":159,"link":"/authors/huffman/","name":"Brian Huffman"},{"id":160,"link":"/authors/hupel/","name":"Lars Hupel"},{"id":161,"link":"/authors/ijbema/","name":"Mark Ijbema"},{"id":162,"link":"/authors/immler/","name":"Fabian Immler"},{"id":163,"link":"/authors/ito/","name":"Yosuke Ito"},{"id":164,"link":"/authors/iwama/","name":"Fumiya Iwama"},{"id":165,"link":"/authors/jacobsen/","name":"Frederik Krogsdal Jacobsen"},{"id":166,"link":"/authors/jaskelioff/","name":"Mauro Jaskelioff"},{"id":167,"link":"/authors/jaskolka/","name":"Jason Jaskolka"},{"id":168,"link":"/authors/jensen/","name":"Alexander Birch Jensen"},{"id":169,"link":"/authors/jiang/","name":"Nan Jiang"},{"id":170,"link":"/authors/jiangd/","name":"Dongchen Jiang"},{"id":171,"link":"/authors/joosten/","name":"Sebastiaan J. C. Joosten"},{"id":172,"link":"/authors/jungnickel/","name":"Tim Jungnickel"},{"id":173,"link":"/authors/kadzioka/","name":"Maya Kądziołka"},{"id":174,"link":"/authors/kaliszyk/","name":"Cezary Kaliszyk"},{"id":175,"link":"/authors/kammueller/","name":"Florian Kammüller"},{"id":176,"link":"/authors/kappelmann/","name":"Kevin Kappelmann"},{"id":177,"link":"/authors/karayel/","name":"Emin Karayel"},{"id":178,"link":"/authors/kastermans/","name":"Bart Kastermans"},{"id":179,"link":"/authors/katovsky/","name":"Alexander Katovsky"},{"id":180,"link":"/authors/kaufmann/","name":"Daniela Kaufmann"},{"id":181,"link":"/authors/keefe/","name":"Greg O'Keefe"},{"id":182,"link":"/authors/keinholz/","name":"Jonas Keinholz"},{"id":183,"link":"/authors/kerber/","name":"Manfred Kerber"},{"id":184,"link":"/authors/ketland/","name":"Jeffrey Ketland"},{"id":185,"link":"/authors/kirchner/","name":"Daniel Kirchner"},{"id":186,"link":"/authors/klein/","name":"Gerwin Klein"},{"id":187,"link":"/authors/klenze/","name":"Tobias Klenze"},{"id":188,"link":"/authors/kleppmann/","name":"Martin Kleppmann"},{"id":189,"link":"/authors/kobayashi/","name":"Hidetsune Kobayashi"},{"id":190,"link":"/authors/koerner/","name":"Stefan Körner"},{"id":191,"link":"/authors/kolanski/","name":"Rafal Kolanski"},{"id":192,"link":"/authors/koller/","name":"Lukas Koller"},{"id":193,"link":"/authors/krauss/","name":"Alexander Krauss"},{"id":194,"link":"/authors/kreuzer/","name":"Katharina Kreuzer"},{"id":195,"link":"/authors/kuncak/","name":"Viktor Kuncak"},{"id":196,"link":"/authors/kuncar/","name":"Ondřej Kunčar"},{"id":197,"link":"/authors/kurz/","name":"Friedrich Kurz"},{"id":198,"link":"/authors/lachnitt/","name":"Hanna Lachnitt"},{"id":199,"link":"/authors/lallemand/","name":"Joseph Lallemand"},{"id":200,"link":"/authors/lammich/","name":"Peter Lammich"},{"id":201,"link":"/authors/lange/","name":"Christoph Lange"},{"id":202,"link":"/authors/langenstein/","name":"Bruno Langenstein"},{"id":203,"link":"/authors/lattuada/","name":"Andrea Lattuada"},{"id":204,"link":"/authors/lee/","name":"Holden Lee"},{"id":205,"link":"/authors/leustean/","name":"Laurentiu Leustean"},{"id":206,"link":"/authors/lewis/","name":"Corey Lewis"},{"id":207,"link":"/authors/li/","name":"Wenda Li"},{"id":208,"link":"/authors/lim/","name":"Japheth Lim"},{"id":209,"link":"/authors/lindenberg/","name":"Christina Lindenberg"},{"id":210,"link":"/authors/linker/","name":"Sven Linker"},{"id":211,"link":"/authors/liu/","name":"Junyi Liu"},{"id":212,"link":"/authors/liut/","name":"Tao Liu"},{"id":213,"link":"/authors/liuy/","name":"Yang Liu"},{"id":214,"link":"/authors/liy/","name":"Yangjia Li"},{"id":215,"link":"/authors/lochbihler/","name":"Andreas Lochbihler"},{"id":216,"link":"/authors/lochmann/","name":"Alexander Lochmann"},{"id":217,"link":"/authors/lohner/","name":"Denis Lohner"},{"id":218,"link":"/authors/loibl/","name":"Matthias Loibl"},{"id":219,"link":"/authors/londono/","name":"Alejandro Gómez-Londoño"},{"id":220,"link":"/authors/losa/","name":"Giuliano Losa"},{"id":221,"link":"/authors/lutz/","name":"Bianca Lutz"},{"id":222,"link":"/authors/lux/","name":"Alexander Lux"},{"id":223,"link":"/authors/makarios/","name":"T. J. M. Makarios"},{"id":224,"link":"/authors/maletzky/","name":"Alexander Maletzky"},{"id":225,"link":"/authors/mansky/","name":"Susannah Mansky"},{"id":226,"link":"/authors/mantel/","name":"Heiko Mantel"},{"id":227,"link":"/authors/margetson/","name":"James Margetson"},{"id":228,"link":"/authors/maric/","name":"Ognjen Marić"},{"id":229,"link":"/authors/maricf/","name":"Filip Marić"},{"id":230,"link":"/authors/marmsoler/","name":"Diego Marmsoler"},{"id":231,"link":"/authors/matache/","name":"Cristina Matache"},{"id":232,"link":"/authors/matichuk/","name":"Daniel Matichuk"},{"id":233,"link":"/authors/matiyasevich/","name":"Yuri Matiyasevich"},{"id":234,"link":"/authors/maximova/","name":"Alexandra Maximova"},{"id":235,"link":"/authors/meis/","name":"Rene Meis"},{"id":236,"link":"/authors/merz/","name":"Stephan Merz"},{"id":237,"link":"/authors/messner/","name":"Florian Messner"},{"id":238,"link":"/authors/michaelis/","name":"Julius Michaelis"},{"id":239,"link":"/authors/milehins/","name":"Mihails Milehins"},{"id":240,"link":"/authors/minamide/","name":"Yasuhiko Minamide"},{"id":241,"link":"/authors/mitchell/","name":"Neil Mitchell"},{"id":242,"link":"/authors/mitsch/","name":"Stefan Mitsch"},{"id":243,"link":"/authors/moedersheim/","name":"Sebastian Mödersheim"},{"id":244,"link":"/authors/moeller/","name":"Bernhard Möller"},{"id":245,"link":"/authors/muendler/","name":"Niels Mündler"},{"id":246,"link":"/authors/mulligan/","name":"Dominic P. Mulligan"},{"id":247,"link":"/authors/munive/","name":"Jonathan Julian Huerta y Munive"},{"id":248,"link":"/authors/murao/","name":"H. Murao"},{"id":249,"link":"/authors/murray/","name":"Toby Murray"},{"id":250,"link":"/authors/nagashima/","name":"Yutaka Nagashima"},{"id":251,"link":"/authors/nagele/","name":"Julian Nagele"},{"id":252,"link":"/authors/naraschewski/","name":"Wolfgang Naraschewski"},{"id":253,"link":"/authors/nedzelsky/","name":"Michael Nedzelsky"},{"id":254,"link":"/authors/nemeti/","name":"István Németi"},{"id":255,"link":"/authors/nemouchi/","name":"Yakoub Nemouchi"},{"id":256,"link":"/authors/nestmann/","name":"Uwe Nestmann"},{"id":257,"link":"/authors/neumann/","name":"René Neumann"},{"id":258,"link":"/authors/nielsen/","name":"Finn Nielsen"},{"id":259,"link":"/authors/nikiforov/","name":"Denis Nikiforov"},{"id":260,"link":"/authors/nipkow/","name":"Tobias Nipkow"},{"id":261,"link":"/authors/nishihara/","name":"Toshiaki Nishihara"},{"id":262,"link":"/authors/noce/","name":"Pasquale Noce"},{"id":263,"link":"/authors/nordhoff/","name":"Benedikt Nordhoff"},{"id":264,"link":"/authors/noschinski/","name":"Lars Noschinski"},{"id":265,"link":"/authors/obua/","name":"Steven Obua"},{"id":266,"link":"/authors/ogawa/","name":"Mizuhito Ogawa"},{"id":267,"link":"/authors/oldenburg/","name":"Lennart Oldenburg"},{"id":268,"link":"/authors/olm/","name":"Markus Müller-Olm"},{"id":269,"link":"/authors/oosterhuis/","name":"Roelof Oosterhuis"},{"id":270,"link":"/authors/oostrom/","name":"Vincent van Oostrom"},{"id":271,"link":"/authors/ortner/","name":"Veronika Ortner"},{"id":272,"link":"/authors/overbeek/","name":"Roy Overbeek"},{"id":273,"link":"/authors/pagano/","name":"Miguel Pagano"},{"id":274,"link":"/authors/pal/","name":"Abhik Pal"},{"id":275,"link":"/authors/paleo/","name":"Bruno Woltzenlogel Paleo"},{"id":276,"link":"/authors/palmer/","name":"Jake Palmer"},{"id":277,"link":"/authors/parkinson/","name":"Matthew Parkinson"},{"id":278,"link":"/authors/parrow/","name":"Joachim Parrow"},{"id":279,"link":"/authors/parsert/","name":"Julian Parsert"},{"id":280,"link":"/authors/paulson/","name":"Lawrence C. Paulson"},{"id":281,"link":"/authors/peltier/","name":"Nicolas Peltier"},{"id":282,"link":"/authors/peters/","name":"Kirstin Peters"},{"id":283,"link":"/authors/petrovic/","name":"Danijela Petrovic"},{"id":284,"link":"/authors/pierzchalski/","name":"Edward Pierzchalski"},{"id":285,"link":"/authors/platzer/","name":"André Platzer"},{"id":286,"link":"/authors/pollak/","name":"Florian Pollak"},{"id":287,"link":"/authors/popescu/","name":"Andrei Popescu"},{"id":288,"link":"/authors/porter/","name":"Benjamin Porter"},{"id":289,"link":"/authors/prathamesh/","name":"T.V.H. Prathamesh"},{"id":290,"link":"/authors/preoteasa/","name":"Viorel Preoteasa"},{"id":291,"link":"/authors/pusch/","name":"Cornelia Pusch"},{"id":292,"link":"/authors/rabe/","name":"Markus N. Rabe"},{"id":293,"link":"/authors/raedle/","name":"Jonas Rädle"},{"id":294,"link":"/authors/raska/","name":"Martin Raška"},{"id":295,"link":"/authors/raszyk/","name":"Martin Raszyk"},{"id":296,"link":"/authors/rau/","name":"Martin Rau"},{"id":297,"link":"/authors/rauch/","name":"Nicole Rauch"},{"id":298,"link":"/authors/raumer/","name":"Jakob von Raumer"},{"id":299,"link":"/authors/ravindran/","name":"Binoy Ravindran"},{"id":300,"link":"/authors/rawson/","name":"Michael Rawson"},{"id":301,"link":"/authors/raya/","name":"Rodrigo Raya"},{"id":302,"link":"/authors/regensburger/","name":"Franz Regensburger"},{"id":303,"link":"/authors/reiche/","name":"Sebastian Reiche"},{"id":304,"link":"/authors/reiter/","name":"Markus Reiter"},{"id":305,"link":"/authors/reynaud/","name":"Alban Reynaud"},{"id":306,"link":"/authors/ribeiro/","name":"Pedro Ribeiro"},{"id":307,"link":"/authors/richter/","name":"Stefan Richter"},{"id":308,"link":"/authors/rickmann/","name":"Christina Rickmann"},{"id":309,"link":"/authors/ridge/","name":"Tom Ridge"},{"id":310,"link":"/authors/rizaldi/","name":"Albert Rizaldi"},{"id":311,"link":"/authors/rizkallah/","name":"Christine Rizkallah"},{"id":312,"link":"/authors/robillard/","name":"Simon Robillard"},{"id":313,"link":"/authors/roessle/","name":"Ian Roessle"},{"id":314,"link":"/authors/romanos/","name":"Ralph Romanos"},{"id":315,"link":"/authors/rosskopf/","name":"Simon Roßkopf"},{"id":316,"link":"/authors/rowat/","name":"Colin Rowat"},{"id":317,"link":"/authors/sabouret/","name":"Nicolas Sabouret"},{"id":318,"link":"/authors/sachtleben/","name":"Robert Sachtleben"},{"id":319,"link":"/authors/saile/","name":"Christian Saile"},{"id":320,"link":"/authors/sanan/","name":"David Sanan"},{"id":321,"link":"/authors/sato/","name":"Tetsuya Sato"},{"id":322,"link":"/authors/sauer/","name":"Jens Sauer"},{"id":323,"link":"/authors/schaeffeler/","name":"Maximilian Schäffeler"},{"id":324,"link":"/authors/scharager/","name":"Matias Scharager"},{"id":325,"link":"/authors/schimpf/","name":"Alexander Schimpf"},{"id":326,"link":"/authors/schirmer/","name":"Norbert Schirmer"},{"id":327,"link":"/authors/schleicher/","name":"Dierk Schleicher"},{"id":328,"link":"/authors/schlichtkrull/","name":"Anders Schlichtkrull"},{"id":329,"link":"/authors/schmaltz/","name":"Julien Schmaltz"},{"id":330,"link":"/authors/schmidinger/","name":"Lukas Schmidinger"},{"id":331,"link":"/authors/schmoetten/","name":"Richard Schmoetten"},{"id":332,"link":"/authors/schneider/","name":"Joshua Schneider"},{"id":333,"link":"/authors/schoepe/","name":"Daniel Schoepe"},{"id":334,"link":"/authors/schoepf/","name":"Jonas Schöpf"},{"id":335,"link":"/authors/scott/","name":"Dana Scott"},{"id":336,"link":"/authors/sefidgar/","name":"S. Reza Sefidgar"},{"id":337,"link":"/authors/seidl/","name":"Benedikt Seidl"},{"id":338,"link":"/authors/seidler/","name":"Henning Seidler"},{"id":339,"link":"/authors/sewell/","name":"Thomas Sewell"},{"id":340,"link":"/authors/sickert/","name":"Salomon Sickert"},{"id":341,"link":"/authors/siek/","name":"Jeremy Siek"},{"id":342,"link":"/authors/simic/","name":"Danijela Simić"},{"id":343,"link":"/authors/sison/","name":"Robert Sison"},{"id":344,"link":"/authors/smaus/","name":"Jan-Georg Smaus"},{"id":345,"link":"/authors/smola/","name":"Filip Smola"},{"id":346,"link":"/authors/snelting/","name":"Gregor Snelting"},{"id":347,"link":"/authors/somaini/","name":"Ivano Somaini"},{"id":348,"link":"/authors/somogyi/","name":"Dániel Somogyi"},{"id":349,"link":"/authors/spasic/","name":"Mirko Spasić"},{"id":350,"link":"/authors/spichkova/","name":"Maria Spichkova"},{"id":351,"link":"/authors/sprenger/","name":"Christoph Sprenger"},{"id":352,"link":"/authors/stannett/","name":"Mike Stannett"},{"id":353,"link":"/authors/stark/","name":"Eugene W. Stark"},{"id":354,"link":"/authors/starosta/","name":"Štěpán Starosta"},{"id":355,"link":"/authors/steinberg/","name":"Matías Steinberg"},{"id":356,"link":"/authors/stephan/","name":"Werner Stephan"},{"id":357,"link":"/authors/sternagel/","name":"Christian Sternagel"},{"id":358,"link":"/authors/sternagelt/","name":"Thomas Sternagel"},{"id":359,"link":"/authors/stevens/","name":"Lukas Stevens"},{"id":360,"link":"/authors/stock/","name":"Benedikt Stock"},{"id":361,"link":"/authors/stoeckl/","name":"Bernhard Stöckl"},{"id":362,"link":"/authors/stricker/","name":"Christian Stricker"},{"id":363,"link":"/authors/strnisa/","name":"Rok Strniša"},{"id":364,"link":"/authors/struth/","name":"Georg Struth"},{"id":365,"link":"/authors/stueber/","name":"Anke Stüber"},{"id":366,"link":"/authors/stuewe/","name":"Daniel Stüwe"},{"id":367,"link":"/authors/sudbrock/","name":"Henning Sudbrock"},{"id":368,"link":"/authors/sudhof/","name":"Henry Sudhof"},{"id":369,"link":"/authors/sulejmani/","name":"Ujkan Sulejmani"},{"id":370,"link":"/authors/sylvestre/","name":"Jeremy Sylvestre"},{"id":371,"link":"/authors/taha/","name":"Safouan Taha"},{"id":372,"link":"/authors/tan/","name":"Yong Kiam Tan"},{"id":373,"link":"/authors/tasch/","name":"Markus Tasch"},{"id":374,"link":"/authors/taylor/","name":"Ramsay G. Taylor"},{"id":375,"link":"/authors/terraf/","name":"Pedro Sánchez Terraf"},{"id":376,"link":"/authors/thiemann/","name":"René Thiemann"},{"id":377,"link":"/authors/thommes/","name":"Joseph Thommes"},{"id":378,"link":"/authors/thomson/","name":"Fox Thomson"},{"id":379,"link":"/authors/tiu/","name":"Alwen Tiu"},{"id":380,"link":"/authors/toth/","name":"Balazs Toth"},{"id":381,"link":"/authors/tourret/","name":"Sophie Tourret"},{"id":382,"link":"/authors/trachtenherz/","name":"David Trachtenherz"},{"id":383,"link":"/authors/traut/","name":"Christoph Traut"},{"id":384,"link":"/authors/traytel/","name":"Dmitriy Traytel"},{"id":385,"link":"/authors/trelat/","name":"Vincent Trélat"},{"id":386,"link":"/authors/tuong/","name":"Frédéric Tuong"},{"id":387,"link":"/authors/tuongj/","name":"Joseph Tuong"},{"id":388,"link":"/authors/tverdyshev/","name":"Sergey Tverdyshev"},{"id":389,"link":"/authors/ullrich/","name":"Sebastian Ullrich"},{"id":390,"link":"/authors/unruh/","name":"Dominique Unruh"},{"id":391,"link":"/authors/urban/","name":"Christian Urban"},{"id":392,"link":"/authors/van/","name":"Hai Nguyen Van"},{"id":393,"link":"/authors/velykis/","name":"Andrius Velykis"},{"id":394,"link":"/authors/verbeek/","name":"Freek Verbeek"},{"id":395,"link":"/authors/villadsen/","name":"Jørgen Villadsen"},{"id":396,"link":"/authors/voisin/","name":"Frederic Voisin"},{"id":397,"link":"/authors/vytiniotis/","name":"Dimitrios Vytiniotis"},{"id":398,"link":"/authors/wagner/","name":"Max Wagner"},{"id":399,"link":"/authors/waldmann/","name":"Uwe Waldmann"},{"id":400,"link":"/authors/wand/","name":"Daniel Wand"},{"id":401,"link":"/authors/wang/","name":"Shuling Wang"},{"id":402,"link":"/authors/wassell/","name":"Mark Wassell"},{"id":403,"link":"/authors/wasserrab/","name":"Daniel Wasserrab"},{"id":404,"link":"/authors/watt/","name":"Conrad Watt"},{"id":405,"link":"/authors/weber/","name":"Tjark Weber"},{"id":406,"link":"/authors/weerwag/","name":"Timmy Weerwag"},{"id":407,"link":"/authors/weidner/","name":"Arno Wilhelm-Weidner"},{"id":408,"link":"/authors/wenzel/","name":"Makarius Wenzel"},{"id":409,"link":"/authors/wickerson/","name":"John Wickerson"},{"id":410,"link":"/authors/willenbrink/","name":"Sebastian Willenbrink"},{"id":411,"link":"/authors/wimmer/","name":"Simon Wimmer"},{"id":412,"link":"/authors/wirt/","name":"Kai Wirt"},{"id":413,"link":"/authors/wolff/","name":"Burkhart Wolff"},{"id":414,"link":"/authors/wu/","name":"Chunhan Wu"},{"id":415,"link":"/authors/xu/","name":"Jian Xu"},{"id":416,"link":"/authors/yamada/","name":"Akihisa Yamada"},{"id":417,"link":"/authors/ye/","name":"Lina Ye"},{"id":418,"link":"/authors/ying/","name":"Shenggang Ying"},{"id":419,"link":"/authors/yingm/","name":"Mingsheng Ying"},{"id":420,"link":"/authors/yu/","name":"Lei Yu"},{"id":421,"link":"/authors/zankl/","name":"Harald Zankl"},{"id":422,"link":"/authors/zee/","name":"Karen Zee"},{"id":423,"link":"/authors/zeller/","name":"Peter Zeller"},{"id":424,"link":"/authors/zeyda/","name":"Frank Zeyda"},{"id":425,"link":"/authors/zhan/","name":"Bohua Zhan"},{"id":426,"link":"/authors/zhang/","name":"Yu Zhang"},{"id":427,"link":"/authors/zhangx/","name":"Xingyuan Zhang"},{"id":428,"link":"/authors/zhann/","name":"Naijun Zhan"}]
\ No newline at end of file
diff --git a/web/authors/stevens/index.html b/web/authors/stevens/index.html
--- a/web/authors/stevens/index.html
+++ b/web/authors/stevens/index.html
@@ -1,99 +1,108 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Lukas Stevens- Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../authors/stevens/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="stevens" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/authors/stevens/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="stevens"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../search"><img src="../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../"><li >Home</li></a>
<a href="../../topics/"><li >Topics</li></a>
<a href="../../download/"><li >Download</li></a>
<a href="../../help/"><li >Help</li></a>
<a href="../../submission/"><li >Submission</li></a>
<a href="../../statistics/"><li >Statistics</li></a>
<a href="../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>L</span>ukas <span class='first'>S</span>tevens</h1>
<div>
</div>
</header><div>
<h2>Homepages 🌐</h2>
<ul><li><a href="https://www21.in.tum.de/team/stevensl">https://www21.in.tum.de/team/stevensl</a></li></ul>
-<h2>Entries</h2><h3 class="head">2019</h3><article class="entry">
+<h2>Entries</h2><h3 class="head">2022</h3><article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../entries/Query_Optimization.html">Verification of Query Optimization Algorithms</a></h5> <br>by <a href="../../authors/stevens">Lukas Stevens</a> <a href="https://www21.in.tum.de/team/stevensl">🌐</a> and <a href="../../authors/stoeckl">Bernhard Stöckl</a> <a class="obfuscated" data="eyJob3N0IjpbImluIiwidHVtIiwiZGUiXSwidXNlciI6WyJzdG9lY2tsIl19">📧</a></div>
+ <span class="date">
+ Oct 04
+ </span>
+</article>
+
+
+<h3 class="head">2019</h3><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Szpilrajn.html">Order Extension and Szpilrajn&#39;s Extension Theorem</a></h5> <br>by <a href="../../authors/zeller">Peter Zeller</a> <a class="obfuscated" data="eyJob3N0IjpbImNzIiwidW5pLWtsIiwiZGUiXSwidXNlciI6WyJwX3plbGxlciJdfQ==">📧</a> and <a href="../../authors/stevens">Lukas Stevens</a> <a href="https://www21.in.tum.de/team/stevensl">🌐</a></div>
<span class="date">
Jul 27
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/authors/stevens/index.xml b/web/authors/stevens/index.xml
--- a/web/authors/stevens/index.xml
+++ b/web/authors/stevens/index.xml
@@ -1,20 +1,29 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>stevens on Archive of Formal Proofs</title>
<link>/authors/stevens/</link>
<description>Recent content in stevens on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Sat, 27 Jul 2019 00:00:00 +0000</lastBuildDate><atom:link href="/authors/stevens/index.xml" rel="self" type="application/rss+xml" />
+ <lastBuildDate>Tue, 04 Oct 2022 00:00:00 +0000</lastBuildDate><atom:link href="/authors/stevens/index.xml" rel="self" type="application/rss+xml" />
+ <item>
+ <title>Verification of Query Optimization Algorithms</title>
+ <link>/entries/Query_Optimization.html</link>
+ <pubDate>Tue, 04 Oct 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Query_Optimization.html</guid>
+ <description></description>
+ </item>
+
<item>
<title>Order Extension and Szpilrajn&#39;s Extension Theorem</title>
<link>/entries/Szpilrajn.html</link>
<pubDate>Sat, 27 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/Szpilrajn.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/authors/stoeckl/index.html b/web/authors/stoeckl/index.html
new file mode 100644
--- /dev/null
+++ b/web/authors/stoeckl/index.html
@@ -0,0 +1,99 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1"><title>Bernhard Stöckl- Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../authors/stoeckl/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="stoeckl" />
+<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
+<meta property="og:type" content="website" />
+<meta property="og:url" content="/authors/stoeckl/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
+
+<meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="stoeckl"/>
+<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
+
+
+ <link rel="stylesheet" type="text/css" href="../../css/front.min.css">
+
+ <link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
+ <script src="../../js/flexsearch.bundle.js"></script>
+ <script src="../../js/scroll-spy.js"></script>
+ <script src="../../js/theory.js"></script>
+ <script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
+</head>
+
+
+<body class='mathjax_ignore '>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+
+ <a href="../../search"><img src="../../images/search.svg" alt="Search" /></a>
+ <nav id="menu">
+ <div>
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+ <ul>
+ <a href="../../"><li >Home</li></a>
+ <a href="../../topics/"><li >Topics</li></a>
+ <a href="../../download/"><li >Download</li></a>
+ <a href="../../help/"><li >Help</li></a>
+ <a href="../../submission/"><li >Submission</li></a>
+ <a href="../../statistics/"><li >Statistics</li></a>
+ <a href="../../about/"><li >About</li></a>
+ </ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+
+ <div
+ class='content '><header>
+ <form autocomplete="off" action="../../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1 >
+ <span class='first'>B</span>ernhard <span class='first'>S</span>töckl</h1>
+ <div>
+
+
+
+ </div>
+</header><div>
+
+<h2>E-Mails 📧</h2>
+<ul><li><a class="obfuscated" data="eyJob3N0IjpbImluIiwidHVtIiwiZGUiXSwidXNlciI6WyJzdG9lY2tsIl19"><span class="rev">ed</span>.<span class="rev">mut</span>.<span class="rev">ni</span>@<span class="rev">lkceots</span></a></li></ul>
+
+
+<h2>Entries</h2><h3 class="head">2022</h3><article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../entries/Query_Optimization.html">Verification of Query Optimization Algorithms</a></h5> <br>by <a href="../../authors/stevens">Lukas Stevens</a> <a href="https://www21.in.tum.de/team/stevensl">🌐</a> and <a href="../../authors/stoeckl">Bernhard Stöckl</a> <a class="obfuscated" data="eyJob3N0IjpbImluIiwidHVtIiwiZGUiXSwidXNlciI6WyJzdG9lY2tsIl19">📧</a></div>
+ <span class="date">
+ Oct 04
+ </span>
+</article>
+
+
+
+
+ </div>
+ </div>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/web/authors/stoeckl/index.xml b/web/authors/stoeckl/index.xml
new file mode 100644
--- /dev/null
+++ b/web/authors/stoeckl/index.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8" standalone="yes"?>
+<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
+ <channel>
+ <title>stoeckl on Archive of Formal Proofs</title>
+ <link>/authors/stoeckl/</link>
+ <description>Recent content in stoeckl on Archive of Formal Proofs</description>
+ <generator>Hugo -- gohugo.io</generator>
+ <language>en-gb</language>
+ <lastBuildDate>Tue, 04 Oct 2022 00:00:00 +0000</lastBuildDate><atom:link href="/authors/stoeckl/index.xml" rel="self" type="application/rss+xml" />
+ <item>
+ <title>Verification of Query Optimization Algorithms</title>
+ <link>/entries/Query_Optimization.html</link>
+ <pubDate>Tue, 04 Oct 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Query_Optimization.html</guid>
+ <description></description>
+ </item>
+
+ </channel>
+</rss>
diff --git a/web/data/keywords.json b/web/data/keywords.json
--- a/web/data/keywords.json
+++ b/web/data/keywords.json
@@ -1,11320 +1,11330 @@
[{"id": 0,
"keyword": "declarative first-order prover"},
{"id": 1,
"keyword": "fusc function"},
{"id": 2,
"keyword": "node labeled 1"},
{"id": 3,
"keyword": "arbitrary user"},
{"id": 4,
"keyword": "abstract automata types"},
{"id": 5,
"keyword": "girth chromatic entry"},
{"id": 6,
"keyword": "enabled transitions"},
{"id": 7,
"keyword": "ground tree transducers"},
{"id": 8,
"keyword": "homogeneous linear diophantine equations"},
{"id": 9,
"keyword": "canonical matrix form"},
{"id": 10,
"keyword": "computation models"},
{"id": 11,
"keyword": "primes"},
{"id": 12,
"keyword": "underlying decision procedure"},
{"id": 13,
"keyword": "alpha"},
{"id": 14,
"keyword": "stanford encyclopedia"},
{"id": 15,
"keyword": "macaulay matrices"},
{"id": 16,
"keyword": "excluding point sequences"},
{"id": 17,
"keyword": "combinatorial argument"},
{"id": 18,
"keyword": "basic geometric properties"},
{"id": 19,
"keyword": "hash functions"},
{"id": 20,
"keyword": "randomised binary search trees"},
{"id": 21,
"keyword": "markov decision processes"},
{"id": 22,
"keyword": "itp-2015 peter lammich"},
{"id": 23,
"keyword": "word equations"},
{"id": 24,
"keyword": "special combination"},
{"id": 25,
"keyword": "qualitative applications"},
{"id": 26,
"keyword": "signed words"},
{"id": 27,
"keyword": "invariant generation"},
{"id": 28,
"keyword": "fast iterative algorithm"},
{"id": 29,
"keyword": "lens laws"},
{"id": 30,
"keyword": "nodes labeled"},
{"id": 31,
"keyword": "protocol transcript"},
{"id": 32,
"keyword": "formalizing compiler transformations"},
{"id": 33,
"keyword": "common set"},
{"id": 34,
"keyword": "deterministic state machine"},
{"id": 35,
"keyword": "generate executable code"},
{"id": 36,
"keyword": "application programming interface"},
{"id": 37,
"keyword": "superposition rules"},
{"id": 38,
"keyword": "context-free languages"},
{"id": 39,
"keyword": "model satisfies"},
{"id": 40,
"keyword": "achieve consensus"},
{"id": 41,
"keyword": "exception compilation scheme"},
{"id": 42,
"keyword": "fixed arbitrary length"},
{"id": 43,
"keyword": "security property"},
{"id": 44,
"keyword": "totient function phi"},
{"id": 45,
"keyword": "verify theorems"},
{"id": 46,
"keyword": "poplmark challenge designed"},
{"id": 47,
"keyword": "finite closed semantic tree"},
{"id": 48,
"keyword": "saturation theorem proving"},
{"id": 49,
"keyword": "unification algorithm"},
{"id": 50,
"keyword": "complicated translation layer"},
{"id": 51,
"keyword": "chords intersect"},
{"id": 52,
"keyword": "deliverable d31"},
{"id": 53,
"keyword": "generate human-readable secav proofs"},
{"id": 54,
"keyword": "constructor calls occuring"},
{"id": 55,
"keyword": "ciphertext attacks"},
{"id": 56,
"keyword": "del"},
{"id": 57,
"keyword": "model total correctness"},
{"id": 58,
"keyword": "ramsey theory"},
{"id": 59,
"keyword": "effectful computations"},
{"id": 60,
"keyword": "lazy sequences"},
{"id": 61,
"keyword": "underlying graph"},
{"id": 62,
"keyword": "algebraic setting"},
{"id": 63,
"keyword": "resulting code"},
{"id": 64,
"keyword": "method called separata"},
{"id": 65,
"keyword": "technische universit"},
{"id": 66,
"keyword": "publisher subscriber pattern"},
{"id": 67,
"keyword": "completeness proof"},
{"id": 68,
"keyword": "function spaces"},
{"id": 69,
"keyword": "inference step"},
{"id": 70,
"keyword": "package logic"},
{"id": 71,
"keyword": "minimal unsatisfiable cores"},
{"id": 72,
"keyword": "compositional theory"},
{"id": 73,
"keyword": "programming languages sml"},
{"id": 74,
"keyword": "residuated transition system"},
{"id": 75,
"keyword": "quotient construction"},
{"id": 76,
"keyword": "monadic language"},
{"id": 77,
"keyword": "discrete"},
{"id": 78,
"keyword": "deductive system"},
{"id": 79,
"keyword": "store buffer"},
{"id": 80,
"keyword": "optimized variant"},
{"id": 81,
"keyword": "target-language expression"},
{"id": 82,
"keyword": "refinement-based theorem proving approach"},
{"id": 83,
"keyword": "cyclic groups"},
{"id": 84,
"keyword": "formal puiseux series"},
{"id": 85,
"keyword": "replicated growable array"},
{"id": 86,
"keyword": "axiomatic network model"},
{"id": 87,
"keyword": "lifting invariants"},
{"id": 88,
"keyword": "finite games"},
{"id": 89,
"keyword": "work focuses"},
{"id": 90,
"keyword": "detects unsatisfiability"},
{"id": 91,
"keyword": "unifies previous formalisations"},
{"id": 92,
"keyword": "semantic model"},
{"id": 93,
"keyword": "important classes"},
{"id": 94,
"keyword": "ground resolution"},
{"id": 95,
"keyword": "accesses memory locations"},
{"id": 96,
"keyword": "alternatives"},
{"id": 97,
"keyword": "linux-based router"},
{"id": 98,
"keyword": "counit natural transformations"},
{"id": 99,
"keyword": "simple compilation function"},
{"id": 100,
"keyword": "check high-level security goals"},
{"id": 101,
"keyword": "specific isomorphism expressing"},
{"id": 102,
"keyword": "computation traces"},
{"id": 103,
"keyword": "floating-point arithmetic"},
{"id": 104,
"keyword": "power sum polynomials"},
{"id": 105,
"keyword": "efficient binary search"},
{"id": 106,
"keyword": "application"},
{"id": 107,
"keyword": "dependent security type system"},
{"id": 108,
"keyword": "regular algebra hierarchy"},
{"id": 109,
"keyword": "recursive fashion"},
{"id": 110,
"keyword": "traditional query plan optimizations"},
{"id": 111,
"keyword": "employs reasoning"},
{"id": 112,
"keyword": "universal tool"},
{"id": 113,
"keyword": "detailed description"},
{"id": 114,
"keyword": "hol function"},
{"id": 115,
"keyword": "real roots"},
{"id": 116,
"keyword": "abrupt termination"},
{"id": 117,
"keyword": "theology"},
{"id": 118,
"keyword": "coinductive natural numbers"},
{"id": 119,
"keyword": "mutually-recursive definition"},
{"id": 120,
"keyword": "exotic terms"},
{"id": 121,
"keyword": "conference certified programs"},
{"id": 122,
"keyword": "graph lemma quantifies"},
{"id": 123,
"keyword": "complementary semigroups"},
{"id": 124,
"keyword": "encoding function"},
{"id": 125,
"keyword": "division algorithms"},
{"id": 126,
"keyword": "fixed prime"},
{"id": 127,
"keyword": "separate afp entry"},
{"id": 128,
"keyword": "integrated memory models"},
{"id": 129,
"keyword": "avl trees"},
{"id": 130,
"keyword": "theorem relates"},
{"id": 131,
"keyword": "custom induction rules"},
{"id": 132,
"keyword": "interdisciplinary project"},
{"id": 133,
"keyword": "effective procedure"},
{"id": 134,
"keyword": "uniform semantic substrate"},
{"id": 135,
"keyword": "simulation-based proofs"},
{"id": 136,
"keyword": "number"},
{"id": 137,
"keyword": "basic definitions"},
{"id": 138,
"keyword": "stepwise refinement"},
{"id": 139,
"keyword": "kleene relation algebras"},
{"id": 140,
"keyword": "implemented tail recursively"},
{"id": 141,
"keyword": "high efficiency"},
{"id": 142,
"keyword": "implement translation functions"},
{"id": 143,
"keyword": "secure messaging channel established"},
{"id": 144,
"keyword": "executable code"},
{"id": 145,
"keyword": "church-style simply-typed"},
{"id": 146,
"keyword": "uniquely determined polynomial combination"},
{"id": 147,
"keyword": "efficient variable-length codes"},
{"id": 148,
"keyword": "proof reuses"},
{"id": 149,
"keyword": "assertoric syllogistic"},
{"id": 150,
"keyword": "simple graphs"},
{"id": 151,
"keyword": "careful presentation"},
{"id": 152,
"keyword": "inductive unwinding theorem"},
{"id": 153,
"keyword": "completely subsumes"},
{"id": 154,
"keyword": "klein-beltrami model"},
{"id": 155,
"keyword": "timed coordination"},
{"id": 156,
"keyword": "factoring algorithm"},
{"id": 157,
"keyword": "software tool"},
{"id": 158,
"keyword": "fully corrupted"},
{"id": 159,
"keyword": "reverse post order number"},
{"id": 160,
"keyword": "-dimensional cube"},
{"id": 161,
"keyword": "recursive procedures"},
{"id": 162,
"keyword": "easily generate elements"},
{"id": 163,
"keyword": "data types"},
{"id": 164,
"keyword": "sat solver written"},
{"id": 165,
"keyword": "orthogonal transformations"},
{"id": 166,
"keyword": "input lists"},
{"id": 167,
"keyword": "algebras based"},
{"id": 168,
"keyword": "higher-order functions"},
{"id": 169,
"keyword": "memory resolve"},
{"id": 170,
"keyword": "bound depends"},
{"id": 171,
"keyword": "authorized path"},
{"id": 172,
"keyword": "niederreiter"},
{"id": 173,
"keyword": "guard protocols"},
{"id": 174,
"keyword": "derangements formula describes"},
{"id": 175,
"keyword": "general properties"},
{"id": 176,
"keyword": "partially filled"},
{"id": 177,
"keyword": "solve clique"},
{"id": 178,
"keyword": "kleene normal form"},
{"id": 179,
"keyword": "processing components"},
{"id": 180,
"keyword": "neutral absolute space"},
{"id": 181,
"keyword": "left part"},
{"id": 182,
"keyword": "component behavior"},
{"id": 183,
"keyword": "distributing interest"},
{"id": 184,
"keyword": "bisimilarity coincides"},
{"id": 185,
"keyword": "abstract hilbert-style"},
{"id": 186,
"keyword": "finite types"},
{"id": 187,
"keyword": "decides language emptiness"},
{"id": 188,
"keyword": "semantic annotations"},
{"id": 189,
"keyword": "lift universally quantified equations"},
{"id": 190,
"keyword": "synchronous step semantics"},
{"id": 191,
"keyword": "afp entry accessible"},
{"id": 192,
"keyword": "compositional analysis"},
{"id": 193,
"keyword": "handle binding"},
{"id": 194,
"keyword": "quantifier elimination procedures"},
{"id": 195,
"keyword": "fairly extensive set"},
{"id": 196,
"keyword": "network"},
{"id": 197,
"keyword": "strong law"},
{"id": 198,
"keyword": "separation logic"},
{"id": 199,
"keyword": "confidentiality verification"},
{"id": 200,
"keyword": "automatic search"},
{"id": 201,
"keyword": "important meta-theoretic results"},
{"id": 202,
"keyword": "cartesian category"},
{"id": 203,
"keyword": "dedicated encoding"},
{"id": 204,
"keyword": "beth hintikka style"},
{"id": 205,
"keyword": "university-level computer science curriculum"},
{"id": 206,
"keyword": "transitive class"},
{"id": 207,
"keyword": "quantum measurements"},
{"id": 208,
"keyword": "enable easy integration"},
{"id": 209,
"keyword": "free variables"},
{"id": 210,
"keyword": "checking c1-information"},
{"id": 211,
"keyword": "binding sequences"},
{"id": 212,
"keyword": "full automation"},
{"id": 213,
"keyword": "fixed bound"},
{"id": 214,
"keyword": "basis reduction algorithm"},
{"id": 215,
"keyword": "unsorted list deterministically"},
{"id": 216,
"keyword": "boolean functions"},
{"id": 217,
"keyword": "support"},
{"id": 218,
"keyword": "mathcal"},
{"id": 219,
"keyword": "main goal"},
{"id": 220,
"keyword": "gale stewart theorem"},
{"id": 221,
"keyword": "combinatorial proof"},
{"id": 222,
"keyword": "monadic second-order logic"},
{"id": 223,
"keyword": "preservation lemmas"},
{"id": 224,
"keyword": "finite symbolic execution graph"},
{"id": 225,
"keyword": "compiler rewrite rules"},
{"id": 226,
"keyword": "conditions"},
{"id": 227,
"keyword": "conditional equality operators"},
{"id": 228,
"keyword": "binary tree"},
{"id": 229,
"keyword": "executable framework"},
{"id": 230,
"keyword": "final states"},
{"id": 231,
"keyword": "simple firewall model"},
{"id": 232,
"keyword": "simply transforms"},
{"id": 233,
"keyword": "conclude wrong results"},
{"id": 234,
"keyword": "embedded logic"},
{"id": 235,
"keyword": "o-automata framework"},
{"id": 236,
"keyword": "semantical representation"},
{"id": 237,
"keyword": "basic file operations"},
{"id": 238,
"keyword": "point-wise reasoning"},
{"id": 239,
"keyword": "generalized multiset ordering"},
{"id": 240,
"keyword": "numerous instances"},
{"id": 241,
"keyword": "run construction rules"},
{"id": 242,
"keyword": "semantic engine"},
{"id": 243,
"keyword": "global context transformations"},
{"id": 244,
"keyword": "cutting truncating sets"},
{"id": 245,
"keyword": "industrial separation kernel"},
{"id": 246,
"keyword": "existing afp-entry"},
{"id": 247,
"keyword": "sufficiently efficient"},
{"id": 248,
"keyword": "holcf package"},
{"id": 249,
"keyword": "linear ordered fields"},
{"id": 250,
"keyword": "hancl asserting"},
{"id": 251,
"keyword": "concurrent choice"},
{"id": 252,
"keyword": "normalisation procedures"},
{"id": 253,
"keyword": "abstract algorithms closely"},
{"id": 254,
"keyword": "algebraic closure"},
{"id": 255,
"keyword": "cycle matroid"},
{"id": 256,
"keyword": "term occurring"},
{"id": 257,
"keyword": "arbitrary ring"},
{"id": 258,
"keyword": "concrete protocols variants"},
{"id": 259,
"keyword": "carrier set"},
{"id": 260,
"keyword": "compositional algorithm exploits acyclicity"},
{"id": 261,
"keyword": "refinement techniques"},
{"id": 262,
"keyword": "bayesian regression presented"},
{"id": 263,
"keyword": "natural transformations simply"},
{"id": 264,
"keyword": "continuous functions"},
{"id": 265,
"keyword": "possibilistic noninterference afp entry"},
{"id": 266,
"keyword": "target language"},
{"id": 267,
"keyword": "require guardedness up-"},
{"id": 268,
"keyword": "elementary proof exist"},
{"id": 269,
"keyword": "linear algebra libraries"},
{"id": 270,
"keyword": "profound formalism"},
{"id": 271,
"keyword": "exchanging data"},
{"id": 272,
"keyword": "braun trees"},
{"id": 273,
"keyword": "fully connected subgraph"},
{"id": 274,
"keyword": "existing secav system"},
{"id": 275,
"keyword": "non-negative real matrix"},
{"id": 276,
"keyword": "proof assistant coq"},
{"id": 277,
"keyword": "static program analysis"},
{"id": 278,
"keyword": "standard superposition calculus corresponds"},
{"id": 279,
"keyword": "contact gerwin"},
{"id": 280,
"keyword": "algorithm factors polynomials"},
{"id": 281,
"keyword": "subresultant polynomial remainder sequence"},
{"id": 282,
"keyword": "ipurge unwinding theorem"},
{"id": 283,
"keyword": "rabin automata"},
{"id": 284,
"keyword": "time domain"},
{"id": 285,
"keyword": "code rate"},
{"id": 286,
"keyword": "stochastic matrix"},
{"id": 287,
"keyword": "analyze similar algorithms"},
{"id": 288,
"keyword": "short explanation"},
{"id": 289,
"keyword": "negative integers"},
{"id": 290,
"keyword": "prime number theorem builds"},
{"id": 291,
"keyword": "routing policies"},
{"id": 292,
"keyword": "research project"},
{"id": 293,
"keyword": "field extensions"},
{"id": 294,
"keyword": "invariant based programming"},
{"id": 295,
"keyword": "development longer"},
{"id": 296,
"keyword": "polynomial sequences"},
{"id": 297,
"keyword": "automatically calculated"},
{"id": 298,
"keyword": "practical algebraic calculus"},
{"id": 299,
"keyword": "kind mapped"},
{"id": 300,
"keyword": "cambridge lecture notes topics"},
{"id": 301,
"keyword": "maximum element"},
{"id": 302,
"keyword": "solved deterministically"},
{"id": 303,
"keyword": "under-approximate relational logic"},
{"id": 304,
"keyword": "fixed points"},
{"id": 305,
"keyword": "ring theory development"},
{"id": 306,
"keyword": "direct formalisation"},
{"id": 307,
"keyword": "suitably extending paulson"},
{"id": 308,
"keyword": "theorems hold"},
{"id": 309,
"keyword": "separation logic theory"},
{"id": 310,
"keyword": "small step operational semantics"},
{"id": 311,
"keyword": "constant upper bound"},
{"id": 312,
"keyword": "verifying network security policies"},
{"id": 313,
"keyword": "key contribution"},
{"id": 314,
"keyword": "herbrand universe"},
{"id": 315,
"keyword": "class-free constants"},
{"id": 316,
"keyword": "slightly extended"},
{"id": 317,
"keyword": "separation logic framework"},
{"id": 318,
"keyword": "component-based development approach"},
{"id": 319,
"keyword": "previously unknown paradox"},
{"id": 320,
"keyword": "homomorphic functions"},
{"id": 321,
"keyword": "type class system"},
{"id": 322,
"keyword": "radical expressions"},
{"id": 323,
"keyword": "client-side javascript programs"},
{"id": 324,
"keyword": "excluding cubic axioms"},
{"id": 325,
"keyword": "concrete reachable states"},
{"id": 326,
"keyword": "euclidean domains"},
{"id": 327,
"keyword": "conversion functions"},
{"id": 328,
"keyword": "diophantine sets"},
{"id": 329,
"keyword": "important concepts"},
{"id": 330,
"keyword": "finite state machines"},
{"id": 331,
"keyword": "factorization algorithms"},
{"id": 332,
"keyword": "abstract reference specification"},
{"id": 333,
"keyword": "mark 1 machine"},
{"id": 334,
"keyword": "applies induction"},
{"id": 335,
"keyword": "itp 2017 paper"},
{"id": 336,
"keyword": "article titled"},
{"id": 337,
"keyword": "replacement rule"},
{"id": 338,
"keyword": "respect stream equivalence"},
{"id": 339,
"keyword": "purely functional implementation based"},
{"id": 340,
"keyword": "affine scheme"},
{"id": 341,
"keyword": "native sequential consistency"},
{"id": 342,
"keyword": "non-deterministic languages"},
{"id": 343,
"keyword": "dom revealed numerous invariants"},
{"id": 344,
"keyword": "falsely claims"},
{"id": 345,
"keyword": "future articles"},
{"id": 346,
"keyword": "non-elementary worst-case blow-"},
{"id": 347,
"keyword": "ascending priority"},
{"id": 348,
"keyword": "abstract syntax"},
{"id": 349,
"keyword": "logics"},
{"id": 350,
"keyword": "random"},
{"id": 351,
"keyword": "verified code"},
{"id": 352,
"keyword": "extension theorem employing terminology"},
{"id": 353,
"keyword": "features monadic types"},
{"id": 354,
"keyword": "goto rule"},
{"id": 355,
"keyword": "ruzsa triangle inequality"},
{"id": 356,
"keyword": "high-level specification language jml"},
{"id": 357,
"keyword": "routh-hurwitz stability criterion"},
{"id": 358,
"keyword": "single-source shortest path problem"},
{"id": 359,
"keyword": "monadic refinement framework"},
{"id": 360,
"keyword": "datatypes generated"},
{"id": 361,
"keyword": "significant confidentiality theorems"},
{"id": 362,
"keyword": "identified inconsistencies"},
{"id": 363,
"keyword": "extremal graph theory"},
{"id": 364,
"keyword": "bnfcc structure"},
{"id": 365,
"keyword": "flow saturates"},
{"id": 366,
"keyword": "acceptance rejection decisions"},
{"id": 367,
"keyword": "main motivation"},
{"id": 368,
"keyword": "van oostrom"},
{"id": 369,
"keyword": "probability larger"},
{"id": 370,
"keyword": "approximation polynomial based"},
{"id": 371,
"keyword": "compositionality results"},
{"id": 372,
"keyword": "implemented tactics"},
{"id": 373,
"keyword": "strictly increasing"},
{"id": 374,
"keyword": "formally connect"},
{"id": 375,
"keyword": "clean development"},
{"id": 376,
"keyword": "vincent rahli"},
{"id": 377,
"keyword": "inherently based"},
{"id": 378,
"keyword": "probabilistic model checking"},
{"id": 379,
"keyword": "abstract ledger supporting"},
{"id": 380,
"keyword": "common criteria full abstraction"},
{"id": 381,
"keyword": "client-side web applications"},
{"id": 382,
"keyword": "standard types"},
{"id": 383,
"keyword": "represents dominators"},
{"id": 384,
"keyword": "graph node"},
{"id": 385,
"keyword": "sequentially consistent"},
{"id": 386,
"keyword": "rely quotient"},
{"id": 387,
"keyword": "rose bohrer"},
{"id": 388,
"keyword": "model refinement"},
{"id": 389,
"keyword": "probabilistic behaviour"},
{"id": 390,
"keyword": "function satisfies"},
{"id": 391,
"keyword": "spectral theorem states"},
{"id": 392,
"keyword": "symmetry property"},
{"id": 393,
"keyword": "amortized logarithmic complexity"},
{"id": 394,
"keyword": "detailed proof steps"},
{"id": 395,
"keyword": "book markov decision processes"},
{"id": 396,
"keyword": "equivalent forms"},
{"id": 397,
"keyword": "tree automata technique"},
{"id": 398,
"keyword": "verification tools"},
{"id": 399,
"keyword": "applicative expressions"},
{"id": 400,
"keyword": "sdss random dictatorship"},
{"id": 401,
"keyword": "forward packets"},
{"id": 402,
"keyword": "sturm proof method"},
{"id": 403,
"keyword": "formulas obtained"},
{"id": 404,
"keyword": "incredible proof machine"},
{"id": 405,
"keyword": "multiplication"},
{"id": 406,
"keyword": "real-world protocol"},
{"id": 407,
"keyword": "ba12 mordechai ben-ari"},
{"id": 408,
"keyword": "paper verified construction"},
{"id": 409,
"keyword": "weighted graphs"},
{"id": 410,
"keyword": "jinja source code semantics"},
{"id": 411,
"keyword": "important consequences"},
{"id": 412,
"keyword": "hol"},
{"id": 413,
"keyword": "avoid circular reasoning"},
{"id": 414,
"keyword": "multiple oblivious transfer"},
{"id": 415,
"keyword": "consideration admits"},
{"id": 416,
"keyword": "abductive reasoning"},
{"id": 417,
"keyword": "facilitating developments"},
{"id": 418,
"keyword": "base set"},
{"id": 419,
"keyword": "coinductive terminated lists"},
{"id": 420,
"keyword": "bor vka"},
{"id": 421,
"keyword": "functor composition"},
{"id": 422,
"keyword": "dedekind cuts"},
{"id": 423,
"keyword": "mathematical structures"},
{"id": 424,
"keyword": "253--269 cpp-2016 peter lammich"},
{"id": 425,
"keyword": "previous work"},
{"id": 426,
"keyword": "temporal specification technique"},
{"id": 427,
"keyword": "closed formulas"},
{"id": 428,
"keyword": "fol theories extending"},
{"id": 429,
"keyword": "control flow graph"},
{"id": 430,
"keyword": "allowing formal reasoning"},
{"id": 431,
"keyword": "collection semantics"},
{"id": 432,
"keyword": "non-deterministic monad"},
{"id": 433,
"keyword": "predicate"},
{"id": 434,
"keyword": "partly commented"},
{"id": 435,
"keyword": "related theorem"},
{"id": 436,
"keyword": "john wickerson"},
{"id": 437,
"keyword": "formally verified solver"},
{"id": 438,
"keyword": "subsumption order"},
{"id": 439,
"keyword": "write alpha"},
{"id": 440,
"keyword": "afp article amortized complexity"},
{"id": 441,
"keyword": "recursive fast fourier transform"},
{"id": 442,
"keyword": "executable query translation"},
{"id": 443,
"keyword": "automata classes"},
{"id": 444,
"keyword": "current compression formats"},
{"id": 445,
"keyword": "minimum weight basis"},
{"id": 446,
"keyword": "real numbers"},
{"id": 447,
"keyword": "larry paulson"},
{"id": 448,
"keyword": "completely factorize real"},
{"id": 449,
"keyword": "networking protocols"},
{"id": 450,
"keyword": "filtered sets"},
{"id": 451,
"keyword": "communicating sequential processes"},
{"id": 452,
"keyword": "fisher yates algorithm"},
{"id": 453,
"keyword": "basic elements"},
{"id": 454,
"keyword": "uniquely distinguish quantum states"},
{"id": 455,
"keyword": "alternate binomial theorem statement"},
{"id": 456,
"keyword": "perfect logicians forbidden"},
{"id": 457,
"keyword": "complete test generation algorithms"},
{"id": 458,
"keyword": "verified heap functions"},
{"id": 459,
"keyword": "pace secure channel"},
{"id": 460,
"keyword": "coefficient functions"},
{"id": 461,
"keyword": "rule induction"},
{"id": 462,
"keyword": "evaluating cauchy indices"},
{"id": 463,
"keyword": "ground totality"},
{"id": 464,
"keyword": "generalizes sutherland"},
{"id": 465,
"keyword": "advanced algorithms"},
{"id": 466,
"keyword": "word power"},
{"id": 467,
"keyword": "information processing letters 29"},
{"id": 468,
"keyword": "possibilistic information-flow security properties"},
{"id": 469,
"keyword": "stream fusion"},
{"id": 470,
"keyword": "general geometric facts"},
{"id": 471,
"keyword": "efficient structures"},
{"id": 472,
"keyword": "concrete functors"},
{"id": 473,
"keyword": "algebraic formalization end"},
{"id": 474,
"keyword": "lending funds"},
{"id": 475,
"keyword": "sketches found"},
{"id": 476,
"keyword": "benchmark problems"},
{"id": 477,
"keyword": "variable assignment"},
{"id": 478,
"keyword": "algorithm enumerating"},
{"id": 479,
"keyword": "previous afp article"},
{"id": 480,
"keyword": "representative dynamic programming problems"},
{"id": 481,
"keyword": "priority"},
{"id": 482,
"keyword": "andr platzer"},
{"id": 483,
"keyword": "adding observation instants"},
{"id": 484,
"keyword": "compiler optimization"},
{"id": 485,
"keyword": "nominal2 library"},
{"id": 486,
"keyword": "finite automata"},
{"id": 487,
"keyword": "abstract version"},
{"id": 488,
"keyword": "proof details"},
{"id": 489,
"keyword": "programming languages"},
{"id": 490,
"keyword": "basic properties ndash"},
{"id": 491,
"keyword": "taylor models"},
{"id": 492,
"keyword": "starting point"},
{"id": 493,
"keyword": "static single assignment form"},
{"id": 494,
"keyword": "randomized comb algorithm"},
{"id": 495,
"keyword": "collectively referred"},
{"id": 496,
"keyword": "computes density functions"},
{"id": 497,
"keyword": "standard dolev-yao"},
{"id": 498,
"keyword": "isafor ceta project"},
{"id": 499,
"keyword": "relational model"},
{"id": 500,
"keyword": "deriving asymptotic estimates"},
{"id": 501,
"keyword": "clean offers conditionals"},
{"id": 502,
"keyword": "no-frills state-exception monad"},
{"id": 503,
"keyword": "search-time information"},
{"id": 504,
"keyword": "regular expressions extended"},
{"id": 505,
"keyword": "specific part"},
{"id": 506,
"keyword": "breeders"},
{"id": 507,
"keyword": "classical geometric definitions"},
{"id": 508,
"keyword": "integration technique employs lex"},
{"id": 509,
"keyword": "bell numbers"},
{"id": 510,
"keyword": "pattern specifications"},
{"id": 511,
"keyword": "primitively corecursive-"},
{"id": 512,
"keyword": "tree automata apf-entry"},
{"id": 513,
"keyword": "detailed systematic study"},
{"id": 514,
"keyword": "compute roots"},
{"id": 515,
"keyword": "rational number"},
{"id": 516,
"keyword": "properties related"},
{"id": 517,
"keyword": "model compatibility"},
{"id": 518,
"keyword": "interactively find"},
{"id": 519,
"keyword": "ben-ari ba12"},
{"id": 520,
"keyword": "difference bound matrices"},
{"id": 521,
"keyword": "object-oriented data-type theories generated"},
{"id": 522,
"keyword": "benchmark scripts"},
{"id": 523,
"keyword": "field accesses"},
{"id": 524,
"keyword": "enables users"},
{"id": 525,
"keyword": "semantic definitions"},
{"id": 526,
"keyword": "employs formal models"},
{"id": 527,
"keyword": "max-flow min-cut theorem"},
{"id": 528,
"keyword": "proof language"},
{"id": 529,
"keyword": "class hierarchies"},
{"id": 530,
"keyword": "determinization procedure"},
{"id": 531,
"keyword": "concurrent dynamic logics"},
{"id": 532,
"keyword": "pierre boutry"},
{"id": 533,
"keyword": "push-relabel algorithms"},
{"id": 534,
"keyword": "discrete probability distributions"},
{"id": 535,
"keyword": "afp entry"},
{"id": 536,
"keyword": "multiple algebraic structures"},
{"id": 537,
"keyword": "cone text arg"},
{"id": 538,
"keyword": "vector cross product"},
{"id": 539,
"keyword": "bounded-deducibility security"},
{"id": 540,
"keyword": "machine-checked text annex"},
{"id": 541,
"keyword": "executable density compiler"},
{"id": 542,
"keyword": "difference sets"},
{"id": 543,
"keyword": "counter-free automata"},
{"id": 544,
"keyword": "number theoretic transform"},
{"id": 545,
"keyword": "paper mechanising turing machines"},
{"id": 546,
"keyword": "formalization reveals"},
{"id": 547,
"keyword": "involve regular expressions"},
{"id": 548,
"keyword": "chosen memory model"},
{"id": 549,
"keyword": "automated circuit verification"},
{"id": 550,
"keyword": "taylor expansions"},
{"id": 551,
"keyword": "infinite derivation trees"},
{"id": 552,
"keyword": "instance---many-sorted fol"},
{"id": 553,
"keyword": "entailment- minimal"},
{"id": 554,
"keyword": "theories reasoning"},
{"id": 555,
"keyword": "proof method casify"},
{"id": 556,
"keyword": "stationary distributions"},
{"id": 557,
"keyword": "severe limitation"},
{"id": 558,
"keyword": "lies strictly"},
{"id": 559,
"keyword": "application areas"},
{"id": 560,
"keyword": "strongly connected components"},
{"id": 561,
"keyword": "initial segment condition"},
{"id": 562,
"keyword": "locally ringed space"},
{"id": 563,
"keyword": "maclaurin summation formula"},
{"id": 564,
"keyword": "karel hrbacek"},
{"id": 565,
"keyword": "underlying ideas"},
{"id": 566,
"keyword": "fundamental subspaces"},
{"id": 567,
"keyword": "notable result"},
{"id": 568,
"keyword": "1 infty left"},
{"id": 569,
"keyword": "multiple goods"},
{"id": 570,
"keyword": "lehmer test"},
{"id": 571,
"keyword": "kepler conjecture"},
{"id": 572,
"keyword": "rely-guarantee-style reasoning"},
{"id": 573,
"keyword": "elegant encoding"},
{"id": 574,
"keyword": "require"},
{"id": 575,
"keyword": "proof assistant"},
{"id": 576,
"keyword": "transfer package"},
{"id": 577,
"keyword": "higher-order logic"},
{"id": 578,
"keyword": "case studies"},
{"id": 579,
"keyword": "lp spaces"},
{"id": 580,
"keyword": "pctl formulas"},
{"id": 581,
"keyword": "program traces"},
{"id": 582,
"keyword": "resolution calculus"},
{"id": 583,
"keyword": "standard construction"},
{"id": 584,
"keyword": "first-order terms"},
{"id": 585,
"keyword": "generate code"},
{"id": 586,
"keyword": "implementation relates pointer-based computation"},
{"id": 587,
"keyword": "public output ports"},
{"id": 588,
"keyword": "flow-sensitive type system"},
{"id": 589,
"keyword": "fitting theory"},
{"id": 590,
"keyword": "basic algebraic properties"},
{"id": 591,
"keyword": "predicate taking"},
{"id": 592,
"keyword": "dataflow paradigm"},
{"id": 593,
"keyword": "permissions held"},
{"id": 594,
"keyword": "arbitrary nominal sets"},
{"id": 595,
"keyword": "correctness theorems"},
{"id": 596,
"keyword": "incoming edges"},
{"id": 597,
"keyword": "input infinite sequences"},
{"id": 598,
"keyword": "klein nicta"},
{"id": 599,
"keyword": "manual approach"},
{"id": 600,
"keyword": "originally obtained"},
{"id": 601,
"keyword": "familiar first-order logic"},
{"id": 602,
"keyword": "game-hopping style advocated"},
{"id": 603,
"keyword": "reusable building blocks"},
{"id": 604,
"keyword": "common factors"},
{"id": 605,
"keyword": "reduction step"},
{"id": 606,
"keyword": "perfect forward secrecy"},
{"id": 607,
"keyword": "full sequential fragment"},
{"id": 608,
"keyword": "adapting larry paulson"},
{"id": 609,
"keyword": "termination techniques"},
{"id": 610,
"keyword": "large part"},
{"id": 611,
"keyword": "generic diamond lemma reduction"},
{"id": 612,
"keyword": "produce uniformly smaller automata"},
{"id": 613,
"keyword": "regular expression"},
{"id": 614,
"keyword": "afp entry focusstreamscasestudies-afp"},
{"id": 615,
"keyword": "runtime monitoring"},
{"id": 616,
"keyword": "quantum projective measurements"},
{"id": 617,
"keyword": "existing theories"},
{"id": 618,
"keyword": "relational parametricity due"},
{"id": 619,
"keyword": "superposition calculus"},
{"id": 620,
"keyword": "version states"},
{"id": 621,
"keyword": "calculate sign variations"},
{"id": 622,
"keyword": "extended real numbers form"},
{"id": 623,
"keyword": "standard reduction path"},
{"id": 624,
"keyword": "meld operations"},
{"id": 625,
"keyword": "json objects"},
{"id": 626,
"keyword": "rgen villadsen"},
{"id": 627,
"keyword": "partial binary operation"},
{"id": 628,
"keyword": "tuples satisfying"},
{"id": 629,
"keyword": "remaining computation"},
{"id": 630,
"keyword": "andrei popescu propose"},
{"id": 631,
"keyword": "standard definitions"},
{"id": 632,
"keyword": "call return"},
{"id": 633,
"keyword": "substantial background"},
{"id": 634,
"keyword": "girard-tait style logical relation"},
{"id": 635,
"keyword": "expressive logic"},
{"id": 636,
"keyword": "informal description"},
{"id": 637,
"keyword": "infinite trees branching"},
{"id": 638,
"keyword": "regular languages"},
{"id": 639,
"keyword": "carmichael numbers"},
{"id": 640,
"keyword": "digit expansions"},
{"id": 641,
"keyword": "famous invisible hand"},
{"id": 642,
"keyword": "javascript object notation"},
{"id": 643,
"keyword": "public announcement logic"},
{"id": 644,
"keyword": "compute arbitrary primitive recursive"},
{"id": 645,
"keyword": "respective fundamental homomorphism theorems"},
{"id": 646,
"keyword": "practically successful method"},
{"id": 647,
"keyword": "up-closed sets"},
{"id": 648,
"keyword": "edward zalta"},
{"id": 649,
"keyword": "generalized recurrence"},
{"id": 650,
"keyword": "equivalence kernels"},
{"id": 651,
"keyword": "real gamma function gamma"},
{"id": 652,
"keyword": "british imperial system"},
{"id": 653,
"keyword": "comparing encodability criteria"},
{"id": 654,
"keyword": "arbitrary user-"},
{"id": 655,
"keyword": "constructor applications"},
{"id": 656,
"keyword": "analogous problem arises"},
{"id": 657,
"keyword": "expanding contracting intervals"},
{"id": 658,
"keyword": "first-order parameters"},
{"id": 659,
"keyword": "abortable linearizable module automaton"},
{"id": 660,
"keyword": "syntactic multiplication"},
{"id": 661,
"keyword": "symmetric directed graphs"},
{"id": 662,
"keyword": "cava automata library"},
{"id": 663,
"keyword": "higher-order frequency moments"},
{"id": 664,
"keyword": "fusible list functions"},
{"id": 665,
"keyword": "nash-williams discovered"},
{"id": 666,
"keyword": "equivalence proofs"},
{"id": 667,
"keyword": "regular algebras axiomatise"},
{"id": 668,
"keyword": "efficient data structure combining"},
{"id": 669,
"keyword": "distributed systems specification"},
{"id": 670,
"keyword": "total recursive functions"},
{"id": 671,
"keyword": "complete formalisation"},
{"id": 672,
"keyword": "inductive definition"},
{"id": 673,
"keyword": "cohen posets"},
{"id": 674,
"keyword": "standard system"},
{"id": 675,
"keyword": "wide range"},
{"id": 676,
"keyword": "nominal"},
{"id": 677,
"keyword": "ongoing development"},
{"id": 678,
"keyword": "concrete logics satisfying"},
{"id": 679,
"keyword": "efficient implementation"},
{"id": 680,
"keyword": "ribbon proofs"},
{"id": 681,
"keyword": "mechanised proofs"},
{"id": 682,
"keyword": "test check"},
{"id": 683,
"keyword": "inverse limit"},
{"id": 684,
"keyword": "original quantifier elimination algorithm"},
{"id": 685,
"keyword": "abc"},
{"id": 686,
"keyword": "lend money"},
{"id": 687,
"keyword": "symmetric cases"},
{"id": 688,
"keyword": "verify purely functional"},
{"id": 689,
"keyword": "hyperdual numbers"},
{"id": 690,
"keyword": "discrete fourier transform"},
{"id": 691,
"keyword": "forward data packets"},
{"id": 692,
"keyword": "application consumes potential"},
{"id": 693,
"keyword": "second-order derivation"},
{"id": 694,
"keyword": "special functions"},
{"id": 695,
"keyword": "initial conversion"},
{"id": 696,
"keyword": "hol formalization refines"},
{"id": 697,
"keyword": "eliminates duplicate prime factors"},
{"id": 698,
"keyword": "explicit formula"},
{"id": 699,
"keyword": "eventually achieve"},
{"id": 700,
"keyword": "non-negative real"},
{"id": 701,
"keyword": "deterministic minsky machine"},
{"id": 702,
"keyword": "graph properties expressed"},
{"id": 703,
"keyword": "dom standard"},
{"id": 704,
"keyword": "high school"},
{"id": 705,
"keyword": "dnf-based non-elementary algorithm"},
{"id": 706,
"keyword": "fast sat solver"},
{"id": 707,
"keyword": "coalgebraic literature"},
{"id": 708,
"keyword": "generalisation bnfcc"},
{"id": 709,
"keyword": "vector space"},
{"id": 710,
"keyword": "lll basis reduction algorithm"},
{"id": 711,
"keyword": "comte de buffon posed"},
{"id": 712,
"keyword": "confidentiality properties"},
{"id": 713,
"keyword": "defining functors"},
{"id": 714,
"keyword": "prod limits_"},
{"id": 715,
"keyword": "range queries"},
{"id": 716,
"keyword": "binary orthogonality"},
{"id": 717,
"keyword": "union concatenation"},
{"id": 718,
"keyword": "substantial set"},
{"id": 719,
"keyword": "von lindemann"},
{"id": 720,
"keyword": "proof tool"},
{"id": 721,
"keyword": "modulo operation"},
{"id": 722,
"keyword": "path"},
{"id": 723,
"keyword": "document corresponds"},
{"id": 724,
"keyword": "gps satellite"},
{"id": 725,
"keyword": "publication forthcoming"},
{"id": 726,
"keyword": "behavioral aspects"},
{"id": 727,
"keyword": "graph- transformation based method"},
{"id": 728,
"keyword": "odd-set cover"},
{"id": 729,
"keyword": "classical algorithms"},
{"id": 730,
"keyword": "proofs involving linear algebra"},
{"id": 731,
"keyword": "years formal verification"},
{"id": 732,
"keyword": "simulation code generation"},
{"id": 733,
"keyword": "geodesic triangles"},
{"id": 734,
"keyword": "present interpretations"},
{"id": 735,
"keyword": "extending previous results applying"},
{"id": 736,
"keyword": "k-universal hash family"},
{"id": 737,
"keyword": "revision 6081d5be8d08"},
{"id": 738,
"keyword": "boolean connectives"},
{"id": 739,
"keyword": "verification condition generators producing"},
{"id": 740,
"keyword": "lattice-theoretic concepts"},
{"id": 741,
"keyword": "generic instantiation based"},
{"id": 742,
"keyword": "communication channels"},
{"id": 743,
"keyword": "sufficiently nice sdss"},
{"id": 744,
"keyword": "proof applies"},
{"id": 745,
"keyword": "couple small"},
{"id": 746,
"keyword": "additive combinatorics due"},
{"id": 747,
"keyword": "representable bounds"},
{"id": 748,
"keyword": "textbook modal logic"},
{"id": 749,
"keyword": "relational program logics"},
{"id": 750,
"keyword": "formal words"},
{"id": 751,
"keyword": "command mk_ide enables"},
{"id": 752,
"keyword": "inventory management"},
{"id": 753,
"keyword": "generalised rewriting"},
{"id": 754,
"keyword": "enhanced interleaves predicate turns"},
{"id": 755,
"keyword": "call risk-free loan"},
{"id": 756,
"keyword": "cotangent spaces"},
{"id": 757,
"keyword": "simple exercises"},
{"id": 758,
"keyword": "induction hypothesis"},
{"id": 759,
"keyword": "real-world computer networks"},
{"id": 760,
"keyword": "additional relations"},
{"id": 761,
"keyword": "combine stepwise refinement"},
{"id": 762,
"keyword": "logical foundation"},
{"id": 763,
"keyword": "nearest shadow root"},
{"id": 764,
"keyword": "asynchronously communicating nodes"},
{"id": 765,
"keyword": "introducing constructor functions"},
{"id": 766,
"keyword": "newly detected states"},
{"id": 767,
"keyword": "combinatorial structures"},
{"id": 768,
"keyword": "presented variants increase"},
{"id": 769,
"keyword": "divide conquer algorithms"},
{"id": 770,
"keyword": "classical extensional mereology"},
{"id": 771,
"keyword": "quantified non-classical logics"},
{"id": 772,
"keyword": "usual definitions"},
{"id": 773,
"keyword": "foundation presented"},
{"id": 774,
"keyword": "incidence set systems"},
{"id": 775,
"keyword": "jacobi symbol"},
{"id": 776,
"keyword": "verification components"},
{"id": 777,
"keyword": "system"},
{"id": 778,
"keyword": "counts distinct real roots"},
{"id": 779,
"keyword": "language primitives"},
{"id": 780,
"keyword": "classical logic"},
{"id": 781,
"keyword": "formal protocol verification"},
{"id": 782,
"keyword": "entry genclock"},
{"id": 783,
"keyword": "inlines function application"},
{"id": 784,
"keyword": "positive llists"},
{"id": 785,
"keyword": "full classical propositional logic"},
{"id": 786,
"keyword": "imperative programming languages"},
{"id": 787,
"keyword": "dynamical systems"},
{"id": 788,
"keyword": "arbitrary transition systems"},
{"id": 789,
"keyword": "induced maps"},
{"id": 790,
"keyword": "info research codegen"},
{"id": 791,
"keyword": "monitoring tools"},
{"id": 792,
"keyword": "functional languages"},
{"id": 793,
"keyword": "strong nullstellensatz"},
{"id": 794,
"keyword": "stateful network implementation"},
{"id": 795,
"keyword": "development concludes"},
{"id": 796,
"keyword": "hyperbolic geometry"},
{"id": 797,
"keyword": "strongest postconditions based"},
{"id": 798,
"keyword": "cade 28 paper"},
{"id": 799,
"keyword": "called complete sets"},
{"id": 800,
"keyword": "jordan curve theorem"},
{"id": 801,
"keyword": "core operations"},
{"id": 802,
"keyword": "fixed arguments"},
{"id": 803,
"keyword": "satisfying assignment"},
{"id": 804,
"keyword": "b_n"},
{"id": 805,
"keyword": "bilinear dominance"},
{"id": 806,
"keyword": "model reactive systems"},
{"id": 807,
"keyword": "target language features"},
{"id": 808,
"keyword": "social decision schemes"},
{"id": 809,
"keyword": "okamoto sigma-protocols"},
{"id": 810,
"keyword": "squares euclid"},
{"id": 811,
"keyword": "celebrated theorem"},
{"id": 812,
"keyword": "girard newton theorem"},
{"id": 813,
"keyword": "yoneda embedding preserves limits"},
{"id": 814,
"keyword": "behavior traces"},
{"id": 815,
"keyword": "avoid correctness issues"},
{"id": 816,
"keyword": "magic wand mathbin"},
{"id": 817,
"keyword": "argument functions"},
{"id": 818,
"keyword": "stream types"},
{"id": 819,
"keyword": "original operational semantics"},
{"id": 820,
"keyword": "reduction conformance relations"},
{"id": 821,
"keyword": "heap operations"},
{"id": 822,
"keyword": "64-bit bases"},
{"id": 823,
"keyword": "coupled simulation versus bisimulation"},
{"id": 824,
"keyword": "unified policy framework"},
{"id": 825,
"keyword": "configuration trace"},
{"id": 826,
"keyword": "pen-and-paper analysis"},
{"id": 827,
"keyword": "definite initialisation analysis"},
{"id": 828,
"keyword": "complex plane"},
{"id": 829,
"keyword": "galois theory"},
{"id": 830,
"keyword": "weak nullstellensatz"},
{"id": 831,
"keyword": "standard logistic function"},
{"id": 832,
"keyword": "state-of-the-art automated protocol verifiers"},
{"id": 833,
"keyword": "generate efficient code"},
{"id": 834,
"keyword": "modal logics"},
{"id": 835,
"keyword": "syntactic context"},
{"id": 836,
"keyword": "resulting generalized counting sort"},
{"id": 837,
"keyword": "special care"},
{"id": 838,
"keyword": "volume proofs"},
{"id": 839,
"keyword": "failed proof"},
{"id": 840,
"keyword": "individual computing nodes"},
{"id": 841,
"keyword": "recursive path order"},
{"id": 842,
"keyword": "reachable states"},
{"id": 843,
"keyword": "equivalent versions"},
{"id": 844,
"keyword": "closed finite games"},
{"id": 845,
"keyword": "generalised form"},
{"id": 846,
"keyword": "proposed under-approximate logics"},
{"id": 847,
"keyword": "handle incidence relations"},
{"id": 848,
"keyword": "machine-assisted proof"},
{"id": 849,
"keyword": "group representation"},
{"id": 850,
"keyword": "frame rule"},
{"id": 851,
"keyword": "proof document supports"},
{"id": 852,
"keyword": "amortized complexity"},
{"id": 853,
"keyword": "assertion failure"},
{"id": 854,
"keyword": "regular expressions needed"},
{"id": 855,
"keyword": "n2m operation"},
{"id": 856,
"keyword": "abstract compiler working"},
{"id": 857,
"keyword": "dra targets similar applications"},
{"id": 858,
"keyword": "certify termination proofs"},
{"id": 859,
"keyword": "failures model"},
{"id": 860,
"keyword": "resource bound"},
{"id": 861,
"keyword": "probabilistic systems"},
{"id": 862,
"keyword": "infinite behavior traces"},
{"id": 863,
"keyword": "finiteness assumptions"},
{"id": 864,
"keyword": "gps receiver"},
{"id": 865,
"keyword": "proof theory enables application"},
{"id": 866,
"keyword": "longer valid"},
{"id": 867,
"keyword": "separation kernels"},
{"id": 868,
"keyword": "in-place heapsort"},
{"id": 869,
"keyword": "result due"},
{"id": 870,
"keyword": "clause loop"},
{"id": 871,
"keyword": "register aliasing"},
{"id": 872,
"keyword": "recursive formalization"},
{"id": 873,
"keyword": "revision functions launches"},
{"id": 874,
"keyword": "extensible library"},
{"id": 875,
"keyword": "master theorem based"},
{"id": 876,
"keyword": "refinement type systems"},
{"id": 877,
"keyword": "generic abstract interpreter"},
{"id": 878,
"keyword": "proof relies"},
{"id": 879,
"keyword": "quantum hoare logic"},
{"id": 880,
"keyword": "haskell tool called fffuu"},
{"id": 881,
"keyword": "recursion theorems"},
{"id": 882,
"keyword": "relation algebras equipped"},
{"id": 883,
"keyword": "prefix length"},
{"id": 884,
"keyword": "balanced nature"},
{"id": 885,
"keyword": "key component"},
{"id": 886,
"keyword": "article attempts"},
{"id": 887,
"keyword": "heuristics automatically pick"},
{"id": 888,
"keyword": "instruction set architecture"},
{"id": 889,
"keyword": "hol light formalization"},
{"id": 890,
"keyword": "tauberian theorem"},
{"id": 891,
"keyword": "domain-specific languages"},
{"id": 892,
"keyword": "code generation"},
{"id": 893,
"keyword": "combinatorial optimisation"},
{"id": 894,
"keyword": "isafol isafol authors"},
{"id": 895,
"keyword": "providing sequential composition"},
{"id": 896,
"keyword": "complex numbers"},
{"id": 897,
"keyword": "afp"},
{"id": 898,
"keyword": "dominated terms"},
{"id": 899,
"keyword": "maximal normal subgroups"},
{"id": 900,
"keyword": "pseudonatural transformations"},
{"id": 901,
"keyword": "short outline"},
{"id": 902,
"keyword": "fixed lexicographical order"},
{"id": 903,
"keyword": "coq proof assistant"},
{"id": 904,
"keyword": "echelon form afp entry"},
{"id": 905,
"keyword": "implicit flows"},
{"id": 906,
"keyword": "time complexity"},
{"id": 907,
"keyword": "integer keys"},
{"id": 908,
"keyword": "personal byzantine quorum systems"},
{"id": 909,
"keyword": "highly non-elementary mathematical tools"},
{"id": 910,
"keyword": "rivest commitment schemes"},
{"id": 911,
"keyword": "pairs consisting"},
{"id": 912,
"keyword": "potential breaks"},
{"id": 913,
"keyword": "json encoded data"},
{"id": 914,
"keyword": "partial derivatives"},
{"id": 915,
"keyword": "approach preservers"},
{"id": 916,
"keyword": "glibc strlen function"},
{"id": 917,
"keyword": "discrete-time markov chains"},
{"id": 918,
"keyword": "categorical predicate transformers implement"},
{"id": 919,
"keyword": "esop 2016 paper"},
{"id": 920,
"keyword": "org jasmin_blanchette isafol"},
{"id": 921,
"keyword": "pseudo-random functions"},
{"id": 922,
"keyword": "ivana vukotic"},
{"id": 923,
"keyword": "academic press"},
{"id": 924,
"keyword": "unverified ssa construction algorithm"},
{"id": 925,
"keyword": "complex plane extended"},
{"id": 926,
"keyword": "dynamic method invocation"},
{"id": 927,
"keyword": "stable property detection"},
{"id": 928,
"keyword": "simpler problem"},
{"id": 929,
"keyword": "cnf formulae"},
{"id": 930,
"keyword": "certified dictionary translation"},
{"id": 931,
"keyword": "combinatorics"},
{"id": 932,
"keyword": "occurrence counts"},
{"id": 933,
"keyword": "cava model checker"},
{"id": 934,
"keyword": "formalization"},
{"id": 935,
"keyword": "popular notion"},
{"id": 936,
"keyword": "original afp entry"},
{"id": 937,
"keyword": "splay trees"},
{"id": 938,
"keyword": "stepwise refinement techniques"},
{"id": 939,
"keyword": "additional operations"},
{"id": 940,
"keyword": "euclidean axiom"},
{"id": 941,
"keyword": "program representation"},
{"id": 942,
"keyword": "simultaneously empowering end hosts"},
{"id": 943,
"keyword": "space complexity guarantees"},
{"id": 944,
"keyword": "noninterference theorem"},
{"id": 945,
"keyword": "data flow analyser"},
{"id": 946,
"keyword": "extent differs"},
{"id": 947,
"keyword": "upper triangular"},
{"id": 948,
"keyword": "lifting function application"},
{"id": 949,
"keyword": "mapping regular expressions"},
{"id": 950,
"keyword": "complicated solution"},
{"id": 951,
"keyword": "pen-and-paper counterpart"},
{"id": 952,
"keyword": "uiuc"},
{"id": 953,
"keyword": "additional extensions"},
{"id": 954,
"keyword": "explicit expression"},
{"id": 955,
"keyword": "bounds due"},
{"id": 956,
"keyword": "divisor function"},
{"id": 957,
"keyword": "important role"},
{"id": 958,
"keyword": "sequential java bytecode"},
{"id": 959,
"keyword": "executable functional implementation"},
{"id": 960,
"keyword": "dense linear orders"},
{"id": 961,
"keyword": "basic forward analysis operations"},
{"id": 962,
"keyword": "detecting rectangle intersection"},
{"id": 963,
"keyword": "direct subsumption"},
{"id": 964,
"keyword": "semantic interpretation"},
{"id": 965,
"keyword": "words lexicographically minimal"},
{"id": 966,
"keyword": "standard laws"},
{"id": 967,
"keyword": "analytic number theory"},
{"id": 968,
"keyword": "symbolic computations"},
{"id": 969,
"keyword": "decision type"},
{"id": 970,
"keyword": "proving correctness"},
{"id": 971,
"keyword": "compute fair prices"},
{"id": 972,
"keyword": "presented work"},
{"id": 973,
"keyword": "fully executable solver"},
{"id": 974,
"keyword": "easily adapted"},
{"id": 975,
"keyword": "process control"},
{"id": 976,
"keyword": "executable sequent calculus prover"},
{"id": 977,
"keyword": "quantum information theory"},
{"id": 978,
"keyword": "formally verified abstract account"},
{"id": 979,
"keyword": "successfully analyzed threads satisfies"},
{"id": 980,
"keyword": "initial segment"},
{"id": 981,
"keyword": "alwen tiu"},
{"id": 982,
"keyword": "public ports"},
{"id": 983,
"keyword": "welfare economics holds"},
{"id": 984,
"keyword": "hol type system"},
{"id": 985,
"keyword": "non-negative solutions"},
{"id": 986,
"keyword": "abstract rewriting"},
{"id": 987,
"keyword": "distributed consensus"},
{"id": 988,
"keyword": "code equation"},
{"id": 989,
"keyword": "generic push-relabel algorithm"},
{"id": 990,
"keyword": "induction rule"},
{"id": 991,
"keyword": "dijkstra"},
{"id": 992,
"keyword": "afp article monadification"},
{"id": 993,
"keyword": "linear order"},
{"id": 994,
"keyword": "fixed time-unit"},
{"id": 995,
"keyword": "real case"},
{"id": 996,
"keyword": "paper local lexing"},
{"id": 997,
"keyword": "5th postulate"},
{"id": 998,
"keyword": "key confirmation"},
{"id": 999,
"keyword": "well-understood low-level behavior"},
{"id": 1000,
"keyword": "proof easily"},
{"id": 1001,
"keyword": "theorem prover ehdm"},
{"id": 1002,
"keyword": "terms relevant"},
{"id": 1003,
"keyword": "json-encoded data"},
{"id": 1004,
"keyword": "generic-deriving package"},
{"id": 1005,
"keyword": "deep embedding approach"},
{"id": 1006,
"keyword": "syntactic approximations imply"},
{"id": 1007,
"keyword": "executable algorithms"},
{"id": 1008,
"keyword": "classical higher-order logic"},
{"id": 1009,
"keyword": "non-negative cost function"},
{"id": 1010,
"keyword": "correctness claims"},
{"id": 1011,
"keyword": "flexible set-based theorems"},
{"id": 1012,
"keyword": "geocoq library"},
{"id": 1013,
"keyword": "methodology chosen"},
{"id": 1014,
"keyword": "previously break"},
{"id": 1015,
"keyword": "identical sequence elements"},
{"id": 1016,
"keyword": "structured isar proofs"},
{"id": 1017,
"keyword": "countably infinite number"},
{"id": 1018,
"keyword": "lebesgue-style integration plays"},
{"id": 1019,
"keyword": "effect specifications"},
{"id": 1020,
"keyword": "atomic formulas"},
{"id": 1021,
"keyword": "folder listinf"},
{"id": 1022,
"keyword": "continuum hypothesis"},
{"id": 1023,
"keyword": "execute programs"},
{"id": 1024,
"keyword": "old_datatype command"},
{"id": 1025,
"keyword": "formal laurent series"},
{"id": 1026,
"keyword": "conditional expectation"},
{"id": 1027,
"keyword": "latin rectangle"},
{"id": 1028,
"keyword": "composite objects"},
{"id": 1029,
"keyword": "application scenarios"},
{"id": 1030,
"keyword": "isar proof"},
{"id": 1031,
"keyword": "stuttering equivalent"},
{"id": 1032,
"keyword": "qualitative temporal representation"},
{"id": 1033,
"keyword": "concrete program satisfies"},
{"id": 1034,
"keyword": "vstte paper"},
{"id": 1035,
"keyword": "regular identities"},
{"id": 1036,
"keyword": "original linear program"},
{"id": 1037,
"keyword": "natural deduction"},
{"id": 1038,
"keyword": "designated root vertex"},
{"id": 1039,
"keyword": "van emde boas tree"},
{"id": 1040,
"keyword": "sylow p-subgroups"},
{"id": 1041,
"keyword": "small classes"},
{"id": 1042,
"keyword": "hermite normal form"},
{"id": 1043,
"keyword": "switching conveniently"},
{"id": 1044,
"keyword": "vdm-reminiscent partial-correctness specifications"},
{"id": 1045,
"keyword": "bounded basic pseudo-hoops"},
{"id": 1046,
"keyword": "region boundaries explicitly"},
{"id": 1047,
"keyword": "georges-louis leclerc"},
{"id": 1048,
"keyword": "maximize reuse"},
{"id": 1049,
"keyword": "mac lane"},
{"id": 1050,
"keyword": "divergence kleene algebras"},
{"id": 1051,
"keyword": "maximum segment sum problem"},
{"id": 1052,
"keyword": "nominal style"},
{"id": 1053,
"keyword": "lattice ordered groups"},
{"id": 1054,
"keyword": "necessarily numbers"},
{"id": 1055,
"keyword": "expected number"},
{"id": 1056,
"keyword": "remainder terms"},
{"id": 1057,
"keyword": "preliminaries chapter"},
{"id": 1058,
"keyword": "confidentiality properties refer"},
{"id": 1059,
"keyword": "executable type inference algorithm"},
{"id": 1060,
"keyword": "infinitary version"},
{"id": 1061,
"keyword": "state-space construction"},
{"id": 1062,
"keyword": "maximal consistent set"},
{"id": 1063,
"keyword": "software framework"},
{"id": 1064,
"keyword": "filled rows"},
{"id": 1065,
"keyword": "magic wand"},
{"id": 1066,
"keyword": "choices"},
{"id": 1067,
"keyword": "bernoulli numbers"},
{"id": 1068,
"keyword": "weak conjunction operator"},
{"id": 1069,
"keyword": "called llist_topology"},
{"id": 1070,
"keyword": "lockstep models"},
{"id": 1071,
"keyword": "type system restrictions"},
{"id": 1072,
"keyword": "indistinguishable security"},
{"id": 1073,
"keyword": "artificial intelligence"},
{"id": 1074,
"keyword": "standard approach"},
{"id": 1075,
"keyword": "derived proof rules"},
{"id": 1076,
"keyword": "mathematical components"},
{"id": 1077,
"keyword": "multiset-comparison problems"},
{"id": 1078,
"keyword": "linear pass homomorphic application"},
{"id": 1079,
"keyword": "planning tasks language"},
{"id": 1080,
"keyword": "dfs algorithm"},
{"id": 1081,
"keyword": "arbitrary linearly-ordered integrity domains"},
{"id": 1082,
"keyword": "smith normal form"},
{"id": 1083,
"keyword": "predicate identifies"},
{"id": 1084,
"keyword": "reasoning stays"},
{"id": 1085,
"keyword": "reducible control flow graph"},
{"id": 1086,
"keyword": "discrete category"},
{"id": 1087,
"keyword": "present work"},
{"id": 1088,
"keyword": "omnipresent foundational errors"},
{"id": 1089,
"keyword": "functional correctness"},
{"id": 1090,
"keyword": "individual program behaviours"},
{"id": 1091,
"keyword": "common special case"},
{"id": 1092,
"keyword": "afp entry dom_components"},
{"id": 1093,
"keyword": "matryoshka website"},
{"id": 1094,
"keyword": "empirical evaluation"},
{"id": 1095,
"keyword": "mansky"},
{"id": 1096,
"keyword": "seminal paper natural semantics"},
{"id": 1097,
"keyword": "bytecode logic"},
{"id": 1098,
"keyword": "accommodates partial functions"},
{"id": 1099,
"keyword": "recursive datatype"},
{"id": 1100,
"keyword": "channel protocols"},
{"id": 1101,
"keyword": "locale eval lowbar"},
{"id": 1102,
"keyword": "hand-written theory files"},
{"id": 1103,
"keyword": "partial herbrand interpretations"},
{"id": 1104,
"keyword": "formally verified model"},
{"id": 1105,
"keyword": "deletion condition"},
{"id": 1106,
"keyword": "weak bisimilarity"},
{"id": 1107,
"keyword": "security unwinding technique"},
{"id": 1108,
"keyword": "negative real parts"},
{"id": 1109,
"keyword": "linear real arithmetic"},
{"id": 1110,
"keyword": "implicit reasoning steps"},
{"id": 1111,
"keyword": "iterative versions"},
{"id": 1112,
"keyword": "ab leq int_0"},
{"id": 1113,
"keyword": "bernays-tarski axiom system"},
{"id": 1114,
"keyword": "isoscele triangles"},
{"id": 1115,
"keyword": "euler ndash"},
{"id": 1116,
"keyword": "afp entry bnf operations"},
{"id": 1117,
"keyword": "verified virtual machines"},
{"id": 1118,
"keyword": "general infinite processes"},
{"id": 1119,
"keyword": "interesting syntactic subclass"},
{"id": 1120,
"keyword": "internal representation"},
{"id": 1121,
"keyword": "concurrent programs"},
{"id": 1122,
"keyword": "generalized noninterference security"},
{"id": 1123,
"keyword": "varphi_i vee mathbf"},
{"id": 1124,
"keyword": "purely logical result yielding"},
{"id": 1125,
"keyword": "shallow semantical embeddings"},
{"id": 1126,
"keyword": "security statements"},
{"id": 1127,
"keyword": "euler-maclaurin formula relates"},
{"id": 1128,
"keyword": "hol library"},
{"id": 1129,
"keyword": "recursive enumerability"},
{"id": 1130,
"keyword": "quantum programs"},
{"id": 1131,
"keyword": "shallow embedding"},
{"id": 1132,
"keyword": "safety policy"},
{"id": 1133,
"keyword": "wider scope"},
{"id": 1134,
"keyword": "basic classical properties"},
{"id": 1135,
"keyword": "sufficient criterion"},
{"id": 1136,
"keyword": "concurrent reads"},
{"id": 1137,
"keyword": "symbolic execution"},
{"id": 1138,
"keyword": "message anonymity"},
{"id": 1139,
"keyword": "epistemic logic theory"},
{"id": 1140,
"keyword": "detailed apply scripts"},
{"id": 1141,
"keyword": "preliminary evaluations"},
{"id": 1142,
"keyword": "algebraic number executable"},
{"id": 1143,
"keyword": "correspondence theorem"},
{"id": 1144,
"keyword": "von neumann measurements"},
{"id": 1145,
"keyword": "interesting case study"},
{"id": 1146,
"keyword": "compiler correctness proof shorter"},
{"id": 1147,
"keyword": "tolerate faults"},
{"id": 1148,
"keyword": "morally questionable"},
{"id": 1149,
"keyword": "gromov boundary"},
{"id": 1150,
"keyword": "slicing based"},
{"id": 1151,
"keyword": "interactive visual theorem prover"},
{"id": 1152,
"keyword": "hol-algebra library"},
{"id": 1153,
"keyword": "functional program"},
{"id": 1154,
"keyword": "decision procedure toolkit"},
{"id": 1155,
"keyword": "coordination"},
{"id": 1156,
"keyword": "trace set process"},
{"id": 1157,
"keyword": "standard textbook version"},
{"id": 1158,
"keyword": "timed automata"},
{"id": 1159,
"keyword": "lsfa 2020 paper"},
{"id": 1160,
"keyword": "data refinement framework"},
{"id": 1161,
"keyword": "non-terminating executions"},
{"id": 1162,
"keyword": "bius transformations"},
{"id": 1163,
"keyword": "register refers"},
{"id": 1164,
"keyword": "reactive systems"},
{"id": 1165,
"keyword": "connecting algebraic varieties"},
{"id": 1166,
"keyword": "algorithm meets schneider"},
{"id": 1167,
"keyword": "successfully formalising"},
{"id": 1168,
"keyword": "specialized sliding window algorithm"},
{"id": 1169,
"keyword": "stuttering invariance central"},
{"id": 1170,
"keyword": "arbitrary data"},
{"id": 1171,
"keyword": "obtain liouville numbers"},
{"id": 1172,
"keyword": "tree boundaries set"},
{"id": 1173,
"keyword": "key agreement protocols"},
{"id": 1174,
"keyword": "recovering structure"},
{"id": 1175,
"keyword": "active research topic"},
{"id": 1176,
"keyword": "proof rules indexed"},
{"id": 1177,
"keyword": "algorithm tolerates"},
{"id": 1178,
"keyword": "measuring angles"},
{"id": 1179,
"keyword": "empty bst"},
{"id": 1180,
"keyword": "reusing facts"},
{"id": 1181,
"keyword": "remainder sequences"},
{"id": 1182,
"keyword": "fully-featured compositional framework"},
{"id": 1183,
"keyword": "order extension"},
{"id": 1184,
"keyword": "practical purposes"},
{"id": 1185,
"keyword": "dynamically typed programming languages"},
{"id": 1186,
"keyword": "matrix equation"},
{"id": 1187,
"keyword": "substitute hybrid games"},
{"id": 1188,
"keyword": "transition system"},
{"id": 1189,
"keyword": "quantified modal logic kb"},
{"id": 1190,
"keyword": "sorts objects"},
{"id": 1191,
"keyword": "certified factorization algorithm"},
{"id": 1192,
"keyword": "systems communication"},
{"id": 1193,
"keyword": "framing conditions"},
{"id": 1194,
"keyword": "completeness"},
{"id": 1195,
"keyword": "astronomically huge"},
{"id": 1196,
"keyword": "finitely generated polynomial ideals"},
{"id": 1197,
"keyword": "transitive closure bypasses matrices"},
{"id": 1198,
"keyword": "expected accuracy"},
{"id": 1199,
"keyword": "rado"},
{"id": 1200,
"keyword": "strong local confluence"},
{"id": 1201,
"keyword": "3rd edition"},
{"id": 1202,
"keyword": "sch15 anders schlichtkrull"},
{"id": 1203,
"keyword": "hoc on-demand distance vector"},
{"id": 1204,
"keyword": "expected properties"},
{"id": 1205,
"keyword": "longer guaranteed"},
{"id": 1206,
"keyword": "realistic virtual machine"},
{"id": 1207,
"keyword": "developing security protocols"},
{"id": 1208,
"keyword": "call root-balanced trees"},
{"id": 1209,
"keyword": "algebraic numbers beta_1"},
{"id": 1210,
"keyword": "function eval"},
{"id": 1211,
"keyword": "floating-point numbers"},
{"id": 1212,
"keyword": "price vickrey auction"},
{"id": 1213,
"keyword": "classical hoare"},
{"id": 1214,
"keyword": "running average"},
{"id": 1215,
"keyword": "james margetson"},
{"id": 1216,
"keyword": "dedicated vertices"},
{"id": 1217,
"keyword": "hereditarily finite"},
{"id": 1218,
"keyword": "lemma"},
{"id": 1219,
"keyword": "verify axioms"},
{"id": 1220,
"keyword": "time events"},
{"id": 1221,
"keyword": "piecewise continuous functions"},
{"id": 1222,
"keyword": "feature dependent types"},
{"id": 1223,
"keyword": "worst-case optimal multiway-join algorithms"},
{"id": 1224,
"keyword": "treated abstractly"},
{"id": 1225,
"keyword": "omega operation"},
{"id": 1226,
"keyword": "theory fair-stream"},
{"id": 1227,
"keyword": "independent random variables"},
{"id": 1228,
"keyword": "terms algebraically"},
{"id": 1229,
"keyword": "nested binary joins"},
{"id": 1230,
"keyword": "fin"},
{"id": 1231,
"keyword": "yosuke-ito-345 actuary"},
{"id": 1232,
"keyword": "directly executable program"},
{"id": 1233,
"keyword": "algebraic hierarchy"},
{"id": 1234,
"keyword": "sufficiently large"},
{"id": 1235,
"keyword": "enhanced confidence"},
{"id": 1236,
"keyword": "efficiently compute"},
{"id": 1237,
"keyword": "resulting automaton"},
{"id": 1238,
"keyword": "kleene algebra hierarchy"},
{"id": 1239,
"keyword": "periodicity lemma"},
{"id": 1240,
"keyword": "article added material"},
{"id": 1241,
"keyword": "infinite polynomial"},
{"id": 1242,
"keyword": "runtime faults"},
{"id": 1243,
"keyword": "abstract property"},
{"id": 1244,
"keyword": "function definitions"},
{"id": 1245,
"keyword": "standard transfinite kbo"},
{"id": 1246,
"keyword": "secure stateful implementation"},
{"id": 1247,
"keyword": "adjoint functors preserve limits"},
{"id": 1248,
"keyword": "sub-probability mass functions"},
{"id": 1249,
"keyword": "linear time"},
{"id": 1250,
"keyword": "purely syntactic criteria"},
{"id": 1251,
"keyword": "mechanically verifying algorithms"},
{"id": 1252,
"keyword": "non-strict computations"},
{"id": 1253,
"keyword": "derive proofs"},
{"id": 1254,
"keyword": "expressive power"},
{"id": 1255,
"keyword": "textbook presentation"},
{"id": 1256,
"keyword": "io monad"},
{"id": 1257,
"keyword": "common language features"},
{"id": 1258,
"keyword": "mutually recursive procedures"},
{"id": 1259,
"keyword": "intervals"},
{"id": 1260,
"keyword": "defensive strategies exist"},
{"id": 1261,
"keyword": "ordinal arithmetic"},
{"id": 1262,
"keyword": "security protocols based"},
{"id": 1263,
"keyword": "cryptographically secure proof"},
{"id": 1264,
"keyword": "incidence systems"},
{"id": 1265,
"keyword": "domain theory"},
{"id": 1266,
"keyword": "class models"},
{"id": 1267,
"keyword": "fully automated methods"},
{"id": 1268,
"keyword": "current formalization"},
{"id": 1269,
"keyword": "formalisation presents"},
{"id": 1270,
"keyword": "contradicts consensus"},
{"id": 1271,
"keyword": "classical implicational logic"},
{"id": 1272,
"keyword": "group divisible designs"},
{"id": 1273,
"keyword": "self-contained specification"},
{"id": 1274,
"keyword": "successor search"},
{"id": 1275,
"keyword": "full details"},
{"id": 1276,
"keyword": "standard redundancy criterion"},
{"id": 1277,
"keyword": "algebraic geometry"},
{"id": 1278,
"keyword": "material decribed"},
{"id": 1279,
"keyword": "abstract rewrite system"},
{"id": 1280,
"keyword": "recursive function operates"},
{"id": 1281,
"keyword": "sequential compactness"},
{"id": 1282,
"keyword": "core part"},
{"id": 1283,
"keyword": "w_i a_i"},
{"id": 1284,
"keyword": "operations run"},
{"id": 1285,
"keyword": "interpreting intensional type systems"},
{"id": 1286,
"keyword": "retain key properties"},
{"id": 1287,
"keyword": "lexicographic algorithm incorporating"},
{"id": 1288,
"keyword": "llists"},
{"id": 1289,
"keyword": "success probability grows exponentially"},
{"id": 1290,
"keyword": "generate"},
{"id": 1291,
"keyword": "34th ifip international conference"},
{"id": 1292,
"keyword": "abstract academic models"},
{"id": 1293,
"keyword": "notably poicar recurrence theorem"},
{"id": 1294,
"keyword": "relevant definitions"},
{"id": 1295,
"keyword": "refinement steps"},
{"id": 1296,
"keyword": "time polynomial"},
{"id": 1297,
"keyword": "skip lists consists"},
{"id": 1298,
"keyword": "stream versions"},
{"id": 1299,
"keyword": "update constant pattern"},
{"id": 1300,
"keyword": "small-step operational semantics"},
{"id": 1301,
"keyword": "set partitions"},
{"id": 1302,
"keyword": "explicit construction"},
{"id": 1303,
"keyword": "mechanised proofs offermat"},
{"id": 1304,
"keyword": "concurrent sub-models"},
{"id": 1305,
"keyword": "parallel branches"},
{"id": 1306,
"keyword": "cubic equations"},
{"id": 1307,
"keyword": "computably enumerable sets"},
{"id": 1308,
"keyword": "machine-verifiable proof certificates"},
{"id": 1309,
"keyword": "simple language"},
{"id": 1310,
"keyword": "poincar -bendixson theorem"},
{"id": 1311,
"keyword": "relevant material"},
{"id": 1312,
"keyword": "efficient data structures"},
{"id": 1313,
"keyword": "extended real line"},
{"id": 1314,
"keyword": "sunflower lemma"},
{"id": 1315,
"keyword": "intransitive policy"},
{"id": 1316,
"keyword": "universal property"},
{"id": 1317,
"keyword": "algebraically closed field"},
{"id": 1318,
"keyword": "larger memory"},
{"id": 1319,
"keyword": "program verification environment"},
{"id": 1320,
"keyword": "basic modal logics"},
{"id": 1321,
"keyword": "nested multisets"},
{"id": 1322,
"keyword": "concrete mathematics"},
{"id": 1323,
"keyword": "safe ocl distincts nullable"},
{"id": 1324,
"keyword": "ramsey"},
{"id": 1325,
"keyword": "thy -files"},
{"id": 1326,
"keyword": "deterministic processes"},
{"id": 1327,
"keyword": "logarithmic expected time"},
{"id": 1328,
"keyword": "generic work-list algorithm"},
{"id": 1329,
"keyword": "theorems related"},
{"id": 1330,
"keyword": "generic type class implementation"},
{"id": 1331,
"keyword": "subtle behaviors"},
{"id": 1332,
"keyword": "set construction"},
{"id": 1333,
"keyword": "asymptotic growth approximation"},
{"id": 1334,
"keyword": "well-order relation"},
{"id": 1335,
"keyword": "encryption schemes"},
{"id": 1336,
"keyword": "ipv6 addresses"},
{"id": 1337,
"keyword": "trusted base"},
{"id": 1338,
"keyword": "identifying finite-dimensional operators"},
{"id": 1339,
"keyword": "restricted schedules"},
{"id": 1340,
"keyword": "fabian immler"},
{"id": 1341,
"keyword": "count real roots"},
{"id": 1342,
"keyword": "abstract data structures"},
{"id": 1343,
"keyword": "policy decision function"},
{"id": 1344,
"keyword": "solutions based"},
{"id": 1345,
"keyword": "produce labeled subgoals"},
{"id": 1346,
"keyword": "quadratic virtual substitution"},
{"id": 1347,
"keyword": "partial translation"},
{"id": 1348,
"keyword": "tedious proofs"},
{"id": 1349,
"keyword": "jordan decomposition theorem"},
{"id": 1350,
"keyword": "algorithm decodes correctly"},
{"id": 1351,
"keyword": "support tostring functions"},
{"id": 1352,
"keyword": "underlying concepts"},
{"id": 1353,
"keyword": "defining web components"},
{"id": 1354,
"keyword": "financial theory"},
{"id": 1355,
"keyword": "self-adjusting binary search trees"},
{"id": 1356,
"keyword": "code generation facility"},
{"id": 1357,
"keyword": "carefully crafted"},
{"id": 1358,
"keyword": "topological space generated"},
{"id": 1359,
"keyword": "proving functional correctness"},
{"id": 1360,
"keyword": "original design"},
{"id": 1361,
"keyword": "squares problem"},
{"id": 1362,
"keyword": "formal reasoning"},
{"id": 1363,
"keyword": "temporal logic operators"},
{"id": 1364,
"keyword": "quadratic real arithmetic"},
{"id": 1365,
"keyword": "rank nullity theorem entry"},
{"id": 1366,
"keyword": "pairwise commuting matrices"},
{"id": 1367,
"keyword": "requires precise statements"},
{"id": 1368,
"keyword": "linear size"},
{"id": 1369,
"keyword": "bird tree"},
{"id": 1370,
"keyword": "series consisting"},
{"id": 1371,
"keyword": "pdf"},
{"id": 1372,
"keyword": "standard arithmetic"},
{"id": 1373,
"keyword": "executable function eval"},
{"id": 1374,
"keyword": "extensible record package"},
{"id": 1375,
"keyword": "data secrecy"},
{"id": 1376,
"keyword": "model checking"},
{"id": 1377,
"keyword": "publication tphols 2009"},
{"id": 1378,
"keyword": "additional control flow analysis"},
{"id": 1379,
"keyword": "hermite-lindemann-weierstra theorem"},
{"id": 1380,
"keyword": "ocl type system"},
{"id": 1381,
"keyword": "x_1 exists"},
{"id": 1382,
"keyword": "formalization consists"},
{"id": 1383,
"keyword": "modal relational type theory"},
{"id": 1384,
"keyword": "szl kalm"},
{"id": 1385,
"keyword": "significant gain"},
{"id": 1386,
"keyword": "separation logic assertion"},
{"id": 1387,
"keyword": "shallowly embed"},
{"id": 1388,
"keyword": "specially well-"},
{"id": 1389,
"keyword": "random systems"},
{"id": 1390,
"keyword": "perron ndash"},
{"id": 1391,
"keyword": "unified approximation order"},
{"id": 1392,
"keyword": "structures"},
{"id": 1393,
"keyword": "building high-performance multiprocessor software"},
{"id": 1394,
"keyword": "foundational assumptions"},
{"id": 1395,
"keyword": "cute puzzles"},
{"id": 1396,
"keyword": "relation algebras extended"},
{"id": 1397,
"keyword": "originally expressed"},
{"id": 1398,
"keyword": "frobenius theorem"},
{"id": 1399,
"keyword": "space complexity"},
{"id": 1400,
"keyword": "infinite series built"},
{"id": 1401,
"keyword": "previous algorithms"},
{"id": 1402,
"keyword": "abstract algorithm working"},
{"id": 1403,
"keyword": "main premise"},
{"id": 1404,
"keyword": "deciding relative safety"},
{"id": 1405,
"keyword": "spatially-separated views"},
{"id": 1406,
"keyword": "list update algorithms"},
{"id": 1407,
"keyword": "single nodes"},
{"id": 1408,
"keyword": "fourier series"},
{"id": 1409,
"keyword": "file write"},
{"id": 1410,
"keyword": "adapted versions"},
{"id": 1411,
"keyword": "magic wand assertion"},
{"id": 1412,
"keyword": "adequacy proof"},
{"id": 1413,
"keyword": "sd-strategy- proofness"},
{"id": 1414,
"keyword": "balog szemeredi gowers theorem"},
{"id": 1415,
"keyword": "dual incidence systems"},
{"id": 1416,
"keyword": "primitive pythagorean triples"},
{"id": 1417,
"keyword": "akra-bazzi method based"},
{"id": 1418,
"keyword": "important properties"},
{"id": 1419,
"keyword": "basic graph theory definitions"},
{"id": 1420,
"keyword": "unique irreducible factors"},
{"id": 1421,
"keyword": "outgoing edges"},
{"id": 1422,
"keyword": "target imperative hol"},
{"id": 1423,
"keyword": "efficiently executable"},
{"id": 1424,
"keyword": "lifting operation"},
{"id": 1425,
"keyword": "lens algebra"},
{"id": 1426,
"keyword": "agm operators"},
{"id": 1427,
"keyword": "book"},
{"id": 1428,
"keyword": "behaviour structure"},
{"id": 1429,
"keyword": "complete semantics"},
{"id": 1430,
"keyword": "simple solution"},
{"id": 1431,
"keyword": "fixed-width machine words"},
{"id": 1432,
"keyword": "thread creation"},
{"id": 1433,
"keyword": "ip-route command"},
{"id": 1434,
"keyword": "underlying libraries"},
{"id": 1435,
"keyword": "formally verified checkers"},
{"id": 1436,
"keyword": "direct corollaries"},
{"id": 1437,
"keyword": "authors upcoming dissertation"},
{"id": 1438,
"keyword": "restrictive definition"},
{"id": 1439,
"keyword": "interactive program verification environment"},
{"id": 1440,
"keyword": "extensible design permits"},
{"id": 1441,
"keyword": "earlier afp entry"},
{"id": 1442,
"keyword": "automated proof tactics"},
{"id": 1443,
"keyword": "metatheoretical observation"},
{"id": 1444,
"keyword": "plane geometry"},
{"id": 1445,
"keyword": "finite trees"},
{"id": 1446,
"keyword": "wide design space"},
{"id": 1447,
"keyword": "hellip"},
{"id": 1448,
"keyword": "trace set inclusion"},
{"id": 1449,
"keyword": "alpern"},
{"id": 1450,
"keyword": "mathematical development presented"},
{"id": 1451,
"keyword": "formal version"},
{"id": 1452,
"keyword": "lambda-free recursive path orders"},
{"id": 1453,
"keyword": "concrete result"},
{"id": 1454,
"keyword": "square complex matrix"},
{"id": 1455,
"keyword": "quantitative temporal constraints"},
{"id": 1456,
"keyword": "formalization effort necessitated"},
{"id": 1457,
"keyword": "stepwise program refinement"},
{"id": 1458,
"keyword": "theoretical computer science"},
{"id": 1459,
"keyword": "sequential composition"},
{"id": 1460,
"keyword": "combinatorial auction"},
{"id": 1461,
"keyword": "1007 978-3-030-90138-7_2"},
{"id": 1462,
"keyword": "article builds"},
{"id": 1463,
"keyword": "paraconsistent logic avoids"},
{"id": 1464,
"keyword": "mixed-product property"},
{"id": 1465,
"keyword": "operator applications"},
{"id": 1466,
"keyword": "information whatsoever flows"},
{"id": 1467,
"keyword": "tla specifications"},
{"id": 1468,
"keyword": "security type system"},
{"id": 1469,
"keyword": "pide development environment"},
{"id": 1470,
"keyword": "entry vcg auctions"},
{"id": 1471,
"keyword": "locally control back-end settings"},
{"id": 1472,
"keyword": "bounded linear functions"},
{"id": 1473,
"keyword": "deliberately restrict"},
{"id": 1474,
"keyword": "sample main"},
{"id": 1475,
"keyword": "construct proper generic extensions"},
{"id": 1476,
"keyword": "reusable proof components"},
{"id": 1477,
"keyword": "deductive tools"},
{"id": 1478,
"keyword": "linearly ordered sets"},
{"id": 1479,
"keyword": "primal problem"},
{"id": 1480,
"keyword": "combine multiple methods"},
{"id": 1481,
"keyword": "model checkers"},
{"id": 1482,
"keyword": "extract efficient code"},
{"id": 1483,
"keyword": "strips fragment"},
{"id": 1484,
"keyword": "surely produce"},
{"id": 1485,
"keyword": "original query"},
{"id": 1486,
"keyword": "presents interesting results"},
{"id": 1487,
"keyword": "intersecting chords theorem"},
{"id": 1488,
"keyword": "lift larger classes"},
{"id": 1489,
"keyword": "entry"},
{"id": 1490,
"keyword": "related rewrite rules"},
{"id": 1491,
"keyword": "weaker statement contained"},
{"id": 1492,
"keyword": "automate canonical tasks"},
{"id": 1493,
"keyword": "perform update operations naively"},
{"id": 1494,
"keyword": "usual redundancy elimination rules"},
{"id": 1495,
"keyword": "present"},
{"id": 1496,
"keyword": "pairwise comparison"},
{"id": 1497,
"keyword": "compositional algorithm"},
{"id": 1498,
"keyword": "inconsistent bounds"},
{"id": 1499,
"keyword": "symmetric polynomial combination"},
{"id": 1500,
"keyword": "conjectured relation"},
{"id": 1501,
"keyword": "expression typing rules"},
{"id": 1502,
"keyword": "csp noninterference security stated"},
{"id": 1503,
"keyword": "avoiding quantification"},
{"id": 1504,
"keyword": "varepsilon 0"},
{"id": 1505,
"keyword": "purposefully incomplete"},
{"id": 1506,
"keyword": "combinatorial proof requires construction"},
{"id": 1507,
"keyword": "adam betts"},
{"id": 1508,
"keyword": "real-normed fields"},
{"id": 1509,
"keyword": "algebraic structure"},
{"id": 1510,
"keyword": "unlike treaps"},
{"id": 1511,
"keyword": "lemma statements"},
{"id": 1512,
"keyword": "sorted linked lists enhanced"},
{"id": 1513,
"keyword": "uniformly bounded"},
{"id": 1514,
"keyword": "compiler correctness"},
{"id": 1515,
"keyword": "small step semantics"},
{"id": 1516,
"keyword": "alexander birch jensen"},
{"id": 1517,
"keyword": "mathematical theories"},
{"id": 1518,
"keyword": "failure divergence model"},
{"id": 1519,
"keyword": "bnfcc theory"},
{"id": 1520,
"keyword": "diagonal functors"},
{"id": 1521,
"keyword": "partial synchrony"},
{"id": 1522,
"keyword": "preserves semantics"},
{"id": 1523,
"keyword": "obtain dynamic programming algorithms"},
{"id": 1524,
"keyword": "refine system specifications"},
{"id": 1525,
"keyword": "process crashes"},
{"id": 1526,
"keyword": "algorithm multiple times independently"},
{"id": 1527,
"keyword": "diagonal-free timed automata"},
{"id": 1528,
"keyword": "-free higher-order terms"},
{"id": 1529,
"keyword": "generic imperative algorithms"},
{"id": 1530,
"keyword": "gromov hyperbolic"},
{"id": 1531,
"keyword": "imaginary part"},
{"id": 1532,
"keyword": "artificial general intelligence"},
{"id": 1533,
"keyword": "coreutils sha256 implementation"},
{"id": 1534,
"keyword": "traditional formalisations"},
{"id": 1535,
"keyword": "floating-point operations"},
{"id": 1536,
"keyword": "landau expressions"},
{"id": 1537,
"keyword": "asymptotic relation"},
{"id": 1538,
"keyword": "lebesgue measure"},
{"id": 1539,
"keyword": "original design based"},
{"id": 1540,
"keyword": "document root"},
{"id": 1541,
"keyword": "solve automatically"},
{"id": 1542,
"keyword": "trick"},
{"id": 1543,
"keyword": "weight-balanced trees"},
{"id": 1544,
"keyword": "development forms"},
{"id": 1545,
"keyword": "earlier version"},
{"id": 1546,
"keyword": "afp entries goedel_hfset_semantic"},
{"id": 1547,
"keyword": "fairly obvious properties"},
{"id": 1548,
"keyword": "parigots -calculus"},
{"id": 1549,
"keyword": "construct real exponents"},
{"id": 1550,
"keyword": "nicta l4v"},
{"id": 1551,
"keyword": "fully canceled words"},
{"id": 1552,
"keyword": "concrete syntax"},
{"id": 1553,
"keyword": "standard two-phase slicer"},
{"id": 1554,
"keyword": "simple executable algorithms"},
{"id": 1555,
"keyword": "unbounded nondeterminism"},
{"id": 1556,
"keyword": "a-priori bound"},
{"id": 1557,
"keyword": "single partial binary operation"},
{"id": 1558,
"keyword": "hol definitions"},
{"id": 1559,
"keyword": "longer periods"},
{"id": 1560,
"keyword": "atomic elements"},
{"id": 1561,
"keyword": "linear equations"},
{"id": 1562,
"keyword": "group_add class"},
{"id": 1563,
"keyword": "formalizing game-based proofs"},
{"id": 1564,
"keyword": "analytic function"},
{"id": 1565,
"keyword": "previous afp entry"},
{"id": 1566,
"keyword": "solving equations"},
{"id": 1567,
"keyword": "random binary search trees"},
{"id": 1568,
"keyword": "presents experimental results"},
{"id": 1569,
"keyword": "invariance"},
{"id": 1570,
"keyword": "abstract data type"},
{"id": 1571,
"keyword": "replicated data"},
{"id": 1572,
"keyword": "square roots"},
{"id": 1573,
"keyword": "stuttering sampling functions"},
{"id": 1574,
"keyword": "poincar disc model development"},
{"id": 1575,
"keyword": "concurrent operations"},
{"id": 1576,
"keyword": "immensely helpful"},
{"id": 1577,
"keyword": "intrinsic properties"},
{"id": 1578,
"keyword": "approach enables easy links"},
{"id": 1579,
"keyword": "category theory written"},
{"id": 1580,
"keyword": "high-level type systems"},
{"id": 1581,
"keyword": "schur decomposition"},
{"id": 1582,
"keyword": "stuttering"},
{"id": 1583,
"keyword": "language theory"},
{"id": 1584,
-"keyword": "smt proof"},
+"keyword": "restricted solution space"},
{"id": 1585,
+"keyword": "smt proof"},
+{"id": 1586,
"keyword": "permission amounts held"},
-{"id": 1586,
-"keyword": "fourth sylow theorems"},
{"id": 1587,
+"keyword": "fourth sylow theorems"},
+{"id": 1588,
"keyword": "single infinite point"},
-{"id": 1588,
+{"id": 1589,
"keyword": "intuitive arguments found"},
-{"id": 1589,
+{"id": 1590,
"keyword": "defensive jinja virtual machine"},
-{"id": 1590,
-"keyword": "type class"},
{"id": 1591,
+"keyword": "type class"},
+{"id": 1592,
"keyword": "twelve bijections"},
-{"id": 1592,
+{"id": 1593,
"keyword": "torino group"},
-{"id": 1593,
+{"id": 1594,
"keyword": "semantic embedding"},
-{"id": 1594,
+{"id": 1595,
"keyword": "previous theorem"},
-{"id": 1595,
+{"id": 1596,
"keyword": "digit shifts"},
-{"id": 1596,
+{"id": 1597,
"keyword": "cardinality"},
-{"id": 1597,
+{"id": 1598,
"keyword": "polynomial factorisation algorithms ndash"},
-{"id": 1598,
-"keyword": "protocol analysis"},
{"id": 1599,
+"keyword": "protocol analysis"},
+{"id": 1600,
"keyword": "earlier joint work"},
-{"id": 1600,
+{"id": 1601,
"keyword": "statement boundaries"},
-{"id": 1601,
+{"id": 1602,
"keyword": "polynomial rings"},
-{"id": 1602,
+{"id": 1603,
"keyword": "operational rules"},
-{"id": 1603,
-"keyword": "original compilation process"},
{"id": 1604,
-"keyword": "specification language"},
+"keyword": "original compilation process"},
{"id": 1605,
+"keyword": "specification language"},
+{"id": 1606,
"keyword": "maximally consistent sets"},
-{"id": 1606,
+{"id": 1607,
"keyword": "von-neumann-morgenstern utility theorem"},
-{"id": 1607,
-"keyword": "tarski-seidenberg theorem established"},
{"id": 1608,
-"keyword": "streamlining formal definitions"},
+"keyword": "tarski-seidenberg theorem established"},
{"id": 1609,
+"keyword": "streamlining formal definitions"},
+{"id": 1610,
"keyword": "exhibit core features"},
-{"id": 1610,
+{"id": 1611,
"keyword": "right-hand side"},
-{"id": 1611,
+{"id": 1612,
"keyword": "calculating operators"},
-{"id": 1612,
+{"id": 1613,
"keyword": "generated code implements"},
-{"id": 1613,
+{"id": 1614,
"keyword": "automatic instantiation"},
-{"id": 1614,
-"keyword": "skew heaps"},
{"id": 1615,
+"keyword": "skew heaps"},
+{"id": 1616,
"keyword": "completely remove tedious proofs"},
-{"id": 1616,
+{"id": 1617,
"keyword": "session keys"},
-{"id": 1617,
+{"id": 1618,
"keyword": "halting problem"},
-{"id": 1618,
+{"id": 1619,
"keyword": "atkinson lemma"},
-{"id": 1619,
-"keyword": "additional theory"},
{"id": 1620,
-"keyword": "boolos gave"},
+"keyword": "additional theory"},
{"id": 1621,
+"keyword": "boolos gave"},
+{"id": 1622,
"keyword": "lemma based"},
-{"id": 1622,
+{"id": 1623,
"keyword": "hales jewett theorem"},
-{"id": 1623,
-"keyword": "regular sets"},
{"id": 1624,
+"keyword": "regular sets"},
+{"id": 1625,
"keyword": "web components"},
-{"id": 1625,
-"keyword": "stuart rankin"},
{"id": 1626,
+"keyword": "stuart rankin"},
+{"id": 1627,
"keyword": "18th century"},
-{"id": 1627,
-"keyword": "roots"},
{"id": 1628,
-"keyword": "style presented"},
+"keyword": "roots"},
{"id": 1629,
+"keyword": "style presented"},
+{"id": 1630,
"keyword": "complementing previous encodings"},
-{"id": 1630,
+{"id": 1631,
"keyword": "hoc fashion"},
-{"id": 1631,
-"keyword": "algebraic number implementation"},
{"id": 1632,
+"keyword": "algebraic number implementation"},
+{"id": 1633,
"keyword": "transcendence criteria"},
-{"id": 1633,
-"keyword": "exponential series"},
{"id": 1634,
+"keyword": "exponential series"},
+{"id": 1635,
"keyword": "finite dimensional vector space"},
-{"id": 1635,
-"keyword": "synthetic approach"},
{"id": 1636,
-"keyword": "function calls"},
+"keyword": "synthetic approach"},
{"id": 1637,
+"keyword": "function calls"},
+{"id": 1638,
"keyword": "hereditarily finite sets"},
-{"id": 1638,
+{"id": 1639,
"keyword": "free theorems"},
-{"id": 1639,
-"keyword": "stuttering equivalence"},
{"id": 1640,
-"keyword": "predicate abstraction"},
+"keyword": "stuttering equivalence"},
{"id": 1641,
+"keyword": "predicate abstraction"},
+{"id": 1642,
"keyword": "formula represent propositional formulas"},
-{"id": 1642,
+{"id": 1643,
"keyword": "preorder relations"},
-{"id": 1643,
+{"id": 1644,
"keyword": "bound variables"},
-{"id": 1644,
+{"id": 1645,
"keyword": "first-order quantification"},
-{"id": 1645,
+{"id": 1646,
"keyword": "skew binomial heaps"},
-{"id": 1646,
-"keyword": "control operators"},
{"id": 1647,
+"keyword": "control operators"},
+{"id": 1648,
"keyword": "form construction algorithm"},
-{"id": 1648,
+{"id": 1649,
"keyword": "central meta theorem"},
-{"id": 1649,
+{"id": 1650,
"keyword": "matrix representation"},
-{"id": 1650,
+{"id": 1651,
"keyword": "data complexity"},
-{"id": 1651,
-"keyword": "modular arithmetic plays"},
{"id": 1652,
-"keyword": "fairly nice"},
+"keyword": "modular arithmetic plays"},
{"id": 1653,
+"keyword": "fairly nice"},
+{"id": 1654,
"keyword": "foundational structures"},
-{"id": 1654,
+{"id": 1655,
"keyword": "direct recursion"},
-{"id": 1655,
-"keyword": "mathematical logic"},
{"id": 1656,
+"keyword": "mathematical logic"},
+{"id": 1657,
"keyword": "higher-order superposition calculus"},
-{"id": 1657,
-"keyword": "purely algebraic"},
{"id": 1658,
+"keyword": "purely algebraic"},
+{"id": 1659,
"keyword": "differentiability"},
-{"id": 1659,
-"keyword": "logging-independent message anonymity"},
{"id": 1660,
-"keyword": "functional implementation"},
+"keyword": "logging-independent message anonymity"},
{"id": 1661,
+"keyword": "functional implementation"},
+{"id": 1662,
"keyword": "composition series"},
-{"id": 1662,
+{"id": 1663,
"keyword": "ordered resolution"},
-{"id": 1663,
-"keyword": "chinese remainder theorem"},
{"id": 1664,
+"keyword": "chinese remainder theorem"},
+{"id": 1665,
"keyword": "clausal consequences"},
-{"id": 1665,
-"keyword": "consistent fol theories extending"},
{"id": 1666,
+"keyword": "consistent fol theories extending"},
+{"id": 1667,
"keyword": "real coefficients"},
-{"id": 1667,
+{"id": 1668,
"keyword": "turing machines arose"},
-{"id": 1668,
+{"id": 1669,
"keyword": "sparcv8 architecture"},
-{"id": 1669,
-"keyword": "compositional noninterference"},
{"id": 1670,
+"keyword": "compositional noninterference"},
+{"id": 1671,
"keyword": "simd extensions"},
-{"id": 1671,
+{"id": 1672,
"keyword": "imperative hol heap monad"},
-{"id": 1672,
+{"id": 1673,
"keyword": "error message"},
-{"id": 1673,
-"keyword": "generic results"},
{"id": 1674,
+"keyword": "generic results"},
+{"id": 1675,
"keyword": "basic randomised social choice"},
-{"id": 1675,
-"keyword": "generate reverse-symmetric claims"},
{"id": 1676,
-"keyword": "dynamic tables parameterized"},
+"keyword": "generate reverse-symmetric claims"},
{"id": 1677,
+"keyword": "dynamic tables parameterized"},
+{"id": 1678,
"keyword": "proper grounding"},
-{"id": 1678,
+{"id": 1679,
"keyword": "quasi-borel spaces"},
-{"id": 1679,
-"keyword": "sat solver correctness proofs"},
{"id": 1680,
+"keyword": "sat solver correctness proofs"},
+{"id": 1681,
"keyword": "charly gries"},
-{"id": 1681,
-"keyword": "valid completeness threshold"},
{"id": 1682,
+"keyword": "valid completeness threshold"},
+{"id": 1683,
"keyword": "reduces proof obligations"},
-{"id": 1683,
+{"id": 1684,
"keyword": "concrete representation"},
-{"id": 1684,
+{"id": 1685,
"keyword": "restricted growth functions"},
-{"id": 1685,
-"keyword": "irrationality criteria"},
{"id": 1686,
+"keyword": "irrationality criteria"},
+{"id": 1687,
"keyword": "language features"},
-{"id": 1687,
+{"id": 1688,
"keyword": "compilation function"},
-{"id": 1688,
+{"id": 1689,
"keyword": "formally reason"},
-{"id": 1689,
+{"id": 1690,
"keyword": "development employs"},
-{"id": 1690,
+{"id": 1691,
"keyword": "policy decision point"},
-{"id": 1691,
+{"id": 1692,
"keyword": "comparison oracle"},
-{"id": 1692,
+{"id": 1693,
"keyword": "suitable distributed system model"},
-{"id": 1693,
-"keyword": "tautology elimination"},
{"id": 1694,
+"keyword": "tautology elimination"},
+{"id": 1695,
"keyword": "parallel prefix computations"},
-{"id": 1695,
+{"id": 1696,
"keyword": "andrei popescu"},
-{"id": 1696,
+{"id": 1697,
"keyword": "proofs necessitate"},
-{"id": 1697,
+{"id": 1698,
"keyword": "verified implementation"},
-{"id": 1698,
+{"id": 1699,
"keyword": "geometric sketches"},
-{"id": 1699,
+{"id": 1700,
"keyword": "small-step semantics akin"},
-{"id": 1700,
+{"id": 1701,
"keyword": "finite developments theorem"},
-{"id": 1701,
-"keyword": "search-tree property"},
{"id": 1702,
+"keyword": "search-tree property"},
+{"id": 1703,
"keyword": "unverified reference implementation"},
-{"id": 1703,
+{"id": 1704,
"keyword": "abstract separation logic"},
-{"id": 1704,
+{"id": 1705,
"keyword": "abstract algebraic structure satisfying"},
-{"id": 1705,
-"keyword": "types-to-sets mechanism"},
{"id": 1706,
+"keyword": "types-to-sets mechanism"},
+{"id": 1707,
"keyword": "stiffness matrix represents"},
-{"id": 1707,
-"keyword": "time real exponents"},
{"id": 1708,
-"keyword": "vcg auction"},
+"keyword": "time real exponents"},
{"id": 1709,
+"keyword": "vcg auction"},
+{"id": 1710,
"keyword": "secure network configurations"},
-{"id": 1710,
+{"id": 1711,
"keyword": "infinite conjunctions"},
-{"id": 1711,
-"keyword": "respective frameworks"},
{"id": 1712,
+"keyword": "respective frameworks"},
+{"id": 1713,
"keyword": "strongly normalizing"},
-{"id": 1713,
-"keyword": "distinct operators"},
{"id": 1714,
+"keyword": "distinct operators"},
+{"id": 1715,
"keyword": "efficient computation"},
-{"id": 1715,
+{"id": 1716,
"keyword": "author merz 1998"},
-{"id": 1716,
+{"id": 1717,
"keyword": "concurrent revisions model"},
-{"id": 1717,
-"keyword": "regain sequential consistency"},
{"id": 1718,
+"keyword": "regain sequential consistency"},
+{"id": 1719,
"keyword": "updated version"},
-{"id": 1719,
+{"id": 1720,
"keyword": "tlc model checker"},
-{"id": 1720,
+{"id": 1721,
"keyword": "fully abstract"},
-{"id": 1721,
+{"id": 1722,
"keyword": "framework supports semantic annotations"},
-{"id": 1722,
+{"id": 1723,
"keyword": "theory file"},
-{"id": 1723,
+{"id": 1724,
"keyword": "earlier paper"},
-{"id": 1724,
+{"id": 1725,
"keyword": "executable functions"},
-{"id": 1725,
-"keyword": "general result"},
{"id": 1726,
+"keyword": "general result"},
+{"id": 1727,
"keyword": "runtime verification tool"},
-{"id": 1727,
+{"id": 1728,
"keyword": "automated proof techniques"},
-{"id": 1728,
+{"id": 1729,
"keyword": "simple verification conditions"},
-{"id": 1729,
+{"id": 1730,
"keyword": "orthogonal vectors"},
-{"id": 1730,
-"keyword": "machine checked collections framework"},
{"id": 1731,
-"keyword": "command mk_ide"},
+"keyword": "machine checked collections framework"},
{"id": 1732,
+"keyword": "command mk_ide"},
+{"id": 1733,
"keyword": "polynomial growth"},
-{"id": 1733,
+{"id": 1734,
"keyword": "local clock"},
-{"id": 1734,
-"keyword": "abstract first-order prover"},
{"id": 1735,
-"keyword": "kuratowski subgraphs"},
+"keyword": "abstract first-order prover"},
{"id": 1736,
+"keyword": "kuratowski subgraphs"},
+{"id": 1737,
"keyword": "mathematical text"},
-{"id": 1737,
+{"id": 1738,
"keyword": "absolute positiveness"},
-{"id": 1738,
+{"id": 1739,
"keyword": "cryptographic scheme crystals-kyber"},
-{"id": 1739,
+{"id": 1740,
"keyword": "number-theoretic foundations"},
-{"id": 1740,
+{"id": 1741,
"keyword": "negative resolution"},
-{"id": 1741,
-"keyword": "differential game logic"},
{"id": 1742,
+"keyword": "differential game logic"},
+{"id": 1743,
"keyword": "reusable libraries"},
-{"id": 1743,
+{"id": 1744,
"keyword": "minimum weighted path length"},
-{"id": 1744,
+{"id": 1745,
"keyword": "analytic dirichlet series"},
-{"id": 1745,
+{"id": 1746,
"keyword": "completeness threshold"},
-{"id": 1746,
-"keyword": "impact"},
{"id": 1747,
-"keyword": "gained experience"},
+"keyword": "impact"},
{"id": 1748,
+"keyword": "gained experience"},
+{"id": 1749,
"keyword": "automated reasoning"},
-{"id": 1749,
+{"id": 1750,
"keyword": "positive real roots"},
-{"id": 1750,
-"keyword": "update functions"},
{"id": 1751,
+"keyword": "update functions"},
+{"id": 1752,
"keyword": "ipv4 address allocation"},
-{"id": 1752,
-"keyword": "reusable reasoning infrastructure"},
{"id": 1753,
+"keyword": "reusable reasoning infrastructure"},
+{"id": 1754,
"keyword": "original motivation"},
-{"id": 1754,
-"keyword": "underlying theorem"},
{"id": 1755,
-"keyword": "tableau blocks"},
+"keyword": "underlying theorem"},
{"id": 1756,
+"keyword": "tableau blocks"},
+{"id": 1757,
"keyword": "suffix"},
-{"id": 1757,
+{"id": 1758,
"keyword": "strong duality theorem"},
-{"id": 1758,
-"keyword": "subsequent formalisation"},
{"id": 1759,
+"keyword": "subsequent formalisation"},
+{"id": 1760,
"keyword": "enumerative combinatorics"},
-{"id": 1760,
-"keyword": "monad carries"},
{"id": 1761,
+"keyword": "monad carries"},
+{"id": 1762,
"keyword": "concurrent programming"},
-{"id": 1762,
-"keyword": "logic tla merz 1999"},
{"id": 1763,
-"keyword": "bisimulation variants"},
+"keyword": "logic tla merz 1999"},
{"id": 1764,
+"keyword": "bisimulation variants"},
+{"id": 1765,
"keyword": "osc"},
-{"id": 1765,
+{"id": 1766,
"keyword": "executable decision procedure"},
-{"id": 1766,
-"keyword": "parsing concept"},
{"id": 1767,
-"keyword": "documents managed"},
+"keyword": "parsing concept"},
{"id": 1768,
+"keyword": "documents managed"},
+{"id": 1769,
"keyword": "complex predicates"},
-{"id": 1769,
+{"id": 1770,
"keyword": "dual system relationships"},
-{"id": 1770,
+{"id": 1771,
"keyword": "study second-order formalisations"},
-{"id": 1771,
+{"id": 1772,
"keyword": "extended finite state machines"},
-{"id": 1772,
+{"id": 1773,
"keyword": "grammar based fuzzing"},
-{"id": 1773,
-"keyword": "seligman-style tableau system"},
{"id": 1774,
+"keyword": "seligman-style tableau system"},
+{"id": 1775,
"keyword": "complete ipv4"},
-{"id": 1775,
+{"id": 1776,
"keyword": "first-order query evaluation"},
-{"id": 1776,
+{"id": 1777,
"keyword": "simple model"},
-{"id": 1777,
+{"id": 1778,
"keyword": "chandy--lamport algorithm"},
-{"id": 1778,
-"keyword": "proof technology"},
{"id": 1779,
-"keyword": "turing machines"},
+"keyword": "proof technology"},
{"id": 1780,
+"keyword": "turing machines"},
+{"id": 1781,
"keyword": "required induction rule"},
-{"id": 1781,
+{"id": 1782,
"keyword": "multivariate polynomials"},
-{"id": 1782,
-"keyword": "main routing table"},
{"id": 1783,
+"keyword": "main routing table"},
+{"id": 1784,
"keyword": "normalise monadic hol terms"},
-{"id": 1784,
-"keyword": "executable instantiations"},
{"id": 1785,
+"keyword": "executable instantiations"},
+{"id": 1786,
"keyword": "design existence"},
-{"id": 1786,
-"keyword": "32bit machine words"},
{"id": 1787,
-"keyword": "lock synchronisation"},
+"keyword": "32bit machine words"},
{"id": 1788,
+"keyword": "lock synchronisation"},
+{"id": 1789,
"keyword": "case distinction"},
-{"id": 1789,
+{"id": 1790,
"keyword": "advanced binding constructs"},
-{"id": 1790,
-"keyword": "dynamic slicing"},
{"id": 1791,
+"keyword": "dynamic slicing"},
+{"id": 1792,
"keyword": "technical problems"},
-{"id": 1792,
-"keyword": "additional properties related"},
{"id": 1793,
+"keyword": "additional properties related"},
+{"id": 1794,
"keyword": "technical university"},
-{"id": 1794,
+{"id": 1795,
"keyword": "security invariants"},
-{"id": 1795,
+{"id": 1796,
"keyword": "demonstrator semantic backend"},
-{"id": 1796,
-"keyword": "tom ridge"},
{"id": 1797,
+"keyword": "tom ridge"},
+{"id": 1798,
"keyword": "real arithmetic"},
-{"id": 1798,
+{"id": 1799,
"keyword": "two-argument partition function"},
-{"id": 1799,
+{"id": 1800,
"keyword": "cade-27 paper"},
-{"id": 1800,
-"keyword": "existing integration theory"},
{"id": 1801,
+"keyword": "existing integration theory"},
+{"id": 1802,
"keyword": "defining variants"},
-{"id": 1802,
-"keyword": "represent recursively enumerable sets"},
{"id": 1803,
-"keyword": "normalization equivalence"},
+"keyword": "represent recursively enumerable sets"},
{"id": 1804,
+"keyword": "normalization equivalence"},
+{"id": 1805,
"keyword": "modified policy iteration"},
-{"id": 1805,
+{"id": 1806,
"keyword": "set operations"},
-{"id": 1806,
-"keyword": "zf set theory"},
{"id": 1807,
+"keyword": "zf set theory"},
+{"id": 1808,
"keyword": "robbins conjecture"},
-{"id": 1808,
-"keyword": "coalgebraic decision procedure"},
{"id": 1809,
+"keyword": "coalgebraic decision procedure"},
+{"id": 1810,
"keyword": "naive algorithm"},
-{"id": 1810,
+{"id": 1811,
"keyword": "bit simpler"},
-{"id": 1811,
+{"id": 1812,
"keyword": "heterogeneous subsystems"},
-{"id": 1812,
-"keyword": "semantic information directly embedded"},
{"id": 1813,
+"keyword": "semantic information directly embedded"},
+{"id": 1814,
"keyword": "guarantee safety"},
-{"id": 1814,
+{"id": 1815,
"keyword": "reimposing upper bounds"},
-{"id": 1815,
+{"id": 1816,
"keyword": "topological curiosity discovered"},
-{"id": 1816,
-"keyword": "central result"},
{"id": 1817,
+"keyword": "central result"},
+{"id": 1818,
"keyword": "numeric constants occurring"},
-{"id": 1818,
-"keyword": "points constructible"},
{"id": 1819,
-"keyword": "word numerals"},
+"keyword": "points constructible"},
{"id": 1820,
+"keyword": "word numerals"},
+{"id": 1821,
"keyword": "verified approach"},
-{"id": 1821,
+{"id": 1822,
"keyword": "replacement theorem"},
-{"id": 1822,
-"keyword": "close connection"},
{"id": 1823,
+"keyword": "close connection"},
+{"id": 1824,
"keyword": "executable version"},
-{"id": 1824,
-"keyword": "finitely supported"},
{"id": 1825,
+"keyword": "finitely supported"},
+{"id": 1826,
"keyword": "strong normalization"},
-{"id": 1826,
-"keyword": "specific integer polynomial"},
{"id": 1827,
-"keyword": "metric space"},
+"keyword": "specific integer polynomial"},
{"id": 1828,
+"keyword": "metric space"},
+{"id": 1829,
"keyword": "henkin style"},
-{"id": 1829,
+{"id": 1830,
"keyword": "von zur gathen"},
-{"id": 1830,
-"keyword": "similar level"},
{"id": 1831,
-"keyword": "refinement approach scales"},
+"keyword": "similar level"},
{"id": 1832,
+"keyword": "refinement approach scales"},
+{"id": 1833,
"keyword": "explicitly represented"},
-{"id": 1833,
+{"id": 1834,
"keyword": "optimal stationary deterministic solution"},
-{"id": 1834,
+{"id": 1835,
"keyword": "semantic domain"},
-{"id": 1835,
+{"id": 1836,
"keyword": "computer algebra system maple"},
-{"id": 1836,
+{"id": 1837,
"keyword": "sublists alternately extracted"},
-{"id": 1837,
-"keyword": "cons"},
{"id": 1838,
-"keyword": "congruence theorems"},
+"keyword": "cons"},
{"id": 1839,
+"keyword": "congruence theorems"},
+{"id": 1840,
"keyword": "wide variety"},
-{"id": 1840,
-"keyword": "expected height"},
{"id": 1841,
+"keyword": "expected height"},
+{"id": 1842,
"keyword": "produce observable outputs"},
-{"id": 1842,
+{"id": 1843,
"keyword": "reduction theorem"},
-{"id": 1843,
+{"id": 1844,
"keyword": "self-contained certifier"},
-{"id": 1844,
-"keyword": "book first-order logic"},
{"id": 1845,
+"keyword": "book first-order logic"},
+{"id": 1846,
"keyword": "list update problem"},
-{"id": 1846,
+{"id": 1847,
"keyword": "forthcoming paper"},
-{"id": 1847,
+{"id": 1848,
"keyword": "winding number measures"},
-{"id": 1848,
+{"id": 1849,
"keyword": "important theorem"},
-{"id": 1849,
+{"id": 1850,
"keyword": "cartesian product"},
-{"id": 1850,
+{"id": 1851,
"keyword": "taylor series expansions"},
-{"id": 1851,
+{"id": 1852,
"keyword": "design choices underlying"},
-{"id": 1852,
-"keyword": "constructive points"},
{"id": 1853,
+"keyword": "constructive points"},
+{"id": 1854,
"keyword": "functional data structures"},
-{"id": 1854,
+{"id": 1855,
"keyword": "2nd international workshop"},
-{"id": 1855,
+{"id": 1856,
"keyword": "pages 20-34"},
-{"id": 1856,
+{"id": 1857,
"keyword": "restricted type"},
-{"id": 1857,
-"keyword": "afp entry simple_firewall"},
{"id": 1858,
-"keyword": "shadow root"},
+"keyword": "afp entry simple_firewall"},
{"id": 1859,
+"keyword": "shadow root"},
+{"id": 1860,
"keyword": "invariant factor decomposition"},
-{"id": 1860,
+{"id": 1861,
"keyword": "operational"},
-{"id": 1861,
-"keyword": "fully-automated approach"},
{"id": 1862,
-"keyword": "auxiliary labels"},
+"keyword": "fully-automated approach"},
{"id": 1863,
+"keyword": "auxiliary labels"},
+{"id": 1864,
"keyword": "widely applicable"},
-{"id": 1864,
+{"id": 1865,
"keyword": "rich expression typing rules"},
-{"id": 1865,
+{"id": 1866,
"keyword": "metric first-order dynamic logic"},
-{"id": 1866,
+{"id": 1867,
"keyword": "specific conflict analysis algorithm"},
-{"id": 1867,
+{"id": 1868,
"keyword": "linear algebra"},
-{"id": 1868,
-"keyword": "arbitrary uniform distributions"},
{"id": 1869,
+"keyword": "arbitrary uniform distributions"},
+{"id": 1870,
"keyword": "security violations"},
-{"id": 1870,
+{"id": 1871,
"keyword": "intersection type systems"},
-{"id": 1871,
+{"id": 1872,
"keyword": "state-of-the-art smt solvers"},
-{"id": 1872,
+{"id": 1873,
"keyword": "class-collection-based rts algorithms run"},
-{"id": 1873,
-"keyword": "control flow"},
{"id": 1874,
-"keyword": "nominal2 package"},
+"keyword": "control flow"},
{"id": 1875,
+"keyword": "nominal2 package"},
+{"id": 1876,
"keyword": "1 involving"},
-{"id": 1876,
+{"id": 1877,
"keyword": "free groups"},
-{"id": 1877,
-"keyword": "actuarial mathematics"},
{"id": 1878,
+"keyword": "actuarial mathematics"},
+{"id": 1879,
"keyword": "famous abc conjecture"},
-{"id": 1879,
-"keyword": "myhill nerode theorem"},
{"id": 1880,
+"keyword": "myhill nerode theorem"},
+{"id": 1881,
"keyword": "key result"},
-{"id": 1881,
-"keyword": "uniform substitution calculus"},
{"id": 1882,
-"keyword": "slightly modified"},
+"keyword": "uniform substitution calculus"},
{"id": 1883,
+"keyword": "slightly modified"},
+{"id": 1884,
"keyword": "tetrahedral group"},
-{"id": 1884,
+{"id": 1885,
"keyword": "type class laws"},
-{"id": 1885,
-"keyword": "greatest common divisor"},
{"id": 1886,
+"keyword": "greatest common divisor"},
+{"id": 1887,
"keyword": "automated reasoning framework"},
-{"id": 1887,
-"keyword": "compiled tactic code"},
{"id": 1888,
+"keyword": "compiled tactic code"},
+{"id": 1889,
"keyword": "merkle functors"},
-{"id": 1889,
-"keyword": "dirichlet products"},
{"id": 1890,
-"keyword": "import-expert format"},
+"keyword": "dirichlet products"},
{"id": 1891,
+"keyword": "import-expert format"},
+{"id": 1892,
"keyword": "group ring"},
-{"id": 1892,
+{"id": 1893,
"keyword": "efficient allocation"},
-{"id": 1893,
-"keyword": "miller ndash"},
{"id": 1894,
-"keyword": "direct execution"},
+"keyword": "miller ndash"},
{"id": 1895,
+"keyword": "direct execution"},
+{"id": 1896,
"keyword": "important data structure"},
-{"id": 1896,
+{"id": 1897,
"keyword": "projective coordinates"},
-{"id": 1897,
+{"id": 1898,
"keyword": "hypergraph theory"},
-{"id": 1898,
+{"id": 1899,
"keyword": "perfect number theorem"},
-{"id": 1899,
+{"id": 1900,
"keyword": "semantic arguments"},
-{"id": 1900,
-"keyword": "linear variable-separated rewrite systems"},
{"id": 1901,
+"keyword": "linear variable-separated rewrite systems"},
+{"id": 1902,
"keyword": "local lexing semantics"},
-{"id": 1902,
+{"id": 1903,
"keyword": "suffix comparability"},
-{"id": 1903,
+{"id": 1904,
"keyword": "shallow learning"},
-{"id": 1904,
+{"id": 1905,
"keyword": "normal form"},
-{"id": 1905,
-"keyword": "stone relation algebras"},
{"id": 1906,
-"keyword": "simulation relation"},
+"keyword": "stone relation algebras"},
{"id": 1907,
+"keyword": "simulation relation"},
+{"id": 1908,
"keyword": "fixed database"},
-{"id": 1908,
+{"id": 1909,
"keyword": "constant functions"},
-{"id": 1909,
-"keyword": "small predicate"},
{"id": 1910,
+"keyword": "small predicate"},
+{"id": 1911,
"keyword": "riemann zeta function"},
-{"id": 1911,
-"keyword": "jan kret nsk"},
{"id": 1912,
+"keyword": "jan kret nsk"},
+{"id": 1913,
"keyword": "complex vector spaces"},
-{"id": 1913,
-"keyword": "ordinary generating function"},
{"id": 1914,
-"keyword": "incidence system isomorphisms"},
+"keyword": "ordinary generating function"},
{"id": 1915,
+"keyword": "incidence system isomorphisms"},
+{"id": 1916,
"keyword": "coefficients modulo"},
-{"id": 1916,
+{"id": 1917,
"keyword": "cardinality formulae"},
-{"id": 1917,
-"keyword": "minor corrections"},
{"id": 1918,
+"keyword": "minor corrections"},
+{"id": 1919,
"keyword": "exceeds aleph_1"},
-{"id": 1919,
-"keyword": "basic superposition calculus"},
{"id": 1920,
+"keyword": "basic superposition calculus"},
+{"id": 1921,
"keyword": "projective geometry"},
-{"id": 1921,
+{"id": 1922,
"keyword": "imperative target language"},
-{"id": 1922,
+{"id": 1923,
"keyword": "automatically derive"},
-{"id": 1923,
-"keyword": "afp entry implements"},
{"id": 1924,
+"keyword": "afp entry implements"},
+{"id": 1925,
"keyword": "geometric folklore proof rigorous"},
-{"id": 1925,
+{"id": 1926,
"keyword": "transitive noninterference policies"},
-{"id": 1926,
+{"id": 1927,
"keyword": "structure proofs"},
-{"id": 1927,
-"keyword": "arbitrary number"},
{"id": 1928,
+"keyword": "arbitrary number"},
+{"id": 1929,
"keyword": "control-flow operators"},
-{"id": 1929,
-"keyword": "powerset monad"},
{"id": 1930,
-"keyword": "distribute sequential composition"},
+"keyword": "powerset monad"},
{"id": 1931,
+"keyword": "distribute sequential composition"},
+{"id": 1932,
"keyword": "algebraic point"},
-{"id": 1932,
+{"id": 1933,
"keyword": "common base clock"},
-{"id": 1933,
-"keyword": "lawrence paulson"},
{"id": 1934,
+"keyword": "lawrence paulson"},
+{"id": 1935,
"keyword": "dk andschl thesis"},
-{"id": 1935,
-"keyword": "confidentiality guarantees"},
{"id": 1936,
+"keyword": "confidentiality guarantees"},
+{"id": 1937,
"keyword": "intensional higher-order modal logic"},
-{"id": 1937,
+{"id": 1938,
"keyword": "gromov hyperbolic spaces"},
-{"id": 1938,
+{"id": 1939,
"keyword": "experimental data suggests"},
-{"id": 1939,
-"keyword": "control dependencies"},
{"id": 1940,
+"keyword": "control dependencies"},
+{"id": 1941,
"keyword": "multi-head paradigm"},
-{"id": 1941,
+{"id": 1942,
"keyword": "average-case cost"},
-{"id": 1942,
+{"id": 1943,
"keyword": "article collects formalisations"},
-{"id": 1943,
-"keyword": "monitoring algorithm"},
{"id": 1944,
+"keyword": "monitoring algorithm"},
+{"id": 1945,
"keyword": "logical approaches"},
-{"id": 1945,
-"keyword": "strong ties"},
{"id": 1946,
-"keyword": "binary search tree operations"},
+"keyword": "strong ties"},
{"id": 1947,
+"keyword": "binary search tree operations"},
+{"id": 1948,
"keyword": "private information"},
-{"id": 1948,
+{"id": 1949,
"keyword": "transition execution function"},
-{"id": 1949,
-"keyword": "analyzed firewall mdash"},
{"id": 1950,
+"keyword": "analyzed firewall mdash"},
+{"id": 1951,
"keyword": "residue classes"},
-{"id": 1951,
-"keyword": "final implementation"},
{"id": 1952,
+"keyword": "final implementation"},
+{"id": 1953,
"keyword": "theory builds"},
-{"id": 1953,
-"keyword": "pldi 2015 paper"},
{"id": 1954,
-"keyword": "carath odory"},
+"keyword": "pldi 2015 paper"},
{"id": 1955,
+"keyword": "carath odory"},
+{"id": 1956,
"keyword": "transitive closure"},
-{"id": 1956,
+{"id": 1957,
"keyword": "book dense sphere packings"},
-{"id": 1957,
-"keyword": "planar systems"},
{"id": 1958,
-"keyword": "results hold"},
+"keyword": "planar systems"},
{"id": 1959,
+"keyword": "results hold"},
+{"id": 1960,
"keyword": "parser written"},
-{"id": 1960,
+{"id": 1961,
"keyword": "nature allowing"},
-{"id": 1961,
+{"id": 1962,
"keyword": "educational setting due"},
-{"id": 1962,
+{"id": 1963,
"keyword": "resolution rule"},
-{"id": 1963,
+{"id": 1964,
"keyword": "verification conditions generated"},
-{"id": 1964,
-"keyword": "full extent"},
{"id": 1965,
+"keyword": "full extent"},
+{"id": 1966,
"keyword": "binary trees fredman"},
-{"id": 1966,
+{"id": 1967,
"keyword": "systems communication patterns"},
-{"id": 1967,
+{"id": 1968,
"keyword": "handwritten reference implementations"},
-{"id": 1968,
+{"id": 1969,
"keyword": "interest distributed"},
-{"id": 1969,
-"keyword": "metric first-order temporal logic"},
{"id": 1970,
-"keyword": "paraconsistent engineering"},
+"keyword": "metric first-order temporal logic"},
{"id": 1971,
+"keyword": "paraconsistent engineering"},
+{"id": 1972,
"keyword": "stone algebra"},
-{"id": 1972,
+{"id": 1973,
"keyword": "verify basic algorithms"},
-{"id": 1973,
-"keyword": "dirichlet series"},
{"id": 1974,
+"keyword": "dirichlet series"},
+{"id": 1975,
"keyword": "weak conjunction"},
-{"id": 1975,
-"keyword": "desired subgraph"},
{"id": 1976,
+"keyword": "desired subgraph"},
+{"id": 1977,
"keyword": "hermitian matrix"},
-{"id": 1977,
-"keyword": "hol nominal"},
{"id": 1978,
-"keyword": "set theory framework"},
+"keyword": "hol nominal"},
{"id": 1979,
+"keyword": "set theory framework"},
+{"id": 1980,
"keyword": "afp entry eval_fo"},
-{"id": 1980,
+{"id": 1981,
"keyword": "modeling application level protocols"},
-{"id": 1981,
-"keyword": "functions approximating"},
{"id": 1982,
+"keyword": "functions approximating"},
+{"id": 1983,
"keyword": "domain-theoretic fixpoint operator"},
-{"id": 1983,
-"keyword": "amir hossein parvardi"},
{"id": 1984,
+"keyword": "amir hossein parvardi"},
+{"id": 1985,
"keyword": "np-hard problem"},
-{"id": 1985,
+{"id": 1986,
"keyword": "trace based"},
-{"id": 1986,
+{"id": 1987,
"keyword": "digit expansions builds"},
-{"id": 1987,
-"keyword": "correct 2-3 finger trees"},
{"id": 1988,
+"keyword": "correct 2-3 finger trees"},
+{"id": 1989,
"keyword": "sizeable family"},
-{"id": 1989,
+{"id": 1990,
"keyword": "optimal running time"},
-{"id": 1990,
+{"id": 1991,
"keyword": "emptiness check"},
-{"id": 1991,
-"keyword": "ordinal exponentiation"},
{"id": 1992,
+"keyword": "ordinal exponentiation"},
+{"id": 1993,
"keyword": "first-order clauses"},
-{"id": 1993,
-"keyword": "stiffness matrix"},
{"id": 1994,
-"keyword": "clause sets"},
+"keyword": "stiffness matrix"},
{"id": 1995,
+"keyword": "clause sets"},
+{"id": 1996,
"keyword": "georg kreisel"},
-{"id": 1996,
+{"id": 1997,
"keyword": "cartesian closed categories"},
-{"id": 1997,
-"keyword": "executions produce sequences"},
{"id": 1998,
+"keyword": "executions produce sequences"},
+{"id": 1999,
"keyword": "shifting intervals"},
-{"id": 1999,
-"keyword": "write poof strategies"},
{"id": 2000,
+"keyword": "write poof strategies"},
+{"id": 2001,
"keyword": "approximating real roots"},
-{"id": 2001,
+{"id": 2002,
"keyword": "sequential imperative programming language"},
-{"id": 2002,
+{"id": 2003,
"keyword": "models partial functions"},
-{"id": 2003,
-"keyword": "data dependencies"},
{"id": 2004,
+"keyword": "data dependencies"},
+{"id": 2005,
"keyword": "distinctive feature"},
-{"id": 2005,
+{"id": 2006,
"keyword": "underlying transition system"},
-{"id": 2006,
+{"id": 2007,
"keyword": "derive powerful induction rules"},
-{"id": 2007,
+{"id": 2008,
"keyword": "fair prices"},
-{"id": 2008,
+{"id": 2009,
"keyword": "eye color"},
-{"id": 2009,
+{"id": 2010,
"keyword": "polynomially bounded"},
-{"id": 2010,
+{"id": 2011,
"keyword": "contribution presents"},
-{"id": 2011,
-"keyword": "computer-assisted interpretive method"},
{"id": 2012,
+"keyword": "computer-assisted interpretive method"},
+{"id": 2013,
"keyword": "weak conjunction operator coincides"},
-{"id": 2013,
+{"id": 2014,
"keyword": "maximum-flow minimal-cut theorem"},
-{"id": 2014,
+{"id": 2015,
"keyword": "negative diagonal entry"},
-{"id": 2015,
+{"id": 2016,
"keyword": "relation composition"},
-{"id": 2016,
+{"id": 2017,
"keyword": "notions probabilistic noninterference"},
-{"id": 2017,
+{"id": 2018,
"keyword": "language processing"},
-{"id": 2018,
+{"id": 2019,
"keyword": "crypthol library crypthol"},
-{"id": 2019,
-"keyword": "multiplicative subset"},
{"id": 2020,
+"keyword": "multiplicative subset"},
+{"id": 2021,
"keyword": "proof outlines"},
-{"id": 2021,
+{"id": 2022,
"keyword": "top 100 theorems list"},
-{"id": 2022,
+{"id": 2023,
"keyword": "banach space"},
-{"id": 2023,
-"keyword": "so-called desargues"},
{"id": 2024,
+"keyword": "so-called desargues"},
+{"id": 2025,
"keyword": "current version"},
-{"id": 2025,
-"keyword": "added formalisations"},
{"id": 2026,
-"keyword": "a-priori detect"},
+"keyword": "added formalisations"},
{"id": 2027,
+"keyword": "a-priori detect"},
+{"id": 2028,
"keyword": "periodic arithmetic functions"},
-{"id": 2028,
+{"id": 2029,
"keyword": "infinite ramsey theorem"},
-{"id": 2029,
-"keyword": "registering applicative functors"},
{"id": 2030,
+"keyword": "registering applicative functors"},
+{"id": 2031,
"keyword": "future combinations"},
-{"id": 2031,
-"keyword": "mutable references"},
{"id": 2032,
+"keyword": "mutable references"},
+{"id": 2033,
"keyword": "isosceles triangle theorem"},
-{"id": 2033,
+{"id": 2034,
"keyword": "big step semantics"},
-{"id": 2034,
+{"id": 2035,
"keyword": "sequential consistency"},
-{"id": 2035,
-"keyword": "strict partial orders"},
{"id": 2036,
+"keyword": "strict partial orders"},
+{"id": 2037,
"keyword": "45th theorem"},
-{"id": 2037,
+{"id": 2038,
"keyword": "html documents"},
-{"id": 2038,
+{"id": 2039,
"keyword": "abelian group"},
-{"id": 2039,
+{"id": 2040,
"keyword": "volpano smith system"},
-{"id": 2040,
+{"id": 2041,
"keyword": "faug egrave"},
-{"id": 2041,
+{"id": 2042,
"keyword": "formalisation accompanies"},
-{"id": 2042,
+{"id": 2043,
"keyword": "asymptotic approximation"},
-{"id": 2043,
-"keyword": "offers low-latency data-"},
{"id": 2044,
+"keyword": "offers low-latency data-"},
+{"id": 2045,
"keyword": "specific parameterization"},
-{"id": 2045,
+{"id": 2046,
"keyword": "kleene algebra"},
-{"id": 2046,
+{"id": 2047,
"keyword": "time frames"},
-{"id": 2047,
+{"id": 2048,
"keyword": "bnfccs preserve quotients"},
-{"id": 2048,
+{"id": 2049,
"keyword": "prover implementing"},
-{"id": 2049,
+{"id": 2050,
"keyword": "partial networks"},
-{"id": 2050,
+{"id": 2051,
"keyword": "functor category"},
-{"id": 2051,
-"keyword": "nora szasz"},
{"id": 2052,
+"keyword": "nora szasz"},
+{"id": 2053,
"keyword": "stephanie bell"},
-{"id": 2053,
+{"id": 2054,
"keyword": "austrian science fund"},
-{"id": 2054,
+{"id": 2055,
"keyword": "denies access"},
-{"id": 2055,
-"keyword": "effective mutual authentication service"},
{"id": 2056,
+"keyword": "effective mutual authentication service"},
+{"id": 2057,
"keyword": "finite length"},
-{"id": 2057,
-"keyword": "monic irreducible polynomials"},
{"id": 2058,
-"keyword": "boolean matrices"},
+"keyword": "monic irreducible polynomials"},
{"id": 2059,
+"keyword": "boolean matrices"},
+{"id": 2060,
"keyword": "type synonym"},
-{"id": 2060,
+{"id": 2061,
"keyword": "normalises monadic expressions"},
-{"id": 2061,
-"keyword": "verification conditions"},
{"id": 2062,
+"keyword": "verification conditions"},
+{"id": 2063,
"keyword": "significantly expands"},
-{"id": 2063,
-"keyword": "allowed accesses"},
{"id": 2064,
+"keyword": "allowed accesses"},
+{"id": 2065,
"keyword": "large class"},
-{"id": 2065,
+{"id": 2066,
"keyword": "concerns infinite sets"},
-{"id": 2066,
+{"id": 2067,
"keyword": "simple formalization covering"},
-{"id": 2067,
-"keyword": "precise effect"},
{"id": 2068,
+"keyword": "precise effect"},
+{"id": 2069,
"keyword": "semantic resolution"},
-{"id": 2069,
+{"id": 2070,
"keyword": "multiplication syntactically"},
-{"id": 2070,
+{"id": 2071,
"keyword": "publisher component"},
-{"id": 2071,
-"keyword": "verified checker past"},
{"id": 2072,
+"keyword": "verified checker past"},
+{"id": 2073,
"keyword": "checks strong security"},
-{"id": 2073,
-"keyword": "real polynomial"},
{"id": 2074,
-"keyword": "real normed division algebras"},
+"keyword": "real polynomial"},
{"id": 2075,
+"keyword": "real normed division algebras"},
+{"id": 2076,
"keyword": "derives equality theorems"},
-{"id": 2076,
+{"id": 2077,
"keyword": "interest rate"},
-{"id": 2077,
-"keyword": "book linear algebra"},
{"id": 2078,
+"keyword": "book linear algebra"},
+{"id": 2079,
"keyword": "exponential generating function"},
-{"id": 2079,
-"keyword": "function checking"},
{"id": 2080,
+"keyword": "function checking"},
+{"id": 2081,
"keyword": "refinement framework"},
-{"id": 2081,
-"keyword": "slide operation"},
{"id": 2082,
-"keyword": "morris-pratt string matching algorithm"},
+"keyword": "slide operation"},
{"id": 2083,
+"keyword": "morris-pratt string matching algorithm"},
+{"id": 2084,
"keyword": "infinite execution"},
-{"id": 2084,
+{"id": 2085,
"keyword": "independent interest"},
-{"id": 2085,
-"keyword": "simple interactive proof assistant"},
{"id": 2086,
-"keyword": "construction theorem"},
+"keyword": "simple interactive proof assistant"},
{"id": 2087,
+"keyword": "construction theorem"},
+{"id": 2088,
"keyword": "object logic chaudhuri"},
-{"id": 2088,
+{"id": 2089,
"keyword": "formulas assuming"},
-{"id": 2089,
+{"id": 2090,
"keyword": "unrestricted resolution rule"},
-{"id": 2090,
+{"id": 2091,
"keyword": "easy reuse"},
-{"id": 2091,
+{"id": 2092,
"keyword": "lift_definition command"},
-{"id": 2092,
-"keyword": "paul erd"},
{"id": 2093,
-"keyword": "separation logic utilities"},
+"keyword": "paul erd"},
{"id": 2094,
+"keyword": "separation logic utilities"},
+{"id": 2095,
"keyword": "formal semantics builds"},
-{"id": 2095,
-"keyword": "inference rules"},
{"id": 2096,
+"keyword": "inference rules"},
+{"id": 2097,
"keyword": "complex arguments"},
-{"id": 2097,
+{"id": 2098,
"keyword": "runge-kutta methods"},
-{"id": 2098,
+{"id": 2099,
"keyword": "satisfying tuples"},
-{"id": 2099,
-"keyword": "hahn decomposition theorem"},
{"id": 2100,
+"keyword": "hahn decomposition theorem"},
+{"id": 2101,
"keyword": "compute asymptotic expansions"},
-{"id": 2101,
+{"id": 2102,
"keyword": "snyder found"},
-{"id": 2102,
+{"id": 2103,
"keyword": "so-called hessenberg"},
-{"id": 2103,
+{"id": 2104,
"keyword": "refutational theorem proving"},
-{"id": 2104,
+{"id": 2105,
"keyword": "additional assumptions needed"},
-{"id": 2105,
+{"id": 2106,
"keyword": "separating conjunction"},
-{"id": 2106,
+{"id": 2107,
"keyword": "domain-theoretic semantics"},
-{"id": 2107,
-"keyword": "weak law"},
{"id": 2108,
+"keyword": "weak law"},
+{"id": 2109,
"keyword": "monadified version"},
-{"id": 2109,
+{"id": 2110,
"keyword": "state-of-the-art sat-based planner"},
-{"id": 2110,
+{"id": 2111,
"keyword": "approach supports reachability goals"},
-{"id": 2111,
+{"id": 2112,
"keyword": "residuation operation"},
-{"id": 2112,
-"keyword": "formal proof technology"},
{"id": 2113,
-"keyword": "missing gaps"},
+"keyword": "formal proof technology"},
{"id": 2114,
+"keyword": "missing gaps"},
+{"id": 2115,
"keyword": "prime number rdquo"},
-{"id": 2115,
+{"id": 2116,
"keyword": "simpler sigma-calculus based"},
-{"id": 2116,
-"keyword": "maintain hidden state"},
{"id": 2117,
-"keyword": "statement applies"},
+"keyword": "maintain hidden state"},
{"id": 2118,
+"keyword": "statement applies"},
+{"id": 2119,
"keyword": "intraprocedural proof"},
-{"id": 2119,
+{"id": 2120,
"keyword": "interesting property"},
-{"id": 2120,
+{"id": 2121,
"keyword": "formal semantics complies"},
-{"id": 2121,
+{"id": 2122,
"keyword": "independent families"},
-{"id": 2122,
+{"id": 2123,
"keyword": "greatest fixed points"},
-{"id": 2123,
-"keyword": "debugging purposes"},
{"id": 2124,
+"keyword": "debugging purposes"},
+{"id": 2125,
"keyword": "exact nature"},
-{"id": 2125,
+{"id": 2126,
"keyword": "separator smaller"},
-{"id": 2126,
+{"id": 2127,
"keyword": "linear inequalities"},
-{"id": 2127,
+{"id": 2128,
"keyword": "difference vector"},
-{"id": 2128,
-"keyword": "compositional approach"},
{"id": 2129,
-"keyword": "safely composable dom"},
+"keyword": "compositional approach"},
{"id": 2130,
+"keyword": "safely composable dom"},
+{"id": 2131,
"keyword": "sml parser"},
-{"id": 2131,
+{"id": 2132,
"keyword": "treated implicitly"},
-{"id": 2132,
-"keyword": "full bridge rule"},
{"id": 2133,
+"keyword": "full bridge rule"},
+{"id": 2134,
"keyword": "asymptotic bounds"},
-{"id": 2134,
-"keyword": "compiler correctness proof"},
{"id": 2135,
+"keyword": "compiler correctness proof"},
+{"id": 2136,
"keyword": "growth rates"},
-{"id": 2136,
-"keyword": "second-order logic"},
{"id": 2137,
-"keyword": "imperative programs"},
+"keyword": "second-order logic"},
{"id": 2138,
+"keyword": "imperative programs"},
+{"id": 2139,
"keyword": "call merkle functors"},
-{"id": 2139,
+{"id": 2140,
"keyword": "printing case expressions"},
-{"id": 2140,
-"keyword": "homological argument"},
{"id": 2141,
+"keyword": "homological argument"},
+{"id": 2142,
"keyword": "partial correctness setting"},
-{"id": 2142,
-"keyword": "fundamental binary operations allowing"},
{"id": 2143,
+"keyword": "fundamental binary operations allowing"},
+{"id": 2144,
"keyword": "mid 80s"},
-{"id": 2144,
-"keyword": "main theorem relates"},
{"id": 2145,
-"keyword": "arctic semirings satisfy"},
+"keyword": "main theorem relates"},
{"id": 2146,
+"keyword": "arctic semirings satisfy"},
+{"id": 2147,
"keyword": "covering directed"},
-{"id": 2147,
+{"id": 2148,
"keyword": "abstract interface"},
-{"id": 2148,
-"keyword": "existing solutions"},
{"id": 2149,
-"keyword": "group theory results"},
+"keyword": "existing solutions"},
{"id": 2150,
+"keyword": "group theory results"},
+{"id": 2151,
"keyword": "network security mechanisms"},
-{"id": 2151,
+{"id": 2152,
"keyword": "text"},
-{"id": 2152,
+{"id": 2153,
"keyword": "ordinary assertional reasoning"},
-{"id": 2153,
+{"id": 2154,
"keyword": "operational correspondence"},
-{"id": 2154,
+{"id": 2155,
"keyword": "standard boolean algebra operations"},
-{"id": 2155,
-"keyword": "haskell"},
{"id": 2156,
+"keyword": "haskell"},
+{"id": 2157,
"keyword": "precisely compute roots"},
-{"id": 2157,
+{"id": 2158,
"keyword": "nondeterministic programs"},
-{"id": 2158,
+{"id": 2159,
"keyword": "verified monitor"},
-{"id": 2159,
+{"id": 2160,
"keyword": "data-type declarations"},
-{"id": 2160,
-"keyword": "function elts"},
{"id": 2161,
-"keyword": "flyspeck project"},
+"keyword": "function elts"},
{"id": 2162,
+"keyword": "flyspeck project"},
+{"id": 2163,
"keyword": "classic unsolved problems"},
-{"id": 2163,
+{"id": 2164,
"keyword": "amicable numbers"},
-{"id": 2164,
-"keyword": "order-theoretic concepts"},
{"id": 2165,
+"keyword": "order-theoretic concepts"},
+{"id": 2166,
"keyword": "set theory"},
-{"id": 2166,
-"keyword": "total correctness"},
{"id": 2167,
+"keyword": "total correctness"},
+{"id": 2168,
"keyword": "basic properties"},
-{"id": 2168,
-"keyword": "special issue"},
{"id": 2169,
-"keyword": "list type"},
+"keyword": "special issue"},
{"id": 2170,
+"keyword": "list type"},
+{"id": 2171,
"keyword": "efficient proof checking"},
-{"id": 2171,
+{"id": 2172,
"keyword": "peter lammich"},
-{"id": 2172,
-"keyword": "black-box traces"},
{"id": 2173,
+"keyword": "black-box traces"},
+{"id": 2174,
"keyword": "code generation feature"},
-{"id": 2174,
-"keyword": "randall munroe"},
{"id": 2175,
+"keyword": "randall munroe"},
+{"id": 2176,
"keyword": "meeting point"},
-{"id": 2176,
+{"id": 2177,
"keyword": "rational root test"},
-{"id": 2177,
+{"id": 2178,
"keyword": "cyk decides"},
-{"id": 2178,
-"keyword": "algebraic manipulations"},
{"id": 2179,
+"keyword": "algebraic manipulations"},
+{"id": 2180,
"keyword": "generic types"},
-{"id": 2180,
+{"id": 2181,
"keyword": "tour revisited"},
-{"id": 2181,
+{"id": 2182,
"keyword": "formally verify gauss-seidel"},
-{"id": 2182,
-"keyword": "simple verified token"},
{"id": 2183,
+"keyword": "simple verified token"},
+{"id": 2184,
"keyword": "insertion sort"},
-{"id": 2184,
-"keyword": "transfinite cardinalities"},
{"id": 2185,
-"keyword": "travel faster"},
+"keyword": "transfinite cardinalities"},
{"id": 2186,
+"keyword": "travel faster"},
+{"id": 2187,
"keyword": "greater detail"},
-{"id": 2187,
+{"id": 2188,
"keyword": "partial data structures"},
-{"id": 2188,
-"keyword": "formalising t-designs"},
{"id": 2189,
+"keyword": "formalising t-designs"},
+{"id": 2190,
"keyword": "strictness theorem"},
-{"id": 2190,
-"keyword": "alternative interface"},
{"id": 2191,
+"keyword": "alternative interface"},
+{"id": 2192,
"keyword": "maximum flow"},
-{"id": 2192,
+{"id": 2193,
"keyword": "hamiltonian path problem"},
-{"id": 2193,
+{"id": 2194,
"keyword": "ltl yielding"},
-{"id": 2194,
-"keyword": "recurrence equations"},
{"id": 2195,
+"keyword": "recurrence equations"},
+{"id": 2196,
"keyword": "additional effort"},
-{"id": 2196,
+{"id": 2197,
"keyword": "formally verified quantifier elimination"},
-{"id": 2197,
+{"id": 2198,
"keyword": "weak simulation"},
-{"id": 2198,
-"keyword": "maximum reachability probabilities"},
{"id": 2199,
+"keyword": "maximum reachability probabilities"},
+{"id": 2200,
"keyword": "complex polynomials"},
-{"id": 2200,
-"keyword": "discrete instants"},
{"id": 2201,
-"keyword": "higher edge probability"},
+"keyword": "discrete instants"},
{"id": 2202,
+"keyword": "higher edge probability"},
+{"id": 2203,
"keyword": "key cards"},
-{"id": 2203,
+{"id": 2204,
"keyword": "representation function"},
-{"id": 2204,
-"keyword": "inequality involving expectations"},
{"id": 2205,
+"keyword": "inequality involving expectations"},
+{"id": 2206,
"keyword": "theorem statement"},
-{"id": 2206,
-"keyword": "simpler operations"},
{"id": 2207,
+"keyword": "simpler operations"},
+{"id": 2208,
"keyword": "summation bounds grow"},
-{"id": 2208,
-"keyword": "framed links"},
{"id": 2209,
-"keyword": "ample set condition"},
+"keyword": "framed links"},
{"id": 2210,
+"keyword": "ample set condition"},
+{"id": 2211,
"keyword": "violate sortedness"},
-{"id": 2211,
+{"id": 2212,
"keyword": "directly implies"},
-{"id": 2212,
-"keyword": "accommodating arbitrary nominal datatypes"},
{"id": 2213,
-"keyword": "number-theoretic functions"},
+"keyword": "accommodating arbitrary nominal datatypes"},
{"id": 2214,
+"keyword": "number-theoretic functions"},
+{"id": 2215,
"keyword": "to-string functions"},
-{"id": 2215,
+{"id": 2216,
"keyword": "states common definitions"},
-{"id": 2216,
+{"id": 2217,
"keyword": "constructive cryptography proofs"},
-{"id": 2217,
+{"id": 2218,
"keyword": "abstract perspective enables"},
-{"id": 2218,
+{"id": 2219,
"keyword": "cosmed social media platform"},
-{"id": 2219,
-"keyword": "splitting compilation"},
{"id": 2220,
+"keyword": "splitting compilation"},
+{"id": 2221,
"keyword": "well-ordered type"},
-{"id": 2221,
+{"id": 2222,
"keyword": "language features monadic sequencing"},
-{"id": 2222,
+{"id": 2223,
"keyword": "conflict-free replicated datatype"},
-{"id": 2223,
+{"id": 2224,
"keyword": "verified compiler"},
-{"id": 2224,
-"keyword": "rts definition mandates safety"},
{"id": 2225,
-"keyword": "abstract formalization"},
+"keyword": "rts definition mandates safety"},
{"id": 2226,
+"keyword": "abstract formalization"},
+{"id": 2227,
"keyword": "works based"},
-{"id": 2227,
+{"id": 2228,
"keyword": "uniform substitution principle"},
-{"id": 2228,
-"keyword": "infinite domain"},
{"id": 2229,
+"keyword": "infinite domain"},
+{"id": 2230,
"keyword": "full classification"},
-{"id": 2230,
-"keyword": "identify undesired information leaks"},
{"id": 2231,
+"keyword": "identify undesired information leaks"},
+{"id": 2232,
"keyword": "building correct programs working"},
-{"id": 2232,
-"keyword": "working backwards"},
{"id": 2233,
-"keyword": "functorial operations"},
+"keyword": "working backwards"},
{"id": 2234,
+"keyword": "functorial operations"},
+{"id": 2235,
"keyword": "intuitive desired security policy"},
-{"id": 2235,
+{"id": 2236,
"keyword": "org abs 1609"},
-{"id": 2236,
-"keyword": "sum type"},
{"id": 2237,
+"keyword": "sum type"},
+{"id": 2238,
"keyword": "epistemic logic"},
-{"id": 2238,
-"keyword": "sending end host selects"},
{"id": 2239,
+"keyword": "sending end host selects"},
+{"id": 2240,
"keyword": "hybrid programs"},
-{"id": 2240,
+{"id": 2241,
"keyword": "statement"},
-{"id": 2241,
+{"id": 2242,
"keyword": "academic partners"},
-{"id": 2242,
-"keyword": "similar systems"},
{"id": 2243,
+"keyword": "similar systems"},
+{"id": 2244,
"keyword": "efficient priority search trees"},
-{"id": 2244,
+{"id": 2245,
"keyword": "small sets"},
-{"id": 2245,
+{"id": 2246,
"keyword": "pattern matching"},
-{"id": 2246,
-"keyword": "author x27"},
{"id": 2247,
+"keyword": "author x27"},
+{"id": 2248,
"keyword": "direct adequacy proof"},
-{"id": 2248,
-"keyword": "lucas ndash"},
{"id": 2249,
-"keyword": "original parallel postulate"},
+"keyword": "lucas ndash"},
{"id": 2250,
+"keyword": "original parallel postulate"},
+{"id": 2251,
"keyword": "polynomial"},
-{"id": 2251,
+{"id": 2252,
"keyword": "article"},
-{"id": 2252,
-"keyword": "outstanding work"},
{"id": 2253,
+"keyword": "outstanding work"},
+{"id": 2254,
"keyword": "transfinite recursion"},
-{"id": 2254,
-"keyword": "previously replaced term"},
{"id": 2255,
+"keyword": "previously replaced term"},
+{"id": 2256,
"keyword": "fully verified"},
-{"id": 2256,
+{"id": 2257,
"keyword": "running time"},
-{"id": 2257,
+{"id": 2258,
"keyword": "gou zel"},
-{"id": 2258,
-"keyword": "program execution"},
{"id": 2259,
+"keyword": "program execution"},
+{"id": 2260,
"keyword": "entire input sequence"},
-{"id": 2260,
+{"id": 2261,
"keyword": "standard textbook proof"},
-{"id": 2261,
+{"id": 2262,
"keyword": "computation based"},
-{"id": 2262,
+{"id": 2263,
"keyword": "hol set"},
-{"id": 2263,
+{"id": 2264,
"keyword": "surprise hanging"},
-{"id": 2264,
+{"id": 2265,
"keyword": "efsms execute traces"},
-{"id": 2265,
+{"id": 2266,
"keyword": "display algebraic numbers"},
-{"id": 2266,
-"keyword": "constant predicates stated"},
{"id": 2267,
+"keyword": "constant predicates stated"},
+{"id": 2268,
"keyword": "mutually inverse"},
-{"id": 2268,
+{"id": 2269,
"keyword": "automotive-gateway system"},
-{"id": 2269,
+{"id": 2270,
"keyword": "type constructor representing"},
-{"id": 2270,
+{"id": 2271,
"keyword": "afp entry complex geometry"},
-{"id": 2271,
+{"id": 2272,
"keyword": "lists representation"},
-{"id": 2272,
+{"id": 2273,
"keyword": "state-based non-deterministic sequential computations"},
-{"id": 2273,
+{"id": 2274,
"keyword": "complete basis"},
-{"id": 2274,
-"keyword": "existing package algorithms"},
{"id": 2275,
+"keyword": "existing package algorithms"},
+{"id": 2276,
"keyword": "target concurrent operating systems"},
-{"id": 2276,
+{"id": 2277,
"keyword": "butterfly scheme"},
-{"id": 2277,
+{"id": 2278,
"keyword": "classical church-rosser theorem"},
-{"id": 2278,
-"keyword": "polychronous systems"},
{"id": 2279,
+"keyword": "polychronous systems"},
+{"id": 2280,
"keyword": "certified declarative first-order prover"},
-{"id": 2280,
-"keyword": "commuting conversion rule"},
{"id": 2281,
-"keyword": "parity wallet bug"},
+"keyword": "commuting conversion rule"},
{"id": 2282,
+"keyword": "parity wallet bug"},
+{"id": 2283,
"keyword": "tame plane graphs"},
-{"id": 2283,
+{"id": 2284,
"keyword": "stream processing functions"},
-{"id": 2284,
-"keyword": "rely guarantee reasoning"},
{"id": 2285,
+"keyword": "rely guarantee reasoning"},
+{"id": 2286,
"keyword": "haskell library"},
-{"id": 2286,
-"keyword": "13 binary relations"},
{"id": 2287,
+"keyword": "13 binary relations"},
+{"id": 2288,
"keyword": "expressing security properties"},
-{"id": 2288,
+{"id": 2289,
"keyword": "turing computability"},
-{"id": 2289,
+{"id": 2290,
"keyword": "encoding"},
-{"id": 2290,
-"keyword": "side product"},
{"id": 2291,
+"keyword": "side product"},
+{"id": 2292,
"keyword": "restricted identification"},
-{"id": 2292,
+{"id": 2293,
"keyword": "order logic"},
-{"id": 2293,
+{"id": 2294,
"keyword": "type checking phase"},
-{"id": 2294,
+{"id": 2295,
"keyword": "natural transformations"},
-{"id": 2295,
+{"id": 2296,
"keyword": "related concepts"},
-{"id": 2296,
+{"id": 2297,
"keyword": "labelled directed graphs"},
-{"id": 2297,
+{"id": 2298,
"keyword": "implementation runs"},
-{"id": 2298,
-"keyword": "proofs correct incompletenesses"},
{"id": 2299,
+"keyword": "proofs correct incompletenesses"},
+{"id": 2300,
"keyword": "existing replication algorithm satisfies"},
-{"id": 2300,
+{"id": 2301,
"keyword": "algorithm top-"},
-{"id": 2301,
+{"id": 2302,
"keyword": "x_1"},
-{"id": 2302,
+{"id": 2303,
"keyword": "complete networks"},
-{"id": 2303,
-"keyword": "multiplicative constants"},
{"id": 2304,
-"keyword": "sifum_type_systems afp entry"},
+"keyword": "multiplicative constants"},
{"id": 2305,
+"keyword": "sifum_type_systems afp entry"},
+{"id": 2306,
"keyword": "tail-recursive implementation"},
-{"id": 2306,
+{"id": 2307,
"keyword": "usable framework"},
-{"id": 2307,
-"keyword": "source coding theorem"},
{"id": 2308,
-"keyword": "von wright"},
+"keyword": "source coding theorem"},
{"id": 2309,
+"keyword": "von wright"},
+{"id": 2310,
"keyword": "paper formalising fisher"},
-{"id": 2310,
+{"id": 2311,
"keyword": "modular assembly kit"},
-{"id": 2311,
+{"id": 2312,
"keyword": "web community"},
-{"id": 2312,
+{"id": 2313,
"keyword": "unrelated times"},
-{"id": 2313,
+{"id": 2314,
"keyword": "stepwise manner"},
-{"id": 2314,
-"keyword": "semantic type soundness"},
{"id": 2315,
+"keyword": "semantic type soundness"},
+{"id": 2316,
"keyword": "linear algebraic techniques"},
-{"id": 2316,
+{"id": 2317,
"keyword": "hoare logic"},
-{"id": 2317,
+{"id": 2318,
"keyword": "multithreaded case"},
-{"id": 2318,
+{"id": 2319,
"keyword": "hintikka set"},
-{"id": 2319,
-"keyword": "derive class instances"},
{"id": 2320,
-"keyword": "efficiently computed"},
+"keyword": "derive class instances"},
{"id": 2321,
+"keyword": "efficiently computed"},
+{"id": 2322,
"keyword": "a_n leq tfrac 1"},
-{"id": 2322,
+{"id": 2323,
"keyword": "polynomial interpolation"},
-{"id": 2323,
-"keyword": "fully automated"},
{"id": 2324,
-"keyword": "concrete function"},
+"keyword": "fully automated"},
{"id": 2325,
+"keyword": "concrete function"},
+{"id": 2326,
"keyword": "pragmatic reasons"},
-{"id": 2326,
+{"id": 2327,
"keyword": "polytimed systems"},
-{"id": 2327,
+{"id": 2328,
"keyword": "executable program"},
-{"id": 2328,
+{"id": 2329,
"keyword": "pythagoras law"},
-{"id": 2329,
+{"id": 2330,
"keyword": "type safety proof"},
-{"id": 2330,
-"keyword": "verifying security policies"},
{"id": 2331,
+"keyword": "verifying security policies"},
+{"id": 2332,
"keyword": "floating-point modulo function"},
-{"id": 2332,
+{"id": 2333,
"keyword": "chomsky normal form"},
-{"id": 2333,
+{"id": 2334,
"keyword": "effectively harness theorem provers"},
-{"id": 2334,
+{"id": 2335,
"keyword": "data structure"},
-{"id": 2335,
+{"id": 2336,
"keyword": "command"},
-{"id": 2336,
+{"id": 2337,
"keyword": "total"},
-{"id": 2337,
+{"id": 2338,
"keyword": "positional determinacy"},
-{"id": 2338,
-"keyword": "separable characters induced moduli"},
{"id": 2339,
+"keyword": "separable characters induced moduli"},
+{"id": 2340,
"keyword": "inductive predicates"},
-{"id": 2340,
+{"id": 2341,
"keyword": "verification back-ends"},
-{"id": 2341,
+{"id": 2342,
"keyword": "jordan_normal_form afp entry"},
-{"id": 2342,
-"keyword": "all-pairs shortest path problem"},
{"id": 2343,
+"keyword": "all-pairs shortest path problem"},
+{"id": 2344,
"keyword": "full asymptotic expansion"},
-{"id": 2344,
-"keyword": "lens class"},
{"id": 2345,
-"keyword": "parameterised process architectures"},
+"keyword": "lens class"},
{"id": 2346,
+"keyword": "parameterised process architectures"},
+{"id": 2347,
"keyword": "shallow embedding manner"},
-{"id": 2347,
+{"id": 2348,
"keyword": "rapidly growing literature"},
-{"id": 2348,
+{"id": 2349,
"keyword": "input processes"},
-{"id": 2349,
+{"id": 2350,
"keyword": "recurrence relation"},
-{"id": 2350,
+{"id": 2351,
"keyword": "modern multiprocessors depend"},
-{"id": 2351,
-"keyword": "input simultaneously"},
{"id": 2352,
-"keyword": "safe-range query"},
+"keyword": "input simultaneously"},
{"id": 2353,
+"keyword": "safe-range query"},
+{"id": 2354,
"keyword": "propositional fragment"},
-{"id": 2354,
+{"id": 2355,
"keyword": "coinductive lists"},
-{"id": 2355,
-"keyword": "number theoretic result"},
{"id": 2356,
+"keyword": "number theoretic result"},
+{"id": 2357,
"keyword": "turing decidability"},
-{"id": 2357,
-"keyword": "refutational completeness"},
{"id": 2358,
+"keyword": "refutational completeness"},
+{"id": 2359,
"keyword": "secure process"},
-{"id": 2359,
-"keyword": "measure preserving transformations"},
{"id": 2360,
-"keyword": "efficient executable code"},
+"keyword": "measure preserving transformations"},
{"id": 2361,
+"keyword": "efficient executable code"},
+{"id": 2362,
"keyword": "java language architecture"},
-{"id": 2362,
+{"id": 2363,
"keyword": "normal subgroups"},
-{"id": 2363,
-"keyword": "internal equivalences"},
{"id": 2364,
+"keyword": "internal equivalences"},
+{"id": 2365,
"keyword": "extensible minimal imperative fragment"},
-{"id": 2365,
-"keyword": "leitsch lei97"},
{"id": 2366,
+"keyword": "leitsch lei97"},
+{"id": 2367,
"keyword": "conditional expressions"},
-{"id": 2367,
+{"id": 2368,
"keyword": "definitional embedding"},
-{"id": 2368,
+{"id": 2369,
"keyword": "constructing sturm sequences efficiently"},
-{"id": 2369,
-"keyword": "finite fourier series"},
{"id": 2370,
+"keyword": "finite fourier series"},
+{"id": 2371,
"keyword": "fixed access frequencies"},
-{"id": 2371,
+{"id": 2372,
"keyword": "hol-multivariate-analysis session"},
-{"id": 2372,
+{"id": 2373,
"keyword": "locale assumptions"},
-{"id": 2373,
-"keyword": "concrete file represented"},
{"id": 2374,
+"keyword": "concrete file represented"},
+{"id": 2375,
"keyword": "polynomial time"},
-{"id": 2375,
-"keyword": "beta_n"},
{"id": 2376,
-"keyword": "communicating concurrent kleene algebra"},
+"keyword": "beta_n"},
{"id": 2377,
+"keyword": "communicating concurrent kleene algebra"},
+{"id": 2378,
"keyword": "re-usable dfs-based algorithms"},
-{"id": 2378,
+{"id": 2379,
"keyword": "development accompanies"},
-{"id": 2379,
-"keyword": "guarded recursive equations"},
{"id": 2380,
+"keyword": "guarded recursive equations"},
+{"id": 2381,
"keyword": "general recursion"},
-{"id": 2381,
-"keyword": "easily adapt existing proofs"},
{"id": 2382,
+"keyword": "easily adapt existing proofs"},
+{"id": 2383,
"keyword": "world code"},
-{"id": 2383,
+{"id": 2384,
"keyword": "problems"},
-{"id": 2384,
+{"id": 2385,
"keyword": "mapping method"},
-{"id": 2385,
-"keyword": "emphasising local spatial properties"},
{"id": 2386,
+"keyword": "emphasising local spatial properties"},
+{"id": 2387,
"keyword": "stronger notion"},
-{"id": 2387,
+{"id": 2388,
"keyword": "tree automata"},
-{"id": 2388,
+{"id": 2389,
"keyword": "automatic theorem prover"},
-{"id": 2389,
+{"id": 2390,
"keyword": "typing rules"},
-{"id": 2390,
+{"id": 2391,
"keyword": "augustin louis cauchy"},
-{"id": 2391,
+{"id": 2392,
"keyword": "traditional proof outlines"},
-{"id": 2392,
+{"id": 2393,
"keyword": "proof terms"},
-{"id": 2393,
-"keyword": "geodesic gromov-hyperbolic space"},
{"id": 2394,
+"keyword": "geodesic gromov-hyperbolic space"},
+{"id": 2395,
"keyword": "order types"},
-{"id": 2395,
+{"id": 2396,
"keyword": "suitable inductive predicate"},
-{"id": 2396,
+{"id": 2397,
"keyword": "developing aspects"},
-{"id": 2397,
+{"id": 2398,
"keyword": "linux netfilter iptables firewall"},
-{"id": 2398,
+{"id": 2399,
"keyword": "ordering properties"},
-{"id": 2399,
+{"id": 2400,
"keyword": "hereditary base 2"},
-{"id": 2400,
+{"id": 2401,
"keyword": "insurance products"},
-{"id": 2401,
-"keyword": "timing functions"},
{"id": 2402,
+"keyword": "timing functions"},
+{"id": 2403,
"keyword": "list module"},
-{"id": 2403,
+{"id": 2404,
"keyword": "128bit words"},
-{"id": 2404,
+{"id": 2405,
"keyword": "core theorems"},
-{"id": 2405,
-"keyword": "worker wrapper transformation"},
{"id": 2406,
+"keyword": "worker wrapper transformation"},
+{"id": 2407,
"keyword": "implementation supports set membership"},
-{"id": 2407,
-"keyword": "longest recognized substrings"},
{"id": 2408,
-"keyword": "initial nonterminal"},
+"keyword": "longest recognized substrings"},
{"id": 2409,
+"keyword": "initial nonterminal"},
+{"id": 2410,
"keyword": "insecure channel controlled"},
-{"id": 2410,
+{"id": 2411,
"keyword": "utility functions"},
-{"id": 2411,
-"keyword": "unified view"},
{"id": 2412,
+"keyword": "unified view"},
+{"id": 2413,
"keyword": "underlying commented theories"},
-{"id": 2413,
-"keyword": "software security"},
{"id": 2414,
+"keyword": "software security"},
+{"id": 2415,
"keyword": "deeply embedded target programs"},
-{"id": 2415,
+{"id": 2416,
"keyword": "achieve compositionality"},
-{"id": 2416,
+{"id": 2417,
"keyword": "type definitions"},
-{"id": 2417,
-"keyword": "priority search tree"},
{"id": 2418,
+"keyword": "priority search tree"},
+{"id": 2419,
"keyword": "complicated derivatives"},
-{"id": 2419,
+{"id": 2420,
"keyword": "resulting bst"},
-{"id": 2420,
+{"id": 2421,
"keyword": "decision"},
-{"id": 2421,
+{"id": 2422,
"keyword": "incomparable results"},
-{"id": 2422,
+{"id": 2423,
"keyword": "clear formalisation"},
-{"id": 2423,
+{"id": 2424,
"keyword": "total supremum function"},
-{"id": 2424,
+{"id": 2425,
"keyword": "extension formally represents"},
-{"id": 2425,
-"keyword": "normal filters"},
{"id": 2426,
+"keyword": "normal filters"},
+{"id": 2427,
"keyword": "rob arthan"},
-{"id": 2427,
+{"id": 2428,
"keyword": "pseudo-bl algebras"},
-{"id": 2428,
+{"id": 2429,
"keyword": "purely functional algorithms"},
-{"id": 2429,
+{"id": 2430,
"keyword": "mathematical development"},
-{"id": 2430,
-"keyword": "optimizations heuristics"},
{"id": 2431,
-"keyword": "borel-measurable random variables"},
+"keyword": "optimizations heuristics"},
{"id": 2432,
+"keyword": "borel-measurable random variables"},
+{"id": 2433,
"keyword": "checkers operate"},
-{"id": 2433,
+{"id": 2434,
"keyword": "short proof"},
-{"id": 2434,
-"keyword": "total correctness based"},
{"id": 2435,
-"keyword": "real ideal world paradigm"},
+"keyword": "total correctness based"},
{"id": 2436,
+"keyword": "real ideal world paradigm"},
+{"id": 2437,
"keyword": "arbitrary univariate polynomials"},
-{"id": 2437,
+{"id": 2438,
"keyword": "basic framework"},
-{"id": 2438,
+{"id": 2439,
"keyword": "game-based cryptographic security notions"},
-{"id": 2439,
+{"id": 2440,
"keyword": "test strategies"},
-{"id": 2440,
+{"id": 2441,
"keyword": "general solver"},
-{"id": 2441,
-"keyword": "threat models"},
{"id": 2442,
+"keyword": "threat models"},
+{"id": 2443,
"keyword": "fredkin cacm 1960"},
-{"id": 2443,
+{"id": 2444,
"keyword": "induction"},
-{"id": 2444,
+{"id": 2445,
"keyword": "uniform global clock"},
-{"id": 2445,
+{"id": 2446,
"keyword": "mechanical derivation"},
-{"id": 2446,
-"keyword": "proof sketch"},
{"id": 2447,
-"keyword": "55th theorem"},
+"keyword": "proof sketch"},
{"id": 2448,
+"keyword": "55th theorem"},
+{"id": 2449,
"keyword": "specific instantiations"},
-{"id": 2449,
+{"id": 2450,
"keyword": "infinite iteration"},
-{"id": 2450,
-"keyword": "parameterized verification framework"},
{"id": 2451,
-"keyword": "probabilistic noninterference"},
+"keyword": "parameterized verification framework"},
{"id": 2452,
+"keyword": "probabilistic noninterference"},
+{"id": 2453,
"keyword": "prior non-mechanized soundness proofs"},
-{"id": 2453,
+{"id": 2454,
"keyword": "planning system fast-downward"},
-{"id": 2454,
+{"id": 2455,
"keyword": "total store order"},
-{"id": 2455,
+{"id": 2456,
"keyword": "type system"},
-{"id": 2456,
+{"id": 2457,
"keyword": "verifythis competition series"},
-{"id": 2457,
-"keyword": "cartesian categories"},
{"id": 2458,
+"keyword": "cartesian categories"},
+{"id": 2459,
"keyword": "direct product"},
-{"id": 2459,
+{"id": 2460,
"keyword": "special case"},
-{"id": 2460,
+{"id": 2461,
"keyword": "free boolean algebra"},
-{"id": 2461,
+{"id": 2462,
"keyword": "static interprocedural slicing"},
-{"id": 2462,
+{"id": 2463,
"keyword": "connected open set"},
-{"id": 2463,
+{"id": 2464,
"keyword": "building"},
-{"id": 2464,
+{"id": 2465,
"keyword": "meet schneider"},
-{"id": 2465,
-"keyword": "dynamic context"},
{"id": 2466,
+"keyword": "dynamic context"},
+{"id": 2467,
"keyword": "coherence theorem"},
-{"id": 2467,
+{"id": 2468,
"keyword": "set categories"},
-{"id": 2468,
+{"id": 2469,
"keyword": "step functions"},
-{"id": 2469,
-"keyword": "practical interoperability protocol"},
{"id": 2470,
+"keyword": "practical interoperability protocol"},
+{"id": 2471,
"keyword": "general purpose data structure"},
-{"id": 2471,
-"keyword": "proof method"},
{"id": 2472,
-"keyword": "diophantine approximations"},
+"keyword": "proof method"},
{"id": 2473,
+"keyword": "diophantine approximations"},
+{"id": 2474,
"keyword": "identifies posix"},
-{"id": 2474,
+{"id": 2475,
"keyword": "factor polynomials"},
-{"id": 2475,
-"keyword": "success probability"},
{"id": 2476,
+"keyword": "success probability"},
+{"id": 2477,
"keyword": "concrete sigma-protocols"},
-{"id": 2477,
-"keyword": "expand stone relation algebras"},
{"id": 2478,
+"keyword": "expand stone relation algebras"},
+{"id": 2479,
"keyword": "effectively executable"},
-{"id": 2479,
+{"id": 2480,
"keyword": "mechanising proofs"},
-{"id": 2480,
+{"id": 2481,
"keyword": "partial orders"},
-{"id": 2481,
-"keyword": "mdp model checking"},
{"id": 2482,
+"keyword": "mdp model checking"},
+{"id": 2483,
"keyword": "providing stronger guarantees"},
-{"id": 2483,
+{"id": 2484,
"keyword": "lambda calculus"},
-{"id": 2484,
+{"id": 2485,
"keyword": "element set"},
-{"id": 2485,
+{"id": 2486,
"keyword": "landmark theorem due"},
-{"id": 2486,
+{"id": 2487,
"keyword": "classic quantifier elimination"},
-{"id": 2487,
+{"id": 2488,
"keyword": "game-based definitions"},
-{"id": 2488,
+{"id": 2489,
"keyword": "natural-language explanations"},
-{"id": 2489,
-"keyword": "large transitive closures"},
{"id": 2490,
+"keyword": "large transitive closures"},
+{"id": 2491,
"keyword": "static openflow rules"},
-{"id": 2491,
+{"id": 2492,
"keyword": "default instantiation"},
-{"id": 2492,
+{"id": 2493,
"keyword": "mentioned properties"},
-{"id": 2493,
+{"id": 2494,
"keyword": "verify truth tables"},
-{"id": 2494,
-"keyword": "substructural logics"},
{"id": 2495,
-"keyword": "standard algorithms textbooks"},
+"keyword": "substructural logics"},
{"id": 2496,
+"keyword": "standard algorithms textbooks"},
+{"id": 2497,
"keyword": "key value-pairs"},
-{"id": 2497,
+{"id": 2498,
"keyword": "machine checked proofs"},
-{"id": 2498,
-"keyword": "kleene star arise"},
{"id": 2499,
-"keyword": "formally verified implementation"},
+"keyword": "kleene star arise"},
{"id": 2500,
+"keyword": "formally verified implementation"},
+{"id": 2501,
"keyword": "autonomous systems"},
-{"id": 2501,
+{"id": 2502,
"keyword": "implementation mixes"},
-{"id": 2502,
+{"id": 2503,
"keyword": "slightly advanced properties"},
-{"id": 2503,
+{"id": 2504,
"keyword": "discussion logs"},
-{"id": 2504,
+{"id": 2505,
"keyword": "generic imperative language embedded"},
-{"id": 2505,
-"keyword": "basic path manipulation rules"},
{"id": 2506,
+"keyword": "basic path manipulation rules"},
+{"id": 2507,
"keyword": "fully automatic tools"},
-{"id": 2507,
+{"id": 2508,
"keyword": "distinct network nodes"},
-{"id": 2508,
+{"id": 2509,
"keyword": "triangle"},
-{"id": 2509,
+{"id": 2510,
"keyword": "plotkin existential"},
-{"id": 2510,
-"keyword": "feature nice mathematical properties"},
{"id": 2511,
-"keyword": "macaulay matrix"},
+"keyword": "feature nice mathematical properties"},
{"id": 2512,
+"keyword": "macaulay matrix"},
+{"id": 2513,
"keyword": "boolean algebras generalise"},
-{"id": 2513,
+{"id": 2514,
"keyword": "upf emphasizes"},
-{"id": 2514,
-"keyword": "reasonable efficiency"},
{"id": 2515,
+"keyword": "reasonable efficiency"},
+{"id": 2516,
"keyword": "explicit syntactic form"},
-{"id": 2516,
-"keyword": "type inference rules"},
{"id": 2517,
+"keyword": "type inference rules"},
+{"id": 2518,
"keyword": "calculus immediately implies"},
-{"id": 2518,
-"keyword": "underlying theory"},
{"id": 2519,
-"keyword": "individual components"},
+"keyword": "underlying theory"},
{"id": 2520,
+"keyword": "individual components"},
+{"id": 2521,
"keyword": "descartes test returns 0"},
-{"id": 2521,
+{"id": 2522,
"keyword": "divided differences"},
-{"id": 2522,
-"keyword": "model existence theorem"},
{"id": 2523,
+"keyword": "model existence theorem"},
+{"id": 2524,
"keyword": "executable denotational semantics"},
-{"id": 2524,
-"keyword": "wireless mesh network"},
{"id": 2525,
+"keyword": "wireless mesh network"},
+{"id": 2526,
"keyword": "monotonic property transformers"},
-{"id": 2526,
-"keyword": "prefix match"},
{"id": 2527,
-"keyword": "analytic proof"},
+"keyword": "prefix match"},
{"id": 2528,
+"keyword": "analytic proof"},
+{"id": 2529,
"keyword": "safe distance"},
-{"id": 2529,
+{"id": 2530,
"keyword": "existing implementation"},
-{"id": 2530,
-"keyword": "natural logarithm"},
{"id": 2531,
-"keyword": "automatically transferable"},
+"keyword": "natural logarithm"},
{"id": 2532,
+"keyword": "automatically transferable"},
+{"id": 2533,
"keyword": "oopsla 2006 paper"},
-{"id": 2533,
+{"id": 2534,
"keyword": "modern environment"},
-{"id": 2534,
+{"id": 2535,
"keyword": "dynamic architectures"},
-{"id": 2535,
+{"id": 2536,
"keyword": "simulate minsky machines"},
-{"id": 2536,
+{"id": 2537,
"keyword": "binomial heaps"},
-{"id": 2537,
-"keyword": "classifies topological spaces"},
{"id": 2538,
+"keyword": "classifies topological spaces"},
+{"id": 2539,
"keyword": "partial meet contraction"},
-{"id": 2539,
+{"id": 2540,
"keyword": "standard signature algorithm"},
-{"id": 2540,
+{"id": 2541,
"keyword": "selection functions"},
-{"id": 2541,
+{"id": 2542,
"keyword": "peano arithmetic"},
-{"id": 2542,
-"keyword": "fully formally verified"},
{"id": 2543,
-"keyword": "files"},
+"keyword": "fully formally verified"},
{"id": 2544,
+"keyword": "files"},
+{"id": 2545,
"keyword": "automated reasoning 52"},
-{"id": 2545,
+{"id": 2546,
"keyword": "involves extensive reasoning"},
-{"id": 2546,
-"keyword": "pointwise updates"},
{"id": 2547,
+"keyword": "pointwise updates"},
+{"id": 2548,
"keyword": "category theory"},
-{"id": 2548,
-"keyword": "vector fields"},
{"id": 2549,
+"keyword": "vector fields"},
+{"id": 2550,
"keyword": "direct mathematical model"},
-{"id": 2550,
-"keyword": "group generated"},
{"id": 2551,
-"keyword": "interesting format"},
+"keyword": "group generated"},
{"id": 2552,
+"keyword": "interesting format"},
+{"id": 2553,
"keyword": "random element"},
-{"id": 2553,
+{"id": 2554,
"keyword": "simple imperative language"},
-{"id": 2554,
-"keyword": "modal kleene algebra"},
{"id": 2555,
+"keyword": "modal kleene algebra"},
+{"id": 2556,
"keyword": "arbitrary fields"},
-{"id": 2556,
-"keyword": "roger lipsett"},
{"id": 2557,
+"keyword": "roger lipsett"},
+{"id": 2558,
"keyword": "probabilistic system types"},
-{"id": 2558,
-"keyword": "existing pen-and-paper proof"},
{"id": 2559,
-"keyword": "working mathematician"},
+"keyword": "existing pen-and-paper proof"},
{"id": 2560,
+"keyword": "working mathematician"},
+{"id": 2561,
"keyword": "squarefree integers"},
-{"id": 2561,
+{"id": 2562,
"keyword": "heap property"},
-{"id": 2562,
-"keyword": "beautiful result"},
{"id": 2563,
-"keyword": "factorisation algorithm"},
+"keyword": "beautiful result"},
{"id": 2564,
+"keyword": "factorisation algorithm"},
+{"id": 2565,
"keyword": "simple techniques"},
-{"id": 2565,
+{"id": 2566,
"keyword": "arbitrary natural sets"},
-{"id": 2566,
+{"id": 2567,
"keyword": "christoph benzm uuml"},
-{"id": 2567,
+{"id": 2568,
"keyword": "combinable wand"},
-{"id": 2568,
+{"id": 2569,
"keyword": "failure-prone environments"},
-{"id": 2569,
-"keyword": "abstract cryptography"},
{"id": 2570,
+"keyword": "abstract cryptography"},
+{"id": 2571,
"keyword": "simpler secure processes"},
-{"id": 2571,
+{"id": 2572,
"keyword": "sim sqrt 2 pi"},
-{"id": 2572,
+{"id": 2573,
"keyword": "rigorous polynomial approximation"},
-{"id": 2573,
+{"id": 2574,
"keyword": "cardinality facts relevant"},
-{"id": 2574,
-"keyword": "source-to-assembly step matching"},
{"id": 2575,
-"keyword": "lambda-calculus"},
+"keyword": "source-to-assembly step matching"},
{"id": 2576,
+"keyword": "lambda-calculus"},
+{"id": 2577,
"keyword": "fundamental theorem"},
-{"id": 2577,
+{"id": 2578,
"keyword": "routing table entry"},
-{"id": 2578,
-"keyword": "called object constraint language"},
{"id": 2579,
-"keyword": "logically safe"},
+"keyword": "called object constraint language"},
{"id": 2580,
+"keyword": "logically safe"},
+{"id": 2581,
"keyword": "non-relational reasoning"},
-{"id": 2581,
+{"id": 2582,
"keyword": "intuitive combinatorial proof"},
-{"id": 2582,
+{"id": 2583,
"keyword": "tphols 2008 paper"},
-{"id": 2583,
+{"id": 2584,
"keyword": "floyd-warshall algorithm"},
-{"id": 2584,
+{"id": 2585,
"keyword": "single event list varying"},
-{"id": 2585,
-"keyword": "church-encoded representation"},
{"id": 2586,
+"keyword": "church-encoded representation"},
+{"id": 2587,
"keyword": "recursive inseparability"},
-{"id": 2587,
+{"id": 2588,
"keyword": "hierarchical transactions"},
-{"id": 2588,
+{"id": 2589,
"keyword": "low-degree polynomials"},
-{"id": 2589,
+{"id": 2590,
"keyword": "declaring nominal datatypes"},
-{"id": 2590,
+{"id": 2591,
"keyword": "widening operation"},
-{"id": 2591,
+{"id": 2592,
"keyword": "full permission"},
-{"id": 2592,
+{"id": 2593,
"keyword": "weak preferences"},
-{"id": 2593,
-"keyword": "generic theory"},
{"id": 2594,
+"keyword": "generic theory"},
+{"id": 2595,
"keyword": "ocl specification"},
-{"id": 2595,
+{"id": 2596,
"keyword": "original expression"},
-{"id": 2596,
+{"id": 2597,
"keyword": "euler trails"},
-{"id": 2597,
-"keyword": "mutually recursive functions"},
{"id": 2598,
+"keyword": "mutually recursive functions"},
+{"id": 2599,
"keyword": "isomorphisms results"},
-{"id": 2599,
-"keyword": "hol light development"},
{"id": 2600,
-"keyword": "numerical algorithms"},
+"keyword": "hol light development"},
{"id": 2601,
+"keyword": "numerical algorithms"},
+{"id": 2602,
"keyword": "special form"},
-{"id": 2602,
+{"id": 2603,
"keyword": "upcoming entry iptables semantics"},
-{"id": 2603,
+{"id": 2604,
"keyword": "x86-64 assembly instructions"},
-{"id": 2604,
+{"id": 2605,
"keyword": "great body"},
-{"id": 2605,
+{"id": 2606,
"keyword": "sliced graph"},
-{"id": 2606,
-"keyword": "function zeta"},
{"id": 2607,
-"keyword": "van der waerden"},
+"keyword": "function zeta"},
{"id": 2608,
+"keyword": "van der waerden"},
+{"id": 2609,
"keyword": "pretty printing"},
-{"id": 2609,
+{"id": 2610,
"keyword": "memory model"},
-{"id": 2610,
-"keyword": "directly inspired"},
{"id": 2611,
+"keyword": "directly inspired"},
+{"id": 2612,
"keyword": "phi functions"},
-{"id": 2612,
-"keyword": "security configuration actual firewall"},
{"id": 2613,
+"keyword": "security configuration actual firewall"},
+{"id": 2614,
"keyword": "knuth bendix orders"},
-{"id": 2614,
-"keyword": "belief change"},
{"id": 2615,
-"keyword": "arctic interpretations"},
+"keyword": "belief change"},
{"id": 2616,
+"keyword": "arctic interpretations"},
+{"id": 2617,
"keyword": "bounded operators"},
-{"id": 2617,
+{"id": 2618,
"keyword": "harm security"},
-{"id": 2618,
-"keyword": "separate afp entries goedel_hfset_semantic"},
{"id": 2619,
+"keyword": "separate afp entries goedel_hfset_semantic"},
+{"id": 2620,
"keyword": "frequency moment"},
-{"id": 2620,
-"keyword": "arbitrary network topologies"},
{"id": 2621,
+"keyword": "arbitrary network topologies"},
+{"id": 2622,
"keyword": "theorem implies combinatorial planarity"},
-{"id": 2622,
+{"id": 2623,
"keyword": "expected internal path length"},
-{"id": 2623,
+{"id": 2624,
"keyword": "stronger version"},
-{"id": 2624,
-"keyword": "solving linear programs"},
{"id": 2625,
+"keyword": "solving linear programs"},
+{"id": 2626,
"keyword": "entry formally"},
-{"id": 2626,
+{"id": 2627,
"keyword": "discrete summation"},
-{"id": 2627,
+{"id": 2628,
"keyword": "compact intervals"},
-{"id": 2628,
-"keyword": "complexity low"},
{"id": 2629,
+"keyword": "complexity low"},
+{"id": 2630,
"keyword": "source type"},
-{"id": 2630,
-"keyword": "meaningless encodings"},
{"id": 2631,
-"keyword": "yielding dynamic programming algorithms"},
+"keyword": "meaningless encodings"},
{"id": 2632,
+"keyword": "yielding dynamic programming algorithms"},
+{"id": 2633,
"keyword": "hol formalization builds"},
-{"id": 2633,
+{"id": 2634,
"keyword": "abstract separation algebra"},
-{"id": 2634,
-"keyword": "handle changing beliefs"},
{"id": 2635,
+"keyword": "handle changing beliefs"},
+{"id": 2636,
"keyword": "exploiting type classes"},
-{"id": 2636,
-"keyword": "linear programs"},
{"id": 2637,
+"keyword": "linear programs"},
+{"id": 2638,
"keyword": "hol proof assistant"},
-{"id": 2638,
+{"id": 2639,
"keyword": "current monolithic protocols"},
-{"id": 2639,
+{"id": 2640,
"keyword": "partial correctness"},
-{"id": 2640,
-"keyword": "finite collection"},
{"id": 2641,
+"keyword": "finite collection"},
+{"id": 2642,
"keyword": "manipulating data types"},
-{"id": 2642,
+{"id": 2643,
"keyword": "library base"},
-{"id": 2643,
+{"id": 2644,
"keyword": "sophisticated object-oriented bytecode language"},
-{"id": 2644,
+{"id": 2645,
"keyword": "probable hidden state sequence"},
-{"id": 2645,
+{"id": 2646,
"keyword": "finger tree"},
-{"id": 2646,
+{"id": 2647,
"keyword": "optimality equations"},
-{"id": 2647,
+{"id": 2648,
"keyword": "latin square"},
-{"id": 2648,
-"keyword": "combine classical reasoning"},
{"id": 2649,
+"keyword": "combine classical reasoning"},
+{"id": 2650,
"keyword": "relevant proof methods"},
-{"id": 2650,
+{"id": 2651,
"keyword": "magic wand formula"},
-{"id": 2651,
+{"id": 2652,
"keyword": "complete formalization"},
-{"id": 2652,
+{"id": 2653,
"keyword": "purely syntactic normalisation procedure"},
-{"id": 2653,
+{"id": 2654,
"keyword": "generic algorithm"},
-{"id": 2654,
+{"id": 2655,
"keyword": "formalizations differ mathematically"},
-{"id": 2655,
+{"id": 2656,
"keyword": "computing dominators"},
-{"id": 2656,
-"keyword": "relational constructors"},
{"id": 2657,
+"keyword": "relational constructors"},
+{"id": 2658,
"keyword": "simplicial complexes"},
-{"id": 2658,
+{"id": 2659,
"keyword": "induction principle"},
-{"id": 2659,
+{"id": 2660,
"keyword": "correct binomial heaps"},
-{"id": 2660,
-"keyword": "information flow security"},
{"id": 2661,
+"keyword": "information flow security"},
+{"id": 2662,
"keyword": "basic concepts"},
-{"id": 2662,
-"keyword": "present formalisation formed"},
{"id": 2663,
-"keyword": "significant piece"},
+"keyword": "present formalisation formed"},
{"id": 2664,
+"keyword": "significant piece"},
+{"id": 2665,
"keyword": "safe regression test selection"},
-{"id": 2665,
+{"id": 2666,
"keyword": "internal path length"},
-{"id": 2666,
-"keyword": "avoid cascading linking"},
{"id": 2667,
+"keyword": "avoid cascading linking"},
+{"id": 2668,
"keyword": "dirichlet l-functions"},
-{"id": 2668,
-"keyword": "interactive proof assistant"},
{"id": 2669,
+"keyword": "interactive proof assistant"},
+{"id": 2670,
"keyword": "article added additional material"},
-{"id": 2670,
+{"id": 2671,
"keyword": "shadow tree"},
-{"id": 2671,
+{"id": 2672,
"keyword": "prime number"},
-{"id": 2672,
-"keyword": "representation independence"},
{"id": 2673,
+"keyword": "representation independence"},
+{"id": 2674,
"keyword": "landau symbol"},
-{"id": 2674,
+{"id": 2675,
"keyword": "essentially follow"},
-{"id": 2675,
+{"id": 2676,
"keyword": "additively idempotent semirings"},
-{"id": 2676,
+{"id": 2677,
"keyword": "complex unknowns x1"},
-{"id": 2677,
+{"id": 2678,
"keyword": "byzantine fault-tolerant clock synchronization"},
-{"id": 2678,
+{"id": 2679,
"keyword": "closely follow"},
-{"id": 2679,
+{"id": 2680,
"keyword": "shaz qadeer"},
-{"id": 2680,
-"keyword": "complex systems involves"},
{"id": 2681,
+"keyword": "complex systems involves"},
+{"id": 2682,
"keyword": "solving equational systems"},
-{"id": 2682,
+{"id": 2683,
"keyword": "safe ocl typing rules"},
-{"id": 2683,
+{"id": 2684,
"keyword": "delta system lemma sessions"},
-{"id": 2684,
+{"id": 2685,
"keyword": "theorem due"},
-{"id": 2685,
-"keyword": "temporal order"},
{"id": 2686,
-"keyword": "infrastructure previously"},
+"keyword": "temporal order"},
{"id": 2687,
+"keyword": "infrastructure previously"},
+{"id": 2688,
"keyword": "specification holds"},
-{"id": 2688,
+{"id": 2689,
"keyword": "skew links"},
-{"id": 2689,
-"keyword": "transactional memory"},
{"id": 2690,
-"keyword": "unique squarefree decomposition"},
+"keyword": "transactional memory"},
{"id": 2691,
+"keyword": "unique squarefree decomposition"},
+{"id": 2692,
"keyword": "abstract soundness"},
-{"id": 2692,
+{"id": 2693,
"keyword": "beta_1"},
-{"id": 2693,
+{"id": 2694,
"keyword": "discrete stochastic dynamic programming"},
-{"id": 2694,
+{"id": 2695,
"keyword": "highly modular"},
-{"id": 2695,
+{"id": 2696,
"keyword": "transcendental numbers"},
-{"id": 2696,
-"keyword": "extra assumptions"},
{"id": 2697,
+"keyword": "extra assumptions"},
+{"id": 2698,
"keyword": "fully json compliant"},
-{"id": 2698,
+{"id": 2699,
"keyword": "instantiation draws heavily"},
-{"id": 2699,
+{"id": 2700,
"keyword": "stuttering equivalence afp-entry"},
-{"id": 2700,
+{"id": 2701,
"keyword": "incompleteness theorem"},
-{"id": 2701,
-"keyword": "general form"},
{"id": 2702,
-"keyword": "coarse-grained semantics"},
+"keyword": "general form"},
{"id": 2703,
+"keyword": "coarse-grained semantics"},
+{"id": 2704,
"keyword": "early result"},
-{"id": 2704,
+{"id": 2705,
"keyword": "core dom"},
-{"id": 2705,
-"keyword": "trace set processes"},
{"id": 2706,
+"keyword": "trace set processes"},
+{"id": 2707,
"keyword": "theorem applying"},
-{"id": 2707,
-"keyword": "present polished"},
{"id": 2708,
+"keyword": "present polished"},
+{"id": 2709,
"keyword": "graph representation"},
-{"id": 2709,
-"keyword": "large number"},
{"id": 2710,
-"keyword": "classical propositional logic"},
+"keyword": "large number"},
{"id": 2711,
+"keyword": "classical propositional logic"},
+{"id": 2712,
"keyword": "context-free grammar"},
-{"id": 2712,
+{"id": 2713,
"keyword": "lee cl73"},
-{"id": 2713,
-"keyword": "reusable modelling"},
{"id": 2714,
+"keyword": "reusable modelling"},
+{"id": 2715,
"keyword": "security invariants hold"},
-{"id": 2715,
-"keyword": "simple programming language"},
{"id": 2716,
+"keyword": "simple programming language"},
+{"id": 2717,
"keyword": "gibbard-satterthwaite theorem"},
-{"id": 2717,
-"keyword": "compcertssa project"},
{"id": 2718,
-"keyword": "linear upper bound"},
+"keyword": "compcertssa project"},
{"id": 2719,
+"keyword": "linear upper bound"},
+{"id": 2720,
"keyword": "formula mdp ta pta"},
-{"id": 2720,
+{"id": 2721,
"keyword": "quantic nuclei"},
-{"id": 2721,
-"keyword": "non-deterministic interpreter"},
{"id": 2722,
-"keyword": "embedding path order"},
+"keyword": "non-deterministic interpreter"},
{"id": 2723,
+"keyword": "embedding path order"},
+{"id": 2724,
"keyword": "convergence rate"},
-{"id": 2724,
+{"id": 2725,
"keyword": "textbook types"},
-{"id": 2725,
+{"id": 2726,
"keyword": "discrete financial models"},
-{"id": 2726,
+{"id": 2727,
"keyword": "wireless networks"},
-{"id": 2727,
+{"id": 2728,
"keyword": "mechanical theorem proving"},
-{"id": 2728,
-"keyword": "jan kretinsky proposed"},
{"id": 2729,
+"keyword": "jan kretinsky proposed"},
+{"id": 2730,
"keyword": "infinite subset"},
-{"id": 2730,
+{"id": 2731,
"keyword": "reflection-based decision procedure"},
-{"id": 2731,
+{"id": 2732,
"keyword": "int_0 infty b_n"},
-{"id": 2732,
+{"id": 2733,
"keyword": "general cost functions"},
-{"id": 2733,
-"keyword": "ch research verifythis"},
{"id": 2734,
-"keyword": "prim"},
+"keyword": "ch research verifythis"},
{"id": 2735,
+"keyword": "prim"},
+{"id": 2736,
"keyword": "sparcv8 instruction set architecture"},
-{"id": 2736,
+{"id": 2737,
"keyword": "ordered bdd"},
-{"id": 2737,
-"keyword": "incorporate smoothly"},
{"id": 2738,
+"keyword": "incorporate smoothly"},
+{"id": 2739,
"keyword": "java interactive verification environment"},
-{"id": 2739,
-"keyword": "time complexity bound"},
{"id": 2740,
+"keyword": "time complexity bound"},
+{"id": 2741,
"keyword": "rules controls"},
-{"id": 2741,
-"keyword": "theorem prover"},
{"id": 2742,
-"keyword": "decrease efficiency"},
+"keyword": "theorem prover"},
{"id": 2743,
+"keyword": "decrease efficiency"},
+{"id": 2744,
"keyword": "separation algebra"},
-{"id": 2744,
+{"id": 2745,
"keyword": "refined version"},
-{"id": 2745,
-"keyword": "facts involving algebraic laws"},
{"id": 2746,
+"keyword": "facts involving algebraic laws"},
+{"id": 2747,
"keyword": "indefinitely long sequence"},
-{"id": 2747,
-"keyword": "fundamental objects"},
{"id": 2748,
+"keyword": "fundamental objects"},
+{"id": 2749,
"keyword": "open induction schema based"},
-{"id": 2749,
+{"id": 2750,
"keyword": "dependent choices"},
-{"id": 2750,
+{"id": 2751,
"keyword": "temporal operators"},
-{"id": 2751,
-"keyword": "obtain concrete upper bounds"},
{"id": 2752,
+"keyword": "obtain concrete upper bounds"},
+{"id": 2753,
"keyword": "verify spoofing protection"},
-{"id": 2753,
+{"id": 2754,
"keyword": "significantly worse"},
-{"id": 2754,
+{"id": 2755,
"keyword": "type class functions"},
-{"id": 2755,
-"keyword": "common format"},
{"id": 2756,
+"keyword": "common format"},
+{"id": 2757,
"keyword": "guarantee condition"},
-{"id": 2757,
-"keyword": "fairly rudimentary"},
{"id": 2758,
-"keyword": "relation reduces"},
+"keyword": "fairly rudimentary"},
{"id": 2759,
+"keyword": "relation reduces"},
+{"id": 2760,
"keyword": "petersen aplas 2012"},
-{"id": 2760,
+{"id": 2761,
"keyword": "strips soundness meta-theory"},
-{"id": 2761,
-"keyword": "code"},
{"id": 2762,
+"keyword": "code"},
+{"id": 2763,
"keyword": "popular theorems attributed"},
-{"id": 2763,
-"keyword": "puzzle"},
{"id": 2764,
+"keyword": "puzzle"},
+{"id": 2765,
"keyword": "registering automatic methods"},
-{"id": 2765,
+{"id": 2766,
"keyword": "executable monitor"},
-{"id": 2766,
+{"id": 2767,
"keyword": "cryptographic operators"},
-{"id": 2767,
-"keyword": "previous berlekamp zassenhaus development"},
{"id": 2768,
+"keyword": "previous berlekamp zassenhaus development"},
+{"id": 2769,
"keyword": "paraconsistent many-"},
-{"id": 2769,
+{"id": 2770,
"keyword": "extended complex plane"},
-{"id": 2770,
+{"id": 2771,
"keyword": "non-deterministic buechi-automaton"},
-{"id": 2771,
+{"id": 2772,
"keyword": "x1j hellip"},
-{"id": 2772,
+{"id": 2773,
"keyword": "simplex algorithm"},
-{"id": 2773,
+{"id": 2774,
"keyword": "higher order logic"},
-{"id": 2774,
+{"id": 2775,
"keyword": "reachable nodes"},
-{"id": 2775,
-"keyword": "classical theorem stating"},
{"id": 2776,
+"keyword": "classical theorem stating"},
+{"id": 2777,
"keyword": "basic part"},
-{"id": 2777,
+{"id": 2778,
"keyword": "book concrete semantics"},
-{"id": 2778,
+{"id": 2779,
"keyword": "concern geometry"},
-{"id": 2779,
+{"id": 2780,
"keyword": "nnf-based algorithms"},
-{"id": 2780,
+{"id": 2781,
"keyword": "de bruijn index-based syntax"},
-{"id": 2781,
+{"id": 2782,
"keyword": "destination ip space"},
-{"id": 2782,
+{"id": 2783,
"keyword": "floating-point computation"},
-{"id": 2783,
-"keyword": "secure auto-completion"},
{"id": 2784,
+"keyword": "secure auto-completion"},
+{"id": 2785,
"keyword": "generating function equivalence proof"},
-{"id": 2785,
+{"id": 2786,
"keyword": "random serial dictatorship"},
-{"id": 2786,
+{"id": 2787,
"keyword": "metaphysical theory"},
-{"id": 2787,
-"keyword": "theorems stated"},
{"id": 2788,
+"keyword": "theorems stated"},
+{"id": 2789,
"keyword": "32-bit signed word"},
-{"id": 2789,
-"keyword": "flowgraph-based program model"},
{"id": 2790,
-"keyword": "multiple positions"},
+"keyword": "flowgraph-based program model"},
{"id": 2791,
+"keyword": "multiple positions"},
+{"id": 2792,
"keyword": "non-strict function abstractions"},
-{"id": 2792,
+{"id": 2793,
"keyword": "information-flow security applicable"},
-{"id": 2793,
-"keyword": "party cryptographic primitives"},
{"id": 2794,
+"keyword": "party cryptographic primitives"},
+{"id": 2795,
"keyword": "lattice supremum providing"},
-{"id": 2795,
-"keyword": "additional theorems"},
{"id": 2796,
+"keyword": "additional theorems"},
+{"id": 2797,
"keyword": "output port"},
-{"id": 2797,
+{"id": 2798,
"keyword": "verify algorithms"},
-{"id": 2798,
+{"id": 2799,
"keyword": "covers algebraic reasoning"},
-{"id": 2799,
-"keyword": "interleaves"},
{"id": 2800,
+"keyword": "interleaves"},
+{"id": 2801,
"keyword": "tree decomposition"},
-{"id": 2801,
+{"id": 2802,
"keyword": "framework features"},
-{"id": 2802,
+{"id": 2803,
"keyword": "quantities induces congruences"},
-{"id": 2803,
+{"id": 2804,
"keyword": "type constructors"},
-{"id": 2804,
+{"id": 2805,
"keyword": "outsourcing data storage"},
-{"id": 2805,
+{"id": 2806,
"keyword": "theoretical evidence"},
-{"id": 2806,
+{"id": 2807,
"keyword": "finite infinite lists"},
-{"id": 2807,
-"keyword": "finite state markov chains"},
{"id": 2808,
+"keyword": "finite state markov chains"},
+{"id": 2809,
"keyword": "thematic section"},
-{"id": 2809,
+{"id": 2810,
"keyword": "definite descriptions"},
-{"id": 2810,
+{"id": 2811,
"keyword": "natural question"},
-{"id": 2811,
+{"id": 2812,
"keyword": "term shallow-style embedding"},
-{"id": 2812,
-"keyword": "co-closure operators"},
{"id": 2813,
-"keyword": "uninterpreted functions"},
+"keyword": "co-closure operators"},
{"id": 2814,
+"keyword": "uninterpreted functions"},
+{"id": 2815,
"keyword": "formal development"},
-{"id": 2815,
+{"id": 2816,
"keyword": "fft algorithm"},
-{"id": 2816,
-"keyword": "rank-nullity theorem roughly follow"},
{"id": 2817,
-"keyword": "lens classes"},
+"keyword": "rank-nullity theorem roughly follow"},
{"id": 2818,
+"keyword": "lens classes"},
+{"id": 2819,
"keyword": "state sigma iff"},
-{"id": 2819,
+{"id": 2820,
"keyword": "invariant based programs"},
-{"id": 2820,
+{"id": 2821,
"keyword": "types int"},
-{"id": 2821,
+{"id": 2822,
"keyword": "crucial ingredient"},
-{"id": 2822,
+{"id": 2823,
"keyword": "program executions based"},
-{"id": 2823,
-"keyword": "single permanent failure"},
{"id": 2824,
+"keyword": "single permanent failure"},
+{"id": 2825,
"keyword": "lyndon words"},
-{"id": 2825,
+{"id": 2826,
"keyword": "equational reasoning"},
-{"id": 2826,
+{"id": 2827,
"keyword": "operation results"},
-{"id": 2827,
+{"id": 2828,
"keyword": "ontological argument"},
-{"id": 2828,
-"keyword": "decision procedure"},
{"id": 2829,
-"keyword": "enforcing exclusive writes"},
+"keyword": "decision procedure"},
{"id": 2830,
+"keyword": "enforcing exclusive writes"},
+{"id": 2831,
"keyword": "main entry point"},
-{"id": 2831,
+{"id": 2832,
"keyword": "showcase haskell"},
-{"id": 2832,
-"keyword": "domain operation"},
{"id": 2833,
-"keyword": "fixed service"},
+"keyword": "domain operation"},
{"id": 2834,
+"keyword": "fixed service"},
+{"id": 2835,
"keyword": "case study"},
-{"id": 2835,
+{"id": 2836,
"keyword": "basic concepts cartesian products"},
-{"id": 2836,
+{"id": 2837,
"keyword": "refinement theorem"},
-{"id": 2837,
+{"id": 2838,
"keyword": "consistent sign assignments"},
-{"id": 2838,
+{"id": 2839,
"keyword": "object logic"},
-{"id": 2839,
-"keyword": "verified iptables firewall analysis"},
{"id": 2840,
+"keyword": "verified iptables firewall analysis"},
+{"id": 2841,
"keyword": "recursion principles"},
-{"id": 2841,
+{"id": 2842,
"keyword": "cayley-hamilton theorem based"},
-{"id": 2842,
+{"id": 2843,
"keyword": "general library"},
-{"id": 2843,
+{"id": 2844,
"keyword": "hoare triples"},
-{"id": 2844,
+{"id": 2845,
"keyword": "dictionary translation"},
-{"id": 2845,
+{"id": 2846,
"keyword": "prime-factorization algorithms"},
-{"id": 2846,
+{"id": 2847,
"keyword": "proving safety"},
-{"id": 2847,
-"keyword": "monotonically decreasing sequence"},
{"id": 2848,
+"keyword": "monotonically decreasing sequence"},
+{"id": 2849,
"keyword": "probability theory"},
-{"id": 2849,
+{"id": 2850,
"keyword": "pipeline-parallel stream processing"},
-{"id": 2850,
+{"id": 2851,
"keyword": "extended sturm"},
-{"id": 2851,
-"keyword": "rigorous numerical algorithms"},
{"id": 2852,
+"keyword": "rigorous numerical algorithms"},
+{"id": 2853,
"keyword": "combined factorization algorithm"},
-{"id": 2853,
-"keyword": "lifting step"},
{"id": 2854,
-"keyword": "satisfaction relation"},
+"keyword": "lifting step"},
{"id": 2855,
+"keyword": "satisfaction relation"},
+{"id": 2856,
"keyword": "automatic refinement framework"},
-{"id": 2856,
+{"id": 2857,
"keyword": "real eigenvalue"},
-{"id": 2857,
+{"id": 2858,
"keyword": "proposed approach"},
-{"id": 2858,
+{"id": 2859,
"keyword": "algorithm proceeds"},
-{"id": 2859,
+{"id": 2860,
"keyword": "so-called key equalities"},
-{"id": 2860,
-"keyword": "transferring lifted properties back"},
{"id": 2861,
-"keyword": "fixed fraction"},
+"keyword": "transferring lifted properties back"},
{"id": 2862,
+"keyword": "fixed fraction"},
+{"id": 2863,
"keyword": "concise proof"},
-{"id": 2863,
+{"id": 2864,
"keyword": "adjoint functors"},
-{"id": 2864,
-"keyword": "cryptography proof formalizations"},
{"id": 2865,
+"keyword": "cryptography proof formalizations"},
+{"id": 2866,
"keyword": "blockchain pattern"},
-{"id": 2866,
-"keyword": "game-based proofs"},
{"id": 2867,
+"keyword": "game-based proofs"},
+{"id": 2868,
"keyword": "descartes test based"},
-{"id": 2868,
-"keyword": "trace set"},
{"id": 2869,
-"keyword": "type-safe conversions"},
+"keyword": "trace set"},
{"id": 2870,
+"keyword": "type-safe conversions"},
+{"id": 2871,
"keyword": "computing bernoulli numbers"},
-{"id": 2871,
+{"id": 2872,
"keyword": "collection offer functionality"},
-{"id": 2872,
-"keyword": "mason ndash"},
{"id": 2873,
+"keyword": "mason ndash"},
+{"id": 2874,
"keyword": "summary edges"},
-{"id": 2874,
-"keyword": "litte theorem"},
{"id": 2875,
+"keyword": "litte theorem"},
+{"id": 2876,
"keyword": "inconsistent theory"},
-{"id": 2876,
+{"id": 2877,
"keyword": "proof closely"},
-{"id": 2877,
+{"id": 2878,
"keyword": "access windows"},
-{"id": 2878,
-"keyword": "fully automated translation"},
{"id": 2879,
+"keyword": "fully automated translation"},
+{"id": 2880,
"keyword": "global variables"},
-{"id": 2880,
+{"id": 2881,
"keyword": "existing multivariate polynomial libraries"},
-{"id": 2881,
+{"id": 2882,
"keyword": "no-cloning theorem"},
-{"id": 2882,
-"keyword": "large financial losses"},
{"id": 2883,
+"keyword": "large financial losses"},
+{"id": 2884,
"keyword": "apply andy pitts"},
-{"id": 2884,
-"keyword": "omega omega"},
{"id": 2885,
-"keyword": "package algorithms applicable"},
+"keyword": "omega omega"},
{"id": 2886,
+"keyword": "package algorithms applicable"},
+{"id": 2887,
"keyword": "fulfilling van der waerden"},
-{"id": 2887,
+{"id": 2888,
"keyword": "interval logics"},
-{"id": 2888,
-"keyword": "higher-order terms"},
{"id": 2889,
+"keyword": "higher-order terms"},
+{"id": 2890,
"keyword": "measurable spaces"},
-{"id": 2890,
-"keyword": "coarse-grained concurrency"},
{"id": 2891,
+"keyword": "coarse-grained concurrency"},
+{"id": 2892,
"keyword": "study models"},
-{"id": 2892,
+{"id": 2893,
"keyword": "omega 1 alpha cdot"},
-{"id": 2893,
+{"id": 2894,
"keyword": "facilitate integrating future optimizations"},
-{"id": 2894,
-"keyword": "eulerian trails"},
{"id": 2895,
+"keyword": "eulerian trails"},
+{"id": 2896,
"keyword": "algebraically closed"},
-{"id": 2896,
+{"id": 2897,
"keyword": "numerous models"},
-{"id": 2897,
+{"id": 2898,
"keyword": "general simplex algorithm"},
-{"id": 2898,
+{"id": 2899,
"keyword": "relabelling function"},
-{"id": 2899,
+{"id": 2900,
"keyword": "algebraic geometry culminating"},
-{"id": 2900,
+{"id": 2901,
"keyword": "standard security protocols"},
-{"id": 2901,
+{"id": 2902,
"keyword": "automatically generate proofs"},
-{"id": 2902,
-"keyword": "current symbolic state"},
{"id": 2903,
+"keyword": "current symbolic state"},
+{"id": 2904,
"keyword": "state transformers"},
-{"id": 2904,
+{"id": 2905,
"keyword": "orbit-stabiliser theorem"},
-{"id": 2905,
+{"id": 2906,
"keyword": "sufficiently rich"},
-{"id": 2906,
+{"id": 2907,
"keyword": "commutative ring"},
-{"id": 2907,
+{"id": 2908,
"keyword": "regular structures"},
-{"id": 2908,
+{"id": 2909,
"keyword": "measure theory"},
-{"id": 2909,
+{"id": 2910,
"keyword": "consistent learning"},
-{"id": 2910,
-"keyword": "called check monad"},
{"id": 2911,
+"keyword": "called check monad"},
+{"id": 2912,
"keyword": "interval temporal logics"},
-{"id": 2912,
+{"id": 2913,
"keyword": "original functional sigma-calculus"},
-{"id": 2913,
+{"id": 2914,
"keyword": "precise algorithms"},
-{"id": 2914,
-"keyword": "rational roots"},
{"id": 2915,
+"keyword": "rational roots"},
+{"id": 2916,
"keyword": "dynamic negation"},
-{"id": 2916,
-"keyword": "solution"},
{"id": 2917,
-"keyword": "afp entry core dom"},
+"keyword": "solution"},
{"id": 2918,
+"keyword": "afp entry core dom"},
+{"id": 2919,
"keyword": "cakeml abstract syntax trees"},
-{"id": 2919,
+{"id": 2920,
"keyword": "key undecidability result present"},
-{"id": 2920,
-"keyword": "keith conrad"},
{"id": 2921,
+"keyword": "keith conrad"},
+{"id": 2922,
"keyword": "generating test cases"},
-{"id": 2922,
-"keyword": "sorting algorithm"},
{"id": 2923,
+"keyword": "sorting algorithm"},
+{"id": 2924,
"keyword": "teaching purposes"},
-{"id": 2924,
+{"id": 2925,
"keyword": "path authorization mechanism"},
-{"id": 2925,
+{"id": 2926,
"keyword": "model finders"},
-{"id": 2926,
-"keyword": "subsequent article smooth manifolds"},
{"id": 2927,
+"keyword": "subsequent article smooth manifolds"},
+{"id": 2928,
"keyword": "bounded wajsberg pseudo-hoops"},
-{"id": 2928,
+{"id": 2929,
"keyword": "expressions involving"},
-{"id": 2929,
+{"id": 2930,
"keyword": "basic formal framework"},
-{"id": 2930,
+{"id": 2931,
"keyword": "fixed natural number"},
-{"id": 2931,
+{"id": 2932,
"keyword": "descartes rule"},
-{"id": 2932,
+{"id": 2933,
"keyword": "total order relation"},
-{"id": 2933,
+{"id": 2934,
"keyword": "linux firewall iptables"},
-{"id": 2934,
-"keyword": "resulting system"},
{"id": 2935,
+"keyword": "resulting system"},
+{"id": 2936,
"keyword": "hol sources underlying"},
-{"id": 2936,
+{"id": 2937,
"keyword": "gr bner bases"},
-{"id": 2937,
+{"id": 2938,
"keyword": "strict preferences"},
-{"id": 2938,
+{"id": 2939,
"keyword": "similar normal form"},
-{"id": 2939,
-"keyword": "heap location"},
{"id": 2940,
-"keyword": "theoretically incomparable"},
+"keyword": "heap location"},
{"id": 2941,
+"keyword": "theoretically incomparable"},
+{"id": 2942,
"keyword": "extended language"},
-{"id": 2942,
+{"id": 2943,
"keyword": "backward compatible"},
-{"id": 2943,
-"keyword": "safely composable"},
{"id": 2944,
-"keyword": "null space"},
+"keyword": "safely composable"},
{"id": 2945,
+"keyword": "null space"},
+{"id": 2946,
"keyword": "higher-order term algebra"},
-{"id": 2946,
+{"id": 2947,
"keyword": "code accessing"},
-{"id": 2947,
+{"id": 2948,
"keyword": "semantic trees"},
-{"id": 2948,
+{"id": 2949,
"keyword": "directed graph library"},
-{"id": 2949,
+{"id": 2950,
"keyword": "minsky machines"},
-{"id": 2950,
-"keyword": "featherweight ocl project"},
{"id": 2951,
+"keyword": "featherweight ocl project"},
+{"id": 2952,
"keyword": "well-formedness properties"},
-{"id": 2952,
+{"id": 2953,
"keyword": "solovay ndash"},
-{"id": 2953,
+{"id": 2954,
"keyword": "iteration operators"},
-{"id": 2954,
+{"id": 2955,
"keyword": "fold build rule"},
-{"id": 2955,
-"keyword": "category equipped"},
{"id": 2956,
-"keyword": "universal composability framework"},
+"keyword": "category equipped"},
{"id": 2957,
+"keyword": "universal composability framework"},
+{"id": 2958,
"keyword": "decidability result"},
-{"id": 2958,
+{"id": 2959,
"keyword": "closely related"},
-{"id": 2959,
-"keyword": "optimisations suggested"},
{"id": 2960,
-"keyword": "completely verified model checker"},
+"keyword": "optimisations suggested"},
{"id": 2961,
+"keyword": "completely verified model checker"},
+{"id": 2962,
"keyword": "subsystems"},
-{"id": 2962,
+{"id": 2963,
"keyword": "international system"},
-{"id": 2963,
+{"id": 2964,
"keyword": "stuttering equivalent runs"},
-{"id": 2964,
+{"id": 2965,
"keyword": "edge weights"},
-{"id": 2965,
+{"id": 2966,
"keyword": "widely studied topic"},
-{"id": 2966,
-"keyword": "machine-checked version"},
{"id": 2967,
+"keyword": "machine-checked version"},
+{"id": 2968,
"keyword": "planning domain definition language"},
-{"id": 2968,
+{"id": 2969,
"keyword": "high edge probability"},
-{"id": 2969,
+{"id": 2970,
"keyword": "refinement based verification"},
-{"id": 2970,
+{"id": 2971,
"keyword": "recursive functions heavily inspired"},
-{"id": 2971,
+{"id": 2972,
"keyword": "pide sub-system"},
-{"id": 2972,
+{"id": 2973,
"keyword": "lagrange interpolation"},
-{"id": 2973,
+{"id": 2974,
"keyword": "integrated pide document model"},
-{"id": 2974,
-"keyword": "finite learning"},
{"id": 2975,
+"keyword": "finite learning"},
+{"id": 2976,
"keyword": "applied relativization"},
-{"id": 2976,
+{"id": 2977,
"keyword": "imperative loop constructs"},
-{"id": 2977,
+{"id": 2978,
"keyword": "book consistency"},
-{"id": 2978,
-"keyword": "cpp-2015 paper"},
{"id": 2979,
+"keyword": "cpp-2015 paper"},
+{"id": 2980,
"keyword": "obtain executable code"},
-{"id": 2980,
-"keyword": "basic theory"},
{"id": 2981,
-"keyword": "formalisation hold"},
+"keyword": "basic theory"},
{"id": 2982,
+"keyword": "formalisation hold"},
+{"id": 2983,
"keyword": "probabilistic functional language"},
-{"id": 2983,
+{"id": 2984,
"keyword": "elements belong"},
-{"id": 2984,
-"keyword": "system describes"},
{"id": 2985,
+"keyword": "system describes"},
+{"id": 2986,
"keyword": "static fields"},
-{"id": 2986,
-"keyword": "approximation ratio"},
{"id": 2987,
+"keyword": "approximation ratio"},
+{"id": 2988,
"keyword": "general formal proof techniques"},
-{"id": 2988,
+{"id": 2989,
"keyword": "np-complete optimization problems"},
-{"id": 2989,
+{"id": 2990,
"keyword": "probabilistic arguments"},
-{"id": 2990,
-"keyword": "byzantine clock synchronization"},
{"id": 2991,
+"keyword": "byzantine clock synchronization"},
+{"id": 2992,
"keyword": "original proof"},
-{"id": 2992,
+{"id": 2993,
"keyword": "cauchy completion"},
-{"id": 2993,
+{"id": 2994,
"keyword": "abstract bnfccs similar"},
-{"id": 2994,
+{"id": 2995,
"keyword": "abstract completeness theories"},
-{"id": 2995,
+{"id": 2996,
"keyword": "brian huffman"},
-{"id": 2996,
+{"id": 2997,
"keyword": "eponymous itp 2012 paper"},
-{"id": 2997,
+{"id": 2998,
"keyword": "prime number theorem"},
-{"id": 2998,
-"keyword": "efficient deterministic parsing"},
{"id": 2999,
+"keyword": "efficient deterministic parsing"},
+{"id": 3000,
"keyword": "data structure invented"},
-{"id": 3000,
+{"id": 3001,
"keyword": "refinement proof"},
-{"id": 3001,
+{"id": 3002,
"keyword": "general definition"},
-{"id": 3002,
+{"id": 3003,
"keyword": "completeness theorems"},
-{"id": 3003,
-"keyword": "theorem prover based"},
{"id": 3004,
-"keyword": "angles requires solving"},
+"keyword": "theorem prover based"},
{"id": 3005,
+"keyword": "angles requires solving"},
+{"id": 3006,
"keyword": "inductive method"},
-{"id": 3006,
+{"id": 3007,
"keyword": "approximation algorithm"},
-{"id": 3007,
-"keyword": "possibilistic information-flow properties"},
{"id": 3008,
-"keyword": "larger arrangements due"},
+"keyword": "possibilistic information-flow properties"},
{"id": 3009,
+"keyword": "larger arrangements due"},
+{"id": 3010,
"keyword": "axioms systems"},
-{"id": 3010,
+{"id": 3011,
"keyword": "visualizing class models"},
-{"id": 3011,
+{"id": 3012,
"keyword": "linear integer polynomial"},
-{"id": 3012,
+{"id": 3013,
"keyword": "set mapping"},
-{"id": 3013,
+{"id": 3014,
"keyword": "formal semantics"},
-{"id": 3014,
-"keyword": "partly recursive functions found"},
{"id": 3015,
+"keyword": "partly recursive functions found"},
+{"id": 3016,
"keyword": "csp noninterference security"},
-{"id": 3016,
+{"id": 3017,
"keyword": "generate executable imperative programs"},
-{"id": 3017,
+{"id": 3018,
"keyword": "language-based non-interference property"},
-{"id": 3018,
+{"id": 3019,
"keyword": "formalisation underlying"},
-{"id": 3019,
-"keyword": "jeroen ketema"},
{"id": 3020,
-"keyword": "execution involving integer matrices"},
+"keyword": "jeroen ketema"},
{"id": 3021,
+"keyword": "execution involving integer matrices"},
+{"id": 3022,
"keyword": "assertion semantics unifies semantic"},
-{"id": 3022,
+{"id": 3023,
"keyword": "free category"},
-{"id": 3023,
-"keyword": "type theory presented"},
{"id": 3024,
+"keyword": "type theory presented"},
+{"id": 3025,
"keyword": "deterministic monad"},
-{"id": 3025,
-"keyword": "explicit metric"},
{"id": 3026,
+"keyword": "explicit metric"},
+{"id": 3027,
"keyword": "first-order real arithmetic"},
-{"id": 3027,
-"keyword": "main order fully coincides"},
{"id": 3028,
-"keyword": "safe approximation"},
+"keyword": "main order fully coincides"},
{"id": 3029,
+"keyword": "safe approximation"},
+{"id": 3030,
"keyword": "general case"},
-{"id": 3030,
+{"id": 3031,
"keyword": "propositional clauses"},
-{"id": 3031,
-"keyword": "subtypes inherit"},
{"id": 3032,
+"keyword": "subtypes inherit"},
+{"id": 3033,
"keyword": "jordan normal form"},
-{"id": 3033,
-"keyword": "refinement theory"},
{"id": 3034,
+"keyword": "refinement theory"},
+{"id": 3035,
"keyword": "generate theorem prover code"},
-{"id": 3035,
-"keyword": "resuting proofs"},
{"id": 3036,
-"keyword": "matrix rank"},
+"keyword": "resuting proofs"},
{"id": 3037,
+"keyword": "matrix rank"},
+{"id": 3038,
"keyword": "integer polynomial belongs"},
-{"id": 3038,
+{"id": 3039,
"keyword": "well-typed programs"},
-{"id": 3039,
-"keyword": "binary decision trees"},
{"id": 3040,
-"keyword": "decreasing diagrams showing"},
+"keyword": "binary decision trees"},
{"id": 3041,
+"keyword": "decreasing diagrams showing"},
+{"id": 3042,
"keyword": "data spaces"},
-{"id": 3042,
+{"id": 3043,
"keyword": "chapman formula"},
-{"id": 3043,
+{"id": 3044,
"keyword": "sufficient condition"},
-{"id": 3044,
+{"id": 3045,
"keyword": "intricate cyclic program"},
-{"id": 3045,
+{"id": 3046,
"keyword": "recursively expressed"},
-{"id": 3046,
-"keyword": "robin smith"},
{"id": 3047,
+"keyword": "robin smith"},
+{"id": 3048,
"keyword": "talking explicitly"},
-{"id": 3048,
+{"id": 3049,
"keyword": "model partial correctness"},
-{"id": 3049,
+{"id": 3050,
"keyword": "general-purpose coinductive data types"},
-{"id": 3050,
+{"id": 3051,
"keyword": "directly follow"},
-{"id": 3051,
-"keyword": "indefinitely large set"},
{"id": 3052,
-"keyword": "computing enclosures"},
+"keyword": "indefinitely large set"},
{"id": 3053,
+"keyword": "computing enclosures"},
+{"id": 3054,
"keyword": "quantum teleportation"},
-{"id": 3054,
+{"id": 3055,
"keyword": "intricate part"},
-{"id": 3055,
-"keyword": "external functions"},
{"id": 3056,
+"keyword": "external functions"},
+{"id": 3057,
"keyword": "resulting recursion induction rules"},
-{"id": 3057,
-"keyword": "specific tactic support"},
{"id": 3058,
+"keyword": "specific tactic support"},
+{"id": 3059,
"keyword": "promotes proof reuse"},
-{"id": 3059,
-"keyword": "infinite graphs"},
{"id": 3060,
-"keyword": "planar dynamical systems"},
+"keyword": "infinite graphs"},
{"id": 3061,
+"keyword": "planar dynamical systems"},
+{"id": 3062,
"keyword": "non-obvious closed form"},
-{"id": 3062,
+{"id": 3063,
"keyword": "verified programs"},
-{"id": 3063,
-"keyword": "purely functional"},
{"id": 3064,
+"keyword": "purely functional"},
+{"id": 3065,
"keyword": "conducting completely formal proofs"},
-{"id": 3065,
-"keyword": "product spaces"},
{"id": 3066,
+"keyword": "product spaces"},
+{"id": 3067,
"keyword": "cauchy sequence"},
-{"id": 3067,
-"keyword": "entry adapts stream fusion"},
{"id": 3068,
-"keyword": "parallel composition"},
+"keyword": "entry adapts stream fusion"},
{"id": 3069,
+"keyword": "parallel composition"},
+{"id": 3070,
"keyword": "verified construction"},
-{"id": 3070,
+{"id": 3071,
"keyword": "relational parametricity"},
-{"id": 3071,
-"keyword": "called residuation"},
{"id": 3072,
-"keyword": "export code"},
+"keyword": "called residuation"},
{"id": 3073,
+"keyword": "export code"},
+{"id": 3074,
"keyword": "propositional abstract separation logic"},
-{"id": 3074,
+{"id": 3075,
"keyword": "knowledge compilation"},
-{"id": 3075,
+{"id": 3076,
"keyword": "heap sort"},
-{"id": 3076,
+{"id": 3077,
"keyword": "hol types"},
-{"id": 3077,
+{"id": 3078,
"keyword": "concepts due"},
-{"id": 3078,
-"keyword": "cartesian powers"},
{"id": 3079,
+"keyword": "cartesian powers"},
+{"id": 3080,
"keyword": "slightly stronger hypothesis"},
-{"id": 3080,
+{"id": 3081,
"keyword": "encoding based"},
-{"id": 3081,
+{"id": 3082,
"keyword": "lexicographic extensions"},
-{"id": 3082,
+{"id": 3083,
"keyword": "security proof"},
-{"id": 3083,
-"keyword": "uniquely determined product"},
{"id": 3084,
-"keyword": "input parameter"},
+"keyword": "uniquely determined product"},
{"id": 3085,
+"keyword": "input parameter"},
+{"id": 3086,
"keyword": "model checker spin"},
-{"id": 3086,
+{"id": 3087,
"keyword": "stochastic matrices"},
-{"id": 3087,
-"keyword": "original paper"},
{"id": 3088,
-"keyword": "formalization techniques presented"},
+"keyword": "original paper"},
{"id": 3089,
+"keyword": "formalization techniques presented"},
+{"id": 3090,
"keyword": "forward algorithm"},
-{"id": 3090,
+{"id": 3091,
"keyword": "dynamic thread creation"},
-{"id": 3091,
+{"id": 3092,
"keyword": "sequent calculus"},
-{"id": 3092,
+{"id": 3093,
"keyword": "machine-checked tree automata library"},
-{"id": 3093,
+{"id": 3094,
"keyword": "shared environments"},
-{"id": 3094,
-"keyword": "composed protocol"},
{"id": 3095,
+"keyword": "composed protocol"},
+{"id": 3096,
"keyword": "experimental utilities"},
-{"id": 3096,
+{"id": 3097,
"keyword": "open publishing association"},
-{"id": 3097,
+{"id": 3098,
"keyword": "mit press 1995"},
-{"id": 3098,
+{"id": 3099,
"keyword": "design isomorphisms"},
-{"id": 3099,
+{"id": 3100,
"keyword": "existing approaches"},
-{"id": 3100,
+{"id": 3101,
"keyword": "trustworthy procedure"},
-{"id": 3101,
+{"id": 3102,
"keyword": "varying numbers"},
-{"id": 3102,
-"keyword": "reduced echelon form"},
{"id": 3103,
+"keyword": "reduced echelon form"},
+{"id": 3104,
"keyword": "elementary symmetric polynomials sk"},
-{"id": 3104,
+{"id": 3105,
"keyword": "related recurrence relations"},
-{"id": 3105,
+{"id": 3106,
"keyword": "del numbers"},
-{"id": 3106,
-"keyword": "prime iff"},
{"id": 3107,
+"keyword": "prime iff"},
+{"id": 3108,
"keyword": "compositional statement"},
-{"id": 3108,
-"keyword": "complete proof method"},
{"id": 3109,
-"keyword": "unbounded version"},
+"keyword": "complete proof method"},
{"id": 3110,
+"keyword": "unbounded version"},
+{"id": 3111,
"keyword": "conversion version"},
-{"id": 3111,
+{"id": 3112,
"keyword": "composite assertions"},
-{"id": 3112,
+{"id": 3113,
"keyword": "supporting automatic refinement"},
-{"id": 3113,
+{"id": 3114,
"keyword": "datatype package"},
-{"id": 3114,
+{"id": 3115,
"keyword": "transition function relation"},
-{"id": 3115,
-"keyword": "verified tool"},
{"id": 3116,
-"keyword": "general version"},
+"keyword": "verified tool"},
{"id": 3117,
+"keyword": "general version"},
+{"id": 3118,
"keyword": "prime ndash"},
-{"id": 3118,
+{"id": 3119,
"keyword": "horn- renamable"},
-{"id": 3119,
-"keyword": "shadow dom"},
{"id": 3120,
+"keyword": "shadow dom"},
+{"id": 3121,
"keyword": "labour intensive"},
-{"id": 3121,
-"keyword": "fully structured"},
{"id": 3122,
+"keyword": "fully structured"},
+{"id": 3123,
"keyword": "numerous misunderstandings"},
-{"id": 3123,
-"keyword": "basic linear algebra"},
{"id": 3124,
-"keyword": "tree theorem"},
+"keyword": "basic linear algebra"},
{"id": 3125,
+"keyword": "tree theorem"},
+{"id": 3126,
"keyword": "undergraduate dissertation"},
-{"id": 3126,
+{"id": 3127,
"keyword": "inversions"},
-{"id": 3127,
-"keyword": "nathan chong"},
{"id": 3128,
+"keyword": "nathan chong"},
+{"id": 3129,
"keyword": "greibach normal form"},
-{"id": 3129,
-"keyword": "subseteq alpha order-isomorphic"},
{"id": 3130,
+"keyword": "subseteq alpha order-isomorphic"},
+{"id": 3131,
"keyword": "cnf based sat algorithms"},
-{"id": 3131,
+{"id": 3132,
"keyword": "interactive automated relativization"},
-{"id": 3132,
+{"id": 3133,
"keyword": "significantly reduce"},
-{"id": 3133,
-"keyword": "practically usable verification environment"},
{"id": 3134,
+"keyword": "practically usable verification environment"},
+{"id": 3135,
"keyword": "test decides primality"},
-{"id": 3135,
+{"id": 3136,
"keyword": "high annotation overhead"},
-{"id": 3136,
+{"id": 3137,
"keyword": "law"},
-{"id": 3137,
-"keyword": "itp 2011 paper"},
{"id": 3138,
+"keyword": "itp 2011 paper"},
+{"id": 3139,
"keyword": "write operations"},
-{"id": 3139,
-"keyword": "upper semicontinuous"},
{"id": 3140,
-"keyword": "labour cost"},
+"keyword": "upper semicontinuous"},
{"id": 3141,
+"keyword": "labour cost"},
+{"id": 3142,
"keyword": "context relation"},
-{"id": 3142,
+{"id": 3143,
"keyword": "bounded-length strings"},
-{"id": 3143,
-"keyword": "verification techniques"},
{"id": 3144,
+"keyword": "verification techniques"},
+{"id": 3145,
"keyword": "constant-time findmin"},
-{"id": 3145,
-"keyword": "thick chamber complexes endowed"},
{"id": 3146,
+"keyword": "thick chamber complexes endowed"},
+{"id": 3147,
"keyword": "lifts resolution derivation steps"},
-{"id": 3147,
+{"id": 3148,
"keyword": "problem reduction"},
-{"id": 3148,
+{"id": 3149,
"keyword": "data structures depending"},
-{"id": 3149,
-"keyword": "richard char-tung lee"},
{"id": 3150,
+"keyword": "richard char-tung lee"},
+{"id": 3151,
"keyword": "supports mutual recursion"},
-{"id": 3151,
+{"id": 3152,
"keyword": "evaluation homomorphisms"},
-{"id": 3152,
+{"id": 3153,
"keyword": "surjective function"},
-{"id": 3153,
+{"id": 3154,
"keyword": "code generator"},
-{"id": 3154,
+{"id": 3155,
"keyword": "ten lemmas"},
-{"id": 3155,
+{"id": 3156,
"keyword": "degree bounds"},
-{"id": 3156,
+{"id": 3157,
"keyword": "countable ordinals"},
-{"id": 3157,
-"keyword": "hybrid game"},
{"id": 3158,
+"keyword": "hybrid game"},
+{"id": 3159,
"keyword": "propositional linear-time temporal logic"},
-{"id": 3159,
+{"id": 3160,
"keyword": "code compilation"},
-{"id": 3160,
+{"id": 3161,
"keyword": "security concepts"},
-{"id": 3161,
+{"id": 3162,
"keyword": "negated subquery"},
-{"id": 3162,
+{"id": 3163,
"keyword": "partial equivalence relations"},
-{"id": 3163,
+{"id": 3164,
"keyword": "type class real_algebra_1"},
-{"id": 3164,
+{"id": 3165,
"keyword": "gauss-jordan algorithm states"},
-{"id": 3165,
-"keyword": "hol4 formalization"},
{"id": 3166,
+"keyword": "hol4 formalization"},
+{"id": 3167,
"keyword": "stein"},
-{"id": 3167,
+{"id": 3168,
"keyword": "password authenticated connection establishment"},
-{"id": 3168,
+{"id": 3169,
"keyword": "over-approximate relational logics"},
-{"id": 3169,
-"keyword": "difficulty arises"},
{"id": 3170,
+"keyword": "difficulty arises"},
+{"id": 3171,
"keyword": "paulson"},
-{"id": 3171,
-"keyword": "difficult"},
{"id": 3172,
-"keyword": "ip address ranges"},
+"keyword": "difficult"},
{"id": 3173,
+"keyword": "ip address ranges"},
+{"id": 3174,
"keyword": "basic toolbox"},
-{"id": 3174,
+{"id": 3175,
"keyword": "pseudo-wajsberg algebras"},
-{"id": 3175,
-"keyword": "suitable invariants"},
{"id": 3176,
+"keyword": "suitable invariants"},
+{"id": 3177,
"keyword": "basic topological facts"},
-{"id": 3177,
-"keyword": "integer components"},
{"id": 3178,
+"keyword": "integer components"},
+{"id": 3179,
"keyword": "track counter-party obligations"},
-{"id": 3179,
+{"id": 3180,
"keyword": "sigma function"},
-{"id": 3180,
+{"id": 3181,
"keyword": "global security guarantee"},
-{"id": 3181,
-"keyword": "symmetric polynomial"},
{"id": 3182,
+"keyword": "symmetric polynomial"},
+{"id": 3183,
"keyword": "interactive theorem proving sch16"},
-{"id": 3183,
+{"id": 3184,
"keyword": "dirk pfl ger"},
-{"id": 3184,
+{"id": 3185,
"keyword": "local lexing"},
-{"id": 3185,
+{"id": 3186,
"keyword": "lower semicontinuous"},
-{"id": 3186,
+{"id": 3187,
"keyword": "single unit"},
-{"id": 3187,
+{"id": 3188,
"keyword": "mechanizing gauss"},
-{"id": 3188,
+{"id": 3189,
"keyword": "multi-stage compiler verifications"},
-{"id": 3189,
-"keyword": "theorem"},
{"id": 3190,
+"keyword": "theorem"},
+{"id": 3191,
"keyword": "formalising baker"},
-{"id": 3191,
+{"id": 3192,
"keyword": "formal guarantees"},
-{"id": 3192,
+{"id": 3193,
"keyword": "classical registers"},
-{"id": 3193,
+{"id": 3194,
"keyword": "results"},
-{"id": 3194,
-"keyword": "usual monad laws"},
{"id": 3195,
-"keyword": "implement probabilistic algorithms"},
+"keyword": "usual monad laws"},
{"id": 3196,
+"keyword": "implement probabilistic algorithms"},
+{"id": 3197,
"keyword": "daniel schoepe"},
-{"id": 3197,
+{"id": 3198,
"keyword": "isar conversion"},
-{"id": 3198,
-"keyword": "standard compliant formalization"},
{"id": 3199,
-"keyword": "finite group"},
+"keyword": "standard compliant formalization"},
{"id": 3200,
+"keyword": "finite group"},
+{"id": 3201,
"keyword": "frobenius endomorphism"},
-{"id": 3201,
+{"id": 3202,
"keyword": "elliott mendelson"},
-{"id": 3202,
+{"id": 3203,
"keyword": "nominal logic"},
-{"id": 3203,
+{"id": 3204,
"keyword": "separation-logic based correctness proofs"},
-{"id": 3204,
+{"id": 3205,
"keyword": "distinct algebraic numbers alpha_i"},
-{"id": 3205,
-"keyword": "macaulay matrix constructed"},
{"id": 3206,
+"keyword": "macaulay matrix constructed"},
+{"id": 3207,
"keyword": "refinement orders"},
-{"id": 3207,
+{"id": 3208,
"keyword": "biggest part"},
-{"id": 3208,
+{"id": 3209,
"keyword": "continuation semantics"},
-{"id": 3209,
+{"id": 3210,
"keyword": "riemann integral"},
-{"id": 3210,
-"keyword": "automated theorem proving"},
{"id": 3211,
-"keyword": "functional arrays"},
+"keyword": "automated theorem proving"},
{"id": 3212,
+"keyword": "functional arrays"},
+{"id": 3213,
"keyword": "previous unifiers"},
-{"id": 3213,
+{"id": 3214,
"keyword": "crowds protocol"},
-{"id": 3214,
-"keyword": "spark certify"},
{"id": 3215,
-"keyword": "classic non-randomised quicksort"},
+"keyword": "spark certify"},
{"id": 3216,
+"keyword": "classic non-randomised quicksort"},
+{"id": 3217,
"keyword": "verifying techniques"},
-{"id": 3217,
+{"id": 3218,
"keyword": "automated reasoning tools"},
-{"id": 3218,
+{"id": 3219,
"keyword": "official standard"},
-{"id": 3219,
+{"id": 3220,
"keyword": "vital part"},
-{"id": 3220,
+{"id": 3221,
"keyword": "integer polynomials"},
-{"id": 3221,
-"keyword": "borrow terminology"},
{"id": 3222,
+"keyword": "borrow terminology"},
+{"id": 3223,
"keyword": "supported unicode characters"},
-{"id": 3223,
+{"id": 3224,
"keyword": "projective plane geometry"},
-{"id": 3224,
+{"id": 3225,
"keyword": "programs checking certificates"},
-{"id": 3225,
+{"id": 3226,
"keyword": "conjunctive normal forms"},
-{"id": 3226,
+{"id": 3227,
"keyword": "chapters 7-9"},
-{"id": 3227,
+{"id": 3228,
"keyword": "floor divided"},
-{"id": 3228,
+{"id": 3229,
"keyword": "ringed spaces"},
-{"id": 3229,
-"keyword": "draft paper"},
{"id": 3230,
+"keyword": "draft paper"},
+{"id": 3231,
"keyword": "employ code equations"},
-{"id": 3231,
+{"id": 3232,
"keyword": "transformations"},
-{"id": 3232,
+{"id": 3233,
"keyword": "negative solution"},
-{"id": 3233,
-"keyword": "lifting algebraic laws point-wise"},
{"id": 3234,
+"keyword": "lifting algebraic laws point-wise"},
+{"id": 3235,
"keyword": "observed sequence"},
-{"id": 3235,
-"keyword": "dogged previous mechanised proofs"},
{"id": 3236,
-"keyword": "hol overhead"},
+"keyword": "dogged previous mechanised proofs"},
{"id": 3237,
+"keyword": "hol overhead"},
+{"id": 3238,
"keyword": "open problem"},
-{"id": 3238,
+{"id": 3239,
"keyword": "girth-chromatic number theorem"},
-{"id": 3239,
-"keyword": "scheduling activity"},
{"id": 3240,
+"keyword": "scheduling activity"},
+{"id": 3241,
"keyword": "simplicial complex"},
-{"id": 3241,
-"keyword": "formalisation continues"},
{"id": 3242,
+"keyword": "formalisation continues"},
+{"id": 3243,
"keyword": "monotonic functions"},
-{"id": 3243,
+{"id": 3244,
"keyword": "alphabet letters"},
-{"id": 3244,
+{"id": 3245,
"keyword": "executable proof checker"},
-{"id": 3245,
-"keyword": "failures-divergences pair"},
{"id": 3246,
+"keyword": "failures-divergences pair"},
+{"id": 3247,
"keyword": "synthesize imperative programs"},
-{"id": 3247,
+{"id": 3248,
"keyword": "communicating products"},
-{"id": 3248,
+{"id": 3249,
"keyword": "geodesic spaces"},
-{"id": 3249,
+{"id": 3250,
"keyword": "branches guarded"},
-{"id": 3250,
+{"id": 3251,
"keyword": "deg"},
-{"id": 3251,
+{"id": 3252,
"keyword": "restricted definition"},
-{"id": 3252,
+{"id": 3253,
"keyword": "first-order functional language"},
-{"id": 3253,
-"keyword": "diagrammatic modeling language"},
{"id": 3254,
+"keyword": "diagrammatic modeling language"},
+{"id": 3255,
"keyword": "system types"},
-{"id": 3255,
+{"id": 3256,
"keyword": "formalization builds"},
-{"id": 3256,
+{"id": 3257,
"keyword": "analyze sufficient conditions"},
-{"id": 3257,
+{"id": 3258,
"keyword": "implementation"},
-{"id": 3258,
-"keyword": "reading heads asynchronously"},
{"id": 3259,
-"keyword": "experimental general-purpose proof methods"},
+"keyword": "reading heads asynchronously"},
{"id": 3260,
+"keyword": "experimental general-purpose proof methods"},
+{"id": 3261,
"keyword": "game theory"},
-{"id": 3261,
+{"id": 3262,
"keyword": "verifying dynamic"},
-{"id": 3262,
-"keyword": "hol code generator"},
{"id": 3263,
-"keyword": "additional iteration laws"},
+"keyword": "hol code generator"},
{"id": 3264,
+"keyword": "additional iteration laws"},
+{"id": 3265,
"keyword": "steam boiler system"},
-{"id": 3265,
+{"id": 3266,
"keyword": "reflection formula"},
-{"id": 3266,
+{"id": 3267,
"keyword": "nested multiset order"},
-{"id": 3267,
+{"id": 3268,
"keyword": "algebraic semantics"},
-{"id": 3268,
+{"id": 3269,
"keyword": "underlying algorithmic mechanisms"},
-{"id": 3269,
-"keyword": "concurrent composition"},
{"id": 3270,
+"keyword": "concurrent composition"},
+{"id": 3271,
"keyword": "elementary theory"},
-{"id": 3271,
+{"id": 3272,
"keyword": "outwards-pointing normal vector"},
-{"id": 3272,
+{"id": 3273,
"keyword": "matrices represented"},
-{"id": 3273,
+{"id": 3274,
"keyword": "factored representation"},
-{"id": 3274,
-"keyword": "leftmost reduction"},
{"id": 3275,
-"keyword": "specification language statecharts"},
+"keyword": "leftmost reduction"},
{"id": 3276,
+"keyword": "specification language statecharts"},
+{"id": 3277,
"keyword": "larger cardinality"},
-{"id": 3277,
+{"id": 3278,
"keyword": "side conditions"},
-{"id": 3278,
-"keyword": "imperative language constructs"},
{"id": 3279,
+"keyword": "imperative language constructs"},
+{"id": 3280,
"keyword": "automatic data refinement"},
-{"id": 3280,
-"keyword": "theory listinf list2"},
{"id": 3281,
+"keyword": "theory listinf list2"},
+{"id": 3282,
"keyword": "formal implementation"},
-{"id": 3282,
-"keyword": "presented theory"},
{"id": 3283,
-"keyword": "stronger safety guarantees"},
+"keyword": "presented theory"},
{"id": 3284,
+"keyword": "stronger safety guarantees"},
+{"id": 3285,
"keyword": "network protocols"},
-{"id": 3285,
+{"id": 3286,
"keyword": "separation logic connective"},
-{"id": 3286,
-"keyword": "playfair axiom"},
{"id": 3287,
+"keyword": "playfair axiom"},
+{"id": 3288,
"keyword": "local parallel compositions"},
-{"id": 3288,
-"keyword": "cartesian closed"},
{"id": 3289,
+"keyword": "cartesian closed"},
+{"id": 3290,
"keyword": "xml trees"},
-{"id": 3290,
-"keyword": "complex mathematical reasoning"},
{"id": 3291,
-"keyword": "resulting tree"},
+"keyword": "complex mathematical reasoning"},
{"id": 3292,
+"keyword": "resulting tree"},
+{"id": 3293,
"keyword": "natural number"},
-{"id": 3293,
+{"id": 3294,
"keyword": "regular algebras"},
-{"id": 3294,
-"keyword": "type preservation"},
{"id": 3295,
-"keyword": "field-theoretic nullstellensatz"},
+"keyword": "type preservation"},
{"id": 3296,
+"keyword": "field-theoretic nullstellensatz"},
+{"id": 3297,
"keyword": "document object model"},
-{"id": 3297,
+{"id": 3298,
"keyword": "shortest path"},
-{"id": 3298,
+{"id": 3299,
"keyword": "finite sound extensions"},
-{"id": 3299,
+{"id": 3300,
"keyword": "parametricity infrastructure"},
-{"id": 3300,
+{"id": 3301,
"keyword": "entry builds"},
-{"id": 3301,
-"keyword": "finding proofs"},
{"id": 3302,
+"keyword": "finding proofs"},
+{"id": 3303,
"keyword": "eventual consistency property"},
-{"id": 3303,
+{"id": 3304,
"keyword": "step-wise refinement based"},
-{"id": 3304,
+{"id": 3305,
"keyword": "average number"},
-{"id": 3305,
+{"id": 3306,
"keyword": "subject reduction property"},
-{"id": 3306,
-"keyword": "exchanging data sets"},
{"id": 3307,
-"keyword": "refinement kleene algebra"},
+"keyword": "exchanging data sets"},
{"id": 3308,
+"keyword": "refinement kleene algebra"},
+{"id": 3309,
"keyword": "coinductive formalisations"},
-{"id": 3309,
+{"id": 3310,
"keyword": "exponential functions"},
-{"id": 3310,
-"keyword": "constructions based"},
{"id": 3311,
+"keyword": "constructions based"},
+{"id": 3312,
"keyword": "simple procedure call mechanism"},
-{"id": 3312,
-"keyword": "find operation"},
{"id": 3313,
+"keyword": "find operation"},
+{"id": 3314,
"keyword": "entry strong security"},
-{"id": 3314,
-"keyword": "0-1-2-principle"},
{"id": 3315,
-"keyword": "associative lists"},
+"keyword": "0-1-2-principle"},
{"id": 3316,
+"keyword": "associative lists"},
+{"id": 3317,
"keyword": "state-based semantics based"},
-{"id": 3317,
+{"id": 3318,
"keyword": "hol theory listextras"},
-{"id": 3318,
-"keyword": "code generator setup"},
{"id": 3319,
+"keyword": "code generator setup"},
+{"id": 3320,
"keyword": "algorithm"},
-{"id": 3320,
-"keyword": "static analysis"},
{"id": 3321,
+"keyword": "static analysis"},
+{"id": 3322,
"keyword": "symmetry arguments"},
-{"id": 3322,
+{"id": 3323,
"keyword": "sepref tool"},
-{"id": 3323,
+{"id": 3324,
"keyword": "collection datastructures"},
-{"id": 3324,
-"keyword": "verifying program correctness"},
{"id": 3325,
+"keyword": "verifying program correctness"},
+{"id": 3326,
"keyword": "unit propagation"},
-{"id": 3326,
+{"id": 3327,
"keyword": "highly informal"},
-{"id": 3327,
+{"id": 3328,
"keyword": "industrial systems"},
-{"id": 3328,
-"keyword": "work revealed minor"},
{"id": 3329,
+"keyword": "work revealed minor"},
+{"id": 3330,
"keyword": "undirected graph theory"},
-{"id": 3330,
-"keyword": "smaller fixed fraction returned"},
{"id": 3331,
-"keyword": "inverse transform intt"},
+"keyword": "smaller fixed fraction returned"},
{"id": 3332,
+"keyword": "inverse transform intt"},
+{"id": 3333,
"keyword": "annotated commands"},
-{"id": 3333,
+{"id": 3334,
"keyword": "randomized approximation algorithms"},
-{"id": 3334,
-"keyword": "check"},
{"id": 3335,
+"keyword": "check"},
+{"id": 3336,
"keyword": "extended version"},
-{"id": 3336,
-"keyword": "monotone predicate"},
{"id": 3337,
+"keyword": "monotone predicate"},
+{"id": 3338,
"keyword": "dom respect component boundaries"},
-{"id": 3338,
+{"id": 3339,
"keyword": "eventual consistency"},
-{"id": 3339,
+{"id": 3340,
"keyword": "hyperdual extensions"},
-{"id": 3340,
-"keyword": "adding definitions"},
{"id": 3341,
+"keyword": "adding definitions"},
+{"id": 3342,
"keyword": "static single assignment"},
-{"id": 3342,
+{"id": 3343,
"keyword": "security guarantees"},
-{"id": 3343,
+{"id": 3344,
"keyword": "underlying algebra"},
-{"id": 3344,
-"keyword": "unit resolution"},
{"id": 3345,
+"keyword": "unit resolution"},
+{"id": 3346,
"keyword": "non-adjacent distinct vertices"},
-{"id": 3346,
-"keyword": "large computations"},
{"id": 3347,
-"keyword": "detailed calculations"},
+"keyword": "large computations"},
{"id": 3348,
+"keyword": "detailed calculations"},
+{"id": 3349,
"keyword": "parametrizable equality functions"},
-{"id": 3349,
+{"id": 3350,
"keyword": "formal proof assistant"},
-{"id": 3350,
-"keyword": "traditional query languages"},
{"id": 3351,
+"keyword": "traditional query languages"},
+{"id": 3352,
"keyword": "sat solver installs"},
-{"id": 3352,
-"keyword": "hf set theory"},
{"id": 3353,
+"keyword": "hf set theory"},
+{"id": 3354,
"keyword": "counting sort"},
-{"id": 3354,
-"keyword": "mathematical tools"},
{"id": 3355,
-"keyword": "inversion rules"},
+"keyword": "mathematical tools"},
{"id": 3356,
+"keyword": "inversion rules"},
+{"id": 3357,
"keyword": "calculating cauchy indices"},
-{"id": 3357,
+{"id": 3358,
"keyword": "price determination"},
-{"id": 3358,
-"keyword": "x_1 varepsilon"},
{"id": 3359,
-"keyword": "univariate polynomial"},
+"keyword": "x_1 varepsilon"},
{"id": 3360,
+"keyword": "univariate polynomial"},
+{"id": 3361,
"keyword": "executable tool translating ltl"},
-{"id": 3361,
+{"id": 3362,
"keyword": "previous cc formalization constructive_cryptography"},
-{"id": 3362,
+{"id": 3363,
"keyword": "container framework"},
-{"id": 3363,
+{"id": 3364,
"keyword": "order relation"},
-{"id": 3364,
+{"id": 3365,
"keyword": "reflective quantifier elimination procedures"},
-{"id": 3365,
-"keyword": "concrete version"},
{"id": 3366,
+"keyword": "concrete version"},
+{"id": 3367,
"keyword": "drinks machine"},
-{"id": 3367,
+{"id": 3368,
"keyword": "security properties"},
-{"id": 3368,
+{"id": 3369,
"keyword": "analytical arguments"},
-{"id": 3369,
+{"id": 3370,
"keyword": "anonymous social choice function"},
-{"id": 3370,
-"keyword": "crowning achievements"},
{"id": 3371,
-"keyword": "concurrency primitives"},
+"keyword": "crowning achievements"},
{"id": 3372,
+"keyword": "concurrency primitives"},
+{"id": 3373,
"keyword": "quantum computing"},
-{"id": 3373,
+{"id": 3374,
"keyword": "fixed choice"},
-{"id": 3374,
-"keyword": "graph saturation"},
{"id": 3375,
+"keyword": "graph saturation"},
+{"id": 3376,
"keyword": "signed diffie-hellman"},
-{"id": 3376,
-"keyword": "characterization theorem"},
{"id": 3377,
+"keyword": "characterization theorem"},
+{"id": 3378,
"keyword": "ground terms induced"},
-{"id": 3378,
-"keyword": "universal properties"},
{"id": 3379,
-"keyword": "weakest precondition component"},
+"keyword": "universal properties"},
{"id": 3380,
+"keyword": "weakest precondition component"},
+{"id": 3381,
"keyword": "proof theory"},
-{"id": 3381,
+{"id": 3382,
"keyword": "hol code generation facilities"},
-{"id": 3382,
-"keyword": "logarithmic time"},
{"id": 3383,
+"keyword": "logarithmic time"},
+{"id": 3384,
"keyword": "unsolvable system"},
-{"id": 3384,
-"keyword": "handle equality tests"},
{"id": 3385,
+"keyword": "handle equality tests"},
+{"id": 3386,
"keyword": "bad sequences"},
-{"id": 3386,
+{"id": 3387,
"keyword": "bounded number"},
-{"id": 3387,
+{"id": 3388,
"keyword": "model formulas"},
-{"id": 3388,
-"keyword": "minor technical issue"},
{"id": 3389,
+"keyword": "minor technical issue"},
+{"id": 3390,
"keyword": "thomas jech"},
-{"id": 3390,
+{"id": 3391,
"keyword": "expected utility function"},
-{"id": 3391,
+{"id": 3392,
"keyword": "gram-schmidt process"},
-{"id": 3392,
-"keyword": "logically equivalent"},
{"id": 3393,
+"keyword": "logically equivalent"},
+{"id": 3394,
"keyword": "decision problem"},
-{"id": 3394,
-"keyword": "create executable scala code"},
{"id": 3395,
-"keyword": "specifies compilation"},
+"keyword": "create executable scala code"},
{"id": 3396,
+"keyword": "specifies compilation"},
+{"id": 3397,
"keyword": "unbounded sequences"},
-{"id": 3397,
+{"id": 3398,
"keyword": "implies confluence"},
-{"id": 3398,
-"keyword": "unifying theories"},
{"id": 3399,
+"keyword": "unifying theories"},
+{"id": 3400,
"keyword": "linearly ordered commutative semigroups"},
-{"id": 3400,
-"keyword": "assembly-to-machine step"},
{"id": 3401,
+"keyword": "assembly-to-machine step"},
+{"id": 3402,
"keyword": "called galois fields"},
-{"id": 3402,
+{"id": 3403,
"keyword": "module development"},
-{"id": 3403,
+{"id": 3404,
"keyword": "geometric proof"},
-{"id": 3404,
-"keyword": "mirroring beringer"},
{"id": 3405,
+"keyword": "mirroring beringer"},
+{"id": 3406,
"keyword": "autonomous vehicle"},
-{"id": 3406,
+{"id": 3407,
"keyword": "routing table"},
-{"id": 3407,
+{"id": 3408,
"keyword": "standard prelude"},
-{"id": 3408,
+{"id": 3409,
"keyword": "formal correctness proofs"},
-{"id": 3409,
+{"id": 3410,
"keyword": "schneider"},
-{"id": 3410,
+{"id": 3411,
"keyword": "probabilistic timed automata"},
-{"id": 3411,
+{"id": 3412,
"keyword": "finite functions"},
-{"id": 3412,
-"keyword": "reflexive transitive closure operation"},
{"id": 3413,
+"keyword": "reflexive transitive closure operation"},
+{"id": 3414,
"keyword": "sequential semantics"},
-{"id": 3414,
+{"id": 3415,
"keyword": "countable transitive model"},
-{"id": 3415,
+{"id": 3416,
"keyword": "allowed nominals"},
-{"id": 3416,
+{"id": 3417,
"keyword": "1 javier esparza"},
-{"id": 3417,
+{"id": 3418,
"keyword": "afp entry abstract completeness"},
-{"id": 3418,
+{"id": 3419,
"keyword": "lll algorithm"},
-{"id": 3419,
+{"id": 3420,
"keyword": "proof search procedure"},
-{"id": 3420,
-"keyword": "dynamic class initialization"},
{"id": 3421,
+"keyword": "dynamic class initialization"},
+{"id": 3422,
"keyword": "colon-separated notation"},
-{"id": 3422,
+{"id": 3423,
"keyword": "factoring polynomials"},
-{"id": 3423,
+{"id": 3424,
"keyword": "machine-checked proofs"},
-{"id": 3424,
-"keyword": "strong eventual consistency"},
{"id": 3425,
+"keyword": "strong eventual consistency"},
+{"id": 3426,
"keyword": "wilf theorem"},
-{"id": 3426,
-"keyword": "information managed"},
{"id": 3427,
-"keyword": "skew product"},
+"keyword": "information managed"},
{"id": 3428,
+"keyword": "skew product"},
+{"id": 3429,
"keyword": "modern sat solvers"},
-{"id": 3429,
+{"id": 3430,
"keyword": "sqrt sin"},
-{"id": 3430,
-"keyword": "protocol abstracts"},
{"id": 3431,
+"keyword": "protocol abstracts"},
+{"id": 3432,
"keyword": "inefficient variant"},
-{"id": 3432,
-"keyword": "ordinary functions"},
{"id": 3433,
+"keyword": "ordinary functions"},
+{"id": 3434,
"keyword": "accompanying algebraic laws"},
-{"id": 3434,
+{"id": 3435,
"keyword": "equivalent characterisations"},
-{"id": 3435,
+{"id": 3436,
"keyword": "algebraic structures based"},
-{"id": 3436,
-"keyword": "pairing heaps"},
{"id": 3437,
+"keyword": "pairing heaps"},
+{"id": 3438,
"keyword": "elementary symmetric polynomials e1"},
-{"id": 3438,
+{"id": 3439,
"keyword": "called separating implication"},
-{"id": 3439,
+{"id": 3440,
"keyword": "removes exception handler entries"},
-{"id": 3440,
+{"id": 3441,
"keyword": "column space"},
-{"id": 3441,
+{"id": 3442,
"keyword": "semantic back-ends"},
-{"id": 3442,
+{"id": 3443,
"keyword": "full parametric solution"},
-{"id": 3443,
+{"id": 3444,
"keyword": "applied call-by-"},
-{"id": 3444,
-"keyword": "free logic"},
{"id": 3445,
+"keyword": "free logic"},
+{"id": 3446,
"keyword": "hadjicostas ndash"},
-{"id": 3446,
+{"id": 3447,
"keyword": "formal text lines"},
-{"id": 3447,
+{"id": 3448,
"keyword": "predicate transformers"},
-{"id": 3448,
+{"id": 3449,
"keyword": "perfect logicians"},
-{"id": 3449,
-"keyword": "removes syntactic sugar"},
{"id": 3450,
-"keyword": "salomon sickert"},
+"keyword": "removes syntactic sugar"},
{"id": 3451,
+"keyword": "salomon sickert"},
+{"id": 3452,
"keyword": "axioms constructed"},
-{"id": 3452,
+{"id": 3453,
"keyword": "state space"},
-{"id": 3453,
-"keyword": "akra-bazzi theorem"},
{"id": 3454,
-"keyword": "fall back"},
+"keyword": "akra-bazzi theorem"},
{"id": 3455,
+"keyword": "fall back"},
+{"id": 3456,
"keyword": "lyndon-sch tzenberger theorem"},
-{"id": 3456,
+{"id": 3457,
"keyword": "binary decision diagram"},
-{"id": 3457,
+{"id": 3458,
"keyword": "extended real numbers"},
-{"id": 3458,
+{"id": 3459,
"keyword": "programming applications"},
-{"id": 3459,
+{"id": 3460,
"keyword": "harmonic numbers"},
-{"id": 3460,
-"keyword": "independent publication"},
{"id": 3461,
+"keyword": "independent publication"},
+{"id": 3462,
"keyword": "deep learning"},
-{"id": 3462,
+{"id": 3463,
"keyword": "arbitrary infinite proofs"},
-{"id": 3463,
+{"id": 3464,
"keyword": "objects based"},
-{"id": 3464,
+{"id": 3465,
"keyword": "syntactic rewrite rules"},
-{"id": 3465,
-"keyword": "shortest vector problem"},
{"id": 3466,
-"keyword": "pen-and-paper proof"},
+"keyword": "shortest vector problem"},
{"id": 3467,
+"keyword": "pen-and-paper proof"},
+{"id": 3468,
"keyword": "controller constraints"},
-{"id": 3468,
+{"id": 3469,
"keyword": "verified compilation toolchain"},
-{"id": 3469,
-"keyword": "search algorithms"},
{"id": 3470,
-"keyword": "tableau systems"},
+"keyword": "search algorithms"},
{"id": 3471,
+"keyword": "tableau systems"},
+{"id": 3472,
"keyword": "constant time queue"},
-{"id": 3472,
+{"id": 3473,
"keyword": "performs comparable"},
-{"id": 3473,
+{"id": 3474,
"keyword": "arbitrary length"},
-{"id": 3474,
+{"id": 3475,
"keyword": "lim"},
-{"id": 3475,
+{"id": 3476,
"keyword": "unique factorization domain"},
-{"id": 3476,
-"keyword": "divisor function sigma"},
{"id": 3477,
+"keyword": "divisor function sigma"},
+{"id": 3478,
"keyword": "resolvable designs"},
-{"id": 3478,
+{"id": 3479,
"keyword": "verified refinement step"},
-{"id": 3479,
+{"id": 3480,
"keyword": "duggan-schwartz theorems"},
-{"id": 3480,
+{"id": 3481,
"keyword": "greedy algorithms"},
-{"id": 3481,
+{"id": 3482,
"keyword": "irreducible cfgs"},
-{"id": 3482,
+{"id": 3483,
"keyword": "computational models complicates comparisons"},
-{"id": 3483,
+{"id": 3484,
"keyword": "linear"},
-{"id": 3484,
-"keyword": "interval traversing results"},
{"id": 3485,
+"keyword": "interval traversing results"},
+{"id": 3486,
"keyword": "key composition property"},
-{"id": 3486,
+{"id": 3487,
"keyword": "human readable style"},
-{"id": 3487,
+{"id": 3488,
"keyword": "small step program refinement"},
-{"id": 3488,
-"keyword": "foundations established"},
{"id": 3489,
+"keyword": "foundations established"},
+{"id": 3490,
"keyword": "pythagorean triples"},
-{"id": 3490,
-"keyword": "linear map"},
{"id": 3491,
-"keyword": "mathematical book written"},
+"keyword": "linear map"},
{"id": 3492,
+"keyword": "mathematical book written"},
+{"id": 3493,
"keyword": "javascript world"},
-{"id": 3493,
+{"id": 3494,
"keyword": "binary multirelations associate elements"},
-{"id": 3494,
-"keyword": "large-scale shared mutable content"},
{"id": 3495,
+"keyword": "large-scale shared mutable content"},
+{"id": 3496,
"keyword": "infinite games"},
-{"id": 3496,
-"keyword": "lower-level language based"},
{"id": 3497,
+"keyword": "lower-level language based"},
+{"id": 3498,
"keyword": "appearing numbers"},
-{"id": 3498,
+{"id": 3499,
"keyword": "real matrix"},
-{"id": 3499,
+{"id": 3500,
"keyword": "non-deterministic finite state machine"},
-{"id": 3500,
-"keyword": "infinitary nominal data type"},
{"id": 3501,
+"keyword": "infinitary nominal data type"},
+{"id": 3502,
"keyword": "main result"},
-{"id": 3502,
+{"id": 3503,
"keyword": "positive rationals"},
-{"id": 3503,
+{"id": 3504,
"keyword": "state sigma_a"},
-{"id": 3504,
+{"id": 3505,
"keyword": "security policy"},
-{"id": 3505,
+{"id": 3506,
"keyword": "secure multiple case studies"},
-{"id": 3506,
+{"id": 3507,
"keyword": "cayley-hamilton afp entries"},
-{"id": 3507,
+{"id": 3508,
"keyword": "hoc network"},
-{"id": 3508,
-"keyword": "type classes"},
{"id": 3509,
+"keyword": "type classes"},
+{"id": 3510,
"keyword": "afp entry amortized complexity"},
-{"id": 3510,
+{"id": 3511,
"keyword": "expansive formalisations"},
-{"id": 3511,
+{"id": 3512,
"keyword": "star-free regular expressions"},
-{"id": 3512,
+{"id": 3513,
"keyword": "regular language identity"},
-{"id": 3513,
-"keyword": "cardinality formula assuming"},
{"id": 3514,
-"keyword": "nodes"},
+"keyword": "cardinality formula assuming"},
{"id": 3515,
+"keyword": "nodes"},
+{"id": 3516,
"keyword": "standard semirings"},
-{"id": 3516,
+{"id": 3517,
"keyword": "data state manipulations"},
-{"id": 3517,
-"keyword": "single exponential blow-"},
{"id": 3518,
-"keyword": "involved path"},
+"keyword": "single exponential blow-"},
{"id": 3519,
+"keyword": "involved path"},
+{"id": 3520,
"keyword": "executable data structures"},
-{"id": 3520,
+{"id": 3521,
"keyword": "partition theorem states"},
-{"id": 3521,
+{"id": 3522,
"keyword": "riemann zeta"},
-{"id": 3522,
+{"id": 3523,
"keyword": "doctoral thesis"},
-{"id": 3523,
+{"id": 3524,
"keyword": "driving application"},
-{"id": 3524,
-"keyword": "largest power"},
{"id": 3525,
+"keyword": "largest power"},
+{"id": 3526,
"keyword": "verified algorithms"},
-{"id": 3526,
+{"id": 3527,
"keyword": "infer interleaves statements"},
-{"id": 3527,
+{"id": 3528,
"keyword": "reversed morphisms"},
-{"id": 3528,
+{"id": 3529,
"keyword": "algebraic framework"},
-{"id": 3529,
-"keyword": "model systems"},
{"id": 3530,
-"keyword": "submission"},
+"keyword": "model systems"},
{"id": 3531,
+"keyword": "submission"},
+{"id": 3532,
"keyword": "structured proof techniques"},
-{"id": 3532,
+{"id": 3533,
"keyword": "exponential golomb codes"},
-{"id": 3533,
-"keyword": "document class"},
{"id": 3534,
+"keyword": "document class"},
+{"id": 3535,
"keyword": "infinite sequence"},
-{"id": 3535,
-"keyword": "multivariate taylor models"},
{"id": 3536,
+"keyword": "multivariate taylor models"},
+{"id": 3537,
"keyword": "conference interactive theorem proving"},
-{"id": 3537,
-"keyword": "approach produced"},
{"id": 3538,
-"keyword": "financial market"},
+"keyword": "approach produced"},
{"id": 3539,
+"keyword": "financial market"},
+{"id": 3540,
"keyword": "infinite horizon mdps"},
-{"id": 3540,
+{"id": 3541,
"keyword": "system verification"},
-{"id": 3541,
-"keyword": "arithmetic progression"},
{"id": 3542,
+"keyword": "arithmetic progression"},
+{"id": 3543,
"keyword": "external communication clocking"},
-{"id": 3543,
-"keyword": "transport theorems"},
{"id": 3544,
+"keyword": "transport theorems"},
+{"id": 3545,
"keyword": "simply-typed lambda terms"},
-{"id": 3545,
-"keyword": "slightly mars"},
{"id": 3546,
-"keyword": "bisimulation equivalence"},
+"keyword": "slightly mars"},
{"id": 3547,
+"keyword": "bisimulation equivalence"},
+{"id": 3548,
"keyword": "simplify protocol verification"},
-{"id": 3548,
+{"id": 3549,
"keyword": "unverified checkers"},
-{"id": 3549,
-"keyword": "ijcar 2014 publication"},
{"id": 3550,
-"keyword": "dining philosopher problem"},
+"keyword": "ijcar 2014 publication"},
{"id": 3551,
+"keyword": "dining philosopher problem"},
+{"id": 3552,
"keyword": "linearly independent"},
-{"id": 3552,
+{"id": 3553,
"keyword": "removing intermediate list structures"},
-{"id": 3553,
+{"id": 3554,
"keyword": "hand canonical notions"},
-{"id": 3554,
+{"id": 3555,
"keyword": "general sets"},
-{"id": 3555,
+{"id": 3556,
"keyword": "afp representation"},
-{"id": 3556,
-"keyword": "symmetric multivariate polynomials"},
{"id": 3557,
+"keyword": "symmetric multivariate polynomials"},
+{"id": 3558,
"keyword": "store buffer forwarding"},
-{"id": 3558,
+{"id": 3559,
"keyword": "key concepts"},
-{"id": 3559,
+{"id": 3560,
"keyword": "one-time efforts benefit"},
-{"id": 3560,
+{"id": 3561,
"keyword": "polynomial interpretations"},
-{"id": 3561,
-"keyword": "leq alpha"},
{"id": 3562,
-"keyword": "constructing correct programs"},
+"keyword": "leq alpha"},
{"id": 3563,
+"keyword": "constructing correct programs"},
+{"id": 3564,
"keyword": "blackboard pattern"},
-{"id": 3564,
+{"id": 3565,
"keyword": "chagu rand"},
-{"id": 3565,
-"keyword": "version due"},
{"id": 3566,
+"keyword": "version due"},
+{"id": 3567,
"keyword": "symbolic transitions systems"},
-{"id": 3567,
-"keyword": "differs slightly"},
{"id": 3568,
+"keyword": "differs slightly"},
+{"id": 3569,
"keyword": "fundamental properties"},
-{"id": 3569,
-"keyword": "powerful mathematical tools"},
{"id": 3570,
-"keyword": "proof system"},
+"keyword": "powerful mathematical tools"},
{"id": 3571,
+"keyword": "proof system"},
+{"id": 3572,
"keyword": "equivalence checker"},
-{"id": 3572,
+{"id": 3573,
"keyword": "deletion preserve weight-balance"},
-{"id": 3573,
-"keyword": "sparse relations"},
{"id": 3574,
+"keyword": "sparse relations"},
+{"id": 3575,
"keyword": "under-approximate hoare logic"},
-{"id": 3575,
-"keyword": "code generation setup"},
{"id": 3576,
+"keyword": "code generation setup"},
+{"id": 3577,
"keyword": "underlying disambiguation strategy"},
-{"id": 3577,
-"keyword": "non-negative real-"},
{"id": 3578,
-"keyword": "opinion"},
+"keyword": "non-negative real-"},
{"id": 3579,
+"keyword": "opinion"},
+{"id": 3580,
"keyword": "efficient root isolation"},
-{"id": 3580,
+{"id": 3581,
"keyword": "machine words"},
-{"id": 3581,
-"keyword": "class type constructors"},
{"id": 3582,
-"keyword": "large real-world firewall"},
+"keyword": "class type constructors"},
{"id": 3583,
+"keyword": "large real-world firewall"},
+{"id": 3584,
"keyword": "equational axiomatisation"},
-{"id": 3584,
+{"id": 3585,
"keyword": "solution obtained"},
-{"id": 3585,
+{"id": 3586,
"keyword": "document presents"},
-{"id": 3586,
+{"id": 3587,
"keyword": "convert ltl formulas"},
-{"id": 3587,
+{"id": 3588,
"keyword": "naive union operation"},
-{"id": 3588,
-"keyword": "saturation-based heuristic prover"},
{"id": 3589,
+"keyword": "saturation-based heuristic prover"},
+{"id": 3590,
"keyword": "multiple relational databases"},
-{"id": 3590,
+{"id": 3591,
"keyword": "distinct prime factors"},
-{"id": 3591,
+{"id": 3592,
"keyword": "first-order logic completeness theorem"},
-{"id": 3592,
+{"id": 3593,
"keyword": "imp commands"},
-{"id": 3593,
-"keyword": "periodic function"},
{"id": 3594,
-"keyword": "design pattern"},
+"keyword": "periodic function"},
{"id": 3595,
+"keyword": "design pattern"},
+{"id": 3596,
"keyword": "obtain efficient code"},
-{"id": 3596,
+{"id": 3597,
"keyword": "chi automata"},
-{"id": 3597,
-"keyword": "featuring program-level requirements"},
{"id": 3598,
-"keyword": "requested computation"},
+"keyword": "featuring program-level requirements"},
{"id": 3599,
+"keyword": "requested computation"},
+{"id": 3600,
"keyword": "finite maps"},
-{"id": 3600,
+{"id": 3601,
"keyword": "symmetric range"},
-{"id": 3601,
+{"id": 3602,
"keyword": "work implements"},
-{"id": 3602,
+{"id": 3603,
"keyword": "analytic continuation"},
-{"id": 3603,
+{"id": 3604,
"keyword": "demonic refinement algebra"},
-{"id": 3604,
-"keyword": "list lookup operation"},
{"id": 3605,
+"keyword": "list lookup operation"},
+{"id": 3606,
"keyword": "recursively inseparable"},
-{"id": 3606,
+{"id": 3607,
"keyword": "efficient factorization algorithm"},
-{"id": 3607,
+{"id": 3608,
"keyword": "port proofs"},
-{"id": 3608,
+{"id": 3609,
"keyword": "present article"},
-{"id": 3609,
+{"id": 3610,
"keyword": "axiom system"},
-{"id": 3610,
+{"id": 3611,
"keyword": "partial procedure"},
-{"id": 3611,
+{"id": 3612,
"keyword": "van der waerden number"},
-{"id": 3612,
-"keyword": "safe-range queries evaluate"},
{"id": 3613,
+"keyword": "safe-range queries evaluate"},
+{"id": 3614,
"keyword": "abstract file represented"},
-{"id": 3614,
+{"id": 3615,
"keyword": "paper multi-head monitoring"},
-{"id": 3615,
+{"id": 3616,
"keyword": "extract ocaml code"},
-{"id": 3616,
-"keyword": "linear inqualities"},
{"id": 3617,
+"keyword": "linear inqualities"},
+{"id": 3618,
"keyword": "real-time constraints"},
-{"id": 3618,
-"keyword": "equivalence classes"},
{"id": 3619,
-"keyword": "probabilistic loop termination"},
+"keyword": "equivalence classes"},
{"id": 3620,
+"keyword": "probabilistic loop termination"},
+{"id": 3621,
"keyword": "validate termination"},
-{"id": 3621,
+{"id": 3622,
"keyword": "large-scale stream processing systems"},
-{"id": 3622,
+{"id": 3623,
"keyword": "functional implementation based"},
-{"id": 3623,
+{"id": 3624,
"keyword": "abstract cfg"},
-{"id": 3624,
+{"id": 3625,
"keyword": "polymorphic edge type"},
-{"id": 3625,
-"keyword": "theories presents"},
{"id": 3626,
-"keyword": "rank-nullity theorem generalises"},
+"keyword": "theories presents"},
{"id": 3627,
+"keyword": "rank-nullity theorem generalises"},
+{"id": 3628,
"keyword": "major case study"},
-{"id": 3628,
+{"id": 3629,
"keyword": "obtain efficient certified algorithms"},
-{"id": 3629,
-"keyword": "complex case"},
{"id": 3630,
+"keyword": "complex case"},
+{"id": 3631,
"keyword": "lei97 alexander leitsch"},
-{"id": 3631,
-"keyword": "existing libraries"},
{"id": 3632,
+"keyword": "existing libraries"},
+{"id": 3633,
"keyword": "type information"},
-{"id": 3633,
-"keyword": "dprm theorem"},
{"id": 3634,
-"keyword": "quickstart guide"},
+"keyword": "dprm theorem"},
{"id": 3635,
+"keyword": "quickstart guide"},
+{"id": 3636,
"keyword": "simple"},
-{"id": 3636,
+{"id": 3637,
"keyword": "gaussian integer formalisation"},
-{"id": 3637,
-"keyword": "shannon decomposition"},
{"id": 3638,
+"keyword": "shannon decomposition"},
+{"id": 3639,
"keyword": "axiom"},
-{"id": 3639,
-"keyword": "abstract specification"},
{"id": 3640,
+"keyword": "abstract specification"},
+{"id": 3641,
"keyword": "cidr notation"},
-{"id": 3641,
+{"id": 3642,
"keyword": "path lengths"},
-{"id": 3642,
+{"id": 3643,
"keyword": "discounted infinite horizon mdps"},
-{"id": 3643,
-"keyword": "stricter safety guarantess"},
{"id": 3644,
+"keyword": "stricter safety guarantess"},
+{"id": 3645,
"keyword": "similar cegar-"},
-{"id": 3645,
+{"id": 3646,
"keyword": "floyd-warshall algorithm flo62"},
-{"id": 3646,
+{"id": 3647,
"keyword": "infinite form"},
-{"id": 3647,
-"keyword": "inverse transform ifntt"},
{"id": 3648,
+"keyword": "inverse transform ifntt"},
+{"id": 3649,
"keyword": "underlying category"},
-{"id": 3649,
-"keyword": "integers modulo"},
{"id": 3650,
-"keyword": "isomorphism classes"},
+"keyword": "integers modulo"},
{"id": 3651,
+"keyword": "isomorphism classes"},
+{"id": 3652,
"keyword": "laplace transform"},
-{"id": 3652,
+{"id": 3653,
"keyword": "stepwise inductive definition"},
-{"id": 3653,
-"keyword": "hol multivariate analysis"},
{"id": 3654,
+"keyword": "hol multivariate analysis"},
+{"id": 3655,
"keyword": "spectral radius theory"},
-{"id": 3655,
-"keyword": "viterbi algorithm"},
{"id": 3656,
+"keyword": "viterbi algorithm"},
+{"id": 3657,
"keyword": "directed graph"},
-{"id": 3657,
+{"id": 3658,
"keyword": "correct construction"},
-{"id": 3658,
+{"id": 3659,
"keyword": "yoneda lemma"},
-{"id": 3659,
-"keyword": "kleene algebras endowed"},
{"id": 3660,
+"keyword": "kleene algebras endowed"},
+{"id": 3661,
"keyword": "autoref tool"},
-{"id": 3661,
+{"id": 3662,
"keyword": "simple while-language"},
-{"id": 3662,
+{"id": 3663,
"keyword": "pace authentication key"},
-{"id": 3663,
+{"id": 3664,
"keyword": "herglotz"},
-{"id": 3664,
+{"id": 3665,
"keyword": "relation-algebraic concepts"},
-{"id": 3665,
+{"id": 3666,
"keyword": "periodically adjusting"},
-{"id": 3666,
+{"id": 3667,
"keyword": "hol-multivariate analysis library"},
-{"id": 3667,
-"keyword": "reproduce faithfully"},
{"id": 3668,
+"keyword": "reproduce faithfully"},
+{"id": 3669,
"keyword": "generic fixed-width words"},
-{"id": 3669,
+{"id": 3670,
"keyword": "counting partial equivalence relations"},
-{"id": 3670,
+{"id": 3671,
"keyword": "additional indeterminate"},
-{"id": 3671,
+{"id": 3672,
"keyword": "message confidentiality"},
-{"id": 3672,
+{"id": 3673,
"keyword": "work comprises proofs"},
-{"id": 3673,
+{"id": 3674,
"keyword": "vandermonde matrices"},
-{"id": 3674,
+{"id": 3675,
"keyword": "original language"},
-{"id": 3675,
-"keyword": "verifies infinite families"},
{"id": 3676,
+"keyword": "verifies infinite families"},
+{"id": 3677,
"keyword": "afp entry saturation_framework"},
-{"id": 3677,
+{"id": 3678,
"keyword": "detailed presentation"},
-{"id": 3678,
+{"id": 3679,
"keyword": "executable algorithms based"},
-{"id": 3679,
-"keyword": "art formal verification methods"},
{"id": 3680,
+"keyword": "art formal verification methods"},
+{"id": 3681,
"keyword": "automatically executed programs"},
-{"id": 3681,
-"keyword": "verified monitor implements"},
{"id": 3682,
-"keyword": "security expressed"},
+"keyword": "verified monitor implements"},
{"id": 3683,
+"keyword": "security expressed"},
+{"id": 3684,
"keyword": "subsystems involves causality"},
-{"id": 3684,
+{"id": 3685,
"keyword": "byte-level little-endian memory model"},
-{"id": 3685,
-"keyword": "tail-recursive generalization"},
{"id": 3686,
+"keyword": "tail-recursive generalization"},
+{"id": 3687,
"keyword": "automatic differentiation"},
-{"id": 3687,
-"keyword": "paper compositional verification"},
{"id": 3688,
+"keyword": "paper compositional verification"},
+{"id": 3689,
"keyword": "set monad notation"},
-{"id": 3689,
+{"id": 3690,
"keyword": "georgia notes"},
-{"id": 3690,
+{"id": 3691,
"keyword": "plas 2009 paper"},
-{"id": 3691,
-"keyword": "intransitive noninterference policy"},
{"id": 3692,
+"keyword": "intransitive noninterference policy"},
+{"id": 3693,
"keyword": "interactive convergence algorithm"},
-{"id": 3693,
+{"id": 3694,
"keyword": "provably demonstrate"},
-{"id": 3694,
+{"id": 3695,
"keyword": "forward differentiation"},
-{"id": 3695,
+{"id": 3696,
"keyword": "automatic methods"},
-{"id": 3696,
+{"id": 3697,
"keyword": "classical dpll procedure"},
-{"id": 3697,
+{"id": 3698,
"keyword": "lifting"},
-{"id": 3698,
+{"id": 3699,
"keyword": "lehmer"},
-{"id": 3699,
-"keyword": "electronic proceedings"},
{"id": 3700,
+"keyword": "electronic proceedings"},
+{"id": 3701,
"keyword": "inventors vickrey"},
-{"id": 3701,
+{"id": 3702,
"keyword": "one-complete computably enumerable set"},
-{"id": 3702,
+{"id": 3703,
"keyword": "conway semirings extended"},
-{"id": 3703,
+{"id": 3704,
"keyword": "pseudonymous identifiers output"},
-{"id": 3704,
-"keyword": "unverified translation"},
{"id": 3705,
-"keyword": "recently proposed framework"},
+"keyword": "unverified translation"},
{"id": 3706,
+"keyword": "recently proposed framework"},
+{"id": 3707,
"keyword": "marriage theorem"},
-{"id": 3707,
+{"id": 3708,
"keyword": "modern day politics"},
-{"id": 3708,
-"keyword": "abstract reasoning"},
{"id": 3709,
-"keyword": "adjunctions"},
+"keyword": "abstract reasoning"},
{"id": 3710,
+"keyword": "adjunctions"},
+{"id": 3711,
"keyword": "solomon feferman"},
-{"id": 3711,
+{"id": 3712,
"keyword": "babylonian method"},
-{"id": 3712,
+{"id": 3713,
"keyword": "phd thesis"},
-{"id": 3713,
+{"id": 3714,
"keyword": "formal analysis"},
-{"id": 3714,
+{"id": 3715,
"keyword": "implemented multi-"},
-{"id": 3715,
-"keyword": "proposes axiom systems"},
{"id": 3716,
+"keyword": "proposes axiom systems"},
+{"id": 3717,
"keyword": "called hol-csp 1"},
-{"id": 3717,
+{"id": 3718,
"keyword": "explicit bottom element"},
-{"id": 3718,
+{"id": 3719,
"keyword": "vandermonde identity"},
-{"id": 3719,
+{"id": 3720,
"keyword": "infinite type"},
-{"id": 3720,
-"keyword": "ergodic theory"},
{"id": 3721,
-"keyword": "change history"},
+"keyword": "ergodic theory"},
{"id": 3722,
+"keyword": "change history"},
+{"id": 3723,
"keyword": "establishing strong eventual consistency"},
-{"id": 3723,
+{"id": 3724,
"keyword": "two-element security lattice"},
-{"id": 3724,
-"keyword": "abstract proof"},
{"id": 3725,
+"keyword": "abstract proof"},
+{"id": 3726,
"keyword": "standard real cartesian model"},
-{"id": 3726,
-"keyword": "holcf extension"},
{"id": 3727,
+"keyword": "holcf extension"},
+{"id": 3728,
"keyword": "development relies"},
-{"id": 3728,
-"keyword": "basic identities"},
{"id": 3729,
-"keyword": "periodic bernoulli polynomials"},
+"keyword": "basic identities"},
{"id": 3730,
+"keyword": "periodic bernoulli polynomials"},
+{"id": 3731,
+"keyword": "ikkbz produces"},
+{"id": 3732,
"keyword": "protocols sharing common structure"},
-{"id": 3731,
+{"id": 3733,
"keyword": "attack tree validity"},
-{"id": 3732,
+{"id": 3734,
"keyword": "generic dfs algorithm framework"},
-{"id": 3733,
-"keyword": "many-sorted problem"},
-{"id": 3734,
-"keyword": "smallest number n_"},
{"id": 3735,
-"keyword": "laurent expansion"},
+"keyword": "many-sorted problem"},
{"id": 3736,
-"keyword": "supports low-effort security proofs"},
+"keyword": "smallest number n_"},
{"id": 3737,
-"keyword": "natural homomorphism"},
+"keyword": "laurent expansion"},
{"id": 3738,
+"keyword": "supports low-effort security proofs"},
+{"id": 3739,
+"keyword": "natural homomorphism"},
+{"id": 3740,
"keyword": "potential applications"},
-{"id": 3739,
+{"id": 3741,
"keyword": "entire polynomial ring"},
-{"id": 3740,
+{"id": 3742,
"keyword": "differential dynamic logic"},
-{"id": 3741,
+{"id": 3743,
"keyword": "wpo subsumes kbo"},
-{"id": 3742,
+{"id": 3744,
"keyword": "top 100 mathematical theorems"},
-{"id": 3743,
+{"id": 3745,
"keyword": "beukers"},
-{"id": 3744,
+{"id": 3746,
"keyword": "first-order logic"},
-{"id": 3745,
+{"id": 3747,
"keyword": "canton protocol"},
-{"id": 3746,
-"keyword": "linear temporal logic"},
-{"id": 3747,
-"keyword": "newton puiseux theorem"},
{"id": 3748,
+"keyword": "linear temporal logic"},
+{"id": 3749,
+"keyword": "newton puiseux theorem"},
+{"id": 3750,
"keyword": "safely composable web components"},
-{"id": 3749,
+{"id": 3751,
"keyword": "function"},
-{"id": 3750,
+{"id": 3752,
"keyword": "canonical isomorphism"},
-{"id": 3751,
+{"id": 3753,
"keyword": "grounding sets"},
-{"id": 3752,
+{"id": 3754,
"keyword": "characteristic polynomials"},
-{"id": 3753,
+{"id": 3755,
"keyword": "fibonacci numbers"},
-{"id": 3754,
+{"id": 3756,
"keyword": "control-flow graphs"},
-{"id": 3755,
+{"id": 3757,
"keyword": "closed starting"},
-{"id": 3756,
+{"id": 3758,
"keyword": "public key cryptography"},
-{"id": 3757,
-"keyword": "leading coefficient"},
-{"id": 3758,
-"keyword": "denotational semantics"},
{"id": 3759,
-"keyword": "utilizing modern proof assistants"},
+"keyword": "leading coefficient"},
{"id": 3760,
-"keyword": "integral domains"},
+"keyword": "denotational semantics"},
{"id": 3761,
-"keyword": "generalized sylvester matrices"},
+"keyword": "utilizing modern proof assistants"},
{"id": 3762,
+"keyword": "integral domains"},
+{"id": 3763,
+"keyword": "generalized sylvester matrices"},
+{"id": 3764,
"keyword": "case statements"},
-{"id": 3763,
+{"id": 3765,
"keyword": "arbitrary size"},
-{"id": 3764,
+{"id": 3766,
"keyword": "concurrent systems"},
-{"id": 3765,
-"keyword": "greatly reducing"},
-{"id": 3766,
-"keyword": "matching"},
{"id": 3767,
+"keyword": "greatly reducing"},
+{"id": 3768,
+"keyword": "matching"},
+{"id": 3769,
"keyword": "event shared"},
-{"id": 3768,
+{"id": 3770,
"keyword": "distributed ledgers"},
-{"id": 3769,
-"keyword": "john bruntse larsen"},
-{"id": 3770,
-"keyword": "gauss-jordan algorithm"},
{"id": 3771,
+"keyword": "john bruntse larsen"},
+{"id": 3772,
+"keyword": "gauss-jordan algorithm"},
+{"id": 3773,
"keyword": "existing tools"},
-{"id": 3772,
+{"id": 3774,
"keyword": "accompanying paper"},
-{"id": 3773,
-"keyword": "developing methods"},
-{"id": 3774,
-"keyword": "edmonds theorem"},
{"id": 3775,
-"keyword": "basic result"},
+"keyword": "developing methods"},
{"id": 3776,
-"keyword": "program dependence graphs"},
+"keyword": "edmonds theorem"},
{"id": 3777,
-"keyword": "reference point"},
+"keyword": "basic result"},
{"id": 3778,
+"keyword": "program dependence graphs"},
+{"id": 3779,
+"keyword": "reference point"},
+{"id": 3780,
"keyword": "unwinding theorem"},
-{"id": 3779,
+{"id": 3781,
"keyword": "class-preserving learning"},
-{"id": 3780,
+{"id": 3782,
"keyword": "natural deduction proof calculus"},
-{"id": 3781,
-"keyword": "latest version"},
-{"id": 3782,
-"keyword": "compiler technology"},
{"id": 3783,
+"keyword": "latest version"},
+{"id": 3784,
+"keyword": "compiler technology"},
+{"id": 3785,
"keyword": "monoidal functor"},
-{"id": 3784,
+{"id": 3786,
"keyword": "bst"},
-{"id": 3785,
-"keyword": "greatest fixpoints"},
-{"id": 3786,
-"keyword": "cover records"},
{"id": 3787,
+"keyword": "greatest fixpoints"},
+{"id": 3788,
+"keyword": "cover records"},
+{"id": 3789,
"keyword": "entire prover"},
-{"id": 3788,
+{"id": 3790,
"keyword": "quantum registers"},
-{"id": 3789,
+{"id": 3791,
"keyword": "security properties turn"},
-{"id": 3790,
+{"id": 3792,
"keyword": "locale assumptions correspond"},
-{"id": 3791,
+{"id": 3793,
"keyword": "monotonic predicate transformers"},
-{"id": 3792,
+{"id": 3794,
"keyword": "exponential reconstruction phase"},
-{"id": 3793,
-"keyword": "monad transformers"},
-{"id": 3794,
-"keyword": "process invariant"},
{"id": 3795,
+"keyword": "monad transformers"},
+{"id": 3796,
+"keyword": "process invariant"},
+{"id": 3797,
"keyword": "original algorithm presented"},
-{"id": 3796,
+{"id": 3798,
"keyword": "count distinct real roots"},
-{"id": 3797,
+{"id": 3799,
"keyword": "standard verification technology"},
-{"id": 3798,
+{"id": 3800,
"keyword": "frobenius reciprocity"},
-{"id": 3799,
+{"id": 3801,
"keyword": "static intraprocedural slicing"},
-{"id": 3800,
+{"id": 3802,
"keyword": "de bruijn indices"},
-{"id": 3801,
-"keyword": "real closed field"},
-{"id": 3802,
-"keyword": "compare encodability criteria"},
{"id": 3803,
+"keyword": "real closed field"},
+{"id": 3804,
+"keyword": "compare encodability criteria"},
+{"id": 3805,
"keyword": "final theorem statement"},
-{"id": 3804,
+{"id": 3806,
"keyword": "timing information"},
-{"id": 3805,
-"keyword": "high-level security goals"},
-{"id": 3806,
-"keyword": "pop-refinement enables"},
{"id": 3807,
-"keyword": "sylow theorem"},
+"keyword": "high-level security goals"},
{"id": 3808,
-"keyword": "abstract type"},
+"keyword": "pop-refinement enables"},
{"id": 3809,
-"keyword": "ipv6 address space"},
+"keyword": "sylow theorem"},
{"id": 3810,
+"keyword": "abstract type"},
+{"id": 3811,
+"keyword": "ipv6 address space"},
+{"id": 3812,
"keyword": "solver based"},
-{"id": 3811,
+{"id": 3813,
"keyword": "resulting set"},
-{"id": 3812,
+{"id": 3814,
"keyword": "sheldon axler"},
-{"id": 3813,
-"keyword": "nominal datatype package"},
-{"id": 3814,
-"keyword": "gaussian integers"},
{"id": 3815,
+"keyword": "nominal datatype package"},
+{"id": 3816,
+"keyword": "gaussian integers"},
+{"id": 3817,
"keyword": "paper"},
-{"id": 3816,
+{"id": 3818,
"keyword": "information observed"},
-{"id": 3817,
-"keyword": "tim gowers"},
-{"id": 3818,
-"keyword": "radical coordinates"},
{"id": 3819,
+"keyword": "tim gowers"},
+{"id": 3820,
+"keyword": "radical coordinates"},
+{"id": 3821,
"keyword": "existing proof"},
-{"id": 3820,
+{"id": 3822,
"keyword": "landmark information flow property"},
-{"id": 3821,
+{"id": 3823,
"keyword": "afp entry category theory"},
-{"id": 3822,
+{"id": 3824,
"keyword": "cambridge university press"},
-{"id": 3823,
+{"id": 3825,
"keyword": "classical noninterference security"},
-{"id": 3824,
+{"id": 3826,
"keyword": "advanced set-theoretic concepts"},
-{"id": 3825,
-"keyword": "concurrent kleene algebra"},
-{"id": 3826,
-"keyword": "nigsberg bridge problem"},
{"id": 3827,
+"keyword": "concurrent kleene algebra"},
+{"id": 3828,
+"keyword": "nigsberg bridge problem"},
+{"id": 3829,
"keyword": "algebraic numbers"},
-{"id": 3828,
+{"id": 3830,
"keyword": "formal semantics designed"},
-{"id": 3829,
+{"id": 3831,
"keyword": "planetmath article"},
-{"id": 3830,
+{"id": 3832,
"keyword": "call-by-"},
-{"id": 3831,
+{"id": 3833,
"keyword": "linearised looplessly"},
-{"id": 3832,
+{"id": 3834,
"keyword": "dependency graph approximations"},
-{"id": 3833,
+{"id": 3835,
"keyword": "adam smith"},
-{"id": 3834,
+{"id": 3836,
"keyword": "basic geometric facts"},
-{"id": 3835,
+{"id": 3837,
"keyword": "processor maintains"},
-{"id": 3836,
+{"id": 3838,
"keyword": "yufei zhao"},
-{"id": 3837,
+{"id": 3839,
"keyword": "abstract functions modelled directly"},
-{"id": 3838,
+{"id": 3840,
"keyword": "compiled code execution"},
-{"id": 3839,
+{"id": 3841,
"keyword": "derive proof rules"},
-{"id": 3840,
+{"id": 3842,
"keyword": "ordinary transition systems"},
-{"id": 3841,
-"keyword": "generating function proof"},
-{"id": 3842,
-"keyword": "equational axioms"},
{"id": 3843,
+"keyword": "generating function proof"},
+{"id": 3844,
+"keyword": "equational axioms"},
+{"id": 3845,
"keyword": "entry lies"},
-{"id": 3844,
+{"id": 3846,
"keyword": "basic setting"},
-{"id": 3845,
+{"id": 3847,
"keyword": "systematic development"},
-{"id": 3846,
+{"id": 3848,
"keyword": "primitive recursive function"},
-{"id": 3847,
+{"id": 3849,
"keyword": "continuous linear operators"},
-{"id": 3848,
+{"id": 3850,
"keyword": "linux-based firewall"},
-{"id": 3849,
+{"id": 3851,
"keyword": "clock synchronization"},
-{"id": 3850,
+{"id": 3852,
"keyword": "ocl standard targeting"},
-{"id": 3851,
+{"id": 3853,
"keyword": "coprime polynomials"},
-{"id": 3852,
+{"id": 3854,
"keyword": "high-level view"},
-{"id": 3853,
+{"id": 3855,
"keyword": "architectural design patterns"},
-{"id": 3854,
+{"id": 3856,
"keyword": "computing dominators due"},
-{"id": 3855,
+{"id": 3857,
"keyword": "generalised binomial coefficients"},
-{"id": 3856,
+{"id": 3858,
"keyword": "beth hintikka-style completeness proofs"},
-{"id": 3857,
-"keyword": "transfinite induction"},
-{"id": 3858,
-"keyword": "linear independence"},
{"id": 3859,
+"keyword": "transfinite induction"},
+{"id": 3860,
+"keyword": "linear independence"},
+{"id": 3861,
"keyword": "work presents"},
-{"id": 3860,
+{"id": 3862,
"keyword": "simple relation-algebraic semantics"},
-{"id": 3861,
+{"id": 3863,
"keyword": "real-word firewall errors"},
-{"id": 3862,
+{"id": 3864,
"keyword": "static intraprocedural slicing based"},
-{"id": 3863,
+{"id": 3865,
"keyword": "circus language"},
-{"id": 3864,
+{"id": 3866,
"keyword": "book proof theory"},
-{"id": 3865,
-"keyword": "main results verified"},
-{"id": 3866,
-"keyword": "volume greater"},
{"id": 3867,
+"keyword": "main results verified"},
+{"id": 3868,
+"keyword": "volume greater"},
+{"id": 3869,
"keyword": "finite limits"},
-{"id": 3868,
+{"id": 3870,
"keyword": "axiomatic definition"},
-{"id": 3869,
-"keyword": "comparison-based sorting algorithm"},
-{"id": 3870,
-"keyword": "extensions written"},
{"id": 3871,
-"keyword": "arbitrary linear order"},
+"keyword": "comparison-based sorting algorithm"},
{"id": 3872,
-"keyword": "axiomatic framework"},
+"keyword": "extensions written"},
{"id": 3873,
-"keyword": "minimal complete sets"},
+"keyword": "arbitrary linear order"},
{"id": 3874,
+"keyword": "axiomatic framework"},
+{"id": 3875,
+"keyword": "minimal complete sets"},
+{"id": 3876,
"keyword": "abstract syntax tree generated"},
-{"id": 3875,
+{"id": 3877,
"keyword": "formulas"},
-{"id": 3876,
+{"id": 3878,
"keyword": "classes simply"},
-{"id": 3877,
+{"id": 3879,
"keyword": "introductory sections"},
-{"id": 3878,
+{"id": 3880,
"keyword": "logging-dependent message anonymity"},
-{"id": 3879,
+{"id": 3881,
"keyword": "traversing sets"},
-{"id": 3880,
+{"id": 3882,
"keyword": "high-school student"},
-{"id": 3881,
+{"id": 3883,
"keyword": "factoring square-free integer polynomials"},
-{"id": 3882,
+{"id": 3884,
"keyword": "linear bound argument"},
-{"id": 3883,
+{"id": 3885,
"keyword": "extreme simplicity"},
-{"id": 3884,
-"keyword": "frobenius theorem based"},
-{"id": 3885,
-"keyword": "mentioned logics"},
{"id": 3886,
-"keyword": "single variable ranging"},
+"keyword": "frobenius theorem based"},
{"id": 3887,
-"keyword": "optimal binary search trees"},
+"keyword": "mentioned logics"},
{"id": 3888,
-"keyword": "incremental verification"},
+"keyword": "single variable ranging"},
{"id": 3889,
+"keyword": "optimal binary search trees"},
+{"id": 3890,
+"keyword": "incremental verification"},
+{"id": 3891,
"keyword": "articles ai-communications aic764"},
-{"id": 3890,
+{"id": 3892,
"keyword": "1 infty"},
-{"id": 3891,
+{"id": 3893,
"keyword": "infinite key range"},
-{"id": 3892,
-"keyword": "elementary methods"},
-{"id": 3893,
-"keyword": "larger rings"},
{"id": 3894,
+"keyword": "elementary methods"},
+{"id": 3895,
+"keyword": "larger rings"},
+{"id": 3896,
"keyword": "infinite paths"},
-{"id": 3895,
+{"id": 3897,
"keyword": "virtual methods"},
-{"id": 3896,
-"keyword": "tail-recursive function definitions"},
-{"id": 3897,
-"keyword": "hierarchical automaton"},
{"id": 3898,
+"keyword": "tail-recursive function definitions"},
+{"id": 3899,
+"keyword": "hierarchical automaton"},
+{"id": 3900,
"keyword": "cantor normal form"},
-{"id": 3899,
+{"id": 3901,
"keyword": "modeling real-time systems"},
-{"id": 3900,
-"keyword": "hol users"},
-{"id": 3901,
-"keyword": "distinct layers"},
{"id": 3902,
-"keyword": "knuth ndash"},
+"keyword": "hol users"},
{"id": 3903,
-"keyword": "recursion theory --- definitions"},
+"keyword": "distinct layers"},
{"id": 3904,
-"keyword": "general framework"},
+"keyword": "knuth ndash"},
{"id": 3905,
+"keyword": "recursion theory --- definitions"},
+{"id": 3906,
+"keyword": "general framework"},
+{"id": 3907,
"keyword": "modern web browser"},
-{"id": 3906,
+{"id": 3908,
"keyword": "hol light formalisation"},
-{"id": 3907,
+{"id": 3909,
"keyword": "complete lattices"},
-{"id": 3908,
-"keyword": "original theorem statement"},
-{"id": 3909,
-"keyword": "requirements"},
{"id": 3910,
+"keyword": "original theorem statement"},
+{"id": 3911,
+"keyword": "requirements"},
+{"id": 3912,
"keyword": "turing reducibility"},
-{"id": 3911,
+{"id": 3913,
"keyword": "randomly generated inputs"},
-{"id": 3912,
-"keyword": "convolution theorem thereon"},
-{"id": 3913,
-"keyword": "topological boolean algebras"},
{"id": 3914,
+"keyword": "convolution theorem thereon"},
+{"id": 3915,
+"keyword": "topological boolean algebras"},
+{"id": 3916,
"keyword": "coinductive entry"},
-{"id": 3915,
+{"id": 3917,
"keyword": "range search algorithm"},
-{"id": 3916,
+{"id": 3918,
"keyword": "code generator maps"},
-{"id": 3917,
+{"id": 3919,
"keyword": "circus environment supports"},
-{"id": 3918,
+{"id": 3920,
"keyword": "additional notions"},
-{"id": 3919,
+{"id": 3921,
"keyword": "graph regularity"},
-{"id": 3920,
-"keyword": "problem arithmetic progressions"},
-{"id": 3921,
-"keyword": "security requirements expressed"},
{"id": 3922,
+"keyword": "problem arithmetic progressions"},
+{"id": 3923,
+"keyword": "security requirements expressed"},
+{"id": 3924,
"keyword": "many-sorted first-order logic"},
-{"id": 3923,
+{"id": 3925,
"keyword": "formal cryptographic protocol verification"},
-{"id": 3924,
+{"id": 3926,
"keyword": "easily justified"},
-{"id": 3925,
+{"id": 3927,
"keyword": "parallel postulates"},
-{"id": 3926,
+{"id": 3928,
"keyword": "spanning basic algorithms"},
-{"id": 3927,
+{"id": 3929,
"keyword": "compilation target"},
-{"id": 3928,
-"keyword": "authenticated data structures"},
-{"id": 3929,
-"keyword": "features exceptions"},
{"id": 3930,
+"keyword": "authenticated data structures"},
+{"id": 3931,
+"keyword": "features exceptions"},
+{"id": 3932,
"keyword": "ordinal alpha"},
-{"id": 3931,
+{"id": 3933,
"keyword": "ltl properties"},
-{"id": 3932,
-"keyword": "theory change"},
-{"id": 3933,
-"keyword": "exhibit awkward interleaving"},
{"id": 3934,
-"keyword": "mentioned algorithms"},
+"keyword": "theory change"},
{"id": 3935,
-"keyword": "knight visits"},
+"keyword": "exhibit awkward interleaving"},
{"id": 3936,
-"keyword": "splay heaps"},
+"keyword": "mentioned algorithms"},
{"id": 3937,
+"keyword": "knight visits"},
+{"id": 3938,
+"keyword": "splay heaps"},
+{"id": 3939,
"keyword": "disconnected graph"},
-{"id": 3938,
+{"id": 3940,
"keyword": "important models"},
-{"id": 3939,
+{"id": 3941,
"keyword": "proving progress"},
-{"id": 3940,
-"keyword": "elementary divisor rings"},
-{"id": 3941,
-"keyword": "unchanged results"},
{"id": 3942,
+"keyword": "elementary divisor rings"},
+{"id": 3943,
+"keyword": "unchanged results"},
+{"id": 3944,
"keyword": "non-negative reals a_1"},
-{"id": 3943,
+{"id": 3945,
"keyword": "weighted arithmetic geometric"},
-{"id": 3944,
-"keyword": "languages generated"},
-{"id": 3945,
-"keyword": "perfect square"},
{"id": 3946,
+"keyword": "languages generated"},
+{"id": 3947,
+"keyword": "perfect square"},
+{"id": 3948,
"keyword": "random experiment"},
-{"id": 3947,
+{"id": 3949,
"keyword": "hol logic system"},
-{"id": 3948,
+{"id": 3950,
"keyword": "default setup"},
-{"id": 3949,
+{"id": 3951,
"keyword": "complex random system"},
-{"id": 3950,
+{"id": 3952,
"keyword": "imperative hol"},
-{"id": 3951,
+{"id": 3953,
"keyword": "nearest neighbor algorithm"},
-{"id": 3952,
-"keyword": "edge labels"},
-{"id": 3953,
-"keyword": "verification condition generator"},
{"id": 3954,
+"keyword": "edge labels"},
+{"id": 3955,
+"keyword": "verification condition generator"},
+{"id": 3956,
"keyword": "joachim breitner"},
-{"id": 3955,
+{"id": 3957,
"keyword": "inline caching optimization"},
-{"id": 3956,
+{"id": 3958,
"keyword": "algebraic"},
-{"id": 3957,
+{"id": 3959,
"keyword": "unique factorization domain form"},
-{"id": 3958,
+{"id": 3960,
"keyword": "bracket polynomial"},
-{"id": 3959,
+{"id": 3961,
"keyword": "constructive proof"},
-{"id": 3960,
+{"id": 3962,
"keyword": "object-oriented programming"},
-{"id": 3961,
+{"id": 3963,
"keyword": "conditional transfer rules"},
-{"id": 3962,
+{"id": 3964,
"keyword": "functional type theory"},
-{"id": 3963,
+{"id": 3965,
"keyword": "interesting data structure"},
-{"id": 3964,
+{"id": 3966,
"keyword": "arbitrary banach space"},
-{"id": 3965,
+{"id": 3967,
"keyword": "zfc set theory"},
-{"id": 3966,
+{"id": 3968,
"keyword": "quality criteria"},
-{"id": 3967,
+{"id": 3969,
"keyword": "deeply integrated"},
-{"id": 3968,
-"keyword": "stream processing components"},
-{"id": 3969,
-"keyword": "strong security"},
{"id": 3970,
+"keyword": "stream processing components"},
+{"id": 3971,
+"keyword": "strong security"},
+{"id": 3972,
"keyword": "competitive analysis"},
-{"id": 3971,
+{"id": 3973,
"keyword": "correct verification tools"},
-{"id": 3972,
+{"id": 3974,
"keyword": "sample authentication protocol"},
-{"id": 3973,
+{"id": 3975,
"keyword": "finite lists"},
-{"id": 3974,
+{"id": 3976,
"keyword": "axioms proposed"},
-{"id": 3975,
+{"id": 3977,
+"keyword": "query optimization consisting"},
+{"id": 3978,
"keyword": "ltl model checker"},
-{"id": 3976,
+{"id": 3979,
"keyword": "shared resources"},
-{"id": 3977,
+{"id": 3980,
"keyword": "accompanying induction invariant rules"},
-{"id": 3978,
+{"id": 3981,
"keyword": "program logic"},
-{"id": 3979,
+{"id": 3982,
"keyword": "certified programs"},
-{"id": 3980,
+{"id": 3983,
"keyword": "itp 2015 publication"},
-{"id": 3981,
+{"id": 3984,
"keyword": "set category locale"},
-{"id": 3982,
+{"id": 3985,
"keyword": "code generation support"},
-{"id": 3983,
-"keyword": "subset relation"},
-{"id": 3984,
-"keyword": "quantalic structure"},
-{"id": 3985,
-"keyword": "completeness conditions"},
{"id": 3986,
+"keyword": "subset relation"},
+{"id": 3987,
+"keyword": "quantalic structure"},
+{"id": 3988,
+"keyword": "completeness conditions"},
+{"id": 3989,
"keyword": "database community"},
-{"id": 3987,
+{"id": 3990,
"keyword": "security invariant theory"},
-{"id": 3988,
+{"id": 3991,
"keyword": "polynomial-time basis reduction algorithm"},
-{"id": 3989,
+{"id": 3992,
"keyword": "search path"},
-{"id": 3990,
+{"id": 3993,
"keyword": "main topics"},
-{"id": 3991,
-"keyword": "direct subsumption relation"},
-{"id": 3992,
-"keyword": "minkowski inequalities"},
-{"id": 3993,
-"keyword": "generic join algorithm"},
{"id": 3994,
-"keyword": "generalised binary modalities"},
+"keyword": "direct subsumption relation"},
{"id": 3995,
-"keyword": "efficient imperative implementations"},
+"keyword": "minkowski inequalities"},
{"id": 3996,
-"keyword": "sequent calculus prover"},
+"keyword": "generic join algorithm"},
{"id": 3997,
-"keyword": "relativized general knowledge"},
+"keyword": "generalised binary modalities"},
{"id": 3998,
-"keyword": "framed links closely linked"},
+"keyword": "efficient imperative implementations"},
{"id": 3999,
-"keyword": "high-level proofs"},
+"keyword": "sequent calculus prover"},
{"id": 4000,
-"keyword": "universally quantified uninterpreted terms"},
+"keyword": "relativized general knowledge"},
{"id": 4001,
+"keyword": "framed links closely linked"},
+{"id": 4002,
+"keyword": "high-level proofs"},
+{"id": 4003,
+"keyword": "universally quantified uninterpreted terms"},
+{"id": 4004,
"keyword": "morse lemma asserting"},
-{"id": 4002,
+{"id": 4005,
"keyword": "test-generation techniques"},
-{"id": 4003,
-"keyword": "approach decomposes ltl formulas"},
-{"id": 4004,
-"keyword": "data refinement"},
-{"id": 4005,
-"keyword": "data plane"},
{"id": 4006,
-"keyword": "collaborative text editing"},
+"keyword": "approach decomposes ltl formulas"},
{"id": 4007,
-"keyword": "main advantage"},
+"keyword": "data refinement"},
{"id": 4008,
-"keyword": "proof"},
+"keyword": "data plane"},
{"id": 4009,
-"keyword": "functions thetasym"},
+"keyword": "collaborative text editing"},
{"id": 4010,
+"keyword": "main advantage"},
+{"id": 4011,
+"keyword": "proof"},
+{"id": 4012,
+"keyword": "functions thetasym"},
+{"id": 4013,
"keyword": "equivalence relation"},
-{"id": 4011,
+{"id": 4014,
"keyword": "flexray communication protocol"},
-{"id": 4012,
+{"id": 4015,
"keyword": "algebraic proof"},
-{"id": 4013,
+{"id": 4016,
"keyword": "alternative definition"},
-{"id": 4014,
+{"id": 4017,
"keyword": "similar proof"},
-{"id": 4015,
-"keyword": "protocols supported"},
-{"id": 4016,
-"keyword": "efficient union-find data structure"},
-{"id": 4017,
-"keyword": "pairwise commuting hermitian matrices"},
{"id": 4018,
+"keyword": "protocols supported"},
+{"id": 4019,
+"keyword": "efficient union-find data structure"},
+{"id": 4020,
+"keyword": "pairwise commuting hermitian matrices"},
+{"id": 4021,
"keyword": "dom api"},
-{"id": 4019,
+{"id": 4022,
"keyword": "adding knuth"},
-{"id": 4020,
+{"id": 4023,
"keyword": "concrete monad"},
-{"id": 4021,
+{"id": 4024,
"keyword": "identify bugs"},
-{"id": 4022,
+{"id": 4025,
"keyword": "user command"},
-{"id": 4023,
+{"id": 4026,
"keyword": "program analysis"},
-{"id": 4024,
+{"id": 4027,
"keyword": "logic due"},
-{"id": 4025,
+{"id": 4028,
"keyword": "comparisons performed"},
-{"id": 4026,
+{"id": 4029,
"keyword": "inverse squares"},
-{"id": 4027,
+{"id": 4030,
"keyword": "correct optimized versions"},
-{"id": 4028,
+{"id": 4031,
"keyword": "popular introduction"},
-{"id": 4029,
+{"id": 4032,
"keyword": "general theory"},
-{"id": 4030,
+{"id": 4033,
"keyword": "large library"},
-{"id": 4031,
-"keyword": "finite iteration"},
-{"id": 4032,
-"keyword": "monitor supports aggregation operations"},
-{"id": 4033,
-"keyword": "key range"},
{"id": 4034,
+"keyword": "finite iteration"},
+{"id": 4035,
+"keyword": "monitor supports aggregation operations"},
+{"id": 4036,
+"keyword": "key range"},
+{"id": 4037,
"keyword": "social welfare"},
-{"id": 4035,
+{"id": 4038,
"keyword": "proof obligations automatically"},
-{"id": 4036,
+{"id": 4039,
"keyword": "require intermediate operational semantics"},
-{"id": 4037,
+{"id": 4040,
"keyword": "shallow semantical embeddings approach"},
-{"id": 4038,
+{"id": 4041,
"keyword": "collect information"},
-{"id": 4039,
+{"id": 4042,
"keyword": "backward simulations"},
-{"id": 4040,
+{"id": 4043,
"keyword": "set based representation"},
-{"id": 4041,
+{"id": 4044,
"keyword": "protocols secure"},
-{"id": 4042,
-"keyword": "formal power series"},
-{"id": 4043,
-"keyword": "increasingly important"},
-{"id": 4044,
-"keyword": "type inference algorithm"},
{"id": 4045,
-"keyword": "engineering safety"},
+"keyword": "formal power series"},
{"id": 4046,
-"keyword": "fixed finite instance"},
+"keyword": "increasingly important"},
{"id": 4047,
-"keyword": "closed set"},
+"keyword": "type inference algorithm"},
{"id": 4048,
+"keyword": "engineering safety"},
+{"id": 4049,
+"keyword": "fixed finite instance"},
+{"id": 4050,
+"keyword": "closed set"},
+{"id": 4051,
"keyword": "query evaluation"},
-{"id": 4049,
+{"id": 4052,
"keyword": "generalized recurrence relation"},
-{"id": 4050,
-"keyword": "information-flow security aims"},
-{"id": 4051,
-"keyword": "infinite length"},
-{"id": 4052,
-"keyword": "geometric probability"},
{"id": 4053,
-"keyword": "term focus"},
+"keyword": "information-flow security aims"},
{"id": 4054,
-"keyword": "alternative proof"},
+"keyword": "infinite length"},
{"id": 4055,
-"keyword": "commitment schemes"},
+"keyword": "geometric probability"},
{"id": 4056,
+"keyword": "term focus"},
+{"id": 4057,
+"keyword": "alternative proof"},
+{"id": 4058,
+"keyword": "commitment schemes"},
+{"id": 4059,
"keyword": "multiplicative group"},
-{"id": 4057,
+{"id": 4060,
"keyword": "classical definition"},
-{"id": 4058,
+{"id": 4061,
"keyword": "compositionally reasoning"},
-{"id": 4059,
+{"id": 4062,
"keyword": "mathematical formulation"},
-{"id": 4060,
+{"id": 4063,
"keyword": "arbitrary higher-order contexts"},
-{"id": 4061,
+{"id": 4064,
"keyword": "constant time"},
-{"id": 4062,
+{"id": 4065,
"keyword": "dirichlet characters"},
-{"id": 4063,
-"keyword": "fully formal"},
-{"id": 4064,
-"keyword": "assorted fixed-point theorems"},
-{"id": 4065,
-"keyword": "finite relations"},
{"id": 4066,
+"keyword": "fully formal"},
+{"id": 4067,
+"keyword": "assorted fixed-point theorems"},
+{"id": 4068,
+"keyword": "finite relations"},
+{"id": 4069,
"keyword": "selection sort"},
-{"id": 4067,
+{"id": 4070,
"keyword": "semantic side conditions"},
-{"id": 4068,
+{"id": 4071,
"keyword": "formal programming language semantics"},
-{"id": 4069,
+{"id": 4072,
"keyword": "unified modeling language"},
-{"id": 4070,
+{"id": 4073,
"keyword": "complx language"},
-{"id": 4071,
+{"id": 4074,
"keyword": "simpler versions"},
-{"id": 4072,
+{"id": 4075,
"keyword": "experimentally tested"},
-{"id": 4073,
+{"id": 4076,
"keyword": "algebraic laws"},
-{"id": 4074,
-"keyword": "abstract simplicial complexes"},
-{"id": 4075,
-"keyword": "nullable types"},
-{"id": 4076,
-"keyword": "1 n-1 frac b_"},
{"id": 4077,
-"keyword": "general problem"},
+"keyword": "abstract simplicial complexes"},
{"id": 4078,
-"keyword": "fixed-point theorem"},
+"keyword": "nullable types"},
{"id": 4079,
-"keyword": "file read"},
+"keyword": "1 n-1 frac b_"},
{"id": 4080,
+"keyword": "general problem"},
+{"id": 4081,
+"keyword": "fixed-point theorem"},
+{"id": 4082,
+"keyword": "file read"},
+{"id": 4083,
"keyword": "found cryptic"},
-{"id": 4081,
+{"id": 4084,
"keyword": "partial recursive function"},
-{"id": 4082,
-"keyword": "cl73 chin-liang chang"},
-{"id": 4083,
-"keyword": "call- return behavior"},
-{"id": 4084,
-"keyword": "inductive invariant proofs"},
{"id": 4085,
-"keyword": "omega 1 alpha"},
+"keyword": "cl73 chin-liang chang"},
{"id": 4086,
-"keyword": "human-readable fast-to-replay proof scripts"},
+"keyword": "call- return behavior"},
{"id": 4087,
-"keyword": "monadic functions"},
+"keyword": "inductive invariant proofs"},
{"id": 4088,
+"keyword": "omega 1 alpha"},
+{"id": 4089,
+"keyword": "human-readable fast-to-replay proof scripts"},
+{"id": 4090,
+"keyword": "monadic functions"},
+{"id": 4091,
"keyword": "nested multiset datatype"},
-{"id": 4089,
+{"id": 4092,
"keyword": "successor function"},
-{"id": 4090,
+{"id": 4093,
"keyword": "16th international symposium"},
-{"id": 4091,
+{"id": 4094,
"keyword": "behaviorally correct learning"},
-{"id": 4092,
+{"id": 4095,
"keyword": "cpp-2015 peter lammich"},
-{"id": 4093,
+{"id": 4096,
"keyword": "nieto verification"},
-{"id": 4094,
+{"id": 4097,
"keyword": "hare cycle-finding algorithm ascribed"},
-{"id": 4095,
-"keyword": "safe distance rule"},
-{"id": 4096,
-"keyword": "original problem"},
-{"id": 4097,
-"keyword": "analytic combinatorics"},
{"id": 4098,
+"keyword": "safe distance rule"},
+{"id": 4099,
+"keyword": "original problem"},
+{"id": 4100,
+"keyword": "analytic combinatorics"},
+{"id": 4101,
"keyword": "normal strategy"},
-{"id": 4099,
+{"id": 4102,
"keyword": "single component"},
-{"id": 4100,
+{"id": 4103,
"keyword": "order relativity theory"},
-{"id": 4101,
+{"id": 4104,
"keyword": "sturm-tarksi theorem forms"},
-{"id": 4102,
+{"id": 4105,
"keyword": "signed measure"},
-{"id": 4103,
+{"id": 4106,
"keyword": "good lower bound"},
-{"id": 4104,
+{"id": 4107,
"keyword": "type classes connected"},
-{"id": 4105,
+{"id": 4108,
"keyword": "modeling languages"},
-{"id": 4106,
+{"id": 4109,
"keyword": "relative soundness results"},
-{"id": 4107,
+{"id": 4110,
"keyword": "arbitrary security lattices"},
-{"id": 4108,
+{"id": 4111,
"keyword": "construct complicated trees"},
-{"id": 4109,
+{"id": 4112,
"keyword": "large graphs"},
-{"id": 4110,
+{"id": 4113,
"keyword": "partition function"},
-{"id": 4111,
-"keyword": "bounded natural functors"},
-{"id": 4112,
-"keyword": "afp entry ordered_resultion_prover"},
-{"id": 4113,
-"keyword": "automated tactic support"},
{"id": 4114,
+"keyword": "bounded natural functors"},
+{"id": 4115,
+"keyword": "afp entry ordered_resultion_prover"},
+{"id": 4116,
+"keyword": "automated tactic support"},
+{"id": 4117,
"keyword": "infinite message streams represented"},
-{"id": 4115,
+{"id": 4118,
"keyword": "polynomial-time algorithm"},
-{"id": 4116,
+{"id": 4119,
"keyword": "complexity proof certificates"},
-{"id": 4117,
+{"id": 4120,
"keyword": "standard operators"},
-{"id": 4118,
+{"id": 4121,
"keyword": "int_0 1"},
-{"id": 4119,
-"keyword": "present development"},
-{"id": 4120,
-"keyword": "directly relating agents"},
-{"id": 4121,
-"keyword": "path authorization"},
{"id": 4122,
-"keyword": "simply hermite-lindemann"},
+"keyword": "present development"},
{"id": 4123,
-"keyword": "generic framework semantics"},
+"keyword": "directly relating agents"},
{"id": 4124,
-"keyword": "p-adic fields"},
+"keyword": "path authorization"},
{"id": 4125,
-"keyword": "counts roots"},
+"keyword": "simply hermite-lindemann"},
{"id": 4126,
-"keyword": "generic properties"},
+"keyword": "generic framework semantics"},
{"id": 4127,
-"keyword": "integer ring modulo"},
+"keyword": "p-adic fields"},
{"id": 4128,
-"keyword": "domain elements"},
+"keyword": "counts roots"},
{"id": 4129,
+"keyword": "generic properties"},
+{"id": 4130,
+"keyword": "integer ring modulo"},
+{"id": 4131,
+"keyword": "domain elements"},
+{"id": 4132,
"keyword": "codomain nat option"},
-{"id": 4130,
+{"id": 4133,
"keyword": "exponential nnf-based algorithms"},
-{"id": 4131,
+{"id": 4134,
"keyword": "basis executable code"},
-{"id": 4132,
+{"id": 4135,
"keyword": "orders"},
-{"id": 4133,
+{"id": 4136,
"keyword": "functional programming language"},
-{"id": 4134,
+{"id": 4137,
"keyword": "extended regular expressions"},
-{"id": 4135,
+{"id": 4138,
"keyword": "longest lyndon suffix"},
-{"id": 4136,
+{"id": 4139,
"keyword": "main concern"},
-{"id": 4137,
+{"id": 4140,
"keyword": "squares theorem"},
-{"id": 4138,
-"keyword": "generic object model independent"},
-{"id": 4139,
-"keyword": "uniform substitutions substitute"},
-{"id": 4140,
-"keyword": "release ownership"},
{"id": 4141,
-"keyword": "key construction"},
+"keyword": "generic object model independent"},
{"id": 4142,
-"keyword": "aforesaid task"},
+"keyword": "uniform substitutions substitute"},
{"id": 4143,
-"keyword": "complex data structure"},
+"keyword": "release ownership"},
{"id": 4144,
+"keyword": "key construction"},
+{"id": 4145,
+"keyword": "aforesaid task"},
+{"id": 4146,
+"keyword": "complex data structure"},
+{"id": 4147,
"keyword": "paul thomson"},
-{"id": 4145,
+{"id": 4148,
"keyword": "trivially unsatisfiable inequality"},
-{"id": 4146,
-"keyword": "probabilistic variant"},
-{"id": 4147,
-"keyword": "unique normal forms"},
-{"id": 4148,
-"keyword": "supports range queries"},
{"id": 4149,
-"keyword": "permitting multiset comparisons"},
+"keyword": "probabilistic variant"},
{"id": 4150,
-"keyword": "lipschitz maps"},
+"keyword": "unique normal forms"},
{"id": 4151,
-"keyword": "formal language"},
+"keyword": "supports range queries"},
{"id": 4152,
-"keyword": "small abstract subsystems"},
+"keyword": "permitting multiset comparisons"},
{"id": 4153,
-"keyword": "asymptotically matches"},
+"keyword": "lipschitz maps"},
{"id": 4154,
-"keyword": "vincent bloemen"},
+"keyword": "formal language"},
{"id": 4155,
-"keyword": "infinite measure"},
+"keyword": "small abstract subsystems"},
{"id": 4156,
-"keyword": "proof calculus"},
+"keyword": "asymptotically matches"},
{"id": 4157,
-"keyword": "temporal logic"},
+"keyword": "vincent bloemen"},
{"id": 4158,
-"keyword": "link tangle equivalence"},
+"keyword": "infinite measure"},
{"id": 4159,
-"keyword": "instantiation reuses"},
+"keyword": "proof calculus"},
{"id": 4160,
+"keyword": "temporal logic"},
+{"id": 4161,
+"keyword": "link tangle equivalence"},
+{"id": 4162,
+"keyword": "instantiation reuses"},
+{"id": 4163,
"keyword": "representation executable"},
-{"id": 4161,
+{"id": 4164,
"keyword": "hol standard library"},
-{"id": 4162,
-"keyword": "article set-theoretical foundations"},
-{"id": 4163,
-"keyword": "underlying boolean algebra structure"},
-{"id": 4164,
-"keyword": "aircraft cabin data network"},
{"id": 4165,
-"keyword": "liouville numbers"},
+"keyword": "article set-theoretical foundations"},
{"id": 4166,
-"keyword": "basic model"},
+"keyword": "underlying boolean algebra structure"},
{"id": 4167,
-"keyword": "linearly ordered group"},
+"keyword": "aircraft cabin data network"},
{"id": 4168,
-"keyword": "verified translation"},
+"keyword": "liouville numbers"},
{"id": 4169,
+"keyword": "basic model"},
+{"id": 4170,
+"keyword": "linearly ordered group"},
+{"id": 4171,
+"keyword": "verified translation"},
+{"id": 4172,
"keyword": "devise notions"},
-{"id": 4170,
+{"id": 4173,
"keyword": "platonic forms"},
-{"id": 4171,
+{"id": 4174,
"keyword": "np-complete problem"},
-{"id": 4172,
+{"id": 4175,
"keyword": "updown scheme"},
-{"id": 4173,
+{"id": 4176,
"keyword": "yacc style grammars"},
-{"id": 4174,
-"keyword": "rapid prototyping"},
-{"id": 4175,
-"keyword": "combinatorial design theory"},
-{"id": 4176,
-"keyword": "fourteen lemmas"},
{"id": 4177,
+"keyword": "rapid prototyping"},
+{"id": 4178,
+"keyword": "combinatorial design theory"},
+{"id": 4179,
+"keyword": "fourteen lemmas"},
+{"id": 4180,
"keyword": "utility functions form"},
-{"id": 4178,
+{"id": 4181,
"keyword": "theories presented"},
-{"id": 4179,
+{"id": 4182,
"keyword": "quantitative analysis"},
-{"id": 4180,
+{"id": 4183,
"keyword": "atomic operations race"},
-{"id": 4181,
+{"id": 4184,
"keyword": "word iff"},
-{"id": 4182,
-"keyword": "knowledge"},
-{"id": 4183,
-"keyword": "msc thesis"},
-{"id": 4184,
-"keyword": "nondeterministic branching"},
{"id": 4185,
-"keyword": "randomized list update algorithm"},
+"keyword": "knowledge"},
{"id": 4186,
-"keyword": "document describes"},
+"keyword": "msc thesis"},
{"id": 4187,
-"keyword": "significant generalization"},
+"keyword": "nondeterministic branching"},
{"id": 4188,
-"keyword": "short sketch"},
+"keyword": "randomized list update algorithm"},
{"id": 4189,
-"keyword": "state-normalisation allowing"},
+"keyword": "document describes"},
{"id": 4190,
-"keyword": "next-free ltl formula"},
+"keyword": "significant generalization"},
{"id": 4191,
-"keyword": "devising correct speculative algorithms"},
+"keyword": "short sketch"},
{"id": 4192,
+"keyword": "state-normalisation allowing"},
+{"id": 4193,
+"keyword": "next-free ltl formula"},
+{"id": 4194,
+"keyword": "devising correct speculative algorithms"},
+{"id": 4195,
"keyword": "process trace"},
-{"id": 4193,
+{"id": 4196,
"keyword": "interactive theorem proving"},
-{"id": 4194,
-"keyword": "individual accepted"},
-{"id": 4195,
-"keyword": "target terms"},
-{"id": 4196,
-"keyword": "quickly verified"},
{"id": 4197,
-"keyword": "completeness result"},
+"keyword": "individual accepted"},
{"id": 4198,
-"keyword": "implement saturation calculi"},
+"keyword": "target terms"},
{"id": 4199,
-"keyword": "general predication"},
+"keyword": "quickly verified"},
{"id": 4200,
-"keyword": "formal definitions"},
+"keyword": "completeness result"},
{"id": 4201,
+"keyword": "implement saturation calculi"},
+{"id": 4202,
+"keyword": "general predication"},
+{"id": 4203,
+"keyword": "formal definitions"},
+{"id": 4204,
"keyword": "theory"},
-{"id": 4202,
+{"id": 4205,
"keyword": "ternary relation"},
-{"id": 4203,
+{"id": 4206,
"keyword": "posix matching"},
-{"id": 4204,
+{"id": 4207,
"keyword": "normalisation algorithm"},
-{"id": 4205,
+{"id": 4208,
"keyword": "full proof"},
-{"id": 4206,
-"keyword": "short applications"},
-{"id": 4207,
-"keyword": "dependent types"},
-{"id": 4208,
-"keyword": "division modulo"},
{"id": 4209,
+"keyword": "short applications"},
+{"id": 4210,
+"keyword": "dependent types"},
+{"id": 4211,
+"keyword": "division modulo"},
+{"id": 4212,
"keyword": "sample computations"},
-{"id": 4210,
+{"id": 4213,
"keyword": "output type"},
-{"id": 4211,
+{"id": 4214,
"keyword": "sorted monadic equational logic"},
-{"id": 4212,
+{"id": 4215,
"keyword": "refinement calculus literature"},
-{"id": 4213,
+{"id": 4216,
"keyword": "early failure detection"},
-{"id": 4214,
+{"id": 4217,
"keyword": "hereditarily finite set theory"},
-{"id": 4215,
+{"id": 4218,
"keyword": "quantifier elimination theorem"},
-{"id": 4216,
+{"id": 4219,
"keyword": "main operation"},
-{"id": 4217,
+{"id": 4220,
"keyword": "constructive cryptography"},
-{"id": 4218,
+{"id": 4221,
"keyword": "data structures required"},
-{"id": 4219,
+{"id": 4222,
"keyword": "probability monad"},
-{"id": 4220,
+{"id": 4223,
"keyword": "key proofs"},
-{"id": 4221,
+{"id": 4224,
"keyword": "clock synchronization algorithm"},
-{"id": 4222,
-"keyword": "julien narboux"},
-{"id": 4223,
-"keyword": "sliding window algorithm"},
-{"id": 4224,
-"keyword": "predicate transformer semantics"},
{"id": 4225,
+"keyword": "julien narboux"},
+{"id": 4226,
+"keyword": "sliding window algorithm"},
+{"id": 4227,
+"keyword": "predicate transformer semantics"},
+{"id": 4228,
"keyword": "data plane protocols"},
-{"id": 4226,
+{"id": 4229,
"keyword": "bner bases"},
-{"id": 4227,
+{"id": 4230,
"keyword": "existing formalization"},
-{"id": 4228,
+{"id": 4231,
"keyword": "divide-and-conquer algorithm"},
-{"id": 4229,
+{"id": 4232,
"keyword": "prime harmonic series"},
-{"id": 4230,
+{"id": 4233,
"keyword": "classical theorem"},
-{"id": 4231,
+{"id": 4234,
"keyword": "complement automaton"},
-{"id": 4232,
+{"id": 4235,
"keyword": "actual sets"},
-{"id": 4233,
+{"id": 4236,
"keyword": "arbitrary intervals"},
-{"id": 4234,
+{"id": 4237,
"keyword": "immediately offer"},
-{"id": 4235,
+{"id": 4238,
"keyword": "locale-centric approach"},
-{"id": 4236,
+{"id": 4239,
"keyword": "partial semigroups"},
-{"id": 4237,
+{"id": 4240,
"keyword": "specification decomposition principles"},
-{"id": 4238,
-"keyword": "classic proof"},
-{"id": 4239,
-"keyword": "underlying routing protocol"},
-{"id": 4240,
-"keyword": "irreducible representation"},
{"id": 4241,
+"keyword": "classic proof"},
+{"id": 4242,
+"keyword": "underlying routing protocol"},
+{"id": 4243,
+"keyword": "irreducible representation"},
+{"id": 4244,
"keyword": "completeness proof builds"},
-{"id": 4242,
+{"id": 4245,
"keyword": "imperative executable code"},
-{"id": 4243,
+{"id": 4246,
"keyword": "executable implementation"},
-{"id": 4244,
+{"id": 4247,
"keyword": "uml class diagrams"},
-{"id": 4245,
+{"id": 4248,
"keyword": "simple summation conversion"},
-{"id": 4246,
-"keyword": "single setting"},
-{"id": 4247,
-"keyword": "closed-form formulae"},
-{"id": 4248,
-"keyword": "sat solver descriptions"},
{"id": 4249,
-"keyword": "correctness properties"},
+"keyword": "single setting"},
{"id": 4250,
-"keyword": "efficient verified implementation"},
+"keyword": "closed-form formulae"},
{"id": 4251,
-"keyword": "category"},
+"keyword": "sat solver descriptions"},
{"id": 4252,
-"keyword": "generic rules resulting"},
+"keyword": "correctness properties"},
{"id": 4253,
-"keyword": "approach"},
+"keyword": "efficient verified implementation"},
{"id": 4254,
-"keyword": "independent axioms"},
+"keyword": "category"},
{"id": 4255,
-"keyword": "veblen hierarchies"},
+"keyword": "generic rules resulting"},
{"id": 4256,
+"keyword": "approach"},
+{"id": 4257,
+"keyword": "independent axioms"},
+{"id": 4258,
+"keyword": "veblen hierarchies"},
+{"id": 4259,
"keyword": "semi-honest security setting"},
-{"id": 4257,
+{"id": 4260,
"keyword": "triangle counting lemma"},
-{"id": 4258,
-"keyword": "existing proof format"},
-{"id": 4259,
-"keyword": "aforementioned mathematical structures"},
-{"id": 4260,
-"keyword": "executable formalisation"},
{"id": 4261,
-"keyword": "executable variant"},
+"keyword": "existing proof format"},
{"id": 4262,
-"keyword": "impossibility theorem due"},
+"keyword": "aforementioned mathematical structures"},
{"id": 4263,
-"keyword": "finite consistent extensions"},
+"keyword": "executable formalisation"},
{"id": 4264,
-"keyword": "x1n hellip"},
+"keyword": "executable variant"},
{"id": 4265,
+"keyword": "impossibility theorem due"},
+{"id": 4266,
+"keyword": "finite consistent extensions"},
+{"id": 4267,
+"keyword": "x1n hellip"},
+{"id": 4268,
"keyword": "calculus ls_ pasl"},
-{"id": 4266,
+{"id": 4269,
"keyword": "diffie-hellman password-based authentication protocol"},
-{"id": 4267,
+{"id": 4270,
"keyword": "average case"},
-{"id": 4268,
+{"id": 4271,
"keyword": "study filters based"},
-{"id": 4269,
+{"id": 4272,
"keyword": "sorted linked lists"},
-{"id": 4270,
-"keyword": "integer hull"},
-{"id": 4271,
-"keyword": "binary masking"},
-{"id": 4272,
-"keyword": "output consistency"},
{"id": 4273,
+"keyword": "integer hull"},
+{"id": 4274,
+"keyword": "binary masking"},
+{"id": 4275,
+"keyword": "output consistency"},
+{"id": 4276,
"keyword": "important problem"},
-{"id": 4274,
+{"id": 4277,
"keyword": "strictly dominated"},
-{"id": 4275,
+{"id": 4278,
"keyword": "text introduction"},
-{"id": 4276,
+{"id": 4279,
"keyword": "distributed computing"},
-{"id": 4277,
+{"id": 4280,
"keyword": "combinatory logic"},
-{"id": 4278,
+{"id": 4281,
"keyword": "input generators"},
-{"id": 4279,
+{"id": 4282,
"keyword": "related splay heaps"},
-{"id": 4280,
+{"id": 4283,
"keyword": "treat binding sequences"},
-{"id": 4281,
+{"id": 4284,
"keyword": "bnf case"},
-{"id": 4282,
+{"id": 4285,
"keyword": "path-aware internet architectures"},
-{"id": 4283,
+{"id": 4286,
"keyword": "von neumann hierarchy"},
-{"id": 4284,
+{"id": 4287,
"keyword": "multi-head monitoring algorithm"},
-{"id": 4285,
+{"id": 4288,
"keyword": "object oriented design"},
-{"id": 4286,
-"keyword": "significant contribution"},
-{"id": 4287,
-"keyword": "total learning"},
-{"id": 4288,
-"keyword": "compositional analysis methods"},
{"id": 4289,
+"keyword": "significant contribution"},
+{"id": 4290,
+"keyword": "total learning"},
+{"id": 4291,
+"keyword": "compositional analysis methods"},
+{"id": 4292,
"keyword": "communicating sequential processes requires"},
-{"id": 4290,
+{"id": 4293,
"keyword": "abstract transition system context"},
-{"id": 4291,
+{"id": 4294,
"keyword": "consensus algorithms"},
-{"id": 4292,
+{"id": 4295,
"keyword": "weighted path order"},
-{"id": 4293,
+{"id": 4296,
"keyword": "birkhoff theorem"},
-{"id": 4294,
+{"id": 4297,
"keyword": "strong versions"},
-{"id": 4295,
+{"id": 4298,
"keyword": "theories listinf"},
-{"id": 4296,
+{"id": 4299,
"keyword": "higher-order probabilistic programs"},
-{"id": 4297,
-"keyword": "share common algorithmic ideas"},
-{"id": 4298,
-"keyword": "protecting authorized paths"},
-{"id": 4299,
-"keyword": "chip authentication mapping"},
{"id": 4300,
-"keyword": "support arbitrary nesting"},
+"keyword": "share common algorithmic ideas"},
{"id": 4301,
-"keyword": "elementary row operations"},
+"keyword": "protecting authorized paths"},
{"id": 4302,
-"keyword": "normal form --"},
+"keyword": "chip authentication mapping"},
{"id": 4303,
+"keyword": "support arbitrary nesting"},
+{"id": 4304,
+"keyword": "elementary row operations"},
+{"id": 4305,
+"keyword": "normal form --"},
+{"id": 4306,
"keyword": "minimization algorithm"},
-{"id": 4304,
+{"id": 4307,
"keyword": "upper bound"},
-{"id": 4305,
-"keyword": "10th problem"},
-{"id": 4306,
-"keyword": "dual problem"},
-{"id": 4307,
-"keyword": "arbitrary sets"},
{"id": 4308,
-"keyword": "log-gamma function"},
+"keyword": "10th problem"},
{"id": 4309,
-"keyword": "random order"},
+"keyword": "dual problem"},
{"id": 4310,
-"keyword": "unique solutions"},
+"keyword": "arbitrary sets"},
{"id": 4311,
+"keyword": "log-gamma function"},
+{"id": 4312,
+"keyword": "random order"},
+{"id": 4313,
+"keyword": "unique solutions"},
+{"id": 4314,
"keyword": "reifies property patterns"},
-{"id": 4312,
+{"id": 4315,
"keyword": "directly derive executable"},
-{"id": 4313,
+{"id": 4316,
"keyword": "ultimately culminating"},
-{"id": 4314,
+{"id": 4317,
"keyword": "direct arguments"},
-{"id": 4315,
+{"id": 4318,
"keyword": "external tools"},
-{"id": 4316,
+{"id": 4319,
"keyword": "object-free style"},
-{"id": 4317,
+{"id": 4320,
"keyword": "finite set"},
-{"id": 4318,
-"keyword": "studying system-level properties"},
-{"id": 4319,
-"keyword": "insurance contracts"},
-{"id": 4320,
-"keyword": "abstract datatypes"},
{"id": 4321,
+"keyword": "studying system-level properties"},
+{"id": 4322,
+"keyword": "insurance contracts"},
+{"id": 4323,
+"keyword": "abstract datatypes"},
+{"id": 4324,
"keyword": "hales jewett theorem presented"},
-{"id": 4322,
+{"id": 4325,
"keyword": "disregard unrealizable behavior"},
-{"id": 4323,
+{"id": 4326,
"keyword": "bounded model checking"},
-{"id": 4324,
+{"id": 4327,
"keyword": "floor randomly"},
-{"id": 4325,
+{"id": 4328,
"keyword": "maximum cardinality matching"},
-{"id": 4326,
+{"id": 4329,
"keyword": "expressive extension"},
-{"id": 4327,
+{"id": 4330,
"keyword": "stream fusion transformation"},
-{"id": 4328,
+{"id": 4331,
"keyword": "univariate monic polynomial"},
-{"id": 4329,
-"keyword": "concrete manifolds"},
-{"id": 4330,
-"keyword": "consistency problem"},
-{"id": 4331,
-"keyword": "executable simplifier"},
{"id": 4332,
-"keyword": "fractional permissions"},
+"keyword": "concrete manifolds"},
{"id": 4333,
-"keyword": "folklore results related"},
+"keyword": "consistency problem"},
{"id": 4334,
-"keyword": "basic category theory set"},
+"keyword": "executable simplifier"},
{"id": 4335,
+"keyword": "fractional permissions"},
+{"id": 4336,
+"keyword": "folklore results related"},
+{"id": 4337,
+"keyword": "basic category theory set"},
+{"id": 4338,
"keyword": "mathematically precise theory"},
-{"id": 4336,
+{"id": 4339,
"keyword": "finite field"},
-{"id": 4337,
-"keyword": "additive combinatorics"},
-{"id": 4338,
-"keyword": "type-class based structures"},
-{"id": 4339,
-"keyword": "unify computation models"},
{"id": 4340,
-"keyword": "distinguishing feature"},
+"keyword": "additive combinatorics"},
{"id": 4341,
-"keyword": "potentials due"},
+"keyword": "type-class based structures"},
{"id": 4342,
-"keyword": "randomized algorithms"},
+"keyword": "unify computation models"},
{"id": 4343,
-"keyword": "strict standard compliance formalization"},
+"keyword": "distinguishing feature"},
{"id": 4344,
-"keyword": "formal methods"},
+"keyword": "potentials due"},
{"id": 4345,
-"keyword": "syntactic bisimulation"},
+"keyword": "randomized algorithms"},
{"id": 4346,
-"keyword": "extended previous"},
+"keyword": "strict standard compliance formalization"},
{"id": 4347,
-"keyword": "self-referential implementation"},
+"keyword": "formal methods"},
{"id": 4348,
-"keyword": "afp entry discrete summation"},
+"keyword": "syntactic bisimulation"},
{"id": 4349,
-"keyword": "channel protocols communicating"},
+"keyword": "extended previous"},
{"id": 4350,
-"keyword": "griffin observed"},
+"keyword": "self-referential implementation"},
{"id": 4351,
+"keyword": "afp entry discrete summation"},
+{"id": 4352,
+"keyword": "channel protocols communicating"},
+{"id": 4353,
+"keyword": "griffin observed"},
+{"id": 4354,
"keyword": "afp entries"},
-{"id": 4352,
+{"id": 4355,
"keyword": "typed model"},
-{"id": 4353,
-"keyword": "elementary properties"},
-{"id": 4354,
-"keyword": "simple hybrid programs"},
-{"id": 4355,
-"keyword": "foundational shared-variable concurrency method"},
{"id": 4356,
-"keyword": "safety properties"},
+"keyword": "elementary properties"},
{"id": 4357,
-"keyword": "uniform substitutions"},
+"keyword": "simple hybrid programs"},
{"id": 4358,
-"keyword": "finite carrier set"},
+"keyword": "foundational shared-variable concurrency method"},
{"id": 4359,
-"keyword": "guided tour"},
+"keyword": "safety properties"},
{"id": 4360,
-"keyword": "axiomatic system"},
+"keyword": "uniform substitutions"},
{"id": 4361,
-"keyword": "real exponents"},
+"keyword": "finite carrier set"},
{"id": 4362,
-"keyword": "3-term arithmetic progressions"},
+"keyword": "guided tour"},
{"id": 4363,
-"keyword": "hermite--lindemann--weierstra transcendence theorem"},
+"keyword": "axiomatic system"},
{"id": 4364,
-"keyword": "liberal paradox"},
+"keyword": "real exponents"},
{"id": 4365,
-"keyword": "word inside"},
+"keyword": "3-term arithmetic progressions"},
{"id": 4366,
-"keyword": "price function"},
+"keyword": "hermite--lindemann--weierstra transcendence theorem"},
{"id": 4367,
+"keyword": "liberal paradox"},
+{"id": 4368,
+"keyword": "word inside"},
+{"id": 4369,
+"keyword": "price function"},
+{"id": 4370,
"keyword": "linear combination"},
-{"id": 4368,
+{"id": 4371,
"keyword": "fair coin flips"},
-{"id": 4369,
-"keyword": "correctness property"},
-{"id": 4370,
-"keyword": "stochastic dominance"},
-{"id": 4371,
-"keyword": "easily transfer theorems"},
{"id": 4372,
-"keyword": "expected length"},
+"keyword": "correctness property"},
{"id": 4373,
-"keyword": "actual executions"},
+"keyword": "stochastic dominance"},
{"id": 4374,
-"keyword": "berlekamp-zassenhaus algorithm"},
+"keyword": "easily transfer theorems"},
{"id": 4375,
+"keyword": "expected length"},
+{"id": 4376,
+"keyword": "actual executions"},
+{"id": 4377,
+"keyword": "berlekamp-zassenhaus algorithm"},
+{"id": 4378,
"keyword": "set theoretic formulation"},
-{"id": 4376,
+{"id": 4379,
"keyword": "mixed-integer solutions"},
-{"id": 4377,
+{"id": 4380,
"keyword": "high-level style"},
-{"id": 4378,
+{"id": 4381,
"keyword": "proof principles"},
-{"id": 4379,
+{"id": 4382,
"keyword": "quantum mechanics"},
-{"id": 4380,
+{"id": 4383,
"keyword": "increasing rational sequence r_n"},
-{"id": 4381,
+{"id": 4384,
"keyword": "elimination contexts"},
-{"id": 4382,
-"keyword": "dynamic languages"},
-{"id": 4383,
-"keyword": "logics denote regular languages"},
-{"id": 4384,
-"keyword": "verify first-order relativity theory"},
{"id": 4385,
+"keyword": "dynamic languages"},
+{"id": 4386,
+"keyword": "logics denote regular languages"},
+{"id": 4387,
+"keyword": "verify first-order relativity theory"},
+{"id": 4388,
"keyword": "automatically deriving instances"},
-{"id": 4386,
+{"id": 4389,
"keyword": "golden ratio"},
-{"id": 4387,
+{"id": 4390,
"keyword": "knuth-morris-pratt algorithm"},
-{"id": 4388,
+{"id": 4391,
"keyword": "ideas borrowed"},
-{"id": 4389,
+{"id": 4392,
"keyword": "variable convention"},
-{"id": 4390,
+{"id": 4393,
"keyword": "loop freedom"},
-{"id": 4391,
+{"id": 4394,
"keyword": "behaviours"},
-{"id": 4392,
+{"id": 4395,
"keyword": "square-free factorization algorithm"},
-{"id": 4393,
-"keyword": "verified functional splay trees"},
-{"id": 4394,
-"keyword": "key resource assertions"},
-{"id": 4395,
-"keyword": "higher-order permutative rewrite rule"},
{"id": 4396,
-"keyword": "fwf"},
+"keyword": "verified functional splay trees"},
{"id": 4397,
-"keyword": "cartesian monoidal category"},
+"keyword": "key resource assertions"},
{"id": 4398,
-"keyword": "property"},
+"keyword": "higher-order permutative rewrite rule"},
{"id": 4399,
+"keyword": "fwf"},
+{"id": 4400,
+"keyword": "cartesian monoidal category"},
+{"id": 4401,
+"keyword": "property"},
+{"id": 4402,
"keyword": "generic kind"},
-{"id": 4400,
+{"id": 4403,
"keyword": "influential works"},
-{"id": 4401,
-"keyword": "foreach combinators"},
-{"id": 4402,
-"keyword": "product type"},
-{"id": 4403,
-"keyword": "polynomial analogue"},
{"id": 4404,
-"keyword": "helper lemmas"},
+"keyword": "foreach combinators"},
{"id": 4405,
-"keyword": "rewriting tactics"},
+"keyword": "product type"},
{"id": 4406,
-"keyword": "proving open properties"},
+"keyword": "polynomial analogue"},
{"id": 4407,
-"keyword": "interval trees"},
+"keyword": "helper lemmas"},
{"id": 4408,
-"keyword": "chosen plaintext"},
+"keyword": "rewriting tactics"},
{"id": 4409,
-"keyword": "prohibited requests directly"},
+"keyword": "proving open properties"},
{"id": 4410,
-"keyword": "analysing replication algorithms"},
+"keyword": "interval trees"},
{"id": 4411,
-"keyword": "so-called sturm sequences"},
+"keyword": "chosen plaintext"},
{"id": 4412,
-"keyword": "metric dynamic logic"},
+"keyword": "prohibited requests directly"},
{"id": 4413,
-"keyword": "factor square-free integer polynomials"},
+"keyword": "analysing replication algorithms"},
{"id": 4414,
-"keyword": "quasi-fixed point"},
+"keyword": "so-called sturm sequences"},
{"id": 4415,
+"keyword": "metric dynamic logic"},
+{"id": 4416,
+"keyword": "factor square-free integer polynomials"},
+{"id": 4417,
+"keyword": "quasi-fixed point"},
+{"id": 4418,
"keyword": "incidence matrix representation"},
-{"id": 4416,
+{"id": 4419,
"keyword": "fundamental solution"},
-{"id": 4417,
-"keyword": "symbolic execution step"},
-{"id": 4418,
-"keyword": "formal linear algebraic techniques"},
-{"id": 4419,
-"keyword": "edmonds-karp algorithm"},
{"id": 4420,
-"keyword": "imp language"},
+"keyword": "symbolic execution step"},
{"id": 4421,
-"keyword": "code output level"},
+"keyword": "formal linear algebraic techniques"},
{"id": 4422,
-"keyword": "call arity analysis"},
+"keyword": "edmonds-karp algorithm"},
{"id": 4423,
-"keyword": "axiomatic constructor classes"},
+"keyword": "imp language"},
{"id": 4424,
+"keyword": "code output level"},
+{"id": 4425,
+"keyword": "call arity analysis"},
+{"id": 4426,
+"keyword": "axiomatic constructor classes"},
+{"id": 4427,
"keyword": "fully"},
-{"id": 4425,
+{"id": 4428,
"keyword": "sch16 anders schlichtkrull"},
-{"id": 4426,
+{"id": 4429,
"keyword": "main theorem"},
-{"id": 4427,
+{"id": 4430,
"keyword": "weak bi-quantales"},
-{"id": 4428,
+{"id": 4431,
"keyword": "hand waving"},
-{"id": 4429,
-"keyword": "basic features"},
-{"id": 4430,
-"keyword": "method exploits"},
-{"id": 4431,
-"keyword": "henkin witnesses"},
{"id": 4432,
+"keyword": "basic features"},
+{"id": 4433,
+"keyword": "method exploits"},
+{"id": 4434,
+"keyword": "henkin witnesses"},
+{"id": 4435,
"keyword": "arithmetic type class hierarchy"},
-{"id": 4433,
+{"id": 4436,
"keyword": "analytic number theory rdquo"},
-{"id": 4434,
+{"id": 4437,
"keyword": "fntt running time"},
-{"id": 4435,
+{"id": 4438,
"keyword": "formal refutational completeness proofs"},
-{"id": 4436,
+{"id": 4439,
"keyword": "graph theory"},
-{"id": 4437,
-"keyword": "tight upper bound"},
-{"id": 4438,
-"keyword": "geodesic metric space"},
-{"id": 4439,
-"keyword": "proper generic extension"},
{"id": 4440,
-"keyword": "general balanced trees"},
+"keyword": "tight upper bound"},
{"id": 4441,
-"keyword": "a_1 ldots a_n"},
+"keyword": "geodesic metric space"},
{"id": 4442,
-"keyword": "notes"},
+"keyword": "proper generic extension"},
{"id": 4443,
-"keyword": "kleisli category"},
+"keyword": "general balanced trees"},
{"id": 4444,
-"keyword": "compare process calculi"},
+"keyword": "a_1 ldots a_n"},
{"id": 4445,
-"keyword": "high level attacks"},
+"keyword": "notes"},
{"id": 4446,
-"keyword": "type safety"},
+"keyword": "kleisli category"},
{"id": 4447,
+"keyword": "compare process calculi"},
+{"id": 4448,
+"keyword": "high level attacks"},
+{"id": 4449,
+"keyword": "type safety"},
+{"id": 4450,
"keyword": "proof structure"},
-{"id": 4448,
+{"id": 4451,
"keyword": "infinite element"},
-{"id": 4449,
-"keyword": "second-order properties"},
-{"id": 4450,
-"keyword": "increased demand"},
-{"id": 4451,
-"keyword": "representing algorithms"},
{"id": 4452,
-"keyword": "unboxing optimization"},
+"keyword": "second-order properties"},
{"id": 4453,
-"keyword": "list operations"},
+"keyword": "increased demand"},
{"id": 4454,
-"keyword": "boolean expressions"},
+"keyword": "representing algorithms"},
{"id": 4455,
-"keyword": "program refinement techniques"},
+"keyword": "unboxing optimization"},
{"id": 4456,
+"keyword": "list operations"},
+{"id": 4457,
+"keyword": "boolean expressions"},
+{"id": 4458,
+"keyword": "program refinement techniques"},
+{"id": 4459,
"keyword": "computer science"},
-{"id": 4457,
+{"id": 4460,
"keyword": "finite domain consisting"},
-{"id": 4458,
+{"id": 4461,
"keyword": "minkowski spacetime"},
-{"id": 4459,
+{"id": 4462,
"keyword": "combinatorial map"},
-{"id": 4460,
+{"id": 4463,
"keyword": "concurrency reasoning framework"},
-{"id": 4461,
-"keyword": "transposition theorem"},
-{"id": 4462,
-"keyword": "solved explicitly"},
-{"id": 4463,
-"keyword": "large numbers states"},
{"id": 4464,
+"keyword": "transposition theorem"},
+{"id": 4465,
+"keyword": "solved explicitly"},
+{"id": 4466,
+"keyword": "large numbers states"},
+{"id": 4467,
"keyword": "balanced incomplete block designs"},
-{"id": 4465,
+{"id": 4468,
"keyword": "structures play"},
-{"id": 4466,
+{"id": 4469,
"keyword": "iteratively solve finite mdps"},
-{"id": 4467,
+{"id": 4470,
"keyword": "commutative replicated data types"},
-{"id": 4468,
+{"id": 4471,
"keyword": "master theorem"},
-{"id": 4469,
+{"id": 4472,
"keyword": "multiplicative monoid"},
-{"id": 4470,
+{"id": 4473,
"keyword": "bit ibn qurra"},
-{"id": 4471,
+{"id": 4474,
"keyword": "maximum cardinality"},
-{"id": 4472,
+{"id": 4475,
"keyword": "syntax-independent logic infrastructure"},
-{"id": 4473,
+{"id": 4476,
"keyword": "success sensitiveness"},
-{"id": 4474,
+{"id": 4477,
"keyword": "functional modeling language hol"},
-{"id": 4475,
+{"id": 4478,
"keyword": "group action"},
-{"id": 4476,
+{"id": 4479,
"keyword": "international mathematical olympiad 2019"},
-{"id": 4477,
-"keyword": "undesired information leak"},
-{"id": 4478,
-"keyword": "temporal intervals"},
-{"id": 4479,
-"keyword": "hol function definition"},
{"id": 4480,
+"keyword": "undesired information leak"},
+{"id": 4481,
+"keyword": "temporal intervals"},
+{"id": 4482,
+"keyword": "hol function definition"},
+{"id": 4483,
"keyword": "proofs remain manageable"},
-{"id": 4481,
+{"id": 4484,
"keyword": "software framework incorporates"},
-{"id": 4482,
+{"id": 4485,
"keyword": "universal partial recursive function"},
-{"id": 4483,
+{"id": 4486,
"keyword": "builds"},
-{"id": 4484,
+{"id": 4487,
"keyword": "hol-based afp entry"},
-{"id": 4485,
+{"id": 4488,
"keyword": "technique"},
-{"id": 4486,
+{"id": 4489,
"keyword": "ideal showcase"},
-{"id": 4487,
+{"id": 4490,
"keyword": "automatically derive restrictions"},
-{"id": 4488,
+{"id": 4491,
"keyword": "functional logic"},
-{"id": 4489,
+{"id": 4492,
"keyword": "verifying functional"},
-{"id": 4490,
+{"id": 4493,
"keyword": "insertion sort algorithm"},
-{"id": 4491,
+{"id": 4494,
"keyword": "solve mdps"},
-{"id": 4492,
+{"id": 4495,
"keyword": "partition relations concerns generalisations"},
-{"id": 4493,
-"keyword": "fixpoint operations lfp"},
-{"id": 4494,
-"keyword": "approach demonstrates"},
-{"id": 4495,
-"keyword": "internally vertex-disjoint paths"},
{"id": 4496,
+"keyword": "fixpoint operations lfp"},
+{"id": 4497,
+"keyword": "approach demonstrates"},
+{"id": 4498,
+"keyword": "internally vertex-disjoint paths"},
+{"id": 4499,
"keyword": "parameterized proofs"},
-{"id": 4497,
+{"id": 4500,
"keyword": "software tool authors"},
-{"id": 4498,
+{"id": 4501,
"keyword": "verification condition generation"},
-{"id": 4499,
+{"id": 4502,
"keyword": "generic type classes"},
-{"id": 4500,
+{"id": 4503,
"keyword": "programs written"},
-{"id": 4501,
-"keyword": "abstract characterization"},
-{"id": 4502,
-"keyword": "shapeless library"},
-{"id": 4503,
-"keyword": "recursive programs based"},
{"id": 4504,
-"keyword": "ltl formula"},
+"keyword": "abstract characterization"},
{"id": 4505,
-"keyword": "geometric theorems"},
+"keyword": "shapeless library"},
{"id": 4506,
-"keyword": "mathematics stack exchange page"},
+"keyword": "recursive programs based"},
{"id": 4507,
-"keyword": "manual proofs"},
+"keyword": "ltl formula"},
{"id": 4508,
-"keyword": "automated reasoning sch18"},
+"keyword": "geometric theorems"},
{"id": 4509,
-"keyword": "theories list"},
+"keyword": "mathematics stack exchange page"},
{"id": 4510,
-"keyword": "theory dpt_sat_solver"},
+"keyword": "manual proofs"},
{"id": 4511,
+"keyword": "automated reasoning sch18"},
+{"id": 4512,
+"keyword": "theories list"},
+{"id": 4513,
+"keyword": "theory dpt_sat_solver"},
+{"id": 4514,
"keyword": "chromatic number exist"},
-{"id": 4512,
+{"id": 4515,
"keyword": "interesting proofs"},
-{"id": 4513,
-"keyword": "abstract level"},
-{"id": 4514,
-"keyword": "accessibility decisions affecting"},
-{"id": 4515,
-"keyword": "model entire prover architectures"},
{"id": 4516,
-"keyword": "structure abstractly"},
+"keyword": "abstract level"},
{"id": 4517,
-"keyword": "ordinary differential equations"},
+"keyword": "accessibility decisions affecting"},
{"id": 4518,
-"keyword": "basic facts"},
+"keyword": "model entire prover architectures"},
{"id": 4519,
-"keyword": "traceback properties"},
+"keyword": "structure abstractly"},
{"id": 4520,
+"keyword": "ordinary differential equations"},
+{"id": 4521,
+"keyword": "basic facts"},
+{"id": 4522,
+"keyword": "traceback properties"},
+{"id": 4523,
"keyword": "bohua zhan"},
-{"id": 4521,
+{"id": 4524,
"keyword": "path integrals"},
-{"id": 4522,
+{"id": 4525,
"keyword": "arbitrarily large girth"},
-{"id": 4523,
+{"id": 4526,
"keyword": "main thrust"},
-{"id": 4524,
+{"id": 4527,
"keyword": "arithmetize register machines"},
-{"id": 4525,
-"keyword": "data refinement relations"},
-{"id": 4526,
-"keyword": "map lists"},
-{"id": 4527,
-"keyword": "extent required"},
{"id": 4528,
+"keyword": "data refinement relations"},
+{"id": 4529,
+"keyword": "map lists"},
+{"id": 4530,
+"keyword": "extent required"},
+{"id": 4531,
"keyword": "logical systems"},
-{"id": 4529,
+{"id": 4532,
"keyword": "common automata library"},
-{"id": 4530,
+{"id": 4533,
"keyword": "road traffic"},
-{"id": 4531,
+{"id": 4534,
"keyword": "awn models comprise"},
-{"id": 4532,
+{"id": 4535,
"keyword": "instantiation boils"},
-{"id": 4533,
+{"id": 4536,
"keyword": "interesting formalization exercise"},
-{"id": 4534,
+{"id": 4537,
"keyword": "central security property"},
-{"id": 4535,
+{"id": 4538,
"keyword": "natural language processing"},
-{"id": 4536,
+{"id": 4539,
"keyword": "automatically refines algorithms"},
-{"id": 4537,
+{"id": 4540,
"keyword": "multivariate polynomial rings"},
-{"id": 4538,
+{"id": 4541,
"keyword": "specific series fulfilling"},
-{"id": 4539,
+{"id": 4542,
"keyword": "consistent set"},
-{"id": 4540,
+{"id": 4543,
"keyword": "ad-hoc approaches"},
-{"id": 4541,
-"keyword": "residuated lattices"},
-{"id": 4542,
-"keyword": "additional non-deterministic choice command"},
-{"id": 4543,
-"keyword": "structurally recursive approach"},
{"id": 4544,
+"keyword": "residuated lattices"},
+{"id": 4545,
+"keyword": "additional non-deterministic choice command"},
+{"id": 4546,
+"keyword": "structurally recursive approach"},
+{"id": 4547,
"keyword": "constant time findmin"},
-{"id": 4545,
+{"id": 4548,
"keyword": "generic operations"},
-{"id": 4546,
+{"id": 4549,
"keyword": "security definition"},
-{"id": 4547,
+{"id": 4550,
"keyword": "adapt ctl"},
-{"id": 4548,
+{"id": 4551,
"keyword": "de-bruijn terms"},
-{"id": 4549,
+{"id": 4552,
"keyword": "main contribution"},
-{"id": 4550,
+{"id": 4553,
"keyword": "convenient commands"},
-{"id": 4551,
+{"id": 4554,
"keyword": "landmark work collective choice"},
-{"id": 4552,
-"keyword": "combinable iff"},
-{"id": 4553,
-"keyword": "minimal polynomial"},
-{"id": 4554,
-"keyword": "side effects"},
{"id": 4555,
-"keyword": "intricate distributed protocol"},
+"keyword": "combinable iff"},
{"id": 4556,
-"keyword": "domain-theoretical aspects"},
+"keyword": "minimal polynomial"},
{"id": 4557,
-"keyword": "express nuances"},
+"keyword": "side effects"},
{"id": 4558,
+"keyword": "intricate distributed protocol"},
+{"id": 4559,
+"keyword": "domain-theoretical aspects"},
+{"id": 4560,
+"keyword": "express nuances"},
+{"id": 4561,
"keyword": "natural bijections"},
-{"id": 4559,
+{"id": 4562,
"keyword": "elementary symmetric polynomials"},
-{"id": 4560,
-"keyword": "applications refer"},
-{"id": 4561,
-"keyword": "practical application"},
-{"id": 4562,
-"keyword": "unwanted subtleties"},
{"id": 4563,
-"keyword": "cryptographic validation fields"},
+"keyword": "applications refer"},
{"id": 4564,
-"keyword": "galois connections"},
+"keyword": "practical application"},
{"id": 4565,
-"keyword": "targeted security property"},
+"keyword": "unwanted subtleties"},
{"id": 4566,
+"keyword": "cryptographic validation fields"},
+{"id": 4567,
+"keyword": "galois connections"},
+{"id": 4568,
+"keyword": "targeted security property"},
+{"id": 4569,
"keyword": "perform stream fusion"},
-{"id": 4567,
+{"id": 4570,
"keyword": "lower bound"},
-{"id": 4568,
+{"id": 4571,
"keyword": "vertical composite"},
-{"id": 4569,
+{"id": 4572,
"keyword": "gale-shapley stable matching"},
-{"id": 4570,
+{"id": 4573,
"keyword": "inductive sets"},
-{"id": 4571,
+{"id": 4574,
"keyword": "ghost operations"},
-{"id": 4572,
+{"id": 4575,
"keyword": "debited loans cancel"},
-{"id": 4573,
-"keyword": "quantum circuits"},
-{"id": 4574,
-"keyword": "regular expression matches"},
-{"id": 4575,
-"keyword": "direct consequence"},
{"id": 4576,
+"keyword": "quantum circuits"},
+{"id": 4577,
+"keyword": "regular expression matches"},
+{"id": 4578,
+"keyword": "direct consequence"},
+{"id": 4579,
"keyword": "conventional single-clocking semantics"},
-{"id": 4577,
+{"id": 4580,
"keyword": "successful model checkers"},
-{"id": 4578,
+{"id": 4581,
"keyword": "intuitionistic logic"},
-{"id": 4579,
+{"id": 4582,
"keyword": "multidimensional binary trees"},
-{"id": 4580,
+{"id": 4583,
"keyword": "computing saturated sets"},
-{"id": 4581,
+{"id": 4584,
"keyword": "commuting observables"},
-{"id": 4582,
+{"id": 4585,
"keyword": "cover quantitative"},
-{"id": 4583,
+{"id": 4586,
"keyword": "relational tt-lifting"},
-{"id": 4584,
-"keyword": "protect paths"},
-{"id": 4585,
-"keyword": "uniform framework"},
-{"id": 4586,
-"keyword": "kleene star operation"},
{"id": 4587,
-"keyword": "simple hops"},
+"keyword": "protect paths"},
{"id": 4588,
-"keyword": "randomised treaps"},
+"keyword": "uniform framework"},
{"id": 4589,
-"keyword": "verifying stateful security protocols"},
+"keyword": "kleene star operation"},
{"id": 4590,
+"keyword": "simple hops"},
+{"id": 4591,
+"keyword": "randomised treaps"},
+{"id": 4592,
+"keyword": "verifying stateful security protocols"},
+{"id": 4593,
"keyword": "monoidal category"},
-{"id": 4591,
+{"id": 4594,
"keyword": "accompanying paper 2"},
-{"id": 4592,
-"keyword": "proof approach"},
-{"id": 4593,
-"keyword": "bisection square root"},
-{"id": 4594,
-"keyword": "code generator performs"},
{"id": 4595,
-"keyword": "concrete prototypes"},
+"keyword": "proof approach"},
{"id": 4596,
-"keyword": "mild condition attractivity"},
+"keyword": "bisection square root"},
{"id": 4597,
-"keyword": "persisted size"},
+"keyword": "code generator performs"},
{"id": 4598,
+"keyword": "concrete prototypes"},
+{"id": 4599,
+"keyword": "mild condition attractivity"},
+{"id": 4600,
+"keyword": "persisted size"},
+{"id": 4601,
"keyword": "rational exponents"},
-{"id": 4599,
+{"id": 4602,
"keyword": "definition remarkably simple"},
-{"id": 4600,
+{"id": 4603,
"keyword": "executable characterisation"},
-{"id": 4601,
+{"id": 4604,
"keyword": "clausal form"},
-{"id": 4602,
+{"id": 4605,
"keyword": "order embedding"},
-{"id": 4603,
+{"id": 4606,
"keyword": "diatonic sequence"},
-{"id": 4604,
+{"id": 4607,
"keyword": "contraction factors"},
-{"id": 4605,
-"keyword": "well-typed attacks"},
-{"id": 4606,
-"keyword": "jones polynomial"},
-{"id": 4607,
-"keyword": "proof techniques"},
{"id": 4608,
+"keyword": "well-typed attacks"},
+{"id": 4609,
+"keyword": "jones polynomial"},
+{"id": 4610,
+"keyword": "proof techniques"},
+{"id": 4611,
"keyword": "number theory"},
-{"id": 4609,
+{"id": 4612,
"keyword": "noninterference security applying"},
-{"id": 4610,
+{"id": 4613,
"keyword": "unordered pairs"},
-{"id": 4611,
+{"id": 4614,
"keyword": "simple type system"},
-{"id": 4612,
+{"id": 4615,
"keyword": "inf-preserving transformers"},
-{"id": 4613,
+{"id": 4616,
"keyword": "projection functions"},
-{"id": 4614,
+{"id": 4617,
"keyword": "free monoid"},
-{"id": 4615,
+{"id": 4618,
"keyword": "certify size-change termination proofs"},
-{"id": 4616,
+{"id": 4619,
"keyword": "amortized time complexity"},
-{"id": 4617,
+{"id": 4620,
"keyword": "fundamental closest pair"},
-{"id": 4618,
+{"id": 4621,
"keyword": "computing gr bner bases"},
-{"id": 4619,
+{"id": 4622,
"keyword": "finality predicate"},
-{"id": 4620,
+{"id": 4623,
"keyword": "intuitively secure programs"},
-{"id": 4621,
-"keyword": "continued fraction expansions"},
-{"id": 4622,
-"keyword": "suitable denotational model"},
-{"id": 4623,
-"keyword": "entire development"},
{"id": 4624,
+"keyword": "continued fraction expansions"},
+{"id": 4625,
+"keyword": "suitable denotational model"},
+{"id": 4626,
+"keyword": "entire development"},
+{"id": 4627,
"keyword": "complicated proofs"},
-{"id": 4625,
+{"id": 4628,
"keyword": "integer-indexed maps"},
-{"id": 4626,
+{"id": 4629,
"keyword": "large collection"},
-{"id": 4627,
+{"id": 4630,
"keyword": "unique program"},
-{"id": 4628,
+{"id": 4631,
"keyword": "time"},
-{"id": 4629,
-"keyword": "basic ugraph definition"},
-{"id": 4630,
-"keyword": "certificate language"},
-{"id": 4631,
-"keyword": "fixed probability"},
{"id": 4632,
-"keyword": "lattice-based post-quantum cryptography"},
+"keyword": "basic ugraph definition"},
{"id": 4633,
-"keyword": "array operations seamlessly integrate"},
+"keyword": "certificate language"},
{"id": 4634,
-"keyword": "angelic nondeterministic choices"},
+"keyword": "fixed probability"},
{"id": 4635,
-"keyword": "specification language tla"},
+"keyword": "lattice-based post-quantum cryptography"},
{"id": 4636,
-"keyword": "undesirable side-effect"},
+"keyword": "array operations seamlessly integrate"},
{"id": 4637,
-"keyword": "integers hurwitz"},
+"keyword": "angelic nondeterministic choices"},
{"id": 4638,
-"keyword": "unprecedented time"},
+"keyword": "specification language tla"},
{"id": 4639,
+"keyword": "undesirable side-effect"},
+{"id": 4640,
+"keyword": "integers hurwitz"},
+{"id": 4641,
+"keyword": "unprecedented time"},
+{"id": 4642,
"keyword": "ribbon proofs emphasise"},
-{"id": 4640,
+{"id": 4643,
"keyword": "clause procedures gc"},
-{"id": 4641,
+{"id": 4644,
"keyword": "parser monad built"},
-{"id": 4642,
+{"id": 4645,
"keyword": "entry establishes syntax"},
-{"id": 4643,
+{"id": 4646,
"keyword": "declarative database query language"},
-{"id": 4644,
+{"id": 4647,
"keyword": "decreasing diagrams"},
-{"id": 4645,
+{"id": 4648,
"keyword": "linearly ordered borel-spaces"},
-{"id": 4646,
+{"id": 4649,
"keyword": "imperative data structures"},
-{"id": 4647,
+{"id": 4650,
"keyword": "apply data refinement"},
-{"id": 4648,
-"keyword": "limits exist"},
-{"id": 4649,
-"keyword": "graham jameson"},
-{"id": 4650,
-"keyword": "uniformly coxeter"},
{"id": 4651,
-"keyword": "simple object calculus"},
+"keyword": "limits exist"},
{"id": 4652,
-"keyword": "represent physical quantities"},
+"keyword": "graham jameson"},
{"id": 4653,
-"keyword": "constraint-system-based program analysis"},
+"keyword": "uniformly coxeter"},
{"id": 4654,
+"keyword": "simple object calculus"},
+{"id": 4655,
+"keyword": "represent physical quantities"},
+{"id": 4656,
+"keyword": "constraint-system-based program analysis"},
+{"id": 4657,
"keyword": "economic behavior"},
-{"id": 4655,
+{"id": 4658,
"keyword": "locally finite"},
-{"id": 4656,
-"keyword": "handling variable binding"},
-{"id": 4657,
-"keyword": "general possibility theorem"},
-{"id": 4658,
-"keyword": "collection framework"},
{"id": 4659,
-"keyword": "feasible paths"},
+"keyword": "handling variable binding"},
{"id": 4660,
-"keyword": "store buffering"},
+"keyword": "general possibility theorem"},
{"id": 4661,
-"keyword": "gamma"},
+"keyword": "collection framework"},
{"id": 4662,
-"keyword": "understood problem"},
+"keyword": "feasible paths"},
{"id": 4663,
-"keyword": "dynamic refutational completeness"},
+"keyword": "store buffering"},
{"id": 4664,
-"keyword": "pascal schreck"},
+"keyword": "gamma"},
{"id": 4665,
-"keyword": "efficient checking"},
+"keyword": "understood problem"},
{"id": 4666,
-"keyword": "program fulfilling"},
+"keyword": "dynamic refutational completeness"},
{"id": 4667,
-"keyword": "unified manner"},
+"keyword": "pascal schreck"},
{"id": 4668,
-"keyword": "assuming soundness"},
+"keyword": "efficient checking"},
{"id": 4669,
-"keyword": "uniform boundedness principle"},
+"keyword": "program fulfilling"},
{"id": 4670,
+"keyword": "unified manner"},
+{"id": 4671,
+"keyword": "assuming soundness"},
+{"id": 4672,
+"keyword": "uniform boundedness principle"},
+{"id": 4673,
"keyword": "residuated functions"},
-{"id": 4671,
+{"id": 4674,
"keyword": "linux-style router"},
-{"id": 4672,
-"keyword": "euro-mils project http"},
-{"id": 4673,
-"keyword": "deque implementation"},
-{"id": 4674,
-"keyword": "paper enriches hoare"},
{"id": 4675,
-"keyword": "general halting problem"},
+"keyword": "euro-mils project http"},
{"id": 4676,
-"keyword": "international conference"},
+"keyword": "deque implementation"},
{"id": 4677,
-"keyword": "greater computational cost"},
+"keyword": "paper enriches hoare"},
{"id": 4678,
-"keyword": "minimal dfas"},
+"keyword": "general halting problem"},
{"id": 4679,
+"keyword": "international conference"},
+{"id": 4680,
+"keyword": "greater computational cost"},
+{"id": 4681,
+"keyword": "minimal dfas"},
+{"id": 4682,
"keyword": "noninterference security"},
-{"id": 4680,
+{"id": 4683,
"keyword": "19th century number theory"},
-{"id": 4681,
+{"id": 4684,
"keyword": "strong properties"},
-{"id": 4682,
+{"id": 4685,
"keyword": "one-dimensional case"},
-{"id": 4683,
+{"id": 4686,
"keyword": "generated document"},
-{"id": 4684,
-"keyword": "measurable subset"},
-{"id": 4685,
-"keyword": "behavior trace assertions"},
-{"id": 4686,
-"keyword": "odd ranking"},
{"id": 4687,
+"keyword": "measurable subset"},
+{"id": 4688,
+"keyword": "behavior trace assertions"},
+{"id": 4689,
+"keyword": "odd ranking"},
+{"id": 4690,
"keyword": "quartic equation"},
-{"id": 4688,
+{"id": 4691,
"keyword": "kind"},
-{"id": 4689,
+{"id": 4692,
"keyword": "sch18 anders schlichtkrull"},
-{"id": 4690,
+{"id": 4693,
"keyword": "classical statements"},
-{"id": 4691,
+{"id": 4694,
"keyword": "filtering behavior"},
-{"id": 4692,
-"keyword": "general triangle"},
-{"id": 4693,
-"keyword": "postponing soundness-critical admissibility checks"},
-{"id": 4694,
-"keyword": "dynamic programming"},
{"id": 4695,
-"keyword": "modelling security"},
+"keyword": "general triangle"},
{"id": 4696,
-"keyword": "presburger arithmetic"},
+"keyword": "postponing soundness-critical admissibility checks"},
{"id": 4697,
-"keyword": "erd odblac"},
+"keyword": "dynamic programming"},
{"id": 4698,
-"keyword": "fast number theoretic transform"},
+"keyword": "modelling security"},
{"id": 4699,
-"keyword": "positive integer"},
+"keyword": "presburger arithmetic"},
{"id": 4700,
-"keyword": "promising increased tolerance"},
+"keyword": "erd odblac"},
{"id": 4701,
-"keyword": "probabilistic functions"},
+"keyword": "fast number theoretic transform"},
{"id": 4702,
+"keyword": "positive integer"},
+{"id": 4703,
+"keyword": "promising increased tolerance"},
+{"id": 4704,
+"keyword": "probabilistic functions"},
+{"id": 4705,
"keyword": "featherweight ocl"},
-{"id": 4703,
+{"id": 4706,
"keyword": "concrete input"},
-{"id": 4704,
-"keyword": "general setting"},
-{"id": 4705,
-"keyword": "putnam exam problems"},
-{"id": 4706,
-"keyword": "mechanized soundness proof"},
{"id": 4707,
-"keyword": "advanced replacement"},
+"keyword": "general setting"},
{"id": 4708,
-"keyword": "syntax tree"},
+"keyword": "putnam exam problems"},
{"id": 4709,
-"keyword": "rts algorithms select"},
+"keyword": "mechanized soundness proof"},
{"id": 4710,
-"keyword": "efsm level"},
+"keyword": "advanced replacement"},
{"id": 4711,
+"keyword": "syntax tree"},
+{"id": 4712,
+"keyword": "rts algorithms select"},
+{"id": 4713,
+"keyword": "efsm level"},
+{"id": 4714,
"keyword": "relation constraints"},
-{"id": 4712,
+{"id": 4715,
"keyword": "contiguous segments"},
-{"id": 4713,
+{"id": 4716,
"keyword": "integers"},
-{"id": 4714,
+{"id": 4717,
"keyword": "presented formalization"},
-{"id": 4715,
+{"id": 4718,
"keyword": "topological proof"},
-{"id": 4716,
-"keyword": "value-dependent noninterference property"},
-{"id": 4717,
-"keyword": "consensus problem"},
-{"id": 4718,
-"keyword": "drf guarantee"},
{"id": 4719,
+"keyword": "value-dependent noninterference property"},
+{"id": 4720,
+"keyword": "consensus problem"},
+{"id": 4721,
+"keyword": "drf guarantee"},
+{"id": 4722,
"keyword": "threshold probability"},
-{"id": 4720,
+{"id": 4723,
"keyword": "standard finite_map theory"},
-{"id": 4721,
+{"id": 4724,
"keyword": "logic programming"},
-{"id": 4722,
+{"id": 4725,
"keyword": "large tree automata"},
-{"id": 4723,
+{"id": 4726,
"keyword": "program construction"},
-{"id": 4724,
+{"id": 4727,
"keyword": "unlike traditional decision procedures"},
-{"id": 4725,
+{"id": 4728,
"keyword": "case"},
-{"id": 4726,
+{"id": 4729,
"keyword": "linear logics"},
-{"id": 4727,
+{"id": 4730,
"keyword": "free monoidal category"},
-{"id": 4728,
+{"id": 4731,
"keyword": "contribution reuses"},
-{"id": 4729,
+{"id": 4732,
+"keyword": "join trees"},
+{"id": 4733,
"keyword": "smaller set"},
-{"id": 4730,
+{"id": 4734,
"keyword": "odd bernoulli numbers"},
-{"id": 4731,
-"keyword": "axiomatic characterization"},
-{"id": 4732,
-"keyword": "original article"},
-{"id": 4733,
-"keyword": "useless zero-reductions"},
-{"id": 4734,
-"keyword": "integer variables"},
{"id": 4735,
+"keyword": "axiomatic characterization"},
+{"id": 4736,
+"keyword": "original article"},
+{"id": 4737,
+"keyword": "useless zero-reductions"},
+{"id": 4738,
+"keyword": "integer variables"},
+{"id": 4739,
"keyword": "important introductory theorems"},
-{"id": 4736,
+{"id": 4740,
"keyword": "proof due"},
-{"id": 4737,
+{"id": 4741,
"keyword": "common ground"},
-{"id": 4738,
+{"id": 4742,
"keyword": "terminated successfully"},
-{"id": 4739,
+{"id": 4743,
"keyword": "monadic interpreter"},
-{"id": 4740,
+{"id": 4744,
"keyword": "support negative joins"},
-{"id": 4741,
+{"id": 4745,
"keyword": "nontrivial size"},
-{"id": 4742,
+{"id": 4746,
"keyword": "ternary kripke frames"},
-{"id": 4743,
+{"id": 4747,
"keyword": "monolithic structure"},
-{"id": 4744,
+{"id": 4748,
"keyword": "immutable arrays"},
-{"id": 4745,
+{"id": 4749,
"keyword": "epsilon free top-"},
-{"id": 4746,
+{"id": 4750,
"keyword": "algebraic approach"},
-{"id": 4747,
-"keyword": "completeness proofs naturally suggest"},
-{"id": 4748,
-"keyword": "ifip networking 2016"},
-{"id": 4749,
-"keyword": "integer lattice 8484"},
-{"id": 4750,
-"keyword": "weak duality theorem"},
{"id": 4751,
+"keyword": "completeness proofs naturally suggest"},
+{"id": 4752,
+"keyword": "ifip networking 2016"},
+{"id": 4753,
+"keyword": "integer lattice 8484"},
+{"id": 4754,
+"keyword": "weak duality theorem"},
+{"id": 4755,
"keyword": "jinja source"},
-{"id": 4752,
+{"id": 4756,
"keyword": "finite stuttering"},
-{"id": 4753,
+{"id": 4757,
"keyword": "standard proof methods"},
-{"id": 4754,
+{"id": 4758,
"keyword": "executable emulator"},
-{"id": 4755,
-"keyword": "leading power-product"},
-{"id": 4756,
-"keyword": "global context"},
-{"id": 4757,
-"keyword": "data transmission"},
-{"id": 4758,
-"keyword": "coercion ord_of_nat"},
{"id": 4759,
-"keyword": "present proof development represents"},
+"keyword": "leading power-product"},
{"id": 4760,
-"keyword": "important specializations"},
+"keyword": "global context"},
{"id": 4761,
-"keyword": "comprehension principle"},
+"keyword": "data transmission"},
{"id": 4762,
-"keyword": "log log"},
+"keyword": "coercion ord_of_nat"},
{"id": 4763,
-"keyword": "machine language"},
+"keyword": "present proof development represents"},
{"id": 4764,
-"keyword": "tensor product"},
+"keyword": "important specializations"},
{"id": 4765,
-"keyword": "minkowski space-time"},
+"keyword": "comprehension principle"},
{"id": 4766,
+"keyword": "log log"},
+{"id": 4767,
+"keyword": "machine language"},
+{"id": 4768,
+"keyword": "tensor product"},
+{"id": 4769,
+"keyword": "minkowski space-time"},
+{"id": 4770,
"keyword": "ordered semirings"},
-{"id": 4767,
+{"id": 4771,
"keyword": "finite support"},
-{"id": 4768,
+{"id": 4772,
"keyword": "certifying primes"},
-{"id": 4769,
+{"id": 4773,
"keyword": "computational modeling"},
-{"id": 4770,
+{"id": 4774,
"keyword": "regular arithmetic geometric"},
-{"id": 4771,
-"keyword": "marked regular expressions"},
-{"id": 4772,
-"keyword": "9th international joint conference"},
-{"id": 4773,
-"keyword": "term rewriting"},
-{"id": 4774,
-"keyword": "maximum norm"},
{"id": 4775,
+"keyword": "marked regular expressions"},
+{"id": 4776,
+"keyword": "9th international joint conference"},
+{"id": 4777,
+"keyword": "term rewriting"},
+{"id": 4778,
+"keyword": "maximum norm"},
+{"id": 4779,
"keyword": "combined result"},
-{"id": 4776,
+{"id": 4780,
"keyword": "unnamed initial segment"},
-{"id": 4777,
+{"id": 4781,
"keyword": "simulation-based security paradigms"},
-{"id": 4778,
+{"id": 4782,
"keyword": "fixpoint theorem"},
-{"id": 4779,
-"keyword": "modified version"},
-{"id": 4780,
-"keyword": "object-oriented data"},
-{"id": 4781,
-"keyword": "modular hierarchy"},
-{"id": 4782,
-"keyword": "finite-dimensional vector spaces"},
{"id": 4783,
+"keyword": "modified version"},
+{"id": 4784,
+"keyword": "object-oriented data"},
+{"id": 4785,
+"keyword": "modular hierarchy"},
+{"id": 4786,
+"keyword": "finite-dimensional vector spaces"},
+{"id": 4787,
"keyword": "type"},
-{"id": 4784,
+{"id": 4788,
"keyword": "source code"},
-{"id": 4785,
+{"id": 4789,
"keyword": "trusted reference implementation"},
-{"id": 4786,
+{"id": 4790,
"keyword": "establish existence"},
-{"id": 4787,
+{"id": 4791,
"keyword": "compute short vectors"},
-{"id": 4788,
+{"id": 4792,
"keyword": "recursive functions"},
-{"id": 4789,
+{"id": 4793,
"keyword": "write access"},
-{"id": 4790,
+{"id": 4794,
"keyword": "applying sturm"},
-{"id": 4791,
+{"id": 4795,
"keyword": "regularity lemma"},
-{"id": 4792,
+{"id": 4796,
"keyword": "worst case"},
-{"id": 4793,
+{"id": 4797,
"keyword": "random bst"},
-{"id": 4794,
+{"id": 4798,
"keyword": "general attacker"},
-{"id": 4795,
-"keyword": "base vectors"},
-{"id": 4796,
-"keyword": "cofinitary group"},
-{"id": 4797,
-"keyword": "system implies"},
-{"id": 4798,
-"keyword": "johann bernoulli"},
{"id": 4799,
+"keyword": "base vectors"},
+{"id": 4800,
+"keyword": "cofinitary group"},
+{"id": 4801,
+"keyword": "system implies"},
+{"id": 4802,
+"keyword": "johann bernoulli"},
+{"id": 4803,
"keyword": "ramanujan sums gauss sums"},
-{"id": 4800,
+{"id": 4804,
"keyword": "axiomatic type classes"},
-{"id": 4801,
+{"id": 4805,
"keyword": "stability"},
-{"id": 4802,
+{"id": 4806,
"keyword": "word problem"},
-{"id": 4803,
+{"id": 4807,
"keyword": "notes introduction"},
-{"id": 4804,
+{"id": 4808,
"keyword": "numerous applications"},
-{"id": 4805,
+{"id": 4809,
"keyword": "stothers theorem"},
-{"id": 4806,
+{"id": 4810,
"keyword": "probabilistic data structure"},
-{"id": 4807,
+{"id": 4811,
"keyword": "kan extensions"},
-{"id": 4808,
+{"id": 4812,
"keyword": "cut admissibility"},
-{"id": 4809,
+{"id": 4813,
"keyword": "additional password"},
-{"id": 4810,
+{"id": 4814,
"keyword": "nat-bijection theory"},
-{"id": 4811,
+{"id": 4815,
"keyword": "expected utility theory"},
-{"id": 4812,
+{"id": 4816,
"keyword": "language emptiness problem"},
-{"id": 4813,
+{"id": 4817,
"keyword": "generic worklist algorithm"},
-{"id": 4814,
+{"id": 4818,
"keyword": "timed automata carries"},
-{"id": 4815,
+{"id": 4819,
"keyword": "linear-time temporal logic"},
-{"id": 4816,
+{"id": 4820,
"keyword": "safe navigation operations"},
-{"id": 4817,
+{"id": 4821,
"keyword": "generative probabilistic"},
-{"id": 4818,
+{"id": 4822,
"keyword": "derive notions"},
-{"id": 4819,
+{"id": 4823,
"keyword": "formalising single binder calculi"},
-{"id": 4820,
+{"id": 4824,
"keyword": "high-level algorithm"},
-{"id": 4821,
+{"id": 4825,
"keyword": "one-pass uniform substitutions"},
-{"id": 4822,
+{"id": 4826,
"keyword": "hidden markov models"},
-{"id": 4823,
+{"id": 4827,
"keyword": "main theorem states"},
-{"id": 4824,
+{"id": 4828,
"keyword": "adaptive state counting"},
-{"id": 4825,
+{"id": 4829,
"keyword": "current element"},
-{"id": 4826,
+{"id": 4830,
"keyword": "relation algebra"},
-{"id": 4827,
-"keyword": "observation set"},
-{"id": 4828,
-"keyword": "minimisation"},
-{"id": 4829,
-"keyword": "direct semantics"},
-{"id": 4830,
-"keyword": "dynamic logics"},
{"id": 4831,
+"keyword": "observation set"},
+{"id": 4832,
+"keyword": "minimisation"},
+{"id": 4833,
+"keyword": "direct semantics"},
+{"id": 4834,
+"keyword": "dynamic logics"},
+{"id": 4835,
"keyword": "remain anonymous"},
-{"id": 4832,
+{"id": 4836,
"keyword": "generalized topological semantics"},
-{"id": 4833,
+{"id": 4837,
"keyword": "compiler composition"},
-{"id": 4834,
+{"id": 4838,
"keyword": "called concurrent transition systems"},
-{"id": 4835,
+{"id": 4839,
"keyword": "tensor analysis"},
-{"id": 4836,
+{"id": 4840,
"keyword": "concrete laplace transforms"},
-{"id": 4837,
+{"id": 4841,
"keyword": "complex construction"},
-{"id": 4838,
+{"id": 4842,
"keyword": "publisher subscriber"},
-{"id": 4839,
+{"id": 4843,
"keyword": "list interleavings"},
-{"id": 4840,
+{"id": 4844,
"keyword": "flows model"},
-{"id": 4841,
+{"id": 4845,
"keyword": "axioms set proposed"},
-{"id": 4842,
+{"id": 4846,
"keyword": "similar construction"},
-{"id": 4843,
+{"id": 4847,
"keyword": "features dynamic thread creation"},
-{"id": 4844,
+{"id": 4848,
"keyword": "random-permutation random-function switching lemma"},
-{"id": 4845,
+{"id": 4849,
"keyword": "defensive strategies"},
-{"id": 4846,
+{"id": 4850,
"keyword": "real world"},
-{"id": 4847,
+{"id": 4851,
"keyword": "function eval checking"},
-{"id": 4848,
+{"id": 4852,
"keyword": "disjoint sums"},
-{"id": 4849,
-"keyword": "imperative implementation"},
-{"id": 4850,
-"keyword": "large formalization efforts"},
-{"id": 4851,
-"keyword": "term rewrite systems"},
-{"id": 4852,
-"keyword": "programming languages support working"},
{"id": 4853,
-"keyword": "executable ml code"},
+"keyword": "join ordering algorithm ikkbz"},
{"id": 4854,
-"keyword": "locally nameless representation"},
+"keyword": "imperative implementation"},
{"id": 4855,
-"keyword": "fault-tolerant midpoint algorithm"},
+"keyword": "large formalization efforts"},
{"id": 4856,
-"keyword": "metatheoretical properties"},
+"keyword": "term rewrite systems"},
{"id": 4857,
-"keyword": "strictly larger"},
+"keyword": "programming languages support working"},
{"id": 4858,
-"keyword": "direct application"},
+"keyword": "executable ml code"},
{"id": 4859,
-"keyword": "runtime bounds"},
+"keyword": "locally nameless representation"},
{"id": 4860,
-"keyword": "physical clocks"},
+"keyword": "fault-tolerant midpoint algorithm"},
{"id": 4861,
+"keyword": "metatheoretical properties"},
+{"id": 4862,
+"keyword": "strictly larger"},
+{"id": 4863,
+"keyword": "direct application"},
+{"id": 4864,
+"keyword": "runtime bounds"},
+{"id": 4865,
+"keyword": "physical clocks"},
+{"id": 4866,
"keyword": "schultz refers"},
-{"id": 4862,
+{"id": 4867,
"keyword": "first-order logic metatheory"},
-{"id": 4863,
+{"id": 4868,
"keyword": "executable equivalence checker"},
-{"id": 4864,
+{"id": 4869,
"keyword": "stellar quorum systems"},
-{"id": 4865,
-"keyword": "sequence preserves fairness"},
-{"id": 4866,
-"keyword": "single binders"},
-{"id": 4867,
-"keyword": "microsoft research"},
-{"id": 4868,
-"keyword": "square integrable functions"},
-{"id": 4869,
-"keyword": "formal differentiation"},
{"id": 4870,
-"keyword": "logarithmic amortized complexity"},
+"keyword": "sequence preserves fairness"},
{"id": 4871,
-"keyword": "tfrac 1 2 log"},
+"keyword": "single binders"},
{"id": 4872,
-"keyword": "shared bdd"},
+"keyword": "microsoft research"},
{"id": 4873,
-"keyword": "euclidean space indexed"},
+"keyword": "square integrable functions"},
{"id": 4874,
-"keyword": "multi-node extension"},
+"keyword": "formal differentiation"},
{"id": 4875,
-"keyword": "existing formal developments"},
+"keyword": "logarithmic amortized complexity"},
{"id": 4876,
-"keyword": "stores key information"},
+"keyword": "tfrac 1 2 log"},
{"id": 4877,
+"keyword": "shared bdd"},
+{"id": 4878,
+"keyword": "euclidean space indexed"},
+{"id": 4879,
+"keyword": "multi-node extension"},
+{"id": 4880,
+"keyword": "existing formal developments"},
+{"id": 4881,
+"keyword": "stores key information"},
+{"id": 4882,
"keyword": "generic tactics"},
-{"id": 4878,
+{"id": 4883,
"keyword": "taking advantage"},
-{"id": 4879,
+{"id": 4884,
"keyword": "article knight"},
-{"id": 4880,
+{"id": 4885,
"keyword": "practically worse time complexity"},
-{"id": 4881,
+{"id": 4886,
"keyword": "kronecker tensor product"},
-{"id": 4882,
+{"id": 4887,
"keyword": "output infinite sequences"},
-{"id": 4883,
+{"id": 4888,
"keyword": "universal turing machine entry"},
-{"id": 4884,
+{"id": 4889,
"keyword": "traditional approach"},
-{"id": 4885,
+{"id": 4890,
"keyword": "monoidal categories"},
-{"id": 4886,
+{"id": 4891,
"keyword": "knaster tarski theorem"},
-{"id": 4887,
+{"id": 4892,
"keyword": "tool implementors"},
-{"id": 4888,
+{"id": 4893,
"keyword": "hol formalization"},
-{"id": 4889,
+{"id": 4894,
"keyword": "achieve high expressiveness"},
-{"id": 4890,
-"keyword": "generic consistency ---"},
-{"id": 4891,
-"keyword": "ipv4 addresses"},
-{"id": 4892,
-"keyword": "operators combine"},
-{"id": 4893,
-"keyword": "refinement relations"},
-{"id": 4894,
-"keyword": "isafor ceta-system"},
{"id": 4895,
-"keyword": "dot-decimal notation"},
+"keyword": "generic consistency ---"},
{"id": 4896,
-"keyword": "allocation function allocates goods"},
+"keyword": "ipv4 addresses"},
{"id": 4897,
-"keyword": "failure assumptions"},
+"keyword": "operators combine"},
{"id": 4898,
-"keyword": "reduction path"},
+"keyword": "refinement relations"},
{"id": 4899,
-"keyword": "spectral radius"},
+"keyword": "isafor ceta-system"},
{"id": 4900,
-"keyword": "imperative refinement framework"},
+"keyword": "dot-decimal notation"},
{"id": 4901,
-"keyword": "sparse grid"},
+"keyword": "allocation function allocates goods"},
{"id": 4902,
-"keyword": "generic construction"},
+"keyword": "failure assumptions"},
{"id": 4903,
-"keyword": "opposite case"},
+"keyword": "reduction path"},
{"id": 4904,
-"keyword": "sound syntactic criteria"},
+"keyword": "spectral radius"},
{"id": 4905,
-"keyword": "noninterference proofs"},
+"keyword": "imperative refinement framework"},
{"id": 4906,
-"keyword": "easily obtained"},
+"keyword": "sparse grid"},
{"id": 4907,
-"keyword": "efficient imperative version"},
+"keyword": "generic construction"},
{"id": 4908,
-"keyword": "mechanically supported logic analysis"},
+"keyword": "opposite case"},
{"id": 4909,
-"keyword": "time bounds"},
+"keyword": "sound syntactic criteria"},
{"id": 4910,
+"keyword": "noninterference proofs"},
+{"id": 4911,
+"keyword": "easily obtained"},
+{"id": 4912,
+"keyword": "efficient imperative version"},
+{"id": 4913,
+"keyword": "mechanically supported logic analysis"},
+{"id": 4914,
+"keyword": "time bounds"},
+{"id": 4915,
"keyword": "terms"},
-{"id": 4911,
+{"id": 4916,
"keyword": "proof rules"},
-{"id": 4912,
+{"id": 4917,
"keyword": "successively extending"},
-{"id": 4913,
+{"id": 4918,
"keyword": "concrete algorithms implementations"},
-{"id": 4914,
+{"id": 4919,
"keyword": "closure property"},
-{"id": 4915,
+{"id": 4920,
"keyword": "pattern poses"},
-{"id": 4916,
+{"id": 4921,
"keyword": "sufficiently large inputs"},
-{"id": 4917,
+{"id": 4922,
"keyword": "reflexive transitive closure"},
-{"id": 4918,
+{"id": 4923,
"keyword": "mathematical sets"},
-{"id": 4919,
+{"id": 4924,
"keyword": "real world distributed systems"},
-{"id": 4920,
+{"id": 4925,
"keyword": "wolfram engine"},
-{"id": 4921,
-"keyword": "compositionality proofs"},
-{"id": 4922,
-"keyword": "employs herbrand"},
-{"id": 4923,
-"keyword": "extra-history change history"},
-{"id": 4924,
-"keyword": "real component"},
-{"id": 4925,
-"keyword": "replicated datatypes"},
{"id": 4926,
+"keyword": "compositionality proofs"},
+{"id": 4927,
+"keyword": "employs herbrand"},
+{"id": 4928,
+"keyword": "extra-history change history"},
+{"id": 4929,
+"keyword": "real component"},
+{"id": 4930,
+"keyword": "replicated datatypes"},
+{"id": 4931,
"keyword": "solving markov decision processes"},
-{"id": 4927,
+{"id": 4932,
"keyword": "pure exchange economy"},
-{"id": 4928,
+{"id": 4933,
"keyword": "integer coefficients"},
-{"id": 4929,
+{"id": 4934,
"keyword": "initial states"},
-{"id": 4930,
+{"id": 4935,
"keyword": "good closure properties"},
-{"id": 4931,
+{"id": 4936,
"keyword": "faithful formalization"},
-{"id": 4932,
+{"id": 4937,
"keyword": "free basis"},
-{"id": 4933,
+{"id": 4938,
"keyword": "rational actors"},
-{"id": 4934,
+{"id": 4939,
"keyword": "functional automata"},
-{"id": 4935,
+{"id": 4940,
"keyword": "kleene star"},
-{"id": 4936,
+{"id": 4941,
"keyword": "effect polymorphism"},
-{"id": 4937,
+{"id": 4942,
"keyword": "kleene algebras remain"},
-{"id": 4938,
+{"id": 4943,
"keyword": "cancellative separation algebra"},
-{"id": 4939,
+{"id": 4944,
"keyword": "running time bounds"},
-{"id": 4940,
+{"id": 4945,
"keyword": "resulting hierarchy"},
-{"id": 4941,
+{"id": 4946,
"keyword": "word count program"},
-{"id": 4942,
+{"id": 4947,
"keyword": "memory implementations"},
-{"id": 4943,
+{"id": 4948,
"keyword": "binding signature"},
-{"id": 4944,
+{"id": 4949,
"keyword": "rational polynomials"},
-{"id": 4945,
+{"id": 4950,
"keyword": "polymorphic lambda-calculus extended"},
-{"id": 4946,
+{"id": 4951,
"keyword": "recursion combinator"},
-{"id": 4947,
+{"id": 4952,
"keyword": "partial commutativity relationships"},
-{"id": 4948,
+{"id": 4953,
"keyword": "iptables match condition"},
-{"id": 4949,
+{"id": 4954,
"keyword": "l-shaped tiles"},
-{"id": 4950,
+{"id": 4955,
"keyword": "metric temporal logic"},
-{"id": 4951,
+{"id": 4956,
"keyword": "verifying depth-"},
-{"id": 4952,
+{"id": 4957,
"keyword": "alpha_1 ldots beta_n"},
-{"id": 4953,
-"keyword": "basic notions"},
-{"id": 4954,
-"keyword": "intransitive purge function"},
-{"id": 4955,
-"keyword": "concurrent constraint pi-calculus"},
-{"id": 4956,
-"keyword": "automatize canonical tasks"},
-{"id": 4957,
-"keyword": "unified translation approach"},
{"id": 4958,
+"keyword": "basic notions"},
+{"id": 4959,
+"keyword": "intransitive purge function"},
+{"id": 4960,
+"keyword": "concurrent constraint pi-calculus"},
+{"id": 4961,
+"keyword": "automatize canonical tasks"},
+{"id": 4962,
+"keyword": "unified translation approach"},
+{"id": 4963,
"keyword": "present sufficient conditions"},
-{"id": 4959,
+{"id": 4964,
"keyword": "inequality states"},
-{"id": 4960,
+{"id": 4965,
"keyword": "existing formal power series"},
-{"id": 4961,
+{"id": 4966,
"keyword": "transcendence"},
-{"id": 4962,
+{"id": 4967,
"keyword": "integers based"},
-{"id": 4963,
+{"id": 4968,
"keyword": "completely verified"},
-{"id": 4964,
+{"id": 4969,
"keyword": "worth noting"},
-{"id": 4965,
+{"id": 4970,
"keyword": "square matrices form"},
-{"id": 4966,
+{"id": 4971,
"keyword": "number-theoretic lemmas"},
-{"id": 4967,
+{"id": 4972,
"keyword": "analytic completeness proof covers"},
-{"id": 4968,
+{"id": 4973,
"keyword": "common theme"},
-{"id": 4969,
+{"id": 4974,
"keyword": "usual redundancy criteria based"},
-{"id": 4970,
+{"id": 4975,
"keyword": "fundamental building block"},
-{"id": 4971,
+{"id": 4976,
"keyword": "convergence function applied"},
-{"id": 4972,
+{"id": 4977,
"keyword": "transforming xml trees"},
-{"id": 4973,
+{"id": 4978,
"keyword": "speculative linearizability framework"},
-{"id": 4974,
+{"id": 4979,
"keyword": "holomorphic automorphisms"},
-{"id": 4975,
+{"id": 4980,
"keyword": "interactive theorem prover"},
-{"id": 4976,
-"keyword": "arbitrary rc query"},
-{"id": 4977,
-"keyword": "applied mathematics"},
-{"id": 4978,
-"keyword": "policy iteration algorithms"},
-{"id": 4979,
-"keyword": "ijcar 2006 paper"},
-{"id": 4980,
-"keyword": "search tree"},
{"id": 4981,
-"keyword": "spatio-temporal multi-modal logic"},
+"keyword": "arbitrary rc query"},
{"id": 4982,
-"keyword": "imperative language imp"},
+"keyword": "applied mathematics"},
{"id": 4983,
-"keyword": "degenerate deterministic case"},
+"keyword": "policy iteration algorithms"},
{"id": 4984,
-"keyword": "imperative hol programs"},
+"keyword": "ijcar 2006 paper"},
{"id": 4985,
-"keyword": "web standards"},
+"keyword": "search tree"},
{"id": 4986,
-"keyword": "higher-order probabilistic programming languages"},
+"keyword": "spatio-temporal multi-modal logic"},
{"id": 4987,
-"keyword": "syntactic approximations"},
+"keyword": "imperative language imp"},
{"id": 4988,
+"keyword": "degenerate deterministic case"},
+{"id": 4989,
+"keyword": "imperative hol programs"},
+{"id": 4990,
+"keyword": "web standards"},
+{"id": 4991,
+"keyword": "higher-order probabilistic programming languages"},
+{"id": 4992,
+"keyword": "syntactic approximations"},
+{"id": 4993,
"keyword": "standard restrictions"},
-{"id": 4989,
+{"id": 4994,
"keyword": "executable automata"},
-{"id": 4990,
+{"id": 4995,
"keyword": "existing cc results"},
-{"id": 4991,
+{"id": 4996,
"keyword": "original functionality"},
-{"id": 4992,
-"keyword": "non-atomic keys"},
-{"id": 4993,
-"keyword": "asymptotically equivalent"},
-{"id": 4994,
-"keyword": "describe formalization"},
-{"id": 4995,
-"keyword": "intermediate relations"},
-{"id": 4996,
-"keyword": "symbolic states"},
{"id": 4997,
-"keyword": "monetary supply grows"},
+"keyword": "non-atomic keys"},
{"id": 4998,
-"keyword": "lazy list"},
+"keyword": "asymptotically equivalent"},
{"id": 4999,
-"keyword": "healthcare iot system"},
+"keyword": "describe formalization"},
{"id": 5000,
-"keyword": "standardization theorem"},
+"keyword": "intermediate relations"},
{"id": 5001,
-"keyword": "j3202"},
+"keyword": "symbolic states"},
{"id": 5002,
-"keyword": "john harrison"},
+"keyword": "monetary supply grows"},
{"id": 5003,
-"keyword": "complex roots"},
+"keyword": "lazy list"},
{"id": 5004,
+"keyword": "healthcare iot system"},
+{"id": 5005,
+"keyword": "standardization theorem"},
+{"id": 5006,
+"keyword": "j3202"},
+{"id": 5007,
+"keyword": "john harrison"},
+{"id": 5008,
+"keyword": "complex roots"},
+{"id": 5009,
"keyword": "george boolos gave"},
-{"id": 5005,
+{"id": 5010,
"keyword": "adaptive test cases"},
-{"id": 5006,
+{"id": 5011,
"keyword": "markov chains"},
-{"id": 5007,
+{"id": 5012,
"keyword": "efficient executable algorithm"},
-{"id": 5008,
+{"id": 5013,
"keyword": "myhill-nerode theorem"},
-{"id": 5009,
+{"id": 5014,
"keyword": "single strip"},
-{"id": 5010,
+{"id": 5015,
"keyword": "risk-free lending protocol"},
-{"id": 5011,
+{"id": 5016,
"keyword": "simple specification"},
-{"id": 5012,
+{"id": 5017,
"keyword": "approximation error"},
-{"id": 5013,
+{"id": 5018,
"keyword": "isomorphism theorem"},
-{"id": 5014,
+{"id": 5019,
"keyword": "pretty printers"},
-{"id": 5015,
+{"id": 5020,
"keyword": "repeated opening"},
-{"id": 5016,
+{"id": 5021,
"keyword": "normal form property"},
-{"id": 5017,
-"keyword": "program verification"},
-{"id": 5018,
-"keyword": "classic dynamic programming algorithm"},
-{"id": 5019,
-"keyword": "considerably shorter"},
-{"id": 5020,
-"keyword": "familiar real-"},
-{"id": 5021,
-"keyword": "computing optimal stable matches"},
{"id": 5022,
+"keyword": "program verification"},
+{"id": 5023,
+"keyword": "classic dynamic programming algorithm"},
+{"id": 5024,
+"keyword": "considerably shorter"},
+{"id": 5025,
+"keyword": "familiar real-"},
+{"id": 5026,
+"keyword": "computing optimal stable matches"},
+{"id": 5027,
"keyword": "original sturm"},
-{"id": 5023,
+{"id": 5028,
"keyword": "single-source shortest path function"},
-{"id": 5024,
+{"id": 5029,
"keyword": "convergence function"},
-{"id": 5025,
+{"id": 5030,
"keyword": "canonical set-theoretic constructions internalized"},
-{"id": 5026,
+{"id": 5031,
"keyword": "secure information flow"},
-{"id": 5027,
+{"id": 5032,
"keyword": "ocl standard"},
-{"id": 5028,
+{"id": 5033,
"keyword": "soundness proof"},
-{"id": 5029,
+{"id": 5034,
"keyword": "real analysis"},
-{"id": 5030,
+{"id": 5035,
"keyword": "automata library"},
-{"id": 5031,
+{"id": 5036,
"keyword": "datatypes similar"},
-{"id": 5032,
+{"id": 5037,
"keyword": "formally verified clrs algorithms"},
-{"id": 5033,
+{"id": 5038,
"keyword": "automated-theorem-proving assistant"},
-{"id": 5034,
+{"id": 5039,
"keyword": "paulson semantics-based approach"},
-{"id": 5035,
+{"id": 5040,
"keyword": "turn outputs descriptions"},
-{"id": 5036,
+{"id": 5041,
"keyword": "stone-kleene relation algebras"},
-{"id": 5037,
+{"id": 5042,
"keyword": "java se 8 specification"},
-{"id": 5038,
+{"id": 5043,
"keyword": "past operators"},
-{"id": 5039,
+{"id": 5044,
"keyword": "primitive authentication construct"},
-{"id": 5040,
-"keyword": "matrix theory"},
-{"id": 5041,
-"keyword": "additional domain elements"},
-{"id": 5042,
-"keyword": "informal presentation"},
-{"id": 5043,
-"keyword": "simple inductive proof"},
-{"id": 5044,
-"keyword": "company associating"},
{"id": 5045,
-"keyword": "c11 syntax deeply integrated"},
+"keyword": "matrix theory"},
{"id": 5046,
-"keyword": "anders schlichtkrull"},
+"keyword": "additional domain elements"},
{"id": 5047,
-"keyword": "generated test suite"},
+"keyword": "informal presentation"},
{"id": 5048,
-"keyword": "hol light"},
+"keyword": "simple inductive proof"},
{"id": 5049,
-"keyword": "straightforward analytic proof"},
+"keyword": "company associating"},
{"id": 5050,
-"keyword": "comparing relations"},
+"keyword": "c11 syntax deeply integrated"},
{"id": 5051,
-"keyword": "weak form"},
+"keyword": "anders schlichtkrull"},
{"id": 5052,
+"keyword": "generated test suite"},
+{"id": 5053,
+"keyword": "hol light"},
+{"id": 5054,
+"keyword": "straightforward analytic proof"},
+{"id": 5055,
+"keyword": "comparing relations"},
+{"id": 5056,
+"keyword": "weak form"},
+{"id": 5057,
"keyword": "asymptotic expansions"},
-{"id": 5053,
+{"id": 5058,
"keyword": "abstract program"},
-{"id": 5054,
+{"id": 5059,
"keyword": "successful termination"},
-{"id": 5055,
+{"id": 5060,
"keyword": "future separation logic developments"},
-{"id": 5056,
-"keyword": "guiding proof search"},
-{"id": 5057,
-"keyword": "undirected graphs"},
-{"id": 5058,
-"keyword": "previous formalisation"},
-{"id": 5059,
-"keyword": "association lists"},
-{"id": 5060,
-"keyword": "textbook first-order logic"},
{"id": 5061,
-"keyword": "concurrent value-dependent noninterference"},
+"keyword": "guiding proof search"},
{"id": 5062,
-"keyword": "textbook reasoning"},
+"keyword": "undirected graphs"},
{"id": 5063,
-"keyword": "logical reasoning"},
+"keyword": "previous formalisation"},
{"id": 5064,
-"keyword": "program trace semantics"},
+"keyword": "association lists"},
{"id": 5065,
-"keyword": "method calls"},
+"keyword": "textbook first-order logic"},
{"id": 5066,
-"keyword": "game theoretic issues"},
+"keyword": "concurrent value-dependent noninterference"},
{"id": 5067,
-"keyword": "byte code"},
+"keyword": "textbook reasoning"},
{"id": 5068,
-"keyword": "cantor pairing function"},
+"keyword": "logical reasoning"},
{"id": 5069,
-"keyword": "potential negative cycles"},
+"keyword": "program trace semantics"},
{"id": 5070,
-"keyword": "randomised skip list"},
+"keyword": "method calls"},
{"id": 5071,
-"keyword": "strengthen mertens"},
+"keyword": "game theoretic issues"},
{"id": 5072,
-"keyword": "manual alpha-conversions"},
+"keyword": "byte code"},
{"id": 5073,
-"keyword": "mobile computing"},
+"keyword": "cantor pairing function"},
{"id": 5074,
-"keyword": "formalising cryptographic arguments"},
+"keyword": "potential negative cycles"},
{"id": 5075,
-"keyword": "reference implementation"},
+"keyword": "randomised skip list"},
{"id": 5076,
-"keyword": "simplify complex iptables rulests"},
+"keyword": "strengthen mertens"},
{"id": 5077,
-"keyword": "stieltjes constants"},
+"keyword": "manual alpha-conversions"},
{"id": 5078,
-"keyword": "specific variants"},
+"keyword": "mobile computing"},
{"id": 5079,
-"keyword": "faithful embedding"},
+"keyword": "formalising cryptographic arguments"},
{"id": 5080,
-"keyword": "continuous lattices"},
+"keyword": "reference implementation"},
{"id": 5081,
-"keyword": "intermediate results"},
+"keyword": "simplify complex iptables rulests"},
{"id": 5082,
-"keyword": "unified translation"},
+"keyword": "stieltjes constants"},
{"id": 5083,
-"keyword": "autocorres tool"},
+"keyword": "specific variants"},
{"id": 5084,
+"keyword": "faithful embedding"},
+{"id": 5085,
+"keyword": "continuous lattices"},
+{"id": 5086,
+"keyword": "intermediate results"},
+{"id": 5087,
+"keyword": "unified translation"},
+{"id": 5088,
+"keyword": "autocorres tool"},
+{"id": 5089,
"keyword": "set category"},
-{"id": 5085,
+{"id": 5090,
"keyword": "model existence"},
-{"id": 5086,
+{"id": 5091,
"keyword": "factor ring"},
-{"id": 5087,
+{"id": 5092,
"keyword": "data-refinement techniques"},
-{"id": 5088,
-"keyword": "nondeterminism monad"},
-{"id": 5089,
-"keyword": "capture laws"},
-{"id": 5090,
-"keyword": "resulting automata"},
-{"id": 5091,
-"keyword": "normalizing strategy"},
-{"id": 5092,
-"keyword": "non-negative weights w_1"},
{"id": 5093,
-"keyword": "red-black trees"},
+"keyword": "nondeterminism monad"},
{"id": 5094,
-"keyword": "key encapsulation mechanism"},
+"keyword": "capture laws"},
{"id": 5095,
-"keyword": "finite search space"},
+"keyword": "resulting automata"},
{"id": 5096,
-"keyword": "replicated databases"},
+"keyword": "normalizing strategy"},
{"id": 5097,
-"keyword": "concurrency control model"},
+"keyword": "non-negative weights w_1"},
{"id": 5098,
-"keyword": "additional convenience"},
+"keyword": "red-black trees"},
{"id": 5099,
-"keyword": "affine systems"},
+"keyword": "key encapsulation mechanism"},
{"id": 5100,
-"keyword": "parent clauses"},
+"keyword": "finite search space"},
{"id": 5101,
-"keyword": "elementary number theory"},
+"keyword": "replicated databases"},
{"id": 5102,
-"keyword": "proof term checker embedded"},
+"keyword": "concurrency control model"},
{"id": 5103,
-"keyword": "distributed system"},
+"keyword": "additional convenience"},
{"id": 5104,
-"keyword": "knight"},
+"keyword": "affine systems"},
{"id": 5105,
-"keyword": "decision problem clique"},
+"keyword": "parent clauses"},
{"id": 5106,
-"keyword": "upcoming work principia logico-metaphysica"},
+"keyword": "elementary number theory"},
{"id": 5107,
-"keyword": "guarantee information flow noninterference"},
+"keyword": "proof term checker embedded"},
{"id": 5108,
-"keyword": "classical two-sided matching scenarios"},
+"keyword": "distributed system"},
{"id": 5109,
-"keyword": "large fragment"},
+"keyword": "knight"},
{"id": 5110,
-"keyword": "aforementioned consensus problem"},
+"keyword": "decision problem clique"},
{"id": 5111,
-"keyword": "afp entry robinson_arithmetic"},
+"keyword": "upcoming work principia logico-metaphysica"},
{"id": 5112,
-"keyword": "divergence reflection"},
+"keyword": "guarantee information flow noninterference"},
{"id": 5113,
-"keyword": "elegant proof"},
+"keyword": "classical two-sided matching scenarios"},
{"id": 5114,
-"keyword": "alpha-equivalence classes"},
+"keyword": "large fragment"},
{"id": 5115,
-"keyword": "previous analogous"},
+"keyword": "aforementioned consensus problem"},
{"id": 5116,
+"keyword": "afp entry robinson_arithmetic"},
+{"id": 5117,
+"keyword": "divergence reflection"},
+{"id": 5118,
+"keyword": "elegant proof"},
+{"id": 5119,
+"keyword": "alpha-equivalence classes"},
+{"id": 5120,
+"keyword": "previous analogous"},
+{"id": 5121,
"keyword": "operators"},
-{"id": 5117,
+{"id": 5122,
"keyword": "cc studies system classes"},
-{"id": 5118,
+{"id": 5123,
"keyword": "automatically extracted scala code"},
-{"id": 5119,
+{"id": 5124,
"keyword": "binding structure"},
-{"id": 5120,
-"keyword": "essential parts"},
-{"id": 5121,
-"keyword": "chamber complexes"},
-{"id": 5122,
-"keyword": "quantum prisoner"},
-{"id": 5123,
-"keyword": "generic algebraic middle-layer"},
-{"id": 5124,
-"keyword": "cite swan"},
{"id": 5125,
-"keyword": "lower semicontinuous hull"},
+"keyword": "essential parts"},
{"id": 5126,
-"keyword": "maclaurin series"},
+"keyword": "chamber complexes"},
{"id": 5127,
-"keyword": "functional representation"},
+"keyword": "quantum prisoner"},
{"id": 5128,
-"keyword": "state-merging technique"},
+"keyword": "generic algebraic middle-layer"},
{"id": 5129,
-"keyword": "natural numbers 0"},
+"keyword": "cite swan"},
{"id": 5130,
-"keyword": "canonical matrix analogue"},
+"keyword": "lower semicontinuous hull"},
{"id": 5131,
-"keyword": "incorrectly initialized contract"},
+"keyword": "maclaurin series"},
{"id": 5132,
+"keyword": "functional representation"},
+{"id": 5133,
+"keyword": "state-merging technique"},
+{"id": 5134,
+"keyword": "natural numbers 0"},
+{"id": 5135,
+"keyword": "canonical matrix analogue"},
+{"id": 5136,
+"keyword": "incorrectly initialized contract"},
+{"id": 5137,
"keyword": "generic framework"},
-{"id": 5133,
+{"id": 5138,
"keyword": "locale mechanism"},
-{"id": 5134,
+{"id": 5139,
"keyword": "test output formats"},
-{"id": 5135,
+{"id": 5140,
"keyword": "confidential events"},
-{"id": 5136,
+{"id": 5141,
"keyword": "ultimately refutational completeness"},
-{"id": 5137,
+{"id": 5142,
"keyword": "proofs require"},
-{"id": 5138,
+{"id": 5143,
"keyword": "atomic predicates"},
-{"id": 5139,
+{"id": 5144,
"keyword": "boolean algebra"},
-{"id": 5140,
+{"id": 5145,
"keyword": "remaining rules"},
-{"id": 5141,
+{"id": 5146,
"keyword": "fractional assertions"},
-{"id": 5142,
+{"id": 5147,
"keyword": "zout domains"},
-{"id": 5143,
+{"id": 5148,
"keyword": "abstract structures"},
-{"id": 5144,
+{"id": 5149,
"keyword": "deliberately formulated"},
-{"id": 5145,
-"keyword": "boolean algebra type"},
-{"id": 5146,
-"keyword": "mobius base logic"},
-{"id": 5147,
-"keyword": "suitable setup"},
-{"id": 5148,
-"keyword": "type class hierarchy"},
-{"id": 5149,
-"keyword": "predicate satisfied"},
{"id": 5150,
-"keyword": "itp-2016 paper"},
+"keyword": "boolean algebra type"},
{"id": 5151,
-"keyword": "axioms set suggested"},
+"keyword": "mobius base logic"},
{"id": 5152,
-"keyword": "finite partitioning"},
+"keyword": "suitable setup"},
{"id": 5153,
-"keyword": "internal direct product"},
+"keyword": "type class hierarchy"},
{"id": 5154,
-"keyword": "derive comparators"},
+"keyword": "predicate satisfied"},
{"id": 5155,
-"keyword": "basic graph algorithms"},
+"keyword": "itp-2016 paper"},
{"id": 5156,
-"keyword": "mso formulas correspond"},
+"keyword": "axioms set suggested"},
{"id": 5157,
-"keyword": "stateful connection semantics"},
+"keyword": "finite partitioning"},
{"id": 5158,
-"keyword": "correctness"},
+"keyword": "internal direct product"},
{"id": 5159,
-"keyword": "major goal"},
+"keyword": "derive comparators"},
{"id": 5160,
-"keyword": "fine-grained concurrency"},
+"keyword": "basic graph algorithms"},
{"id": 5161,
-"keyword": "handling inconsistency"},
+"keyword": "mso formulas correspond"},
{"id": 5162,
-"keyword": "employ messageless guard protocols"},
+"keyword": "stateful connection semantics"},
{"id": 5163,
-"keyword": "fundamental metaphysical theory"},
+"keyword": "correctness"},
{"id": 5164,
-"keyword": "network model"},
+"keyword": "major goal"},
{"id": 5165,
+"keyword": "fine-grained concurrency"},
+{"id": 5166,
+"keyword": "handling inconsistency"},
+{"id": 5167,
+"keyword": "employ messageless guard protocols"},
+{"id": 5168,
+"keyword": "fundamental metaphysical theory"},
+{"id": 5169,
+"keyword": "network model"},
+{"id": 5170,
"keyword": "co-inductive lists"},
-{"id": 5166,
+{"id": 5171,
"keyword": "hol experts"},
-{"id": 5167,
+{"id": 5172,
"keyword": "files chap02"},
-{"id": 5168,
+{"id": 5173,
"keyword": "sk sum"},
-{"id": 5169,
+{"id": 5174,
"keyword": "text book level"},
-{"id": 5170,
+{"id": 5175,
"keyword": "paper describing"},
-{"id": 5171,
+{"id": 5176,
"keyword": "normal series"},
-{"id": 5172,
+{"id": 5177,
"keyword": "msc thesis sch15"},
-{"id": 5173,
+{"id": 5178,
"keyword": "argument"},
-{"id": 5174,
+{"id": 5179,
"keyword": "minimal space usage"},
-{"id": 5175,
+{"id": 5180,
"keyword": "ieee-754 floating-point arithmetic"},
-{"id": 5176,
-"keyword": "verifying functional programs"},
-{"id": 5177,
-"keyword": "subtle algorithmic mechanisms"},
-{"id": 5178,
-"keyword": "approximative version"},
-{"id": 5179,
-"keyword": "triangle removal lemma"},
-{"id": 5180,
-"keyword": "abstract execution model"},
{"id": 5181,
+"keyword": "verifying functional programs"},
+{"id": 5182,
+"keyword": "subtle algorithmic mechanisms"},
+{"id": 5183,
+"keyword": "approximative version"},
+{"id": 5184,
+"keyword": "triangle removal lemma"},
+{"id": 5185,
+"keyword": "abstract execution model"},
+{"id": 5186,
"keyword": "gr bner basis"},
-{"id": 5182,
+{"id": 5187,
"keyword": "main novelty"},
-{"id": 5183,
+{"id": 5188,
"keyword": "internal path length relates"},
-{"id": 5184,
+{"id": 5189,
"keyword": "incrementally check"},
-{"id": 5185,
+{"id": 5190,
"keyword": "random graph"},
-{"id": 5186,
+{"id": 5191,
"keyword": "lattice point"},
-{"id": 5187,
+{"id": 5192,
"keyword": "concurrent refinement algebra"},
-{"id": 5188,
+{"id": 5193,
"keyword": "cryptographic hash-function ripemd-160"},
-{"id": 5189,
+{"id": 5194,
"keyword": "peculiar mapping argument"},
-{"id": 5190,
+{"id": 5195,
"keyword": "countable chain condition"},
-{"id": 5191,
+{"id": 5196,
"keyword": "gdpr compliance verification"},
-{"id": 5192,
+{"id": 5197,
"keyword": "elementary facts"},
-{"id": 5193,
+{"id": 5198,
"keyword": "non-deterministic algorithm"},
-{"id": 5194,
+{"id": 5199,
"keyword": "formalisation"},
-{"id": 5195,
+{"id": 5200,
"keyword": "automated theorem prover"},
-{"id": 5196,
+{"id": 5201,
"keyword": "entry adds quickcheck setup"},
-{"id": 5197,
+{"id": 5202,
"keyword": "regular expression equivalence"},
-{"id": 5198,
+{"id": 5203,
"keyword": "complex analysis"},
-{"id": 5199,
+{"id": 5204,
"keyword": "complete formal development"},
-{"id": 5200,
+{"id": 5205,
"keyword": "real-world programming languages"},
-{"id": 5201,
+{"id": 5206,
"keyword": "call arity"},
-{"id": 5202,
+{"id": 5207,
"keyword": "refused events"},
-{"id": 5203,
+{"id": 5208,
"keyword": "formal proof"},
-{"id": 5204,
+{"id": 5209,
"keyword": "method normalises applicative expressions"},
-{"id": 5205,
+{"id": 5210,
"keyword": "winding number"},
-{"id": 5206,
+{"id": 5211,
"keyword": "unpublished specialized algorithms"},
-{"id": 5207,
+{"id": 5212,
"keyword": "hoare logic based"},
-{"id": 5208,
-"keyword": "desired interval"},
-{"id": 5209,
-"keyword": "mainstream structures"},
-{"id": 5210,
-"keyword": "object logic zfc"},
-{"id": 5211,
-"keyword": "state proofs"},
-{"id": 5212,
-"keyword": "representing legal agreements"},
{"id": 5213,
+"keyword": "desired interval"},
+{"id": 5214,
+"keyword": "mainstream structures"},
+{"id": 5215,
+"keyword": "object logic zfc"},
+{"id": 5216,
+"keyword": "state proofs"},
+{"id": 5217,
+"keyword": "representing legal agreements"},
+{"id": 5218,
"keyword": "basic material"},
-{"id": 5214,
+{"id": 5219,
"keyword": "interest accrued"},
-{"id": 5215,
+{"id": 5220,
"keyword": "classical ai planning"},
-{"id": 5216,
+{"id": 5221,
"keyword": "chosen uniformly"},
-{"id": 5217,
+{"id": 5222,
"keyword": "rank-nullity theorem"},
-{"id": 5218,
+{"id": 5223,
"keyword": "tactic code"},
-{"id": 5219,
+{"id": 5224,
"keyword": "fully executable functional implementation"},
-{"id": 5220,
+{"id": 5225,
"keyword": "yoneda functor"},
-{"id": 5221,
+{"id": 5226,
"keyword": "limits"},
-{"id": 5222,
+{"id": 5227,
"keyword": "arbitrary classes"},
-{"id": 5223,
+{"id": 5228,
"keyword": "creating custom induction"},
-{"id": 5224,
+{"id": 5229,
"keyword": "interval arithmetic"},
-{"id": 5225,
+{"id": 5230,
"keyword": "full range"},
-{"id": 5226,
+{"id": 5231,
"keyword": "ssa"},
-{"id": 5227,
+{"id": 5232,
"keyword": "verified"},
-{"id": 5228,
+{"id": 5233,
"keyword": "inference system presented"},
-{"id": 5229,
+{"id": 5234,
"keyword": "bindings-aware induction"},
-{"id": 5230,
+{"id": 5235,
"keyword": "infinitesimal components"},
-{"id": 5231,
-"keyword": "contextual equivalence"},
-{"id": 5232,
-"keyword": "applied non-classical logics 2005"},
-{"id": 5233,
-"keyword": "noncommuting words form"},
-{"id": 5234,
-"keyword": "providing formalizations"},
-{"id": 5235,
-"keyword": "autonomous vehicle manufacturers"},
{"id": 5236,
-"keyword": "algorithm aims"},
+"keyword": "contextual equivalence"},
{"id": 5237,
-"keyword": "paper describes"},
+"keyword": "applied non-classical logics 2005"},
{"id": 5238,
-"keyword": "cambridge university press 2001"},
+"keyword": "noncommuting words form"},
{"id": 5239,
-"keyword": "priority queue"},
+"keyword": "providing formalizations"},
{"id": 5240,
-"keyword": "applicative functor"},
+"keyword": "autonomous vehicle manufacturers"},
{"id": 5241,
-"keyword": "space usage"},
+"keyword": "algorithm aims"},
{"id": 5242,
-"keyword": "analyse system structure oriented"},
+"keyword": "paper describes"},
{"id": 5243,
+"keyword": "cambridge university press 2001"},
+{"id": 5244,
+"keyword": "priority queue"},
+{"id": 5245,
+"keyword": "applicative functor"},
+{"id": 5246,
+"keyword": "space usage"},
+{"id": 5247,
+"keyword": "analyse system structure oriented"},
+{"id": 5248,
"keyword": "unverified tools"},
-{"id": 5244,
+{"id": 5249,
"keyword": "complete graphs"},
-{"id": 5245,
+{"id": 5250,
"keyword": "standard theorems"},
-{"id": 5246,
+{"id": 5251,
"keyword": "valid parameters"},
-{"id": 5247,
-"keyword": "conduct machine checkable proofs"},
-{"id": 5248,
-"keyword": "proof-carrying-code style encoding"},
-{"id": 5249,
-"keyword": "analogous languages"},
-{"id": 5250,
-"keyword": "friendship theorem"},
-{"id": 5251,
-"keyword": "mathematical machinery"},
{"id": 5252,
-"keyword": "non-deterministic automata"},
+"keyword": "conduct machine checkable proofs"},
{"id": 5253,
-"keyword": "formal proof closely"},
+"keyword": "proof-carrying-code style encoding"},
{"id": 5254,
-"keyword": "shorter refinement proofs"},
+"keyword": "analogous languages"},
{"id": 5255,
-"keyword": "modeling firewall policies"},
+"keyword": "friendship theorem"},
{"id": 5256,
-"keyword": "standard estimations"},
+"keyword": "mathematical machinery"},
{"id": 5257,
-"keyword": "group"},
+"keyword": "non-deterministic automata"},
{"id": 5258,
-"keyword": "axiomatic theory"},
+"keyword": "formal proof closely"},
{"id": 5259,
+"keyword": "shorter refinement proofs"},
+{"id": 5260,
+"keyword": "modeling firewall policies"},
+{"id": 5261,
+"keyword": "standard estimations"},
+{"id": 5262,
+"keyword": "group"},
+{"id": 5263,
+"keyword": "axiomatic theory"},
+{"id": 5264,
"keyword": "syntactic formula"},
-{"id": 5260,
+{"id": 5265,
"keyword": "faulty process"},
-{"id": 5261,
+{"id": 5266,
"keyword": "verified decision procedures"},
-{"id": 5262,
+{"id": 5267,
"keyword": "resp"},
-{"id": 5263,
+{"id": 5268,
"keyword": "projective spaces"},
-{"id": 5264,
+{"id": 5269,
"keyword": "uniform proof"},
-{"id": 5265,
+{"id": 5270,
"keyword": "resolution theorem proving chapter"},
-{"id": 5266,
+{"id": 5271,
"keyword": "deductive program verification"},
-{"id": 5267,
+{"id": 5272,
"keyword": "entire cosmedis network"},
-{"id": 5268,
+{"id": 5273,
"keyword": "adaptive state counting algorithm"},
-{"id": 5269,
+{"id": 5274,
"keyword": "policy"},
-{"id": 5270,
+{"id": 5275,
"keyword": "autonomous vehicle liable"},
-{"id": 5271,
+{"id": 5276,
"keyword": "minimal ssa form"},
-{"id": 5272,
-"keyword": "powerset construction mapping nfas"},
-{"id": 5273,
-"keyword": "transition paths"},
-{"id": 5274,
-"keyword": "execution time compares"},
-{"id": 5275,
-"keyword": "complexity analysis"},
-{"id": 5276,
-"keyword": "achieve bottom-"},
{"id": 5277,
+"keyword": "powerset construction mapping nfas"},
+{"id": 5278,
+"keyword": "transition paths"},
+{"id": 5279,
+"keyword": "execution time compares"},
+{"id": 5280,
+"keyword": "complexity analysis"},
+{"id": 5281,
+"keyword": "achieve bottom-"},
+{"id": 5282,
"keyword": "protocol analysis tools"},
-{"id": 5278,
+{"id": 5283,
"keyword": "progress tracking protocol"},
-{"id": 5279,
+{"id": 5284,
"keyword": "cryptographic constructions"},
-{"id": 5280,
+{"id": 5285,
"keyword": "gamma function"},
-{"id": 5281,
+{"id": 5286,
"keyword": "theorem 2"},
-{"id": 5282,
+{"id": 5287,
"keyword": "wikipedia articles"},
-{"id": 5283,
+{"id": 5288,
"keyword": "textbook ramsey theory"},
-{"id": 5284,
+{"id": 5289,
"keyword": "weakest-precondition entailment"},
-{"id": 5285,
+{"id": 5290,
"keyword": "subsumes lexicographic path orders"},
-{"id": 5286,
+{"id": 5291,
"keyword": "accessed independently"},
-{"id": 5287,
+{"id": 5292,
"keyword": "sparcv8 cpu simulator"},
-{"id": 5288,
+{"id": 5293,
"keyword": "maximal load factors"},
-{"id": 5289,
+{"id": 5294,
"keyword": "mergesort algorithm"},
-{"id": 5290,
+{"id": 5295,
"keyword": "bendix orders"},
-{"id": 5291,
+{"id": 5296,
"keyword": "general theorem"},
-{"id": 5292,
+{"id": 5297,
"keyword": "residuated boolean algebra"},
-{"id": 5293,
+{"id": 5298,
"keyword": "maclaurin formula"},
-{"id": 5294,
+{"id": 5299,
"keyword": "partial sums"},
-{"id": 5295,
-"keyword": "recursively enumerable set"},
-{"id": 5296,
-"keyword": "mathematical framework"},
-{"id": 5297,
-"keyword": "inf-preserving predicate transformers"},
-{"id": 5298,
-"keyword": "timely dataflow"},
-{"id": 5299,
-"keyword": "paracomplete logics"},
{"id": 5300,
-"keyword": "binary search trees"},
+"keyword": "recursively enumerable set"},
{"id": 5301,
-"keyword": "pronounced lambda auth"},
+"keyword": "mathematical framework"},
{"id": 5302,
-"keyword": "simple imperative language imp"},
+"keyword": "inf-preserving predicate transformers"},
{"id": 5303,
-"keyword": "subseteq alpha"},
+"keyword": "timely dataflow"},
{"id": 5304,
-"keyword": "skip lists"},
+"keyword": "paracomplete logics"},
{"id": 5305,
-"keyword": "empty rows"},
+"keyword": "binary search trees"},
{"id": 5306,
-"keyword": "present version hol-csp profits"},
+"keyword": "pronounced lambda auth"},
{"id": 5307,
+"keyword": "simple imperative language imp"},
+{"id": 5308,
+"keyword": "subseteq alpha"},
+{"id": 5309,
+"keyword": "skip lists"},
+{"id": 5310,
+"keyword": "empty rows"},
+{"id": 5311,
+"keyword": "present version hol-csp profits"},
+{"id": 5312,
"keyword": "formal framework"},
-{"id": 5308,
+{"id": 5313,
"keyword": "first-order unification algorithm"},
-{"id": 5309,
+{"id": 5314,
"keyword": "tree-regular languages"},
-{"id": 5310,
+{"id": 5315,
"keyword": "first-order prover"},
-{"id": 5311,
-"keyword": "highly probable assumption"},
-{"id": 5312,
-"keyword": "differential_dynamic_logic article"},
-{"id": 5313,
-"keyword": "form bigwedge_"},
-{"id": 5314,
-"keyword": "important correctness property"},
-{"id": 5315,
-"keyword": "key aspect"},
{"id": 5316,
-"keyword": "positive fractions"},
+"keyword": "highly probable assumption"},
{"id": 5317,
-"keyword": "mechanized proof"},
+"keyword": "differential_dynamic_logic article"},
{"id": 5318,
-"keyword": "equality holds"},
+"keyword": "form bigwedge_"},
{"id": 5319,
-"keyword": "theorems state propositions"},
+"keyword": "important correctness property"},
{"id": 5320,
-"keyword": "generated inputs"},
+"keyword": "key aspect"},
{"id": 5321,
-"keyword": "diagrammatic proof system"},
+"keyword": "positive fractions"},
{"id": 5322,
-"keyword": "deutsch-schorr-waite graph marking algorithm"},
+"keyword": "mechanized proof"},
{"id": 5323,
-"keyword": "convert regular expressions"},
+"keyword": "equality holds"},
{"id": 5324,
-"keyword": "monotone boolean functions"},
+"keyword": "theorems state propositions"},
{"id": 5325,
-"keyword": "prior formalization attempt"},
+"keyword": "generated inputs"},
{"id": 5326,
-"keyword": "circus processes"},
+"keyword": "diagrammatic proof system"},
{"id": 5327,
-"keyword": "verify properties"},
+"keyword": "deutsch-schorr-waite graph marking algorithm"},
{"id": 5328,
-"keyword": "concrete programming language"},
+"keyword": "convert regular expressions"},
{"id": 5329,
-"keyword": "non-functional requirements"},
+"keyword": "monotone boolean functions"},
{"id": 5330,
-"keyword": "limiting parallels axiom"},
+"keyword": "prior formalization attempt"},
{"id": 5331,
-"keyword": "webassembly language"},
+"keyword": "circus processes"},
{"id": 5332,
-"keyword": "8th event"},
+"keyword": "verify properties"},
{"id": 5333,
-"keyword": "local type definitions"},
+"keyword": "concrete programming language"},
{"id": 5334,
-"keyword": "approximation quality solely depends"},
+"keyword": "non-functional requirements"},
{"id": 5335,
-"keyword": "protocol"},
+"keyword": "limiting parallels axiom"},
{"id": 5336,
-"keyword": "2 scalar product"},
+"keyword": "webassembly language"},
{"id": 5337,
-"keyword": "unique decomposition"},
+"keyword": "8th event"},
{"id": 5338,
-"keyword": "florian kammueller"},
+"keyword": "local type definitions"},
{"id": 5339,
+"keyword": "approximation quality solely depends"},
+{"id": 5340,
+"keyword": "protocol"},
+{"id": 5341,
+"keyword": "2 scalar product"},
+{"id": 5342,
+"keyword": "unique decomposition"},
+{"id": 5343,
+"keyword": "florian kammueller"},
+{"id": 5344,
"keyword": "stepwise program refinement techniques"},
-{"id": 5340,
+{"id": 5345,
"keyword": "ungeneralised counterparts"},
-{"id": 5341,
+{"id": 5346,
"keyword": "auxiliary type"},
-{"id": 5342,
+{"id": 5347,
"keyword": "internal execution clocking"},
-{"id": 5343,
-"keyword": "concurrent behaviour"},
-{"id": 5344,
-"keyword": "primitive data types"},
-{"id": 5345,
-"keyword": "systems communication plays"},
-{"id": 5346,
-"keyword": "complementary error function erfc"},
-{"id": 5347,
-"keyword": "functions learnable"},
{"id": 5348,
-"keyword": "concrete applicative functor"},
+"keyword": "concurrent behaviour"},
{"id": 5349,
-"keyword": "case combinators"},
+"keyword": "primitive data types"},
{"id": 5350,
-"keyword": "infinite series"},
+"keyword": "systems communication plays"},
{"id": 5351,
-"keyword": "woots strong eventual consistency"},
+"keyword": "complementary error function erfc"},
{"id": 5352,
-"keyword": "yamada 2"},
+"keyword": "functions learnable"},
{"id": 5353,
-"keyword": "isafol project isafol"},
+"keyword": "concrete applicative functor"},
{"id": 5354,
-"keyword": "events"},
+"keyword": "case combinators"},
{"id": 5355,
-"keyword": "derive mertens"},
+"keyword": "infinite series"},
{"id": 5356,
+"keyword": "woots strong eventual consistency"},
+{"id": 5357,
+"keyword": "yamada 2"},
+{"id": 5358,
+"keyword": "isafol project isafol"},
+{"id": 5359,
+"keyword": "events"},
+{"id": 5360,
+"keyword": "derive mertens"},
+{"id": 5361,
"keyword": "operational semantics"},
-{"id": 5357,
+{"id": 5362,
"keyword": "match expression"},
-{"id": 5358,
+{"id": 5363,
"keyword": "paper assumptions"},
-{"id": 5359,
+{"id": 5364,
"keyword": "affine arithmetic"},
-{"id": 5360,
+{"id": 5365,
"keyword": "standard protocol descriptions based"},
-{"id": 5361,
+{"id": 5366,
"keyword": "easily expandable"},
-{"id": 5362,
+{"id": 5367,
"keyword": "tsinakis conditions"},
-{"id": 5363,
+{"id": 5368,
"keyword": "binary temporal operators"},
-{"id": 5364,
+{"id": 5369,
"keyword": "javier esparza"},
-{"id": 5365,
+{"id": 5370,
"keyword": "afp entry dynamic architectures"},
-{"id": 5366,
+{"id": 5371,
"keyword": "total correctness proof"},
-{"id": 5367,
-"keyword": "timothy gowers"},
-{"id": 5368,
-"keyword": "directed security policies"},
-{"id": 5369,
-"keyword": "one-sided sequent calculus"},
-{"id": 5370,
-"keyword": "hybrid logic"},
-{"id": 5371,
-"keyword": "authentication mechanisms employed call"},
{"id": 5372,
+"keyword": "timothy gowers"},
+{"id": 5373,
+"keyword": "directed security policies"},
+{"id": 5374,
+"keyword": "one-sided sequent calculus"},
+{"id": 5375,
+"keyword": "hybrid logic"},
+{"id": 5376,
+"keyword": "authentication mechanisms employed call"},
+{"id": 5377,
"keyword": "maximum determination"},
-{"id": 5373,
+{"id": 5378,
"keyword": "unwinding results"},
-{"id": 5374,
+{"id": 5379,
"keyword": "general scheme"},
-{"id": 5375,
+{"id": 5380,
"keyword": "substantial performance penalty"},
-{"id": 5376,
+{"id": 5381,
"keyword": "propositional logic"},
-{"id": 5377,
+{"id": 5382,
"keyword": "lehmer presented criterions"},
-{"id": 5378,
+{"id": 5383,
"keyword": "witnessing diamonds"},
-{"id": 5379,
+{"id": 5384,
"keyword": "formal representations"},
-{"id": 5380,
+{"id": 5385,
"keyword": "mutilated chess board"},
-{"id": 5381,
+{"id": 5386,
"keyword": "formally verified"},
-{"id": 5382,
+{"id": 5387,
"keyword": "w_1 ldots w_n 1"},
-{"id": 5383,
-"keyword": "real vectors spaces"},
-{"id": 5384,
-"keyword": "establish sound type-system-"},
-{"id": 5385,
-"keyword": "future related mechanisation efforts"},
-{"id": 5386,
-"keyword": "compare complements"},
-{"id": 5387,
-"keyword": "concrete system"},
{"id": 5388,
-"keyword": "compatible formalization"},
+"keyword": "real vectors spaces"},
{"id": 5389,
-"keyword": "active domain"},
+"keyword": "establish sound type-system-"},
{"id": 5390,
-"keyword": "informal proof"},
+"keyword": "future related mechanisation efforts"},
{"id": 5391,
-"keyword": "leftmost reduction theorem"},
+"keyword": "compare complements"},
{"id": 5392,
-"keyword": "verify-- philosophical arguments"},
+"keyword": "concrete system"},
{"id": 5393,
-"keyword": "number partitions"},
+"keyword": "compatible formalization"},
{"id": 5394,
-"keyword": "rewrite rules"},
+"keyword": "active domain"},
{"id": 5395,
-"keyword": "monochromatic line"},
+"keyword": "informal proof"},
{"id": 5396,
-"keyword": "monotonic boolean transformers"},
+"keyword": "leftmost reduction theorem"},
{"id": 5397,
-"keyword": "designs"},
+"keyword": "verify-- philosophical arguments"},
{"id": 5398,
-"keyword": "fundamental banach spaces"},
+"keyword": "number partitions"},
{"id": 5399,
-"keyword": "swierczkowski ndash"},
+"keyword": "rewrite rules"},
{"id": 5400,
-"keyword": "eponym ijcar 2020 paper"},
+"keyword": "monochromatic line"},
{"id": 5401,
-"keyword": "expressing smart contracts"},
+"keyword": "monotonic boolean transformers"},
{"id": 5402,
-"keyword": "key properties"},
+"keyword": "designs"},
{"id": 5403,
+"keyword": "fundamental banach spaces"},
+{"id": 5404,
+"keyword": "swierczkowski ndash"},
+{"id": 5405,
+"keyword": "eponym ijcar 2020 paper"},
+{"id": 5406,
+"keyword": "expressing smart contracts"},
+{"id": 5407,
+"keyword": "key properties"},
+{"id": 5408,
"keyword": "special halting problem"},
-{"id": 5404,
+{"id": 5409,
"keyword": "effectively executable algorithm"},
-{"id": 5405,
+{"id": 5410,
"keyword": "generalise relation algebras"},
-{"id": 5406,
+{"id": 5411,
"keyword": "abstract representation"},
-{"id": 5407,
-"keyword": "abstract theory"},
-{"id": 5408,
-"keyword": "desired precision"},
-{"id": 5409,
-"keyword": "compiled code"},
-{"id": 5410,
-"keyword": "odd-set cover osc"},
-{"id": 5411,
-"keyword": "maintaining knowledge"},
{"id": 5412,
-"keyword": "sophisticated languages"},
+"keyword": "abstract theory"},
{"id": 5413,
-"keyword": "function eval solves capturability"},
+"keyword": "desired precision"},
{"id": 5414,
-"keyword": "operational properties"},
+"keyword": "compiled code"},
{"id": 5415,
-"keyword": "curve operations"},
+"keyword": "odd-set cover osc"},
{"id": 5416,
-"keyword": "alternative interpretation"},
+"keyword": "maintaining knowledge"},
{"id": 5417,
-"keyword": "significantly larger"},
+"keyword": "sophisticated languages"},
{"id": 5418,
-"keyword": "automatic tactics"},
+"keyword": "function eval solves capturability"},
{"id": 5419,
-"keyword": "gewirth"},
+"keyword": "operational properties"},
{"id": 5420,
+"keyword": "curve operations"},
+{"id": 5421,
+"keyword": "alternative interpretation"},
+{"id": 5422,
+"keyword": "significantly larger"},
+{"id": 5423,
+"keyword": "automatic tactics"},
+{"id": 5424,
+"keyword": "gewirth"},
+{"id": 5425,
"keyword": "theorem states"},
-{"id": 5421,
+{"id": 5426,
"keyword": "previous axiomatic encoding"},
-{"id": 5422,
+{"id": 5427,
"keyword": "cauchy index"},
-{"id": 5423,
+{"id": 5428,
"keyword": "tree width"},
-{"id": 5424,
+{"id": 5429,
"keyword": "effectively decide ideal membership"},
-{"id": 5425,
+{"id": 5430,
"keyword": "gmw protocol"},
-{"id": 5426,
+{"id": 5431,
"keyword": "multi-party computation"},
-{"id": 5427,
+{"id": 5432,
"keyword": "master students"},
-{"id": 5428,
+{"id": 5433,
"keyword": "low edge probability"},
-{"id": 5429,
+{"id": 5434,
"keyword": "static refutational completeness"},
-{"id": 5430,
+{"id": 5435,
"keyword": "incoming edges equals"},
-{"id": 5431,
-"keyword": "tail-recursive function"},
-{"id": 5432,
-"keyword": "all-pairs shortest paths problem"},
-{"id": 5433,
-"keyword": "initial specification"},
-{"id": 5434,
-"keyword": "time sufficient properties"},
-{"id": 5435,
-"keyword": "symmetry properties"},
{"id": 5436,
+"keyword": "tail-recursive function"},
+{"id": 5437,
+"keyword": "all-pairs shortest paths problem"},
+{"id": 5438,
+"keyword": "initial specification"},
+{"id": 5439,
+"keyword": "time sufficient properties"},
+{"id": 5440,
+"keyword": "symmetry properties"},
+{"id": 5441,
"keyword": "probabilistic functional programming language"},
-{"id": 5437,
+{"id": 5442,
"keyword": "fixed set"},
-{"id": 5438,
+{"id": 5443,
"keyword": "reflexive-transitive closures"},
-{"id": 5439,
+{"id": 5444,
"keyword": "racing effects"},
-{"id": 5440,
+{"id": 5445,
"keyword": "dbm-based forward analysis"},
-{"id": 5441,
+{"id": 5446,
"keyword": "formal verification"},
-{"id": 5442,
+{"id": 5447,
"keyword": "compositional invariant proofs"},
-{"id": 5443,
+{"id": 5448,
"keyword": "abstract time domain"},
-{"id": 5444,
+{"id": 5449,
"keyword": "defining functions"},
-{"id": 5445,
+{"id": 5450,
"keyword": "correctness proof"},
-{"id": 5446,
+{"id": 5451,
"keyword": "smt"},
-{"id": 5447,
+{"id": 5452,
"keyword": "separation logic formulae"},
-{"id": 5448,
+{"id": 5453,
"keyword": "catalan numbers"},
-{"id": 5449,
+{"id": 5454,
"keyword": "deriving approximative safety properties"},
-{"id": 5450,
+{"id": 5455,
"keyword": "keeping track"},
-{"id": 5451,
+{"id": 5456,
"keyword": "polar form transformation"},
-{"id": 5452,
+{"id": 5457,
"keyword": "counting sort making"},
-{"id": 5453,
+{"id": 5458,
"keyword": "interval calculus"},
-{"id": 5454,
+{"id": 5459,
"keyword": "countable networks"},
-{"id": 5455,
+{"id": 5460,
"keyword": "generated code"},
-{"id": 5456,
+{"id": 5461,
"keyword": "christian urban"},
-{"id": 5457,
+{"id": 5462,
"keyword": "modify nodes"},
-{"id": 5458,
+{"id": 5463,
"keyword": "security systems"},
-{"id": 5459,
+{"id": 5464,
"keyword": "unsorted first-order logic"},
-{"id": 5460,
+{"id": 5465,
"keyword": "generalising tla action formulas"},
-{"id": 5461,
+{"id": 5466,
"keyword": "collecting semantics"},
-{"id": 5462,
+{"id": 5467,
"keyword": "single partial composition operation"},
-{"id": 5463,
-"keyword": "guarantee minimality"},
-{"id": 5464,
-"keyword": "data stream"},
-{"id": 5465,
-"keyword": "search trees based"},
-{"id": 5466,
-"keyword": "financial products"},
-{"id": 5467,
-"keyword": "original query evaluates"},
{"id": 5468,
+"keyword": "guarantee minimality"},
+{"id": 5469,
+"keyword": "data stream"},
+{"id": 5470,
+"keyword": "search trees based"},
+{"id": 5471,
+"keyword": "financial products"},
+{"id": 5472,
+"keyword": "original query evaluates"},
+{"id": 5473,
"keyword": "universal turing machine"},
-{"id": 5469,
+{"id": 5474,
"keyword": "nonzero rational number"},
-{"id": 5470,
+{"id": 5475,
"keyword": "unrestricted rules"},
-{"id": 5471,
+{"id": 5476,
"keyword": "efficient version"},
-{"id": 5472,
+{"id": 5477,
"keyword": "specification mechanism"},
-{"id": 5473,
+{"id": 5478,
"keyword": "rts algorithm"},
-{"id": 5474,
+{"id": 5479,
"keyword": "dirichlet"},
-{"id": 5475,
+{"id": 5480,
"keyword": "involve polynomial interpretations"},
-{"id": 5476,
+{"id": 5481,
"keyword": "resulting proof system"},
-{"id": 5477,
+{"id": 5482,
"keyword": "newton interpolation"},
-{"id": 5478,
+{"id": 5483,
"keyword": "arrow-debreu model"},
-{"id": 5479,
+{"id": 5484,
"keyword": "complex algebraic numbers"},
-{"id": 5480,
+{"id": 5485,
"keyword": "regular operations"},
-{"id": 5481,
+{"id": 5486,
"keyword": "infinite-dimensional vector spaces"},
-{"id": 5482,
+{"id": 5487,
"keyword": "tool box allowing"},
-{"id": 5483,
+{"id": 5488,
"keyword": "elementary measure theory"},
-{"id": 5484,
+{"id": 5489,
"keyword": "false alarms"},
-{"id": 5485,
+{"id": 5490,
"keyword": "generic unwinding theorem"},
-{"id": 5486,
-"keyword": "program compositions"},
-{"id": 5487,
-"keyword": "org vol-3002 paper7"},
-{"id": 5488,
-"keyword": "knot theory"},
-{"id": 5489,
-"keyword": "formal model"},
-{"id": 5490,
-"keyword": "abstract interpreter operate"},
{"id": 5491,
-"keyword": "hom embedding"},
+"keyword": "program compositions"},
{"id": 5492,
-"keyword": "zeroth frequency moment"},
+"keyword": "org vol-3002 paper7"},
{"id": 5493,
-"keyword": "bnf-based datatype package"},
+"keyword": "knot theory"},
{"id": 5494,
-"keyword": "classic notion"},
+"keyword": "formal model"},
{"id": 5495,
-"keyword": "projective space geometry"},
+"keyword": "abstract interpreter operate"},
{"id": 5496,
-"keyword": "free"},
+"keyword": "hom embedding"},
{"id": 5497,
-"keyword": "small-step semantics instrumented"},
+"keyword": "zeroth frequency moment"},
{"id": 5498,
+"keyword": "bnf-based datatype package"},
+{"id": 5499,
+"keyword": "classic notion"},
+{"id": 5500,
+"keyword": "projective space geometry"},
+{"id": 5501,
+"keyword": "free"},
+{"id": 5502,
+"keyword": "small-step semantics instrumented"},
+{"id": 5503,
"keyword": "reproduced faithfully"},
-{"id": 5499,
+{"id": 5504,
"keyword": "strong eventual consistency guarantees"},
-{"id": 5500,
+{"id": 5505,
"keyword": "sparcv8 cpu"},
-{"id": 5501,
+{"id": 5506,
"keyword": "poincar disc model"},
-{"id": 5502,
-"keyword": "called learnable"},
-{"id": 5503,
-"keyword": "variants"},
-{"id": 5504,
-"keyword": "cartesian monoidal categories"},
-{"id": 5505,
-"keyword": "deterministic list update algorithms"},
-{"id": 5506,
-"keyword": "quad int_0 1"},
{"id": 5507,
-"keyword": "levi identities"},
+"keyword": "called learnable"},
{"id": 5508,
-"keyword": "applicative functors augment computations"},
+"keyword": "variants"},
{"id": 5509,
-"keyword": "therories describe hoare logics"},
+"keyword": "cartesian monoidal categories"},
{"id": 5510,
-"keyword": "list"},
+"keyword": "deterministic list update algorithms"},
{"id": 5511,
-"keyword": "abstract algebra"},
+"keyword": "quad int_0 1"},
{"id": 5512,
-"keyword": "verifying practical algorithms"},
+"keyword": "levi identities"},
{"id": 5513,
-"keyword": "neutral social decision scheme"},
+"keyword": "applicative functors augment computations"},
{"id": 5514,
+"keyword": "therories describe hoare logics"},
+{"id": 5515,
+"keyword": "list"},
+{"id": 5516,
+"keyword": "abstract algebra"},
+{"id": 5517,
+"keyword": "verifying practical algorithms"},
+{"id": 5518,
+"keyword": "neutral social decision scheme"},
+{"id": 5519,
"keyword": "data refinement techniques"},
-{"id": 5515,
+{"id": 5520,
"keyword": "concrete data structures"},
-{"id": 5516,
+{"id": 5521,
"keyword": "basic number-theoretic functions related"},
-{"id": 5517,
+{"id": 5522,
"keyword": "mfodl supports real-time constraints"},
-{"id": 5518,
+{"id": 5523,
"keyword": "geometric interpretation"},
-{"id": 5519,
+{"id": 5524,
"keyword": "minsky configurations"},
-{"id": 5520,
+{"id": 5525,
"keyword": "stepwise refinement based approach"},
-{"id": 5521,
+{"id": 5526,
"keyword": "concrete lower bound"},
-{"id": 5522,
+{"id": 5527,
"keyword": "textual language"},
-{"id": 5523,
+{"id": 5528,
"keyword": "elementary proof"},
-{"id": 5524,
+{"id": 5529,
"keyword": "originally reported"},
-{"id": 5525,
+{"id": 5530,
"keyword": "lu cleverly extended"},
-{"id": 5526,
+{"id": 5531,
"keyword": "efficient arrays"},
-{"id": 5527,
-"keyword": "basic blocks"},
-{"id": 5528,
-"keyword": "represent objects"},
-{"id": 5529,
-"keyword": "iterative interpretive process"},
-{"id": 5530,
-"keyword": "simple algebraic basis"},
-{"id": 5531,
-"keyword": "basic algebra leading"},
{"id": 5532,
+"keyword": "basic blocks"},
+{"id": 5533,
+"keyword": "represent objects"},
+{"id": 5534,
+"keyword": "iterative interpretive process"},
+{"id": 5535,
+"keyword": "simple algebraic basis"},
+{"id": 5536,
+"keyword": "basic algebra leading"},
+{"id": 5537,
"keyword": "volpano smith-style noninterference notions"},
-{"id": 5533,
+{"id": 5538,
"keyword": "composable security statements"},
-{"id": 5534,
+{"id": 5539,
"keyword": "important functions"},
-{"id": 5535,
+{"id": 5540,
"keyword": "core notion"},
-{"id": 5536,
+{"id": 5541,
"keyword": "complex"},
-{"id": 5537,
+{"id": 5542,
"keyword": "model-level og proof"},
-{"id": 5538,
+{"id": 5543,
"keyword": "simplify program verification"},
-{"id": 5539,
+{"id": 5544,
"keyword": "constant intersect designs"},
-{"id": 5540,
+{"id": 5545,
"keyword": "folder commonset"},
-{"id": 5541,
+{"id": 5546,
"keyword": "type checker"},
-{"id": 5542,
+{"id": 5547,
"keyword": "hol light version"},
-{"id": 5543,
+{"id": 5548,
"keyword": "formal summation"},
-{"id": 5544,
+{"id": 5549,
"keyword": "key establishment protocols"},
-{"id": 5545,
+{"id": 5550,
"keyword": "linear transformations"},
-{"id": 5546,
+{"id": 5551,
"keyword": "relative safety"},
-{"id": 5547,
+{"id": 5552,
"keyword": "bicolano operational semantics"},
-{"id": 5548,
+{"id": 5553,
"keyword": "elementary infrastructure"},
-{"id": 5549,
+{"id": 5554,
"keyword": "nominal logic formalism"},
-{"id": 5550,
-"keyword": "efficient monpoly monitoring tool"},
-{"id": 5551,
-"keyword": "complex library"},
-{"id": 5552,
-"keyword": "ceta system"},
-{"id": 5553,
-"keyword": "standard disassembly tool objdump"},
-{"id": 5554,
-"keyword": "binary relations"},
{"id": 5555,
-"keyword": "cover monotonic security invariants"},
+"keyword": "efficient monpoly monitoring tool"},
{"id": 5556,
-"keyword": "simple paper proof"},
+"keyword": "complex library"},
{"id": 5557,
-"keyword": "global model"},
+"keyword": "ceta system"},
{"id": 5558,
-"keyword": "derive"},
+"keyword": "standard disassembly tool objdump"},
{"id": 5559,
-"keyword": "relativize paulson"},
+"keyword": "binary relations"},
{"id": 5560,
-"keyword": "normed space"},
+"keyword": "cover monotonic security invariants"},
{"id": 5561,
-"keyword": "radix sort"},
+"keyword": "simple paper proof"},
{"id": 5562,
+"keyword": "global model"},
+{"id": 5563,
+"keyword": "derive"},
+{"id": 5564,
+"keyword": "relativize paulson"},
+{"id": 5565,
+"keyword": "normed space"},
+{"id": 5566,
+"keyword": "radix sort"},
+{"id": 5567,
"keyword": "proof step"},
-{"id": 5563,
+{"id": 5568,
"keyword": "declassification bounds"},
-{"id": 5564,
+{"id": 5569,
"keyword": "original version"},
-{"id": 5565,
+{"id": 5570,
"keyword": "stimulus structure"},
-{"id": 5566,
-"keyword": "protocol verification"},
-{"id": 5567,
-"keyword": "higher entity"},
-{"id": 5568,
-"keyword": "arithmetic logical operations"},
-{"id": 5569,
-"keyword": "require eventual consistency"},
-{"id": 5570,
-"keyword": "skip blocks"},
{"id": 5571,
-"keyword": "subterm coefficient functions"},
+"keyword": "protocol verification"},
{"id": 5572,
-"keyword": "tla axioms"},
+"keyword": "higher entity"},
{"id": 5573,
-"keyword": "afp package"},
+"keyword": "arithmetic logical operations"},
{"id": 5574,
-"keyword": "alphabetised relational calculus"},
+"keyword": "require eventual consistency"},
{"id": 5575,
-"keyword": "infinite"},
+"keyword": "skip blocks"},
{"id": 5576,
-"keyword": "unify correctness statements"},
+"keyword": "subterm coefficient functions"},
{"id": 5577,
-"keyword": "representing documents"},
+"keyword": "tla axioms"},
{"id": 5578,
-"keyword": "complete semantic tableau calculus"},
+"keyword": "afp package"},
{"id": 5579,
-"keyword": "domain-relation map satisfying"},
+"keyword": "alphabetised relational calculus"},
{"id": 5580,
-"keyword": "abstract convergence theorem"},
+"keyword": "infinite"},
{"id": 5581,
-"keyword": "normal functions"},
+"keyword": "unify correctness statements"},
{"id": 5582,
-"keyword": "language determinism"},
+"keyword": "representing documents"},
{"id": 5583,
-"keyword": "comparatively small subset"},
+"keyword": "complete semantic tableau calculus"},
{"id": 5584,
-"keyword": "independent runs"},
+"keyword": "domain-relation map satisfying"},
{"id": 5585,
-"keyword": "principal ideal domains"},
+"keyword": "abstract convergence theorem"},
{"id": 5586,
-"keyword": "write specifications"},
+"keyword": "normal functions"},
{"id": 5587,
-"keyword": "algorithm generates posix"},
+"keyword": "language determinism"},
{"id": 5588,
-"keyword": "pairwise balanced designs"},
+"keyword": "comparatively small subset"},
{"id": 5589,
-"keyword": "original presentation"},
+"keyword": "independent runs"},
{"id": 5590,
-"keyword": "verified type checker"},
+"keyword": "principal ideal domains"},
{"id": 5591,
-"keyword": "conflict-free replicated data types"},
+"keyword": "write specifications"},
{"id": 5592,
-"keyword": "inverse function"},
+"keyword": "algorithm generates posix"},
{"id": 5593,
-"keyword": "underlying local hidden-variable theory"},
+"keyword": "pairwise balanced designs"},
{"id": 5594,
+"keyword": "original presentation"},
+{"id": 5595,
+"keyword": "verified type checker"},
+{"id": 5596,
+"keyword": "conflict-free replicated data types"},
+{"id": 5597,
+"keyword": "inverse function"},
+{"id": 5598,
+"keyword": "underlying local hidden-variable theory"},
+{"id": 5599,
"keyword": "stream fusion library"},
-{"id": 5595,
+{"id": 5600,
"keyword": "program verification competition"},
-{"id": 5596,
+{"id": 5601,
"keyword": "primitives"},
-{"id": 5597,
+{"id": 5602,
"keyword": "finite measure preserving systems"},
-{"id": 5598,
-"keyword": "verified functional skew heaps"},
-{"id": 5599,
-"keyword": "completed versions"},
-{"id": 5600,
-"keyword": "fixed upper bound"},
-{"id": 5601,
-"keyword": "chosen abstractions"},
-{"id": 5602,
-"keyword": "composition properties wrt"},
{"id": 5603,
-"keyword": "dfs-based algorithms"},
+"keyword": "verified functional skew heaps"},
{"id": 5604,
-"keyword": "rules applying"},
+"keyword": "completed versions"},
{"id": 5605,
-"keyword": "logarithmic upper bound"},
+"keyword": "fixed upper bound"},
{"id": 5606,
-"keyword": "incidence system properties"},
+"keyword": "chosen abstractions"},
{"id": 5607,
-"keyword": "small imperative language imp"},
+"keyword": "composition properties wrt"},
{"id": 5608,
-"keyword": "certified complex root isolation"},
+"keyword": "dfs-based algorithms"},
{"id": 5609,
-"keyword": "linear constraints"},
+"keyword": "rules applying"},
{"id": 5610,
-"keyword": "algebraically independent"},
+"keyword": "logarithmic upper bound"},
{"id": 5611,
-"keyword": "double exponential"},
+"keyword": "incidence system properties"},
{"id": 5612,
-"keyword": "monotone maps"},
+"keyword": "small imperative language imp"},
{"id": 5613,
-"keyword": "verified ssa construction"},
+"keyword": "certified complex root isolation"},
{"id": 5614,
-"keyword": "reachability analysis"},
+"keyword": "linear constraints"},
{"id": 5615,
-"keyword": "prime power"},
+"keyword": "algebraically independent"},
{"id": 5616,
-"keyword": "applications ranging"},
+"keyword": "double exponential"},
{"id": 5617,
-"keyword": "distributed environment"},
+"keyword": "monotone maps"},
{"id": 5618,
-"keyword": "octonionic product"},
+"keyword": "verified ssa construction"},
{"id": 5619,
-"keyword": "event lists varying"},
+"keyword": "reachability analysis"},
{"id": 5620,
-"keyword": "notably holcf"},
+"keyword": "prime power"},
{"id": 5621,
-"keyword": "call path authorization"},
+"keyword": "applications ranging"},
{"id": 5622,
-"keyword": "presentation"},
+"keyword": "distributed environment"},
{"id": 5623,
-"keyword": "efficiently executable code"},
+"keyword": "octonionic product"},
{"id": 5624,
-"keyword": "simple proofs"},
+"keyword": "event lists varying"},
{"id": 5625,
-"keyword": "independent modules"},
+"keyword": "notably holcf"},
{"id": 5626,
+"keyword": "call path authorization"},
+{"id": 5627,
+"keyword": "presentation"},
+{"id": 5628,
+"keyword": "efficiently executable code"},
+{"id": 5629,
+"keyword": "simple proofs"},
+{"id": 5630,
+"keyword": "independent modules"},
+{"id": 5631,
"keyword": "holzf theory"},
-{"id": 5627,
+{"id": 5632,
"keyword": "state monad"},
-{"id": 5628,
+{"id": 5633,
"keyword": "random pivot choice"},
-{"id": 5629,
+{"id": 5634,
"keyword": "concurrent revisions"},
-{"id": 5630,
-"keyword": "reduced row echelon form"},
-{"id": 5631,
-"keyword": "number-theoretic results"},
-{"id": 5632,
-"keyword": "subterm property"},
-{"id": 5633,
-"keyword": "basis reduction"},
-{"id": 5634,
-"keyword": "bkr algorithm"},
{"id": 5635,
-"keyword": "case study revealed"},
+"keyword": "reduced row echelon form"},
{"id": 5636,
-"keyword": "dynamic declassification triggers"},
+"keyword": "number-theoretic results"},
{"id": 5637,
-"keyword": "machine-checked correctness theorems"},
+"keyword": "subterm property"},
{"id": 5638,
-"keyword": "hereditary multisets"},
+"keyword": "basis reduction"},
{"id": 5639,
-"keyword": "dana scott"},
+"keyword": "bkr algorithm"},
{"id": 5640,
-"keyword": "fourier sequences"},
+"keyword": "case study revealed"},
{"id": 5641,
-"keyword": "collections framework"},
+"keyword": "dynamic declassification triggers"},
{"id": 5642,
+"keyword": "machine-checked correctness theorems"},
+{"id": 5643,
+"keyword": "hereditary multisets"},
+{"id": 5644,
+"keyword": "dana scott"},
+{"id": 5645,
+"keyword": "fourier sequences"},
+{"id": 5646,
+"keyword": "collections framework"},
+{"id": 5647,
"keyword": "relational core"},
-{"id": 5643,
+{"id": 5648,
"keyword": "infinite set"},
-{"id": 5644,
+{"id": 5649,
"keyword": "real error function erf"},
-{"id": 5645,
+{"id": 5650,
"keyword": "verifying safety properties"},
-{"id": 5646,
+{"id": 5651,
"keyword": "modal collapse"},
-{"id": 5647,
+{"id": 5652,
"keyword": "differential dynamics logic"},
-{"id": 5648,
+{"id": 5653,
"keyword": "hilbert systems"},
-{"id": 5649,
+{"id": 5654,
"keyword": "development establishes"},
-{"id": 5650,
+{"id": 5655,
"keyword": "quad text"},
-{"id": 5651,
+{"id": 5656,
"keyword": "rely condition generalised"},
-{"id": 5652,
+{"id": 5657,
"keyword": "prefix order"},
-{"id": 5653,
+{"id": 5658,
"keyword": "closure properties"},
-{"id": 5654,
+{"id": 5659,
"keyword": "negative cycles"},
-{"id": 5655,
+{"id": 5660,
"keyword": "generalized intervals"},
-{"id": 5656,
+{"id": 5661,
"keyword": "input programs"},
-{"id": 5657,
+{"id": 5662,
"keyword": "common-sense theory"},
-{"id": 5658,
+{"id": 5663,
"keyword": "standard semantics"},
-{"id": 5659,
+{"id": 5664,
"keyword": "omega-complete non-orders"}]
\ No newline at end of file
diff --git a/web/dependencies/graph_theory/index.html b/web/dependencies/graph_theory/index.html
--- a/web/dependencies/graph_theory/index.html
+++ b/web/dependencies/graph_theory/index.html
@@ -1,117 +1,126 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Graph_Theory - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../dependencies/graph_theory/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="Graph_Theory" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/dependencies/graph_theory/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Graph_Theory"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../css/front.min.css">
<link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
<script src="../../js/flexsearch.bundle.js"></script>
<script src="../../js/scroll-spy.js"></script>
<script src="../../js/theory.js"></script>
<script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../images/menu.svg" alt="Menu" />
</label>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../search"><img src="../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../" class='logo-link'>
<img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../"><li >Home</li></a>
<a href="../../topics/"><li >Topics</li></a>
<a href="../../download/"><li >Download</li></a>
<a href="../../help/"><li >Help</li></a>
<a href="../../submission/"><li >Submission</li></a>
<a href="../../statistics/"><li >Statistics</li></a>
<a href="../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>G</span>raph_<span class='first'>T</span>heory Dependents</h1>
<div>
</div>
-</header><div><h2 class="head">2021</h2><article class="entry">
+</header><div><h2 class="head">2022</h2><article class="entry">
+ <div class="item-text">
+ <h5><a class="title" href="../../entries/Query_Optimization.html">Verification of Query Optimization Algorithms</a></h5> <br>by <a href="../../authors/stevens">Lukas Stevens</a> and <a href="../../authors/stoeckl">Bernhard Stöckl</a></div>
+ <span class="date">
+ Oct 04
+ </span>
+</article>
+
+
+<h2 class="head">2021</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Design_Theory.html">Combinatorial Design Theory</a></h5> <br>by <a href="../../authors/edmonds">Chelsea Edmonds</a> and <a href="../../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Aug 13
</span>
</article>
<h2 class="head">2015</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Planarity_Certificates.html">Planarity Certificates</a></h5> <br>by <a href="../../authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Nov 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/Parity_Game.html">Positional Determinacy of Parity Games</a></h5> <br>by <a href="../../authors/dittmann">Christoph Dittmann</a></div>
<span class="date">
Nov 02
</span>
</article>
<h2 class="head">2013</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../entries/ShortestPath.html">An Axiomatic Characterization of the Single-Source Shortest Path Problem</a></h5> <br>by <a href="../../authors/rizkallah">Christine Rizkallah</a></div>
<span class="date">
May 22
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/dependencies/graph_theory/index.xml b/web/dependencies/graph_theory/index.xml
--- a/web/dependencies/graph_theory/index.xml
+++ b/web/dependencies/graph_theory/index.xml
@@ -1,47 +1,56 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Graph_Theory on Archive of Formal Proofs</title>
<link>/dependencies/graph_theory/</link>
<description>Recent content in Graph_Theory on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Fri, 13 Aug 2021 00:00:00 +0000</lastBuildDate><atom:link href="/dependencies/graph_theory/index.xml" rel="self" type="application/rss+xml" />
+ <lastBuildDate>Tue, 04 Oct 2022 00:00:00 +0000</lastBuildDate><atom:link href="/dependencies/graph_theory/index.xml" rel="self" type="application/rss+xml" />
+ <item>
+ <title>Verification of Query Optimization Algorithms</title>
+ <link>/entries/Query_Optimization.html</link>
+ <pubDate>Tue, 04 Oct 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Query_Optimization.html</guid>
+ <description></description>
+ </item>
+
<item>
<title>Combinatorial Design Theory</title>
<link>/entries/Design_Theory.html</link>
<pubDate>Fri, 13 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Design_Theory.html</guid>
<description></description>
</item>
<item>
<title>Planarity Certificates</title>
<link>/entries/Planarity_Certificates.html</link>
<pubDate>Wed, 11 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Planarity_Certificates.html</guid>
<description></description>
</item>
<item>
<title>Positional Determinacy of Parity Games</title>
<link>/entries/Parity_Game.html</link>
<pubDate>Mon, 02 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Parity_Game.html</guid>
<description></description>
</item>
<item>
<title>An Axiomatic Characterization of the Single-Source Shortest Path Problem</title>
<link>/entries/ShortestPath.html</link>
<pubDate>Wed, 22 May 2013 00:00:00 +0000</pubDate>
<guid>/entries/ShortestPath.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/dependencies/index.html b/web/dependencies/index.html
--- a/web/dependencies/index.html
+++ b/web/dependencies/index.html
@@ -1,2119 +1,2119 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><meta property="og:title" content="Dependencies" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/dependencies/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Dependencies"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon"><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>D</span>ependencies Dependents</h1>
<div>
</div>
</header><div><h2 class="head">2022</h2><article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../dependencies/graph_theory/">Graph_Theory</a></h5> <br></div>
+ <span class="date">
+ Oct 04
+ </span>
+</article>
+<article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../dependencies/girth_chromatic/">Girth_Chromatic</a></h5> <br></div>
<span class="date">
Sep 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/design_theory/">Design_Theory</a></h5> <br></div>
<span class="date">
Sep 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/list-index/">List-Index</a></h5> <br></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/deriving/">Deriving</a></h5> <br></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/collections/">Collections</a></h5> <br></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/epistemic_logic/">Epistemic_Logic</a></h5> <br></div>
<span class="date">
Sep 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/padic_ints/">Padic_Ints</a></h5> <br></div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/localization_ring/">Localization_Ring</a></h5> <br></div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/number_theoretic_transform/">Number_Theoretic_Transform</a></h5> <br></div>
<span class="date">
Sep 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/berlekamp_zassenhaus/">Berlekamp_Zassenhaus</a></h5> <br></div>
<span class="date">
Sep 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/pluennecke_ruzsa_inequality/">Pluennecke_Ruzsa_Inequality</a></h5> <br></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/jacobson_basic_algebra/">Jacobson_Basic_Algebra</a></h5> <br></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/bernoulli/">Bernoulli</a></h5> <br></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/native_word/">Native_Word</a></h5> <br></div>
<span class="date">
Aug 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/datatype_order_generator/">Datatype_Order_Generator</a></h5> <br></div>
<span class="date">
Aug 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/containers/">Containers</a></h5> <br></div>
<span class="date">
Aug 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/projective_measurements/">Projective_Measurements</a></h5> <br></div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/dirichlet_series/">Dirichlet_Series</a></h5> <br></div>
<span class="date">
Jun 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lucas_theorem/">Lucas_Theorem</a></h5> <br></div>
<span class="date">
Jun 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/digit_expansions/">Digit_Expansions</a></h5> <br></div>
<span class="date">
Jun 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/regular_tree_relations/">Regular_Tree_Relations</a></h5> <br></div>
<span class="date">
Jun 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/package_logic/">Package_logic</a></h5> <br></div>
<span class="date">
May 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sunflowers/">Sunflowers</a></h5> <br></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/stirling_formula/">Stirling_Formula</a></h5> <br></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/polynomial_factorization/">Polynomial_Factorization</a></h5> <br></div>
<span class="date">
Apr 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/groebner_bases/">Groebner_Bases</a></h5> <br></div>
<span class="date">
Apr 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/benor_kozen_reif/">BenOr_Kozen_Reif</a></h5> <br></div>
<span class="date">
Apr 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/weighted_path_order/">Weighted_Path_Order</a></h5> <br></div>
<span class="date">
Apr 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/universal_hash_families/">Universal_Hash_Families</a></h5> <br></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/prefix_free_code_combinators/">Prefix_Free_Code_Combinators</a></h5> <br></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/median_method/">Median_Method</a></h5> <br></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lp/">Lp</a></h5> <br></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/interpolation_polynomials_hol_algebra/">Interpolation_Polynomials_HOL_Algebra</a></h5> <br></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/equivalence_relation_enumeration/">Equivalence_Relation_Enumeration</a></h5> <br></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/bertrands_postulate/">Bertrands_Postulate</a></h5> <br></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/abstract_soundness/">Abstract_Soundness</a></h5> <br></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/abstract_completeness/">Abstract_Completeness</a></h5> <br></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/transitive_models/">Transitive_Models</a></h5> <br></div>
<span class="date">
Mar 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/delta_system_lemma/">Delta_System_Lemma</a></h5> <br></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/finite_fields/">Finite_Fields</a></h5> <br></div>
<span class="date">
Feb 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/zfc_in_hol/">ZFC_in_HOL</a></h5> <br></div>
<span class="date">
Feb 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/card_equiv_relations/">Card_Equiv_Relations</a></h5> <br></div>
<span class="date">
Feb 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/linear_inequalities/">Linear_Inequalities</a></h5> <br></div>
<span class="date">
Feb 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/fol-fitting/">FOL-Fitting</a></h5> <br></div>
<span class="date">
Feb 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/fol_seq_calc1/">FOL_Seq_Calc1</a></h5> <br></div>
<span class="date">
Jan 31
</span>
</article>
<h2 class="head">2021</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/szemeredi_regularity/">Szemeredi_Regularity</a></h5> <br></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/random_graph_subgraph_threshold/">Random_Graph_Subgraph_Threshold</a></h5> <br></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ergodic_theory/">Ergodic_Theory</a></h5> <br></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/mdp-rewards/">MDP-Rewards</a></h5> <br></div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/gauss_jordan/">Gauss_Jordan</a></h5> <br></div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/knuth_bendix_order/">Knuth_Bendix_Order</a></h5> <br></div>
<span class="date">
Dec 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sepref_prereq/">Sepref_Prereq</a></h5> <br></div>
<span class="date">
Nov 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/robdd/">ROBDD</a></h5> <br></div>
<span class="date">
Nov 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/jordan_normal_form/">Jordan_Normal_Form</a></h5> <br></div>
<span class="date">
Nov 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/automatic_refinement/">Automatic_Refinement</a></h5> <br></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/polynomials/">Polynomials</a></h5> <br></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/hermite_lindemann/">Hermite_Lindemann</a></h5> <br></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/algebraic_numbers/">Algebraic_Numbers</a></h5> <br></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/complex_bounded_operators/">Complex_Bounded_Operators</a></h5> <br></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/word_lib/">Word_Lib</a></h5> <br></div>
<span class="date">
Oct 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/subset_boolean_algebras/">Subset_Boolean_Algebras</a></h5> <br></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/stone_kleene_relation_algebras/">Stone_Kleene_Relation_Algebras</a></h5> <br></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/monobooltranalgebra/">MonoBoolTranAlgebra</a></h5> <br></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/real_impl/">Real_Impl</a></h5> <br></div>
<span class="date">
Sep 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/banach_steinhaus/">Banach_Steinhaus</a></h5> <br></div>
<span class="date">
Sep 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/speccheck/">SpecCheck</a></h5> <br></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/intro_dest_elim/">Intro_Dest_Elim</a></h5> <br></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/czh_foundations/">CZH_Foundations</a></h5> <br></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/czh_elementary_categories/">CZH_Elementary_Categories</a></h5> <br></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/conditional_transfer_rule/">Conditional_Transfer_Rule</a></h5> <br></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/conditional_simplification/">Conditional_Simplification</a></h5> <br></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/jinja/">Jinja</a></h5> <br></div>
<span class="date">
Sep 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/factor_algebraic_polynomial/">Factor_Algebraic_Polynomial</a></h5> <br></div>
<span class="date">
Sep 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/complex_geometry/">Complex_Geometry</a></h5> <br></div>
<span class="date">
Sep 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/polynomial_interpolation/">Polynomial_Interpolation</a></h5> <br></div>
<span class="date">
Aug 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/budan_fourier/">Budan_Fourier</a></h5> <br></div>
<span class="date">
Aug 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/fresh_identifiers/">Fresh_Identifiers</a></h5> <br></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/bounded_deducibility_security/">Bounded_Deducibility_Security</a></h5> <br></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/bd_security_compositional/">BD_Security_Compositional</a></h5> <br></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/nested_multisets_ordinals/">Nested_Multisets_Ordinals</a></h5> <br></div>
<span class="date">
Aug 13
</span>
</article>
<article class="entry">
<div class="item-text">
- <h5><a class="title" href="../dependencies/graph_theory/">Graph_Theory</a></h5> <br></div>
- <span class="date">
- Aug 13
- </span>
-</article>
-<article class="entry">
- <div class="item-text">
<h5><a class="title" href="../dependencies/card_partitions/">Card_Partitions</a></h5> <br></div>
<span class="date">
Aug 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/show/">Show</a></h5> <br></div>
<span class="date">
Jun 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/nominal2/">Nominal2</a></h5> <br></div>
<span class="date">
Jun 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/szpilrajn/">Szpilrajn</a></h5> <br></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/combinatorics_words/">Combinatorics_Words</a></h5> <br></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/jinjadci/">JinjaDCI</a></h5> <br></div>
<span class="date">
Apr 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sturm_tarski/">Sturm_Tarski</a></h5> <br></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/parity_game/">Parity_Game</a></h5> <br></div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sigma_commit_crypto/">Sigma_Commit_Crypto</a></h5> <br></div>
<span class="date">
Mar 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/game_based_crypto/">Game_Based_Crypto</a></h5> <br></div>
<span class="date">
Mar 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/constructive_cryptography/">Constructive_Cryptography</a></h5> <br></div>
<span class="date">
Mar 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/smith_normal_form/">Smith_Normal_Form</a></h5> <br></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lll_basis_reduction/">LLL_Basis_Reduction</a></h5> <br></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/hermite/">Hermite</a></h5> <br></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/qhlprover/">QHLProver</a></h5> <br></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/power_sum_polynomials/">Power_Sum_Polynomials</a></h5> <br></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/pi_transcendental/">Pi_Transcendental</a></h5> <br></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/isabelle_marries_dirac/">Isabelle_Marries_Dirac</a></h5> <br></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/refine_imperative_hol/">Refine_Imperative_HOL</a></h5> <br></div>
<span class="date">
Feb 24
</span>
</article>
<h2 class="head">2020</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/relational_disjoint_set_forests/">Relational_Disjoint_Set_Forests</a></h5> <br></div>
<span class="date">
Dec 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/aggregation_algebras/">Aggregation_Algebras</a></h5> <br></div>
<span class="date">
Dec 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/vericomp/">VeriComp</a></h5> <br></div>
<span class="date">
Dec 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/vectorspace/">VectorSpace</a></h5> <br></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/matrix_tensor/">Matrix_Tensor</a></h5> <br></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/hol-csp/">HOL-CSP</a></h5> <br></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/propositional_proof_systems/">Propositional_Proof_Systems</a></h5> <br></div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/certification_monads/">Certification_Monads</a></h5> <br></div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ai_planning_languages_semantics/">AI_Planning_Languages_Semantics</a></h5> <br></div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/shadow_sc_dom/">Shadow_SC_DOM</a></h5> <br></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/shadow_dom/">Shadow_DOM</a></h5> <br></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/core_sc_dom/">Core_SC_DOM</a></h5> <br></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/core_dom/">Core_DOM</a></h5> <br></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/syntax_independent_logic/">Syntax_Independent_Logic</a></h5> <br></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/incompleteness/">Incompleteness</a></h5> <br></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/hereditarilyfinite/">HereditarilyFinite</a></h5> <br></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/goedel_incompleteness/">Goedel_Incompleteness</a></h5> <br></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/finfun/">FinFun</a></h5> <br></div>
<span class="date">
Sep 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/extended_finite_state_machines/">Extended_Finite_State_Machines</a></h5> <br></div>
<span class="date">
Sep 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sepref_iicf/">Sepref_IICF</a></h5> <br></div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/well_quasi_orders/">Well_Quasi_Orders</a></h5> <br></div>
<span class="date">
Aug 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/saturation_framework/">Saturation_Framework</a></h5> <br></div>
<span class="date">
Aug 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ordered_resolution_prover/">Ordered_Resolution_Prover</a></h5> <br></div>
<span class="date">
Aug 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/holcf-prelude/">HOLCF-Prelude</a></h5> <br></div>
<span class="date">
Aug 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/first_order_terms/">First_Order_Terms</a></h5> <br></div>
<span class="date">
Aug 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/pratt_certificate/">Pratt_Certificate</a></h5> <br></div>
<span class="date">
Aug 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/nash_williams/">Nash_Williams</a></h5> <br></div>
<span class="date">
Aug 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/relation_algebra/">Relation_Algebra</a></h5> <br></div>
<span class="date">
Jul 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sturm_sequences/">Sturm_Sequences</a></h5> <br></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/perron_frobenius/">Perron_Frobenius</a></h5> <br></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/matrix/">Matrix</a></h5> <br></div>
<span class="date">
May 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/prime_number_theorem/">Prime_Number_Theorem</a></h5> <br></div>
<span class="date">
May 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/prime_distribution_elementary/">Prime_Distribution_Elementary</a></h5> <br></div>
<span class="date">
May 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ltl_master_theorem/">LTL_Master_Theorem</a></h5> <br></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ltl/">LTL</a></h5> <br></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/symmetric_polynomials/">Symmetric_Polynomials</a></h5> <br></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/hybrid_systems_vcs/">Hybrid_Systems_VCs</a></h5> <br></div>
<span class="date">
Apr 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/mfotl_monitor/">MFOTL_Monitor</a></h5> <br></div>
<span class="date">
Apr 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lambda_free_rpos/">Lambda_Free_RPOs</a></h5> <br></div>
<span class="date">
Apr 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ieee_floating_point/">IEEE_Floating_Point</a></h5> <br></div>
<span class="date">
Apr 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/generic_join/">Generic_Join</a></h5> <br></div>
<span class="date">
Apr 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/stateful_protocol_composition_and_typing/">Stateful_Protocol_Composition_and_Typing</a></h5> <br></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/stone_algebras/">Stone_Algebras</a></h5> <br></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/probabilistic_prime_tests/">Probabilistic_Prime_Tests</a></h5> <br></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/pell/">Pell</a></h5> <br></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/root_balanced_tree/">Root_Balanced_Tree</a></h5> <br></div>
<span class="date">
Jan 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/akra_bazzi/">Akra_Bazzi</a></h5> <br></div>
<span class="date">
Jan 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/monad_normalisation/">Monad_Normalisation</a></h5> <br></div>
<span class="date">
Jan 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/monoidalcategory/">MonoidalCategory</a></h5> <br></div>
<span class="date">
Jan 06
</span>
</article>
<h2 class="head">2019</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/e_transcendental/">E_Transcendental</a></h5> <br></div>
<span class="date">
Dec 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/hol-ode-numerics/">HOL-ODE-Numerics</a></h5> <br></div>
<span class="date">
Dec 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/dirichlet_l/">Dirichlet_L</a></h5> <br></div>
<span class="date">
Dec 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/crypthol/">CryptHOL</a></h5> <br></div>
<span class="date">
Oct 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/transformer_semantics/">Transformer_Semantics</a></h5> <br></div>
<span class="date">
Sep 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ordinary_differential_equations/">Ordinary_Differential_Equations</a></h5> <br></div>
<span class="date">
Sep 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/kat_and_dra/">KAT_and_DRA</a></h5> <br></div>
<span class="date">
Sep 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/kad/">KAD</a></h5> <br></div>
<span class="date">
Sep 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/transition_systems_and_automata/">Transition_Systems_and_Automata</a></h5> <br></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/farkas/">Farkas</a></h5> <br></div>
<span class="date">
Aug 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/pairing_heap/">Pairing_Heap</a></h5> <br></div>
<span class="date">
Jul 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/huffman/">Huffman</a></h5> <br></div>
<span class="date">
Jul 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/higher_order_terms/">Higher_Order_Terms</a></h5> <br></div>
<span class="date">
Jul 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/dict_construction/">Dict_Construction</a></h5> <br></div>
<span class="date">
Jul 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/constructor_funs/">Constructor_Funs</a></h5> <br></div>
<span class="date">
Jul 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/cakeml/">CakeML</a></h5> <br></div>
<span class="date">
Jul 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/priority_search_trees/">Priority_Search_Trees</a></h5> <br></div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/imp2/">IMP2</a></h5> <br></div>
<span class="date">
Jun 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/median_of_medians_selection/">Median_Of_Medians_Selection</a></h5> <br></div>
<span class="date">
May 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/deep_learning/">Deep_Learning</a></h5> <br></div>
<span class="date">
Mar 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/zeta_function/">Zeta_Function</a></h5> <br></div>
<span class="date">
Feb 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/refine_monadic/">Refine_Monadic</a></h5> <br></div>
<span class="date">
Feb 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/matroids/">Matroids</a></h5> <br></div>
<span class="date">
Feb 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/utp-toolkit/">UTP-Toolkit</a></h5> <br></div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/optics/">Optics</a></h5> <br></div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/simplex/">Simplex</a></h5> <br></div>
<span class="date">
Jan 17
</span>
</article>
<h2 class="head">2018</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/auto2_hol/">Auto2_HOL</a></h5> <br></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/quantales/">Quantales</a></h5> <br></div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/order_lattice_props/">Order_Lattice_Props</a></h5> <br></div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/kleene_algebra/">Kleene_Algebra</a></h5> <br></div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/open_induction/">Open_Induction</a></h5> <br></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/random_bsts/">Random_BSTs</a></h5> <br></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/recursion-theory-i/">Recursion-Theory-I</a></h5> <br></div>
<span class="date">
Aug 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/abstract-rewriting/">Abstract-Rewriting</a></h5> <br></div>
<span class="date">
Aug 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/first_welfare_theorem/">First_Welfare_Theorem</a></h5> <br></div>
<span class="date">
Jul 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/stuttering_equivalence/">Stuttering_Equivalence</a></h5> <br></div>
<span class="date">
Jun 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/coinductive/">Coinductive</a></h5> <br></div>
<span class="date">
Jun 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/monad_memo_dp/">Monad_Memo_DP</a></h5> <br></div>
<span class="date">
May 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/markov_models/">Markov_Models</a></h5> <br></div>
<span class="date">
May 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/timed_automata/">Timed_Automata</a></h5> <br></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/randomised_social_choice/">Randomised_Social_Choice</a></h5> <br></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lem/">LEM</a></h5> <br></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/dynamicarchitectures/">DynamicArchitectures</a></h5> <br></div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/separation_algebra/">Separation_Algebra</a></h5> <br></div>
<span class="date">
Feb 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/landau_symbols/">Landau_Symbols</a></h5> <br></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/comparison_sort_lower_bound/">Comparison_Sort_Lower_Bound</a></h5> <br></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/affine_arithmetic/">Affine_Arithmetic</a></h5> <br></div>
<span class="date">
Jan 08
</span>
</article>
<h2 class="head">2017</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/discrete_summation/">Discrete_Summation</a></h5> <br></div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/finitely_generated_abelian_groups/">Finitely_Generated_Abelian_Groups</a></h5> <br></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/crdt/">CRDT</a></h5> <br></div>
<span class="date">
Nov 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/gabow_scc/">Gabow_SCC</a></h5> <br></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/dfs_framework/">DFS_Framework</a></h5> <br></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/winding_number_eval/">Winding_Number_Eval</a></h5> <br></div>
<span class="date">
Oct 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/linear_recurrences/">Linear_Recurrences</a></h5> <br></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/euler_maclaurin/">Euler_MacLaurin</a></h5> <br></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/count_complex_roots/">Count_Complex_Roots</a></h5> <br></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/amortized_complexity/">Amortized_Complexity</a></h5> <br></div>
<span class="date">
Aug 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/triangle/">Triangle</a></h5> <br></div>
<span class="date">
Jul 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/stone_relation_algebras/">Stone_Relation_Algebras</a></h5> <br></div>
<span class="date">
Jul 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/program-conflict-analysis/">Program-Conflict-Analysis</a></h5> <br></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/flow_networks/">Flow_Networks</a></h5> <br></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/cava_automata/">CAVA_Automata</a></h5> <br></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lazy_case/">Lazy_Case</a></h5> <br></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/probabilistic_while/">Probabilistic_While</a></h5> <br></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/monomorphic_monad/">Monomorphic_Monad</a></h5> <br></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/mfmc_countable/">MFMC_Countable</a></h5> <br></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/applicative_lifting/">Applicative_Lifting</a></h5> <br></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/category3/">Category3</a></h5> <br></div>
<span class="date">
May 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/quick_sort_cost/">Quick_Sort_Cost</a></h5> <br></div>
<span class="date">
Apr 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/regular-sets/">Regular-Sets</a></h5> <br></div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/formal_ssa/">Formal_SSA</a></h5> <br></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/upf/">UPF</a></h5> <br></div>
<span class="date">
Jan 08
</span>
</article>
<h2 class="head">2016</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/card_number_partitions/">Card_Number_Partitions</a></h5> <br></div>
<span class="date">
Dec 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/card_multisets/">Card_Multisets</a></h5> <br></div>
<span class="date">
Dec 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/bell_numbers_spivey/">Bell_Numbers_Spivey</a></h5> <br></div>
<span class="date">
Dec 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ordinal/">Ordinal</a></h5> <br></div>
<span class="date">
Nov 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/iptables_semantics/">Iptables_Semantics</a></h5> <br></div>
<span class="date">
Oct 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/subresultants/">Subresultants</a></h5> <br></div>
<span class="date">
Oct 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/efficient-mergesort/">Efficient-Mergesort</a></h5> <br></div>
<span class="date">
Oct 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/routing/">Routing</a></h5> <br></div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/iptables_semantics_examples/">Iptables_Semantics_Examples</a></h5> <br></div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/simple_firewall/">Simple_Firewall</a></h5> <br></div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ip_addresses/">IP_Addresses</a></h5> <br></div>
<span class="date">
Aug 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sepref_basic/">Sepref_Basic</a></h5> <br></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/separation_logic_imperative_hol/">Separation_Logic_Imperative_HOL</a></h5> <br></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/dijkstra_shortest_path/">Dijkstra_Shortest_Path</a></h5> <br></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/collections_examples/">Collections_Examples</a></h5> <br></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/dependent_sifum_type_systems/">Dependent_SIFUM_Type_Systems</a></h5> <br></div>
<span class="date">
Jun 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/noninterference_sequential_composition/">Noninterference_Sequential_Composition</a></h5> <br></div>
<span class="date">
Jun 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/rank_nullity_theorem/">Rank_Nullity_Theorem</a></h5> <br></div>
<span class="date">
May 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/edmondskarp_maxflow/">EdmondsKarp_Maxflow</a></h5> <br></div>
<span class="date">
May 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/noninterference_ipurge_unwinding/">Noninterference_Ipurge_Unwinding</a></h5> <br></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/boolean_expression_checkers/">Boolean_Expression_Checkers</a></h5> <br></div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/slicing/">Slicing</a></h5> <br></div>
<span class="date">
Feb 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sqrt_babylonian/">Sqrt_Babylonian</a></h5> <br></div>
<span class="date">
Jan 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/partial_function_mr/">Partial_Function_MR</a></h5> <br></div>
<span class="date">
Jan 29
</span>
</article>
<h2 class="head">2015</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/marriage/">Marriage</a></h5> <br></div>
<span class="date">
Dec 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/transitive-closure/">Transitive-Closure</a></h5> <br></div>
<span class="date">
Nov 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/simpl/">Simpl</a></h5> <br></div>
<span class="date">
Nov 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/case_labeling/">Case_Labeling</a></h5> <br></div>
<span class="date">
Nov 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/kbps/">KBPs</a></h5> <br></div>
<span class="date">
Sep 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/echelon_form/">Echelon_Form</a></h5> <br></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/noninterference_csp/">Noninterference_CSP</a></h5> <br></div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/list_interleaving/">List_Interleaving</a></h5> <br></div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/formula_derivatives/">Formula_Derivatives</a></h5> <br></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/coinductive_languages/">Coinductive_Languages</a></h5> <br></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/concurrentimp/">ConcurrentIMP</a></h5> <br></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/heard_of/">Heard_Of</a></h5> <br></div>
<span class="date">
Mar 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/launchbury/">Launchbury</a></h5> <br></div>
<span class="date">
Feb 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/cayley_hamilton/">Cayley_Hamilton</a></h5> <br></div>
<span class="date">
Feb 12
</span>
</article>
<h2 class="head">2014</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/awn/">AWN</a></h5> <br></div>
<span class="date">
Oct 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/secondary_sylow/">Secondary_Sylow</a></h5> <br></div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/splay_tree/">Splay_Tree</a></h5> <br></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/skew_heap/">Skew_Heap</a></h5> <br></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sm_base/">SM_Base</a></h5> <br></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/sm/">SM</a></h5> <br></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/promela/">Promela</a></h5> <br></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/partial_order_reduction/">Partial_Order_Reduction</a></h5> <br></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/ltl_to_gba/">LTL_to_GBA</a></h5> <br></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/cava_setup/">CAVA_Setup</a></h5> <br></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/cava_base/">CAVA_Base</a></h5> <br></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/strong_security/">Strong_Security</a></h5> <br></div>
<span class="date">
Apr 23
</span>
</article>
<h2 class="head">2013</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lehmer/">Lehmer</a></h5> <br></div>
<span class="date">
Jul 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/trie/">Trie</a></h5> <br></div>
<span class="date">
Apr 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/finger-trees/">Finger-Trees</a></h5> <br></div>
<span class="date">
Apr 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/cauchy/">Cauchy</a></h5> <br></div>
<span class="date">
Jan 03
</span>
</article>
<h2 class="head">2012</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lorenz_approximation/">Lorenz_Approximation</a></h5> <br></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/gauss-jordan-elim-fun/">Gauss-Jordan-Elim-Fun</a></h5> <br></div>
<span class="date">
Jan 03
</span>
</article>
<h2 class="head">2011</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/latticeproperties/">LatticeProperties</a></h5> <br></div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/nat-interval-logic/">Nat-Interval-Logic</a></h5> <br></div>
<span class="date">
Feb 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/list-infinite/">List-Infinite</a></h5> <br></div>
<span class="date">
Feb 23
</span>
</article>
<h2 class="head">2010</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/datarefinementibp/">DataRefinementIBP</a></h5> <br></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/hrb-slicing/">HRB-Slicing</a></h5> <br></div>
<span class="date">
Mar 23
</span>
</article>
<h2 class="head">2009</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/binomial-heaps/">Binomial-Heaps</a></h5> <br></div>
<span class="date">
Nov 25
</span>
</article>
<h2 class="head">2007</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/group-ring-module/">Group-Ring-Module</a></h5> <br></div>
<span class="date">
Aug 08
</span>
</article>
<h2 class="head">2006</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/flyspeck-tame/">Flyspeck-Tame</a></h5> <br></div>
<span class="date">
May 22
</span>
</article>
<h2 class="head">2004</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../dependencies/lazy-lists-ii/">Lazy-Lists-II</a></h5> <br></div>
<span class="date">
Apr 26
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Graph_Theory.html b/web/entries/Graph_Theory.html
--- a/web/entries/Graph_Theory.html
+++ b/web/entries/Graph_Theory.html
@@ -1,204 +1,204 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Graph Theory - Archive of Formal Proofs</title><meta name="description" content="This development provides a formalization of directed graphs, supporting (labelled) multi-edges and infinite graphs. A polymorphic edge type allows edges..."><meta property="og:title" content="Graph Theory" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/entries/Graph_Theory.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
<meta property="article:published_time" content="2013-04-28T00:00:00+00:00" />
<meta property="article:modified_time" content="2013-04-28T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Graph Theory"/>
<meta name="twitter:description" content=""/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>G</span>raph <span class='first'>T</span>heory</h1>
<div>
<p><a href="../authors/noschinski">Lars Noschinski</a> <a href="http://www21.in.tum.de/~noschinl/">🌐</a>
</p>
<p class="date">April 28, 2013</p>
</div>
</header><div><main><h3>Abstract</h3>
<div class="abstract mathjax_process">This development provides a formalization of directed graphs, supporting (labelled) multi-edges and infinite graphs. A polymorphic edge type allows edges to be treated as pairs of vertices, if multi-edges are not required. Formalized properties are i.a. walks (and related concepts), connectedness and subgraphs and basic properties of isomorphisms.
<p>
This formalization is used to prove characterizations of Euler Trails, Shortest Paths and Kuratowski subgraphs.</div>
<h3>License</h3>
<div><a href="https://isa-afp.org/LICENSE">BSD License</a></div><h3>Topics</h3>
<ul><li><a href="../topics/mathematics/graph-theory">Mathematics/Graph theory</a></li></ul>
<h3>Session Graph_Theory</h3>
<ul>
<li><a href="../theories/graph_theory/#Rtrancl_On">Rtrancl_On</a></li>
<li><a href="../theories/graph_theory/#Stuff">Stuff</a></li>
<li><a href="../theories/graph_theory/#Digraph">Digraph</a></li>
<li><a href="../theories/graph_theory/#Bidirected_Digraph">Bidirected_Digraph</a></li>
<li><a href="../theories/graph_theory/#Arc_Walk">Arc_Walk</a></li>
<li><a href="../theories/graph_theory/#Pair_Digraph">Pair_Digraph</a></li>
<li><a href="../theories/graph_theory/#Digraph_Component">Digraph_Component</a></li>
<li><a href="../theories/graph_theory/#Vertex_Walk">Vertex_Walk</a></li>
<li><a href="../theories/graph_theory/#Digraph_Component_Vwalk">Digraph_Component_Vwalk</a></li>
<li><a href="../theories/graph_theory/#Digraph_Isomorphism">Digraph_Isomorphism</a></li>
<li><a href="../theories/graph_theory/#Auxiliary">Auxiliary</a></li>
<li><a href="../theories/graph_theory/#Subdivision">Subdivision</a></li>
<li><a href="../theories/graph_theory/#Euler">Euler</a></li>
<li><a href="../theories/graph_theory/#Kuratowski">Kuratowski</a></li>
<li><a href="../theories/graph_theory/#Weighted_Graph">Weighted_Graph</a></li>
<li><a href="../theories/graph_theory/#Shortest_Path">Shortest_Path</a></li>
<li><a href="../theories/graph_theory/#Graph_Theory">Graph_Theory</a></li></ul><div class="flex-wrap">
<div>
<h3>Used by</h3>
- <ul class="horizontal-list"><li><a href="../entries/Design_Theory.html">Combinatorial Design Theory</a></li><li><a href="../entries/Planarity_Certificates.html">Planarity Certificates</a></li><li><a href="../entries/Parity_Game.html">Positional Determinacy of Parity Games</a></li><li><a href="../entries/ShortestPath.html">An Axiomatic Characterization of the Single-Source Shortest Path Problem</a></li></ul>
+ <ul class="horizontal-list"><li><a href="../entries/Query_Optimization.html">Verification of Query Optimization Algorithms</a></li><li><a href="../entries/Design_Theory.html">Combinatorial Design Theory</a></li><li><a href="../entries/Planarity_Certificates.html">Planarity Certificates</a></li><li><a href="../entries/Parity_Game.html">Positional Determinacy of Parity Games</a></li><li><a href="../entries/ShortestPath.html">An Axiomatic Characterization of the Single-Source Shortest Path Problem</a></li></ul>
</div>
</div>
</main>
<nav class='links'>
<a class='popup-button' href="#cite-popup">Cite</a>
<a class='popup-button' href="#download-popup">Download</a>
<h4>PDFs</h4>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Graph_Theory/outline.pdf">Proof
outline</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Graph_Theory/document.pdf">Proof
document</a>
<a href="https://www.isa-afp.org/browser_info/current/AFP/Graph_Theory/session_graph.pdf">Dependencies</a></nav>
<div id="cite-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Cite</h2>
<a class="close" href="#">&times;</a>
<div>
<p style="display:none;" id="bibtex-filename">Graph_Theory-AFP</p><pre id="copy-text">@article{Graph_Theory-AFP,
author = {Lars Noschinski},
title = {Graph Theory},
journal = {Archive of Formal Proofs},
month = {April},
year = {2013},
note = {\url{https://isa-afp.org/entries/Graph_Theory.html},
Formal proof development},
ISSN = {2150-914x},
}</pre>
<button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
</div>
</div>
</div>
<div id="download-popup" class="overlay">
<a class="cancel" href="#"></a>
<div class="popup">
<h2>Download</h2>
<a class="close" href="#">&times;</a>
<a href="https://www.isa-afp.org/release//afp-Graph_Theory-current.tar.gz" download>Download latest</a>
<p>Older releases:</p>
<ul><li>
<a href="https://www.isa-afp.org/release/afp-Graph_Theory-2021-12-14.tar.gz">Dec 14, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Graph_Theory-2021-02-23.tar.gz">Feb 23, 2021</a>: Isabelle2021
</li><li>
<a href="https://www.isa-afp.org/release/afp-Graph_Theory-2020-04-18.tar.gz">Apr 18, 2020</a>: Isabelle2020
</li><li>
<a href="https://www.isa-afp.org/release/afp-Graph_Theory-2019-06-11.tar.gz">Jun 11, 2019</a>: Isabelle2019
</li><li>
<a href="https://www.isa-afp.org/release/afp-Graph_Theory-2018-08-16.tar.gz">Aug 16, 2018</a>: Isabelle2018
</li><li>
<a href="https://www.isa-afp.org/release/afp-Graph_Theory-2017-10-10.tar.gz">Oct 10, 2017</a>: Isabelle2017
</li><li>
<a href="https://www.isa-afp.org/release/afp-Graph_Theory-2016-12-17.tar.gz">Dec 17, 2016</a>: Isabelle2016-1
</li><li>
<a href="https://www.isa-afp.org/release/afp-Graph_Theory-2016-02-22.tar.gz">Feb 22, 2016</a>: Isabelle2016
</li><li>
<a href="https://www.isa-afp.org/release/afp-Graph_Theory-2015-05-27.tar.gz">May 27, 2015</a>: Isabelle2015
</li><li>
<a href="https://www.isa-afp.org/release/afp-Graph_Theory-2014-08-28.tar.gz">Aug 28, 2014</a>: Isabelle2014
</li><li>
<a href="https://www.isa-afp.org/release/afp-Graph_Theory-2013-12-11.tar.gz">Dec 11, 2013</a>: Isabelle2013-2
</li><li>
<a href="https://www.isa-afp.org/release/afp-Graph_Theory-2013-11-17.tar.gz">Nov 17, 2013</a>: Isabelle2013-1
</li><li>
<a href="https://www.isa-afp.org/release/afp-Graph_Theory-2013-05-02.tar.gz">May 2, 2013</a>: Isabelle2013
</li></ul>
</div>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/Query_Optimization.html b/web/entries/Query_Optimization.html
new file mode 100644
--- /dev/null
+++ b/web/entries/Query_Optimization.html
@@ -0,0 +1,180 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1"><title>Verification of Query Optimization Algorithms - Archive of Formal Proofs</title><meta name="description" content="This formalization includes a general framework for query optimization
+consisting of the definitions of selectivities, query graphs, join
+trees, and cost..."><meta property="og:title" content="Verification of Query Optimization Algorithms" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/entries/Query_Optimization.html" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="entries" />
+<meta property="article:published_time" content="2022-10-04T00:00:00+00:00" />
+<meta property="article:modified_time" content="2022-10-04T00:00:00+00:00" /><meta property="og:site_name" content="Archive of Formal Proofs" />
+
+<meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="Verification of Query Optimization Algorithms"/>
+<meta name="twitter:description" content=""/>
+
+
+ <link rel="stylesheet" type="text/css" href="../css/front.min.css">
+
+ <link rel="icon" href="../images/favicon.ico" type="image/icon">
+ <script>
+ MathJax = {
+ tex: {
+ inlineMath: [['$', '$'], ['\\(', '\\)']]
+ },
+ processEscapes: true,
+ svg: {
+ fontCache: 'global'
+ }
+ };
+ </script>
+ <script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
+ <script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
+ <script src="../js/flexsearch.bundle.js"></script>
+ <script src="../js/scroll-spy.js"></script>
+ <script src="../js/theory.js"></script>
+ <script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
+</head>
+
+
+<body class='mathjax_ignore '>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../" class='logo-link'>
+ <img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+
+ <a href="../search"><img src="../images/search.svg" alt="Search" /></a>
+ <nav id="menu">
+ <div>
+ <a href="../" class='logo-link'>
+ <img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+ <ul>
+ <a href="../"><li >Home</li></a>
+ <a href="../topics/"><li >Topics</li></a>
+ <a href="../download/"><li >Download</li></a>
+ <a href="../help/"><li >Help</li></a>
+ <a href="../submission/"><li >Submission</li></a>
+ <a href="../statistics/"><li >Statistics</li></a>
+ <a href="../about/"><li >About</li></a>
+ </ul>
+ </div>
+ </nav>
+</div>
+ </aside>
+
+ <div
+ class='content entries'><header>
+ <form autocomplete="off" action="../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1 >
+ <span class='first'>V</span>erification of <span class='first'>Q</span>uery <span class='first'>O</span>ptimization <span class='first'>A</span>lgorithms</h1>
+ <div>
+
+ <p><a href="../authors/stevens">Lukas Stevens</a> <a href="https://www21.in.tum.de/team/stevensl">🌐</a> and <a href="../authors/stoeckl">Bernhard Stöckl</a> <a class="obfuscated" data="eyJob3N0IjpbImluIiwidHVtIiwiZGUiXSwidXNlciI6WyJzdG9lY2tsIl19">📧</a>
+ </p>
+
+
+ <p class="date">October 4, 2022</p>
+
+ </div>
+</header><div><main><h3>Abstract</h3>
+
+ <div class="abstract mathjax_process">This formalization includes a general framework for query optimization
+consisting of the definitions of selectivities, query graphs, join
+trees, and cost functions. Furthermore, it implements the join
+ordering algorithm IKKBZ using these definitions. It verifies the
+correctness of these definitions and proves that IKKBZ produces an
+optimal solution within a restricted solution space.</div>
+
+ <h3>License</h3>
+ <div><a href="https://isa-afp.org/LICENSE">BSD License</a></div><h3>Topics</h3>
+ <ul><li><a href="../topics/computer-science/data-management-systems">Computer science/Data management systems</a></li></ul>
+ <h3>Session Query_Optimization</h3>
+ <ul>
+ <li><a href="../theories/query_optimization/#Misc">Misc</a></li>
+ <li><a href="../theories/query_optimization/#Graph_Theory_Batteries">Graph_Theory_Batteries</a></li>
+ <li><a href="../theories/query_optimization/#Graph_Definitions">Graph_Definitions</a></li>
+ <li><a href="../theories/query_optimization/#Shortest_Path_Tree">Shortest_Path_Tree</a></li>
+ <li><a href="../theories/query_optimization/#Selectivities">Selectivities</a></li>
+ <li><a href="../theories/query_optimization/#JoinTree">JoinTree</a></li>
+ <li><a href="../theories/query_optimization/#CostFunctions">CostFunctions</a></li>
+ <li><a href="../theories/query_optimization/#Graph_Additions">Graph_Additions</a></li>
+ <li><a href="../theories/query_optimization/#QueryGraph">QueryGraph</a></li>
+ <li><a href="../theories/query_optimization/#Directed_Tree_Additions">Directed_Tree_Additions</a></li>
+ <li><a href="../theories/query_optimization/#Dtree">Dtree</a></li>
+ <li><a href="../theories/query_optimization/#List_Dtree">List_Dtree</a></li>
+ <li><a href="../theories/query_optimization/#IKKBZ">IKKBZ</a></li>
+ <li><a href="../theories/query_optimization/#IKKBZ_Optimality">IKKBZ_Optimality</a></li>
+ <li><a href="../theories/query_optimization/#IKKBZ_Examples">IKKBZ_Examples</a></li></ul><div class="flex-wrap">
+ <div>
+ <h3>Depends on</h3>
+ <ul class="horizontal-list"><li><a href="../entries/Graph_Theory.html">Graph Theory</a></li></ul>
+ </div>
+
+ </div>
+</main>
+
+<nav class='links'>
+ <a class='popup-button' href="#cite-popup">Cite</a>
+ <a class='popup-button' href="#download-popup">Download</a>
+ <h4>PDFs</h4>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Query_Optimization/outline.pdf">Proof
+ outline</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Query_Optimization/document.pdf">Proof
+ document</a>
+ <a href="https://www.isa-afp.org/browser_info/current/AFP/Query_Optimization/session_graph.pdf">Dependencies</a></nav>
+
+<div id="cite-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Cite</h2>
+ <a class="close" href="#">&times;</a>
+ <div>
+ <p style="display:none;" id="bibtex-filename">Query_Optimization-AFP</p><pre id="copy-text">@article{Query_Optimization-AFP,
+ author = {Lukas Stevens and Bernhard Stöckl},
+ title = {Verification of Query Optimization Algorithms},
+ journal = {Archive of Formal Proofs},
+ month = {October},
+ year = {2022},
+ note = {\url{https://isa-afp.org/entries/Query_Optimization.html},
+ Formal proof development},
+ ISSN = {2150-914x},
+}</pre>
+ <button id="copy-bibtex">Copy</button> <a id="download-bibtex">Download</a>
+ </div>
+ </div>
+</div>
+
+<div id="download-popup" class="overlay">
+ <a class="cancel" href="#"></a>
+ <div class="popup">
+ <h2>Download</h2>
+ <a class="close" href="#">&times;</a>
+ <a href="https://www.isa-afp.org/release//afp-Query_Optimization-current.tar.gz" download>Download latest</a>
+
+ </div>
+</div>
+ </div>
+ </div>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/web/entries/index.html b/web/entries/index.html
--- a/web/entries/index.html
+++ b/web/entries/index.html
@@ -1,5090 +1,5097 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Archive of Formal Proofs</title><meta name="description" content=""><link rel="alternate" type="application/rss+xml" href="../entries/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="Entries" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/entries/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Entries"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon">
<script>
MathJax = {
tex: {
inlineMath: [['$', '$'], ['\\(', '\\)']]
},
processEscapes: true,
svg: {
fontCache: 'global'
}
};
</script>
<script id="MathJax-script" async src="../js/mathjax/es5/tex-mml-chtml.js"></script>
<script src="../js/entries.js"></script><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content entries'><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>E</span>ntries</h1>
<div>
</div>
</header><div><h2 class="head">2022</h2><article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../entries/Query_Optimization.html">Verification of Query Optimization Algorithms</a></h5> <br>by <a href="../authors/stevens">Lukas Stevens</a> and <a href="../authors/stoeckl">Bernhard Stöckl</a></div>
+ <span class="date">
+ Oct 04
+ </span>
+</article>
+<article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../entries/Undirected_Graph_Theory.html">Undirected Graph Theory</a></h5> <br>by <a href="../authors/edmonds">Chelsea Edmonds</a></div>
<span class="date">
Sep 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Maximum_Segment_Sum.html">Maximum Segment Sum</a></h5> <br>by <a href="../authors/cremer">Nils Cremer</a></div>
<span class="date">
Sep 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Safe_Range_RC.html">Making Arbitrary Relational Calculus Queries Safe-Range</a></h5> <br>by <a href="../authors/raszyk">Martin Raszyk</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stalnaker_Logic.html">Stalnaker&#39;s Epistemic Logic</a></h5> <br>by <a href="../authors/guzman">Laura P. Gamboa Guzman</a></div>
<span class="date">
Sep 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Padic_Field.html">p-adic Fields and p-adic Semialgebraic Sets</a></h5> <br>by <a href="../authors/crighton">Aaron Crighton</a></div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Risk_Free_Lending.html">Risk-Free Lending</a></h5> <br>by <a href="../authors/doty">Matthew Doty</a></div>
<span class="date">
Sep 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Implicational_Logic.html">Soundness and Completeness of Implicational Logic</a></h5> <br>by <a href="../authors/from">Asta Halkjær From</a> and <a href="../authors/villadsen">Jørgen Villadsen</a></div>
<span class="date">
Sep 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CRYSTALS-Kyber.html">CRYSTALS-Kyber</a></h5> <br>by <a href="../authors/kreuzer">Katharina Kreuzer</a></div>
<span class="date">
Sep 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Separation_Logic_Unbounded.html">Unbounded Separation Logic</a></h5> <br>by <a href="../authors/dardinier">Thibault Dardinier</a></div>
<span class="date">
Sep 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hales_Jewett.html">The Hales–Jewett Theorem</a></h5> <br>by <a href="../authors/sulejmani">Ujkan Sulejmani</a>, <a href="../authors/eberl">Manuel Eberl</a> and <a href="../authors/kreuzer">Katharina Kreuzer</a></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Khovanskii_Theorem.html">Khovanskii&#39;s Theorem</a></h5> <br>by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Number_Theoretic_Transform.html">Number Theoretic Transform</a></h5> <br>by <a href="../authors/ammer">Thomas Ammer</a> and <a href="../authors/kreuzer">Katharina Kreuzer</a></div>
<span class="date">
Aug 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SCC_Bloemen_Sequential.html">Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph</a></h5> <br>by <a href="../authors/merz">Stephan Merz</a> and <a href="../authors/trelat">Vincent Trélat</a></div>
<span class="date">
Aug 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Involutions2Squares.html">From THE BOOK: Two Squares via Involutions</a></h5> <br>by <a href="../authors/bortin">Maksym Bortin</a></div>
<span class="date">
Aug 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FSM_Tests.html">Verified Complete Test Strategies for Finite State Machines</a></h5> <br>by <a href="../authors/sachtleben">Robert Sachtleben</a></div>
<span class="date">
Aug 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Nano_JSON.html">Nano JSON: Working with JSON formatted data in Isabelle/HOL and Isabelle/ML</a></h5> <br>by <a href="../authors/brucker">Achim D. Brucker</a></div>
<span class="date">
Jul 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Commuting_Hermitian.html">Simultaneous diagonalization of pairwise commuting Hermitian matrices</a></h5> <br>by <a href="../authors/echenim">Mnacho Echenim</a></div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Solidity.html">Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL</a></h5> <br>by <a href="../authors/marmsoler">Diego Marmsoler</a> and <a href="../authors/brucker">Achim D. Brucker</a></div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Weighted_Arithmetic_Geometric_Mean.html">Pólya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IMP_Compiler_Reuse.html">A Reuse-Based Multi-Stage Compiler Verification for Language IMP</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Jul 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Real_Time_Deque.html">Real-Time Double-Ended Queue</a></h5> <br>by <a href="../authors/toth">Balazs Toth</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Boolos_Curious_Inference.html">Boolos&#39;s Curious Inference in Isabelle/HOL</a></h5> <br>by <a href="../authors/ketland">Jeffrey Ketland</a></div>
<span class="date">
Jun 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IsaNet.html">IsaNet: Formalization of a Verification Framework for Secure Data Plane Protocols</a></h5> <br>by <a href="../authors/klenze">Tobias Klenze</a> and <a href="../authors/sprenger">Christoph Sprenger</a></div>
<span class="date">
Jun 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Finite_Fields.html">Finite Fields</a></h5> <br>by <a href="../authors/karayel">Emin Karayel</a></div>
<span class="date">
Jun 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DPRM_Theorem.html">Diophantine Equations and the DPRM Theorem</a></h5> <br>by <a href="../authors/bayer">Jonas Bayer</a>, <a href="../authors/david">Marco David</a>, <a href="../authors/stock">Benedikt Stock</a>, <a href="../authors/pal">Abhik Pal</a>, <a href="../authors/matiyasevich">Yuri Matiyasevich</a> and <a href="../authors/schleicher">Dierk Schleicher</a></div>
<span class="date">
Jun 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Rewrite_Properties_Reduction.html">Reducing Rewrite Properties to Properties on Ground Terms</a></h5> <br>by <a href="../authors/lochmann">Alexander Lochmann</a></div>
<span class="date">
Jun 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Combinable_Wands.html">A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand</a></h5> <br>by <a href="../authors/dardinier">Thibault Dardinier</a></div>
<span class="date">
May 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Pluennecke_Ruzsa_Inequality.html">The Plünnecke-Ruzsa Inequality</a></h5> <br>by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
May 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Package_logic.html">Formalization of a Framework for the Sound Automation of Magic Wands</a></h5> <br>by <a href="../authors/dardinier">Thibault Dardinier</a></div>
<span class="date">
May 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Clique_and_Monotone_Circuits.html">Clique is not solvable by monotone circuits of polynomial size</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Fishers_Inequality.html">Fisher&#39;s Inequality: Linear Algebraic Proof Techniques for Combinatorics</a></h5> <br>by <a href="../authors/edmonds">Chelsea Edmonds</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Apr 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Multiset_Ordering_NPC.html">The Generalized Multiset Ordering is NP-Complete</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/schmidinger">Lukas Schmidinger</a></div>
<span class="date">
Apr 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Digit_Expansions.html">Digit Expansions</a></h5> <br>by <a href="../authors/bayer">Jonas Bayer</a>, <a href="../authors/david">Marco David</a>, <a href="../authors/pal">Abhik Pal</a> and <a href="../authors/stock">Benedikt Stock</a></div>
<span class="date">
Apr 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sophomores_Dream.html">The Sophomore&#39;s Dream</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Frequency_Moments.html">Formalization of Randomized Approximation Algorithms for Frequency Moments</a></h5> <br>by <a href="../authors/karayel">Emin Karayel</a></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Prefix_Free_Code_Combinators.html">A Combinator Library for Prefix-Free Codes</a></h5> <br>by <a href="../authors/karayel">Emin Karayel</a></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dedekind_Real.html">Constructing the Reals as Dedekind Cuts of Rationals</a></h5> <br>by <a href="../authors/fleuriot">Jacques D. Fleuriot</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Mar 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ackermanns_not_PR.html">Ackermann&#39;s Function Is Not Primitive Recursive</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Mar 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FOL_Seq_Calc3.html">A Naive Prover for First-Order Logic</a></h5> <br>by <a href="../authors/from">Asta Halkjær From</a></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Cotangent_PFD_Formula.html">A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Independence_CH.html">The Independence of the Continuum Hypothesis in Isabelle/ZF</a></h5> <br>by <a href="../authors/gunther">Emmanuel Gunther</a>, <a href="../authors/pagano">Miguel Pagano</a>, <a href="../authors/terraf">Pedro Sánchez Terraf</a> and <a href="../authors/steinberg">Matías Steinberg</a></div>
<span class="date">
Mar 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Transitive_Models.html">Transitive Models of Fragments of ZFC</a></h5> <br>by <a href="../authors/gunther">Emmanuel Gunther</a>, <a href="../authors/pagano">Miguel Pagano</a>, <a href="../authors/terraf">Pedro Sánchez Terraf</a> and <a href="../authors/steinberg">Matías Steinberg</a></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ResiduatedTransitionSystem.html">Residuated Transition Systems</a></h5> <br>by <a href="../authors/stark">Eugene W. Stark</a></div>
<span class="date">
Feb 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Universal_Hash_Families.html">Universal Hash Families</a></h5> <br>by <a href="../authors/karayel">Emin Karayel</a></div>
<span class="date">
Feb 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Wetzels_Problem.html">Wetzel&#39;s Problem and the Continuum Hypothesis</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Feb 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Eval_FO.html">First-Order Query Evaluation</a></h5> <br>by <a href="../authors/raszyk">Martin Raszyk</a></div>
<span class="date">
Feb 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/VYDRA_MDL.html">Multi-Head Monitoring of Metric Dynamic Logic</a></h5> <br>by <a href="../authors/raszyk">Martin Raszyk</a></div>
<span class="date">
Feb 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Equivalence_Relation_Enumeration.html">Enumeration of Equivalence Relations</a></h5> <br>by <a href="../authors/karayel">Emin Karayel</a></div>
<span class="date">
Feb 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Quasi_Borel_Spaces.html">Quasi-Borel Spaces</a></h5> <br>by <a href="../authors/hirata">Michikazu Hirata</a>, <a href="../authors/minamide">Yasuhiko Minamide</a> and <a href="../authors/sato">Tetsuya Sato</a></div>
<span class="date">
Feb 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LP_Duality.html">Duality of Linear Programming</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FO_Theory_Rewriting.html">First-Order Theory of Rewriting</a></h5> <br>by <a href="../authors/lochmann">Alexander Lochmann</a> and <a href="../authors/felgenhauer">Bertram Felgenhauer</a></div>
<span class="date">
Feb 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Youngs_Inequality.html">Young&#39;s Inequality for Increasing Functions</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FOL_Seq_Calc2.html">A Sequent Calculus Prover for First-Order Logic with Functions</a></h5> <br>by <a href="../authors/from">Asta Halkjær From</a> and <a href="../authors/jacobsen">Frederik Krogsdal Jacobsen</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Interpolation_Polynomials_HOL_Algebra.html">Interpolation Polynomials (in HOL-Algebra)</a></h5> <br>by <a href="../authors/karayel">Emin Karayel</a></div>
<span class="date">
Jan 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Median_Method.html">Median Method</a></h5> <br>by <a href="../authors/karayel">Emin Karayel</a></div>
<span class="date">
Jan 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Actuarial_Mathematics.html">Actuarial Mathematics</a></h5> <br>by <a href="../authors/ito">Yosuke Ito</a></div>
<span class="date">
Jan 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Irrationals_From_THEBOOK.html">Irrational numbers from THE BOOK</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Jan 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Knights_Tour.html">Knight&#39;s Tour Revisited Revisited</a></h5> <br>by <a href="../authors/koller">Lukas Koller</a></div>
<span class="date">
Jan 04
</span>
</article>
<h2 class="head">2021</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hyperdual.html">Hyperdual Numbers and Forward Differentiation</a></h5> <br>by <a href="../authors/smola">Filip Smola</a> and <a href="../authors/fleuriot">Jacques D. Fleuriot</a></div>
<span class="date">
Dec 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gale_Shapley.html">Gale-Shapley Algorithm</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Dec 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Roth_Arithmetic_Progressions.html">Roth&#39;s Theorem on Arithmetic Progressions</a></h5> <br>by <a href="../authors/edmonds">Chelsea Edmonds</a>, <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MDP-Algorithms.html">Verified Algorithms for Solving Markov Decision Processes</a></h5> <br>by <a href="../authors/schaeffeler">Maximilian Schäffeler</a> and <a href="../authors/abdulaziz">Mohammad Abdulaziz</a></div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MDP-Rewards.html">Markov Decision Processes with Rewards</a></h5> <br>by <a href="../authors/schaeffeler">Maximilian Schäffeler</a> and <a href="../authors/abdulaziz">Mohammad Abdulaziz</a></div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Regular_Tree_Relations.html">Regular Tree Relations</a></h5> <br>by <a href="../authors/lochmann">Alexander Lochmann</a>, <a href="../authors/felgenhauer">Bertram Felgenhauer</a>, <a href="../authors/sternagel">Christian Sternagel</a>, <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/sternagelt">Thomas Sternagel</a></div>
<span class="date">
Dec 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Simplicial_complexes_and_boolean_functions.html">Simplicial Complexes and Boolean functions</a></h5> <br>by <a href="../authors/aransay">Jesús Aransay</a>, <a href="../authors/campo">Alejandro del Campo</a> and <a href="../authors/michaelis">Julius Michaelis</a></div>
<span class="date">
Nov 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Van_Emde_Boas_Trees.html">van Emde Boas Trees</a></h5> <br>by <a href="../authors/ammer">Thomas Ammer</a> and <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Foundation_of_geometry.html">Foundation of geometry in planes, and some complements: Excluding the parallel axioms</a></h5> <br>by <a href="../authors/iwama">Fumiya Iwama</a></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hahn_Jordan_Decomposition.html">The Hahn and Jordan Decomposition Theorems</a></h5> <br>by <a href="../authors/cousin">Marie Cousin</a>, <a href="../authors/echenim">Mnacho Echenim</a> and <a href="../authors/guiol">Hervé Guiol</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Real_Power.html">Real Exponents as the Limits of Sequences of Rational Exponents</a></h5> <br>by <a href="../authors/fleuriot">Jacques D. Fleuriot</a></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Factor_Algebraic_Polynomial.html">Factorization of Polynomials with Algebraic Coefficients</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SimplifiedOntologicalArgument.html">Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL</a></h5> <br>by <a href="../authors/benzmueller">Christoph Benzmüller</a></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PAL.html">Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL</a></h5> <br>by <a href="../authors/benzmueller">Christoph Benzmüller</a> and <a href="../authors/reiche">Sebastian Reiche</a></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Szemeredi_Regularity.html">Szemerédi&#39;s Regularity Lemma</a></h5> <br>by <a href="../authors/edmonds">Chelsea Edmonds</a>, <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Nov 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Registers.html">Quantum and Classical Registers</a></h5> <br>by <a href="../authors/unruh">Dominique Unruh</a></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Belief_Revision.html">Belief Revision Theory</a></h5> <br>by <a href="../authors/fouillard">Valentin Fouillard</a>, <a href="../authors/taha">Safouan Taha</a>, <a href="../authors/boulanger">Frédéric Boulanger</a> and <a href="../authors/sabouret">Nicolas Sabouret</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/X86_Semantics.html">X86 instruction semantics and basic block symbolic execution</a></h5> <br>by <a href="../authors/verbeek">Freek Verbeek</a>, <a href="../authors/bharadwaj">Abhijith Bharadwaj</a>, <a href="../authors/bockenek">Joshua Bockenek</a>, <a href="../authors/roessle">Ian Roessle</a>, <a href="../authors/weerwag">Timmy Weerwag</a> and <a href="../authors/ravindran">Binoy Ravindran</a></div>
<span class="date">
Oct 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Correctness_Algebras.html">Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations</a></h5> <br>by <a href="../authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Virtual_Substitution.html">Verified Quadratic Virtual Substitution for Real Arithmetic</a></h5> <br>by <a href="../authors/scharager">Matias Scharager</a>, <a href="../authors/cordwell">Katherine Cordwell</a>, <a href="../authors/mitsch">Stefan Mitsch</a> and <a href="../authors/platzer">André Platzer</a></div>
<span class="date">
Oct 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FOL_Axiomatic.html">Soundness and Completeness of an Axiomatic System for First-Order Logic</a></h5> <br>by <a href="../authors/from">Asta Halkjær From</a></div>
<span class="date">
Sep 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Complex_Bounded_Operators.html">Complex Bounded Operators</a></h5> <br>by <a href="../authors/caballero">José Manuel Rodríguez Caballero</a> and <a href="../authors/unruh">Dominique Unruh</a></div>
<span class="date">
Sep 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Weighted_Path_Order.html">A Formalization of Weighted Path Orders and Recursive Path Orders</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a>, <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Intro_Dest_Elim.html">IDE: Introduction, Destruction, Elimination</a></h5> <br>by <a href="../authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Types_To_Sets_Extension.html">Extension of Types-To-Sets</a></h5> <br>by <a href="../authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Conditional_Transfer_Rule.html">Conditional Transfer Rule</a></h5> <br>by <a href="../authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Conditional_Simplification.html">Conditional Simplification</a></h5> <br>by <a href="../authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CZH_Universal_Constructions.html">Category Theory for ZFC in HOL III: Universal Constructions</a></h5> <br>by <a href="../authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CZH_Elementary_Categories.html">Category Theory for ZFC in HOL II: Elementary Theory of 1-Categories</a></h5> <br>by <a href="../authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CZH_Foundations.html">Category Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories</a></h5> <br>by <a href="../authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dominance_CHK.html">A data flow analysis algorithm for computing dominators</a></h5> <br>by <a href="../authors/jiang">Nan Jiang</a></div>
<span class="date">
Sep 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Cubic_Quartic_Equations.html">Solving Cubic and Quartic Equations</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Sep 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Logging_Independent_Anonymity.html">Logging-independent Message Anonymity in the Relational Method</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Aug 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Three_Circles.html">The Theorem of Three Circles</a></h5> <br>by <a href="../authors/thomson">Fox Thomson</a> and <a href="../authors/li">Wenda Li</a></div>
<span class="date">
Aug 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Fresh_Identifiers.html">Fresh identifiers</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/bauereiss">Thomas Bauereiss</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CoSMeDis.html">CoSMeDis: A confidentiality-verified distributed social media platform</a></h5> <br>by <a href="../authors/bauereiss">Thomas Bauereiss</a> and <a href="../authors/popescu">Andrei Popescu</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CoSMed.html">CoSMed: A confidentiality-verified social media platform</a></h5> <br>by <a href="../authors/bauereiss">Thomas Bauereiss</a> and <a href="../authors/popescu">Andrei Popescu</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BD_Security_Compositional.html">Compositional BD Security</a></h5> <br>by <a href="../authors/bauereiss">Thomas Bauereiss</a> and <a href="../authors/popescu">Andrei Popescu</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CoCon.html">CoCon: A Confidentiality-Verified Conference Management System</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a>, <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/bauereiss">Thomas Bauereiss</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Design_Theory.html">Combinatorial Design Theory</a></h5> <br>by <a href="../authors/edmonds">Chelsea Edmonds</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Aug 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Relational_Forests.html">Relational Forests</a></h5> <br>by <a href="../authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Aug 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Schutz_Spacetime.html">Schutz&#39; Independent Axioms for Minkowski Spacetime</a></h5> <br>by <a href="../authors/schmoetten">Richard Schmoetten</a>, <a href="../authors/palmer">Jake Palmer</a> and <a href="../authors/fleuriot">Jacques D. Fleuriot</a></div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Finitely_Generated_Abelian_Groups.html">Finitely Generated Abelian Groups</a></h5> <br>by <a href="../authors/thommes">Joseph Thommes</a> and <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SpecCheck.html">SpecCheck - Specification-Based Testing for Isabelle/ML</a></h5> <br>by <a href="../authors/kappelmann">Kevin Kappelmann</a>, <a href="../authors/bulwahn">Lukas Bulwahn</a> and <a href="../authors/willenbrink">Sebastian Willenbrink</a></div>
<span class="date">
Jul 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Van_der_Waerden.html">Van der Waerden&#39;s Theorem</a></h5> <br>by <a href="../authors/kreuzer">Katharina Kreuzer</a> and <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jun 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MiniSail.html">MiniSail - A kernel language for the ISA specification language SAIL</a></h5> <br>by <a href="../authors/wassell">Mark Wassell</a></div>
<span class="date">
Jun 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Public_Announcement_Logic.html">Public Announcement Logic</a></h5> <br>by <a href="../authors/from">Asta Halkjær From</a></div>
<span class="date">
Jun 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IMP_Compiler.html">A Shorter Compiler Correctness Proof for Language IMP</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Jun 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Combinatorics_Words_Lyndon.html">Lyndon words</a></h5> <br>by <a href="../authors/holub">Štěpán Holub</a> and <a href="../authors/starosta">Štěpán Starosta</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Combinatorics_Words_Graph_Lemma.html">Graph Lemma</a></h5> <br>by <a href="../authors/holub">Štěpán Holub</a> and <a href="../authors/starosta">Štěpán Starosta</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Combinatorics_Words.html">Combinatorics on Words Basics</a></h5> <br>by <a href="../authors/holub">Štěpán Holub</a>, <a href="../authors/raska">Martin Raška</a> and <a href="../authors/starosta">Štěpán Starosta</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Regression_Test_Selection.html">Regression Test Selection</a></h5> <br>by <a href="../authors/mansky">Susannah Mansky</a></div>
<span class="date">
Apr 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lifting_the_Exponent.html">Lifting the Exponent</a></h5> <br>by <a href="../authors/kadzioka">Maya Kądziołka</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Metalogic_ProofChecker.html">Isabelle&#39;s Metalogic: Formalization and Proof Checker</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a> and <a href="../authors/rosskopf">Simon Roßkopf</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BenOr_Kozen_Reif.html">The BKR Decision Procedure for Univariate Real Arithmetic</a></h5> <br>by <a href="../authors/cordwell">Katherine Cordwell</a>, <a href="../authors/tan">Yong Kiam Tan</a> and <a href="../authors/platzer">André Platzer</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/GaleStewart_Games.html">Gale-Stewart Games</a></h5> <br>by <a href="../authors/joosten">Sebastiaan J. C. Joosten</a></div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Progress_Tracking.html">Formalization of Timely Dataflow&#39;s Progress Tracking Protocol</a></h5> <br>by <a href="../authors/brun">Matthias Brun</a>, <a href="../authors/decova">Sára Decova</a>, <a href="../authors/lattuada">Andrea Lattuada</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IFC_Tracking.html">Information Flow Control via Dependency Tracking</a></h5> <br>by <a href="../authors/nordhoff">Benedikt Nordhoff</a></div>
<span class="date">
Apr 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Grothendieck_Schemes.html">Grothendieck&#39;s Schemes in Algebraic Geometry</a></h5> <br>by <a href="../authors/bordg">Anthony Bordg</a>, <a href="../authors/paulson">Lawrence C. Paulson</a> and <a href="../authors/li">Wenda Li</a></div>
<span class="date">
Mar 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Padic_Ints.html">Hensel&#39;s Lemma for the p-adic Integers</a></h5> <br>by <a href="../authors/crighton">Aaron Crighton</a></div>
<span class="date">
Mar 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Constructive_Cryptography_CM.html">Constructive Cryptography in HOL: the Communication Modeling Aspect</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Mar 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Modular_arithmetic_LLL_and_HNF_algorithms.html">Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation</a></h5> <br>by <a href="../authors/bottesch">Ralph Bottesch</a>, <a href="../authors/divason">Jose Divasón</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hermite_Lindemann.html">The Hermite–Lindemann–Weierstraß Transcendence Theorem</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Projective_Measurements.html">Quantum projective measurements and the CHSH inequality</a></h5> <br>by <a href="../authors/echenim">Mnacho Echenim</a></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Mereology.html">Mereology</a></h5> <br>by <a href="../authors/blumson">Ben Blumson</a></div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sunflowers.html">The Sunflower Lemma of Erdős and Rado</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BTree.html">A Verified Imperative Implementation of B-Trees</a></h5> <br>by <a href="../authors/muendler">Niels Mündler</a></div>
<span class="date">
Feb 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Formal_Puiseux_Series.html">Formal Puiseux Series</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Laws_of_Large_Numbers.html">The Laws of Large Numbers</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IsaGeoCoq.html">Tarski&#39;s Parallel Postulate implies the 5th Postulate of Euclid, the Postulate of Playfair and the original Parallel Postulate of Euclid</a></h5> <br>by <a href="../authors/coghetto">Roland Coghetto</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Blue_Eyes.html">Solution to the xkcd Blue Eyes puzzle</a></h5> <br>by <a href="../authors/kadzioka">Maya Kądziołka</a></div>
<span class="date">
Jan 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hood_Melville_Queue.html">Hood-Melville Queue</a></h5> <br>by <a href="../authors/londono">Alejandro Gómez-Londoño</a></div>
<span class="date">
Jan 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/JinjaDCI.html">JinjaDCI: a Java semantics with dynamic class initialization</a></h5> <br>by <a href="../authors/mansky">Susannah Mansky</a></div>
<span class="date">
Jan 11
</span>
</article>
<h2 class="head">2020</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Delta_System_Lemma.html">Cofinality and the Delta System Lemma</a></h5> <br>by <a href="../authors/terraf">Pedro Sánchez Terraf</a></div>
<span class="date">
Dec 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Topological_Semantics.html">Topological semantics for paraconsistent and paracomplete logics</a></h5> <br>by <a href="../authors/fuenmayor">David Fuenmayor</a></div>
<span class="date">
Dec 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Relational_Minimum_Spanning_Trees.html">Relational Minimum Spanning Tree Algorithms</a></h5> <br>by <a href="../authors/guttmann">Walter Guttmann</a> and <a href="../authors/brien">Nicolas Robinson-O&rsquo;Brien</a></div>
<span class="date">
Dec 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Interpreter_Optimizations.html">Inline Caching and Unboxing Optimization for Interpreters</a></h5> <br>by <a href="../authors/desharnais">Martin Desharnais</a></div>
<span class="date">
Dec 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Relational_Method.html">The Relational Method with Message Anonymity for the Verification of Cryptographic Protocols</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Dec 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Isabelle_Marries_Dirac.html">Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information</a></h5> <br>by <a href="../authors/bordg">Anthony Bordg</a>, <a href="../authors/lachnitt">Hanna Lachnitt</a> and <a href="../authors/he">Yijun He</a></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CSP_RefTK.html">The HOL-CSP Refinement Toolkit</a></h5> <br>by <a href="../authors/taha">Safouan Taha</a>, <a href="../authors/wolff">Burkhart Wolff</a> and <a href="../authors/ye">Lina Ye</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Verified_SAT_Based_AI_Planning.html">Verified SAT-Based AI Planning</a></h5> <br>by <a href="../authors/abdulaziz">Mohammad Abdulaziz</a> and <a href="../authors/kurz">Friedrich Kurz</a></div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AI_Planning_Languages_Semantics.html">AI Planning Languages Semantics</a></h5> <br>by <a href="../authors/abdulaziz">Mohammad Abdulaziz</a> and <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Physical_Quantities.html">A Sound Type System for Physical Quantities, Units, and Measurements</a></h5> <br>by <a href="../authors/fosters">Simon Foster</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Oct 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Finite-Map-Extras.html">Finite Map Extras</a></h5> <br>by <a href="../authors/diaz">Javier Díaz</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Core_SC_DOM.html">The Safely Composable DOM</a></h5> <br>by <a href="../authors/brucker">Achim D. Brucker</a> and <a href="../authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DOM_Components.html">A Formalization of Web Components</a></h5> <br>by <a href="../authors/brucker">Achim D. Brucker</a> and <a href="../authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SC_DOM_Components.html">A Formalization of Safely Composable Web Components</a></h5> <br>by <a href="../authors/brucker">Achim D. Brucker</a> and <a href="../authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Shadow_SC_DOM.html">A Formal Model of the Safely Composable Document Object Model with Shadow Roots</a></h5> <br>by <a href="../authors/brucker">Achim D. Brucker</a> and <a href="../authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Shadow_DOM.html">A Formal Model of the Document Object Model with Shadow Roots</a></h5> <br>by <a href="../authors/brucker">Achim D. Brucker</a> and <a href="../authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Syntax_Independent_Logic.html">Syntax-Independent Logic Infrastructure</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Robinson_Arithmetic.html">Robinson Arithmetic</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Goedel_HFSet_Semanticless.html">From Abstract to Concrete Gödel&#39;s Incompleteness Theorems—Part II</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Goedel_HFSet_Semantic.html">From Abstract to Concrete Gödel&#39;s Incompleteness Theorems—Part I</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Goedel_Incompleteness.html">An Abstract Formalization of Gödel&#39;s Incompleteness Theorems</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Extended_Finite_State_Machine_Inference.html">Inference of Extended Finite State Machines</a></h5> <br>by <a href="../authors/foster">Michael Foster</a>, <a href="../authors/brucker">Achim D. Brucker</a>, <a href="../authors/taylor">Ramsay G. Taylor</a> and <a href="../authors/derrick">John Derrick</a></div>
<span class="date">
Sep 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Extended_Finite_State_Machines.html">A Formal Model of Extended Finite State Machines</a></h5> <br>by <a href="../authors/foster">Michael Foster</a>, <a href="../authors/brucker">Achim D. Brucker</a>, <a href="../authors/taylor">Ramsay G. Taylor</a> and <a href="../authors/derrick">John Derrick</a></div>
<span class="date">
Sep 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Inductive_Inference.html">Some classical results in inductive inference of recursive functions</a></h5> <br>by <a href="../authors/balbach">Frank J. Balbach</a></div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PAC_Checker.html">Practical Algebraic Calculus Checker</a></h5> <br>by <a href="../authors/fleury">Mathias Fleury</a> and <a href="../authors/kaufmann">Daniela Kaufmann</a></div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Relational_Disjoint_Set_Forests.html">Relational Disjoint-Set Forests</a></h5> <br>by <a href="../authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Aug 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BirdKMP.html">Putting the `K&#39; into Bird&#39;s derivation of Knuth-Morris-Pratt string matching</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a></div>
<span class="date">
Aug 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Saturation_Framework_Extensions.html">Extensions to the Comprehensive Framework for Saturation Theorem Proving</a></h5> <br>by <a href="../authors/blanchette">Jasmin Christian Blanchette</a> and <a href="../authors/tourret">Sophie Tourret</a></div>
<span class="date">
Aug 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Amicable_Numbers.html">Amicable Numbers</a></h5> <br>by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a></div>
<span class="date">
Aug 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ordinal_Partitions.html">Ordinal Partitions</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Aug 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Chandy_Lamport.html">A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm</a></h5> <br>by <a href="../authors/fiedler">Ben Fiedler</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Relational_Paths.html">Relational Characterisations of Paths</a></h5> <br>by <a href="../authors/guttmann">Walter Guttmann</a> and <a href="../authors/hoefner">Peter Höfner</a></div>
<span class="date">
Jul 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Safe_Distance.html">A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles</a></h5> <br>by <a href="../authors/rizaldi">Albert Rizaldi</a> and <a href="../authors/immler">Fabian Immler</a></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Smith_Normal_Form.html">A verified algorithm for computing the Smith normal form of a matrix</a></h5> <br>by <a href="../authors/divason">Jose Divasón</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Nash_Williams.html">The Nash-Williams Partition Theorem</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
May 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Knuth_Bendix_Order.html">A Formalization of Knuth–Bendix Orders</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
May 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Irrational_Series_Erdos_Straus.html">Irrationality Criteria for Series by Erdős and Straus</a></h5> <br>by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../authors/li">Wenda Li</a></div>
<span class="date">
May 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Recursion-Addition.html">Recursion Theorem in ZF</a></h5> <br>by <a href="../authors/dunaev">Georgy Dunaev</a></div>
<span class="date">
May 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LTL_Normal_Form.html">An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation</a></h5> <br>by <a href="../authors/sickert">Salomon Sickert</a></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Forcing.html">Formalization of Forcing in Isabelle/ZF</a></h5> <br>by <a href="../authors/gunther">Emmanuel Gunther</a>, <a href="../authors/pagano">Miguel Pagano</a> and <a href="../authors/terraf">Pedro Sánchez Terraf</a></div>
<span class="date">
May 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Banach_Steinhaus.html">Banach-Steinhaus Theorem</a></h5> <br>by <a href="../authors/unruh">Dominique Unruh</a> and <a href="../authors/caballero">José Manuel Rodríguez Caballero</a></div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Attack_Trees.html">Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems</a></h5> <br>by <a href="../authors/kammueller">Florian Kammüller</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lambert_W.html">The Lambert W Function on the Reals</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Power_Sum_Polynomials.html">Power Sum Polynomials</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gaussian_Integers.html">Gaussian Integers</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Matrices_for_ODEs.html">Matrices for ODEs</a></h5> <br>by <a href="../authors/munive">Jonathan Julian Huerta y Munive</a></div>
<span class="date">
Apr 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ADS_Functor.html">Authenticated Data Structures As Functors</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/maric">Ognjen Marić</a></div>
<span class="date">
Apr 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sliding_Window_Algorithm.html">Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows</a></h5> <br>by <a href="../authors/heimes">Lukas Heimes</a>, <a href="../authors/traytel">Dmitriy Traytel</a> and <a href="../authors/schneider">Joshua Schneider</a></div>
<span class="date">
Apr 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MFODL_Monitor_Optimized.html">Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</a></h5> <br>by <a href="../authors/dardinier">Thibault Dardinier</a>, <a href="../authors/heimes">Lukas Heimes</a>, <a href="../authors/raszyk">Martin Raszyk</a>, <a href="../authors/schneider">Joshua Schneider</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Apr 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Saturation_Framework.html">A Comprehensive Framework for Saturation Theorem Proving</a></h5> <br>by <a href="../authors/tourret">Sophie Tourret</a></div>
<span class="date">
Apr 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stateful_Protocol_Composition_and_Typing.html">Stateful Protocol Composition and Typing</a></h5> <br>by <a href="../authors/hess">Andreas V. Hess</a>, <a href="../authors/moedersheim">Sebastian Mödersheim</a> and <a href="../authors/brucker">Achim D. Brucker</a></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Automated_Stateful_Protocol_Verification.html">Automated Stateful Protocol Verification</a></h5> <br>by <a href="../authors/hess">Andreas V. Hess</a>, <a href="../authors/moedersheim">Sebastian Mödersheim</a>, <a href="../authors/brucker">Achim D. Brucker</a> and <a href="../authors/schlichtkrull">Anders Schlichtkrull</a></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lucas_Theorem.html">Lucas&#39;s Theorem</a></h5> <br>by <a href="../authors/edmonds">Chelsea Edmonds</a></div>
<span class="date">
Apr 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/WOOT_Strong_Eventual_Consistency.html">Strong Eventual Consistency of the Collaborative Editing Framework WOOT</a></h5> <br>by <a href="../authors/karayel">Emin Karayel</a> and <a href="../authors/gonzalez">Edgar Gonzàlez</a></div>
<span class="date">
Mar 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Furstenberg_Topology.html">Furstenberg&#39;s topology and his proof of the infinitude of primes</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Relational-Incorrectness-Logic.html">An Under-Approximate Relational Logic</a></h5> <br>by <a href="../authors/murray">Toby Murray</a></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hello_World.html">Hello World</a></h5> <br>by <a href="../authors/diekmann">Cornelius Diekmann</a> and <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
Mar 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Goodstein_Lambda.html">Implementing the Goodstein Function in λ-Calculus</a></h5> <br>by <a href="../authors/felgenhauer">Bertram Felgenhauer</a></div>
<span class="date">
Feb 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/VeriComp.html">A Generic Framework for Verified Compilers</a></h5> <br>by <a href="../authors/desharnais">Martin Desharnais</a></div>
<span class="date">
Feb 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Arith_Prog_Rel_Primes.html">Arithmetic progressions and relative primes</a></h5> <br>by <a href="../authors/caballero">José Manuel Rodríguez Caballero</a></div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Subset_Boolean_Algebras.html">A Hierarchy of Algebras for Boolean Subsets</a></h5> <br>by <a href="../authors/guttmann">Walter Guttmann</a> and <a href="../authors/moeller">Bernhard Möller</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Mersenne_Primes.html">Mersenne primes and the Lucas–Lehmer test</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Approximation_Algorithms.html">Verified Approximation Algorithms</a></h5> <br>by <a href="../authors/essmann">Robin Eßmann</a>, <a href="../authors/nipkow">Tobias Nipkow</a>, <a href="../authors/robillard">Simon Robillard</a> and <a href="../authors/sulejmani">Ujkan Sulejmani</a></div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Closest_Pair_Points.html">Closest Pair of Points Algorithms</a></h5> <br>by <a href="../authors/rau">Martin Rau</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jan 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Skip_Lists.html">Skip Lists</a></h5> <br>by <a href="../authors/haslbeck">Max W. Haslbeck</a> and <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Bicategory.html">Bicategories</a></h5> <br>by <a href="../authors/stark">Eugene W. Stark</a></div>
<span class="date">
Jan 06
</span>
</article>
<h2 class="head">2019</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Zeta_3_Irrational.html">The Irrationality of ζ(3)</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hybrid_Logic.html">Formalizing a Seligman-Style Tableau System for Hybrid Logic</a></h5> <br>by <a href="../authors/from">Asta Halkjær From</a></div>
<span class="date">
Dec 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Poincare_Bendixson.html">The Poincaré-Bendixson Theorem</a></h5> <br>by <a href="../authors/immler">Fabian Immler</a> and <a href="../authors/tan">Yong Kiam Tan</a></div>
<span class="date">
Dec 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Poincare_Disc.html">Poincaré Disc Model</a></h5> <br>by <a href="../authors/simic">Danijela Simić</a>, <a href="../authors/maricf">Filip Marić</a> and <a href="../authors/boutry">Pierre Boutry</a></div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Complex_Geometry.html">Complex Geometry</a></h5> <br>by <a href="../authors/maricf">Filip Marić</a> and <a href="../authors/simic">Danijela Simić</a></div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gauss_Sums.html">Gauss Sums and the Pólya–Vinogradov Inequality</a></h5> <br>by <a href="../authors/raya">Rodrigo Raya</a> and <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Generalized_Counting_Sort.html">An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Dec 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Interval_Arithmetic_Word32.html">Interval Arithmetic on 32-bit Words</a></h5> <br>by <a href="../authors/bohrer">Rose Bohrer</a></div>
<span class="date">
Nov 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ZFC_in_HOL.html">Zermelo Fraenkel Set Theory in Higher-Order Logic</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Oct 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Isabelle_C.html">Isabelle/C</a></h5> <br>by <a href="../authors/tuong">Frédéric Tuong</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Oct 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/VerifyThis2019.html">VerifyThis 2019 -- Polished Isabelle Solutions</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/wimmer">Simon Wimmer</a></div>
<span class="date">
Oct 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Aristotles_Assertoric_Syllogistic.html">Aristotle&#39;s Assertoric Syllogistic</a></h5> <br>by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a></div>
<span class="date">
Oct 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sigma_Commit_Crypto.html">Sigma Protocols and Commitment Schemes</a></h5> <br>by <a href="../authors/butler">David Butler</a> and <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Oct 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Clean.html">Clean - An Abstract Imperative Programming Language and its Theory</a></h5> <br>by <a href="../authors/tuong">Frédéric Tuong</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Oct 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Generic_Join.html">Formalization of Multiway-Join Algorithms</a></h5> <br>by <a href="../authors/dardinier">Thibault Dardinier</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hybrid_Systems_VCs.html">Verification Components for Hybrid Systems</a></h5> <br>by <a href="../authors/munive">Jonathan Julian Huerta y Munive</a></div>
<span class="date">
Sep 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Fourier.html">Fourier Series</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Jacobson_Basic_Algebra.html">A Case Study in Basic Algebra</a></h5> <br>by <a href="../authors/ballarin">Clemens Ballarin</a></div>
<span class="date">
Aug 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Adaptive_State_Counting.html">Formalisation of an Adaptive State Counting Algorithm</a></h5> <br>by <a href="../authors/sachtleben">Robert Sachtleben</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Laplace_Transform.html">Laplace Transform</a></h5> <br>by <a href="../authors/immler">Fabian Immler</a></div>
<span class="date">
Aug 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Linear_Programming.html">Linear Programming</a></h5> <br>by <a href="../authors/parsert">Julian Parsert</a> and <a href="../authors/kaliszyk">Cezary Kaliszyk</a></div>
<span class="date">
Aug 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/C2KA_DistributedSystems.html">Communicating Concurrent Kleene Algebra for Distributed Systems Specification</a></h5> <br>by <a href="../authors/buyse">Maxime Buyse</a> and <a href="../authors/jaskolka">Jason Jaskolka</a></div>
<span class="date">
Aug 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IMO2019.html">Selected Problems from the International Mathematical Olympiad 2019</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Aug 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stellar_Quorums.html">Stellar Quorum Systems</a></h5> <br>by <a href="../authors/losa">Giuliano Losa</a></div>
<span class="date">
Aug 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/TESL_Language.html">A Formal Development of a Polychronous Polytimed Coordination Language</a></h5> <br>by <a href="../authors/van">Hai Nguyen Van</a>, <a href="../authors/boulanger">Frédéric Boulanger</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Jul 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Szpilrajn.html">Order Extension and Szpilrajn&#39;s Extension Theorem</a></h5> <br>by <a href="../authors/zeller">Peter Zeller</a> and <a href="../authors/stevens">Lukas Stevens</a></div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FOL_Seq_Calc1.html">A Sequent Calculus for First-Order Logic</a></h5> <br>by <a href="../authors/from">Asta Halkjær From</a></div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CakeML_Codegen.html">A Verified Code Generator from Isabelle/HOL to CakeML</a></h5> <br>by <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
Jul 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MFOTL_Monitor.html">Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</a></h5> <br>by <a href="../authors/schneider">Joshua Schneider</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Jul 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Complete_Non_Orders.html">Complete Non-Orders and Fixed Points</a></h5> <br>by <a href="../authors/yamada">Akihisa Yamada</a> and <a href="../authors/dubut">Jérémy Dubut</a></div>
<span class="date">
Jun 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Prim_Dijkstra_Simple.html">Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Priority_Search_Trees.html">Priority Search Trees</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Linear_Inequalities.html">Linear Inequalities</a></h5> <br>by <a href="../authors/bottesch">Ralph Bottesch</a>, <a href="../authors/reynaud">Alban Reynaud</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Jun 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Nullstellensatz.html">Hilbert&#39;s Nullstellensatz</a></h5> <br>by <a href="../authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
Jun 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Groebner_Macaulay.html">Gröbner Bases, Macaulay Matrices and Dubé&#39;s Degree Bounds</a></h5> <br>by <a href="../authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
Jun 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IMP2_Binary_Heap.html">Binary Heaps for IMP2</a></h5> <br>by <a href="../authors/griebel">Simon Griebel</a></div>
<span class="date">
Jun 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Differential_Game_Logic.html">Differential Game Logic</a></h5> <br>by <a href="../authors/platzer">André Platzer</a></div>
<span class="date">
Jun 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/KD_Tree.html">Multidimensional Binary Search Trees</a></h5> <br>by <a href="../authors/rau">Martin Rau</a></div>
<span class="date">
May 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LambdaAuth.html">Formalization of Generic Authenticated Data Structures</a></h5> <br>by <a href="../authors/brun">Matthias Brun</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
May 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Multi_Party_Computation.html">Multi-Party Computation</a></h5> <br>by <a href="../authors/aspinall">David Aspinall</a> and <a href="../authors/butler">David Butler</a></div>
<span class="date">
May 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/HOL-CSP.html">HOL-CSP Version 2.0</a></h5> <br>by <a href="../authors/taha">Safouan Taha</a>, <a href="../authors/ye">Lina Ye</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LTL_Master_Theorem.html">A Compositional and Unified Translation of LTL into ω-Automata</a></h5> <br>by <a href="../authors/seidl">Benedikt Seidl</a> and <a href="../authors/sickert">Salomon Sickert</a></div>
<span class="date">
Apr 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Binding_Syntax_Theory.html">A General Theory of Syntax with Bindings</a></h5> <br>by <a href="../authors/gheri">Lorenzo Gheri</a> and <a href="../authors/popescu">Andrei Popescu</a></div>
<span class="date">
Apr 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Transcendence_Series_Hancl_Rucki.html">The Transcendence of Certain Infinite Series</a></h5> <br>by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../authors/li">Wenda Li</a></div>
<span class="date">
Mar 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/QHLProver.html">Quantum Hoare Logic</a></h5> <br>by <a href="../authors/liu">Junyi Liu</a>, <a href="../authors/zhan">Bohua Zhan</a>, <a href="../authors/wang">Shuling Wang</a>, <a href="../authors/ying">Shenggang Ying</a>, <a href="../authors/liut">Tao Liu</a>, <a href="../authors/liy">Yangjia Li</a>, <a href="../authors/yingm">Mingsheng Ying</a> and <a href="../authors/zhann">Naijun Zhan</a></div>
<span class="date">
Mar 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Safe_OCL.html">Safe OCL</a></h5> <br>by <a href="../authors/nikiforov">Denis Nikiforov</a></div>
<span class="date">
Mar 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Prime_Distribution_Elementary.html">Elementary Facts About the Distribution of Primes</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Kruskal.html">Kruskal&#39;s Algorithm for Minimum Spanning Forest</a></h5> <br>by <a href="../authors/haslbeckm">Maximilian P. L. Haslbeck</a>, <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/biendarra">Julian Biendarra</a></div>
<span class="date">
Feb 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Probabilistic_Prime_Tests.html">Probabilistic Primality Testing</a></h5> <br>by <a href="../authors/stuewe">Daniel Stüwe</a> and <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Universal_Turing_Machine.html">Universal Turing Machine</a></h5> <br>by <a href="../authors/xu">Jian Xu</a>, <a href="../authors/zhangx">Xingyuan Zhang</a>, <a href="../authors/urban">Christian Urban</a>, <a href="../authors/joosten">Sebastiaan J. C. Joosten</a> and <a href="../authors/regensburger">Franz Regensburger</a></div>
<span class="date">
Feb 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/List_Inversions.html">The Inversions of a List</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/UTP.html">Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming</a></h5> <br>by <a href="../authors/fosters">Simon Foster</a>, <a href="../authors/zeyda">Frank Zeyda</a>, <a href="../authors/nemouchi">Yakoub Nemouchi</a>, <a href="../authors/ribeiro">Pedro Ribeiro</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Farkas.html">Farkas&#39; Lemma and Motzkin&#39;s Transposition Theorem</a></h5> <br>by <a href="../authors/bottesch">Ralph Bottesch</a>, <a href="../authors/haslbeck">Max W. Haslbeck</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IMP2.html">IMP2 – Simple Program Verification in Isabelle/HOL</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/wimmer">Simon Wimmer</a></div>
<span class="date">
Jan 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Higher_Order_Terms.html">An Algebra for Higher-Order Terms</a></h5> <br>by <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
Jan 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Store_Buffer_Reduction.html">A Reduction Theorem for Store Buffers</a></h5> <br>by <a href="../authors/cohen">Ernie Cohen</a> and <a href="../authors/schirmer">Norbert Schirmer</a></div>
<span class="date">
Jan 07
</span>
</article>
<h2 class="head">2018</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Core_DOM.html">A Formal Model of the Document Object Model</a></h5> <br>by <a href="../authors/brucker">Achim D. Brucker</a> and <a href="../authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Dec 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Concurrent_Revisions.html">Formalization of Concurrent Revisions</a></h5> <br>by <a href="../authors/overbeek">Roy Overbeek</a></div>
<span class="date">
Dec 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Auto2_Imperative_HOL.html">Verifying Imperative Programs using Auto2</a></h5> <br>by <a href="../authors/zhan">Bohua Zhan</a></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Constructive_Cryptography.html">Constructive Cryptography in HOL</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Dec 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Transformer_Semantics.html">Transformer Semantics</a></h5> <br>by <a href="../authors/struth">Georg Struth</a></div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Quantales.html">Quantales</a></h5> <br>by <a href="../authors/struth">Georg Struth</a></div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Order_Lattice_Props.html">Properties of Orderings and Lattices</a></h5> <br>by <a href="../authors/struth">Georg Struth</a></div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Graph_Saturation.html">Graph Saturation</a></h5> <br>by <a href="../authors/joosten">Sebastiaan J. C. Joosten</a></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Functional_Ordered_Resolution_Prover.html">A Verified Functional Implementation of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</a></h5> <br>by <a href="../authors/schlichtkrull">Anders Schlichtkrull</a>, <a href="../authors/blanchette">Jasmin Christian Blanchette</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Auto2_HOL.html">Auto2 Prover</a></h5> <br>by <a href="../authors/zhan">Bohua Zhan</a></div>
<span class="date">
Nov 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Matroids.html">Matroids</a></h5> <br>by <a href="../authors/keinholz">Jonas Keinholz</a></div>
<span class="date">
Nov 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Generic_Deriving.html">Deriving generic class instances for datatypes</a></h5> <br>by <a href="../authors/raedle">Jonas Rädle</a> and <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
Nov 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/GewirthPGCProof.html">Formalisation and Evaluation of Alan Gewirth&#39;s Proof for the Principle of Generic Consistency in Isabelle/HOL</a></h5> <br>by <a href="../authors/fuenmayor">David Fuenmayor</a> and <a href="../authors/benzmueller">Christoph Benzmüller</a></div>
<span class="date">
Oct 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Epistemic_Logic.html">Epistemic Logic: Completeness of Modal Logics</a></h5> <br>by <a href="../authors/from">Asta Halkjær From</a></div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Smooth_Manifolds.html">Smooth Manifolds</a></h5> <br>by <a href="../authors/immler">Fabian Immler</a> and <a href="../authors/zhan">Bohua Zhan</a></div>
<span class="date">
Oct 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Randomised_BSTs.html">Randomised Binary Search Trees</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lambda_Free_EPO.html">Formalization of the Embedding Path Order for Lambda-Free Higher-Order Terms</a></h5> <br>by <a href="../authors/bentkamp">Alexander Bentkamp</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Factored_Transition_System_Bounding.html">Upper Bounding Diameters of State Spaces of Factored Transition Systems</a></h5> <br>by <a href="../authors/kurz">Friedrich Kurz</a> and <a href="../authors/abdulaziz">Mohammad Abdulaziz</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Pi_Transcendental.html">The Transcendence of π</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Symmetric_Polynomials.html">Symmetric Polynomials</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Sep 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Signature_Groebner.html">Signature-Based Gröbner Basis Algorithms</a></h5> <br>by <a href="../authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
Sep 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Prime_Number_Theorem.html">The Prime Number Theorem</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Sep 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Aggregation_Algebras.html">Aggregation Algebras</a></h5> <br>by <a href="../authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Sep 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Octonions.html">Octonions</a></h5> <br>by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a></div>
<span class="date">
Sep 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Quaternions.html">Quaternions</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Sep 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Budan_Fourier.html">The Budan-Fourier Theorem and Counting Real Roots with Multiplicity</a></h5> <br>by <a href="../authors/li">Wenda Li</a></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Simplex.html">An Incremental Simplex Algorithm with Unsatisfiable Core Generation</a></h5> <br>by <a href="../authors/maricf">Filip Marić</a>, <a href="../authors/spasic">Mirko Spasić</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Aug 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Minsky_Machines.html">Minsky Machines</a></h5> <br>by <a href="../authors/felgenhauer">Bertram Felgenhauer</a></div>
<span class="date">
Aug 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DiscretePricing.html">Pricing in discrete financial models</a></h5> <br>by <a href="../authors/echenim">Mnacho Echenim</a></div>
<span class="date">
Jul 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Neumann_Morgenstern_Utility.html">Von-Neumann-Morgenstern Utility Theorem</a></h5> <br>by <a href="../authors/parsert">Julian Parsert</a> and <a href="../authors/kaliszyk">Cezary Kaliszyk</a></div>
<span class="date">
Jul 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Pell.html">Pell&#39;s Equation</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jun 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Localization_Ring.html">The Localization of a Commutative Ring</a></h5> <br>by <a href="../authors/bordg">Anthony Bordg</a></div>
<span class="date">
Jun 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Projective_Geometry.html">Projective Geometry</a></h5> <br>by <a href="../authors/bordg">Anthony Bordg</a></div>
<span class="date">
Jun 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Partial_Order_Reduction.html">Partial Order Reduction</a></h5> <br>by <a href="../authors/brunner">Julian Brunner</a></div>
<span class="date">
Jun 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Optimal_BST.html">Optimal Binary Search Trees</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a> and <a href="../authors/somogyi">Dániel Somogyi</a></div>
<span class="date">
May 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hidden_Markov_Models.html">Hidden Markov Models</a></h5> <br>by <a href="../authors/wimmer">Simon Wimmer</a></div>
<span class="date">
May 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Probabilistic_Timed_Automata.html">Probabilistic Timed Automata</a></h5> <br>by <a href="../authors/wimmer">Simon Wimmer</a> and <a href="../authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Irrationality_J_Hancl.html">Irrational Rapidly Convergent Series</a></h5> <br>by <a href="../authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="../authors/li">Wenda Li</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AxiomaticCategoryTheory.html">Axiom Systems for Category Theory in Free Logic</a></h5> <br>by <a href="../authors/benzmueller">Christoph Benzmüller</a> and <a href="../authors/scott">Dana Scott</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Monad_Memo_DP.html">Monadification, Memoization and Dynamic Programming</a></h5> <br>by <a href="../authors/wimmer">Simon Wimmer</a>, <a href="../authors/hu">Shuwei Hu</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/OpSets.html">OpSets: Sequential Specifications for Replicated Datatypes</a></h5> <br>by <a href="../authors/kleppmann">Martin Kleppmann</a>, <a href="../authors/gomes">Victor B. F. Gomes</a>, <a href="../authors/mulligan">Dominic P. Mulligan</a> and <a href="../authors/beresford">Alastair R. Beresford</a></div>
<span class="date">
May 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Modular_Assembly_Kit_Security.html">An Isabelle/HOL Formalization of the Modular Assembly Kit for Security Properties</a></h5> <br>by <a href="../authors/bracevac">Oliver Bračevac</a>, <a href="../authors/gay">Richard Gay</a>, <a href="../authors/grewe">Sylvia Grewe</a>, <a href="../authors/mantel">Heiko Mantel</a>, <a href="../authors/sudbrock">Henning Sudbrock</a> and <a href="../authors/tasch">Markus Tasch</a></div>
<span class="date">
May 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/WebAssembly.html">WebAssembly</a></h5> <br>by <a href="../authors/watt">Conrad Watt</a></div>
<span class="date">
Apr 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/VerifyThis2018.html">VerifyThis 2018 - Polished Isabelle Solutions</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/wimmer">Simon Wimmer</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BNF_CC.html">Bounded Natural Functors with Covariance and Contravariance</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/schneider">Joshua Schneider</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Fishburn_Impossibility.html">The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency</a></h5> <br>by <a href="../authors/brandt">Felix Brandt</a>, <a href="../authors/eberl">Manuel Eberl</a>, <a href="../authors/saile">Christian Saile</a> and <a href="../authors/stricker">Christian Stricker</a></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Weight_Balanced_Trees.html">Weight-Balanced Trees</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a> and <a href="../authors/dirix">Stefan Dirix</a></div>
<span class="date">
Mar 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CakeML.html">CakeML</a></h5> <br>by <a href="../authors/hupel">Lars Hupel</a> and <a href="../authors/zhang">Yu Zhang</a></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Architectural_Design_Patterns.html">A Theory of Architectural Design Patterns</a></h5> <br>by <a href="../authors/marmsoler">Diego Marmsoler</a></div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hoare_Time.html">Hoare Logics for Time Bounds</a></h5> <br>by <a href="../authors/haslbeckm">Maximilian P. L. Haslbeck</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Treaps.html">Treaps</a></h5> <br>by <a href="../authors/haslbeck">Max W. Haslbeck</a>, <a href="../authors/eberl">Manuel Eberl</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Error_Function.html">The Error Function</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/First_Order_Terms.html">First-Order Terms</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LLL_Factorization.html">A verified factorization algorithm for integer polynomials with polynomial complexity</a></h5> <br>by <a href="../authors/divason">Jose Divasón</a>, <a href="../authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LLL_Basis_Reduction.html">A verified LLL algorithm</a></h5> <br>by <a href="../authors/bottesch">Ralph Bottesch</a>, <a href="../authors/divason">Jose Divasón</a>, <a href="../authors/haslbeck">Max W. Haslbeck</a>, <a href="../authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Feb 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ordered_Resolution_Prover.html">Formalization of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</a></h5> <br>by <a href="../authors/schlichtkrull">Anders Schlichtkrull</a>, <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/traytel">Dmitriy Traytel</a> and <a href="../authors/waldmann">Uwe Waldmann</a></div>
<span class="date">
Jan 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gromov_Hyperbolicity.html">Gromov Hyperbolicity</a></h5> <br>by <a href="../authors/gouezel">Sebastien Gouezel</a></div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Green.html">An Isabelle/HOL formalisation of Green&#39;s Theorem</a></h5> <br>by <a href="../authors/abdulaziz">Mohammad Abdulaziz</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Jan 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Taylor_Models.html">Taylor Models</a></h5> <br>by <a href="../authors/traut">Christoph Traut</a> and <a href="../authors/immler">Fabian Immler</a></div>
<span class="date">
Jan 08
</span>
</article>
<h2 class="head">2017</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Falling_Factorial_Sum.html">The Falling Factorial of a Sum</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Median_Of_Medians_Selection.html">The Median-of-Medians Selection Algorithm</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Mason_Stothers.html">The Mason–Stothers Theorem</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dirichlet_L.html">Dirichlet L-Functions and Dirichlet&#39;s Theorem</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BNF_Operations.html">Operations on Bounded Natural Functors</a></h5> <br>by <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Dec 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Knuth_Morris_Pratt.html">The string search algorithm by Knuth, Morris and Pratt</a></h5> <br>by <a href="../authors/hellauer">Fabian Hellauer</a> and <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Dec 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stochastic_Matrices.html">Stochastic Matrices and the Perron-Frobenius Theorem</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IMAP-CRDT.html">The IMAP CmRDT</a></h5> <br>by <a href="../authors/jungnickel">Tim Jungnickel</a>, <a href="../authors/oldenburg">Lennart Oldenburg</a> and <a href="../authors/loibl">Matthias Loibl</a></div>
<span class="date">
Nov 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hybrid_Multi_Lane_Spatial_Logic.html">Hybrid Multi-Lane Spatial Logic</a></h5> <br>by <a href="../authors/linker">Sven Linker</a></div>
<span class="date">
Nov 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Kuratowski_Closure_Complement.html">The Kuratowski Closure-Complement Theorem</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a> and <a href="../authors/gioiosa">Gianpaolo Gioiosa</a></div>
<span class="date">
Oct 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Transition_Systems_and_Automata.html">Transition Systems and Automata</a></h5> <br>by <a href="../authors/brunner">Julian Brunner</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Buchi_Complementation.html">Büchi Complementation</a></h5> <br>by <a href="../authors/brunner">Julian Brunner</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Winding_Number_Eval.html">Evaluate Winding Numbers through Cauchy Indices</a></h5> <br>by <a href="../authors/li">Wenda Li</a></div>
<span class="date">
Oct 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Count_Complex_Roots.html">Count the Number of Complex Roots</a></h5> <br>by <a href="../authors/li">Wenda Li</a></div>
<span class="date">
Oct 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Diophantine_Eqns_Lin_Hom.html">Homogeneous Linear Diophantine Equations</a></h5> <br>by <a href="../authors/messner">Florian Messner</a>, <a href="../authors/parsert">Julian Parsert</a>, <a href="../authors/schoepf">Jonas Schöpf</a> and <a href="../authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Oct 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Zeta_Function.html">The Hurwitz and Riemann ζ Functions</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Linear_Recurrences.html">Linear Recurrences</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dirichlet_Series.html">Dirichlet Series</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lowe_Ontological_Argument.html">Computer-assisted Reconstruction and Assessment of E. J. Lowe&#39;s Modal Ontological Argument</a></h5> <br>by <a href="../authors/fuenmayor">David Fuenmayor</a> and <a href="../authors/benzmueller">Christoph Benzmüller</a></div>
<span class="date">
Sep 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PLM.html">Representation and Partial Automation of the Principia Logico-Metaphysica in Isabelle/HOL</a></h5> <br>by <a href="../authors/kirchner">Daniel Kirchner</a></div>
<span class="date">
Sep 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AnselmGod.html">Anselm&#39;s God in Isabelle/HOL</a></h5> <br>by <a href="../authors/blumson">Ben Blumson</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/First_Welfare_Theorem.html">Microeconomics and the First Welfare Theorem</a></h5> <br>by <a href="../authors/parsert">Julian Parsert</a> and <a href="../authors/kaliszyk">Cezary Kaliszyk</a></div>
<span class="date">
Sep 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Root_Balanced_Tree.html">Root-Balanced Tree</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Orbit_Stabiliser.html">Orbit-Stabiliser Theorem with Application to Rotational Symmetries</a></h5> <br>by <a href="../authors/raedle">Jonas Rädle</a></div>
<span class="date">
Aug 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LambdaMu.html">The LambdaMu-calculus</a></h5> <br>by <a href="../authors/matache">Cristina Matache</a>, <a href="../authors/gomes">Victor B. F. Gomes</a> and <a href="../authors/mulligan">Dominic P. Mulligan</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stewart_Apollonius.html">Stewart&#39;s Theorem and Apollonius&#39; Theorem</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Jul 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DynamicArchitectures.html">Dynamic Architectures</a></h5> <br>by <a href="../authors/marmsoler">Diego Marmsoler</a></div>
<span class="date">
Jul 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Decl_Sem_Fun_PL.html">Declarative Semantics for Functional Languages</a></h5> <br>by <a href="../authors/siek">Jeremy Siek</a></div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/HOLCF-Prelude.html">HOLCF-Prelude</a></h5> <br>by <a href="../authors/breitner">Joachim Breitner</a>, <a href="../authors/huffman">Brian Huffman</a>, <a href="../authors/mitchell">Neil Mitchell</a> and <a href="../authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Jul 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Minkowskis_Theorem.html">Minkowski&#39;s Theorem</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Name_Carrying_Type_Inference.html">Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus</a></h5> <br>by <a href="../authors/rawson">Michael Rawson</a></div>
<span class="date">
Jul 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CRDT.html">A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes</a></h5> <br>by <a href="../authors/gomes">Victor B. F. Gomes</a>, <a href="../authors/kleppmann">Martin Kleppmann</a>, <a href="../authors/mulligan">Dominic P. Mulligan</a> and <a href="../authors/beresford">Alastair R. Beresford</a></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stone_Kleene_Relation_Algebras.html">Stone-Kleene Relation Algebras</a></h5> <br>by <a href="../authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Jul 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Propositional_Proof_Systems.html">Propositional Proof Systems</a></h5> <br>by <a href="../authors/michaelis">Julius Michaelis</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PSemigroupsConvolution.html">Partial Semigroups and Convolution Algebras</a></h5> <br>by <a href="../authors/dongol">Brijesh Dongol</a>, <a href="../authors/gomes">Victor B. F. Gomes</a>, <a href="../authors/hayes">Ian J. Hayes</a> and <a href="../authors/struth">Georg Struth</a></div>
<span class="date">
Jun 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Buffons_Needle.html">Buffon&#39;s Needle Problem</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jun 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Prpu_Maxflow.html">Formalizing Push-Relabel Algorithms</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Flow_Networks.html">Flow Networks and the Min-Cut-Max-Flow Theorem</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Optics.html">Optics</a></h5> <br>by <a href="../authors/fosters">Simon Foster</a> and <a href="../authors/zeyda">Frank Zeyda</a></div>
<span class="date">
May 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dict_Construction.html">Dictionary Construction</a></h5> <br>by <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Security_Protocol_Refinement.html">Developing Security Protocols by Refinement</a></h5> <br>by <a href="../authors/sprenger">Christoph Sprenger</a> and <a href="../authors/somaini">Ivano Somaini</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Floyd_Warshall.html">The Floyd-Warshall Algorithm for Shortest Paths</a></h5> <br>by <a href="../authors/wimmer">Simon Wimmer</a> and <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Probabilistic_While.html">Probabilistic while loop</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Monad_Normalisation.html">Monad normalisation</a></h5> <br>by <a href="../authors/schneider">Joshua Schneider</a>, <a href="../authors/eberl">Manuel Eberl</a> and <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Game_Based_Crypto.html">Game-based cryptography in HOL</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a>, <a href="../authors/sefidgar">S. Reza Sefidgar</a> and <a href="../authors/bhatt">Bhargav Bhatt</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Monomorphic_Monad.html">Effect polymorphism in higher-order logic</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CryptHOL.html">CryptHOL</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MonoidalCategory.html">Monoidal Categories</a></h5> <br>by <a href="../authors/stark">Eugene W. Stark</a></div>
<span class="date">
May 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Types_Tableaus_and_Goedels_God.html">Types, Tableaus and Gödel’s God in Isabelle/HOL</a></h5> <br>by <a href="../authors/fuenmayor">David Fuenmayor</a> and <a href="../authors/benzmueller">Christoph Benzmüller</a></div>
<span class="date">
May 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LocalLexing.html">Local Lexing</a></h5> <br>by <a href="../authors/obua">Steven Obua</a></div>
<span class="date">
Apr 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Constructor_Funs.html">Constructor Functions</a></h5> <br>by <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
Apr 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lazy_Case.html">Lazifying case constants</a></h5> <br>by <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
Apr 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Subresultants.html">Subresultants</a></h5> <br>by <a href="../authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Apr 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Random_BSTs.html">Expected Shape of Random Binary Search Trees</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Quick_Sort_Cost.html">The number of comparisons in QuickSort</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Comparison_Sort_Lower_Bound.html">Lower bound on comparison-based sorting algorithms</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Euler_MacLaurin.html">The Euler–MacLaurin Formula</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Elliptic_Curves_Group_Law.html">The Group Law for Elliptic Curves</a></h5> <br>by <a href="../authors/berghofer">Stefan Berghofer</a></div>
<span class="date">
Feb 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Menger.html">Menger&#39;s Theorem</a></h5> <br>by <a href="../authors/dittmann">Christoph Dittmann</a></div>
<span class="date">
Feb 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Differential_Dynamic_Logic.html">Differential Dynamic Logic</a></h5> <br>by <a href="../authors/bohrer">Rose Bohrer</a></div>
<span class="date">
Feb 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Abstract_Soundness.html">Abstract Soundness</a></h5> <br>by <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Feb 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stone_Relation_Algebras.html">Stone Relation Algebras</a></h5> <br>by <a href="../authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Feb 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Key_Agreement_Strong_Adversaries.html">Refining Authenticated Key Agreement with Strong Adversaries</a></h5> <br>by <a href="../authors/lallemand">Joseph Lallemand</a> and <a href="../authors/sprenger">Christoph Sprenger</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Bernoulli.html">Bernoulli Numbers</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a> and <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Minimal_SSA.html">Minimal Static Single Assignment Form</a></h5> <br>by <a href="../authors/wagner">Max Wagner</a> and <a href="../authors/lohner">Denis Lohner</a></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Bertrands_Postulate.html">Bertrand&#39;s postulate</a></h5> <br>by <a href="../authors/biendarra">Julian Biendarra</a> and <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/E_Transcendental.html">The Transcendence of e</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/UPF_Firewall.html">Formal Network Models and Their Application to Firewall Policies</a></h5> <br>by <a href="../authors/brucker">Achim D. Brucker</a>, <a href="../authors/bruegger">Lukas Brügger</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Jan 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Password_Authentication_Protocol.html">Verification of a Diffie-Hellman Password-based Authentication Protocol by Extending the Inductive Method</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Jan 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FOL_Harrison.html">First-Order Logic According to Harrison</a></h5> <br>by <a href="../authors/jensen">Alexander Birch Jensen</a>, <a href="../authors/schlichtkrull">Anders Schlichtkrull</a> and <a href="../authors/villadsen">Jørgen Villadsen</a></div>
<span class="date">
Jan 01
</span>
</article>
<h2 class="head">2016</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Concurrent_Ref_Alg.html">Concurrent Refinement Algebra and Rely Quotients</a></h5> <br>by <a href="../authors/fell">Julian Fell</a>, <a href="../authors/hayes">Ian J. Hayes</a> and <a href="../authors/velykis">Andrius Velykis</a></div>
<span class="date">
Dec 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Twelvefold_Way.html">The Twelvefold Way</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Dec 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Proof_Strategy_Language.html">Proof Strategy Language</a></h5> <br>by <a href="../authors/nagashima">Yutaka Nagashima</a></div>
<span class="date">
Dec 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Paraconsistency.html">Paraconsistency</a></h5> <br>by <a href="../authors/schlichtkrull">Anders Schlichtkrull</a> and <a href="../authors/villadsen">Jørgen Villadsen</a></div>
<span class="date">
Dec 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Complx.html">COMPLX: A Verification Framework for Concurrent Imperative Programs</a></h5> <br>by <a href="../authors/amani">Sidney Amani</a>, <a href="../authors/andronick">June Andronick</a>, <a href="../authors/bortin">Maksym Bortin</a>, <a href="../authors/lewis">Corey Lewis</a>, <a href="../authors/rizkallah">Christine Rizkallah</a> and <a href="../authors/tuongj">Joseph Tuong</a></div>
<span class="date">
Nov 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Abs_Int_ITP2012.html">Abstract Interpretation of Annotated Commands</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Separata.html">Separata: Isabelle tactics for Separation Algebra</a></h5> <br>by <a href="../authors/hou">Zhe Hou</a>, <a href="../authors/sanan">David Sanan</a>, <a href="../authors/tiu">Alwen Tiu</a>, <a href="../authors/gore">Rajeev Gore</a> and <a href="../authors/clouston">Ranald Clouston</a></div>
<span class="date">
Nov 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Nested_Multisets_Ordinals.html">Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals</a></h5> <br>by <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/fleury">Mathias Fleury</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Nov 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lambda_Free_KBOs.html">Formalization of Knuth–Bendix Orders for Lambda-Free Higher-Order Terms</a></h5> <br>by <a href="../authors/becker">Heiko Becker</a>, <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/waldmann">Uwe Waldmann</a> and <a href="../authors/wand">Daniel Wand</a></div>
<span class="date">
Nov 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Deep_Learning.html">Expressiveness of Deep Learning</a></h5> <br>by <a href="../authors/bentkamp">Alexander Bentkamp</a></div>
<span class="date">
Nov 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Modal_Logics_for_NTS.html">Modal Logics for Nominal Transition Systems</a></h5> <br>by <a href="../authors/weber">Tjark Weber</a>, <a href="../authors/eriksson">Lars-Henrik Eriksson</a>, <a href="../authors/parrow">Joachim Parrow</a>, <a href="../authors/borgstroem">Johannes Borgström</a> and <a href="../authors/gutkovas">Ramunas Gutkovas</a></div>
<span class="date">
Oct 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stable_Matching.html">Stable Matching</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a></div>
<span class="date">
Oct 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LOFT.html">LOFT — Verified Migration of Linux Firewalls to SDN</a></h5> <br>by <a href="../authors/michaelis">Julius Michaelis</a> and <a href="../authors/diekmann">Cornelius Diekmann</a></div>
<span class="date">
Oct 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Source_Coding_Theorem.html">Source Coding Theorem</a></h5> <br>by <a href="../authors/hibon">Quentin Hibon</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SPARCv8.html">A formal model for the SPARCv8 ISA and a proof of non-interference for the LEON3 processor</a></h5> <br>by <a href="../authors/hou">Zhe Hou</a>, <a href="../authors/sanan">David Sanan</a>, <a href="../authors/tiu">Alwen Tiu</a> and <a href="../authors/liuy">Yang Liu</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Berlekamp_Zassenhaus.html">The Factorization Algorithm of Berlekamp and Zassenhaus</a></h5> <br>by <a href="../authors/divason">Jose Divasón</a>, <a href="../authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Oct 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Chord_Segments.html">Intersecting Chords Theorem</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Oct 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lp.html">Lp spaces</a></h5> <br>by <a href="../authors/gouezel">Sebastien Gouezel</a></div>
<span class="date">
Oct 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Fisher_Yates.html">Fisher–Yates shuffle</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Sep 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Allen_Calculus.html">Allen&#39;s Interval Calculus</a></h5> <br>by <a href="../authors/ghourabi">Fadoua Ghourabi</a></div>
<span class="date">
Sep 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lambda_Free_RPOs.html">Formalization of Recursive Path Orders for Lambda-Free Higher-Order Terms</a></h5> <br>by <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/waldmann">Uwe Waldmann</a> and <a href="../authors/wand">Daniel Wand</a></div>
<span class="date">
Sep 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Iptables_Semantics.html">Iptables Semantics</a></h5> <br>by <a href="../authors/diekmann">Cornelius Diekmann</a> and <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stone_Algebras.html">Stone Algebras</a></h5> <br>by <a href="../authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SuperCalc.html">A Variant of the Superposition Calculus</a></h5> <br>by <a href="../authors/peltier">Nicolas Peltier</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stirling_Formula.html">Stirling&#39;s formula</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Sep 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Routing.html">Routing</a></h5> <br>by <a href="../authors/michaelis">Julius Michaelis</a> and <a href="../authors/diekmann">Cornelius Diekmann</a></div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Simple_Firewall.html">Simple Firewall</a></h5> <br>by <a href="../authors/diekmann">Cornelius Diekmann</a>, <a href="../authors/michaelis">Julius Michaelis</a> and <a href="../authors/haslbeck">Max W. Haslbeck</a></div>
<span class="date">
Aug 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/InfPathElimination.html">Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths</a></h5> <br>by <a href="../authors/aissat">Romain Aissat</a>, <a href="../authors/voisin">Frederic Voisin</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Aug 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/EdmondsKarp_Maxflow.html">Formalizing the Edmonds-Karp Algorithm</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Refine_Imperative_HOL.html">The Imperative Refinement Framework</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ptolemys_Theorem.html">Ptolemy&#39;s Theorem</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Aug 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Surprise_Paradox.html">Surprise Paradox</a></h5> <br>by <a href="../authors/breitner">Joachim Breitner</a></div>
<span class="date">
Jul 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Pairing_Heap.html">Pairing Heap</a></h5> <br>by <a href="../authors/brinkop">Hauke Brinkop</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jul 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DFS_Framework.html">A Framework for Verifying Depth-First Search Algorithms</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/neumann">René Neumann</a></div>
<span class="date">
Jul 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Buildings.html">Chamber Complexes, Coxeter Systems, and Buildings</a></h5> <br>by <a href="../authors/sylvestre">Jeremy Sylvestre</a></div>
<span class="date">
Jul 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Rewriting_Z.html">The Z Property</a></h5> <br>by <a href="../authors/felgenhauer">Bertram Felgenhauer</a>, <a href="../authors/nagele">Julian Nagele</a>, <a href="../authors/oostrom">Vincent van Oostrom</a> and <a href="../authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Jun 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Resolution_FOL.html">The Resolution Calculus for First-Order Logic</a></h5> <br>by <a href="../authors/schlichtkrull">Anders Schlichtkrull</a></div>
<span class="date">
Jun 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IP_Addresses.html">IP Addresses</a></h5> <br>by <a href="../authors/diekmann">Cornelius Diekmann</a>, <a href="../authors/michaelis">Julius Michaelis</a> and <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
Jun 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dependent_SIFUM_Refinement.html">Compositional Security-Preserving Refinement for Concurrent Imperative Programs</a></h5> <br>by <a href="../authors/murray">Toby Murray</a>, <a href="../authors/sison">Robert Sison</a>, <a href="../authors/pierzchalski">Edward Pierzchalski</a> and <a href="../authors/rizkallah">Christine Rizkallah</a></div>
<span class="date">
Jun 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Category3.html">Category Theory with Adjunctions and Limits</a></h5> <br>by <a href="../authors/stark">Eugene W. Stark</a></div>
<span class="date">
Jun 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Card_Multisets.html">Cardinality of Multisets</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Jun 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dependent_SIFUM_Type_Systems.html">A Dependent Security Type System for Concurrent Imperative Programs</a></h5> <br>by <a href="../authors/murray">Toby Murray</a>, <a href="../authors/sison">Robert Sison</a>, <a href="../authors/pierzchalski">Edward Pierzchalski</a> and <a href="../authors/rizkallah">Christine Rizkallah</a></div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Catalan_Numbers.html">Catalan Numbers</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jun 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Algebraic_VCs.html">Program Construction and Verification Components Based on Kleene Algebra</a></h5> <br>by <a href="../authors/gomes">Victor B. F. Gomes</a> and <a href="../authors/struth">Georg Struth</a></div>
<span class="date">
Jun 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Noninterference_Concurrent_Composition.html">Conservation of CSP Noninterference Security under Concurrent Composition</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Jun 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Word_Lib.html">Finite Machine Word Library</a></h5> <br>by <a href="../authors/beeren">Joel Beeren</a>, <a href="../authors/fernandez">Matthew Fernandez</a>, <a href="../authors/gao">Xin Gao</a>, <a href="../authors/klein">Gerwin Klein</a>, <a href="../authors/kolanski">Rafal Kolanski</a>, <a href="../authors/lim">Japheth Lim</a>, <a href="../authors/lewis">Corey Lewis</a>, <a href="../authors/matichuk">Daniel Matichuk</a> and <a href="../authors/sewell">Thomas Sewell</a></div>
<span class="date">
Jun 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Tree_Decomposition.html">Tree Decomposition</a></h5> <br>by <a href="../authors/dittmann">Christoph Dittmann</a></div>
<span class="date">
May 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Posix-Lexing.html">POSIX Lexing with Derivatives of Regular Expressions</a></h5> <br>by <a href="../authors/ausaf">Fahad Ausaf</a>, <a href="../authors/dyckhoff">Roy Dyckhoff</a> and <a href="../authors/urban">Christian Urban</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Card_Equiv_Relations.html">Cardinality of Equivalence Relations</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Incredible_Proof_Machine.html">The meta theory of the Incredible Proof Machine</a></h5> <br>by <a href="../authors/breitner">Joachim Breitner</a> and <a href="../authors/lohner">Denis Lohner</a></div>
<span class="date">
May 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Perron_Frobenius.html">Perron-Frobenius Theorem for Spectral Radius Analysis</a></h5> <br>by <a href="../authors/divason">Jose Divasón</a>, <a href="../authors/kuncar">Ondřej Kunčar</a>, <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
May 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FLP.html">A Constructive Proof for FLP</a></h5> <br>by <a href="../authors/bisping">Benjamin Bisping</a>, <a href="../authors/brodmann">Paul-David Brodmann</a>, <a href="../authors/jungnickel">Tim Jungnickel</a>, <a href="../authors/rickmann">Christina Rickmann</a>, <a href="../authors/seidler">Henning Seidler</a>, <a href="../authors/stueber">Anke Stüber</a>, <a href="../authors/weidner">Arno Wilhelm-Weidner</a>, <a href="../authors/peters">Kirstin Peters</a> and <a href="../authors/nestmann">Uwe Nestmann</a></div>
<span class="date">
May 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MFMC_Countable.html">A Formal Proof of the Max-Flow Min-Cut Theorem for Countable Networks</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Randomised_Social_Choice.html">Randomised Social Choice Theory</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SDS_Impossibility.html">The Incompatibility of SD-Efficiency and SD-Strategy-Proofness</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
May 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Bell_Numbers_Spivey.html">Spivey&#39;s Generalized Recurrence for Bell Numbers</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
May 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Groebner_Bases.html">Gröbner Bases Theory</a></h5> <br>by <a href="../authors/immler">Fabian Immler</a> and <a href="../authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/No_FTL_observers.html">No Faster-Than-Light Observers</a></h5> <br>by <a href="../authors/stannett">Mike Stannett</a> and <a href="../authors/nemeti">István Németi</a></div>
<span class="date">
Apr 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ROBDD.html">Algorithms for Reduced Ordered Binary Decision Diagrams</a></h5> <br>by <a href="../authors/michaelis">Julius Michaelis</a>, <a href="../authors/haslbeck">Max W. Haslbeck</a>, <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CYK.html">A formalisation of the Cocke-Younger-Kasami algorithm</a></h5> <br>by <a href="../authors/bortin">Maksym Bortin</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Noninterference_Sequential_Composition.html">Conservation of CSP Noninterference Security under Sequential Composition</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/KAD.html">Kleene Algebras with Domain</a></h5> <br>by <a href="../authors/gomes">Victor B. F. Gomes</a>, <a href="../authors/guttmann">Walter Guttmann</a>, <a href="../authors/hoefner">Peter Höfner</a>, <a href="../authors/struth">Georg Struth</a> and <a href="../authors/weber">Tjark Weber</a></div>
<span class="date">
Apr 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PropResPI.html">Propositional Resolution and Prime Implicates Generation</a></h5> <br>by <a href="../authors/peltier">Nicolas Peltier</a></div>
<span class="date">
Mar 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Timed_Automata.html">Timed Automata</a></h5> <br>by <a href="../authors/wimmer">Simon Wimmer</a></div>
<span class="date">
Mar 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Cartan_FP.html">The Cartan Fixed Point Theorems</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Mar 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LTL.html">Linear Temporal Logic</a></h5> <br>by <a href="../authors/sickert">Salomon Sickert</a></div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/List_Update.html">Analysis of List Update Algorithms</a></h5> <br>by <a href="../authors/haslbeckm">Maximilian P. L. Haslbeck</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Formal_SSA.html">Verified Construction of Static Single Assignment Form</a></h5> <br>by <a href="../authors/ullrich">Sebastian Ullrich</a> and <a href="../authors/lohner">Denis Lohner</a></div>
<span class="date">
Feb 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Polynomial_Interpolation.html">Polynomial Interpolation</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Jan 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Polynomial_Factorization.html">Polynomial Factorization</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Jan 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Knot_Theory.html">Knot Theory</a></h5> <br>by <a href="../authors/prathamesh">T.V.H. Prathamesh</a></div>
<span class="date">
Jan 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Matrix_Tensor.html">Tensor Product of Matrices</a></h5> <br>by <a href="../authors/prathamesh">T.V.H. Prathamesh</a></div>
<span class="date">
Jan 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Card_Number_Partitions.html">Cardinality of Number Partitions</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Jan 14
</span>
</article>
<h2 class="head">2015</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Prime_Harmonic_Series.html">The Divergence of the Prime Harmonic Series</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Liouville_Numbers.html">Liouville numbers</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Descartes_Sign_Rule.html">Descartes&#39; Rule of Signs</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Triangle.html">Basic Geometric Properties of Triangles</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stern_Brocot.html">The Stern-Brocot Tree</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a> and <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Applicative_Lifting.html">Applicative Lifting</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/schneider">Joshua Schneider</a></div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Algebraic_Numbers.html">Algebraic Numbers in Isabelle/HOL</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a>, <a href="../authors/yamada">Akihisa Yamada</a> and <a href="../authors/joosten">Sebastiaan J. C. Joosten</a></div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Card_Partitions.html">Cardinality of Set Partitions</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Dec 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Latin_Square.html">Latin Square</a></h5> <br>by <a href="../authors/bentkamp">Alexander Bentkamp</a></div>
<span class="date">
Dec 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ergodic_Theory.html">Ergodic Theory</a></h5> <br>by <a href="../authors/gouezel">Sebastien Gouezel</a></div>
<span class="date">
Dec 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Euler_Partition.html">Euler&#39;s Partition Theorem</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/TortoiseHare.html">The Tortoise and Hare Algorithm</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a></div>
<span class="date">
Nov 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Planarity_Certificates.html">Planarity Certificates</a></h5> <br>by <a href="../authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Nov 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Parity_Game.html">Positional Determinacy of Parity Games</a></h5> <br>by <a href="../authors/dittmann">Christoph Dittmann</a></div>
<span class="date">
Nov 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Isabelle_Meta_Model.html">A Meta-Model for the Isabelle API</a></h5> <br>by <a href="../authors/tuong">Frédéric Tuong</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LTL_to_DRA.html">Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata</a></h5> <br>by <a href="../authors/sickert">Salomon Sickert</a></div>
<span class="date">
Sep 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Jordan_Normal_Form.html">Matrices, Jordan Normal Forms, and Spectral Radius Theory</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a> and <a href="../authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Aug 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Decreasing-Diagrams-II.html">Decreasing Diagrams II</a></h5> <br>by <a href="../authors/felgenhauer">Bertram Felgenhauer</a></div>
<span class="date">
Aug 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Noninterference_Inductive_Unwinding.html">The Inductive Unwinding Theorem for CSP Noninterference Security</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Aug 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Rep_Fin_Groups.html">Representations of Finite Groups</a></h5> <br>by <a href="../authors/sylvestre">Jeremy Sylvestre</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Encodability_Process_Calculi.html">Analysing and Comparing Encodability Criteria for Process Calculi</a></h5> <br>by <a href="../authors/peters">Kirstin Peters</a> and <a href="../authors/glabbeek">Rob van Glabbeek</a></div>
<span class="date">
Aug 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Case_Labeling.html">Generating Cases from Labeled Subgoals</a></h5> <br>by <a href="../authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Akra_Bazzi.html">The Akra-Bazzi theorem and the Master theorem</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Landau_Symbols.html">Landau Symbols</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Hermite.html">Hermite Normal Form</a></h5> <br>by <a href="../authors/divason">Jose Divasón</a> and <a href="../authors/aransay">Jesús Aransay</a></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Derangements.html">Derangements Formula</a></h5> <br>by <a href="../authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Jun 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Noninterference_Ipurge_Unwinding.html">The Ipurge Unwinding Theorem for CSP Noninterference Security</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Noninterference_Generic_Unwinding.html">The Generic Unwinding Theorem for CSP Noninterference Security</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/List_Interleaving.html">Reasoning about Lists via List Interleaving</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Multirelations.html">Binary Multirelations</a></h5> <br>by <a href="../authors/furusawa">Hitoshi Furusawa</a> and <a href="../authors/struth">Georg Struth</a></div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dynamic_Tables.html">Parameterized Dynamic Tables</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Formula_Derivatives.html">Derivatives of Logical Formulas</a></h5> <br>by <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Probabilistic_System_Zoo.html">A Zoo of Probabilistic Systems</a></h5> <br>by <a href="../authors/hoelzl">Johannes Hölzl</a>, <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
May 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Vickrey_Clarke_Groves.html">VCG - Combinatorial Vickrey-Clarke-Groves Auctions</a></h5> <br>by <a href="../authors/caminati">Marco B. Caminati</a>, <a href="../authors/kerber">Manfred Kerber</a>, <a href="../authors/lange">Christoph Lange</a> and <a href="../authors/rowat">Colin Rowat</a></div>
<span class="date">
Apr 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Residuated_Lattices.html">Residuated Lattices</a></h5> <br>by <a href="../authors/gomes">Victor B. F. Gomes</a> and <a href="../authors/struth">Georg Struth</a></div>
<span class="date">
Apr 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ConcurrentGC.html">Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a>, <a href="../authors/hosking">Tony Hosking</a> and <a href="../authors/engelhardt">Kai Engelhardt</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ConcurrentIMP.html">Concurrent IMP</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Trie.html">Trie</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Mar 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Consensus_Refined.html">Consensus Refined</a></h5> <br>by <a href="../authors/maric">Ognjen Marić</a> and <a href="../authors/sprenger">Christoph Sprenger</a></div>
<span class="date">
Mar 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Deriving.html">Deriving class instances for datatypes</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Mar 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Call_Arity.html">The Safety of Call Arity</a></h5> <br>by <a href="../authors/breitner">Joachim Breitner</a></div>
<span class="date">
Feb 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/QR_Decomposition.html">QR Decomposition</a></h5> <br>by <a href="../authors/divason">Jose Divasón</a> and <a href="../authors/aransay">Jesús Aransay</a></div>
<span class="date">
Feb 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Echelon_Form.html">Echelon Form</a></h5> <br>by <a href="../authors/divason">Jose Divasón</a> and <a href="../authors/aransay">Jesús Aransay</a></div>
<span class="date">
Feb 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Finite_Automata_HF.html">Finite Automata in Hereditarily Finite Set Theory</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Feb 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/UpDown_Scheme.html">Verification of the UpDown Scheme</a></h5> <br>by <a href="../authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
Jan 28
</span>
</article>
<h2 class="head">2014</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/UPF.html">The Unified Policy Framework (UPF)</a></h5> <br>by <a href="../authors/brucker">Achim D. Brucker</a>, <a href="../authors/bruegger">Lukas Brügger</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Nov 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AODV.html">Loop freedom of the (untimed) AODV routing protocol</a></h5> <br>by <a href="../authors/bourke">Timothy Bourke</a> and <a href="../authors/hoefner">Peter Höfner</a></div>
<span class="date">
Oct 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lifting_Definition_Option.html">Lifting Definition Option</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Oct 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stream_Fusion_Code.html">Stream Fusion in HOL with Code Generation</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/maximova">Alexandra Maximova</a></div>
<span class="date">
Oct 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Density_Compiler.html">A Verified Compiler for Probability Density Functions</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a>, <a href="../authors/hoelzl">Johannes Hölzl</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Oct 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/RefinementReactive.html">Formalization of Refinement Calculus for Reactive Systems</a></h5> <br>by <a href="../authors/preoteasa">Viorel Preoteasa</a></div>
<span class="date">
Oct 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/XML.html">XML</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Oct 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Certification_Monads.html">Certification Monads</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Oct 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Imperative_Insertion_Sort.html">Imperative Insertion Sort</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Sep 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sturm_Tarski.html">The Sturm-Tarski Theorem</a></h5> <br>by <a href="../authors/li">Wenda Li</a></div>
<span class="date">
Sep 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Cayley_Hamilton.html">The Cayley-Hamilton Theorem</a></h5> <br>by <a href="../authors/adelsberger">Stephan Adelsberger</a>, <a href="../authors/hetzl">Stefan Hetzl</a> and <a href="../authors/pollak">Florian Pollak</a></div>
<span class="date">
Sep 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Jordan_Hoelder.html">The Jordan-Hölder Theorem</a></h5> <br>by <a href="../authors/raumer">Jakob von Raumer</a></div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Priority_Queue_Braun.html">Priority Queues Based on Braun Trees</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Sep 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gauss_Jordan.html">Gauss-Jordan Algorithm and Its Applications</a></h5> <br>by <a href="../authors/divason">Jose Divasón</a> and <a href="../authors/aransay">Jesús Aransay</a></div>
<span class="date">
Sep 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/VectorSpace.html">Vector Spaces</a></h5> <br>by <a href="../authors/lee">Holden Lee</a></div>
<span class="date">
Aug 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Special_Function_Bounds.html">Real-Valued Special Functions: Upper and Lower Bounds</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Aug 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Skew_Heap.html">Skew Heap</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Splay_Tree.html">Splay Tree</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Show.html">Haskell&#39;s Show Class in Isabelle/HOL</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Jul 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CISC-Kernel.html">Formal Specification of a Generic Separation Kernel</a></h5> <br>by <a href="../authors/verbeek">Freek Verbeek</a>, <a href="../authors/tverdyshev">Sergey Tverdyshev</a>, <a href="../authors/havle">Oto Havle</a>, <a href="../authors/blasum">Holger Blasum</a>, <a href="../authors/langenstein">Bruno Langenstein</a>, <a href="../authors/stephan">Werner Stephan</a>, <a href="../authors/nemouchi">Yakoub Nemouchi</a>, <a href="../authors/feliachi">Abderrahmane Feliachi</a>, <a href="../authors/wolff">Burkhart Wolff</a> and <a href="../authors/schmaltz">Julien Schmaltz</a></div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/pGCL.html">pGCL for Isabelle</a></h5> <br>by <a href="../authors/cock">David Cock</a></div>
<span class="date">
Jul 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Amortized_Complexity.html">Amortized Complexity Verified</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Network_Security_Policy_Verification.html">Network Security Policy Verification</a></h5> <br>by <a href="../authors/diekmann">Cornelius Diekmann</a></div>
<span class="date">
Jul 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Pop_Refinement.html">Pop-Refinement</a></h5> <br>by <a href="../authors/coglio">Alessandro Coglio</a></div>
<span class="date">
Jul 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MSO_Regex_Equivalence.html">Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions</a></h5> <br>by <a href="../authors/traytel">Dmitriy Traytel</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Boolean_Expression_Checkers.html">Boolean Expression Checkers</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gabow_SCC.html">Verified Efficient Implementation of Gabow&#39;s Strongly Connected Components Algorithm</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CAVA_Automata.html">The CAVA Automata Library</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Promela.html">Promela Formalization</a></h5> <br>by <a href="../authors/neumann">René Neumann</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LTL_to_GBA.html">Converting Linear-Time Temporal Logic to Generalized Büchi Automata</a></h5> <br>by <a href="../authors/schimpf">Alexander Schimpf</a> and <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CAVA_LTL_Modelchecker.html">A Fully Verified Executable LTL Model Checker</a></h5> <br>by <a href="../authors/esparza">Javier Esparza</a>, <a href="../authors/lammich">Peter Lammich</a>, <a href="../authors/neumann">René Neumann</a>, <a href="../authors/nipkow">Tobias Nipkow</a>, <a href="../authors/schimpf">Alexander Schimpf</a> and <a href="../authors/smaus">Jan-Georg Smaus</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Roy_Floyd_Warshall.html">Transitive closure according to Roy-Floyd-Warshall</a></h5> <br>by <a href="../authors/wenzel">Makarius Wenzel</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Noninterference_CSP.html">Noninterference Security in Communicating Sequential Processes</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Regular_Algebras.html">Regular Algebras</a></h5> <br>by <a href="../authors/fosters">Simon Foster</a> and <a href="../authors/struth">Georg Struth</a></div>
<span class="date">
May 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ComponentDependencies.html">Formalisation and Analysis of Component Dependencies</a></h5> <br>by <a href="../authors/spichkova">Maria Spichkova</a></div>
<span class="date">
Apr 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Strong_Security.html">A Formalization of Strong Security</a></h5> <br>by <a href="../authors/grewe">Sylvia Grewe</a>, <a href="../authors/lux">Alexander Lux</a>, <a href="../authors/mantel">Heiko Mantel</a> and <a href="../authors/sauer">Jens Sauer</a></div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/WHATandWHERE_Security.html">A Formalization of Declassification with WHAT-and-WHERE-Security</a></h5> <br>by <a href="../authors/grewe">Sylvia Grewe</a>, <a href="../authors/lux">Alexander Lux</a>, <a href="../authors/mantel">Heiko Mantel</a> and <a href="../authors/sauer">Jens Sauer</a></div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SIFUM_Type_Systems.html">A Formalization of Assumptions and Guarantees for Compositional Noninterference</a></h5> <br>by <a href="../authors/grewe">Sylvia Grewe</a>, <a href="../authors/mantel">Heiko Mantel</a> and <a href="../authors/schoepe">Daniel Schoepe</a></div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Bounded_Deducibility_Security.html">Bounded-Deducibility Security</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a>, <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/bauereiss">Thomas Bauereiss</a></div>
<span class="date">
Apr 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Abstract_Completeness.html">Abstract Completeness</a></h5> <br>by <a href="../authors/blanchette">Jasmin Christian Blanchette</a>, <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Apr 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/HyperCTL.html">A shallow embedding of HyperCTL*</a></h5> <br>by <a href="../authors/rabe">Markus N. Rabe</a>, <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/popescu">Andrei Popescu</a></div>
<span class="date">
Apr 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Discrete_Summation.html">Discrete Summation</a></h5> <br>by <a href="../authors/haftmann">Florian Haftmann</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/GPU_Kernel_PL.html">Syntax and semantics of a GPU kernel programming language</a></h5> <br>by <a href="../authors/wickerson">John Wickerson</a></div>
<span class="date">
Apr 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Probabilistic_Noninterference.html">Probabilistic Noninterference</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
Mar 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AWN.html">Mechanization of the Algebra for Wireless Networks (AWN)</a></h5> <br>by <a href="../authors/bourke">Timothy Bourke</a></div>
<span class="date">
Mar 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Partial_Function_MR.html">Mutually Recursive Partial Functions</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Random_Graph_Subgraph_Threshold.html">Properties of Random Graphs -- Subgraph Containment</a></h5> <br>by <a href="../authors/hupel">Lars Hupel</a></div>
<span class="date">
Feb 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Selection_Heap_Sort.html">Verification of Selection and Heap Sort Using Locales</a></h5> <br>by <a href="../authors/petrovic">Danijela Petrovic</a></div>
<span class="date">
Feb 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Affine_Arithmetic.html">Affine Arithmetic</a></h5> <br>by <a href="../authors/immler">Fabian Immler</a></div>
<span class="date">
Feb 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Real_Impl.html">Implementing field extensions of the form Q[sqrt(b)]</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Regex_Equivalence.html">Unified Decision Procedures for Regular Expression Equivalence</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a> and <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Jan 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Secondary_Sylow.html">Secondary Sylow Theorems</a></h5> <br>by <a href="../authors/raumer">Jakob von Raumer</a></div>
<span class="date">
Jan 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Relation_Algebra.html">Relation Algebra</a></h5> <br>by <a href="../authors/armstrong">Alasdair Armstrong</a>, <a href="../authors/fosters">Simon Foster</a>, <a href="../authors/struth">Georg Struth</a> and <a href="../authors/weber">Tjark Weber</a></div>
<span class="date">
Jan 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/KAT_and_DRA.html">Kleene Algebra with Tests and Demonic Refinement Algebras</a></h5> <br>by <a href="../authors/armstrong">Alasdair Armstrong</a>, <a href="../authors/gomes">Victor B. F. Gomes</a> and <a href="../authors/struth">Georg Struth</a></div>
<span class="date">
Jan 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Featherweight_OCL.html">Featherweight OCL: A Proposal for a Machine-Checked Formal Semantics for OCL 2.5</a></h5> <br>by <a href="../authors/brucker">Achim D. Brucker</a>, <a href="../authors/tuong">Frédéric Tuong</a> and <a href="../authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sturm_Sequences.html">Sturm&#39;s Theorem</a></h5> <br>by <a href="../authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CryptoBasedCompositionalProperties.html">Compositional Properties of Crypto-Based Components</a></h5> <br>by <a href="../authors/spichkova">Maria Spichkova</a></div>
<span class="date">
Jan 11
</span>
</article>
<h2 class="head">2013</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Tail_Recursive_Functions.html">A General Method for the Proof of Theorems on Tail-recursive Functions</a></h5> <br>by <a href="../authors/noce">Pasquale Noce</a></div>
<span class="date">
Dec 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/HereditarilyFinite.html">The Hereditarily Finite Sets</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Nov 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Incompleteness.html">Gödel&#39;s Incompleteness Theorems</a></h5> <br>by <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Nov 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Coinductive_Languages.html">A Codatatype of Formal Languages</a></h5> <br>by <a href="../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Nov 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FocusStreamsCaseStudies.html">Stream Processing Components: Isabelle/HOL Formalisation and Case Studies</a></h5> <br>by <a href="../authors/spichkova">Maria Spichkova</a></div>
<span class="date">
Nov 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/GoedelGod.html">Gödel&#39;s God in Isabelle/HOL</a></h5> <br>by <a href="../authors/benzmueller">Christoph Benzmüller</a> and <a href="../authors/paleo">Bruno Woltzenlogel Paleo</a></div>
<span class="date">
Nov 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Decreasing-Diagrams.html">Decreasing Diagrams</a></h5> <br>by <a href="../authors/zankl">Harald Zankl</a></div>
<span class="date">
Nov 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Automatic_Refinement.html">Automatic Data Refinement</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Oct 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Native_Word.html">Native Word</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Sep 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/IEEE_Floating_Point.html">A Formal Model of IEEE Floating Point Arithmetic</a></h5> <br>by <a href="../authors/yu">Lei Yu</a></div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Pratt_Certificate.html">Pratt&#39;s Primality Certificates</a></h5> <br>by <a href="../authors/wimmer">Simon Wimmer</a> and <a href="../authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Jul 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lehmer.html">Lehmer&#39;s Theorem</a></h5> <br>by <a href="../authors/wimmer">Simon Wimmer</a> and <a href="../authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Jul 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Koenigsberg_Friendship.html">The Königsberg Bridge Problem and the Friendship Theorem</a></h5> <br>by <a href="../authors/li">Wenda Li</a></div>
<span class="date">
Jul 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sort_Encodings.html">Sound and Complete Sort Encodings for First-Order Logic</a></h5> <br>by <a href="../authors/blanchette">Jasmin Christian Blanchette</a> and <a href="../authors/popescu">Andrei Popescu</a></div>
<span class="date">
Jun 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ShortestPath.html">An Axiomatic Characterization of the Single-Source Shortest Path Problem</a></h5> <br>by <a href="../authors/rizkallah">Christine Rizkallah</a></div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Graph_Theory.html">Graph Theory</a></h5> <br>by <a href="../authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Apr 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Containers.html">Light-weight Containers</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Apr 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Nominal2.html">Nominal 2</a></h5> <br>by <a href="../authors/urban">Christian Urban</a>, <a href="../authors/berghofer">Stefan Berghofer</a> and <a href="../authors/kaliszyk">Cezary Kaliszyk</a></div>
<span class="date">
Feb 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Launchbury.html">The Correctness of Launchbury&#39;s Natural Semantics for Lazy Evaluation</a></h5> <br>by <a href="../authors/breitner">Joachim Breitner</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ribbon_Proofs.html">Ribbon Proofs</a></h5> <br>by <a href="../authors/wickerson">John Wickerson</a></div>
<span class="date">
Jan 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Rank_Nullity_Theorem.html">Rank-Nullity Theorem in Linear Algebra</a></h5> <br>by <a href="../authors/divason">Jose Divasón</a> and <a href="../authors/aransay">Jesús Aransay</a></div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Kleene_Algebra.html">Kleene Algebra</a></h5> <br>by <a href="../authors/armstrong">Alasdair Armstrong</a>, <a href="../authors/struth">Georg Struth</a> and <a href="../authors/weber">Tjark Weber</a></div>
<span class="date">
Jan 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Sqrt_Babylonian.html">Computing N-th Roots using the Babylonian Method</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Jan 03
</span>
</article>
<h2 class="head">2012</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Separation_Logic_Imperative_HOL.html">A Separation Logic Framework for Imperative HOL</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/meis">Rene Meis</a></div>
<span class="date">
Nov 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Open_Induction.html">Open Induction</a></h5> <br>by <a href="../authors/ogawa">Mizuhito Ogawa</a> and <a href="../authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Nov 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Tarskis_Geometry.html">The independence of Tarski&#39;s Euclidean axiom</a></h5> <br>by <a href="../authors/makarios">T. J. M. Makarios</a></div>
<span class="date">
Oct 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Bondy.html">Bondy&#39;s Theorem</a></h5> <br>by <a href="../authors/avigad">Jeremy Avigad</a> and <a href="../authors/hetzl">Stefan Hetzl</a></div>
<span class="date">
Oct 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Possibilistic_Noninterference.html">Possibilistic Noninterference</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a> and <a href="../authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
Sep 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Datatype_Order_Generator.html">Generating linear orders for datatypes</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Aug 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Impossible_Geometry.html">Proving the Impossibility of Trisecting an Angle and Doubling the Cube</a></h5> <br>by <a href="../authors/romanos">Ralph Romanos</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Aug 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Heard_Of.html">Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model</a></h5> <br>by <a href="../authors/debrat">Henri Debrat</a> and <a href="../authors/merz">Stephan Merz</a></div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PCF.html">Logical Relations for PCF</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a></div>
<span class="date">
Jul 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Tycon.html">Type Constructor Classes and Monad Transformers</a></h5> <br>by <a href="../authors/huffman">Brian Huffman</a></div>
<span class="date">
Jun 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Pi_Calculus.html">The pi-calculus in nominal logic</a></h5> <br>by <a href="../authors/bengtson">Jesper Bengtson</a></div>
<span class="date">
May 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Psi_Calculi.html">Psi-calculi in Isabelle</a></h5> <br>by <a href="../authors/bengtson">Jesper Bengtson</a></div>
<span class="date">
May 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CCS.html">CCS in nominal logic</a></h5> <br>by <a href="../authors/bengtson">Jesper Bengtson</a></div>
<span class="date">
May 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Circus.html">Isabelle/Circus</a></h5> <br>by <a href="../authors/feliachi">Abderrahmane Feliachi</a>, <a href="../authors/wolff">Burkhart Wolff</a> and <a href="../authors/gaudel">Marie-Claude Gaudel</a></div>
<span class="date">
May 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Separation_Algebra.html">Separation Algebra</a></h5> <br>by <a href="../authors/klein">Gerwin Klein</a>, <a href="../authors/kolanski">Rafal Kolanski</a> and <a href="../authors/boyton">Andrew Boyton</a></div>
<span class="date">
May 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stuttering_Equivalence.html">Stuttering Equivalence</a></h5> <br>by <a href="../authors/merz">Stephan Merz</a></div>
<span class="date">
May 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Inductive_Confidentiality.html">Inductive Study of Confidentiality</a></h5> <br>by <a href="../authors/bella">Giampaolo Bella</a></div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ordinary_Differential_Equations.html">Ordinary Differential Equations</a></h5> <br>by <a href="../authors/immler">Fabian Immler</a> and <a href="../authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Well_Quasi_Orders.html">Well-Quasi-Orders</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Abortable_Linearizable_Modules.html">Abortable Linearizable Modules</a></h5> <br>by <a href="../authors/guerraoui">Rachid Guerraoui</a>, <a href="../authors/kuncak">Viktor Kuncak</a> and <a href="../authors/losa">Giuliano Losa</a></div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Transitive-Closure-II.html">Executable Transitive Closures</a></h5> <br>by <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Girth_Chromatic.html">A Probabilistic Proof of the Girth-Chromatic Number Theorem</a></h5> <br>by <a href="../authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Refine_Monadic.html">Refinement for Monadic Programs</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Jan 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Dijkstra_Shortest_Path.html">Dijkstra&#39;s Shortest Path Algorithm</a></h5> <br>by <a href="../authors/nordhoff">Benedikt Nordhoff</a> and <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Jan 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Markov_Models.html">Markov Models</a></h5> <br>by <a href="../authors/hoelzl">Johannes Hölzl</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jan 03
</span>
</article>
<h2 class="head">2011</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/TLA.html">A Definitional Encoding of TLA* in Isabelle/HOL</a></h5> <br>by <a href="../authors/grov">Gudmund Grov</a> and <a href="../authors/merz">Stephan Merz</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Efficient-Mergesort.html">Efficient Mergesort</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Nov 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/PseudoHoops.html">Pseudo Hoops</a></h5> <br>by <a href="../authors/georgescu">George Georgescu</a>, <a href="../authors/leustean">Laurentiu Leustean</a> and <a href="../authors/preoteasa">Viorel Preoteasa</a></div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LatticeProperties.html">Lattice Properties</a></h5> <br>by <a href="../authors/preoteasa">Viorel Preoteasa</a></div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MonoBoolTranAlgebra.html">Algebra of Monotonic Boolean Transformers</a></h5> <br>by <a href="../authors/preoteasa">Viorel Preoteasa</a></div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Myhill-Nerode.html">The Myhill-Nerode Theorem Based on Regular Expressions</a></h5> <br>by <a href="../authors/wu">Chunhan Wu</a>, <a href="../authors/zhangx">Xingyuan Zhang</a> and <a href="../authors/urban">Christian Urban</a></div>
<span class="date">
Aug 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Gauss-Jordan-Elim-Fun.html">Gauss-Jordan Elimination for Matrices Represented as Functions</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Max-Card-Matching.html">Maximum Cardinality Matching</a></h5> <br>by <a href="../authors/rizkallah">Christine Rizkallah</a></div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/KBPs.html">Knowledge-based programs</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a></div>
<span class="date">
May 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/General-Triangle.html">The General Triangle Is Unique</a></h5> <br>by <a href="../authors/breitner">Joachim Breitner</a></div>
<span class="date">
Apr 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Transitive-Closure.html">Executable Transitive Closures of Finite Relations</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Mar 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Nat-Interval-Logic.html">Interval Temporal Logic on Natural Numbers</a></h5> <br>by <a href="../authors/trachtenherz">David Trachtenherz</a></div>
<span class="date">
Feb 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/List-Infinite.html">Infinite Lists</a></h5> <br>by <a href="../authors/trachtenherz">David Trachtenherz</a></div>
<span class="date">
Feb 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AutoFocus-Stream.html">AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics</a></h5> <br>by <a href="../authors/trachtenherz">David Trachtenherz</a></div>
<span class="date">
Feb 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LightweightJava.html">Lightweight Java</a></h5> <br>by <a href="../authors/strnisa">Rok Strniša</a> and <a href="../authors/parkinson">Matthew Parkinson</a></div>
<span class="date">
Feb 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/RIPEMD-160-SPARK.html">RIPEMD-160</a></h5> <br>by <a href="../authors/immler">Fabian Immler</a></div>
<span class="date">
Jan 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lower_Semicontinuous.html">Lower Semicontinuous Functions</a></h5> <br>by <a href="../authors/grechuk">Bogdan Grechuk</a></div>
<span class="date">
Jan 08
</span>
</article>
<h2 class="head">2010</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Marriage.html">Hall&#39;s Marriage Theorem</a></h5> <br>by <a href="../authors/jiangd">Dongchen Jiang</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Dec 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Shivers-CFA.html">Shivers&#39; Control Flow Analysis</a></h5> <br>by <a href="../authors/breitner">Joachim Breitner</a></div>
<span class="date">
Nov 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Binomial-Queues.html">Functional Binomial Queues</a></h5> <br>by <a href="../authors/neumann">René Neumann</a></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Finger-Trees.html">Finger Trees</a></h5> <br>by <a href="../authors/nordhoff">Benedikt Nordhoff</a>, <a href="../authors/koerner">Stefan Körner</a> and <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Binomial-Heaps.html">Binomial Heaps and Skew Binomial Heaps</a></h5> <br>by <a href="../authors/meis">Rene Meis</a>, <a href="../authors/nielsen">Finn Nielsen</a> and <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lam-ml-Normalization.html">Strong Normalization of Moggis&#39;s Computational Metalanguage</a></h5> <br>by <a href="../authors/doczkal">Christian Doczkal</a></div>
<span class="date">
Aug 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Polynomials.html">Executable Multivariate Polynomials</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a>, <a href="../authors/thiemann">René Thiemann</a>, <a href="../authors/maletzky">Alexander Maletzky</a>, <a href="../authors/immler">Fabian Immler</a>, <a href="../authors/haftmann">Florian Haftmann</a>, <a href="../authors/lochbihler">Andreas Lochbihler</a> and <a href="../authors/bentkamp">Alexander Bentkamp</a></div>
<span class="date">
Aug 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Statecharts.html">Formalizing Statecharts using Hierarchical Automata</a></h5> <br>by <a href="../authors/helke">Steffen Helke</a> and <a href="../authors/kammueller">Florian Kammüller</a></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Free-Groups.html">Free Groups</a></h5> <br>by <a href="../authors/breitner">Joachim Breitner</a></div>
<span class="date">
Jun 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Category2.html">Category Theory</a></h5> <br>by <a href="../authors/katovsky">Alexander Katovsky</a></div>
<span class="date">
Jun 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Matrix.html">Executable Matrix Operations on Matrices of Arbitrary Dimensions</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Jun 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Abstract-Rewriting.html">Abstract Rewriting</a></h5> <br>by <a href="../authors/sternagel">Christian Sternagel</a> and <a href="../authors/thiemann">René Thiemann</a></div>
<span class="date">
Jun 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/GraphMarkingIBP.html">Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement</a></h5> <br>by <a href="../authors/preoteasa">Viorel Preoteasa</a> and <a href="../authors/back">Ralph-Johan Back</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DataRefinementIBP.html">Semantics and Data Refinement of Invariant Based Programs</a></h5> <br>by <a href="../authors/preoteasa">Viorel Preoteasa</a> and <a href="../authors/back">Ralph-Johan Back</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Robbins-Conjecture.html">A Complete Proof of the Robbins Conjecture</a></h5> <br>by <a href="../authors/doty">Matthew Doty</a></div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Regular-Sets.html">Regular Sets and Expressions</a></h5> <br>by <a href="../authors/krauss">Alexander Krauss</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
May 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Locally-Nameless-Sigma.html">Locally Nameless Sigma Calculus</a></h5> <br>by <a href="../authors/henrio">Ludovic Henrio</a>, <a href="../authors/kammueller">Florian Kammüller</a>, <a href="../authors/lutz">Bianca Lutz</a> and <a href="../authors/sudhof">Henry Sudhof</a></div>
<span class="date">
Apr 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Free-Boolean-Algebra.html">Free Boolean Algebra</a></h5> <br>by <a href="../authors/huffman">Brian Huffman</a></div>
<span class="date">
Mar 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/InformationFlowSlicing_Inter.html">Inter-Procedural Information Flow Noninterference via Slicing</a></h5> <br>by <a href="../authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Mar 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/InformationFlowSlicing.html">Information Flow Noninterference via Slicing</a></h5> <br>by <a href="../authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Mar 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/List-Index.html">List Index</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Coinductive.html">Coinductive</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Feb 12
</span>
</article>
<h2 class="head">2009</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DPT-SAT-Solver.html">A Fast SAT Solver for Isabelle in Standard ML</a></h5> <br>by <a href="../authors/heller">Armin Heller</a></div>
<span class="date">
Dec 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Presburger-Automata.html">Formalizing the Logic-Automaton Connection</a></h5> <br>by <a href="../authors/berghofer">Stefan Berghofer</a> and <a href="../authors/reiter">Markus Reiter</a></div>
<span class="date">
Dec 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Tree-Automata.html">Tree Automata</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Nov 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Collections.html">Collections Framework</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a></div>
<span class="date">
Nov 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Perfect-Number-Thm.html">Perfect Number Theorem</a></h5> <br>by <a href="../authors/ijbema">Mark Ijbema</a></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/HRB-Slicing.html">Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer</a></h5> <br>by <a href="../authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Nov 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/WorkerWrapper.html">The Worker/Wrapper Transformation</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a></div>
<span class="date">
Oct 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ordinals_and_Cardinals.html">Ordinals and Cardinals</a></h5> <br>by <a href="../authors/popescu">Andrei Popescu</a></div>
<span class="date">
Sep 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SequentInvertibility.html">Invertibility in Sequent Calculi</a></h5> <br>by <a href="../authors/chapman">Peter Chapman</a></div>
<span class="date">
Aug 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CofGroups.html">An Example of a Cofinitary Group in Isabelle/HOL</a></h5> <br>by <a href="../authors/kastermans">Bart Kastermans</a></div>
<span class="date">
Aug 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FinFun.html">Code Generation for Functions as Data</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Stream-Fusion.html">Stream Fusion</a></h5> <br>by <a href="../authors/huffman">Brian Huffman</a></div>
<span class="date">
Apr 29
</span>
</article>
<h2 class="head">2008</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BytecodeLogicJmlTypes.html">A Bytecode Logic for JML and Types</a></h5> <br>by <a href="../authors/beringer">Lennart Beringer</a> and <a href="../authors/hofmann">Martin Hofmann</a></div>
<span class="date">
Dec 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SIFPL.html">Secure information flow and program logics</a></h5> <br>by <a href="../authors/beringer">Lennart Beringer</a> and <a href="../authors/hofmann">Martin Hofmann</a></div>
<span class="date">
Nov 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SenSocialChoice.html">Some classical results in Social Choice Theory</a></h5> <br>by <a href="../authors/gammie">Peter Gammie</a></div>
<span class="date">
Nov 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FunWithTilings.html">Fun With Tilings</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a> and <a href="../authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Nov 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Huffman.html">The Textbook Proof of Huffman&#39;s Algorithm</a></h5> <br>by <a href="../authors/blanchette">Jasmin Christian Blanchette</a></div>
<span class="date">
Oct 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Slicing.html">Towards Certified Slicing</a></h5> <br>by <a href="../authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/VolpanoSmith.html">A Correctness Proof for the Volpano/Smith Security Typing System</a></h5> <br>by <a href="../authors/snelting">Gregor Snelting</a> and <a href="../authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ArrowImpossibilityGS.html">Arrow and Gibbard-Satterthwaite</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Sep 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FunWithFunctions.html">Fun With Functions</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SATSolverVerification.html">Formal Verification of Modern SAT Solvers</a></h5> <br>by <a href="../authors/maricf">Filip Marić</a></div>
<span class="date">
Jul 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Recursion-Theory-I.html">Recursion Theory I</a></h5> <br>by <a href="../authors/nedzelsky">Michael Nedzelsky</a></div>
<span class="date">
Apr 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BDD.html">BDD Normalisation</a></h5> <br>by <a href="../authors/ortner">Veronika Ortner</a> and <a href="../authors/schirmer">Norbert Schirmer</a></div>
<span class="date">
Feb 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Simpl.html">A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</a></h5> <br>by <a href="../authors/schirmer">Norbert Schirmer</a></div>
<span class="date">
Feb 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/NormByEval.html">Normalization by Evaluation</a></h5> <br>by <a href="../authors/aehlig">Klaus Aehlig</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/LinearQuantifierElim.html">Quantifier Elimination for Linear Arithmetic</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jan 11
</span>
</article>
<h2 class="head">2007</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Program-Conflict-Analysis.html">Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors</a></h5> <br>by <a href="../authors/lammich">Peter Lammich</a> and <a href="../authors/olm">Markus Müller-Olm</a></div>
<span class="date">
Dec 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/JinjaThreads.html">Jinja with Threads</a></h5> <br>by <a href="../authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Dec 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MuchAdoAboutTwo.html">Much Ado About Two</a></h5> <br>by <a href="../authors/boehme">Sascha Böhme</a></div>
<span class="date">
Nov 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/SumSquares.html">Sums of Two and Four Squares</a></h5> <br>by <a href="../authors/oosterhuis">Roelof Oosterhuis</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Fermat3_4.html">Fermat&#39;s Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples</a></h5> <br>by <a href="../authors/oosterhuis">Roelof Oosterhuis</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Valuation.html">Fundamental Properties of Valuation Theory and Hensel&#39;s Lemma</a></h5> <br>by <a href="../authors/kobayashi">Hidetsune Kobayashi</a></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/POPLmark-deBruijn.html">POPLmark Challenge Via de Bruijn Indices</a></h5> <br>by <a href="../authors/berghofer">Stefan Berghofer</a></div>
<span class="date">
Aug 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FOL-Fitting.html">First-Order Logic According to Fitting</a></h5> <br>by <a href="../authors/berghofer">Stefan Berghofer</a></div>
<span class="date">
Aug 02
</span>
</article>
<h2 class="head">2006</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/HotelKeyCards.html">Hotel Key Card System</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Abstract-Hoare-Logics.html">Abstract Hoare Logics</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Flyspeck-Tame.html">Flyspeck I: Tame Graphs</a></h5> <br>by <a href="../authors/bauer">Gertrud Bauer</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/CoreC&#43;&#43;.html">CoreC&#43;&#43;</a></h5> <br>by <a href="../authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
May 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FeatherweightJava.html">A Theory of Featherweight Java in Isabelle/HOL</a></h5> <br>by <a href="../authors/fosterj">J. Nathan Foster</a> and <a href="../authors/vytiniotis">Dimitrios Vytiniotis</a></div>
<span class="date">
Mar 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/ClockSynchInst.html">Instances of Schneider&#39;s generalized protocol of clock synchronization</a></h5> <br>by <a href="../authors/barsotti">Damián Barsotti</a></div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Cauchy.html">Cauchy&#39;s Mean Theorem and the Cauchy-Schwarz Inequality</a></h5> <br>by <a href="../authors/porter">Benjamin Porter</a></div>
<span class="date">
Mar 14
</span>
</article>
<h2 class="head">2005</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ordinal.html">Countable Ordinals</a></h5> <br>by <a href="../authors/huffman">Brian Huffman</a></div>
<span class="date">
Nov 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FFT.html">Fast Fourier Transform</a></h5> <br>by <a href="../authors/ballarin">Clemens Ballarin</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/GenClock.html">Formalization of a Generalized Protocol for Clock Synchronization</a></h5> <br>by <a href="../authors/tiu">Alwen Tiu</a></div>
<span class="date">
Jun 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/DiskPaxos.html">Proving the Correctness of Disk Paxos</a></h5> <br>by <a href="../authors/jaskelioff">Mauro Jaskelioff</a> and <a href="../authors/merz">Stephan Merz</a></div>
<span class="date">
Jun 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/JiveDataStoreModel.html">Jive Data and Store Model</a></h5> <br>by <a href="../authors/rauch">Nicole Rauch</a> and <a href="../authors/schirmer">Norbert Schirmer</a></div>
<span class="date">
Jun 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Jinja.html">Jinja is not Java</a></h5> <br>by <a href="../authors/klein">Gerwin Klein</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/RSAPSS.html">SHA1, RSA, PSS and more</a></h5> <br>by <a href="../authors/lindenberg">Christina Lindenberg</a> and <a href="../authors/wirt">Kai Wirt</a></div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Category.html">Category Theory to Yoneda&#39;s Lemma</a></h5> <br>by <a href="../authors/keefe">Greg O&rsquo;Keefe</a></div>
<span class="date">
Apr 21
</span>
</article>
<h2 class="head">2004</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/FileRefinement.html">File Refinement</a></h5> <br>by <a href="../authors/zee">Karen Zee</a> and <a href="../authors/kuncak">Viktor Kuncak</a></div>
<span class="date">
Dec 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Integration.html">Integration theory and random variables</a></h5> <br>by <a href="../authors/richter">Stefan Richter</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Verified-Prover.html">A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic</a></h5> <br>by <a href="../authors/ridge">Tom Ridge</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Ramsey-Infinite.html">Ramsey&#39;s theorem, infinitary version</a></h5> <br>by <a href="../authors/ridge">Tom Ridge</a></div>
<span class="date">
Sep 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Completeness.html">Completeness theorem</a></h5> <br>by <a href="../authors/margetson">James Margetson</a> and <a href="../authors/ridge">Tom Ridge</a></div>
<span class="date">
Sep 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Compiling-Exceptions-Correctly.html">Compiling Exceptions Correctly</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jul 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Depth-First-Search.html">Depth First Search</a></h5> <br>by <a href="../authors/nishihara">Toshiaki Nishihara</a> and <a href="../authors/minamide">Yasuhiko Minamide</a></div>
<span class="date">
Jun 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Group-Ring-Module.html">Groups, Rings and Modules</a></h5> <br>by <a href="../authors/kobayashi">Hidetsune Kobayashi</a>, <a href="../authors/chen">L. Chen</a> and <a href="../authors/murao">H. Murao</a></div>
<span class="date">
May 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Topology.html">Topology</a></h5> <br>by <a href="../authors/friedrich">Stefan Friedrich</a></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Lazy-Lists-II.html">Lazy Lists II</a></h5> <br>by <a href="../authors/friedrich">Stefan Friedrich</a></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/BinarySearchTree.html">Binary Search Trees</a></h5> <br>by <a href="../authors/kuncak">Viktor Kuncak</a></div>
<span class="date">
Apr 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/Functional-Automata.html">Functional Automata</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Mar 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/MiniML.html">Mini ML</a></h5> <br>by <a href="../authors/naraschewski">Wolfgang Naraschewski</a> and <a href="../authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Mar 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../entries/AVL-Trees.html">AVL Trees</a></h5> <br>by <a href="../authors/nipkow">Tobias Nipkow</a> and <a href="../authors/pusch">Cornelia Pusch</a></div>
<span class="date">
Mar 19
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/entries/index.xml b/web/entries/index.xml
--- a/web/entries/index.xml
+++ b/web/entries/index.xml
@@ -1,6383 +1,6392 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Entries on Archive of Formal Proofs</title>
<link>/entries/</link>
<description>Recent content in Entries on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Thu, 29 Sep 2022 00:00:00 +0000</lastBuildDate><atom:link href="/entries/index.xml" rel="self" type="application/rss+xml" />
+ <lastBuildDate>Tue, 04 Oct 2022 00:00:00 +0000</lastBuildDate><atom:link href="/entries/index.xml" rel="self" type="application/rss+xml" />
+ <item>
+ <title>Verification of Query Optimization Algorithms</title>
+ <link>/entries/Query_Optimization.html</link>
+ <pubDate>Tue, 04 Oct 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Query_Optimization.html</guid>
+ <description></description>
+ </item>
+
<item>
<title>Maximum Segment Sum</title>
<link>/entries/Maximum_Segment_Sum.html</link>
<pubDate>Thu, 29 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Maximum_Segment_Sum.html</guid>
<description></description>
</item>
<item>
<title>Undirected Graph Theory</title>
<link>/entries/Undirected_Graph_Theory.html</link>
<pubDate>Thu, 29 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Undirected_Graph_Theory.html</guid>
<description></description>
</item>
<item>
<title>Making Arbitrary Relational Calculus Queries Safe-Range</title>
<link>/entries/Safe_Range_RC.html</link>
<pubDate>Wed, 28 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Safe_Range_RC.html</guid>
<description></description>
</item>
<item>
<title>Stalnaker&#39;s Epistemic Logic</title>
<link>/entries/Stalnaker_Logic.html</link>
<pubDate>Fri, 23 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Stalnaker_Logic.html</guid>
<description></description>
</item>
<item>
<title>p-adic Fields and p-adic Semialgebraic Sets</title>
<link>/entries/Padic_Field.html</link>
<pubDate>Thu, 22 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Padic_Field.html</guid>
<description></description>
</item>
<item>
<title>Risk-Free Lending</title>
<link>/entries/Risk_Free_Lending.html</link>
<pubDate>Sun, 18 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Risk_Free_Lending.html</guid>
<description></description>
</item>
<item>
<title>Soundness and Completeness of Implicational Logic</title>
<link>/entries/Implicational_Logic.html</link>
<pubDate>Tue, 13 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Implicational_Logic.html</guid>
<description></description>
</item>
<item>
<title>CRYSTALS-Kyber</title>
<link>/entries/CRYSTALS-Kyber.html</link>
<pubDate>Thu, 08 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/CRYSTALS-Kyber.html</guid>
<description></description>
</item>
<item>
<title>Unbounded Separation Logic</title>
<link>/entries/Separation_Logic_Unbounded.html</link>
<pubDate>Mon, 05 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Logic_Unbounded.html</guid>
<description></description>
</item>
<item>
<title>Khovanskii&amp;#x27;s Theorem</title>
<link>/entries/Khovanskii_Theorem.html</link>
<pubDate>Fri, 02 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Khovanskii_Theorem.html</guid>
<description></description>
</item>
<item>
<title>The Hales–Jewett Theorem</title>
<link>/entries/Hales_Jewett.html</link>
<pubDate>Fri, 02 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Hales_Jewett.html</guid>
<description></description>
</item>
<item>
<title>Number Theoretic Transform</title>
<link>/entries/Number_Theoretic_Transform.html</link>
<pubDate>Thu, 18 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/Number_Theoretic_Transform.html</guid>
<description></description>
</item>
<item>
<title>Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph</title>
<link>/entries/SCC_Bloemen_Sequential.html</link>
<pubDate>Wed, 17 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/SCC_Bloemen_Sequential.html</guid>
<description></description>
</item>
<item>
<title>From THE BOOK: Two Squares via Involutions</title>
<link>/entries/Involutions2Squares.html</link>
<pubDate>Mon, 15 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/Involutions2Squares.html</guid>
<description></description>
</item>
<item>
<title>Verified Complete Test Strategies for Finite State Machines</title>
<link>/entries/FSM_Tests.html</link>
<pubDate>Tue, 09 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/FSM_Tests.html</guid>
<description></description>
</item>
<item>
<title>Nano JSON: Working with JSON formatted data in Isabelle/HOL and Isabelle/ML</title>
<link>/entries/Nano_JSON.html</link>
<pubDate>Fri, 29 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Nano_JSON.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL</title>
<link>/entries/Solidity.html</link>
<pubDate>Mon, 18 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Solidity.html</guid>
<description></description>
</item>
<item>
<title>Simultaneous diagonalization of pairwise commuting Hermitian matrices</title>
<link>/entries/Commuting_Hermitian.html</link>
<pubDate>Mon, 18 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Commuting_Hermitian.html</guid>
<description></description>
</item>
<item>
<title>Pólya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality</title>
<link>/entries/Weighted_Arithmetic_Geometric_Mean.html</link>
<pubDate>Mon, 11 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Weighted_Arithmetic_Geometric_Mean.html</guid>
<description></description>
</item>
<item>
<title>A Reuse-Based Multi-Stage Compiler Verification for Language IMP</title>
<link>/entries/IMP_Compiler_Reuse.html</link>
<pubDate>Sun, 10 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/IMP_Compiler_Reuse.html</guid>
<description></description>
</item>
<item>
<title>Real-Time Double-Ended Queue</title>
<link>/entries/Real_Time_Deque.html</link>
<pubDate>Thu, 23 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Real_Time_Deque.html</guid>
<description></description>
</item>
<item>
<title>Boolos&#39;s Curious Inference in Isabelle/HOL</title>
<link>/entries/Boolos_Curious_Inference.html</link>
<pubDate>Mon, 20 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Boolos_Curious_Inference.html</guid>
<description></description>
</item>
<item>
<title>Finite Fields</title>
<link>/entries/Finite_Fields.html</link>
<pubDate>Wed, 08 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Finite_Fields.html</guid>
<description></description>
</item>
<item>
<title>IsaNet: Formalization of a Verification Framework for Secure Data Plane Protocols</title>
<link>/entries/IsaNet.html</link>
<pubDate>Wed, 08 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/IsaNet.html</guid>
<description></description>
</item>
<item>
<title>Diophantine Equations and the DPRM Theorem</title>
<link>/entries/DPRM_Theorem.html</link>
<pubDate>Mon, 06 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/DPRM_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Reducing Rewrite Properties to Properties on Ground Terms</title>
<link>/entries/Rewrite_Properties_Reduction.html</link>
<pubDate>Thu, 02 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Rewrite_Properties_Reduction.html</guid>
<description></description>
</item>
<item>
<title>A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand</title>
<link>/entries/Combinable_Wands.html</link>
<pubDate>Mon, 30 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Combinable_Wands.html</guid>
<description></description>
</item>
<item>
<title>The Plünnecke-Ruzsa Inequality</title>
<link>/entries/Pluennecke_Ruzsa_Inequality.html</link>
<pubDate>Thu, 26 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Pluennecke_Ruzsa_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Framework for the Sound Automation of Magic Wands</title>
<link>/entries/Package_logic.html</link>
<pubDate>Wed, 18 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Package_logic.html</guid>
<description></description>
</item>
<item>
<title>Clique is not solvable by monotone circuits of polynomial size</title>
<link>/entries/Clique_and_Monotone_Circuits.html</link>
<pubDate>Sun, 08 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Clique_and_Monotone_Circuits.html</guid>
<description></description>
</item>
<item>
<title>Fisher&#39;s Inequality: Linear Algebraic Proof Techniques for Combinatorics</title>
<link>/entries/Fishers_Inequality.html</link>
<pubDate>Thu, 21 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Fishers_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Digit Expansions</title>
<link>/entries/Digit_Expansions.html</link>
<pubDate>Wed, 20 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Digit_Expansions.html</guid>
<description></description>
</item>
<item>
<title>The Generalized Multiset Ordering is NP-Complete</title>
<link>/entries/Multiset_Ordering_NPC.html</link>
<pubDate>Wed, 20 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Multiset_Ordering_NPC.html</guid>
<description></description>
</item>
<item>
<title>The Sophomore&#39;s Dream</title>
<link>/entries/Sophomores_Dream.html</link>
<pubDate>Sun, 10 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Sophomores_Dream.html</guid>
<description></description>
</item>
<item>
<title>A Combinator Library for Prefix-Free Codes</title>
<link>/entries/Prefix_Free_Code_Combinators.html</link>
<pubDate>Fri, 08 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Prefix_Free_Code_Combinators.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Randomized Approximation Algorithms for Frequency Moments</title>
<link>/entries/Frequency_Moments.html</link>
<pubDate>Fri, 08 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Frequency_Moments.html</guid>
<description></description>
</item>
<item>
<title>Constructing the Reals as Dedekind Cuts of Rationals</title>
<link>/entries/Dedekind_Real.html</link>
<pubDate>Thu, 24 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Dedekind_Real.html</guid>
<description></description>
</item>
<item>
<title>Ackermann&#39;s Function Is Not Primitive Recursive</title>
<link>/entries/Ackermanns_not_PR.html</link>
<pubDate>Wed, 23 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Ackermanns_not_PR.html</guid>
<description></description>
</item>
<item>
<title>A Naive Prover for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc3.html</link>
<pubDate>Tue, 22 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc3.html</guid>
<description></description>
</item>
<item>
<title>A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent</title>
<link>/entries/Cotangent_PFD_Formula.html</link>
<pubDate>Tue, 15 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Cotangent_PFD_Formula.html</guid>
<description></description>
</item>
<item>
<title>The Independence of the Continuum Hypothesis in Isabelle/ZF</title>
<link>/entries/Independence_CH.html</link>
<pubDate>Sun, 06 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Independence_CH.html</guid>
<description></description>
</item>
<item>
<title>Transitive Models of Fragments of ZFC</title>
<link>/entries/Transitive_Models.html</link>
<pubDate>Thu, 03 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Transitive_Models.html</guid>
<description></description>
</item>
<item>
<title>Residuated Transition Systems</title>
<link>/entries/ResiduatedTransitionSystem.html</link>
<pubDate>Mon, 28 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/ResiduatedTransitionSystem.html</guid>
<description></description>
</item>
<item>
<title>Universal Hash Families</title>
<link>/entries/Universal_Hash_Families.html</link>
<pubDate>Sun, 20 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Universal_Hash_Families.html</guid>
<description></description>
</item>
<item>
<title>Wetzel&#39;s Problem and the Continuum Hypothesis</title>
<link>/entries/Wetzels_Problem.html</link>
<pubDate>Fri, 18 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Wetzels_Problem.html</guid>
<description></description>
</item>
<item>
<title>First-Order Query Evaluation</title>
<link>/entries/Eval_FO.html</link>
<pubDate>Tue, 15 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Eval_FO.html</guid>
<description></description>
</item>
<item>
<title>Multi-Head Monitoring of Metric Dynamic Logic</title>
<link>/entries/VYDRA_MDL.html</link>
<pubDate>Sun, 13 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/VYDRA_MDL.html</guid>
<description></description>
</item>
<item>
<title>Enumeration of Equivalence Relations</title>
<link>/entries/Equivalence_Relation_Enumeration.html</link>
<pubDate>Fri, 04 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Equivalence_Relation_Enumeration.html</guid>
<description></description>
</item>
<item>
<title>Duality of Linear Programming</title>
<link>/entries/LP_Duality.html</link>
<pubDate>Thu, 03 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/LP_Duality.html</guid>
<description></description>
</item>
<item>
<title>Quasi-Borel Spaces</title>
<link>/entries/Quasi_Borel_Spaces.html</link>
<pubDate>Thu, 03 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Quasi_Borel_Spaces.html</guid>
<description></description>
</item>
<item>
<title>First-Order Theory of Rewriting</title>
<link>/entries/FO_Theory_Rewriting.html</link>
<pubDate>Wed, 02 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/FO_Theory_Rewriting.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus Prover for First-Order Logic with Functions</title>
<link>/entries/FOL_Seq_Calc2.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc2.html</guid>
<description></description>
</item>
<item>
<title>Young&#39;s Inequality for Increasing Functions</title>
<link>/entries/Youngs_Inequality.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Youngs_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Interpolation Polynomials (in HOL-Algebra)</title>
<link>/entries/Interpolation_Polynomials_HOL_Algebra.html</link>
<pubDate>Sat, 29 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Interpolation_Polynomials_HOL_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Median Method</title>
<link>/entries/Median_Method.html</link>
<pubDate>Tue, 25 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Median_Method.html</guid>
<description></description>
</item>
<item>
<title>Actuarial Mathematics</title>
<link>/entries/Actuarial_Mathematics.html</link>
<pubDate>Sun, 23 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Actuarial_Mathematics.html</guid>
<description></description>
</item>
<item>
<title>Irrational numbers from THE BOOK</title>
<link>/entries/Irrationals_From_THEBOOK.html</link>
<pubDate>Sat, 08 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Irrationals_From_THEBOOK.html</guid>
<description></description>
</item>
<item>
<title>Knight&#39;s Tour Revisited Revisited</title>
<link>/entries/Knights_Tour.html</link>
<pubDate>Tue, 04 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Knights_Tour.html</guid>
<description></description>
</item>
<item>
<title>Hyperdual Numbers and Forward Differentiation</title>
<link>/entries/Hyperdual.html</link>
<pubDate>Fri, 31 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hyperdual.html</guid>
<description></description>
</item>
<item>
<title>Gale-Shapley Algorithm</title>
<link>/entries/Gale_Shapley.html</link>
<pubDate>Wed, 29 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Gale_Shapley.html</guid>
<description></description>
</item>
<item>
<title>Roth&#39;s Theorem on Arithmetic Progressions</title>
<link>/entries/Roth_Arithmetic_Progressions.html</link>
<pubDate>Tue, 28 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Roth_Arithmetic_Progressions.html</guid>
<description></description>
</item>
<item>
<title>Markov Decision Processes with Rewards</title>
<link>/entries/MDP-Rewards.html</link>
<pubDate>Thu, 16 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/MDP-Rewards.html</guid>
<description></description>
</item>
<item>
<title>Verified Algorithms for Solving Markov Decision Processes</title>
<link>/entries/MDP-Algorithms.html</link>
<pubDate>Thu, 16 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/MDP-Algorithms.html</guid>
<description></description>
</item>
<item>
<title>Regular Tree Relations</title>
<link>/entries/Regular_Tree_Relations.html</link>
<pubDate>Wed, 15 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Regular_Tree_Relations.html</guid>
<description></description>
</item>
<item>
<title>Simplicial Complexes and Boolean functions</title>
<link>/entries/Simplicial_complexes_and_boolean_functions.html</link>
<pubDate>Mon, 29 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Simplicial_complexes_and_boolean_functions.html</guid>
<description></description>
</item>
<item>
<title>van Emde Boas Trees</title>
<link>/entries/Van_Emde_Boas_Trees.html</link>
<pubDate>Tue, 23 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Van_Emde_Boas_Trees.html</guid>
<description></description>
</item>
<item>
<title>Foundation of geometry in planes, and some complements: Excluding the parallel axioms</title>
<link>/entries/Foundation_of_geometry.html</link>
<pubDate>Mon, 22 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Foundation_of_geometry.html</guid>
<description></description>
</item>
<item>
<title>The Hahn and Jordan Decomposition Theorems</title>
<link>/entries/Hahn_Jordan_Decomposition.html</link>
<pubDate>Fri, 19 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hahn_Jordan_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL</title>
<link>/entries/PAL.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/PAL.html</guid>
<description></description>
</item>
<item>
<title>Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL</title>
<link>/entries/SimplifiedOntologicalArgument.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/SimplifiedOntologicalArgument.html</guid>
<description></description>
</item>
<item>
<title>Factorization of Polynomials with Algebraic Coefficients</title>
<link>/entries/Factor_Algebraic_Polynomial.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Factor_Algebraic_Polynomial.html</guid>
<description></description>
</item>
<item>
<title>Real Exponents as the Limits of Sequences of Rational Exponents</title>
<link>/entries/Real_Power.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Real_Power.html</guid>
<description></description>
</item>
<item>
<title>Szemerédi&#39;s Regularity Lemma</title>
<link>/entries/Szemeredi_Regularity.html</link>
<pubDate>Fri, 05 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Szemeredi_Regularity.html</guid>
<description></description>
</item>
<item>
<title>Quantum and Classical Registers</title>
<link>/entries/Registers.html</link>
<pubDate>Thu, 28 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Registers.html</guid>
<description></description>
</item>
<item>
<title>Belief Revision Theory</title>
<link>/entries/Belief_Revision.html</link>
<pubDate>Tue, 19 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Belief_Revision.html</guid>
<description></description>
</item>
<item>
<title>X86 instruction semantics and basic block symbolic execution</title>
<link>/entries/X86_Semantics.html</link>
<pubDate>Wed, 13 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/X86_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations</title>
<link>/entries/Correctness_Algebras.html</link>
<pubDate>Tue, 12 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Correctness_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Verified Quadratic Virtual Substitution for Real Arithmetic</title>
<link>/entries/Virtual_Substitution.html</link>
<pubDate>Sat, 02 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Virtual_Substitution.html</guid>
<description></description>
</item>
<item>
<title>Soundness and Completeness of an Axiomatic System for First-Order Logic</title>
<link>/entries/FOL_Axiomatic.html</link>
<pubDate>Fri, 24 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Axiomatic.html</guid>
<description></description>
</item>
<item>
<title>Complex Bounded Operators</title>
<link>/entries/Complex_Bounded_Operators.html</link>
<pubDate>Sat, 18 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Complex_Bounded_Operators.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Weighted Path Orders and Recursive Path Orders</title>
<link>/entries/Weighted_Path_Order.html</link>
<pubDate>Thu, 16 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Weighted_Path_Order.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories</title>
<link>/entries/CZH_Foundations.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Foundations.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL II: Elementary Theory of 1-Categories</title>
<link>/entries/CZH_Elementary_Categories.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Elementary_Categories.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL III: Universal Constructions</title>
<link>/entries/CZH_Universal_Constructions.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Universal_Constructions.html</guid>
<description></description>
</item>
<item>
<title>Conditional Simplification</title>
<link>/entries/Conditional_Simplification.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Conditional_Simplification.html</guid>
<description></description>
</item>
<item>
<title>Conditional Transfer Rule</title>
<link>/entries/Conditional_Transfer_Rule.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Conditional_Transfer_Rule.html</guid>
<description></description>
</item>
<item>
<title>Extension of Types-To-Sets</title>
<link>/entries/Types_To_Sets_Extension.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Types_To_Sets_Extension.html</guid>
<description></description>
</item>
<item>
<title>IDE: Introduction, Destruction, Elimination</title>
<link>/entries/Intro_Dest_Elim.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Intro_Dest_Elim.html</guid>
<description></description>
</item>
<item>
<title>A data flow analysis algorithm for computing dominators</title>
<link>/entries/Dominance_CHK.html</link>
<pubDate>Sun, 05 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Dominance_CHK.html</guid>
<description></description>
</item>
<item>
<title>Solving Cubic and Quartic Equations</title>
<link>/entries/Cubic_Quartic_Equations.html</link>
<pubDate>Fri, 03 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Cubic_Quartic_Equations.html</guid>
<description></description>
</item>
<item>
<title>Logging-independent Message Anonymity in the Relational Method</title>
<link>/entries/Logging_Independent_Anonymity.html</link>
<pubDate>Thu, 26 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Logging_Independent_Anonymity.html</guid>
<description></description>
</item>
<item>
<title>The Theorem of Three Circles</title>
<link>/entries/Three_Circles.html</link>
<pubDate>Sat, 21 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Three_Circles.html</guid>
<description></description>
</item>
<item>
<title>CoCon: A Confidentiality-Verified Conference Management System</title>
<link>/entries/CoCon.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/CoCon.html</guid>
<description></description>
</item>
<item>
<title>Compositional BD Security</title>
<link>/entries/BD_Security_Compositional.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/BD_Security_Compositional.html</guid>
<description></description>
</item>
<item>
<title>CoSMed: A confidentiality-verified social media platform</title>
<link>/entries/CoSMed.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/CoSMed.html</guid>
<description></description>
</item>
<item>
<title>CoSMeDis: A confidentiality-verified distributed social media platform</title>
<link>/entries/CoSMeDis.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/CoSMeDis.html</guid>
<description></description>
</item>
<item>
<title>Fresh identifiers</title>
<link>/entries/Fresh_Identifiers.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Fresh_Identifiers.html</guid>
<description></description>
</item>
<item>
<title>Combinatorial Design Theory</title>
<link>/entries/Design_Theory.html</link>
<pubDate>Fri, 13 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Design_Theory.html</guid>
<description></description>
</item>
<item>
<title>Relational Forests</title>
<link>/entries/Relational_Forests.html</link>
<pubDate>Tue, 03 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Forests.html</guid>
<description></description>
</item>
<item>
<title>Schutz&#39; Independent Axioms for Minkowski Spacetime</title>
<link>/entries/Schutz_Spacetime.html</link>
<pubDate>Tue, 27 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/Schutz_Spacetime.html</guid>
<description></description>
</item>
<item>
<title>Finitely Generated Abelian Groups</title>
<link>/entries/Finitely_Generated_Abelian_Groups.html</link>
<pubDate>Wed, 07 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/Finitely_Generated_Abelian_Groups.html</guid>
<description></description>
</item>
<item>
<title>SpecCheck - Specification-Based Testing for Isabelle/ML</title>
<link>/entries/SpecCheck.html</link>
<pubDate>Thu, 01 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/SpecCheck.html</guid>
<description></description>
</item>
<item>
<title>Van der Waerden&#39;s Theorem</title>
<link>/entries/Van_der_Waerden.html</link>
<pubDate>Tue, 22 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/Van_der_Waerden.html</guid>
<description></description>
</item>
<item>
<title>MiniSail - A kernel language for the ISA specification language SAIL</title>
<link>/entries/MiniSail.html</link>
<pubDate>Fri, 18 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/MiniSail.html</guid>
<description></description>
</item>
<item>
<title>Public Announcement Logic</title>
<link>/entries/Public_Announcement_Logic.html</link>
<pubDate>Thu, 17 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/Public_Announcement_Logic.html</guid>
<description></description>
</item>
<item>
<title>A Shorter Compiler Correctness Proof for Language IMP</title>
<link>/entries/IMP_Compiler.html</link>
<pubDate>Fri, 04 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/IMP_Compiler.html</guid>
<description></description>
</item>
<item>
<title>Combinatorics on Words Basics</title>
<link>/entries/Combinatorics_Words.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words.html</guid>
<description></description>
</item>
<item>
<title>Graph Lemma</title>
<link>/entries/Combinatorics_Words_Graph_Lemma.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words_Graph_Lemma.html</guid>
<description></description>
</item>
<item>
<title>Lyndon words</title>
<link>/entries/Combinatorics_Words_Lyndon.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words_Lyndon.html</guid>
<description></description>
</item>
<item>
<title>Regression Test Selection</title>
<link>/entries/Regression_Test_Selection.html</link>
<pubDate>Fri, 30 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Regression_Test_Selection.html</guid>
<description></description>
</item>
<item>
<title>Isabelle&#39;s Metalogic: Formalization and Proof Checker</title>
<link>/entries/Metalogic_ProofChecker.html</link>
<pubDate>Tue, 27 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Metalogic_ProofChecker.html</guid>
<description></description>
</item>
<item>
<title>Lifting the Exponent</title>
<link>/entries/Lifting_the_Exponent.html</link>
<pubDate>Tue, 27 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Lifting_the_Exponent.html</guid>
<description></description>
</item>
<item>
<title>The BKR Decision Procedure for Univariate Real Arithmetic</title>
<link>/entries/BenOr_Kozen_Reif.html</link>
<pubDate>Sat, 24 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/BenOr_Kozen_Reif.html</guid>
<description></description>
</item>
<item>
<title>Gale-Stewart Games</title>
<link>/entries/GaleStewart_Games.html</link>
<pubDate>Fri, 23 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/GaleStewart_Games.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Timely Dataflow&#39;s Progress Tracking Protocol</title>
<link>/entries/Progress_Tracking.html</link>
<pubDate>Tue, 13 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Progress_Tracking.html</guid>
<description></description>
</item>
<item>
<title>Information Flow Control via Dependency Tracking</title>
<link>/entries/IFC_Tracking.html</link>
<pubDate>Thu, 01 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/IFC_Tracking.html</guid>
<description></description>
</item>
<item>
<title>Grothendieck&#39;s Schemes in Algebraic Geometry</title>
<link>/entries/Grothendieck_Schemes.html</link>
<pubDate>Mon, 29 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Grothendieck_Schemes.html</guid>
<description></description>
</item>
<item>
<title>Hensel&#39;s Lemma for the p-adic Integers</title>
<link>/entries/Padic_Ints.html</link>
<pubDate>Tue, 23 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Padic_Ints.html</guid>
<description></description>
</item>
<item>
<title>Constructive Cryptography in HOL: the Communication Modeling Aspect</title>
<link>/entries/Constructive_Cryptography_CM.html</link>
<pubDate>Wed, 17 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Constructive_Cryptography_CM.html</guid>
<description></description>
</item>
<item>
<title>Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation</title>
<link>/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html</link>
<pubDate>Fri, 12 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html</guid>
<description></description>
</item>
<item>
<title>Quantum projective measurements and the CHSH inequality</title>
<link>/entries/Projective_Measurements.html</link>
<pubDate>Wed, 03 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Projective_Measurements.html</guid>
<description></description>
</item>
<item>
<title>The Hermite–Lindemann–Weierstraß Transcendence Theorem</title>
<link>/entries/Hermite_Lindemann.html</link>
<pubDate>Wed, 03 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hermite_Lindemann.html</guid>
<description></description>
</item>
<item>
<title>Mereology</title>
<link>/entries/Mereology.html</link>
<pubDate>Mon, 01 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Mereology.html</guid>
<description></description>
</item>
<item>
<title>The Sunflower Lemma of Erdős and Rado</title>
<link>/entries/Sunflowers.html</link>
<pubDate>Thu, 25 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Sunflowers.html</guid>
<description></description>
</item>
<item>
<title>A Verified Imperative Implementation of B-Trees</title>
<link>/entries/BTree.html</link>
<pubDate>Wed, 24 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/BTree.html</guid>
<description></description>
</item>
<item>
<title>Formal Puiseux Series</title>
<link>/entries/Formal_Puiseux_Series.html</link>
<pubDate>Wed, 17 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Formal_Puiseux_Series.html</guid>
<description></description>
</item>
<item>
<title>The Laws of Large Numbers</title>
<link>/entries/Laws_of_Large_Numbers.html</link>
<pubDate>Wed, 10 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Laws_of_Large_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Tarski&#39;s Parallel Postulate implies the 5th Postulate of Euclid, the Postulate of Playfair and the original Parallel Postulate of Euclid</title>
<link>/entries/IsaGeoCoq.html</link>
<pubDate>Sun, 31 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/IsaGeoCoq.html</guid>
<description></description>
</item>
<item>
<title>Solution to the xkcd Blue Eyes puzzle</title>
<link>/entries/Blue_Eyes.html</link>
<pubDate>Sat, 30 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/Blue_Eyes.html</guid>
<description></description>
</item>
<item>
<title>Hood-Melville Queue</title>
<link>/entries/Hood_Melville_Queue.html</link>
<pubDate>Mon, 18 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hood_Melville_Queue.html</guid>
<description></description>
</item>
<item>
<title>JinjaDCI: a Java semantics with dynamic class initialization</title>
<link>/entries/JinjaDCI.html</link>
<pubDate>Mon, 11 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/JinjaDCI.html</guid>
<description></description>
</item>
<item>
<title>Cofinality and the Delta System Lemma</title>
<link>/entries/Delta_System_Lemma.html</link>
<pubDate>Sun, 27 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Delta_System_Lemma.html</guid>
<description></description>
</item>
<item>
<title>Topological semantics for paraconsistent and paracomplete logics</title>
<link>/entries/Topological_Semantics.html</link>
<pubDate>Thu, 17 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Topological_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Relational Minimum Spanning Tree Algorithms</title>
<link>/entries/Relational_Minimum_Spanning_Trees.html</link>
<pubDate>Tue, 08 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Minimum_Spanning_Trees.html</guid>
<description></description>
</item>
<item>
<title>Inline Caching and Unboxing Optimization for Interpreters</title>
<link>/entries/Interpreter_Optimizations.html</link>
<pubDate>Mon, 07 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Interpreter_Optimizations.html</guid>
<description></description>
</item>
<item>
<title>The Relational Method with Message Anonymity for the Verification of Cryptographic Protocols</title>
<link>/entries/Relational_Method.html</link>
<pubDate>Sat, 05 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Method.html</guid>
<description></description>
</item>
<item>
<title>Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information</title>
<link>/entries/Isabelle_Marries_Dirac.html</link>
<pubDate>Sun, 22 Nov 2020 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_Marries_Dirac.html</guid>
<description></description>
</item>
<item>
<title>The HOL-CSP Refinement Toolkit</title>
<link>/entries/CSP_RefTK.html</link>
<pubDate>Thu, 19 Nov 2020 00:00:00 +0000</pubDate>
<guid>/entries/CSP_RefTK.html</guid>
<description></description>
</item>
<item>
<title>AI Planning Languages Semantics</title>
<link>/entries/AI_Planning_Languages_Semantics.html</link>
<pubDate>Thu, 29 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/AI_Planning_Languages_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Verified SAT-Based AI Planning</title>
<link>/entries/Verified_SAT_Based_AI_Planning.html</link>
<pubDate>Thu, 29 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Verified_SAT_Based_AI_Planning.html</guid>
<description></description>
</item>
<item>
<title>A Sound Type System for Physical Quantities, Units, and Measurements</title>
<link>/entries/Physical_Quantities.html</link>
<pubDate>Tue, 20 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Physical_Quantities.html</guid>
<description></description>
</item>
<item>
<title>Finite Map Extras</title>
<link>/entries/Finite-Map-Extras.html</link>
<pubDate>Mon, 12 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Finite-Map-Extras.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of the Document Object Model with Shadow Roots</title>
<link>/entries/Shadow_DOM.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Shadow_DOM.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of the Safely Composable Document Object Model with Shadow Roots</title>
<link>/entries/Shadow_SC_DOM.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Shadow_SC_DOM.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Safely Composable Web Components</title>
<link>/entries/SC_DOM_Components.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/SC_DOM_Components.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Web Components</title>
<link>/entries/DOM_Components.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/DOM_Components.html</guid>
<description></description>
</item>
<item>
<title>The Safely Composable DOM</title>
<link>/entries/Core_SC_DOM.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Core_SC_DOM.html</guid>
<description></description>
</item>
<item>
<title>An Abstract Formalization of G&amp;ouml;del&#39;s Incompleteness Theorems</title>
<link>/entries/Goedel_Incompleteness.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_Incompleteness.html</guid>
<description></description>
</item>
<item>
<title>From Abstract to Concrete G&amp;ouml;del&#39;s Incompleteness Theorems&amp;mdash;Part I</title>
<link>/entries/Goedel_HFSet_Semantic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_HFSet_Semantic.html</guid>
<description></description>
</item>
<item>
<title>From Abstract to Concrete G&amp;ouml;del&#39;s Incompleteness Theorems&amp;mdash;Part II</title>
<link>/entries/Goedel_HFSet_Semanticless.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_HFSet_Semanticless.html</guid>
<description></description>
</item>
<item>
<title>Robinson Arithmetic</title>
<link>/entries/Robinson_Arithmetic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Robinson_Arithmetic.html</guid>
<description></description>
</item>
<item>
<title>Syntax-Independent Logic Infrastructure</title>
<link>/entries/Syntax_Independent_Logic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Syntax_Independent_Logic.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of Extended Finite State Machines</title>
<link>/entries/Extended_Finite_State_Machines.html</link>
<pubDate>Mon, 07 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Extended_Finite_State_Machines.html</guid>
<description></description>
</item>
<item>
<title>Inference of Extended Finite State Machines</title>
<link>/entries/Extended_Finite_State_Machine_Inference.html</link>
<pubDate>Mon, 07 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Extended_Finite_State_Machine_Inference.html</guid>
<description></description>
</item>
<item>
<title>Practical Algebraic Calculus Checker</title>
<link>/entries/PAC_Checker.html</link>
<pubDate>Mon, 31 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/PAC_Checker.html</guid>
<description></description>
</item>
<item>
<title>Some classical results in inductive inference of recursive functions</title>
<link>/entries/Inductive_Inference.html</link>
<pubDate>Mon, 31 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Inductive_Inference.html</guid>
<description></description>
</item>
<item>
<title>Relational Disjoint-Set Forests</title>
<link>/entries/Relational_Disjoint_Set_Forests.html</link>
<pubDate>Wed, 26 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Disjoint_Set_Forests.html</guid>
<description></description>
</item>
<item>
<title>Extensions to the Comprehensive Framework for Saturation Theorem Proving</title>
<link>/entries/Saturation_Framework_Extensions.html</link>
<pubDate>Tue, 25 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Saturation_Framework_Extensions.html</guid>
<description></description>
</item>
<item>
<title>Putting the `K&#39; into Bird&#39;s derivation of Knuth-Morris-Pratt string matching</title>
<link>/entries/BirdKMP.html</link>
<pubDate>Tue, 25 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/BirdKMP.html</guid>
<description></description>
</item>
<item>
<title>Amicable Numbers</title>
<link>/entries/Amicable_Numbers.html</link>
<pubDate>Tue, 04 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Amicable_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Ordinal Partitions</title>
<link>/entries/Ordinal_Partitions.html</link>
<pubDate>Mon, 03 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Ordinal_Partitions.html</guid>
<description></description>
</item>
<item>
<title>A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm</title>
<link>/entries/Chandy_Lamport.html</link>
<pubDate>Tue, 21 Jul 2020 00:00:00 +0000</pubDate>
<guid>/entries/Chandy_Lamport.html</guid>
<description></description>
</item>
<item>
<title>Relational Characterisations of Paths</title>
<link>/entries/Relational_Paths.html</link>
<pubDate>Mon, 13 Jul 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Paths.html</guid>
<description></description>
</item>
<item>
<title>A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles</title>
<link>/entries/Safe_Distance.html</link>
<pubDate>Mon, 01 Jun 2020 00:00:00 +0000</pubDate>
<guid>/entries/Safe_Distance.html</guid>
<description></description>
</item>
<item>
<title>A verified algorithm for computing the Smith normal form of a matrix</title>
<link>/entries/Smith_Normal_Form.html</link>
<pubDate>Sat, 23 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Smith_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>The Nash-Williams Partition Theorem</title>
<link>/entries/Nash_Williams.html</link>
<pubDate>Sat, 16 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Nash_Williams.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Knuth–Bendix Orders</title>
<link>/entries/Knuth_Bendix_Order.html</link>
<pubDate>Wed, 13 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Knuth_Bendix_Order.html</guid>
<description></description>
</item>
<item>
<title>Irrationality Criteria for Series by Erdős and Straus</title>
<link>/entries/Irrational_Series_Erdos_Straus.html</link>
<pubDate>Tue, 12 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Irrational_Series_Erdos_Straus.html</guid>
<description></description>
</item>
<item>
<title>Recursion Theorem in ZF</title>
<link>/entries/Recursion-Addition.html</link>
<pubDate>Mon, 11 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Recursion-Addition.html</guid>
<description></description>
</item>
<item>
<title>An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation</title>
<link>/entries/LTL_Normal_Form.html</link>
<pubDate>Fri, 08 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/LTL_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Forcing in Isabelle/ZF</title>
<link>/entries/Forcing.html</link>
<pubDate>Wed, 06 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Forcing.html</guid>
<description></description>
</item>
<item>
<title>Banach-Steinhaus Theorem</title>
<link>/entries/Banach_Steinhaus.html</link>
<pubDate>Sat, 02 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Banach_Steinhaus.html</guid>
<description></description>
</item>
<item>
<title>Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems</title>
<link>/entries/Attack_Trees.html</link>
<pubDate>Mon, 27 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Attack_Trees.html</guid>
<description></description>
</item>
<item>
<title>Gaussian Integers</title>
<link>/entries/Gaussian_Integers.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Gaussian_Integers.html</guid>
<description></description>
</item>
<item>
<title>Power Sum Polynomials</title>
<link>/entries/Power_Sum_Polynomials.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Power_Sum_Polynomials.html</guid>
<description></description>
</item>
<item>
<title>The Lambert W Function on the Reals</title>
<link>/entries/Lambert_W.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Lambert_W.html</guid>
<description></description>
</item>
<item>
<title>Matrices for ODEs</title>
<link>/entries/Matrices_for_ODEs.html</link>
<pubDate>Sun, 19 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Matrices_for_ODEs.html</guid>
<description></description>
</item>
<item>
<title>Authenticated Data Structures As Functors</title>
<link>/entries/ADS_Functor.html</link>
<pubDate>Thu, 16 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/ADS_Functor.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows</title>
<link>/entries/Sliding_Window_Algorithm.html</link>
<pubDate>Fri, 10 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Sliding_Window_Algorithm.html</guid>
<description></description>
</item>
<item>
<title>A Comprehensive Framework for Saturation Theorem Proving</title>
<link>/entries/Saturation_Framework.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Saturation_Framework.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</title>
<link>/entries/MFODL_Monitor_Optimized.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/MFODL_Monitor_Optimized.html</guid>
<description></description>
</item>
<item>
<title>Automated Stateful Protocol Verification</title>
<link>/entries/Automated_Stateful_Protocol_Verification.html</link>
<pubDate>Wed, 08 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Automated_Stateful_Protocol_Verification.html</guid>
<description></description>
</item>
<item>
<title>Stateful Protocol Composition and Typing</title>
<link>/entries/Stateful_Protocol_Composition_and_Typing.html</link>
<pubDate>Wed, 08 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Stateful_Protocol_Composition_and_Typing.html</guid>
<description></description>
</item>
<item>
<title>Lucas&#39;s Theorem</title>
<link>/entries/Lucas_Theorem.html</link>
<pubDate>Tue, 07 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Lucas_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Strong Eventual Consistency of the Collaborative Editing Framework WOOT</title>
<link>/entries/WOOT_Strong_Eventual_Consistency.html</link>
<pubDate>Wed, 25 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/WOOT_Strong_Eventual_Consistency.html</guid>
<description></description>
</item>
<item>
<title>Furstenberg&#39;s topology and his proof of the infinitude of primes</title>
<link>/entries/Furstenberg_Topology.html</link>
<pubDate>Sun, 22 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Furstenberg_Topology.html</guid>
<description></description>
</item>
<item>
<title>An Under-Approximate Relational Logic</title>
<link>/entries/Relational-Incorrectness-Logic.html</link>
<pubDate>Thu, 12 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational-Incorrectness-Logic.html</guid>
<description></description>
</item>
<item>
<title>Hello World</title>
<link>/entries/Hello_World.html</link>
<pubDate>Sat, 07 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Hello_World.html</guid>
<description></description>
</item>
<item>
<title>Implementing the Goodstein Function in &amp;lambda;-Calculus</title>
<link>/entries/Goodstein_Lambda.html</link>
<pubDate>Fri, 21 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goodstein_Lambda.html</guid>
<description></description>
</item>
<item>
<title>A Generic Framework for Verified Compilers</title>
<link>/entries/VeriComp.html</link>
<pubDate>Mon, 10 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/VeriComp.html</guid>
<description></description>
</item>
<item>
<title>Arithmetic progressions and relative primes</title>
<link>/entries/Arith_Prog_Rel_Primes.html</link>
<pubDate>Sat, 01 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/Arith_Prog_Rel_Primes.html</guid>
<description></description>
</item>
<item>
<title>A Hierarchy of Algebras for Boolean Subsets</title>
<link>/entries/Subset_Boolean_Algebras.html</link>
<pubDate>Fri, 31 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Subset_Boolean_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Mersenne primes and the Lucas–Lehmer test</title>
<link>/entries/Mersenne_Primes.html</link>
<pubDate>Fri, 17 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Mersenne_Primes.html</guid>
<description></description>
</item>
<item>
<title>Verified Approximation Algorithms</title>
<link>/entries/Approximation_Algorithms.html</link>
<pubDate>Thu, 16 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Approximation_Algorithms.html</guid>
<description></description>
</item>
<item>
<title>Closest Pair of Points Algorithms</title>
<link>/entries/Closest_Pair_Points.html</link>
<pubDate>Mon, 13 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Closest_Pair_Points.html</guid>
<description></description>
</item>
<item>
<title>Skip Lists</title>
<link>/entries/Skip_Lists.html</link>
<pubDate>Thu, 09 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Skip_Lists.html</guid>
<description></description>
</item>
<item>
<title>Bicategories</title>
<link>/entries/Bicategory.html</link>
<pubDate>Mon, 06 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Bicategory.html</guid>
<description></description>
</item>
<item>
<title>The Irrationality of ζ(3)</title>
<link>/entries/Zeta_3_Irrational.html</link>
<pubDate>Fri, 27 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Zeta_3_Irrational.html</guid>
<description></description>
</item>
<item>
<title>Formalizing a Seligman-Style Tableau System for Hybrid Logic</title>
<link>/entries/Hybrid_Logic.html</link>
<pubDate>Fri, 20 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Logic.html</guid>
<description></description>
</item>
<item>
<title>The Poincaré-Bendixson Theorem</title>
<link>/entries/Poincare_Bendixson.html</link>
<pubDate>Wed, 18 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Poincare_Bendixson.html</guid>
<description></description>
</item>
<item>
<title>Complex Geometry</title>
<link>/entries/Complex_Geometry.html</link>
<pubDate>Mon, 16 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Complex_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Poincaré Disc Model</title>
<link>/entries/Poincare_Disc.html</link>
<pubDate>Mon, 16 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Poincare_Disc.html</guid>
<description></description>
</item>
<item>
<title>Gauss Sums and the Pólya–Vinogradov Inequality</title>
<link>/entries/Gauss_Sums.html</link>
<pubDate>Tue, 10 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Gauss_Sums.html</guid>
<description></description>
</item>
<item>
<title>An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges</title>
<link>/entries/Generalized_Counting_Sort.html</link>
<pubDate>Wed, 04 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Generalized_Counting_Sort.html</guid>
<description></description>
</item>
<item>
<title>Interval Arithmetic on 32-bit Words</title>
<link>/entries/Interval_Arithmetic_Word32.html</link>
<pubDate>Wed, 27 Nov 2019 00:00:00 +0000</pubDate>
<guid>/entries/Interval_Arithmetic_Word32.html</guid>
<description></description>
</item>
<item>
<title>Zermelo Fraenkel Set Theory in Higher-Order Logic</title>
<link>/entries/ZFC_in_HOL.html</link>
<pubDate>Thu, 24 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/ZFC_in_HOL.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/C</title>
<link>/entries/Isabelle_C.html</link>
<pubDate>Tue, 22 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_C.html</guid>
<description></description>
</item>
<item>
<title>VerifyThis 2019 -- Polished Isabelle Solutions</title>
<link>/entries/VerifyThis2019.html</link>
<pubDate>Wed, 16 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/VerifyThis2019.html</guid>
<description></description>
</item>
<item>
<title>Aristotle&#39;s Assertoric Syllogistic</title>
<link>/entries/Aristotles_Assertoric_Syllogistic.html</link>
<pubDate>Tue, 08 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Aristotles_Assertoric_Syllogistic.html</guid>
<description></description>
</item>
<item>
<title>Sigma Protocols and Commitment Schemes</title>
<link>/entries/Sigma_Commit_Crypto.html</link>
<pubDate>Mon, 07 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Sigma_Commit_Crypto.html</guid>
<description></description>
</item>
<item>
<title>Clean - An Abstract Imperative Programming Language and its Theory</title>
<link>/entries/Clean.html</link>
<pubDate>Fri, 04 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Clean.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Multiway-Join Algorithms</title>
<link>/entries/Generic_Join.html</link>
<pubDate>Mon, 16 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Generic_Join.html</guid>
<description></description>
</item>
<item>
<title>Verification Components for Hybrid Systems</title>
<link>/entries/Hybrid_Systems_VCs.html</link>
<pubDate>Tue, 10 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Systems_VCs.html</guid>
<description></description>
</item>
<item>
<title>Fourier Series</title>
<link>/entries/Fourier.html</link>
<pubDate>Fri, 06 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Fourier.html</guid>
<description></description>
</item>
<item>
<title>A Case Study in Basic Algebra</title>
<link>/entries/Jacobson_Basic_Algebra.html</link>
<pubDate>Fri, 30 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Jacobson_Basic_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Formalisation of an Adaptive State Counting Algorithm</title>
<link>/entries/Adaptive_State_Counting.html</link>
<pubDate>Fri, 16 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Adaptive_State_Counting.html</guid>
<description></description>
</item>
<item>
<title>Laplace Transform</title>
<link>/entries/Laplace_Transform.html</link>
<pubDate>Wed, 14 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Laplace_Transform.html</guid>
<description></description>
</item>
<item>
<title>Communicating Concurrent Kleene Algebra for Distributed Systems Specification</title>
<link>/entries/C2KA_DistributedSystems.html</link>
<pubDate>Tue, 06 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/C2KA_DistributedSystems.html</guid>
<description></description>
</item>
<item>
<title>Linear Programming</title>
<link>/entries/Linear_Programming.html</link>
<pubDate>Tue, 06 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Programming.html</guid>
<description></description>
</item>
<item>
<title>Selected Problems from the International Mathematical Olympiad 2019</title>
<link>/entries/IMO2019.html</link>
<pubDate>Mon, 05 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMO2019.html</guid>
<description></description>
</item>
<item>
<title>Stellar Quorum Systems</title>
<link>/entries/Stellar_Quorums.html</link>
<pubDate>Thu, 01 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Stellar_Quorums.html</guid>
<description></description>
</item>
<item>
<title>A Formal Development of a Polychronous Polytimed Coordination Language</title>
<link>/entries/TESL_Language.html</link>
<pubDate>Tue, 30 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/TESL_Language.html</guid>
<description></description>
</item>
<item>
<title>Order Extension and Szpilrajn&#39;s Extension Theorem</title>
<link>/entries/Szpilrajn.html</link>
<pubDate>Sat, 27 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/Szpilrajn.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc1.html</link>
<pubDate>Thu, 18 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc1.html</guid>
<description></description>
</item>
<item>
<title>A Verified Code Generator from Isabelle/HOL to CakeML</title>
<link>/entries/CakeML_Codegen.html</link>
<pubDate>Mon, 08 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/CakeML_Codegen.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</title>
<link>/entries/MFOTL_Monitor.html</link>
<pubDate>Thu, 04 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/MFOTL_Monitor.html</guid>
<description></description>
</item>
<item>
<title>Complete Non-Orders and Fixed Points</title>
<link>/entries/Complete_Non_Orders.html</link>
<pubDate>Thu, 27 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Complete_Non_Orders.html</guid>
<description></description>
</item>
<item>
<title>Priority Search Trees</title>
<link>/entries/Priority_Search_Trees.html</link>
<pubDate>Tue, 25 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Priority_Search_Trees.html</guid>
<description></description>
</item>
<item>
<title>Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra</title>
<link>/entries/Prim_Dijkstra_Simple.html</link>
<pubDate>Tue, 25 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Prim_Dijkstra_Simple.html</guid>
<description></description>
</item>
<item>
<title>Linear Inequalities</title>
<link>/entries/Linear_Inequalities.html</link>
<pubDate>Fri, 21 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Inequalities.html</guid>
<description></description>
</item>
<item>
<title>Hilbert&#39;s Nullstellensatz</title>
<link>/entries/Nullstellensatz.html</link>
<pubDate>Sun, 16 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Nullstellensatz.html</guid>
<description></description>
</item>
<item>
<title>Gröbner Bases, Macaulay Matrices and Dubé&#39;s Degree Bounds</title>
<link>/entries/Groebner_Macaulay.html</link>
<pubDate>Sat, 15 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Groebner_Macaulay.html</guid>
<description></description>
</item>
<item>
<title>Binary Heaps for IMP2</title>
<link>/entries/IMP2_Binary_Heap.html</link>
<pubDate>Thu, 13 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMP2_Binary_Heap.html</guid>
<description></description>
</item>
<item>
<title>Differential Game Logic</title>
<link>/entries/Differential_Game_Logic.html</link>
<pubDate>Mon, 03 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Game_Logic.html</guid>
<description></description>
</item>
<item>
<title>Multidimensional Binary Search Trees</title>
<link>/entries/KD_Tree.html</link>
<pubDate>Thu, 30 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/KD_Tree.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Generic Authenticated Data Structures</title>
<link>/entries/LambdaAuth.html</link>
<pubDate>Tue, 14 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/LambdaAuth.html</guid>
<description></description>
</item>
<item>
<title>Multi-Party Computation</title>
<link>/entries/Multi_Party_Computation.html</link>
<pubDate>Thu, 09 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/Multi_Party_Computation.html</guid>
<description></description>
</item>
<item>
<title>HOL-CSP Version 2.0</title>
<link>/entries/HOL-CSP.html</link>
<pubDate>Fri, 26 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/HOL-CSP.html</guid>
<description></description>
</item>
<item>
<title>A Compositional and Unified Translation of LTL into ω-Automata</title>
<link>/entries/LTL_Master_Theorem.html</link>
<pubDate>Tue, 16 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/LTL_Master_Theorem.html</guid>
<description></description>
</item>
<item>
<title>A General Theory of Syntax with Bindings</title>
<link>/entries/Binding_Syntax_Theory.html</link>
<pubDate>Sat, 06 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/Binding_Syntax_Theory.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of Certain Infinite Series</title>
<link>/entries/Transcendence_Series_Hancl_Rucki.html</link>
<pubDate>Wed, 27 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/Transcendence_Series_Hancl_Rucki.html</guid>
<description></description>
</item>
<item>
<title>Quantum Hoare Logic</title>
<link>/entries/QHLProver.html</link>
<pubDate>Sun, 24 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/QHLProver.html</guid>
<description></description>
</item>
<item>
<title>Safe OCL</title>
<link>/entries/Safe_OCL.html</link>
<pubDate>Sat, 09 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/Safe_OCL.html</guid>
<description></description>
</item>
<item>
<title>Elementary Facts About the Distribution of Primes</title>
<link>/entries/Prime_Distribution_Elementary.html</link>
<pubDate>Thu, 21 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Distribution_Elementary.html</guid>
<description></description>
</item>
<item>
<title>Kruskal&#39;s Algorithm for Minimum Spanning Forest</title>
<link>/entries/Kruskal.html</link>
<pubDate>Thu, 14 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Kruskal.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Primality Testing</title>
<link>/entries/Probabilistic_Prime_Tests.html</link>
<pubDate>Mon, 11 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Prime_Tests.html</guid>
<description></description>
</item>
<item>
<title>Universal Turing Machine</title>
<link>/entries/Universal_Turing_Machine.html</link>
<pubDate>Fri, 08 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Universal_Turing_Machine.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming</title>
<link>/entries/UTP.html</link>
<pubDate>Fri, 01 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/UTP.html</guid>
<description></description>
</item>
<item>
<title>The Inversions of a List</title>
<link>/entries/List_Inversions.html</link>
<pubDate>Fri, 01 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/List_Inversions.html</guid>
<description></description>
</item>
<item>
<title>Farkas&#39; Lemma and Motzkin&#39;s Transposition Theorem</title>
<link>/entries/Farkas.html</link>
<pubDate>Thu, 17 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Farkas.html</guid>
<description></description>
</item>
<item>
<title>An Algebra for Higher-Order Terms</title>
<link>/entries/Higher_Order_Terms.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Higher_Order_Terms.html</guid>
<description></description>
</item>
<item>
<title>IMP2 – Simple Program Verification in Isabelle/HOL</title>
<link>/entries/IMP2.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMP2.html</guid>
<description></description>
</item>
<item>
<title>A Reduction Theorem for Store Buffers</title>
<link>/entries/Store_Buffer_Reduction.html</link>
<pubDate>Mon, 07 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Store_Buffer_Reduction.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of the Document Object Model</title>
<link>/entries/Core_DOM.html</link>
<pubDate>Wed, 26 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Core_DOM.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Concurrent Revisions</title>
<link>/entries/Concurrent_Revisions.html</link>
<pubDate>Tue, 25 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Concurrent_Revisions.html</guid>
<description></description>
</item>
<item>
<title>Verifying Imperative Programs using Auto2</title>
<link>/entries/Auto2_Imperative_HOL.html</link>
<pubDate>Fri, 21 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Auto2_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Constructive Cryptography in HOL</title>
<link>/entries/Constructive_Cryptography.html</link>
<pubDate>Mon, 17 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Constructive_Cryptography.html</guid>
<description></description>
</item>
<item>
<title>Properties of Orderings and Lattices</title>
<link>/entries/Order_Lattice_Props.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Order_Lattice_Props.html</guid>
<description></description>
</item>
<item>
<title>Quantales</title>
<link>/entries/Quantales.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Quantales.html</guid>
<description></description>
</item>
<item>
<title>Transformer Semantics</title>
<link>/entries/Transformer_Semantics.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Transformer_Semantics.html</guid>
<description></description>
</item>
<item>
<title>A Verified Functional Implementation of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</title>
<link>/entries/Functional_Ordered_Resolution_Prover.html</link>
<pubDate>Fri, 23 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Functional_Ordered_Resolution_Prover.html</guid>
<description></description>
</item>
<item>
<title>Graph Saturation</title>
<link>/entries/Graph_Saturation.html</link>
<pubDate>Fri, 23 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Graph_Saturation.html</guid>
<description></description>
</item>
<item>
<title>Auto2 Prover</title>
<link>/entries/Auto2_HOL.html</link>
<pubDate>Tue, 20 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Auto2_HOL.html</guid>
<description></description>
</item>
<item>
<title>Matroids</title>
<link>/entries/Matroids.html</link>
<pubDate>Fri, 16 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Matroids.html</guid>
<description></description>
</item>
<item>
<title>Deriving generic class instances for datatypes</title>
<link>/entries/Generic_Deriving.html</link>
<pubDate>Tue, 06 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Generic_Deriving.html</guid>
<description></description>
</item>
<item>
<title>Formalisation and Evaluation of Alan Gewirth&#39;s Proof for the Principle of Generic Consistency in Isabelle/HOL</title>
<link>/entries/GewirthPGCProof.html</link>
<pubDate>Tue, 30 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/GewirthPGCProof.html</guid>
<description></description>
</item>
<item>
<title>Epistemic Logic: Completeness of Modal Logics</title>
<link>/entries/Epistemic_Logic.html</link>
<pubDate>Mon, 29 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Epistemic_Logic.html</guid>
<description></description>
</item>
<item>
<title>Smooth Manifolds</title>
<link>/entries/Smooth_Manifolds.html</link>
<pubDate>Mon, 22 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Smooth_Manifolds.html</guid>
<description></description>
</item>
<item>
<title>Formalization of the Embedding Path Order for Lambda-Free Higher-Order Terms</title>
<link>/entries/Lambda_Free_EPO.html</link>
<pubDate>Fri, 19 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Lambda_Free_EPO.html</guid>
<description></description>
</item>
<item>
<title>Randomised Binary Search Trees</title>
<link>/entries/Randomised_BSTs.html</link>
<pubDate>Fri, 19 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Randomised_BSTs.html</guid>
<description></description>
</item>
<item>
<title>Upper Bounding Diameters of State Spaces of Factored Transition Systems</title>
<link>/entries/Factored_Transition_System_Bounding.html</link>
<pubDate>Fri, 12 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Factored_Transition_System_Bounding.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of π</title>
<link>/entries/Pi_Transcendental.html</link>
<pubDate>Fri, 28 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Pi_Transcendental.html</guid>
<description></description>
</item>
<item>
<title>Symmetric Polynomials</title>
<link>/entries/Symmetric_Polynomials.html</link>
<pubDate>Tue, 25 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Symmetric_Polynomials.html</guid>
<description></description>
</item>
<item>
<title>Signature-Based Gröbner Basis Algorithms</title>
<link>/entries/Signature_Groebner.html</link>
<pubDate>Thu, 20 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Signature_Groebner.html</guid>
<description></description>
</item>
<item>
<title>The Prime Number Theorem</title>
<link>/entries/Prime_Number_Theorem.html</link>
<pubDate>Wed, 19 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Number_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Aggregation Algebras</title>
<link>/entries/Aggregation_Algebras.html</link>
<pubDate>Sat, 15 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Aggregation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Octonions</title>
<link>/entries/Octonions.html</link>
<pubDate>Fri, 14 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Octonions.html</guid>
<description></description>
</item>
<item>
<title>Quaternions</title>
<link>/entries/Quaternions.html</link>
<pubDate>Wed, 05 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Quaternions.html</guid>
<description></description>
</item>
<item>
<title>The Budan-Fourier Theorem and Counting Real Roots with Multiplicity</title>
<link>/entries/Budan_Fourier.html</link>
<pubDate>Sun, 02 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Budan_Fourier.html</guid>
<description></description>
</item>
<item>
<title>An Incremental Simplex Algorithm with Unsatisfiable Core Generation</title>
<link>/entries/Simplex.html</link>
<pubDate>Fri, 24 Aug 2018 00:00:00 +0000</pubDate>
<guid>/entries/Simplex.html</guid>
<description></description>
</item>
<item>
<title>Minsky Machines</title>
<link>/entries/Minsky_Machines.html</link>
<pubDate>Tue, 14 Aug 2018 00:00:00 +0000</pubDate>
<guid>/entries/Minsky_Machines.html</guid>
<description></description>
</item>
<item>
<title>Pricing in discrete financial models</title>
<link>/entries/DiscretePricing.html</link>
<pubDate>Mon, 16 Jul 2018 00:00:00 +0000</pubDate>
<guid>/entries/DiscretePricing.html</guid>
<description></description>
</item>
<item>
<title>Von-Neumann-Morgenstern Utility Theorem</title>
<link>/entries/Neumann_Morgenstern_Utility.html</link>
<pubDate>Wed, 04 Jul 2018 00:00:00 +0000</pubDate>
<guid>/entries/Neumann_Morgenstern_Utility.html</guid>
<description></description>
</item>
<item>
<title>Pell&#39;s Equation</title>
<link>/entries/Pell.html</link>
<pubDate>Sat, 23 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Pell.html</guid>
<description></description>
</item>
<item>
<title>Projective Geometry</title>
<link>/entries/Projective_Geometry.html</link>
<pubDate>Thu, 14 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Projective_Geometry.html</guid>
<description></description>
</item>
<item>
<title>The Localization of a Commutative Ring</title>
<link>/entries/Localization_Ring.html</link>
<pubDate>Thu, 14 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Localization_Ring.html</guid>
<description></description>
</item>
<item>
<title>Partial Order Reduction</title>
<link>/entries/Partial_Order_Reduction.html</link>
<pubDate>Tue, 05 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Partial_Order_Reduction.html</guid>
<description></description>
</item>
<item>
<title>Optimal Binary Search Trees</title>
<link>/entries/Optimal_BST.html</link>
<pubDate>Sun, 27 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Optimal_BST.html</guid>
<description></description>
</item>
<item>
<title>Hidden Markov Models</title>
<link>/entries/Hidden_Markov_Models.html</link>
<pubDate>Fri, 25 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Hidden_Markov_Models.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Timed Automata</title>
<link>/entries/Probabilistic_Timed_Automata.html</link>
<pubDate>Thu, 24 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Timed_Automata.html</guid>
<description></description>
</item>
<item>
<title>Axiom Systems for Category Theory in Free Logic</title>
<link>/entries/AxiomaticCategoryTheory.html</link>
<pubDate>Wed, 23 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/AxiomaticCategoryTheory.html</guid>
<description></description>
</item>
<item>
<title>Irrational Rapidly Convergent Series</title>
<link>/entries/Irrationality_J_Hancl.html</link>
<pubDate>Wed, 23 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Irrationality_J_Hancl.html</guid>
<description></description>
</item>
<item>
<title>Monadification, Memoization and Dynamic Programming</title>
<link>/entries/Monad_Memo_DP.html</link>
<pubDate>Tue, 22 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Monad_Memo_DP.html</guid>
<description></description>
</item>
<item>
<title>OpSets: Sequential Specifications for Replicated Datatypes</title>
<link>/entries/OpSets.html</link>
<pubDate>Thu, 10 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/OpSets.html</guid>
<description></description>
</item>
<item>
<title>An Isabelle/HOL Formalization of the Modular Assembly Kit for Security Properties</title>
<link>/entries/Modular_Assembly_Kit_Security.html</link>
<pubDate>Mon, 07 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Modular_Assembly_Kit_Security.html</guid>
<description></description>
</item>
<item>
<title>WebAssembly</title>
<link>/entries/WebAssembly.html</link>
<pubDate>Sun, 29 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/WebAssembly.html</guid>
<description></description>
</item>
<item>
<title>VerifyThis 2018 - Polished Isabelle Solutions</title>
<link>/entries/VerifyThis2018.html</link>
<pubDate>Fri, 27 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/VerifyThis2018.html</guid>
<description></description>
</item>
<item>
<title>Bounded Natural Functors with Covariance and Contravariance</title>
<link>/entries/BNF_CC.html</link>
<pubDate>Tue, 24 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/BNF_CC.html</guid>
<description></description>
</item>
<item>
<title>The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency</title>
<link>/entries/Fishburn_Impossibility.html</link>
<pubDate>Thu, 22 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Fishburn_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>Weight-Balanced Trees</title>
<link>/entries/Weight_Balanced_Trees.html</link>
<pubDate>Tue, 13 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Weight_Balanced_Trees.html</guid>
<description></description>
</item>
<item>
<title>CakeML</title>
<link>/entries/CakeML.html</link>
<pubDate>Mon, 12 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/CakeML.html</guid>
<description></description>
</item>
<item>
<title>A Theory of Architectural Design Patterns</title>
<link>/entries/Architectural_Design_Patterns.html</link>
<pubDate>Thu, 01 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Architectural_Design_Patterns.html</guid>
<description></description>
</item>
<item>
<title>Hoare Logics for Time Bounds</title>
<link>/entries/Hoare_Time.html</link>
<pubDate>Mon, 26 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Hoare_Time.html</guid>
<description></description>
</item>
<item>
<title>A verified factorization algorithm for integer polynomials with polynomial complexity</title>
<link>/entries/LLL_Factorization.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/LLL_Factorization.html</guid>
<description></description>
</item>
<item>
<title>First-Order Terms</title>
<link>/entries/First_Order_Terms.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/First_Order_Terms.html</guid>
<description></description>
</item>
<item>
<title>The Error Function</title>
<link>/entries/Error_Function.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Error_Function.html</guid>
<description></description>
</item>
<item>
<title>Treaps</title>
<link>/entries/Treaps.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Treaps.html</guid>
<description></description>
</item>
<item>
<title>A verified LLL algorithm</title>
<link>/entries/LLL_Basis_Reduction.html</link>
<pubDate>Fri, 02 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/LLL_Basis_Reduction.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</title>
<link>/entries/Ordered_Resolution_Prover.html</link>
<pubDate>Thu, 18 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Ordered_Resolution_Prover.html</guid>
<description></description>
</item>
<item>
<title>Gromov Hyperbolicity</title>
<link>/entries/Gromov_Hyperbolicity.html</link>
<pubDate>Tue, 16 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Gromov_Hyperbolicity.html</guid>
<description></description>
</item>
<item>
<title>An Isabelle/HOL formalisation of Green&#39;s Theorem</title>
<link>/entries/Green.html</link>
<pubDate>Thu, 11 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Green.html</guid>
<description></description>
</item>
<item>
<title>Taylor Models</title>
<link>/entries/Taylor_Models.html</link>
<pubDate>Mon, 08 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Taylor_Models.html</guid>
<description></description>
</item>
<item>
<title>The Falling Factorial of a Sum</title>
<link>/entries/Falling_Factorial_Sum.html</link>
<pubDate>Fri, 22 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Falling_Factorial_Sum.html</guid>
<description></description>
</item>
<item>
<title>Dirichlet L-Functions and Dirichlet&#39;s Theorem</title>
<link>/entries/Dirichlet_L.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dirichlet_L.html</guid>
<description></description>
</item>
<item>
<title>The Mason–Stothers Theorem</title>
<link>/entries/Mason_Stothers.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Mason_Stothers.html</guid>
<description></description>
</item>
<item>
<title>The Median-of-Medians Selection Algorithm</title>
<link>/entries/Median_Of_Medians_Selection.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Median_Of_Medians_Selection.html</guid>
<description></description>
</item>
<item>
<title>Operations on Bounded Natural Functors</title>
<link>/entries/BNF_Operations.html</link>
<pubDate>Tue, 19 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/BNF_Operations.html</guid>
<description></description>
</item>
<item>
<title>The string search algorithm by Knuth, Morris and Pratt</title>
<link>/entries/Knuth_Morris_Pratt.html</link>
<pubDate>Mon, 18 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Knuth_Morris_Pratt.html</guid>
<description></description>
</item>
<item>
<title>Stochastic Matrices and the Perron-Frobenius Theorem</title>
<link>/entries/Stochastic_Matrices.html</link>
<pubDate>Wed, 22 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stochastic_Matrices.html</guid>
<description></description>
</item>
<item>
<title>The IMAP CmRDT</title>
<link>/entries/IMAP-CRDT.html</link>
<pubDate>Thu, 09 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/IMAP-CRDT.html</guid>
<description></description>
</item>
<item>
<title>Hybrid Multi-Lane Spatial Logic</title>
<link>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</link>
<pubDate>Mon, 06 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</guid>
<description></description>
</item>
<item>
<title>The Kuratowski Closure-Complement Theorem</title>
<link>/entries/Kuratowski_Closure_Complement.html</link>
<pubDate>Thu, 26 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Kuratowski_Closure_Complement.html</guid>
<description></description>
</item>
<item>
<title>Büchi Complementation</title>
<link>/entries/Buchi_Complementation.html</link>
<pubDate>Thu, 19 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Buchi_Complementation.html</guid>
<description></description>
</item>
<item>
<title>Transition Systems and Automata</title>
<link>/entries/Transition_Systems_and_Automata.html</link>
<pubDate>Thu, 19 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Transition_Systems_and_Automata.html</guid>
<description></description>
</item>
<item>
<title>Count the Number of Complex Roots</title>
<link>/entries/Count_Complex_Roots.html</link>
<pubDate>Tue, 17 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Count_Complex_Roots.html</guid>
<description></description>
</item>
<item>
<title>Evaluate Winding Numbers through Cauchy Indices</title>
<link>/entries/Winding_Number_Eval.html</link>
<pubDate>Tue, 17 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Winding_Number_Eval.html</guid>
<description></description>
</item>
<item>
<title>Homogeneous Linear Diophantine Equations</title>
<link>/entries/Diophantine_Eqns_Lin_Hom.html</link>
<pubDate>Sat, 14 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Diophantine_Eqns_Lin_Hom.html</guid>
<description></description>
</item>
<item>
<title>Dirichlet Series</title>
<link>/entries/Dirichlet_Series.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dirichlet_Series.html</guid>
<description></description>
</item>
<item>
<title>Linear Recurrences</title>
<link>/entries/Linear_Recurrences.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Recurrences.html</guid>
<description></description>
</item>
<item>
<title>The Hurwitz and Riemann ζ Functions</title>
<link>/entries/Zeta_Function.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Zeta_Function.html</guid>
<description></description>
</item>
<item>
<title>Computer-assisted Reconstruction and Assessment of E. J. Lowe&#39;s Modal Ontological Argument</title>
<link>/entries/Lowe_Ontological_Argument.html</link>
<pubDate>Thu, 21 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/Lowe_Ontological_Argument.html</guid>
<description></description>
</item>
<item>
<title>Representation and Partial Automation of the Principia Logico-Metaphysica in Isabelle/HOL</title>
<link>/entries/PLM.html</link>
<pubDate>Sun, 17 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/PLM.html</guid>
<description></description>
</item>
<item>
<title>Anselm&#39;s God in Isabelle/HOL</title>
<link>/entries/AnselmGod.html</link>
<pubDate>Wed, 06 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/AnselmGod.html</guid>
<description></description>
</item>
<item>
<title>Microeconomics and the First Welfare Theorem</title>
<link>/entries/First_Welfare_Theorem.html</link>
<pubDate>Fri, 01 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/First_Welfare_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Orbit-Stabiliser Theorem with Application to Rotational Symmetries</title>
<link>/entries/Orbit_Stabiliser.html</link>
<pubDate>Sun, 20 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/Orbit_Stabiliser.html</guid>
<description></description>
</item>
<item>
<title>Root-Balanced Tree</title>
<link>/entries/Root_Balanced_Tree.html</link>
<pubDate>Sun, 20 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/Root_Balanced_Tree.html</guid>
<description></description>
</item>
<item>
<title>The LambdaMu-calculus</title>
<link>/entries/LambdaMu.html</link>
<pubDate>Wed, 16 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/LambdaMu.html</guid>
<description></description>
</item>
<item>
<title>Stewart&#39;s Theorem and Apollonius&#39; Theorem</title>
<link>/entries/Stewart_Apollonius.html</link>
<pubDate>Mon, 31 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stewart_Apollonius.html</guid>
<description></description>
</item>
<item>
<title>Dynamic Architectures</title>
<link>/entries/DynamicArchitectures.html</link>
<pubDate>Fri, 28 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/DynamicArchitectures.html</guid>
<description></description>
</item>
<item>
<title>Declarative Semantics for Functional Languages</title>
<link>/entries/Decl_Sem_Fun_PL.html</link>
<pubDate>Fri, 21 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Decl_Sem_Fun_PL.html</guid>
<description></description>
</item>
<item>
<title>HOLCF-Prelude</title>
<link>/entries/HOLCF-Prelude.html</link>
<pubDate>Sat, 15 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/HOLCF-Prelude.html</guid>
<description></description>
</item>
<item>
<title>Minkowski&#39;s Theorem</title>
<link>/entries/Minkowskis_Theorem.html</link>
<pubDate>Thu, 13 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Minkowskis_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus</title>
<link>/entries/Name_Carrying_Type_Inference.html</link>
<pubDate>Sun, 09 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Name_Carrying_Type_Inference.html</guid>
<description></description>
</item>
<item>
<title>A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes</title>
<link>/entries/CRDT.html</link>
<pubDate>Fri, 07 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/CRDT.html</guid>
<description></description>
</item>
<item>
<title>Stone-Kleene Relation Algebras</title>
<link>/entries/Stone_Kleene_Relation_Algebras.html</link>
<pubDate>Thu, 06 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Kleene_Relation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Propositional Proof Systems</title>
<link>/entries/Propositional_Proof_Systems.html</link>
<pubDate>Wed, 21 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Propositional_Proof_Systems.html</guid>
<description></description>
</item>
<item>
<title>Partial Semigroups and Convolution Algebras</title>
<link>/entries/PSemigroupsConvolution.html</link>
<pubDate>Tue, 13 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/PSemigroupsConvolution.html</guid>
<description></description>
</item>
<item>
<title>Buffon&#39;s Needle Problem</title>
<link>/entries/Buffons_Needle.html</link>
<pubDate>Tue, 06 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Buffons_Needle.html</guid>
<description></description>
</item>
<item>
<title>Flow Networks and the Min-Cut-Max-Flow Theorem</title>
<link>/entries/Flow_Networks.html</link>
<pubDate>Thu, 01 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Flow_Networks.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Push-Relabel Algorithms</title>
<link>/entries/Prpu_Maxflow.html</link>
<pubDate>Thu, 01 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Prpu_Maxflow.html</guid>
<description></description>
</item>
<item>
<title>Optics</title>
<link>/entries/Optics.html</link>
<pubDate>Thu, 25 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Optics.html</guid>
<description></description>
</item>
<item>
<title>Developing Security Protocols by Refinement</title>
<link>/entries/Security_Protocol_Refinement.html</link>
<pubDate>Wed, 24 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Security_Protocol_Refinement.html</guid>
<description></description>
</item>
<item>
<title>Dictionary Construction</title>
<link>/entries/Dict_Construction.html</link>
<pubDate>Wed, 24 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dict_Construction.html</guid>
<description></description>
</item>
<item>
<title>The Floyd-Warshall Algorithm for Shortest Paths</title>
<link>/entries/Floyd_Warshall.html</link>
<pubDate>Mon, 08 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Floyd_Warshall.html</guid>
<description></description>
</item>
<item>
<title>CryptHOL</title>
<link>/entries/CryptHOL.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/CryptHOL.html</guid>
<description></description>
</item>
<item>
<title>Effect polymorphism in higher-order logic</title>
<link>/entries/Monomorphic_Monad.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Monomorphic_Monad.html</guid>
<description></description>
</item>
<item>
<title>Game-based cryptography in HOL</title>
<link>/entries/Game_Based_Crypto.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Game_Based_Crypto.html</guid>
<description></description>
</item>
<item>
<title>Monad normalisation</title>
<link>/entries/Monad_Normalisation.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Monad_Normalisation.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic while loop</title>
<link>/entries/Probabilistic_While.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_While.html</guid>
<description></description>
</item>
<item>
<title>Monoidal Categories</title>
<link>/entries/MonoidalCategory.html</link>
<pubDate>Thu, 04 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/MonoidalCategory.html</guid>
<description></description>
</item>
<item>
<title>Types, Tableaus and Gödel’s God in Isabelle/HOL</title>
<link>/entries/Types_Tableaus_and_Goedels_God.html</link>
<pubDate>Mon, 01 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Types_Tableaus_and_Goedels_God.html</guid>
<description></description>
</item>
<item>
<title>Local Lexing</title>
<link>/entries/LocalLexing.html</link>
<pubDate>Fri, 28 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/LocalLexing.html</guid>
<description></description>
</item>
<item>
<title>Constructor Functions</title>
<link>/entries/Constructor_Funs.html</link>
<pubDate>Wed, 19 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Constructor_Funs.html</guid>
<description></description>
</item>
<item>
<title>Lazifying case constants</title>
<link>/entries/Lazy_Case.html</link>
<pubDate>Tue, 18 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Lazy_Case.html</guid>
<description></description>
</item>
<item>
<title>Subresultants</title>
<link>/entries/Subresultants.html</link>
<pubDate>Thu, 06 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Subresultants.html</guid>
<description></description>
</item>
<item>
<title>Expected Shape of Random Binary Search Trees</title>
<link>/entries/Random_BSTs.html</link>
<pubDate>Tue, 04 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Random_BSTs.html</guid>
<description></description>
</item>
<item>
<title>Lower bound on comparison-based sorting algorithms</title>
<link>/entries/Comparison_Sort_Lower_Bound.html</link>
<pubDate>Wed, 15 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Comparison_Sort_Lower_Bound.html</guid>
<description></description>
</item>
<item>
<title>The number of comparisons in QuickSort</title>
<link>/entries/Quick_Sort_Cost.html</link>
<pubDate>Wed, 15 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Quick_Sort_Cost.html</guid>
<description></description>
</item>
<item>
<title>The Euler–MacLaurin Formula</title>
<link>/entries/Euler_MacLaurin.html</link>
<pubDate>Fri, 10 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Euler_MacLaurin.html</guid>
<description></description>
</item>
<item>
<title>The Group Law for Elliptic Curves</title>
<link>/entries/Elliptic_Curves_Group_Law.html</link>
<pubDate>Tue, 28 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Elliptic_Curves_Group_Law.html</guid>
<description></description>
</item>
<item>
<title>Menger&#39;s Theorem</title>
<link>/entries/Menger.html</link>
<pubDate>Sun, 26 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Menger.html</guid>
<description></description>
</item>
<item>
<title>Differential Dynamic Logic</title>
<link>/entries/Differential_Dynamic_Logic.html</link>
<pubDate>Mon, 13 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Dynamic_Logic.html</guid>
<description></description>
</item>
<item>
<title>Abstract Soundness</title>
<link>/entries/Abstract_Soundness.html</link>
<pubDate>Fri, 10 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Abstract_Soundness.html</guid>
<description></description>
</item>
<item>
<title>Stone Relation Algebras</title>
<link>/entries/Stone_Relation_Algebras.html</link>
<pubDate>Tue, 07 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Relation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Refining Authenticated Key Agreement with Strong Adversaries</title>
<link>/entries/Key_Agreement_Strong_Adversaries.html</link>
<pubDate>Tue, 31 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Key_Agreement_Strong_Adversaries.html</guid>
<description></description>
</item>
<item>
<title>Bernoulli Numbers</title>
<link>/entries/Bernoulli.html</link>
<pubDate>Tue, 24 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Bernoulli.html</guid>
<description></description>
</item>
<item>
<title>Bertrand&#39;s postulate</title>
<link>/entries/Bertrands_Postulate.html</link>
<pubDate>Tue, 17 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Bertrands_Postulate.html</guid>
<description></description>
</item>
<item>
<title>Minimal Static Single Assignment Form</title>
<link>/entries/Minimal_SSA.html</link>
<pubDate>Tue, 17 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Minimal_SSA.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of e</title>
<link>/entries/E_Transcendental.html</link>
<pubDate>Thu, 12 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/E_Transcendental.html</guid>
<description></description>
</item>
<item>
<title>Formal Network Models and Their Application to Firewall Policies</title>
<link>/entries/UPF_Firewall.html</link>
<pubDate>Sun, 08 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/UPF_Firewall.html</guid>
<description></description>
</item>
<item>
<title>Verification of a Diffie-Hellman Password-based Authentication Protocol by Extending the Inductive Method</title>
<link>/entries/Password_Authentication_Protocol.html</link>
<pubDate>Tue, 03 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Password_Authentication_Protocol.html</guid>
<description></description>
</item>
<item>
<title>First-Order Logic According to Harrison</title>
<link>/entries/FOL_Harrison.html</link>
<pubDate>Sun, 01 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Harrison.html</guid>
<description></description>
</item>
<item>
<title>Concurrent Refinement Algebra and Rely Quotients</title>
<link>/entries/Concurrent_Ref_Alg.html</link>
<pubDate>Fri, 30 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Concurrent_Ref_Alg.html</guid>
<description></description>
</item>
<item>
<title>The Twelvefold Way</title>
<link>/entries/Twelvefold_Way.html</link>
<pubDate>Thu, 29 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Twelvefold_Way.html</guid>
<description></description>
</item>
<item>
<title>Proof Strategy Language</title>
<link>/entries/Proof_Strategy_Language.html</link>
<pubDate>Tue, 20 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Proof_Strategy_Language.html</guid>
<description></description>
</item>
<item>
<title>Paraconsistency</title>
<link>/entries/Paraconsistency.html</link>
<pubDate>Wed, 07 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Paraconsistency.html</guid>
<description></description>
</item>
<item>
<title>COMPLX: A Verification Framework for Concurrent Imperative Programs</title>
<link>/entries/Complx.html</link>
<pubDate>Tue, 29 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Complx.html</guid>
<description></description>
</item>
<item>
<title>Abstract Interpretation of Annotated Commands</title>
<link>/entries/Abs_Int_ITP2012.html</link>
<pubDate>Wed, 23 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Abs_Int_ITP2012.html</guid>
<description></description>
</item>
<item>
<title>Separata: Isabelle tactics for Separation Algebra</title>
<link>/entries/Separata.html</link>
<pubDate>Wed, 16 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Separata.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Knuth–Bendix Orders for Lambda-Free Higher-Order Terms</title>
<link>/entries/Lambda_Free_KBOs.html</link>
<pubDate>Sat, 12 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lambda_Free_KBOs.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals</title>
<link>/entries/Nested_Multisets_Ordinals.html</link>
<pubDate>Sat, 12 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Nested_Multisets_Ordinals.html</guid>
<description></description>
</item>
<item>
<title>Expressiveness of Deep Learning</title>
<link>/entries/Deep_Learning.html</link>
<pubDate>Thu, 10 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Deep_Learning.html</guid>
<description></description>
</item>
<item>
<title>Modal Logics for Nominal Transition Systems</title>
<link>/entries/Modal_Logics_for_NTS.html</link>
<pubDate>Tue, 25 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Modal_Logics_for_NTS.html</guid>
<description></description>
</item>
<item>
<title>Stable Matching</title>
<link>/entries/Stable_Matching.html</link>
<pubDate>Mon, 24 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stable_Matching.html</guid>
<description></description>
</item>
<item>
<title>LOFT — Verified Migration of Linux Firewalls to SDN</title>
<link>/entries/LOFT.html</link>
<pubDate>Fri, 21 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/LOFT.html</guid>
<description></description>
</item>
<item>
<title>A formal model for the SPARCv8 ISA and a proof of non-interference for the LEON3 processor</title>
<link>/entries/SPARCv8.html</link>
<pubDate>Wed, 19 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/SPARCv8.html</guid>
<description></description>
</item>
<item>
<title>Source Coding Theorem</title>
<link>/entries/Source_Coding_Theorem.html</link>
<pubDate>Wed, 19 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Source_Coding_Theorem.html</guid>
<description></description>
</item>
<item>
<title>The Factorization Algorithm of Berlekamp and Zassenhaus</title>
<link>/entries/Berlekamp_Zassenhaus.html</link>
<pubDate>Fri, 14 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Berlekamp_Zassenhaus.html</guid>
<description></description>
</item>
<item>
<title>Intersecting Chords Theorem</title>
<link>/entries/Chord_Segments.html</link>
<pubDate>Tue, 11 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Chord_Segments.html</guid>
<description></description>
</item>
<item>
<title>Lp spaces</title>
<link>/entries/Lp.html</link>
<pubDate>Wed, 05 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lp.html</guid>
<description></description>
</item>
<item>
<title>Fisher–Yates shuffle</title>
<link>/entries/Fisher_Yates.html</link>
<pubDate>Fri, 30 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Fisher_Yates.html</guid>
<description></description>
</item>
<item>
<title>Allen&#39;s Interval Calculus</title>
<link>/entries/Allen_Calculus.html</link>
<pubDate>Thu, 29 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Allen_Calculus.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Recursive Path Orders for Lambda-Free Higher-Order Terms</title>
<link>/entries/Lambda_Free_RPOs.html</link>
<pubDate>Fri, 23 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lambda_Free_RPOs.html</guid>
<description></description>
</item>
<item>
<title>Iptables Semantics</title>
<link>/entries/Iptables_Semantics.html</link>
<pubDate>Fri, 09 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Iptables_Semantics.html</guid>
<description></description>
</item>
<item>
<title>A Variant of the Superposition Calculus</title>
<link>/entries/SuperCalc.html</link>
<pubDate>Tue, 06 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/SuperCalc.html</guid>
<description></description>
</item>
<item>
<title>Stone Algebras</title>
<link>/entries/Stone_Algebras.html</link>
<pubDate>Tue, 06 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Stirling&#39;s formula</title>
<link>/entries/Stirling_Formula.html</link>
<pubDate>Thu, 01 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stirling_Formula.html</guid>
<description></description>
</item>
<item>
<title>Routing</title>
<link>/entries/Routing.html</link>
<pubDate>Wed, 31 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Routing.html</guid>
<description></description>
</item>
<item>
<title>Simple Firewall</title>
<link>/entries/Simple_Firewall.html</link>
<pubDate>Wed, 24 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Simple_Firewall.html</guid>
<description></description>
</item>
<item>
<title>Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths</title>
<link>/entries/InfPathElimination.html</link>
<pubDate>Thu, 18 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/InfPathElimination.html</guid>
<description></description>
</item>
<item>
<title>Formalizing the Edmonds-Karp Algorithm</title>
<link>/entries/EdmondsKarp_Maxflow.html</link>
<pubDate>Fri, 12 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/EdmondsKarp_Maxflow.html</guid>
<description></description>
</item>
<item>
<title>The Imperative Refinement Framework</title>
<link>/entries/Refine_Imperative_HOL.html</link>
<pubDate>Mon, 08 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Refine_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Ptolemy&#39;s Theorem</title>
<link>/entries/Ptolemys_Theorem.html</link>
<pubDate>Sun, 07 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Ptolemys_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Surprise Paradox</title>
<link>/entries/Surprise_Paradox.html</link>
<pubDate>Sun, 17 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Surprise_Paradox.html</guid>
<description></description>
</item>
<item>
<title>Pairing Heap</title>
<link>/entries/Pairing_Heap.html</link>
<pubDate>Thu, 14 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Pairing_Heap.html</guid>
<description></description>
</item>
<item>
<title>A Framework for Verifying Depth-First Search Algorithms</title>
<link>/entries/DFS_Framework.html</link>
<pubDate>Tue, 05 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/DFS_Framework.html</guid>
<description></description>
</item>
<item>
<title>Chamber Complexes, Coxeter Systems, and Buildings</title>
<link>/entries/Buildings.html</link>
<pubDate>Fri, 01 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Buildings.html</guid>
<description></description>
</item>
<item>
<title>The Resolution Calculus for First-Order Logic</title>
<link>/entries/Resolution_FOL.html</link>
<pubDate>Thu, 30 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Resolution_FOL.html</guid>
<description></description>
</item>
<item>
<title>The Z Property</title>
<link>/entries/Rewriting_Z.html</link>
<pubDate>Thu, 30 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Rewriting_Z.html</guid>
<description></description>
</item>
<item>
<title>Compositional Security-Preserving Refinement for Concurrent Imperative Programs</title>
<link>/entries/Dependent_SIFUM_Refinement.html</link>
<pubDate>Tue, 28 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Dependent_SIFUM_Refinement.html</guid>
<description></description>
</item>
<item>
<title>IP Addresses</title>
<link>/entries/IP_Addresses.html</link>
<pubDate>Tue, 28 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/IP_Addresses.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Multisets</title>
<link>/entries/Card_Multisets.html</link>
<pubDate>Sun, 26 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Card_Multisets.html</guid>
<description></description>
</item>
<item>
<title>Category Theory with Adjunctions and Limits</title>
<link>/entries/Category3.html</link>
<pubDate>Sun, 26 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Category3.html</guid>
<description></description>
</item>
<item>
<title>A Dependent Security Type System for Concurrent Imperative Programs</title>
<link>/entries/Dependent_SIFUM_Type_Systems.html</link>
<pubDate>Sat, 25 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Dependent_SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>Catalan Numbers</title>
<link>/entries/Catalan_Numbers.html</link>
<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Catalan_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Program Construction and Verification Components Based on Kleene Algebra</title>
<link>/entries/Algebraic_VCs.html</link>
<pubDate>Sat, 18 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Algebraic_VCs.html</guid>
<description></description>
</item>
<item>
<title>Conservation of CSP Noninterference Security under Concurrent Composition</title>
<link>/entries/Noninterference_Concurrent_Composition.html</link>
<pubDate>Mon, 13 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Concurrent_Composition.html</guid>
<description></description>
</item>
<item>
<title>Finite Machine Word Library</title>
<link>/entries/Word_Lib.html</link>
<pubDate>Thu, 09 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Word_Lib.html</guid>
<description></description>
</item>
<item>
<title>Tree Decomposition</title>
<link>/entries/Tree_Decomposition.html</link>
<pubDate>Tue, 31 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Tree_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Equivalence Relations</title>
<link>/entries/Card_Equiv_Relations.html</link>
<pubDate>Tue, 24 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Card_Equiv_Relations.html</guid>
<description></description>
</item>
<item>
<title>POSIX Lexing with Derivatives of Regular Expressions</title>
<link>/entries/Posix-Lexing.html</link>
<pubDate>Tue, 24 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Posix-Lexing.html</guid>
<description></description>
</item>
<item>
<title>Perron-Frobenius Theorem for Spectral Radius Analysis</title>
<link>/entries/Perron_Frobenius.html</link>
<pubDate>Fri, 20 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Perron_Frobenius.html</guid>
<description></description>
</item>
<item>
<title>The meta theory of the Incredible Proof Machine</title>
<link>/entries/Incredible_Proof_Machine.html</link>
<pubDate>Fri, 20 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Incredible_Proof_Machine.html</guid>
<description></description>
</item>
<item>
<title>A Constructive Proof for FLP</title>
<link>/entries/FLP.html</link>
<pubDate>Wed, 18 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/FLP.html</guid>
<description></description>
</item>
<item>
<title>A Formal Proof of the Max-Flow Min-Cut Theorem for Countable Networks</title>
<link>/entries/MFMC_Countable.html</link>
<pubDate>Mon, 09 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/MFMC_Countable.html</guid>
<description></description>
</item>
<item>
<title>Randomised Social Choice Theory</title>
<link>/entries/Randomised_Social_Choice.html</link>
<pubDate>Thu, 05 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Randomised_Social_Choice.html</guid>
<description></description>
</item>
<item>
<title>Spivey&#39;s Generalized Recurrence for Bell Numbers</title>
<link>/entries/Bell_Numbers_Spivey.html</link>
<pubDate>Wed, 04 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Bell_Numbers_Spivey.html</guid>
<description></description>
</item>
<item>
<title>The Incompatibility of SD-Efficiency and SD-Strategy-Proofness</title>
<link>/entries/SDS_Impossibility.html</link>
<pubDate>Wed, 04 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/SDS_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>Gröbner Bases Theory</title>
<link>/entries/Groebner_Bases.html</link>
<pubDate>Mon, 02 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Groebner_Bases.html</guid>
<description></description>
</item>
<item>
<title>No Faster-Than-Light Observers</title>
<link>/entries/No_FTL_observers.html</link>
<pubDate>Thu, 28 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/No_FTL_observers.html</guid>
<description></description>
</item>
<item>
<title>A formalisation of the Cocke-Younger-Kasami algorithm</title>
<link>/entries/CYK.html</link>
<pubDate>Wed, 27 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/CYK.html</guid>
<description></description>
</item>
<item>
<title>Algorithms for Reduced Ordered Binary Decision Diagrams</title>
<link>/entries/ROBDD.html</link>
<pubDate>Wed, 27 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/ROBDD.html</guid>
<description></description>
</item>
<item>
<title>Conservation of CSP Noninterference Security under Sequential Composition</title>
<link>/entries/Noninterference_Sequential_Composition.html</link>
<pubDate>Tue, 26 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Sequential_Composition.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebras with Domain</title>
<link>/entries/KAD.html</link>
<pubDate>Tue, 12 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/KAD.html</guid>
<description></description>
</item>
<item>
<title>Propositional Resolution and Prime Implicates Generation</title>
<link>/entries/PropResPI.html</link>
<pubDate>Fri, 11 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/PropResPI.html</guid>
<description></description>
</item>
<item>
<title>The Cartan Fixed Point Theorems</title>
<link>/entries/Cartan_FP.html</link>
<pubDate>Tue, 08 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/Cartan_FP.html</guid>
<description></description>
</item>
<item>
<title>Timed Automata</title>
<link>/entries/Timed_Automata.html</link>
<pubDate>Tue, 08 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/Timed_Automata.html</guid>
<description></description>
</item>
<item>
<title>Linear Temporal Logic</title>
<link>/entries/LTL.html</link>
<pubDate>Tue, 01 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/LTL.html</guid>
<description></description>
</item>
<item>
<title>Analysis of List Update Algorithms</title>
<link>/entries/List_Update.html</link>
<pubDate>Wed, 17 Feb 2016 00:00:00 +0000</pubDate>
<guid>/entries/List_Update.html</guid>
<description></description>
</item>
<item>
<title>Verified Construction of Static Single Assignment Form</title>
<link>/entries/Formal_SSA.html</link>
<pubDate>Fri, 05 Feb 2016 00:00:00 +0000</pubDate>
<guid>/entries/Formal_SSA.html</guid>
<description></description>
</item>
<item>
<title>Polynomial Factorization</title>
<link>/entries/Polynomial_Factorization.html</link>
<pubDate>Fri, 29 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Polynomial_Factorization.html</guid>
<description></description>
</item>
<item>
<title>Polynomial Interpolation</title>
<link>/entries/Polynomial_Interpolation.html</link>
<pubDate>Fri, 29 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Polynomial_Interpolation.html</guid>
<description></description>
</item>
<item>
<title>Knot Theory</title>
<link>/entries/Knot_Theory.html</link>
<pubDate>Wed, 20 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Knot_Theory.html</guid>
<description></description>
</item>
<item>
<title>Tensor Product of Matrices</title>
<link>/entries/Matrix_Tensor.html</link>
<pubDate>Mon, 18 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Matrix_Tensor.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Number Partitions</title>
<link>/entries/Card_Number_Partitions.html</link>
<pubDate>Thu, 14 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Card_Number_Partitions.html</guid>
<description></description>
</item>
<item>
<title>Basic Geometric Properties of Triangles</title>
<link>/entries/Triangle.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Triangle.html</guid>
<description></description>
</item>
<item>
<title>Descartes&#39; Rule of Signs</title>
<link>/entries/Descartes_Sign_Rule.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Descartes_Sign_Rule.html</guid>
<description></description>
</item>
<item>
<title>Liouville numbers</title>
<link>/entries/Liouville_Numbers.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Liouville_Numbers.html</guid>
<description></description>
</item>
<item>
<title>The Divergence of the Prime Harmonic Series</title>
<link>/entries/Prime_Harmonic_Series.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Harmonic_Series.html</guid>
<description></description>
</item>
<item>
<title>Algebraic Numbers in Isabelle/HOL</title>
<link>/entries/Algebraic_Numbers.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Algebraic_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Applicative Lifting</title>
<link>/entries/Applicative_Lifting.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Applicative_Lifting.html</guid>
<description></description>
</item>
<item>
<title>The Stern-Brocot Tree</title>
<link>/entries/Stern_Brocot.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Stern_Brocot.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Set Partitions</title>
<link>/entries/Card_Partitions.html</link>
<pubDate>Sat, 12 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Card_Partitions.html</guid>
<description></description>
</item>
<item>
<title>Latin Square</title>
<link>/entries/Latin_Square.html</link>
<pubDate>Wed, 02 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Latin_Square.html</guid>
<description></description>
</item>
<item>
<title>Ergodic Theory</title>
<link>/entries/Ergodic_Theory.html</link>
<pubDate>Tue, 01 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Ergodic_Theory.html</guid>
<description></description>
</item>
<item>
<title>Euler&#39;s Partition Theorem</title>
<link>/entries/Euler_Partition.html</link>
<pubDate>Thu, 19 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Euler_Partition.html</guid>
<description></description>
</item>
<item>
<title>The Tortoise and Hare Algorithm</title>
<link>/entries/TortoiseHare.html</link>
<pubDate>Wed, 18 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/TortoiseHare.html</guid>
<description></description>
</item>
<item>
<title>Planarity Certificates</title>
<link>/entries/Planarity_Certificates.html</link>
<pubDate>Wed, 11 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Planarity_Certificates.html</guid>
<description></description>
</item>
<item>
<title>Positional Determinacy of Parity Games</title>
<link>/entries/Parity_Game.html</link>
<pubDate>Mon, 02 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Parity_Game.html</guid>
<description></description>
</item>
<item>
<title>A Meta-Model for the Isabelle API</title>
<link>/entries/Isabelle_Meta_Model.html</link>
<pubDate>Wed, 16 Sep 2015 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_Meta_Model.html</guid>
<description></description>
</item>
<item>
<title>Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata</title>
<link>/entries/LTL_to_DRA.html</link>
<pubDate>Fri, 04 Sep 2015 00:00:00 +0000</pubDate>
<guid>/entries/LTL_to_DRA.html</guid>
<description></description>
</item>
<item>
<title>Matrices, Jordan Normal Forms, and Spectral Radius Theory</title>
<link>/entries/Jordan_Normal_Form.html</link>
<pubDate>Fri, 21 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Jordan_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>Decreasing Diagrams II</title>
<link>/entries/Decreasing-Diagrams-II.html</link>
<pubDate>Thu, 20 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Decreasing-Diagrams-II.html</guid>
<description></description>
</item>
<item>
<title>The Inductive Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Inductive_Unwinding.html</link>
<pubDate>Tue, 18 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Inductive_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>Representations of Finite Groups</title>
<link>/entries/Rep_Fin_Groups.html</link>
<pubDate>Wed, 12 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Rep_Fin_Groups.html</guid>
<description></description>
</item>
<item>
<title>Analysing and Comparing Encodability Criteria for Process Calculi</title>
<link>/entries/Encodability_Process_Calculi.html</link>
<pubDate>Mon, 10 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Encodability_Process_Calculi.html</guid>
<description></description>
</item>
<item>
<title>Generating Cases from Labeled Subgoals</title>
<link>/entries/Case_Labeling.html</link>
<pubDate>Tue, 21 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Case_Labeling.html</guid>
<description></description>
</item>
<item>
<title>Landau Symbols</title>
<link>/entries/Landau_Symbols.html</link>
<pubDate>Tue, 14 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Landau_Symbols.html</guid>
<description></description>
</item>
<item>
<title>The Akra-Bazzi theorem and the Master theorem</title>
<link>/entries/Akra_Bazzi.html</link>
<pubDate>Tue, 14 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Akra_Bazzi.html</guid>
<description></description>
</item>
<item>
<title>Hermite Normal Form</title>
<link>/entries/Hermite.html</link>
<pubDate>Tue, 07 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Hermite.html</guid>
<description></description>
</item>
<item>
<title>Derangements Formula</title>
<link>/entries/Derangements.html</link>
<pubDate>Sat, 27 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Derangements.html</guid>
<description></description>
</item>
<item>
<title>Binary Multirelations</title>
<link>/entries/Multirelations.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Multirelations.html</guid>
<description></description>
</item>
<item>
<title>Reasoning about Lists via List Interleaving</title>
<link>/entries/List_Interleaving.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/List_Interleaving.html</guid>
<description></description>
</item>
<item>
<title>The Generic Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Generic_Unwinding.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Generic_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>The Ipurge Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Ipurge_Unwinding.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Ipurge_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>Parameterized Dynamic Tables</title>
<link>/entries/Dynamic_Tables.html</link>
<pubDate>Sun, 07 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Dynamic_Tables.html</guid>
<description></description>
</item>
<item>
<title>Derivatives of Logical Formulas</title>
<link>/entries/Formula_Derivatives.html</link>
<pubDate>Thu, 28 May 2015 00:00:00 +0000</pubDate>
<guid>/entries/Formula_Derivatives.html</guid>
<description></description>
</item>
<item>
<title>A Zoo of Probabilistic Systems</title>
<link>/entries/Probabilistic_System_Zoo.html</link>
<pubDate>Wed, 27 May 2015 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_System_Zoo.html</guid>
<description></description>
</item>
<item>
<title>VCG - Combinatorial Vickrey-Clarke-Groves Auctions</title>
<link>/entries/Vickrey_Clarke_Groves.html</link>
<pubDate>Thu, 30 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/Vickrey_Clarke_Groves.html</guid>
<description></description>
</item>
<item>
<title>Residuated Lattices</title>
<link>/entries/Residuated_Lattices.html</link>
<pubDate>Wed, 15 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/Residuated_Lattices.html</guid>
<description></description>
</item>
<item>
<title>Concurrent IMP</title>
<link>/entries/ConcurrentIMP.html</link>
<pubDate>Mon, 13 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/ConcurrentIMP.html</guid>
<description></description>
</item>
<item>
<title>Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO</title>
<link>/entries/ConcurrentGC.html</link>
<pubDate>Mon, 13 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/ConcurrentGC.html</guid>
<description></description>
</item>
<item>
<title>Trie</title>
<link>/entries/Trie.html</link>
<pubDate>Mon, 30 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Trie.html</guid>
<description></description>
</item>
<item>
<title>Consensus Refined</title>
<link>/entries/Consensus_Refined.html</link>
<pubDate>Wed, 18 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Consensus_Refined.html</guid>
<description></description>
</item>
<item>
<title>Deriving class instances for datatypes</title>
<link>/entries/Deriving.html</link>
<pubDate>Wed, 11 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Deriving.html</guid>
<description></description>
</item>
<item>
<title>The Safety of Call Arity</title>
<link>/entries/Call_Arity.html</link>
<pubDate>Fri, 20 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Call_Arity.html</guid>
<description></description>
</item>
<item>
<title>Echelon Form</title>
<link>/entries/Echelon_Form.html</link>
<pubDate>Thu, 12 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Echelon_Form.html</guid>
<description></description>
</item>
<item>
<title>QR Decomposition</title>
<link>/entries/QR_Decomposition.html</link>
<pubDate>Thu, 12 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/QR_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Finite Automata in Hereditarily Finite Set Theory</title>
<link>/entries/Finite_Automata_HF.html</link>
<pubDate>Thu, 05 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Finite_Automata_HF.html</guid>
<description></description>
</item>
<item>
<title>Verification of the UpDown Scheme</title>
<link>/entries/UpDown_Scheme.html</link>
<pubDate>Wed, 28 Jan 2015 00:00:00 +0000</pubDate>
<guid>/entries/UpDown_Scheme.html</guid>
<description></description>
</item>
<item>
<title>The Unified Policy Framework (UPF)</title>
<link>/entries/UPF.html</link>
<pubDate>Fri, 28 Nov 2014 00:00:00 +0000</pubDate>
<guid>/entries/UPF.html</guid>
<description></description>
</item>
<item>
<title>Loop freedom of the (untimed) AODV routing protocol</title>
<link>/entries/AODV.html</link>
<pubDate>Thu, 23 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/AODV.html</guid>
<description></description>
</item>
<item>
<title>Lifting Definition Option</title>
<link>/entries/Lifting_Definition_Option.html</link>
<pubDate>Mon, 13 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Lifting_Definition_Option.html</guid>
<description></description>
</item>
<item>
<title>Stream Fusion in HOL with Code Generation</title>
<link>/entries/Stream_Fusion_Code.html</link>
<pubDate>Fri, 10 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Stream_Fusion_Code.html</guid>
<description></description>
</item>
<item>
<title>A Verified Compiler for Probability Density Functions</title>
<link>/entries/Density_Compiler.html</link>
<pubDate>Thu, 09 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Density_Compiler.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Refinement Calculus for Reactive Systems</title>
<link>/entries/RefinementReactive.html</link>
<pubDate>Wed, 08 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/RefinementReactive.html</guid>
<description></description>
</item>
<item>
<title>Certification Monads</title>
<link>/entries/Certification_Monads.html</link>
<pubDate>Fri, 03 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Certification_Monads.html</guid>
<description></description>
</item>
<item>
<title>XML</title>
<link>/entries/XML.html</link>
<pubDate>Fri, 03 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/XML.html</guid>
<description></description>
</item>
<item>
<title>Imperative Insertion Sort</title>
<link>/entries/Imperative_Insertion_Sort.html</link>
<pubDate>Thu, 25 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Imperative_Insertion_Sort.html</guid>
<description></description>
</item>
<item>
<title>The Sturm-Tarski Theorem</title>
<link>/entries/Sturm_Tarski.html</link>
<pubDate>Fri, 19 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Sturm_Tarski.html</guid>
<description></description>
</item>
<item>
<title>The Cayley-Hamilton Theorem</title>
<link>/entries/Cayley_Hamilton.html</link>
<pubDate>Mon, 15 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Cayley_Hamilton.html</guid>
<description></description>
</item>
<item>
<title>The Jordan-Hölder Theorem</title>
<link>/entries/Jordan_Hoelder.html</link>
<pubDate>Tue, 09 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Jordan_Hoelder.html</guid>
<description></description>
</item>
<item>
<title>Priority Queues Based on Braun Trees</title>
<link>/entries/Priority_Queue_Braun.html</link>
<pubDate>Thu, 04 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Priority_Queue_Braun.html</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan Algorithm and Its Applications</title>
<link>/entries/Gauss_Jordan.html</link>
<pubDate>Wed, 03 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Gauss_Jordan.html</guid>
<description></description>
</item>
<item>
<title>Real-Valued Special Functions: Upper and Lower Bounds</title>
<link>/entries/Special_Function_Bounds.html</link>
<pubDate>Fri, 29 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Special_Function_Bounds.html</guid>
<description></description>
</item>
<item>
<title>Vector Spaces</title>
<link>/entries/VectorSpace.html</link>
<pubDate>Fri, 29 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/VectorSpace.html</guid>
<description></description>
</item>
<item>
<title>Skew Heap</title>
<link>/entries/Skew_Heap.html</link>
<pubDate>Wed, 13 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Skew_Heap.html</guid>
<description></description>
</item>
<item>
<title>Splay Tree</title>
<link>/entries/Splay_Tree.html</link>
<pubDate>Tue, 12 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Splay_Tree.html</guid>
<description></description>
</item>
<item>
<title>Haskell&#39;s Show Class in Isabelle/HOL</title>
<link>/entries/Show.html</link>
<pubDate>Tue, 29 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Show.html</guid>
<description></description>
</item>
<item>
<title>Formal Specification of a Generic Separation Kernel</title>
<link>/entries/CISC-Kernel.html</link>
<pubDate>Fri, 18 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/CISC-Kernel.html</guid>
<description></description>
</item>
<item>
<title>pGCL for Isabelle</title>
<link>/entries/pGCL.html</link>
<pubDate>Sun, 13 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/pGCL.html</guid>
<description></description>
</item>
<item>
<title>Amortized Complexity Verified</title>
<link>/entries/Amortized_Complexity.html</link>
<pubDate>Mon, 07 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Amortized_Complexity.html</guid>
<description></description>
</item>
<item>
<title>Network Security Policy Verification</title>
<link>/entries/Network_Security_Policy_Verification.html</link>
<pubDate>Fri, 04 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Network_Security_Policy_Verification.html</guid>
<description></description>
</item>
<item>
<title>Pop-Refinement</title>
<link>/entries/Pop_Refinement.html</link>
<pubDate>Thu, 03 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Pop_Refinement.html</guid>
<description></description>
</item>
<item>
<title>Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions</title>
<link>/entries/MSO_Regex_Equivalence.html</link>
<pubDate>Thu, 12 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/MSO_Regex_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Boolean Expression Checkers</title>
<link>/entries/Boolean_Expression_Checkers.html</link>
<pubDate>Sun, 08 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/Boolean_Expression_Checkers.html</guid>
<description></description>
</item>
<item>
<title>A Fully Verified Executable LTL Model Checker</title>
<link>/entries/CAVA_LTL_Modelchecker.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/CAVA_LTL_Modelchecker.html</guid>
<description></description>
</item>
<item>
<title>Converting Linear-Time Temporal Logic to Generalized Büchi Automata</title>
<link>/entries/LTL_to_GBA.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/LTL_to_GBA.html</guid>
<description></description>
</item>
<item>
<title>Promela Formalization</title>
<link>/entries/Promela.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Promela.html</guid>
<description></description>
</item>
<item>
<title>The CAVA Automata Library</title>
<link>/entries/CAVA_Automata.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/CAVA_Automata.html</guid>
<description></description>
</item>
<item>
<title>Verified Efficient Implementation of Gabow&#39;s Strongly Connected Components Algorithm</title>
<link>/entries/Gabow_SCC.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Gabow_SCC.html</guid>
<description></description>
</item>
<item>
<title>Noninterference Security in Communicating Sequential Processes</title>
<link>/entries/Noninterference_CSP.html</link>
<pubDate>Fri, 23 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_CSP.html</guid>
<description></description>
</item>
<item>
<title>Transitive closure according to Roy-Floyd-Warshall</title>
<link>/entries/Roy_Floyd_Warshall.html</link>
<pubDate>Fri, 23 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Roy_Floyd_Warshall.html</guid>
<description></description>
</item>
<item>
<title>Regular Algebras</title>
<link>/entries/Regular_Algebras.html</link>
<pubDate>Wed, 21 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Regular_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Formalisation and Analysis of Component Dependencies</title>
<link>/entries/ComponentDependencies.html</link>
<pubDate>Mon, 28 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/ComponentDependencies.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Assumptions and Guarantees for Compositional Noninterference</title>
<link>/entries/SIFUM_Type_Systems.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Declassification with WHAT-and-WHERE-Security</title>
<link>/entries/WHATandWHERE_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/WHATandWHERE_Security.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Strong Security</title>
<link>/entries/Strong_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Strong_Security.html</guid>
<description></description>
</item>
<item>
<title>Bounded-Deducibility Security</title>
<link>/entries/Bounded_Deducibility_Security.html</link>
<pubDate>Tue, 22 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Bounded_Deducibility_Security.html</guid>
<description></description>
</item>
<item>
<title>A shallow embedding of HyperCTL*</title>
<link>/entries/HyperCTL.html</link>
<pubDate>Wed, 16 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/HyperCTL.html</guid>
<description></description>
</item>
<item>
<title>Abstract Completeness</title>
<link>/entries/Abstract_Completeness.html</link>
<pubDate>Wed, 16 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Abstract_Completeness.html</guid>
<description></description>
</item>
<item>
<title>Discrete Summation</title>
<link>/entries/Discrete_Summation.html</link>
<pubDate>Sun, 13 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Discrete_Summation.html</guid>
<description></description>
</item>
<item>
<title>Syntax and semantics of a GPU kernel programming language</title>
<link>/entries/GPU_Kernel_PL.html</link>
<pubDate>Thu, 03 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/GPU_Kernel_PL.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Noninterference</title>
<link>/entries/Probabilistic_Noninterference.html</link>
<pubDate>Tue, 11 Mar 2014 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Noninterference.html</guid>
<description></description>
</item>
<item>
<title>Mechanization of the Algebra for Wireless Networks (AWN)</title>
<link>/entries/AWN.html</link>
<pubDate>Sat, 08 Mar 2014 00:00:00 +0000</pubDate>
<guid>/entries/AWN.html</guid>
<description></description>
</item>
<item>
<title>Mutually Recursive Partial Functions</title>
<link>/entries/Partial_Function_MR.html</link>
<pubDate>Tue, 18 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Partial_Function_MR.html</guid>
<description></description>
</item>
<item>
<title>Properties of Random Graphs -- Subgraph Containment</title>
<link>/entries/Random_Graph_Subgraph_Threshold.html</link>
<pubDate>Thu, 13 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Random_Graph_Subgraph_Threshold.html</guid>
<description></description>
</item>
<item>
<title>Verification of Selection and Heap Sort Using Locales</title>
<link>/entries/Selection_Heap_Sort.html</link>
<pubDate>Tue, 11 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Selection_Heap_Sort.html</guid>
<description></description>
</item>
<item>
<title>Affine Arithmetic</title>
<link>/entries/Affine_Arithmetic.html</link>
<pubDate>Fri, 07 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Affine_Arithmetic.html</guid>
<description></description>
</item>
<item>
<title>Implementing field extensions of the form Q[sqrt(b)]</title>
<link>/entries/Real_Impl.html</link>
<pubDate>Thu, 06 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Real_Impl.html</guid>
<description></description>
</item>
<item>
<title>Unified Decision Procedures for Regular Expression Equivalence</title>
<link>/entries/Regex_Equivalence.html</link>
<pubDate>Thu, 30 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Regex_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Secondary Sylow Theorems</title>
<link>/entries/Secondary_Sylow.html</link>
<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Secondary_Sylow.html</guid>
<description></description>
</item>
<item>
<title>Relation Algebra</title>
<link>/entries/Relation_Algebra.html</link>
<pubDate>Sat, 25 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Relation_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra with Tests and Demonic Refinement Algebras</title>
<link>/entries/KAT_and_DRA.html</link>
<pubDate>Thu, 23 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/KAT_and_DRA.html</guid>
<description></description>
</item>
<item>
<title>Featherweight OCL: A Proposal for a Machine-Checked Formal Semantics for OCL 2.5</title>
<link>/entries/Featherweight_OCL.html</link>
<pubDate>Thu, 16 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Featherweight_OCL.html</guid>
<description></description>
</item>
<item>
<title>Compositional Properties of Crypto-Based Components</title>
<link>/entries/CryptoBasedCompositionalProperties.html</link>
<pubDate>Sat, 11 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/CryptoBasedCompositionalProperties.html</guid>
<description></description>
</item>
<item>
<title>Sturm&#39;s Theorem</title>
<link>/entries/Sturm_Sequences.html</link>
<pubDate>Sat, 11 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Sturm_Sequences.html</guid>
<description></description>
</item>
<item>
<title>A General Method for the Proof of Theorems on Tail-recursive Functions</title>
<link>/entries/Tail_Recursive_Functions.html</link>
<pubDate>Sun, 01 Dec 2013 00:00:00 +0000</pubDate>
<guid>/entries/Tail_Recursive_Functions.html</guid>
<description></description>
</item>
<item>
<title>Gödel&#39;s Incompleteness Theorems</title>
<link>/entries/Incompleteness.html</link>
<pubDate>Sun, 17 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Incompleteness.html</guid>
<description></description>
</item>
<item>
<title>The Hereditarily Finite Sets</title>
<link>/entries/HereditarilyFinite.html</link>
<pubDate>Sun, 17 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/HereditarilyFinite.html</guid>
<description></description>
</item>
<item>
<title>A Codatatype of Formal Languages</title>
<link>/entries/Coinductive_Languages.html</link>
<pubDate>Fri, 15 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Coinductive_Languages.html</guid>
<description></description>
</item>
<item>
<title>Stream Processing Components: Isabelle/HOL Formalisation and Case Studies</title>
<link>/entries/FocusStreamsCaseStudies.html</link>
<pubDate>Thu, 14 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/FocusStreamsCaseStudies.html</guid>
<description></description>
</item>
<item>
<title>Gödel&#39;s God in Isabelle/HOL</title>
<link>/entries/GoedelGod.html</link>
<pubDate>Tue, 12 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/GoedelGod.html</guid>
<description></description>
</item>
<item>
<title>Decreasing Diagrams</title>
<link>/entries/Decreasing-Diagrams.html</link>
<pubDate>Fri, 01 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Decreasing-Diagrams.html</guid>
<description></description>
</item>
<item>
<title>Automatic Data Refinement</title>
<link>/entries/Automatic_Refinement.html</link>
<pubDate>Wed, 02 Oct 2013 00:00:00 +0000</pubDate>
<guid>/entries/Automatic_Refinement.html</guid>
<description></description>
</item>
<item>
<title>Native Word</title>
<link>/entries/Native_Word.html</link>
<pubDate>Tue, 17 Sep 2013 00:00:00 +0000</pubDate>
<guid>/entries/Native_Word.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of IEEE Floating Point Arithmetic</title>
<link>/entries/IEEE_Floating_Point.html</link>
<pubDate>Sat, 27 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/IEEE_Floating_Point.html</guid>
<description></description>
</item>
<item>
<title>Lehmer&#39;s Theorem</title>
<link>/entries/Lehmer.html</link>
<pubDate>Mon, 22 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Lehmer.html</guid>
<description></description>
</item>
<item>
<title>Pratt&#39;s Primality Certificates</title>
<link>/entries/Pratt_Certificate.html</link>
<pubDate>Mon, 22 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Pratt_Certificate.html</guid>
<description></description>
</item>
<item>
<title>The Königsberg Bridge Problem and the Friendship Theorem</title>
<link>/entries/Koenigsberg_Friendship.html</link>
<pubDate>Fri, 19 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Koenigsberg_Friendship.html</guid>
<description></description>
</item>
<item>
<title>Sound and Complete Sort Encodings for First-Order Logic</title>
<link>/entries/Sort_Encodings.html</link>
<pubDate>Thu, 27 Jun 2013 00:00:00 +0000</pubDate>
<guid>/entries/Sort_Encodings.html</guid>
<description></description>
</item>
<item>
<title>An Axiomatic Characterization of the Single-Source Shortest Path Problem</title>
<link>/entries/ShortestPath.html</link>
<pubDate>Wed, 22 May 2013 00:00:00 +0000</pubDate>
<guid>/entries/ShortestPath.html</guid>
<description></description>
</item>
<item>
<title>Graph Theory</title>
<link>/entries/Graph_Theory.html</link>
<pubDate>Sun, 28 Apr 2013 00:00:00 +0000</pubDate>
<guid>/entries/Graph_Theory.html</guid>
<description></description>
</item>
<item>
<title>Light-weight Containers</title>
<link>/entries/Containers.html</link>
<pubDate>Mon, 15 Apr 2013 00:00:00 +0000</pubDate>
<guid>/entries/Containers.html</guid>
<description></description>
</item>
<item>
<title>Nominal 2</title>
<link>/entries/Nominal2.html</link>
<pubDate>Thu, 21 Feb 2013 00:00:00 +0000</pubDate>
<guid>/entries/Nominal2.html</guid>
<description></description>
</item>
<item>
<title>The Correctness of Launchbury&#39;s Natural Semantics for Lazy Evaluation</title>
<link>/entries/Launchbury.html</link>
<pubDate>Thu, 31 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Launchbury.html</guid>
<description></description>
</item>
<item>
<title>Ribbon Proofs</title>
<link>/entries/Ribbon_Proofs.html</link>
<pubDate>Sat, 19 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Ribbon_Proofs.html</guid>
<description></description>
</item>
<item>
<title>Rank-Nullity Theorem in Linear Algebra</title>
<link>/entries/Rank_Nullity_Theorem.html</link>
<pubDate>Wed, 16 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Rank_Nullity_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra</title>
<link>/entries/Kleene_Algebra.html</link>
<pubDate>Tue, 15 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Kleene_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Computing N-th Roots using the Babylonian Method</title>
<link>/entries/Sqrt_Babylonian.html</link>
<pubDate>Thu, 03 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Sqrt_Babylonian.html</guid>
<description></description>
</item>
<item>
<title>A Separation Logic Framework for Imperative HOL</title>
<link>/entries/Separation_Logic_Imperative_HOL.html</link>
<pubDate>Wed, 14 Nov 2012 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Logic_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Open Induction</title>
<link>/entries/Open_Induction.html</link>
<pubDate>Fri, 02 Nov 2012 00:00:00 +0000</pubDate>
<guid>/entries/Open_Induction.html</guid>
<description></description>
</item>
<item>
<title>The independence of Tarski&#39;s Euclidean axiom</title>
<link>/entries/Tarskis_Geometry.html</link>
<pubDate>Tue, 30 Oct 2012 00:00:00 +0000</pubDate>
<guid>/entries/Tarskis_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Bondy&#39;s Theorem</title>
<link>/entries/Bondy.html</link>
<pubDate>Sat, 27 Oct 2012 00:00:00 +0000</pubDate>
<guid>/entries/Bondy.html</guid>
<description></description>
</item>
<item>
<title>Possibilistic Noninterference</title>
<link>/entries/Possibilistic_Noninterference.html</link>
<pubDate>Mon, 10 Sep 2012 00:00:00 +0000</pubDate>
<guid>/entries/Possibilistic_Noninterference.html</guid>
<description></description>
</item>
<item>
<title>Generating linear orders for datatypes</title>
<link>/entries/Datatype_Order_Generator.html</link>
<pubDate>Tue, 07 Aug 2012 00:00:00 +0000</pubDate>
<guid>/entries/Datatype_Order_Generator.html</guid>
<description></description>
</item>
<item>
<title>Proving the Impossibility of Trisecting an Angle and Doubling the Cube</title>
<link>/entries/Impossible_Geometry.html</link>
<pubDate>Sun, 05 Aug 2012 00:00:00 +0000</pubDate>
<guid>/entries/Impossible_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model</title>
<link>/entries/Heard_Of.html</link>
<pubDate>Fri, 27 Jul 2012 00:00:00 +0000</pubDate>
<guid>/entries/Heard_Of.html</guid>
<description></description>
</item>
<item>
<title>Logical Relations for PCF</title>
<link>/entries/PCF.html</link>
<pubDate>Sun, 01 Jul 2012 00:00:00 +0000</pubDate>
<guid>/entries/PCF.html</guid>
<description></description>
</item>
<item>
<title>Type Constructor Classes and Monad Transformers</title>
<link>/entries/Tycon.html</link>
<pubDate>Tue, 26 Jun 2012 00:00:00 +0000</pubDate>
<guid>/entries/Tycon.html</guid>
<description></description>
</item>
<item>
<title>CCS in nominal logic</title>
<link>/entries/CCS.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/CCS.html</guid>
<description></description>
</item>
<item>
<title>Psi-calculi in Isabelle</title>
<link>/entries/Psi_Calculi.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Psi_Calculi.html</guid>
<description></description>
</item>
<item>
<title>The pi-calculus in nominal logic</title>
<link>/entries/Pi_Calculus.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Pi_Calculus.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/Circus</title>
<link>/entries/Circus.html</link>
<pubDate>Sun, 27 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Circus.html</guid>
<description></description>
</item>
<item>
<title>Separation Algebra</title>
<link>/entries/Separation_Algebra.html</link>
<pubDate>Fri, 11 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Stuttering Equivalence</title>
<link>/entries/Stuttering_Equivalence.html</link>
<pubDate>Mon, 07 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Stuttering_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Inductive Study of Confidentiality</title>
<link>/entries/Inductive_Confidentiality.html</link>
<pubDate>Wed, 02 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Inductive_Confidentiality.html</guid>
<description></description>
</item>
<item>
<title>Ordinary Differential Equations</title>
<link>/entries/Ordinary_Differential_Equations.html</link>
<pubDate>Thu, 26 Apr 2012 00:00:00 +0000</pubDate>
<guid>/entries/Ordinary_Differential_Equations.html</guid>
<description></description>
</item>
<item>
<title>Well-Quasi-Orders</title>
<link>/entries/Well_Quasi_Orders.html</link>
<pubDate>Fri, 13 Apr 2012 00:00:00 +0000</pubDate>
<guid>/entries/Well_Quasi_Orders.html</guid>
<description></description>
</item>
<item>
<title>Abortable Linearizable Modules</title>
<link>/entries/Abortable_Linearizable_Modules.html</link>
<pubDate>Thu, 01 Mar 2012 00:00:00 +0000</pubDate>
<guid>/entries/Abortable_Linearizable_Modules.html</guid>
<description></description>
</item>
<item>
<title>Executable Transitive Closures</title>
<link>/entries/Transitive-Closure-II.html</link>
<pubDate>Wed, 29 Feb 2012 00:00:00 +0000</pubDate>
<guid>/entries/Transitive-Closure-II.html</guid>
<description></description>
</item>
<item>
<title>A Probabilistic Proof of the Girth-Chromatic Number Theorem</title>
<link>/entries/Girth_Chromatic.html</link>
<pubDate>Mon, 06 Feb 2012 00:00:00 +0000</pubDate>
<guid>/entries/Girth_Chromatic.html</guid>
<description></description>
</item>
<item>
<title>Dijkstra&#39;s Shortest Path Algorithm</title>
<link>/entries/Dijkstra_Shortest_Path.html</link>
<pubDate>Mon, 30 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Dijkstra_Shortest_Path.html</guid>
<description></description>
</item>
<item>
<title>Refinement for Monadic Programs</title>
<link>/entries/Refine_Monadic.html</link>
<pubDate>Mon, 30 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Refine_Monadic.html</guid>
<description></description>
</item>
<item>
<title>Markov Models</title>
<link>/entries/Markov_Models.html</link>
<pubDate>Tue, 03 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Markov_Models.html</guid>
<description></description>
</item>
<item>
<title>A Definitional Encoding of TLA* in Isabelle/HOL</title>
<link>/entries/TLA.html</link>
<pubDate>Sat, 19 Nov 2011 00:00:00 +0000</pubDate>
<guid>/entries/TLA.html</guid>
<description></description>
</item>
<item>
<title>Efficient Mergesort</title>
<link>/entries/Efficient-Mergesort.html</link>
<pubDate>Wed, 09 Nov 2011 00:00:00 +0000</pubDate>
<guid>/entries/Efficient-Mergesort.html</guid>
<description></description>
</item>
<item>
<title>Algebra of Monotonic Boolean Transformers</title>
<link>/entries/MonoBoolTranAlgebra.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/MonoBoolTranAlgebra.html</guid>
<description></description>
</item>
<item>
<title>Lattice Properties</title>
<link>/entries/LatticeProperties.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/LatticeProperties.html</guid>
<description></description>
</item>
<item>
<title>Pseudo Hoops</title>
<link>/entries/PseudoHoops.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/PseudoHoops.html</guid>
<description></description>
</item>
<item>
<title>The Myhill-Nerode Theorem Based on Regular Expressions</title>
<link>/entries/Myhill-Nerode.html</link>
<pubDate>Fri, 26 Aug 2011 00:00:00 +0000</pubDate>
<guid>/entries/Myhill-Nerode.html</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan Elimination for Matrices Represented as Functions</title>
<link>/entries/Gauss-Jordan-Elim-Fun.html</link>
<pubDate>Fri, 19 Aug 2011 00:00:00 +0000</pubDate>
<guid>/entries/Gauss-Jordan-Elim-Fun.html</guid>
<description></description>
</item>
<item>
<title>Maximum Cardinality Matching</title>
<link>/entries/Max-Card-Matching.html</link>
<pubDate>Thu, 21 Jul 2011 00:00:00 +0000</pubDate>
<guid>/entries/Max-Card-Matching.html</guid>
<description></description>
</item>
<item>
<title>Knowledge-based programs</title>
<link>/entries/KBPs.html</link>
<pubDate>Tue, 17 May 2011 00:00:00 +0000</pubDate>
<guid>/entries/KBPs.html</guid>
<description></description>
</item>
<item>
<title>The General Triangle Is Unique</title>
<link>/entries/General-Triangle.html</link>
<pubDate>Fri, 01 Apr 2011 00:00:00 +0000</pubDate>
<guid>/entries/General-Triangle.html</guid>
<description></description>
</item>
<item>
<title>Executable Transitive Closures of Finite Relations</title>
<link>/entries/Transitive-Closure.html</link>
<pubDate>Mon, 14 Mar 2011 00:00:00 +0000</pubDate>
<guid>/entries/Transitive-Closure.html</guid>
<description></description>
</item>
<item>
<title>AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics</title>
<link>/entries/AutoFocus-Stream.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/AutoFocus-Stream.html</guid>
<description></description>
</item>
<item>
<title>Infinite Lists</title>
<link>/entries/List-Infinite.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/List-Infinite.html</guid>
<description></description>
</item>
<item>
<title>Interval Temporal Logic on Natural Numbers</title>
<link>/entries/Nat-Interval-Logic.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/Nat-Interval-Logic.html</guid>
<description></description>
</item>
<item>
<title>Lightweight Java</title>
<link>/entries/LightweightJava.html</link>
<pubDate>Mon, 07 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/LightweightJava.html</guid>
<description></description>
</item>
<item>
<title>RIPEMD-160</title>
<link>/entries/RIPEMD-160-SPARK.html</link>
<pubDate>Mon, 10 Jan 2011 00:00:00 +0000</pubDate>
<guid>/entries/RIPEMD-160-SPARK.html</guid>
<description></description>
</item>
<item>
<title>Lower Semicontinuous Functions</title>
<link>/entries/Lower_Semicontinuous.html</link>
<pubDate>Sat, 08 Jan 2011 00:00:00 +0000</pubDate>
<guid>/entries/Lower_Semicontinuous.html</guid>
<description></description>
</item>
<item>
<title>Hall&#39;s Marriage Theorem</title>
<link>/entries/Marriage.html</link>
<pubDate>Fri, 17 Dec 2010 00:00:00 +0000</pubDate>
<guid>/entries/Marriage.html</guid>
<description></description>
</item>
<item>
<title>Shivers&#39; Control Flow Analysis</title>
<link>/entries/Shivers-CFA.html</link>
<pubDate>Tue, 16 Nov 2010 00:00:00 +0000</pubDate>
<guid>/entries/Shivers-CFA.html</guid>
<description></description>
</item>
<item>
<title>Binomial Heaps and Skew Binomial Heaps</title>
<link>/entries/Binomial-Heaps.html</link>
<pubDate>Thu, 28 Oct 2010 00:00:00 +0000</pubDate>
<guid>/entries/Binomial-Heaps.html</guid>
<description></description>
</item>
<item>
<title>Finger Trees</title>
<link>/entries/Finger-Trees.html</link>
<pubDate>Thu, 28 Oct 2010 00:00:00 +0000</pubDate>
<guid>/entries/Finger-Trees.html</guid>
<description></description>
</item>
<item>
<title>Functional Binomial Queues</title>
<link>/entries/Binomial-Queues.html</link>
<pubDate>Thu, 28 Oct 2010 00:00:00 +0000</pubDate>
<guid>/entries/Binomial-Queues.html</guid>
<description></description>
</item>
<item>
<title>Strong Normalization of Moggis&#39;s Computational Metalanguage</title>
<link>/entries/Lam-ml-Normalization.html</link>
<pubDate>Sun, 29 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Lam-ml-Normalization.html</guid>
<description></description>
</item>
<item>
<title>Executable Multivariate Polynomials</title>
<link>/entries/Polynomials.html</link>
<pubDate>Tue, 10 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Polynomials.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Statecharts using Hierarchical Automata</title>
<link>/entries/Statecharts.html</link>
<pubDate>Sun, 08 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Statecharts.html</guid>
<description></description>
</item>
<item>
<title>Free Groups</title>
<link>/entries/Free-Groups.html</link>
<pubDate>Thu, 24 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Free-Groups.html</guid>
<description></description>
</item>
<item>
<title>Category Theory</title>
<link>/entries/Category2.html</link>
<pubDate>Sun, 20 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Category2.html</guid>
<description></description>
</item>
<item>
<title>Executable Matrix Operations on Matrices of Arbitrary Dimensions</title>
<link>/entries/Matrix.html</link>
<pubDate>Thu, 17 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Matrix.html</guid>
<description></description>
</item>
<item>
<title>Abstract Rewriting</title>
<link>/entries/Abstract-Rewriting.html</link>
<pubDate>Mon, 14 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Abstract-Rewriting.html</guid>
<description></description>
</item>
<item>
<title>Semantics and Data Refinement of Invariant Based Programs</title>
<link>/entries/DataRefinementIBP.html</link>
<pubDate>Fri, 28 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/DataRefinementIBP.html</guid>
<description></description>
</item>
<item>
<title>Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement</title>
<link>/entries/GraphMarkingIBP.html</link>
<pubDate>Fri, 28 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/GraphMarkingIBP.html</guid>
<description></description>
</item>
<item>
<title>A Complete Proof of the Robbins Conjecture</title>
<link>/entries/Robbins-Conjecture.html</link>
<pubDate>Sat, 22 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/Robbins-Conjecture.html</guid>
<description></description>
</item>
<item>
<title>Regular Sets and Expressions</title>
<link>/entries/Regular-Sets.html</link>
<pubDate>Wed, 12 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/Regular-Sets.html</guid>
<description></description>
</item>
<item>
<title>Locally Nameless Sigma Calculus</title>
<link>/entries/Locally-Nameless-Sigma.html</link>
<pubDate>Fri, 30 Apr 2010 00:00:00 +0000</pubDate>
<guid>/entries/Locally-Nameless-Sigma.html</guid>
<description></description>
</item>
<item>
<title>Free Boolean Algebra</title>
<link>/entries/Free-Boolean-Algebra.html</link>
<pubDate>Mon, 29 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/Free-Boolean-Algebra.html</guid>
<description></description>
</item>
<item>
<title>Information Flow Noninterference via Slicing</title>
<link>/entries/InformationFlowSlicing.html</link>
<pubDate>Tue, 23 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/InformationFlowSlicing.html</guid>
<description></description>
</item>
<item>
<title>Inter-Procedural Information Flow Noninterference via Slicing</title>
<link>/entries/InformationFlowSlicing_Inter.html</link>
<pubDate>Tue, 23 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/InformationFlowSlicing_Inter.html</guid>
<description></description>
</item>
<item>
<title>List Index</title>
<link>/entries/List-Index.html</link>
<pubDate>Sat, 20 Feb 2010 00:00:00 +0000</pubDate>
<guid>/entries/List-Index.html</guid>
<description></description>
</item>
<item>
<title>Coinductive</title>
<link>/entries/Coinductive.html</link>
<pubDate>Fri, 12 Feb 2010 00:00:00 +0000</pubDate>
<guid>/entries/Coinductive.html</guid>
<description></description>
</item>
<item>
<title>A Fast SAT Solver for Isabelle in Standard ML</title>
<link>/entries/DPT-SAT-Solver.html</link>
<pubDate>Wed, 09 Dec 2009 00:00:00 +0000</pubDate>
<guid>/entries/DPT-SAT-Solver.html</guid>
<description></description>
</item>
<item>
<title>Formalizing the Logic-Automaton Connection</title>
<link>/entries/Presburger-Automata.html</link>
<pubDate>Thu, 03 Dec 2009 00:00:00 +0000</pubDate>
<guid>/entries/Presburger-Automata.html</guid>
<description></description>
</item>
<item>
<title>Collections Framework</title>
<link>/entries/Collections.html</link>
<pubDate>Wed, 25 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Collections.html</guid>
<description></description>
</item>
<item>
<title>Tree Automata</title>
<link>/entries/Tree-Automata.html</link>
<pubDate>Wed, 25 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Tree-Automata.html</guid>
<description></description>
</item>
<item>
<title>Perfect Number Theorem</title>
<link>/entries/Perfect-Number-Thm.html</link>
<pubDate>Sun, 22 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Perfect-Number-Thm.html</guid>
<description></description>
</item>
<item>
<title>Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer</title>
<link>/entries/HRB-Slicing.html</link>
<pubDate>Fri, 13 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/HRB-Slicing.html</guid>
<description></description>
</item>
<item>
<title>The Worker/Wrapper Transformation</title>
<link>/entries/WorkerWrapper.html</link>
<pubDate>Fri, 30 Oct 2009 00:00:00 +0000</pubDate>
<guid>/entries/WorkerWrapper.html</guid>
<description></description>
</item>
<item>
<title>Ordinals and Cardinals</title>
<link>/entries/Ordinals_and_Cardinals.html</link>
<pubDate>Tue, 01 Sep 2009 00:00:00 +0000</pubDate>
<guid>/entries/Ordinals_and_Cardinals.html</guid>
<description></description>
</item>
<item>
<title>Invertibility in Sequent Calculi</title>
<link>/entries/SequentInvertibility.html</link>
<pubDate>Fri, 28 Aug 2009 00:00:00 +0000</pubDate>
<guid>/entries/SequentInvertibility.html</guid>
<description></description>
</item>
<item>
<title>An Example of a Cofinitary Group in Isabelle/HOL</title>
<link>/entries/CofGroups.html</link>
<pubDate>Tue, 04 Aug 2009 00:00:00 +0000</pubDate>
<guid>/entries/CofGroups.html</guid>
<description></description>
</item>
<item>
<title>Code Generation for Functions as Data</title>
<link>/entries/FinFun.html</link>
<pubDate>Wed, 06 May 2009 00:00:00 +0000</pubDate>
<guid>/entries/FinFun.html</guid>
<description></description>
</item>
<item>
<title>Stream Fusion</title>
<link>/entries/Stream-Fusion.html</link>
<pubDate>Wed, 29 Apr 2009 00:00:00 +0000</pubDate>
<guid>/entries/Stream-Fusion.html</guid>
<description></description>
</item>
<item>
<title>A Bytecode Logic for JML and Types</title>
<link>/entries/BytecodeLogicJmlTypes.html</link>
<pubDate>Fri, 12 Dec 2008 00:00:00 +0000</pubDate>
<guid>/entries/BytecodeLogicJmlTypes.html</guid>
<description></description>
</item>
<item>
<title>Secure information flow and program logics</title>
<link>/entries/SIFPL.html</link>
<pubDate>Mon, 10 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/SIFPL.html</guid>
<description></description>
</item>
<item>
<title>Some classical results in Social Choice Theory</title>
<link>/entries/SenSocialChoice.html</link>
<pubDate>Sun, 09 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/SenSocialChoice.html</guid>
<description></description>
</item>
<item>
<title>Fun With Tilings</title>
<link>/entries/FunWithTilings.html</link>
<pubDate>Fri, 07 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/FunWithTilings.html</guid>
<description></description>
</item>
<item>
<title>The Textbook Proof of Huffman&#39;s Algorithm</title>
<link>/entries/Huffman.html</link>
<pubDate>Wed, 15 Oct 2008 00:00:00 +0000</pubDate>
<guid>/entries/Huffman.html</guid>
<description></description>
</item>
<item>
<title>Towards Certified Slicing</title>
<link>/entries/Slicing.html</link>
<pubDate>Tue, 16 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/Slicing.html</guid>
<description></description>
</item>
<item>
<title>A Correctness Proof for the Volpano/Smith Security Typing System</title>
<link>/entries/VolpanoSmith.html</link>
<pubDate>Tue, 02 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/VolpanoSmith.html</guid>
<description></description>
</item>
<item>
<title>Arrow and Gibbard-Satterthwaite</title>
<link>/entries/ArrowImpossibilityGS.html</link>
<pubDate>Mon, 01 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/ArrowImpossibilityGS.html</guid>
<description></description>
</item>
<item>
<title>Fun With Functions</title>
<link>/entries/FunWithFunctions.html</link>
<pubDate>Tue, 26 Aug 2008 00:00:00 +0000</pubDate>
<guid>/entries/FunWithFunctions.html</guid>
<description></description>
</item>
<item>
<title>Formal Verification of Modern SAT Solvers</title>
<link>/entries/SATSolverVerification.html</link>
<pubDate>Wed, 23 Jul 2008 00:00:00 +0000</pubDate>
<guid>/entries/SATSolverVerification.html</guid>
<description></description>
</item>
<item>
<title>Recursion Theory I</title>
<link>/entries/Recursion-Theory-I.html</link>
<pubDate>Sat, 05 Apr 2008 00:00:00 +0000</pubDate>
<guid>/entries/Recursion-Theory-I.html</guid>
<description></description>
</item>
<item>
<title>A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</title>
<link>/entries/Simpl.html</link>
<pubDate>Fri, 29 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/Simpl.html</guid>
<description></description>
</item>
<item>
<title>BDD Normalisation</title>
<link>/entries/BDD.html</link>
<pubDate>Fri, 29 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/BDD.html</guid>
<description></description>
</item>
<item>
<title>Normalization by Evaluation</title>
<link>/entries/NormByEval.html</link>
<pubDate>Mon, 18 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/NormByEval.html</guid>
<description></description>
</item>
<item>
<title>Quantifier Elimination for Linear Arithmetic</title>
<link>/entries/LinearQuantifierElim.html</link>
<pubDate>Fri, 11 Jan 2008 00:00:00 +0000</pubDate>
<guid>/entries/LinearQuantifierElim.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors</title>
<link>/entries/Program-Conflict-Analysis.html</link>
<pubDate>Fri, 14 Dec 2007 00:00:00 +0000</pubDate>
<guid>/entries/Program-Conflict-Analysis.html</guid>
<description></description>
</item>
<item>
<title>Jinja with Threads</title>
<link>/entries/JinjaThreads.html</link>
<pubDate>Mon, 03 Dec 2007 00:00:00 +0000</pubDate>
<guid>/entries/JinjaThreads.html</guid>
<description></description>
</item>
<item>
<title>Much Ado About Two</title>
<link>/entries/MuchAdoAboutTwo.html</link>
<pubDate>Tue, 06 Nov 2007 00:00:00 +0000</pubDate>
<guid>/entries/MuchAdoAboutTwo.html</guid>
<description></description>
</item>
<item>
<title>Fermat&#39;s Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples</title>
<link>/entries/Fermat3_4.html</link>
<pubDate>Sun, 12 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/Fermat3_4.html</guid>
<description></description>
</item>
<item>
<title>Sums of Two and Four Squares</title>
<link>/entries/SumSquares.html</link>
<pubDate>Sun, 12 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/SumSquares.html</guid>
<description></description>
</item>
<item>
<title>Fundamental Properties of Valuation Theory and Hensel&#39;s Lemma</title>
<link>/entries/Valuation.html</link>
<pubDate>Wed, 08 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/Valuation.html</guid>
<description></description>
</item>
<item>
<title>First-Order Logic According to Fitting</title>
<link>/entries/FOL-Fitting.html</link>
<pubDate>Thu, 02 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/FOL-Fitting.html</guid>
<description></description>
</item>
<item>
<title>POPLmark Challenge Via de Bruijn Indices</title>
<link>/entries/POPLmark-deBruijn.html</link>
<pubDate>Thu, 02 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/POPLmark-deBruijn.html</guid>
<description></description>
</item>
<item>
<title>Hotel Key Card System</title>
<link>/entries/HotelKeyCards.html</link>
<pubDate>Sat, 09 Sep 2006 00:00:00 +0000</pubDate>
<guid>/entries/HotelKeyCards.html</guid>
<description></description>
</item>
<item>
<title>Abstract Hoare Logics</title>
<link>/entries/Abstract-Hoare-Logics.html</link>
<pubDate>Tue, 08 Aug 2006 00:00:00 +0000</pubDate>
<guid>/entries/Abstract-Hoare-Logics.html</guid>
<description></description>
</item>
<item>
<title>Flyspeck I: Tame Graphs</title>
<link>/entries/Flyspeck-Tame.html</link>
<pubDate>Mon, 22 May 2006 00:00:00 +0000</pubDate>
<guid>/entries/Flyspeck-Tame.html</guid>
<description></description>
</item>
<item>
<title>CoreC&#43;&#43;</title>
<link>/entries/CoreC&#43;&#43;.html</link>
<pubDate>Mon, 15 May 2006 00:00:00 +0000</pubDate>
<guid>/entries/CoreC&#43;&#43;.html</guid>
<description></description>
</item>
<item>
<title>A Theory of Featherweight Java in Isabelle/HOL</title>
<link>/entries/FeatherweightJava.html</link>
<pubDate>Fri, 31 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/FeatherweightJava.html</guid>
<description></description>
</item>
<item>
<title>Instances of Schneider&#39;s generalized protocol of clock synchronization</title>
<link>/entries/ClockSynchInst.html</link>
<pubDate>Wed, 15 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/ClockSynchInst.html</guid>
<description></description>
</item>
<item>
<title>Cauchy&#39;s Mean Theorem and the Cauchy-Schwarz Inequality</title>
<link>/entries/Cauchy.html</link>
<pubDate>Tue, 14 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/Cauchy.html</guid>
<description></description>
</item>
<item>
<title>Countable Ordinals</title>
<link>/entries/Ordinal.html</link>
<pubDate>Fri, 11 Nov 2005 00:00:00 +0000</pubDate>
<guid>/entries/Ordinal.html</guid>
<description></description>
</item>
<item>
<title>Fast Fourier Transform</title>
<link>/entries/FFT.html</link>
<pubDate>Wed, 12 Oct 2005 00:00:00 +0000</pubDate>
<guid>/entries/FFT.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Generalized Protocol for Clock Synchronization</title>
<link>/entries/GenClock.html</link>
<pubDate>Fri, 24 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/GenClock.html</guid>
<description></description>
</item>
<item>
<title>Proving the Correctness of Disk Paxos</title>
<link>/entries/DiskPaxos.html</link>
<pubDate>Wed, 22 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/DiskPaxos.html</guid>
<description></description>
</item>
<item>
<title>Jive Data and Store Model</title>
<link>/entries/JiveDataStoreModel.html</link>
<pubDate>Mon, 20 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/JiveDataStoreModel.html</guid>
<description></description>
</item>
<item>
<title>Jinja is not Java</title>
<link>/entries/Jinja.html</link>
<pubDate>Wed, 01 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/Jinja.html</guid>
<description></description>
</item>
<item>
<title>SHA1, RSA, PSS and more</title>
<link>/entries/RSAPSS.html</link>
<pubDate>Mon, 02 May 2005 00:00:00 +0000</pubDate>
<guid>/entries/RSAPSS.html</guid>
<description></description>
</item>
<item>
<title>Category Theory to Yoneda&#39;s Lemma</title>
<link>/entries/Category.html</link>
<pubDate>Thu, 21 Apr 2005 00:00:00 +0000</pubDate>
<guid>/entries/Category.html</guid>
<description></description>
</item>
<item>
<title>File Refinement</title>
<link>/entries/FileRefinement.html</link>
<pubDate>Thu, 09 Dec 2004 00:00:00 +0000</pubDate>
<guid>/entries/FileRefinement.html</guid>
<description></description>
</item>
<item>
<title>Integration theory and random variables</title>
<link>/entries/Integration.html</link>
<pubDate>Fri, 19 Nov 2004 00:00:00 +0000</pubDate>
<guid>/entries/Integration.html</guid>
<description></description>
</item>
<item>
<title>A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic</title>
<link>/entries/Verified-Prover.html</link>
<pubDate>Tue, 28 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Verified-Prover.html</guid>
<description></description>
</item>
<item>
<title>Completeness theorem</title>
<link>/entries/Completeness.html</link>
<pubDate>Mon, 20 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Completeness.html</guid>
<description></description>
</item>
<item>
<title>Ramsey&#39;s theorem, infinitary version</title>
<link>/entries/Ramsey-Infinite.html</link>
<pubDate>Mon, 20 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Ramsey-Infinite.html</guid>
<description></description>
</item>
<item>
<title>Compiling Exceptions Correctly</title>
<link>/entries/Compiling-Exceptions-Correctly.html</link>
<pubDate>Fri, 09 Jul 2004 00:00:00 +0000</pubDate>
<guid>/entries/Compiling-Exceptions-Correctly.html</guid>
<description></description>
</item>
<item>
<title>Depth First Search</title>
<link>/entries/Depth-First-Search.html</link>
<pubDate>Thu, 24 Jun 2004 00:00:00 +0000</pubDate>
<guid>/entries/Depth-First-Search.html</guid>
<description></description>
</item>
<item>
<title>Groups, Rings and Modules</title>
<link>/entries/Group-Ring-Module.html</link>
<pubDate>Tue, 18 May 2004 00:00:00 +0000</pubDate>
<guid>/entries/Group-Ring-Module.html</guid>
<description></description>
</item>
<item>
<title>Lazy Lists II</title>
<link>/entries/Lazy-Lists-II.html</link>
<pubDate>Mon, 26 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/Lazy-Lists-II.html</guid>
<description></description>
</item>
<item>
<title>Topology</title>
<link>/entries/Topology.html</link>
<pubDate>Mon, 26 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/Topology.html</guid>
<description></description>
</item>
<item>
<title>Binary Search Trees</title>
<link>/entries/BinarySearchTree.html</link>
<pubDate>Mon, 05 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/BinarySearchTree.html</guid>
<description></description>
</item>
<item>
<title>Functional Automata</title>
<link>/entries/Functional-Automata.html</link>
<pubDate>Tue, 30 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/Functional-Automata.html</guid>
<description></description>
</item>
<item>
<title>AVL Trees</title>
<link>/entries/AVL-Trees.html</link>
<pubDate>Fri, 19 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/AVL-Trees.html</guid>
<description></description>
</item>
<item>
<title>Mini ML</title>
<link>/entries/MiniML.html</link>
<pubDate>Fri, 19 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/MiniML.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/index.html b/web/index.html
--- a/web/index.html
+++ b/web/index.html
@@ -1,5774 +1,5782 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="generator" content="Hugo 0.88.1" />
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="./index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content=""/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="./css/front.min.css">
<link rel="icon" href="./images/favicon.ico" type="image/icon"><script src="./js/obfuscate.js"></script>
<script src="./js/flexsearch.bundle.js"></script>
<script src="./js/scroll-spy.js"></script>
<script src="./js/theory.js"></script>
<script src="./js/util.js"></script><script src="./js/header-search.js"></script><script src="./js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="./images/menu.svg" alt="Menu" />
</label>
<a href="./" class='logo-link'>
<img src="./images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<nav id="menu">
<div>
<a href="./" class='logo-link'>
<img src="./images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="./"><li class="active" >Home</li></a>
<a href="./topics/"><li >Topics</li></a>
<a href="./download/"><li >Download</li></a>
<a href="./help/"><li >Help</li></a>
<a href="./submission/"><li >Submission</li></a>
<a href="./statistics/"><li >Statistics</li></a>
<a href="./about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<h1 class="large-top-margin" >
<span class='first'>A</span>rchive of <span class='first'>F</span>ormal <span class='first'>P</span>roofs</h1>
<div>
</div>
</header><div><p>
The Archive of Formal Proofs is a collection of proof libraries, examples, and larger scientific developments,
mechanically checked in the theorem prover <a href="https://isabelle.in.tum.de/">Isabelle</a>.
It is organized in the way of a scientific journal,
is indexed by <a href="https://dblp.uni-trier.de/db/journals/afp/">dblp</a>
and has an ISSN: 2150-914x.
Submissions are refereed and we encourage companion AFP submissions to conference and journal publications.
To cite an entry, please use the <a href="./help/#citing-entries">preferred citation style</a>.
</p><p>
A <a href="https://devel.isa-afp.org/">development version</a> of the archive is available as well.
</p><form autocomplete="off" action="./search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button">Search</button>
<datalist id="autocomplete">
</datalist>
</div>
</form><div>
<h2 class="year">2022</h2>
<article class="entry">
<div class="item-text">
+ <h5><a class="title" href="./entries/Query_Optimization.html">Verification of Query Optimization Algorithms</a></h5> <br>
+ by <a href="./authors/stevens">Lukas Stevens</a> and <a href="./authors/stoeckl">Bernhard Stöckl</a></div>
+ <span class="date">
+ Oct 04
+ </span>
+ </article>
+ <article class="entry">
+ <div class="item-text">
<h5><a class="title" href="./entries/Undirected_Graph_Theory.html">Undirected Graph Theory</a></h5> <br>
by <a href="./authors/edmonds">Chelsea Edmonds</a></div>
<span class="date">
Sep 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Maximum_Segment_Sum.html">Maximum Segment Sum</a></h5> <br>
by <a href="./authors/cremer">Nils Cremer</a></div>
<span class="date">
Sep 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Safe_Range_RC.html">Making Arbitrary Relational Calculus Queries Safe-Range</a></h5> <br>
by <a href="./authors/raszyk">Martin Raszyk</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stalnaker_Logic.html">Stalnaker&#39;s Epistemic Logic</a></h5> <br>
by <a href="./authors/guzman">Laura P. Gamboa Guzman</a></div>
<span class="date">
Sep 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Padic_Field.html">p-adic Fields and p-adic Semialgebraic Sets</a></h5> <br>
by <a href="./authors/crighton">Aaron Crighton</a></div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Risk_Free_Lending.html">Risk-Free Lending</a></h5> <br>
by <a href="./authors/doty">Matthew Doty</a></div>
<span class="date">
Sep 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Implicational_Logic.html">Soundness and Completeness of Implicational Logic</a></h5> <br>
by <a href="./authors/from">Asta Halkjær From</a> and <a href="./authors/villadsen">Jørgen Villadsen</a></div>
<span class="date">
Sep 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CRYSTALS-Kyber.html">CRYSTALS-Kyber</a></h5> <br>
by <a href="./authors/kreuzer">Katharina Kreuzer</a></div>
<span class="date">
Sep 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Separation_Logic_Unbounded.html">Unbounded Separation Logic</a></h5> <br>
by <a href="./authors/dardinier">Thibault Dardinier</a></div>
<span class="date">
Sep 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hales_Jewett.html">The Hales–Jewett Theorem</a></h5> <br>
by <a href="./authors/sulejmani">Ujkan Sulejmani</a>, <a href="./authors/eberl">Manuel Eberl</a> and <a href="./authors/kreuzer">Katharina Kreuzer</a></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Khovanskii_Theorem.html">Khovanskii&#39;s Theorem</a></h5> <br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Number_Theoretic_Transform.html">Number Theoretic Transform</a></h5> <br>
by <a href="./authors/ammer">Thomas Ammer</a> and <a href="./authors/kreuzer">Katharina Kreuzer</a></div>
<span class="date">
Aug 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SCC_Bloemen_Sequential.html">Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph</a></h5> <br>
by <a href="./authors/merz">Stephan Merz</a> and <a href="./authors/trelat">Vincent Trélat</a></div>
<span class="date">
Aug 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Involutions2Squares.html">From THE BOOK: Two Squares via Involutions</a></h5> <br>
by <a href="./authors/bortin">Maksym Bortin</a></div>
<span class="date">
Aug 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FSM_Tests.html">Verified Complete Test Strategies for Finite State Machines</a></h5> <br>
by <a href="./authors/sachtleben">Robert Sachtleben</a></div>
<span class="date">
Aug 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Nano_JSON.html">Nano JSON: Working with JSON formatted data in Isabelle/HOL and Isabelle/ML</a></h5> <br>
by <a href="./authors/brucker">Achim D. Brucker</a></div>
<span class="date">
Jul 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Commuting_Hermitian.html">Simultaneous diagonalization of pairwise commuting Hermitian matrices</a></h5> <br>
by <a href="./authors/echenim">Mnacho Echenim</a></div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Solidity.html">Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL</a></h5> <br>
by <a href="./authors/marmsoler">Diego Marmsoler</a> and <a href="./authors/brucker">Achim D. Brucker</a></div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Weighted_Arithmetic_Geometric_Mean.html">Pólya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IMP_Compiler_Reuse.html">A Reuse-Based Multi-Stage Compiler Verification for Language IMP</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Jul 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Real_Time_Deque.html">Real-Time Double-Ended Queue</a></h5> <br>
by <a href="./authors/toth">Balazs Toth</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Boolos_Curious_Inference.html">Boolos&#39;s Curious Inference in Isabelle/HOL</a></h5> <br>
by <a href="./authors/ketland">Jeffrey Ketland</a></div>
<span class="date">
Jun 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IsaNet.html">IsaNet: Formalization of a Verification Framework for Secure Data Plane Protocols</a></h5> <br>
by <a href="./authors/klenze">Tobias Klenze</a> and <a href="./authors/sprenger">Christoph Sprenger</a></div>
<span class="date">
Jun 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Finite_Fields.html">Finite Fields</a></h5> <br>
by <a href="./authors/karayel">Emin Karayel</a></div>
<span class="date">
Jun 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DPRM_Theorem.html">Diophantine Equations and the DPRM Theorem</a></h5> <br>
by <a href="./authors/bayer">Jonas Bayer</a>, <a href="./authors/david">Marco David</a>, <a href="./authors/stock">Benedikt Stock</a>, <a href="./authors/pal">Abhik Pal</a>, <a href="./authors/matiyasevich">Yuri Matiyasevich</a> and <a href="./authors/schleicher">Dierk Schleicher</a></div>
<span class="date">
Jun 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Rewrite_Properties_Reduction.html">Reducing Rewrite Properties to Properties on Ground Terms</a></h5> <br>
by <a href="./authors/lochmann">Alexander Lochmann</a></div>
<span class="date">
Jun 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Combinable_Wands.html">A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand</a></h5> <br>
by <a href="./authors/dardinier">Thibault Dardinier</a></div>
<span class="date">
May 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Pluennecke_Ruzsa_Inequality.html">The Plünnecke-Ruzsa Inequality</a></h5> <br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
May 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Package_logic.html">Formalization of a Framework for the Sound Automation of Magic Wands</a></h5> <br>
by <a href="./authors/dardinier">Thibault Dardinier</a></div>
<span class="date">
May 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Clique_and_Monotone_Circuits.html">Clique is not solvable by monotone circuits of polynomial size</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Fishers_Inequality.html">Fisher&#39;s Inequality: Linear Algebraic Proof Techniques for Combinatorics</a></h5> <br>
by <a href="./authors/edmonds">Chelsea Edmonds</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Apr 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Multiset_Ordering_NPC.html">The Generalized Multiset Ordering is NP-Complete</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/schmidinger">Lukas Schmidinger</a></div>
<span class="date">
Apr 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Digit_Expansions.html">Digit Expansions</a></h5> <br>
by <a href="./authors/bayer">Jonas Bayer</a>, <a href="./authors/david">Marco David</a>, <a href="./authors/pal">Abhik Pal</a> and <a href="./authors/stock">Benedikt Stock</a></div>
<span class="date">
Apr 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sophomores_Dream.html">The Sophomore&#39;s Dream</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Frequency_Moments.html">Formalization of Randomized Approximation Algorithms for Frequency Moments</a></h5> <br>
by <a href="./authors/karayel">Emin Karayel</a></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Prefix_Free_Code_Combinators.html">A Combinator Library for Prefix-Free Codes</a></h5> <br>
by <a href="./authors/karayel">Emin Karayel</a></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dedekind_Real.html">Constructing the Reals as Dedekind Cuts of Rationals</a></h5> <br>
by <a href="./authors/fleuriot">Jacques D. Fleuriot</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Mar 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ackermanns_not_PR.html">Ackermann&#39;s Function Is Not Primitive Recursive</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Mar 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FOL_Seq_Calc3.html">A Naive Prover for First-Order Logic</a></h5> <br>
by <a href="./authors/from">Asta Halkjær From</a></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Cotangent_PFD_Formula.html">A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Independence_CH.html">The Independence of the Continuum Hypothesis in Isabelle/ZF</a></h5> <br>
by <a href="./authors/gunther">Emmanuel Gunther</a>, <a href="./authors/pagano">Miguel Pagano</a>, <a href="./authors/terraf">Pedro Sánchez Terraf</a> and <a href="./authors/steinberg">Matías Steinberg</a></div>
<span class="date">
Mar 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Transitive_Models.html">Transitive Models of Fragments of ZFC</a></h5> <br>
by <a href="./authors/gunther">Emmanuel Gunther</a>, <a href="./authors/pagano">Miguel Pagano</a>, <a href="./authors/terraf">Pedro Sánchez Terraf</a> and <a href="./authors/steinberg">Matías Steinberg</a></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ResiduatedTransitionSystem.html">Residuated Transition Systems</a></h5> <br>
by <a href="./authors/stark">Eugene W. Stark</a></div>
<span class="date">
Feb 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Universal_Hash_Families.html">Universal Hash Families</a></h5> <br>
by <a href="./authors/karayel">Emin Karayel</a></div>
<span class="date">
Feb 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Wetzels_Problem.html">Wetzel&#39;s Problem and the Continuum Hypothesis</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Feb 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Eval_FO.html">First-Order Query Evaluation</a></h5> <br>
by <a href="./authors/raszyk">Martin Raszyk</a></div>
<span class="date">
Feb 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/VYDRA_MDL.html">Multi-Head Monitoring of Metric Dynamic Logic</a></h5> <br>
by <a href="./authors/raszyk">Martin Raszyk</a></div>
<span class="date">
Feb 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Equivalence_Relation_Enumeration.html">Enumeration of Equivalence Relations</a></h5> <br>
by <a href="./authors/karayel">Emin Karayel</a></div>
<span class="date">
Feb 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Quasi_Borel_Spaces.html">Quasi-Borel Spaces</a></h5> <br>
by <a href="./authors/hirata">Michikazu Hirata</a>, <a href="./authors/minamide">Yasuhiko Minamide</a> and <a href="./authors/sato">Tetsuya Sato</a></div>
<span class="date">
Feb 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LP_Duality.html">Duality of Linear Programming</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FO_Theory_Rewriting.html">First-Order Theory of Rewriting</a></h5> <br>
by <a href="./authors/lochmann">Alexander Lochmann</a> and <a href="./authors/felgenhauer">Bertram Felgenhauer</a></div>
<span class="date">
Feb 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Youngs_Inequality.html">Young&#39;s Inequality for Increasing Functions</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FOL_Seq_Calc2.html">A Sequent Calculus Prover for First-Order Logic with Functions</a></h5> <br>
by <a href="./authors/from">Asta Halkjær From</a> and <a href="./authors/jacobsen">Frederik Krogsdal Jacobsen</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Interpolation_Polynomials_HOL_Algebra.html">Interpolation Polynomials (in HOL-Algebra)</a></h5> <br>
by <a href="./authors/karayel">Emin Karayel</a></div>
<span class="date">
Jan 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Median_Method.html">Median Method</a></h5> <br>
by <a href="./authors/karayel">Emin Karayel</a></div>
<span class="date">
Jan 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Actuarial_Mathematics.html">Actuarial Mathematics</a></h5> <br>
by <a href="./authors/ito">Yosuke Ito</a></div>
<span class="date">
Jan 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Irrationals_From_THEBOOK.html">Irrational numbers from THE BOOK</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Jan 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Knights_Tour.html">Knight&#39;s Tour Revisited Revisited</a></h5> <br>
by <a href="./authors/koller">Lukas Koller</a></div>
<span class="date">
Jan 04
</span>
</article></div><div>
<h2 class="year">2021</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hyperdual.html">Hyperdual Numbers and Forward Differentiation</a></h5> <br>
by <a href="./authors/smola">Filip Smola</a> and <a href="./authors/fleuriot">Jacques D. Fleuriot</a></div>
<span class="date">
Dec 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gale_Shapley.html">Gale-Shapley Algorithm</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Dec 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Roth_Arithmetic_Progressions.html">Roth&#39;s Theorem on Arithmetic Progressions</a></h5> <br>
by <a href="./authors/edmonds">Chelsea Edmonds</a>, <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MDP-Algorithms.html">Verified Algorithms for Solving Markov Decision Processes</a></h5> <br>
by <a href="./authors/schaeffeler">Maximilian Schäffeler</a> and <a href="./authors/abdulaziz">Mohammad Abdulaziz</a></div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MDP-Rewards.html">Markov Decision Processes with Rewards</a></h5> <br>
by <a href="./authors/schaeffeler">Maximilian Schäffeler</a> and <a href="./authors/abdulaziz">Mohammad Abdulaziz</a></div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Regular_Tree_Relations.html">Regular Tree Relations</a></h5> <br>
by <a href="./authors/lochmann">Alexander Lochmann</a>, <a href="./authors/felgenhauer">Bertram Felgenhauer</a>, <a href="./authors/sternagel">Christian Sternagel</a>, <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/sternagelt">Thomas Sternagel</a></div>
<span class="date">
Dec 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Simplicial_complexes_and_boolean_functions.html">Simplicial Complexes and Boolean functions</a></h5> <br>
by <a href="./authors/aransay">Jesús Aransay</a>, <a href="./authors/campo">Alejandro del Campo</a> and <a href="./authors/michaelis">Julius Michaelis</a></div>
<span class="date">
Nov 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Van_Emde_Boas_Trees.html">van Emde Boas Trees</a></h5> <br>
by <a href="./authors/ammer">Thomas Ammer</a> and <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Foundation_of_geometry.html">Foundation of geometry in planes, and some complements: Excluding the parallel axioms</a></h5> <br>
by <a href="./authors/iwama">Fumiya Iwama</a></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hahn_Jordan_Decomposition.html">The Hahn and Jordan Decomposition Theorems</a></h5> <br>
by <a href="./authors/cousin">Marie Cousin</a>, <a href="./authors/echenim">Mnacho Echenim</a> and <a href="./authors/guiol">Hervé Guiol</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Real_Power.html">Real Exponents as the Limits of Sequences of Rational Exponents</a></h5> <br>
by <a href="./authors/fleuriot">Jacques D. Fleuriot</a></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Factor_Algebraic_Polynomial.html">Factorization of Polynomials with Algebraic Coefficients</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SimplifiedOntologicalArgument.html">Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL</a></h5> <br>
by <a href="./authors/benzmueller">Christoph Benzmüller</a></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PAL.html">Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL</a></h5> <br>
by <a href="./authors/benzmueller">Christoph Benzmüller</a> and <a href="./authors/reiche">Sebastian Reiche</a></div>
<span class="date">
Nov 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Szemeredi_Regularity.html">Szemerédi&#39;s Regularity Lemma</a></h5> <br>
by <a href="./authors/edmonds">Chelsea Edmonds</a>, <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Nov 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Registers.html">Quantum and Classical Registers</a></h5> <br>
by <a href="./authors/unruh">Dominique Unruh</a></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Belief_Revision.html">Belief Revision Theory</a></h5> <br>
by <a href="./authors/fouillard">Valentin Fouillard</a>, <a href="./authors/taha">Safouan Taha</a>, <a href="./authors/boulanger">Frédéric Boulanger</a> and <a href="./authors/sabouret">Nicolas Sabouret</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/X86_Semantics.html">X86 instruction semantics and basic block symbolic execution</a></h5> <br>
by <a href="./authors/verbeek">Freek Verbeek</a>, <a href="./authors/bharadwaj">Abhijith Bharadwaj</a>, <a href="./authors/bockenek">Joshua Bockenek</a>, <a href="./authors/roessle">Ian Roessle</a>, <a href="./authors/weerwag">Timmy Weerwag</a> and <a href="./authors/ravindran">Binoy Ravindran</a></div>
<span class="date">
Oct 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Correctness_Algebras.html">Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations</a></h5> <br>
by <a href="./authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Virtual_Substitution.html">Verified Quadratic Virtual Substitution for Real Arithmetic</a></h5> <br>
by <a href="./authors/scharager">Matias Scharager</a>, <a href="./authors/cordwell">Katherine Cordwell</a>, <a href="./authors/mitsch">Stefan Mitsch</a> and <a href="./authors/platzer">André Platzer</a></div>
<span class="date">
Oct 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FOL_Axiomatic.html">Soundness and Completeness of an Axiomatic System for First-Order Logic</a></h5> <br>
by <a href="./authors/from">Asta Halkjær From</a></div>
<span class="date">
Sep 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Complex_Bounded_Operators.html">Complex Bounded Operators</a></h5> <br>
by <a href="./authors/caballero">José Manuel Rodríguez Caballero</a> and <a href="./authors/unruh">Dominique Unruh</a></div>
<span class="date">
Sep 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Weighted_Path_Order.html">A Formalization of Weighted Path Orders and Recursive Path Orders</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a>, <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Intro_Dest_Elim.html">IDE: Introduction, Destruction, Elimination</a></h5> <br>
by <a href="./authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Types_To_Sets_Extension.html">Extension of Types-To-Sets</a></h5> <br>
by <a href="./authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Conditional_Transfer_Rule.html">Conditional Transfer Rule</a></h5> <br>
by <a href="./authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Conditional_Simplification.html">Conditional Simplification</a></h5> <br>
by <a href="./authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CZH_Universal_Constructions.html">Category Theory for ZFC in HOL III: Universal Constructions</a></h5> <br>
by <a href="./authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CZH_Elementary_Categories.html">Category Theory for ZFC in HOL II: Elementary Theory of 1-Categories</a></h5> <br>
by <a href="./authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CZH_Foundations.html">Category Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories</a></h5> <br>
by <a href="./authors/milehins">Mihails Milehins</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dominance_CHK.html">A data flow analysis algorithm for computing dominators</a></h5> <br>
by <a href="./authors/jiang">Nan Jiang</a></div>
<span class="date">
Sep 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Cubic_Quartic_Equations.html">Solving Cubic and Quartic Equations</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Sep 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Logging_Independent_Anonymity.html">Logging-independent Message Anonymity in the Relational Method</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Aug 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Three_Circles.html">The Theorem of Three Circles</a></h5> <br>
by <a href="./authors/thomson">Fox Thomson</a> and <a href="./authors/li">Wenda Li</a></div>
<span class="date">
Aug 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Fresh_Identifiers.html">Fresh identifiers</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/bauereiss">Thomas Bauereiss</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CoSMeDis.html">CoSMeDis: A confidentiality-verified distributed social media platform</a></h5> <br>
by <a href="./authors/bauereiss">Thomas Bauereiss</a> and <a href="./authors/popescu">Andrei Popescu</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CoSMed.html">CoSMed: A confidentiality-verified social media platform</a></h5> <br>
by <a href="./authors/bauereiss">Thomas Bauereiss</a> and <a href="./authors/popescu">Andrei Popescu</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BD_Security_Compositional.html">Compositional BD Security</a></h5> <br>
by <a href="./authors/bauereiss">Thomas Bauereiss</a> and <a href="./authors/popescu">Andrei Popescu</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CoCon.html">CoCon: A Confidentiality-Verified Conference Management System</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a>, <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/bauereiss">Thomas Bauereiss</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Design_Theory.html">Combinatorial Design Theory</a></h5> <br>
by <a href="./authors/edmonds">Chelsea Edmonds</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Aug 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Relational_Forests.html">Relational Forests</a></h5> <br>
by <a href="./authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Aug 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Schutz_Spacetime.html">Schutz&#39; Independent Axioms for Minkowski Spacetime</a></h5> <br>
by <a href="./authors/schmoetten">Richard Schmoetten</a>, <a href="./authors/palmer">Jake Palmer</a> and <a href="./authors/fleuriot">Jacques D. Fleuriot</a></div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Finitely_Generated_Abelian_Groups.html">Finitely Generated Abelian Groups</a></h5> <br>
by <a href="./authors/thommes">Joseph Thommes</a> and <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SpecCheck.html">SpecCheck - Specification-Based Testing for Isabelle/ML</a></h5> <br>
by <a href="./authors/kappelmann">Kevin Kappelmann</a>, <a href="./authors/bulwahn">Lukas Bulwahn</a> and <a href="./authors/willenbrink">Sebastian Willenbrink</a></div>
<span class="date">
Jul 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Van_der_Waerden.html">Van der Waerden&#39;s Theorem</a></h5> <br>
by <a href="./authors/kreuzer">Katharina Kreuzer</a> and <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jun 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MiniSail.html">MiniSail - A kernel language for the ISA specification language SAIL</a></h5> <br>
by <a href="./authors/wassell">Mark Wassell</a></div>
<span class="date">
Jun 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Public_Announcement_Logic.html">Public Announcement Logic</a></h5> <br>
by <a href="./authors/from">Asta Halkjær From</a></div>
<span class="date">
Jun 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IMP_Compiler.html">A Shorter Compiler Correctness Proof for Language IMP</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Jun 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Combinatorics_Words_Lyndon.html">Lyndon words</a></h5> <br>
by <a href="./authors/holub">Štěpán Holub</a> and <a href="./authors/starosta">Štěpán Starosta</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Combinatorics_Words_Graph_Lemma.html">Graph Lemma</a></h5> <br>
by <a href="./authors/holub">Štěpán Holub</a> and <a href="./authors/starosta">Štěpán Starosta</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Combinatorics_Words.html">Combinatorics on Words Basics</a></h5> <br>
by <a href="./authors/holub">Štěpán Holub</a>, <a href="./authors/raska">Martin Raška</a> and <a href="./authors/starosta">Štěpán Starosta</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Regression_Test_Selection.html">Regression Test Selection</a></h5> <br>
by <a href="./authors/mansky">Susannah Mansky</a></div>
<span class="date">
Apr 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lifting_the_Exponent.html">Lifting the Exponent</a></h5> <br>
by <a href="./authors/kadzioka">Maya Kądziołka</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Metalogic_ProofChecker.html">Isabelle&#39;s Metalogic: Formalization and Proof Checker</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a> and <a href="./authors/rosskopf">Simon Roßkopf</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BenOr_Kozen_Reif.html">The BKR Decision Procedure for Univariate Real Arithmetic</a></h5> <br>
by <a href="./authors/cordwell">Katherine Cordwell</a>, <a href="./authors/tan">Yong Kiam Tan</a> and <a href="./authors/platzer">André Platzer</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/GaleStewart_Games.html">Gale-Stewart Games</a></h5> <br>
by <a href="./authors/joosten">Sebastiaan J. C. Joosten</a></div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Progress_Tracking.html">Formalization of Timely Dataflow&#39;s Progress Tracking Protocol</a></h5> <br>
by <a href="./authors/brun">Matthias Brun</a>, <a href="./authors/decova">Sára Decova</a>, <a href="./authors/lattuada">Andrea Lattuada</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IFC_Tracking.html">Information Flow Control via Dependency Tracking</a></h5> <br>
by <a href="./authors/nordhoff">Benedikt Nordhoff</a></div>
<span class="date">
Apr 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Grothendieck_Schemes.html">Grothendieck&#39;s Schemes in Algebraic Geometry</a></h5> <br>
by <a href="./authors/bordg">Anthony Bordg</a>, <a href="./authors/paulson">Lawrence C. Paulson</a> and <a href="./authors/li">Wenda Li</a></div>
<span class="date">
Mar 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Padic_Ints.html">Hensel&#39;s Lemma for the p-adic Integers</a></h5> <br>
by <a href="./authors/crighton">Aaron Crighton</a></div>
<span class="date">
Mar 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Constructive_Cryptography_CM.html">Constructive Cryptography in HOL: the Communication Modeling Aspect</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Mar 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Modular_arithmetic_LLL_and_HNF_algorithms.html">Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation</a></h5> <br>
by <a href="./authors/bottesch">Ralph Bottesch</a>, <a href="./authors/divason">Jose Divasón</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hermite_Lindemann.html">The Hermite–Lindemann–Weierstraß Transcendence Theorem</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Projective_Measurements.html">Quantum projective measurements and the CHSH inequality</a></h5> <br>
by <a href="./authors/echenim">Mnacho Echenim</a></div>
<span class="date">
Mar 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Mereology.html">Mereology</a></h5> <br>
by <a href="./authors/blumson">Ben Blumson</a></div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sunflowers.html">The Sunflower Lemma of Erdős and Rado</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BTree.html">A Verified Imperative Implementation of B-Trees</a></h5> <br>
by <a href="./authors/muendler">Niels Mündler</a></div>
<span class="date">
Feb 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Formal_Puiseux_Series.html">Formal Puiseux Series</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Laws_of_Large_Numbers.html">The Laws of Large Numbers</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IsaGeoCoq.html">Tarski&#39;s Parallel Postulate implies the 5th Postulate of Euclid, the Postulate of Playfair and the original Parallel Postulate of Euclid</a></h5> <br>
by <a href="./authors/coghetto">Roland Coghetto</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Blue_Eyes.html">Solution to the xkcd Blue Eyes puzzle</a></h5> <br>
by <a href="./authors/kadzioka">Maya Kądziołka</a></div>
<span class="date">
Jan 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hood_Melville_Queue.html">Hood-Melville Queue</a></h5> <br>
by <a href="./authors/londono">Alejandro Gómez-Londoño</a></div>
<span class="date">
Jan 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/JinjaDCI.html">JinjaDCI: a Java semantics with dynamic class initialization</a></h5> <br>
by <a href="./authors/mansky">Susannah Mansky</a></div>
<span class="date">
Jan 11
</span>
</article></div><div>
<h2 class="year">2020</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Delta_System_Lemma.html">Cofinality and the Delta System Lemma</a></h5> <br>
by <a href="./authors/terraf">Pedro Sánchez Terraf</a></div>
<span class="date">
Dec 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Topological_Semantics.html">Topological semantics for paraconsistent and paracomplete logics</a></h5> <br>
by <a href="./authors/fuenmayor">David Fuenmayor</a></div>
<span class="date">
Dec 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Relational_Minimum_Spanning_Trees.html">Relational Minimum Spanning Tree Algorithms</a></h5> <br>
by <a href="./authors/guttmann">Walter Guttmann</a> and <a href="./authors/brien">Nicolas Robinson-O&rsquo;Brien</a></div>
<span class="date">
Dec 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Interpreter_Optimizations.html">Inline Caching and Unboxing Optimization for Interpreters</a></h5> <br>
by <a href="./authors/desharnais">Martin Desharnais</a></div>
<span class="date">
Dec 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Relational_Method.html">The Relational Method with Message Anonymity for the Verification of Cryptographic Protocols</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Dec 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Isabelle_Marries_Dirac.html">Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information</a></h5> <br>
by <a href="./authors/bordg">Anthony Bordg</a>, <a href="./authors/lachnitt">Hanna Lachnitt</a> and <a href="./authors/he">Yijun He</a></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CSP_RefTK.html">The HOL-CSP Refinement Toolkit</a></h5> <br>
by <a href="./authors/taha">Safouan Taha</a>, <a href="./authors/wolff">Burkhart Wolff</a> and <a href="./authors/ye">Lina Ye</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Verified_SAT_Based_AI_Planning.html">Verified SAT-Based AI Planning</a></h5> <br>
by <a href="./authors/abdulaziz">Mohammad Abdulaziz</a> and <a href="./authors/kurz">Friedrich Kurz</a></div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AI_Planning_Languages_Semantics.html">AI Planning Languages Semantics</a></h5> <br>
by <a href="./authors/abdulaziz">Mohammad Abdulaziz</a> and <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Physical_Quantities.html">A Sound Type System for Physical Quantities, Units, and Measurements</a></h5> <br>
by <a href="./authors/fosters">Simon Foster</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Oct 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Finite-Map-Extras.html">Finite Map Extras</a></h5> <br>
by <a href="./authors/diaz">Javier Díaz</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Core_SC_DOM.html">The Safely Composable DOM</a></h5> <br>
by <a href="./authors/brucker">Achim D. Brucker</a> and <a href="./authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DOM_Components.html">A Formalization of Web Components</a></h5> <br>
by <a href="./authors/brucker">Achim D. Brucker</a> and <a href="./authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SC_DOM_Components.html">A Formalization of Safely Composable Web Components</a></h5> <br>
by <a href="./authors/brucker">Achim D. Brucker</a> and <a href="./authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Shadow_SC_DOM.html">A Formal Model of the Safely Composable Document Object Model with Shadow Roots</a></h5> <br>
by <a href="./authors/brucker">Achim D. Brucker</a> and <a href="./authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Shadow_DOM.html">A Formal Model of the Document Object Model with Shadow Roots</a></h5> <br>
by <a href="./authors/brucker">Achim D. Brucker</a> and <a href="./authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Syntax_Independent_Logic.html">Syntax-Independent Logic Infrastructure</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Robinson_Arithmetic.html">Robinson Arithmetic</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Goedel_HFSet_Semanticless.html">From Abstract to Concrete Gödel&#39;s Incompleteness Theorems—Part II</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Goedel_HFSet_Semantic.html">From Abstract to Concrete Gödel&#39;s Incompleteness Theorems—Part I</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Goedel_Incompleteness.html">An Abstract Formalization of Gödel&#39;s Incompleteness Theorems</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Extended_Finite_State_Machine_Inference.html">Inference of Extended Finite State Machines</a></h5> <br>
by <a href="./authors/foster">Michael Foster</a>, <a href="./authors/brucker">Achim D. Brucker</a>, <a href="./authors/taylor">Ramsay G. Taylor</a> and <a href="./authors/derrick">John Derrick</a></div>
<span class="date">
Sep 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Extended_Finite_State_Machines.html">A Formal Model of Extended Finite State Machines</a></h5> <br>
by <a href="./authors/foster">Michael Foster</a>, <a href="./authors/brucker">Achim D. Brucker</a>, <a href="./authors/taylor">Ramsay G. Taylor</a> and <a href="./authors/derrick">John Derrick</a></div>
<span class="date">
Sep 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Inductive_Inference.html">Some classical results in inductive inference of recursive functions</a></h5> <br>
by <a href="./authors/balbach">Frank J. Balbach</a></div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PAC_Checker.html">Practical Algebraic Calculus Checker</a></h5> <br>
by <a href="./authors/fleury">Mathias Fleury</a> and <a href="./authors/kaufmann">Daniela Kaufmann</a></div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Relational_Disjoint_Set_Forests.html">Relational Disjoint-Set Forests</a></h5> <br>
by <a href="./authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Aug 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BirdKMP.html">Putting the `K&#39; into Bird&#39;s derivation of Knuth-Morris-Pratt string matching</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a></div>
<span class="date">
Aug 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Saturation_Framework_Extensions.html">Extensions to the Comprehensive Framework for Saturation Theorem Proving</a></h5> <br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a> and <a href="./authors/tourret">Sophie Tourret</a></div>
<span class="date">
Aug 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Amicable_Numbers.html">Amicable Numbers</a></h5> <br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a></div>
<span class="date">
Aug 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ordinal_Partitions.html">Ordinal Partitions</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Aug 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Chandy_Lamport.html">A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm</a></h5> <br>
by <a href="./authors/fiedler">Ben Fiedler</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Relational_Paths.html">Relational Characterisations of Paths</a></h5> <br>
by <a href="./authors/guttmann">Walter Guttmann</a> and <a href="./authors/hoefner">Peter Höfner</a></div>
<span class="date">
Jul 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Safe_Distance.html">A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles</a></h5> <br>
by <a href="./authors/rizaldi">Albert Rizaldi</a> and <a href="./authors/immler">Fabian Immler</a></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Smith_Normal_Form.html">A verified algorithm for computing the Smith normal form of a matrix</a></h5> <br>
by <a href="./authors/divason">Jose Divasón</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Nash_Williams.html">The Nash-Williams Partition Theorem</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
May 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Knuth_Bendix_Order.html">A Formalization of Knuth–Bendix Orders</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
May 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Irrational_Series_Erdos_Straus.html">Irrationality Criteria for Series by Erdős and Straus</a></h5> <br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="./authors/li">Wenda Li</a></div>
<span class="date">
May 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Recursion-Addition.html">Recursion Theorem in ZF</a></h5> <br>
by <a href="./authors/dunaev">Georgy Dunaev</a></div>
<span class="date">
May 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LTL_Normal_Form.html">An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation</a></h5> <br>
by <a href="./authors/sickert">Salomon Sickert</a></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Forcing.html">Formalization of Forcing in Isabelle/ZF</a></h5> <br>
by <a href="./authors/gunther">Emmanuel Gunther</a>, <a href="./authors/pagano">Miguel Pagano</a> and <a href="./authors/terraf">Pedro Sánchez Terraf</a></div>
<span class="date">
May 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Banach_Steinhaus.html">Banach-Steinhaus Theorem</a></h5> <br>
by <a href="./authors/unruh">Dominique Unruh</a> and <a href="./authors/caballero">José Manuel Rodríguez Caballero</a></div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Attack_Trees.html">Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems</a></h5> <br>
by <a href="./authors/kammueller">Florian Kammüller</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lambert_W.html">The Lambert W Function on the Reals</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Power_Sum_Polynomials.html">Power Sum Polynomials</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gaussian_Integers.html">Gaussian Integers</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Matrices_for_ODEs.html">Matrices for ODEs</a></h5> <br>
by <a href="./authors/munive">Jonathan Julian Huerta y Munive</a></div>
<span class="date">
Apr 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ADS_Functor.html">Authenticated Data Structures As Functors</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/maric">Ognjen Marić</a></div>
<span class="date">
Apr 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sliding_Window_Algorithm.html">Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows</a></h5> <br>
by <a href="./authors/heimes">Lukas Heimes</a>, <a href="./authors/traytel">Dmitriy Traytel</a> and <a href="./authors/schneider">Joshua Schneider</a></div>
<span class="date">
Apr 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MFODL_Monitor_Optimized.html">Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</a></h5> <br>
by <a href="./authors/dardinier">Thibault Dardinier</a>, <a href="./authors/heimes">Lukas Heimes</a>, <a href="./authors/raszyk">Martin Raszyk</a>, <a href="./authors/schneider">Joshua Schneider</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Apr 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Saturation_Framework.html">A Comprehensive Framework for Saturation Theorem Proving</a></h5> <br>
by <a href="./authors/tourret">Sophie Tourret</a></div>
<span class="date">
Apr 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stateful_Protocol_Composition_and_Typing.html">Stateful Protocol Composition and Typing</a></h5> <br>
by <a href="./authors/hess">Andreas V. Hess</a>, <a href="./authors/moedersheim">Sebastian Mödersheim</a> and <a href="./authors/brucker">Achim D. Brucker</a></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Automated_Stateful_Protocol_Verification.html">Automated Stateful Protocol Verification</a></h5> <br>
by <a href="./authors/hess">Andreas V. Hess</a>, <a href="./authors/moedersheim">Sebastian Mödersheim</a>, <a href="./authors/brucker">Achim D. Brucker</a> and <a href="./authors/schlichtkrull">Anders Schlichtkrull</a></div>
<span class="date">
Apr 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lucas_Theorem.html">Lucas&#39;s Theorem</a></h5> <br>
by <a href="./authors/edmonds">Chelsea Edmonds</a></div>
<span class="date">
Apr 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/WOOT_Strong_Eventual_Consistency.html">Strong Eventual Consistency of the Collaborative Editing Framework WOOT</a></h5> <br>
by <a href="./authors/karayel">Emin Karayel</a> and <a href="./authors/gonzalez">Edgar Gonzàlez</a></div>
<span class="date">
Mar 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Furstenberg_Topology.html">Furstenberg&#39;s topology and his proof of the infinitude of primes</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Relational-Incorrectness-Logic.html">An Under-Approximate Relational Logic</a></h5> <br>
by <a href="./authors/murray">Toby Murray</a></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hello_World.html">Hello World</a></h5> <br>
by <a href="./authors/diekmann">Cornelius Diekmann</a> and <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
Mar 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Goodstein_Lambda.html">Implementing the Goodstein Function in λ-Calculus</a></h5> <br>
by <a href="./authors/felgenhauer">Bertram Felgenhauer</a></div>
<span class="date">
Feb 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/VeriComp.html">A Generic Framework for Verified Compilers</a></h5> <br>
by <a href="./authors/desharnais">Martin Desharnais</a></div>
<span class="date">
Feb 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Arith_Prog_Rel_Primes.html">Arithmetic progressions and relative primes</a></h5> <br>
by <a href="./authors/caballero">José Manuel Rodríguez Caballero</a></div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Subset_Boolean_Algebras.html">A Hierarchy of Algebras for Boolean Subsets</a></h5> <br>
by <a href="./authors/guttmann">Walter Guttmann</a> and <a href="./authors/moeller">Bernhard Möller</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Mersenne_Primes.html">Mersenne primes and the Lucas–Lehmer test</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Approximation_Algorithms.html">Verified Approximation Algorithms</a></h5> <br>
by <a href="./authors/essmann">Robin Eßmann</a>, <a href="./authors/nipkow">Tobias Nipkow</a>, <a href="./authors/robillard">Simon Robillard</a> and <a href="./authors/sulejmani">Ujkan Sulejmani</a></div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Closest_Pair_Points.html">Closest Pair of Points Algorithms</a></h5> <br>
by <a href="./authors/rau">Martin Rau</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jan 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Skip_Lists.html">Skip Lists</a></h5> <br>
by <a href="./authors/haslbeck">Max W. Haslbeck</a> and <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Bicategory.html">Bicategories</a></h5> <br>
by <a href="./authors/stark">Eugene W. Stark</a></div>
<span class="date">
Jan 06
</span>
</article></div><div>
<h2 class="year">2019</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Zeta_3_Irrational.html">The Irrationality of ζ(3)</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hybrid_Logic.html">Formalizing a Seligman-Style Tableau System for Hybrid Logic</a></h5> <br>
by <a href="./authors/from">Asta Halkjær From</a></div>
<span class="date">
Dec 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Poincare_Bendixson.html">The Poincaré-Bendixson Theorem</a></h5> <br>
by <a href="./authors/immler">Fabian Immler</a> and <a href="./authors/tan">Yong Kiam Tan</a></div>
<span class="date">
Dec 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Poincare_Disc.html">Poincaré Disc Model</a></h5> <br>
by <a href="./authors/simic">Danijela Simić</a>, <a href="./authors/maricf">Filip Marić</a> and <a href="./authors/boutry">Pierre Boutry</a></div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Complex_Geometry.html">Complex Geometry</a></h5> <br>
by <a href="./authors/maricf">Filip Marić</a> and <a href="./authors/simic">Danijela Simić</a></div>
<span class="date">
Dec 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gauss_Sums.html">Gauss Sums and the Pólya–Vinogradov Inequality</a></h5> <br>
by <a href="./authors/raya">Rodrigo Raya</a> and <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Generalized_Counting_Sort.html">An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Dec 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Interval_Arithmetic_Word32.html">Interval Arithmetic on 32-bit Words</a></h5> <br>
by <a href="./authors/bohrer">Rose Bohrer</a></div>
<span class="date">
Nov 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ZFC_in_HOL.html">Zermelo Fraenkel Set Theory in Higher-Order Logic</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Oct 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Isabelle_C.html">Isabelle/C</a></h5> <br>
by <a href="./authors/tuong">Frédéric Tuong</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Oct 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/VerifyThis2019.html">VerifyThis 2019 -- Polished Isabelle Solutions</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/wimmer">Simon Wimmer</a></div>
<span class="date">
Oct 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Aristotles_Assertoric_Syllogistic.html">Aristotle&#39;s Assertoric Syllogistic</a></h5> <br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a></div>
<span class="date">
Oct 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sigma_Commit_Crypto.html">Sigma Protocols and Commitment Schemes</a></h5> <br>
by <a href="./authors/butler">David Butler</a> and <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Oct 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Clean.html">Clean - An Abstract Imperative Programming Language and its Theory</a></h5> <br>
by <a href="./authors/tuong">Frédéric Tuong</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Oct 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Generic_Join.html">Formalization of Multiway-Join Algorithms</a></h5> <br>
by <a href="./authors/dardinier">Thibault Dardinier</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hybrid_Systems_VCs.html">Verification Components for Hybrid Systems</a></h5> <br>
by <a href="./authors/munive">Jonathan Julian Huerta y Munive</a></div>
<span class="date">
Sep 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Fourier.html">Fourier Series</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Jacobson_Basic_Algebra.html">A Case Study in Basic Algebra</a></h5> <br>
by <a href="./authors/ballarin">Clemens Ballarin</a></div>
<span class="date">
Aug 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Adaptive_State_Counting.html">Formalisation of an Adaptive State Counting Algorithm</a></h5> <br>
by <a href="./authors/sachtleben">Robert Sachtleben</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Laplace_Transform.html">Laplace Transform</a></h5> <br>
by <a href="./authors/immler">Fabian Immler</a></div>
<span class="date">
Aug 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Linear_Programming.html">Linear Programming</a></h5> <br>
by <a href="./authors/parsert">Julian Parsert</a> and <a href="./authors/kaliszyk">Cezary Kaliszyk</a></div>
<span class="date">
Aug 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/C2KA_DistributedSystems.html">Communicating Concurrent Kleene Algebra for Distributed Systems Specification</a></h5> <br>
by <a href="./authors/buyse">Maxime Buyse</a> and <a href="./authors/jaskolka">Jason Jaskolka</a></div>
<span class="date">
Aug 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IMO2019.html">Selected Problems from the International Mathematical Olympiad 2019</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Aug 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stellar_Quorums.html">Stellar Quorum Systems</a></h5> <br>
by <a href="./authors/losa">Giuliano Losa</a></div>
<span class="date">
Aug 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/TESL_Language.html">A Formal Development of a Polychronous Polytimed Coordination Language</a></h5> <br>
by <a href="./authors/van">Hai Nguyen Van</a>, <a href="./authors/boulanger">Frédéric Boulanger</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Jul 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Szpilrajn.html">Order Extension and Szpilrajn&#39;s Extension Theorem</a></h5> <br>
by <a href="./authors/zeller">Peter Zeller</a> and <a href="./authors/stevens">Lukas Stevens</a></div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FOL_Seq_Calc1.html">A Sequent Calculus for First-Order Logic</a></h5> <br>
by <a href="./authors/from">Asta Halkjær From</a></div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CakeML_Codegen.html">A Verified Code Generator from Isabelle/HOL to CakeML</a></h5> <br>
by <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
Jul 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MFOTL_Monitor.html">Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</a></h5> <br>
by <a href="./authors/schneider">Joshua Schneider</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Jul 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Complete_Non_Orders.html">Complete Non-Orders and Fixed Points</a></h5> <br>
by <a href="./authors/yamada">Akihisa Yamada</a> and <a href="./authors/dubut">Jérémy Dubut</a></div>
<span class="date">
Jun 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Prim_Dijkstra_Simple.html">Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Priority_Search_Trees.html">Priority Search Trees</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Linear_Inequalities.html">Linear Inequalities</a></h5> <br>
by <a href="./authors/bottesch">Ralph Bottesch</a>, <a href="./authors/reynaud">Alban Reynaud</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Jun 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Nullstellensatz.html">Hilbert&#39;s Nullstellensatz</a></h5> <br>
by <a href="./authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
Jun 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Groebner_Macaulay.html">Gröbner Bases, Macaulay Matrices and Dubé&#39;s Degree Bounds</a></h5> <br>
by <a href="./authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
Jun 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IMP2_Binary_Heap.html">Binary Heaps for IMP2</a></h5> <br>
by <a href="./authors/griebel">Simon Griebel</a></div>
<span class="date">
Jun 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Differential_Game_Logic.html">Differential Game Logic</a></h5> <br>
by <a href="./authors/platzer">André Platzer</a></div>
<span class="date">
Jun 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/KD_Tree.html">Multidimensional Binary Search Trees</a></h5> <br>
by <a href="./authors/rau">Martin Rau</a></div>
<span class="date">
May 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LambdaAuth.html">Formalization of Generic Authenticated Data Structures</a></h5> <br>
by <a href="./authors/brun">Matthias Brun</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
May 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Multi_Party_Computation.html">Multi-Party Computation</a></h5> <br>
by <a href="./authors/aspinall">David Aspinall</a> and <a href="./authors/butler">David Butler</a></div>
<span class="date">
May 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/HOL-CSP.html">HOL-CSP Version 2.0</a></h5> <br>
by <a href="./authors/taha">Safouan Taha</a>, <a href="./authors/ye">Lina Ye</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LTL_Master_Theorem.html">A Compositional and Unified Translation of LTL into ω-Automata</a></h5> <br>
by <a href="./authors/seidl">Benedikt Seidl</a> and <a href="./authors/sickert">Salomon Sickert</a></div>
<span class="date">
Apr 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Binding_Syntax_Theory.html">A General Theory of Syntax with Bindings</a></h5> <br>
by <a href="./authors/gheri">Lorenzo Gheri</a> and <a href="./authors/popescu">Andrei Popescu</a></div>
<span class="date">
Apr 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Transcendence_Series_Hancl_Rucki.html">The Transcendence of Certain Infinite Series</a></h5> <br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="./authors/li">Wenda Li</a></div>
<span class="date">
Mar 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/QHLProver.html">Quantum Hoare Logic</a></h5> <br>
by <a href="./authors/liu">Junyi Liu</a>, <a href="./authors/zhan">Bohua Zhan</a>, <a href="./authors/wang">Shuling Wang</a>, <a href="./authors/ying">Shenggang Ying</a>, <a href="./authors/liut">Tao Liu</a>, <a href="./authors/liy">Yangjia Li</a>, <a href="./authors/yingm">Mingsheng Ying</a> and <a href="./authors/zhann">Naijun Zhan</a></div>
<span class="date">
Mar 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Safe_OCL.html">Safe OCL</a></h5> <br>
by <a href="./authors/nikiforov">Denis Nikiforov</a></div>
<span class="date">
Mar 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Prime_Distribution_Elementary.html">Elementary Facts About the Distribution of Primes</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Kruskal.html">Kruskal&#39;s Algorithm for Minimum Spanning Forest</a></h5> <br>
by <a href="./authors/haslbeckm">Maximilian P. L. Haslbeck</a>, <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/biendarra">Julian Biendarra</a></div>
<span class="date">
Feb 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Probabilistic_Prime_Tests.html">Probabilistic Primality Testing</a></h5> <br>
by <a href="./authors/stuewe">Daniel Stüwe</a> and <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Universal_Turing_Machine.html">Universal Turing Machine</a></h5> <br>
by <a href="./authors/xu">Jian Xu</a>, <a href="./authors/zhangx">Xingyuan Zhang</a>, <a href="./authors/urban">Christian Urban</a>, <a href="./authors/joosten">Sebastiaan J. C. Joosten</a> and <a href="./authors/regensburger">Franz Regensburger</a></div>
<span class="date">
Feb 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/List_Inversions.html">The Inversions of a List</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/UTP.html">Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming</a></h5> <br>
by <a href="./authors/fosters">Simon Foster</a>, <a href="./authors/zeyda">Frank Zeyda</a>, <a href="./authors/nemouchi">Yakoub Nemouchi</a>, <a href="./authors/ribeiro">Pedro Ribeiro</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Feb 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Farkas.html">Farkas&#39; Lemma and Motzkin&#39;s Transposition Theorem</a></h5> <br>
by <a href="./authors/bottesch">Ralph Bottesch</a>, <a href="./authors/haslbeck">Max W. Haslbeck</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IMP2.html">IMP2 – Simple Program Verification in Isabelle/HOL</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/wimmer">Simon Wimmer</a></div>
<span class="date">
Jan 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Higher_Order_Terms.html">An Algebra for Higher-Order Terms</a></h5> <br>
by <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
Jan 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Store_Buffer_Reduction.html">A Reduction Theorem for Store Buffers</a></h5> <br>
by <a href="./authors/cohen">Ernie Cohen</a> and <a href="./authors/schirmer">Norbert Schirmer</a></div>
<span class="date">
Jan 07
</span>
</article></div><div>
<h2 class="year">2018</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Core_DOM.html">A Formal Model of the Document Object Model</a></h5> <br>
by <a href="./authors/brucker">Achim D. Brucker</a> and <a href="./authors/herzberg">Michael Herzberg</a></div>
<span class="date">
Dec 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Concurrent_Revisions.html">Formalization of Concurrent Revisions</a></h5> <br>
by <a href="./authors/overbeek">Roy Overbeek</a></div>
<span class="date">
Dec 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Auto2_Imperative_HOL.html">Verifying Imperative Programs using Auto2</a></h5> <br>
by <a href="./authors/zhan">Bohua Zhan</a></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Constructive_Cryptography.html">Constructive Cryptography in HOL</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Dec 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Transformer_Semantics.html">Transformer Semantics</a></h5> <br>
by <a href="./authors/struth">Georg Struth</a></div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Quantales.html">Quantales</a></h5> <br>
by <a href="./authors/struth">Georg Struth</a></div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Order_Lattice_Props.html">Properties of Orderings and Lattices</a></h5> <br>
by <a href="./authors/struth">Georg Struth</a></div>
<span class="date">
Dec 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Graph_Saturation.html">Graph Saturation</a></h5> <br>
by <a href="./authors/joosten">Sebastiaan J. C. Joosten</a></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Functional_Ordered_Resolution_Prover.html">A Verified Functional Implementation of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</a></h5> <br>
by <a href="./authors/schlichtkrull">Anders Schlichtkrull</a>, <a href="./authors/blanchette">Jasmin Christian Blanchette</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Auto2_HOL.html">Auto2 Prover</a></h5> <br>
by <a href="./authors/zhan">Bohua Zhan</a></div>
<span class="date">
Nov 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Matroids.html">Matroids</a></h5> <br>
by <a href="./authors/keinholz">Jonas Keinholz</a></div>
<span class="date">
Nov 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Generic_Deriving.html">Deriving generic class instances for datatypes</a></h5> <br>
by <a href="./authors/raedle">Jonas Rädle</a> and <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
Nov 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/GewirthPGCProof.html">Formalisation and Evaluation of Alan Gewirth&#39;s Proof for the Principle of Generic Consistency in Isabelle/HOL</a></h5> <br>
by <a href="./authors/fuenmayor">David Fuenmayor</a> and <a href="./authors/benzmueller">Christoph Benzmüller</a></div>
<span class="date">
Oct 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Epistemic_Logic.html">Epistemic Logic: Completeness of Modal Logics</a></h5> <br>
by <a href="./authors/from">Asta Halkjær From</a></div>
<span class="date">
Oct 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Smooth_Manifolds.html">Smooth Manifolds</a></h5> <br>
by <a href="./authors/immler">Fabian Immler</a> and <a href="./authors/zhan">Bohua Zhan</a></div>
<span class="date">
Oct 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Randomised_BSTs.html">Randomised Binary Search Trees</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lambda_Free_EPO.html">Formalization of the Embedding Path Order for Lambda-Free Higher-Order Terms</a></h5> <br>
by <a href="./authors/bentkamp">Alexander Bentkamp</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Factored_Transition_System_Bounding.html">Upper Bounding Diameters of State Spaces of Factored Transition Systems</a></h5> <br>
by <a href="./authors/kurz">Friedrich Kurz</a> and <a href="./authors/abdulaziz">Mohammad Abdulaziz</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Pi_Transcendental.html">The Transcendence of π</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Symmetric_Polynomials.html">Symmetric Polynomials</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Sep 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Signature_Groebner.html">Signature-Based Gröbner Basis Algorithms</a></h5> <br>
by <a href="./authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
Sep 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Prime_Number_Theorem.html">The Prime Number Theorem</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Sep 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Aggregation_Algebras.html">Aggregation Algebras</a></h5> <br>
by <a href="./authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Sep 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Octonions.html">Octonions</a></h5> <br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a></div>
<span class="date">
Sep 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Quaternions.html">Quaternions</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Sep 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Budan_Fourier.html">The Budan-Fourier Theorem and Counting Real Roots with Multiplicity</a></h5> <br>
by <a href="./authors/li">Wenda Li</a></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Simplex.html">An Incremental Simplex Algorithm with Unsatisfiable Core Generation</a></h5> <br>
by <a href="./authors/maricf">Filip Marić</a>, <a href="./authors/spasic">Mirko Spasić</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Aug 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Minsky_Machines.html">Minsky Machines</a></h5> <br>
by <a href="./authors/felgenhauer">Bertram Felgenhauer</a></div>
<span class="date">
Aug 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DiscretePricing.html">Pricing in discrete financial models</a></h5> <br>
by <a href="./authors/echenim">Mnacho Echenim</a></div>
<span class="date">
Jul 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Neumann_Morgenstern_Utility.html">Von-Neumann-Morgenstern Utility Theorem</a></h5> <br>
by <a href="./authors/parsert">Julian Parsert</a> and <a href="./authors/kaliszyk">Cezary Kaliszyk</a></div>
<span class="date">
Jul 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Pell.html">Pell&#39;s Equation</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jun 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Localization_Ring.html">The Localization of a Commutative Ring</a></h5> <br>
by <a href="./authors/bordg">Anthony Bordg</a></div>
<span class="date">
Jun 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Projective_Geometry.html">Projective Geometry</a></h5> <br>
by <a href="./authors/bordg">Anthony Bordg</a></div>
<span class="date">
Jun 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Partial_Order_Reduction.html">Partial Order Reduction</a></h5> <br>
by <a href="./authors/brunner">Julian Brunner</a></div>
<span class="date">
Jun 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Optimal_BST.html">Optimal Binary Search Trees</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a> and <a href="./authors/somogyi">Dániel Somogyi</a></div>
<span class="date">
May 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hidden_Markov_Models.html">Hidden Markov Models</a></h5> <br>
by <a href="./authors/wimmer">Simon Wimmer</a></div>
<span class="date">
May 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Probabilistic_Timed_Automata.html">Probabilistic Timed Automata</a></h5> <br>
by <a href="./authors/wimmer">Simon Wimmer</a> and <a href="./authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Irrationality_J_Hancl.html">Irrational Rapidly Convergent Series</a></h5> <br>
by <a href="./authors/argyraki">Angeliki Koutsoukou-Argyraki</a> and <a href="./authors/li">Wenda Li</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AxiomaticCategoryTheory.html">Axiom Systems for Category Theory in Free Logic</a></h5> <br>
by <a href="./authors/benzmueller">Christoph Benzmüller</a> and <a href="./authors/scott">Dana Scott</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Monad_Memo_DP.html">Monadification, Memoization and Dynamic Programming</a></h5> <br>
by <a href="./authors/wimmer">Simon Wimmer</a>, <a href="./authors/hu">Shuwei Hu</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/OpSets.html">OpSets: Sequential Specifications for Replicated Datatypes</a></h5> <br>
by <a href="./authors/kleppmann">Martin Kleppmann</a>, <a href="./authors/gomes">Victor B. F. Gomes</a>, <a href="./authors/mulligan">Dominic P. Mulligan</a> and <a href="./authors/beresford">Alastair R. Beresford</a></div>
<span class="date">
May 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Modular_Assembly_Kit_Security.html">An Isabelle/HOL Formalization of the Modular Assembly Kit for Security Properties</a></h5> <br>
by <a href="./authors/bracevac">Oliver Bračevac</a>, <a href="./authors/gay">Richard Gay</a>, <a href="./authors/grewe">Sylvia Grewe</a>, <a href="./authors/mantel">Heiko Mantel</a>, <a href="./authors/sudbrock">Henning Sudbrock</a> and <a href="./authors/tasch">Markus Tasch</a></div>
<span class="date">
May 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/WebAssembly.html">WebAssembly</a></h5> <br>
by <a href="./authors/watt">Conrad Watt</a></div>
<span class="date">
Apr 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/VerifyThis2018.html">VerifyThis 2018 - Polished Isabelle Solutions</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/wimmer">Simon Wimmer</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BNF_CC.html">Bounded Natural Functors with Covariance and Contravariance</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/schneider">Joshua Schneider</a></div>
<span class="date">
Apr 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Fishburn_Impossibility.html">The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency</a></h5> <br>
by <a href="./authors/brandt">Felix Brandt</a>, <a href="./authors/eberl">Manuel Eberl</a>, <a href="./authors/saile">Christian Saile</a> and <a href="./authors/stricker">Christian Stricker</a></div>
<span class="date">
Mar 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Weight_Balanced_Trees.html">Weight-Balanced Trees</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a> and <a href="./authors/dirix">Stefan Dirix</a></div>
<span class="date">
Mar 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CakeML.html">CakeML</a></h5> <br>
by <a href="./authors/hupel">Lars Hupel</a> and <a href="./authors/zhang">Yu Zhang</a></div>
<span class="date">
Mar 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Architectural_Design_Patterns.html">A Theory of Architectural Design Patterns</a></h5> <br>
by <a href="./authors/marmsoler">Diego Marmsoler</a></div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hoare_Time.html">Hoare Logics for Time Bounds</a></h5> <br>
by <a href="./authors/haslbeckm">Maximilian P. L. Haslbeck</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Treaps.html">Treaps</a></h5> <br>
by <a href="./authors/haslbeck">Max W. Haslbeck</a>, <a href="./authors/eberl">Manuel Eberl</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Error_Function.html">The Error Function</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/First_Order_Terms.html">First-Order Terms</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LLL_Factorization.html">A verified factorization algorithm for integer polynomials with polynomial complexity</a></h5> <br>
by <a href="./authors/divason">Jose Divasón</a>, <a href="./authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LLL_Basis_Reduction.html">A verified LLL algorithm</a></h5> <br>
by <a href="./authors/bottesch">Ralph Bottesch</a>, <a href="./authors/divason">Jose Divasón</a>, <a href="./authors/haslbeck">Max W. Haslbeck</a>, <a href="./authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Feb 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ordered_Resolution_Prover.html">Formalization of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</a></h5> <br>
by <a href="./authors/schlichtkrull">Anders Schlichtkrull</a>, <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/traytel">Dmitriy Traytel</a> and <a href="./authors/waldmann">Uwe Waldmann</a></div>
<span class="date">
Jan 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gromov_Hyperbolicity.html">Gromov Hyperbolicity</a></h5> <br>
by <a href="./authors/gouezel">Sebastien Gouezel</a></div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Green.html">An Isabelle/HOL formalisation of Green&#39;s Theorem</a></h5> <br>
by <a href="./authors/abdulaziz">Mohammad Abdulaziz</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Jan 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Taylor_Models.html">Taylor Models</a></h5> <br>
by <a href="./authors/traut">Christoph Traut</a> and <a href="./authors/immler">Fabian Immler</a></div>
<span class="date">
Jan 08
</span>
</article></div><div>
<h2 class="year">2017</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Falling_Factorial_Sum.html">The Falling Factorial of a Sum</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Median_Of_Medians_Selection.html">The Median-of-Medians Selection Algorithm</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Mason_Stothers.html">The Mason–Stothers Theorem</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dirichlet_L.html">Dirichlet L-Functions and Dirichlet&#39;s Theorem</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BNF_Operations.html">Operations on Bounded Natural Functors</a></h5> <br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Dec 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Knuth_Morris_Pratt.html">The string search algorithm by Knuth, Morris and Pratt</a></h5> <br>
by <a href="./authors/hellauer">Fabian Hellauer</a> and <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Dec 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stochastic_Matrices.html">Stochastic Matrices and the Perron-Frobenius Theorem</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IMAP-CRDT.html">The IMAP CmRDT</a></h5> <br>
by <a href="./authors/jungnickel">Tim Jungnickel</a>, <a href="./authors/oldenburg">Lennart Oldenburg</a> and <a href="./authors/loibl">Matthias Loibl</a></div>
<span class="date">
Nov 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hybrid_Multi_Lane_Spatial_Logic.html">Hybrid Multi-Lane Spatial Logic</a></h5> <br>
by <a href="./authors/linker">Sven Linker</a></div>
<span class="date">
Nov 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Kuratowski_Closure_Complement.html">The Kuratowski Closure-Complement Theorem</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a> and <a href="./authors/gioiosa">Gianpaolo Gioiosa</a></div>
<span class="date">
Oct 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Transition_Systems_and_Automata.html">Transition Systems and Automata</a></h5> <br>
by <a href="./authors/brunner">Julian Brunner</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Buchi_Complementation.html">Büchi Complementation</a></h5> <br>
by <a href="./authors/brunner">Julian Brunner</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Winding_Number_Eval.html">Evaluate Winding Numbers through Cauchy Indices</a></h5> <br>
by <a href="./authors/li">Wenda Li</a></div>
<span class="date">
Oct 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Count_Complex_Roots.html">Count the Number of Complex Roots</a></h5> <br>
by <a href="./authors/li">Wenda Li</a></div>
<span class="date">
Oct 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Diophantine_Eqns_Lin_Hom.html">Homogeneous Linear Diophantine Equations</a></h5> <br>
by <a href="./authors/messner">Florian Messner</a>, <a href="./authors/parsert">Julian Parsert</a>, <a href="./authors/schoepf">Jonas Schöpf</a> and <a href="./authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Oct 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Zeta_Function.html">The Hurwitz and Riemann ζ Functions</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Linear_Recurrences.html">Linear Recurrences</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dirichlet_Series.html">Dirichlet Series</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lowe_Ontological_Argument.html">Computer-assisted Reconstruction and Assessment of E. J. Lowe&#39;s Modal Ontological Argument</a></h5> <br>
by <a href="./authors/fuenmayor">David Fuenmayor</a> and <a href="./authors/benzmueller">Christoph Benzmüller</a></div>
<span class="date">
Sep 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PLM.html">Representation and Partial Automation of the Principia Logico-Metaphysica in Isabelle/HOL</a></h5> <br>
by <a href="./authors/kirchner">Daniel Kirchner</a></div>
<span class="date">
Sep 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AnselmGod.html">Anselm&#39;s God in Isabelle/HOL</a></h5> <br>
by <a href="./authors/blumson">Ben Blumson</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/First_Welfare_Theorem.html">Microeconomics and the First Welfare Theorem</a></h5> <br>
by <a href="./authors/parsert">Julian Parsert</a> and <a href="./authors/kaliszyk">Cezary Kaliszyk</a></div>
<span class="date">
Sep 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Root_Balanced_Tree.html">Root-Balanced Tree</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Orbit_Stabiliser.html">Orbit-Stabiliser Theorem with Application to Rotational Symmetries</a></h5> <br>
by <a href="./authors/raedle">Jonas Rädle</a></div>
<span class="date">
Aug 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LambdaMu.html">The LambdaMu-calculus</a></h5> <br>
by <a href="./authors/matache">Cristina Matache</a>, <a href="./authors/gomes">Victor B. F. Gomes</a> and <a href="./authors/mulligan">Dominic P. Mulligan</a></div>
<span class="date">
Aug 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stewart_Apollonius.html">Stewart&#39;s Theorem and Apollonius&#39; Theorem</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Jul 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DynamicArchitectures.html">Dynamic Architectures</a></h5> <br>
by <a href="./authors/marmsoler">Diego Marmsoler</a></div>
<span class="date">
Jul 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Decl_Sem_Fun_PL.html">Declarative Semantics for Functional Languages</a></h5> <br>
by <a href="./authors/siek">Jeremy Siek</a></div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/HOLCF-Prelude.html">HOLCF-Prelude</a></h5> <br>
by <a href="./authors/breitner">Joachim Breitner</a>, <a href="./authors/huffman">Brian Huffman</a>, <a href="./authors/mitchell">Neil Mitchell</a> and <a href="./authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Jul 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Minkowskis_Theorem.html">Minkowski&#39;s Theorem</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Name_Carrying_Type_Inference.html">Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus</a></h5> <br>
by <a href="./authors/rawson">Michael Rawson</a></div>
<span class="date">
Jul 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CRDT.html">A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes</a></h5> <br>
by <a href="./authors/gomes">Victor B. F. Gomes</a>, <a href="./authors/kleppmann">Martin Kleppmann</a>, <a href="./authors/mulligan">Dominic P. Mulligan</a> and <a href="./authors/beresford">Alastair R. Beresford</a></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stone_Kleene_Relation_Algebras.html">Stone-Kleene Relation Algebras</a></h5> <br>
by <a href="./authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Jul 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Propositional_Proof_Systems.html">Propositional Proof Systems</a></h5> <br>
by <a href="./authors/michaelis">Julius Michaelis</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PSemigroupsConvolution.html">Partial Semigroups and Convolution Algebras</a></h5> <br>
by <a href="./authors/dongol">Brijesh Dongol</a>, <a href="./authors/gomes">Victor B. F. Gomes</a>, <a href="./authors/hayes">Ian J. Hayes</a> and <a href="./authors/struth">Georg Struth</a></div>
<span class="date">
Jun 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Buffons_Needle.html">Buffon&#39;s Needle Problem</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jun 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Prpu_Maxflow.html">Formalizing Push-Relabel Algorithms</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Flow_Networks.html">Flow Networks and the Min-Cut-Max-Flow Theorem</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Optics.html">Optics</a></h5> <br>
by <a href="./authors/fosters">Simon Foster</a> and <a href="./authors/zeyda">Frank Zeyda</a></div>
<span class="date">
May 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dict_Construction.html">Dictionary Construction</a></h5> <br>
by <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Security_Protocol_Refinement.html">Developing Security Protocols by Refinement</a></h5> <br>
by <a href="./authors/sprenger">Christoph Sprenger</a> and <a href="./authors/somaini">Ivano Somaini</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Floyd_Warshall.html">The Floyd-Warshall Algorithm for Shortest Paths</a></h5> <br>
by <a href="./authors/wimmer">Simon Wimmer</a> and <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
May 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Probabilistic_While.html">Probabilistic while loop</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Monad_Normalisation.html">Monad normalisation</a></h5> <br>
by <a href="./authors/schneider">Joshua Schneider</a>, <a href="./authors/eberl">Manuel Eberl</a> and <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Game_Based_Crypto.html">Game-based cryptography in HOL</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a>, <a href="./authors/sefidgar">S. Reza Sefidgar</a> and <a href="./authors/bhatt">Bhargav Bhatt</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Monomorphic_Monad.html">Effect polymorphism in higher-order logic</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CryptHOL.html">CryptHOL</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MonoidalCategory.html">Monoidal Categories</a></h5> <br>
by <a href="./authors/stark">Eugene W. Stark</a></div>
<span class="date">
May 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Types_Tableaus_and_Goedels_God.html">Types, Tableaus and Gödel’s God in Isabelle/HOL</a></h5> <br>
by <a href="./authors/fuenmayor">David Fuenmayor</a> and <a href="./authors/benzmueller">Christoph Benzmüller</a></div>
<span class="date">
May 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LocalLexing.html">Local Lexing</a></h5> <br>
by <a href="./authors/obua">Steven Obua</a></div>
<span class="date">
Apr 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Constructor_Funs.html">Constructor Functions</a></h5> <br>
by <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
Apr 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lazy_Case.html">Lazifying case constants</a></h5> <br>
by <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
Apr 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Subresultants.html">Subresultants</a></h5> <br>
by <a href="./authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Apr 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Random_BSTs.html">Expected Shape of Random Binary Search Trees</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Apr 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Quick_Sort_Cost.html">The number of comparisons in QuickSort</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Comparison_Sort_Lower_Bound.html">Lower bound on comparison-based sorting algorithms</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Euler_MacLaurin.html">The Euler–MacLaurin Formula</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Mar 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Elliptic_Curves_Group_Law.html">The Group Law for Elliptic Curves</a></h5> <br>
by <a href="./authors/berghofer">Stefan Berghofer</a></div>
<span class="date">
Feb 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Menger.html">Menger&#39;s Theorem</a></h5> <br>
by <a href="./authors/dittmann">Christoph Dittmann</a></div>
<span class="date">
Feb 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Differential_Dynamic_Logic.html">Differential Dynamic Logic</a></h5> <br>
by <a href="./authors/bohrer">Rose Bohrer</a></div>
<span class="date">
Feb 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Abstract_Soundness.html">Abstract Soundness</a></h5> <br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Feb 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stone_Relation_Algebras.html">Stone Relation Algebras</a></h5> <br>
by <a href="./authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Feb 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Key_Agreement_Strong_Adversaries.html">Refining Authenticated Key Agreement with Strong Adversaries</a></h5> <br>
by <a href="./authors/lallemand">Joseph Lallemand</a> and <a href="./authors/sprenger">Christoph Sprenger</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Bernoulli.html">Bernoulli Numbers</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a> and <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Minimal_SSA.html">Minimal Static Single Assignment Form</a></h5> <br>
by <a href="./authors/wagner">Max Wagner</a> and <a href="./authors/lohner">Denis Lohner</a></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Bertrands_Postulate.html">Bertrand&#39;s postulate</a></h5> <br>
by <a href="./authors/biendarra">Julian Biendarra</a> and <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/E_Transcendental.html">The Transcendence of e</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/UPF_Firewall.html">Formal Network Models and Their Application to Firewall Policies</a></h5> <br>
by <a href="./authors/brucker">Achim D. Brucker</a>, <a href="./authors/bruegger">Lukas Brügger</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Jan 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Password_Authentication_Protocol.html">Verification of a Diffie-Hellman Password-based Authentication Protocol by Extending the Inductive Method</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Jan 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FOL_Harrison.html">First-Order Logic According to Harrison</a></h5> <br>
by <a href="./authors/jensen">Alexander Birch Jensen</a>, <a href="./authors/schlichtkrull">Anders Schlichtkrull</a> and <a href="./authors/villadsen">Jørgen Villadsen</a></div>
<span class="date">
Jan 01
</span>
</article></div><div>
<h2 class="year">2016</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Concurrent_Ref_Alg.html">Concurrent Refinement Algebra and Rely Quotients</a></h5> <br>
by <a href="./authors/fell">Julian Fell</a>, <a href="./authors/hayes">Ian J. Hayes</a> and <a href="./authors/velykis">Andrius Velykis</a></div>
<span class="date">
Dec 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Twelvefold_Way.html">The Twelvefold Way</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Dec 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Proof_Strategy_Language.html">Proof Strategy Language</a></h5> <br>
by <a href="./authors/nagashima">Yutaka Nagashima</a></div>
<span class="date">
Dec 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Paraconsistency.html">Paraconsistency</a></h5> <br>
by <a href="./authors/schlichtkrull">Anders Schlichtkrull</a> and <a href="./authors/villadsen">Jørgen Villadsen</a></div>
<span class="date">
Dec 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Complx.html">COMPLX: A Verification Framework for Concurrent Imperative Programs</a></h5> <br>
by <a href="./authors/amani">Sidney Amani</a>, <a href="./authors/andronick">June Andronick</a>, <a href="./authors/bortin">Maksym Bortin</a>, <a href="./authors/lewis">Corey Lewis</a>, <a href="./authors/rizkallah">Christine Rizkallah</a> and <a href="./authors/tuongj">Joseph Tuong</a></div>
<span class="date">
Nov 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Abs_Int_ITP2012.html">Abstract Interpretation of Annotated Commands</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Nov 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Separata.html">Separata: Isabelle tactics for Separation Algebra</a></h5> <br>
by <a href="./authors/hou">Zhe Hou</a>, <a href="./authors/sanan">David Sanan</a>, <a href="./authors/tiu">Alwen Tiu</a>, <a href="./authors/gore">Rajeev Gore</a> and <a href="./authors/clouston">Ranald Clouston</a></div>
<span class="date">
Nov 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Nested_Multisets_Ordinals.html">Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals</a></h5> <br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/fleury">Mathias Fleury</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Nov 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lambda_Free_KBOs.html">Formalization of Knuth–Bendix Orders for Lambda-Free Higher-Order Terms</a></h5> <br>
by <a href="./authors/becker">Heiko Becker</a>, <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/waldmann">Uwe Waldmann</a> and <a href="./authors/wand">Daniel Wand</a></div>
<span class="date">
Nov 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Deep_Learning.html">Expressiveness of Deep Learning</a></h5> <br>
by <a href="./authors/bentkamp">Alexander Bentkamp</a></div>
<span class="date">
Nov 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Modal_Logics_for_NTS.html">Modal Logics for Nominal Transition Systems</a></h5> <br>
by <a href="./authors/weber">Tjark Weber</a>, <a href="./authors/eriksson">Lars-Henrik Eriksson</a>, <a href="./authors/parrow">Joachim Parrow</a>, <a href="./authors/borgstroem">Johannes Borgström</a> and <a href="./authors/gutkovas">Ramunas Gutkovas</a></div>
<span class="date">
Oct 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stable_Matching.html">Stable Matching</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a></div>
<span class="date">
Oct 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LOFT.html">LOFT — Verified Migration of Linux Firewalls to SDN</a></h5> <br>
by <a href="./authors/michaelis">Julius Michaelis</a> and <a href="./authors/diekmann">Cornelius Diekmann</a></div>
<span class="date">
Oct 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Source_Coding_Theorem.html">Source Coding Theorem</a></h5> <br>
by <a href="./authors/hibon">Quentin Hibon</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SPARCv8.html">A formal model for the SPARCv8 ISA and a proof of non-interference for the LEON3 processor</a></h5> <br>
by <a href="./authors/hou">Zhe Hou</a>, <a href="./authors/sanan">David Sanan</a>, <a href="./authors/tiu">Alwen Tiu</a> and <a href="./authors/liuy">Yang Liu</a></div>
<span class="date">
Oct 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Berlekamp_Zassenhaus.html">The Factorization Algorithm of Berlekamp and Zassenhaus</a></h5> <br>
by <a href="./authors/divason">Jose Divasón</a>, <a href="./authors/joosten">Sebastiaan J. C. Joosten</a>, <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Oct 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Chord_Segments.html">Intersecting Chords Theorem</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Oct 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lp.html">Lp spaces</a></h5> <br>
by <a href="./authors/gouezel">Sebastien Gouezel</a></div>
<span class="date">
Oct 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Fisher_Yates.html">Fisher–Yates shuffle</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Sep 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Allen_Calculus.html">Allen&#39;s Interval Calculus</a></h5> <br>
by <a href="./authors/ghourabi">Fadoua Ghourabi</a></div>
<span class="date">
Sep 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lambda_Free_RPOs.html">Formalization of Recursive Path Orders for Lambda-Free Higher-Order Terms</a></h5> <br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/waldmann">Uwe Waldmann</a> and <a href="./authors/wand">Daniel Wand</a></div>
<span class="date">
Sep 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Iptables_Semantics.html">Iptables Semantics</a></h5> <br>
by <a href="./authors/diekmann">Cornelius Diekmann</a> and <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stone_Algebras.html">Stone Algebras</a></h5> <br>
by <a href="./authors/guttmann">Walter Guttmann</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SuperCalc.html">A Variant of the Superposition Calculus</a></h5> <br>
by <a href="./authors/peltier">Nicolas Peltier</a></div>
<span class="date">
Sep 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stirling_Formula.html">Stirling&#39;s formula</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Sep 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Routing.html">Routing</a></h5> <br>
by <a href="./authors/michaelis">Julius Michaelis</a> and <a href="./authors/diekmann">Cornelius Diekmann</a></div>
<span class="date">
Aug 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Simple_Firewall.html">Simple Firewall</a></h5> <br>
by <a href="./authors/diekmann">Cornelius Diekmann</a>, <a href="./authors/michaelis">Julius Michaelis</a> and <a href="./authors/haslbeck">Max W. Haslbeck</a></div>
<span class="date">
Aug 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/InfPathElimination.html">Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths</a></h5> <br>
by <a href="./authors/aissat">Romain Aissat</a>, <a href="./authors/voisin">Frederic Voisin</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Aug 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/EdmondsKarp_Maxflow.html">Formalizing the Edmonds-Karp Algorithm</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/sefidgar">S. Reza Sefidgar</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Refine_Imperative_HOL.html">The Imperative Refinement Framework</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ptolemys_Theorem.html">Ptolemy&#39;s Theorem</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Aug 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Surprise_Paradox.html">Surprise Paradox</a></h5> <br>
by <a href="./authors/breitner">Joachim Breitner</a></div>
<span class="date">
Jul 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Pairing_Heap.html">Pairing Heap</a></h5> <br>
by <a href="./authors/brinkop">Hauke Brinkop</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jul 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DFS_Framework.html">A Framework for Verifying Depth-First Search Algorithms</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/neumann">René Neumann</a></div>
<span class="date">
Jul 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Buildings.html">Chamber Complexes, Coxeter Systems, and Buildings</a></h5> <br>
by <a href="./authors/sylvestre">Jeremy Sylvestre</a></div>
<span class="date">
Jul 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Rewriting_Z.html">The Z Property</a></h5> <br>
by <a href="./authors/felgenhauer">Bertram Felgenhauer</a>, <a href="./authors/nagele">Julian Nagele</a>, <a href="./authors/oostrom">Vincent van Oostrom</a> and <a href="./authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Jun 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Resolution_FOL.html">The Resolution Calculus for First-Order Logic</a></h5> <br>
by <a href="./authors/schlichtkrull">Anders Schlichtkrull</a></div>
<span class="date">
Jun 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IP_Addresses.html">IP Addresses</a></h5> <br>
by <a href="./authors/diekmann">Cornelius Diekmann</a>, <a href="./authors/michaelis">Julius Michaelis</a> and <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
Jun 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dependent_SIFUM_Refinement.html">Compositional Security-Preserving Refinement for Concurrent Imperative Programs</a></h5> <br>
by <a href="./authors/murray">Toby Murray</a>, <a href="./authors/sison">Robert Sison</a>, <a href="./authors/pierzchalski">Edward Pierzchalski</a> and <a href="./authors/rizkallah">Christine Rizkallah</a></div>
<span class="date">
Jun 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Category3.html">Category Theory with Adjunctions and Limits</a></h5> <br>
by <a href="./authors/stark">Eugene W. Stark</a></div>
<span class="date">
Jun 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Card_Multisets.html">Cardinality of Multisets</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Jun 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dependent_SIFUM_Type_Systems.html">A Dependent Security Type System for Concurrent Imperative Programs</a></h5> <br>
by <a href="./authors/murray">Toby Murray</a>, <a href="./authors/sison">Robert Sison</a>, <a href="./authors/pierzchalski">Edward Pierzchalski</a> and <a href="./authors/rizkallah">Christine Rizkallah</a></div>
<span class="date">
Jun 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Catalan_Numbers.html">Catalan Numbers</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jun 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Algebraic_VCs.html">Program Construction and Verification Components Based on Kleene Algebra</a></h5> <br>
by <a href="./authors/gomes">Victor B. F. Gomes</a> and <a href="./authors/struth">Georg Struth</a></div>
<span class="date">
Jun 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Noninterference_Concurrent_Composition.html">Conservation of CSP Noninterference Security under Concurrent Composition</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Jun 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Word_Lib.html">Finite Machine Word Library</a></h5> <br>
by <a href="./authors/beeren">Joel Beeren</a>, <a href="./authors/fernandez">Matthew Fernandez</a>, <a href="./authors/gao">Xin Gao</a>, <a href="./authors/klein">Gerwin Klein</a>, <a href="./authors/kolanski">Rafal Kolanski</a>, <a href="./authors/lim">Japheth Lim</a>, <a href="./authors/lewis">Corey Lewis</a>, <a href="./authors/matichuk">Daniel Matichuk</a> and <a href="./authors/sewell">Thomas Sewell</a></div>
<span class="date">
Jun 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Tree_Decomposition.html">Tree Decomposition</a></h5> <br>
by <a href="./authors/dittmann">Christoph Dittmann</a></div>
<span class="date">
May 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Posix-Lexing.html">POSIX Lexing with Derivatives of Regular Expressions</a></h5> <br>
by <a href="./authors/ausaf">Fahad Ausaf</a>, <a href="./authors/dyckhoff">Roy Dyckhoff</a> and <a href="./authors/urban">Christian Urban</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Card_Equiv_Relations.html">Cardinality of Equivalence Relations</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
May 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Incredible_Proof_Machine.html">The meta theory of the Incredible Proof Machine</a></h5> <br>
by <a href="./authors/breitner">Joachim Breitner</a> and <a href="./authors/lohner">Denis Lohner</a></div>
<span class="date">
May 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Perron_Frobenius.html">Perron-Frobenius Theorem for Spectral Radius Analysis</a></h5> <br>
by <a href="./authors/divason">Jose Divasón</a>, <a href="./authors/kuncar">Ondřej Kunčar</a>, <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a></div>
<span class="date">
May 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FLP.html">A Constructive Proof for FLP</a></h5> <br>
by <a href="./authors/bisping">Benjamin Bisping</a>, <a href="./authors/brodmann">Paul-David Brodmann</a>, <a href="./authors/jungnickel">Tim Jungnickel</a>, <a href="./authors/rickmann">Christina Rickmann</a>, <a href="./authors/seidler">Henning Seidler</a>, <a href="./authors/stueber">Anke Stüber</a>, <a href="./authors/weidner">Arno Wilhelm-Weidner</a>, <a href="./authors/peters">Kirstin Peters</a> and <a href="./authors/nestmann">Uwe Nestmann</a></div>
<span class="date">
May 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MFMC_Countable.html">A Formal Proof of the Max-Flow Min-Cut Theorem for Countable Networks</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Randomised_Social_Choice.html">Randomised Social Choice Theory</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
May 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SDS_Impossibility.html">The Incompatibility of SD-Efficiency and SD-Strategy-Proofness</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
May 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Bell_Numbers_Spivey.html">Spivey&#39;s Generalized Recurrence for Bell Numbers</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
May 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Groebner_Bases.html">Gröbner Bases Theory</a></h5> <br>
by <a href="./authors/immler">Fabian Immler</a> and <a href="./authors/maletzky">Alexander Maletzky</a></div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/No_FTL_observers.html">No Faster-Than-Light Observers</a></h5> <br>
by <a href="./authors/stannett">Mike Stannett</a> and <a href="./authors/nemeti">István Németi</a></div>
<span class="date">
Apr 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ROBDD.html">Algorithms for Reduced Ordered Binary Decision Diagrams</a></h5> <br>
by <a href="./authors/michaelis">Julius Michaelis</a>, <a href="./authors/haslbeck">Max W. Haslbeck</a>, <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CYK.html">A formalisation of the Cocke-Younger-Kasami algorithm</a></h5> <br>
by <a href="./authors/bortin">Maksym Bortin</a></div>
<span class="date">
Apr 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Noninterference_Sequential_Composition.html">Conservation of CSP Noninterference Security under Sequential Composition</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/KAD.html">Kleene Algebras with Domain</a></h5> <br>
by <a href="./authors/gomes">Victor B. F. Gomes</a>, <a href="./authors/guttmann">Walter Guttmann</a>, <a href="./authors/hoefner">Peter Höfner</a>, <a href="./authors/struth">Georg Struth</a> and <a href="./authors/weber">Tjark Weber</a></div>
<span class="date">
Apr 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PropResPI.html">Propositional Resolution and Prime Implicates Generation</a></h5> <br>
by <a href="./authors/peltier">Nicolas Peltier</a></div>
<span class="date">
Mar 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Timed_Automata.html">Timed Automata</a></h5> <br>
by <a href="./authors/wimmer">Simon Wimmer</a></div>
<span class="date">
Mar 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Cartan_FP.html">The Cartan Fixed Point Theorems</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Mar 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LTL.html">Linear Temporal Logic</a></h5> <br>
by <a href="./authors/sickert">Salomon Sickert</a></div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/List_Update.html">Analysis of List Update Algorithms</a></h5> <br>
by <a href="./authors/haslbeckm">Maximilian P. L. Haslbeck</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Formal_SSA.html">Verified Construction of Static Single Assignment Form</a></h5> <br>
by <a href="./authors/ullrich">Sebastian Ullrich</a> and <a href="./authors/lohner">Denis Lohner</a></div>
<span class="date">
Feb 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Polynomial_Interpolation.html">Polynomial Interpolation</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Jan 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Polynomial_Factorization.html">Polynomial Factorization</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Jan 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Knot_Theory.html">Knot Theory</a></h5> <br>
by <a href="./authors/prathamesh">T.V.H. Prathamesh</a></div>
<span class="date">
Jan 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Matrix_Tensor.html">Tensor Product of Matrices</a></h5> <br>
by <a href="./authors/prathamesh">T.V.H. Prathamesh</a></div>
<span class="date">
Jan 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Card_Number_Partitions.html">Cardinality of Number Partitions</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Jan 14
</span>
</article></div><div>
<h2 class="year">2015</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Prime_Harmonic_Series.html">The Divergence of the Prime Harmonic Series</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Liouville_Numbers.html">Liouville numbers</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Descartes_Sign_Rule.html">Descartes&#39; Rule of Signs</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Triangle.html">Basic Geometric Properties of Triangles</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Dec 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stern_Brocot.html">The Stern-Brocot Tree</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a> and <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Applicative_Lifting.html">Applicative Lifting</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/schneider">Joshua Schneider</a></div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Algebraic_Numbers.html">Algebraic Numbers in Isabelle/HOL</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a>, <a href="./authors/yamada">Akihisa Yamada</a> and <a href="./authors/joosten">Sebastiaan J. C. Joosten</a></div>
<span class="date">
Dec 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Card_Partitions.html">Cardinality of Set Partitions</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Dec 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Latin_Square.html">Latin Square</a></h5> <br>
by <a href="./authors/bentkamp">Alexander Bentkamp</a></div>
<span class="date">
Dec 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ergodic_Theory.html">Ergodic Theory</a></h5> <br>
by <a href="./authors/gouezel">Sebastien Gouezel</a></div>
<span class="date">
Dec 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Euler_Partition.html">Euler&#39;s Partition Theorem</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/TortoiseHare.html">The Tortoise and Hare Algorithm</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a></div>
<span class="date">
Nov 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Planarity_Certificates.html">Planarity Certificates</a></h5> <br>
by <a href="./authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Nov 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Parity_Game.html">Positional Determinacy of Parity Games</a></h5> <br>
by <a href="./authors/dittmann">Christoph Dittmann</a></div>
<span class="date">
Nov 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Isabelle_Meta_Model.html">A Meta-Model for the Isabelle API</a></h5> <br>
by <a href="./authors/tuong">Frédéric Tuong</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LTL_to_DRA.html">Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata</a></h5> <br>
by <a href="./authors/sickert">Salomon Sickert</a></div>
<span class="date">
Sep 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Jordan_Normal_Form.html">Matrices, Jordan Normal Forms, and Spectral Radius Theory</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a> and <a href="./authors/yamada">Akihisa Yamada</a></div>
<span class="date">
Aug 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Decreasing-Diagrams-II.html">Decreasing Diagrams II</a></h5> <br>
by <a href="./authors/felgenhauer">Bertram Felgenhauer</a></div>
<span class="date">
Aug 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Noninterference_Inductive_Unwinding.html">The Inductive Unwinding Theorem for CSP Noninterference Security</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Aug 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Rep_Fin_Groups.html">Representations of Finite Groups</a></h5> <br>
by <a href="./authors/sylvestre">Jeremy Sylvestre</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Encodability_Process_Calculi.html">Analysing and Comparing Encodability Criteria for Process Calculi</a></h5> <br>
by <a href="./authors/peters">Kirstin Peters</a> and <a href="./authors/glabbeek">Rob van Glabbeek</a></div>
<span class="date">
Aug 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Case_Labeling.html">Generating Cases from Labeled Subgoals</a></h5> <br>
by <a href="./authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Akra_Bazzi.html">The Akra-Bazzi theorem and the Master theorem</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Landau_Symbols.html">Landau Symbols</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jul 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Hermite.html">Hermite Normal Form</a></h5> <br>
by <a href="./authors/divason">Jose Divasón</a> and <a href="./authors/aransay">Jesús Aransay</a></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Derangements.html">Derangements Formula</a></h5> <br>
by <a href="./authors/bulwahn">Lukas Bulwahn</a></div>
<span class="date">
Jun 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Noninterference_Ipurge_Unwinding.html">The Ipurge Unwinding Theorem for CSP Noninterference Security</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Noninterference_Generic_Unwinding.html">The Generic Unwinding Theorem for CSP Noninterference Security</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/List_Interleaving.html">Reasoning about Lists via List Interleaving</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Multirelations.html">Binary Multirelations</a></h5> <br>
by <a href="./authors/furusawa">Hitoshi Furusawa</a> and <a href="./authors/struth">Georg Struth</a></div>
<span class="date">
Jun 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dynamic_Tables.html">Parameterized Dynamic Tables</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Formula_Derivatives.html">Derivatives of Logical Formulas</a></h5> <br>
by <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Probabilistic_System_Zoo.html">A Zoo of Probabilistic Systems</a></h5> <br>
by <a href="./authors/hoelzl">Johannes Hölzl</a>, <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
May 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Vickrey_Clarke_Groves.html">VCG - Combinatorial Vickrey-Clarke-Groves Auctions</a></h5> <br>
by <a href="./authors/caminati">Marco B. Caminati</a>, <a href="./authors/kerber">Manfred Kerber</a>, <a href="./authors/lange">Christoph Lange</a> and <a href="./authors/rowat">Colin Rowat</a></div>
<span class="date">
Apr 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Residuated_Lattices.html">Residuated Lattices</a></h5> <br>
by <a href="./authors/gomes">Victor B. F. Gomes</a> and <a href="./authors/struth">Georg Struth</a></div>
<span class="date">
Apr 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ConcurrentGC.html">Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a>, <a href="./authors/hosking">Tony Hosking</a> and <a href="./authors/engelhardt">Kai Engelhardt</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ConcurrentIMP.html">Concurrent IMP</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Trie.html">Trie</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Mar 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Consensus_Refined.html">Consensus Refined</a></h5> <br>
by <a href="./authors/maric">Ognjen Marić</a> and <a href="./authors/sprenger">Christoph Sprenger</a></div>
<span class="date">
Mar 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Deriving.html">Deriving class instances for datatypes</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Mar 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Call_Arity.html">The Safety of Call Arity</a></h5> <br>
by <a href="./authors/breitner">Joachim Breitner</a></div>
<span class="date">
Feb 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/QR_Decomposition.html">QR Decomposition</a></h5> <br>
by <a href="./authors/divason">Jose Divasón</a> and <a href="./authors/aransay">Jesús Aransay</a></div>
<span class="date">
Feb 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Echelon_Form.html">Echelon Form</a></h5> <br>
by <a href="./authors/divason">Jose Divasón</a> and <a href="./authors/aransay">Jesús Aransay</a></div>
<span class="date">
Feb 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Finite_Automata_HF.html">Finite Automata in Hereditarily Finite Set Theory</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Feb 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/UpDown_Scheme.html">Verification of the UpDown Scheme</a></h5> <br>
by <a href="./authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
Jan 28
</span>
</article></div><div>
<h2 class="year">2014</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/UPF.html">The Unified Policy Framework (UPF)</a></h5> <br>
by <a href="./authors/brucker">Achim D. Brucker</a>, <a href="./authors/bruegger">Lukas Brügger</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Nov 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AODV.html">Loop freedom of the (untimed) AODV routing protocol</a></h5> <br>
by <a href="./authors/bourke">Timothy Bourke</a> and <a href="./authors/hoefner">Peter Höfner</a></div>
<span class="date">
Oct 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lifting_Definition_Option.html">Lifting Definition Option</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Oct 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stream_Fusion_Code.html">Stream Fusion in HOL with Code Generation</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/maximova">Alexandra Maximova</a></div>
<span class="date">
Oct 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Density_Compiler.html">A Verified Compiler for Probability Density Functions</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a>, <a href="./authors/hoelzl">Johannes Hölzl</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Oct 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/RefinementReactive.html">Formalization of Refinement Calculus for Reactive Systems</a></h5> <br>
by <a href="./authors/preoteasa">Viorel Preoteasa</a></div>
<span class="date">
Oct 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/XML.html">XML</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Oct 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Certification_Monads.html">Certification Monads</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Oct 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Imperative_Insertion_Sort.html">Imperative Insertion Sort</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Sep 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sturm_Tarski.html">The Sturm-Tarski Theorem</a></h5> <br>
by <a href="./authors/li">Wenda Li</a></div>
<span class="date">
Sep 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Cayley_Hamilton.html">The Cayley-Hamilton Theorem</a></h5> <br>
by <a href="./authors/adelsberger">Stephan Adelsberger</a>, <a href="./authors/hetzl">Stefan Hetzl</a> and <a href="./authors/pollak">Florian Pollak</a></div>
<span class="date">
Sep 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Jordan_Hoelder.html">The Jordan-Hölder Theorem</a></h5> <br>
by <a href="./authors/raumer">Jakob von Raumer</a></div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Priority_Queue_Braun.html">Priority Queues Based on Braun Trees</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Sep 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gauss_Jordan.html">Gauss-Jordan Algorithm and Its Applications</a></h5> <br>
by <a href="./authors/divason">Jose Divasón</a> and <a href="./authors/aransay">Jesús Aransay</a></div>
<span class="date">
Sep 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/VectorSpace.html">Vector Spaces</a></h5> <br>
by <a href="./authors/lee">Holden Lee</a></div>
<span class="date">
Aug 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Special_Function_Bounds.html">Real-Valued Special Functions: Upper and Lower Bounds</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Aug 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Skew_Heap.html">Skew Heap</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Splay_Tree.html">Splay Tree</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Show.html">Haskell&#39;s Show Class in Isabelle/HOL</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Jul 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CISC-Kernel.html">Formal Specification of a Generic Separation Kernel</a></h5> <br>
by <a href="./authors/verbeek">Freek Verbeek</a>, <a href="./authors/tverdyshev">Sergey Tverdyshev</a>, <a href="./authors/havle">Oto Havle</a>, <a href="./authors/blasum">Holger Blasum</a>, <a href="./authors/langenstein">Bruno Langenstein</a>, <a href="./authors/stephan">Werner Stephan</a>, <a href="./authors/nemouchi">Yakoub Nemouchi</a>, <a href="./authors/feliachi">Abderrahmane Feliachi</a>, <a href="./authors/wolff">Burkhart Wolff</a> and <a href="./authors/schmaltz">Julien Schmaltz</a></div>
<span class="date">
Jul 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/pGCL.html">pGCL for Isabelle</a></h5> <br>
by <a href="./authors/cock">David Cock</a></div>
<span class="date">
Jul 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Amortized_Complexity.html">Amortized Complexity Verified</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jul 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Network_Security_Policy_Verification.html">Network Security Policy Verification</a></h5> <br>
by <a href="./authors/diekmann">Cornelius Diekmann</a></div>
<span class="date">
Jul 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Pop_Refinement.html">Pop-Refinement</a></h5> <br>
by <a href="./authors/coglio">Alessandro Coglio</a></div>
<span class="date">
Jul 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MSO_Regex_Equivalence.html">Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions</a></h5> <br>
by <a href="./authors/traytel">Dmitriy Traytel</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Boolean_Expression_Checkers.html">Boolean Expression Checkers</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gabow_SCC.html">Verified Efficient Implementation of Gabow&#39;s Strongly Connected Components Algorithm</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CAVA_Automata.html">The CAVA Automata Library</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Promela.html">Promela Formalization</a></h5> <br>
by <a href="./authors/neumann">René Neumann</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LTL_to_GBA.html">Converting Linear-Time Temporal Logic to Generalized Büchi Automata</a></h5> <br>
by <a href="./authors/schimpf">Alexander Schimpf</a> and <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CAVA_LTL_Modelchecker.html">A Fully Verified Executable LTL Model Checker</a></h5> <br>
by <a href="./authors/esparza">Javier Esparza</a>, <a href="./authors/lammich">Peter Lammich</a>, <a href="./authors/neumann">René Neumann</a>, <a href="./authors/nipkow">Tobias Nipkow</a>, <a href="./authors/schimpf">Alexander Schimpf</a> and <a href="./authors/smaus">Jan-Georg Smaus</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Roy_Floyd_Warshall.html">Transitive closure according to Roy-Floyd-Warshall</a></h5> <br>
by <a href="./authors/wenzel">Makarius Wenzel</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Noninterference_CSP.html">Noninterference Security in Communicating Sequential Processes</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
May 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Regular_Algebras.html">Regular Algebras</a></h5> <br>
by <a href="./authors/fosters">Simon Foster</a> and <a href="./authors/struth">Georg Struth</a></div>
<span class="date">
May 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ComponentDependencies.html">Formalisation and Analysis of Component Dependencies</a></h5> <br>
by <a href="./authors/spichkova">Maria Spichkova</a></div>
<span class="date">
Apr 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Strong_Security.html">A Formalization of Strong Security</a></h5> <br>
by <a href="./authors/grewe">Sylvia Grewe</a>, <a href="./authors/lux">Alexander Lux</a>, <a href="./authors/mantel">Heiko Mantel</a> and <a href="./authors/sauer">Jens Sauer</a></div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/WHATandWHERE_Security.html">A Formalization of Declassification with WHAT-and-WHERE-Security</a></h5> <br>
by <a href="./authors/grewe">Sylvia Grewe</a>, <a href="./authors/lux">Alexander Lux</a>, <a href="./authors/mantel">Heiko Mantel</a> and <a href="./authors/sauer">Jens Sauer</a></div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SIFUM_Type_Systems.html">A Formalization of Assumptions and Guarantees for Compositional Noninterference</a></h5> <br>
by <a href="./authors/grewe">Sylvia Grewe</a>, <a href="./authors/mantel">Heiko Mantel</a> and <a href="./authors/schoepe">Daniel Schoepe</a></div>
<span class="date">
Apr 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Bounded_Deducibility_Security.html">Bounded-Deducibility Security</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a>, <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/bauereiss">Thomas Bauereiss</a></div>
<span class="date">
Apr 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Abstract_Completeness.html">Abstract Completeness</a></h5> <br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a>, <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Apr 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/HyperCTL.html">A shallow embedding of HyperCTL*</a></h5> <br>
by <a href="./authors/rabe">Markus N. Rabe</a>, <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/popescu">Andrei Popescu</a></div>
<span class="date">
Apr 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Discrete_Summation.html">Discrete Summation</a></h5> <br>
by <a href="./authors/haftmann">Florian Haftmann</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/GPU_Kernel_PL.html">Syntax and semantics of a GPU kernel programming language</a></h5> <br>
by <a href="./authors/wickerson">John Wickerson</a></div>
<span class="date">
Apr 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Probabilistic_Noninterference.html">Probabilistic Noninterference</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
Mar 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AWN.html">Mechanization of the Algebra for Wireless Networks (AWN)</a></h5> <br>
by <a href="./authors/bourke">Timothy Bourke</a></div>
<span class="date">
Mar 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Partial_Function_MR.html">Mutually Recursive Partial Functions</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Random_Graph_Subgraph_Threshold.html">Properties of Random Graphs -- Subgraph Containment</a></h5> <br>
by <a href="./authors/hupel">Lars Hupel</a></div>
<span class="date">
Feb 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Selection_Heap_Sort.html">Verification of Selection and Heap Sort Using Locales</a></h5> <br>
by <a href="./authors/petrovic">Danijela Petrovic</a></div>
<span class="date">
Feb 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Affine_Arithmetic.html">Affine Arithmetic</a></h5> <br>
by <a href="./authors/immler">Fabian Immler</a></div>
<span class="date">
Feb 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Real_Impl.html">Implementing field extensions of the form Q[sqrt(b)]</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Regex_Equivalence.html">Unified Decision Procedures for Regular Expression Equivalence</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a> and <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Jan 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Secondary_Sylow.html">Secondary Sylow Theorems</a></h5> <br>
by <a href="./authors/raumer">Jakob von Raumer</a></div>
<span class="date">
Jan 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Relation_Algebra.html">Relation Algebra</a></h5> <br>
by <a href="./authors/armstrong">Alasdair Armstrong</a>, <a href="./authors/fosters">Simon Foster</a>, <a href="./authors/struth">Georg Struth</a> and <a href="./authors/weber">Tjark Weber</a></div>
<span class="date">
Jan 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/KAT_and_DRA.html">Kleene Algebra with Tests and Demonic Refinement Algebras</a></h5> <br>
by <a href="./authors/armstrong">Alasdair Armstrong</a>, <a href="./authors/gomes">Victor B. F. Gomes</a> and <a href="./authors/struth">Georg Struth</a></div>
<span class="date">
Jan 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Featherweight_OCL.html">Featherweight OCL: A Proposal for a Machine-Checked Formal Semantics for OCL 2.5</a></h5> <br>
by <a href="./authors/brucker">Achim D. Brucker</a>, <a href="./authors/tuong">Frédéric Tuong</a> and <a href="./authors/wolff">Burkhart Wolff</a></div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sturm_Sequences.html">Sturm&#39;s Theorem</a></h5> <br>
by <a href="./authors/eberl">Manuel Eberl</a></div>
<span class="date">
Jan 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CryptoBasedCompositionalProperties.html">Compositional Properties of Crypto-Based Components</a></h5> <br>
by <a href="./authors/spichkova">Maria Spichkova</a></div>
<span class="date">
Jan 11
</span>
</article></div><div>
<h2 class="year">2013</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Tail_Recursive_Functions.html">A General Method for the Proof of Theorems on Tail-recursive Functions</a></h5> <br>
by <a href="./authors/noce">Pasquale Noce</a></div>
<span class="date">
Dec 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/HereditarilyFinite.html">The Hereditarily Finite Sets</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Nov 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Incompleteness.html">Gödel&#39;s Incompleteness Theorems</a></h5> <br>
by <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Nov 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Coinductive_Languages.html">A Codatatype of Formal Languages</a></h5> <br>
by <a href="./authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Nov 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FocusStreamsCaseStudies.html">Stream Processing Components: Isabelle/HOL Formalisation and Case Studies</a></h5> <br>
by <a href="./authors/spichkova">Maria Spichkova</a></div>
<span class="date">
Nov 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/GoedelGod.html">Gödel&#39;s God in Isabelle/HOL</a></h5> <br>
by <a href="./authors/benzmueller">Christoph Benzmüller</a> and <a href="./authors/paleo">Bruno Woltzenlogel Paleo</a></div>
<span class="date">
Nov 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Decreasing-Diagrams.html">Decreasing Diagrams</a></h5> <br>
by <a href="./authors/zankl">Harald Zankl</a></div>
<span class="date">
Nov 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Automatic_Refinement.html">Automatic Data Refinement</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Oct 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Native_Word.html">Native Word</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Sep 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/IEEE_Floating_Point.html">A Formal Model of IEEE Floating Point Arithmetic</a></h5> <br>
by <a href="./authors/yu">Lei Yu</a></div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Pratt_Certificate.html">Pratt&#39;s Primality Certificates</a></h5> <br>
by <a href="./authors/wimmer">Simon Wimmer</a> and <a href="./authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Jul 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lehmer.html">Lehmer&#39;s Theorem</a></h5> <br>
by <a href="./authors/wimmer">Simon Wimmer</a> and <a href="./authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Jul 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Koenigsberg_Friendship.html">The Königsberg Bridge Problem and the Friendship Theorem</a></h5> <br>
by <a href="./authors/li">Wenda Li</a></div>
<span class="date">
Jul 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sort_Encodings.html">Sound and Complete Sort Encodings for First-Order Logic</a></h5> <br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a> and <a href="./authors/popescu">Andrei Popescu</a></div>
<span class="date">
Jun 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ShortestPath.html">An Axiomatic Characterization of the Single-Source Shortest Path Problem</a></h5> <br>
by <a href="./authors/rizkallah">Christine Rizkallah</a></div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Graph_Theory.html">Graph Theory</a></h5> <br>
by <a href="./authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Apr 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Containers.html">Light-weight Containers</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Apr 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Nominal2.html">Nominal 2</a></h5> <br>
by <a href="./authors/urban">Christian Urban</a>, <a href="./authors/berghofer">Stefan Berghofer</a> and <a href="./authors/kaliszyk">Cezary Kaliszyk</a></div>
<span class="date">
Feb 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Launchbury.html">The Correctness of Launchbury&#39;s Natural Semantics for Lazy Evaluation</a></h5> <br>
by <a href="./authors/breitner">Joachim Breitner</a></div>
<span class="date">
Jan 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ribbon_Proofs.html">Ribbon Proofs</a></h5> <br>
by <a href="./authors/wickerson">John Wickerson</a></div>
<span class="date">
Jan 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Rank_Nullity_Theorem.html">Rank-Nullity Theorem in Linear Algebra</a></h5> <br>
by <a href="./authors/divason">Jose Divasón</a> and <a href="./authors/aransay">Jesús Aransay</a></div>
<span class="date">
Jan 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Kleene_Algebra.html">Kleene Algebra</a></h5> <br>
by <a href="./authors/armstrong">Alasdair Armstrong</a>, <a href="./authors/struth">Georg Struth</a> and <a href="./authors/weber">Tjark Weber</a></div>
<span class="date">
Jan 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Sqrt_Babylonian.html">Computing N-th Roots using the Babylonian Method</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Jan 03
</span>
</article></div><div>
<h2 class="year">2012</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Separation_Logic_Imperative_HOL.html">A Separation Logic Framework for Imperative HOL</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/meis">Rene Meis</a></div>
<span class="date">
Nov 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Open_Induction.html">Open Induction</a></h5> <br>
by <a href="./authors/ogawa">Mizuhito Ogawa</a> and <a href="./authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Nov 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Tarskis_Geometry.html">The independence of Tarski&#39;s Euclidean axiom</a></h5> <br>
by <a href="./authors/makarios">T. J. M. Makarios</a></div>
<span class="date">
Oct 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Bondy.html">Bondy&#39;s Theorem</a></h5> <br>
by <a href="./authors/avigad">Jeremy Avigad</a> and <a href="./authors/hetzl">Stefan Hetzl</a></div>
<span class="date">
Oct 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Possibilistic_Noninterference.html">Possibilistic Noninterference</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a> and <a href="./authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
Sep 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Datatype_Order_Generator.html">Generating linear orders for datatypes</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Aug 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Impossible_Geometry.html">Proving the Impossibility of Trisecting an Angle and Doubling the Cube</a></h5> <br>
by <a href="./authors/romanos">Ralph Romanos</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Aug 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Heard_Of.html">Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model</a></h5> <br>
by <a href="./authors/debrat">Henri Debrat</a> and <a href="./authors/merz">Stephan Merz</a></div>
<span class="date">
Jul 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PCF.html">Logical Relations for PCF</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a></div>
<span class="date">
Jul 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Tycon.html">Type Constructor Classes and Monad Transformers</a></h5> <br>
by <a href="./authors/huffman">Brian Huffman</a></div>
<span class="date">
Jun 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Pi_Calculus.html">The pi-calculus in nominal logic</a></h5> <br>
by <a href="./authors/bengtson">Jesper Bengtson</a></div>
<span class="date">
May 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Psi_Calculi.html">Psi-calculi in Isabelle</a></h5> <br>
by <a href="./authors/bengtson">Jesper Bengtson</a></div>
<span class="date">
May 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CCS.html">CCS in nominal logic</a></h5> <br>
by <a href="./authors/bengtson">Jesper Bengtson</a></div>
<span class="date">
May 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Circus.html">Isabelle/Circus</a></h5> <br>
by <a href="./authors/feliachi">Abderrahmane Feliachi</a>, <a href="./authors/wolff">Burkhart Wolff</a> and <a href="./authors/gaudel">Marie-Claude Gaudel</a></div>
<span class="date">
May 27
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Separation_Algebra.html">Separation Algebra</a></h5> <br>
by <a href="./authors/klein">Gerwin Klein</a>, <a href="./authors/kolanski">Rafal Kolanski</a> and <a href="./authors/boyton">Andrew Boyton</a></div>
<span class="date">
May 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stuttering_Equivalence.html">Stuttering Equivalence</a></h5> <br>
by <a href="./authors/merz">Stephan Merz</a></div>
<span class="date">
May 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Inductive_Confidentiality.html">Inductive Study of Confidentiality</a></h5> <br>
by <a href="./authors/bella">Giampaolo Bella</a></div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ordinary_Differential_Equations.html">Ordinary Differential Equations</a></h5> <br>
by <a href="./authors/immler">Fabian Immler</a> and <a href="./authors/hoelzl">Johannes Hölzl</a></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Well_Quasi_Orders.html">Well-Quasi-Orders</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Apr 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Abortable_Linearizable_Modules.html">Abortable Linearizable Modules</a></h5> <br>
by <a href="./authors/guerraoui">Rachid Guerraoui</a>, <a href="./authors/kuncak">Viktor Kuncak</a> and <a href="./authors/losa">Giuliano Losa</a></div>
<span class="date">
Mar 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Transitive-Closure-II.html">Executable Transitive Closures</a></h5> <br>
by <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Feb 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Girth_Chromatic.html">A Probabilistic Proof of the Girth-Chromatic Number Theorem</a></h5> <br>
by <a href="./authors/noschinski">Lars Noschinski</a></div>
<span class="date">
Feb 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Refine_Monadic.html">Refinement for Monadic Programs</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Jan 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Dijkstra_Shortest_Path.html">Dijkstra&#39;s Shortest Path Algorithm</a></h5> <br>
by <a href="./authors/nordhoff">Benedikt Nordhoff</a> and <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Jan 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Markov_Models.html">Markov Models</a></h5> <br>
by <a href="./authors/hoelzl">Johannes Hölzl</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jan 03
</span>
</article></div><div>
<h2 class="year">2011</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/TLA.html">A Definitional Encoding of TLA* in Isabelle/HOL</a></h5> <br>
by <a href="./authors/grov">Gudmund Grov</a> and <a href="./authors/merz">Stephan Merz</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Efficient-Mergesort.html">Efficient Mergesort</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a></div>
<span class="date">
Nov 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/PseudoHoops.html">Pseudo Hoops</a></h5> <br>
by <a href="./authors/georgescu">George Georgescu</a>, <a href="./authors/leustean">Laurentiu Leustean</a> and <a href="./authors/preoteasa">Viorel Preoteasa</a></div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LatticeProperties.html">Lattice Properties</a></h5> <br>
by <a href="./authors/preoteasa">Viorel Preoteasa</a></div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MonoBoolTranAlgebra.html">Algebra of Monotonic Boolean Transformers</a></h5> <br>
by <a href="./authors/preoteasa">Viorel Preoteasa</a></div>
<span class="date">
Sep 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Myhill-Nerode.html">The Myhill-Nerode Theorem Based on Regular Expressions</a></h5> <br>
by <a href="./authors/wu">Chunhan Wu</a>, <a href="./authors/zhangx">Xingyuan Zhang</a> and <a href="./authors/urban">Christian Urban</a></div>
<span class="date">
Aug 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Gauss-Jordan-Elim-Fun.html">Gauss-Jordan Elimination for Matrices Represented as Functions</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Max-Card-Matching.html">Maximum Cardinality Matching</a></h5> <br>
by <a href="./authors/rizkallah">Christine Rizkallah</a></div>
<span class="date">
Jul 21
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/KBPs.html">Knowledge-based programs</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a></div>
<span class="date">
May 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/General-Triangle.html">The General Triangle Is Unique</a></h5> <br>
by <a href="./authors/breitner">Joachim Breitner</a></div>
<span class="date">
Apr 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Transitive-Closure.html">Executable Transitive Closures of Finite Relations</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Mar 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Nat-Interval-Logic.html">Interval Temporal Logic on Natural Numbers</a></h5> <br>
by <a href="./authors/trachtenherz">David Trachtenherz</a></div>
<span class="date">
Feb 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/List-Infinite.html">Infinite Lists</a></h5> <br>
by <a href="./authors/trachtenherz">David Trachtenherz</a></div>
<span class="date">
Feb 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AutoFocus-Stream.html">AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics</a></h5> <br>
by <a href="./authors/trachtenherz">David Trachtenherz</a></div>
<span class="date">
Feb 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LightweightJava.html">Lightweight Java</a></h5> <br>
by <a href="./authors/strnisa">Rok Strniša</a> and <a href="./authors/parkinson">Matthew Parkinson</a></div>
<span class="date">
Feb 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/RIPEMD-160-SPARK.html">RIPEMD-160</a></h5> <br>
by <a href="./authors/immler">Fabian Immler</a></div>
<span class="date">
Jan 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lower_Semicontinuous.html">Lower Semicontinuous Functions</a></h5> <br>
by <a href="./authors/grechuk">Bogdan Grechuk</a></div>
<span class="date">
Jan 08
</span>
</article></div><div>
<h2 class="year">2010</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Marriage.html">Hall&#39;s Marriage Theorem</a></h5> <br>
by <a href="./authors/jiangd">Dongchen Jiang</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Dec 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Shivers-CFA.html">Shivers&#39; Control Flow Analysis</a></h5> <br>
by <a href="./authors/breitner">Joachim Breitner</a></div>
<span class="date">
Nov 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Binomial-Queues.html">Functional Binomial Queues</a></h5> <br>
by <a href="./authors/neumann">René Neumann</a></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Finger-Trees.html">Finger Trees</a></h5> <br>
by <a href="./authors/nordhoff">Benedikt Nordhoff</a>, <a href="./authors/koerner">Stefan Körner</a> and <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Binomial-Heaps.html">Binomial Heaps and Skew Binomial Heaps</a></h5> <br>
by <a href="./authors/meis">Rene Meis</a>, <a href="./authors/nielsen">Finn Nielsen</a> and <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Oct 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lam-ml-Normalization.html">Strong Normalization of Moggis&#39;s Computational Metalanguage</a></h5> <br>
by <a href="./authors/doczkal">Christian Doczkal</a></div>
<span class="date">
Aug 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Polynomials.html">Executable Multivariate Polynomials</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a>, <a href="./authors/thiemann">René Thiemann</a>, <a href="./authors/maletzky">Alexander Maletzky</a>, <a href="./authors/immler">Fabian Immler</a>, <a href="./authors/haftmann">Florian Haftmann</a>, <a href="./authors/lochbihler">Andreas Lochbihler</a> and <a href="./authors/bentkamp">Alexander Bentkamp</a></div>
<span class="date">
Aug 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Statecharts.html">Formalizing Statecharts using Hierarchical Automata</a></h5> <br>
by <a href="./authors/helke">Steffen Helke</a> and <a href="./authors/kammueller">Florian Kammüller</a></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Free-Groups.html">Free Groups</a></h5> <br>
by <a href="./authors/breitner">Joachim Breitner</a></div>
<span class="date">
Jun 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Category2.html">Category Theory</a></h5> <br>
by <a href="./authors/katovsky">Alexander Katovsky</a></div>
<span class="date">
Jun 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Matrix.html">Executable Matrix Operations on Matrices of Arbitrary Dimensions</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Jun 17
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Abstract-Rewriting.html">Abstract Rewriting</a></h5> <br>
by <a href="./authors/sternagel">Christian Sternagel</a> and <a href="./authors/thiemann">René Thiemann</a></div>
<span class="date">
Jun 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/GraphMarkingIBP.html">Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement</a></h5> <br>
by <a href="./authors/preoteasa">Viorel Preoteasa</a> and <a href="./authors/back">Ralph-Johan Back</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DataRefinementIBP.html">Semantics and Data Refinement of Invariant Based Programs</a></h5> <br>
by <a href="./authors/preoteasa">Viorel Preoteasa</a> and <a href="./authors/back">Ralph-Johan Back</a></div>
<span class="date">
May 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Robbins-Conjecture.html">A Complete Proof of the Robbins Conjecture</a></h5> <br>
by <a href="./authors/doty">Matthew Doty</a></div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Regular-Sets.html">Regular Sets and Expressions</a></h5> <br>
by <a href="./authors/krauss">Alexander Krauss</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
May 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Locally-Nameless-Sigma.html">Locally Nameless Sigma Calculus</a></h5> <br>
by <a href="./authors/henrio">Ludovic Henrio</a>, <a href="./authors/kammueller">Florian Kammüller</a>, <a href="./authors/lutz">Bianca Lutz</a> and <a href="./authors/sudhof">Henry Sudhof</a></div>
<span class="date">
Apr 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Free-Boolean-Algebra.html">Free Boolean Algebra</a></h5> <br>
by <a href="./authors/huffman">Brian Huffman</a></div>
<span class="date">
Mar 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/InformationFlowSlicing_Inter.html">Inter-Procedural Information Flow Noninterference via Slicing</a></h5> <br>
by <a href="./authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Mar 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/InformationFlowSlicing.html">Information Flow Noninterference via Slicing</a></h5> <br>
by <a href="./authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Mar 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/List-Index.html">List Index</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Coinductive.html">Coinductive</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Feb 12
</span>
</article></div><div>
<h2 class="year">2009</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DPT-SAT-Solver.html">A Fast SAT Solver for Isabelle in Standard ML</a></h5> <br>
by <a href="./authors/heller">Armin Heller</a></div>
<span class="date">
Dec 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Presburger-Automata.html">Formalizing the Logic-Automaton Connection</a></h5> <br>
by <a href="./authors/berghofer">Stefan Berghofer</a> and <a href="./authors/reiter">Markus Reiter</a></div>
<span class="date">
Dec 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Tree-Automata.html">Tree Automata</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Nov 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Collections.html">Collections Framework</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a></div>
<span class="date">
Nov 25
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Perfect-Number-Thm.html">Perfect Number Theorem</a></h5> <br>
by <a href="./authors/ijbema">Mark Ijbema</a></div>
<span class="date">
Nov 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/HRB-Slicing.html">Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer</a></h5> <br>
by <a href="./authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Nov 13
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/WorkerWrapper.html">The Worker/Wrapper Transformation</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a></div>
<span class="date">
Oct 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ordinals_and_Cardinals.html">Ordinals and Cardinals</a></h5> <br>
by <a href="./authors/popescu">Andrei Popescu</a></div>
<span class="date">
Sep 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SequentInvertibility.html">Invertibility in Sequent Calculi</a></h5> <br>
by <a href="./authors/chapman">Peter Chapman</a></div>
<span class="date">
Aug 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CofGroups.html">An Example of a Cofinitary Group in Isabelle/HOL</a></h5> <br>
by <a href="./authors/kastermans">Bart Kastermans</a></div>
<span class="date">
Aug 04
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FinFun.html">Code Generation for Functions as Data</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
May 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Stream-Fusion.html">Stream Fusion</a></h5> <br>
by <a href="./authors/huffman">Brian Huffman</a></div>
<span class="date">
Apr 29
</span>
</article></div><div>
<h2 class="year">2008</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BytecodeLogicJmlTypes.html">A Bytecode Logic for JML and Types</a></h5> <br>
by <a href="./authors/beringer">Lennart Beringer</a> and <a href="./authors/hofmann">Martin Hofmann</a></div>
<span class="date">
Dec 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SIFPL.html">Secure information flow and program logics</a></h5> <br>
by <a href="./authors/beringer">Lennart Beringer</a> and <a href="./authors/hofmann">Martin Hofmann</a></div>
<span class="date">
Nov 10
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SenSocialChoice.html">Some classical results in Social Choice Theory</a></h5> <br>
by <a href="./authors/gammie">Peter Gammie</a></div>
<span class="date">
Nov 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FunWithTilings.html">Fun With Tilings</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a> and <a href="./authors/paulson">Lawrence C. Paulson</a></div>
<span class="date">
Nov 07
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Huffman.html">The Textbook Proof of Huffman&#39;s Algorithm</a></h5> <br>
by <a href="./authors/blanchette">Jasmin Christian Blanchette</a></div>
<span class="date">
Oct 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Slicing.html">Towards Certified Slicing</a></h5> <br>
by <a href="./authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Sep 16
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/VolpanoSmith.html">A Correctness Proof for the Volpano/Smith Security Typing System</a></h5> <br>
by <a href="./authors/snelting">Gregor Snelting</a> and <a href="./authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
Sep 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ArrowImpossibilityGS.html">Arrow and Gibbard-Satterthwaite</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Sep 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FunWithFunctions.html">Fun With Functions</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SATSolverVerification.html">Formal Verification of Modern SAT Solvers</a></h5> <br>
by <a href="./authors/maricf">Filip Marić</a></div>
<span class="date">
Jul 23
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Recursion-Theory-I.html">Recursion Theory I</a></h5> <br>
by <a href="./authors/nedzelsky">Michael Nedzelsky</a></div>
<span class="date">
Apr 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BDD.html">BDD Normalisation</a></h5> <br>
by <a href="./authors/ortner">Veronika Ortner</a> and <a href="./authors/schirmer">Norbert Schirmer</a></div>
<span class="date">
Feb 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Simpl.html">A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</a></h5> <br>
by <a href="./authors/schirmer">Norbert Schirmer</a></div>
<span class="date">
Feb 29
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/NormByEval.html">Normalization by Evaluation</a></h5> <br>
by <a href="./authors/aehlig">Klaus Aehlig</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Feb 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/LinearQuantifierElim.html">Quantifier Elimination for Linear Arithmetic</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jan 11
</span>
</article></div><div>
<h2 class="year">2007</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Program-Conflict-Analysis.html">Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors</a></h5> <br>
by <a href="./authors/lammich">Peter Lammich</a> and <a href="./authors/olm">Markus Müller-Olm</a></div>
<span class="date">
Dec 14
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/JinjaThreads.html">Jinja with Threads</a></h5> <br>
by <a href="./authors/lochbihler">Andreas Lochbihler</a></div>
<span class="date">
Dec 03
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MuchAdoAboutTwo.html">Much Ado About Two</a></h5> <br>
by <a href="./authors/boehme">Sascha Böhme</a></div>
<span class="date">
Nov 06
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/SumSquares.html">Sums of Two and Four Squares</a></h5> <br>
by <a href="./authors/oosterhuis">Roelof Oosterhuis</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Fermat3_4.html">Fermat&#39;s Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples</a></h5> <br>
by <a href="./authors/oosterhuis">Roelof Oosterhuis</a></div>
<span class="date">
Aug 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Valuation.html">Fundamental Properties of Valuation Theory and Hensel&#39;s Lemma</a></h5> <br>
by <a href="./authors/kobayashi">Hidetsune Kobayashi</a></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/POPLmark-deBruijn.html">POPLmark Challenge Via de Bruijn Indices</a></h5> <br>
by <a href="./authors/berghofer">Stefan Berghofer</a></div>
<span class="date">
Aug 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FOL-Fitting.html">First-Order Logic According to Fitting</a></h5> <br>
by <a href="./authors/berghofer">Stefan Berghofer</a></div>
<span class="date">
Aug 02
</span>
</article></div><div>
<h2 class="year">2006</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/HotelKeyCards.html">Hotel Key Card System</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Sep 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Abstract-Hoare-Logics.html">Abstract Hoare Logics</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Aug 08
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Flyspeck-Tame.html">Flyspeck I: Tame Graphs</a></h5> <br>
by <a href="./authors/bauer">Gertrud Bauer</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
May 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/CoreC&#43;&#43;.html">CoreC&#43;&#43;</a></h5> <br>
by <a href="./authors/wasserrab">Daniel Wasserrab</a></div>
<span class="date">
May 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FeatherweightJava.html">A Theory of Featherweight Java in Isabelle/HOL</a></h5> <br>
by <a href="./authors/fosterj">J. Nathan Foster</a> and <a href="./authors/vytiniotis">Dimitrios Vytiniotis</a></div>
<span class="date">
Mar 31
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/ClockSynchInst.html">Instances of Schneider&#39;s generalized protocol of clock synchronization</a></h5> <br>
by <a href="./authors/barsotti">Damián Barsotti</a></div>
<span class="date">
Mar 15
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Cauchy.html">Cauchy&#39;s Mean Theorem and the Cauchy-Schwarz Inequality</a></h5> <br>
by <a href="./authors/porter">Benjamin Porter</a></div>
<span class="date">
Mar 14
</span>
</article></div><div>
<h2 class="year">2005</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ordinal.html">Countable Ordinals</a></h5> <br>
by <a href="./authors/huffman">Brian Huffman</a></div>
<span class="date">
Nov 11
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FFT.html">Fast Fourier Transform</a></h5> <br>
by <a href="./authors/ballarin">Clemens Ballarin</a></div>
<span class="date">
Oct 12
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/GenClock.html">Formalization of a Generalized Protocol for Clock Synchronization</a></h5> <br>
by <a href="./authors/tiu">Alwen Tiu</a></div>
<span class="date">
Jun 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/DiskPaxos.html">Proving the Correctness of Disk Paxos</a></h5> <br>
by <a href="./authors/jaskelioff">Mauro Jaskelioff</a> and <a href="./authors/merz">Stephan Merz</a></div>
<span class="date">
Jun 22
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/JiveDataStoreModel.html">Jive Data and Store Model</a></h5> <br>
by <a href="./authors/rauch">Nicole Rauch</a> and <a href="./authors/schirmer">Norbert Schirmer</a></div>
<span class="date">
Jun 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Jinja.html">Jinja is not Java</a></h5> <br>
by <a href="./authors/klein">Gerwin Klein</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jun 01
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/RSAPSS.html">SHA1, RSA, PSS and more</a></h5> <br>
by <a href="./authors/lindenberg">Christina Lindenberg</a> and <a href="./authors/wirt">Kai Wirt</a></div>
<span class="date">
May 02
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Category.html">Category Theory to Yoneda&#39;s Lemma</a></h5> <br>
by <a href="./authors/keefe">Greg O&rsquo;Keefe</a></div>
<span class="date">
Apr 21
</span>
</article></div><div>
<h2 class="year">2004</h2>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/FileRefinement.html">File Refinement</a></h5> <br>
by <a href="./authors/zee">Karen Zee</a> and <a href="./authors/kuncak">Viktor Kuncak</a></div>
<span class="date">
Dec 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Integration.html">Integration theory and random variables</a></h5> <br>
by <a href="./authors/richter">Stefan Richter</a></div>
<span class="date">
Nov 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Verified-Prover.html">A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic</a></h5> <br>
by <a href="./authors/ridge">Tom Ridge</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Ramsey-Infinite.html">Ramsey&#39;s theorem, infinitary version</a></h5> <br>
by <a href="./authors/ridge">Tom Ridge</a></div>
<span class="date">
Sep 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Completeness.html">Completeness theorem</a></h5> <br>
by <a href="./authors/margetson">James Margetson</a> and <a href="./authors/ridge">Tom Ridge</a></div>
<span class="date">
Sep 20
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Compiling-Exceptions-Correctly.html">Compiling Exceptions Correctly</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Jul 09
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Depth-First-Search.html">Depth First Search</a></h5> <br>
by <a href="./authors/nishihara">Toshiaki Nishihara</a> and <a href="./authors/minamide">Yasuhiko Minamide</a></div>
<span class="date">
Jun 24
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Group-Ring-Module.html">Groups, Rings and Modules</a></h5> <br>
by <a href="./authors/kobayashi">Hidetsune Kobayashi</a>, <a href="./authors/chen">L. Chen</a> and <a href="./authors/murao">H. Murao</a></div>
<span class="date">
May 18
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Topology.html">Topology</a></h5> <br>
by <a href="./authors/friedrich">Stefan Friedrich</a></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Lazy-Lists-II.html">Lazy Lists II</a></h5> <br>
by <a href="./authors/friedrich">Stefan Friedrich</a></div>
<span class="date">
Apr 26
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/BinarySearchTree.html">Binary Search Trees</a></h5> <br>
by <a href="./authors/kuncak">Viktor Kuncak</a></div>
<span class="date">
Apr 05
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/Functional-Automata.html">Functional Automata</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Mar 30
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/MiniML.html">Mini ML</a></h5> <br>
by <a href="./authors/naraschewski">Wolfgang Naraschewski</a> and <a href="./authors/nipkow">Tobias Nipkow</a></div>
<span class="date">
Mar 19
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="./entries/AVL-Trees.html">AVL Trees</a></h5> <br>
by <a href="./authors/nipkow">Tobias Nipkow</a> and <a href="./authors/pusch">Cornelia Pusch</a></div>
<span class="date">
Mar 19
</span>
</article></div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/index.json b/web/index.json
--- a/web/index.json
+++ b/web/index.json
@@ -1,14324 +1,14344 @@
[
{
+ "abstract": "This formalization includes a general framework for query optimization consisting of the definitions of selectivities, query graphs, join trees, and cost functions. Furthermore, it implements the join ordering algorithm IKKBZ using these definitions. It verifies the correctness of these definitions and proves that IKKBZ produces an optimal solution within a restricted solution space.",
+ "authors": [
+ "Lukas Stevens",
+ "Bernhard Stöckl"
+ ],
+ "date": "2022-10-04",
+ "id": 0,
+ "link": "/entries/Query_Optimization.html",
+ "permalink": "/entries/Query_Optimization.html",
+ "shortname": "Query_Optimization",
+ "title": "Verification of Query Optimization Algorithms",
+ "topic_links": [
+ "computer-science/data-management-systems"
+ ],
+ "topics": [
+ "Computer science/Data management systems"
+ ],
+ "used_by": 0
+ },
+ {
"abstract": "In this work we consider the \u003ca href=\"https://en.wikipedia.org/wiki/Maximum_subarray_problem\"\u003emaximum segment sum\u003c/a\u003e problem, that is to compute, given a list of numbers, the largest of the sums of the contiguous segments of that list. We assume that the elements of the list are not necessarily numbers but just elements of some linearly ordered group. Both a naive algorithm ($\\mathcal{O}(n^2)$) and \u003ca href=\"https://en.wikipedia.org/wiki/Maximum_subarray_problem#Kadane's_algorithm\"\u003eKadane's algorithm\u003c/a\u003e ($\\mathcal{O}(n)$) are given and their correctness is proved.",
"authors": [
"Nils Cremer"
],
"date": "2022-09-29",
- "id": 0,
+ "id": 1,
"link": "/entries/Maximum_Segment_Sum.html",
"permalink": "/entries/Maximum_Segment_Sum.html",
"shortname": "Maximum_Segment_Sum",
"title": "Maximum Segment Sum",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "This entry presents a general library for undirected graph theory - enabling reasoning on simple graphs and undirected graphs with loops. It primarily is inspired by Noschinski's basic ugraph definition in the \u003ca href=\"/entries/Girth_Chromatic.html\"\u003eGirth Chromatic Entry\u003c/a\u003e, however generalises it in a number of ways and significantly expands on the range of basic graph theory definitions formalised. Notably, this library removes the constraint of vertices being a type synonym with the natural numbers which causes issues in more complex mathematical reasoning using graphs, such as the Balog Szemeredi Gowers theorem which this library is used for. Secondly this library also presents a locale-centric approach, enabling more concise, flexible, and reusable modelling of different types of graphs. Using this approach enables easy links to be made with more expansive formalisations of other combinatorial structures, such as incidence systems, as well as various types of formal representations of graphs. Further inspiration is also taken from Noschinski's Directed Graph library for some proofs and definitions on walks, paths and cycles, however these are much simplified using the set based representation of graphs, and also extended on in this formalisation.",
"authors": [
"Chelsea Edmonds"
],
"date": "2022-09-29",
- "id": 1,
+ "id": 2,
"link": "/entries/Undirected_Graph_Theory.html",
"permalink": "/entries/Undirected_Graph_Theory.html",
"shortname": "Undirected_Graph_Theory",
"title": "Undirected Graph Theory",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "The relational calculus (RC), i.e., first-order logic with equality but without function symbols, is a concise, declarative database query language. In contrast to relational algebra or SQL, which are the traditional query languages of choice in the database community, RC queries can evaluate to an infinite relation. Moreover, even in cases where the evaluation result of an RC query would be finite it is not clear how to efficiently compute it. Safe-range RC is an interesting syntactic subclass of RC, because all safe-range queries evaluate to a finite result and it is \u003ca href=\"http://webdam.inria.fr/Alice/pdfs/Chapter-5.pdf\"\u003ewell-known\u003c/a\u003e how to evaluate such queries by translating them to relational algebra. We formalize and prove correct \u003ca href=\"https://doi.org/10.4230/LIPIcs.ICDT.2022.11\"\u003eour recent translation\u003c/a\u003e of an arbitrary RC query into a pair of safe-range queries. Assuming an infinite domain, the two queries have the following meaning: The first is closed and characterizes the original query's relative safety, i.e., whether given a fixed database (interpretation of atomic predicates with finite relations), the original query evaluates to a finite relation. The second safe-range query is equivalent to the original query, if the latter is relatively safe. The formalization uses the Refinement Framework to go from the non-deterministic algorithm described in the paper to a deterministic, executable query translation. Our executable query translation is a first step towards a verified tool that efficiently evaluates arbitrary RC queries. This very problem is also solved by the AFP entry \u003ca href=\"https://isa-afp.org/entries/Eval_FO.html\"\u003eEval_FO\u003c/a\u003e with a theoretically incomparable but practically worse time complexity. (The latter is demonstrated by \u003ca href=\"https://doi.org/10.4230/LIPIcs.ICDT.2022.11\"\u003eour empirical evaluation\u003c/a\u003e.)",
"authors": [
"Martin Raszyk",
"Dmitriy Traytel"
],
"date": "2022-09-28",
- "id": 2,
+ "id": 3,
"link": "/entries/Safe_Range_RC.html",
"permalink": "/entries/Safe_Range_RC.html",
"shortname": "Safe_Range_RC",
"title": "Making Arbitrary Relational Calculus Queries Safe-Range",
"topic_links": [
"computer-science/data-management-systems",
"logic/general-logic/classical-first-order-logic"
],
"topics": [
"Computer science/Data management systems",
"Logic/General logic/Classical first-order logic"
],
"used_by": 0
},
{
"abstract": "This work is a formalization of Stalnaker's epistemic logic with countably many agents and its soundness and completeness theorems, as well as the equivalence between the axiomatization of S4 available in the Epistemic Logic theory and the topological one. It builds on the Epistemic Logic theory.",
"authors": [
"Laura P. Gamboa Guzman"
],
"date": "2022-09-23",
- "id": 3,
+ "id": 4,
"link": "/entries/Stalnaker_Logic.html",
"permalink": "/entries/Stalnaker_Logic.html",
"shortname": "Stalnaker_Logic",
"title": "Stalnaker's Epistemic Logic",
"topic_links": [
"logic/general-logic/logics-of-knowledge-and-belief"
],
"topics": [
"Logic/General logic/Logics of knowledge and belief"
],
"used_by": 0
},
{
"abstract": "The field of p-adic numbers for a prime integer p is constructed. Basic facts about p-adic topology including Hensel's Lemma are proved, building on a prior submission by the author. The theory of semialgebraic sets and semialgebraic functions on cartesian powers of p-adic fields is also developed, following a formalization of these concepts due to Denef. This is done towards a formalization of Denef's proof of Macintyre's quantifier elimination theorem for p-adic fields. Theories developing general multivariable polynomial rings over a commutative ring are developed, as well as some general theory of cartesian powers of an arbitrary ring.",
"authors": [
"Aaron Crighton"
],
"date": "2022-09-22",
- "id": 4,
+ "id": 5,
"link": "/entries/Padic_Field.html",
"permalink": "/entries/Padic_Field.html",
"shortname": "Padic_Field",
"title": "p-adic Fields and p-adic Semialgebraic Sets",
"topic_links": [
"mathematics/number-theory",
"mathematics/algebra"
],
"topics": [
"Mathematics/Number theory",
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "We construct an abstract ledger supporting the \u003cem\u003erisk-free lending\u003c/em\u003e protocol. The risk-free lending protocol is a system for issuing and exchanging novel financial products we call \u003cem\u003erisk-free loan\u003c/em\u003e. The system allows one party to lend money at 0\u0026#37; APY to another party in exchange for a good or service. On every update of the ledger, accounts have interest distributed to them. Holders of lent assets keep interest accrued by those assets. After distributing interest, the system returns a fixed fraction of each loan. These fixed fractions determine \u003cem\u003eloan periods\u003c/em\u003e. Loans for longer periods have a smaller fixed fraction returned. Loans may be re-lent or used as collateral for other loans. We give a sufficient criterion to enforce all accounts will forever be solvent. We give a protocol for maintaining this invariant when transferring or lending funds. We also show this invariant holds after update. Even though the system does not track counter-party obligations, we show that all credited and debited loans cancel and the monetary supply grows at a specified interest rate.",
"authors": [
"Matthew Doty"
],
"date": "2022-09-18",
- "id": 5,
+ "id": 6,
"link": "/entries/Risk_Free_Lending.html",
"permalink": "/entries/Risk_Free_Lending.html",
"shortname": "Risk_Free_Lending",
"title": "Risk-Free Lending",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "This work is a formalization of soundness and completeness of the Bernays-Tarski axiom system for classical implicational logic. The completeness proof is constructive following the approach by László Kalmár, Elliott Mendelson and others. The result can be extended to full classical propositional logic by uncommenting a few lines for falsehood. ",
"authors": [
"Asta Halkjær From",
"Jørgen Villadsen"
],
"date": "2022-09-13",
- "id": 6,
+ "id": 7,
"link": "/entries/Implicational_Logic.html",
"permalink": "/entries/Implicational_Logic.html",
"shortname": "Implicational_Logic",
"title": "Soundness and Completeness of Implicational Logic",
"topic_links": [
"logic/general-logic/classical-propositional-logic",
"logic/proof-theory"
],
"topics": [
"Logic/General logic/Classical propositional logic",
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "This article formalizes the specification and the algorithm of the cryptographic scheme CRYSTALS-KYBER with multiplication using the Number Theoretic Transform and verifies its (1-δ)-correctness proof. CRYSTALS-KYBER is a key encapsulation mechanism in lattice-based post-quantum cryptography. This entry formalizes the key generation, encryption and decryption algorithms and shows that the algorithm decodes correctly under a highly probable assumption ((1-δ)-correctness). Moreover, the Number Theoretic Transform (NTT) in the case of Kyber and the convolution theorem thereon is formalized.",
"authors": [
"Katharina Kreuzer"
],
"date": "2022-09-08",
- "id": 7,
+ "id": 8,
"link": "/entries/CRYSTALS-Kyber.html",
"permalink": "/entries/CRYSTALS-Kyber.html",
"shortname": "CRYSTALS-Kyber",
"title": "CRYSTALS-Kyber",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "Many separation logics support fractional permissions to distinguish between read and write access to a heap location, for instance, to allow concurrent reads while enforcing exclusive writes. Fractional permissions extend to composite assertions such as (co)inductive predicates and magic wands by allowing those to be multiplied by a fraction. Typical separation logic proofs require that this multiplication has three key properties: it needs to distribute over assertions, it should permit fractions to be factored out from assertions, and two fractions of the same assertion should be combinable into one larger fraction. Existing formal semantics incorporating fractional assertions into a separation logic define multiplication semantically (via models), resulting in a semantics in which distributivity and combinability do not hold for key resource assertions such as magic wands, and fractions cannot be factored out from a separating conjunction. By contrast, existing automatic separation logic verifiers define multiplication syntactically, resulting in a different semantics for which it is unknown whether distributivity and combinability hold for all assertions. In this entry (which accompanies an \u003ca href=\"https://dardinier.me/papers/multiplication.pdf\"\u003eOOPSLA'22 paper\u003c/a\u003e), we present and formalize an unbounded version of separation logic, a novel semantics for separation logic assertions that allows states to hold more than a full permission to a heap location during the evaluation of an assertion. By reimposing upper bounds on the permissions held per location at statement boundaries, we retain key properties of separation logic, in particular, we prove that the frame rule still holds. We also prove that our assertion semantics unifies semantic and syntactic multiplication and thereby reconciles the discrepancy between separation logic theory and tools and enjoys distributivity, factorisability, and combinability.",
"authors": [
"Thibault Dardinier"
],
"date": "2022-09-05",
- "id": 8,
+ "id": 9,
"link": "/entries/Separation_Logic_Unbounded.html",
"permalink": "/entries/Separation_Logic_Unbounded.html",
"shortname": "Separation_Logic_Unbounded",
"title": "Unbounded Separation Logic",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "We formalise the proof of an important theorem in additive combinatorics due to Khovanskii, attesting that the cardinality of the set of all sums of $n$ many elements of $A$, where $A$ is a finite subset of an abelian group, is a polynomial in $n$ for all sufficiently large $n$. We follow a proof due to Nathanson and Ruzsa as presented in the notes “Introduction to Additive Combinatorics” by Timothy Gowers for the University of Cambridge.",
"authors": [
"Angeliki Koutsoukou-Argyraki",
"Lawrence C. Paulson"
],
"date": "2022-09-02",
- "id": 9,
+ "id": 10,
"link": "/entries/Khovanskii_Theorem.html",
"permalink": "/entries/Khovanskii_Theorem.html",
"shortname": "Khovanskii_Theorem",
"title": "Khovanskii\u0026#x27;s Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article is a formalisation of a proof of the Hales–Jewett theorem presented in the textbook \u003cem\u003eRamsey Theory\u003c/em\u003e by Graham et al.\u003c/p\u003e \u003cp\u003eThe Hales–Jewett theorem is a result in Ramsey Theory which states that, for any non-negative integers $r$ and $t$, there exists a minimal dimension $N$, such that any $r$-coloured $N'$-dimensional cube over $t$ elements (with $N' \\geq N$) contains a monochromatic line. This theorem generalises Van der Waerden's Theorem, which has already been formalised in another \u003ca href=\"https://www.isa-afp.org/entries/Van_der_Waerden.html\"\u003eAFP entry\u003c/a\u003e.\u003c/p\u003e",
"authors": [
"Ujkan Sulejmani",
"Manuel Eberl",
"Katharina Kreuzer"
],
"date": "2022-09-02",
- "id": 10,
+ "id": 11,
"link": "/entries/Hales_Jewett.html",
"permalink": "/entries/Hales_Jewett.html",
"shortname": "Hales_Jewett",
"title": "The Hales–Jewett Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry contains an Isabelle formalization of the \u003cem\u003eNumber Theoretic Transform (NTT)\u003c/em\u003e which is the analogue to a \u003cem\u003eDiscrete Fourier Transform (DFT)\u003c/em\u003e over a finite field. Roots of unity in the complex numbers are replaced by those in a finite field. \u003c/p\u003e\u003cp\u003eFirst, we define both \u003cem\u003eNTT\u003c/em\u003e and the inverse transform \u003cem\u003eINTT\u003c/em\u003e in Isabelle and prove them to be mutually inverse. \u003c/p\u003e\u003cp\u003e\u003cem\u003eDFT\u003c/em\u003e can be efficiently computed by the recursive \u003cem\u003eFast Fourier Transform (FFT)\u003c/em\u003e. In our formalization, this algorithm is adapted to the setting of the \u003cem\u003eNTT\u003c/em\u003e: We implement a \u003cem\u003eFast Number Theoretic Transform (FNTT)\u003c/em\u003e based on the Butterfly scheme by Cooley and Tukey. Additionally, we provide an inverse transform \u003cem\u003eIFNTT\u003c/em\u003e and prove it mutually inverse to \u003cem\u003eFNTT\u003c/em\u003e. \u003c/p\u003e\u003cp\u003e Afterwards, a recursive formalization of the \u003cem\u003eFNTT\u003c/em\u003e running time is examined and the famous $O(n \\log n)$ bounds are proven.\u003c/p\u003e",
"authors": [
"Thomas Ammer",
"Katharina Kreuzer"
],
"date": "2022-08-18",
- "id": 11,
+ "id": 12,
"link": "/entries/Number_Theoretic_Transform.html",
"permalink": "/entries/Number_Theoretic_Transform.html",
"shortname": "Number_Theoretic_Transform",
"title": "Number Theoretic Transform",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 1
},
{
"abstract": "We prove the correctness of a sequential algorithm for computing maximal strongly connected components (SCCs) of a graph due to Vincent Bloemen.",
"authors": [
"Stephan Merz",
"Vincent Trélat"
],
"date": "2022-08-17",
- "id": 12,
+ "id": 13,
"link": "/entries/SCC_Bloemen_Sequential.html",
"permalink": "/entries/SCC_Bloemen_Sequential.html",
"shortname": "SCC_Bloemen_Sequential",
"title": "Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "This theory contains the involution-based proof of the two squares theorem from \u003ca href=\"https://dx.doi.org/10.1007/978-3-662-57265-8\"\u003eTHE BOOK\u003c/a\u003e.",
"authors": [
"Maksym Bortin"
],
"date": "2022-08-15",
- "id": 13,
+ "id": 14,
"link": "/entries/Involutions2Squares.html",
"permalink": "/entries/Involutions2Squares.html",
"shortname": "Involutions2Squares",
"title": "From THE BOOK: Two Squares via Involutions",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "This entry provides executable formalisations of complete test generation algorithms for finite state machines. It covers testing for the language-equivalence and reduction conformance relations, supporting the former via the W, Wp, HSI, H, SPY and SPYH-methods, and the latter via adaptive state counting. The test strategies are implemented using generic frameworks, allowing for reuse of shared components between related strategies. This work is described in the author\u0026#x27;s \u003ca href=\"https://doi.org/10.26092/elib/1665\"\u003edoctoral thesis\u003c/a\u003e.",
"authors": [
"Robert Sachtleben"
],
"date": "2022-08-09",
- "id": 14,
+ "id": 15,
"link": "/entries/FSM_Tests.html",
"permalink": "/entries/FSM_Tests.html",
"shortname": "FSM_Tests",
"title": "Verified Complete Test Strategies for Finite State Machines",
"topic_links": [
"computer-science/automata-and-formal-languages",
"computer-science/algorithms"
],
"topics": [
"Computer science/Automata and formal languages",
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "JSON (JavaScript Object Notation) is a common format for exchanging data, based on a collection of key/value-pairs (the JSON objects) and lists. Its syntax is inspired by JavaScript with the aim of being easy to read and write for humans and easy to parse and generate for machines. Despite its origin in the JavaScript world, JSON is language-independent and many programming languages support working with JSON-encoded data. This makes JSON an interesting format for exchanging data with Isabelle/HOL. This AFP entry provides a JSON-like import-expert format for both Isabelle/ML and Isabelle/HOL. On the one hand, this AFP entry provides means for Isabelle/HOL users to work with JSON encoded data without the need using Isabelle/ML. On the other and, the provided Isabelle/ML interfaces allow additional extensions or integration into Isabelle extensions written in Isabelle/ML. While format is not fully JSON compliant (e.g., due to limitations in the range of supported Unicode characters), it works in most situations: the provided implementation in Isabelle/ML and its representation in Isabelle/HOL have been used successfully in several projects for exchanging data sets of several hundredths of megabyte between Isabelle and external tools.",
"authors": [
"Achim D. Brucker"
],
"date": "2022-07-29",
- "id": 15,
+ "id": 16,
"link": "/entries/Nano_JSON.html",
"permalink": "/entries/Nano_JSON.html",
"shortname": "Nano_JSON",
"title": "Nano JSON: Working with JSON formatted data in Isabelle/HOL and Isabelle/ML",
"topic_links": [
"tools",
"computer-science/data-structures"
],
"topics": [
"Tools",
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "Smart contracts are automatically executed programs, usually representing legal agreements such as financial transactions. Thus, bugs in smart contracts can lead to large financial losses. For example, an incorrectly initialized contract was the root cause of the Parity Wallet bug that saw $280M worth of Ether destroyed. Ether is the cryptocurrency of the Ethereum blockchain that uses Solidity for expressing smart contracts. We address this problem by formalizing an executable denotational semantics for Solidity in the interactive theorem prover Isabelle/HOL. This formal semantics builds the foundation of an interactive program verification environment for Solidity programs and allows for inspecting them by (symbolic) execution. We combine the latter with grammar based fuzzing to ensure that our formal semantics complies to the Solidity implementation on the Ethereum Blockchain. Finally, we demonstrate the formal verification of Solidity programs by two examples: constant folding and a simple verified token.",
"authors": [
"Diego Marmsoler",
"Achim D. Brucker"
],
"date": "2022-07-18",
- "id": 16,
+ "id": 17,
"link": "/entries/Solidity.html",
"permalink": "/entries/Solidity.html",
"shortname": "Solidity",
"title": "Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL",
"topic_links": [
"computer-science/programming-languages",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Programming languages",
"Computer science/Semantics and reasoning"
],
"used_by": 0
},
{
"abstract": "A Hermitian matrix is a square complex matrix that is equal to its conjugate transpose. The (finite-dimensional) spectral theorem states that any such matrix can be decomposed into a product of a unitary matrix and a diagonal matrix containing only real elements. We formalize the generalization of this result, which states that any finite set of Hermitian and pairwise commuting matrices can be decomposed as previously, using the same unitary matrix; in other words, they are simultaneously diagonalizable. Sets of pairwise commuting Hermitian matrices are called \u003cem\u003eComplete Sets of Commuting Observables\u003c/em\u003e in Quantum Mechanics, where they represent physical quantities that can be simultaneously measured to uniquely distinguish quantum states.",
"authors": [
"Mnacho Echenim"
],
"date": "2022-07-18",
- "id": 17,
+ "id": 18,
"link": "/entries/Commuting_Hermitian.html",
"permalink": "/entries/Commuting_Hermitian.html",
"shortname": "Commuting_Hermitian",
"title": "Simultaneous diagonalization of pairwise commuting Hermitian matrices",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article provides a formalisation of the Weighted Arithmetic–Geometric Mean Inequality: given non-negative reals $a_1, \\ldots, a_n$ and non-negative weights $w_1, \\ldots, w_n$ such that $w_1 + \\ldots + w_n = 1$, we have \\[\\prod\\limits_{i=1}^n a_i^{w_i} \\leq \\sum\\limits_{i=1}^n w_i a_i\\ .\\] If the weights are additionally all non-zero, equality holds if and only if $a_1 = \\ldots = a_n$.\u003c/p\u003e \u003cp\u003eAs a corollary with $w_1 = \\ldots = w_n = 1/n$, the regular arithmetic–geometric mean inequality follows, namely that \\[\\sqrt[n]{a_1\\,\\cdots\\, a_n} \\leq \\tfrac{1}{n}(a_1 + \\ldots + a_n)\\ .\\]\u003c/p\u003e \u003cp\u003eI follow Pólya's elegant proof, which uses the inequality $1 + x \\leq e^x$ as a starting point. Pólya claims that this proof came to him in a dream, and that it was “the best mathematics he had ever dreamt.”\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2022-07-11",
- "id": 18,
+ "id": 19,
"link": "/entries/Weighted_Arithmetic_Geometric_Mean.html",
"permalink": "/entries/Weighted_Arithmetic_Geometric_Mean.html",
"shortname": "Weighted_Arithmetic_Geometric_Mean",
"title": "Pólya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "After introducing the didactic imperative programming language IMP, Nipkow and Klein's book on formal programming language semantics (version of March 2021) specifies compilation of IMP commands into a lower-level language based on a stack machine, and expounds a formal verification of that compiler. Exercise 8.4 asks the reader to adjust such proof for a new compilation target, consisting of a machine language that (i) accesses memory locations through their addresses instead of variable names, and (ii) maintains a stack in memory via a stack pointer rather than relying upon a built-in stack. A natural strategy to maximize reuse of the original proof is keeping the original language as an assembly one and splitting compilation into multiple steps, namely a source-to-assembly step matching the original compilation process followed by an assembly-to-machine step. In this way, proving assembly code-machine code equivalence is the only extant task. A previous paper by the present author introduces a reasoning toolbox that allows for a compiler correctness proof shorter than the book's one, as such promising to constitute a further enhanced reference for the formal verification of real-world compilers. This paper in turn shows that such toolbox can be reused to accomplish the aforesaid task as well, which demonstrates that the proposed approach also promotes proof reuse in multi-stage compiler verifications.",
"authors": [
"Pasquale Noce"
],
"date": "2022-07-10",
- "id": 19,
+ "id": 20,
"link": "/entries/IMP_Compiler_Reuse.html",
"permalink": "/entries/IMP_Compiler_Reuse.html",
"shortname": "IMP_Compiler_Reuse",
"title": "A Reuse-Based Multi-Stage Compiler Verification for Language IMP",
"topic_links": [
"computer-science/programming-languages/compiling"
],
"topics": [
"Computer science/Programming languages/Compiling"
],
"used_by": 0
},
{
"abstract": "A double-ended queue (\u003cem\u003edeque\u003c/em\u003e) is a queue where one can enqueue and dequeue at both ends. We define and verify the \u003ca href=\"https://doi.org/10.1145/165180.165225\"\u003edeque implementation by Chuang and Goldberg\u003c/a\u003e. It is purely functional and all operations run in constant time.",
"authors": [
"Balazs Toth",
"Tobias Nipkow"
],
"date": "2022-06-23",
- "id": 20,
+ "id": 21,
"link": "/entries/Real_Time_Deque.html",
"permalink": "/entries/Real_Time_Deque.html",
"shortname": "Real_Time_Deque",
"title": "Real-Time Double-Ended Queue",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "In 1987, George Boolos gave an interesting and vivid concrete example of the considerable speed-up afforded by higher-order logic over first-order logic. (A phenomenon first noted by Kurt Gödel in 1936.) Boolos's example concerned an inference $I$ with five premises, and a conclusion, such that the shortest derivation of the conclusion from the premises in a standard system for first-order logic is astronomically huge; while there exists a second-order derivation whose length is of the order of a page or two. Boolos gave a short sketch of that second-order derivation, which relies on the comprehension principle of second-order logic. Here, Boolos's inference is formalized into fourteen lemmas, each quickly verified by the automated-theorem-proving assistant Isabelle/HOL.",
"authors": [
"Jeffrey Ketland"
],
"date": "2022-06-20",
- "id": 21,
+ "id": 22,
"link": "/entries/Boolos_Curious_Inference.html",
"permalink": "/entries/Boolos_Curious_Inference.html",
"shortname": "Boolos_Curious_Inference",
"title": "Boolos's Curious Inference in Isabelle/HOL",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "This entry formalizes the classification of the finite fields (also called Galois fields): For each prime power $p^n$ there exists exactly one (up to isomorphisms) finite field of that size and there are no other finite fields. The derivation includes a formalization of the characteristic of rings, the Frobenius endomorphism, formal differentiation for polynomials in HOL-Algebra and Gauss' formula for the number of monic irreducible polynomials over finite fields: \\[ \\frac{1}{n} \\sum_{d | n} \\mu(d) p^{n/d} \\textrm{.} \\] The proofs are based on the books from \u003ca href=\"https://doi.org/10.1007/978-1-4757-2103-4\"\u003eIreland and Rosen\u003c/a\u003e, as well as, \u003ca href=\"https://doi.org/10.1017/CBO9781139172769\"\u003eLidl and Niederreiter\u003c/a\u003e.",
"authors": [
"Emin Karayel"
],
"date": "2022-06-08",
- "id": 22,
+ "id": 23,
"link": "/entries/Finite_Fields.html",
"permalink": "/entries/Finite_Fields.html",
"shortname": "Finite_Fields",
"title": "Finite Fields",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "Today's Internet is built on decades-old networking protocols that lack scalability, reliability and security. In response, the networking community has developed \u003cem\u003epath-aware\u003c/em\u003e Internet architectures that solve these issues while simultaneously empowering end hosts. In these architectures, autonomous systems authorize forwarding paths in accordance with their routing policies, and protect paths using cryptographic authenticators. For each packet, the sending end host selects an authorized path and embeds it and its authenticators in the packet header. This allows routers to efficiently determine how to forward the packet. The central security property of the data plane, i.e., of forwarding, is that packets can only travel along authorized paths. This property, which we call \u003cem\u003epath authorization\u003c/em\u003e, protects the routing policies of autonomous systems from malicious senders. The fundamental role of packet forwarding in the Internet's ecosystem and the complexity of the authentication mechanisms employed call for a formal analysis. We develop IsaNet, a parameterized verification framework for data plane protocols in Isabelle/HOL. We first formulate an abstract model without an attacker for which we prove path authorization. We then refine this model by introducing a Dolev--Yao attacker and by protecting authorized paths using (generic) cryptographic validation fields. This model is parametrized by the path authorization mechanism and assumes five simple verification conditions. We propose novel attacker models and different sets of assumptions on the underlying routing protocol. We validate our framework by instantiating it with nine concrete protocols variants and prove that they each satisfy the verification conditions (and hence path authorization). The invariants needed for the security proof are proven in the parametrized model instead of the instance models. Our framework thus supports low-effort security proofs for data plane protocols. In contrast to what could be achieved with state-of-the-art automated protocol verifiers, our results hold for arbitrary network topologies and sets of authorized paths.",
"authors": [
"Tobias Klenze",
"Christoph Sprenger"
],
"date": "2022-06-08",
- "id": 23,
+ "id": 24,
"link": "/entries/IsaNet.html",
"permalink": "/entries/IsaNet.html",
"shortname": "IsaNet",
"title": "IsaNet: Formalization of a Verification Framework for Secure Data Plane Protocols",
"topic_links": [
"computer-science/security",
"computer-science/networks"
],
"topics": [
"Computer science/Security",
"Computer science/Networks"
],
"used_by": 0
},
{
"abstract": "We present a formalization of Matiyasevich's proof of the DPRM theorem, which states that every recursively enumerable set of natural numbers is Diophantine. This result from 1970 yields a negative solution to Hilbert's 10th problem over the integers. To represent recursively enumerable sets in equations, we implement and arithmetize register machines. We formalize a general theory of Diophantine sets and relations to reason about them abstractly. Using several number-theoretic lemmas, we prove that exponentiation has a Diophantine representation.",
"authors": [
"Jonas Bayer",
"Marco David",
"Benedikt Stock",
"Abhik Pal",
"Yuri Matiyasevich",
"Dierk Schleicher"
],
"date": "2022-06-06",
- "id": 24,
+ "id": 25,
"link": "/entries/DPRM_Theorem.html",
"permalink": "/entries/DPRM_Theorem.html",
"shortname": "DPRM_Theorem",
"title": "Diophantine Equations and the DPRM Theorem",
"topic_links": [
"logic/computability",
"mathematics/number-theory"
],
"topics": [
"Logic/Computability",
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "This AFP entry relates important rewriting properties between the set of terms and the set of ground terms induced by a given signature. The properties considered are confluence, strong/local confluence, the normal form property, unique normal forms with respect to reduction and conversion, commutation, conversion equivalence, and normalization equivalence.",
"authors": [
"Alexander Lochmann"
],
"date": "2022-06-02",
- "id": 25,
+ "id": 26,
"link": "/entries/Rewrite_Properties_Reduction.html",
"permalink": "/entries/Rewrite_Properties_Reduction.html",
"shortname": "Rewrite_Properties_Reduction",
"title": "Reducing Rewrite Properties to Properties on Ground Terms",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "Many separation logics support \u003cem\u003efractional permissions\u003c/em\u003e to distinguish between read and write access to a heap location, for instance, to allow concurrent reads while enforcing exclusive writes. The concept has been generalized to fractional assertions. $A^p$ (where $A$ is a separation logic assertion and $p$ a fraction between $0$ and $1$) represents a fraction $p$ of $A$. $A^p$ holds in a state $\\sigma$ iff there exists a state $\\sigma_A$ in which $A$ holds and $\\sigma$ is obtained from $\\sigma_A$ by multiplying all permission amounts held by $p$. While $A^{p + q}$ can always be split into $A^p * A^q$, recombining $A^p * A^q$ into $A^{p+q}$ is not always sound. We say that $A$ is \u003cem\u003ecombinable\u003c/em\u003e iff the entailment $A^p * A^q \\models A^{p+q}$ holds for any two positive fractions $p$ and $q$ such that $p + q \\le 1$. Combinable assertions are particularly useful to reason about concurrent programs, for instance, to combine the postconditions of parallel branches when they terminate. Unfortunately, the magic wand assertion $A \\mathbin{-\\!\\!*} B$, commonly used to specify properties of partial data structures, is typically \u003cem\u003enot\u003c/em\u003e combinable. In this entry, we formalize a novel, restricted definition of the magic wand, described in \u003ca href=\"https://arxiv.org/abs/2205.11325\"\u003ea paper at CAV 22\u003c/a\u003e, which we call the \u003cem\u003ecombinable wand\u003c/em\u003e. We prove some key properties of the combinable wand; in particular, a combinable wand is combinable if its right-hand side is combinable.",
"authors": [
"Thibault Dardinier"
],
"date": "2022-05-30",
- "id": 26,
+ "id": 27,
"link": "/entries/Combinable_Wands.html",
"permalink": "/entries/Combinable_Wands.html",
"shortname": "Combinable_Wands",
"title": "A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "We formalise Plünnecke's inequality and the Plünnecke-Ruzsa inequality, following the notes by Timothy Gowers: \"Introduction to Additive Combinatorics\" (2022) for the University of Cambridge. To this end, we first introduce basic definitions and prove elementary facts on sumsets and difference sets. Then, we show two versions of the Ruzsa triangle inequality. We follow with a proof due to Petridis.",
"authors": [
"Angeliki Koutsoukou-Argyraki",
"Lawrence C. Paulson"
],
"date": "2022-05-26",
- "id": 27,
+ "id": 28,
"link": "/entries/Pluennecke_Ruzsa_Inequality.html",
"permalink": "/entries/Pluennecke_Ruzsa_Inequality.html",
"shortname": "Pluennecke_Ruzsa_Inequality",
"title": "The Plünnecke-Ruzsa Inequality",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "The magic wand $\\mathbin{-\\!\\!*}$ (also called separating implication) is a separation logic connective commonly used to specify properties of partial data structures, for instance during iterative traversals. A \u003cem\u003efootprint\u003c/em\u003e of a magic wand formula $$A \\mathbin{-\\!\\!*} B$$ is a state that, combined with any state in which $A$ holds, yields a state in which $B$ holds. The key challenge of proving a magic wand (also called \u003cem\u003epackaging\u003c/em\u003e a wand) is to find such a footprint. Existing package algorithms either have a high annotation overhead or are unsound. In this entry, we formally define a framework for the sound automation of magic wands, described in an \u003ca href=\"https://www.cs.ubc.ca/~alexsumm/papers/DardinierParthasarathyWeeksMuellerSummers22.pdf\"\u003eupcoming paper at CAV 2022\u003c/a\u003e, and prove that it is sound and complete. This framework, called the \u003cem\u003epackage logic\u003c/em\u003e, precisely characterises a wide design space of possible package algorithms applicable to a large class of separation logics.",
"authors": [
"Thibault Dardinier"
],
"date": "2022-05-18",
- "id": 28,
+ "id": 29,
"link": "/entries/Package_logic.html",
"permalink": "/entries/Package_logic.html",
"shortname": "Package_logic",
"title": "Formalization of a Framework for the Sound Automation of Magic Wands",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e Given a graph $G$ with $n$ vertices and a number $s$, the decision problem Clique asks whether $G$ contains a fully connected subgraph with $s$ vertices. For this NP-complete problem there exists a non-trivial lower bound: no monotone circuit of a size that is polynomial in $n$ can solve Clique. \u003c/p\u003e\u003cp\u003e This entry provides an Isabelle/HOL formalization of a concrete lower bound (the bound is $\\sqrt[7]{n}^{\\sqrt[8]{n}}$ for the fixed choice of $s = \\sqrt[4]{n}$), following a proof by Gordeev. \u003c/p\u003e",
"authors": [
"René Thiemann"
],
"date": "2022-05-08",
- "id": 29,
+ "id": 30,
"link": "/entries/Clique_and_Monotone_Circuits.html",
"permalink": "/entries/Clique_and_Monotone_Circuits.html",
"shortname": "Clique_and_Monotone_Circuits",
"title": "Clique is not solvable by monotone circuits of polynomial size",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "Linear algebraic techniques are powerful, yet often underrated tools in combinatorial proofs. This formalisation provides a library including matrix representations of incidence set systems, general formal proof techniques for the rank argument and linear bound argument, and finally a formalisation of a number of variations of the well-known Fisher's inequality. We build on our prior work formalising combinatorial design theory using a locale-centric approach, including extensions such as constant intersect designs and dual incidence systems. In addition to Fisher's inequality, we also formalise proofs on other incidence system properties using the incidence matrix representation, such as design existence, dual system relationships and incidence system isomorphisms. This formalisation is presented in the paper \"Formalising Fisher's Inequality: Formal Linear Algebraic Techniques in Combinatorics\", accepted to ITP 2022.",
"authors": [
"Chelsea Edmonds",
"Lawrence C. Paulson"
],
"date": "2022-04-21",
- "id": 30,
+ "id": 31,
"link": "/entries/Fishers_Inequality.html",
"permalink": "/entries/Fishers_Inequality.html",
"shortname": "Fishers_Inequality",
"title": "Fisher's Inequality: Linear Algebraic Proof Techniques for Combinatorics",
"topic_links": [
"mathematics/combinatorics",
"mathematics/algebra"
],
"topics": [
"Mathematics/Combinatorics",
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "We formalize how a natural number can be expanded into its digits in some base and prove properties about functions that operate on digit expansions. This includes the formalization of concepts such as digit shifts and carries. For a base that is a power of 2 we formalize the binary AND, binary orthogonality and binary masking of two natural numbers. This library on digit expansions builds the basis for the formalization of the DPRM theorem.",
"authors": [
"Jonas Bayer",
"Marco David",
"Abhik Pal",
"Benedikt Stock"
],
"date": "2022-04-20",
- "id": 31,
+ "id": 32,
"link": "/entries/Digit_Expansions.html",
"permalink": "/entries/Digit_Expansions.html",
"shortname": "Digit_Expansions",
"title": "Digit Expansions",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "We consider the problem of comparing two multisets via the generalized multiset ordering. We show that the corresponding decision problem is NP-complete. To be more precise, we encode multiset-comparisons into propositional formulas or into conjunctive normal forms of quadratic size; we further prove that satisfiability of conjunctive normal forms can be encoded as multiset-comparison problems of linear size. As a corollary, we also show that the problem of deciding whether two terms are related by a recursive path order is NP-hard, provided the recursive path order is based on the generalized multiset ordering.",
"authors": [
"René Thiemann",
"Lukas Schmidinger"
],
"date": "2022-04-20",
- "id": 32,
+ "id": 33,
"link": "/entries/Multiset_Ordering_NPC.html",
"permalink": "/entries/Multiset_Ordering_NPC.html",
"shortname": "Multiset_Ordering_NPC",
"title": "The Generalized Multiset Ordering is NP-Complete",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article provides a brief formalisation of the two equations known as the \u003cem\u003eSophomore's Dream\u003c/em\u003e, first discovered by Johann Bernoulli in 1697:\u003c/p\u003e \\[\\int_0^1 x^{-x}\\,\\text{d}x = \\sum_{n=1}^\\infty n^{-n} \\quad\\text{and}\\quad \\int_0^1 x^x\\,\\text{d}x = -\\sum_{n=1}^\\infty (-n)^{-n}\\]",
"authors": [
"Manuel Eberl"
],
"date": "2022-04-10",
- "id": 33,
+ "id": 34,
"link": "/entries/Sophomores_Dream.html",
"permalink": "/entries/Sophomores_Dream.html",
"shortname": "Sophomores_Dream",
"title": "The Sophomore's Dream",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "This entry contains a set of binary encodings for primitive data types, such as natural numbers, integers, floating-point numbers as well as combinators to construct encodings for products, lists, sets or functions of/between such types. For natural numbers and integers, the entry contains various encodings, such as Elias-Gamma-Codes and exponential Golomb Codes, which are efficient variable-length codes in use by current compression formats. A use-case for this library is measuring the persisted size of a complex data structure without having to hand-craft a dedicated encoding for it, independent of Isabelle's internal representation.",
"authors": [
"Emin Karayel"
],
"date": "2022-04-08",
- "id": 34,
+ "id": 35,
"link": "/entries/Prefix_Free_Code_Combinators.html",
"permalink": "/entries/Prefix_Free_Code_Combinators.html",
"shortname": "Prefix_Free_Code_Combinators",
"title": "A Combinator Library for Prefix-Free Codes",
"topic_links": [
"computer-science/algorithms",
"computer-science/data-structures"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "In 1999 Alon et. al. introduced the still active research topic of approximating the frequency moments of a data stream using randomized algorithms with minimal space usage. This includes the problem of estimating the cardinality of the stream elements - the zeroth frequency moment. But, also higher-order frequency moments that provide information about the skew of the data stream. (The \u003ci\u003ek\u003c/i\u003e-th frequency moment of a data stream is the sum of the \u003ci\u003ek\u003c/i\u003e-th powers of the occurrence counts of each element in the stream.) This entry formalizes three randomized algorithms for the approximation of \u003ci\u003eF\u003csub\u003e0\u003c/sub\u003e\u003c/i\u003e, \u003ci\u003eF\u003csub\u003e2\u003c/sub\u003e\u003c/i\u003e and \u003ci\u003eF\u003csub\u003ek\u003c/sub\u003e\u003c/i\u003e for \u003ci\u003ek ≥ 3\u003c/i\u003e based on [\u003ca href=\"https://doi.org/10.1006/jcss.1997.1545\"\u003e1\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/3-540-45726-7_1\"\u003e2\u003c/a\u003e] and verifies their expected accuracy, success probability and space usage.",
"authors": [
"Emin Karayel"
],
"date": "2022-04-08",
- "id": 35,
+ "id": 36,
"link": "/entries/Frequency_Moments.html",
"permalink": "/entries/Frequency_Moments.html",
"shortname": "Frequency_Moments",
"title": "Formalization of Randomized Approximation Algorithms for Frequency Moments",
"topic_links": [
"computer-science/algorithms/approximation",
"mathematics/probability-theory"
],
"topics": [
"Computer science/Algorithms/Approximation",
"Mathematics/Probability theory"
],
"used_by": 0
},
{
"abstract": "The type of real numbers is constructed from the positive rationals using the method of Dedekind cuts. This development, briefly described in papers by the authors, follows the textbook presentation by Gleason. It's notable that the first formalisation of a significant piece of mathematics, by Jutting in 1977, involved a similar construction.",
"authors": [
"Jacques D. Fleuriot",
"Lawrence C. Paulson"
],
"date": "2022-03-24",
- "id": 36,
+ "id": 37,
"link": "/entries/Dedekind_Real.html",
"permalink": "/entries/Dedekind_Real.html",
"shortname": "Dedekind_Real",
"title": "Constructing the Reals as Dedekind Cuts of Rationals",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "Ackermann's function is defined in the usual way and a number of its elementary properties are proved. Then, the primitive recursive functions are defined inductively: as a predicate on the functions that map lists of numbers to numbers. It is shown that every primitive recursive function is strictly dominated by Ackermann's function. The formalisation follows an earlier one by Nora Szasz.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2022-03-23",
- "id": 37,
+ "id": 38,
"link": "/entries/Ackermanns_not_PR.html",
"permalink": "/entries/Ackermanns_not_PR.html",
"shortname": "Ackermanns_not_PR",
"title": "Ackermann's Function Is Not Primitive Recursive",
"topic_links": [
"logic/computability"
],
"topics": [
"Logic/Computability"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e The AFP entry \u003ca href=\"https://www.isa-afp.org/entries/Abstract_Completeness.html\"\u003eAbstract Completeness\u003c/a\u003e by Blanchette, Popescu and Traytel formalizes the core of Beth/Hintikka-style completeness proofs for first-order logic and can be used to formalize executable sequent calculus provers. In the Journal of Automated Reasoning, the authors instantiate the framework with a sequent calculus for first-order logic and prove its completeness. Their use of an infinite set of proof rules indexed by formulas yields very direct arguments. A fair stream of these rules controls the prover, making its definition remarkably simple. The AFP entry, however, only contains a toy example for propositional logic. The AFP entry \u003ca href=\"https://www.isa-afp.org/entries/FOL_Seq_Calc2.html\"\u003eA Sequent Calculus Prover for First-Order Logic with Functions\u003c/a\u003e by From and Jacobsen also uses the framework, but uses a finite set of generic rules resulting in a more sophisticated prover with more complicated proofs. \u003c/p\u003e \u003cp\u003e This entry contains an executable sequent calculus prover for first-order logic with functions in the style presented by Blanchette et al. The prover can be exported to Haskell and this entry includes formalized proofs of its soundness and completeness. The proofs are simpler than those for the prover by From and Jacobsen but the performance of the prover is significantly worse. \u003c/p\u003e \u003cp\u003e The included theory \u003cem\u003eFair-Stream\u003c/em\u003e first proves that the sequence of natural numbers 0, 0, 1, 0, 1, 2, etc. is fair. It then proves that mapping any surjective function across the sequence preserves fairness. This method of obtaining a fair stream of rules is similar to the one given by Blanchette et al. The concrete functions from natural numbers to terms, formulas and rules are defined using the \u003cem\u003eNat-Bijection\u003c/em\u003e theory in the HOL-Library. \u003c/p\u003e",
"authors": [
"Asta Halkjær From"
],
"date": "2022-03-22",
- "id": 38,
+ "id": 39,
"link": "/entries/FOL_Seq_Calc3.html",
"permalink": "/entries/FOL_Seq_Calc3.html",
"shortname": "FOL_Seq_Calc3",
"title": "A Naive Prover for First-Order Logic",
"topic_links": [
"logic/general-logic/classical-first-order-logic",
"logic/proof-theory",
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Classical first-order logic",
"Logic/Proof theory",
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eIn this article, I formalise a proof from \u003ca href=\"https://dx.doi.org/10.1007/978-3-662-57265-8\"\u003eTHE BOOK\u003c/a\u003e; namely a formula that was called ‘one of the most beautiful formulas involving elementary functions’:\u003c/p\u003e \\[\\pi \\cot(\\pi z) = \\frac{1}{z} + \\sum_{n=1}^\\infty\\left(\\frac{1}{z+n} + \\frac{1}{z-n}\\right)\\] \u003cp\u003eThe proof uses Herglotz's trick to show the real case and analytic continuation for the complex case.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2022-03-15",
- "id": 39,
+ "id": 40,
"link": "/entries/Cotangent_PFD_Formula.html",
"permalink": "/entries/Cotangent_PFD_Formula.html",
"shortname": "Cotangent_PFD_Formula",
"title": "A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "We redeveloped our formalization of forcing in the set theory framework of Isabelle/ZF. Under the assumption of the existence of a countable transitive model of ZFC, we construct proper generic extensions that satisfy the Continuum Hypothesis and its negation.",
"authors": [
"Emmanuel Gunther",
"Miguel Pagano",
"Pedro Sánchez Terraf",
"Matías Steinberg"
],
"date": "2022-03-06",
- "id": 40,
+ "id": 41,
"link": "/entries/Independence_CH.html",
"permalink": "/entries/Independence_CH.html",
"shortname": "Independence_CH",
"title": "The Independence of the Continuum Hypothesis in Isabelle/ZF",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 0
},
{
"abstract": "We extend the ZF-Constructibility library by relativizing theories of the Isabelle/ZF and Delta System Lemma sessions to a transitive class. We also relativize Paulson's work on Aleph and our former treatment of the Axiom of Dependent Choices. This work is a prerrequisite to our formalization of the independence of the Continuum Hypothesis.",
"authors": [
"Emmanuel Gunther",
"Miguel Pagano",
"Pedro Sánchez Terraf",
"Matías Steinberg"
],
"date": "2022-03-03",
- "id": 41,
+ "id": 42,
"link": "/entries/Transitive_Models.html",
"permalink": "/entries/Transitive_Models.html",
"shortname": "Transitive_Models",
"title": "Transitive Models of Fragments of ZFC",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e A \u003cem\u003eresiduated transition system\u003c/em\u003e (RTS) is a transition system that is equipped with a certain partial binary operation, called \u003cem\u003eresiduation\u003c/em\u003e, on transitions. Using the residuation operation, one can express nuances, such as a distinction between nondeterministic and concurrent choice, as well as partial commutativity relationships between transitions, which are not captured by ordinary transition systems. A version of residuated transition systems was introduced in previous work by the author, in which they were called “concurrent transition systems” in view of the original motivation for their definition from the study of concurrency. In the first part of the present article, we give a formal development that generalizes and subsumes the original presentation. We give an axiomatic definition of residuated transition systems that assumes only a single partial binary operation as given structure. From the axioms, we derive notions of “arrow“ (transition), “source”, “target”, “identity”, as well as “composition” and “join” of transitions; thereby recovering structure that in the previous work was assumed as given. We formalize and generalize the result, that residuation extends from transitions to transition paths, and we systematically develop the properties of this extension. A significant generalization made in the present work is the identification of a general notion of congruence on RTS’s, along with an associated quotient construction. \u003c/p\u003e \u003cp\u003e In the second part of this article, we use the RTS framework to formalize several results in the theory of reduction in Church’s λ-calculus. Using a de Bruijn index-based syntax in which terms represent parallel reduction steps, we define residuation on terms and show that it satisfies the axioms for an RTS. An application of the results on paths from the first part of the article allows us to prove the classical Church-Rosser Theorem with little additional effort. We then use residuation to define the notion of “development” and we prove the Finite Developments Theorem, that every development is finite, formalizing and adapting to de Bruijn indices a proof by de Vrijer. We also use residuation to define the notion of a “standard reduction path”, and we prove the Standardization Theorem: that every reduction path is congruent to a standard one. As a corollary of the Standardization Theorem, we obtain the Leftmost Reduction Theorem: that leftmost reduction is a normalizing strategy. \u003c/p\u003e",
"authors": [
"Eugene W. Stark"
],
"date": "2022-02-28",
- "id": 42,
+ "id": 43,
"link": "/entries/ResiduatedTransitionSystem.html",
"permalink": "/entries/ResiduatedTransitionSystem.html",
"shortname": "ResiduatedTransitionSystem",
"title": "Residuated Transition Systems",
"topic_links": [
"computer-science/automata-and-formal-languages",
"computer-science/concurrency",
"computer-science/programming-languages/lambda-calculi"
],
"topics": [
"Computer science/Automata and formal languages",
"Computer science/Concurrency",
"Computer science/Programming languages/Lambda calculi"
],
"used_by": 0
},
{
"abstract": "A \u003ci\u003ek\u003c/i\u003e-universal hash family is a probability space of functions, which have uniform distribution and form \u003ci\u003ek\u003c/i\u003e-wise independent random variables. They can often be used in place of classic (or cryptographic) hash functions and allow the rigorous analysis of the performance of randomized algorithms and data structures that rely on hash functions. In 1981 \u003ca href=\"https://doi.org/10.1016/0022-0000(81)90033-7\"\u003eWegman and Carter\u003c/a\u003e introduced a generic construction for such families with arbitrary \u003ci\u003ek\u003c/i\u003e using polynomials over a finite field. This entry contains a formalization of them and establishes the property of \u003ci\u003ek\u003c/i\u003e-universality. To be useful the formalization also provides an explicit construction of finite fields using the factor ring of integers modulo a prime. Additionally, some generic results about independent families are shown that might be of independent interest.",
"authors": [
"Emin Karayel"
],
"date": "2022-02-20",
- "id": 43,
+ "id": 44,
"link": "/entries/Universal_Hash_Families.html",
"permalink": "/entries/Universal_Hash_Families.html",
"shortname": "Universal_Hash_Families",
"title": "Universal Hash Families",
"topic_links": [
"mathematics/probability-theory",
"computer-science/algorithms"
],
"topics": [
"Mathematics/Probability theory",
"Computer science/Algorithms"
],
"used_by": 1
},
{
"abstract": "Let $F$ be a set of analytic functions on the complex plane such that, for each $z\\in\\mathbb{C}$, the set $\\{f(z) \\mid f\\in F\\}$ is countable; must then $F$ itself be countable? The answer is yes if the Continuum Hypothesis is false, i.e., if the cardinality of $\\mathbb{R}$ exceeds $\\aleph_1$. But if CH is true then such an $F$, of cardinality $\\aleph_1$, can be constructed by transfinite recursion. The formal proof illustrates reasoning about complex analysis (analytic and homomorphic functions) and set theory (transfinite cardinalities) in a single setting. The mathematical text comes from \u003cem\u003eProofs from THE BOOK\u003c/em\u003e by Aigner and Ziegler.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2022-02-18",
- "id": 44,
+ "id": 45,
"link": "/entries/Wetzels_Problem.html",
"permalink": "/entries/Wetzels_Problem.html",
"shortname": "Wetzels_Problem",
"title": "Wetzel's Problem and the Continuum Hypothesis",
"topic_links": [
"mathematics/analysis",
"logic/set-theory"
],
"topics": [
"Mathematics/Analysis",
"Logic/Set theory"
],
"used_by": 0
},
{
"abstract": "We formalize first-order query evaluation over an infinite domain with equality. We first define the syntax and semantics of first-order logic with equality. Next we define a locale \u003ci\u003eeval\u0026lowbar;fo\u003c/i\u003e abstracting a representation of a potentially infinite set of tuples satisfying a first-order query over finite relations. Inside the locale, we define a function \u003ci\u003eeval\u003c/i\u003e checking if the set of tuples satisfying a first-order query over a database (an interpretation of the query's predicates) is finite (i.e., deciding \u003ci\u003erelative safety\u003c/i\u003e) and computing the set of satisfying tuples if it is finite. Altogether the function \u003ci\u003eeval\u003c/i\u003e solves \u003ci\u003ecapturability\u003c/i\u003e (Avron and Hirshfeld, 1991) of first-order logic with equality. We also use the function \u003ci\u003eeval\u003c/i\u003e to prove a code equation for the semantics of first-order logic, i.e., the function checking if a first-order query over a database is satisfied by a variable assignment.\u003cbr/\u003e We provide an interpretation of the locale \u003ci\u003eeval\u0026lowbar;fo\u003c/i\u003e based on the approach by Ailamazyan et al. A core notion in the interpretation is the active domain of a query and a database that contains all domain elements that occur in the database or interpret the query's constants. We prove the main theorem of Ailamazyan et al. relating the satisfaction of a first-order query over an infinite domain to the satisfaction of this query over a finite domain consisting of the active domain and a few additional domain elements (outside the active domain) whose number only depends on the query. In our interpretation of the locale \u003ci\u003eeval\u0026lowbar;fo\u003c/i\u003e, we use a potentially higher number of the additional domain elements, but their number still only depends on the query and thus has no effect on the data complexity (Vardi, 1982) of query evaluation. Our interpretation yields an \u003ci\u003eexecutable\u003c/i\u003e function \u003ci\u003eeval\u003c/i\u003e. The time complexity of \u003ci\u003eeval\u003c/i\u003e on a query is linear in the total number of tuples in the intermediate relations for the subqueries. Specifically, we build a database index to evaluate a conjunction. We also optimize the case of a negated subquery in a conjunction. Finally, we export code for the infinite domain of natural numbers.",
"authors": [
"Martin Raszyk"
],
"date": "2022-02-15",
- "id": 45,
+ "id": 46,
"link": "/entries/Eval_FO.html",
"permalink": "/entries/Eval_FO.html",
"shortname": "Eval_FO",
"title": "First-Order Query Evaluation",
"topic_links": [
"computer-science/data-management-systems",
"logic/general-logic/classical-first-order-logic"
],
"topics": [
"Computer science/Data management systems",
"Logic/General logic/Classical first-order logic"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eRuntime monitoring (or runtime verification) is an approach to checking compliance of a system's execution with a specification (e.g., a temporal formula). The system's execution is logged into a \u003ci\u003etrace\u003c/i\u003e\u0026mdash;a sequence of time-points, each consisting of a time-stamp and observed events. A \u003ci\u003emonitor\u003c/i\u003e is an algorithm that produces \u003ci\u003everdicts\u003c/i\u003e on the satisfaction of a temporal formula on a trace.\u003c/p\u003e \u003cp\u003eWe formalize the time-stamps as an abstract algebraic structure satisfying certain assumptions. Instances of this structure include natural numbers, real numbers, and lexicographic combinations of them. We also include the formalization of a conversion from the abstract time domain introduced by Koymans (1990) to our time-stamps.\u003c/p\u003e \u003cp\u003eWe formalize a monitoring algorithm for metric dynamic logic, an extension of metric temporal logic with regular expressions. The monitor computes whether a given formula is satisfied at every position in an input trace of time-stamped events. Our monitor follows the multi-head paradigm: it reads the input simultaneously at multiple positions and moves its reading heads asynchronously. This mode of operation results in unprecedented time and space complexity guarantees for metric dynamic logic: The monitor's amortized time complexity to process a time-point and the monitor's space complexity neither depends on the event-rate, i.e., the number of events within a fixed time-unit, nor on the numeric constants occurring in the quantitative temporal constraints in the given formula.\u003c/p\u003e \u003cp\u003eThe multi-head monitoring algorithm for metric dynamic logic is reported in our paper ``Multi-Head Monitoring of Metric Dynamic Logic'' published at ATVA 2020. We have also formalized unpublished specialized algorithms for the temporal operators of metric temporal logic.\u003c/p\u003e",
"authors": [
"Martin Raszyk"
],
"date": "2022-02-13",
- "id": 46,
+ "id": 47,
"link": "/entries/VYDRA_MDL.html",
"permalink": "/entries/VYDRA_MDL.html",
"shortname": "VYDRA_MDL",
"title": "Multi-Head Monitoring of Metric Dynamic Logic",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry contains a formalization of an algorithm enumerating all equivalence relations on an initial segment of the natural numbers. The approach follows the method described by Stanton and White \u003ca href=\"https://doi.org/10.1007/978-1-4612-4968-9\"\u003e[5,§ 1.5]\u003c/a\u003e using restricted growth functions.\u003c/p\u003e \u003cp\u003eThe algorithm internally enumerates restricted growth functions (as lists), whose equivalence kernels then form the equivalence relations. This has the advantage that the representation is compact and lookup of the relation reduces to a list lookup operation.\u003c/p\u003e \u003cp\u003eThe algorithm can also be used within a proof and an example application is included, where a sequence of variables is split by the possible partitions they can form.\u003c/p\u003e",
"authors": [
"Emin Karayel"
],
"date": "2022-02-04",
- "id": 47,
+ "id": 48,
"link": "/entries/Equivalence_Relation_Enumeration.html",
"permalink": "/entries/Equivalence_Relation_Enumeration.html",
"shortname": "Equivalence_Relation_Enumeration",
"title": "Enumeration of Equivalence Relations",
"topic_links": [
"mathematics/combinatorics",
"computer-science/algorithms/mathematical"
],
"topics": [
"Mathematics/Combinatorics",
"Computer science/Algorithms/Mathematical"
],
"used_by": 1
},
{
"abstract": "We formalize the weak and strong duality theorems of linear programming. For the strong duality theorem we provide three sufficient preconditions: both the primal problem and the dual problem are satisfiable, the primal problem is satisfiable and bounded, or the dual problem is satisfiable and bounded. The proofs are based on an existing formalization of Farkas' Lemma.",
"authors": [
"René Thiemann"
],
"date": "2022-02-03",
- "id": 48,
+ "id": 49,
"link": "/entries/LP_Duality.html",
"permalink": "/entries/LP_Duality.html",
"shortname": "LP_Duality",
"title": "Duality of Linear Programming",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "The notion of quasi-Borel spaces was introduced by \u003ca href=\"https://dl.acm.org/doi/10.5555/3329995.3330072\"\u003e Heunen et al\u003c/a\u003e. The theory provides a suitable denotational model for higher-order probabilistic programming languages with continuous distributions. This entry is a formalization of the theory of quasi-Borel spaces, including construction of quasi-Borel spaces (product, coproduct, function spaces), the adjunction between the category of measurable spaces and the category of quasi-Borel spaces, and the probability monad on quasi-Borel spaces. This entry also contains the formalization of the Bayesian regression presented in the work of Heunen et al. This work is a part of the work by same authors, \u003ci\u003eProgram Logic for Higher-Order Probabilistic Programs in Isabelle/HOL\u003c/i\u003e, which will be published in the proceedings of the 16th International Symposium on Functional and Logic Programming (FLOPS 2022).",
"authors": [
"Michikazu Hirata",
"Yasuhiko Minamide",
"Tetsuya Sato"
],
"date": "2022-02-03",
- "id": 49,
+ "id": 50,
"link": "/entries/Quasi_Borel_Spaces.html",
"permalink": "/entries/Quasi_Borel_Spaces.html",
"shortname": "Quasi_Borel_Spaces",
"title": "Quasi-Borel Spaces",
"topic_links": [
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Semantics and reasoning"
],
"used_by": 0
},
{
"abstract": "The first-order theory of rewriting (FORT) is a decidable theory for linear variable-separated rewrite systems. The decision procedure is based on tree automata technique and an inference system presented in \"Certifying Proofs in the First-Order Theory of Rewriting\". This AFP entry provides a formalization of the underlying decision procedure. Moreover it allows to generate a function that can verify each inference step via the code generation facility of Isabelle/HOL. Additionally it contains the specification of a certificate language (that allows to state proofs in FORT) and a formalized function that allows to verify the validity of the proof. This gives software tool authors, that implement the decision procedure, the possibility to verify their output.",
"authors": [
"Alexander Lochmann",
"Bertram Felgenhauer"
],
"date": "2022-02-02",
- "id": 50,
+ "id": 51,
"link": "/entries/FO_Theory_Rewriting.html",
"permalink": "/entries/FO_Theory_Rewriting.html",
"shortname": "FO_Theory_Rewriting",
"title": "First-Order Theory of Rewriting",
"topic_links": [
"computer-science/automata-and-formal-languages",
"logic/rewriting",
"logic/proof-theory"
],
"topics": [
"Computer science/Automata and formal languages",
"Logic/Rewriting",
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "We formalize an automated theorem prover for first-order logic with functions. The proof search procedure is based on sequent calculus and we verify its soundness and completeness using the Abstract Soundness and Abstract Completeness theories. Our analytic completeness proof covers both open and closed formulas. Since our deterministic prover considers only the subset of terms relevant to proving a given sequent, we do so as well when building a countermodel from a failed proof. We formally connect our prover with the proof system and semantics of the existing SeCaV system. In particular, the prover's output can be post-processed in Haskell to generate human-readable SeCaV proofs which are also machine-verifiable proof certificates. Paper: \u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2022.13\"\u003edoi.org/10.4230/LIPIcs.ITP.2022.13\u003c/a\u003e.",
"authors": [
"Asta Halkjær From",
"Frederik Krogsdal Jacobsen"
],
"date": "2022-01-31",
- "id": 51,
+ "id": 52,
"link": "/entries/FOL_Seq_Calc2.html",
"permalink": "/entries/FOL_Seq_Calc2.html",
"shortname": "FOL_Seq_Calc2",
"title": "A Sequent Calculus Prover for First-Order Logic with Functions",
"topic_links": [
"logic/general-logic/classical-first-order-logic",
"logic/proof-theory",
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Classical first-order logic",
"Logic/Proof theory",
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "Young's inequality states that $$ ab \\leq \\int_0^a f(x)dx + \\int_0^b f^{-1}(y) dy $$ where $a\\geq 0$, $b\\geq 0$ and $f$ is strictly increasing and continuous. Its proof is formalised following \u003ca href=\"https://www.jstor.org/stable/2318018\"\u003ethe development\u003c/a\u003e by Cunningham and Grossman. Their idea is to make the intuitive, geometric folklore proof rigorous by reasoning about step functions. The lack of the Riemann integral makes the development longer than one would like, but their argument is reproduced faithfully.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2022-01-31",
- "id": 52,
+ "id": 53,
"link": "/entries/Youngs_Inequality.html",
"permalink": "/entries/Youngs_Inequality.html",
"shortname": "Youngs_Inequality",
"title": "Young's Inequality for Increasing Functions",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eA well known result from algebra is that, on any field, there is exactly one polynomial of degree less than n interpolating n points [\u003ca href=\"https://doi.org/10.1017/CBO9780511814549\"\u003e1\u003c/a\u003e, §7].\u003c/p\u003e \u003cp\u003eThis entry contains a formalization of the above result, as well as the following generalization in the case of finite fields \u003ci\u003eF\u003c/i\u003e: There are \u003ci\u003e|F|\u003csup\u003em-n\u003c/sup\u003e\u003c/i\u003e polynomials of degree less than \u003ci\u003em ≥ n\u003c/i\u003e interpolating the same n points, where \u003ci\u003e|F|\u003c/i\u003e denotes the size of the domain of the field. To establish the result the entry also includes a formalization of Lagrange interpolation, which might be of independent interest.\u003c/p\u003e \u003cp\u003eThe formalized results are defined on the algebraic structures from HOL-Algebra, which are distinct from the type-class based structures defined in HOL. Note that there is an existing formalization for polynomial interpolation and, in particular, Lagrange interpolation by Thiemann and Yamada [\u003ca href=\"https://www.isa-afp.org/entries/Polynomial_Interpolation.html\"\u003e2\u003c/a\u003e] on the type-class based structures in HOL.\u003c/p\u003e",
"authors": [
"Emin Karayel"
],
"date": "2022-01-29",
- "id": 53,
+ "id": 54,
"link": "/entries/Interpolation_Polynomials_HOL_Algebra.html",
"permalink": "/entries/Interpolation_Polynomials_HOL_Algebra.html",
"shortname": "Interpolation_Polynomials_HOL_Algebra",
"title": "Interpolation Polynomials (in HOL-Algebra)",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eThe median method is an amplification result for randomized approximation algorithms described in [\u003ca href=\"https://doi.org/10.1006/jcss.1997.1545\"\u003e1\u003c/a\u003e]. Given an algorithm whose result is in a desired interval with a probability larger than \u003ci\u003e1/2\u003c/i\u003e, it is possible to improve the success probability, by running the algorithm multiple times independently and using the median. In contrast to using the mean, the amplification of the success probability grows exponentially with the number of independent runs.\u003c/p\u003e \u003cp\u003eThis entry contains a formalization of the underlying theorem: Given a sequence of n independent random variables, which are in a desired interval with a probability \u003ci\u003e1/2 + a\u003c/i\u003e. Then their median will be in the desired interval with a probability of \u003ci\u003e1 − exp(−2a\u003csup\u003e2\u003c/sup\u003e n)\u003c/i\u003e. In particular, the success probability approaches \u003ci\u003e1\u003c/i\u003e exponentially with the number of variables.\u003c/p\u003e \u003cp\u003eIn addition to that, this entry also contains a proof that order-statistics of Borel-measurable random variables are themselves measurable and that generalized intervals in linearly ordered Borel-spaces are measurable.\u003c/p\u003e",
"authors": [
"Emin Karayel"
],
"date": "2022-01-25",
- "id": 54,
+ "id": 55,
"link": "/entries/Median_Method.html",
"permalink": "/entries/Median_Method.html",
"shortname": "Median_Method",
"title": "Median Method",
"topic_links": [
"mathematics/probability-theory"
],
"topics": [
"Mathematics/Probability theory"
],
"used_by": 1
},
{
"abstract": "Actuarial Mathematics is a theory in applied mathematics, which is mainly used for determining the prices of insurance products and evaluating the liability of a company associating with insurance contracts. It is related to calculus, probability theory and financial theory, etc. In this entry, I formalize the very basic part of Actuarial Mathematics in Isabelle/HOL. The first formalization is about the theory of interest which deals with interest rates, present value factors, an annuity certain, etc. I have already formalized the basic part of Actuarial Mathematics in Coq (https://github.com/Yosuke-Ito-345/Actuary). This entry is currently the partial translation and a little generalization of the Coq formalization. The further translation in Isabelle/HOL is now proceeding.",
"authors": [
"Yosuke Ito"
],
"date": "2022-01-23",
- "id": 55,
+ "id": 56,
"link": "/entries/Actuarial_Mathematics.html",
"permalink": "/entries/Actuarial_Mathematics.html",
"shortname": "Actuarial_Mathematics",
"title": "Actuarial Mathematics",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "An elementary proof is formalised: that \u003cem\u003eexp r\u003c/em\u003e is irrational for every nonzero rational number \u003cem\u003er\u003c/em\u003e. The mathematical development comes from the well-known volume \u003cem\u003eProofs from THE BOOK\u003c/em\u003e, by Aigner and Ziegler, who credit the idea to Hermite. The development illustrates a number of basic Isabelle techniques: the manipulation of summations, the calculation of quite complicated derivatives and the estimation of integrals. We also see how to import another AFP entry (Stirling's formula). As for the theorem itself, note that a much stronger and more general result (the Hermite--Lindemann--Weierstraß transcendence theorem) is already available in the AFP.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2022-01-08",
- "id": 56,
+ "id": 57,
"link": "/entries/Irrationals_From_THEBOOK.html",
"permalink": "/entries/Irrationals_From_THEBOOK.html",
"shortname": "Irrationals_From_THEBOOK",
"title": "Irrational numbers from THE BOOK",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "This is a formalization of the article \u003ci\u003eKnight's Tour Revisited\u003c/i\u003e by Cull and De Curtins where they prove the existence of a Knight's path for arbitrary \u003ci\u003en \u0026times; m\u003c/i\u003e-boards with \u003ci\u003emin(n,m) \u0026ge; 5\u003c/i\u003e. If \u003ci\u003en \u0026middot; m\u003c/i\u003e is even, then there exists a Knight's circuit. A Knight's Path is a sequence of moves of a Knight on a chessboard s.t. the Knight visits every square of a chessboard exactly once. Finding a Knight's path is a an instance of the Hamiltonian path problem. A Knight's circuit is a Knight's path, where additionally the Knight can move from the last square to the first square of the path, forming a loop. During the formalization two mistakes in the original proof were discovered. These mistakes are corrected in this formalization.",
"authors": [
"Lukas Koller"
],
"date": "2022-01-04",
- "id": 57,
+ "id": 58,
"link": "/entries/Knights_Tour.html",
"permalink": "/entries/Knights_Tour.html",
"shortname": "Knights_Tour",
"title": "Knight's Tour Revisited Revisited",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eHyperdual numbers are ones with a real component and a number of infinitesimal components, usually written as $a_0 + a_1 \\cdot \\epsilon_1 + a_2 \\cdot \\epsilon_2 + a_3 \\cdot \\epsilon_1\\epsilon_2$. They have been proposed by \u003ca href=\"https://doi.org/10.2514/6.2011-886\"\u003eFike and Alonso\u003c/a\u003e in an approach to automatic differentiation.\u003c/p\u003e \u003cp\u003eIn this entry we formalise hyperdual numbers and their application to forward differentiation. We show them to be an instance of multiple algebraic structures and then, along with facts about twice-differentiability, we define what we call the hyperdual extensions of functions on real-normed fields. This extension formally represents the proposed way that the first and second derivatives of a function can be automatically calculated. We demonstrate it on the standard logistic function $f(x) = \\frac{1}{1 + e^{-x}}$ and also reproduce the example analytic function $f(x) = \\frac{e^x}{\\sqrt{sin(x)^3 + cos(x)^3}}$ used for demonstration by Fike and Alonso.\u003c/p\u003e",
"authors": [
"Filip Smola",
"Jacques D. Fleuriot"
],
"date": "2021-12-31",
- "id": 58,
+ "id": 59,
"link": "/entries/Hyperdual.html",
"permalink": "/entries/Hyperdual.html",
"shortname": "Hyperdual",
"title": "Hyperdual Numbers and Forward Differentiation",
"topic_links": [
"mathematics/algebra",
"mathematics/analysis"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "This is a stepwise refinement and proof of the Gale-Shapley stable matching (or marriage) algorithm down to executable code. Both a purely functional implementation based on lists and a functional implementation based on efficient arrays (provided by the Collections Framework in the AFP) are developed. The latter implementation runs in time \u003ci\u003eO(n\u003csup\u003e2\u003c/sup\u003e)\u003c/i\u003e where \u003ci\u003en\u003c/i\u003e is the cardinality of the two sets to be matched.",
"authors": [
"Tobias Nipkow"
],
"date": "2021-12-29",
- "id": 59,
+ "id": 60,
"link": "/entries/Gale_Shapley.html",
"permalink": "/entries/Gale_Shapley.html",
"shortname": "Gale_Shapley",
"title": "Gale-Shapley Algorithm",
"topic_links": [
"computer-science/algorithms",
"mathematics/games-and-economics"
],
"topics": [
"Computer science/Algorithms",
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "We formalise a proof of Roth's Theorem on Arithmetic Progressions, a major result in additive combinatorics on the existence of 3-term arithmetic progressions in subsets of natural numbers. To this end, we follow a proof using graph regularity. We employ our recent formalisation of Szemerédi's Regularity Lemma, a major result in extremal graph theory, which we use here to prove the Triangle Counting Lemma and the Triangle Removal Lemma. Our sources are Yufei Zhao's MIT lecture notes \"\u003ca href=\"https://yufeizhao.com/gtac/gtac.pdf\"\u003eGraph Theory and Additive Combinatorics\u003c/a\u003e\" (latest version \u003ca href=\"https://yufeizhao.com/gtacbook/\"\u003ehere\u003c/a\u003e) and W.T. Gowers's Cambridge lecture notes \"\u003ca href=\"https://www.dpmms.cam.ac.uk/~par31/notes/tic.pdf\"\u003eTopics in Combinatorics\u003c/a\u003e\". We also refer to the University of Georgia notes by Stephanie Bell and Will Grodzicki, \"\u003ca href=\"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.432.327\"\u003eUsing Szemerédi's Regularity Lemma to Prove Roth's Theorem\u003c/a\u003e\".",
"authors": [
"Chelsea Edmonds",
"Angeliki Koutsoukou-Argyraki",
"Lawrence C. Paulson"
],
"date": "2021-12-28",
- "id": 60,
+ "id": 61,
"link": "/entries/Roth_Arithmetic_Progressions.html",
"permalink": "/entries/Roth_Arithmetic_Progressions.html",
"shortname": "Roth_Arithmetic_Progressions",
"title": "Roth's Theorem on Arithmetic Progressions",
"topic_links": [
"mathematics/graph-theory",
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Graph theory",
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "We present a formalization of Markov Decision Processes with rewards. In particular we first build on Hölzl's formalization of MDPs (AFP entry: Markov_Models) and extend them with rewards. We proceed with an analysis of the expected total discounted reward criterion for infinite horizon MDPs. The central result is the construction of the iteration rule for the Bellman operator. We prove the optimality equations for this operator and show the existence of an optimal stationary deterministic solution. The analysis can be used to obtain dynamic programming algorithms such as value iteration and policy iteration to solve MDPs with formal guarantees. Our formalization is based on chapters 5 and 6 in Puterman's book \"Markov Decision Processes: Discrete Stochastic Dynamic Programming\".",
"authors": [
"Maximilian Schäffeler",
"Mohammad Abdulaziz"
],
"date": "2021-12-16",
- "id": 61,
+ "id": 62,
"link": "/entries/MDP-Rewards.html",
"permalink": "/entries/MDP-Rewards.html",
"shortname": "MDP-Rewards",
"title": "Markov Decision Processes with Rewards",
"topic_links": [
"mathematics/probability-theory"
],
"topics": [
"Mathematics/Probability theory"
],
"used_by": 1
},
{
"abstract": "We present a formalization of algorithms for solving Markov Decision Processes (MDPs) with formal guarantees on the optimality of their solutions. In particular we build on our analysis of the Bellman operator for discounted infinite horizon MDPs. From the iterator rule on the Bellman operator we directly derive executable value iteration and policy iteration algorithms to iteratively solve finite MDPs. We also prove correct optimized versions of value iteration that use matrix splittings to improve the convergence rate. In particular, we formally verify Gauss-Seidel value iteration and modified policy iteration. The algorithms are evaluated on two standard examples from the literature, namely, inventory management and gridworld. Our formalization covers most of chapter 6 in Puterman's book \"Markov Decision Processes: Discrete Stochastic Dynamic Programming\".",
"authors": [
"Maximilian Schäffeler",
"Mohammad Abdulaziz"
],
"date": "2021-12-16",
- "id": 62,
+ "id": 63,
"link": "/entries/MDP-Algorithms.html",
"permalink": "/entries/MDP-Algorithms.html",
"shortname": "MDP-Algorithms",
"title": "Verified Algorithms for Solving Markov Decision Processes",
"topic_links": [
"mathematics/probability-theory",
"computer-science/algorithms"
],
"topics": [
"Mathematics/Probability theory",
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "Tree automata have good closure properties and therefore a commonly used to prove/disprove properties. This formalization contains among other things the proofs of many closure properties of tree automata (anchored) ground tree transducers and regular relations. Additionally it includes the well known pumping lemma and a lifting of the Myhill Nerode theorem for regular languages to tree languages. We want to mention the existence of a \u003ca href=\"https://www.isa-afp.org/entries/Tree-Automata.html\"\u003etree automata APF-entry\u003c/a\u003e developed by Peter Lammich. His work is based on epsilon free top-down tree automata, while this entry builds on bottom-up tree auotamta with epsilon transitions. Moreover our formalization relies on the \u003ca href=\"https://www.isa-afp.org/entries/Collections.html\"\u003eCollections Framework\u003c/a\u003e, also by Peter Lammich, to obtain efficient code. All proven constructions of the closure properties are exportable using the Isabelle/HOL code generation facilities.",
"authors": [
"Alexander Lochmann",
"Bertram Felgenhauer",
"Christian Sternagel",
"René Thiemann",
"Thomas Sternagel"
],
"date": "2021-12-15",
- "id": 63,
+ "id": 64,
"link": "/entries/Regular_Tree_Relations.html",
"permalink": "/entries/Regular_Tree_Relations.html",
"shortname": "Regular_Tree_Relations",
"title": "Regular Tree Relations",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 2
},
{
"abstract": "In this work we formalise the isomorphism between simplicial complexes of dimension $n$ and monotone Boolean functions in $n$ variables, mainly following the definitions and results as introduced by N. A. Scoville. We also take advantage of the AFP representation of \u003ca href=\"https://www.isa-afp.org/entries/ROBDD.html\"\u003eROBDD\u003c/a\u003e (Reduced Ordered Binary Decision Diagrams) to compute the ROBDD representation of a given simplicial complex (by means of the isomorphism to Boolean functions). Some examples of simplicial complexes and associated Boolean functions are also presented.",
"authors": [
"Jesús Aransay",
"Alejandro del Campo",
"Julius Michaelis"
],
"date": "2021-11-29",
- "id": 64,
+ "id": 65,
"link": "/entries/Simplicial_complexes_and_boolean_functions.html",
"permalink": "/entries/Simplicial_complexes_and_boolean_functions.html",
"shortname": "Simplicial_complexes_and_boolean_functions",
"title": "Simplicial Complexes and Boolean functions",
"topic_links": [
"mathematics/topology"
],
"topics": [
"Mathematics/Topology"
],
"used_by": 0
},
{
"abstract": "The \u003cem\u003evan Emde Boas tree\u003c/em\u003e or \u003cem\u003evan Emde Boas priority queue\u003c/em\u003e is a data structure supporting membership test, insertion, predecessor and successor search, minimum and maximum determination and deletion in \u003cem\u003eO(log log U)\u003c/em\u003e time, where \u003cem\u003eU = 0,...,2\u003csup\u003en-1\u003c/sup\u003e\u003c/em\u003e is the overall range to be considered. \u003cp/\u003e The presented formalization follows Chapter 20 of the popular \u003cem\u003eIntroduction to Algorithms (3rd ed.)\u003c/em\u003e by Cormen, Leiserson, Rivest and Stein (CLRS), extending the list of formally verified CLRS algorithms. Our current formalization is based on the first author's bachelor's thesis. \u003cp/\u003e First, we prove correct a \u003cem\u003efunctional\u003c/em\u003e implementation, w.r.t. an abstract data type for sets. Apart from functional correctness, we show a resource bound, and runtime bounds w.r.t. manually defined timing functions for the operations. \u003cp/\u003e Next, we refine the operations to Imperative HOL with time, and show correctness and complexity. This yields a practically more efficient implementation, and eliminates the manually defined timing functions from the trusted base of the proof.",
"authors": [
"Thomas Ammer",
"Peter Lammich"
],
"date": "2021-11-23",
- "id": 65,
+ "id": 66,
"link": "/entries/Van_Emde_Boas_Trees.html",
"permalink": "/entries/Van_Emde_Boas_Trees.html",
"shortname": "Van_Emde_Boas_Trees",
"title": "van Emde Boas Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "\"Foundations of Geometry\" is a mathematical book written by Hilbert in 1899. This entry is a complete formalization of \"Incidence\" (excluding cubic axioms), \"Order\" and \"Congruence\" (excluding point sequences) of the axioms constructed in this book. In addition, the theorem of the problem about the part that is treated implicitly and is not clearly stated in it is being carried out in parallel.",
"authors": [
"Fumiya Iwama"
],
"date": "2021-11-22",
- "id": 66,
+ "id": 67,
"link": "/entries/Foundation_of_geometry.html",
"permalink": "/entries/Foundation_of_geometry.html",
"shortname": "Foundation_of_geometry",
"title": "Foundation of geometry in planes, and some complements: Excluding the parallel axioms",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "In this work we formalize the Hahn decomposition theorem for signed measures, namely that any measure space for a signed measure can be decomposed into a positive and a negative set, where every measurable subset of the positive one has a positive measure, and every measurable subset of the negative one has a negative measure. We also formalize the Jordan decomposition theorem as a corollary, which states that the signed measure under consideration admits a unique decomposition into a difference of two positive measures, at least one of which is finite.",
"authors": [
"Marie Cousin",
"Mnacho Echenim",
"Hervé Guiol"
],
"date": "2021-11-19",
- "id": 67,
+ "id": 68,
"link": "/entries/Hahn_Jordan_Decomposition.html",
"permalink": "/entries/Hahn_Jordan_Decomposition.html",
"shortname": "Hahn_Jordan_Decomposition",
"title": "The Hahn and Jordan Decomposition Theorems",
"topic_links": [
"mathematics/measure-and-integration"
],
"topics": [
"Mathematics/Measure and integration"
],
"used_by": 0
},
{
"abstract": "We present a shallow embedding of public announcement logic (PAL) with relativized general knowledge in HOL. We then use PAL to obtain an elegant encoding of the wise men puzzle, which we solve automatically using sledgehammer.",
"authors": [
"Christoph Benzmüller",
"Sebastian Reiche"
],
"date": "2021-11-08",
- "id": 68,
+ "id": 69,
"link": "/entries/PAL.html",
"permalink": "/entries/PAL.html",
"shortname": "PAL",
"title": "Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL",
"topic_links": [
"logic/general-logic/logics-of-knowledge-and-belief"
],
"topics": [
"Logic/General logic/Logics of knowledge and belief"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eSimplified variants of Gödel's ontological argument are explored. Among those is a particularly interesting simplified argument which is (i) valid already in basic modal logics K or KT, (ii) which does not suffer from modal collapse, and (iii) which avoids the rather complex predicates of essence (Ess.) and necessary existence (NE) as used by Gödel. \u003c/p\u003e\u003cp\u003e Whether the presented variants increase or decrease the attractiveness and persuasiveness of the ontological argument is a question I would like to pass on to philosophy and theology. \u003c/p\u003e",
"authors": [
"Christoph Benzmüller"
],
"date": "2021-11-08",
- "id": 69,
+ "id": 70,
"link": "/entries/SimplifiedOntologicalArgument.html",
"permalink": "/entries/SimplifiedOntologicalArgument.html",
"shortname": "SimplifiedOntologicalArgument",
"title": "Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL",
"topic_links": [
"logic/philosophical-aspects",
"logic/general-logic/modal-logic"
],
"topics": [
"Logic/Philosophical aspects",
"Logic/General logic/Modal logic"
],
"used_by": 0
},
{
"abstract": "The AFP already contains a verified implementation of algebraic numbers. However, it is has a severe limitation in its factorization algorithm of real and complex polynomials: the factorization is only guaranteed to succeed if the coefficients of the polynomial are rational numbers. In this work, we verify an algorithm to factor all real and complex polynomials whose coefficients are algebraic. The existence of such an algorithm proves in a constructive way that the set of complex algebraic numbers is algebraically closed. Internally, the algorithm is based on resultants of multivariate polynomials and an approximation algorithm using interval arithmetic.",
"authors": [
"Manuel Eberl",
"René Thiemann"
],
"date": "2021-11-08",
- "id": 70,
+ "id": 71,
"link": "/entries/Factor_Algebraic_Polynomial.html",
"permalink": "/entries/Factor_Algebraic_Polynomial.html",
"shortname": "Factor_Algebraic_Polynomial",
"title": "Factorization of Polynomials with Algebraic Coefficients",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "In this formalisation, we construct real exponents as the limits of sequences of rational exponents. In particular, if $a \\ge 1$ and $x \\in \\mathbb{R}$, we choose an increasing rational sequence $r_n$ such that $\\lim_{n\\to\\infty} {r_n} = x$. Then the sequence $a^{r_n}$ is increasing and if $r$ is any rational number such that $r \u003e x$, $a^{r_n}$ is bounded above by $a^r$. By the convergence criterion for monotone sequences, $a^{r_n}$ converges. We define $a^ x = \\lim_{n\\to\\infty} a^{r_n}$ and show that it has the expected properties (for $a \\ge 0$). This particular construction of real exponents is needed instead of the usual one using the natural logarithm and exponential functions (which already exists in Isabelle) to support our mechanical derivation of Euler's exponential series as an ``infinite polynomial\". Aside from helping us avoid circular reasoning, this is, as far as we are aware, the first time real exponents are mechanised in this way within a proof assistant.",
"authors": [
"Jacques D. Fleuriot"
],
"date": "2021-11-08",
- "id": 71,
+ "id": 72,
"link": "/entries/Real_Power.html",
"permalink": "/entries/Real_Power.html",
"shortname": "Real_Power",
"title": "Real Exponents as the Limits of Sequences of Rational Exponents",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "\u003ca href=\"https://en.wikipedia.org/wiki/Szemerédi_regularity_lemma\"\u003eSzemerédi's regularity lemma\u003c/a\u003e is a key result in the study of large graphs. It asserts the existence of an upper bound on the number of parts the vertices of a graph need to be partitioned into such that the edges between the parts are random in a certain sense. This bound depends only on the desired precision and not on the graph itself, in the spirit of Ramsey's theorem. The formalisation follows online course notes by \u003ca href=\"https://www.dpmms.cam.ac.uk/~par31/notes/tic.pdf\"\u003eTim Gowers\u003c/a\u003e and \u003ca href=\"https://yufeizhao.com/gtacbook/\"\u003eYufei Zhao\u003c/a\u003e.",
"authors": [
"Chelsea Edmonds",
"Angeliki Koutsoukou-Argyraki",
"Lawrence C. Paulson"
],
"date": "2021-11-05",
- "id": 72,
+ "id": 73,
"link": "/entries/Szemeredi_Regularity.html",
"permalink": "/entries/Szemeredi_Regularity.html",
"shortname": "Szemeredi_Regularity",
"title": "Szemerédi's Regularity Lemma",
"topic_links": [
"mathematics/graph-theory",
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Graph theory",
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "A formalization of the theory of quantum and classical registers as developed by (Unruh, Quantum and Classical Registers). In a nutshell, a register refers to a part of a larger memory or system that can be accessed independently. Registers can be constructed from other registers and several (compatible) registers can be composed. This formalization develops both the generic theory of registers as well as specific instantiations for classical and quantum registers.",
"authors": [
"Dominique Unruh"
],
"date": "2021-10-28",
- "id": 73,
+ "id": 74,
"link": "/entries/Registers.html",
"permalink": "/entries/Registers.html",
"shortname": "Registers",
"title": "Quantum and Classical Registers",
"topic_links": [
"computer-science/algorithms/quantum-computing",
"computer-science/programming-languages/logics",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Algorithms/Quantum computing",
"Computer science/Programming languages/Logics",
"Computer science/Semantics and reasoning"
],
"used_by": 0
},
{
"abstract": "The 1985 paper by Carlos Alchourrón, Peter Gärdenfors, and David Makinson (AGM), “On the Logic of Theory Change: Partial Meet Contraction and Revision Functions” launches a large and rapidly growing literature that employs formal models and logics to handle changing beliefs of a rational agent and to take into account new piece of information observed by this agent. In 2011, a review book titled \"AGM 25 Years: Twenty-Five Years of Research in Belief Change\" was edited to summarize the first twenty five years of works based on AGM. This HOL-based AFP entry is a faithful formalization of the AGM operators (e.g. contraction, revision, remainder ...) axiomatized in the original paper. It also contains the proofs of all the theorems stated in the paper that show how these operators combine. Both proofs of Harper and Levi identities are established.",
"authors": [
"Valentin Fouillard",
"Safouan Taha",
"Frédéric Boulanger",
"Nicolas Sabouret"
],
"date": "2021-10-19",
- "id": 74,
+ "id": 75,
"link": "/entries/Belief_Revision.html",
"permalink": "/entries/Belief_Revision.html",
"shortname": "Belief_Revision",
"title": "Belief Revision Theory",
"topic_links": [
"logic/general-logic/logics-of-knowledge-and-belief"
],
"topics": [
"Logic/General logic/Logics of knowledge and belief"
],
"used_by": 0
},
{
"abstract": "This AFP entry provides semantics for roughly 120 different X86-64 assembly instructions. These instructions include various moves, arithmetic/logical operations, jumps, call/return, SIMD extensions and others. External functions are supported by allowing a user to provide custom semantics for these calls. Floating-point operations are mapped to uninterpreted functions. The model provides semantics for register aliasing and a byte-level little-endian memory model. The semantics are purposefully incomplete, but overapproximative. For example, the precise effect of flags may be undefined for certain instructions, or instructions may simply have no semantics at all. In those cases, the semantics are mapped to universally quantified uninterpreted terms from a locale. Second, this entry provides a method to symbolic execution of basic blocks. The method, called ''se_step'' (for: symbolic execution step) fetches an instruction and updates the current symbolic state while keeping track of assumptions made over the memory model. A key component is a set of theorems that prove how reads from memory resolve after writes have occurred. Thirdly, this entry provides a parser that allows the user to copy-paste the output of the standard disassembly tool objdump into Isabelle/HOL. A couple small and explanatory examples are included, including functions from the word count program. Several examples can be supplied upon request (they are not included due to the running time of verification): functions from the floating-point modulo function from FDLIBM, the GLIBC strlen function and the CoreUtils SHA256 implementation.",
"authors": [
"Freek Verbeek",
"Abhijith Bharadwaj",
"Joshua Bockenek",
"Ian Roessle",
"Timmy Weerwag",
"Binoy Ravindran"
],
"date": "2021-10-13",
- "id": 75,
+ "id": 76,
"link": "/entries/X86_Semantics.html",
"permalink": "/entries/X86_Semantics.html",
"shortname": "X86_Semantics",
"title": "X86 instruction semantics and basic block symbolic execution",
"topic_links": [
"computer-science/hardware",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Hardware",
"Computer science/Semantics and reasoning"
],
"used_by": 0
},
{
"abstract": "We study models of state-based non-deterministic sequential computations and describe them using algebras. We propose algebras that describe iteration for strict and non-strict computations. They unify computation models which differ in the fixpoints used to represent iteration. We propose algebras that describe the infinite executions of a computation. They lead to a unified approximation order and results that connect fixpoints in the approximation and refinement orders. This unifies the semantics of recursion for a range of computation models. We propose algebras that describe preconditions and the effect of while-programs under postconditions. They unify correctness statements in two dimensions: one statement applies in various computation models to various correctness claims.",
"authors": [
"Walter Guttmann"
],
"date": "2021-10-12",
- "id": 76,
+ "id": 77,
"link": "/entries/Correctness_Algebras.html",
"permalink": "/entries/Correctness_Algebras.html",
"shortname": "Correctness_Algebras",
"title": "Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "This paper presents a formally verified quantifier elimination (QE) algorithm for first-order real arithmetic by linear and quadratic virtual substitution (VS) in Isabelle/HOL. The Tarski-Seidenberg theorem established that the first-order logic of real arithmetic is decidable by QE. However, in practice, QE algorithms are highly complicated and often combine multiple methods for performance. VS is a practically successful method for QE that targets formulas with low-degree polynomials. To our knowledge, this is the first work to formalize VS for quadratic real arithmetic including inequalities. The proofs necessitate various contributions to the existing multivariate polynomial libraries in Isabelle/HOL. Our framework is modularized and easily expandable (to facilitate integrating future optimizations), and could serve as a basis for developing practical general-purpose QE algorithms. Further, as our formalization is designed with practicality in mind, we export our development to SML and test the resulting code on 378 benchmarks from the literature, comparing to Redlog, Z3, Wolfram Engine, and SMT-RAT. This identified inconsistencies in some tools, underscoring the significance of a verified approach for the intricacies of real arithmetic.",
"authors": [
"Matias Scharager",
"Katherine Cordwell",
"Stefan Mitsch",
"André Platzer"
],
"date": "2021-10-02",
- "id": 77,
+ "id": 78,
"link": "/entries/Virtual_Substitution.html",
"permalink": "/entries/Virtual_Substitution.html",
"shortname": "Virtual_Substitution",
"title": "Verified Quadratic Virtual Substitution for Real Arithmetic",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 0
},
{
"abstract": "This work is a formalization of the soundness and completeness of an axiomatic system for first-order logic. The proof system is based on System Q1 by Smullyan and the completeness proof follows his textbook \"First-Order Logic\" (Springer-Verlag 1968). The completeness proof is in the Henkin style where a consistent set is extended to a maximal consistent set using Lindenbaum's construction and Henkin witnesses are added during the construction to ensure saturation as well. The resulting set is a Hintikka set which, by the model existence theorem, is satisfiable in the Herbrand universe. Paper: \u003ca href=\"https://doi.org/10.4230/LIPIcs.TYPES.2021.8\"\u003edoi.org/10.4230/LIPIcs.TYPES.2021.8\u003c/a\u003e.",
"authors": [
"Asta Halkjær From"
],
"date": "2021-09-24",
- "id": 78,
+ "id": 79,
"link": "/entries/FOL_Axiomatic.html",
"permalink": "/entries/FOL_Axiomatic.html",
"shortname": "FOL_Axiomatic",
"title": "Soundness and Completeness of an Axiomatic System for First-Order Logic",
"topic_links": [
"logic/general-logic/classical-first-order-logic",
"logic/proof-theory"
],
"topics": [
"Logic/General logic/Classical first-order logic",
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "We present a formalization of bounded operators on complex vector spaces. Our formalization contains material on complex vector spaces (normed spaces, Banach spaces, Hilbert spaces) that complements and goes beyond the developments of real vectors spaces in the Isabelle/HOL standard library. We define the type of bounded operators between complex vector spaces (\u003cem\u003ecblinfun\u003c/em\u003e) and develop the theory of unitaries, projectors, extension of bounded linear functions (BLT theorem), adjoints, Loewner order, closed subspaces and more. For the finite-dimensional case, we provide code generation support by identifying finite-dimensional operators with matrices as formalized in the \u003ca href=\"Jordan_Normal_Form.html\"\u003eJordan_Normal_Form\u003c/a\u003e AFP entry.",
"authors": [
"José Manuel Rodríguez Caballero",
"Dominique Unruh"
],
"date": "2021-09-18",
- "id": 79,
+ "id": 80,
"link": "/entries/Complex_Bounded_Operators.html",
"permalink": "/entries/Complex_Bounded_Operators.html",
"shortname": "Complex_Bounded_Operators",
"title": "Complex Bounded Operators",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "We define the weighted path order (WPO) and formalize several properties such as strong normalization, the subterm property, and closure properties under substitutions and contexts. Our definition of WPO extends the original definition by also permitting multiset comparisons of arguments instead of just lexicographic extensions. Therefore, our WPO not only subsumes lexicographic path orders (LPO), but also recursive path orders (RPO). We formally prove these subsumptions and therefore all of the mentioned properties of WPO are automatically transferable to LPO and RPO as well. Such a transformation is not required for Knuth\u0026ndash;Bendix orders (KBO), since they have already been formalized. Nevertheless, we still provide a proof that WPO subsumes KBO and thereby underline the generality of WPO.",
"authors": [
"Christian Sternagel",
"René Thiemann",
"Akihisa Yamada"
],
"date": "2021-09-16",
- "id": 80,
+ "id": 81,
"link": "/entries/Weighted_Path_Order.html",
"permalink": "/entries/Weighted_Path_Order.html",
"shortname": "Weighted_Path_Order",
"title": "A Formalization of Weighted Path Orders and Recursive Path Orders",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 1
},
{
"abstract": "This article provides a foundational framework for the formalization of category theory in the object logic ZFC in HOL of the formal proof assistant Isabelle. More specifically, this article provides a formalization of canonical set-theoretic constructions internalized in the type \u003ci\u003eV\u003c/i\u003e associated with the ZFC in HOL, establishes a design pattern for the formalization of mathematical structures using sequences and locales, and showcases the developed infrastructure by providing formalizations of the elementary theories of digraphs and semicategories. The methodology chosen for the formalization of the theories of digraphs and semicategories (and categories in future articles) rests on the ideas that were originally expressed in the article \u003ci\u003eSet-Theoretical Foundations of Category Theory\u003c/i\u003e written by Solomon Feferman and Georg Kreisel. Thus, in the context of this work, each of the aforementioned mathematical structures is represented as a term of the type \u003ci\u003eV\u003c/i\u003e embedded into a stage of the von Neumann hierarchy.",
"authors": [
"Mihails Milehins"
],
"date": "2021-09-06",
- "id": 81,
+ "id": 82,
"link": "/entries/CZH_Foundations.html",
"permalink": "/entries/CZH_Foundations.html",
"shortname": "CZH_Foundations",
"title": "Category Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories",
"topic_links": [
"mathematics/category-theory",
"logic/set-theory"
],
"topics": [
"Mathematics/Category theory",
"Logic/Set theory"
],
"used_by": 1
},
{
"abstract": "This article provides a formalization of the foundations of the theory of 1-categories in the object logic ZFC in HOL of the formal proof assistant Isabelle. The article builds upon the foundations that were established in the AFP entry \u003ci\u003eCategory Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories\u003c/i\u003e.",
"authors": [
"Mihails Milehins"
],
"date": "2021-09-06",
- "id": 82,
+ "id": 83,
"link": "/entries/CZH_Elementary_Categories.html",
"permalink": "/entries/CZH_Elementary_Categories.html",
"shortname": "CZH_Elementary_Categories",
"title": "Category Theory for ZFC in HOL II: Elementary Theory of 1-Categories",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 1
},
{
"abstract": "The article provides a formalization of elements of the theory of universal constructions for 1-categories (such as limits, adjoints and Kan extensions) in the object logic ZFC in HOL of the formal proof assistant Isabelle. The article builds upon the foundations established in the AFP entry \u003ci\u003eCategory Theory for ZFC in HOL II: Elementary Theory of 1-Categories\u003c/i\u003e.",
"authors": [
"Mihails Milehins"
],
"date": "2021-09-06",
- "id": 83,
+ "id": 84,
"link": "/entries/CZH_Universal_Constructions.html",
"permalink": "/entries/CZH_Universal_Constructions.html",
"shortname": "CZH_Universal_Constructions",
"title": "Category Theory for ZFC in HOL III: Universal Constructions",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 0
},
{
"abstract": "The article provides a collection of experimental general-purpose proof methods for the object logic Isabelle/HOL of the formal proof assistant Isabelle. The methods in the collection offer functionality that is similar to certain aspects of the functionality provided by the standard proof methods of Isabelle that combine classical reasoning and rewriting, such as the method \u003ci\u003eauto\u003c/i\u003e, but use a different approach for rewriting. More specifically, these methods allow for the side conditions of the rewrite rules to be solved via intro-resolution.",
"authors": [
"Mihails Milehins"
],
"date": "2021-09-06",
- "id": 84,
+ "id": 85,
"link": "/entries/Conditional_Simplification.html",
"permalink": "/entries/Conditional_Simplification.html",
"shortname": "Conditional_Simplification",
"title": "Conditional Simplification",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 1
},
{
"abstract": "This article provides a collection of experimental utilities for unoverloading of definitions and synthesis of conditional transfer rules for the object logic Isabelle/HOL of the formal proof assistant Isabelle written in Isabelle/ML.",
"authors": [
"Mihails Milehins"
],
"date": "2021-09-06",
- "id": 85,
+ "id": 86,
"link": "/entries/Conditional_Transfer_Rule.html",
"permalink": "/entries/Conditional_Transfer_Rule.html",
"shortname": "Conditional_Transfer_Rule",
"title": "Conditional Transfer Rule",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 1
},
{
"abstract": "In their article titled \u003ci\u003eFrom Types to Sets by Local Type Definitions in Higher-Order Logic\u003c/i\u003e and published in the proceedings of the conference \u003ci\u003eInteractive Theorem Proving\u003c/i\u003e in 2016, Ondřej Kunčar and Andrei Popescu propose an extension of the logic Isabelle/HOL and an associated algorithm for the relativization of the \u003ci\u003etype-based theorems\u003c/i\u003e to more flexible \u003ci\u003eset-based theorems\u003c/i\u003e, collectively referred to as \u003ci\u003eTypes-To-Sets\u003c/i\u003e. One of the aims of their work was to open an opportunity for the development of a software tool for applied relativization in the implementation of the logic Isabelle/HOL of the proof assistant Isabelle. In this article, we provide a prototype of a software framework for the interactive automated relativization of theorems in Isabelle/HOL, developed as an extension of the proof language Isabelle/Isar. The software framework incorporates the implementation of the proposed extension of the logic, and builds upon some of the ideas for further work expressed in the original article on Types-To-Sets by Ondřej Kunčar and Andrei Popescu and the subsequent article \u003ci\u003eSmooth Manifolds and Types to Sets for Linear Algebra in Isabelle/HOL\u003c/i\u003e that was written by Fabian Immler and Bohua Zhan and published in the proceedings of the \u003ci\u003eInternational Conference on Certified Programs and Proofs\u003c/i\u003e in 2019.",
"authors": [
"Mihails Milehins"
],
"date": "2021-09-06",
- "id": 86,
+ "id": 87,
"link": "/entries/Types_To_Sets_Extension.html",
"permalink": "/entries/Types_To_Sets_Extension.html",
"shortname": "Types_To_Sets_Extension",
"title": "Extension of Types-To-Sets",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 0
},
{
"abstract": "The article provides the command \u003cb\u003emk_ide\u003c/b\u003e for the object logic Isabelle/HOL of the formal proof assistant Isabelle. The command \u003cb\u003emk_ide\u003c/b\u003e enables the automated synthesis of the introduction, destruction and elimination rules from arbitrary definitions of constant predicates stated in Isabelle/HOL.",
"authors": [
"Mihails Milehins"
],
"date": "2021-09-06",
- "id": 87,
+ "id": 88,
"link": "/entries/Intro_Dest_Elim.html",
"permalink": "/entries/Intro_Dest_Elim.html",
"shortname": "Intro_Dest_Elim",
"title": "IDE: Introduction, Destruction, Elimination",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 1
},
{
"abstract": "This entry formalises the fast iterative algorithm for computing dominators due to Cooper, Harvey and Kennedy. It gives a specification of computing dominators on a control flow graph where each node refers to its reverse post order number. A semilattice of reversed-ordered list which represents dominators is built and a Kildall-style algorithm on the semilattice is defined for computing dominators. Finally the soundness and completeness of the algorithm are proved w.r.t. the specification.",
"authors": [
"Nan Jiang"
],
"date": "2021-09-05",
- "id": 88,
+ "id": 89,
"link": "/entries/Dominance_CHK.html",
"permalink": "/entries/Dominance_CHK.html",
"shortname": "Dominance_CHK",
"title": "A data flow analysis algorithm for computing dominators",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eWe formalize Cardano's formula to solve a cubic equation $$ax^3 + bx^2 + cx + d = 0,$$ as well as Ferrari's formula to solve a quartic equation. We further turn both formulas into executable algorithms based on the algebraic number implementation in the AFP. To this end we also slightly extended this library, namely by making the minimal polynomial of an algebraic number executable, and by defining and implementing $n$-th roots of complex numbers.\u003c/p\u003e",
"authors": [
"René Thiemann"
],
"date": "2021-09-03",
- "id": 89,
+ "id": 90,
"link": "/entries/Cubic_Quartic_Equations.html",
"permalink": "/entries/Cubic_Quartic_Equations.html",
"shortname": "Cubic_Quartic_Equations",
"title": "Solving Cubic and Quartic Equations",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "In the context of formal cryptographic protocol verification, logging-independent message anonymity is the property for a given message to remain anonymous despite the attacker's capability of mapping messages of that sort to agents based on some intrinsic feature of such messages, rather than by logging the messages exchanged by legitimate agents as with logging-dependent message anonymity. This paper illustrates how logging-independent message anonymity can be formalized according to the relational method for formal protocol verification by considering a real-world protocol, namely the Restricted Identification one by the BSI. This sample model is used to verify that the pseudonymous identifiers output by user identification tokens remain anonymous under the expected conditions.",
"authors": [
"Pasquale Noce"
],
"date": "2021-08-26",
- "id": 90,
+ "id": 91,
"link": "/entries/Logging_Independent_Anonymity.html",
"permalink": "/entries/Logging_Independent_Anonymity.html",
"shortname": "Logging_Independent_Anonymity",
"title": "Logging-independent Message Anonymity in the Relational Method",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "The Descartes test based on Bernstein coefficients and Descartes’ rule of signs effectively (over-)approximates the number of real roots of a univariate polynomial over an interval. In this entry we formalise the theorem of three circles, which gives sufficient conditions for when the Descartes test returns 0 or 1. This is the first step for efficient root isolation.",
"authors": [
"Fox Thomson",
"Wenda Li"
],
"date": "2021-08-21",
- "id": 91,
+ "id": 92,
"link": "/entries/Three_Circles.html",
"permalink": "/entries/Three_Circles.html",
"shortname": "Three_Circles",
"title": "The Theorem of Three Circles",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "This entry contains the confidentiality verification of the (functional kernel of) the CoCon conference management system [\u003ca href=\"https://doi.org/10.1007/978-3-319-08867-9_11\"\u003e1\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/s10817-020-09566-9\"\u003e2\u003c/a\u003e]. The confidentiality properties refer to the documents managed by the system, namely papers, reviews, discussion logs and acceptance/rejection decisions, and also to the assignment of reviewers to papers. They have all been formulated as instances of BD Security [\u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e3\u003c/a\u003e, \u003ca href=\"https://www.isa-afp.org/entries/Bounded_Deducibility_Security.html\"\u003e4\u003c/a\u003e] and verified using the BD Security unwinding technique.",
"authors": [
"Andrei Popescu",
"Peter Lammich",
"Thomas Bauereiss"
],
"date": "2021-08-16",
- "id": 92,
+ "id": 93,
"link": "/entries/CoCon.html",
"permalink": "/entries/CoCon.html",
"shortname": "CoCon",
"title": "CoCon: A Confidentiality-Verified Conference Management System",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "Building on a previous \u003ca href=\"https://www.isa-afp.org/entries/Bounded_Deducibility_Security.html\"\u003eAFP entry\u003c/a\u003e that formalizes the Bounded-Deducibility Security (BD Security) framework \u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e[1]\u003c/a\u003e, we formalize compositionality and transport theorems for information flow security. These results allow lifting BD Security properties from individual components specified as transition systems, to a composition of systems specified as communicating products of transition systems. The underlying ideas of these results are presented in the papers \u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e[1]\u003c/a\u003e and \u003ca href=\"https://doi.org/10.1109/SP.2017.24\"\u003e[2]\u003c/a\u003e. The latter paper also describes a major case study where these results have been used: on verifying the CoSMeDis distributed social media platform (itself formalized as an \u003ca href=\"https://www.isa-afp.org/entries/CoSMeDis.html\"\u003eAFP entry\u003c/a\u003e that builds on this entry).",
"authors": [
"Thomas Bauereiss",
"Andrei Popescu"
],
"date": "2021-08-16",
- "id": 93,
+ "id": 94,
"link": "/entries/BD_Security_Compositional.html",
"permalink": "/entries/BD_Security_Compositional.html",
"shortname": "BD_Security_Compositional",
"title": "Compositional BD Security",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 1
},
{
"abstract": "This entry contains the confidentiality verification of the (functional kernel of) the CoSMed social media platform. The confidentiality properties are formalized as instances of BD Security [\u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e1\u003c/a\u003e, \u003ca href=\"https://www.isa-afp.org/entries/Bounded_Deducibility_Security.html\"\u003e2\u003c/a\u003e]. An innovation in the deployment of BD Security compared to previous work is the use of dynamic declassification triggers, incorporated as part of inductive bounds, for providing stronger guarantees that account for the repeated opening and closing of access windows. To further strengthen the confidentiality guarantees, we also prove \"traceback\" properties about the accessibility decisions affecting the information managed by the system.",
"authors": [
"Thomas Bauereiss",
"Andrei Popescu"
],
"date": "2021-08-16",
- "id": 94,
+ "id": 95,
"link": "/entries/CoSMed.html",
"permalink": "/entries/CoSMed.html",
"shortname": "CoSMed",
"title": "CoSMed: A confidentiality-verified social media platform",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This entry contains the confidentiality verification of the (functional kernel of) the CoSMeDis distributed social media platform presented in [\u003ca href=\"https://doi.org/10.1109/SP.2017.24\"\u003e1\u003c/a\u003e]. CoSMeDis is a multi-node extension the CoSMed prototype social media platform [\u003ca href=\"https://doi.org/10.1007/978-3-319-43144-4_6\"\u003e2\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/s10817-017-9443-3\"\u003e3\u003c/a\u003e, \u003ca href=\"https://www.isa-afp.org/entries/CoSMed.html\"\u003e4\u003c/a\u003e]. The confidentiality properties are formalized as instances of BD Security [\u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e5\u003c/a\u003e, \u003ca href=\"https://www.isa-afp.org/entries/Bounded_Deducibility_Security.html\"\u003e6\u003c/a\u003e]. The lifting of confidentiality properties from single nodes to the entire CoSMeDis network is performed using compositionality and transport theorems for BD Security, which are described in [\u003ca href=\"https://doi.org/10.1109/SP.2017.24\"\u003e1\u003c/a\u003e] and formalized in a separate \u003ca href=\"https://www.isa-afp.org/entries/BD_Security_Compositional.html\"\u003eAFP entry\u003c/a\u003e.",
"authors": [
"Thomas Bauereiss",
"Andrei Popescu"
],
"date": "2021-08-16",
- "id": 95,
+ "id": 96,
"link": "/entries/CoSMeDis.html",
"permalink": "/entries/CoSMeDis.html",
"shortname": "CoSMeDis",
"title": "CoSMeDis: A confidentiality-verified distributed social media platform",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This entry defines a type class with an operator returning a fresh identifier, given a set of already used identifiers and a preferred identifier. The entry provides a default instantiation for any infinite type, as well as executable instantiations for natural numbers and strings.",
"authors": [
"Andrei Popescu",
"Thomas Bauereiss"
],
"date": "2021-08-16",
- "id": 96,
+ "id": 97,
"link": "/entries/Fresh_Identifiers.html",
"permalink": "/entries/Fresh_Identifiers.html",
"shortname": "Fresh_Identifiers",
"title": "Fresh identifiers",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 3
},
{
"abstract": "Combinatorial design theory studies incidence set systems with certain balance and symmetry properties. It is closely related to hypergraph theory. This formalisation presents a general library for formal reasoning on incidence set systems, designs and their applications, including formal definitions and proofs for many key properties, operations, and theorems on the construction and existence of designs. Notably, this includes formalising t-designs, balanced incomplete block designs (BIBD), group divisible designs (GDD), pairwise balanced designs (PBD), design isomorphisms, and the relationship between graphs and designs. A locale-centric approach has been used to manage the relationships between the many different types of designs. Theorems of particular interest include the necessary conditions for existence of a BIBD, Wilson's construction on GDDs, and Bose's inequality on resolvable designs. Parts of this formalisation are explored in the paper \"A Modular First Formalisation of Combinatorial Design Theory\", presented at CICM 2021.",
"authors": [
"Chelsea Edmonds",
"Lawrence C. Paulson"
],
"date": "2021-08-13",
- "id": 97,
+ "id": 98,
"link": "/entries/Design_Theory.html",
"permalink": "/entries/Design_Theory.html",
"shortname": "Design_Theory",
"title": "Combinatorial Design Theory",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 2
},
{
"abstract": "We study second-order formalisations of graph properties expressed as first-order formulas in relation algebras extended with a Kleene star. The formulas quantify over relations while still avoiding quantification over elements of the base set. We formalise the property of undirected graphs being acyclic this way. This involves a study of various kinds of orientation of graphs. We also verify basic algorithms to constructively prove several second-order properties.",
"authors": [
"Walter Guttmann"
],
"date": "2021-08-03",
- "id": 98,
+ "id": 99,
"link": "/entries/Relational_Forests.html",
"permalink": "/entries/Relational_Forests.html",
"shortname": "Relational_Forests",
"title": "Relational Forests",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "This is a formalisation of Schutz' system of axioms for Minkowski spacetime published under the name \"Independent axioms for Minkowski space-time\" in 1997, as well as most of the results in the third chapter (\"Temporal Order on a Path\") of the above monograph. Many results are proven here that cannot be found in Schutz, either preceding the theorem they are needed for, or within their own thematic section.",
"authors": [
"Richard Schmoetten",
"Jake Palmer",
"Jacques D. Fleuriot"
],
"date": "2021-07-27",
- "id": 99,
+ "id": 100,
"link": "/entries/Schutz_Spacetime.html",
"permalink": "/entries/Schutz_Spacetime.html",
"shortname": "Schutz_Spacetime",
"title": "Schutz' Independent Axioms for Minkowski Spacetime",
"topic_links": [
"mathematics/physics",
"mathematics/geometry"
],
"topics": [
"Mathematics/Physics",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "This article deals with the formalisation of some group-theoretic results including the fundamental theorem of finitely generated abelian groups characterising the structure of these groups as a uniquely determined product of cyclic groups. Both the invariant factor decomposition and the primary decomposition are covered. Additional work includes results about the direct product, the internal direct product and more group-theoretic lemmas.",
"authors": [
"Joseph Thommes",
"Manuel Eberl"
],
"date": "2021-07-07",
- "id": 100,
+ "id": 101,
"link": "/entries/Finitely_Generated_Abelian_Groups.html",
"permalink": "/entries/Finitely_Generated_Abelian_Groups.html",
"shortname": "Finitely_Generated_Abelian_Groups",
"title": "Finitely Generated Abelian Groups",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "SpecCheck is a \u003ca href=\"https://en.wikipedia.org/wiki/QuickCheck\"\u003eQuickCheck\u003c/a\u003e-like testing framework for Isabelle/ML. You can use it to write specifications for ML functions. SpecCheck then checks whether your specification holds by testing your function against a given number of generated inputs. It helps you to identify bugs by printing counterexamples on failure and provides you timing information. SpecCheck is customisable and allows you to specify your own input generators, test output formats, as well as pretty printers and shrinking functions for counterexamples among other things.",
"authors": [
"Kevin Kappelmann",
"Lukas Bulwahn",
"Sebastian Willenbrink"
],
"date": "2021-07-01",
- "id": 101,
+ "id": 102,
"link": "/entries/SpecCheck.html",
"permalink": "/entries/SpecCheck.html",
"shortname": "SpecCheck",
"title": "SpecCheck - Specification-Based Testing for Isabelle/ML",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 3
},
{
"abstract": "This article formalises the proof of Van der Waerden's Theorem from Ramsey theory. Van der Waerden's Theorem states that for integers $k$ and $l$ there exists a number $N$ which guarantees that if an integer interval of length at least $N$ is coloured with $k$ colours, there will always be an arithmetic progression of length $l$ of the same colour in said interval. The proof goes along the lines of \\cite{Swan}. The smallest number $N_{k,l}$ fulfilling Van der Waerden's Theorem is then called the Van der Waerden Number. Finding the Van der Waerden Number is still an open problem for most values of $k$ and $l$.",
"authors": [
"Katharina Kreuzer",
"Manuel Eberl"
],
"date": "2021-06-22",
- "id": 102,
+ "id": 103,
"link": "/entries/Van_der_Waerden.html",
"permalink": "/entries/Van_der_Waerden.html",
"shortname": "Van_der_Waerden",
"title": "Van der Waerden's Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "MiniSail is a kernel language for Sail, an instruction set architecture (ISA) specification language. Sail is an imperative language with a light-weight dependent type system similar to refinement type systems. From an ISA specification, the Sail compiler can generate theorem prover code and C (or OCaml) to give an executable emulator for an architecture. The idea behind MiniSail is to capture the key and novel features of Sail in terms of their syntax, typing rules and operational semantics, and to confirm that they work together by proving progress and preservation lemmas. We use the Nominal2 library to handle binding.",
"authors": [
"Mark Wassell"
],
"date": "2021-06-18",
- "id": 103,
+ "id": 104,
"link": "/entries/MiniSail.html",
"permalink": "/entries/MiniSail.html",
"shortname": "MiniSail",
"title": "MiniSail - A kernel language for the ISA specification language SAIL",
"topic_links": [
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Programming languages/Type systems"
],
"used_by": 0
},
{
"abstract": "This work is a formalization of public announcement logic with countably many agents. It includes proofs of soundness and completeness for a variant of the axiom system PA + DIST! + NEC!. The completeness proof builds on the Epistemic Logic theory. Paper: \u003ca href=\"https://doi.org/10.1007/978-3-030-90138-7_2\"\u003edoi.org/10.1007/978-3-030-90138-7_2\u003c/a\u003e.",
"authors": [
"Asta Halkjær From"
],
"date": "2021-06-17",
- "id": 104,
+ "id": 105,
"link": "/entries/Public_Announcement_Logic.html",
"permalink": "/entries/Public_Announcement_Logic.html",
"shortname": "Public_Announcement_Logic",
"title": "Public Announcement Logic",
"topic_links": [
"logic/general-logic/logics-of-knowledge-and-belief"
],
"topics": [
"Logic/General logic/Logics of knowledge and belief"
],
"used_by": 0
},
{
"abstract": "This paper presents a compiler correctness proof for the didactic imperative programming language IMP, introduced in Nipkow and Klein's book on formal programming language semantics (version of March 2021), whose size is just two thirds of the book's proof in the number of formal text lines. As such, it promises to constitute a further enhanced reference for the formal verification of compilers meant for larger, real-world programming languages. The presented proof does not depend on language determinism, so that the proposed approach can be applied to non-deterministic languages as well. As a confirmation, this paper extends IMP with an additional non-deterministic choice command, and proves compiler correctness, viz. the simulation of compiled code execution by source code, for such extended language.",
"authors": [
"Pasquale Noce"
],
"date": "2021-06-04",
- "id": 105,
+ "id": 106,
"link": "/entries/IMP_Compiler.html",
"permalink": "/entries/IMP_Compiler.html",
"shortname": "IMP_Compiler",
"title": "A Shorter Compiler Correctness Proof for Language IMP",
"topic_links": [
"computer-science/programming-languages/compiling"
],
"topics": [
"Computer science/Programming languages/Compiling"
],
"used_by": 0
},
{
"abstract": "We formalize basics of Combinatorics on Words. This is an extension of existing theories on lists. We provide additional properties related to prefix, suffix, factor, length and rotation. The topics include prefix and suffix comparability, mismatch, word power, total and reversed morphisms, border, periods, primitivity and roots. We also formalize basic, mostly folklore results related to word equations: equidivisibility, commutation and conjugation. Slightly advanced properties include the Periodicity lemma (often cited as the Fine and Wilf theorem) and the variant of the Lyndon-Schützenberger theorem for words, including its full parametric solution. We support the algebraic point of view which sees words as generators of submonoids of a free monoid. This leads to the concepts of the (free) hull, the (free) basis (or code). We also provide relevant proof methods and a tool to generate reverse-symmetric claims.",
"authors": [
"Štěpán Holub",
"Martin Raška",
"Štěpán Starosta"
],
"date": "2021-05-24",
- "id": 106,
+ "id": 107,
"link": "/entries/Combinatorics_Words.html",
"permalink": "/entries/Combinatorics_Words.html",
"shortname": "Combinatorics_Words",
"title": "Combinatorics on Words Basics",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 2
},
{
"abstract": "Graph lemma quantifies the defect effect of a system of word equations. That is, it provides an upper bound on the rank of the system. We formalize the proof based on the decomposition of a solution into its free basis. A direct application is an alternative proof of the fact that two noncommuting words form a code.",
"authors": [
"Štěpán Holub",
"Štěpán Starosta"
],
"date": "2021-05-24",
- "id": 107,
+ "id": 108,
"link": "/entries/Combinatorics_Words_Graph_Lemma.html",
"permalink": "/entries/Combinatorics_Words_Graph_Lemma.html",
"shortname": "Combinatorics_Words_Graph_Lemma",
"title": "Graph Lemma",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "Lyndon words are words lexicographically minimal in their conjugacy class. We formalize their basic properties and characterizations, in particular the concepts of the longest Lyndon suffix and the Lyndon factorization. Most of the work assumes a fixed lexicographical order. Nevertheless we also define the smallest relation guaranteeing lexicographical minimality of a given word (in its conjugacy class).",
"authors": [
"Štěpán Holub",
"Štěpán Starosta"
],
"date": "2021-05-24",
- "id": 108,
+ "id": 109,
"link": "/entries/Combinatorics_Words_Lyndon.html",
"permalink": "/entries/Combinatorics_Words_Lyndon.html",
"shortname": "Combinatorics_Words_Lyndon",
"title": "Lyndon words",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "This development provides a general definition for safe Regression Test Selection (RTS) algorithms. RTS algorithms select which tests to rerun on revised code, reducing the time required to check for newly introduced errors. An RTS algorithm is considered safe if and only if all deselected tests would have unchanged results. This definition is instantiated with two class-collection-based RTS algorithms run over the JVM as modeled by JinjaDCI. This is achieved with a general definition for Collection Semantics, small-step semantics instrumented to collect information during execution. As the RTS definition mandates safety, these instantiations include proofs of safety. This work is described in Mansky and Gunter's LSFA 2020 paper and Mansky's doctoral thesis (UIUC, 2020).",
"authors": [
"Susannah Mansky"
],
"date": "2021-04-30",
- "id": 109,
+ "id": 110,
"link": "/entries/Regression_Test_Selection.html",
"permalink": "/entries/Regression_Test_Selection.html",
"shortname": "Regression_Test_Selection",
"title": "Regression Test Selection",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "In this entry we formalize Isabelle's metalogic in Isabelle/HOL. Furthermore, we define a language of proof terms and an executable proof checker and prove its soundness wrt. the metalogic. The formalization is intentionally kept close to the Isabelle implementation(for example using de Brujin indices) to enable easy integration of generated code with the Isabelle system without a complicated translation layer. The formalization is described in our \u003ca href=\"https://arxiv.org/pdf/2104.12224.pdf\"\u003eCADE 28 paper\u003c/a\u003e.",
"authors": [
"Tobias Nipkow",
"Simon Roßkopf"
],
"date": "2021-04-27",
- "id": 110,
+ "id": 111,
"link": "/entries/Metalogic_ProofChecker.html",
"permalink": "/entries/Metalogic_ProofChecker.html",
"shortname": "Metalogic_ProofChecker",
"title": "Isabelle's Metalogic: Formalization and Proof Checker",
"topic_links": [
"logic/general-logic"
],
"topics": [
"Logic/General logic"
],
"used_by": 0
},
{
"abstract": "We formalize the \u003ci\u003eLifting the Exponent Lemma\u003c/i\u003e, which shows how to find the largest power of $p$ dividing $a^n \\pm b^n$, for a prime $p$ and positive integers $a$ and $b$. The proof follows \u003ca href=\"https://s3.amazonaws.com/aops-cdn.artofproblemsolving.com/resources/articles/lifting-the-exponent.pdf\"\u003eAmir Hossein Parvardi's\u003c/a\u003e.",
"authors": [
"Maya Kądziołka"
],
"date": "2021-04-27",
- "id": 111,
+ "id": 112,
"link": "/entries/Lifting_the_Exponent.html",
"permalink": "/entries/Lifting_the_Exponent.html",
"shortname": "Lifting_the_Exponent",
"title": "Lifting the Exponent",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "We formalize the univariate case of Ben-Or, Kozen, and Reif's decision procedure for first-order real arithmetic (the BKR algorithm). We also formalize the univariate case of Renegar's variation of the BKR algorithm. The two formalizations differ mathematically in minor ways (that have significant impact on the multivariate case), but are quite similar in proof structure. Both rely on sign-determination (finding the set of consistent sign assignments for a set of polynomials). The method used for sign-determination is similar to Tarski's original quantifier elimination algorithm (it stores key information in a matrix equation), but with a reduction step to keep complexity low.",
"authors": [
"Katherine Cordwell",
"Yong Kiam Tan",
"André Platzer"
],
"date": "2021-04-24",
- "id": 112,
+ "id": 113,
"link": "/entries/BenOr_Kozen_Reif.html",
"permalink": "/entries/BenOr_Kozen_Reif.html",
"shortname": "BenOr_Kozen_Reif",
"title": "The BKR Decision Procedure for Univariate Real Arithmetic",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 1
},
{
"abstract": "This is a formalisation of the main result of Gale and Stewart from 1953, showing that closed finite games are determined. This property is now known as the Gale Stewart Theorem. While the original paper shows some additional theorems as well, we only formalize this main result, but do so in a somewhat general way. We formalize games of a fixed arbitrary length, including infinite length, using co-inductive lists, and show that defensive strategies exist unless the other player is winning. For closed games, defensive strategies are winning for the closed player, proving that such games are determined. For finite games, which are a special case in our formalisation, all games are closed.",
"authors": [
"Sebastiaan J. C. Joosten"
],
"date": "2021-04-23",
- "id": 113,
+ "id": 114,
"link": "/entries/GaleStewart_Games.html",
"permalink": "/entries/GaleStewart_Games.html",
"shortname": "GaleStewart_Games",
"title": "Gale-Stewart Games",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "Large-scale stream processing systems often follow the dataflow paradigm, which enforces a program structure that exposes a high degree of parallelism. The Timely Dataflow distributed system supports expressive cyclic dataflows for which it offers low-latency data- and pipeline-parallel stream processing. To achieve high expressiveness and performance, Timely Dataflow uses an intricate distributed protocol for tracking the computation’s progress. We formalize this progress tracking protocol and verify its safety. Our formalization is described in detail in our forthcoming \u003ca href=\"https://traytel.bitbucket.io/papers/itp21-progress_tracking/safe.pdf\"\u003eITP'21 paper\u003c/a\u003e.",
"authors": [
"Matthias Brun",
"Sára Decova",
"Andrea Lattuada",
"Dmitriy Traytel"
],
"date": "2021-04-13",
- "id": 114,
+ "id": 115,
"link": "/entries/Progress_Tracking.html",
"permalink": "/entries/Progress_Tracking.html",
"shortname": "Progress_Tracking",
"title": "Formalization of Timely Dataflow's Progress Tracking Protocol",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "We provide a characterisation of how information is propagated by program executions based on the tracking data and control dependencies within executions themselves. The characterisation might be used for deriving approximative safety properties to be targeted by static analyses or checked at runtime. We utilise a simple yet versatile control flow graph model as a program representation. As our model is not assumed to be finite it can be instantiated for a broad class of programs. The targeted security property is indistinguishable security where executions produce sequences of observations and only non-terminating executions are allowed to drop a tail of those. A very crude approximation of our characterisation is slicing based on program dependence graphs, which we use as a minimal example and derive a corresponding soundness result. For further details and applications refer to the authors upcoming dissertation.",
"authors": [
"Benedikt Nordhoff"
],
"date": "2021-04-01",
- "id": 115,
+ "id": 116,
"link": "/entries/IFC_Tracking.html",
"permalink": "/entries/IFC_Tracking.html",
"shortname": "IFC_Tracking",
"title": "Information Flow Control via Dependency Tracking",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "We formalize mainstream structures in algebraic geometry culminating in Grothendieck's schemes: presheaves of rings, sheaves of rings, ringed spaces, locally ringed spaces, affine schemes and schemes. We prove that the spectrum of a ring is a locally ringed space, hence an affine scheme. Finally, we prove that any affine scheme is a scheme.",
"authors": [
"Anthony Bordg",
"Lawrence C. Paulson",
"Wenda Li"
],
"date": "2021-03-29",
- "id": 116,
+ "id": 117,
"link": "/entries/Grothendieck_Schemes.html",
"permalink": "/entries/Grothendieck_Schemes.html",
"shortname": "Grothendieck_Schemes",
"title": "Grothendieck's Schemes in Algebraic Geometry",
"topic_links": [
"mathematics/algebra",
"mathematics/geometry"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "We formalize the ring of \u003cem\u003ep\u003c/em\u003e-adic integers within the framework of the HOL-Algebra library. The carrier of the ring is formalized as the inverse limit of quotients of the integers by powers of a fixed prime \u003cem\u003ep\u003c/em\u003e. We define an integer-valued valuation, as well as an extended-integer valued valuation which sends 0 to the infinite element. Basic topological facts about the \u003cem\u003ep\u003c/em\u003e-adic integers are formalized, including completeness and sequential compactness. Taylor expansions of polynomials over a commutative ring are defined, culminating in the formalization of Hensel's Lemma based on a proof due to Keith Conrad.",
"authors": [
"Aaron Crighton"
],
"date": "2021-03-23",
- "id": 117,
+ "id": 118,
"link": "/entries/Padic_Ints.html",
"permalink": "/entries/Padic_Ints.html",
"shortname": "Padic_Ints",
"title": "Hensel's Lemma for the p-adic Integers",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "Constructive Cryptography (CC) [\u003ca href=\"https://conference.iiis.tsinghua.edu.cn/ICS2011/content/papers/14.html\"\u003eICS 2011\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/978-3-642-27375-9_3\"\u003eTOSCA 2011\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/978-3-662-53641-4_1\"\u003eTCC 2016\u003c/a\u003e] introduces an abstract approach to composable security statements that allows one to focus on a particular aspect of security proofs at a time. Instead of proving the properties of concrete systems, CC studies system classes, i.e., the shared behavior of similar systems, and their transformations. Modeling of systems communication plays a crucial role in composability and reusability of security statements; yet, this aspect has not been studied in any of the existing CC results. We extend our previous CC formalization [\u003ca href=\"https://isa-afp.org/entries/Constructive_Cryptography.html\"\u003eConstructive_Cryptography\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1109/CSF.2019.00018\"\u003eCSF 2019\u003c/a\u003e] with a new semantic domain called Fused Resource Templates (FRT) that abstracts over the systems communication patterns in CC proofs. This widens the scope of cryptography proof formalizations in the CryptHOL library [\u003ca href=\"https://isa-afp.org/entries/CryptHOL.html\"\u003eCryptHOL\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/978-3-662-49498-1_20\"\u003eESOP 2016\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/s00145-019-09341-z\"\u003eJ Cryptol 2020\u003c/a\u003e]. This formalization is described in \u003ca href=\"http://www.andreas-lochbihler.de/pub/basin2021.pdf\"\u003eAbstract Modeling of Systems Communication in Constructive Cryptography using CryptHOL\u003c/a\u003e.",
"authors": [
"Andreas Lochbihler",
"S. Reza Sefidgar"
],
"date": "2021-03-17",
- "id": 118,
+ "id": 119,
"link": "/entries/Constructive_Cryptography_CM.html",
"permalink": "/entries/Constructive_Cryptography_CM.html",
"shortname": "Constructive_Cryptography_CM",
"title": "Constructive Cryptography in HOL: the Communication Modeling Aspect",
"topic_links": [
"computer-science/security/cryptography",
"mathematics/probability-theory"
],
"topics": [
"Computer science/Security/Cryptography",
"Mathematics/Probability theory"
],
"used_by": 0
},
{
"abstract": "We verify two algorithms for which modular arithmetic plays an essential role: Storjohann's variant of the LLL lattice basis reduction algorithm and Kopparty's algorithm for computing the Hermite normal form of a matrix. To do this, we also formalize some facts about the modulo operation with symmetric range. Our implementations are based on the original papers, but are otherwise efficient. For basis reduction we formalize two versions: one that includes all of the optimizations/heuristics from Storjohann's paper, and one excluding a heuristic that we observed to often decrease efficiency. We also provide a fast, self-contained certifier for basis reduction, based on the efficient Hermite normal form algorithm.",
"authors": [
"Ralph Bottesch",
"Jose Divasón",
"René Thiemann"
],
"date": "2021-03-12",
- "id": 119,
+ "id": 120,
"link": "/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html",
"permalink": "/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html",
"shortname": "Modular_arithmetic_LLL_and_HNF_algorithms",
"title": "Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 0
},
{
"abstract": "This work contains a formalization of quantum projective measurements, also known as von Neumann measurements, which are based on elements of spectral theory. We also formalized the CHSH inequality, an inequality involving expectations in a probability space that is violated by quantum measurements, thus proving that quantum mechanics cannot be modeled with an underlying local hidden-variable theory.",
"authors": [
"Mnacho Echenim"
],
"date": "2021-03-03",
- "id": 120,
+ "id": 121,
"link": "/entries/Projective_Measurements.html",
"permalink": "/entries/Projective_Measurements.html",
"shortname": "Projective_Measurements",
"title": "Quantum projective measurements and the CHSH inequality",
"topic_links": [
"computer-science/algorithms/quantum-computing",
"mathematics/physics/quantum-information"
],
"topics": [
"Computer science/Algorithms/Quantum computing",
"Mathematics/Physics/Quantum information"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis article provides a formalisation of the Hermite-Lindemann-Weierstraß Theorem (also known as simply Hermite-Lindemann or Lindemann-Weierstraß). This theorem is one of the crowning achievements of 19th century number theory.\u003c/p\u003e \u003cp\u003eThe theorem states that if $\\alpha_1, \\ldots, \\alpha_n\\in\\mathbb{C}$ are algebraic numbers that are linearly independent over $\\mathbb{Z}$, then $e^{\\alpha_1},\\ldots,e^{\\alpha_n}$ are algebraically independent over $\\mathbb{Q}$.\u003c/p\u003e \u003cp\u003eLike the \u003ca href=\"https://doi.org/10.1007/978-3-319-66107-0_5\"\u003eprevious formalisation in Coq by Bernard\u003c/a\u003e, I proceeded by formalising \u003ca href=\"https://doi.org/10.1017/CBO9780511565977\"\u003eBaker's version of the theorem and proof\u003c/a\u003e and then deriving the original one from that. Baker's version states that for any algebraic numbers $\\beta_1, \\ldots, \\beta_n\\in\\mathbb{C}$ and distinct algebraic numbers $\\alpha_i, \\ldots, \\alpha_n\\in\\mathbb{C}$, we have $\\beta_1 e^{\\alpha_1} + \\ldots + \\beta_n e^{\\alpha_n} = 0$ if and only if all the $\\beta_i$ are zero.\u003c/p\u003e \u003cp\u003eThis has a number of direct corollaries, e.g.:\u003c/p\u003e \u003cul\u003e \u003cli\u003e$e$ and $\\pi$ are transcendental\u003c/li\u003e \u003cli\u003e$e^z$, $\\sin z$, $\\tan z$, etc. are transcendental for algebraic $z\\in\\mathbb{C}\\setminus\\{0\\}$\u003c/li\u003e \u003cli\u003e$\\ln z$ is transcendental for algebraic $z\\in\\mathbb{C}\\setminus\\{0, 1\\}$\u003c/li\u003e \u003c/ul\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2021-03-03",
- "id": 121,
+ "id": 122,
"link": "/entries/Hermite_Lindemann.html",
"permalink": "/entries/Hermite_Lindemann.html",
"shortname": "Hermite_Lindemann",
"title": "The Hermite–Lindemann–Weierstraß Transcendence Theorem",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "We use Isabelle/HOL to verify elementary theorems and alternative axiomatizations of classical extensional mereology.",
"authors": [
"Ben Blumson"
],
"date": "2021-03-01",
- "id": 122,
+ "id": 123,
"link": "/entries/Mereology.html",
"permalink": "/entries/Mereology.html",
"shortname": "Mereology",
"title": "Mereology",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "We formally define sunflowers and provide a formalization of the sunflower lemma of Erd\u0026odblac;s and Rado: whenever a set of size-\u003ci\u003ek\u003c/i\u003e-sets has a larger cardinality than \u003ci\u003e(r - 1)\u003csup\u003ek\u003c/sup\u003e \u0026middot; k!\u003c/i\u003e, then it contains a sunflower of cardinality \u003ci\u003er\u003c/i\u003e.",
"authors": [
"René Thiemann"
],
"date": "2021-02-25",
- "id": 123,
+ "id": 124,
"link": "/entries/Sunflowers.html",
"permalink": "/entries/Sunflowers.html",
"shortname": "Sunflowers",
"title": "The Sunflower Lemma of Erdős and Rado",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "In this work, we use the interactive theorem prover Isabelle/HOL to verify an imperative implementation of the classical B-tree data structure invented by Bayer and McCreight [ACM 1970]. The implementation supports set membership, insertion, deletion, iteration and range queries with efficient binary search for intra-node navigation. This is accomplished by first specifying the structure abstractly in the functional modeling language HOL and proving functional correctness. Using manual refinement, we derive an imperative implementation in Imperative/HOL. We show the validity of this refinement using the separation logic utilities from the \u003ca href=\"https://www.isa-afp.org/entries/Refine_Imperative_HOL.html\"\u003e Isabelle Refinement Framework \u003c/a\u003e . The code can be exported to the programming languages SML, OCaml and Scala. This entry contains two developments: \u003cdl\u003e \u003cdt\u003eB-Trees\u003c/dt\u003e \u003cdd\u003eThis formalisation is discussed in greater detail in the corresponding \u003ca href=\"https://mediatum.ub.tum.de/1596550\"\u003eBachelor's Thesis\u003c/a\u003e.\u003c/dd\u003e \u003cdt\u003eB+-Trees:\u003c/dt\u003e \u003cdd\u003eThis formalisation also supports range queries and is discussed in a paper published at ICTAC 2022.\u003c/dd\u003e \u003c/dl\u003e Change history: [2022-08-16]: Added formalisations of B+-Trees ",
"authors": [
"Niels Mündler"
],
"date": "2021-02-24",
- "id": 124,
+ "id": 125,
"link": "/entries/BTree.html",
"permalink": "/entries/BTree.html",
"shortname": "BTree",
"title": "A Verified Imperative Implementation of B-Trees",
"topic_links": [
"computer-science/data-management-systems",
"computer-science/data-structures"
],
"topics": [
"Computer science/Data management systems",
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eFormal Puiseux series are generalisations of formal power series and formal Laurent series that also allow for fractional exponents. They have the following general form: \\[\\sum_{i=N}^\\infty a_{i/d} X^{i/d}\\] where \u003cem\u003eN\u003c/em\u003e is an integer and \u003cem\u003ed\u003c/em\u003e is a positive integer.\u003c/p\u003e \u003cp\u003eThis entry defines these series including their basic algebraic properties. Furthermore, it proves the Newton–Puiseux Theorem, namely that the Puiseux series over an algebraically closed field of characteristic 0 are also algebraically closed.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2021-02-17",
- "id": 125,
+ "id": 126,
"link": "/entries/Formal_Puiseux_Series.html",
"permalink": "/entries/Formal_Puiseux_Series.html",
"shortname": "Formal_Puiseux_Series",
"title": "Formal Puiseux Series",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThe Law of Large Numbers states that, informally, if one performs a random experiment $X$ many times and takes the average of the results, that average will be very close to the expected value $E[X]$.\u003c/p\u003e \u003cp\u003e More formally, let $(X_i)_{i\\in\\mathbb{N}}$ be a sequence of independently identically distributed random variables whose expected value $E[X_1]$ exists. Denote the running average of $X_1, \\ldots, X_n$ as $\\overline{X}_n$. Then:\u003c/p\u003e \u003cul\u003e \u003cli\u003eThe Weak Law of Large Numbers states that $\\overline{X}_{n} \\longrightarrow E[X_1]$ in probability for $n\\to\\infty$, i.e. $\\mathcal{P}(|\\overline{X}_{n} - E[X_1]| \u003e \\varepsilon) \\longrightarrow 0$ as $n\\to\\infty$ for any $\\varepsilon \u003e 0$.\u003c/li\u003e \u003cli\u003eThe Strong Law of Large Numbers states that $\\overline{X}_{n} \\longrightarrow E[X_1]$ almost surely for $n\\to\\infty$, i.e. $\\mathcal{P}(\\overline{X}_{n} \\longrightarrow E[X_1]) = 1$.\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eIn this entry, I formally prove the strong law and from it the weak law. The approach used for the proof of the strong law is a particularly quick and slick one based on ergodic theory, which was formalised by Gouëzel in another AFP entry.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2021-02-10",
- "id": 126,
+ "id": 127,
"link": "/entries/Laws_of_Large_Numbers.html",
"permalink": "/entries/Laws_of_Large_Numbers.html",
"shortname": "Laws_of_Large_Numbers",
"title": "The Laws of Large Numbers",
"topic_links": [
"mathematics/probability-theory"
],
"topics": [
"Mathematics/Probability theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThe \u003ca href=\"https://geocoq.github.io/GeoCoq/\"\u003eGeoCoq library\u003c/a\u003e contains a formalization of geometry using the Coq proof assistant. It contains both proofs about the foundations of geometry and high-level proofs in the same style as in high school. We port a part of the GeoCoq 2.4.0 library to Isabelle/HOL: more precisely, the files Chap02.v to Chap13_3.v, suma.v as well as the associated definitions and some useful files for the demonstration of certain parallel postulates. The synthetic approach of the demonstrations is directly inspired by those contained in GeoCoq. The names of the lemmas and theorems used are kept as far as possible as well as the definitions. \u003c/p\u003e \u003cp\u003eIt should be noted that T.J.M. Makarios has done \u003ca href=\"https://www.isa-afp.org/entries/Tarskis_Geometry.html\"\u003esome proofs in Tarski's Geometry\u003c/a\u003e. It uses a definition that does not quite coincide with the definition used in Geocoq and here. Furthermore, corresponding definitions in the \u003ca href=\"https://www.isa-afp.org/entries/Poincare_Disc.html\"\u003ePoincaré Disc Model development\u003c/a\u003e are not identical to those defined in GeoCoq. \u003c/p\u003e \u003cp\u003eIn the last part, it is formalized that, in the neutral/absolute space, the axiom of the parallels of Tarski's system implies the Playfair axiom, the 5th postulate of Euclid and Euclid's original parallel postulate. These proofs, which are not constructive, are directly inspired by Pierre Boutry, Charly Gries, Julien Narboux and Pascal Schreck. \u003c/p\u003e",
"authors": [
"Roland Coghetto"
],
"date": "2021-01-31",
- "id": 127,
+ "id": 128,
"link": "/entries/IsaGeoCoq.html",
"permalink": "/entries/IsaGeoCoq.html",
"shortname": "IsaGeoCoq",
"title": "Tarski's Parallel Postulate implies the 5th Postulate of Euclid, the Postulate of Playfair and the original Parallel Postulate of Euclid",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "In a \u003ca href=\"https://xkcd.com/blue_eyes.html\"\u003epuzzle published by Randall Munroe\u003c/a\u003e, perfect logicians forbidden from communicating are stranded on an island, and may only leave once they have figured out their own eye color. We present a method of modeling the behavior of perfect logicians and formalize a solution of the puzzle.",
"authors": [
"Maya Kądziołka"
],
"date": "2021-01-30",
- "id": 128,
+ "id": 129,
"link": "/entries/Blue_Eyes.html",
"permalink": "/entries/Blue_Eyes.html",
"shortname": "Blue_Eyes",
"title": "Solution to the xkcd Blue Eyes puzzle",
"topic_links": [
"logic/general-logic/logics-of-knowledge-and-belief"
],
"topics": [
"Logic/General logic/Logics of knowledge and belief"
],
"used_by": 0
},
{
"abstract": "This is a verified implementation of a constant time queue. The original design is due to \u003ca href=\"https://doi.org/10.1016/0020-0190(81)90030-2\"\u003eHood and Melville\u003c/a\u003e. This formalization follows the presentation in \u003cem\u003ePurely Functional Data Structures\u003c/em\u003eby Okasaki.",
"authors": [
"Alejandro Gómez-Londoño"
],
"date": "2021-01-18",
- "id": 129,
+ "id": 130,
"link": "/entries/Hood_Melville_Queue.html",
"permalink": "/entries/Hood_Melville_Queue.html",
"shortname": "Hood_Melville_Queue",
"title": "Hood-Melville Queue",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "We extend Jinja to include static fields, methods, and instructions, and dynamic class initialization, based on the Java SE 8 specification. This includes extension of definitions and proofs. This work is partially described in Mansky and Gunter's paper at CPP 2019 and Mansky's doctoral thesis (UIUC, 2020).",
"authors": [
"Susannah Mansky"
],
"date": "2021-01-11",
- "id": 130,
+ "id": 131,
"link": "/entries/JinjaDCI.html",
"permalink": "/entries/JinjaDCI.html",
"shortname": "JinjaDCI",
"title": "JinjaDCI: a Java semantics with dynamic class initialization",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 1
},
{
"abstract": "We formalize the basic results on cofinality of linearly ordered sets and ordinals and Šanin’s Lemma for uncountable families of finite sets. This last result is used to prove the countable chain condition for Cohen posets. We work in the set theory framework of Isabelle/ZF, using the Axiom of Choice as needed.",
"authors": [
"Pedro Sánchez Terraf"
],
"date": "2020-12-27",
- "id": 131,
+ "id": 132,
"link": "/entries/Delta_System_Lemma.html",
"permalink": "/entries/Delta_System_Lemma.html",
"shortname": "Delta_System_Lemma",
"title": "Cofinality and the Delta System Lemma",
"topic_links": [
"mathematics/combinatorics",
"logic/set-theory"
],
"topics": [
"Mathematics/Combinatorics",
"Logic/Set theory"
],
"used_by": 1
},
{
"abstract": "We introduce a generalized topological semantics for paraconsistent and paracomplete logics by drawing upon early works on topological Boolean algebras (cf. works by Kuratowski, Zarycki, McKinsey \u0026 Tarski, etc.). In particular, this work exemplarily illustrates the shallow semantical embeddings approach (\u003ca href=\"http://dx.doi.org/10.1007/s11787-012-0052-y\"\u003eSSE\u003c/a\u003e) employing the proof assistant Isabelle/HOL. By means of the SSE technique we can effectively harness theorem provers, model finders and 'hammers' for reasoning with quantified non-classical logics.",
"authors": [
"David Fuenmayor"
],
"date": "2020-12-17",
- "id": 132,
+ "id": 133,
"link": "/entries/Topological_Semantics.html",
"permalink": "/entries/Topological_Semantics.html",
"shortname": "Topological_Semantics",
"title": "Topological semantics for paraconsistent and paracomplete logics",
"topic_links": [
"logic/general-logic"
],
"topics": [
"Logic/General logic"
],
"used_by": 0
},
{
"abstract": "We verify the correctness of Prim's, Kruskal's and Borůvka's minimum spanning tree algorithms based on algebras for aggregation and minimisation.",
"authors": [
"Walter Guttmann",
"Nicolas Robinson-O'Brien"
],
"date": "2020-12-08",
- "id": 133,
+ "id": 134,
"link": "/entries/Relational_Minimum_Spanning_Trees.html",
"permalink": "/entries/Relational_Minimum_Spanning_Trees.html",
"shortname": "Relational_Minimum_Spanning_Trees",
"title": "Relational Minimum Spanning Tree Algorithms",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "This Isabelle/HOL formalization builds on the \u003cem\u003eVeriComp\u003c/em\u003e entry of the \u003cem\u003eArchive of Formal Proofs\u003c/em\u003e to provide the following contributions: \u003cul\u003e \u003cli\u003ean operational semantics for a realistic virtual machine (Std) for dynamically typed programming languages;\u003c/li\u003e \u003cli\u003ethe formalization of an inline caching optimization (Inca), a proof of bisimulation with (Std), and a compilation function;\u003c/li\u003e \u003cli\u003ethe formalization of an unboxing optimization (Ubx), a proof of bisimulation with (Inca), and a simple compilation function.\u003c/li\u003e \u003c/ul\u003e This formalization was described in the CPP 2021 paper \u003cem\u003eTowards Efficient and Verified Virtual Machines for Dynamic Languages\u003c/em\u003e",
"authors": [
"Martin Desharnais"
],
"date": "2020-12-07",
- "id": 134,
+ "id": 135,
"link": "/entries/Interpreter_Optimizations.html",
"permalink": "/entries/Interpreter_Optimizations.html",
"shortname": "Interpreter_Optimizations",
"title": "Inline Caching and Unboxing Optimization for Interpreters",
"topic_links": [
"computer-science/programming-languages/misc"
],
"topics": [
"Computer science/Programming languages/Misc"
],
"used_by": 0
},
{
"abstract": "This paper introduces a new method for the formal verification of cryptographic protocols, the relational method, derived from Paulson's inductive method by means of some enhancements aimed at streamlining formal definitions and proofs, specially for protocols using public key cryptography. Moreover, this paper proposes a method to formalize a further security property, message anonymity, in addition to message confidentiality and authenticity. The relational method, including message anonymity, is then applied to the verification of a sample authentication protocol, comprising Password Authenticated Connection Establishment (PACE) with Chip Authentication Mapping followed by the explicit verification of an additional password over the PACE secure channel.",
"authors": [
"Pasquale Noce"
],
"date": "2020-12-05",
- "id": 135,
+ "id": 136,
"link": "/entries/Relational_Method.html",
"permalink": "/entries/Relational_Method.html",
"shortname": "Relational_Method",
"title": "The Relational Method with Message Anonymity for the Verification of Cryptographic Protocols",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This work is an effort to formalise some quantum algorithms and results in quantum information theory. Formal methods being critical for the safety and security of algorithms and protocols, we foresee their widespread use for quantum computing in the future. We have developed a large library for quantum computing in Isabelle based on a matrix representation for quantum circuits, successfully formalising the no-cloning theorem, quantum teleportation, Deutsch's algorithm, the Deutsch-Jozsa algorithm and the quantum Prisoner's Dilemma.",
"authors": [
"Anthony Bordg",
"Hanna Lachnitt",
"Yijun He"
],
"date": "2020-11-22",
- "id": 136,
+ "id": 137,
"link": "/entries/Isabelle_Marries_Dirac.html",
"permalink": "/entries/Isabelle_Marries_Dirac.html",
"shortname": "Isabelle_Marries_Dirac",
"title": "Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information",
"topic_links": [
"computer-science/algorithms/quantum-computing",
"mathematics/physics/quantum-information"
],
"topics": [
"Computer science/Algorithms/Quantum computing",
"Mathematics/Physics/Quantum information"
],
"used_by": 1
},
{
"abstract": "We use a formal development for CSP, called HOL-CSP2.0, to analyse a family of refinement notions, comprising classic and new ones. This analysis enables to derive a number of properties that allow to deepen the understanding of these notions, in particular with respect to specification decomposition principles for the case of infinite sets of events. The established relations between the refinement relations help to clarify some obscure points in the CSP literature, but also provide a weapon for shorter refinement proofs. Furthermore, we provide a framework for state-normalisation allowing to formally reason on parameterised process architectures. As a result, we have a modern environment for formal proofs of concurrent systems that allow for the combination of general infinite processes with locally finite ones in a logically safe way. We demonstrate these verification-techniques for classical, generalised examples: The CopyBuffer for arbitrary data and the Dijkstra's Dining Philosopher Problem of arbitrary size.",
"authors": [
"Safouan Taha",
"Burkhart Wolff",
"Lina Ye"
],
"date": "2020-11-19",
- "id": 137,
+ "id": 138,
"link": "/entries/CSP_RefTK.html",
"permalink": "/entries/CSP_RefTK.html",
"shortname": "CSP_RefTK",
"title": "The HOL-CSP Refinement Toolkit",
"topic_links": [
"computer-science/concurrency/process-calculi",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Concurrency/Process calculi",
"Computer science/Semantics and reasoning"
],
"used_by": 0
},
{
"abstract": "This is an Isabelle/HOL formalisation of the semantics of the multi-valued planning tasks language that is used by the planning system Fast-Downward, the STRIPS fragment of the Planning Domain Definition Language (PDDL), and the STRIPS soundness meta-theory developed by Vladimir Lifschitz. It also contains formally verified checkers for checking the well-formedness of problems specified in either language as well the correctness of potential solutions. The formalisation in this entry was described in an earlier publication.",
"authors": [
"Mohammad Abdulaziz",
"Peter Lammich"
],
"date": "2020-10-29",
- "id": 138,
+ "id": 139,
"link": "/entries/AI_Planning_Languages_Semantics.html",
"permalink": "/entries/AI_Planning_Languages_Semantics.html",
"shortname": "AI_Planning_Languages_Semantics",
"title": "AI Planning Languages Semantics",
"topic_links": [
"computer-science/artificial-intelligence"
],
"topics": [
"Computer science/Artificial intelligence"
],
"used_by": 1
},
{
"abstract": "We present an executable formally verified SAT encoding of classical AI planning that is based on the encodings by Kautz and Selman and the one by Rintanen et al. The encoding was experimentally tested and shown to be usable for reasonably sized standard AI planning benchmarks. We also use it as a reference to test a state-of-the-art SAT-based planner, showing that it sometimes falsely claims that problems have no solutions of certain lengths. The formalisation in this submission was described in an independent publication.",
"authors": [
"Mohammad Abdulaziz",
"Friedrich Kurz"
],
"date": "2020-10-29",
- "id": 139,
+ "id": 140,
"link": "/entries/Verified_SAT_Based_AI_Planning.html",
"permalink": "/entries/Verified_SAT_Based_AI_Planning.html",
"shortname": "Verified_SAT_Based_AI_Planning",
"title": "Verified SAT-Based AI Planning",
"topic_links": [
"computer-science/artificial-intelligence"
],
"topics": [
"Computer science/Artificial intelligence"
],
"used_by": 0
},
{
"abstract": "The present Isabelle theory builds a formal model for both the International System of Quantities (ISQ) and the International System of Units (SI), which are both fundamental for physics and engineering. Both the ISQ and the SI are deeply integrated into Isabelle's type system. Quantities are parameterised by dimension types, which correspond to base vectors, and thus only quantities of the same dimension can be equated. Since the underlying \"algebra of quantities\" induces congruences on quantity and SI types, specific tactic support is developed to capture these. Our construction is validated by a test-set of known equivalences between both quantities and SI units. Moreover, the presented theory can be used for type-safe conversions between the SI system and others, like the British Imperial System (BIS).",
"authors": [
"Simon Foster",
"Burkhart Wolff"
],
"date": "2020-10-20",
- "id": 140,
+ "id": 141,
"link": "/entries/Physical_Quantities.html",
"permalink": "/entries/Physical_Quantities.html",
"shortname": "Physical_Quantities",
"title": "A Sound Type System for Physical Quantities, Units, and Measurements",
"topic_links": [
"mathematics/physics",
"computer-science/programming-languages/type-systems"
],
"topics": [
"Mathematics/Physics",
"Computer science/Programming languages/Type systems"
],
"used_by": 0
},
{
"abstract": "This entry includes useful syntactic sugar, new operators and functions, and their associated lemmas for finite maps which currently are not present in the standard Finite_Map theory.",
"authors": [
"Javier Díaz"
],
"date": "2020-10-12",
- "id": 141,
+ "id": 142,
"link": "/entries/Finite-Map-Extras.html",
"permalink": "/entries/Finite-Map-Extras.html",
"shortname": "Finite-Map-Extras",
"title": "Finite Map Extras",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "In this AFP entry, we extend our formalization of the core DOM with Shadow Roots. Shadow roots are a recent proposal of the web community to support a component-based development approach for client-side web applications. Shadow roots are a significant extension to the DOM standard and, as web standards are condemned to be backward compatible, such extensions often result in complex specification that may contain unwanted subtleties that can be detected by a formalization. Our Isabelle/HOL formalization is, in the sense of object-orientation, an extension of our formalization of the core DOM and enjoys the same basic properties, i.e., it is extensible, i.e., can be extended without the need of re-proving already proven properties and executable, i.e., we can generate executable code from our specification. We exploit the executability to show that our formalization complies to the official standard of the W3C, respectively, the WHATWG.",
"authors": [
"Achim D. Brucker",
"Michael Herzberg"
],
"date": "2020-09-28",
- "id": 142,
+ "id": 143,
"link": "/entries/Shadow_DOM.html",
"permalink": "/entries/Shadow_DOM.html",
"shortname": "Shadow_DOM",
"title": "A Formal Model of the Document Object Model with Shadow Roots",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "In this AFP entry, we extend our formalization of the safely composable DOM with Shadow Roots. This is a proposal for Shadow Roots with stricter safety guarantess than the standard compliant formalization (see \"Shadow DOM\"). Shadow Roots are a recent proposal of the web community to support a component-based development approach for client-side web applications. Shadow roots are a significant extension to the DOM standard and, as web standards are condemned to be backward compatible, such extensions often result in complex specification that may contain unwanted subtleties that can be detected by a formalization. Our Isabelle/HOL formalization is, in the sense of object-orientation, an extension of our formalization of the core DOM and enjoys the same basic properties, i.e., it is extensible, i.e., can be extended without the need of re-proving already proven properties and executable, i.e., we can generate executable code from our specification. We exploit the executability to show that our formalization complies to the official standard of the W3C, respectively, the WHATWG.",
"authors": [
"Achim D. Brucker",
"Michael Herzberg"
],
"date": "2020-09-28",
- "id": 143,
+ "id": 144,
"link": "/entries/Shadow_SC_DOM.html",
"permalink": "/entries/Shadow_SC_DOM.html",
"shortname": "Shadow_SC_DOM",
"title": "A Formal Model of the Safely Composable Document Object Model with Shadow Roots",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "While the (safely composable) DOM with shadow trees provide the technical basis for defining web components, it does neither defines the concept of web components nor specifies the safety properties that web components should guarantee. Consequently, the standard also does not discuss how or even if the methods for modifying the DOM respect component boundaries. In AFP entry, we present a formally verified model of safely composable web components and define safety properties which ensure that different web components can only interact with each other using well-defined interfaces. Moreover, our verification of the application programming interface (API) of the DOM revealed numerous invariants that implementations of the DOM API need to preserve to ensure the integrity of components. In comparison to the strict standard compliance formalization of Web Components in the AFP entry \"DOM_Components\", the notion of components in this entry (based on \"SC_DOM\" and \"Shadow_SC_DOM\") provides much stronger safety guarantees.",
"authors": [
"Achim D. Brucker",
"Michael Herzberg"
],
"date": "2020-09-28",
- "id": 144,
+ "id": 145,
"link": "/entries/SC_DOM_Components.html",
"permalink": "/entries/SC_DOM_Components.html",
"shortname": "SC_DOM_Components",
"title": "A Formalization of Safely Composable Web Components",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "While the DOM with shadow trees provide the technical basis for defining web components, the DOM standard neither defines the concept of web components nor specifies the safety properties that web components should guarantee. Consequently, the standard also does not discuss how or even if the methods for modifying the DOM respect component boundaries. In AFP entry, we present a formally verified model of web components and define safety properties which ensure that different web components can only interact with each other using well-defined interfaces. Moreover, our verification of the application programming interface (API) of the DOM revealed numerous invariants that implementations of the DOM API need to preserve to ensure the integrity of components.",
"authors": [
"Achim D. Brucker",
"Michael Herzberg"
],
"date": "2020-09-28",
- "id": 145,
+ "id": 146,
"link": "/entries/DOM_Components.html",
"permalink": "/entries/DOM_Components.html",
"shortname": "DOM_Components",
"title": "A Formalization of Web Components",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "In this AFP entry, we formalize the core of the Safely Composable Document Object Model (SC DOM). The SC DOM improve the standard DOM (as formalized in the AFP entry \"Core DOM\") by strengthening the tree boundaries set by shadow roots: in the SC DOM, the shadow root is a sub-class of the document class (instead of a base class). This modifications also results in changes to some API methods (e.g., getOwnerDocument) to return the nearest shadow root rather than the document root. As a result, many API methods that, when called on a node inside a shadow tree, would previously ``break out'' and return or modify nodes that are possibly outside the shadow tree, now stay within its boundaries. This change in behavior makes programs that operate on shadow trees more predictable for the developer and allows them to make more assumptions about other code accessing the DOM.",
"authors": [
"Achim D. Brucker",
"Michael Herzberg"
],
"date": "2020-09-28",
- "id": 146,
+ "id": 147,
"link": "/entries/Core_SC_DOM.html",
"permalink": "/entries/Core_SC_DOM.html",
"shortname": "Core_SC_DOM",
"title": "The Safely Composable DOM",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "We present an abstract formalization of G\u0026ouml;del's incompleteness theorems. We analyze sufficient conditions for the theorems' applicability to a partially specified logic. Our abstract perspective enables a comparison between alternative approaches from the literature. These include Rosser's variation of the first theorem, Jeroslow's variation of the second theorem, and the Swierczkowski\u0026ndash;Paulson semantics-based approach. This AFP entry is the main entry point to the results described in our CADE-27 paper \u003ca href=\"https://dx.doi.org/10.1007/978-3-030-29436-6_26\"\u003eA Formally Verified Abstract Account of Gödel's Incompleteness Theorems\u003c/a\u003e. As part of our abstract formalization's validation, we instantiate our locales twice in the separate AFP entries \u003ca href=\"https://www.isa-afp.org/entries/Goedel_HFSet_Semantic.html\"\u003eGoedel_HFSet_Semantic\u003c/a\u003e and \u003ca href=\"https://www.isa-afp.org/entries/Goedel_HFSet_Semanticless.html\"\u003eGoedel_HFSet_Semanticless\u003c/a\u003e.",
"authors": [
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2020-09-16",
- "id": 147,
+ "id": 148,
"link": "/entries/Goedel_Incompleteness.html",
"permalink": "/entries/Goedel_Incompleteness.html",
"shortname": "Goedel_Incompleteness",
"title": "An Abstract Formalization of G\u0026ouml;del's Incompleteness Theorems",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 2
},
{
"abstract": "We validate an abstract formulation of G\u0026ouml;del's First and Second Incompleteness Theorems from a \u003ca href=\"https://www.isa-afp.org/entries/Goedel_Incompleteness.html\"\u003eseparate AFP entry\u003c/a\u003e by instantiating them to the case of \u003ci\u003efinite sound extensions of the Hereditarily Finite (HF) Set theory\u003c/i\u003e, i.e., FOL theories extending the HF Set theory with a finite set of axioms that are sound in the standard model. The concrete results had been previously formalised in an \u003ca href=\"https://www.isa-afp.org/entries/Incompleteness.html\"\u003eAFP entry by Larry Paulson\u003c/a\u003e; our instantiation reuses the infrastructure developed in that entry.",
"authors": [
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2020-09-16",
- "id": 148,
+ "id": 149,
"link": "/entries/Goedel_HFSet_Semantic.html",
"permalink": "/entries/Goedel_HFSet_Semantic.html",
"shortname": "Goedel_HFSet_Semantic",
"title": "From Abstract to Concrete G\u0026ouml;del's Incompleteness Theorems\u0026mdash;Part I",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "We validate an abstract formulation of G\u0026ouml;del's Second Incompleteness Theorem from a \u003ca href=\"https://www.isa-afp.org/entries/Goedel_Incompleteness.html\"\u003eseparate AFP entry\u003c/a\u003e by instantiating it to the case of \u003ci\u003efinite consistent extensions of the Hereditarily Finite (HF) Set theory\u003c/i\u003e, i.e., consistent FOL theories extending the HF Set theory with a finite set of axioms. The instantiation draws heavily on infrastructure previously developed by Larry Paulson in his \u003ca href=\"https://www.isa-afp.org/entries/Incompleteness.html\"\u003edirect formalisation of the concrete result\u003c/a\u003e. It strengthens Paulson's formalization of G\u0026ouml;del's Second from that entry by \u003ci\u003enot\u003c/i\u003e assuming soundness, and in fact not relying on any notion of model or semantic interpretation. The strengthening was obtained by first replacing some of Paulson’s semantic arguments with proofs within his HF calculus, and then plugging in some of Paulson's (modified) lemmas to instantiate our soundness-free G\u0026ouml;del's Second locale.",
"authors": [
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2020-09-16",
- "id": 149,
+ "id": 150,
"link": "/entries/Goedel_HFSet_Semanticless.html",
"permalink": "/entries/Goedel_HFSet_Semanticless.html",
"shortname": "Goedel_HFSet_Semanticless",
"title": "From Abstract to Concrete G\u0026ouml;del's Incompleteness Theorems\u0026mdash;Part II",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "We instantiate our syntax-independent logic infrastructure developed in \u003ca href=\"https://www.isa-afp.org/entries/Syntax_Independent_Logic.html\"\u003ea separate AFP entry\u003c/a\u003e to the FOL theory of Robinson arithmetic (also known as Q). The latter was formalised using Nominal Isabelle by adapting \u003ca href=\"https://www.isa-afp.org/entries/Incompleteness.html\"\u003eLarry Paulson’s formalization of the Hereditarily Finite Set theory\u003c/a\u003e.",
"authors": [
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2020-09-16",
- "id": 150,
+ "id": 151,
"link": "/entries/Robinson_Arithmetic.html",
"permalink": "/entries/Robinson_Arithmetic.html",
"shortname": "Robinson_Arithmetic",
"title": "Robinson Arithmetic",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "We formalize a notion of logic whose terms and formulas are kept abstract. In particular, logical connectives, substitution, free variables, and provability are not defined, but characterized by their general properties as locale assumptions. Based on this abstract characterization, we develop further reusable reasoning infrastructure. For example, we define parallel substitution (along with proving its characterizing theorems) from single-point substitution. Similarly, we develop a natural deduction style proof system starting from the abstract Hilbert-style one. These one-time efforts benefit different concrete logics satisfying our locales' assumptions. We instantiate the syntax-independent logic infrastructure to Robinson arithmetic (also known as Q) in the AFP entry \u003ca href=\"https://www.isa-afp.org/entries/Robinson_Arithmetic.html\"\u003eRobinson_Arithmetic\u003c/a\u003e and to hereditarily finite set theory in the AFP entries \u003ca href=\"https://www.isa-afp.org/entries/Goedel_HFSet_Semantic.html\"\u003eGoedel_HFSet_Semantic\u003c/a\u003e and \u003ca href=\"https://www.isa-afp.org/entries/Goedel_HFSet_Semanticless.html\"\u003eGoedel_HFSet_Semanticless\u003c/a\u003e, which are part of our formalization of G\u0026ouml;del's Incompleteness Theorems described in our CADE-27 paper \u003ca href=\"https://dx.doi.org/10.1007/978-3-030-29436-6_26\"\u003eA Formally Verified Abstract Account of Gödel's Incompleteness Theorems\u003c/a\u003e.",
"authors": [
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2020-09-16",
- "id": 151,
+ "id": 152,
"link": "/entries/Syntax_Independent_Logic.html",
"permalink": "/entries/Syntax_Independent_Logic.html",
"shortname": "Syntax_Independent_Logic",
"title": "Syntax-Independent Logic Infrastructure",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 2
},
{
"abstract": "In this AFP entry, we provide a formalisation of extended finite state machines (EFSMs) where models are represented as finite sets of transitions between states. EFSMs execute traces to produce observable outputs. We also define various simulation and equality metrics for EFSMs in terms of traces and prove their strengths in relation to each other. Another key contribution is a framework of function definitions such that LTL properties can be phrased over EFSMs. Finally, we provide a simple example case study in the form of a drinks machine.",
"authors": [
"Michael Foster",
"Achim D. Brucker",
"Ramsay G. Taylor",
"John Derrick"
],
"date": "2020-09-07",
- "id": 152,
+ "id": 153,
"link": "/entries/Extended_Finite_State_Machines.html",
"permalink": "/entries/Extended_Finite_State_Machines.html",
"shortname": "Extended_Finite_State_Machines",
"title": "A Formal Model of Extended Finite State Machines",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 1
},
{
"abstract": "In this AFP entry, we provide a formal implementation of a state-merging technique to infer extended finite state machines (EFSMs), complete with output and update functions, from black-box traces. In particular, we define the subsumption in context relation as a means of determining whether one transition is able to account for the behaviour of another. Building on this, we define the direct subsumption relation, which lifts the subsumption in context relation to EFSM level such that we can use it to determine whether it is safe to merge a given pair of transitions. Key proofs include the conditions necessary for subsumption to occur and that subsumption and direct subsumption are preorder relations. We also provide a number of different heuristics which can be used to abstract away concrete values into registers so that more states and transitions can be merged and provide proofs of the various conditions which must hold for these abstractions to subsume their ungeneralised counterparts. A Code Generator setup to create executable Scala code is also defined.",
"authors": [
"Michael Foster",
"Achim D. Brucker",
"Ramsay G. Taylor",
"John Derrick"
],
"date": "2020-09-07",
- "id": 153,
+ "id": 154,
"link": "/entries/Extended_Finite_State_Machine_Inference.html",
"permalink": "/entries/Extended_Finite_State_Machine_Inference.html",
"shortname": "Extended_Finite_State_Machine_Inference",
"title": "Inference of Extended Finite State Machines",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "Generating and checking proof certificates is important to increase the trust in automated reasoning tools. In recent years formal verification using computer algebra became more important and is heavily used in automated circuit verification. An existing proof format which covers algebraic reasoning and allows efficient proof checking is the practical algebraic calculus (PAC). In this development, we present the verified checker Pastèque that is obtained by synthesis via the Refinement Framework. This is the formalization going with our FMCAD'20 tool presentation.",
"authors": [
"Mathias Fleury",
"Daniela Kaufmann"
],
"date": "2020-08-31",
- "id": 154,
+ "id": 155,
"link": "/entries/PAC_Checker.html",
"permalink": "/entries/PAC_Checker.html",
"shortname": "PAC_Checker",
"title": "Practical Algebraic Calculus Checker",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e This entry formalizes some classical concepts and results from inductive inference of recursive functions. In the basic setting a partial recursive function (\"strategy\") must identify (\"learn\") all functions from a set (\"class\") of recursive functions. To that end the strategy receives more and more values $f(0), f(1), f(2), \\ldots$ of some function $f$ from the given class and in turn outputs descriptions of partial recursive functions, for example, Gödel numbers. The strategy is considered successful if the sequence of outputs (\"hypotheses\") converges to a description of $f$. A class of functions learnable in this sense is called \"learnable in the limit\". The set of all these classes is denoted by LIM. \u003c/p\u003e \u003cp\u003e Other types of inference considered are finite learning (FIN), behaviorally correct learning in the limit (BC), and some variants of LIM with restrictions on the hypotheses: total learning (TOTAL), consistent learning (CONS), and class-preserving learning (CP). The main results formalized are the proper inclusions $\\mathrm{FIN} \\subset \\mathrm{CP} \\subset \\mathrm{TOTAL} \\subset \\mathrm{CONS} \\subset \\mathrm{LIM} \\subset \\mathrm{BC} \\subset 2^{\\mathcal{R}}$, where $\\mathcal{R}$ is the set of all total recursive functions. Further results show that for all these inference types except CONS, strategies can be assumed to be total recursive functions; that all inference types but CP are closed under the subset relation between classes; and that no inference type is closed under the union of classes. \u003c/p\u003e \u003cp\u003e The above is based on a formalization of recursive functions heavily inspired by the \u003ca href=\"https://www.isa-afp.org/entries/Universal_Turing_Machine.html\"\u003eUniversal Turing Machine\u003c/a\u003e entry by Xu et al., but different in that it models partial functions with codomain \u003cem\u003enat option\u003c/em\u003e. The formalization contains a construction of a universal partial recursive function, without resorting to Turing machines, introduces decidability and recursive enumerability, and proves some standard results: existence of a Kleene normal form, the \u003cem\u003es-m-n\u003c/em\u003e theorem, Rice's theorem, and assorted fixed-point theorems (recursion theorems) by Kleene, Rogers, and Smullyan. \u003c/p\u003e",
"authors": [
"Frank J. Balbach"
],
"date": "2020-08-31",
- "id": 155,
+ "id": 156,
"link": "/entries/Inductive_Inference.html",
"permalink": "/entries/Inductive_Inference.html",
"shortname": "Inductive_Inference",
"title": "Some classical results in inductive inference of recursive functions",
"topic_links": [
"logic/computability",
"computer-science/machine-learning"
],
"topics": [
"Logic/Computability",
"Computer science/Machine learning"
],
"used_by": 0
},
{
"abstract": "We give a simple relation-algebraic semantics of read and write operations on associative arrays. The array operations seamlessly integrate with assignments in the Hoare-logic library. Using relation algebras and Kleene algebras we verify the correctness of an array-based implementation of disjoint-set forests with a naive union operation and a find operation with path compression.",
"authors": [
"Walter Guttmann"
],
"date": "2020-08-26",
- "id": 156,
+ "id": 157,
"link": "/entries/Relational_Disjoint_Set_Forests.html",
"permalink": "/entries/Relational_Disjoint_Set_Forests.html",
"shortname": "Relational_Disjoint_Set_Forests",
"title": "Relational Disjoint-Set Forests",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "This Isabelle/HOL formalization extends the AFP entry \u003cem\u003eSaturation_Framework\u003c/em\u003e with the following contributions: \u003cul\u003e \u003cli\u003ean application of the framework to prove Bachmair and Ganzinger's resolution prover RP refutationally complete, which was formalized in a more ad hoc fashion by Schlichtkrull et al. in the AFP entry \u003cem\u003eOrdered_Resultion_Prover\u003c/em\u003e;\u003c/li\u003e \u003cli\u003egeneralizations of various basic concepts formalized by Schlichtkrull et al., which were needed to verify RP and could be useful to formalize other calculi, such as superposition;\u003c/li\u003e \u003cli\u003ealternative proofs of fairness (and hence saturation and ultimately refutational completeness) for the given clause procedures GC and LGC, based on invariance.\u003c/li\u003e \u003c/ul\u003e",
"authors": [
"Jasmin Christian Blanchette",
"Sophie Tourret"
],
"date": "2020-08-25",
- "id": 157,
+ "id": 158,
"link": "/entries/Saturation_Framework_Extensions.html",
"permalink": "/entries/Saturation_Framework_Extensions.html",
"shortname": "Saturation_Framework_Extensions",
"title": "Extensions to the Comprehensive Framework for Saturation Theorem Proving",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "Richard Bird and collaborators have proposed a derivation of an intricate cyclic program that implements the Morris-Pratt string matching algorithm. Here we provide a proof of total correctness for Bird's derivation and complete it by adding Knuth's optimisation.",
"authors": [
"Peter Gammie"
],
"date": "2020-08-25",
- "id": 158,
+ "id": 159,
"link": "/entries/BirdKMP.html",
"permalink": "/entries/BirdKMP.html",
"shortname": "BirdKMP",
"title": "Putting the `K' into Bird's derivation of Knuth-Morris-Pratt string matching",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "This is a formalisation of Amicable Numbers, involving some relevant material including Euler's sigma function, some relevant definitions, results and examples as well as rules such as Th\u0026#257;bit ibn Qurra's Rule, Euler's Rule, te Riele's Rule and Borho's Rule with breeders.",
"authors": [
"Angeliki Koutsoukou-Argyraki"
],
"date": "2020-08-04",
- "id": 159,
+ "id": 160,
"link": "/entries/Amicable_Numbers.html",
"permalink": "/entries/Amicable_Numbers.html",
"shortname": "Amicable_Numbers",
"title": "Amicable Numbers",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "The theory of partition relations concerns generalisations of Ramsey's theorem. For any ordinal $\\alpha$, write $\\alpha \\to (\\alpha, m)^2$ if for each function $f$ from unordered pairs of elements of $\\alpha$ into $\\{0,1\\}$, either there is a subset $X\\subseteq \\alpha$ order-isomorphic to $\\alpha$ such that $f\\{x,y\\}=0$ for all $\\{x,y\\}\\subseteq X$, or there is an $m$ element set $Y\\subseteq \\alpha$ such that $f\\{x,y\\}=1$ for all $\\{x,y\\}\\subseteq Y$. (In both cases, with $\\{x,y\\}$ we require $x\\not=y$.) In particular, the infinite Ramsey theorem can be written in this notation as $\\omega \\to (\\omega, \\omega)^2$, or if we restrict $m$ to the positive integers as above, then $\\omega \\to (\\omega, m)^2$ for all $m$. This entry formalises Larson's proof of $\\omega^\\omega \\to (\\omega^\\omega, m)^2$ along with a similar proof of a result due to Specker: $\\omega^2 \\to (\\omega^2, m)^2$. Also proved is a necessary result by Erdős and Milner: $\\omega^{1+\\alpha\\cdot n} \\to (\\omega^{1+\\alpha}, 2^n)^2$.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2020-08-03",
- "id": 160,
+ "id": 161,
"link": "/entries/Ordinal_Partitions.html",
"permalink": "/entries/Ordinal_Partitions.html",
"shortname": "Ordinal_Partitions",
"title": "Ordinal Partitions",
"topic_links": [
"mathematics/combinatorics",
"logic/set-theory"
],
"topics": [
"Mathematics/Combinatorics",
"Logic/Set theory"
],
"used_by": 0
},
{
"abstract": "We provide a suitable distributed system model and implementation of the Chandy--Lamport distributed snapshot algorithm [ACM Transactions on Computer Systems, 3, 63-75, 1985]. Our main result is a formal termination and correctness proof of the Chandy--Lamport algorithm and its use in stable property detection.",
"authors": [
"Ben Fiedler",
"Dmitriy Traytel"
],
"date": "2020-07-21",
- "id": 161,
+ "id": 162,
"link": "/entries/Chandy_Lamport.html",
"permalink": "/entries/Chandy_Lamport.html",
"shortname": "Chandy_Lamport",
"title": "A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "Binary relations are one of the standard ways to encode, characterise and reason about graphs. Relation algebras provide equational axioms for a large fragment of the calculus of binary relations. Although relations are standard tools in many areas of mathematics and computing, researchers usually fall back to point-wise reasoning when it comes to arguments about paths in a graph. We present a purely algebraic way to specify different kinds of paths in Kleene relation algebras, which are relation algebras equipped with an operation for reflexive transitive closure. We study the relationship between paths with a designated root vertex and paths without such a vertex. Since we stay in first-order logic this development helps with mechanising proofs. To demonstrate the applicability of the algebraic framework we verify the correctness of three basic graph algorithms.",
"authors": [
"Walter Guttmann",
"Peter Höfner"
],
"date": "2020-07-13",
- "id": 162,
+ "id": 163,
"link": "/entries/Relational_Paths.html",
"permalink": "/entries/Relational_Paths.html",
"shortname": "Relational_Paths",
"title": "Relational Characterisations of Paths",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "The Vienna Convention on Road Traffic defines the safe distance traffic rules informally. This could make autonomous vehicle liable for safe-distance-related accidents because there is no clear definition of how large a safe distance is. We provide a formally proven prescriptive definition of a safe distance, and checkers which can decide whether an autonomous vehicle is obeying the safe distance rule. Not only does our work apply to the domain of law, but it also serves as a specification for autonomous vehicle manufacturers and for online verification of path planners.",
"authors": [
"Albert Rizaldi",
"Fabian Immler"
],
"date": "2020-06-01",
- "id": 163,
+ "id": 164,
"link": "/entries/Safe_Distance.html",
"permalink": "/entries/Safe_Distance.html",
"shortname": "Safe_Distance",
"title": "A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles",
"topic_links": [
"computer-science/algorithms/mathematical",
"mathematics/physics"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Mathematics/Physics"
],
"used_by": 0
},
{
"abstract": "This work presents a formal proof in Isabelle/HOL of an algorithm to transform a matrix into its Smith normal form, a canonical matrix form, in a general setting: the algorithm is parameterized by operations to prove its existence over elementary divisor rings, while execution is guaranteed over Euclidean domains. We also provide a formal proof on some results about the generality of this algorithm as well as the uniqueness of the Smith normal form. Since Isabelle/HOL does not feature dependent types, the development is carried out switching conveniently between two different existing libraries: the Hermite normal form (based on HOL Analysis) and the Jordan normal form AFP entries. This permits to reuse results from both developments and it is done by means of the lifting and transfer package together with the use of local type definitions.",
"authors": [
"Jose Divasón"
],
"date": "2020-05-23",
- "id": 164,
+ "id": 165,
"link": "/entries/Smith_Normal_Form.html",
"permalink": "/entries/Smith_Normal_Form.html",
"shortname": "Smith_Normal_Form",
"title": "A verified algorithm for computing the Smith normal form of a matrix",
"topic_links": [
"mathematics/algebra",
"computer-science/algorithms/mathematical"
],
"topics": [
"Mathematics/Algebra",
"Computer science/Algorithms/Mathematical"
],
"used_by": 1
},
{
"abstract": "In 1965, Nash-Williams discovered a generalisation of the infinite form of Ramsey's theorem. Where the latter concerns infinite sets of n-element sets for some fixed n, the Nash-Williams theorem concerns infinite sets of finite sets (or lists) subject to a “no initial segment” condition. The present formalisation follows a monograph on Ramsey Spaces by Todorčević.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2020-05-16",
- "id": 165,
+ "id": 166,
"link": "/entries/Nash_Williams.html",
"permalink": "/entries/Nash_Williams.html",
"shortname": "Nash_Williams",
"title": "The Nash-Williams Partition Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "We define a generalized version of Knuth\u0026ndash;Bendix orders, including subterm coefficient functions. For these orders we formalize several properties such as strong normalization, the subterm property, closure properties under substitutions and contexts, as well as ground totality.",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2020-05-13",
- "id": 166,
+ "id": 167,
"link": "/entries/Knuth_Bendix_Order.html",
"permalink": "/entries/Knuth_Bendix_Order.html",
"shortname": "Knuth_Bendix_Order",
"title": "A Formalization of Knuth–Bendix Orders",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 3
},
{
"abstract": "We formalise certain irrationality criteria for infinite series of the form: \\[\\sum_{n=1}^\\infty \\frac{b_n}{\\prod_{i=1}^n a_i} \\] where $\\{b_n\\}$ is a sequence of integers and $\\{a_n\\}$ a sequence of positive integers with $a_n \u003e1$ for all large n. The results are due to P. Erdős and E. G. Straus \u003ca href=\"https://projecteuclid.org/euclid.pjm/1102911140\"\u003e[1]\u003c/a\u003e. In particular, we formalise Theorem 2.1, Corollary 2.10 and Theorem 3.1. The latter is an application of Theorem 2.1 involving the prime numbers.",
"authors": [
"Angeliki Koutsoukou-Argyraki",
"Wenda Li"
],
"date": "2020-05-12",
- "id": 167,
+ "id": 168,
"link": "/entries/Irrational_Series_Erdos_Straus.html",
"permalink": "/entries/Irrational_Series_Erdos_Straus.html",
"shortname": "Irrational_Series_Erdos_Straus",
"title": "Irrationality Criteria for Series by Erdős and Straus",
"topic_links": [
"mathematics/number-theory",
"mathematics/analysis"
],
"topics": [
"Mathematics/Number theory",
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "This document contains a proof of the recursion theorem. This is a mechanization of the proof of the recursion theorem from the text \u003ci\u003eIntroduction to Set Theory\u003c/i\u003e, by Karel Hrbacek and Thomas Jech. This implementation may be used as the basis for a model of Peano arithmetic in ZF. While recursion and the natural numbers are already available in Isabelle/ZF, this clean development is much easier to follow.",
"authors": [
"Georgy Dunaev"
],
"date": "2020-05-11",
- "id": 168,
+ "id": 169,
"link": "/entries/Recursion-Addition.html",
"permalink": "/entries/Recursion-Addition.html",
"shortname": "Recursion-Addition",
"title": "Recursion Theorem in ZF",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 0
},
{
"abstract": "In the mid 80s, Lichtenstein, Pnueli, and Zuck proved a classical theorem stating that every formula of Past LTL (the extension of LTL with past operators) is equivalent to a formula of the form $\\bigwedge_{i=1}^n \\mathbf{G}\\mathbf{F} \\varphi_i \\vee \\mathbf{F}\\mathbf{G} \\psi_i$, where $\\varphi_i$ and $\\psi_i$ contain only past operators. Some years later, Chang, Manna, and Pnueli built on this result to derive a similar normal form for LTL. Both normalisation procedures have a non-elementary worst-case blow-up, and follow an involved path from formulas to counter-free automata to star-free regular expressions and back to formulas. We improve on both points. We present an executable formalisation of a direct and purely syntactic normalisation procedure for LTL yielding a normal form, comparable to the one by Chang, Manna, and Pnueli, that has only a single exponential blow-up.",
"authors": [
"Salomon Sickert"
],
"date": "2020-05-08",
- "id": 169,
+ "id": 170,
"link": "/entries/LTL_Normal_Form.html",
"permalink": "/entries/LTL_Normal_Form.html",
"shortname": "LTL_Normal_Form",
"title": "An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation",
"topic_links": [
"computer-science/automata-and-formal-languages",
"logic/general-logic/temporal-logic"
],
"topics": [
"Computer science/Automata and formal languages",
"Logic/General logic/Temporal logic"
],
"used_by": 0
},
{
"abstract": "We formalize the theory of forcing in the set theory framework of Isabelle/ZF. Under the assumption of the existence of a countable transitive model of ZFC, we construct a proper generic extension and show that the latter also satisfies ZFC.",
"authors": [
"Emmanuel Gunther",
"Miguel Pagano",
"Pedro Sánchez Terraf"
],
"date": "2020-05-06",
- "id": 170,
+ "id": 171,
"link": "/entries/Forcing.html",
"permalink": "/entries/Forcing.html",
"shortname": "Forcing",
"title": "Formalization of Forcing in Isabelle/ZF",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 0
},
{
"abstract": "We formalize in Isabelle/HOL a result due to S. Banach and H. Steinhaus known as the Banach-Steinhaus theorem or Uniform boundedness principle: a pointwise-bounded family of continuous linear operators from a Banach space to a normed space is uniformly bounded. Our approach is an adaptation to Isabelle/HOL of a proof due to A. Sokal.",
"authors": [
"Dominique Unruh",
"José Manuel Rodríguez Caballero"
],
"date": "2020-05-02",
- "id": 171,
+ "id": 172,
"link": "/entries/Banach_Steinhaus.html",
"permalink": "/entries/Banach_Steinhaus.html",
"shortname": "Banach_Steinhaus",
"title": "Banach-Steinhaus Theorem",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "In this article, we present a proof theory for Attack Trees. Attack Trees are a well established and useful model for the construction of attacks on systems since they allow a stepwise exploration of high level attacks in application scenarios. Using the expressiveness of Higher Order Logic in Isabelle, we develop a generic theory of Attack Trees with a state-based semantics based on Kripke structures and CTL. The resulting framework allows mechanically supported logic analysis of the meta-theory of the proof calculus of Attack Trees and at the same time the developed proof theory enables application to case studies. A central correctness and completeness result proved in Isabelle establishes a connection between the notion of Attack Tree validity and CTL. The application is illustrated on the example of a healthcare IoT system and GDPR compliance verification.",
"authors": [
"Florian Kammüller"
],
"date": "2020-04-27",
- "id": 172,
+ "id": 173,
"link": "/entries/Attack_Trees.html",
"permalink": "/entries/Attack_Trees.html",
"shortname": "Attack_Trees",
"title": "Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThe Gaussian integers are the subring \u0026#8484;[i] of the complex numbers, i. e. the ring of all complex numbers with integral real and imaginary part. This article provides a definition of this ring as well as proofs of various basic properties, such as that they form a Euclidean ring and a full classification of their primes. An executable (albeit not very efficient) factorisation algorithm is also provided.\u003c/p\u003e \u003cp\u003eLastly, this Gaussian integer formalisation is used in two short applications:\u003c/p\u003e \u003col\u003e \u003cli\u003e The characterisation of all positive integers that can be written as sums of two squares\u003c/li\u003e \u003cli\u003e Euclid's formula for primitive Pythagorean triples\u003c/li\u003e \u003c/ol\u003e \u003cp\u003eWhile elementary proofs for both of these are already available in the AFP, the theory of Gaussian integers provides more concise proofs and a more high-level view.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2020-04-24",
- "id": 173,
+ "id": 174,
"link": "/entries/Gaussian_Integers.html",
"permalink": "/entries/Gaussian_Integers.html",
"shortname": "Gaussian_Integers",
"title": "Gaussian Integers",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article provides a formalisation of the symmetric multivariate polynomials known as \u003cem\u003epower sum polynomials\u003c/em\u003e. These are of the form p\u003csub\u003en\u003c/sub\u003e(\u003cem\u003eX\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;, \u003cem\u003eX\u003c/em\u003e\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e) = \u003cem\u003eX\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e\u003csup\u003en\u003c/sup\u003e + \u0026hellip; + X\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e\u003csup\u003en\u003c/sup\u003e. A formal proof of the Girard–Newton Theorem is also given. This theorem relates the power sum polynomials to the elementary symmetric polynomials s\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e in the form of a recurrence relation (-1)\u003csup\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sup\u003e \u003cem\u003ek\u003c/em\u003e s\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e = \u0026sum;\u003csub\u003ei\u0026isinv;[0,\u003cem\u003ek\u003c/em\u003e)\u003c/sub\u003e (-1)\u003csup\u003ei\u003c/sup\u003e s\u003csub\u003ei\u003c/sub\u003e p\u003csub\u003e\u003cem\u003ek\u003c/em\u003e-\u003cem\u003ei\u003c/em\u003e\u003c/sub\u003e\u0026thinsp;.\u003c/p\u003e \u003cp\u003eAs an application, this is then used to solve a generalised form of a puzzle given as an exercise in Dummit and Foote's \u003cem\u003eAbstract Algebra\u003c/em\u003e: For \u003cem\u003ek\u003c/em\u003e complex unknowns \u003cem\u003ex\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e, \u0026hellip;, \u003cem\u003ex\u003c/em\u003e\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e, define p\u003csub\u003e\u003cem\u003ej\u003c/em\u003e\u003c/sub\u003e := \u003cem\u003ex\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e\u003csup\u003e\u003cem\u003ej\u003c/em\u003e\u003c/sup\u003e + \u0026hellip; + \u003cem\u003ex\u003c/em\u003e\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e\u003csup\u003e\u003cem\u003ej\u003c/em\u003e\u003c/sup\u003e. Then for each vector \u003cem\u003ea\u003c/em\u003e \u0026isinv; \u0026#x2102;\u003csup\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sup\u003e, show that there is exactly one solution to the system p\u003csub\u003e1\u003c/sub\u003e = a\u003csub\u003e1\u003c/sub\u003e, \u0026hellip;, p\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e = a\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e up to permutation of the \u003cem\u003ex\u003c/em\u003e\u003csub\u003e\u003cem\u003ei\u003c/em\u003e\u003c/sub\u003e and determine the value of p\u003csub\u003e\u003cem\u003ei\u003c/em\u003e\u003c/sub\u003e for i\u0026gt;k.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2020-04-24",
- "id": 174,
+ "id": 175,
"link": "/entries/Power_Sum_Polynomials.html",
"permalink": "/entries/Power_Sum_Polynomials.html",
"shortname": "Power_Sum_Polynomials",
"title": "Power Sum Polynomials",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThe Lambert \u003cem\u003eW\u003c/em\u003e function is a multi-valued function defined as the inverse function of \u003cem\u003ex\u003c/em\u003e \u0026#x21A6; \u003cem\u003ex\u003c/em\u003e e\u003csup\u003e\u003cem\u003ex\u003c/em\u003e\u003c/sup\u003e. Besides numerous applications in combinatorics, physics, and engineering, it also frequently occurs when solving equations containing both e\u003csup\u003e\u003cem\u003ex\u003c/em\u003e\u003c/sup\u003e and \u003cem\u003ex\u003c/em\u003e, or both \u003cem\u003ex\u003c/em\u003e and log \u003cem\u003ex\u003c/em\u003e.\u003c/p\u003e \u003cp\u003eThis article provides a definition of the two real-valued branches \u003cem\u003eW\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e(\u003cem\u003ex\u003c/em\u003e) and \u003cem\u003eW\u003c/em\u003e\u003csub\u003e-1\u003c/sub\u003e(\u003cem\u003ex\u003c/em\u003e) and proves various properties such as basic identities and inequalities, monotonicity, differentiability, asymptotic expansions, and the MacLaurin series of \u003cem\u003eW\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e(\u003cem\u003ex\u003c/em\u003e) at \u003cem\u003ex\u003c/em\u003e = 0.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2020-04-24",
- "id": 175,
+ "id": 176,
"link": "/entries/Lambert_W.html",
"permalink": "/entries/Lambert_W.html",
"shortname": "Lambert_W",
"title": "The Lambert W Function on the Reals",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "Our theories formalise various matrix properties that serve to establish existence, uniqueness and characterisation of the solution to affine systems of ordinary differential equations (ODEs). In particular, we formalise the operator and maximum norm of matrices. Then we use them to prove that square matrices form a Banach space, and in this setting, we show an instance of Picard-Lindelöf’s theorem for affine systems of ODEs. Finally, we use this formalisation to verify three simple hybrid programs.",
"authors": [
"Jonathan Julian Huerta y Munive"
],
"date": "2020-04-19",
- "id": 176,
+ "id": 177,
"link": "/entries/Matrices_for_ODEs.html",
"permalink": "/entries/Matrices_for_ODEs.html",
"shortname": "Matrices_for_ODEs",
"title": "Matrices for ODEs",
"topic_links": [
"mathematics/analysis",
"mathematics/algebra"
],
"topics": [
"Mathematics/Analysis",
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "Authenticated data structures allow several systems to convince each other that they are referring to the same data structure, even if each of them knows only a part of the data structure. Using inclusion proofs, knowledgeable systems can selectively share their knowledge with other systems and the latter can verify the authenticity of what is being shared. In this article, we show how to modularly define authenticated data structures, their inclusion proofs, and operations thereon as datatypes in Isabelle/HOL, using a shallow embedding. Modularity allows us to construct complicated trees from reusable building blocks, which we call Merkle functors. Merkle functors include sums, products, and function spaces and are closed under composition and least fixpoints. As a practical application, we model the hierarchical transactions of \u003ca href=\"https://www.canton.io\"\u003eCanton\u003c/a\u003e, a practical interoperability protocol for distributed ledgers, as authenticated data structures. This is a first step towards formalizing the Canton protocol and verifying its integrity and security guarantees.",
"authors": [
"Andreas Lochbihler",
"Ognjen Marić"
],
"date": "2020-04-16",
- "id": 177,
+ "id": 178,
"link": "/entries/ADS_Functor.html",
"permalink": "/entries/ADS_Functor.html",
"shortname": "ADS_Functor",
"title": "Authenticated Data Structures As Functors",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "Basin et al.'s \u003ca href=\"https://doi.org/10.1016/j.ipl.2014.09.009\"\u003esliding window algorithm (SWA)\u003c/a\u003e is an algorithm for combining the elements of subsequences of a sequence with an associative operator. It is greedy and minimizes the number of operator applications. We formalize the algorithm and verify its functional correctness. We extend the algorithm with additional operations and provide an alternative interface to the slide operation that does not require the entire input sequence.",
"authors": [
"Lukas Heimes",
"Dmitriy Traytel",
"Joshua Schneider"
],
"date": "2020-04-10",
- "id": 178,
+ "id": 179,
"link": "/entries/Sliding_Window_Algorithm.html",
"permalink": "/entries/Sliding_Window_Algorithm.html",
"shortname": "Sliding_Window_Algorithm",
"title": "Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "This Isabelle/HOL formalization is the companion of the technical report “A comprehensive framework for saturation theorem proving”, itself companion of the eponym IJCAR 2020 paper, written by Uwe Waldmann, Sophie Tourret, Simon Robillard and Jasmin Blanchette. It verifies a framework for formal refutational completeness proofs of abstract provers that implement saturation calculi, such as ordered resolution or superposition, and allows to model entire prover architectures in such a way that the static refutational completeness of a calculus immediately implies the dynamic refutational completeness of a prover implementing the calculus using a variant of the given clause loop. The technical report “A comprehensive framework for saturation theorem proving” is available \u003ca href=\"http://matryoshka.gforge.inria.fr/pubs/satur_report.pdf\"\u003eon the Matryoshka website\u003c/a\u003e. The names of the Isabelle lemmas and theorems corresponding to the results in the report are indicated in the margin of the report.",
"authors": [
"Sophie Tourret"
],
"date": "2020-04-09",
- "id": 179,
+ "id": 180,
"link": "/entries/Saturation_Framework.html",
"permalink": "/entries/Saturation_Framework.html",
"shortname": "Saturation_Framework",
"title": "A Comprehensive Framework for Saturation Theorem Proving",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 1
},
{
"abstract": "A monitor is a runtime verification tool that solves the following problem: Given a stream of time-stamped events and a policy formulated in a specification language, decide whether the policy is satisfied at every point in the stream. We verify the correctness of an executable monitor for specifications given as formulas in metric first-order dynamic logic (MFODL), which combines the features of metric first-order temporal logic (MFOTL) and metric dynamic logic. Thus, MFODL supports real-time constraints, first-order parameters, and regular expressions. Additionally, the monitor supports aggregation operations such as count and sum. This formalization, which is described in a \u003ca href=\"http://people.inf.ethz.ch/trayteld/papers/ijcar20-verimonplus/verimonplus.pdf\"\u003e forthcoming paper at IJCAR 2020\u003c/a\u003e, significantly extends \u003ca href=\"https://www.isa-afp.org/entries/MFOTL_Monitor.html\"\u003eprevious work on a verified monitor\u003c/a\u003e for MFOTL. Apart from the addition of regular expressions and aggregations, we implemented \u003ca href=\"https://www.isa-afp.org/entries/Generic_Join.html\"\u003emulti-way joins\u003c/a\u003e and a specialized sliding window algorithm to further optimize the monitor.",
"authors": [
"Thibault Dardinier",
"Lukas Heimes",
"Martin Raszyk",
"Joshua Schneider",
"Dmitriy Traytel"
],
"date": "2020-04-09",
- "id": 180,
+ "id": 181,
"link": "/entries/MFODL_Monitor_Optimized.html",
"permalink": "/entries/MFODL_Monitor_Optimized.html",
"shortname": "MFODL_Monitor_Optimized",
"title": "Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations",
"topic_links": [
"computer-science/algorithms",
"logic/general-logic/modal-logic",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Algorithms",
"Logic/General logic/Modal logic",
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "In protocol verification we observe a wide spectrum from fully automated methods to interactive theorem proving with proof assistants like Isabelle/HOL. In this AFP entry, we present a fully-automated approach for verifying stateful security protocols, i.e., protocols with mutable state that may span several sessions. The approach supports reachability goals like secrecy and authentication. We also include a simple user-friendly transaction-based protocol specification language that is embedded into Isabelle.",
"authors": [
"Andreas V. Hess",
"Sebastian Mödersheim",
"Achim D. Brucker",
"Anders Schlichtkrull"
],
"date": "2020-04-08",
- "id": 181,
+ "id": 182,
"link": "/entries/Automated_Stateful_Protocol_Verification.html",
"permalink": "/entries/Automated_Stateful_Protocol_Verification.html",
"shortname": "Automated_Stateful_Protocol_Verification",
"title": "Automated Stateful Protocol Verification",
"topic_links": [
"computer-science/security",
"tools"
],
"topics": [
"Computer science/Security",
"Tools"
],
"used_by": 0
},
{
"abstract": "We provide in this AFP entry several relative soundness results for security protocols. In particular, we prove typing and compositionality results for stateful protocols (i.e., protocols with mutable state that may span several sessions), and that focuses on reachability properties. Such results are useful to simplify protocol verification by reducing it to a simpler problem: Typing results give conditions under which it is safe to verify a protocol in a typed model where only \"well-typed\" attacks can occur whereas compositionality results allow us to verify a composed protocol by only verifying the component protocols in isolation. The conditions on the protocols under which the results hold are furthermore syntactic in nature allowing for full automation. The foundation presented here is used in another entry to provide fully automated and formalized security proofs of stateful protocols.",
"authors": [
"Andreas V. Hess",
"Sebastian Mödersheim",
"Achim D. Brucker"
],
"date": "2020-04-08",
- "id": 182,
+ "id": 183,
"link": "/entries/Stateful_Protocol_Composition_and_Typing.html",
"permalink": "/entries/Stateful_Protocol_Composition_and_Typing.html",
"shortname": "Stateful_Protocol_Composition_and_Typing",
"title": "Stateful Protocol Composition and Typing",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 1
},
{
"abstract": "This work presents a formalisation of a generating function proof for Lucas's theorem. We first outline extensions to the existing Formal Power Series (FPS) library, including an equivalence relation for coefficients modulo \u003cem\u003en\u003c/em\u003e, an alternate binomial theorem statement, and a formalised proof of the Freshman's dream (mod \u003cem\u003ep\u003c/em\u003e) lemma. The second part of the work presents the formal proof of Lucas's Theorem. Working backwards, the formalisation first proves a well known corollary of the theorem which is easier to formalise, and then applies induction to prove the original theorem statement. The proof of the corollary aims to provide a good example of a formalised generating function equivalence proof using the FPS library. The final theorem statement is intended to be integrated into the formalised proof of Hilbert's 10th Problem.",
"authors": [
"Chelsea Edmonds"
],
"date": "2020-04-07",
- "id": 183,
+ "id": 184,
"link": "/entries/Lucas_Theorem.html",
"permalink": "/entries/Lucas_Theorem.html",
"shortname": "Lucas_Theorem",
"title": "Lucas's Theorem",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "Commutative Replicated Data Types (CRDTs) are a promising new class of data structures for large-scale shared mutable content in applications that only require eventual consistency. The WithOut Operational Transforms (WOOT) framework is a CRDT for collaborative text editing introduced by Oster et al. (CSCW 2006) for which the eventual consistency property was verified only for a bounded model to date. We contribute a formal proof for WOOTs strong eventual consistency.",
"authors": [
"Emin Karayel",
"Edgar Gonzàlez"
],
"date": "2020-03-25",
- "id": 184,
+ "id": 185,
"link": "/entries/WOOT_Strong_Eventual_Consistency.html",
"permalink": "/entries/WOOT_Strong_Eventual_Consistency.html",
"shortname": "WOOT_Strong_Eventual_Consistency",
"title": "Strong Eventual Consistency of the Collaborative Editing Framework WOOT",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article gives a formal version of Furstenberg's topological proof of the infinitude of primes. He defines a topology on the integers based on arithmetic progressions (or, equivalently, residue classes). Using some fairly obvious properties of this topology, the infinitude of primes is then easily obtained.\u003c/p\u003e \u003cp\u003eApart from this, this topology is also fairly ‘nice’ in general: it is second countable, metrizable, and perfect. All of these (well-known) facts are formally proven, including an explicit metric for the topology given by Zulfeqarr.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2020-03-22",
- "id": 185,
+ "id": 186,
"link": "/entries/Furstenberg_Topology.html",
"permalink": "/entries/Furstenberg_Topology.html",
"shortname": "Furstenberg_Topology",
"title": "Furstenberg's topology and his proof of the infinitude of primes",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "Recently, authors have proposed under-approximate logics for reasoning about programs. So far, all such logics have been confined to reasoning about individual program behaviours. Yet there exist many over-approximate relational logics for reasoning about pairs of programs and relating their behaviours. We present the first under-approximate relational logic, for the simple imperative language IMP. We prove our logic is both sound and complete. Additionally, we show how reasoning in this logic can be decomposed into non-relational reasoning in an under-approximate Hoare logic, mirroring Beringer’s result for over-approximate relational logics. We illustrate the application of our logic on some small examples in which we provably demonstrate the presence of insecurity.",
"authors": [
"Toby Murray"
],
"date": "2020-03-12",
- "id": 186,
+ "id": 187,
"link": "/entries/Relational-Incorrectness-Logic.html",
"permalink": "/entries/Relational-Incorrectness-Logic.html",
"shortname": "Relational-Incorrectness-Logic",
"title": "An Under-Approximate Relational Logic",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/security"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "In this article, we present a formalization of the well-known \"Hello, World!\" code, including a formal framework for reasoning about IO. Our model is inspired by the handling of IO in Haskell. We start by formalizing the 🌍 and embrace the IO monad afterwards. Then we present a sample main :: IO (), followed by its proof of correctness.",
"authors": [
"Cornelius Diekmann",
"Lars Hupel"
],
"date": "2020-03-07",
- "id": 187,
+ "id": 188,
"link": "/entries/Hello_World.html",
"permalink": "/entries/Hello_World.html",
"shortname": "Hello_World",
"title": "Hello World",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "In this formalization, we develop an implementation of the Goodstein function G in plain \u0026lambda;-calculus, linked to a concise, self-contained specification. The implementation works on a Church-encoded representation of countable ordinals. The initial conversion to hereditary base 2 is not covered, but the material is sufficient to compute the particular value G(16), and easily extends to other fixed arguments.",
"authors": [
"Bertram Felgenhauer"
],
"date": "2020-02-21",
- "id": 188,
+ "id": 189,
"link": "/entries/Goodstein_Lambda.html",
"permalink": "/entries/Goodstein_Lambda.html",
"shortname": "Goodstein_Lambda",
"title": "Implementing the Goodstein Function in \u0026lambda;-Calculus",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "This is a generic framework for formalizing compiler transformations. It leverages Isabelle/HOL’s locales to abstract over concrete languages and transformations. It states common definitions for language semantics, program behaviours, forward and backward simulations, and compilers. We provide generic operations, such as simulation and compiler composition, and prove general (partial) correctness theorems, resulting in reusable proof components.",
"authors": [
"Martin Desharnais"
],
"date": "2020-02-10",
- "id": 189,
+ "id": 190,
"link": "/entries/VeriComp.html",
"permalink": "/entries/VeriComp.html",
"shortname": "VeriComp",
"title": "A Generic Framework for Verified Compilers",
"topic_links": [
"computer-science/programming-languages/compiling"
],
"topics": [
"Computer science/Programming languages/Compiling"
],
"used_by": 1
},
{
"abstract": "This article provides a formalization of the solution obtained by the author of the Problem “ARITHMETIC PROGRESSIONS” from the \u003ca href=\"https://www.ocf.berkeley.edu/~wwu/riddles/putnam.shtml\"\u003e Putnam exam problems of 2002\u003c/a\u003e. The statement of the problem is as follows: For which integers \u003cem\u003en\u003c/em\u003e \u003e 1 does the set of positive integers less than and relatively prime to \u003cem\u003en\u003c/em\u003e constitute an arithmetic progression?",
"authors": [
"José Manuel Rodríguez Caballero"
],
"date": "2020-02-01",
- "id": 190,
+ "id": 191,
"link": "/entries/Arith_Prog_Rel_Primes.html",
"permalink": "/entries/Arith_Prog_Rel_Primes.html",
"shortname": "Arith_Prog_Rel_Primes",
"title": "Arithmetic progressions and relative primes",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "We present a collection of axiom systems for the construction of Boolean subalgebras of larger overall algebras. The subalgebras are defined as the range of a complement-like operation on a semilattice. This technique has been used, for example, with the antidomain operation, dynamic negation and Stone algebras. We present a common ground for these constructions based on a new equational axiomatisation of Boolean algebras.",
"authors": [
"Walter Guttmann",
"Bernhard Möller"
],
"date": "2020-01-31",
- "id": 191,
+ "id": 192,
"link": "/entries/Subset_Boolean_Algebras.html",
"permalink": "/entries/Subset_Boolean_Algebras.html",
"shortname": "Subset_Boolean_Algebras",
"title": "A Hierarchy of Algebras for Boolean Subsets",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis article provides formal proofs of basic properties of Mersenne numbers, i. e. numbers of the form 2\u003csup\u003e\u003cem\u003en\u003c/em\u003e\u003c/sup\u003e - 1, and especially of Mersenne primes.\u003c/p\u003e \u003cp\u003eIn particular, an efficient, verified, and executable version of the Lucas\u0026ndash;Lehmer test is developed. This test decides primality for Mersenne numbers in time polynomial in \u003cem\u003en\u003c/em\u003e.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2020-01-17",
- "id": 192,
+ "id": 193,
"link": "/entries/Mersenne_Primes.html",
"permalink": "/entries/Mersenne_Primes.html",
"shortname": "Mersenne_Primes",
"title": "Mersenne primes and the Lucas–Lehmer test",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "We present the first formal verification of approximation algorithms for NP-complete optimization problems: vertex cover, set cover, independent set, center selection, load balancing, and bin packing. The proofs correct incompletenesses in existing proofs and improve the approximation ratio in one case.",
"authors": [
"Robin Eßmann",
"Tobias Nipkow",
"Simon Robillard",
"Ujkan Sulejmani"
],
"date": "2020-01-16",
- "id": 193,
+ "id": 194,
"link": "/entries/Approximation_Algorithms.html",
"permalink": "/entries/Approximation_Algorithms.html",
"shortname": "Approximation_Algorithms",
"title": "Verified Approximation Algorithms",
"topic_links": [
"computer-science/algorithms/approximation"
],
"topics": [
"Computer science/Algorithms/Approximation"
],
"used_by": 0
},
{
"abstract": "This entry provides two related verified divide-and-conquer algorithms solving the fundamental \u003cem\u003eClosest Pair of Points\u003c/em\u003e problem in Computational Geometry. Functional correctness and the optimal running time of \u003cem\u003eO\u003c/em\u003e(\u003cem\u003en\u003c/em\u003e log \u003cem\u003en\u003c/em\u003e) are proved. Executable code is generated which is empirically competitive with handwritten reference implementations.",
"authors": [
"Martin Rau",
"Tobias Nipkow"
],
"date": "2020-01-13",
- "id": 194,
+ "id": 195,
"link": "/entries/Closest_Pair_Points.html",
"permalink": "/entries/Closest_Pair_Points.html",
"shortname": "Closest_Pair_Points",
"title": "Closest Pair of Points Algorithms",
"topic_links": [
"computer-science/algorithms/geometry"
],
"topics": [
"Computer science/Algorithms/Geometry"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e Skip lists are sorted linked lists enhanced with shortcuts and are an alternative to binary search trees. A skip lists consists of multiple levels of sorted linked lists where a list on level n is a subsequence of the list on level n − 1. In the ideal case, elements are skipped in such a way that a lookup in a skip lists takes O(log n) time. In a randomised skip list the skipped elements are choosen randomly. \u003c/p\u003e \u003cp\u003e This entry contains formalized proofs of the textbook results about the expected height and the expected length of a search path in a randomised skip list. \u003c/p\u003e",
"authors": [
"Max W. Haslbeck",
"Manuel Eberl"
],
"date": "2020-01-09",
- "id": 195,
+ "id": 196,
"link": "/entries/Skip_Lists.html",
"permalink": "/entries/Skip_Lists.html",
"shortname": "Skip_Lists",
"title": "Skip Lists",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e Taking as a starting point the author's previous work on developing aspects of category theory in Isabelle/HOL, this article gives a compatible formalization of the notion of \"bicategory\" and develops a framework within which formal proofs of facts about bicategories can be given. The framework includes a number of basic results, including the Coherence Theorem, the Strictness Theorem, pseudofunctors and biequivalence, and facts about internal equivalences and adjunctions in a bicategory. As a driving application and demonstration of the utility of the framework, it is used to give a formal proof of a theorem, due to Carboni, Kasangian, and Street, that characterizes up to biequivalence the bicategories of spans in a category with pullbacks. The formalization effort necessitated the filling-in of many details that were not evident from the brief presentation in the original paper, as well as identifying a few minor corrections along the way. \u003c/p\u003e\u003cp\u003e Revisions made subsequent to the first version of this article added additional material on pseudofunctors, pseudonatural transformations, modifications, and equivalence of bicategories; the main thrust being to give a proof that a pseudofunctor is a biequivalence if and only if it can be extended to an equivalence of bicategories. \u003c/p\u003e",
"authors": [
"Eugene W. Stark"
],
"date": "2020-01-06",
- "id": 196,
+ "id": 197,
"link": "/entries/Bicategory.html",
"permalink": "/entries/Bicategory.html",
"shortname": "Bicategory",
"title": "Bicategories",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article provides a formalisation of Beukers's straightforward analytic proof that ζ(3) is irrational. This was first proven by Apéry (which is why this result is also often called ‘Apéry's Theorem’) using a more algebraic approach. This formalisation follows \u003ca href=\"http://people.math.sc.edu/filaseta/gradcourses/Math785/Math785Notes4.pdf\"\u003eFilaseta's presentation\u003c/a\u003e of Beukers's proof.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2019-12-27",
- "id": 197,
+ "id": 198,
"link": "/entries/Zeta_3_Irrational.html",
"permalink": "/entries/Zeta_3_Irrational.html",
"shortname": "Zeta_3_Irrational",
"title": "The Irrationality of ζ(3)",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "This work is a formalization of soundness and completeness proofs for a Seligman-style tableau system for hybrid logic. The completeness result is obtained via a synthetic approach using maximally consistent sets of tableau blocks. The formalization differs from previous work in a few ways. First, to avoid the need to backtrack in the construction of a tableau, the formalized system has no unnamed initial segment, and therefore no Name rule. Second, I show that the full Bridge rule is admissible in the system. Third, I start from rules restricted to only extend the branch with new formulas, including only witnessing diamonds that are not already witnessed, and show that the unrestricted rules are admissible. Similarly, I start from simpler versions of the @-rules and show that these are sufficient. The GoTo rule is restricted using a notion of potential such that each application consumes potential and potential is earned through applications of the remaining rules. I show that if a branch can be closed then it can be closed starting from a single unit. Finally, Nom is restricted by a fixed set of allowed nominals. The resulting system should be terminating. Paper: \u003ca href=\"https://doi.org/10.4230/LIPIcs.TYPES.2020.5\"\u003edoi.org/10.4230/LIPIcs.TYPES.2020.5\u003c/a\u003e.",
"authors": [
"Asta Halkjær From"
],
"date": "2019-12-20",
- "id": 198,
+ "id": 199,
"link": "/entries/Hybrid_Logic.html",
"permalink": "/entries/Hybrid_Logic.html",
"shortname": "Hybrid_Logic",
"title": "Formalizing a Seligman-Style Tableau System for Hybrid Logic",
"topic_links": [
"logic/general-logic/modal-logic"
],
"topics": [
"Logic/General logic/Modal logic"
],
"used_by": 0
},
{
"abstract": "The Poincaré-Bendixson theorem is a classical result in the study of (continuous) dynamical systems. Colloquially, it restricts the possible behaviors of planar dynamical systems: such systems cannot be chaotic. In practice, it is a useful tool for proving the existence of (limiting) periodic behavior in planar systems. The theorem is an interesting and challenging benchmark for formalized mathematics because proofs in the literature rely on geometric sketches and only hint at symmetric cases. It also requires a substantial background of mathematical theories, e.g., the Jordan curve theorem, real analysis, ordinary differential equations, and limiting (long-term) behavior of dynamical systems.",
"authors": [
"Fabian Immler",
"Yong Kiam Tan"
],
"date": "2019-12-18",
- "id": 199,
+ "id": 200,
"link": "/entries/Poincare_Bendixson.html",
"permalink": "/entries/Poincare_Bendixson.html",
"shortname": "Poincare_Bendixson",
"title": "The Poincaré-Bendixson Theorem",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "A formalization of geometry of complex numbers is presented. Fundamental objects that are investigated are the complex plane extended by a single infinite point, its objects (points, lines and circles), and groups of transformations that act on them (e.g., inversions and Möbius transformations). Most objects are defined algebraically, but correspondence with classical geometric definitions is shown.",
"authors": [
"Filip Marić",
"Danijela Simić"
],
"date": "2019-12-16",
- "id": 200,
+ "id": 201,
"link": "/entries/Complex_Geometry.html",
"permalink": "/entries/Complex_Geometry.html",
"shortname": "Complex_Geometry",
"title": "Complex Geometry",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 2
},
{
"abstract": "We describe formalization of the Poincaré disc model of hyperbolic geometry within the Isabelle/HOL proof assistant. The model is defined within the extended complex plane (one dimensional complex projectives space \u0026#8450;P1), formalized in the AFP entry “Complex Geometry”. Points, lines, congruence of pairs of points, betweenness of triples of points, circles, and isometries are defined within the model. It is shown that the model satisfies all Tarski's axioms except the Euclid's axiom. It is shown that it satisfies its negation and the limiting parallels axiom (which proves it to be a model of hyperbolic geometry).",
"authors": [
"Danijela Simić",
"Filip Marić",
"Pierre Boutry"
],
"date": "2019-12-16",
- "id": 201,
+ "id": 202,
"link": "/entries/Poincare_Disc.html",
"permalink": "/entries/Poincare_Disc.html",
"shortname": "Poincare_Disc",
"title": "Poincaré Disc Model",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article provides a full formalisation of Chapter 8 of Apostol's \u003cem\u003e\u003ca href=\"https://www.springer.com/de/book/9780387901633\"\u003eIntroduction to Analytic Number Theory\u003c/a\u003e\u003c/em\u003e. Subjects that are covered are:\u003c/p\u003e \u003cul\u003e \u003cli\u003eperiodic arithmetic functions and their finite Fourier series\u003c/li\u003e \u003cli\u003e(generalised) Ramanujan sums\u003c/li\u003e \u003cli\u003eGauss sums and separable characters\u003c/li\u003e \u003cli\u003einduced moduli and primitive characters\u003c/li\u003e \u003cli\u003ethe Pólya\u0026mdash;Vinogradov inequality\u003c/li\u003e \u003c/ul\u003e",
"authors": [
"Rodrigo Raya",
"Manuel Eberl"
],
"date": "2019-12-10",
- "id": 202,
+ "id": 203,
"link": "/entries/Gauss_Sums.html",
"permalink": "/entries/Gauss_Sums.html",
"shortname": "Gauss_Sums",
"title": "Gauss Sums and the Pólya–Vinogradov Inequality",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "Counting sort is a well-known algorithm that sorts objects of any kind mapped to integer keys, or else to keys in one-to-one correspondence with some subset of the integers (e.g. alphabet letters). However, it is suitable for direct use, viz. not just as a subroutine of another sorting algorithm (e.g. radix sort), only if the key range is not significantly larger than the number of the objects to be sorted. This paper describes a tail-recursive generalization of counting sort making use of a bounded number of counters, suitable for direct use in case of a large, or even infinite key range of any kind, subject to the only constraint of being a subset of an arbitrary linear order. After performing a pen-and-paper analysis of how such algorithm has to be designed to maximize its efficiency, this paper formalizes the resulting generalized counting sort (GCsort) algorithm and then formally proves its correctness properties, namely that (a) the counters' number is maximized never exceeding the fixed upper bound, (b) objects are conserved, (c) objects get sorted, and (d) the algorithm is stable.",
"authors": [
"Pasquale Noce"
],
"date": "2019-12-04",
- "id": 203,
+ "id": 204,
"link": "/entries/Generalized_Counting_Sort.html",
"permalink": "/entries/Generalized_Counting_Sort.html",
"shortname": "Generalized_Counting_Sort",
"title": "An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges",
"topic_links": [
"computer-science/algorithms",
"computer-science/functional-programming"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "Interval_Arithmetic implements conservative interval arithmetic computations, then uses this interval arithmetic to implement a simple programming language where all terms have 32-bit signed word values, with explicit infinities for terms outside the representable bounds. Our target use case is interpreters for languages that must have a well-understood low-level behavior. We include a formalization of bounded-length strings which are used for the identifiers of our language. Bounded-length identifiers are useful in some applications, for example the \u003ca href=\"https://www.isa-afp.org/entries/Differential_Dynamic_Logic.html\"\u003eDifferential_Dynamic_Logic\u003c/a\u003e article, where a Euclidean space indexed by identifiers demands that identifiers are finitely many.",
"authors": [
"Rose Bohrer"
],
"date": "2019-11-27",
- "id": 204,
+ "id": 205,
"link": "/entries/Interval_Arithmetic_Word32.html",
"permalink": "/entries/Interval_Arithmetic_Word32.html",
"shortname": "Interval_Arithmetic_Word32",
"title": "Interval Arithmetic on 32-bit Words",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry is a new formalisation of ZFC set theory in Isabelle/HOL. It is logically equivalent to Obua's HOLZF; the point is to have the closest possible integration with the rest of Isabelle/HOL, minimising the amount of new notations and exploiting type classes.\u003c/p\u003e \u003cp\u003eThere is a type \u003cem\u003eV\u003c/em\u003e of sets and a function \u003cem\u003eelts :: V =\u0026gt; V set\u003c/em\u003e mapping a set to its elements. Classes simply have type \u003cem\u003eV set\u003c/em\u003e, and a predicate identifies the small classes: those that correspond to actual sets. Type classes connected with orders and lattices are used to minimise the amount of new notation for concepts such as the subset relation, union and intersection. Basic concepts — Cartesian products, disjoint sums, natural numbers, functions, etc. — are formalised.\u003c/p\u003e \u003cp\u003eMore advanced set-theoretic concepts, such as transfinite induction, ordinals, cardinals and the transitive closure of a set, are also provided. The definition of addition and multiplication for general sets (not just ordinals) follows Kirby.\u003c/p\u003e \u003cp\u003eThe theory provides two type classes with the aim of facilitating developments that combine \u003cem\u003eV\u003c/em\u003e with other Isabelle/HOL types: \u003cem\u003eembeddable\u003c/em\u003e, the class of types that can be injected into \u003cem\u003eV\u003c/em\u003e (including \u003cem\u003eV\u003c/em\u003e itself as well as \u003cem\u003eV*V\u003c/em\u003e, etc.), and \u003cem\u003esmall\u003c/em\u003e, the class of types that correspond to some ZF set.\u003c/p\u003e extra-history = Change history: [2020-01-28]: Generalisation of the \"small\" predicate and order types to arbitrary sets; ordinal exponentiation; introduction of the coercion ord_of_nat :: \"nat =\u003e V\"; numerous new lemmas. (revision 6081d5be8d08)",
"authors": [
"Lawrence C. Paulson"
],
"date": "2019-10-24",
- "id": 205,
+ "id": 206,
"link": "/entries/ZFC_in_HOL.html",
"permalink": "/entries/ZFC_in_HOL.html",
"shortname": "ZFC_in_HOL",
"title": "Zermelo Fraenkel Set Theory in Higher-Order Logic",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 4
},
{
"abstract": "We present a framework for C code in C11 syntax deeply integrated into the Isabelle/PIDE development environment. Our framework provides an abstract interface for verification back-ends to be plugged-in independently. Thus, various techniques such as deductive program verification or white-box testing can be applied to the same source, which is part of an integrated PIDE document model. Semantic back-ends are free to choose the supported C fragment and its semantics. In particular, they can differ on the chosen memory model or the specification mechanism for framing conditions. Our framework supports semantic annotations of C sources in the form of comments. Annotations serve to locally control back-end settings, and can express the term focus to which an annotation refers. Both the logical and the syntactic context are available when semantic annotations are evaluated. As a consequence, a formula in an annotation can refer both to HOL or C variables. Our approach demonstrates the degree of maturity and expressive power the Isabelle/PIDE sub-system has achieved in recent years. Our integration technique employs Lex and Yacc style grammars to ensure efficient deterministic parsing. This is the core-module of Isabelle/C; the AFP package for Clean and Clean_wrapper as well as AutoCorres and AutoCorres_wrapper (available via git) are applications of this front-end.",
"authors": [
"Frédéric Tuong",
"Burkhart Wolff"
],
"date": "2019-10-22",
- "id": 206,
+ "id": 207,
"link": "/entries/Isabelle_C.html",
"permalink": "/entries/Isabelle_C.html",
"shortname": "Isabelle_C",
"title": "Isabelle/C",
"topic_links": [
"computer-science/programming-languages/language-definitions",
"computer-science/semantics-and-reasoning",
"tools"
],
"topics": [
"Computer science/Programming languages/Language definitions",
"Computer science/Semantics and reasoning",
"Tools"
],
"used_by": 0
},
{
"abstract": "VerifyThis 2019 (http://www.pm.inf.ethz.ch/research/verifythis.html) was a program verification competition associated with ETAPS 2019. It was the 8th event in the VerifyThis competition series. In this entry, we present polished and completed versions of our solutions that we created during the competition.",
"authors": [
"Peter Lammich",
"Simon Wimmer"
],
"date": "2019-10-16",
- "id": 207,
+ "id": 208,
"link": "/entries/VerifyThis2019.html",
"permalink": "/entries/VerifyThis2019.html",
"shortname": "VerifyThis2019",
"title": "VerifyThis 2019 -- Polished Isabelle Solutions",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "We formalise with Isabelle/HOL some basic elements of Aristotle's assertoric syllogistic following the \u003ca href=\"https://plato.stanford.edu/entries/aristotle-logic/\"\u003earticle from the Stanford Encyclopedia of Philosophy by Robin Smith.\u003c/a\u003e To this end, we use a set theoretic formulation (covering both individual and general predication). In particular, we formalise the deductions in the Figures and after that we present Aristotle's metatheoretical observation that all deductions in the Figures can in fact be reduced to either Barbara or Celarent. As the formal proofs prove to be straightforward, the interest of this entry lies in illustrating the functionality of Isabelle and high efficiency of Sledgehammer for simple exercises in philosophy.",
"authors": [
"Angeliki Koutsoukou-Argyraki"
],
"date": "2019-10-08",
- "id": 208,
+ "id": 209,
"link": "/entries/Aristotles_Assertoric_Syllogistic.html",
"permalink": "/entries/Aristotles_Assertoric_Syllogistic.html",
"shortname": "Aristotles_Assertoric_Syllogistic",
"title": "Aristotle's Assertoric Syllogistic",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "We use CryptHOL to formalise commitment schemes and Sigma-protocols. Both are widely used fundamental two party cryptographic primitives. Security for commitment schemes is considered using game-based definitions whereas the security of Sigma-protocols is considered using both the game-based and simulation-based security paradigms. In this work, we first define security for both primitives and then prove secure multiple case studies: the Schnorr, Chaum-Pedersen and Okamoto Sigma-protocols as well as a construction that allows for compound (AND and OR statements) Sigma-protocols and the Pedersen and Rivest commitment schemes. We also prove that commitment schemes can be constructed from Sigma-protocols. We formalise this proof at an abstract level, only assuming the existence of a Sigma-protocol; consequently, the instantiations of this result for the concrete Sigma-protocols we consider come for free.",
"authors": [
"David Butler",
"Andreas Lochbihler"
],
"date": "2019-10-07",
- "id": 209,
+ "id": 210,
"link": "/entries/Sigma_Commit_Crypto.html",
"permalink": "/entries/Sigma_Commit_Crypto.html",
"shortname": "Sigma_Commit_Crypto",
"title": "Sigma Protocols and Commitment Schemes",
"topic_links": [
"computer-science/security/cryptography"
],
"topics": [
"Computer science/Security/Cryptography"
],
"used_by": 1
},
{
"abstract": "Clean is based on a simple, abstract execution model for an imperative target language. “Abstract” is understood in contrast to “Concrete Semantics”; alternatively, the term “shallow-style embedding” could be used. It strives for a type-safe notion of program-variables, an incremental construction of the typed state-space, support of incremental verification, and open-world extensibility of new type definitions being intertwined with the program definitions. Clean is based on a “no-frills” state-exception monad with the usual definitions of bind and unit for the compositional glue of state-based computations. Clean offers conditionals and loops supporting C-like control-flow operators such as break and return. The state-space construction is based on the extensible record package. Direct recursion of procedures is supported. Clean’s design strives for extreme simplicity. It is geared towards symbolic execution and proven correct verification tools. The underlying libraries of this package, however, deliberately restrict themselves to the most elementary infrastructure for these tasks. The package is intended to serve as demonstrator semantic backend for Isabelle/C, or for the test-generation techniques.",
"authors": [
"Frédéric Tuong",
"Burkhart Wolff"
],
"date": "2019-10-04",
- "id": 210,
+ "id": 211,
"link": "/entries/Clean.html",
"permalink": "/entries/Clean.html",
"shortname": "Clean",
"title": "Clean - An Abstract Imperative Programming Language and its Theory",
"topic_links": [
"computer-science/programming-languages",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Programming languages",
"Computer science/Semantics and reasoning"
],
"used_by": 0
},
{
"abstract": "Worst-case optimal multiway-join algorithms are recent seminal achievement of the database community. These algorithms compute the natural join of multiple relational databases and improve in the worst case over traditional query plan optimizations of nested binary joins. In 2014, \u003ca href=\"https://doi.org/10.1145/2590989.2590991\"\u003eNgo, Ré, and Rudra\u003c/a\u003e gave a unified presentation of different multi-way join algorithms. We formalized and proved correct their \"Generic Join\" algorithm and extended it to support negative joins.",
"authors": [
"Thibault Dardinier"
],
"date": "2019-09-16",
- "id": 211,
+ "id": 212,
"link": "/entries/Generic_Join.html",
"permalink": "/entries/Generic_Join.html",
"shortname": "Generic_Join",
"title": "Formalization of Multiway-Join Algorithms",
"topic_links": [
"computer-science/data-management-systems",
"computer-science/algorithms"
],
"topics": [
"Computer science/Data management systems",
"Computer science/Algorithms"
],
"used_by": 1
},
{
"abstract": "These components formalise a semantic framework for the deductive verification of hybrid systems. They support reasoning about continuous evolutions of hybrid programs in the style of differential dynamics logic. Vector fields or flows model these evolutions, and their verification is done with invariants for the former or orbits for the latter. Laws of modal Kleene algebra or categorical predicate transformers implement the verification condition generation. Examples show the approach at work.",
"authors": [
"Jonathan Julian Huerta y Munive"
],
"date": "2019-09-10",
- "id": 212,
+ "id": 213,
"link": "/entries/Hybrid_Systems_VCs.html",
"permalink": "/entries/Hybrid_Systems_VCs.html",
"shortname": "Hybrid_Systems_VCs",
"title": "Verification Components for Hybrid Systems",
"topic_links": [
"mathematics/algebra",
"mathematics/analysis"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "This development formalises the square integrable functions over the reals and the basics of Fourier series. It culminates with a proof that every well-behaved periodic function can be approximated by a Fourier series. The material is ported from HOL Light: https://github.com/jrh13/hol-light/blob/master/100/fourier.ml",
"authors": [
"Lawrence C. Paulson"
],
"date": "2019-09-06",
- "id": 213,
+ "id": 214,
"link": "/entries/Fourier.html",
"permalink": "/entries/Fourier.html",
"shortname": "Fourier",
"title": "Fourier Series",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "The focus of this case study is re-use in abstract algebra. It contains locale-based formalisations of selected parts of set, group and ring theory from Jacobson's \u003ci\u003eBasic Algebra\u003c/i\u003e leading to the respective fundamental homomorphism theorems. The study is not intended as a library base for abstract algebra. It rather explores an approach towards abstract algebra in Isabelle.",
"authors": [
"Clemens Ballarin"
],
"date": "2019-08-30",
- "id": 214,
+ "id": 215,
"link": "/entries/Jacobson_Basic_Algebra.html",
"permalink": "/entries/Jacobson_Basic_Algebra.html",
"shortname": "Jacobson_Basic_Algebra",
"title": "A Case Study in Basic Algebra",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 3
},
{
"abstract": "This entry provides a formalisation of a refinement of an adaptive state counting algorithm, used to test for reduction between finite state machines. The algorithm has been originally presented by Hierons in the paper \u003ca href=\"https://doi.org/10.1109/TC.2004.85\"\u003eTesting from a Non-Deterministic Finite State Machine Using Adaptive State Counting\u003c/a\u003e. Definitions for finite state machines and adaptive test cases are given and many useful theorems are derived from these. The algorithm is formalised using mutually recursive functions, for which it is proven that the generated test suite is sufficient to test for reduction against finite state machines of a certain fault domain. Additionally, the algorithm is specified in a simple WHILE-language and its correctness is shown using Hoare-logic.",
"authors": [
"Robert Sachtleben"
],
"date": "2019-08-16",
- "id": 215,
+ "id": 216,
"link": "/entries/Adaptive_State_Counting.html",
"permalink": "/entries/Adaptive_State_Counting.html",
"shortname": "Adaptive_State_Counting",
"title": "Formalisation of an Adaptive State Counting Algorithm",
"topic_links": [
"computer-science/automata-and-formal-languages",
"computer-science/algorithms"
],
"topics": [
"Computer science/Automata and formal languages",
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "This entry formalizes the Laplace transform and concrete Laplace transforms for arithmetic functions, frequency shift, integration and (higher) differentiation in the time domain. It proves Lerch's lemma and uniqueness of the Laplace transform for continuous functions. In order to formalize the foundational assumptions, this entry contains a formalization of piecewise continuous functions and functions of exponential order.",
"authors": [
"Fabian Immler"
],
"date": "2019-08-14",
- "id": 216,
+ "id": 217,
"link": "/entries/Laplace_Transform.html",
"permalink": "/entries/Laplace_Transform.html",
"shortname": "Laplace_Transform",
"title": "Laplace Transform",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "Communicating Concurrent Kleene Algebra (C²KA) is a mathematical framework for capturing the communicating and concurrent behaviour of agents in distributed systems. It extends Hoare et al.'s Concurrent Kleene Algebra (CKA) with communication actions through the notions of stimuli and shared environments. C²KA has applications in studying system-level properties of distributed systems such as safety, security, and reliability. In this work, we formalize results about C²KA and its application for distributed systems specification. We first formalize the stimulus structure and behaviour structure (CKA). Next, we combine them to formalize C²KA and its properties. Then, we formalize notions and properties related to the topology of distributed systems and the potential for communication via stimuli and via shared environments of agents, all within the algebraic setting of C²KA.",
"authors": [
"Maxime Buyse",
"Jason Jaskolka"
],
"date": "2019-08-06",
- "id": 217,
+ "id": 218,
"link": "/entries/C2KA_DistributedSystems.html",
"permalink": "/entries/C2KA_DistributedSystems.html",
"shortname": "C2KA_DistributedSystems",
"title": "Communicating Concurrent Kleene Algebra for Distributed Systems Specification",
"topic_links": [
"computer-science/automata-and-formal-languages",
"mathematics/algebra"
],
"topics": [
"Computer science/Automata and formal languages",
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "We use the previous formalization of the general simplex algorithm to formulate an algorithm for solving linear programs. We encode the linear programs using only linear constraints. Solving these constraints also solves the original linear program. This algorithm is proven to be sound by applying the weak duality theorem which is also part of this formalization.",
"authors": [
"Julian Parsert",
"Cezary Kaliszyk"
],
"date": "2019-08-06",
- "id": 218,
+ "id": 219,
"link": "/entries/Linear_Programming.html",
"permalink": "/entries/Linear_Programming.html",
"shortname": "Linear_Programming",
"title": "Linear Programming",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry contains formalisations of the answers to three of the six problem of the International Mathematical Olympiad 2019, namely Q1, Q4, and Q5.\u003c/p\u003e \u003cp\u003eThe reason why these problems were chosen is that they are particularly amenable to formalisation: they can be solved with minimal use of libraries. The remaining three concern geometry and graph theory, which, in the author's opinion, are more difficult to formalise resp. require a more complex library.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2019-08-05",
- "id": 219,
+ "id": 220,
"link": "/entries/IMO2019.html",
"permalink": "/entries/IMO2019.html",
"shortname": "IMO2019",
"title": "Selected Problems from the International Mathematical Olympiad 2019",
"topic_links": [
"mathematics/misc"
],
"topics": [
"Mathematics/Misc"
],
"used_by": 0
},
{
"abstract": "We formalize the static properties of personal Byzantine quorum systems (PBQSs) and Stellar quorum systems, as described in the paper ``Stellar Consensus by Reduction'' (to appear at DISC 2019).",
"authors": [
"Giuliano Losa"
],
"date": "2019-08-01",
- "id": 220,
+ "id": 221,
"link": "/entries/Stellar_Quorums.html",
"permalink": "/entries/Stellar_Quorums.html",
"shortname": "Stellar_Quorums",
"title": "Stellar Quorum Systems",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "The design of complex systems involves different formalisms for modeling their different parts or aspects. The global model of a system may therefore consist of a coordination of concurrent sub-models that use different paradigms. We develop here a theory for a language used to specify the timed coordination of such heterogeneous subsystems by addressing the following issues: \u003cul\u003e\u003cli\u003ethe behavior of the sub-systems is observed only at a series of discrete instants,\u003c/li\u003e\u003cli\u003eevents may occur in different sub-systems at unrelated times, leading to polychronous systems, which do not necessarily have a common base clock,\u003c/li\u003e\u003cli\u003ecoordination between subsystems involves causality, so the occurrence of an event may enforce the occurrence of other events, possibly after a certain duration has elapsed or an event has occurred a given number of times,\u003c/li\u003e\u003cli\u003ethe domain of time (discrete, rational, continuous...) may be different in the subsystems, leading to polytimed systems,\u003c/li\u003e\u003cli\u003ethe time frames of different sub-systems may be related (for instance, time in a GPS satellite and in a GPS receiver on Earth are related although they are not the same).\u003c/li\u003e\u003c/ul\u003e Firstly, a denotational semantics of the language is defined. Then, in order to be able to incrementally check the behavior of systems, an operational semantics is given, with proofs of progress, soundness and completeness with regard to the denotational semantics. These proofs are made according to a setup that can scale up when new operators are added to the language. In order for specifications to be composed in a clean way, the language should be invariant by stuttering (i.e., adding observation instants at which nothing happens). The proof of this invariance is also given.",
"authors": [
"Hai Nguyen Van",
"Frédéric Boulanger",
"Burkhart Wolff"
],
"date": "2019-07-30",
- "id": 221,
+ "id": 222,
"link": "/entries/TESL_Language.html",
"permalink": "/entries/TESL_Language.html",
"shortname": "TESL_Language",
"title": "A Formal Development of a Polychronous Polytimed Coordination Language",
"topic_links": [
"computer-science/system-description-languages",
"computer-science/semantics-and-reasoning",
"computer-science/concurrency"
],
"topics": [
"Computer science/System description languages",
"Computer science/Semantics and reasoning",
"Computer science/Concurrency"
],
"used_by": 0
},
{
"abstract": "This entry is concerned with the principle of order extension, i.e. the extension of an order relation to a total order relation. To this end, we prove a more general version of Szpilrajn's extension theorem employing terminology from the book \"Consistency, Choice, and Rationality\" by Bossert and Suzumura. We also formalize theorem 2.7 of their book.",
"authors": [
"Peter Zeller",
"Lukas Stevens"
],
"date": "2019-07-27",
- "id": 222,
+ "id": 223,
"link": "/entries/Szpilrajn.html",
"permalink": "/entries/Szpilrajn.html",
"shortname": "Szpilrajn",
"title": "Order Extension and Szpilrajn's Extension Theorem",
"topic_links": [
"mathematics/order"
],
"topics": [
"Mathematics/Order"
],
"used_by": 1
},
{
"abstract": "This work formalizes soundness and completeness of a one-sided sequent calculus for first-order logic. The completeness is shown via a translation from a complete semantic tableau calculus, the proof of which is based on the First-Order Logic According to Fitting theory. The calculi and proof techniques are taken from Ben-Ari's Mathematical Logic for Computer Science. Paper: \u003ca href=\"http://ceur-ws.org/Vol-3002/paper7.pdf\"\u003eceur-ws.org/Vol-3002/paper7.pdf\u003c/a\u003e.",
"authors": [
"Asta Halkjær From"
],
"date": "2019-07-18",
- "id": 223,
+ "id": 224,
"link": "/entries/FOL_Seq_Calc1.html",
"permalink": "/entries/FOL_Seq_Calc1.html",
"shortname": "FOL_Seq_Calc1",
"title": "A Sequent Calculus for First-Order Logic",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 1
},
{
"abstract": "This entry contains the formalization that accompanies my PhD thesis (see https://lars.hupel.info/research/codegen/). I develop a verified compilation toolchain from executable specifications in Isabelle/HOL to CakeML abstract syntax trees. This improves over the state-of-the-art in Isabelle by providing a trustworthy procedure for code generation.",
"authors": [
"Lars Hupel"
],
"date": "2019-07-08",
- "id": 224,
+ "id": 225,
"link": "/entries/CakeML_Codegen.html",
"permalink": "/entries/CakeML_Codegen.html",
"shortname": "CakeML_Codegen",
"title": "A Verified Code Generator from Isabelle/HOL to CakeML",
"topic_links": [
"computer-science/programming-languages/compiling",
"logic/rewriting"
],
"topics": [
"Computer science/Programming languages/Compiling",
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "A monitor is a runtime verification tool that solves the following problem: Given a stream of time-stamped events and a policy formulated in a specification language, decide whether the policy is satisfied at every point in the stream. We verify the correctness of an executable monitor for specifications given as formulas in metric first-order temporal logic (MFOTL), an expressive extension of linear temporal logic with real-time constraints and first-order quantification. The verified monitor implements a simplified variant of the algorithm used in the efficient MonPoly monitoring tool. The formalization is presented in a \u003ca href=\"https://doi.org/10.1007/978-3-030-32079-9_18\"\u003eRV 2019 paper\u003c/a\u003e, which also compares the output of the verified monitor to that of other monitoring tools on randomly generated inputs. This case study revealed several errors in the optimized but unverified tools.",
"authors": [
"Joshua Schneider",
"Dmitriy Traytel"
],
"date": "2019-07-04",
- "id": 225,
+ "id": 226,
"link": "/entries/MFOTL_Monitor.html",
"permalink": "/entries/MFOTL_Monitor.html",
"shortname": "MFOTL_Monitor",
"title": "Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic",
"topic_links": [
"computer-science/algorithms",
"logic/general-logic/temporal-logic",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Algorithms",
"Logic/General logic/Temporal logic",
"Computer science/Automata and formal languages"
],
"used_by": 2
},
{
"abstract": "We develop an Isabelle/HOL library of order-theoretic concepts, such as various completeness conditions and fixed-point theorems. We keep our formalization as general as possible: we reprove several well-known results about complete orders, often without any properties of ordering, thus complete non-orders. In particular, we generalize the Knaster–Tarski theorem so that we ensure the existence of a quasi-fixed point of monotone maps over complete non-orders, and show that the set of quasi-fixed points is complete under a mild condition—attractivity—which is implied by either antisymmetry or transitivity. This result generalizes and strengthens a result by Stauti and Maaden. Finally, we recover Kleene’s fixed-point theorem for omega-complete non-orders, again using attractivity to prove that Kleene’s fixed points are least quasi-fixed points.",
"authors": [
"Akihisa Yamada",
"Jérémy Dubut"
],
"date": "2019-06-27",
- "id": 226,
+ "id": 227,
"link": "/entries/Complete_Non_Orders.html",
"permalink": "/entries/Complete_Non_Orders.html",
"shortname": "Complete_Non_Orders",
"title": "Complete Non-Orders and Fixed Points",
"topic_links": [
"mathematics/order"
],
"topics": [
"Mathematics/Order"
],
"used_by": 0
},
{
"abstract": "We present a new, purely functional, simple and efficient data structure combining a search tree and a priority queue, which we call a \u003cem\u003epriority search tree\u003c/em\u003e. The salient feature of priority search trees is that they offer a decrease-key operation, something that is missing from other simple, purely functional priority queue implementations. Priority search trees can be implemented on top of any search tree. This entry does the implementation for red-black trees. This entry formalizes the first part of our ITP-2019 proof pearl \u003cem\u003ePurely Functional, Simple and Efficient Priority Search Trees and Applications to Prim and Dijkstra\u003c/em\u003e.",
"authors": [
"Peter Lammich",
"Tobias Nipkow"
],
"date": "2019-06-25",
- "id": 227,
+ "id": 228,
"link": "/entries/Priority_Search_Trees.html",
"permalink": "/entries/Priority_Search_Trees.html",
"shortname": "Priority_Search_Trees",
"title": "Priority Search Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "We verify purely functional, simple and efficient implementations of Prim's and Dijkstra's algorithms. This constitutes the first verification of an executable and even efficient version of Prim's algorithm. This entry formalizes the second part of our ITP-2019 proof pearl \u003cem\u003ePurely Functional, Simple and Efficient Priority Search Trees and Applications to Prim and Dijkstra\u003c/em\u003e.",
"authors": [
"Peter Lammich",
"Tobias Nipkow"
],
"date": "2019-06-25",
- "id": 228,
+ "id": 229,
"link": "/entries/Prim_Dijkstra_Simple.html",
"permalink": "/entries/Prim_Dijkstra_Simple.html",
"shortname": "Prim_Dijkstra_Simple",
"title": "Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "We formalize results about linear inqualities, mainly from Schrijver's book. The main results are the proof of the fundamental theorem on linear inequalities, Farkas' lemma, Carathéodory's theorem, the Farkas-Minkowsky-Weyl theorem, the decomposition theorem of polyhedra, and Meyer's result that the integer hull of a polyhedron is a polyhedron itself. Several theorems include bounds on the appearing numbers, and in particular we provide an a-priori bound on mixed-integer solutions of linear inequalities.",
"authors": [
"Ralph Bottesch",
"Alban Reynaud",
"René Thiemann"
],
"date": "2019-06-21",
- "id": 229,
+ "id": 230,
"link": "/entries/Linear_Inequalities.html",
"permalink": "/entries/Linear_Inequalities.html",
"shortname": "Linear_Inequalities",
"title": "Linear Inequalities",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "This entry formalizes Hilbert's Nullstellensatz, an important theorem in algebraic geometry that can be viewed as the generalization of the Fundamental Theorem of Algebra to multivariate polynomials: If a set of (multivariate) polynomials over an algebraically closed field has no common zero, then the ideal it generates is the entire polynomial ring. The formalization proves several equivalent versions of this celebrated theorem: the weak Nullstellensatz, the strong Nullstellensatz (connecting algebraic varieties and radical ideals), and the field-theoretic Nullstellensatz. The formalization follows Chapter 4.1. of \u003ca href=\"https://link.springer.com/book/10.1007/978-0-387-35651-8\"\u003eIdeals, Varieties, and Algorithms\u003c/a\u003e by Cox, Little and O'Shea.",
"authors": [
"Alexander Maletzky"
],
"date": "2019-06-16",
- "id": 230,
+ "id": 231,
"link": "/entries/Nullstellensatz.html",
"permalink": "/entries/Nullstellensatz.html",
"shortname": "Nullstellensatz",
"title": "Hilbert's Nullstellensatz",
"topic_links": [
"mathematics/algebra",
"mathematics/geometry"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "This entry formalizes the connection between Gröbner bases and Macaulay matrices (sometimes also referred to as `generalized Sylvester matrices'). In particular, it contains a method for computing Gröbner bases, which proceeds by first constructing some Macaulay matrix of the initial set of polynomials, then row-reducing this matrix, and finally converting the result back into a set of polynomials. The output is shown to be a Gröbner basis if the Macaulay matrix constructed in the first step is sufficiently large. In order to obtain concrete upper bounds on the size of the matrix (and hence turn the method into an effectively executable algorithm), Dubé's degree bounds on Gröbner bases are utilized; consequently, they are also part of the formalization.",
"authors": [
"Alexander Maletzky"
],
"date": "2019-06-15",
- "id": 231,
+ "id": 232,
"link": "/entries/Groebner_Macaulay.html",
"permalink": "/entries/Groebner_Macaulay.html",
"shortname": "Groebner_Macaulay",
"title": "Gröbner Bases, Macaulay Matrices and Dubé's Degree Bounds",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "In this submission array-based binary minimum heaps are formalized. The correctness of the following heap operations is proved: insert, get-min, delete-min and make-heap. These are then used to verify an in-place heapsort. The formalization is based on IMP2, an imperative program verification framework implemented in Isabelle/HOL. The verified heap functions are iterative versions of the partly recursive functions found in \"Algorithms and Data Structures – The Basic Toolbox\" by K. Mehlhorn and P. Sanders and \"Introduction to Algorithms\" by T. H. Cormen, C. E. Leiserson, R. L. Rivest and C. Stein.",
"authors": [
"Simon Griebel"
],
"date": "2019-06-13",
- "id": 232,
+ "id": 233,
"link": "/entries/IMP2_Binary_Heap.html",
"permalink": "/entries/IMP2_Binary_Heap.html",
"shortname": "IMP2_Binary_Heap",
"title": "Binary Heaps for IMP2",
"topic_links": [
"computer-science/data-structures",
"computer-science/algorithms"
],
"topics": [
"Computer science/Data structures",
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "This formalization provides differential game logic (dGL), a logic for proving properties of hybrid game. In addition to the syntax and semantics, it formalizes a uniform substitution calculus for dGL. Church's uniform substitutions substitute a term or formula for a function or predicate symbol everywhere. The uniform substitutions for dGL also substitute hybrid games for a game symbol everywhere. We prove soundness of one-pass uniform substitutions and the axioms of differential game logic with respect to their denotational semantics. One-pass uniform substitutions are faster by postponing soundness-critical admissibility checks with a linear pass homomorphic application and regain soundness by a variable condition at the replacements. The formalization is based on prior non-mechanized soundness proofs for dGL.",
"authors": [
"André Platzer"
],
"date": "2019-06-03",
- "id": 233,
+ "id": 234,
"link": "/entries/Differential_Game_Logic.html",
"permalink": "/entries/Differential_Game_Logic.html",
"shortname": "Differential_Game_Logic",
"title": "Differential Game Logic",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "This entry provides a formalization of multidimensional binary trees, also known as k-d trees. It includes a balanced build algorithm as well as the nearest neighbor algorithm and the range search algorithm. It is based on the papers \u003ca href=\"https://dl.acm.org/citation.cfm?doid=361002.361007\"\u003eMultidimensional binary search trees used for associative searching\u003c/a\u003e and \u003ca href=\"https://dl.acm.org/citation.cfm?doid=355744.355745\"\u003e An Algorithm for Finding Best Matches in Logarithmic Expected Time\u003c/a\u003e.",
"authors": [
"Martin Rau"
],
"date": "2019-05-30",
- "id": 234,
+ "id": 235,
"link": "/entries/KD_Tree.html",
"permalink": "/entries/KD_Tree.html",
"shortname": "KD_Tree",
"title": "Multidimensional Binary Search Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "Authenticated data structures are a technique for outsourcing data storage and maintenance to an untrusted server. The server is required to produce an efficiently checkable and cryptographically secure proof that it carried out precisely the requested computation. \u003ca href=\"https://doi.org/10.1145/2535838.2535851\"\u003eMiller et al.\u003c/a\u003e introduced \u0026lambda;\u0026bull; (pronounced \u003ci\u003elambda auth\u003c/i\u003e)\u0026mdash;a functional programming language with a built-in primitive authentication construct, which supports a wide range of user-specified authenticated data structures while guaranteeing certain correctness and security properties for all well-typed programs. We formalize \u0026lambda;\u0026bull; and prove its correctness and security properties. With Isabelle's help, we uncover and repair several mistakes in the informal proofs and lemma statements. Our findings are summarized in an \u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2019.10\"\u003eITP'19 paper\u003c/a\u003e.",
"authors": [
"Matthias Brun",
"Dmitriy Traytel"
],
"date": "2019-05-14",
- "id": 235,
+ "id": 236,
"link": "/entries/LambdaAuth.html",
"permalink": "/entries/LambdaAuth.html",
"shortname": "LambdaAuth",
"title": "Formalization of Generic Authenticated Data Structures",
"topic_links": [
"computer-science/security",
"computer-science/programming-languages/lambda-calculi"
],
"topics": [
"Computer science/Security",
"Computer science/Programming languages/Lambda calculi"
],
"used_by": 0
},
{
"abstract": "We use CryptHOL to consider Multi-Party Computation (MPC) protocols. MPC was first considered by Yao in 1983 and recent advances in efficiency and an increased demand mean it is now deployed in the real world. Security is considered using the real/ideal world paradigm. We first define security in the semi-honest security setting where parties are assumed not to deviate from the protocol transcript. In this setting we prove multiple Oblivious Transfer (OT) protocols secure and then show security for the gates of the GMW protocol. We then define malicious security, this is a stronger notion of security where parties are assumed to be fully corrupted by an adversary. In this setting we again consider OT, as it is a fundamental building block of almost all MPC protocols.",
"authors": [
"David Aspinall",
"David Butler"
],
"date": "2019-05-09",
- "id": 236,
+ "id": 237,
"link": "/entries/Multi_Party_Computation.html",
"permalink": "/entries/Multi_Party_Computation.html",
"shortname": "Multi_Party_Computation",
"title": "Multi-Party Computation",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This is a complete formalization of the work of Hoare and Roscoe on the denotational semantics of the Failure/Divergence Model of CSP. It follows essentially the presentation of CSP in Roscoe’s Book ”Theory and Practice of Concurrency” [8] and the semantic details in a joint Paper of Roscoe and Brooks ”An improved failures model for communicating processes\". The present work is based on a prior formalization attempt, called HOL-CSP 1.0, done in 1997 by H. Tej and B. Wolff with the Isabelle proof technology available at that time. This work revealed minor, but omnipresent foundational errors in key concepts like the process invariant. The present version HOL-CSP profits from substantially improved libraries (notably HOLCF), improved automated proof techniques, and structured proof techniques in Isar and is substantially shorter but more complete.",
"authors": [
"Safouan Taha",
"Lina Ye",
"Burkhart Wolff"
],
"date": "2019-04-26",
- "id": 237,
+ "id": 238,
"link": "/entries/HOL-CSP.html",
"permalink": "/entries/HOL-CSP.html",
"shortname": "HOL-CSP",
"title": "HOL-CSP Version 2.0",
"topic_links": [
"computer-science/concurrency/process-calculi",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Concurrency/Process calculi",
"Computer science/Semantics and reasoning"
],
"used_by": 1
},
{
"abstract": "We present a formalisation of the unified translation approach of linear temporal logic (LTL) into ω-automata from [1]. This approach decomposes LTL formulas into ``simple'' languages and allows a clear separation of concerns: first, we formalise the purely logical result yielding this decomposition; second, we instantiate this generic theory to obtain a construction for deterministic (state-based) Rabin automata (DRA). We extract from this particular instantiation an executable tool translating LTL to DRAs. To the best of our knowledge this is the first verified translation from LTL to DRAs that is proven to be double exponential in the worst case which asymptotically matches the known lower bound. \u003cp\u003e [1] Javier Esparza, Jan Kretínský, Salomon Sickert. One Theorem to Rule Them All: A Unified Translation of LTL into ω-Automata. LICS 2018",
"authors": [
"Benedikt Seidl",
"Salomon Sickert"
],
"date": "2019-04-16",
- "id": 238,
+ "id": 239,
"link": "/entries/LTL_Master_Theorem.html",
"permalink": "/entries/LTL_Master_Theorem.html",
"shortname": "LTL_Master_Theorem",
"title": "A Compositional and Unified Translation of LTL into ω-Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 1
},
{
"abstract": "We formalize a theory of syntax with bindings that has been developed and refined over the last decade to support several large formalization efforts. Terms are defined for an arbitrary number of constructors of varying numbers of inputs, quotiented to alpha-equivalence and sorted according to a binding signature. The theory includes many properties of the standard operators on terms: substitution, swapping and freshness. It also includes bindings-aware induction and recursion principles and support for semantic interpretation. This work has been presented in the ITP 2017 paper “A Formalized General Theory of Syntax with Bindings”.",
"authors": [
"Lorenzo Gheri",
"Andrei Popescu"
],
"date": "2019-04-06",
- "id": 239,
+ "id": 240,
"link": "/entries/Binding_Syntax_Theory.html",
"permalink": "/entries/Binding_Syntax_Theory.html",
"shortname": "Binding_Syntax_Theory",
"title": "A General Theory of Syntax with Bindings",
"topic_links": [
"computer-science/programming-languages/lambda-calculi",
"computer-science/functional-programming",
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Computer science/Programming languages/Lambda calculi",
"Computer science/Functional programming",
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "We formalize the proofs of two transcendence criteria by J. Hančl and P. Rucki that assert the transcendence of the sums of certain infinite series built up by sequences that fulfil certain properties. Both proofs make use of Roth's celebrated theorem on diophantine approximations to algebraic numbers from 1955 which we implement as an assumption without having formalised its proof.",
"authors": [
"Angeliki Koutsoukou-Argyraki",
"Wenda Li"
],
"date": "2019-03-27",
- "id": 240,
+ "id": 241,
"link": "/entries/Transcendence_Series_Hancl_Rucki.html",
"permalink": "/entries/Transcendence_Series_Hancl_Rucki.html",
"shortname": "Transcendence_Series_Hancl_Rucki",
"title": "The Transcendence of Certain Infinite Series",
"topic_links": [
"mathematics/analysis",
"mathematics/number-theory"
],
"topics": [
"Mathematics/Analysis",
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "We formalize quantum Hoare logic as given in [1]. In particular, we specify the syntax and denotational semantics of a simple model of quantum programs. Then, we write down the rules of quantum Hoare logic for partial correctness, and show the soundness and completeness of the resulting proof system. As an application, we verify the correctness of Grover’s algorithm.",
"authors": [
"Junyi Liu",
"Bohua Zhan",
"Shuling Wang",
"Shenggang Ying",
"Tao Liu",
"Yangjia Li",
"Mingsheng Ying",
"Naijun Zhan"
],
"date": "2019-03-24",
- "id": 241,
+ "id": 242,
"link": "/entries/QHLProver.html",
"permalink": "/entries/QHLProver.html",
"shortname": "QHLProver",
"title": "Quantum Hoare Logic",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Semantics and reasoning"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThe theory is a formalization of the \u003ca href=\"https://www.omg.org/spec/OCL/\"\u003eOCL\u003c/a\u003e type system, its abstract syntax and expression typing rules. The theory does not define a concrete syntax and a semantics. In contrast to \u003ca href=\"https://www.isa-afp.org/entries/Featherweight_OCL.html\"\u003eFeatherweight OCL\u003c/a\u003e, it is based on a deep embedding approach. The type system is defined from scratch, it is not based on the Isabelle HOL type system.\u003c/p\u003e \u003cp\u003eThe Safe OCL distincts nullable and non-nullable types. Also the theory gives a formal definition of \u003ca href=\"http://ceur-ws.org/Vol-1512/paper07.pdf\"\u003esafe navigation operations\u003c/a\u003e. The Safe OCL typing rules are much stricter than rules given in the OCL specification. It allows one to catch more errors on a type checking phase.\u003c/p\u003e \u003cp\u003eThe type theory presented is four-layered: classes, basic types, generic types, errorable types. We introduce the following new types: non-nullable types (T[1]), nullable types (T[?]), OclSuper. OclSuper is a supertype of all other types (basic types, collections, tuples). This type allows us to define a total supremum function, so types form an upper semilattice. It allows us to define rich expression typing rules in an elegant manner.\u003c/p\u003e \u003cp\u003eThe Preliminaries Chapter of the theory defines a number of helper lemmas for transitive closures and tuples. It defines also a generic object model independent from OCL. It allows one to use the theory as a reference for formalization of analogous languages.\u003c/p\u003e",
"authors": [
"Denis Nikiforov"
],
"date": "2019-03-09",
- "id": 242,
+ "id": 243,
"link": "/entries/Safe_OCL.html",
"permalink": "/entries/Safe_OCL.html",
"shortname": "Safe_OCL",
"title": "Safe OCL",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry is a formalisation of Chapter 4 (and parts of Chapter 3) of Apostol's \u003ca href=\"https://www.springer.com/de/book/9780387901633\"\u003e\u003cem\u003eIntroduction to Analytic Number Theory\u003c/em\u003e\u003c/a\u003e. The main topics that are addressed are properties of the distribution of prime numbers that can be shown in an elementary way (i.\u0026thinsp;e. without the Prime Number Theorem), the various equivalent forms of the PNT (which imply each other in elementary ways), and consequences that follow from the PNT in elementary ways. The latter include, most notably, asymptotic bounds for the number of distinct prime factors of \u003cem\u003en\u003c/em\u003e, the divisor function \u003cem\u003ed(n)\u003c/em\u003e, Euler's totient function \u003cem\u003e\u0026phi;(n)\u003c/em\u003e, and lcm(1,\u0026hellip;,\u003cem\u003en\u003c/em\u003e).\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2019-02-21",
- "id": 243,
+ "id": 244,
"link": "/entries/Prime_Distribution_Elementary.html",
"permalink": "/entries/Prime_Distribution_Elementary.html",
"shortname": "Prime_Distribution_Elementary",
"title": "Elementary Facts About the Distribution of Primes",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 3
},
{
"abstract": "This Isabelle/HOL formalization defines a greedy algorithm for finding a minimum weight basis on a weighted matroid and proves its correctness. This algorithm is an abstract version of Kruskal's algorithm. We interpret the abstract algorithm for the cycle matroid (i.e. forests in a graph) and refine it to imperative executable code using an efficient union-find data structure. Our formalization can be instantiated for different graph representations. We provide instantiations for undirected graphs and symmetric directed graphs.",
"authors": [
"Maximilian P. L. Haslbeck",
"Peter Lammich",
"Julian Biendarra"
],
"date": "2019-02-14",
- "id": 244,
+ "id": 245,
"link": "/entries/Kruskal.html",
"permalink": "/entries/Kruskal.html",
"shortname": "Kruskal",
"title": "Kruskal's Algorithm for Minimum Spanning Forest",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThe most efficient known primality tests are \u003cem\u003eprobabilistic\u003c/em\u003e in the sense that they use randomness and may, with some probability, mistakenly classify a composite number as prime \u0026ndash; but never a prime number as composite. Examples of this are the Miller\u0026ndash;Rabin test, the Solovay\u0026ndash;Strassen test, and (in most cases) Fermat's test.\u003c/p\u003e \u003cp\u003eThis entry defines these three tests and proves their correctness. It also develops some of the number-theoretic foundations, such as Carmichael numbers and the Jacobi symbol with an efficient executable algorithm to compute it.\u003c/p\u003e",
"authors": [
"Daniel Stüwe",
"Manuel Eberl"
],
"date": "2019-02-11",
- "id": 245,
+ "id": 246,
"link": "/entries/Probabilistic_Prime_Tests.html",
"permalink": "/entries/Probabilistic_Prime_Tests.html",
"shortname": "Probabilistic_Prime_Tests",
"title": "Probabilistic Primality Testing",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis entry formalises results from computability theory, for example recursive functions, undecidability of the halting problem, the existence of a universal Turing machine and so on. This formalisation is the AFP entry corresponding to the paper Mechanising Turing Machines and Computability Theory in Isabelle/HOL from ITP 2013. The main book used for this formalisation is by Boolos, Burgess, and Jeffrey on \u003ci\u003eComputability and Logic\u003c/i\u003e.\u003c/p\u003e \u003cp\u003eJoosten contributed by making the files ready for the AFP in 2019. His need for a formalisation of Turing Machines arose from realising that the current formalisation of saturation graphs (also in the AFP) was missing a key undecidability result present in his paper on \u003ci\u003eFinding models through graph saturation\u003c/i\u003e.\u003c/p\u003e \u003cp\u003eRegensburger contributed in 2022 by adding definitions for concepts like Turing Decidability, Turing Computability and Turing Reducibility for problem reduction. He also enhanced the result about the undecidability of the General Halting Problem given in the original AFP entry by first proving the undecidability of the Special Halting Problem and then proving its reducibility to the general problem. The original version of this AFP entry did only prove a weak form of the undecidability theorem. The main motivation behind this contribution is to make the AFP entry accessible for bachelor and master students.\u003c/p\u003e ",
"authors": [
"Jian Xu",
"Xingyuan Zhang",
"Christian Urban",
"Sebastiaan J. C. Joosten",
"Franz Regensburger"
],
"date": "2019-02-08",
- "id": 246,
+ "id": 247,
"link": "/entries/Universal_Turing_Machine.html",
"permalink": "/entries/Universal_Turing_Machine.html",
"shortname": "Universal_Turing_Machine",
"title": "Universal Turing Machine",
"topic_links": [
"logic/computability",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Logic/Computability",
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "Isabelle/UTP is a mechanised theory engineering toolkit based on Hoare and He’s Unifying Theories of Programming (UTP). UTP enables the creation of denotational, algebraic, and operational semantics for different programming languages using an alphabetised relational calculus. We provide a semantic embedding of the alphabetised relational calculus in Isabelle/HOL, including new type definitions, relational constructors, automated proof tactics, and accompanying algebraic laws. Isabelle/UTP can be used to both capture laws of programming for different languages, and put these fundamental theorems to work in the creation of associated verification tools, using calculi like Hoare logics. This document describes the relational core of the UTP in Isabelle/HOL.",
"authors": [
"Simon Foster",
"Frank Zeyda",
"Yakoub Nemouchi",
"Pedro Ribeiro",
"Burkhart Wolff"
],
"date": "2019-02-01",
- "id": 247,
+ "id": 248,
"link": "/entries/UTP.html",
"permalink": "/entries/UTP.html",
"shortname": "UTP",
"title": "Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry defines the set of \u003cem\u003einversions\u003c/em\u003e of a list, i.e. the pairs of indices that violate sortedness. It also proves the correctness of the well-known \u003cem\u003eO\u003c/em\u003e(\u003cem\u003en log n\u003c/em\u003e) divide-and-conquer algorithm to compute the number of inversions.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2019-02-01",
- "id": 248,
+ "id": 249,
"link": "/entries/List_Inversions.html",
"permalink": "/entries/List_Inversions.html",
"shortname": "List_Inversions",
"title": "The Inversions of a List",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "We formalize a proof of Motzkin's transposition theorem and Farkas' lemma in Isabelle/HOL. Our proof is based on the formalization of the simplex algorithm which, given a set of linear constraints, either returns a satisfying assignment to the problem or detects unsatisfiability. By reusing facts about the simplex algorithm we show that a set of linear constraints is unsatisfiable if and only if there is a linear combination of the constraints which evaluates to a trivially unsatisfiable inequality.",
"authors": [
"Ralph Bottesch",
"Max W. Haslbeck",
"René Thiemann"
],
"date": "2019-01-17",
- "id": 249,
+ "id": 250,
"link": "/entries/Farkas.html",
"permalink": "/entries/Farkas.html",
"shortname": "Farkas",
"title": "Farkas' Lemma and Motzkin's Transposition Theorem",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "In this formalization, I introduce a higher-order term algebra, generalizing the notions of free variables, matching, and substitution. The need arose from the work on a \u003ca href=\"http://dx.doi.org/10.1007/978-3-319-89884-1_35\"\u003everified compiler from Isabelle to CakeML\u003c/a\u003e. Terms can be thought of as consisting of a generic (free variables, constants, application) and a specific part. As example applications, this entry provides instantiations for de-Bruijn terms, terms with named variables, and \u003ca href=\"https://www.isa-afp.org/entries/Lambda_Free_RPOs.html\"\u003eBlanchette’s \u0026lambda;-free higher-order terms\u003c/a\u003e. Furthermore, I implement translation functions between de-Bruijn terms and named terms and prove their correctness.",
"authors": [
"Lars Hupel"
],
"date": "2019-01-15",
- "id": 250,
+ "id": 251,
"link": "/entries/Higher_Order_Terms.html",
"permalink": "/entries/Higher_Order_Terms.html",
"shortname": "Higher_Order_Terms",
"title": "An Algebra for Higher-Order Terms",
"topic_links": [
"computer-science/programming-languages/lambda-calculi"
],
"topics": [
"Computer science/Programming languages/Lambda calculi"
],
"used_by": 1
},
{
"abstract": "IMP2 is a simple imperative language together with Isabelle tooling to create a program verification environment in Isabelle/HOL. The tools include a C-like syntax, a verification condition generator, and Isabelle commands for the specification of programs. The framework is modular, i.e., it allows easy reuse of already proved programs within larger programs. This entry comes with a quickstart guide and a large collection of examples, spanning basic algorithms with simple proofs to more advanced algorithms and proof techniques like data refinement. Some highlights from the examples are: \u003cul\u003e \u003cli\u003eBisection Square Root, \u003c/li\u003e \u003cli\u003eExtended Euclid, \u003c/li\u003e \u003cli\u003eExponentiation by Squaring, \u003c/li\u003e \u003cli\u003eBinary Search, \u003c/li\u003e \u003cli\u003eInsertion Sort, \u003c/li\u003e \u003cli\u003eQuicksort, \u003c/li\u003e \u003cli\u003eDepth First Search. \u003c/li\u003e \u003c/ul\u003e The abstract syntax and semantics are very simple and well-documented. They are suitable to be used in a course, as extension to the IMP language which comes with the Isabelle distribution. While this entry is limited to a simple imperative language, the ideas could be extended to more sophisticated languages.",
"authors": [
"Peter Lammich",
"Simon Wimmer"
],
"date": "2019-01-15",
- "id": 251,
+ "id": 252,
"link": "/entries/IMP2.html",
"permalink": "/entries/IMP2.html",
"shortname": "IMP2",
"title": "IMP2 – Simple Program Verification in Isabelle/HOL",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/algorithms"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Algorithms"
],
"used_by": 1
},
{
"abstract": "When verifying a concurrent program, it is usual to assume that memory is sequentially consistent. However, most modern multiprocessors depend on store buffering for efficiency, and provide native sequential consistency only at a substantial performance penalty. To regain sequential consistency, a programmer has to follow an appropriate programming discipline. However, na\u0026iuml;ve disciplines, such as protecting all shared accesses with locks, are not flexible enough for building high-performance multiprocessor software. We present a new discipline for concurrent programming under TSO (total store order, with store buffer forwarding). It does not depend on concurrency primitives, such as locks. Instead, threads use ghost operations to acquire and release ownership of memory addresses. A thread can write to an address only if no other thread owns it, and can read from an address only if it owns it or it is shared and the thread has flushed its store buffer since it last wrote to an address it did not own. This discipline covers both coarse-grained concurrency (where data is protected by locks) as well as fine-grained concurrency (where atomic operations race to memory). We formalize this discipline in Isabelle/HOL, and prove that if every execution of a program in a system without store buffers follows the discipline, then every execution of the program with store buffers is sequentially consistent. Thus, we can show sequential consistency under TSO by ordinary assertional reasoning about the program, without having to consider store buffers at all.",
"authors": [
"Ernie Cohen",
"Norbert Schirmer"
],
"date": "2019-01-07",
- "id": 252,
+ "id": 253,
"link": "/entries/Store_Buffer_Reduction.html",
"permalink": "/entries/Store_Buffer_Reduction.html",
"shortname": "Store_Buffer_Reduction",
"title": "A Reduction Theorem for Store Buffers",
"topic_links": [
"computer-science/concurrency"
],
"topics": [
"Computer science/Concurrency"
],
"used_by": 0
},
{
"abstract": "In this AFP entry, we formalize the core of the Document Object Model (DOM). At its core, the DOM defines a tree-like data structure for representing documents in general and HTML documents in particular. It is the heart of any modern web browser. Formalizing the key concepts of the DOM is a prerequisite for the formal reasoning over client-side JavaScript programs and for the analysis of security concepts in modern web browsers. We present a formalization of the core DOM, with focus on the node-tree and the operations defined on node-trees, in Isabelle/HOL. We use the formalization to verify the functional correctness of the most important functions defined in the DOM standard. Moreover, our formalization is 1) extensible, i.e., can be extended without the need of re-proving already proven properties and 2) executable, i.e., we can generate executable code from our specification.",
"authors": [
"Achim D. Brucker",
"Michael Herzberg"
],
"date": "2018-12-26",
- "id": 253,
+ "id": 254,
"link": "/entries/Core_DOM.html",
"permalink": "/entries/Core_DOM.html",
"shortname": "Core_DOM",
"title": "A Formal Model of the Document Object Model",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "Concurrent revisions is a concurrency control model developed by Microsoft Research. It has many interesting properties that distinguish it from other well-known models such as transactional memory. One of these properties is \u003cem\u003edeterminacy\u003c/em\u003e: programs written within the model always produce the same outcome, independent of scheduling activity. The concurrent revisions model has an operational semantics, with an informal proof of determinacy. This document contains an Isabelle/HOL formalization of this semantics and the proof of determinacy.",
"authors": [
"Roy Overbeek"
],
"date": "2018-12-25",
- "id": 254,
+ "id": 255,
"link": "/entries/Concurrent_Revisions.html",
"permalink": "/entries/Concurrent_Revisions.html",
"shortname": "Concurrent_Revisions",
"title": "Formalization of Concurrent Revisions",
"topic_links": [
"computer-science/concurrency"
],
"topics": [
"Computer science/Concurrency"
],
"used_by": 0
},
{
"abstract": "This entry contains the application of auto2 to verifying functional and imperative programs. Algorithms and data structures that are verified include linked lists, binary search trees, red-black trees, interval trees, priority queue, quicksort, union-find, Dijkstra's algorithm, and a sweep-line algorithm for detecting rectangle intersection. The imperative verification is based on Imperative HOL and its separation logic framework. A major goal of this work is to set up automation in order to reduce the length of proof that the user needs to provide, both for verifying functional programs and for working with separation logic.",
"authors": [
"Bohua Zhan"
],
"date": "2018-12-21",
- "id": 255,
+ "id": 256,
"link": "/entries/Auto2_Imperative_HOL.html",
"permalink": "/entries/Auto2_Imperative_HOL.html",
"shortname": "Auto2_Imperative_HOL",
"title": "Verifying Imperative Programs using Auto2",
"topic_links": [
"computer-science/algorithms",
"computer-science/data-structures"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "Inspired by Abstract Cryptography, we extend CryptHOL, a framework for formalizing game-based proofs, with an abstract model of Random Systems and provide proof rules about their composition and equality. This foundation facilitates the formalization of Constructive Cryptography proofs, where the security of a cryptographic scheme is realized as a special form of construction in which a complex random system is built from simpler ones. This is a first step towards a fully-featured compositional framework, similar to Universal Composability framework, that supports formalization of simulation-based proofs.",
"authors": [
"Andreas Lochbihler",
"S. Reza Sefidgar"
],
"date": "2018-12-17",
- "id": 256,
+ "id": 257,
"link": "/entries/Constructive_Cryptography.html",
"permalink": "/entries/Constructive_Cryptography.html",
"shortname": "Constructive_Cryptography",
"title": "Constructive Cryptography in HOL",
"topic_links": [
"computer-science/security/cryptography",
"mathematics/probability-theory"
],
"topics": [
"Computer science/Security/Cryptography",
"Mathematics/Probability theory"
],
"used_by": 1
},
{
"abstract": "These components add further fundamental order and lattice-theoretic concepts and properties to Isabelle's libraries. They follow by and large the introductory sections of the Compendium of Continuous Lattices, covering directed and filtered sets, down-closed and up-closed sets, ideals and filters, Galois connections, closure and co-closure operators. Some emphasis is on duality and morphisms between structures, as in the Compendium. To this end, three ad-hoc approaches to duality are compared.",
"authors": [
"Georg Struth"
],
"date": "2018-12-11",
- "id": 257,
+ "id": 258,
"link": "/entries/Order_Lattice_Props.html",
"permalink": "/entries/Order_Lattice_Props.html",
"shortname": "Order_Lattice_Props",
"title": "Properties of Orderings and Lattices",
"topic_links": [
"mathematics/order"
],
"topics": [
"Mathematics/Order"
],
"used_by": 2
},
{
"abstract": "These mathematical components formalise basic properties of quantales, together with some important models, constructions, and concepts, including quantic nuclei and conuclei.",
"authors": [
"Georg Struth"
],
"date": "2018-12-11",
- "id": 258,
+ "id": 259,
"link": "/entries/Quantales.html",
"permalink": "/entries/Quantales.html",
"shortname": "Quantales",
"title": "Quantales",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "These mathematical components formalise predicate transformer semantics for programs, yet currently only for partial correctness and in the absence of faults. A first part for isotone (or monotone), Sup-preserving and Inf-preserving transformers follows Back and von Wright's approach, with additional emphasis on the quantalic structure of algebras of transformers. The second part develops Sup-preserving and Inf-preserving predicate transformers from the powerset monad, via its Kleisli category and Eilenberg-Moore algebras, with emphasis on adjunctions and dualities, as well as isomorphisms between relations, state transformers and predicate transformers.",
"authors": [
"Georg Struth"
],
"date": "2018-12-11",
- "id": 259,
+ "id": 260,
"link": "/entries/Transformer_Semantics.html",
"permalink": "/entries/Transformer_Semantics.html",
"shortname": "Transformer_Semantics",
"title": "Transformer Semantics",
"topic_links": [
"mathematics/algebra",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Mathematics/Algebra",
"Computer science/Semantics and reasoning"
],
"used_by": 1
},
{
"abstract": "This Isabelle/HOL formalization refines the abstract ordered resolution prover presented in Section 4.3 of Bachmair and Ganzinger's \"Resolution Theorem Proving\" chapter in the \u003ci\u003eHandbook of Automated Reasoning\u003c/i\u003e. The result is a functional implementation of a first-order prover.",
"authors": [
"Anders Schlichtkrull",
"Jasmin Christian Blanchette",
"Dmitriy Traytel"
],
"date": "2018-11-23",
- "id": 260,
+ "id": 261,
"link": "/entries/Functional_Ordered_Resolution_Prover.html",
"permalink": "/entries/Functional_Ordered_Resolution_Prover.html",
"shortname": "Functional_Ordered_Resolution_Prover",
"title": "A Verified Functional Implementation of Bachmair and Ganzinger's Ordered Resolution Prover",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "This is an Isabelle/HOL formalisation of graph saturation, closely following a \u003ca href=\"https://doi.org/10.1016/j.jlamp.2018.06.005\"\u003epaper by the author\u003c/a\u003e on graph saturation. Nine out of ten lemmas of the original paper are proven in this formalisation. The formalisation additionally includes two theorems that show the main premise of the paper: that consistency and entailment are decided through graph saturation. This formalisation does not give executable code, and it did not implement any of the optimisations suggested in the paper.",
"authors": [
"Sebastiaan J. C. Joosten"
],
"date": "2018-11-23",
- "id": 261,
+ "id": 262,
"link": "/entries/Graph_Saturation.html",
"permalink": "/entries/Graph_Saturation.html",
"shortname": "Graph_Saturation",
"title": "Graph Saturation",
"topic_links": [
"logic/rewriting",
"mathematics/graph-theory"
],
"topics": [
"Logic/Rewriting",
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "Auto2 is a saturation-based heuristic prover for higher-order logic, implemented as a tactic in Isabelle. This entry contains the instantiation of auto2 for Isabelle/HOL, along with two basic examples: solutions to some of the Pelletier’s problems, and elementary number theory of primes.",
"authors": [
"Bohua Zhan"
],
"date": "2018-11-20",
- "id": 262,
+ "id": 263,
"link": "/entries/Auto2_HOL.html",
"permalink": "/entries/Auto2_HOL.html",
"shortname": "Auto2_HOL",
"title": "Auto2 Prover",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis article defines the combinatorial structures known as \u003cem\u003eIndependence Systems\u003c/em\u003e and \u003cem\u003eMatroids\u003c/em\u003e and provides basic concepts and theorems related to them. These structures play an important role in combinatorial optimisation, e. g. greedy algorithms such as Kruskal's algorithm. The development is based on Oxley's \u003ca href=\"http://www.math.lsu.edu/~oxley/survey4.pdf\"\u003e`What is a Matroid?'\u003c/a\u003e.\u003c/p\u003e",
"authors": [
"Jonas Keinholz"
],
"date": "2018-11-16",
- "id": 263,
+ "id": 264,
"link": "/entries/Matroids.html",
"permalink": "/entries/Matroids.html",
"shortname": "Matroids",
"title": "Matroids",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eWe provide a framework for automatically deriving instances for generic type classes. Our approach is inspired by Haskell's \u003ci\u003egeneric-deriving\u003c/i\u003e package and Scala's \u003ci\u003eshapeless\u003c/i\u003e library. In addition to generating the code for type class functions, we also attempt to automatically prove type class laws for these instances. As of now, however, some manual proofs are still required for recursive datatypes.\u003c/p\u003e \u003cp\u003eNote: There are already articles in the AFP that provide automatic instantiation for a number of classes. Concretely, \u003ca href=\"https://www.isa-afp.org/entries/Deriving.html\"\u003eDeriving\u003c/a\u003e allows the automatic instantiation of comparators, linear orders, equality, and hashing. \u003ca href=\"https://www.isa-afp.org/entries/Show.html\"\u003eShow\u003c/a\u003e instantiates a Haskell-style \u003ci\u003eshow\u003c/i\u003e class.\u003c/p\u003e\u003cp\u003eOur approach works for arbitrary classes (with some Isabelle/HOL overhead for each class), but a smaller set of datatypes.\u003c/p\u003e",
"authors": [
"Jonas Rädle",
"Lars Hupel"
],
"date": "2018-11-06",
- "id": 264,
+ "id": 265,
"link": "/entries/Generic_Deriving.html",
"permalink": "/entries/Generic_Deriving.html",
"shortname": "Generic_Deriving",
"title": "Deriving generic class instances for datatypes",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "An ambitious ethical theory ---Alan Gewirth's \"Principle of Generic Consistency\"--- is encoded and analysed in Isabelle/HOL. Gewirth's theory has stirred much attention in philosophy and ethics and has been proposed as a potential means to bound the impact of artificial general intelligence.",
"authors": [
"David Fuenmayor",
"Christoph Benzmüller"
],
"date": "2018-10-30",
- "id": 265,
+ "id": 266,
"link": "/entries/GewirthPGCProof.html",
"permalink": "/entries/GewirthPGCProof.html",
"shortname": "GewirthPGCProof",
"title": "Formalisation and Evaluation of Alan Gewirth's Proof for the Principle of Generic Consistency in Isabelle/HOL",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "This work is a formalization of epistemic logic with countably many agents. It includes proofs of soundness and completeness for the axiom system K. The completeness proof is based on the textbook \"Reasoning About Knowledge\" by Fagin, Halpern, Moses and Vardi (MIT Press 1995). The extensions of system K (T, KB, K4, S4, S5) and their completeness proofs are based on the textbook \"Modal Logic\" by Blackburn, de Rijke and Venema (Cambridge University Press 2001). Papers: \u003ca href=\"https://doi.org/10.1007/978-3-030-88853-4_1\"\u003edoi.org/10.1007/978-3-030-88853-4_1\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/978-3-030-90138-7_2\"\u003edoi.org/10.1007/978-3-030-90138-7_2\u003c/a\u003e.",
"authors": [
"Asta Halkjær From"
],
"date": "2018-10-29",
- "id": 266,
+ "id": 267,
"link": "/entries/Epistemic_Logic.html",
"permalink": "/entries/Epistemic_Logic.html",
"shortname": "Epistemic_Logic",
"title": "Epistemic Logic: Completeness of Modal Logics",
"topic_links": [
"logic/general-logic/logics-of-knowledge-and-belief"
],
"topics": [
"Logic/General logic/Logics of knowledge and belief"
],
"used_by": 2
},
{
"abstract": "We formalize the definition and basic properties of smooth manifolds in Isabelle/HOL. Concepts covered include partition of unity, tangent and cotangent spaces, and the fundamental theorem of path integrals. We also examine some concrete manifolds such as spheres and projective spaces. The formalization makes extensive use of the analysis and linear algebra libraries in Isabelle/HOL, in particular its “types-to-sets” mechanism.",
"authors": [
"Fabian Immler",
"Bohua Zhan"
],
"date": "2018-10-22",
- "id": 267,
+ "id": 268,
"link": "/entries/Smooth_Manifolds.html",
"permalink": "/entries/Smooth_Manifolds.html",
"shortname": "Smooth_Manifolds",
"title": "Smooth Manifolds",
"topic_links": [
"mathematics/analysis",
"mathematics/topology"
],
"topics": [
"Mathematics/Analysis",
"Mathematics/Topology"
],
"used_by": 0
},
{
"abstract": "This Isabelle/HOL formalization defines the Embedding Path Order (EPO) for higher-order terms without lambda-abstraction and proves many useful properties about it. In contrast to the lambda-free recursive path orders, it does not fully coincide with RPO on first-order terms, but it is compatible with arbitrary higher-order contexts.",
"authors": [
"Alexander Bentkamp"
],
"date": "2018-10-19",
- "id": 268,
+ "id": 269,
"link": "/entries/Lambda_Free_EPO.html",
"permalink": "/entries/Lambda_Free_EPO.html",
"shortname": "Lambda_Free_EPO",
"title": "Formalization of the Embedding Path Order for Lambda-Free Higher-Order Terms",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis work is a formalisation of the Randomised Binary Search Trees introduced by Martínez and Roura, including definitions and correctness proofs.\u003c/p\u003e \u003cp\u003eLike randomised treaps, they are a probabilistic data structure that behaves exactly as if elements were inserted into a non-balancing BST in random order. However, unlike treaps, they only use discrete probability distributions, but their use of randomness is more complicated.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2018-10-19",
- "id": 269,
+ "id": 270,
"link": "/entries/Randomised_BSTs.html",
"permalink": "/entries/Randomised_BSTs.html",
"shortname": "Randomised_BSTs",
"title": "Randomised Binary Search Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "A completeness threshold is required to guarantee the completeness of planning as satisfiability, and bounded model checking of safety properties. One valid completeness threshold is the diameter of the underlying transition system. The diameter is the maximum element in the set of lengths of all shortest paths between pairs of states. The diameter is not calculated exactly in our setting, where the transition system is succinctly described using a (propositionally) factored representation. Rather, an upper bound on the diameter is calculated compositionally, by bounding the diameters of small abstract subsystems, and then composing those. We port a HOL4 formalisation of a compositional algorithm for computing a relatively tight upper bound on the system diameter. This compositional algorithm exploits acyclicity in the state space to achieve compositionality, and it was introduced by Abdulaziz et. al. The formalisation that we port is described as a part of another paper by Abdulaziz et. al. As a part of this porting we developed a libray about transition systems, which shall be of use in future related mechanisation efforts.",
"authors": [
"Friedrich Kurz",
"Mohammad Abdulaziz"
],
"date": "2018-10-12",
- "id": 270,
+ "id": 271,
"link": "/entries/Factored_Transition_System_Bounding.html",
"permalink": "/entries/Factored_Transition_System_Bounding.html",
"shortname": "Factored_Transition_System_Bounding",
"title": "Upper Bounding Diameters of State Spaces of Factored Transition Systems",
"topic_links": [
"computer-science/automata-and-formal-languages",
"mathematics/graph-theory"
],
"topics": [
"Computer science/Automata and formal languages",
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry shows the transcendence of \u0026pi; based on the classic proof using the fundamental theorem of symmetric polynomials first given by von Lindemann in 1882, but the formalisation mostly follows the version by Niven. The proof reuses much of the machinery developed in the AFP entry on the transcendence of \u003cem\u003ee\u003c/em\u003e.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2018-09-28",
- "id": 271,
+ "id": 272,
"link": "/entries/Pi_Transcendental.html",
"permalink": "/entries/Pi_Transcendental.html",
"shortname": "Pi_Transcendental",
"title": "The Transcendence of π",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eA symmetric polynomial is a polynomial in variables \u003cem\u003eX\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;,\u003cem\u003eX\u003c/em\u003e\u003csub\u003en\u003c/sub\u003e that does not discriminate between its variables, i.\u0026thinsp;e. it is invariant under any permutation of them. These polynomials are important in the study of the relationship between the coefficients of a univariate polynomial and its roots in its algebraic closure.\u003c/p\u003e \u003cp\u003eThis article provides a definition of symmetric polynomials and the elementary symmetric polynomials e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;,e\u003csub\u003en\u003c/sub\u003e and proofs of their basic properties, including three notable ones:\u003c/p\u003e \u003cul\u003e \u003cli\u003e Vieta's formula, which gives an explicit expression for the \u003cem\u003ek\u003c/em\u003e-th coefficient of a univariate monic polynomial in terms of its roots \u003cem\u003ex\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;,\u003cem\u003ex\u003c/em\u003e\u003csub\u003en\u003c/sub\u003e, namely \u003cem\u003ec\u003c/em\u003e\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e = (-1)\u003csup\u003e\u003cem\u003en\u003c/em\u003e-\u003cem\u003ek\u003c/em\u003e\u003c/sup\u003e\u0026thinsp;e\u003csub\u003e\u003cem\u003en\u003c/em\u003e-\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e(\u003cem\u003ex\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;,\u003cem\u003ex\u003c/em\u003e\u003csub\u003en\u003c/sub\u003e).\u003c/li\u003e \u003cli\u003eSecond, the Fundamental Theorem of Symmetric Polynomials, which states that any symmetric polynomial is itself a uniquely determined polynomial combination of the elementary symmetric polynomials.\u003c/li\u003e \u003cli\u003eThird, as a corollary of the previous two, that given a polynomial over some ring \u003cem\u003eR\u003c/em\u003e, any symmetric polynomial combination of its roots is also in \u003cem\u003eR\u003c/em\u003e even when the roots are not. \u003c/ul\u003e \u003cp\u003e Both the symmetry property itself and the witness for the Fundamental Theorem are executable. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2018-09-25",
- "id": 272,
+ "id": 273,
"link": "/entries/Symmetric_Polynomials.html",
"permalink": "/entries/Symmetric_Polynomials.html",
"shortname": "Symmetric_Polynomials",
"title": "Symmetric Polynomials",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eThis article formalizes signature-based algorithms for computing Gr\u0026ouml;bner bases. Such algorithms are, in general, superior to other algorithms in terms of efficiency, and have not been formalized in any proof assistant so far. The present development is both generic, in the sense that most known variants of signature-based algorithms are covered by it, and effectively executable on concrete input thanks to Isabelle's code generator. Sample computations of benchmark problems show that the verified implementation of signature-based algorithms indeed outperforms the existing implementation of Buchberger's algorithm in Isabelle/HOL.\u003c/p\u003e \u003cp\u003eBesides total correctness of the algorithms, the article also proves that under certain conditions they a-priori detect and avoid all useless zero-reductions, and always return 'minimal' (in some sense) Gr\u0026ouml;bner bases if an input parameter is chosen in the right way.\u003c/p\u003e\u003cp\u003eThe formalization follows the recent survey article by Eder and Faug\u0026egrave;re.\u003c/p\u003e",
"authors": [
"Alexander Maletzky"
],
"date": "2018-09-20",
- "id": 273,
+ "id": 274,
"link": "/entries/Signature_Groebner.html",
"permalink": "/entries/Signature_Groebner.html",
"shortname": "Signature_Groebner",
"title": "Signature-Based Gröbner Basis Algorithms",
"topic_links": [
"mathematics/algebra",
"computer-science/algorithms/mathematical"
],
"topics": [
"Mathematics/Algebra",
"Computer science/Algorithms/Mathematical"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article provides a short proof of the Prime Number Theorem in several equivalent forms, most notably \u0026pi;(\u003cem\u003ex\u003c/em\u003e) ~ \u003cem\u003ex\u003c/em\u003e/ln \u003cem\u003ex\u003c/em\u003e where \u0026pi;(\u003cem\u003ex\u003c/em\u003e) is the number of primes no larger than \u003cem\u003ex\u003c/em\u003e. It also defines other basic number-theoretic functions related to primes like Chebyshev's functions \u0026thetasym; and \u0026psi; and the \u0026ldquo;\u003cem\u003en\u003c/em\u003e-th prime number\u0026rdquo; function p\u003csub\u003e\u003cem\u003en\u003c/em\u003e\u003c/sub\u003e. We also show various bounds and relationship between these functions are shown. Lastly, we derive Mertens' First and Second Theorem, i.\u0026thinsp;e. \u0026sum;\u003csub\u003e\u003cem\u003ep\u003c/em\u003e\u0026le;\u003cem\u003ex\u003c/em\u003e\u003c/sub\u003e ln \u003cem\u003ep\u003c/em\u003e/\u003cem\u003ep\u003c/em\u003e = ln \u003cem\u003ex\u003c/em\u003e + \u003cem\u003eO\u003c/em\u003e(1) and \u0026sum;\u003csub\u003e\u003cem\u003ep\u003c/em\u003e\u0026le;\u003cem\u003ex\u003c/em\u003e\u003c/sub\u003e 1/\u003cem\u003ep\u003c/em\u003e = ln ln \u003cem\u003ex\u003c/em\u003e + M + \u003cem\u003eO\u003c/em\u003e(1/ln \u003cem\u003ex\u003c/em\u003e). We also give explicit bounds for the remainder terms.\u003c/p\u003e \u003cp\u003eThe proof of the Prime Number Theorem builds on a library of Dirichlet series and analytic combinatorics. We essentially follow the presentation by Newman. The core part of the proof is a Tauberian theorem for Dirichlet series, which is proven using complex analysis and then used to strengthen Mertens' First Theorem to \u0026sum;\u003csub\u003e\u003cem\u003ep\u003c/em\u003e\u0026le;\u003cem\u003ex\u003c/em\u003e\u003c/sub\u003e ln \u003cem\u003ep\u003c/em\u003e/\u003cem\u003ep\u003c/em\u003e = ln \u003cem\u003ex\u003c/em\u003e + c + \u003cem\u003eo\u003c/em\u003e(1).\u003c/p\u003e \u003cp\u003eA variant of this proof has been formalised before by Harrison in HOL Light, and formalisations of Selberg's elementary proof exist both by Avigad \u003cem\u003eet al.\u003c/em\u003e in Isabelle and by Carneiro in Metamath. The advantage of the analytic proof is that, while it requires more powerful mathematical tools, it is considerably shorter and clearer. This article attempts to provide a short and clear formalisation of all components of that proof using the full range of mathematical machinery available in Isabelle, staying as close as possible to Newman's simple paper proof.\u003c/p\u003e",
"authors": [
"Manuel Eberl",
"Lawrence C. Paulson"
],
"date": "2018-09-19",
- "id": 274,
+ "id": 275,
"link": "/entries/Prime_Number_Theorem.html",
"permalink": "/entries/Prime_Number_Theorem.html",
"shortname": "Prime_Number_Theorem",
"title": "The Prime Number Theorem",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 4
},
{
"abstract": "We develop algebras for aggregation and minimisation for weight matrices and for edge weights in graphs. We verify the correctness of Prim's and Kruskal's minimum spanning tree algorithms based on these algebras. We also show numerous instances of these algebras based on linearly ordered commutative semigroups.",
"authors": [
"Walter Guttmann"
],
"date": "2018-09-15",
- "id": 275,
+ "id": 276,
"link": "/entries/Aggregation_Algebras.html",
"permalink": "/entries/Aggregation_Algebras.html",
"shortname": "Aggregation_Algebras",
"title": "Aggregation Algebras",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "We develop the basic theory of Octonions, including various identities and properties of the octonions and of the octonionic product, a description of 7D isometries and representations of orthogonal transformations. To this end we first develop the theory of the vector cross product in 7 dimensions. The development of the theory of Octonions is inspired by that of the theory of Quaternions by Lawrence Paulson. However, we do not work within the type class real_algebra_1 because the octonionic product is not associative.",
"authors": [
"Angeliki Koutsoukou-Argyraki"
],
"date": "2018-09-14",
- "id": 276,
+ "id": 277,
"link": "/entries/Octonions.html",
"permalink": "/entries/Octonions.html",
"shortname": "Octonions",
"title": "Octonions",
"topic_links": [
"mathematics/algebra",
"mathematics/geometry"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "This theory is inspired by the HOL Light development of quaternions, but follows its own route. Quaternions are developed coinductively, as in the existing formalisation of the complex numbers. Quaternions are quickly shown to belong to the type classes of real normed division algebras and real inner product spaces. And therefore they inherit a great body of facts involving algebraic laws, limits, continuity, etc., which must be proved explicitly in the HOL Light version. The development concludes with the geometric interpretation of the product of imaginary quaternions.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2018-09-05",
- "id": 277,
+ "id": 278,
"link": "/entries/Quaternions.html",
"permalink": "/entries/Quaternions.html",
"shortname": "Quaternions",
"title": "Quaternions",
"topic_links": [
"mathematics/algebra",
"mathematics/geometry"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "This entry is mainly about counting and approximating real roots (of a polynomial) with multiplicity. We have first formalised the Budan-Fourier theorem: given a polynomial with real coefficients, we can calculate sign variations on Fourier sequences to over-approximate the number of real roots (counting multiplicity) within an interval. When all roots are known to be real, the over-approximation becomes tight: we can utilise this theorem to count real roots exactly. It is also worth noting that Descartes' rule of sign is a direct consequence of the Budan-Fourier theorem, and has been included in this entry. In addition, we have extended previous formalised Sturm's theorem to count real roots with multiplicity, while the original Sturm's theorem only counts distinct real roots. Compared to the Budan-Fourier theorem, our extended Sturm's theorem always counts roots exactly but may suffer from greater computational cost.",
"authors": [
"Wenda Li"
],
"date": "2018-09-02",
- "id": 278,
+ "id": 279,
"link": "/entries/Budan_Fourier.html",
"permalink": "/entries/Budan_Fourier.html",
"shortname": "Budan_Fourier",
"title": "The Budan-Fourier Theorem and Counting Real Roots with Multiplicity",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 2
},
{
"abstract": "We present an Isabelle/HOL formalization and total correctness proof for the incremental version of the Simplex algorithm which is used in most state-of-the-art SMT solvers. It supports extraction of satisfying assignments, extraction of minimal unsatisfiable cores, incremental assertion of constraints and backtracking. The formalization relies on stepwise program refinement, starting from a simple specification, going through a number of refinement steps, and ending up in a fully executable functional implementation. Symmetries present in the algorithm are handled with special care.",
"authors": [
"Filip Marić",
"Mirko Spasić",
"René Thiemann"
],
"date": "2018-08-24",
- "id": 279,
+ "id": 280,
"link": "/entries/Simplex.html",
"permalink": "/entries/Simplex.html",
"shortname": "Simplex",
"title": "An Incremental Simplex Algorithm with Unsatisfiable Core Generation",
"topic_links": [
"computer-science/algorithms/optimization"
],
"topics": [
"Computer science/Algorithms/Optimization"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e We formalize undecidablity results for Minsky machines. To this end, we also formalize recursive inseparability. \u003c/p\u003e\u003cp\u003e We start by proving that Minsky machines can compute arbitrary primitive recursive and recursive functions. We then show that there is a deterministic Minsky machine with one argument and two final states such that the set of inputs that are accepted in one state is recursively inseparable from the set of inputs that are accepted in the other state. \u003c/p\u003e\u003cp\u003e As a corollary, the set of Minsky configurations that reach the first state but not the second recursively inseparable from the set of Minsky configurations that reach the second state but not the first. In particular both these sets are undecidable. \u003c/p\u003e\u003cp\u003e We do \u003cem\u003enot\u003c/em\u003e prove that recursive functions can simulate Minsky machines. \u003c/p\u003e",
"authors": [
"Bertram Felgenhauer"
],
"date": "2018-08-14",
- "id": 280,
+ "id": 281,
"link": "/entries/Minsky_Machines.html",
"permalink": "/entries/Minsky_Machines.html",
"shortname": "Minsky_Machines",
"title": "Minsky Machines",
"topic_links": [
"logic/computability"
],
"topics": [
"Logic/Computability"
],
"used_by": 0
},
{
"abstract": "We have formalized the computation of fair prices for derivative products in discrete financial models. As an application, we derive a way to compute fair prices of derivative products in the Cox-Ross-Rubinstein model of a financial market, thus completing the work that was presented in this \u003ca href=\"https://hal.archives-ouvertes.fr/hal-01562944\"\u003epaper\u003c/a\u003e.",
"authors": [
"Mnacho Echenim"
],
"date": "2018-07-16",
- "id": 281,
+ "id": 282,
"link": "/entries/DiscretePricing.html",
"permalink": "/entries/DiscretePricing.html",
"shortname": "DiscretePricing",
"title": "Pricing in discrete financial models",
"topic_links": [
"mathematics/probability-theory",
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Probability theory",
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "Utility functions form an essential part of game theory and economics. In order to guarantee the existence of utility functions most of the time sufficient properties are assumed in an axiomatic manner. One famous and very common set of such assumptions is that of expected utility theory. Here, the rationality, continuity, and independence of preferences is assumed. The von-Neumann-Morgenstern Utility theorem shows that these assumptions are necessary and sufficient for an expected utility function to exists. This theorem was proven by Neumann and Morgenstern in ``Theory of Games and Economic Behavior'' which is regarded as one of the most influential works in game theory. The formalization includes formal definitions of the underlying concepts including continuity and independence of preferences.",
"authors": [
"Julian Parsert",
"Cezary Kaliszyk"
],
"date": "2018-07-04",
- "id": 282,
+ "id": 283,
"link": "/entries/Neumann_Morgenstern_Utility.html",
"permalink": "/entries/Neumann_Morgenstern_Utility.html",
"shortname": "Neumann_Morgenstern_Utility",
"title": "Von-Neumann-Morgenstern Utility Theorem",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e This article gives the basic theory of Pell's equation \u003cem\u003ex\u003c/em\u003e\u003csup\u003e2\u003c/sup\u003e = 1 + \u003cem\u003eD\u003c/em\u003e\u0026thinsp;\u003cem\u003ey\u003c/em\u003e\u003csup\u003e2\u003c/sup\u003e, where \u003cem\u003eD\u003c/em\u003e\u0026thinsp;\u0026isin;\u0026thinsp;\u0026#8469; is a parameter and \u003cem\u003ex\u003c/em\u003e, \u003cem\u003ey\u003c/em\u003e are integer variables. \u003c/p\u003e \u003cp\u003e The main result that is proven is the following: If \u003cem\u003eD\u003c/em\u003e is not a perfect square, then there exists a \u003cem\u003efundamental solution\u003c/em\u003e (\u003cem\u003ex\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e, \u003cem\u003ey\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e) that is not the trivial solution (1, 0) and which generates all other solutions (\u003cem\u003ex\u003c/em\u003e, \u003cem\u003ey\u003c/em\u003e) in the sense that there exists some \u003cem\u003en\u003c/em\u003e\u0026thinsp;\u0026isin;\u0026thinsp;\u0026#8469; such that |\u003cem\u003ex\u003c/em\u003e| + |\u003cem\u003ey\u003c/em\u003e|\u0026thinsp;\u0026radic;\u003cspan style=\"text-decoration: overline\"\u003e\u003cem\u003eD\u003c/em\u003e\u003c/span\u003e = (\u003cem\u003ex\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e + \u003cem\u003ey\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e\u0026thinsp;\u0026radic;\u003cspan style=\"text-decoration: overline\"\u003e\u003cem\u003eD\u003c/em\u003e\u003c/span\u003e)\u003csup\u003e\u003cem\u003en\u003c/em\u003e\u003c/sup\u003e. This also implies that the set of solutions is infinite, and it gives us an explicit and executable characterisation of all the solutions. \u003c/p\u003e \u003cp\u003e Based on this, simple executable algorithms for computing the fundamental solution and the infinite sequence of all non-negative solutions are also provided. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2018-06-23",
- "id": 283,
+ "id": 284,
"link": "/entries/Pell.html",
"permalink": "/entries/Pell.html",
"shortname": "Pell",
"title": "Pell's Equation",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "We formalize the basics of projective geometry. In particular, we give a proof of the so-called Hessenberg's theorem in projective plane geometry. We also provide a proof of the so-called Desargues's theorem based on an axiomatization of (higher) projective space geometry using the notion of rank of a matroid. This last approach allows to handle incidence relations in an homogeneous way dealing only with points and without the need of talking explicitly about lines, planes or any higher entity.",
"authors": [
"Anthony Bordg"
],
"date": "2018-06-14",
- "id": 284,
+ "id": 285,
"link": "/entries/Projective_Geometry.html",
"permalink": "/entries/Projective_Geometry.html",
"shortname": "Projective_Geometry",
"title": "Projective Geometry",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "We formalize the localization of a commutative ring R with respect to a multiplicative subset (i.e. a submonoid of R seen as a multiplicative monoid). This localization is itself a commutative ring and we build the natural homomorphism of rings from R to its localization.",
"authors": [
"Anthony Bordg"
],
"date": "2018-06-14",
- "id": 285,
+ "id": 286,
"link": "/entries/Localization_Ring.html",
"permalink": "/entries/Localization_Ring.html",
"shortname": "Localization_Ring",
"title": "The Localization of a Commutative Ring",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "This entry provides a formalization of the abstract theory of ample set partial order reduction. The formalization includes transition systems with actions, trace theory, as well as basics on finite, infinite, and lazy sequences. We also provide a basic framework for static analysis on concurrent systems with respect to the ample set condition.",
"authors": [
"Julian Brunner"
],
"date": "2018-06-05",
- "id": 286,
+ "id": 287,
"link": "/entries/Partial_Order_Reduction.html",
"permalink": "/entries/Partial_Order_Reduction.html",
"shortname": "Partial_Order_Reduction",
"title": "Partial Order Reduction",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 1
},
{
"abstract": "This article formalizes recursive algorithms for the construction of optimal binary search trees given fixed access frequencies. We follow Knuth (1971), Yao (1980) and Mehlhorn (1984). The algorithms are memoized with the help of the AFP article \u003ca href=\"Monad_Memo_DP.html\"\u003eMonadification, Memoization and Dynamic Programming\u003c/a\u003e, thus yielding dynamic programming algorithms.",
"authors": [
"Tobias Nipkow",
"Dániel Somogyi"
],
"date": "2018-05-27",
- "id": 287,
+ "id": 288,
"link": "/entries/Optimal_BST.html",
"permalink": "/entries/Optimal_BST.html",
"shortname": "Optimal_BST",
"title": "Optimal Binary Search Trees",
"topic_links": [
"computer-science/algorithms",
"computer-science/data-structures"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "This entry contains a formalization of hidden Markov models [3] based on Johannes Hölzl's formalization of discrete time Markov chains [1]. The basic definitions are provided and the correctness of two main (dynamic programming) algorithms for hidden Markov models is proved: the forward algorithm for computing the likelihood of an observed sequence, and the Viterbi algorithm for decoding the most probable hidden state sequence. The Viterbi algorithm is made executable including memoization. Hidden markov models have various applications in natural language processing. For an introduction see Jurafsky and Martin [2].",
"authors": [
"Simon Wimmer"
],
"date": "2018-05-25",
- "id": 288,
+ "id": 289,
"link": "/entries/Hidden_Markov_Models.html",
"permalink": "/entries/Hidden_Markov_Models.html",
"shortname": "Hidden_Markov_Models",
"title": "Hidden Markov Models",
"topic_links": [
"mathematics/probability-theory",
"computer-science/algorithms"
],
"topics": [
"Mathematics/Probability theory",
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "We present a formalization of probabilistic timed automata (PTA) for which we try to follow the formula MDP + TA = PTA as far as possible: our work starts from our existing formalizations of Markov decision processes (MDP) and timed automata (TA) and combines them modularly. We prove the fundamental result for probabilistic timed automata: the region construction that is known from timed automata carries over to the probabilistic setting. In particular, this allows us to prove that minimum and maximum reachability probabilities can be computed via a reduction to MDP model checking, including the case where one wants to disregard unrealizable behavior. Further information can be found in our ITP paper [2].",
"authors": [
"Simon Wimmer",
"Johannes Hölzl"
],
"date": "2018-05-24",
- "id": 289,
+ "id": 290,
"link": "/entries/Probabilistic_Timed_Automata.html",
"permalink": "/entries/Probabilistic_Timed_Automata.html",
"shortname": "Probabilistic_Timed_Automata",
"title": "Probabilistic Timed Automata",
"topic_links": [
"mathematics/probability-theory",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Mathematics/Probability theory",
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "This document provides a concise overview on the core results of our previous work on the exploration of axioms systems for category theory. Extending the previous studies (http://arxiv.org/abs/1609.01493) we include one further axiomatic theory in our experiments. This additional theory has been suggested by Mac Lane in 1948. We show that the axioms proposed by Mac Lane are equivalent to the ones we studied before, which includes an axioms set suggested by Scott in the 1970s and another axioms set proposed by Freyd and Scedrov in 1990, which we slightly modified to remedy a minor technical issue.",
"authors": [
"Christoph Benzmüller",
"Dana Scott"
],
"date": "2018-05-23",
- "id": 290,
+ "id": 291,
"link": "/entries/AxiomaticCategoryTheory.html",
"permalink": "/entries/AxiomaticCategoryTheory.html",
"shortname": "AxiomaticCategoryTheory",
"title": "Axiom Systems for Category Theory in Free Logic",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 0
},
{
"abstract": "We formalize with Isabelle/HOL a proof of a theorem by J. Hancl asserting the irrationality of the sum of a series consisting of rational numbers, built up by sequences that fulfill certain properties. Even though the criterion is a number theoretic result, the proof makes use only of analytical arguments. We also formalize a corollary of the theorem for a specific series fulfilling the assumptions of the theorem.",
"authors": [
"Angeliki Koutsoukou-Argyraki",
"Wenda Li"
],
"date": "2018-05-23",
- "id": 291,
+ "id": 292,
"link": "/entries/Irrationality_J_Hancl.html",
"permalink": "/entries/Irrationality_J_Hancl.html",
"shortname": "Irrationality_J_Hancl",
"title": "Irrational Rapidly Convergent Series",
"topic_links": [
"mathematics/number-theory",
"mathematics/analysis"
],
"topics": [
"Mathematics/Number theory",
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "We present a lightweight framework for the automatic verified (functional or imperative) memoization of recursive functions. Our tool can turn a pure Isabelle/HOL function definition into a monadified version in a state monad or the Imperative HOL heap monad, and prove a correspondence theorem. We provide a variety of memory implementations for the two types of monads. A number of simple techniques allow us to achieve bottom-up computation and space-efficient memoization. The framework’s utility is demonstrated on a number of representative dynamic programming problems. A detailed description of our work can be found in the accompanying paper [2].",
"authors": [
"Simon Wimmer",
"Shuwei Hu",
"Tobias Nipkow"
],
"date": "2018-05-22",
- "id": 292,
+ "id": 293,
"link": "/entries/Monad_Memo_DP.html",
"permalink": "/entries/Monad_Memo_DP.html",
"shortname": "Monad_Memo_DP",
"title": "Monadification, Memoization and Dynamic Programming",
"topic_links": [
"computer-science/algorithms",
"computer-science/functional-programming"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Functional programming"
],
"used_by": 2
},
{
"abstract": "We introduce OpSets, an executable framework for specifying and reasoning about the semantics of replicated datatypes that provide eventual consistency in a distributed system, and for mechanically verifying algorithms that implement these datatypes. Our approach is simple but expressive, allowing us to succinctly specify a variety of abstract datatypes, including maps, sets, lists, text, graphs, trees, and registers. Our datatypes are also composable, enabling the construction of complex data structures. To demonstrate the utility of OpSets for analysing replication algorithms, we highlight an important correctness property for collaborative text editing that has traditionally been overlooked; algorithms that do not satisfy this property can exhibit awkward interleaving of text. We use OpSets to specify this correctness property and prove that although one existing replication algorithm satisfies this property, several other published algorithms do not.",
"authors": [
"Martin Kleppmann",
"Victor B. F. Gomes",
"Dominic P. Mulligan",
"Alastair R. Beresford"
],
"date": "2018-05-10",
- "id": 293,
+ "id": 294,
"link": "/entries/OpSets.html",
"permalink": "/entries/OpSets.html",
"shortname": "OpSets",
"title": "OpSets: Sequential Specifications for Replicated Datatypes",
"topic_links": [
"computer-science/algorithms/distributed",
"computer-science/data-structures"
],
"topics": [
"Computer science/Algorithms/Distributed",
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "The \"Modular Assembly Kit for Security Properties\" (MAKS) is a framework for both the definition and verification of possibilistic information-flow security properties at the specification-level. MAKS supports the uniform representation of a wide range of possibilistic information-flow properties and provides support for the verification of such properties via unwinding results and compositionality results. We provide a formalization of this framework in Isabelle/HOL.",
"authors": [
"Oliver Bračevac",
"Richard Gay",
"Sylvia Grewe",
"Heiko Mantel",
"Henning Sudbrock",
"Markus Tasch"
],
"date": "2018-05-07",
- "id": 294,
+ "id": 295,
"link": "/entries/Modular_Assembly_Kit_Security.html",
"permalink": "/entries/Modular_Assembly_Kit_Security.html",
"shortname": "Modular_Assembly_Kit_Security",
"title": "An Isabelle/HOL Formalization of the Modular Assembly Kit for Security Properties",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This is a mechanised specification of the WebAssembly language, drawn mainly from the previously published paper formalisation of Haas et al. Also included is a full proof of soundness of the type system, together with a verified type checker and interpreter. We include only a partial procedure for the extraction of the type checker and interpreter here. For more details, please see our paper in CPP 2018.",
"authors": [
"Conrad Watt"
],
"date": "2018-04-29",
- "id": 295,
+ "id": 296,
"link": "/entries/WebAssembly.html",
"permalink": "/entries/WebAssembly.html",
"shortname": "WebAssembly",
"title": "WebAssembly",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "\u003ca href=\"http://www.pm.inf.ethz.ch/research/verifythis.html\"\u003eVerifyThis 2018\u003c/a\u003e was a program verification competition associated with ETAPS 2018. It was the 7th event in the VerifyThis competition series. In this entry, we present polished and completed versions of our solutions that we created during the competition.",
"authors": [
"Peter Lammich",
"Simon Wimmer"
],
"date": "2018-04-27",
- "id": 296,
+ "id": 297,
"link": "/entries/VerifyThis2018.html",
"permalink": "/entries/VerifyThis2018.html",
"shortname": "VerifyThis2018",
"title": "VerifyThis 2018 - Polished Isabelle Solutions",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "Bounded natural functors (BNFs) provide a modular framework for the construction of (co)datatypes in higher-order logic. Their functorial operations, the mapper and relator, are restricted to a subset of the parameters, namely those where recursion can take place. For certain applications, such as free theorems, data refinement, quotients, and generalised rewriting, it is desirable that these operations do not ignore the other parameters. In this article, we formalise the generalisation BNF\u003csub\u003eCC\u003c/sub\u003e that extends the mapper and relator to covariant and contravariant parameters. We show that \u003col\u003e \u003cli\u003e BNF\u003csub\u003eCC\u003c/sub\u003es are closed under functor composition and least and greatest fixpoints,\u003c/li\u003e \u003cli\u003e subtypes inherit the BNF\u003csub\u003eCC\u003c/sub\u003e structure under conditions that generalise those for the BNF case, and\u003c/li\u003e \u003cli\u003e BNF\u003csub\u003eCC\u003c/sub\u003es preserve quotients under mild conditions.\u003c/li\u003e \u003c/ol\u003e These proofs are carried out for abstract BNF\u003csub\u003eCC\u003c/sub\u003es similar to the AFP entry BNF Operations. In addition, we apply the BNF\u003csub\u003eCC\u003c/sub\u003e theory to several concrete functors.",
"authors": [
"Andreas Lochbihler",
"Joshua Schneider"
],
"date": "2018-04-24",
- "id": 297,
+ "id": 298,
"link": "/entries/BNF_CC.html",
"permalink": "/entries/BNF_CC.html",
"shortname": "BNF_CC",
"title": "Bounded Natural Functors with Covariance and Contravariance",
"topic_links": [
"computer-science/functional-programming",
"tools"
],
"topics": [
"Computer science/Functional programming",
"Tools"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis formalisation contains the proof that there is no anonymous Social Choice Function for at least three agents and alternatives that fulfils both Pareto-Efficiency and Fishburn-Strategyproofness. It was derived from a proof of \u003ca href=\"http://dss.in.tum.de/files/brandt-research/stratset.pdf\"\u003eBrandt \u003cem\u003eet al.\u003c/em\u003e\u003c/a\u003e, which relies on an unverified translation of a fixed finite instance of the original problem to SAT. This Isabelle proof contains a machine-checked version of both the statement for exactly three agents and alternatives and the lifting to the general case.\u003c/p\u003e",
"authors": [
"Felix Brandt",
"Manuel Eberl",
"Christian Saile",
"Christian Stricker"
],
"date": "2018-03-22",
- "id": 298,
+ "id": 299,
"link": "/entries/Fishburn_Impossibility.html",
"permalink": "/entries/Fishburn_Impossibility.html",
"shortname": "Fishburn_Impossibility",
"title": "The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "This theory provides a verified implementation of weight-balanced trees following the work of \u003ca href=\"https://doi.org/10.1017/S0956796811000104\"\u003eHirai and Yamamoto\u003c/a\u003e who proved that all parameters in a certain range are valid, i.e. guarantee that insertion and deletion preserve weight-balance. Instead of a general theorem we provide parameterized proofs of preservation of the invariant that work for many (all?) valid parameters.",
"authors": [
"Tobias Nipkow",
"Stefan Dirix"
],
"date": "2018-03-13",
- "id": 299,
+ "id": 300,
"link": "/entries/Weight_Balanced_Trees.html",
"permalink": "/entries/Weight_Balanced_Trees.html",
"shortname": "Weight_Balanced_Trees",
"title": "Weight-Balanced Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "CakeML is a functional programming language with a proven-correct compiler and runtime system. This entry contains an unofficial version of the CakeML semantics that has been exported from the Lem specifications to Isabelle. Additionally, there are some hand-written theory files that adapt the exported code to Isabelle and port proofs from the HOL4 formalization, e.g. termination and equivalence proofs.",
"authors": [
"Lars Hupel",
"Yu Zhang"
],
"date": "2018-03-12",
- "id": 300,
+ "id": 301,
"link": "/entries/CakeML.html",
"permalink": "/entries/CakeML.html",
"shortname": "CakeML",
"title": "CakeML",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 1
},
{
"abstract": "The following document formalizes and verifies several architectural design patterns. Each pattern specification is formalized in terms of a locale where the locale assumptions correspond to the assumptions which a pattern poses on an architecture. Thus, pattern specifications may build on top of each other by interpreting the corresponding locale. A pattern is verified using the framework provided by the AFP entry Dynamic Architectures. Currently, the document consists of formalizations of 4 different patterns: the singleton, the publisher subscriber, the blackboard pattern, and the blockchain pattern. Thereby, the publisher component of the publisher subscriber pattern is modeled as an instance of the singleton pattern and the blackboard pattern is modeled as an instance of the publisher subscriber pattern. In general, this entry provides the first steps towards an overall theory of architectural design patterns.",
"authors": [
"Diego Marmsoler"
],
"date": "2018-03-01",
- "id": 301,
+ "id": 302,
"link": "/entries/Architectural_Design_Patterns.html",
"permalink": "/entries/Architectural_Design_Patterns.html",
"shortname": "Architectural_Design_Patterns",
"title": "A Theory of Architectural Design Patterns",
"topic_links": [
"computer-science/system-description-languages"
],
"topics": [
"Computer science/System description languages"
],
"used_by": 0
},
{
"abstract": "We study three different Hoare logics for reasoning about time bounds of imperative programs and formalize them in Isabelle/HOL: a classical Hoare like logic due to Nielson, a logic with potentials due to Carbonneaux \u003ci\u003eet al.\u003c/i\u003e and a \u003ci\u003eseparation logic\u003c/i\u003e following work by Atkey, Chaguérand and Pottier. These logics are formally shown to be sound and complete. Verification condition generators are developed and are shown sound and complete too. We also consider variants of the systems where we abstract from multiplicative constants in the running time bounds, thus supporting a big-O style of reasoning. Finally we compare the expressive power of the three systems.",
"authors": [
"Maximilian P. L. Haslbeck",
"Tobias Nipkow"
],
"date": "2018-02-26",
- "id": 302,
+ "id": 303,
"link": "/entries/Hoare_Time.html",
"permalink": "/entries/Hoare_Time.html",
"shortname": "Hoare_Time",
"title": "Hoare Logics for Time Bounds",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "Short vectors in lattices and factors of integer polynomials are related. Each factor of an integer polynomial belongs to a certain lattice. When factoring polynomials, the condition that we are looking for an irreducible polynomial means that we must look for a small element in a lattice, which can be done by a basis reduction algorithm. In this development we formalize this connection and thereby one main application of the LLL basis reduction algorithm: an algorithm to factor square-free integer polynomials which runs in polynomial time. The work is based on our previous Berlekamp–Zassenhaus development, where the exponential reconstruction phase has been replaced by the polynomial-time basis reduction algorithm. Thanks to this formalization we found a serious flaw in a textbook.",
"authors": [
"Jose Divasón",
"Sebastiaan J. C. Joosten",
"René Thiemann",
"Akihisa Yamada"
],
"date": "2018-02-06",
- "id": 303,
+ "id": 304,
"link": "/entries/LLL_Factorization.html",
"permalink": "/entries/LLL_Factorization.html",
"shortname": "LLL_Factorization",
"title": "A verified factorization algorithm for integer polynomials with polynomial complexity",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "We formalize basic results on first-order terms, including matching and a first-order unification algorithm, as well as well-foundedness of the subsumption order. This entry is part of the \u003ci\u003eIsabelle Formalization of Rewriting\u003c/i\u003e \u003ca href=\"http://cl-informatik.uibk.ac.at/isafor\"\u003eIsaFoR\u003c/a\u003e, where first-order terms are omni-present: the unification algorithm is used to certify several confluence and termination techniques, like critical-pair computation and dependency graph approximations; and the subsumption order is a crucial ingredient for completion.",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2018-02-06",
- "id": 304,
+ "id": 305,
"link": "/entries/First_Order_Terms.html",
"permalink": "/entries/First_Order_Terms.html",
"shortname": "First_Order_Terms",
"title": "First-Order Terms",
"topic_links": [
"logic/rewriting",
"computer-science/algorithms"
],
"topics": [
"Logic/Rewriting",
"Computer science/Algorithms"
],
"used_by": 5
},
{
"abstract": "\u003cp\u003e This entry provides the definitions and basic properties of the complex and real error function erf and the complementary error function erfc. Additionally, it gives their full asymptotic expansions. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2018-02-06",
- "id": 305,
+ "id": 306,
"link": "/entries/Error_Function.html",
"permalink": "/entries/Error_Function.html",
"shortname": "Error_Function",
"title": "The Error Function",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e A Treap is a binary tree whose nodes contain pairs consisting of some payload and an associated priority. It must have the search-tree property w.r.t. the payloads and the heap property w.r.t. the priorities. Treaps are an interesting data structure that is related to binary search trees (BSTs) in the following way: if one forgets all the priorities of a treap, the resulting BST is exactly the same as if one had inserted the elements into an empty BST in order of ascending priority. This means that a treap behaves like a BST where we can pretend the elements were inserted in a different order from the one in which they were actually inserted. \u003c/p\u003e \u003cp\u003e In particular, by choosing these priorities at random upon insertion of an element, we can pretend that we inserted the elements in \u003cem\u003erandom order\u003c/em\u003e, so that the shape of the resulting tree is that of a random BST no matter in what order we insert the elements. This is the main result of this formalisation.\u003c/p\u003e",
"authors": [
"Max W. Haslbeck",
"Manuel Eberl",
"Tobias Nipkow"
],
"date": "2018-02-06",
- "id": 306,
+ "id": 307,
"link": "/entries/Treaps.html",
"permalink": "/entries/Treaps.html",
"shortname": "Treaps",
"title": "Treaps",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "The Lenstra-Lenstra-Lovász basis reduction algorithm, also known as LLL algorithm, is an algorithm to find a basis with short, nearly orthogonal vectors of an integer lattice. Thereby, it can also be seen as an approximation to solve the shortest vector problem (SVP), which is an NP-hard problem, where the approximation quality solely depends on the dimension of the lattice, but not the lattice itself. The algorithm also possesses many applications in diverse fields of computer science, from cryptanalysis to number theory, but it is specially well-known since it was used to implement the first polynomial-time algorithm to factor polynomials. In this work we present the first mechanized soundness proof of the LLL algorithm to compute short vectors in lattices. The formalization follows a textbook by von zur Gathen and Gerhard.",
"authors": [
"Ralph Bottesch",
"Jose Divasón",
"Max W. Haslbeck",
"Sebastiaan J. C. Joosten",
"René Thiemann",
"Akihisa Yamada"
],
"date": "2018-02-02",
- "id": 307,
+ "id": 308,
"link": "/entries/LLL_Basis_Reduction.html",
"permalink": "/entries/LLL_Basis_Reduction.html",
"shortname": "LLL_Basis_Reduction",
"title": "A verified LLL algorithm",
"topic_links": [
"computer-science/algorithms/mathematical",
"mathematics/algebra"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Mathematics/Algebra"
],
"used_by": 3
},
{
"abstract": "This Isabelle/HOL formalization covers Sections 2 to 4 of Bachmair and Ganzinger's \"Resolution Theorem Proving\" chapter in the \u003cem\u003eHandbook of Automated Reasoning\u003c/em\u003e. This includes soundness and completeness of unordered and ordered variants of ground resolution with and without literal selection, the standard redundancy criterion, a general framework for refutational theorem proving, and soundness and completeness of an abstract first-order prover.",
"authors": [
"Anders Schlichtkrull",
"Jasmin Christian Blanchette",
"Dmitriy Traytel",
"Uwe Waldmann"
],
"date": "2018-01-18",
- "id": 308,
+ "id": 309,
"link": "/entries/Ordered_Resolution_Prover.html",
"permalink": "/entries/Ordered_Resolution_Prover.html",
"shortname": "Ordered_Resolution_Prover",
"title": "Formalization of Bachmair and Ganzinger's Ordered Resolution Prover",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 4
},
{
"abstract": "A geodesic metric space is Gromov hyperbolic if all its geodesic triangles are thin, i.e., every side is contained in a fixed thickening of the two other sides. While this definition looks innocuous, it has proved extremely important and versatile in modern geometry since its introduction by Gromov. We formalize the basic classical properties of Gromov hyperbolic spaces, notably the Morse lemma asserting that quasigeodesics are close to geodesics, the invariance of hyperbolicity under quasi-isometries, we define and study the Gromov boundary and its associated distance, and prove that a quasi-isometry between Gromov hyperbolic spaces extends to a homeomorphism of the boundaries. We also prove a less classical theorem, by Bonk and Schramm, asserting that a Gromov hyperbolic space embeds isometrically in a geodesic Gromov-hyperbolic space. As the original proof uses a transfinite sequence of Cauchy completions, this is an interesting formalization exercise. Along the way, we introduce basic material on isometries, quasi-isometries, Lipschitz maps, geodesic spaces, the Hausdorff distance, the Cauchy completion of a metric space, and the exponential on extended real numbers.",
"authors": [
"Sebastien Gouezel"
],
"date": "2018-01-16",
- "id": 309,
+ "id": 310,
"link": "/entries/Gromov_Hyperbolicity.html",
"permalink": "/entries/Gromov_Hyperbolicity.html",
"shortname": "Gromov_Hyperbolicity",
"title": "Gromov Hyperbolicity",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "We formalise a statement of Green’s theorem—the first formalisation to our knowledge—in Isabelle/HOL. The theorem statement that we formalise is enough for most applications, especially in physics and engineering. Our formalisation is made possible by a novel proof that avoids the ubiquitous line integral cancellation argument. This eliminates the need to formalise orientations and region boundaries explicitly with respect to the outwards-pointing normal vector. Instead we appeal to a homological argument about equivalences between paths.",
"authors": [
"Mohammad Abdulaziz",
"Lawrence C. Paulson"
],
"date": "2018-01-11",
- "id": 310,
+ "id": 311,
"link": "/entries/Green.html",
"permalink": "/entries/Green.html",
"shortname": "Green",
"title": "An Isabelle/HOL formalisation of Green's Theorem",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "We present a formally verified implementation of multivariate Taylor models. Taylor models are a form of rigorous polynomial approximation, consisting of an approximation polynomial based on Taylor expansions, combined with a rigorous bound on the approximation error. Taylor models were introduced as a tool to mitigate the dependency problem of interval arithmetic. Our implementation automatically computes Taylor models for the class of elementary functions, expressed by composition of arithmetic operations and basic functions like exp, sin, or square root.",
"authors": [
"Christoph Traut",
"Fabian Immler"
],
"date": "2018-01-08",
- "id": 311,
+ "id": 312,
"link": "/entries/Taylor_Models.html",
"permalink": "/entries/Taylor_Models.html",
"shortname": "Taylor_Models",
"title": "Taylor Models",
"topic_links": [
"computer-science/algorithms/mathematical",
"computer-science/data-structures",
"mathematics/analysis",
"mathematics/algebra"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Computer science/Data structures",
"Mathematics/Analysis",
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "This entry shows that the falling factorial of a sum can be computed with an expression using binomial coefficients and the falling factorial of its summands. The entry provides three different proofs: a combinatorial proof, an induction proof and an algebraic proof using the Vandermonde identity. The three formalizations try to follow their informal presentations from a Mathematics Stack Exchange page as close as possible. The induction and algebraic formalization end up to be very close to their informal presentation, whereas the combinatorial proof first requires the introduction of list interleavings, and significant more detail than its informal presentation.",
"authors": [
"Lukas Bulwahn"
],
"date": "2017-12-22",
- "id": 312,
+ "id": 313,
"link": "/entries/Falling_Factorial_Sum.html",
"permalink": "/entries/Falling_Factorial_Sum.html",
"shortname": "Falling_Factorial_Sum",
"title": "The Falling Factorial of a Sum",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis article provides a formalisation of Dirichlet characters and Dirichlet \u003cem\u003eL\u003c/em\u003e-functions including proofs of their basic properties \u0026ndash; most notably their analyticity, their areas of convergence, and their non-vanishing for \u0026Re;(s) \u0026ge; 1. All of this is built in a very high-level style using Dirichlet series. The proof of the non-vanishing follows a very short and elegant proof by Newman, which we attempt to reproduce faithfully in a similar level of abstraction in Isabelle.\u003c/p\u003e \u003cp\u003eThis also leads to a relatively short proof of Dirichlet’s Theorem, which states that, if \u003cem\u003eh\u003c/em\u003e and \u003cem\u003en\u003c/em\u003e are coprime, there are infinitely many primes \u003cem\u003ep\u003c/em\u003e with \u003cem\u003ep\u003c/em\u003e \u0026equiv; \u003cem\u003eh\u003c/em\u003e (mod \u003cem\u003en\u003c/em\u003e).\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-12-21",
- "id": 313,
+ "id": 314,
"link": "/entries/Dirichlet_L.html",
"permalink": "/entries/Dirichlet_L.html",
"shortname": "Dirichlet_L",
"title": "Dirichlet L-Functions and Dirichlet's Theorem",
"topic_links": [
"mathematics/number-theory",
"mathematics/algebra"
],
"topics": [
"Mathematics/Number theory",
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis article provides a formalisation of Snyder’s simple and elegant proof of the Mason\u0026ndash;Stothers theorem, which is the polynomial analogue of the famous abc Conjecture for integers. Remarkably, Snyder found this very elegant proof when he was still a high-school student.\u003c/p\u003e \u003cp\u003eIn short, the statement of the theorem is that three non-zero coprime polynomials \u003cem\u003eA\u003c/em\u003e, \u003cem\u003eB\u003c/em\u003e, \u003cem\u003eC\u003c/em\u003e over a field which sum to 0 and do not all have vanishing derivatives fulfil max{deg(\u003cem\u003eA\u003c/em\u003e), deg(\u003cem\u003eB\u003c/em\u003e), deg(\u003cem\u003eC\u003c/em\u003e)} \u003c deg(rad(\u003cem\u003eABC\u003c/em\u003e)) where the rad(\u003cem\u003eP\u003c/em\u003e) denotes the \u003cem\u003eradical\u003c/em\u003e of \u003cem\u003eP\u003c/em\u003e, i.\u0026thinsp;e. the product of all unique irreducible factors of \u003cem\u003eP\u003c/em\u003e.\u003c/p\u003e \u003cp\u003eThis theorem also implies a kind of polynomial analogue of Fermat’s Last Theorem for polynomials: except for trivial cases, \u003cem\u003eA\u003csup\u003en\u003c/sup\u003e\u003c/em\u003e + \u003cem\u003eB\u003csup\u003en\u003c/sup\u003e\u003c/em\u003e + \u003cem\u003eC\u003csup\u003en\u003c/sup\u003e\u003c/em\u003e = 0 implies n\u0026nbsp;\u0026le;\u0026nbsp;2 for coprime polynomials \u003cem\u003eA\u003c/em\u003e, \u003cem\u003eB\u003c/em\u003e, \u003cem\u003eC\u003c/em\u003e over a field.\u003c/em\u003e\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-12-21",
- "id": 314,
+ "id": 315,
"link": "/entries/Mason_Stothers.html",
"permalink": "/entries/Mason_Stothers.html",
"shortname": "Mason_Stothers",
"title": "The Mason–Stothers Theorem",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis entry provides an executable functional implementation of the Median-of-Medians algorithm for selecting the \u003cem\u003ek\u003c/em\u003e-th smallest element of an unsorted list deterministically in linear time. The size bounds for the recursive call that lead to the linear upper bound on the run-time of the algorithm are also proven. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-12-21",
- "id": 315,
+ "id": 316,
"link": "/entries/Median_Of_Medians_Selection.html",
"permalink": "/entries/Median_Of_Medians_Selection.html",
"shortname": "Median_Of_Medians_Selection",
"title": "The Median-of-Medians Selection Algorithm",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 1
},
{
"abstract": "This entry formalizes the closure property of bounded natural functors (BNFs) under seven operations. These operations and the corresponding proofs constitute the core of Isabelle's (co)datatype package. To be close to the implemented tactics, the proofs are deliberately formulated as detailed apply scripts. The (co)datatypes together with (co)induction principles and (co)recursors are byproducts of the fixpoint operations LFP and GFP. Composition of BNFs is subdivided into four simpler operations: Compose, Kill, Lift, and Permute. The N2M operation provides mutual (co)induction principles and (co)recursors for nested (co)datatypes.",
"authors": [
"Jasmin Christian Blanchette",
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2017-12-19",
- "id": 316,
+ "id": 317,
"link": "/entries/BNF_Operations.html",
"permalink": "/entries/BNF_Operations.html",
"shortname": "BNF_Operations",
"title": "Operations on Bounded Natural Functors",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 0
},
{
"abstract": "The Knuth-Morris-Pratt algorithm is often used to show that the problem of finding a string \u003ci\u003es\u003c/i\u003e in a text \u003ci\u003et\u003c/i\u003e can be solved deterministically in \u003ci\u003eO(|s| + |t|)\u003c/i\u003e time. We use the Isabelle Refinement Framework to formulate and verify the algorithm. Via refinement, we apply some optimisations and finally use the \u003cem\u003eSepref\u003c/em\u003e tool to obtain executable code in \u003cem\u003eImperative/HOL\u003c/em\u003e.",
"authors": [
"Fabian Hellauer",
"Peter Lammich"
],
"date": "2017-12-18",
- "id": 317,
+ "id": 318,
"link": "/entries/Knuth_Morris_Pratt.html",
"permalink": "/entries/Knuth_Morris_Pratt.html",
"shortname": "Knuth_Morris_Pratt",
"title": "The string search algorithm by Knuth, Morris and Pratt",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "Stochastic matrices are a convenient way to model discrete-time and finite state Markov chains. The Perron\u0026ndash;Frobenius theorem tells us something about the existence and uniqueness of non-negative eigenvectors of a stochastic matrix. In this entry, we formalize stochastic matrices, link the formalization to the existing AFP-entry on Markov chains, and apply the Perron\u0026ndash;Frobenius theorem to prove that stationary distributions always exist, and they are unique if the stochastic matrix is irreducible.",
"authors": [
"René Thiemann"
],
"date": "2017-11-22",
- "id": 318,
+ "id": 319,
"link": "/entries/Stochastic_Matrices.html",
"permalink": "/entries/Stochastic_Matrices.html",
"shortname": "Stochastic_Matrices",
"title": "Stochastic Matrices and the Perron-Frobenius Theorem",
"topic_links": [
"mathematics/algebra",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Mathematics/Algebra",
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "We provide our Isabelle/HOL formalization of a Conflict-free Replicated Datatype for Internet Message Access Protocol commands. We show that Strong Eventual Consistency (SEC) is guaranteed by proving the commutativity of concurrent operations. We base our formalization on the recently proposed \"framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes\" (AFP.CRDT) from Gomes et al. Hence, we provide an additional example of how the recently proposed framework can be used to design and prove CRDTs.",
"authors": [
"Tim Jungnickel",
"Lennart Oldenburg",
"Matthias Loibl"
],
"date": "2017-11-09",
- "id": 319,
+ "id": 320,
"link": "/entries/IMAP-CRDT.html",
"permalink": "/entries/IMAP-CRDT.html",
"shortname": "IMAP-CRDT",
"title": "The IMAP CmRDT",
"topic_links": [
"computer-science/algorithms/distributed",
"computer-science/data-structures"
],
"topics": [
"Computer science/Algorithms/Distributed",
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "We present a semantic embedding of a spatio-temporal multi-modal logic, specifically defined to reason about motorway traffic, into Isabelle/HOL. The semantic model is an abstraction of a motorway, emphasising local spatial properties, and parameterised by the types of sensors deployed in the vehicles. We use the logic to define controller constraints to ensure safety, i.e., the absence of collisions on the motorway. After proving safety with a restrictive definition of sensors, we relax these assumptions and show how to amend the controller constraints to still guarantee safety.",
"authors": [
"Sven Linker"
],
"date": "2017-11-06",
- "id": 320,
+ "id": 321,
"link": "/entries/Hybrid_Multi_Lane_Spatial_Logic.html",
"permalink": "/entries/Hybrid_Multi_Lane_Spatial_Logic.html",
"shortname": "Hybrid_Multi_Lane_Spatial_Logic",
"title": "Hybrid Multi-Lane Spatial Logic",
"topic_links": [
"logic/general-logic/modal-logic"
],
"topics": [
"Logic/General logic/Modal logic"
],
"used_by": 0
},
{
"abstract": "We discuss a topological curiosity discovered by Kuratowski (1922): the fact that the number of distinct operators on a topological space generated by compositions of closure and complement never exceeds 14, and is exactly 14 in the case of R. In addition, we prove a theorem due to Chagrov (1982) that classifies topological spaces according to the number of such operators they support.",
"authors": [
"Peter Gammie",
"Gianpaolo Gioiosa"
],
"date": "2017-10-26",
- "id": 321,
+ "id": 322,
"link": "/entries/Kuratowski_Closure_Complement.html",
"permalink": "/entries/Kuratowski_Closure_Complement.html",
"shortname": "Kuratowski_Closure_Complement",
"title": "The Kuratowski Closure-Complement Theorem",
"topic_links": [
"mathematics/topology"
],
"topics": [
"Mathematics/Topology"
],
"used_by": 0
},
{
"abstract": "This entry provides a verified implementation of rank-based Büchi Complementation. The verification is done in three steps: \u003col\u003e \u003cli\u003eDefinition of odd rankings and proof that an automaton rejects a word iff there exists an odd ranking for it.\u003c/li\u003e \u003cli\u003eDefinition of the complement automaton and proof that it accepts exactly those words for which there is an odd ranking.\u003c/li\u003e \u003cli\u003eVerified implementation of the complement automaton using the Isabelle Collections Framework.\u003c/li\u003e \u003c/ol\u003e",
"authors": [
"Julian Brunner"
],
"date": "2017-10-19",
- "id": 322,
+ "id": 323,
"link": "/entries/Buchi_Complementation.html",
"permalink": "/entries/Buchi_Complementation.html",
"shortname": "Buchi_Complementation",
"title": "Büchi Complementation",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "This entry provides a very abstract theory of transition systems that can be instantiated to express various types of automata. A transition system is typically instantiated by providing a set of initial states, a predicate for enabled transitions, and a transition execution function. From this, it defines the concepts of finite and infinite paths as well as the set of reachable states, among other things. Many useful theorems, from basic path manipulation rules to coinduction and run construction rules, are proven in this abstract transition system context. The library comes with instantiations for DFAs, NFAs, and Büchi automata.",
"authors": [
"Julian Brunner"
],
"date": "2017-10-19",
- "id": 323,
+ "id": 324,
"link": "/entries/Transition_Systems_and_Automata.html",
"permalink": "/entries/Transition_Systems_and_Automata.html",
"shortname": "Transition_Systems_and_Automata",
"title": "Transition Systems and Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 4
},
{
"abstract": "Based on evaluating Cauchy indices through remainder sequences, this entry provides an effective procedure to count the number of complex roots (with multiplicity) of a polynomial within various shapes (e.g., rectangle, circle and half-plane). Potential applications of this entry include certified complex root isolation (of a polynomial) and testing the Routh-Hurwitz stability criterion (i.e., to check whether all the roots of some characteristic polynomial have negative real parts).",
"authors": [
"Wenda Li"
],
"date": "2017-10-17",
- "id": 324,
+ "id": 325,
"link": "/entries/Count_Complex_Roots.html",
"permalink": "/entries/Count_Complex_Roots.html",
"shortname": "Count_Complex_Roots",
"title": "Count the Number of Complex Roots",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "In complex analysis, the winding number measures the number of times a path (counterclockwise) winds around a point, while the Cauchy index can approximate how the path winds. This entry provides a formalisation of the Cauchy index, which is then shown to be related to the winding number. In addition, this entry also offers a tactic that enables users to evaluate the winding number by calculating Cauchy indices.",
"authors": [
"Wenda Li"
],
"date": "2017-10-17",
- "id": 325,
+ "id": 326,
"link": "/entries/Winding_Number_Eval.html",
"permalink": "/entries/Winding_Number_Eval.html",
"shortname": "Winding_Number_Eval",
"title": "Evaluate Winding Numbers through Cauchy Indices",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 2
},
{
"abstract": "We formalize the theory of homogeneous linear diophantine equations, focusing on two main results: (1) an abstract characterization of minimal complete sets of solutions, and (2) an algorithm computing them. Both, the characterization and the algorithm are based on previous work by Huet. Our starting point is a simple but inefficient variant of Huet's lexicographic algorithm incorporating improved bounds due to Clausen and Fortenbacher. We proceed by proving its soundness and completeness. Finally, we employ code equations to obtain a reasonably efficient implementation. Thus, we provide a formally verified solver for homogeneous linear diophantine equations.",
"authors": [
"Florian Messner",
"Julian Parsert",
"Jonas Schöpf",
"Christian Sternagel"
],
"date": "2017-10-14",
- "id": 326,
+ "id": 327,
"link": "/entries/Diophantine_Eqns_Lin_Hom.html",
"permalink": "/entries/Diophantine_Eqns_Lin_Hom.html",
"shortname": "Diophantine_Eqns_Lin_Hom",
"title": "Homogeneous Linear Diophantine Equations",
"topic_links": [
"computer-science/algorithms/mathematical",
"mathematics/number-theory",
"tools"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Mathematics/Number theory",
"Tools"
],
"used_by": 0
},
{
"abstract": "This entry is a formalisation of much of Chapters 2, 3, and 11 of Apostol's \u0026ldquo;Introduction to Analytic Number Theory\u0026rdquo;. This includes: \u003cul\u003e \u003cli\u003eDefinitions and basic properties for several number-theoretic functions (Euler's \u0026phi;, M\u0026ouml;bius \u0026mu;, Liouville's \u0026lambda;, the divisor function \u0026sigma;, von Mangoldt's \u0026Lambda;)\u003c/li\u003e \u003cli\u003eExecutable code for most of these functions, the most efficient implementations using the factoring algorithm by Thiemann \u003ci\u003eet al.\u003c/i\u003e\u003c/li\u003e \u003cli\u003eDirichlet products and formal Dirichlet series\u003c/li\u003e \u003cli\u003eAnalytic results connecting convergent formal Dirichlet series to complex functions\u003c/li\u003e \u003cli\u003eEuler product expansions\u003c/li\u003e \u003cli\u003eAsymptotic estimates of number-theoretic functions including the density of squarefree integers and the average number of divisors of a natural number\u003c/li\u003e \u003c/ul\u003e These results are useful as a basis for developing more number-theoretic results, such as the Prime Number Theorem.",
"authors": [
"Manuel Eberl"
],
"date": "2017-10-12",
- "id": 327,
+ "id": 328,
"link": "/entries/Dirichlet_Series.html",
"permalink": "/entries/Dirichlet_Series.html",
"shortname": "Dirichlet_Series",
"title": "Dirichlet Series",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 4
},
{
"abstract": "\u003cp\u003e Linear recurrences with constant coefficients are an interesting class of recurrence equations that can be solved explicitly. The most famous example are certainly the Fibonacci numbers with the equation \u003ci\u003ef\u003c/i\u003e(\u003ci\u003en\u003c/i\u003e) = \u003ci\u003ef\u003c/i\u003e(\u003ci\u003en\u003c/i\u003e-1) + \u003ci\u003ef\u003c/i\u003e(\u003ci\u003en\u003c/i\u003e - 2) and the quite non-obvious closed form (\u003ci\u003e\u0026phi;\u003c/i\u003e\u003csup\u003e\u003ci\u003en\u003c/i\u003e\u003c/sup\u003e - (-\u003ci\u003e\u0026phi;\u003c/i\u003e)\u003csup\u003e-\u003ci\u003en\u003c/i\u003e\u003c/sup\u003e) / \u0026radic;\u003cspan style=\"text-decoration: overline\"\u003e5\u003c/span\u003e where \u0026phi; is the golden ratio. \u003c/p\u003e \u003cp\u003e In this work, I build on existing tools in Isabelle \u0026ndash; such as formal power series and polynomial factorisation algorithms \u0026ndash; to develop a theory of these recurrences and derive a fully executable solver for them that can be exported to programming languages like Haskell. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-10-12",
- "id": 328,
+ "id": 329,
"link": "/entries/Linear_Recurrences.html",
"permalink": "/entries/Linear_Recurrences.html",
"shortname": "Linear_Recurrences",
"title": "Linear Recurrences",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis entry builds upon the results about formal and analytic Dirichlet series to define the Hurwitz \u0026zeta; function \u0026zeta;(\u003cem\u003ea\u003c/em\u003e,\u003cem\u003es\u003c/em\u003e) and, based on that, the Riemann \u0026zeta; function \u0026zeta;(\u003cem\u003es\u003c/em\u003e). This is done by first defining them for \u0026real;(\u003cem\u003ez\u003c/em\u003e) \u003e 1 and then successively extending the domain to the left using the Euler\u0026ndash;MacLaurin formula.\u003c/p\u003e \u003cp\u003eApart from the most basic facts such as analyticity, the following results are provided:\u003c/p\u003e \u003cul\u003e \u003cli\u003ethe Stieltjes constants and the Laurent expansion of \u0026zeta;(\u003cem\u003es\u003c/em\u003e) at \u003cem\u003es\u003c/em\u003e = 1\u003c/li\u003e \u003cli\u003ethe non-vanishing of \u0026zeta;(\u003cem\u003es\u003c/em\u003e) for \u0026real;(\u003cem\u003ez\u003c/em\u003e) \u0026ge; 1\u003c/li\u003e \u003cli\u003ethe relationship between \u0026zeta;(\u003cem\u003ea\u003c/em\u003e,\u003cem\u003es\u003c/em\u003e) and \u0026Gamma;\u003c/li\u003e \u003cli\u003ethe special values at negative integers and positive even integers\u003c/li\u003e \u003cli\u003eHurwitz's formula and the reflection formula for \u0026zeta;(\u003cem\u003es\u003c/em\u003e)\u003c/li\u003e \u003cli\u003ethe \u003ca href=\"https://arxiv.org/abs/math/0405478\"\u003e Hadjicostas\u0026ndash;Chapman formula\u003c/a\u003e\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eThe entry also contains Euler's analytic proof of the infinitude of primes, based on the fact that \u0026zeta;(\u003ci\u003es\u003c/i\u003e) has a pole at \u003ci\u003es\u003c/i\u003e = 1.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-10-12",
- "id": 329,
+ "id": 330,
"link": "/entries/Zeta_Function.html",
"permalink": "/entries/Zeta_Function.html",
"shortname": "Zeta_Function",
"title": "The Hurwitz and Riemann ζ Functions",
"topic_links": [
"mathematics/number-theory",
"mathematics/analysis"
],
"topics": [
"Mathematics/Number theory",
"Mathematics/Analysis"
],
"used_by": 3
},
{
"abstract": "Computers may help us to understand --not just verify-- philosophical arguments. By utilizing modern proof assistants in an iterative interpretive process, we can reconstruct and assess an argument by fully formal means. Through the mechanization of a variant of St. Anselm's ontological argument by E. J. Lowe, which is a paradigmatic example of a natural-language argument with strong ties to metaphysics and religion, we offer an ideal showcase for our computer-assisted interpretive method.",
"authors": [
"David Fuenmayor",
"Christoph Benzmüller"
],
"date": "2017-09-21",
- "id": 330,
+ "id": 331,
"link": "/entries/Lowe_Ontological_Argument.html",
"permalink": "/entries/Lowe_Ontological_Argument.html",
"shortname": "Lowe_Ontological_Argument",
"title": "Computer-assisted Reconstruction and Assessment of E. J. Lowe's Modal Ontological Argument",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e We present an embedding of the second-order fragment of the Theory of Abstract Objects as described in Edward Zalta's upcoming work \u003ca href=\"https://mally.stanford.edu/principia.pdf\"\u003ePrincipia Logico-Metaphysica (PLM)\u003c/a\u003e in the automated reasoning framework Isabelle/HOL. The Theory of Abstract Objects is a metaphysical theory that reifies property patterns, as they for example occur in the abstract reasoning of mathematics, as \u003cb\u003eabstract objects\u003c/b\u003e and provides an axiomatic framework that allows to reason about these objects. It thereby serves as a fundamental metaphysical theory that can be used to axiomatize and describe a wide range of philosophical objects, such as Platonic forms or Leibniz' concepts, and has the ambition to function as a foundational theory of mathematics. The target theory of our embedding as described in chapters 7-9 of PLM employs a modal relational type theory as logical foundation for which a representation in functional type theory is \u003ca href=\"https://mally.stanford.edu/Papers/rtt.pdf\"\u003eknown to be challenging\u003c/a\u003e. \u003c/p\u003e \u003cp\u003e Nevertheless we arrive at a functioning representation of the theory in the functional logic of Isabelle/HOL based on a semantical representation of an Aczel-model of the theory. Based on this representation we construct an implementation of the deductive system of PLM which allows to automatically and interactively find and verify theorems of PLM. \u003c/p\u003e \u003cp\u003e Our work thereby supports the concept of shallow semantical embeddings of logical systems in HOL as a universal tool for logical reasoning \u003ca href=\"http://www.mi.fu-berlin.de/inf/groups/ag-ki/publications/Universal-Reasoning/1703_09620_pd.pdf\"\u003eas promoted by Christoph Benzm\u0026uuml;ller\u003c/a\u003e. \u003c/p\u003e \u003cp\u003e The most notable result of the presented work is the discovery of a previously unknown paradox in the formulation of the Theory of Abstract Objects. The embedding of the theory in Isabelle/HOL played a vital part in this discovery. Furthermore it was possible to immediately offer several options to modify the theory to guarantee its consistency. Thereby our work could provide a significant contribution to the development of a proper grounding for object theory. \u003c/p\u003e",
"authors": [
"Daniel Kirchner"
],
"date": "2017-09-17",
- "id": 331,
+ "id": 332,
"link": "/entries/PLM.html",
"permalink": "/entries/PLM.html",
"shortname": "PLM",
"title": "Representation and Partial Automation of the Principia Logico-Metaphysica in Isabelle/HOL",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "Paul Oppenheimer and Edward Zalta's formalisation of Anselm's ontological argument for the existence of God is automated by embedding a free logic for definite descriptions within Isabelle/HOL.",
"authors": [
"Ben Blumson"
],
"date": "2017-09-06",
- "id": 332,
+ "id": 333,
"link": "/entries/AnselmGod.html",
"permalink": "/entries/AnselmGod.html",
"shortname": "AnselmGod",
"title": "Anselm's God in Isabelle/HOL",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "Economic activity has always been a fundamental part of society. Due to modern day politics, economic theory has gained even more influence on our lives. Thus we want models and theories to be as precise as possible. This can be achieved using certification with the help of formal proof technology. Hence we will use Isabelle/HOL to construct two economic models, that of the the pure exchange economy and a version of the Arrow-Debreu Model. We will prove that the \u003ci\u003eFirst Theorem of Welfare Economics\u003c/i\u003e holds within both. The theorem is the mathematical formulation of Adam Smith's famous \u003ci\u003einvisible hand\u003c/i\u003e and states that a group of self-interested and rational actors will eventually achieve an efficient allocation of goods and services.",
"authors": [
"Julian Parsert",
"Cezary Kaliszyk"
],
"date": "2017-09-01",
- "id": 333,
+ "id": 334,
"link": "/entries/First_Welfare_Theorem.html",
"permalink": "/entries/First_Welfare_Theorem.html",
"shortname": "First_Welfare_Theorem",
"title": "Microeconomics and the First Welfare Theorem",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 1
},
{
"abstract": "The Orbit-Stabiliser theorem is a basic result in the algebra of groups that factors the order of a group into the sizes of its orbits and stabilisers. We formalize the notion of a group action and the related concepts of orbits and stabilisers. This allows us to prove the orbit-stabiliser theorem. In the second part of this work, we formalize the tetrahedral group and use the orbit-stabiliser theorem to prove that there are twelve (orientation-preserving) rotations of the tetrahedron.",
"authors": [
"Jonas Rädle"
],
"date": "2017-08-20",
- "id": 334,
+ "id": 335,
"link": "/entries/Orbit_Stabiliser.html",
"permalink": "/entries/Orbit_Stabiliser.html",
"shortname": "Orbit_Stabiliser",
"title": "Orbit-Stabiliser Theorem with Application to Rotational Symmetries",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e Andersson introduced \u003cem\u003egeneral balanced trees\u003c/em\u003e, search trees based on the design principle of partial rebuilding: perform update operations naively until the tree becomes too unbalanced, at which point a whole subtree is rebalanced. This article defines and analyzes a functional version of general balanced trees, which we call \u003cem\u003eroot-balanced trees\u003c/em\u003e. Using a lightweight model of execution time, amortized logarithmic complexity is verified in the theorem prover Isabelle. \u003c/p\u003e \u003cp\u003e This is the Isabelle formalization of the material decribed in the APLAS 2017 article \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/aplas17.html\"\u003eVerified Root-Balanced Trees\u003c/a\u003e by the same author, which also presents experimental results that show competitiveness of root-balanced with AVL and red-black trees. \u003c/p\u003e",
"authors": [
"Tobias Nipkow"
],
"date": "2017-08-20",
- "id": 335,
+ "id": 336,
"link": "/entries/Root_Balanced_Tree.html",
"permalink": "/entries/Root_Balanced_Tree.html",
"shortname": "Root_Balanced_Tree",
"title": "Root-Balanced Tree",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 2
},
{
"abstract": "The propositions-as-types correspondence is ordinarily presented as linking the metatheory of typed λ-calculi and the proof theory of intuitionistic logic. Griffin observed that this correspondence could be extended to classical logic through the use of control operators. This observation set off a flurry of further research, leading to the development of Parigots λμ-calculus. In this work, we formalise λμ- calculus in Isabelle/HOL and prove several metatheoretical properties such as type preservation and progress.",
"authors": [
"Cristina Matache",
"Victor B. F. Gomes",
"Dominic P. Mulligan"
],
"date": "2017-08-16",
- "id": 336,
+ "id": 337,
"link": "/entries/LambdaMu.html",
"permalink": "/entries/LambdaMu.html",
"shortname": "LambdaMu",
"title": "The LambdaMu-calculus",
"topic_links": [
"computer-science/programming-languages/lambda-calculi"
],
"topics": [
"Computer science/Programming languages/Lambda calculi"
],
"used_by": 0
},
{
"abstract": "This entry formalizes the two geometric theorems, Stewart's and Apollonius' theorem. Stewart's Theorem relates the length of a triangle's cevian to the lengths of the triangle's two sides. Apollonius' Theorem is a specialisation of Stewart's theorem, restricting the cevian to be the median. The proof applies the law of cosines, some basic geometric facts about triangles and then simply transforms the terms algebraically to yield the conjectured relation. The formalization in Isabelle can closely follow the informal proofs described in the Wikipedia articles of those two theorems.",
"authors": [
"Lukas Bulwahn"
],
"date": "2017-07-31",
- "id": 337,
+ "id": 338,
"link": "/entries/Stewart_Apollonius.html",
"permalink": "/entries/Stewart_Apollonius.html",
"shortname": "Stewart_Apollonius",
"title": "Stewart's Theorem and Apollonius' Theorem",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "The architecture of a system describes the system's overall organization into components and connections between those components. With the emergence of mobile computing, dynamic architectures have become increasingly important. In such architectures, components may appear or disappear, and connections may change over time. In the following we mechanize a theory of dynamic architectures and verify the soundness of a corresponding calculus. Therefore, we first formalize the notion of configuration traces as a model for dynamic architectures. Then, the behavior of single components is formalized in terms of behavior traces and an operator is introduced and studied to extract the behavior of a single component out of a given configuration trace. Then, behavior trace assertions are introduced as a temporal specification technique to specify behavior of components. Reasoning about component behavior in a dynamic context is formalized in terms of a calculus for dynamic architectures. Finally, the soundness of the calculus is verified by introducing an alternative interpretation for behavior trace assertions over configuration traces and proving the rules of the calculus. Since projection may lead to finite as well as infinite behavior traces, they are formalized in terms of coinductive lists. Thus, our theory is based on Lochbihler's formalization of coinductive lists. The theory may be applied to verify properties for dynamic architectures.",
"authors": [
"Diego Marmsoler"
],
"date": "2017-07-28",
- "id": 338,
+ "id": 339,
"link": "/entries/DynamicArchitectures.html",
"permalink": "/entries/DynamicArchitectures.html",
"shortname": "DynamicArchitectures",
"title": "Dynamic Architectures",
"topic_links": [
"computer-science/system-description-languages"
],
"topics": [
"Computer science/System description languages"
],
"used_by": 1
},
{
"abstract": "We present a semantics for an applied call-by-value lambda-calculus that is compositional, extensional, and elementary. We present four different views of the semantics: 1) as a relational (big-step) semantics that is not operational but instead declarative, 2) as a denotational semantics that does not use domain theory, 3) as a non-deterministic interpreter, and 4) as a variant of the intersection type systems of the Torino group. We prove that the semantics is correct by showing that it is sound and complete with respect to operational semantics on programs and that is sound with respect to contextual equivalence. We have not yet investigated whether it is fully abstract. We demonstrate that this approach to semantics is useful with three case studies. First, we use the semantics to prove correctness of a compiler optimization that inlines function application. Second, we adapt the semantics to the polymorphic lambda-calculus extended with general recursion and prove semantic type soundness. Third, we adapt the semantics to the call-by-value lambda-calculus with mutable references. \u003cbr\u003e The paper that accompanies these Isabelle theories is \u003ca href=\"https://arxiv.org/abs/1707.03762\"\u003eavailable on arXiv\u003c/a\u003e.",
"authors": [
"Jeremy Siek"
],
"date": "2017-07-21",
- "id": 339,
+ "id": 340,
"link": "/entries/Decl_Sem_Fun_PL.html",
"permalink": "/entries/Decl_Sem_Fun_PL.html",
"shortname": "Decl_Sem_Fun_PL",
"title": "Declarative Semantics for Functional Languages",
"topic_links": [
"computer-science/programming-languages"
],
"topics": [
"Computer science/Programming languages"
],
"used_by": 0
},
{
"abstract": "The Isabelle/HOLCF-Prelude is a formalization of a large part of Haskell's standard prelude in Isabelle/HOLCF. We use it to prove the correctness of the Eratosthenes' Sieve, in its self-referential implementation commonly used to showcase Haskell's laziness; prove correctness of GHC's \"fold/build\" rule and related rewrite rules; and certify a number of hints suggested by HLint.",
"authors": [
"Joachim Breitner",
"Brian Huffman",
"Neil Mitchell",
"Christian Sternagel"
],
"date": "2017-07-15",
- "id": 340,
+ "id": 341,
"link": "/entries/HOLCF-Prelude.html",
"permalink": "/entries/HOLCF-Prelude.html",
"shortname": "HOLCF-Prelude",
"title": "HOLCF-Prelude",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eMinkowski's theorem relates a subset of \u0026#8477;\u003csup\u003en\u003c/sup\u003e, the Lebesgue measure, and the integer lattice \u0026#8484;\u003csup\u003en\u003c/sup\u003e: It states that any convex subset of \u0026#8477;\u003csup\u003en\u003c/sup\u003e with volume greater than 2\u003csup\u003en\u003c/sup\u003e contains at least one lattice point from \u0026#8484;\u003csup\u003en\u003c/sup\u003e\\{0}, i.\u0026thinsp;e. a non-zero point with integer coefficients.\u003c/p\u003e \u003cp\u003eA related theorem which directly implies this is Blichfeldt's theorem, which states that any subset of \u0026#8477;\u003csup\u003en\u003c/sup\u003e with a volume greater than 1 contains two different points whose difference vector has integer components.\u003c/p\u003e \u003cp\u003eThe entry contains a proof of both theorems.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-07-13",
- "id": 341,
+ "id": 342,
"link": "/entries/Minkowskis_Theorem.html",
"permalink": "/entries/Minkowskis_Theorem.html",
"shortname": "Minkowskis_Theorem",
"title": "Minkowski's Theorem",
"topic_links": [
"mathematics/geometry",
"mathematics/number-theory"
],
"topics": [
"Mathematics/Geometry",
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "I formalise a Church-style simply-typed \\(\\lambda\\)-calculus, extended with pairs, a unit value, and projection functions, and show some metatheory of the calculus, such as the subject reduction property. Particular attention is paid to the treatment of names in the calculus. A nominal style of binding is used, but I use a manual approach over Nominal Isabelle in order to extract an executable type inference algorithm. More information can be found in my \u003ca href=\"http://www.openthesis.org/documents/Verified-Metatheory-Type-Inference-Simply-603182.html\"\u003eundergraduate dissertation\u003c/a\u003e.",
"authors": [
"Michael Rawson"
],
"date": "2017-07-09",
- "id": 342,
+ "id": 343,
"link": "/entries/Name_Carrying_Type_Inference.html",
"permalink": "/entries/Name_Carrying_Type_Inference.html",
"shortname": "Name_Carrying_Type_Inference",
"title": "Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus",
"topic_links": [
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Programming languages/Type systems"
],
"used_by": 0
},
{
"abstract": "In this work, we focus on the correctness of Conflict-free Replicated Data Types (CRDTs), a class of algorithm that provides strong eventual consistency guarantees for replicated data. We develop a modular and reusable framework for verifying the correctness of CRDT algorithms. We avoid correctness issues that have dogged previous mechanised proofs in this area by including a network model in our formalisation, and proving that our theorems hold in all possible network behaviours. Our axiomatic network model is a standard abstraction that accurately reflects the behaviour of real-world computer networks. Moreover, we identify an abstract convergence theorem, a property of order relations, which provides a formal definition of strong eventual consistency. We then obtain the first machine-checked correctness theorems for three concrete CRDTs: the Replicated Growable Array, the Observed-Remove Set, and an Increment-Decrement Counter.",
"authors": [
"Victor B. F. Gomes",
"Martin Kleppmann",
"Dominic P. Mulligan",
"Alastair R. Beresford"
],
"date": "2017-07-07",
- "id": 343,
+ "id": 344,
"link": "/entries/CRDT.html",
"permalink": "/entries/CRDT.html",
"shortname": "CRDT",
"title": "A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes",
"topic_links": [
"computer-science/algorithms/distributed",
"computer-science/data-structures"
],
"topics": [
"Computer science/Algorithms/Distributed",
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "We develop Stone-Kleene relation algebras, which expand Stone relation algebras with a Kleene star operation to describe reachability in weighted graphs. Many properties of the Kleene star arise as a special case of a more general theory of iteration based on Conway semirings extended by simulation axioms. This includes several theorems representing complex program transformations. We formally prove the correctness of Conway's automata-based construction of the Kleene star of a matrix. We prove numerous results useful for reasoning about weighted graphs.",
"authors": [
"Walter Guttmann"
],
"date": "2017-07-06",
- "id": 344,
+ "id": 345,
"link": "/entries/Stone_Kleene_Relation_Algebras.html",
"permalink": "/entries/Stone_Kleene_Relation_Algebras.html",
"shortname": "Stone_Kleene_Relation_Algebras",
"title": "Stone-Kleene Relation Algebras",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 4
},
{
"abstract": "We formalize a range of proof systems for classical propositional logic (sequent calculus, natural deduction, Hilbert systems, resolution) and prove the most important meta-theoretic results about semantics and proofs: compactness, soundness, completeness, translations between proof systems, cut-elimination, interpolation and model existence.",
"authors": [
"Julius Michaelis",
"Tobias Nipkow"
],
"date": "2017-06-21",
- "id": 345,
+ "id": 346,
"link": "/entries/Propositional_Proof_Systems.html",
"permalink": "/entries/Propositional_Proof_Systems.html",
"shortname": "Propositional_Proof_Systems",
"title": "Propositional Proof Systems",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 2
},
{
"abstract": "Partial Semigroups are relevant to the foundations of quantum mechanics and combinatorics as well as to interval and separation logics. Convolution algebras can be understood either as algebras of generalised binary modalities over ternary Kripke frames, in particular over partial semigroups, or as algebras of quantale-valued functions which are equipped with a convolution-style operation of multiplication that is parametrised by a ternary relation. Convolution algebras provide algebraic semantics for various substructural logics, including categorial, relevance and linear logics, for separation logic and for interval logics; they cover quantitative and qualitative applications. These mathematical components for partial semigroups and convolution algebras provide uniform foundations from which models of computation based on relations, program traces or pomsets, and verification components for separation or interval temporal logics can be built with little effort.",
"authors": [
"Brijesh Dongol",
"Victor B. F. Gomes",
"Ian J. Hayes",
"Georg Struth"
],
"date": "2017-06-13",
- "id": 346,
+ "id": 347,
"link": "/entries/PSemigroupsConvolution.html",
"permalink": "/entries/PSemigroupsConvolution.html",
"shortname": "PSemigroupsConvolution",
"title": "Partial Semigroups and Convolution Algebras",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "In the 18th century, Georges-Louis Leclerc, Comte de Buffon posed and later solved the following problem, which is often called the first problem ever solved in geometric probability: Given a floor divided into vertical strips of the same width, what is the probability that a needle thrown onto the floor randomly will cross two strips? This entry formally defines the problem in the case where the needle's position is chosen uniformly at random in a single strip around the origin (which is equivalent to larger arrangements due to symmetry). It then provides proofs of the simple solution in the case where the needle's length is no greater than the width of the strips and the more complicated solution in the opposite case.",
"authors": [
"Manuel Eberl"
],
"date": "2017-06-06",
- "id": 347,
+ "id": 348,
"link": "/entries/Buffons_Needle.html",
"permalink": "/entries/Buffons_Needle.html",
"shortname": "Buffons_Needle",
"title": "Buffon's Needle Problem",
"topic_links": [
"mathematics/probability-theory",
"mathematics/geometry"
],
"topics": [
"Mathematics/Probability theory",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "We present a formalization of flow networks and the Min-Cut-Max-Flow theorem. Our formal proof closely follows a standard textbook proof, and is accessible even without being an expert in Isabelle/HOL, the interactive theorem prover used for the formalization.",
"authors": [
"Peter Lammich",
"S. Reza Sefidgar"
],
"date": "2017-06-01",
- "id": 348,
+ "id": 349,
"link": "/entries/Flow_Networks.html",
"permalink": "/entries/Flow_Networks.html",
"shortname": "Flow_Networks",
"title": "Flow Networks and the Min-Cut-Max-Flow Theorem",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 2
},
{
"abstract": "We present a formalization of push-relabel algorithms for computing the maximum flow in a network. We start with Goldberg's et al.~generic push-relabel algorithm, for which we show correctness and the time complexity bound of O(V^2E). We then derive the relabel-to-front and FIFO implementation. Using stepwise refinement techniques, we derive an efficient verified implementation. Our formal proof of the abstract algorithms closely follows a standard textbook proof. It is accessible even without being an expert in Isabelle/HOL, the interactive theorem prover used for the formalization.",
"authors": [
"Peter Lammich",
"S. Reza Sefidgar"
],
"date": "2017-06-01",
- "id": 349,
+ "id": 350,
"link": "/entries/Prpu_Maxflow.html",
"permalink": "/entries/Prpu_Maxflow.html",
"shortname": "Prpu_Maxflow",
"title": "Formalizing Push-Relabel Algorithms",
"topic_links": [
"computer-science/algorithms/graph",
"mathematics/graph-theory"
],
"topics": [
"Computer science/Algorithms/Graph",
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "Lenses provide an abstract interface for manipulating data types through spatially-separated views. They are defined abstractly in terms of two functions, \u003cem\u003eget\u003c/em\u003e, the return a value from the source type, and \u003cem\u003eput\u003c/em\u003e that updates the value. We mechanise the underlying theory of lenses, in terms of an algebraic hierarchy of lenses, including well-behaved and very well-behaved lenses, each lens class being characterised by a set of lens laws. We also mechanise a lens algebra in Isabelle that enables their composition and comparison, so as to allow construction of complex lenses. This is accompanied by a large library of algebraic laws. Moreover we also show how the lens classes can be applied by instantiating them with a number of Isabelle data types.",
"authors": [
"Simon Foster",
"Frank Zeyda"
],
"date": "2017-05-25",
- "id": 350,
+ "id": 351,
"link": "/entries/Optics.html",
"permalink": "/entries/Optics.html",
"shortname": "Optics",
"title": "Optics",
"topic_links": [
"computer-science/functional-programming",
"mathematics/algebra"
],
"topics": [
"Computer science/Functional programming",
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "We propose a development method for security protocols based on stepwise refinement. Our refinement strategy transforms abstract security goals into protocols that are secure when operating over an insecure channel controlled by a Dolev-Yao-style intruder. As intermediate levels of abstraction, we employ messageless guard protocols and channel protocols communicating over channels with security properties. These abstractions provide insights on why protocols are secure and foster the development of families of protocols sharing common structure and properties. We have implemented our method in Isabelle/HOL and used it to develop different entity authentication and key establishment protocols, including realistic features such as key confirmation, replay caches, and encrypted tickets. Our development highlights that guard protocols and channel protocols provide fundamental abstractions for bridging the gap between security properties and standard protocol descriptions based on cryptographic messages. It also shows that our refinement approach scales to protocols of nontrivial size and complexity.",
"authors": [
"Christoph Sprenger",
"Ivano Somaini"
],
"date": "2017-05-24",
- "id": 351,
+ "id": 352,
"link": "/entries/Security_Protocol_Refinement.html",
"permalink": "/entries/Security_Protocol_Refinement.html",
"shortname": "Security_Protocol_Refinement",
"title": "Developing Security Protocols by Refinement",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "Isabelle's code generator natively supports type classes. For targets that do not have language support for classes and instances, it performs the well-known dictionary translation, as described by Haftmann and Nipkow. This translation happens outside the logic, i.e., there is no guarantee that it is correct, besides the pen-and-paper proof. This work implements a certified dictionary translation that produces new class-free constants and derives equality theorems.",
"authors": [
"Lars Hupel"
],
"date": "2017-05-24",
- "id": 352,
+ "id": 353,
"link": "/entries/Dict_Construction.html",
"permalink": "/entries/Dict_Construction.html",
"shortname": "Dict_Construction",
"title": "Dictionary Construction",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 1
},
{
"abstract": "The Floyd-Warshall algorithm [Flo62, Roy59, War62] is a classic dynamic programming algorithm to compute the length of all shortest paths between any two vertices in a graph (i.e. to solve the all-pairs shortest path problem, or APSP for short). Given a representation of the graph as a matrix of weights M, it computes another matrix M' which represents a graph with the same path lengths and contains the length of the shortest path between any two vertices i and j. This is only possible if the graph does not contain any negative cycles. However, in this case the Floyd-Warshall algorithm will detect the situation by calculating a negative diagonal entry. This entry includes a formalization of the algorithm and of these key properties. The algorithm is refined to an efficient imperative version using the Imperative Refinement Framework.",
"authors": [
"Simon Wimmer",
"Peter Lammich"
],
"date": "2017-05-08",
- "id": 353,
+ "id": 354,
"link": "/entries/Floyd_Warshall.html",
"permalink": "/entries/Floyd_Warshall.html",
"shortname": "Floyd_Warshall",
"title": "The Floyd-Warshall Algorithm for Shortest Paths",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eCryptHOL provides a framework for formalising cryptographic arguments in Isabelle/HOL. It shallowly embeds a probabilistic functional programming language in higher order logic. The language features monadic sequencing, recursion, random sampling, failures and failure handling, and black-box access to oracles. Oracles are probabilistic functions which maintain hidden state between different invocations. All operators are defined in the new semantic domain of generative probabilistic values, a codatatype. We derive proof rules for the operators and establish a connection with the theory of relational parametricity. Thus, the resuting proofs are trustworthy and comprehensible, and the framework is extensible and widely applicable. \u003c/p\u003e\u003cp\u003e The framework is used in the accompanying AFP entry \"Game-based Cryptography in HOL\". There, we show-case our framework by formalizing different game-based proofs from the literature. This formalisation continues the work described in the author's ESOP 2016 paper.\u003c/p\u003e",
"authors": [
"Andreas Lochbihler"
],
"date": "2017-05-05",
- "id": 354,
+ "id": 355,
"link": "/entries/CryptHOL.html",
"permalink": "/entries/CryptHOL.html",
"shortname": "CryptHOL",
"title": "CryptHOL",
"topic_links": [
"computer-science/security/cryptography",
"computer-science/functional-programming",
"mathematics/probability-theory"
],
"topics": [
"Computer science/Security/Cryptography",
"Computer science/Functional programming",
"Mathematics/Probability theory"
],
"used_by": 3
},
{
"abstract": "The notion of a monad cannot be expressed within higher-order logic (HOL) due to type system restrictions. We show that if a monad is used with values of only one type, this notion can be formalised in HOL. Based on this idea, we develop a library of effect specifications and implementations of monads and monad transformers. Hence, we can abstract over the concrete monad in HOL definitions and thus use the same definition for different (combinations of) effects. We illustrate the usefulness of effect polymorphism with a monadic interpreter for a simple language.",
"authors": [
"Andreas Lochbihler"
],
"date": "2017-05-05",
- "id": 355,
+ "id": 356,
"link": "/entries/Monomorphic_Monad.html",
"permalink": "/entries/Monomorphic_Monad.html",
"shortname": "Monomorphic_Monad",
"title": "Effect polymorphism in higher-order logic",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eIn this AFP entry, we show how to specify game-based cryptographic security notions and formally prove secure several cryptographic constructions from the literature using the CryptHOL framework. Among others, we formalise the notions of a random oracle, a pseudo-random function, an unpredictable function, and of encryption schemes that are indistinguishable under chosen plaintext and/or ciphertext attacks. We prove the random-permutation/random-function switching lemma, security of the Elgamal and hashed Elgamal public-key encryption scheme and correctness and security of several constructions with pseudo-random functions. \u003c/p\u003e\u003cp\u003eOur proofs follow the game-hopping style advocated by Shoup and Bellare and Rogaway, from which most of the examples have been taken. We generalise some of their results such that they can be reused in other proofs. Thanks to CryptHOL's integration with Isabelle's parametricity infrastructure, many simple hops are easily justified using the theory of representation independence.\u003c/p\u003e",
"authors": [
"Andreas Lochbihler",
"S. Reza Sefidgar",
"Bhargav Bhatt"
],
"date": "2017-05-05",
- "id": 356,
+ "id": 357,
"link": "/entries/Game_Based_Crypto.html",
"permalink": "/entries/Game_Based_Crypto.html",
"shortname": "Game_Based_Crypto",
"title": "Game-based cryptography in HOL",
"topic_links": [
"computer-science/security/cryptography"
],
"topics": [
"Computer science/Security/Cryptography"
],
"used_by": 2
},
{
"abstract": "The usual monad laws can directly be used as rewrite rules for Isabelle’s simplifier to normalise monadic HOL terms and decide equivalences. In a commutative monad, however, the commutativity law is a higher-order permutative rewrite rule that makes the simplifier loop. This AFP entry implements a simproc that normalises monadic expressions in commutative monads using ordered rewriting. The simproc can also permute computations across control operators like if and case.",
"authors": [
"Joshua Schneider",
"Manuel Eberl",
"Andreas Lochbihler"
],
"date": "2017-05-05",
- "id": 357,
+ "id": 358,
"link": "/entries/Monad_Normalisation.html",
"permalink": "/entries/Monad_Normalisation.html",
"shortname": "Monad_Normalisation",
"title": "Monad normalisation",
"topic_links": [
"tools",
"computer-science/functional-programming",
"logic/rewriting"
],
"topics": [
"Tools",
"Computer science/Functional programming",
"Logic/Rewriting"
],
"used_by": 3
},
{
"abstract": "This AFP entry defines a probabilistic while operator based on sub-probability mass functions and formalises zero-one laws and variant rules for probabilistic loop termination. As applications, we implement probabilistic algorithms for the Bernoulli, geometric and arbitrary uniform distributions that only use fair coin flips, and prove them correct and terminating with probability 1.",
"authors": [
"Andreas Lochbihler"
],
"date": "2017-05-05",
- "id": 358,
+ "id": 359,
"link": "/entries/Probabilistic_While.html",
"permalink": "/entries/Probabilistic_While.html",
"shortname": "Probabilistic_While",
"title": "Probabilistic while loop",
"topic_links": [
"computer-science/functional-programming",
"mathematics/probability-theory",
"computer-science/algorithms"
],
"topics": [
"Computer science/Functional programming",
"Mathematics/Probability theory",
"Computer science/Algorithms"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e Building on the formalization of basic category theory set out in the author's previous AFP article, the present article formalizes some basic aspects of the theory of monoidal categories. Among the notions defined here are monoidal category, monoidal functor, and equivalence of monoidal categories. The main theorems formalized are MacLane's coherence theorem and the constructions of the free monoidal category and free strict monoidal category generated by a given category. The coherence theorem is proved syntactically, using a structurally recursive approach to reduction of terms that might have some novel aspects. We also give proofs of some results given by Etingof et al, which may prove useful in a formal setting. In particular, we show that the left and right unitors need not be taken as given data in the definition of monoidal category, nor does the definition of monoidal functor need to take as given a specific isomorphism expressing the preservation of the unit object. Our definitions of monoidal category and monoidal functor are stated so as to take advantage of the economy afforded by these facts. \u003c/p\u003e\u003cp\u003e Revisions made subsequent to the first version of this article added material on cartesian monoidal categories; showing that the underlying category of a cartesian monoidal category is a cartesian category, and that every cartesian category extends to a cartesian monoidal category. \u003c/p\u003e",
"authors": [
"Eugene W. Stark"
],
"date": "2017-05-04",
- "id": 359,
+ "id": 360,
"link": "/entries/MonoidalCategory.html",
"permalink": "/entries/MonoidalCategory.html",
"shortname": "MonoidalCategory",
"title": "Monoidal Categories",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 1
},
{
"abstract": "A computer-formalisation of the essential parts of Fitting's textbook \"Types, Tableaus and Gödel's God\" in Isabelle/HOL is presented. In particular, Fitting's (and Anderson's) variant of the ontological argument is verified and confirmed. This variant avoids the modal collapse, which has been criticised as an undesirable side-effect of Kurt Gödel's (and Dana Scott's) versions of the ontological argument. Fitting's work is employing an intensional higher-order modal logic, which we shallowly embed here in classical higher-order logic. We then utilize the embedded logic for the formalisation of Fitting's argument. (See also the earlier AFP entry ``Gödel's God in Isabelle/HOL''.)",
"authors": [
"David Fuenmayor",
"Christoph Benzmüller"
],
"date": "2017-05-01",
- "id": 360,
+ "id": 361,
"link": "/entries/Types_Tableaus_and_Goedels_God.html",
"permalink": "/entries/Types_Tableaus_and_Goedels_God.html",
"shortname": "Types_Tableaus_and_Goedels_God",
"title": "Types, Tableaus and Gödel’s God in Isabelle/HOL",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "This formalisation accompanies the paper \u003ca href=\"https://arxiv.org/abs/1702.03277\"\u003eLocal Lexing\u003c/a\u003e which introduces a novel parsing concept of the same name. The paper also gives a high-level algorithm for local lexing as an extension of Earley's algorithm. This formalisation proves the algorithm to be correct with respect to its local lexing semantics. As a special case, this formalisation thus also contains a proof of the correctness of Earley's algorithm. The paper contains a short outline of how this formalisation is organised.",
"authors": [
"Steven Obua"
],
"date": "2017-04-28",
- "id": 361,
+ "id": 362,
"link": "/entries/LocalLexing.html",
"permalink": "/entries/LocalLexing.html",
"shortname": "LocalLexing",
"title": "Local Lexing",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "Isabelle's code generator performs various adaptations for target languages. Among others, constructor applications have to be fully saturated. That means that for constructor calls occuring as arguments to higher-order functions, synthetic lambdas have to be inserted. This entry provides tooling to avoid this construction altogether by introducing constructor functions.",
"authors": [
"Lars Hupel"
],
"date": "2017-04-19",
- "id": 362,
+ "id": 363,
"link": "/entries/Constructor_Funs.html",
"permalink": "/entries/Constructor_Funs.html",
"shortname": "Constructor_Funs",
"title": "Constructor Functions",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 1
},
{
"abstract": "Isabelle's code generator performs various adaptations for target languages. Among others, case statements are printed as match expressions. Internally, this is a sophisticated procedure, because in HOL, case statements are represented as nested calls to the case combinators as generated by the datatype package. Furthermore, the procedure relies on laziness of match expressions in the target language, i.e., that branches guarded by patterns that fail to match are not evaluated. Similarly, \u003ctt\u003eif-then-else\u003c/tt\u003e is printed to the corresponding construct in the target language. This entry provides tooling to replace these special cases in the code generator by ignoring these target language features, instead printing case expressions and \u003ctt\u003eif-then-else\u003c/tt\u003e as functions.",
"authors": [
"Lars Hupel"
],
"date": "2017-04-18",
- "id": 363,
+ "id": 364,
"link": "/entries/Lazy_Case.html",
"permalink": "/entries/Lazy_Case.html",
"shortname": "Lazy_Case",
"title": "Lazifying case constants",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 1
},
{
"abstract": "We formalize the theory of subresultants and the subresultant polynomial remainder sequence as described by Brown and Traub. As a result, we obtain efficient certified algorithms for computing the resultant and the greatest common divisor of polynomials.",
"authors": [
"Sebastiaan J. C. Joosten",
"René Thiemann",
"Akihisa Yamada"
],
"date": "2017-04-06",
- "id": 364,
+ "id": 365,
"link": "/entries/Subresultants.html",
"permalink": "/entries/Subresultants.html",
"shortname": "Subresultants",
"title": "Subresultants",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis entry contains proofs for the textbook results about the distributions of the height and internal path length of random binary search trees (BSTs), i.\u0026thinsp;e. BSTs that are formed by taking an empty BST and inserting elements from a fixed set in random order.\u003c/p\u003e \u003cp\u003eIn particular, we prove a logarithmic upper bound on the expected height and the \u003cem\u003eΘ(n log n)\u003c/em\u003e closed-form solution for the expected internal path length in terms of the harmonic numbers. We also show how the internal path length relates to the average-case cost of a lookup in a BST.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-04-04",
- "id": 365,
+ "id": 366,
"link": "/entries/Random_BSTs.html",
"permalink": "/entries/Random_BSTs.html",
"shortname": "Random_BSTs",
"title": "Expected Shape of Random Binary Search Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eThis article contains a formal proof of the well-known fact that number of comparisons that a comparison-based sorting algorithm needs to perform to sort a list of length \u003cem\u003en\u003c/em\u003e is at least \u003cem\u003elog\u003csub\u003e2\u003c/sub\u003e\u0026nbsp;(n!)\u003c/em\u003e in the worst case, i.\u0026thinsp;e.\u0026nbsp;\u003cem\u003eΩ(n log n)\u003c/em\u003e.\u003c/p\u003e \u003cp\u003eFor this purpose, a shallow embedding for comparison-based sorting algorithms is defined: a sorting algorithm is a recursive datatype containing either a HOL function or a query of a comparison oracle with a continuation containing the remaining computation. This makes it possible to force the algorithm to use only comparisons and to track the number of comparisons made.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-03-15",
- "id": 366,
+ "id": 367,
"link": "/entries/Comparison_Sort_Lower_Bound.html",
"permalink": "/entries/Comparison_Sort_Lower_Bound.html",
"shortname": "Comparison_Sort_Lower_Bound",
"title": "Lower bound on comparison-based sorting algorithms",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eWe give a formal proof of the well-known results about the number of comparisons performed by two variants of QuickSort: first, the expected number of comparisons of randomised QuickSort (i.\u0026thinsp;e.\u0026nbsp;QuickSort with random pivot choice) is \u003cem\u003e2\u0026thinsp;(n+1)\u0026thinsp;H\u003csub\u003en\u003c/sub\u003e - 4\u0026thinsp;n\u003c/em\u003e, which is asymptotically equivalent to \u003cem\u003e2\u0026thinsp;n ln n\u003c/em\u003e; second, the number of comparisons performed by the classic non-randomised QuickSort has the same distribution in the average case as the randomised one.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-03-15",
- "id": 367,
+ "id": 368,
"link": "/entries/Quick_Sort_Cost.html",
"permalink": "/entries/Quick_Sort_Cost.html",
"shortname": "Quick_Sort_Cost",
"title": "The number of comparisons in QuickSort",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThe Euler-MacLaurin formula relates the value of a discrete sum to that of the corresponding integral in terms of the derivatives at the borders of the summation and a remainder term. Since the remainder term is often very small as the summation bounds grow, this can be used to compute asymptotic expansions for sums.\u003c/p\u003e \u003cp\u003eThis entry contains a proof of this formula for functions from the reals to an arbitrary Banach space. Two variants of the formula are given: the standard textbook version and a variant outlined in \u003cem\u003eConcrete Mathematics\u003c/em\u003e that is more useful for deriving asymptotic estimates.\u003c/p\u003e \u003cp\u003eAs example applications, we use that formula to derive the full asymptotic expansion of the harmonic numbers and the sum of inverse squares.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-03-10",
- "id": 368,
+ "id": 369,
"link": "/entries/Euler_MacLaurin.html",
"permalink": "/entries/Euler_MacLaurin.html",
"shortname": "Euler_MacLaurin",
"title": "The Euler–MacLaurin Formula",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 2
},
{
"abstract": "We prove the group law for elliptic curves in Weierstrass form over fields of characteristic greater than 2. In addition to affine coordinates, we also formalize projective coordinates, which allow for more efficient computations. By specializing the abstract formalization to prime fields, we can apply the curve operations to parameters used in standard security protocols.",
"authors": [
"Stefan Berghofer"
],
"date": "2017-02-28",
- "id": 369,
+ "id": 370,
"link": "/entries/Elliptic_Curves_Group_Law.html",
"permalink": "/entries/Elliptic_Curves_Group_Law.html",
"shortname": "Elliptic_Curves_Group_Law",
"title": "The Group Law for Elliptic Curves",
"topic_links": [
"computer-science/security/cryptography"
],
"topics": [
"Computer science/Security/Cryptography"
],
"used_by": 0
},
{
"abstract": "We present a formalization of Menger's Theorem for directed and undirected graphs in Isabelle/HOL. This well-known result shows that if two non-adjacent distinct vertices u, v in a directed graph have no separator smaller than n, then there exist n internally vertex-disjoint paths from u to v. The version for undirected graphs follows immediately because undirected graphs are a special case of directed graphs.",
"authors": [
"Christoph Dittmann"
],
"date": "2017-02-26",
- "id": 370,
+ "id": 371,
"link": "/entries/Menger.html",
"permalink": "/entries/Menger.html",
"shortname": "Menger",
"title": "Menger's Theorem",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "We formalize differential dynamic logic, a logic for proving properties of hybrid systems. The proof calculus in this formalization is based on the uniform substitution principle. We show it is sound with respect to our denotational semantics, which provides increased confidence in the correctness of the KeYmaera X theorem prover based on this calculus. As an application, we include a proof term checker embedded in Isabelle/HOL with several example proofs. Published in: Rose Bohrer, Vincent Rahli, Ivana Vukotic, Marcus Völp, André Platzer: Formally verified differential dynamic logic. CPP 2017.",
"authors": [
"Rose Bohrer"
],
"date": "2017-02-13",
- "id": 371,
+ "id": 372,
"link": "/entries/Differential_Dynamic_Logic.html",
"permalink": "/entries/Differential_Dynamic_Logic.html",
"shortname": "Differential_Dynamic_Logic",
"title": "Differential Dynamic Logic",
"topic_links": [
"logic/general-logic/modal-logic",
"computer-science/programming-languages/logics"
],
"topics": [
"Logic/General logic/Modal logic",
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "A formalized coinductive account of the abstract development of Brotherston, Gorogiannis, and Petersen [APLAS 2012], in a slightly more general form since we work with arbitrary infinite proofs, which may be acyclic. This work is described in detail in an article by the authors, published in 2017 in the \u003cem\u003eJournal of Automated Reasoning\u003c/em\u003e. The abstract proof can be instantiated for various formalisms, including first-order logic with inductive predicates.",
"authors": [
"Jasmin Christian Blanchette",
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2017-02-10",
- "id": 372,
+ "id": 373,
"link": "/entries/Abstract_Soundness.html",
"permalink": "/entries/Abstract_Soundness.html",
"shortname": "Abstract_Soundness",
"title": "Abstract Soundness",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 2
},
{
"abstract": "We develop Stone relation algebras, which generalise relation algebras by replacing the underlying Boolean algebra structure with a Stone algebra. We show that finite matrices over extended real numbers form an instance. As a consequence, relation-algebraic concepts and methods can be used for reasoning about weighted graphs. We also develop a fixpoint calculus and apply it to compare different definitions of reflexive-transitive closures in semirings.",
"authors": [
"Walter Guttmann"
],
"date": "2017-02-07",
- "id": 373,
+ "id": 374,
"link": "/entries/Stone_Relation_Algebras.html",
"permalink": "/entries/Stone_Relation_Algebras.html",
"shortname": "Stone_Relation_Algebras",
"title": "Stone Relation Algebras",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "We develop a family of key agreement protocols that are correct by construction. Our work substantially extends prior work on developing security protocols by refinement. First, we strengthen the adversary by allowing him to compromise different resources of protocol participants, such as their long-term keys or their session keys. This enables the systematic development of protocols that ensure strong properties such as perfect forward secrecy. Second, we broaden the class of protocols supported to include those with non-atomic keys and equationally defined cryptographic operators. We use these extensions to develop key agreement protocols including signed Diffie-Hellman and the core of IKEv1 and SKEME.",
"authors": [
"Joseph Lallemand",
"Christoph Sprenger"
],
"date": "2017-01-31",
- "id": 374,
+ "id": 375,
"link": "/entries/Key_Agreement_Strong_Adversaries.html",
"permalink": "/entries/Key_Agreement_Strong_Adversaries.html",
"shortname": "Key_Agreement_Strong_Adversaries",
"title": "Refining Authenticated Key Agreement with Strong Adversaries",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eBernoulli numbers were first discovered in the closed-form expansion of the sum 1\u003csup\u003em\u003c/sup\u003e + 2\u003csup\u003em\u003c/sup\u003e + \u0026hellip; + n\u003csup\u003em\u003c/sup\u003e for a fixed m and appear in many other places. This entry provides three different definitions for them: a recursive one, an explicit one, and one through their exponential generating function.\u003c/p\u003e \u003cp\u003eIn addition, we prove some basic facts, e.g. their relation to sums of powers of integers and that all odd Bernoulli numbers except the first are zero, and some advanced facts like their relationship to the Riemann zeta function on positive even integers.\u003c/p\u003e \u003cp\u003eWe also prove the correctness of the Akiyama\u0026ndash;Tanigawa algorithm for computing Bernoulli numbers with reasonable efficiency, and we define the periodic Bernoulli polynomials (which appear e.g. in the Euler\u0026ndash;MacLaurin summation formula and the expansion of the log-Gamma function) and prove their basic properties.\u003c/p\u003e",
"authors": [
"Lukas Bulwahn",
"Manuel Eberl"
],
"date": "2017-01-24",
- "id": 375,
+ "id": 376,
"link": "/entries/Bernoulli.html",
"permalink": "/entries/Bernoulli.html",
"shortname": "Bernoulli",
"title": "Bernoulli Numbers",
"topic_links": [
"mathematics/analysis",
"mathematics/number-theory"
],
"topics": [
"Mathematics/Analysis",
"Mathematics/Number theory"
],
"used_by": 5
},
{
"abstract": "\u003cp\u003eBertrand's postulate is an early result on the distribution of prime numbers: For every positive integer n, there exists a prime number that lies strictly between n and 2n. The proof is ported from John Harrison's formalisation in HOL Light. It proceeds by first showing that the property is true for all n greater than or equal to 600 and then showing that it also holds for all n below 600 by case distinction. \u003c/p\u003e",
"authors": [
"Julian Biendarra",
"Manuel Eberl"
],
"date": "2017-01-17",
- "id": 376,
+ "id": 377,
"link": "/entries/Bertrands_Postulate.html",
"permalink": "/entries/Bertrands_Postulate.html",
"shortname": "Bertrands_Postulate",
"title": "Bertrand's postulate",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eThis formalization is an extension to \u003ca href=\"https://www.isa-afp.org/entries/Formal_SSA.html\"\u003e\"Verified Construction of Static Single Assignment Form\"\u003c/a\u003e. In their work, the authors have shown that \u003ca href=\"https://doi.org/10.1007/978-3-642-37051-9_6\"\u003eBraun et al.'s static single assignment (SSA) construction algorithm\u003c/a\u003e produces minimal SSA form for input programs with a reducible control flow graph (CFG). However Braun et al. also proposed an extension to their algorithm that they claim produces minimal SSA form even for irreducible CFGs.\u003cbr\u003e In this formalization we support that claim by giving a mechanized proof. \u003c/p\u003e \u003cp\u003eAs the extension of Braun et al.'s algorithm aims for removing so-called redundant strongly connected components of phi functions, we show that this suffices to guarantee minimality according to \u003ca href=\"https://doi.org/10.1145/115372.115320\"\u003eCytron et al.\u003c/a\u003e.\u003c/p\u003e",
"authors": [
"Max Wagner",
"Denis Lohner"
],
"date": "2017-01-17",
- "id": 377,
+ "id": 378,
"link": "/entries/Minimal_SSA.html",
"permalink": "/entries/Minimal_SSA.html",
"shortname": "Minimal_SSA",
"title": "Minimal Static Single Assignment Form",
"topic_links": [
"computer-science/programming-languages/compiling"
],
"topics": [
"Computer science/Programming languages/Compiling"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThis work contains a proof that Euler's number e is transcendental. The proof follows the standard approach of assuming that e is algebraic and then using a specific integer polynomial to derive two inconsistent bounds, leading to a contradiction.\u003c/p\u003e \u003cp\u003eThis kind of approach can be found in many different sources; this formalisation mostly follows a \u003ca href=\"http://planetmath.org/proofoflindemannweierstrasstheoremandthateandpiaretranscendental\"\u003ePlanetMath article\u003c/a\u003e by Roger Lipsett.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2017-01-12",
- "id": 378,
+ "id": 379,
"link": "/entries/E_Transcendental.html",
"permalink": "/entries/E_Transcendental.html",
"shortname": "E_Transcendental",
"title": "The Transcendence of e",
"topic_links": [
"mathematics/analysis",
"mathematics/number-theory"
],
"topics": [
"Mathematics/Analysis",
"Mathematics/Number theory"
],
"used_by": 2
},
{
"abstract": "We present a formal model of network protocols and their application to modeling firewall policies. The formalization is based on the Unified Policy Framework (UPF). The formalization was originally developed with for generating test cases for testing the security configuration actual firewall and router (middle-boxes) using HOL-TestGen. Our work focuses on modeling application level protocols on top of tcp/ip.",
"authors": [
"Achim D. Brucker",
"Lukas Brügger",
"Burkhart Wolff"
],
"date": "2017-01-08",
- "id": 379,
+ "id": 380,
"link": "/entries/UPF_Firewall.html",
"permalink": "/entries/UPF_Firewall.html",
"shortname": "UPF_Firewall",
"title": "Formal Network Models and Their Application to Firewall Policies",
"topic_links": [
"computer-science/security",
"computer-science/networks"
],
"topics": [
"Computer science/Security",
"Computer science/Networks"
],
"used_by": 0
},
{
"abstract": "This paper constructs a formal model of a Diffie-Hellman password-based authentication protocol between a user and a smart card, and proves its security. The protocol provides for the dispatch of the user's password to the smart card on a secure messaging channel established by means of Password Authenticated Connection Establishment (PACE), where the mapping method being used is Chip Authentication Mapping. By applying and suitably extending Paulson's Inductive Method, this paper proves that the protocol establishes trustworthy secure messaging channels, preserves the secrecy of users' passwords, and provides an effective mutual authentication service. What is more, these security properties turn out to hold independently of the secrecy of the PACE authentication key.",
"authors": [
"Pasquale Noce"
],
"date": "2017-01-03",
- "id": 380,
+ "id": 381,
"link": "/entries/Password_Authentication_Protocol.html",
"permalink": "/entries/Password_Authentication_Protocol.html",
"shortname": "Password_Authentication_Protocol",
"title": "Verification of a Diffie-Hellman Password-based Authentication Protocol by Extending the Inductive Method",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eWe present a certified declarative first-order prover with equality based on John Harrison's Handbook of Practical Logic and Automated Reasoning, Cambridge University Press, 2009. ML code reflection is used such that the entire prover can be executed within Isabelle as a very simple interactive proof assistant. As examples we consider Pelletier's problems 1-46.\u003c/p\u003e \u003cp\u003eReference: Programming and Verifying a Declarative First-Order Prover in Isabelle/HOL. Alexander Birch Jensen, John Bruntse Larsen, Anders Schlichtkrull \u0026 Jørgen Villadsen. AI Communications 31:281-299 2018. \u003ca href=\"https://content.iospress.com/articles/ai-communications/aic764\"\u003e https://content.iospress.com/articles/ai-communications/aic764\u003c/a\u003e\u003c/p\u003e \u003cp\u003eSee also: Students' Proof Assistant (SPA). \u003ca href=https://github.com/logic-tools/spa\u003e https://github.com/logic-tools/spa\u003c/a\u003e\u003c/p\u003e",
"authors": [
"Alexander Birch Jensen",
"Anders Schlichtkrull",
"Jørgen Villadsen"
],
"date": "2017-01-01",
- "id": 381,
+ "id": 382,
"link": "/entries/FOL_Harrison.html",
"permalink": "/entries/FOL_Harrison.html",
"shortname": "FOL_Harrison",
"title": "First-Order Logic According to Harrison",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "The concurrent refinement algebra developed here is designed to provide a foundation for rely/guarantee reasoning about concurrent programs. The algebra builds on a complete lattice of commands by providing sequential composition, parallel composition and a novel weak conjunction operator. The weak conjunction operator coincides with the lattice supremum providing its arguments are non-aborting, but aborts if either of its arguments do. Weak conjunction provides an abstract version of a guarantee condition as a guarantee process. We distinguish between models that distribute sequential composition over non-deterministic choice from the left (referred to as being conjunctive in the refinement calculus literature) and those that don't. Least and greatest fixed points of monotone functions are provided to allow recursion and iteration operators to be added to the language. Additional iteration laws are available for conjunctive models. The rely quotient of processes \u003ci\u003ec\u003c/i\u003e and \u003ci\u003ei\u003c/i\u003e is the process that, if executed in parallel with \u003ci\u003ei\u003c/i\u003e implements \u003ci\u003ec\u003c/i\u003e. It represents an abstract version of a rely condition generalised to a process.",
"authors": [
"Julian Fell",
"Ian J. Hayes",
"Andrius Velykis"
],
"date": "2016-12-30",
- "id": 382,
+ "id": 383,
"link": "/entries/Concurrent_Ref_Alg.html",
"permalink": "/entries/Concurrent_Ref_Alg.html",
"shortname": "Concurrent_Ref_Alg",
"title": "Concurrent Refinement Algebra and Rely Quotients",
"topic_links": [
"computer-science/concurrency"
],
"topics": [
"Computer science/Concurrency"
],
"used_by": 0
},
{
"abstract": "This entry provides all cardinality theorems of the Twelvefold Way. The Twelvefold Way systematically classifies twelve related combinatorial problems concerning two finite sets, which include counting permutations, combinations, multisets, set partitions and number partitions. This development builds upon the existing formal developments with cardinality theorems for those structures. It provides twelve bijections from the various structures to different equivalence classes on finite functions, and hence, proves cardinality formulae for these equivalence classes on finite functions.",
"authors": [
"Lukas Bulwahn"
],
"date": "2016-12-29",
- "id": 383,
+ "id": 384,
"link": "/entries/Twelvefold_Way.html",
"permalink": "/entries/Twelvefold_Way.html",
"shortname": "Twelvefold_Way",
"title": "The Twelvefold Way",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "Isabelle includes various automatic tools for finding proofs under certain conditions. However, for each conjecture, knowing which automation to use, and how to tweak its parameters, is currently labour intensive. We have developed a language, PSL, designed to capture high level proof strategies. PSL offloads the construction of human-readable fast-to-replay proof scripts to automatic search, making use of search-time information about each conjecture. Our preliminary evaluations show that PSL reduces the labour cost of interactive theorem proving. This submission contains the implementation of PSL and an example theory file, Example.thy, showing how to write poof strategies in PSL.",
"authors": [
"Yutaka Nagashima"
],
"date": "2016-12-20",
- "id": 384,
+ "id": 385,
"link": "/entries/Proof_Strategy_Language.html",
"permalink": "/entries/Proof_Strategy_Language.html",
"shortname": "Proof_Strategy_Language",
"title": "Proof Strategy Language",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 0
},
{
"abstract": "Paraconsistency is about handling inconsistency in a coherent way. In classical and intuitionistic logic everything follows from an inconsistent theory. A paraconsistent logic avoids the explosion. Quite a few applications in computer science and engineering are discussed in the Intelligent Systems Reference Library Volume 110: Towards Paraconsistent Engineering (Springer 2016). We formalize a paraconsistent many-valued logic that we motivated and described in a special issue on logical approaches to paraconsistency (Journal of Applied Non-Classical Logics 2005). We limit ourselves to the propositional fragment of the higher-order logic. The logic is based on so-called key equalities and has a countably infinite number of truth values. We prove theorems in the logic using the definition of validity. We verify truth tables and also counterexamples for non-theorems. We prove meta-theorems about the logic and finally we investigate a case study.",
"authors": [
"Anders Schlichtkrull",
"Jørgen Villadsen"
],
"date": "2016-12-07",
- "id": 385,
+ "id": 386,
"link": "/entries/Paraconsistency.html",
"permalink": "/entries/Paraconsistency.html",
"shortname": "Paraconsistency",
"title": "Paraconsistency",
"topic_links": [
"logic/general-logic/paraconsistent-logics"
],
"topics": [
"Logic/General logic/Paraconsistent logics"
],
"used_by": 0
},
{
"abstract": "We propose a concurrency reasoning framework for imperative programs, based on the Owicki-Gries (OG) foundational shared-variable concurrency method. Our framework combines the approaches of Hoare-Parallel, a formalisation of OG in Isabelle/HOL for a simple while-language, and Simpl, a generic imperative language embedded in Isabelle/HOL, allowing formal reasoning on C programs. We define the Complx language, extending the syntax and semantics of Simpl with support for parallel composition and synchronisation. We additionally define an OG logic, which we prove sound w.r.t. the semantics, and a verification condition generator, both supporting involved low-level imperative constructs such as function calls and abrupt termination. We illustrate our framework on an example that features exceptions, guards and function calls. We aim to then target concurrent operating systems, such as the interruptible eChronos embedded operating system for which we already have a model-level OG proof using Hoare-Parallel.",
"authors": [
"Sidney Amani",
"June Andronick",
"Maksym Bortin",
"Corey Lewis",
"Christine Rizkallah",
"Joseph Tuong"
],
"date": "2016-11-29",
- "id": 386,
+ "id": 387,
"link": "/entries/Complx.html",
"permalink": "/entries/Complx.html",
"shortname": "Complx",
"title": "COMPLX: A Verification Framework for Concurrent Imperative Programs",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "This is the Isabelle formalization of the material decribed in the eponymous \u003ca href=\"https://doi.org/10.1007/978-3-642-32347-8_9\"\u003eITP 2012 paper\u003c/a\u003e. It develops a generic abstract interpreter for a while-language, including widening and narrowing. The collecting semantics and the abstract interpreter operate on annotated commands: the program is represented as a syntax tree with the semantic information directly embedded, without auxiliary labels. The aim of the formalization is simplicity, not efficiency or precision. This is motivated by the inclusion of the material in a theorem prover based course on semantics. A similar (but more polished) development is covered in the book \u003ca href=\"https://doi.org/10.1007/978-3-319-10542-0\"\u003eConcrete Semantics\u003c/a\u003e.",
"authors": [
"Tobias Nipkow"
],
"date": "2016-11-23",
- "id": 387,
+ "id": 388,
"link": "/entries/Abs_Int_ITP2012.html",
"permalink": "/entries/Abs_Int_ITP2012.html",
"shortname": "Abs_Int_ITP2012",
"title": "Abstract Interpretation of Annotated Commands",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 0
},
{
"abstract": "We bring the labelled sequent calculus $LS_{PASL}$ for propositional abstract separation logic to Isabelle. The tactics given here are directly applied on an extension of the Separation Algebra in the AFP. In addition to the cancellative separation algebra, we further consider some useful properties in the heap model of separation logic, such as indivisible unit, disjointness, and cross-split. The tactics are essentially a proof search procedure for the calculus $LS_{PASL}$. We wrap the tactics in an Isabelle method called separata, and give a few examples of separation logic formulae which are provable by separata.",
"authors": [
"Zhe Hou",
"David Sanan",
"Alwen Tiu",
"Rajeev Gore",
"Ranald Clouston"
],
"date": "2016-11-16",
- "id": 388,
+ "id": 389,
"link": "/entries/Separata.html",
"permalink": "/entries/Separata.html",
"shortname": "Separata",
"title": "Separata: Isabelle tactics for Separation Algebra",
"topic_links": [
"computer-science/programming-languages/logics",
"tools"
],
"topics": [
"Computer science/Programming languages/Logics",
"Tools"
],
"used_by": 0
},
{
"abstract": "This Isabelle/HOL formalization defines Knuth–Bendix orders for higher-order terms without lambda-abstraction and proves many useful properties about them. The main order fully coincides with the standard transfinite KBO with subterm coefficients on first-order terms. It appears promising as the basis of a higher-order superposition calculus.",
"authors": [
"Heiko Becker",
"Jasmin Christian Blanchette",
"Uwe Waldmann",
"Daniel Wand"
],
"date": "2016-11-12",
- "id": 389,
+ "id": 390,
"link": "/entries/Lambda_Free_KBOs.html",
"permalink": "/entries/Lambda_Free_KBOs.html",
"shortname": "Lambda_Free_KBOs",
"title": "Formalization of Knuth–Bendix Orders for Lambda-Free Higher-Order Terms",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "This Isabelle/HOL formalization introduces a nested multiset datatype and defines Dershowitz and Manna's nested multiset order. The order is proved well founded and linear. By removing one constructor, we transform the nested multisets into hereditary multisets. These are isomorphic to the syntactic ordinals—the ordinals can be recursively expressed in Cantor normal form. Addition, subtraction, multiplication, and linear orders are provided on this type.",
"authors": [
"Jasmin Christian Blanchette",
"Mathias Fleury",
"Dmitriy Traytel"
],
"date": "2016-11-12",
- "id": 390,
+ "id": 391,
"link": "/entries/Nested_Multisets_Ordinals.html",
"permalink": "/entries/Nested_Multisets_Ordinals.html",
"shortname": "Nested_Multisets_Ordinals",
"title": "Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 7
},
{
"abstract": "Deep learning has had a profound impact on computer science in recent years, with applications to search engines, image recognition and language processing, bioinformatics, and more. Recently, Cohen et al. provided theoretical evidence for the superiority of deep learning over shallow learning. This formalization of their work simplifies and generalizes the original proof, while working around the limitations of the Isabelle type system. To support the formalization, I developed reusable libraries of formalized mathematics, including results about the matrix rank, the Lebesgue measure, and multivariate polynomials, as well as a library for tensor analysis.",
"authors": [
"Alexander Bentkamp"
],
"date": "2016-11-10",
- "id": 391,
+ "id": 392,
"link": "/entries/Deep_Learning.html",
"permalink": "/entries/Deep_Learning.html",
"shortname": "Deep_Learning",
"title": "Expressiveness of Deep Learning",
"topic_links": [
"computer-science/machine-learning",
"mathematics/analysis"
],
"topics": [
"Computer science/Machine learning",
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "We formalize a uniform semantic substrate for a wide variety of process calculi where states and action labels can be from arbitrary nominal sets. A Hennessy-Milner logic for these systems is defined, and proved adequate for bisimulation equivalence. A main novelty is the construction of an infinitary nominal data type to model formulas with (finitely supported) infinite conjunctions and actions that may contain binding names. The logic is generalized to treat different bisimulation variants such as early, late and open in a systematic way.",
"authors": [
"Tjark Weber",
"Lars-Henrik Eriksson",
"Joachim Parrow",
"Johannes Borgström",
"Ramunas Gutkovas"
],
"date": "2016-10-25",
- "id": 392,
+ "id": 393,
"link": "/entries/Modal_Logics_for_NTS.html",
"permalink": "/entries/Modal_Logics_for_NTS.html",
"shortname": "Modal_Logics_for_NTS",
"title": "Modal Logics for Nominal Transition Systems",
"topic_links": [
"computer-science/concurrency/process-calculi",
"logic/general-logic/modal-logic"
],
"topics": [
"Computer science/Concurrency/Process calculi",
"Logic/General logic/Modal logic"
],
"used_by": 0
},
{
"abstract": "We mechanize proofs of several results from the matching with contracts literature, which generalize those of the classical two-sided matching scenarios that go by the name of stable marriage. Our focus is on game theoretic issues. Along the way we develop executable algorithms for computing optimal stable matches.",
"authors": [
"Peter Gammie"
],
"date": "2016-10-24",
- "id": 393,
+ "id": 394,
"link": "/entries/Stable_Matching.html",
"permalink": "/entries/Stable_Matching.html",
"shortname": "Stable_Matching",
"title": "Stable Matching",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "We present LOFT — Linux firewall OpenFlow Translator, a system that transforms the main routing table and FORWARD chain of iptables of a Linux-based firewall into a set of static OpenFlow rules. Our implementation is verified against a model of a simplified Linux-based router and we can directly show how much of the original functionality is preserved.",
"authors": [
"Julius Michaelis",
"Cornelius Diekmann"
],
"date": "2016-10-21",
- "id": 394,
+ "id": 395,
"link": "/entries/LOFT.html",
"permalink": "/entries/LOFT.html",
"shortname": "LOFT",
"title": "LOFT — Verified Migration of Linux Firewalls to SDN",
"topic_links": [
"computer-science/networks"
],
"topics": [
"Computer science/Networks"
],
"used_by": 0
},
{
"abstract": "We formalise the SPARCv8 instruction set architecture (ISA) which is used in processors such as LEON3. Our formalisation can be specialised to any SPARCv8 CPU, here we use LEON3 as a running example. Our model covers the operational semantics for all the instructions in the integer unit of the SPARCv8 architecture and it supports Isabelle code export, which effectively turns the Isabelle model into a SPARCv8 CPU simulator. We prove the language-based non-interference property for the LEON3 processor. Our model is based on deterministic monad, which is a modified version of the non-deterministic monad from NICTA/l4v.",
"authors": [
"Zhe Hou",
"David Sanan",
"Alwen Tiu",
"Yang Liu"
],
"date": "2016-10-19",
- "id": 395,
+ "id": 396,
"link": "/entries/SPARCv8.html",
"permalink": "/entries/SPARCv8.html",
"shortname": "SPARCv8",
"title": "A formal model for the SPARCv8 ISA and a proof of non-interference for the LEON3 processor",
"topic_links": [
"computer-science/security",
"computer-science/hardware"
],
"topics": [
"Computer science/Security",
"Computer science/Hardware"
],
"used_by": 0
},
{
"abstract": "This document contains a proof of the necessary condition on the code rate of a source code, namely that this code rate is bounded by the entropy of the source. This represents one half of Shannon's source coding theorem, which is itself an equivalence.",
"authors": [
"Quentin Hibon",
"Lawrence C. Paulson"
],
"date": "2016-10-19",
- "id": 396,
+ "id": 397,
"link": "/entries/Source_Coding_Theorem.html",
"permalink": "/entries/Source_Coding_Theorem.html",
"shortname": "Source_Coding_Theorem",
"title": "Source Coding Theorem",
"topic_links": [
"mathematics/probability-theory"
],
"topics": [
"Mathematics/Probability theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eWe formalize the Berlekamp-Zassenhaus algorithm for factoring square-free integer polynomials in Isabelle/HOL. We further adapt an existing formalization of Yun’s square-free factorization algorithm to integer polynomials, and thus provide an efficient and certified factorization algorithm for arbitrary univariate polynomials. \u003c/p\u003e \u003cp\u003eThe algorithm first performs a factorization in the prime field GF(p) and then performs computations in the integer ring modulo p^k, where both p and k are determined at runtime. Since a natural modeling of these structures via dependent types is not possible in Isabelle/HOL, we formalize the whole algorithm using Isabelle’s recent addition of local type definitions. \u003c/p\u003e \u003cp\u003eThrough experiments we verify that our algorithm factors polynomials of degree 100 within seconds. \u003c/p\u003e",
"authors": [
"Jose Divasón",
"Sebastiaan J. C. Joosten",
"René Thiemann",
"Akihisa Yamada"
],
"date": "2016-10-14",
- "id": 397,
+ "id": 398,
"link": "/entries/Berlekamp_Zassenhaus.html",
"permalink": "/entries/Berlekamp_Zassenhaus.html",
"shortname": "Berlekamp_Zassenhaus",
"title": "The Factorization Algorithm of Berlekamp and Zassenhaus",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 7
},
{
"abstract": "This entry provides a geometric proof of the intersecting chords theorem. The theorem states that when two chords intersect each other inside a circle, the products of their segments are equal. After a short review of existing proofs in the literature, I decided to use a proof approach that employs reasoning about lengths of line segments, the orthogonality of two lines and the Pythagoras Law. Hence, one can understand the formalized proof easily with the knowledge of a few general geometric facts that are commonly taught in high-school. This theorem is the 55th theorem of the Top 100 Theorems list.",
"authors": [
"Lukas Bulwahn"
],
"date": "2016-10-11",
- "id": 398,
+ "id": 399,
"link": "/entries/Chord_Segments.html",
"permalink": "/entries/Chord_Segments.html",
"shortname": "Chord_Segments",
"title": "Intersecting Chords Theorem",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "Lp is the space of functions whose p-th power is integrable. It is one of the most fundamental Banach spaces that is used in analysis and probability. We develop a framework for function spaces, and then implement the Lp spaces in this framework using the existing integration theory in Isabelle/HOL. Our development contains most fundamental properties of Lp spaces, notably the Hölder and Minkowski inequalities, completeness of Lp, duality, stability under almost sure convergence, multiplication of functions in Lp and Lq, stability under conditional expectation.",
"authors": [
"Sebastien Gouezel"
],
"date": "2016-10-05",
- "id": 399,
+ "id": 400,
"link": "/entries/Lp.html",
"permalink": "/entries/Lp.html",
"shortname": "Lp",
"title": "Lp spaces",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eThis work defines and proves the correctness of the Fisher–Yates algorithm for shuffling – i.e. producing a random permutation – of a list. The algorithm proceeds by traversing the list and in each step swapping the current element with a random element from the remaining list.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2016-09-30",
- "id": 400,
+ "id": 401,
"link": "/entries/Fisher_Yates.html",
"permalink": "/entries/Fisher_Yates.html",
"shortname": "Fisher_Yates",
"title": "Fisher–Yates shuffle",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "Allen’s interval calculus is a qualitative temporal representation of time events. Allen introduced 13 binary relations that describe all the possible arrangements between two events, i.e. intervals with non-zero finite length. The compositions are pertinent to reasoning about knowledge of time. In particular, a consistency problem of relation constraints is commonly solved with a guideline from these compositions. We formalize the relations together with an axiomatic system. We proof the validity of the 169 compositions of these relations. We also define nests as the sets of intervals that share a meeting point. We prove that nests give the ordering properties of points without introducing a new datatype for points. [1] J.F. Allen. Maintaining Knowledge about Temporal Intervals. In Commun. ACM, volume 26, pages 832–843, 1983. [2] J. F. Allen and P. J. Hayes. A Common-sense Theory of Time. In Proceedings of the 9th International Joint Conference on Artificial Intelligence (IJCAI’85), pages 528–531, 1985.",
"authors": [
"Fadoua Ghourabi"
],
"date": "2016-09-29",
- "id": 401,
+ "id": 402,
"link": "/entries/Allen_Calculus.html",
"permalink": "/entries/Allen_Calculus.html",
"shortname": "Allen_Calculus",
"title": "Allen's Interval Calculus",
"topic_links": [
"logic/general-logic/temporal-logic",
"mathematics/order"
],
"topics": [
"Logic/General logic/Temporal logic",
"Mathematics/Order"
],
"used_by": 0
},
{
"abstract": "This Isabelle/HOL formalization defines recursive path orders (RPOs) for higher-order terms without lambda-abstraction and proves many useful properties about them. The main order fully coincides with the standard RPO on first-order terms also in the presence of currying, distinguishing it from previous work. An optimized variant is formalized as well. It appears promising as the basis of a higher-order superposition calculus.",
"authors": [
"Jasmin Christian Blanchette",
"Uwe Waldmann",
"Daniel Wand"
],
"date": "2016-09-23",
- "id": 402,
+ "id": 403,
"link": "/entries/Lambda_Free_RPOs.html",
"permalink": "/entries/Lambda_Free_RPOs.html",
"shortname": "Lambda_Free_RPOs",
"title": "Formalization of Recursive Path Orders for Lambda-Free Higher-Order Terms",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 5
},
{
"abstract": "We present a big step semantics of the filtering behavior of the Linux/netfilter iptables firewall. We provide algorithms to simplify complex iptables rulests to a simple firewall model (c.f. AFP entry \u003ca href=\"https://www.isa-afp.org/entries/Simple_Firewall.html\"\u003eSimple_Firewall\u003c/a\u003e) and to verify spoofing protection of a ruleset. Internally, we embed our semantics into ternary logic, ultimately supporting every iptables match condition by abstracting over unknowns. Using this AFP entry and all entries it depends on, we created an easy-to-use, stand-alone haskell tool called \u003ca href=\"http://iptables.isabelle.systems\"\u003efffuu\u003c/a\u003e. The tool does not require any input \u0026mdash;except for the \u003ctt\u003eiptables-save\u003c/tt\u003e dump of the analyzed firewall\u0026mdash; and presents interesting results about the user's ruleset. Real-Word firewall errors have been uncovered, and the correctness of rulesets has been proved, with the help of our tool.",
"authors": [
"Cornelius Diekmann",
"Lars Hupel"
],
"date": "2016-09-09",
- "id": 403,
+ "id": 404,
"link": "/entries/Iptables_Semantics.html",
"permalink": "/entries/Iptables_Semantics.html",
"shortname": "Iptables_Semantics",
"title": "Iptables Semantics",
"topic_links": [
"computer-science/networks"
],
"topics": [
"Computer science/Networks"
],
"used_by": 2
},
{
"abstract": "We provide a formalization of a variant of the superposition calculus, together with formal proofs of soundness and refutational completeness (w.r.t. the usual redundancy criteria based on clause ordering). This version of the calculus uses all the standard restrictions of the superposition rules, together with the following refinement, inspired by the basic superposition calculus: each clause is associated with a set of terms which are assumed to be in normal form -- thus any application of the replacement rule on these terms is blocked. The set is initially empty and terms may be added or removed at each inference step. The set of terms that are assumed to be in normal form includes any term introduced by previous unifiers as well as any term occurring in the parent clauses at a position that is smaller (according to some given ordering on positions) than a previously replaced term. The standard superposition calculus corresponds to the case where the set of irreducible terms is always empty.",
"authors": [
"Nicolas Peltier"
],
"date": "2016-09-06",
- "id": 404,
+ "id": 405,
"link": "/entries/SuperCalc.html",
"permalink": "/entries/SuperCalc.html",
"shortname": "SuperCalc",
"title": "A Variant of the Superposition Calculus",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "A range of algebras between lattices and Boolean algebras generalise the notion of a complement. We develop a hierarchy of these pseudo-complemented algebras that includes Stone algebras. Independently of this theory we study filters based on partial orders. Both theories are combined to prove Chen and Grätzer's construction theorem for Stone algebras. The latter involves extensive reasoning about algebraic structures in addition to reasoning in algebraic structures.",
"authors": [
"Walter Guttmann"
],
"date": "2016-09-06",
- "id": 405,
+ "id": 406,
"link": "/entries/Stone_Algebras.html",
"permalink": "/entries/Stone_Algebras.html",
"shortname": "Stone_Algebras",
"title": "Stone Algebras",
"topic_links": [
"mathematics/order"
],
"topics": [
"Mathematics/Order"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eThis work contains a proof of Stirling's formula both for the factorial $n! \\sim \\sqrt{2\\pi n} (n/e)^n$ on natural numbers and the real Gamma function $\\Gamma(x)\\sim \\sqrt{2\\pi/x} (x/e)^x$. The proof is based on work by \u003ca href=\"http://www.maths.lancs.ac.uk/~jameson/stirlgamma.pdf\"\u003eGraham Jameson\u003c/a\u003e.\u003c/p\u003e \u003cp\u003eThis is then extended to the full asymptotic expansion $$\\log\\Gamma(z) = \\big(z - \\tfrac{1}{2}\\big)\\log z - z + \\tfrac{1}{2}\\log(2\\pi) + \\sum_{k=1}^{n-1} \\frac{B_{k+1}}{k(k+1)} z^{-k}\\\\ {} - \\frac{1}{n} \\int_0^\\infty B_n([t])(t + z)^{-n}\\,\\text{d}t$$ uniformly for all complex $z\\neq 0$ in the cone $\\text{arg}(z)\\leq \\alpha$ for any $\\alpha\\in(0,\\pi)$, with which the above asymptotic relation for \u0026Gamma; is also extended to complex arguments.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2016-09-01",
- "id": 406,
+ "id": 407,
"link": "/entries/Stirling_Formula.html",
"permalink": "/entries/Stirling_Formula.html",
"shortname": "Stirling_Formula",
"title": "Stirling's formula",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 5
},
{
"abstract": "This entry contains definitions for routing with routing tables/longest prefix matching. A routing table entry is modelled as a record of a prefix match, a metric, an output port, and an optional next hop. A routing table is a list of entries, sorted by prefix length and metric. Additionally, a parser and serializer for the output of the ip-route command, a function to create a relation from output port to corresponding destination IP space, and a model of a Linux-style router are included.",
"authors": [
"Julius Michaelis",
"Cornelius Diekmann"
],
"date": "2016-08-31",
- "id": 407,
+ "id": 408,
"link": "/entries/Routing.html",
"permalink": "/entries/Routing.html",
"shortname": "Routing",
"title": "Routing",
"topic_links": [
"computer-science/networks"
],
"topics": [
"Computer science/Networks"
],
"used_by": 1
},
{
"abstract": "We present a simple model of a firewall. The firewall can accept or drop a packet and can match on interfaces, IP addresses, protocol, and ports. It was designed to feature nice mathematical properties: The type of match expressions was carefully crafted such that the conjunction of two match expressions is only one match expression. This model is too simplistic to mirror all aspects of the real world. In the upcoming entry \"Iptables Semantics\", we will translate the Linux firewall iptables to this model. For a fixed service (e.g. ssh, http), we provide an algorithm to compute an overview of the firewall's filtering behavior. The algorithm computes minimal service matrices, i.e. graphs which partition the complete IPv4 and IPv6 address space and visualize the allowed accesses between partitions. For a detailed description, see \u003ca href=\"http://dl.ifip.org/db/conf/networking/networking2016/1570232858.pdf\"\u003eVerified iptables Firewall Analysis\u003c/a\u003e, IFIP Networking 2016.",
"authors": [
"Cornelius Diekmann",
"Julius Michaelis",
"Max W. Haslbeck"
],
"date": "2016-08-24",
- "id": 408,
+ "id": 409,
"link": "/entries/Simple_Firewall.html",
"permalink": "/entries/Simple_Firewall.html",
"shortname": "Simple_Firewall",
"title": "Simple Firewall",
"topic_links": [
"computer-science/networks"
],
"topics": [
"Computer science/Networks"
],
"used_by": 1
},
{
"abstract": "TRACER is a tool for verifying safety properties of sequential C programs. TRACER attempts at building a finite symbolic execution graph which over-approximates the set of all concrete reachable states and the set of feasible paths. We present an abstract framework for TRACER and similar CEGAR-like systems. The framework provides 1) a graph- transformation based method for reducing the feasible paths in control-flow graphs, 2) a model for symbolic execution, subsumption, predicate abstraction and invariant generation. In this framework we formally prove two key properties: correct construction of the symbolic states and preservation of feasible paths. The framework focuses on core operations, leaving to concrete prototypes to “fit in” heuristics for combining them. The accompanying paper (published in ITP 2016) can be found at https://www.lri.fr/∼wolff/papers/conf/2016-itp-InfPathsNSE.pdf.",
"authors": [
"Romain Aissat",
"Frederic Voisin",
"Burkhart Wolff"
],
"date": "2016-08-18",
- "id": 409,
+ "id": 410,
"link": "/entries/InfPathElimination.html",
"permalink": "/entries/InfPathElimination.html",
"shortname": "InfPathElimination",
"title": "Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 0
},
{
"abstract": "We present a formalization of the Ford-Fulkerson method for computing the maximum flow in a network. Our formal proof closely follows a standard textbook proof, and is accessible even without being an expert in Isabelle/HOL--- the interactive theorem prover used for the formalization. We then use stepwise refinement to obtain the Edmonds-Karp algorithm, and formally prove a bound on its complexity. Further refinement yields a verified implementation, whose execution time compares well to an unverified reference implementation in Java. This entry is based on our ITP-2016 paper with the same title.",
"authors": [
"Peter Lammich",
"S. Reza Sefidgar"
],
"date": "2016-08-12",
- "id": 410,
+ "id": 411,
"link": "/entries/EdmondsKarp_Maxflow.html",
"permalink": "/entries/EdmondsKarp_Maxflow.html",
"shortname": "EdmondsKarp_Maxflow",
"title": "Formalizing the Edmonds-Karp Algorithm",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 1
},
{
"abstract": "We present the Imperative Refinement Framework (IRF), a tool that supports a stepwise refinement based approach to imperative programs. This entry is based on the material we presented in [ITP-2015, CPP-2016]. It uses the Monadic Refinement Framework as a frontend for the specification of the abstract programs, and Imperative/HOL as a backend to generate executable imperative programs. The IRF comes with tool support to synthesize imperative programs from more abstract, functional ones, using efficient imperative implementations for the abstract data structures. This entry also includes the Imperative Isabelle Collection Framework (IICF), which provides a library of re-usable imperative collection data structures. Moreover, this entry contains a quickstart guide and a reference manual, which provide an introduction to using the IRF for Isabelle/HOL experts. It also provids a collection of (partly commented) practical examples, some highlights being Dijkstra's Algorithm, Nested-DFS, and a generic worklist algorithm with subsumption. Finally, this entry contains benchmark scripts that compare the runtime of some examples against reference implementations of the algorithms in Java and C++. [ITP-2015] Peter Lammich: Refinement to Imperative/HOL. ITP 2015: 253--269 [CPP-2016] Peter Lammich: Refinement based verification of imperative data structures. CPP 2016: 27--36",
"authors": [
"Peter Lammich"
],
"date": "2016-08-08",
- "id": 411,
+ "id": 412,
"link": "/entries/Refine_Imperative_HOL.html",
"permalink": "/entries/Refine_Imperative_HOL.html",
"shortname": "Refine_Imperative_HOL",
"title": "The Imperative Refinement Framework",
"topic_links": [
"computer-science/semantics-and-reasoning",
"computer-science/data-structures"
],
"topics": [
"Computer science/Semantics and reasoning",
"Computer science/Data structures"
],
"used_by": 5
},
{
"abstract": "This entry provides an analytic proof to Ptolemy's Theorem using polar form transformation and trigonometric identities. In this formalization, we use ideas from John Harrison's HOL Light formalization and the proof sketch on the Wikipedia entry of Ptolemy's Theorem. This theorem is the 95th theorem of the Top 100 Theorems list.",
"authors": [
"Lukas Bulwahn"
],
"date": "2016-08-07",
- "id": 412,
+ "id": 413,
"link": "/entries/Ptolemys_Theorem.html",
"permalink": "/entries/Ptolemys_Theorem.html",
"shortname": "Ptolemys_Theorem",
"title": "Ptolemy's Theorem",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "In 1964, Fitch showed that the paradox of the surprise hanging can be resolved by showing that the judge’s verdict is inconsistent. His formalization builds on Gödel’s coding of provability. In this theory, we reproduce his proof in Isabelle, building on Paulson’s formalisation of Gödel’s incompleteness theorems.",
"authors": [
"Joachim Breitner"
],
"date": "2016-07-17",
- "id": 413,
+ "id": 414,
"link": "/entries/Surprise_Paradox.html",
"permalink": "/entries/Surprise_Paradox.html",
"shortname": "Surprise_Paradox",
"title": "Surprise Paradox",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "This library defines three different versions of pairing heaps: a functional version of the original design based on binary trees [Fredman et al. 1986], the version by Okasaki [1998] and a modified version of the latter that is free of structural invariants. \u003cp\u003e The amortized complexity of pairing heaps is analyzed in the AFP article \u003ca href=\"http://isa-afp.org/entries/Amortized_Complexity.html\"\u003eAmortized Complexity\u003c/a\u003e.",
"authors": [
"Hauke Brinkop",
"Tobias Nipkow"
],
"date": "2016-07-14",
- "id": 414,
+ "id": 415,
"link": "/entries/Pairing_Heap.html",
"permalink": "/entries/Pairing_Heap.html",
"shortname": "Pairing_Heap",
"title": "Pairing Heap",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003e This entry presents a framework for the modular verification of DFS-based algorithms, which is described in our [CPP-2015] paper. It provides a generic DFS algorithm framework, that can be parameterized with user-defined actions on certain events (e.g. discovery of new node). It comes with an extensible library of invariants, which can be used to derive invariants of a specific parameterization. Using refinement techniques, efficient implementations of the algorithms can easily be derived. Here, the framework comes with templates for a recursive and a tail-recursive implementation, and also with several templates for implementing the data structures required by the DFS algorithm. Finally, this entry contains a set of re-usable DFS-based algorithms, which illustrate the application of the framework. \u003c/p\u003e\u003cp\u003e [CPP-2015] Peter Lammich, René Neumann: A Framework for Verifying Depth-First Search Algorithms. CPP 2015: 137-146\u003c/p\u003e",
"authors": [
"Peter Lammich",
"René Neumann"
],
"date": "2016-07-05",
- "id": 415,
+ "id": 416,
"link": "/entries/DFS_Framework.html",
"permalink": "/entries/DFS_Framework.html",
"shortname": "DFS_Framework",
"title": "A Framework for Verifying Depth-First Search Algorithms",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 4
},
{
"abstract": "We provide a basic formal framework for the theory of chamber complexes and Coxeter systems, and for buildings as thick chamber complexes endowed with a system of apartments. Along the way, we develop some of the general theory of abstract simplicial complexes and of groups (relying on the \u003ci\u003egroup_add\u003c/i\u003e class for the basics), including free groups and group presentations, and their universal properties. The main results verified are that the deletion condition is both necessary and sufficient for a group with a set of generators of order two to be a Coxeter system, and that the apartments in a (thick) building are all uniformly Coxeter.",
"authors": [
"Jeremy Sylvestre"
],
"date": "2016-07-01",
- "id": 416,
+ "id": 417,
"link": "/entries/Buildings.html",
"permalink": "/entries/Buildings.html",
"shortname": "Buildings",
"title": "Chamber Complexes, Coxeter Systems, and Buildings",
"topic_links": [
"mathematics/algebra",
"mathematics/geometry"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "This theory is a formalization of the resolution calculus for first-order logic. It is proven sound and complete. The soundness proof uses the substitution lemma, which shows a correspondence between substitutions and updates to an environment. The completeness proof uses semantic trees, i.e. trees whose paths are partial Herbrand interpretations. It employs Herbrand's theorem in a formulation which states that an unsatisfiable set of clauses has a finite closed semantic tree. It also uses the lifting lemma which lifts resolution derivation steps from the ground world up to the first-order world. The theory is presented in a paper in the Journal of Automated Reasoning [Sch18] which extends a paper presented at the International Conference on Interactive Theorem Proving [Sch16]. An earlier version was presented in an MSc thesis [Sch15]. The formalization mostly follows textbooks by Ben-Ari [BA12], Chang and Lee [CL73], and Leitsch [Lei97]. The theory is part of the IsaFoL project [IsaFoL]. \u003cp\u003e \u003ca name=\"Sch18\"\u003e\u003c/a\u003e[Sch18] Anders Schlichtkrull. \"Formalization of the Resolution Calculus for First-Order Logic\". Journal of Automated Reasoning, 2018.\u003cbr\u003e \u003ca name=\"Sch16\"\u003e\u003c/a\u003e[Sch16] Anders Schlichtkrull. \"Formalization of the Resolution Calculus for First-Order Logic\". In: ITP 2016. Vol. 9807. LNCS. Springer, 2016.\u003cbr\u003e \u003ca name=\"Sch15\"\u003e\u003c/a\u003e[Sch15] Anders Schlichtkrull. \u003ca href=\"https://people.compute.dtu.dk/andschl/Thesis.pdf\"\u003e \"Formalization of Resolution Calculus in Isabelle\"\u003c/a\u003e. \u003ca href=\"https://people.compute.dtu.dk/andschl/Thesis.pdf\"\u003ehttps://people.compute.dtu.dk/andschl/Thesis.pdf\u003c/a\u003e. MSc thesis. Technical University of Denmark, 2015.\u003cbr\u003e \u003ca name=\"BA12\"\u003e\u003c/a\u003e[BA12] Mordechai Ben-Ari. \u003ci\u003eMathematical Logic for Computer Science\u003c/i\u003e. 3rd. Springer, 2012.\u003cbr\u003e \u003ca name=\"CL73\"\u003e\u003c/a\u003e[CL73] Chin-Liang Chang and Richard Char-Tung Lee. \u003ci\u003eSymbolic Logic and Mechanical Theorem Proving\u003c/i\u003e. 1st. Academic Press, Inc., 1973.\u003cbr\u003e \u003ca name=\"Lei97\"\u003e\u003c/a\u003e[Lei97] Alexander Leitsch. \u003ci\u003eThe Resolution Calculus\u003c/i\u003e. Texts in theoretical computer science. Springer, 1997.\u003cbr\u003e \u003ca name=\"IsaFoL\"\u003e\u003c/a\u003e[IsaFoL] IsaFoL authors. \u003ca href=\"https://bitbucket.org/jasmin_blanchette/isafol\"\u003e IsaFoL: Isabelle Formalization of Logic\u003c/a\u003e. \u003ca href=\"https://bitbucket.org/jasmin_blanchette/isafol\"\u003ehttps://bitbucket.org/jasmin_blanchette/isafol\u003c/a\u003e.",
"authors": [
"Anders Schlichtkrull"
],
"date": "2016-06-30",
- "id": 417,
+ "id": 418,
"link": "/entries/Resolution_FOL.html",
"permalink": "/entries/Resolution_FOL.html",
"shortname": "Resolution_FOL",
"title": "The Resolution Calculus for First-Order Logic",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "We formalize the Z property introduced by Dehornoy and van Oostrom. First we show that for any abstract rewrite system, Z implies confluence. Then we give two examples of proofs using Z: confluence of lambda-calculus with respect to beta-reduction and confluence of combinatory logic.",
"authors": [
"Bertram Felgenhauer",
"Julian Nagele",
"Vincent van Oostrom",
"Christian Sternagel"
],
"date": "2016-06-30",
- "id": 418,
+ "id": 419,
"link": "/entries/Rewriting_Z.html",
"permalink": "/entries/Rewriting_Z.html",
"shortname": "Rewriting_Z",
"title": "The Z Property",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "The paper \"Compositional Verification and Refinement of Concurrent Value-Dependent Noninterference\" by Murray et. al. (CSF 2016) presents a compositional theory of refinement for a value-dependent noninterference property, defined in (Murray, PLAS 2015), for concurrent programs. This development formalises that refinement theory, and demonstrates its application on some small examples.",
"authors": [
"Toby Murray",
"Robert Sison",
"Edward Pierzchalski",
"Christine Rizkallah"
],
"date": "2016-06-28",
- "id": 419,
+ "id": 420,
"link": "/entries/Dependent_SIFUM_Refinement.html",
"permalink": "/entries/Dependent_SIFUM_Refinement.html",
"shortname": "Dependent_SIFUM_Refinement",
"title": "Compositional Security-Preserving Refinement for Concurrent Imperative Programs",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This entry contains a definition of IP addresses and a library to work with them. Generic IP addresses are modeled as machine words of arbitrary length. Derived from this generic definition, IPv4 addresses are 32bit machine words, IPv6 addresses are 128bit words. Additionally, IPv4 addresses can be represented in dot-decimal notation and IPv6 addresses in (compressed) colon-separated notation. We support toString functions and parsers for both notations. Sets of IP addresses can be represented with a netmask (e.g. 192.168.0.0/255.255.0.0) or in CIDR notation (e.g. 192.168.0.0/16). To provide executable code for set operations on IP address ranges, the library includes a datatype to work on arbitrary intervals of machine words.",
"authors": [
"Cornelius Diekmann",
"Julius Michaelis",
"Lars Hupel"
],
"date": "2016-06-28",
- "id": 420,
+ "id": 421,
"link": "/entries/IP_Addresses.html",
"permalink": "/entries/IP_Addresses.html",
"shortname": "IP_Addresses",
"title": "IP Addresses",
"topic_links": [
"computer-science/networks"
],
"topics": [
"Computer science/Networks"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eThis entry provides three lemmas to count the number of multisets of a given size and finite carrier set. The first lemma provides a cardinality formula assuming that the multiset's elements are chosen from the given carrier set. The latter two lemmas provide formulas assuming that the multiset's elements also cover the given carrier set, i.e., each element of the carrier set occurs in the multiset at least once.\u003c/p\u003e \u003cp\u003eThe proof of the first lemma uses the argument of the recurrence relation for counting multisets. The proof of the second lemma is straightforward, and the proof of the third lemma is easily obtained using the first cardinality lemma. A challenge for the formalization is the derivation of the required induction rule, which is a special combination of the induction rules for finite sets and natural numbers. The induction rule is derived by defining a suitable inductive predicate and transforming the predicate's induction rule.\u003c/p\u003e",
"authors": [
"Lukas Bulwahn"
],
"date": "2016-06-26",
- "id": 421,
+ "id": 422,
"link": "/entries/Card_Multisets.html",
"permalink": "/entries/Card_Multisets.html",
"shortname": "Card_Multisets",
"title": "Cardinality of Multisets",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e This article attempts to develop a usable framework for doing category theory in Isabelle/HOL. Our point of view, which to some extent differs from that of the previous AFP articles on the subject, is to try to explore how category theory can be done efficaciously within HOL, rather than trying to match exactly the way things are done using a traditional approach. To this end, we define the notion of category in an \"object-free\" style, in which a category is represented by a single partial composition operation on arrows. This way of defining categories provides some advantages in the context of HOL, including the ability to avoid the use of records and the possibility of defining functors and natural transformations simply as certain functions on arrows, rather than as composite objects. We define various constructions associated with the basic notions, including: dual category, product category, functor category, discrete category, free category, functor composition, and horizontal and vertical composite of natural transformations. A \"set category\" locale is defined that axiomatizes the notion \"category of all sets at a type and all functions between them,\" and a fairly extensive set of properties of set categories is derived from the locale assumptions. The notion of a set category is used to prove the Yoneda Lemma in a general setting of a category equipped with a \"hom embedding,\" which maps arrows of the category to the \"universe\" of the set category. We also give a treatment of adjunctions, defining adjunctions via left and right adjoint functors, natural bijections between hom-sets, and unit and counit natural transformations, and showing the equivalence of these definitions. We also develop the theory of limits, including representations of functors, diagrams and cones, and diagonal functors. We show that right adjoint functors preserve limits, and that limits can be constructed via products and equalizers. We characterize the conditions under which limits exist in a set category. We also examine the case of limits in a functor category, ultimately culminating in a proof that the Yoneda embedding preserves limits. \u003c/p\u003e\u003cp\u003e Revisions made subsequent to the first version of this article added material on equivalence of categories, cartesian categories, categories with pullbacks, categories with finite limits, and cartesian closed categories. A construction was given of the category of hereditarily finite sets and functions between them, and it was shown that this category is cartesian closed. Using \"ZFC_in_HOL\", a construction was also given of the (large) category of small sets and functions between them, and it was shown that this category is small-complete. \u003c/p\u003e",
"authors": [
"Eugene W. Stark"
],
"date": "2016-06-26",
- "id": 422,
+ "id": 423,
"link": "/entries/Category3.html",
"permalink": "/entries/Category3.html",
"shortname": "Category3",
"title": "Category Theory with Adjunctions and Limits",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 1
},
{
"abstract": "The paper \"Compositional Verification and Refinement of Concurrent Value-Dependent Noninterference\" by Murray et. al. (CSF 2016) presents a dependent security type system for compositionally verifying a value-dependent noninterference property, defined in (Murray, PLAS 2015), for concurrent programs. This development formalises that security definition, the type system and its soundness proof, and demonstrates its application on some small examples. It was derived from the SIFUM_Type_Systems AFP entry, by Sylvia Grewe, Heiko Mantel and Daniel Schoepe, and whose structure it inherits.",
"authors": [
"Toby Murray",
"Robert Sison",
"Edward Pierzchalski",
"Christine Rizkallah"
],
"date": "2016-06-25",
- "id": 423,
+ "id": 424,
"link": "/entries/Dependent_SIFUM_Type_Systems.html",
"permalink": "/entries/Dependent_SIFUM_Type_Systems.html",
"shortname": "Dependent_SIFUM_Type_Systems",
"title": "A Dependent Security Type System for Concurrent Imperative Programs",
"topic_links": [
"computer-science/security",
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Security",
"Computer science/Programming languages/Type systems"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eIn this work, we define the Catalan numbers \u003cem\u003eC\u003csub\u003en\u003c/sub\u003e\u003c/em\u003e and prove several equivalent definitions (including some closed-form formulae). We also show one of their applications (counting the number of binary trees of size \u003cem\u003en\u003c/em\u003e), prove the asymptotic growth approximation \u003cem\u003eC\u003csub\u003en\u003c/sub\u003e \u0026sim; 4\u003csup\u003en\u003c/sup\u003e / (\u0026radic;\u003cspan style=\"text-decoration: overline\"\u003e\u0026pi;\u003c/span\u003e \u0026middot; n\u003csup\u003e1.5\u003c/sup\u003e)\u003c/em\u003e, and provide reasonably efficient executable code to compute them.\u003c/p\u003e \u003cp\u003eThe derivation of the closed-form formulae uses algebraic manipulations of the ordinary generating function of the Catalan numbers, and the asymptotic approximation is then done using generalised binomial coefficients and the Gamma function. Thanks to these highly non-elementary mathematical tools, the proofs are very short and simple.\u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2016-06-21",
- "id": 424,
+ "id": 425,
"link": "/entries/Catalan_Numbers.html",
"permalink": "/entries/Catalan_Numbers.html",
"shortname": "Catalan_Numbers",
"title": "Catalan Numbers",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "Variants of Kleene algebra support program construction and verification by algebraic reasoning. This entry provides a verification component for Hoare logic based on Kleene algebra with tests, verification components for weakest preconditions and strongest postconditions based on Kleene algebra with domain and a component for step-wise refinement based on refinement Kleene algebra with tests. In addition to these components for the partial correctness of while programs, a verification component for total correctness based on divergence Kleene algebras and one for (partial correctness) of recursive programs based on domain quantales are provided. Finally we have integrated memory models for programs with pointers and a program trace semantics into the weakest precondition component.",
"authors": [
"Victor B. F. Gomes",
"Georg Struth"
],
"date": "2016-06-18",
- "id": 425,
+ "id": 426,
"link": "/entries/Algebraic_VCs.html",
"permalink": "/entries/Algebraic_VCs.html",
"shortname": "Algebraic_VCs",
"title": "Program Construction and Verification Components Based on Kleene Algebra",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eIn his outstanding work on Communicating Sequential Processes, Hoare has defined two fundamental binary operations allowing to compose the input processes into another, typically more complex, process: sequential composition and concurrent composition. Particularly, the output of the latter operation is a process in which any event not shared by both operands can occur whenever the operand that admits the event can engage in it, whereas any event shared by both operands can occur just in case both can engage in it.\u003c/p\u003e \u003cp\u003eThis paper formalizes Hoare's definition of concurrent composition and proves, in the general case of a possibly intransitive policy, that CSP noninterference security is conserved under this operation. This result, along with the previous analogous one concerning sequential composition, enables the construction of more and more complex processes enforcing noninterference security by composing, sequentially or concurrently, simpler secure processes, whose security can in turn be proven using either the definition of security, or unwinding theorems.\u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2016-06-13",
- "id": 426,
+ "id": 427,
"link": "/entries/Noninterference_Concurrent_Composition.html",
"permalink": "/entries/Noninterference_Concurrent_Composition.html",
"shortname": "Noninterference_Concurrent_Composition",
"title": "Conservation of CSP Noninterference Security under Concurrent Composition",
"topic_links": [
"computer-science/security",
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Security",
"Computer science/Concurrency/Process calculi"
],
"used_by": 0
},
{
"abstract": "This entry contains an extension to the Isabelle library for fixed-width machine words. In particular, the entry adds quickcheck setup for words, printing as hexadecimals, additional operations, reasoning about alignment, signed words, enumerations of words, normalisation of word numerals, and an extensive library of properties about generic fixed-width words, as well as an instantiation of many of these to the commonly used 32 and 64-bit bases.",
"authors": [
"Joel Beeren",
"Matthew Fernandez",
"Xin Gao",
"Gerwin Klein",
"Rafal Kolanski",
"Japheth Lim",
"Corey Lewis",
"Daniel Matichuk",
"Thomas Sewell"
],
"date": "2016-06-09",
- "id": 427,
+ "id": 428,
"link": "/entries/Word_Lib.html",
"permalink": "/entries/Word_Lib.html",
"shortname": "Word_Lib",
"title": "Finite Machine Word Library",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 8
},
{
"abstract": "We formalize tree decompositions and tree width in Isabelle/HOL, proving that trees have treewidth 1. We also show that every edge of a tree decomposition is a separation of the underlying graph. As an application of this theorem we prove that complete graphs of size n have treewidth n-1.",
"authors": [
"Christoph Dittmann"
],
"date": "2016-05-31",
- "id": 428,
+ "id": 429,
"link": "/entries/Tree_Decomposition.html",
"permalink": "/entries/Tree_Decomposition.html",
"shortname": "Tree_Decomposition",
"title": "Tree Decomposition",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "This entry provides formulae for counting the number of equivalence relations and partial equivalence relations over a finite carrier set with given cardinality. To count the number of equivalence relations, we provide bijections between equivalence relations and set partitions, and then transfer the main results of the two AFP entries, Cardinality of Set Partitions and Spivey's Generalized Recurrence for Bell Numbers, to theorems on equivalence relations. To count the number of partial equivalence relations, we observe that counting partial equivalence relations over a set A is equivalent to counting all equivalence relations over all subsets of the set A. From this observation and the results on equivalence relations, we show that the cardinality of partial equivalence relations over a finite set of cardinality n is equal to the n+1-th Bell number.",
"authors": [
"Lukas Bulwahn"
],
"date": "2016-05-24",
- "id": 429,
+ "id": 430,
"link": "/entries/Card_Equiv_Relations.html",
"permalink": "/entries/Card_Equiv_Relations.html",
"shortname": "Card_Equiv_Relations",
"title": "Cardinality of Equivalence Relations",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eBrzozowski introduced the notion of derivatives for regular expressions. They can be used for a very simple regular expression matching algorithm. Sulzmann and Lu cleverly extended this algorithm in order to deal with POSIX matching, which is the underlying disambiguation strategy for regular expressions needed in lexers. Their algorithm generates POSIX values which encode the information of how a regular expression matches a string--—that is, which part of the string is matched by which part of the regular expression. In this paper we give our inductive definition of what a POSIX value is and show (i) that such a value is unique (for given regular expression and string being matched) and (ii) that Sulzmann and Lu’s algorithm always generates such a value (provided that the regular expression matches the string). This holds also when optimisations are included. Finally we show that (iii) our inductive definition of a POSIX value is equivalent to an alternative definition by Okui and Suzuki which identifies POSIX values as least elements according to an ordering of values.\u003c/p\u003e",
"authors": [
"Fahad Ausaf",
"Roy Dyckhoff",
"Christian Urban"
],
"date": "2016-05-24",
- "id": 430,
+ "id": 431,
"link": "/entries/Posix-Lexing.html",
"permalink": "/entries/Posix-Lexing.html",
"shortname": "Posix-Lexing",
"title": "POSIX Lexing with Derivatives of Regular Expressions",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eThe spectral radius of a matrix A is the maximum norm of all eigenvalues of A. In previous work we already formalized that for a complex matrix A, the values in A\u003csup\u003en\u003c/sup\u003e grow polynomially in n if and only if the spectral radius is at most one. One problem with the above characterization is the determination of all \u003cem\u003ecomplex\u003c/em\u003e eigenvalues. In case A contains only non-negative real values, a simplification is possible with the help of the Perron\u0026ndash;Frobenius theorem, which tells us that it suffices to consider only the \u003cem\u003ereal\u003c/em\u003e eigenvalues of A, i.e., applying Sturm's method can decide the polynomial growth of A\u003csup\u003en\u003c/sup\u003e. \u003c/p\u003e\u003cp\u003e We formalize the Perron\u0026ndash;Frobenius theorem based on a proof via Brouwer's fixpoint theorem, which is available in the HOL multivariate analysis (HMA) library. Since the results on the spectral radius is based on matrices in the Jordan normal form (JNF) library, we further develop a connection which allows us to easily transfer theorems between HMA and JNF. With this connection we derive the combined result: if A is a non-negative real matrix, and no real eigenvalue of A is strictly larger than one, then A\u003csup\u003en\u003c/sup\u003e is polynomially bounded in n. \u003c/p\u003e",
"authors": [
"Jose Divasón",
"Ondřej Kunčar",
"René Thiemann",
"Akihisa Yamada"
],
"date": "2016-05-20",
- "id": 431,
+ "id": 432,
"link": "/entries/Perron_Frobenius.html",
"permalink": "/entries/Perron_Frobenius.html",
"shortname": "Perron_Frobenius",
"title": "Perron-Frobenius Theorem for Spectral Radius Analysis",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 3
},
{
"abstract": "The \u003ca href=\"http://incredible.pm\"\u003eIncredible Proof Machine\u003c/a\u003e is an interactive visual theorem prover which represents proofs as port graphs. We model this proof representation in Isabelle, and prove that it is just as powerful as natural deduction.",
"authors": [
"Joachim Breitner",
"Denis Lohner"
],
"date": "2016-05-20",
- "id": 432,
+ "id": 433,
"link": "/entries/Incredible_Proof_Machine.html",
"permalink": "/entries/Incredible_Proof_Machine.html",
"shortname": "Incredible_Proof_Machine",
"title": "The meta theory of the Incredible Proof Machine",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "The impossibility of distributed consensus with one faulty process is a result with important consequences for real world distributed systems e.g., commits in replicated databases. Since proofs are not immune to faults and even plausible proofs with a profound formalism can conclude wrong results, we validate the fundamental result named FLP after Fischer, Lynch and Paterson. We present a formalization of distributed systems and the aforementioned consensus problem. Our proof is based on Hagen Völzer's paper \"A constructive proof for FLP\". In addition to the enhanced confidence in the validity of Völzer's proof, we contribute the missing gaps to show the correctness in Isabelle/HOL. We clarify the proof details and even prove fairness of the infinite execution that contradicts consensus. Our Isabelle formalization can also be reused for further proofs of properties of distributed systems.",
"authors": [
"Benjamin Bisping",
"Paul-David Brodmann",
"Tim Jungnickel",
"Christina Rickmann",
"Henning Seidler",
"Anke Stüber",
"Arno Wilhelm-Weidner",
"Kirstin Peters",
"Uwe Nestmann"
],
"date": "2016-05-18",
- "id": 433,
+ "id": 434,
"link": "/entries/FLP.html",
"permalink": "/entries/FLP.html",
"shortname": "FLP",
"title": "A Constructive Proof for FLP",
"topic_links": [
"computer-science/concurrency"
],
"topics": [
"Computer science/Concurrency"
],
"used_by": 0
},
{
"abstract": "This article formalises a proof of the maximum-flow minimal-cut theorem for networks with countably many edges. A network is a directed graph with non-negative real-valued edge labels and two dedicated vertices, the source and the sink. A flow in a network assigns non-negative real numbers to the edges such that for all vertices except for the source and the sink, the sum of values on incoming edges equals the sum of values on outgoing edges. A cut is a subset of the vertices which contains the source, but not the sink. Our theorem states that in every network, there is a flow and a cut such that the flow saturates all the edges going out of the cut and is zero on all the incoming edges. The proof is based on the paper \u003cemph\u003eThe Max-Flow Min-Cut theorem for countable networks\u003c/emph\u003e by Aharoni et al. Additionally, we prove a characterisation of the lifting operation for relations on discrete probability distributions, which leads to a concise proof of its distributivity over relation composition.",
"authors": [
"Andreas Lochbihler"
],
"date": "2016-05-09",
- "id": 434,
+ "id": 435,
"link": "/entries/MFMC_Countable.html",
"permalink": "/entries/MFMC_Countable.html",
"shortname": "MFMC_Countable",
"title": "A Formal Proof of the Max-Flow Min-Cut Theorem for Countable Networks",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 1
},
{
"abstract": "This work contains a formalisation of basic Randomised Social Choice, including Stochastic Dominance and Social Decision Schemes (SDSs) along with some of their most important properties (Anonymity, Neutrality, ex-post- and SD-Efficiency, SD-Strategy-Proofness) and two particular SDSs – Random Dictatorship and Random Serial Dictatorship (with proofs of the properties that they satisfy). Many important properties of these concepts are also proven – such as the two equivalent characterisations of Stochastic Dominance and the fact that SD-efficiency of a lottery only depends on the support. The entry also provides convenient commands to define Preference Profiles, prove their well-formedness, and automatically derive restrictions that sufficiently nice SDSs need to satisfy on the defined profiles. Currently, the formalisation focuses on weak preferences and Stochastic Dominance, but it should be easy to extend it to other domains – such as strict preferences – or other lottery extensions – such as Bilinear Dominance or Pairwise Comparison.",
"authors": [
"Manuel Eberl"
],
"date": "2016-05-05",
- "id": 435,
+ "id": 436,
"link": "/entries/Randomised_Social_Choice.html",
"permalink": "/entries/Randomised_Social_Choice.html",
"shortname": "Randomised_Social_Choice",
"title": "Randomised Social Choice Theory",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 2
},
{
"abstract": "This entry defines the Bell numbers as the cardinality of set partitions for a carrier set of given size, and derives Spivey's generalized recurrence relation for Bell numbers following his elegant and intuitive combinatorial proof. \u003cp\u003e As the set construction for the combinatorial proof requires construction of three intermediate structures, the main difficulty of the formalization is handling the overall combinatorial argument in a structured way. The introduced proof structure allows us to compose the combinatorial argument from its subparts, and supports to keep track how the detailed proof steps are related to the overall argument. To obtain this structure, this entry uses set monad notation for the set construction's definition, introduces suitable predicates and rules, and follows a repeating structure in its Isar proof.",
"authors": [
"Lukas Bulwahn"
],
"date": "2016-05-04",
- "id": 436,
+ "id": 437,
"link": "/entries/Bell_Numbers_Spivey.html",
"permalink": "/entries/Bell_Numbers_Spivey.html",
"shortname": "Bell_Numbers_Spivey",
"title": "Spivey's Generalized Recurrence for Bell Numbers",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 2
},
{
"abstract": "This formalisation contains the proof that there is no anonymous and neutral Social Decision Scheme for at least four voters and alternatives that fulfils both SD-Efficiency and SD-Strategy- Proofness. The proof is a fully structured and quasi-human-redable one. It was derived from the (unstructured) SMT proof of the case for exactly four voters and alternatives by Brandl et al. Their proof relies on an unverified translation of the original problem to SMT, and the proof that lifts the argument for exactly four voters and alternatives to the general case is also not machine-checked. In this Isabelle proof, on the other hand, all of these steps are fully proven and machine-checked. This is particularly important seeing as a previously published informal proof of a weaker statement contained a mistake in precisely this lifting step.",
"authors": [
"Manuel Eberl"
],
"date": "2016-05-04",
- "id": 437,
+ "id": 438,
"link": "/entries/SDS_Impossibility.html",
"permalink": "/entries/SDS_Impossibility.html",
"shortname": "SDS_Impossibility",
"title": "The Incompatibility of SD-Efficiency and SD-Strategy-Proofness",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "This formalization is concerned with the theory of Gröbner bases in (commutative) multivariate polynomial rings over fields, originally developed by Buchberger in his 1965 PhD thesis. Apart from the statement and proof of the main theorem of the theory, the formalization also implements Buchberger's algorithm for actually computing Gröbner bases as a tail-recursive function, thus allowing to effectively decide ideal membership in finitely generated polynomial ideals. Furthermore, all functions can be executed on a concrete representation of multivariate polynomials as association lists.",
"authors": [
"Fabian Immler",
"Alexander Maletzky"
],
"date": "2016-05-02",
- "id": 438,
+ "id": 439,
"link": "/entries/Groebner_Bases.html",
"permalink": "/entries/Groebner_Bases.html",
"shortname": "Groebner_Bases",
"title": "Gröbner Bases Theory",
"topic_links": [
"mathematics/algebra",
"computer-science/algorithms/mathematical"
],
"topics": [
"Mathematics/Algebra",
"Computer science/Algorithms/Mathematical"
],
"used_by": 4
},
{
"abstract": "We provide a formal proof within First Order Relativity Theory that no observer can travel faster than the speed of light. Originally reported in Stannett \u0026 Németi (2014) \"Using Isabelle/HOL to verify first-order relativity theory\", Journal of Automated Reasoning 52(4), pp. 361-378.",
"authors": [
"Mike Stannett",
"István Németi"
],
"date": "2016-04-28",
- "id": 439,
+ "id": 440,
"link": "/entries/No_FTL_observers.html",
"permalink": "/entries/No_FTL_observers.html",
"shortname": "No_FTL_observers",
"title": "No Faster-Than-Light Observers",
"topic_links": [
"mathematics/physics"
],
"topics": [
"Mathematics/Physics"
],
"used_by": 0
},
{
"abstract": "The theory provides a formalisation of the Cocke-Younger-Kasami algorithm (CYK for short), an approach to solving the word problem for context-free languages. CYK decides if a word is in the languages generated by a context-free grammar in Chomsky normal form. The formalized algorithm is executable.",
"authors": [
"Maksym Bortin"
],
"date": "2016-04-27",
- "id": 440,
+ "id": 441,
"link": "/entries/CYK.html",
"permalink": "/entries/CYK.html",
"shortname": "CYK",
"title": "A formalisation of the Cocke-Younger-Kasami algorithm",
"topic_links": [
"computer-science/algorithms",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "We present a verified and executable implementation of ROBDDs in Isabelle/HOL. Our implementation relates pointer-based computation in the Heap monad to operations on an abstract definition of boolean functions. Internally, we implemented the if-then-else combinator in a recursive fashion, following the Shannon decomposition of the argument functions. The implementation mixes and adapts known techniques and is built with efficiency in mind.",
"authors": [
"Julius Michaelis",
"Max W. Haslbeck",
"Peter Lammich",
"Lars Hupel"
],
"date": "2016-04-27",
- "id": 441,
+ "id": 442,
"link": "/entries/ROBDD.html",
"permalink": "/entries/ROBDD.html",
"shortname": "ROBDD",
"title": "Algorithms for Reduced Ordered Binary Decision Diagrams",
"topic_links": [
"computer-science/algorithms",
"computer-science/data-structures"
],
"topics": [
"Computer science/Algorithms",
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003eIn his outstanding work on Communicating Sequential Processes, Hoare has defined two fundamental binary operations allowing to compose the input processes into another, typically more complex, process: sequential composition and concurrent composition. Particularly, the output of the former operation is a process that initially behaves like the first operand, and then like the second operand once the execution of the first one has terminated successfully, as long as it does.\u003c/p\u003e \u003cp\u003eThis paper formalizes Hoare's definition of sequential composition and proves, in the general case of a possibly intransitive policy, that CSP noninterference security is conserved under this operation, provided that successful termination cannot be affected by confidential events and cannot occur as an alternative to other events in the traces of the first operand. Both of these assumptions are shown, by means of counterexamples, to be necessary for the theorem to hold.\u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2016-04-26",
- "id": 442,
+ "id": 443,
"link": "/entries/Noninterference_Sequential_Composition.html",
"permalink": "/entries/Noninterference_Sequential_Composition.html",
"shortname": "Noninterference_Sequential_Composition",
"title": "Conservation of CSP Noninterference Security under Sequential Composition",
"topic_links": [
"computer-science/security",
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Security",
"Computer science/Concurrency/Process calculi"
],
"used_by": 1
},
{
"abstract": "Kleene algebras with domain are Kleene algebras endowed with an operation that maps each element of the algebra to its domain of definition (or its complement) in abstract fashion. They form a simple algebraic basis for Hoare logics, dynamic logics or predicate transformer semantics. We formalise a modular hierarchy of algebras with domain and antidomain (domain complement) operations in Isabelle/HOL that ranges from domain and antidomain semigroups to modal Kleene algebras and divergence Kleene algebras. We link these algebras with models of binary relations and program traces. We include some examples from modal logics, termination and program analysis.",
"authors": [
"Victor B. F. Gomes",
"Walter Guttmann",
"Peter Höfner",
"Georg Struth",
"Tjark Weber"
],
"date": "2016-04-12",
- "id": 443,
+ "id": 444,
"link": "/entries/KAD.html",
"permalink": "/entries/KAD.html",
"shortname": "KAD",
"title": "Kleene Algebras with Domain",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/automata-and-formal-languages",
"mathematics/algebra"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Automata and formal languages",
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "We provide formal proofs in Isabelle-HOL (using mostly structured Isar proofs) of the soundness and completeness of the Resolution rule in propositional logic. The completeness proofs take into account the usual redundancy elimination rules (tautology elimination and subsumption), and several refinements of the Resolution rule are considered: ordered resolution (with selection functions), positive and negative resolution, semantic resolution and unit resolution (the latter refinement is complete only for clause sets that are Horn- renamable). We also define a concrete procedure for computing saturated sets and establish its soundness and completeness. The clause sets are not assumed to be finite, so that the results can be applied to formulas obtained by grounding sets of first-order clauses (however, a total ordering among atoms is assumed to be given). Next, we show that the unrestricted Resolution rule is deductive- complete, in the sense that it is able to generate all (prime) implicates of any set of propositional clauses (i.e., all entailment- minimal, non-valid, clausal consequences of the considered set). The generation of prime implicates is an important problem, with many applications in artificial intelligence and verification (for abductive reasoning, knowledge compilation, diagnosis, debugging etc.). We also show that implicates can be computed in an incremental way, by fixing an ordering among all the atoms in the considered sets and resolving upon these atoms one by one in the considered order (with no backtracking). This feature is critical for the efficient computation of prime implicates. Building on these results, we provide a procedure for computing such implicates and establish its soundness and completeness.",
"authors": [
"Nicolas Peltier"
],
"date": "2016-03-11",
- "id": 444,
+ "id": 445,
"link": "/entries/PropResPI.html",
"permalink": "/entries/PropResPI.html",
"shortname": "PropResPI",
"title": "Propositional Resolution and Prime Implicates Generation",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "The Cartan fixed point theorems concern the group of holomorphic automorphisms on a connected open set of C\u003csup\u003en\u003c/sup\u003e. Ciolli et al. have formalised the one-dimensional case of these theorems in HOL Light. This entry contains their proofs, ported to Isabelle/HOL. Thus it addresses the authors' remark that \"it would be important to write a formal proof in a language that can be read by both humans and machines\".",
"authors": [
"Lawrence C. Paulson"
],
"date": "2016-03-08",
- "id": 445,
+ "id": 446,
"link": "/entries/Cartan_FP.html",
"permalink": "/entries/Cartan_FP.html",
"shortname": "Cartan_FP",
"title": "The Cartan Fixed Point Theorems",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "Timed automata are a widely used formalism for modeling real-time systems, which is employed in a class of successful model checkers such as UPPAAL [LPY97], HyTech [HHWt97] or Kronos [Yov97]. This work formalizes the theory for the subclass of diagonal-free timed automata, which is sufficient to model many interesting problems. We first define the basic concepts and semantics of diagonal-free timed automata. Based on this, we prove two types of decidability results for the language emptiness problem. The first is the classic result of Alur and Dill [AD90, AD94], which uses a finite partitioning of the state space into so-called `regions`. Our second result focuses on an approach based on `Difference Bound Matrices (DBMs)`, which is practically used by model checkers. We prove the correctness of the basic forward analysis operations on DBMs. One of these operations is the Floyd-Warshall algorithm for the all-pairs shortest paths problem. To obtain a finite search space, a widening operation has to be used for this kind of analysis. We use Patricia Bouyer's [Bou04] approach to prove that this widening operation is correct in the sense that DBM-based forward analysis in combination with the widening operation also decides language emptiness. The interesting property of this proof is that the first decidability result is reused to obtain the second one.",
"authors": [
"Simon Wimmer"
],
"date": "2016-03-08",
- "id": 446,
+ "id": 447,
"link": "/entries/Timed_Automata.html",
"permalink": "/entries/Timed_Automata.html",
"shortname": "Timed_Automata",
"title": "Timed Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 1
},
{
"abstract": "This theory provides a formalisation of linear temporal logic (LTL) and unifies previous formalisations within the AFP. This entry establishes syntax and semantics for this logic and decouples it from existing entries, yielding a common environment for theories reasoning about LTL. Furthermore a parser written in SML and an executable simplifier are provided.",
"authors": [
"Salomon Sickert"
],
"date": "2016-03-01",
- "id": 447,
+ "id": 448,
"link": "/entries/LTL.html",
"permalink": "/entries/LTL.html",
"shortname": "LTL",
"title": "Linear Temporal Logic",
"topic_links": [
"logic/general-logic/temporal-logic",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Logic/General logic/Temporal logic",
"Computer science/Automata and formal languages"
],
"used_by": 6
},
{
"abstract": "\u003cp\u003e These theories formalize the quantitative analysis of a number of classical algorithms for the list update problem: 2-competitiveness of move-to-front, the lower bound of 2 for the competitiveness of deterministic list update algorithms and 1.6-competitiveness of the randomized COMB algorithm, the best randomized list update algorithm known to date. The material is based on the first two chapters of \u003ci\u003eOnline Computation and Competitive Analysis\u003c/i\u003e by Borodin and El-Yaniv. \u003c/p\u003e \u003cp\u003e For an informal description see the FSTTCS 2016 publication \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/fsttcs16.html\"\u003eVerified Analysis of List Update Algorithms\u003c/a\u003e by Haslbeck and Nipkow. \u003c/p\u003e",
"authors": [
"Maximilian P. L. Haslbeck",
"Tobias Nipkow"
],
"date": "2016-02-17",
- "id": 448,
+ "id": 449,
"link": "/entries/List_Update.html",
"permalink": "/entries/List_Update.html",
"shortname": "List_Update",
"title": "Analysis of List Update Algorithms",
"topic_links": [
"computer-science/algorithms/online"
],
"topics": [
"Computer science/Algorithms/Online"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e We define a functional variant of the static single assignment (SSA) form construction algorithm described by \u003ca href=\"https://doi.org/10.1007/978-3-642-37051-9_6\"\u003eBraun et al.\u003c/a\u003e, which combines simplicity and efficiency. The definition is based on a general, abstract control flow graph representation using Isabelle locales. \u003c/p\u003e \u003cp\u003e We prove that the algorithm's output is semantically equivalent to the input according to a small-step semantics, and that it is in minimal SSA form for the common special case of reducible inputs. We then show the satisfiability of the locale assumptions by giving instantiations for a simple While language. \u003c/p\u003e \u003cp\u003e Furthermore, we use a generic instantiation based on typedefs in order to extract OCaml code and replace the unverified SSA construction algorithm of the \u003ca href=\"https://doi.org/10.1145/2579080\"\u003eCompCertSSA project\u003c/a\u003e with it. \u003c/p\u003e \u003cp\u003e A more detailed description of the verified SSA construction can be found in the paper \u003ca href=\"https://doi.org/10.1145/2892208.2892211\"\u003eVerified Construction of Static Single Assignment Form\u003c/a\u003e, CC 2016. \u003c/p\u003e",
"authors": [
"Sebastian Ullrich",
"Denis Lohner"
],
"date": "2016-02-05",
- "id": 449,
+ "id": 450,
"link": "/entries/Formal_SSA.html",
"permalink": "/entries/Formal_SSA.html",
"shortname": "Formal_SSA",
"title": "Verified Construction of Static Single Assignment Form",
"topic_links": [
"computer-science/programming-languages/compiling"
],
"topics": [
"Computer science/Programming languages/Compiling"
],
"used_by": 1
},
{
"abstract": "Based on existing libraries for polynomial interpolation and matrices, we formalized several factorization algorithms for polynomials, including Kronecker's algorithm for integer polynomials, Yun's square-free factorization algorithm for field polynomials, and Berlekamp's algorithm for polynomials over finite fields. By combining the last one with Hensel's lifting, we derive an efficient factorization algorithm for the integer polynomials, which is then lifted for rational polynomials by mechanizing Gauss' lemma. Finally, we assembled a combined factorization algorithm for rational polynomials, which combines all the mentioned algorithms and additionally uses the explicit formula for roots of quadratic polynomials and a rational root test. \u003cp\u003e As side products, we developed division algorithms for polynomials over integral domains, as well as primality-testing and prime-factorization algorithms for integers.",
"authors": [
"René Thiemann",
"Akihisa Yamada"
],
"date": "2016-01-29",
- "id": 450,
+ "id": 451,
"link": "/entries/Polynomial_Factorization.html",
"permalink": "/entries/Polynomial_Factorization.html",
"shortname": "Polynomial_Factorization",
"title": "Polynomial Factorization",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 12
},
{
"abstract": "We formalized three algorithms for polynomial interpolation over arbitrary fields: Lagrange's explicit expression, the recursive algorithm of Neville and Aitken, and the Newton interpolation in combination with an efficient implementation of divided differences. Variants of these algorithms for integer polynomials are also available, where sometimes the interpolation can fail; e.g., there is no linear integer polynomial \u003ci\u003ep\u003c/i\u003e such that \u003ci\u003ep(0) = 0\u003c/i\u003e and \u003ci\u003ep(2) = 1\u003c/i\u003e. Moreover, for the Newton interpolation for integer polynomials, we proved that all intermediate results that are computed during the algorithm must be integers. This admits an early failure detection in the implementation. Finally, we proved the uniqueness of polynomial interpolation. \u003cp\u003e The development also contains improved code equations to speed up the division of integers in target languages.",
"authors": [
"René Thiemann",
"Akihisa Yamada"
],
"date": "2016-01-29",
- "id": 451,
+ "id": 452,
"link": "/entries/Polynomial_Interpolation.html",
"permalink": "/entries/Polynomial_Interpolation.html",
"shortname": "Polynomial_Interpolation",
"title": "Polynomial Interpolation",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 7
},
{
"abstract": "This work contains a formalization of some topics in knot theory. The concepts that were formalized include definitions of tangles, links, framed links and link/tangle equivalence. The formalization is based on a formulation of links in terms of tangles. We further construct and prove the invariance of the Bracket polynomial. Bracket polynomial is an invariant of framed links closely linked to the Jones polynomial. This is perhaps the first attempt to formalize any aspect of knot theory in an interactive proof assistant.",
"authors": [
"T.V.H. Prathamesh"
],
"date": "2016-01-20",
- "id": 452,
+ "id": 453,
"link": "/entries/Knot_Theory.html",
"permalink": "/entries/Knot_Theory.html",
"shortname": "Knot_Theory",
"title": "Knot Theory",
"topic_links": [
"mathematics/topology"
],
"topics": [
"Mathematics/Topology"
],
"used_by": 0
},
{
"abstract": "In this work, the Kronecker tensor product of matrices and the proofs of some of its properties are formalized. Properties which have been formalized include associativity of the tensor product and the mixed-product property.",
"authors": [
"T.V.H. Prathamesh"
],
"date": "2016-01-18",
- "id": 453,
+ "id": 454,
"link": "/entries/Matrix_Tensor.html",
"permalink": "/entries/Matrix_Tensor.html",
"shortname": "Matrix_Tensor",
"title": "Tensor Product of Matrices",
"topic_links": [
"computer-science/data-structures",
"mathematics/algebra"
],
"topics": [
"Computer science/Data structures",
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "This entry provides a basic library for number partitions, defines the two-argument partition function through its recurrence relation and relates this partition function to the cardinality of number partitions. The main proof shows that the recursively-defined partition function with arguments n and k equals the cardinality of number partitions of n with exactly k parts. The combinatorial proof follows the proof sketch of Theorem 2.4.1 in Mazur's textbook `Combinatorics: A Guided Tour`. This entry can serve as starting point for various more intrinsic properties about number partitions, the partition function and related recurrence relations.",
"authors": [
"Lukas Bulwahn"
],
"date": "2016-01-14",
- "id": 454,
+ "id": 455,
"link": "/entries/Card_Number_Partitions.html",
"permalink": "/entries/Card_Number_Partitions.html",
"shortname": "Card_Number_Partitions",
"title": "Cardinality of Number Partitions",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003e This entry contains a definition of angles between vectors and between three points. Building on this, we prove basic geometric properties of triangles, such as the Isosceles Triangle Theorem, the Law of Sines and the Law of Cosines, that the sum of the angles of a triangle is π, and the congruence theorems for triangles. \u003c/p\u003e\u003cp\u003e The definitions and proofs were developed following those by John Harrison in HOL Light. However, due to Isabelle's type class system, all definitions and theorems in the Isabelle formalisation hold for all real inner product spaces. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2015-12-28",
- "id": 455,
+ "id": 456,
"link": "/entries/Triangle.html",
"permalink": "/entries/Triangle.html",
"shortname": "Triangle",
"title": "Basic Geometric Properties of Triangles",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 3
},
{
"abstract": "\u003cp\u003e Descartes' Rule of Signs relates the number of positive real roots of a polynomial with the number of sign changes in its coefficient sequence. \u003c/p\u003e\u003cp\u003e Our proof follows the simple inductive proof given by Rob Arthan, which was also used by John Harrison in his HOL Light formalisation. We proved most of the lemmas for arbitrary linearly-ordered integrity domains (e.g. integers, rationals, reals); the main result, however, requires the intermediate value theorem and was therefore only proven for real polynomials. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2015-12-28",
- "id": 456,
+ "id": 457,
"link": "/entries/Descartes_Sign_Rule.html",
"permalink": "/entries/Descartes_Sign_Rule.html",
"shortname": "Descartes_Sign_Rule",
"title": "Descartes' Rule of Signs",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e Liouville numbers are a class of transcendental numbers that can be approximated particularly well with rational numbers. Historically, they were the first numbers whose transcendence was proven. \u003c/p\u003e\u003cp\u003e In this entry, we define the concept of Liouville numbers as well as the standard construction to obtain Liouville numbers (including Liouville's constant) and we prove their most important properties: irrationality and transcendence. \u003c/p\u003e\u003cp\u003e The proof is very elementary and requires only standard arithmetic, the Mean Value Theorem for polynomials, and the boundedness of polynomials on compact intervals. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2015-12-28",
- "id": 457,
+ "id": 458,
"link": "/entries/Liouville_Numbers.html",
"permalink": "/entries/Liouville_Numbers.html",
"shortname": "Liouville_Numbers",
"title": "Liouville numbers",
"topic_links": [
"mathematics/analysis",
"mathematics/number-theory"
],
"topics": [
"Mathematics/Analysis",
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e In this work, we prove the lower bound \u003cspan class=\"nobr\"\u003eln(H_n) - ln(5/3)\u003c/span\u003e for the partial sum of the Prime Harmonic series and, based on this, the divergence of the Prime Harmonic Series \u003cspan class=\"nobr\"\u003e∑[p\u0026thinsp;prime]\u0026thinsp;·\u0026thinsp;1/p.\u003c/span\u003e \u003c/p\u003e\u003cp\u003e The proof relies on the unique squarefree decomposition of natural numbers. This is similar to Euler's original proof (which was highly informal and morally questionable). Its advantage over proofs by contradiction, like the famous one by Paul Erdős, is that it provides a relatively good lower bound for the partial sums. \u003c/p\u003e",
"authors": [
"Manuel Eberl"
],
"date": "2015-12-28",
- "id": 458,
+ "id": 459,
"link": "/entries/Prime_Harmonic_Series.html",
"permalink": "/entries/Prime_Harmonic_Series.html",
"shortname": "Prime_Harmonic_Series",
"title": "The Divergence of the Prime Harmonic Series",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "Based on existing libraries for matrices, factorization of rational polynomials, and Sturm's theorem, we formalized algebraic numbers in Isabelle/HOL. Our development serves as an implementation for real and complex numbers, and it admits to compute roots and completely factorize real and complex polynomials, provided that all coefficients are rational numbers. Moreover, we provide two implementations to display algebraic numbers, an injective and expensive one, or a faster but approximative version. \u003c/p\u003e\u003cp\u003e To this end, we mechanized several results on resultants, which also required us to prove that polynomials over a unique factorization domain form again a unique factorization domain. \u003c/p\u003e",
"authors": [
"René Thiemann",
"Akihisa Yamada",
"Sebastiaan J. C. Joosten"
],
"date": "2015-12-22",
- "id": 459,
+ "id": 460,
"link": "/entries/Algebraic_Numbers.html",
"permalink": "/entries/Algebraic_Numbers.html",
"shortname": "Algebraic_Numbers",
"title": "Algebraic Numbers in Isabelle/HOL",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 6
},
{
"abstract": "Applicative functors augment computations with effects by lifting function application to types which model the effects. As the structure of the computation cannot depend on the effects, applicative expressions can be analysed statically. This allows us to lift universally quantified equations to the effectful types, as observed by Hinze. Thus, equational reasoning over effectful computations can be reduced to pure types. \u003c/p\u003e\u003cp\u003e This entry provides a package for registering applicative functors and two proof methods for lifting of equations over applicative functors. The first method normalises applicative expressions according to the laws of applicative functors. This way, equations whose two sides contain the same list of variables can be lifted to every applicative functor. \u003c/p\u003e\u003cp\u003e To lift larger classes of equations, the second method exploits a number of additional properties (e.g., commutativity of effects) provided the properties have been declared for the concrete applicative functor at hand upon registration. \u003c/p\u003e\u003cp\u003e We declare several types from the Isabelle library as applicative functors and illustrate the use of the methods with two examples: the lifting of the arithmetic type class hierarchy to streams and the verification of a relabelling function on binary trees. We also formalise and verify the normalisation algorithm used by the first proof method. \u003c/p\u003e",
"authors": [
"Andreas Lochbihler",
"Joshua Schneider"
],
"date": "2015-12-22",
- "id": 460,
+ "id": 461,
"link": "/entries/Applicative_Lifting.html",
"permalink": "/entries/Applicative_Lifting.html",
"shortname": "Applicative_Lifting",
"title": "Applicative Lifting",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 4
},
{
"abstract": "The Stern-Brocot tree contains all rational numbers exactly once and in their lowest terms. We formalise the Stern-Brocot tree as a coinductive tree using recursive and iterative specifications, which we have proven equivalent, and show that it indeed contains all the numbers as stated. Following Hinze, we prove that the Stern-Brocot tree can be linearised looplessly into Stern's diatonic sequence (also known as Dijkstra's fusc function) and that it is a permutation of the Bird tree. \u003c/p\u003e\u003cp\u003e The reasoning stays at an abstract level by appealing to the uniqueness of solutions of guarded recursive equations and lifting algebraic laws point-wise to trees and streams using applicative functors. \u003c/p\u003e",
"authors": [
"Peter Gammie",
"Andreas Lochbihler"
],
"date": "2015-12-22",
- "id": 461,
+ "id": 462,
"link": "/entries/Stern_Brocot.html",
"permalink": "/entries/Stern_Brocot.html",
"shortname": "Stern_Brocot",
"title": "The Stern-Brocot Tree",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "The theory's main theorem states that the cardinality of set partitions of size k on a carrier set of size n is expressed by Stirling numbers of the second kind. In Isabelle, Stirling numbers of the second kind are defined in the AFP entry `Discrete Summation` through their well-known recurrence relation. The main theorem relates them to the alternative definition as cardinality of set partitions. The proof follows the simple and short explanation in Richard P. Stanley's `Enumerative Combinatorics: Volume 1` and Wikipedia, and unravels the full details and implicit reasoning steps of these explanations.",
"authors": [
"Lukas Bulwahn"
],
"date": "2015-12-12",
- "id": 462,
+ "id": 463,
"link": "/entries/Card_Partitions.html",
"permalink": "/entries/Card_Partitions.html",
"shortname": "Card_Partitions",
"title": "Cardinality of Set Partitions",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 4
},
{
"abstract": "A Latin Square is a n x n table filled with integers from 1 to n where each number appears exactly once in each row and each column. A Latin Rectangle is a partially filled n x n table with r filled rows and n-r empty rows, such that each number appears at most once in each row and each column. The main result of this theory is that any Latin Rectangle can be completed to a Latin Square.",
"authors": [
"Alexander Bentkamp"
],
"date": "2015-12-02",
- "id": 463,
+ "id": 464,
"link": "/entries/Latin_Square.html",
"permalink": "/entries/Latin_Square.html",
"shortname": "Latin_Square",
"title": "Latin Square",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "Ergodic theory is the branch of mathematics that studies the behaviour of measure preserving transformations, in finite or infinite measure. It interacts both with probability theory (mainly through measure theory) and with geometry as a lot of interesting examples are from geometric origin. We implement the first definitions and theorems of ergodic theory, including notably Poicaré recurrence theorem for finite measure preserving systems (together with the notion of conservativity in general), induced maps, Kac's theorem, Birkhoff theorem (arguably the most important theorem in ergodic theory), and variations around it such as conservativity of the corresponding skew product, or Atkinson lemma.",
"authors": [
"Sebastien Gouezel"
],
"date": "2015-12-01",
- "id": 464,
+ "id": 465,
"link": "/entries/Ergodic_Theory.html",
"permalink": "/entries/Ergodic_Theory.html",
"shortname": "Ergodic_Theory",
"title": "Ergodic Theory",
"topic_links": [
"mathematics/probability-theory"
],
"topics": [
"Mathematics/Probability theory"
],
"used_by": 4
},
{
"abstract": "Euler's Partition Theorem states that the number of partitions with only distinct parts is equal to the number of partitions with only odd parts. The combinatorial proof follows John Harrison's HOL Light formalization. This theorem is the 45th theorem of the Top 100 Theorems list.",
"authors": [
"Lukas Bulwahn"
],
"date": "2015-11-19",
- "id": 465,
+ "id": 466,
"link": "/entries/Euler_Partition.html",
"permalink": "/entries/Euler_Partition.html",
"shortname": "Euler_Partition",
"title": "Euler's Partition Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "We formalize the Tortoise and Hare cycle-finding algorithm ascribed to Floyd by Knuth, and an improved version due to Brent.",
"authors": [
"Peter Gammie"
],
"date": "2015-11-18",
- "id": 466,
+ "id": 467,
"link": "/entries/TortoiseHare.html",
"permalink": "/entries/TortoiseHare.html",
"shortname": "TortoiseHare",
"title": "The Tortoise and Hare Algorithm",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "This development provides a formalization of planarity based on combinatorial maps and proves that Kuratowski's theorem implies combinatorial planarity. Moreover, it contains verified implementations of programs checking certificates for planarity (i.e., a combinatorial map) or non-planarity (i.e., a Kuratowski subgraph).",
"authors": [
"Lars Noschinski"
],
"date": "2015-11-11",
- "id": 467,
+ "id": 468,
"link": "/entries/Planarity_Certificates.html",
"permalink": "/entries/Planarity_Certificates.html",
"shortname": "Planarity_Certificates",
"title": "Planarity Certificates",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "We present a formalization of parity games (a two-player game on directed graphs) and a proof of their positional determinacy in Isabelle/HOL. This proof works for both finite and infinite games.",
"authors": [
"Christoph Dittmann"
],
"date": "2015-11-02",
- "id": 468,
+ "id": 469,
"link": "/entries/Parity_Game.html",
"permalink": "/entries/Parity_Game.html",
"shortname": "Parity_Game",
"title": "Positional Determinacy of Parity Games",
"topic_links": [
"mathematics/games-and-economics",
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Games and economics",
"Mathematics/Graph theory"
],
"used_by": 1
},
{
"abstract": "We represent a theory \u003ci\u003eof\u003c/i\u003e (a fragment of) Isabelle/HOL \u003ci\u003ein\u003c/i\u003e Isabelle/HOL. The purpose of this exercise is to write packages for domain-specific specifications such as class models, B-machines, ..., and generally speaking, any domain-specific languages whose abstract syntax can be defined by a HOL \"datatype\". On this basis, the Isabelle code-generator can then be used to generate code for global context transformations as well as tactic code. \u003cp\u003e Consequently the package is geared towards parsing, printing and code-generation to the Isabelle API. It is at the moment not sufficiently rich for doing meta theory on Isabelle itself. Extensions in this direction are possible though. \u003cp\u003e Moreover, the chosen fragment is fairly rudimentary. However it should be easily adapted to one's needs if a package is written on top of it. The supported API contains types, terms, transformation of global context like definitions and data-type declarations as well as infrastructure for Isar-setups. \u003cp\u003e This theory is drawn from the \u003ca href=\"http://isa-afp.org/entries/Featherweight_OCL.html\"\u003eFeatherweight OCL\u003c/a\u003e project where it is used to construct a package for object-oriented data-type theories generated from UML class diagrams. The Featherweight OCL, for example, allows for both the direct execution of compiled tactic code by the Isabelle API as well as the generation of \".thy\"-files for debugging purposes. \u003cp\u003e Gained experience from this project shows that the compiled code is sufficiently efficient for practical purposes while being based on a formal \u003ci\u003emodel\u003c/i\u003e on which properties of the package can be proven such as termination of certain transformations, correctness, etc.",
"authors": [
"Frédéric Tuong",
"Burkhart Wolff"
],
"date": "2015-09-16",
- "id": 469,
+ "id": 470,
"link": "/entries/Isabelle_Meta_Model.html",
"permalink": "/entries/Isabelle_Meta_Model.html",
"shortname": "Isabelle_Meta_Model",
"title": "A Meta-Model for the Isabelle API",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "Recently, Javier Esparza and Jan Kretinsky proposed a new method directly translating linear temporal logic (LTL) formulas to deterministic (generalized) Rabin automata. Compared to the existing approaches of constructing a non-deterministic Buechi-automaton in the first step and then applying a determinization procedure (e.g. some variant of Safra's construction) in a second step, this new approach preservers a relation between the formula and the states of the resulting automaton. While the old approach produced a monolithic structure, the new method is compositional. Furthermore, in some cases the resulting automata are much smaller than the automata generated by existing approaches. In order to ensure the correctness of the construction, this entry contains a complete formalisation and verification of the translation. Furthermore from this basis executable code is generated.",
"authors": [
"Salomon Sickert"
],
"date": "2015-09-04",
- "id": 470,
+ "id": 471,
"link": "/entries/LTL_to_DRA.html",
"permalink": "/entries/LTL_to_DRA.html",
"shortname": "LTL_to_DRA",
"title": "Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e Matrix interpretations are useful as measure functions in termination proving. In order to use these interpretations also for complexity analysis, the growth rate of matrix powers has to examined. Here, we formalized a central result of spectral radius theory, namely that the growth rate is polynomially bounded if and only if the spectral radius of a matrix is at most one. \u003c/p\u003e\u003cp\u003e To formally prove this result we first studied the growth rates of matrices in Jordan normal form, and prove the result that every complex matrix has a Jordan normal form using a constructive prove via Schur decomposition. \u003c/p\u003e\u003cp\u003e The whole development is based on a new abstract type for matrices, which is also executable by a suitable setup of the code generator. It completely subsumes our former AFP-entry on executable matrices, and its main advantage is its close connection to the HMA-representation which allowed us to easily adapt existing proofs on determinants. \u003c/p\u003e\u003cp\u003e All the results have been applied to improve CeTA, our certifier to validate termination and complexity proof certificates. \u003c/p\u003e",
"authors": [
"René Thiemann",
"Akihisa Yamada"
],
"date": "2015-08-21",
- "id": 471,
+ "id": 472,
"link": "/entries/Jordan_Normal_Form.html",
"permalink": "/entries/Jordan_Normal_Form.html",
"shortname": "Jordan_Normal_Form",
"title": "Matrices, Jordan Normal Forms, and Spectral Radius Theory",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 12
},
{
"abstract": "This theory formalizes the commutation version of decreasing diagrams for Church-Rosser modulo. The proof follows Felgenhauer and van Oostrom (RTA 2013). The theory also provides important specializations, in particular van Oostrom’s conversion version (TCS 2008) of decreasing diagrams.",
"authors": [
"Bertram Felgenhauer"
],
"date": "2015-08-20",
- "id": 472,
+ "id": 473,
"link": "/entries/Decreasing-Diagrams-II.html",
"permalink": "/entries/Decreasing-Diagrams-II.html",
"shortname": "Decreasing-Diagrams-II",
"title": "Decreasing Diagrams II",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e The necessary and sufficient condition for CSP noninterference security stated by the Ipurge Unwinding Theorem is expressed in terms of a pair of event lists varying over the set of process traces. This does not render it suitable for the subsequent application of rule induction in the case of a process defined inductively, since rule induction may rather be applied to a single variable ranging over an inductively defined set. \u003c/p\u003e\u003cp\u003e Starting from the Ipurge Unwinding Theorem, this paper derives a necessary and sufficient condition for CSP noninterference security that involves a single event list varying over the set of process traces, and is thus suitable for rule induction; hence its name, Inductive Unwinding Theorem. Similarly to the Ipurge Unwinding Theorem, the new theorem only requires to consider individual accepted and refused events for each process trace, and applies to the general case of a possibly intransitive noninterference policy. Specific variants of this theorem are additionally proven for deterministic processes and trace set processes. \u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2015-08-18",
- "id": 473,
+ "id": 474,
"link": "/entries/Noninterference_Inductive_Unwinding.html",
"permalink": "/entries/Noninterference_Inductive_Unwinding.html",
"shortname": "Noninterference_Inductive_Unwinding",
"title": "The Inductive Unwinding Theorem for CSP Noninterference Security",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "We provide a formal framework for the theory of representations of finite groups, as modules over the group ring. Along the way, we develop the general theory of groups (relying on the group_add class for the basics), modules, and vector spaces, to the extent required for theory of group representations. We then provide formal proofs of several important introductory theorems in the subject, including Maschke's theorem, Schur's lemma, and Frobenius reciprocity. We also prove that every irreducible representation is isomorphic to a submodule of the group ring, leading to the fact that for a finite group there are only finitely many isomorphism classes of irreducible representations. In all of this, no restriction is made on the characteristic of the ring or field of scalars until the definition of a group representation, and then the only restriction made is that the characteristic must not divide the order of the group.",
"authors": [
"Jeremy Sylvestre"
],
"date": "2015-08-12",
- "id": 474,
+ "id": 475,
"link": "/entries/Rep_Fin_Groups.html",
"permalink": "/entries/Rep_Fin_Groups.html",
"shortname": "Rep_Fin_Groups",
"title": "Representations of Finite Groups",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "Encodings or the proof of their absence are the main way to compare process calculi. To analyse the quality of encodings and to rule out trivial or meaningless encodings, they are augmented with quality criteria. There exists a bunch of different criteria and different variants of criteria in order to reason in different settings. This leads to incomparable results. Moreover it is not always clear whether the criteria used to obtain a result in a particular setting do indeed fit to this setting. We show how to formally reason about and compare encodability criteria by mapping them on requirements on a relation between source and target terms that is induced by the encoding function. In particular we analyse the common criteria full abstraction, operational correspondence, divergence reflection, success sensitiveness, and respect of barbs; e.g. we analyse the exact nature of the simulation relation (coupled simulation versus bisimulation) that is induced by different variants of operational correspondence. This way we reduce the problem of analysing or comparing encodability criteria to the better understood problem of comparing relations on processes.",
"authors": [
"Kirstin Peters",
"Rob van Glabbeek"
],
"date": "2015-08-10",
- "id": 475,
+ "id": 476,
"link": "/entries/Encodability_Process_Calculi.html",
"permalink": "/entries/Encodability_Process_Calculi.html",
"shortname": "Encodability_Process_Calculi",
"title": "Analysing and Comparing Encodability Criteria for Process Calculi",
"topic_links": [
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Concurrency/Process calculi"
],
"used_by": 0
},
{
"abstract": "Isabelle/Isar provides named cases to structure proofs. This article contains an implementation of a proof method \u003ctt\u003ecasify\u003c/tt\u003e, which can be used to easily extend proof tools with support for named cases. Such a proof tool must produce labeled subgoals, which are then interpreted by \u003ctt\u003ecasify\u003c/tt\u003e. \u003cp\u003e As examples, this work contains verification condition generators producing named cases for three languages: The Hoare language from \u003ctt\u003eHOL/Library\u003c/tt\u003e, a monadic language for computations with failure (inspired by the AutoCorres tool), and a language of conditional expressions. These VCGs are demonstrated by a number of example programs.",
"authors": [
"Lars Noschinski"
],
"date": "2015-07-21",
- "id": 476,
+ "id": 477,
"link": "/entries/Case_Labeling.html",
"permalink": "/entries/Case_Labeling.html",
"shortname": "Case_Labeling",
"title": "Generating Cases from Labeled Subgoals",
"topic_links": [
"tools",
"computer-science/programming-languages/misc"
],
"topics": [
"Tools",
"Computer science/Programming languages/Misc"
],
"used_by": 1
},
{
"abstract": "This entry provides Landau symbols to describe and reason about the asymptotic growth of functions for sufficiently large inputs. A number of simplification procedures are provided for additional convenience: cancelling of dominated terms in sums under a Landau symbol, cancelling of common factors in products, and a decision procedure for Landau expressions containing products of powers of functions like x, ln(x), ln(ln(x)) etc.",
"authors": [
"Manuel Eberl"
],
"date": "2015-07-14",
- "id": 477,
+ "id": 478,
"link": "/entries/Landau_Symbols.html",
"permalink": "/entries/Landau_Symbols.html",
"shortname": "Landau_Symbols",
"title": "Landau Symbols",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 11
},
{
"abstract": "This article contains a formalisation of the Akra-Bazzi method based on a proof by Leighton. It is a generalisation of the well-known Master Theorem for analysing the complexity of Divide \u0026 Conquer algorithms. We also include a generalised version of the Master theorem based on the Akra-Bazzi theorem, which is easier to apply than the Akra-Bazzi theorem itself. \u003cp\u003e Some proof methods that facilitate applying the Master theorem are also included. For a more detailed explanation of the formalisation and the proof methods, see the accompanying paper (publication forthcoming).",
"authors": [
"Manuel Eberl"
],
"date": "2015-07-14",
- "id": 478,
+ "id": 479,
"link": "/entries/Akra_Bazzi.html",
"permalink": "/entries/Akra_Bazzi.html",
"shortname": "Akra_Bazzi",
"title": "The Akra-Bazzi theorem and the Master theorem",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "Hermite Normal Form is a canonical matrix analogue of Reduced Echelon Form, but involving matrices over more general rings. In this work we formalise an algorithm to compute the Hermite Normal Form of a matrix by means of elementary row operations, taking advantage of the Echelon Form AFP entry. We have proven the correctness of such an algorithm and refined it to immutable arrays. Furthermore, we have also formalised the uniqueness of the Hermite Normal Form of a matrix. Code can be exported and some examples of execution involving integer matrices and polynomial matrices are presented as well.",
"authors": [
"Jose Divasón",
"Jesús Aransay"
],
"date": "2015-07-07",
- "id": 479,
+ "id": 480,
"link": "/entries/Hermite.html",
"permalink": "/entries/Hermite.html",
"shortname": "Hermite",
"title": "Hermite Normal Form",
"topic_links": [
"computer-science/algorithms/mathematical",
"mathematics/algebra"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "The Derangements Formula describes the number of fixpoint-free permutations as a closed formula. This theorem is the 88th theorem in a list of the ``\u003ca href=\"http://www.cs.ru.nl/~freek/100/\"\u003eTop 100 Mathematical Theorems\u003c/a\u003e''.",
"authors": [
"Lukas Bulwahn"
],
"date": "2015-06-27",
- "id": 480,
+ "id": 481,
"link": "/entries/Derangements.html",
"permalink": "/entries/Derangements.html",
"shortname": "Derangements",
"title": "Derangements Formula",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "Binary multirelations associate elements of a set with its subsets; hence they are binary relations from a set to its power set. Applications include alternating automata, models and logics for games, program semantics with dual demonic and angelic nondeterministic choices and concurrent dynamic logics. This proof document supports an arXiv article that formalises the basic algebra of multirelations and proposes axiom systems for them, ranging from weak bi-monoids to weak bi-quantales.",
"authors": [
"Hitoshi Furusawa",
"Georg Struth"
],
"date": "2015-06-11",
- "id": 481,
+ "id": 482,
"link": "/entries/Multirelations.html",
"permalink": "/entries/Multirelations.html",
"shortname": "Multirelations",
"title": "Binary Multirelations",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e Among the various mathematical tools introduced in his outstanding work on Communicating Sequential Processes, Hoare has defined \"interleaves\" as the predicate satisfied by any three lists such that the first list may be split into sublists alternately extracted from the other two ones, whatever is the criterion for extracting an item from either one list or the other in each step. \u003c/p\u003e\u003cp\u003e This paper enriches Hoare's definition by identifying such criterion with the truth value of a predicate taking as inputs the head and the tail of the first list. This enhanced \"interleaves\" predicate turns out to permit the proof of equalities between lists without the need of an induction. Some rules that allow to infer \"interleaves\" statements without induction, particularly applying to the addition or removal of a prefix to the input lists, are also proven. Finally, a stronger version of the predicate, named \"Interleaves\", is shown to fulfil further rules applying to the addition or removal of a suffix to the input lists. \u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2015-06-11",
- "id": 482,
+ "id": 483,
"link": "/entries/List_Interleaving.html",
"permalink": "/entries/List_Interleaving.html",
"shortname": "List_Interleaving",
"title": "Reasoning about Lists via List Interleaving",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e The classical definition of noninterference security for a deterministic state machine with outputs requires to consider the outputs produced by machine actions after any trace, i.e. any indefinitely long sequence of actions, of the machine. In order to render the verification of the security of such a machine more straightforward, there is a need of some sufficient condition for security such that just individual actions, rather than unbounded sequences of actions, have to be considered. \u003c/p\u003e\u003cp\u003e By extending previous results applying to transitive noninterference policies, Rushby has proven an unwinding theorem that provides a sufficient condition of this kind in the general case of a possibly intransitive policy. This condition has to be satisfied by a generic function mapping security domains into equivalence relations over machine states. \u003c/p\u003e\u003cp\u003e An analogous problem arises for CSP noninterference security, whose definition requires to consider any possible future, i.e. any indefinitely long sequence of subsequent events and any indefinitely large set of refused events associated to that sequence, for each process trace. \u003c/p\u003e\u003cp\u003e This paper provides a sufficient condition for CSP noninterference security, which indeed requires to just consider individual accepted and refused events and applies to the general case of a possibly intransitive policy. This condition follows Rushby's one for classical noninterference security, and has to be satisfied by a generic function mapping security domains into equivalence relations over process traces; hence its name, Generic Unwinding Theorem. Variants of this theorem applying to deterministic processes and trace set processes are also proven. Finally, the sufficient condition for security expressed by the theorem is shown not to be a necessary condition as well, viz. there exists a secure process such that no domain-relation map satisfying the condition exists. \u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2015-06-11",
- "id": 483,
+ "id": 484,
"link": "/entries/Noninterference_Generic_Unwinding.html",
"permalink": "/entries/Noninterference_Generic_Unwinding.html",
"shortname": "Noninterference_Generic_Unwinding",
"title": "The Generic Unwinding Theorem for CSP Noninterference Security",
"topic_links": [
"computer-science/security",
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Security",
"Computer science/Concurrency/Process calculi"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e The definition of noninterference security for Communicating Sequential Processes requires to consider any possible future, i.e. any indefinitely long sequence of subsequent events and any indefinitely large set of refused events associated to that sequence, for each process trace. In order to render the verification of the security of a process more straightforward, there is a need of some sufficient condition for security such that just individual accepted and refused events, rather than unbounded sequences and sets of events, have to be considered. \u003c/p\u003e\u003cp\u003e Of course, if such a sufficient condition were necessary as well, it would be even more valuable, since it would permit to prove not only that a process is secure by verifying that the condition holds, but also that a process is not secure by verifying that the condition fails to hold. \u003c/p\u003e\u003cp\u003e This paper provides a necessary and sufficient condition for CSP noninterference security, which indeed requires to just consider individual accepted and refused events and applies to the general case of a possibly intransitive policy. This condition follows Rushby's output consistency for deterministic state machines with outputs, and has to be satisfied by a specific function mapping security domains into equivalence relations over process traces. The definition of this function makes use of an intransitive purge function following Rushby's one; hence the name given to the condition, Ipurge Unwinding Theorem. \u003c/p\u003e\u003cp\u003e Furthermore, in accordance with Hoare's formal definition of deterministic processes, it is shown that a process is deterministic just in case it is a trace set process, i.e. it may be identified by means of a trace set alone, matching the set of its traces, in place of a failures-divergences pair. Then, variants of the Ipurge Unwinding Theorem are proven for deterministic processes and trace set processes. \u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2015-06-11",
- "id": 484,
+ "id": 485,
"link": "/entries/Noninterference_Ipurge_Unwinding.html",
"permalink": "/entries/Noninterference_Ipurge_Unwinding.html",
"shortname": "Noninterference_Ipurge_Unwinding",
"title": "The Ipurge Unwinding Theorem for CSP Noninterference Security",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 3
},
{
"abstract": "This article formalizes the amortized analysis of dynamic tables parameterized with their minimal and maximal load factors and the expansion and contraction factors. \u003cP\u003e A full description is found in a \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs\"\u003ecompanion paper\u003c/a\u003e.",
"authors": [
"Tobias Nipkow"
],
"date": "2015-06-07",
- "id": 485,
+ "id": 486,
"link": "/entries/Dynamic_Tables.html",
"permalink": "/entries/Dynamic_Tables.html",
"shortname": "Dynamic_Tables",
"title": "Parameterized Dynamic Tables",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "We formalize new decision procedures for WS1S, M2L(Str), and Presburger Arithmetics. Formulas of these logics denote regular languages. Unlike traditional decision procedures, we do \u003cem\u003enot\u003c/em\u003e translate formulas into automata (nor into regular expressions), at least not explicitly. Instead we devise notions of derivatives (inspired by Brzozowski derivatives for regular expressions) that operate on formulas directly and compute a syntactic bisimulation using these derivatives. The treatment of Boolean connectives and quantifiers is uniform for all mentioned logics and is abstracted into a locale. This locale is then instantiated by different atomic formulas and their derivatives (which may differ even for the same logic under different encodings of interpretations as formal words). \u003cp\u003e The WS1S instance is described in the draft paper \u003ca href=\"https://people.inf.ethz.ch/trayteld/papers/csl15-ws1s_derivatives/index.html\"\u003eA Coalgebraic Decision Procedure for WS1S\u003c/a\u003e by the author.",
"authors": [
"Dmitriy Traytel"
],
"date": "2015-05-28",
- "id": 486,
+ "id": 487,
"link": "/entries/Formula_Derivatives.html",
"permalink": "/entries/Formula_Derivatives.html",
"shortname": "Formula_Derivatives",
"title": "Derivatives of Logical Formulas",
"topic_links": [
"computer-science/automata-and-formal-languages",
"logic/general-logic/decidability-of-theories"
],
"topics": [
"Computer science/Automata and formal languages",
"Logic/General logic/Decidability of theories"
],
"used_by": 1
},
{
"abstract": "Numerous models of probabilistic systems are studied in the literature. Coalgebra has been used to classify them into system types and compare their expressiveness. We formalize the resulting hierarchy of probabilistic system types by modeling the semantics of the different systems as codatatypes. This approach yields simple and concise proofs, as bisimilarity coincides with equality for codatatypes. \u003cp\u003e This work is described in detail in the ITP 2015 publication by the authors.",
"authors": [
"Johannes Hölzl",
"Andreas Lochbihler",
"Dmitriy Traytel"
],
"date": "2015-05-27",
- "id": 487,
+ "id": 488,
"link": "/entries/Probabilistic_System_Zoo.html",
"permalink": "/entries/Probabilistic_System_Zoo.html",
"shortname": "Probabilistic_System_Zoo",
"title": "A Zoo of Probabilistic Systems",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "A VCG auction (named after their inventors Vickrey, Clarke, and Groves) is a generalization of the single-good, second price Vickrey auction to the case of a combinatorial auction (multiple goods, from which any participant can bid on each possible combination). We formalize in this entry VCG auctions, including tie-breaking and prove that the functions for the allocation and the price determination are well-defined. Furthermore we show that the allocation function allocates goods only to participants, only goods in the auction are allocated, and no good is allocated twice. We also show that the price function is non-negative. These properties also hold for the automatically extracted Scala code.",
"authors": [
"Marco B. Caminati",
"Manfred Kerber",
"Christoph Lange",
"Colin Rowat"
],
"date": "2015-04-30",
- "id": 488,
+ "id": 489,
"link": "/entries/Vickrey_Clarke_Groves.html",
"permalink": "/entries/Vickrey_Clarke_Groves.html",
"shortname": "Vickrey_Clarke_Groves",
"title": "VCG - Combinatorial Vickrey-Clarke-Groves Auctions",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "The theory of residuated lattices, first proposed by Ward and Dilworth, is formalised in Isabelle/HOL. This includes concepts of residuated functions; their adjoints and conjugates. It also contains necessary and sufficient conditions for the existence of these operations in an arbitrary lattice. The mathematical components for residuated lattices are linked to the AFP entry for relation algebra. In particular, we prove Jonsson and Tsinakis conditions for a residuated boolean algebra to form a relation algebra.",
"authors": [
"Victor B. F. Gomes",
"Georg Struth"
],
"date": "2015-04-15",
- "id": 489,
+ "id": 490,
"link": "/entries/Residuated_Lattices.html",
"permalink": "/entries/Residuated_Lattices.html",
"shortname": "Residuated_Lattices",
"title": "Residuated Lattices",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "ConcurrentIMP extends the small imperative language IMP with control non-determinism and constructs for synchronous message passing.",
"authors": [
"Peter Gammie"
],
"date": "2015-04-13",
- "id": 490,
+ "id": 491,
"link": "/entries/ConcurrentIMP.html",
"permalink": "/entries/ConcurrentIMP.html",
"shortname": "ConcurrentIMP",
"title": "Concurrent IMP",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e We use ConcurrentIMP to model Schism, a state-of-the-art real-time garbage collection scheme for weak memory, and show that it is safe on x86-TSO.\u003c/p\u003e \u003cp\u003e This development accompanies the PLDI 2015 paper of the same name. \u003c/p\u003e",
"authors": [
"Peter Gammie",
"Tony Hosking",
"Kai Engelhardt"
],
"date": "2015-04-13",
- "id": 491,
+ "id": 492,
"link": "/entries/ConcurrentGC.html",
"permalink": "/entries/ConcurrentGC.html",
"shortname": "ConcurrentGC",
"title": "Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO",
"topic_links": [
"computer-science/algorithms/concurrent"
],
"topics": [
"Computer science/Algorithms/Concurrent"
],
"used_by": 0
},
{
"abstract": "This article formalizes the ``trie'' data structure invented by Fredkin [CACM 1960]. It also provides a specialization where the entries in the trie are lists.",
"authors": [
"Andreas Lochbihler",
"Tobias Nipkow"
],
"date": "2015-03-30",
- "id": 492,
+ "id": 493,
"link": "/entries/Trie.html",
"permalink": "/entries/Trie.html",
"shortname": "Trie",
"title": "Trie",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 5
},
{
"abstract": "Algorithms for solving the consensus problem are fundamental to distributed computing. Despite their brevity, their ability to operate in concurrent, asynchronous and failure-prone environments comes at the cost of complex and subtle behaviors. Accordingly, understanding how they work and proving their correctness is a non-trivial endeavor where abstraction is immensely helpful. Moreover, research on consensus has yielded a large number of algorithms, many of which appear to share common algorithmic ideas. A natural question is whether and how these similarities can be distilled and described in a precise, unified way. In this work, we combine stepwise refinement and lockstep models to provide an abstract and unified view of a sizeable family of consensus algorithms. Our models provide insights into the design choices underlying the different algorithms, and classify them based on those choices.",
"authors": [
"Ognjen Marić",
"Christoph Sprenger"
],
"date": "2015-03-18",
- "id": 493,
+ "id": 494,
"link": "/entries/Consensus_Refined.html",
"permalink": "/entries/Consensus_Refined.html",
"shortname": "Consensus_Refined",
"title": "Consensus Refined",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eWe provide a framework for registering automatic methods to derive class instances of datatypes, as it is possible using Haskell's ``deriving Ord, Show, ...'' feature.\u003c/p\u003e \u003cp\u003eWe further implemented such automatic methods to derive comparators, linear orders, parametrizable equality functions, and hash-functions which are required in the Isabelle Collection Framework and the Container Framework. Moreover, for the tactic of Blanchette to show that a datatype is countable, we implemented a wrapper so that this tactic becomes accessible in our framework. All of the generators are based on the infrastructure that is provided by the BNF-based datatype package.\u003c/p\u003e \u003cp\u003eOur formalization was performed as part of the \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eIsaFoR/CeTA\u003c/a\u003e project. With our new tactics we could remove several tedious proofs for (conditional) linear orders, and conditional equality operators within IsaFoR and the Container Framework.\u003c/p\u003e",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2015-03-11",
- "id": 494,
+ "id": 495,
"link": "/entries/Deriving.html",
"permalink": "/entries/Deriving.html",
"shortname": "Deriving",
"title": "Deriving class instances for datatypes",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 13
},
{
"abstract": "We formalize the Call Arity analysis, as implemented in GHC, and prove both functional correctness and, more interestingly, safety (i.e. the transformation does not increase allocation). \u003cp\u003e We use syntax and the denotational semantics from the entry \"Launchbury\", where we formalized Launchbury's natural semantics for lazy evaluation. \u003cp\u003e The functional correctness of Call Arity is proved with regard to that denotational semantics. The operational properties are shown with regard to a small-step semantics akin to Sestoft's mark 1 machine, which we prove to be equivalent to Launchbury's semantics. \u003cp\u003e We use Christian Urban's Nominal2 package to define our terms and make use of Brian Huffman's HOLCF package for the domain-theoretical aspects of the development.",
"authors": [
"Joachim Breitner"
],
"date": "2015-02-20",
- "id": 495,
+ "id": 496,
"link": "/entries/Call_Arity.html",
"permalink": "/entries/Call_Arity.html",
"shortname": "Call_Arity",
"title": "The Safety of Call Arity",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 0
},
{
"abstract": "We formalize an algorithm to compute the Echelon Form of a matrix. We have proved its existence over Bézout domains and made it executable over Euclidean domains, such as the integer ring and the univariate polynomials over a field. This allows us to compute determinants, inverses and characteristic polynomials of matrices. The work is based on the HOL-Multivariate Analysis library, and on both the Gauss-Jordan and Cayley-Hamilton AFP entries. As a by-product, some algebraic structures have been implemented (principal ideal domains, Bézout domains...). The algorithm has been refined to immutable arrays and code can be generated to functional languages as well.",
"authors": [
"Jose Divasón",
"Jesús Aransay"
],
"date": "2015-02-12",
- "id": 496,
+ "id": 497,
"link": "/entries/Echelon_Form.html",
"permalink": "/entries/Echelon_Form.html",
"shortname": "Echelon_Form",
"title": "Echelon Form",
"topic_links": [
"computer-science/algorithms/mathematical",
"mathematics/algebra"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "QR decomposition is an algorithm to decompose a real matrix A into the product of two other matrices Q and R, where Q is orthogonal and R is invertible and upper triangular. The algorithm is useful for the least squares problem; i.e., the computation of the best approximation of an unsolvable system of linear equations. As a side-product, the Gram-Schmidt process has also been formalized. A refinement using immutable arrays is presented as well. The development relies, among others, on the AFP entry \"Implementing field extensions of the form Q[sqrt(b)]\" by René Thiemann, which allows execution of the algorithm using symbolic computations. Verified code can be generated and executed using floats as well.",
"authors": [
"Jose Divasón",
"Jesús Aransay"
],
"date": "2015-02-12",
- "id": 497,
+ "id": 498,
"link": "/entries/QR_Decomposition.html",
"permalink": "/entries/QR_Decomposition.html",
"shortname": "QR_Decomposition",
"title": "QR Decomposition",
"topic_links": [
"computer-science/algorithms/mathematical",
"mathematics/algebra"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "Finite Automata, both deterministic and non-deterministic, for regular languages. The Myhill-Nerode Theorem. Closure under intersection, concatenation, etc. Regular expressions define regular languages. Closure under reversal; the powerset construction mapping NFAs to DFAs. Left and right languages; minimal DFAs. Brzozowski's minimization algorithm. Uniqueness up to isomorphism of minimal DFAs.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2015-02-05",
- "id": 498,
+ "id": 499,
"link": "/entries/Finite_Automata_HF.html",
"permalink": "/entries/Finite_Automata_HF.html",
"shortname": "Finite_Automata_HF",
"title": "Finite Automata in Hereditarily Finite Set Theory",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "The UpDown scheme is a recursive scheme used to compute the stiffness matrix on a special form of sparse grids. Usually, when discretizing a Euclidean space of dimension d we need O(n^d) points, for n points along each dimension. Sparse grids are a hierarchical representation where the number of points is reduced to O(n * log(n)^d). One disadvantage of such sparse grids is that the algorithm now operate recursively in the dimensions and levels of the sparse grid. \u003cp\u003e The UpDown scheme allows us to compute the stiffness matrix on such a sparse grid. The stiffness matrix represents the influence of each representation function on the L^2 scalar product. For a detailed description see Dirk Pflüger's PhD thesis. This formalization was developed as an interdisciplinary project (IDP) at the Technische Universität München.",
"authors": [
"Johannes Hölzl"
],
"date": "2015-01-28",
- "id": 499,
+ "id": 500,
"link": "/entries/UpDown_Scheme.html",
"permalink": "/entries/UpDown_Scheme.html",
"shortname": "UpDown_Scheme",
"title": "Verification of the UpDown Scheme",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 0
},
{
"abstract": "We present the Unified Policy Framework (UPF), a generic framework for modelling security (access-control) policies. UPF emphasizes the view that a policy is a policy decision function that grants or denies access to resources, permissions, etc. In other words, instead of modelling the relations of permitted or prohibited requests directly, we model the concrete function that implements the policy decision point in a system. In more detail, UPF is based on the following four principles: 1) Functional representation of policies, 2) No conflicts are possible, 3) Three-valued decision type (allow, deny, undefined), 4) Output type not containing the decision only.",
"authors": [
"Achim D. Brucker",
"Lukas Brügger",
"Burkhart Wolff"
],
"date": "2014-11-28",
- "id": 500,
+ "id": 501,
"link": "/entries/UPF.html",
"permalink": "/entries/UPF.html",
"shortname": "UPF",
"title": "The Unified Policy Framework (UPF)",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e The Ad hoc On-demand Distance Vector (AODV) routing protocol allows the nodes in a Mobile Ad hoc Network (MANET) or a Wireless Mesh Network (WMN) to know where to forward data packets. Such a protocol is ‘loop free’ if it never leads to routing decisions that forward packets in circles. \u003cp\u003e This development mechanises an existing pen-and-paper proof of loop freedom of AODV. The protocol is modelled in the Algebra of Wireless Networks (AWN), which is the subject of an earlier paper and AFP mechanization. The proof relies on a novel compositional approach for lifting invariants to networks of nodes. \u003c/p\u003e\u003cp\u003e We exploit the mechanization to analyse several variants of AODV and show that Isabelle/HOL can re-establish most proof obligations automatically and identify exactly the steps that are no longer valid. \u003c/p\u003e",
"authors": [
"Timothy Bourke",
"Peter Höfner"
],
"date": "2014-10-23",
- "id": 501,
+ "id": 502,
"link": "/entries/AODV.html",
"permalink": "/entries/AODV.html",
"shortname": "AODV",
"title": "Loop freedom of the (untimed) AODV routing protocol",
"topic_links": [
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Concurrency/Process calculi"
],
"used_by": 0
},
{
"abstract": "We implemented a command that can be used to easily generate elements of a restricted type \u003ctt\u003e{x :: 'a. P x}\u003c/tt\u003e, provided the definition is of the form \u003ctt\u003ef ys = (if check ys then Some(generate ys :: 'a) else None)\u003c/tt\u003e where \u003ctt\u003eys\u003c/tt\u003e is a list of variables \u003ctt\u003ey1 ... yn\u003c/tt\u003e and \u003ctt\u003echeck ys ==\u003e P(generate ys)\u003c/tt\u003e can be proved. \u003cp\u003e In principle, such a definition is also directly possible using the \u003ctt\u003elift_definition\u003c/tt\u003e command. However, then this definition will not be suitable for code-generation. To this end, we automated a more complex construction of Joachim Breitner which is amenable for code-generation, and where the test \u003ctt\u003echeck ys\u003c/tt\u003e will only be performed once. In the automation, one auxiliary type is created, and Isabelle's lifting- and transfer-package is invoked several times.",
"authors": [
"René Thiemann"
],
"date": "2014-10-13",
- "id": 502,
+ "id": 503,
"link": "/entries/Lifting_Definition_Option.html",
"permalink": "/entries/Lifting_Definition_Option.html",
"shortname": "Lifting_Definition_Option",
"title": "Lifting Definition Option",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "Stream Fusion is a system for removing intermediate list data structures from functional programs, in particular Haskell. This entry adapts stream fusion to Isabelle/HOL and its code generator. We define stream types for finite and possibly infinite lists and stream versions for most of the fusible list functions in the theories List and Coinductive_List, and prove them correct with respect to the conversion functions between lists and streams. The Stream Fusion transformation itself is implemented as a simproc in the preprocessor of the code generator. [Brian Huffman's \u003ca href=\"http://isa-afp.org/entries/Stream-Fusion.html\"\u003eAFP entry\u003c/a\u003e formalises stream fusion in HOLCF for the domain of lazy lists to prove the GHC compiler rewrite rules correct. In contrast, this work enables Isabelle's code generator to perform stream fusion itself. To that end, it covers both finite and coinductive lists from the HOL library and the Coinductive entry. The fusible list functions require specification and proof principles different from Huffman's.]",
"authors": [
"Andreas Lochbihler",
"Alexandra Maximova"
],
"date": "2014-10-10",
- "id": 503,
+ "id": 504,
"link": "/entries/Stream_Fusion_Code.html",
"permalink": "/entries/Stream_Fusion_Code.html",
"shortname": "Stream_Fusion_Code",
"title": "Stream Fusion in HOL with Code Generation",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "\u003ca href=\"https://doi.org/10.1007/978-3-642-36742-7_35\"\u003eBhat et al. [TACAS 2013]\u003c/a\u003e developed an inductive compiler that computes density functions for probability spaces described by programs in a probabilistic functional language. In this work, we implement such a compiler for a modified version of this language within the theorem prover Isabelle and give a formal proof of its soundness w.r.t. the semantics of the source and target language. Together with Isabelle's code generation for inductive predicates, this yields a fully verified, executable density compiler. The proof is done in two steps: First, an abstract compiler working with abstract functions modelled directly in the theorem prover's logic is defined and proved sound. Then, this compiler is refined to a concrete version that returns a target-language expression. \u003cp\u003e An article with the same title and authors is published in the proceedings of ESOP 2015. A detailed presentation of this work can be found in the first author's master's thesis with the same title.",
"authors": [
"Manuel Eberl",
"Johannes Hölzl",
"Tobias Nipkow"
],
"date": "2014-10-09",
- "id": 504,
+ "id": 505,
"link": "/entries/Density_Compiler.html",
"permalink": "/entries/Density_Compiler.html",
"shortname": "Density_Compiler",
"title": "A Verified Compiler for Probability Density Functions",
"topic_links": [
"mathematics/probability-theory",
"computer-science/programming-languages/compiling"
],
"topics": [
"Mathematics/Probability theory",
"Computer science/Programming languages/Compiling"
],
"used_by": 0
},
{
"abstract": "We present a formalization of refinement calculus for reactive systems. Refinement calculus is based on monotonic predicate transformers (monotonic functions from sets of post-states to sets of pre-states), and it is a powerful formalism for reasoning about imperative programs. We model reactive systems as monotonic property transformers that transform sets of output infinite sequences into sets of input infinite sequences. Within this semantics we can model refinement of reactive systems, (unbounded) angelic and demonic nondeterminism, sequential composition, and other semantic properties. We can model systems that may fail for some inputs, and we can model compatibility of systems. We can specify systems that have liveness properties using linear temporal logic, and we can refine system specifications into systems based on symbolic transitions systems, suitable for implementations.",
"authors": [
"Viorel Preoteasa"
],
"date": "2014-10-08",
- "id": 505,
+ "id": 506,
"link": "/entries/RefinementReactive.html",
"permalink": "/entries/RefinementReactive.html",
"shortname": "RefinementReactive",
"title": "Formalization of Refinement Calculus for Reactive Systems",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "This entry provides several monads intended for the development of stand-alone certifiers via code generation from Isabelle/HOL. More specifically, there are three flavors of error monads (the sum type, for the case where all monadic functions are total; an instance of the former, the so called check monad, yielding either success without any further information or an error message; as well as a variant of the sum type that accommodates partial functions by providing an explicit bottom element) and a parser monad built on top. All of this monads are heavily used in the IsaFoR/CeTA project which thus provides many examples of their usage.",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2014-10-03",
- "id": 506,
+ "id": 507,
"link": "/entries/Certification_Monads.html",
"permalink": "/entries/Certification_Monads.html",
"shortname": "Certification_Monads",
"title": "Certification Monads",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 3
},
{
"abstract": "This entry provides an XML library for Isabelle/HOL. This includes parsing and pretty printing of XML trees as well as combinators for transforming XML trees into arbitrary user-defined data. The main contribution of this entry is an interface (fit for code generation) that allows for communication between verified programs formalized in Isabelle/HOL and the outside world via XML. This library was developed as part of the IsaFoR/CeTA project to which we refer for examples of its usage.",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2014-10-03",
- "id": 507,
+ "id": 508,
"link": "/entries/XML.html",
"permalink": "/entries/XML.html",
"shortname": "XML",
"title": "XML",
"topic_links": [
"computer-science/functional-programming",
"computer-science/data-structures"
],
"topics": [
"Computer science/Functional programming",
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "The insertion sort algorithm of Cormen et al. (Introduction to Algorithms) is expressed in Imperative HOL and proved to be correct and terminating. For this purpose we also provide a theory about imperative loop constructs with accompanying induction/invariant rules for proving partial and total correctness. Furthermore, the formalized algorithm is fit for code generation.",
"authors": [
"Christian Sternagel"
],
"date": "2014-09-25",
- "id": 508,
+ "id": 509,
"link": "/entries/Imperative_Insertion_Sort.html",
"permalink": "/entries/Imperative_Insertion_Sort.html",
"shortname": "Imperative_Insertion_Sort",
"title": "Imperative Insertion Sort",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "We have formalized the Sturm-Tarski theorem (also referred as the Tarski theorem), which generalizes Sturm's theorem. Sturm's theorem is usually used as a way to count distinct real roots, while the Sturm-Tarksi theorem forms the basis for Tarski's classic quantifier elimination for real closed field.",
"authors": [
"Wenda Li"
],
"date": "2014-09-19",
- "id": 509,
+ "id": 510,
"link": "/entries/Sturm_Tarski.html",
"permalink": "/entries/Sturm_Tarski.html",
"shortname": "Sturm_Tarski",
"title": "The Sturm-Tarski Theorem",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 4
},
{
"abstract": "This document contains a proof of the Cayley-Hamilton theorem based on the development of matrices in HOL/Multivariate Analysis.",
"authors": [
"Stephan Adelsberger",
"Stefan Hetzl",
"Florian Pollak"
],
"date": "2014-09-15",
- "id": 510,
+ "id": 511,
"link": "/entries/Cayley_Hamilton.html",
"permalink": "/entries/Cayley_Hamilton.html",
"shortname": "Cayley_Hamilton",
"title": "The Cayley-Hamilton Theorem",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "This submission contains theories that lead to a formalization of the proof of the Jordan-Hölder theorem about composition series of finite groups. The theories formalize the notions of isomorphism classes of groups, simple groups, normal series, composition series, maximal normal subgroups. Furthermore, they provide proofs of the second isomorphism theorem for groups, the characterization theorem for maximal normal subgroups as well as many useful lemmas about normal subgroups and factor groups. The proof is inspired by course notes of Stuart Rankin.",
"authors": [
"Jakob von Raumer"
],
"date": "2014-09-09",
- "id": 511,
+ "id": 512,
"link": "/entries/Jordan_Hoelder.html",
"permalink": "/entries/Jordan_Hoelder.html",
"shortname": "Jordan_Hoelder",
"title": "The Jordan-Hölder Theorem",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "This entry verifies priority queues based on Braun trees. Insertion and deletion take logarithmic time and preserve the balanced nature of Braun trees. Two implementations of deletion are provided.",
"authors": [
"Tobias Nipkow"
],
"date": "2014-09-04",
- "id": 512,
+ "id": 513,
"link": "/entries/Priority_Queue_Braun.html",
"permalink": "/entries/Priority_Queue_Braun.html",
"shortname": "Priority_Queue_Braun",
"title": "Priority Queues Based on Braun Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "The Gauss-Jordan algorithm states that any matrix over a field can be transformed by means of elementary row operations to a matrix in reduced row echelon form. The formalization is based on the Rank Nullity Theorem entry of the AFP and on the HOL-Multivariate-Analysis session of Isabelle, where matrices are represented as functions over finite types. We have set up the code generator to make this representation executable. In order to improve the performance, a refinement to immutable arrays has been carried out. We have formalized some of the applications of the Gauss-Jordan algorithm. Thanks to this development, the following facts can be computed over matrices whose elements belong to a field: Ranks, Determinants, Inverses, Bases and dimensions and Solutions of systems of linear equations. Code can be exported to SML and Haskell.",
"authors": [
"Jose Divasón",
"Jesús Aransay"
],
"date": "2014-09-03",
- "id": 513,
+ "id": 514,
"link": "/entries/Gauss_Jordan.html",
"permalink": "/entries/Gauss_Jordan.html",
"shortname": "Gauss_Jordan",
"title": "Gauss-Jordan Algorithm and Its Applications",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 4
},
{
"abstract": "This development proves upper and lower bounds for several familiar real-valued functions. For sin, cos, exp and sqrt, it defines and verifies infinite families of upper and lower bounds, mostly based on Taylor series expansions. For arctan, ln and exp, it verifies a finite collection of upper and lower bounds, originally obtained from the functions' continued fraction expansions using the computer algebra system Maple. A common theme in these proofs is to take the difference between a function and its approximation, which should be zero at one point, and then consider the sign of the derivative. The immediate purpose of this development is to verify axioms used by MetiTarski, an automatic theorem prover for real-valued special functions. Crucial to MetiTarski's operation is the provision of upper and lower bounds for each function of interest.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2014-08-29",
- "id": 514,
+ "id": 515,
"link": "/entries/Special_Function_Bounds.html",
"permalink": "/entries/Special_Function_Bounds.html",
"shortname": "Special_Function_Bounds",
"title": "Real-Valued Special Functions: Upper and Lower Bounds",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "This formalisation of basic linear algebra is based completely on locales, building off HOL-Algebra. It includes basic definitions: linear combinations, span, linear independence; linear transformations; interpretation of function spaces as vector spaces; the direct sum of vector spaces, sum of subspaces; the replacement theorem; existence of bases in finite-dimensional; vector spaces, definition of dimension; the rank-nullity theorem. Some concepts are actually defined and proved for modules as they also apply there. Infinite-dimensional vector spaces are supported, but dimension is only supported for finite-dimensional vector spaces. The proofs are standard; the proofs of the replacement theorem and rank-nullity theorem roughly follow the presentation in Linear Algebra by Friedberg, Insel, and Spence. The rank-nullity theorem generalises the existing development in the Archive of Formal Proof (originally using type classes, now using a mix of type classes and locales).",
"authors": [
"Holden Lee"
],
"date": "2014-08-29",
- "id": 515,
+ "id": 516,
"link": "/entries/VectorSpace.html",
"permalink": "/entries/VectorSpace.html",
"shortname": "VectorSpace",
"title": "Vector Spaces",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 3
},
{
"abstract": "Skew heaps are an amazingly simple and lightweight implementation of priority queues. They were invented by Sleator and Tarjan [SIAM 1986] and have logarithmic amortized complexity. This entry provides executable and verified functional skew heaps. \u003cp\u003e The amortized complexity of skew heaps is analyzed in the AFP entry \u003ca href=\"http://isa-afp.org/entries/Amortized_Complexity.html\"\u003eAmortized Complexity\u003c/a\u003e.",
"authors": [
"Tobias Nipkow"
],
"date": "2014-08-13",
- "id": 516,
+ "id": 517,
"link": "/entries/Skew_Heap.html",
"permalink": "/entries/Skew_Heap.html",
"shortname": "Skew_Heap",
"title": "Skew Heap",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "Splay trees are self-adjusting binary search trees which were invented by Sleator and Tarjan [JACM 1985]. This entry provides executable and verified functional splay trees as well as the related splay heaps (due to Okasaki). \u003cp\u003e The amortized complexity of splay trees and heaps is analyzed in the AFP entry \u003ca href=\"http://isa-afp.org/entries/Amortized_Complexity.html\"\u003eAmortized Complexity\u003c/a\u003e.",
"authors": [
"Tobias Nipkow"
],
"date": "2014-08-12",
- "id": 517,
+ "id": 518,
"link": "/entries/Splay_Tree.html",
"permalink": "/entries/Splay_Tree.html",
"shortname": "Splay_Tree",
"title": "Splay Tree",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "We implemented a type class for \"to-string\" functions, similar to Haskell's Show class. Moreover, we provide instantiations for Isabelle/HOL's standard types like bool, prod, sum, nats, ints, and rats. It is further possible, to automatically derive show functions for arbitrary user defined datatypes similar to Haskell's \"deriving Show\".",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2014-07-29",
- "id": 518,
+ "id": 519,
"link": "/entries/Show.html",
"permalink": "/entries/Show.html",
"shortname": "Show",
"title": "Haskell's Show Class in Isabelle/HOL",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 16
},
{
"abstract": "\u003cp\u003eIntransitive noninterference has been a widely studied topic in the last few decades. Several well-established methodologies apply interactive theorem proving to formulate a noninterference theorem over abstract academic models. In joint work with several industrial and academic partners throughout Europe, we are helping in the certification process of PikeOS, an industrial separation kernel developed at SYSGO. In this process, established theories could not be applied. We present a new generic model of separation kernels and a new theory of intransitive noninterference. The model is rich in detail, making it suitable for formal verification of realistic and industrial systems such as PikeOS. Using a refinement-based theorem proving approach, we ensure that proofs remain manageable.\u003c/p\u003e \u003cp\u003e This document corresponds to the deliverable D31.1 of the EURO-MILS Project \u003ca href=\"http://www.euromils.eu\"\u003ehttp://www.euromils.eu\u003c/a\u003e.\u003c/p\u003e",
"authors": [
"Freek Verbeek",
"Sergey Tverdyshev",
"Oto Havle",
"Holger Blasum",
"Bruno Langenstein",
"Werner Stephan",
"Yakoub Nemouchi",
"Abderrahmane Feliachi",
"Burkhart Wolff",
"Julien Schmaltz"
],
"date": "2014-07-18",
- "id": 519,
+ "id": 520,
"link": "/entries/CISC-Kernel.html",
"permalink": "/entries/CISC-Kernel.html",
"shortname": "CISC-Kernel",
"title": "Formal Specification of a Generic Separation Kernel",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003epGCL is both a programming language and a specification language that incorporates both probabilistic and nondeterministic choice, in a unified manner. Program verification is by refinement or annotation (or both), using either Hoare triples, or weakest-precondition entailment, in the style of GCL.\u003c/p\u003e \u003cp\u003e This package provides both a shallow embedding of the language primitives, and an annotation and refinement framework. The generated document includes a brief tutorial.\u003c/p\u003e",
"authors": [
"David Cock"
],
"date": "2014-07-13",
- "id": 520,
+ "id": 521,
"link": "/entries/pGCL.html",
"permalink": "/entries/pGCL.html",
"shortname": "pGCL",
"title": "pGCL for Isabelle",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "A framework for the analysis of the amortized complexity of functional data structures is formalized in Isabelle/HOL and applied to a number of standard examples and to the folowing non-trivial ones: skew heaps, splay trees, splay heaps and pairing heaps.",
"authors": [
"Tobias Nipkow"
],
"date": "2014-07-07",
- "id": 521,
+ "id": 522,
"link": "/entries/Amortized_Complexity.html",
"permalink": "/entries/Amortized_Complexity.html",
"shortname": "Amortized_Complexity",
"title": "Amortized Complexity Verified",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 2
},
{
"abstract": "We present a unified theory for verifying network security policies. A security policy is represented as directed graph. To check high-level security goals, security invariants over the policy are expressed. We cover monotonic security invariants, i.e. prohibiting more does not harm security. We provide the following contributions for the security invariant theory. \u003cul\u003e \u003cli\u003eSecure auto-completion of scenario-specific knowledge, which eases usability.\u003c/li\u003e \u003cli\u003eSecurity violations can be repaired by tightening the policy iff the security invariants hold for the deny-all policy.\u003c/li\u003e \u003cli\u003eAn algorithm to compute a security policy.\u003c/li\u003e \u003cli\u003eA formalization of stateful connection semantics in network security mechanisms.\u003c/li\u003e \u003cli\u003eAn algorithm to compute a secure stateful implementation of a policy.\u003c/li\u003e \u003cli\u003eAn executable implementation of all the theory.\u003c/li\u003e \u003cli\u003eExamples, ranging from an aircraft cabin data network to the analysis of a large real-world firewall.\u003c/li\u003e \u003cli\u003eMore examples: A fully automated translation of high-level security goals to both firewall and SDN configurations (see Examples/Distributed_WebApp.thy).\u003c/li\u003e \u003c/ul\u003e For a detailed description, see \u003cul\u003e \u003cli\u003eC. Diekmann, A. Korsten, and G. Carle. \u003ca href=\"http://www.net.in.tum.de/fileadmin/bibtex/publications/papers/diekmann2015mansdnnfv.pdf\"\u003eDemonstrating topoS: Theorem-prover-based synthesis of secure network configurations.\u003c/a\u003e In 2nd International Workshop on Management of SDN and NFV Systems, manSDN/NFV, Barcelona, Spain, November 2015.\u003c/li\u003e \u003cli\u003eC. Diekmann, S.-A. Posselt, H. Niedermayer, H. Kinkelin, O. Hanka, and G. Carle. \u003ca href=\"http://www.net.in.tum.de/pub/diekmann/forte14.pdf\"\u003eVerifying Security Policies using Host Attributes.\u003c/a\u003e In FORTE, 34th IFIP International Conference on Formal Techniques for Distributed Objects, Components and Systems, Berlin, Germany, June 2014.\u003c/li\u003e \u003cli\u003eC. Diekmann, L. Hupel, and G. Carle. Directed Security Policies: \u003ca href=\"http://rvg.web.cse.unsw.edu.au/eptcs/paper.cgi?ESSS2014.3\"\u003eA Stateful Network Implementation.\u003c/a\u003e In J. Pang and Y. Liu, editors, Engineering Safety and Security Systems, volume 150 of Electronic Proceedings in Theoretical Computer Science, pages 20-34, Singapore, May 2014. Open Publishing Association.\u003c/li\u003e \u003c/ul\u003e",
"authors": [
"Cornelius Diekmann"
],
"date": "2014-07-04",
- "id": 522,
+ "id": 523,
"link": "/entries/Network_Security_Policy_Verification.html",
"permalink": "/entries/Network_Security_Policy_Verification.html",
"shortname": "Network_Security_Policy_Verification",
"title": "Network Security Policy Verification",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "Pop-refinement is an approach to stepwise refinement, carried out inside an interactive theorem prover by constructing a monotonically decreasing sequence of predicates over deeply embedded target programs. The sequence starts with a predicate that characterizes the possible implementations, and ends with a predicate that characterizes a unique program in explicit syntactic form. Pop-refinement enables more requirements (e.g. program-level and non-functional) to be captured in the initial specification and preserved through refinement. Security requirements expressed as hyperproperties (i.e. predicates over sets of traces) are always preserved by pop-refinement, unlike the popular notion of refinement as trace set inclusion. Two simple examples in Isabelle/HOL are presented, featuring program-level requirements, non-functional requirements, and hyperproperties.",
"authors": [
"Alessandro Coglio"
],
"date": "2014-07-03",
- "id": 523,
+ "id": 524,
"link": "/entries/Pop_Refinement.html",
"permalink": "/entries/Pop_Refinement.html",
"shortname": "Pop_Refinement",
"title": "Pop-Refinement",
"topic_links": [
"computer-science/programming-languages/misc"
],
"topics": [
"Computer science/Programming languages/Misc"
],
"used_by": 0
},
{
"abstract": "Monadic second-order logic on finite words (MSO) is a decidable yet expressive logic into which many decision problems can be encoded. Since MSO formulas correspond to regular languages, equivalence of MSO formulas can be reduced to the equivalence of some regular structures (e.g. automata). We verify an executable decision procedure for MSO formulas that is not based on automata but on regular expressions. \u003cp\u003e Decision procedures for regular expression equivalence have been formalized before, usually based on Brzozowski derivatives. Yet, for a straightforward embedding of MSO formulas into regular expressions an extension of regular expressions with a projection operation is required. We prove total correctness and completeness of an equivalence checker for regular expressions extended in that way. We also define a language-preserving translation of formulas into regular expressions with respect to two different semantics of MSO. ",
"authors": [
"Dmitriy Traytel",
"Tobias Nipkow"
],
"date": "2014-06-12",
- "id": 524,
+ "id": 525,
"link": "/entries/MSO_Regex_Equivalence.html",
"permalink": "/entries/MSO_Regex_Equivalence.html",
"shortname": "MSO_Regex_Equivalence",
"title": "Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions",
"topic_links": [
"computer-science/automata-and-formal-languages",
"logic/general-logic/decidability-of-theories"
],
"topics": [
"Computer science/Automata and formal languages",
"Logic/General logic/Decidability of theories"
],
"used_by": 0
},
{
"abstract": "This entry provides executable checkers for the following properties of boolean expressions: satisfiability, tautology and equivalence. Internally, the checkers operate on binary decision trees and are reasonably efficient (for purely functional algorithms).",
"authors": [
"Tobias Nipkow"
],
"date": "2014-06-08",
- "id": 525,
+ "id": 526,
"link": "/entries/Boolean_Expression_Checkers.html",
"permalink": "/entries/Boolean_Expression_Checkers.html",
"shortname": "Boolean_Expression_Checkers",
"title": "Boolean Expression Checkers",
"topic_links": [
"computer-science/algorithms",
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Computer science/Algorithms",
"Logic/General logic/Mechanization of proofs"
],
"used_by": 2
},
{
"abstract": "We present an LTL model checker whose code has been completely verified using the Isabelle theorem prover. The checker consists of over 4000 lines of ML code. The code is produced using the Isabelle Refinement Framework, which allows us to split its correctness proof into (1) the proof of an abstract version of the checker, consisting of a few hundred lines of ``formalized pseudocode'', and (2) a verified refinement step in which mathematical sets and other abstract structures are replaced by implementations of efficient structures like red-black trees and functional arrays. This leads to a checker that, while still slower than unverified checkers, can already be used as a trusted reference implementation against which advanced implementations can be tested.",
"authors": [
"Javier Esparza",
"Peter Lammich",
"René Neumann",
"Tobias Nipkow",
"Alexander Schimpf",
"Jan-Georg Smaus"
],
"date": "2014-05-28",
- "id": 526,
+ "id": 527,
"link": "/entries/CAVA_LTL_Modelchecker.html",
"permalink": "/entries/CAVA_LTL_Modelchecker.html",
"shortname": "CAVA_LTL_Modelchecker",
"title": "A Fully Verified Executable LTL Model Checker",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "We formalize linear-time temporal logic (LTL) and the algorithm by Gerth et al. to convert LTL formulas to generalized Büchi automata. We also formalize some syntactic rewrite rules that can be applied to optimize the LTL formula before conversion. Moreover, we integrate the Stuttering Equivalence AFP-Entry by Stefan Merz, adapting the lemma that next-free LTL formula cannot distinguish between stuttering equivalent runs to our setting. \u003cp\u003e We use the Isabelle Refinement and Collection framework, as well as the Autoref tool, to obtain a refined version of our algorithm, from which efficiently executable code can be extracted.",
"authors": [
"Alexander Schimpf",
"Peter Lammich"
],
"date": "2014-05-28",
- "id": 527,
+ "id": 528,
"link": "/entries/LTL_to_GBA.html",
"permalink": "/entries/LTL_to_GBA.html",
"shortname": "LTL_to_GBA",
"title": "Converting Linear-Time Temporal Logic to Generalized Büchi Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 1
},
{
"abstract": "We present an executable formalization of the language Promela, the description language for models of the model checker SPIN. This formalization is part of the work for a completely verified model checker (CAVA), but also serves as a useful (and executable!) description of the semantics of the language itself, something that is currently missing. The formalization uses three steps: It takes an abstract syntax tree generated from an SML parser, removes syntactic sugar and enriches it with type information. This further gets translated into a transition system, on which the semantic engine (read: successor function) operates.",
"authors": [
"René Neumann"
],
"date": "2014-05-28",
- "id": 528,
+ "id": 529,
"link": "/entries/Promela.html",
"permalink": "/entries/Promela.html",
"shortname": "Promela",
"title": "Promela Formalization",
"topic_links": [
"computer-science/system-description-languages"
],
"topics": [
"Computer science/System description languages"
],
"used_by": 1
},
{
"abstract": "We report on the graph and automata library that is used in the fully verified LTL model checker CAVA. As most components of CAVA use some type of graphs or automata, a common automata library simplifies assembly of the components and reduces redundancy. \u003cp\u003e The CAVA Automata Library provides a hierarchy of graph and automata classes, together with some standard algorithms. Its object oriented design allows for sharing of algorithms, theorems, and implementations between its classes, and also simplifies extensions of the library. Moreover, it is integrated into the Automatic Refinement Framework, supporting automatic refinement of the abstract automata types to efficient data structures. \u003cp\u003e Note that the CAVA Automata Library is work in progress. Currently, it is very specifically tailored towards the requirements of the CAVA model checker. Nevertheless, the formalization techniques presented here allow an extension of the library to a wider scope. Moreover, they are not limited to graph libraries, but apply to class hierarchies in general. \u003cp\u003e The CAVA Automata Library is described in the paper: Peter Lammich, The CAVA Automata Library, Isabelle Workshop 2014.",
"authors": [
"Peter Lammich"
],
"date": "2014-05-28",
- "id": 529,
+ "id": 530,
"link": "/entries/CAVA_Automata.html",
"permalink": "/entries/CAVA_Automata.html",
"shortname": "CAVA_Automata",
"title": "The CAVA Automata Library",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 8
},
{
"abstract": "We present an Isabelle/HOL formalization of Gabow's algorithm for finding the strongly connected components of a directed graph. Using data refinement techniques, we extract efficient code that performs comparable to a reference implementation in Java. Our style of formalization allows for re-using large parts of the proofs when defining variants of the algorithm. We demonstrate this by verifying an algorithm for the emptiness check of generalized Büchi automata, re-using most of the existing proofs.",
"authors": [
"Peter Lammich"
],
"date": "2014-05-28",
- "id": 530,
+ "id": 531,
"link": "/entries/Gabow_SCC.html",
"permalink": "/entries/Gabow_SCC.html",
"shortname": "Gabow_SCC",
"title": "Verified Efficient Implementation of Gabow's Strongly Connected Components Algorithm",
"topic_links": [
"computer-science/algorithms/graph",
"mathematics/graph-theory"
],
"topics": [
"Computer science/Algorithms/Graph",
"Mathematics/Graph theory"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003e An extension of classical noninterference security for deterministic state machines, as introduced by Goguen and Meseguer and elegantly formalized by Rushby, to nondeterministic systems should satisfy two fundamental requirements: it should be based on a mathematically precise theory of nondeterminism, and should be equivalent to (or at least not weaker than) the classical notion in the degenerate deterministic case. \u003c/p\u003e \u003cp\u003e This paper proposes a definition of noninterference security applying to Hoare's Communicating Sequential Processes (CSP) in the general case of a possibly intransitive noninterference policy, and proves the equivalence of this security property to classical noninterference security for processes representing deterministic state machines. \u003c/p\u003e \u003cp\u003e Furthermore, McCullough's generalized noninterference security is shown to be weaker than both the proposed notion of CSP noninterference security for a generic process, and classical noninterference security for processes representing deterministic state machines. This renders CSP noninterference security preferable as an extension of classical noninterference security to nondeterministic systems. \u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2014-05-23",
- "id": 531,
+ "id": 532,
"link": "/entries/Noninterference_CSP.html",
"permalink": "/entries/Noninterference_CSP.html",
"shortname": "Noninterference_CSP",
"title": "Noninterference Security in Communicating Sequential Processes",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 1
},
{
"abstract": "This formulation of the Roy-Floyd-Warshall algorithm for the transitive closure bypasses matrices and arrays, but uses a more direct mathematical model with adjacency functions for immediate predecessors and successors. This can be implemented efficiently in functional programming languages and is particularly adequate for sparse relations.",
"authors": [
"Makarius Wenzel"
],
"date": "2014-05-23",
- "id": 532,
+ "id": 533,
"link": "/entries/Roy_Floyd_Warshall.html",
"permalink": "/entries/Roy_Floyd_Warshall.html",
"shortname": "Roy_Floyd_Warshall",
"title": "Transitive closure according to Roy-Floyd-Warshall",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "Regular algebras axiomatise the equational theory of regular expressions as induced by regular language identity. We use Isabelle/HOL for a detailed systematic study of regular algebras given by Boffa, Conway, Kozen and Salomaa. We investigate the relationships between these classes, formalise a soundness proof for the smallest class (Salomaa's) and obtain completeness of the largest one (Boffa's) relative to a deep result by Krob. In addition we provide a large collection of regular identities in the general setting of Boffa's axiom. Our regular algebra hierarchy is orthogonal to the Kleene algebra hierarchy in the Archive of Formal Proofs; we have not aimed at an integration for pragmatic reasons.",
"authors": [
"Simon Foster",
"Georg Struth"
],
"date": "2014-05-21",
- "id": 533,
+ "id": 534,
"link": "/entries/Regular_Algebras.html",
"permalink": "/entries/Regular_Algebras.html",
"shortname": "Regular_Algebras",
"title": "Regular Algebras",
"topic_links": [
"computer-science/automata-and-formal-languages",
"mathematics/algebra"
],
"topics": [
"Computer science/Automata and formal languages",
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "This set of theories presents a formalisation in Isabelle/HOL of data dependencies between components. The approach allows to analyse system structure oriented towards efficient checking of system: it aims at elaborating for a concrete system, which parts of the system are necessary to check a given property.",
"authors": [
"Maria Spichkova"
],
"date": "2014-04-28",
- "id": 534,
+ "id": 535,
"link": "/entries/ComponentDependencies.html",
"permalink": "/entries/ComponentDependencies.html",
"shortname": "ComponentDependencies",
"title": "Formalisation and Analysis of Component Dependencies",
"topic_links": [
"computer-science/system-description-languages"
],
"topics": [
"Computer science/System description languages"
],
"used_by": 0
},
{
"abstract": "Research in information-flow security aims at developing methods to identify undesired information leaks within programs from private (high) sources to public (low) sinks. For a concurrent system, it is desirable to have compositional analysis methods that allow for analyzing each thread independently and that nevertheless guarantee that the parallel composition of successfully analyzed threads satisfies a global security guarantee. However, such a compositional analysis should not be overly pessimistic about what an environment might do with shared resources. Otherwise, the analysis will reject many intuitively secure programs. \u003cp\u003e The paper \"Assumptions and Guarantees for Compositional Noninterference\" by Mantel et. al. presents one solution for this problem: an approach for compositionally reasoning about non-interference in concurrent programs via rely-guarantee-style reasoning. We present an Isabelle/HOL formalization of the concepts and proofs of this approach.",
"authors": [
"Sylvia Grewe",
"Heiko Mantel",
"Daniel Schoepe"
],
"date": "2014-04-23",
- "id": 535,
+ "id": 536,
"link": "/entries/SIFUM_Type_Systems.html",
"permalink": "/entries/SIFUM_Type_Systems.html",
"shortname": "SIFUM_Type_Systems",
"title": "A Formalization of Assumptions and Guarantees for Compositional Noninterference",
"topic_links": [
"computer-science/security",
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Security",
"Computer science/Programming languages/Type systems"
],
"used_by": 0
},
{
"abstract": "Research in information-flow security aims at developing methods to identify undesired information leaks within programs from private sources to public sinks. Noninterference captures this intuition by requiring that no information whatsoever flows from private sources to public sinks. However, in practice this definition is often too strict: Depending on the intuitive desired security policy, the controlled declassification of certain private information (WHAT) at certain points in the program (WHERE) might not result in an undesired information leak. \u003cp\u003e We present an Isabelle/HOL formalization of such a security property for controlled declassification, namely WHAT\u0026WHERE-security from \"Scheduler-Independent Declassification\" by Lux, Mantel, and Perner. The formalization includes compositionality proofs for and a soundness proof for a security type system that checks for programs in a simple while language with dynamic thread creation. \u003cp\u003e Our formalization of the security type system is abstract in the language for expressions and in the semantic side conditions for expressions. It can easily be instantiated with different syntactic approximations for these side conditions. The soundness proof of such an instantiation boils down to showing that these syntactic approximations imply the semantic side conditions. \u003cp\u003e This Isabelle/HOL formalization uses theories from the entry Strong Security.",
"authors": [
"Sylvia Grewe",
"Alexander Lux",
"Heiko Mantel",
"Jens Sauer"
],
"date": "2014-04-23",
- "id": 536,
+ "id": 537,
"link": "/entries/WHATandWHERE_Security.html",
"permalink": "/entries/WHATandWHERE_Security.html",
"shortname": "WHATandWHERE_Security",
"title": "A Formalization of Declassification with WHAT-and-WHERE-Security",
"topic_links": [
"computer-science/security",
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Security",
"Computer science/Programming languages/Type systems"
],
"used_by": 0
},
{
"abstract": "Research in information-flow security aims at developing methods to identify undesired information leaks within programs from private sources to public sinks. Noninterference captures this intuition. Strong security from Sabelfeld and Sands formalizes noninterference for concurrent systems. \u003cp\u003e We present an Isabelle/HOL formalization of strong security for arbitrary security lattices (Sabelfeld and Sands use a two-element security lattice in the original publication). The formalization includes compositionality proofs for strong security and a soundness proof for a security type system that checks strong security for programs in a simple while language with dynamic thread creation. \u003cp\u003e Our formalization of the security type system is abstract in the language for expressions and in the semantic side conditions for expressions. It can easily be instantiated with different syntactic approximations for these side conditions. The soundness proof of such an instantiation boils down to showing that these syntactic approximations imply the semantic side conditions.",
"authors": [
"Sylvia Grewe",
"Alexander Lux",
"Heiko Mantel",
"Jens Sauer"
],
"date": "2014-04-23",
- "id": 537,
+ "id": 538,
"link": "/entries/Strong_Security.html",
"permalink": "/entries/Strong_Security.html",
"shortname": "Strong_Security",
"title": "A Formalization of Strong Security",
"topic_links": [
"computer-science/security",
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Security",
"Computer science/Programming languages/Type systems"
],
"used_by": 1
},
{
"abstract": "This is a formalization of bounded-deducibility security (BD security), a flexible notion of information-flow security applicable to arbitrary transition systems. It generalizes Sutherland's classic notion of nondeducibility by factoring in declassification bounds and trigger, whereas nondeducibility states that, in a system, information cannot flow between specified sources and sinks, BD security indicates upper bounds for the flow and triggers under which these upper bounds are no longer guaranteed.",
"authors": [
"Andrei Popescu",
"Peter Lammich",
"Thomas Bauereiss"
],
"date": "2014-04-22",
- "id": 538,
+ "id": 539,
"link": "/entries/Bounded_Deducibility_Security.html",
"permalink": "/entries/Bounded_Deducibility_Security.html",
"shortname": "Bounded_Deducibility_Security",
"title": "Bounded-Deducibility Security",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 3
},
{
"abstract": "We formalize HyperCTL*, a temporal logic for expressing security properties. We first define a shallow embedding of HyperCTL*, within which we prove inductive and coinductive rules for the operators. Then we show that a HyperCTL* formula captures Goguen-Meseguer noninterference, a landmark information flow property. We also define a deep embedding and connect it to the shallow embedding by a denotational semantics, for which we prove sanity w.r.t. dependence on the free variables. Finally, we show that under some finiteness assumptions about the model, noninterference is given by a (finitary) syntactic formula.",
"authors": [
"Markus N. Rabe",
"Peter Lammich",
"Andrei Popescu"
],
"date": "2014-04-16",
- "id": 539,
+ "id": 540,
"link": "/entries/HyperCTL.html",
"permalink": "/entries/HyperCTL.html",
"shortname": "HyperCTL",
"title": "A shallow embedding of HyperCTL*",
"topic_links": [
"computer-science/security",
"logic/general-logic/temporal-logic"
],
"topics": [
"Computer science/Security",
"Logic/General logic/Temporal logic"
],
"used_by": 0
},
{
"abstract": "A formalization of an abstract property of possibly infinite derivation trees (modeled by a codatatype), representing the core of a proof (in Beth/Hintikka style) of the first-order logic completeness theorem, independent of the concrete syntax or inference rules. This work is described in detail in the IJCAR 2014 publication by the authors. The abstract proof can be instantiated for a wide range of Gentzen and tableau systems as well as various flavors of FOL---e.g., with or without predicates, equality, or sorts. Here, we give only a toy example instantiation with classical propositional logic. A more serious instance---many-sorted FOL with equality---is described elsewhere [Blanchette and Popescu, FroCoS 2013].",
"authors": [
"Jasmin Christian Blanchette",
"Andrei Popescu",
"Dmitriy Traytel"
],
"date": "2014-04-16",
- "id": 540,
+ "id": 541,
"link": "/entries/Abstract_Completeness.html",
"permalink": "/entries/Abstract_Completeness.html",
"shortname": "Abstract_Completeness",
"title": "Abstract Completeness",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 4
},
{
"abstract": "These theories introduce basic concepts and proofs about discrete summation: shifts, formal summation, falling factorials and stirling numbers. As proof of concept, a simple summation conversion is provided.",
"authors": [
"Florian Haftmann"
],
"date": "2014-04-13",
- "id": 541,
+ "id": 542,
"link": "/entries/Discrete_Summation.html",
"permalink": "/entries/Discrete_Summation.html",
"shortname": "Discrete_Summation",
"title": "Discrete Summation",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 2
},
{
"abstract": "This document accompanies the article \"The Design and Implementation of a Verification Technique for GPU Kernels\" by Adam Betts, Nathan Chong, Alastair F. Donaldson, Jeroen Ketema, Shaz Qadeer, Paul Thomson and John Wickerson. It formalises all of the definitions provided in Sections 3 and 4 of the article.",
"authors": [
"John Wickerson"
],
"date": "2014-04-03",
- "id": 542,
+ "id": 543,
"link": "/entries/GPU_Kernel_PL.html",
"permalink": "/entries/GPU_Kernel_PL.html",
"shortname": "GPU_Kernel_PL",
"title": "Syntax and semantics of a GPU kernel programming language",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "We formalize a probabilistic noninterference for a multi-threaded language with uniform scheduling, where probabilistic behaviour comes from both the scheduler and the individual threads. We define notions probabilistic noninterference in two variants: resumption-based and trace-based. For the resumption-based notions, we prove compositionality w.r.t. the language constructs and establish sound type-system-like syntactic criteria. This is a formalization of the mathematical development presented at CPP 2013 and CALCO 2013. It is the probabilistic variant of the Possibilistic Noninterference AFP entry.",
"authors": [
"Andrei Popescu",
"Johannes Hölzl"
],
"date": "2014-03-11",
- "id": 543,
+ "id": 544,
"link": "/entries/Probabilistic_Noninterference.html",
"permalink": "/entries/Probabilistic_Noninterference.html",
"shortname": "Probabilistic_Noninterference",
"title": "Probabilistic Noninterference",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e AWN is a process algebra developed for modelling and analysing protocols for Mobile Ad hoc Networks (MANETs) and Wireless Mesh Networks (WMNs). AWN models comprise five distinct layers: sequential processes, local parallel compositions, nodes, partial networks, and complete networks.\u003c/p\u003e \u003cp\u003e This development mechanises the original operational semantics of AWN and introduces a variant 'open' operational semantics that enables the compositional statement and proof of invariants across distinct network nodes. It supports labels (for weakening invariants) and (abstract) data state manipulations. A framework for compositional invariant proofs is developed, including a tactic (inv_cterms) for inductive invariant proofs of sequential processes, lifting rules for the open versions of the higher layers, and a rule for transferring lifted properties back to the standard semantics. A notion of 'control terms' reduces proof obligations to the subset of subterms that act directly (in contrast to operators for combining terms and joining processes).\u003c/p\u003e",
"authors": [
"Timothy Bourke"
],
"date": "2014-03-08",
- "id": 544,
+ "id": 545,
"link": "/entries/AWN.html",
"permalink": "/entries/AWN.html",
"shortname": "AWN",
"title": "Mechanization of the Algebra for Wireless Networks (AWN)",
"topic_links": [
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Concurrency/Process calculi"
],
"used_by": 1
},
{
"abstract": "We provide a wrapper around the partial-function command that supports mutual recursion.",
"authors": [
"René Thiemann"
],
"date": "2014-02-18",
- "id": 545,
+ "id": 546,
"link": "/entries/Partial_Function_MR.html",
"permalink": "/entries/Partial_Function_MR.html",
"shortname": "Partial_Function_MR",
"title": "Mutually Recursive Partial Functions",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 2
},
{
"abstract": "Random graphs are graphs with a fixed number of vertices, where each edge is present with a fixed probability. We are interested in the probability that a random graph contains a certain pattern, for example a cycle or a clique. A very high edge probability gives rise to perhaps too many edges (which degrades performance for many algorithms), whereas a low edge probability might result in a disconnected graph. We prove a theorem about a threshold probability such that a higher edge probability will asymptotically almost surely produce a random graph with the desired subgraph.",
"authors": [
"Lars Hupel"
],
"date": "2014-02-13",
- "id": 546,
+ "id": 547,
"link": "/entries/Random_Graph_Subgraph_Threshold.html",
"permalink": "/entries/Random_Graph_Subgraph_Threshold.html",
"shortname": "Random_Graph_Subgraph_Threshold",
"title": "Properties of Random Graphs -- Subgraph Containment",
"topic_links": [
"mathematics/graph-theory",
"mathematics/probability-theory"
],
"topics": [
"Mathematics/Graph theory",
"Mathematics/Probability theory"
],
"used_by": 1
},
{
"abstract": "Stepwise program refinement techniques can be used to simplify program verification. Programs are better understood since their main properties are clearly stated, and verification of rather complex algorithms is reduced to proving simple statements connecting successive program specifications. Additionally, it is easy to analyze similar algorithms and to compare their properties within a single formalization. Usually, formal analysis is not done in educational setting due to complexity of verification and a lack of tools and procedures to make comparison easy. Verification of an algorithm should not only give correctness proof, but also better understanding of an algorithm. If the verification is based on small step program refinement, it can become simple enough to be demonstrated within the university-level computer science curriculum. In this paper we demonstrate this and give a formal analysis of two well known algorithms (Selection Sort and Heap Sort) using proof assistant Isabelle/HOL and program refinement techniques.",
"authors": [
"Danijela Petrovic"
],
"date": "2014-02-11",
- "id": 547,
+ "id": 548,
"link": "/entries/Selection_Heap_Sort.html",
"permalink": "/entries/Selection_Heap_Sort.html",
"shortname": "Selection_Heap_Sort",
"title": "Verification of Selection and Heap Sort Using Locales",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "We give a formalization of affine forms as abstract representations of zonotopes. We provide affine operations as well as overapproximations of some non-affine operations like multiplication and division. Expressions involving those operations can automatically be turned into (executable) functions approximating the original expression in affine arithmetic.",
"authors": [
"Fabian Immler"
],
"date": "2014-02-07",
- "id": 548,
+ "id": 549,
"link": "/entries/Affine_Arithmetic.html",
"permalink": "/entries/Affine_Arithmetic.html",
"shortname": "Affine_Arithmetic",
"title": "Affine Arithmetic",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 2
},
{
"abstract": "We apply data refinement to implement the real numbers, where we support all numbers in the field extension Q[sqrt(b)], i.e., all numbers of the form p + q * sqrt(b) for rational numbers p and q and some fixed natural number b. To this end, we also developed algorithms to precisely compute roots of a rational number, and to perform a factorization of natural numbers which eliminates duplicate prime factors. \u003cp\u003e Our results have been used to certify termination proofs which involve polynomial interpretations over the reals.",
"authors": [
"René Thiemann"
],
"date": "2014-02-06",
- "id": 549,
+ "id": 550,
"link": "/entries/Real_Impl.html",
"permalink": "/entries/Real_Impl.html",
"shortname": "Real_Impl",
"title": "Implementing field extensions of the form Q[sqrt(b)]",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 2
},
{
"abstract": "We formalize a unified framework for verified decision procedures for regular expression equivalence. Five recently published formalizations of such decision procedures (three based on derivatives, two on marked regular expressions) can be obtained as instances of the framework. We discover that the two approaches based on marked regular expressions, which were previously thought to be the same, are different, and one seems to produce uniformly smaller automata. The common framework makes it possible to compare the performance of the different decision procedures in a meaningful way. ",
"authors": [
"Tobias Nipkow",
"Dmitriy Traytel"
],
"date": "2014-01-30",
- "id": 550,
+ "id": 551,
"link": "/entries/Regex_Equivalence.html",
"permalink": "/entries/Regex_Equivalence.html",
"shortname": "Regex_Equivalence",
"title": "Unified Decision Procedures for Regular Expression Equivalence",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "These theories extend the existing proof of the first Sylow theorem (written by Florian Kammueller and L. C. Paulson) by what are often called the second, third and fourth Sylow theorems. These theorems state propositions about the number of Sylow p-subgroups of a group and the fact that they are conjugate to each other. The proofs make use of an implementation of group actions and their properties.",
"authors": [
"Jakob von Raumer"
],
"date": "2014-01-28",
- "id": 551,
+ "id": 552,
"link": "/entries/Secondary_Sylow.html",
"permalink": "/entries/Secondary_Sylow.html",
"shortname": "Secondary_Sylow",
"title": "Secondary Sylow Theorems",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "Tarski's algebra of binary relations is formalised along the lines of the standard textbooks of Maddux and Schmidt and Ströhlein. This includes relation-algebraic concepts such as subidentities, vectors and a domain operation as well as various notions associated to functions. Relation algebras are also expanded by a reflexive transitive closure operation, and they are linked with Kleene algebras and models of binary relations and Boolean matrices.",
"authors": [
"Alasdair Armstrong",
"Simon Foster",
"Georg Struth",
"Tjark Weber"
],
"date": "2014-01-25",
- "id": 552,
+ "id": 553,
"link": "/entries/Relation_Algebra.html",
"permalink": "/entries/Relation_Algebra.html",
"shortname": "Relation_Algebra",
"title": "Relation Algebra",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "We formalise Kleene algebra with tests (KAT) and demonic refinement algebra (DRA) in Isabelle/HOL. KAT is relevant for program verification and correctness proofs in the partial correctness setting. While DRA targets similar applications in the context of total correctness. Our formalisation contains the two most important models of these algebras: binary relations in the case of KAT and predicate transformers in the case of DRA. In addition, we derive the inference rules for Hoare logic in KAT and its relational model and present a simple formally verified program verification tool prototype based on the algebraic approach.",
"authors": [
"Alasdair Armstrong",
"Victor B. F. Gomes",
"Georg Struth"
],
"date": "2014-01-23",
- "id": 553,
+ "id": 554,
"link": "/entries/KAT_and_DRA.html",
"permalink": "/entries/KAT_and_DRA.html",
"shortname": "KAT_and_DRA",
"title": "Kleene Algebra with Tests and Demonic Refinement Algebras",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/automata-and-formal-languages",
"mathematics/algebra"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Automata and formal languages",
"Mathematics/Algebra"
],
"used_by": 2
},
{
"abstract": "The Unified Modeling Language (UML) is one of the few modeling languages that is widely used in industry. While UML is mostly known as diagrammatic modeling language (e.g., visualizing class models), it is complemented by a textual language, called Object Constraint Language (OCL). The current version of OCL is based on a four-valued logic that turns UML into a formal language. Any type comprises the elements \"invalid\" and \"null\" which are propagated as strict and non-strict, respectively. Unfortunately, the former semi-formal semantics of this specification language, captured in the \"Annex A\" of the OCL standard, leads to different interpretations of corner cases. We formalize the core of OCL: denotational definitions, a logical calculus and operational rules that allow for the execution of OCL expressions by a mixture of term rewriting and code compilation. Our formalization reveals several inconsistencies and contradictions in the current version of the OCL standard. Overall, this document is intended to provide the basis for a machine-checked text \"Annex A\" of the OCL standard targeting at tool implementors.",
"authors": [
"Achim D. Brucker",
"Frédéric Tuong",
"Burkhart Wolff"
],
"date": "2014-01-16",
- "id": 554,
+ "id": 555,
"link": "/entries/Featherweight_OCL.html",
"permalink": "/entries/Featherweight_OCL.html",
"shortname": "Featherweight_OCL",
"title": "Featherweight OCL: A Proposal for a Machine-Checked Formal Semantics for OCL 2.5",
"topic_links": [
"computer-science/system-description-languages"
],
"topics": [
"Computer science/System description languages"
],
"used_by": 0
},
{
"abstract": "This paper presents an Isabelle/HOL set of theories which allows the specification of crypto-based components and the verification of their composition properties wrt. cryptographic aspects. We introduce a formalisation of the security property of data secrecy, the corresponding definitions and proofs. Please note that here we import the Isabelle/HOL theory ListExtras.thy, presented in the AFP entry FocusStreamsCaseStudies-AFP.",
"authors": [
"Maria Spichkova"
],
"date": "2014-01-11",
- "id": 555,
+ "id": 556,
"link": "/entries/CryptoBasedCompositionalProperties.html",
"permalink": "/entries/CryptoBasedCompositionalProperties.html",
"shortname": "CryptoBasedCompositionalProperties",
"title": "Compositional Properties of Crypto-Based Components",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "Sturm's Theorem states that polynomial sequences with certain properties, so-called Sturm sequences, can be used to count the number of real roots of a real polynomial. This work contains a proof of Sturm's Theorem and code for constructing Sturm sequences efficiently. It also provides the “sturm” proof method, which can decide certain statements about the roots of real polynomials, such as “the polynomial P has exactly n roots in the interval I” or “P(x) \u003e Q(x) for all x \u0026#8712; \u0026#8477;”.",
"authors": [
"Manuel Eberl"
],
"date": "2014-01-11",
- "id": 556,
+ "id": 557,
"link": "/entries/Sturm_Sequences.html",
"permalink": "/entries/Sturm_Sequences.html",
"shortname": "Sturm_Sequences",
"title": "Sturm's Theorem",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 4
},
{
"abstract": "\u003cp\u003e Tail-recursive function definitions are sometimes more straightforward than alternatives, but proving theorems on them may be roundabout because of the peculiar form of the resulting recursion induction rules. \u003c/p\u003e\u003cp\u003e This paper describes a proof method that provides a general solution to this problem by means of suitable invariants over inductive sets, and illustrates the application of such method by examining two case studies. \u003c/p\u003e",
"authors": [
"Pasquale Noce"
],
"date": "2013-12-01",
- "id": 557,
+ "id": 558,
"link": "/entries/Tail_Recursive_Functions.html",
"permalink": "/entries/Tail_Recursive_Functions.html",
"shortname": "Tail_Recursive_Functions",
"title": "A General Method for the Proof of Theorems on Tail-recursive Functions",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "Gödel's two incompleteness theorems are formalised, following a careful \u003ca href=\"http://journals.impan.gov.pl/dm/Inf/422-0-1.html\"\u003epresentation\u003c/a\u003e by Swierczkowski, in the theory of \u003ca href=\"HereditarilyFinite.html\"\u003ehereditarily finite sets\u003c/a\u003e. This represents the first ever machine-assisted proof of the second incompleteness theorem. Compared with traditional formalisations using Peano arithmetic (see e.g. Boolos), coding is simpler, with no need to formalise the notion of multiplication (let alone that of a prime number) in the formalised calculus upon which the theorem is based. However, other technical problems had to be solved in order to complete the argument.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2013-11-17",
- "id": 558,
+ "id": 559,
"link": "/entries/Incompleteness.html",
"permalink": "/entries/Incompleteness.html",
"shortname": "Incompleteness",
"title": "Gödel's Incompleteness Theorems",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 2
},
{
"abstract": "The theory of hereditarily finite sets is formalised, following the \u003ca href=\"http://journals.impan.gov.pl/dm/Inf/422-0-1.html\"\u003edevelopment\u003c/a\u003e of Swierczkowski. An HF set is a finite collection of other HF sets; they enjoy an induction principle and satisfy all the axioms of ZF set theory apart from the axiom of infinity, which is negated. All constructions that are possible in ZF set theory (Cartesian products, disjoint sums, natural numbers, functions) without using infinite sets are possible here. The definition of addition for the HF sets follows Kirby. This development forms the foundation for the Isabelle proof of Gödel's incompleteness theorems, which has been \u003ca href=\"Incompleteness.html\"\u003eformalised separately\u003c/a\u003e.",
"authors": [
"Lawrence C. Paulson"
],
"date": "2013-11-17",
- "id": 559,
+ "id": 560,
"link": "/entries/HereditarilyFinite.html",
"permalink": "/entries/HereditarilyFinite.html",
"shortname": "HereditarilyFinite",
"title": "The Hereditarily Finite Sets",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 4
},
{
"abstract": "\u003cp\u003eWe define formal languages as a codataype of infinite trees branching over the alphabet. Each node in such a tree indicates whether the path to this node constitutes a word inside or outside of the language. This codatatype is isormorphic to the set of lists representation of languages, but caters for definitions by corecursion and proofs by coinduction.\u003c/p\u003e \u003cp\u003eRegular operations on languages are then defined by primitive corecursion. A difficulty arises here, since the standard definitions of concatenation and iteration from the coalgebraic literature are not primitively corecursive-they require guardedness up-to union/concatenation. Without support for up-to corecursion, these operation must be defined as a composition of primitive ones (and proved being equal to the standard definitions). As an exercise in coinduction we also prove the axioms of Kleene algebra for the defined regular operations.\u003c/p\u003e \u003cp\u003eFurthermore, a language for context-free grammars given by productions in Greibach normal form and an initial nonterminal is constructed by primitive corecursion, yielding an executable decision procedure for the word problem without further ado.\u003c/p\u003e",
"authors": [
"Dmitriy Traytel"
],
"date": "2013-11-15",
- "id": 560,
+ "id": 561,
"link": "/entries/Coinductive_Languages.html",
"permalink": "/entries/Coinductive_Languages.html",
"shortname": "Coinductive_Languages",
"title": "A Codatatype of Formal Languages",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 1
},
{
"abstract": "This set of theories presents an Isabelle/HOL formalisation of stream processing components introduced in Focus, a framework for formal specification and development of interactive systems. This is an extended and updated version of the formalisation, which was elaborated within the methodology \"Focus on Isabelle\". In addition, we also applied the formalisation on three case studies that cover different application areas: process control (Steam Boiler System), data transmission (FlexRay communication protocol), memory and processing components (Automotive-Gateway System).",
"authors": [
"Maria Spichkova"
],
"date": "2013-11-14",
- "id": 561,
+ "id": 562,
"link": "/entries/FocusStreamsCaseStudies.html",
"permalink": "/entries/FocusStreamsCaseStudies.html",
"shortname": "FocusStreamsCaseStudies",
"title": "Stream Processing Components: Isabelle/HOL Formalisation and Case Studies",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "Dana Scott's version of Gödel's proof of God's existence is formalized in quantified modal logic KB (QML KB). QML KB is modeled as a fragment of classical higher-order logic (HOL); thus, the formalization is essentially a formalization in HOL.",
"authors": [
"Christoph Benzmüller",
"Bruno Woltzenlogel Paleo"
],
"date": "2013-11-12",
- "id": 562,
+ "id": 563,
"link": "/entries/GoedelGod.html",
"permalink": "/entries/GoedelGod.html",
"shortname": "GoedelGod",
"title": "Gödel's God in Isabelle/HOL",
"topic_links": [
"logic/philosophical-aspects"
],
"topics": [
"Logic/Philosophical aspects"
],
"used_by": 0
},
{
"abstract": "This theory contains a formalization of decreasing diagrams showing that any locally decreasing abstract rewrite system is confluent. We consider the valley (van Oostrom, TCS 1994) and the conversion version (van Oostrom, RTA 2008) and closely follow the original proofs. As an application we prove Newman's lemma.",
"authors": [
"Harald Zankl"
],
"date": "2013-11-01",
- "id": 563,
+ "id": 564,
"link": "/entries/Decreasing-Diagrams.html",
"permalink": "/entries/Decreasing-Diagrams.html",
"shortname": "Decreasing-Diagrams",
"title": "Decreasing Diagrams",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 0
},
{
"abstract": "We present the Autoref tool for Isabelle/HOL, which automatically refines algorithms specified over abstract concepts like maps and sets to algorithms over concrete implementations like red-black-trees, and produces a refinement theorem. It is based on ideas borrowed from relational parametricity due to Reynolds and Wadler. The tool allows for rapid prototyping of verified, executable algorithms. Moreover, it can be configured to fine-tune the result to the user~s needs. Our tool is able to automatically instantiate generic algorithms, which greatly simplifies the implementation of executable data structures. \u003cp\u003e This AFP-entry provides the basic tool, which is then used by the Refinement and Collection Framework to provide automatic data refinement for the nondeterminism monad and various collection datastructures.",
"authors": [
"Peter Lammich"
],
"date": "2013-10-02",
- "id": 564,
+ "id": 565,
"link": "/entries/Automatic_Refinement.html",
"permalink": "/entries/Automatic_Refinement.html",
"shortname": "Automatic_Refinement",
"title": "Automatic Data Refinement",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 10
},
{
"abstract": "This entry makes machine words and machine arithmetic available for code generation from Isabelle/HOL. It provides a common abstraction that hides the differences between the different target languages. The code generator maps these operations to the APIs of the target languages. Apart from that, we extend the available bit operations on types int and integer, and map them to the operations in the target languages.",
"authors": [
"Andreas Lochbihler"
],
"date": "2013-09-17",
- "id": 565,
+ "id": 566,
"link": "/entries/Native_Word.html",
"permalink": "/entries/Native_Word.html",
"shortname": "Native_Word",
"title": "Native Word",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 10
},
{
"abstract": "This development provides a formal model of IEEE-754 floating-point arithmetic. This formalization, including formal specification of the standard and proofs of important properties of floating-point arithmetic, forms the foundation for verifying programs with floating-point computation. There is also a code generation setup for floats so that we can execute programs using this formalization in functional programming languages.",
"authors": [
"Lei Yu"
],
"date": "2013-07-27",
- "id": 566,
+ "id": 567,
"link": "/entries/IEEE_Floating_Point.html",
"permalink": "/entries/IEEE_Floating_Point.html",
"shortname": "IEEE_Floating_Point",
"title": "A Formal Model of IEEE Floating Point Arithmetic",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 2
},
{
"abstract": "In 1927, Lehmer presented criterions for primality, based on the converse of Fermat's litte theorem. This work formalizes the second criterion from Lehmer's paper, a necessary and sufficient condition for primality. \u003cp\u003e As a side product we formalize some properties of Euler's phi-function, the notion of the order of an element of a group, and the cyclicity of the multiplicative group of a finite field.",
"authors": [
"Simon Wimmer",
"Lars Noschinski"
],
"date": "2013-07-22",
- "id": 567,
+ "id": 568,
"link": "/entries/Lehmer.html",
"permalink": "/entries/Lehmer.html",
"shortname": "Lehmer",
"title": "Lehmer's Theorem",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 1
},
{
"abstract": "In 1975, Pratt introduced a proof system for certifying primes. He showed that a number \u003ci\u003ep\u003c/i\u003e is prime iff a primality certificate for \u003ci\u003ep\u003c/i\u003e exists. By showing a logarithmic upper bound on the length of the certificates in size of the prime number, he concluded that the decision problem for prime numbers is in NP. This work formalizes soundness and completeness of Pratt's proof system as well as an upper bound for the size of the certificate.",
"authors": [
"Simon Wimmer",
"Lars Noschinski"
],
"date": "2013-07-22",
- "id": 568,
+ "id": 569,
"link": "/entries/Pratt_Certificate.html",
"permalink": "/entries/Pratt_Certificate.html",
"shortname": "Pratt_Certificate",
"title": "Pratt's Primality Certificates",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 2
},
{
"abstract": "This development provides a formalization of undirected graphs and simple graphs, which are based on Benedikt Nordhoff and Peter Lammich's simple formalization of labelled directed graphs in the archive. Then, with our formalization of graphs, we show both necessary and sufficient conditions for Eulerian trails and circuits as well as the fact that the Königsberg Bridge Problem does not have a solution. In addition, we show the Friendship Theorem in simple graphs.",
"authors": [
"Wenda Li"
],
"date": "2013-07-19",
- "id": 569,
+ "id": 570,
"link": "/entries/Koenigsberg_Friendship.html",
"permalink": "/entries/Koenigsberg_Friendship.html",
"shortname": "Koenigsberg_Friendship",
"title": "The Königsberg Bridge Problem and the Friendship Theorem",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "This is a formalization of the soundness and completeness properties for various efficient encodings of sorts in unsorted first-order logic used by Isabelle's Sledgehammer tool. \u003cp\u003e Essentially, the encodings proceed as follows: a many-sorted problem is decorated with (as few as possible) tags or guards that make the problem monotonic; then sorts can be soundly erased. \u003cp\u003e The development employs a formalization of many-sorted first-order logic in clausal form (clauses, structures and the basic properties of the satisfaction relation), which could be of interest as the starting point for other formalizations of first-order logic metatheory.",
"authors": [
"Jasmin Christian Blanchette",
"Andrei Popescu"
],
"date": "2013-06-27",
- "id": 570,
+ "id": 571,
"link": "/entries/Sort_Encodings.html",
"permalink": "/entries/Sort_Encodings.html",
"shortname": "Sort_Encodings",
"title": "Sound and Complete Sort Encodings for First-Order Logic",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "This theory is split into two sections. In the first section, we give a formal proof that a well-known axiomatic characterization of the single-source shortest path problem is correct. Namely, we prove that in a directed graph with a non-negative cost function on the edges the single-source shortest path function is the only function that satisfies a set of four axioms. In the second section, we give a formal proof of the correctness of an axiomatic characterization of the single-source shortest path problem for directed graphs with general cost functions. The axioms here are more involved because we have to account for potential negative cycles in the graph. The axioms are summarized in three Isabelle locales.",
"authors": [
"Christine Rizkallah"
],
"date": "2013-05-22",
- "id": 571,
+ "id": 572,
"link": "/entries/ShortestPath.html",
"permalink": "/entries/ShortestPath.html",
"shortname": "ShortestPath",
"title": "An Axiomatic Characterization of the Single-Source Shortest Path Problem",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "This development provides a formalization of directed graphs, supporting (labelled) multi-edges and infinite graphs. A polymorphic edge type allows edges to be treated as pairs of vertices, if multi-edges are not required. Formalized properties are i.a. walks (and related concepts), connectedness and subgraphs and basic properties of isomorphisms. \u003cp\u003e This formalization is used to prove characterizations of Euler Trails, Shortest Paths and Kuratowski subgraphs.",
"authors": [
"Lars Noschinski"
],
"date": "2013-04-28",
- "id": 572,
+ "id": 573,
"link": "/entries/Graph_Theory.html",
"permalink": "/entries/Graph_Theory.html",
"shortname": "Graph_Theory",
"title": "Graph Theory",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
- "used_by": 4
+ "used_by": 5
},
{
"abstract": "This development provides a framework for container types like sets and maps such that generated code implements these containers with different (efficient) data structures. Thanks to type classes and refinement during code generation, this light-weight approach can seamlessly replace Isabelle's default setup for code generation. Heuristics automatically pick one of the available data structures depending on the type of elements to be stored, but users can also choose on their own. The extensible design permits to add more implementations at any time. \u003cp\u003e To support arbitrary nesting of sets, we define a linear order on sets based on a linear order of the elements and provide efficient implementations. It even allows to compare complements with non-complements.",
"authors": [
"Andreas Lochbihler"
],
"date": "2013-04-15",
- "id": 573,
+ "id": 574,
"link": "/entries/Containers.html",
"permalink": "/entries/Containers.html",
"shortname": "Containers",
"title": "Light-weight Containers",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 8
},
{
"abstract": "\u003cp\u003eDealing with binders, renaming of bound variables, capture-avoiding substitution, etc., is very often a major problem in formal proofs, especially in proofs by structural and rule induction. Nominal Isabelle is designed to make such proofs easy to formalise: it provides an infrastructure for declaring nominal datatypes (that is alpha-equivalence classes) and for defining functions over them by structural recursion. It also provides induction principles that have Barendregt’s variable convention already built in. \u003c/p\u003e\u003cp\u003e This entry can be used as a more advanced replacement for HOL/Nominal in the Isabelle distribution. \u003c/p\u003e",
"authors": [
"Christian Urban",
"Stefan Berghofer",
"Cezary Kaliszyk"
],
"date": "2013-02-21",
- "id": 574,
+ "id": 575,
"link": "/entries/Nominal2.html",
"permalink": "/entries/Nominal2.html",
"shortname": "Nominal2",
"title": "Nominal 2",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 8
},
{
"abstract": "In his seminal paper \"Natural Semantics for Lazy Evaluation\", John Launchbury proves his semantics correct with respect to a denotational semantics, and outlines an adequacy proof. We have formalized both semantics and machine-checked the correctness proof, clarifying some details. Furthermore, we provide a new and more direct adequacy proof that does not require intermediate operational semantics.",
"authors": [
"Joachim Breitner"
],
"date": "2013-01-31",
- "id": 575,
+ "id": 576,
"link": "/entries/Launchbury.html",
"permalink": "/entries/Launchbury.html",
"shortname": "Launchbury",
"title": "The Correctness of Launchbury's Natural Semantics for Lazy Evaluation",
"topic_links": [
"computer-science/programming-languages/lambda-calculi",
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Programming languages/Lambda calculi",
"Computer science/Semantics and reasoning"
],
"used_by": 1
},
{
"abstract": "This document concerns the theory of ribbon proofs: a diagrammatic proof system, based on separation logic, for verifying program correctness. We include the syntax, proof rules, and soundness results for two alternative formalisations of ribbon proofs. \u003cp\u003e Compared to traditional proof outlines, ribbon proofs emphasise the structure of a proof, so are intelligible and pedagogical. Because they contain less redundancy than proof outlines, and allow each proof step to be checked locally, they may be more scalable. Where proof outlines are cumbersome to modify, ribbon proofs can be visually manoeuvred to yield proofs of variant programs.",
"authors": [
"John Wickerson"
],
"date": "2013-01-19",
- "id": 576,
+ "id": 577,
"link": "/entries/Ribbon_Proofs.html",
"permalink": "/entries/Ribbon_Proofs.html",
"shortname": "Ribbon_Proofs",
"title": "Ribbon Proofs",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "In this contribution, we present some formalizations based on the HOL-Multivariate-Analysis session of Isabelle. Firstly, a generalization of several theorems of such library are presented. Secondly, some definitions and proofs involving Linear Algebra and the four fundamental subspaces of a matrix are shown. Finally, we present a proof of the result known in Linear Algebra as the ``Rank-Nullity Theorem'', which states that, given any linear map f from a finite dimensional vector space V to a vector space W, then the dimension of V is equal to the dimension of the kernel of f (which is a subspace of V) and the dimension of the range of f (which is a subspace of W). The proof presented here is based on the one given by Sheldon Axler in his book \u003ci\u003eLinear Algebra Done Right\u003c/i\u003e. As a corollary of the previous theorem, and taking advantage of the relationship between linear maps and matrices, we prove that, for every matrix A (which has associated a linear map between finite dimensional vector spaces), the sum of its null space and its column space (which is equal to the range of the linear map) is equal to the number of columns of A.",
"authors": [
"Jose Divasón",
"Jesús Aransay"
],
"date": "2013-01-16",
- "id": 577,
+ "id": 578,
"link": "/entries/Rank_Nullity_Theorem.html",
"permalink": "/entries/Rank_Nullity_Theorem.html",
"shortname": "Rank_Nullity_Theorem",
"title": "Rank-Nullity Theorem in Linear Algebra",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 4
},
{
"abstract": "These files contain a formalisation of variants of Kleene algebras and their most important models as axiomatic type classes in Isabelle/HOL. Kleene algebras are foundational structures in computing with applications ranging from automata and language theory to computational modeling, program construction and verification. \u003cp\u003e We start with formalising dioids, which are additively idempotent semirings, and expand them by axiomatisations of the Kleene star for finite iteration and an omega operation for infinite iteration. We show that powersets over a given monoid, (regular) languages, sets of paths in a graph, sets of computation traces, binary relations and formal power series form Kleene algebras, and consider further models based on lattices, max-plus semirings and min-plus semirings. We also demonstrate that dioids are closed under the formation of matrices (proofs for Kleene algebras remain to be completed). \u003cp\u003e On the one hand we have aimed at a reference formalisation of variants of Kleene algebras that covers a wide range of variants and the core theorems in a structured and modular way and provides readable proofs at text book level. On the other hand, we intend to use this algebraic hierarchy and its models as a generic algebraic middle-layer from which programming applications can quickly be explored, implemented and verified.",
"authors": [
"Alasdair Armstrong",
"Georg Struth",
"Tjark Weber"
],
"date": "2013-01-15",
- "id": 578,
+ "id": 579,
"link": "/entries/Kleene_Algebra.html",
"permalink": "/entries/Kleene_Algebra.html",
"shortname": "Kleene_Algebra",
"title": "Kleene Algebra",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/automata-and-formal-languages",
"mathematics/algebra"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Automata and formal languages",
"Mathematics/Algebra"
],
"used_by": 6
},
{
"abstract": "We implement the Babylonian method to compute n-th roots of numbers. We provide precise algorithms for naturals, integers and rationals, and offer an approximation algorithm for square roots over linear ordered fields. Moreover, there are precise algorithms to compute the floor and the ceiling of n-th roots.",
"authors": [
"René Thiemann"
],
"date": "2013-01-03",
- "id": 579,
+ "id": 580,
"link": "/entries/Sqrt_Babylonian.html",
"permalink": "/entries/Sqrt_Babylonian.html",
"shortname": "Sqrt_Babylonian",
"title": "Computing N-th Roots using the Babylonian Method",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 4
},
{
"abstract": "We provide a framework for separation-logic based correctness proofs of Imperative HOL programs. Our framework comes with a set of proof methods to automate canonical tasks such as verification condition generation and frame inference. Moreover, we provide a set of examples that show the applicability of our framework. The examples include algorithms on lists, hash-tables, and union-find trees. We also provide abstract interfaces for lists, maps, and sets, that allow to develop generic imperative algorithms and use data-refinement techniques. \u003cbr\u003e As we target Imperative HOL, our programs can be translated to efficiently executable code in various target languages, including ML, OCaml, Haskell, and Scala.",
"authors": [
"Peter Lammich",
"Rene Meis"
],
"date": "2012-11-14",
- "id": 580,
+ "id": 581,
"link": "/entries/Separation_Logic_Imperative_HOL.html",
"permalink": "/entries/Separation_Logic_Imperative_HOL.html",
"shortname": "Separation_Logic_Imperative_HOL",
"title": "A Separation Logic Framework for Imperative HOL",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 2
},
{
"abstract": "A proof of the open induction schema based on J.-C. Raoult, Proving open properties by induction, \u003ci\u003eInformation Processing Letters\u003c/i\u003e 29, 1988, pp.19-23. \u003cp\u003eThis research was supported by the Austrian Science Fund (FWF): J3202.\u003c/p\u003e",
"authors": [
"Mizuhito Ogawa",
"Christian Sternagel"
],
"date": "2012-11-02",
- "id": 581,
+ "id": 582,
"link": "/entries/Open_Induction.html",
"permalink": "/entries/Open_Induction.html",
"shortname": "Open_Induction",
"title": "Open Induction",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 4
},
{
"abstract": "Tarski's axioms of plane geometry are formalized and, using the standard real Cartesian model, shown to be consistent. A substantial theory of the projective plane is developed. Building on this theory, the Klein-Beltrami model of the hyperbolic plane is defined and shown to satisfy all of Tarski's axioms except his Euclidean axiom; thus Tarski's Euclidean axiom is shown to be independent of his other axioms of plane geometry. \u003cp\u003e An earlier version of this work was the subject of the author's \u003ca href=\"http://researcharchive.vuw.ac.nz/handle/10063/2315\"\u003eMSc thesis\u003c/a\u003e, which contains natural-language explanations of some of the more interesting proofs.",
"authors": [
"T. J. M. Makarios"
],
"date": "2012-10-30",
- "id": 582,
+ "id": 583,
"link": "/entries/Tarskis_Geometry.html",
"permalink": "/entries/Tarskis_Geometry.html",
"shortname": "Tarskis_Geometry",
"title": "The independence of Tarski's Euclidean axiom",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "A proof of Bondy's theorem following B. Bollabas, Combinatorics, 1986, Cambridge University Press.",
"authors": [
"Jeremy Avigad",
"Stefan Hetzl"
],
"date": "2012-10-27",
- "id": 583,
+ "id": 584,
"link": "/entries/Bondy.html",
"permalink": "/entries/Bondy.html",
"shortname": "Bondy",
"title": "Bondy's Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "We formalize a wide variety of Volpano/Smith-style noninterference notions for a while language with parallel composition. We systematize and classify these notions according to compositionality w.r.t. the language constructs. Compositionality yields sound syntactic criteria (a.k.a. type systems) in a uniform way. \u003cp\u003e An \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/cpp12.html\"\u003earticle\u003c/a\u003e about these proofs is published in the proceedings of the conference Certified Programs and Proofs 2012.",
"authors": [
"Andrei Popescu",
"Johannes Hölzl"
],
"date": "2012-09-10",
- "id": 584,
+ "id": 585,
"link": "/entries/Possibilistic_Noninterference.html",
"permalink": "/entries/Possibilistic_Noninterference.html",
"shortname": "Possibilistic_Noninterference",
"title": "Possibilistic Noninterference",
"topic_links": [
"computer-science/security",
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Security",
"Computer science/Programming languages/Type systems"
],
"used_by": 0
},
{
"abstract": "We provide a framework for registering automatic methods to derive class instances of datatypes, as it is possible using Haskell's ``deriving Ord, Show, ...'' feature. \u003cp\u003e We further implemented such automatic methods to derive (linear) orders or hash-functions which are required in the Isabelle Collection Framework. Moreover, for the tactic of Huffman and Krauss to show that a datatype is countable, we implemented a wrapper so that this tactic becomes accessible in our framework. \u003cp\u003e Our formalization was performed as part of the \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eIsaFoR/CeTA\u003c/a\u003e project. With our new tactic we could completely remove tedious proofs for linear orders of two datatypes. \u003cp\u003e This development is aimed at datatypes generated by the \"old_datatype\" command.",
"authors": [
"René Thiemann"
],
"date": "2012-08-07",
- "id": 585,
+ "id": 586,
"link": "/entries/Datatype_Order_Generator.html",
"permalink": "/entries/Datatype_Order_Generator.html",
"shortname": "Datatype_Order_Generator",
"title": "Generating linear orders for datatypes",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 4
},
{
"abstract": "Squaring the circle, doubling the cube and trisecting an angle, using a compass and straightedge alone, are classic unsolved problems first posed by the ancient Greeks. All three problems were proved to be impossible in the 19th century. The following document presents the proof of the impossibility of solving the latter two problems using Isabelle/HOL, following a proof by Carrega. The proof uses elementary methods: no Galois theory or field extensions. The set of points constructible using a compass and straightedge is defined inductively. Radical expressions, which involve only square roots and arithmetic of rational numbers, are defined, and we find that all constructive points have radical coordinates. Finally, doubling the cube and trisecting certain angles requires solving certain cubic equations that can be proved to have no rational roots. The Isabelle proofs require a great many detailed calculations.",
"authors": [
"Ralph Romanos",
"Lawrence C. Paulson"
],
"date": "2012-08-05",
- "id": 586,
+ "id": 587,
"link": "/entries/Impossible_Geometry.html",
"permalink": "/entries/Impossible_Geometry.html",
"shortname": "Impossible_Geometry",
"title": "Proving the Impossibility of Trisecting an Angle and Doubling the Cube",
"topic_links": [
"mathematics/algebra",
"mathematics/geometry"
],
"topics": [
"Mathematics/Algebra",
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "Distributed computing is inherently based on replication, promising increased tolerance to failures of individual computing nodes or communication channels. Realizing this promise, however, involves quite subtle algorithmic mechanisms, and requires precise statements about the kinds and numbers of faults that an algorithm tolerates (such as process crashes, communication faults or corrupted values). The landmark theorem due to Fischer, Lynch, and Paterson shows that it is impossible to achieve Consensus among N asynchronously communicating nodes in the presence of even a single permanent failure. Existing solutions must rely on assumptions of \"partial synchrony\". \u003cp\u003e Indeed, there have been numerous misunderstandings on what exactly a given algorithm is supposed to realize in what kinds of environments. Moreover, the abundance of subtly different computational models complicates comparisons between different algorithms. Charron-Bost and Schiper introduced the Heard-Of model for representing algorithms and failure assumptions in a uniform framework, simplifying comparisons between algorithms. \u003cp\u003e In this contribution, we represent the Heard-Of model in Isabelle/HOL. We define two semantics of runs of algorithms with different unit of atomicity and relate these through a reduction theorem that allows us to verify algorithms in the coarse-grained semantics (where proofs are easier) and infer their correctness for the fine-grained one (which corresponds to actual executions). We instantiate the framework by verifying six Consensus algorithms that differ in the underlying algorithmic mechanisms and the kinds of faults they tolerate.",
"authors": [
"Henri Debrat",
"Stephan Merz"
],
"date": "2012-07-27",
- "id": 587,
+ "id": 588,
"link": "/entries/Heard_Of.html",
"permalink": "/entries/Heard_Of.html",
"shortname": "Heard_Of",
"title": "Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 1
},
{
"abstract": "We apply Andy Pitts's methods of defining relations over domains to several classical results in the literature. We show that the Y combinator coincides with the domain-theoretic fixpoint operator, that parallel-or and the Plotkin existential are not definable in PCF, that the continuation semantics for PCF coincides with the direct semantics, and that our domain-theoretic semantics for PCF is adequate for reasoning about contextual equivalence in an operational semantics. Our version of PCF is untyped and has both strict and non-strict function abstractions. The development is carried out in HOLCF.",
"authors": [
"Peter Gammie"
],
"date": "2012-07-01",
- "id": 588,
+ "id": 589,
"link": "/entries/PCF.html",
"permalink": "/entries/PCF.html",
"shortname": "PCF",
"title": "Logical Relations for PCF",
"topic_links": [
"computer-science/programming-languages/lambda-calculi"
],
"topics": [
"Computer science/Programming languages/Lambda calculi"
],
"used_by": 0
},
{
"abstract": "These theories contain a formalization of first class type constructors and axiomatic constructor classes for HOLCF. This work is described in detail in the ICFP 2012 paper \u003ci\u003eFormal Verification of Monad Transformers\u003c/i\u003e by the author. The formalization is a revised and updated version of earlier joint work with Matthews and White. \u003cP\u003e Based on the hierarchy of type classes in Haskell, we define classes for functors, monads, monad-plus, etc. Each one includes all the standard laws as axioms. We also provide a new user command, tycondef, for defining new type constructors in HOLCF. Using tycondef, we instantiate the type class hierarchy with various monads and monad transformers.",
"authors": [
"Brian Huffman"
],
"date": "2012-06-26",
- "id": 589,
+ "id": 590,
"link": "/entries/Tycon.html",
"permalink": "/entries/Tycon.html",
"shortname": "Tycon",
"title": "Type Constructor Classes and Monad Transformers",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "We formalise a large portion of CCS as described in Milner's book 'Communication and Concurrency' using the nominal datatype package in Isabelle. Our results include many of the standard theorems of bisimulation equivalence and congruence, for both weak and strong versions. One main goal of this formalisation is to keep the machine-checked proofs as close to their pen-and-paper counterpart as possible. \u003cp\u003e This entry is described in detail in \u003ca href=\"http://www.itu.dk/people/jebe/files/thesis.pdf\"\u003eBengtson's thesis\u003c/a\u003e.",
"authors": [
"Jesper Bengtson"
],
"date": "2012-05-29",
- "id": 590,
+ "id": 591,
"link": "/entries/CCS.html",
"permalink": "/entries/CCS.html",
"shortname": "CCS",
"title": "CCS in nominal logic",
"topic_links": [
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Concurrency/Process calculi"
],
"used_by": 0
},
{
"abstract": "Psi-calculi are extensions of the pi-calculus, accommodating arbitrary nominal datatypes to represent not only data but also communication channels, assertions and conditions, giving it an expressive power beyond the applied pi-calculus and the concurrent constraint pi-calculus. \u003cp\u003e We have formalised psi-calculi in the interactive theorem prover Isabelle using its nominal datatype package. One distinctive feature is that the framework needs to treat binding sequences, as opposed to single binders, in an efficient way. While different methods for formalising single binder calculi have been proposed over the last decades, representations for such binding sequences are not very well explored. \u003cp\u003e The main effort in the formalisation is to keep the machine checked proofs as close to their pen-and-paper counterparts as possible. This includes treating all binding sequences as atomic elements, and creating custom induction and inversion rules that to remove the bulk of manual alpha-conversions. \u003cp\u003e This entry is described in detail in \u003ca href=\"http://www.itu.dk/people/jebe/files/thesis.pdf\"\u003eBengtson's thesis\u003c/a\u003e.",
"authors": [
"Jesper Bengtson"
],
"date": "2012-05-29",
- "id": 591,
+ "id": 592,
"link": "/entries/Psi_Calculi.html",
"permalink": "/entries/Psi_Calculi.html",
"shortname": "Psi_Calculi",
"title": "Psi-calculi in Isabelle",
"topic_links": [
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Concurrency/Process calculi"
],
"used_by": 0
},
{
"abstract": "We formalise the pi-calculus using the nominal datatype package, based on ideas from the nominal logic by Pitts et al., and demonstrate an implementation in Isabelle/HOL. The purpose is to derive powerful induction rules for the semantics in order to conduct machine checkable proofs, closely following the intuitive arguments found in manual proofs. In this way we have covered many of the standard theorems of bisimulation equivalence and congruence, both late and early, and both strong and weak in a uniform manner. We thus provide one of the most extensive formalisations of a the pi-calculus ever done inside a theorem prover. \u003cp\u003e A significant gain in our formulation is that agents are identified up to alpha-equivalence, thereby greatly reducing the arguments about bound names. This is a normal strategy for manual proofs about the pi-calculus, but that kind of hand waving has previously been difficult to incorporate smoothly in an interactive theorem prover. We show how the nominal logic formalism and its support in Isabelle accomplishes this and thus significantly reduces the tedium of conducting completely formal proofs. This improves on previous work using weak higher order abstract syntax since we do not need extra assumptions to filter out exotic terms and can keep all arguments within a familiar first-order logic. \u003cp\u003e This entry is described in detail in \u003ca href=\"http://www.itu.dk/people/jebe/files/thesis.pdf\"\u003eBengtson's thesis\u003c/a\u003e.",
"authors": [
"Jesper Bengtson"
],
"date": "2012-05-29",
- "id": 592,
+ "id": 593,
"link": "/entries/Pi_Calculus.html",
"permalink": "/entries/Pi_Calculus.html",
"shortname": "Pi_Calculus",
"title": "The pi-calculus in nominal logic",
"topic_links": [
"computer-science/concurrency/process-calculi"
],
"topics": [
"Computer science/Concurrency/Process calculi"
],
"used_by": 0
},
{
"abstract": "The Circus specification language combines elements for complex data and behavior specifications, using an integration of Z and CSP with a refinement calculus. Its semantics is based on Hoare and He's Unifying Theories of Programming (UTP). Isabelle/Circus is a formalization of the UTP and the Circus language in Isabelle/HOL. It contains proof rules and tactic support that allows for proofs of refinement for Circus processes (involving both data and behavioral aspects). \u003cp\u003e The Isabelle/Circus environment supports a syntax for the semantic definitions which is close to textbook presentations of Circus. This article contains an extended version of corresponding VSTTE Paper together with the complete formal development of its underlying commented theories.",
"authors": [
"Abderrahmane Feliachi",
"Burkhart Wolff",
"Marie-Claude Gaudel"
],
"date": "2012-05-27",
- "id": 593,
+ "id": 594,
"link": "/entries/Circus.html",
"permalink": "/entries/Circus.html",
"shortname": "Circus",
"title": "Isabelle/Circus",
"topic_links": [
"computer-science/concurrency/process-calculi",
"computer-science/system-description-languages"
],
"topics": [
"Computer science/Concurrency/Process calculi",
"Computer science/System description languages"
],
"used_by": 0
},
{
"abstract": "We present a generic type class implementation of separation algebra for Isabelle/HOL as well as lemmas and generic tactics which can be used directly for any instantiation of the type class. \u003cP\u003e The ex directory contains example instantiations that include structures such as a heap or virtual memory. \u003cP\u003e The abstract separation algebra is based upon \"Abstract Separation Logic\" by Calcagno et al. These theories are also the basis of the ITP 2012 rough diamond \"Mechanised Separation Algebra\" by the authors. \u003cP\u003e The aim of this work is to support and significantly reduce the effort for future separation logic developments in Isabelle/HOL by factoring out the part of separation logic that can be treated abstractly once and for all. This includes developing typical default rule sets for reasoning as well as automated tactic support for separation logic.",
"authors": [
"Gerwin Klein",
"Rafal Kolanski",
"Andrew Boyton"
],
"date": "2012-05-11",
- "id": 594,
+ "id": 595,
"link": "/entries/Separation_Algebra.html",
"permalink": "/entries/Separation_Algebra.html",
"shortname": "Separation_Algebra",
"title": "Separation Algebra",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 2
},
{
"abstract": "\u003cp\u003eTwo omega-sequences are stuttering equivalent if they differ only by finite repetitions of elements. Stuttering equivalence is a fundamental concept in the theory of concurrent and distributed systems. Notably, Lamport argues that refinement notions for such systems should be insensitive to finite stuttering. Peled and Wilke showed that all PLTL (propositional linear-time temporal logic) properties that are insensitive to stuttering equivalence can be expressed without the next-time operator. Stuttering equivalence is also important for certain verification techniques such as partial-order reduction for model checking.\u003c/p\u003e \u003cp\u003eWe formalize stuttering equivalence in Isabelle/HOL. Our development relies on the notion of stuttering sampling functions that may skip blocks of identical sequence elements. We also encode PLTL and prove the theorem due to Peled and Wilke.\u003c/p\u003e",
"authors": [
"Stephan Merz"
],
"date": "2012-05-07",
- "id": 595,
+ "id": 596,
"link": "/entries/Stuttering_Equivalence.html",
"permalink": "/entries/Stuttering_Equivalence.html",
"shortname": "Stuttering_Equivalence",
"title": "Stuttering Equivalence",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 5
},
{
"abstract": "This document contains the full theory files accompanying article \u003ci\u003eInductive Study of Confidentiality --- for Everyone\u003c/i\u003e in \u003ci\u003eFormal Aspects of Computing\u003c/i\u003e. They aim at an illustrative and didactic presentation of the Inductive Method of protocol analysis, focusing on the treatment of one of the main goals of security protocols: confidentiality against a threat model. The treatment of confidentiality, which in fact forms a key aspect of all protocol analysis tools, has been found cryptic by many learners of the Inductive Method, hence the motivation for this work. The theory files in this document guide the reader step by step towards design and proof of significant confidentiality theorems. These are developed against two threat models, the standard Dolev-Yao and a more audacious one, the General Attacker, which turns out to be particularly useful also for teaching purposes.",
"authors": [
"Giampaolo Bella"
],
"date": "2012-05-02",
- "id": 596,
+ "id": 597,
"link": "/entries/Inductive_Confidentiality.html",
"permalink": "/entries/Inductive_Confidentiality.html",
"shortname": "Inductive_Confidentiality",
"title": "Inductive Study of Confidentiality",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003eSession Ordinary-Differential-Equations formalizes ordinary differential equations (ODEs) and initial value problems. This work comprises proofs for local and global existence of unique solutions (Picard-Lindelöf theorem). Moreover, it contains a formalization of the (continuous or even differentiable) dependency of the flow on initial conditions as the \u003ci\u003eflow\u003c/i\u003e of ODEs.\u003c/p\u003e \u003cp\u003e Not in the generated document are the following sessions: \u003cul\u003e \u003cli\u003e HOL-ODE-Numerics: Rigorous numerical algorithms for computing enclosures of solutions based on Runge-Kutta methods and affine arithmetic. Reachability analysis with splitting and reduction at hyperplanes.\u003c/li\u003e \u003cli\u003e HOL-ODE-Examples: Applications of the numerical algorithms to concrete systems of ODEs.\u003c/li\u003e \u003cli\u003e Lorenz_C0, Lorenz_C1: Verified algorithms for checking C1-information according to Tucker's proof, computation of C0-information.\u003c/li\u003e \u003c/ul\u003e \u003c/p\u003e",
"authors": [
"Fabian Immler",
"Johannes Hölzl"
],
"date": "2012-04-26",
- "id": 597,
+ "id": 598,
"link": "/entries/Ordinary_Differential_Equations.html",
"permalink": "/entries/Ordinary_Differential_Equations.html",
"shortname": "Ordinary_Differential_Equations",
"title": "Ordinary Differential Equations",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 3
},
{
"abstract": "Based on Isabelle/HOL's type class for preorders, we introduce a type class for well-quasi-orders (wqo) which is characterized by the absence of \"bad\" sequences (our proofs are along the lines of the proof of Nash-Williams, from which we also borrow terminology). Our main results are instantiations for the product type, the list type, and a type of finite trees, which (almost) directly follow from our proofs of (1) Dickson's Lemma, (2) Higman's Lemma, and (3) Kruskal's Tree Theorem. More concretely: \u003cul\u003e \u003cli\u003eIf the sets A and B are wqo then their Cartesian product is wqo.\u003c/li\u003e \u003cli\u003eIf the set A is wqo then the set of finite lists over A is wqo.\u003c/li\u003e \u003cli\u003eIf the set A is wqo then the set of finite trees over A is wqo.\u003c/li\u003e \u003c/ul\u003e The research was funded by the Austrian Science Fund (FWF): J3202.",
"authors": [
"Christian Sternagel"
],
"date": "2012-04-13",
- "id": 598,
+ "id": 599,
"link": "/entries/Well_Quasi_Orders.html",
"permalink": "/entries/Well_Quasi_Orders.html",
"shortname": "Well_Quasi_Orders",
"title": "Well-Quasi-Orders",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 5
},
{
"abstract": "We define the Abortable Linearizable Module automaton (ALM for short) and prove its key composition property using the IOA theory of HOLCF. The ALM is at the heart of the Speculative Linearizability framework. This framework simplifies devising correct speculative algorithms by enabling their decomposition into independent modules that can be analyzed and proved correct in isolation. It is particularly useful when working in a distributed environment, where the need to tolerate faults and asynchrony has made current monolithic protocols so intricate that it is no longer tractable to check their correctness. Our theory contains a typical example of a refinement proof in the I/O-automata framework of Lynch and Tuttle.",
"authors": [
"Rachid Guerraoui",
"Viktor Kuncak",
"Giuliano Losa"
],
"date": "2012-03-01",
- "id": 599,
+ "id": 600,
"link": "/entries/Abortable_Linearizable_Modules.html",
"permalink": "/entries/Abortable_Linearizable_Modules.html",
"shortname": "Abortable_Linearizable_Modules",
"title": "Abortable Linearizable Modules",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e We provide a generic work-list algorithm to compute the (reflexive-)transitive closure of relations where only successors of newly detected states are generated. In contrast to our previous work, the relations do not have to be finite, but each element must only have finitely many (indirect) successors. Moreover, a subsumption relation can be used instead of pure equality. An executable variant of the algorithm is available where the generic operations are instantiated with list operations. \u003c/p\u003e\u003cp\u003e This formalization was performed as part of the IsaFoR/CeTA project, and it has been used to certify size-change termination proofs where large transitive closures have to be computed. \u003c/p\u003e",
"authors": [
"René Thiemann"
],
"date": "2012-02-29",
- "id": 600,
+ "id": 601,
"link": "/entries/Transitive-Closure-II.html",
"permalink": "/entries/Transitive-Closure-II.html",
"shortname": "Transitive-Closure-II",
"title": "Executable Transitive Closures",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "This works presents a formalization of the Girth-Chromatic number theorem in graph theory, stating that graphs with arbitrarily large girth and chromatic number exist. The proof uses the theory of Random Graphs to prove the existence with probabilistic arguments.",
"authors": [
"Lars Noschinski"
],
"date": "2012-02-06",
- "id": 601,
+ "id": 602,
"link": "/entries/Girth_Chromatic.html",
"permalink": "/entries/Girth_Chromatic.html",
"shortname": "Girth_Chromatic",
"title": "A Probabilistic Proof of the Girth-Chromatic Number Theorem",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 4
},
{
"abstract": "We implement and prove correct Dijkstra's algorithm for the single source shortest path problem, conceived in 1956 by E. Dijkstra. The algorithm is implemented using the data refinement framework for monadic, nondeterministic programs. An efficient implementation is derived using data structures from the Isabelle Collection Framework.",
"authors": [
"Benedikt Nordhoff",
"Peter Lammich"
],
"date": "2012-01-30",
- "id": 602,
+ "id": 603,
"link": "/entries/Dijkstra_Shortest_Path.html",
"permalink": "/entries/Dijkstra_Shortest_Path.html",
"shortname": "Dijkstra_Shortest_Path",
"title": "Dijkstra's Shortest Path Algorithm",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 3
},
{
"abstract": "We provide a framework for program and data refinement in Isabelle/HOL. The framework is based on a nondeterminism-monad with assertions, i.e., the monad carries a set of results or an assertion failure. Recursion is expressed by fixed points. For convenience, we also provide while and foreach combinators. \u003cp\u003e The framework provides tools to automatize canonical tasks, such as verification condition generation, finding appropriate data refinement relations, and refine an executable program to a form that is accepted by the Isabelle/HOL code generator. \u003cp\u003e This submission comes with a collection of examples and a user-guide, illustrating the usage of the framework.",
"authors": [
"Peter Lammich"
],
"date": "2012-01-30",
- "id": 603,
+ "id": 604,
"link": "/entries/Refine_Monadic.html",
"permalink": "/entries/Refine_Monadic.html",
"shortname": "Refine_Monadic",
"title": "Refinement for Monadic Programs",
"topic_links": [
"computer-science/semantics-and-reasoning"
],
"topics": [
"Computer science/Semantics and reasoning"
],
"used_by": 3
},
{
"abstract": "This is a formalization of Markov models in Isabelle/HOL. It builds on Isabelle's probability theory. The available models are currently Discrete-Time Markov Chains and a extensions of them with rewards. \u003cp\u003e As application of these models we formalize probabilistic model checking of pCTL formulas, analysis of IPv4 address allocation in ZeroConf and an analysis of the anonymity of the Crowds protocol. \u003ca href=\"http://arxiv.org/abs/1212.3870\"\u003eSee here for the corresponding paper.\u003c/a\u003e",
"authors": [
"Johannes Hölzl",
"Tobias Nipkow"
],
"date": "2012-01-03",
- "id": 604,
+ "id": 605,
"link": "/entries/Markov_Models.html",
"permalink": "/entries/Markov_Models.html",
"shortname": "Markov_Models",
"title": "Markov Models",
"topic_links": [
"mathematics/probability-theory",
"computer-science/automata-and-formal-languages"
],
"topics": [
"Mathematics/Probability theory",
"Computer science/Automata and formal languages"
],
"used_by": 4
},
{
"abstract": "We mechanise the logic TLA* \u003ca href=\"http://www.springerlink.com/content/ax3qk557qkdyt7n6/\"\u003e[Merz 1999]\u003c/a\u003e, an extension of Lamport's Temporal Logic of Actions (TLA) \u003ca href=\"http://dl.acm.org/citation.cfm?doid=177492.177726\"\u003e[Lamport 1994]\u003c/a\u003e for specifying and reasoning about concurrent and reactive systems. Aiming at a framework for mechanising] the verification of TLA (or TLA*) specifications, this contribution reuses some elements from a previous axiomatic encoding of TLA in Isabelle/HOL by the second author [Merz 1998], which has been part of the Isabelle distribution. In contrast to that previous work, we give here a shallow, definitional embedding, with the following highlights: \u003cul\u003e \u003cli\u003ea theory of infinite sequences, including a formalisation of the concepts of stuttering invariance central to TLA and TLA*; \u003cli\u003ea definition of the semantics of TLA*, which extends TLA by a mutually-recursive definition of formulas and pre-formulas, generalising TLA action formulas; \u003cli\u003ea substantial set of derived proof rules, including the TLA* axioms and Lamport's proof rules for system verification; \u003cli\u003ea set of examples illustrating the usage of Isabelle/TLA* for reasoning about systems. \u003c/ul\u003e Note that this work is unrelated to the ongoing development of a proof system for the specification language TLA+, which includes an encoding of TLA+ as a new Isabelle object logic \u003ca href=\"http://www.springerlink.com/content/354026160p14j175/\"\u003e[Chaudhuri et al 2010]\u003c/a\u003e.",
"authors": [
"Gudmund Grov",
"Stephan Merz"
],
"date": "2011-11-19",
- "id": 605,
+ "id": 606,
"link": "/entries/TLA.html",
"permalink": "/entries/TLA.html",
"shortname": "TLA",
"title": "A Definitional Encoding of TLA* in Isabelle/HOL",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "We provide a formalization of the mergesort algorithm as used in GHC's Data.List module, proving correctness and stability. Furthermore, experimental data suggests that generated (Haskell-)code for this algorithm is much faster than for previous algorithms available in the Isabelle distribution.",
"authors": [
"Christian Sternagel"
],
"date": "2011-11-09",
- "id": 606,
+ "id": 607,
"link": "/entries/Efficient-Mergesort.html",
"permalink": "/entries/Efficient-Mergesort.html",
"shortname": "Efficient-Mergesort",
"title": "Efficient Mergesort",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 2
},
{
"abstract": "Algebras of imperative programming languages have been successful in reasoning about programs. In general an algebra of programs is an algebraic structure with programs as elements and with program compositions (sequential composition, choice, skip) as algebra operations. Various versions of these algebras were introduced to model partial correctness, total correctness, refinement, demonic choice, and other aspects. We formalize here an algebra which can be used to model total correctness, refinement, demonic and angelic choice. The basic model of this algebra are monotonic Boolean transformers (monotonic functions from a Boolean algebra to itself).",
"authors": [
"Viorel Preoteasa"
],
"date": "2011-09-22",
- "id": 607,
+ "id": 608,
"link": "/entries/MonoBoolTranAlgebra.html",
"permalink": "/entries/MonoBoolTranAlgebra.html",
"shortname": "MonoBoolTranAlgebra",
"title": "Algebra of Monotonic Boolean Transformers",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 1
},
{
"abstract": "This formalization introduces and collects some algebraic structures based on lattices and complete lattices for use in other developments. The structures introduced are modular, and lattice ordered groups. In addition to the results proved for the new lattices, this formalization also introduces theorems about latices and complete lattices in general.",
"authors": [
"Viorel Preoteasa"
],
"date": "2011-09-22",
- "id": 608,
+ "id": 609,
"link": "/entries/LatticeProperties.html",
"permalink": "/entries/LatticeProperties.html",
"shortname": "LatticeProperties",
"title": "Lattice Properties",
"topic_links": [
"mathematics/order"
],
"topics": [
"Mathematics/Order"
],
"used_by": 3
},
{
"abstract": "Pseudo-hoops are algebraic structures introduced by B. Bosbach under the name of complementary semigroups. In this formalization we prove some properties of pseudo-hoops and we define the basic concepts of filter and normal filter. The lattice of normal filters is isomorphic with the lattice of congruences of a pseudo-hoop. We also study some important classes of pseudo-hoops. Bounded Wajsberg pseudo-hoops are equivalent to pseudo-Wajsberg algebras and bounded basic pseudo-hoops are equivalent to pseudo-BL algebras. Some examples of pseudo-hoops are given in the last section of the formalization.",
"authors": [
"George Georgescu",
"Laurentiu Leustean",
"Viorel Preoteasa"
],
"date": "2011-09-22",
- "id": 609,
+ "id": 610,
"link": "/entries/PseudoHoops.html",
"permalink": "/entries/PseudoHoops.html",
"shortname": "PseudoHoops",
"title": "Pseudo Hoops",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "There are many proofs of the Myhill-Nerode theorem using automata. In this library we give a proof entirely based on regular expressions, since regularity of languages can be conveniently defined using regular expressions (it is more painful in HOL to define regularity in terms of automata). We prove the first direction of the Myhill-Nerode theorem by solving equational systems that involve regular expressions. For the second direction we give two proofs: one using tagging-functions and another using partial derivatives. We also establish various closure properties of regular languages. Most details of the theories are described in our ITP 2011 paper.",
"authors": [
"Chunhan Wu",
"Xingyuan Zhang",
"Christian Urban"
],
"date": "2011-08-26",
- "id": 610,
+ "id": 611,
"link": "/entries/Myhill-Nerode.html",
"permalink": "/entries/Myhill-Nerode.html",
"shortname": "Myhill-Nerode",
"title": "The Myhill-Nerode Theorem Based on Regular Expressions",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "This theory provides a compact formulation of Gauss-Jordan elimination for matrices represented as functions. Its distinctive feature is succinctness. It is not meant for large computations.",
"authors": [
"Tobias Nipkow"
],
"date": "2011-08-19",
- "id": 611,
+ "id": 612,
"link": "/entries/Gauss-Jordan-Elim-Fun.html",
"permalink": "/entries/Gauss-Jordan-Elim-Fun.html",
"shortname": "Gauss-Jordan-Elim-Fun",
"title": "Gauss-Jordan Elimination for Matrices Represented as Functions",
"topic_links": [
"computer-science/algorithms/mathematical",
"mathematics/algebra"
],
"topics": [
"Computer science/Algorithms/Mathematical",
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "\u003cp\u003e A \u003cem\u003ematching\u003c/em\u003e in a graph \u003ci\u003eG\u003c/i\u003e is a subset \u003ci\u003eM\u003c/i\u003e of the edges of \u003ci\u003eG\u003c/i\u003e such that no two share an endpoint. A matching has maximum cardinality if its cardinality is at least as large as that of any other matching. An \u003cem\u003eodd-set cover\u003c/em\u003e \u003ci\u003eOSC\u003c/i\u003e of a graph \u003ci\u003eG\u003c/i\u003e is a labeling of the nodes of \u003ci\u003eG\u003c/i\u003e with integers such that every edge of \u003ci\u003eG\u003c/i\u003e is either incident to a node labeled 1 or connects two nodes labeled with the same number \u003ci\u003ei \u0026ge; 2\u003c/i\u003e. \u003c/p\u003e\u003cp\u003e This article proves Edmonds theorem:\u003cbr\u003e Let \u003ci\u003eM\u003c/i\u003e be a matching in a graph \u003ci\u003eG\u003c/i\u003e and let \u003ci\u003eOSC\u003c/i\u003e be an odd-set cover of \u003ci\u003eG\u003c/i\u003e. For any \u003ci\u003ei \u0026ge; 0\u003c/i\u003e, let \u003cvar\u003en(i)\u003c/var\u003e be the number of nodes labeled \u003ci\u003ei\u003c/i\u003e. If \u003ci\u003e|M| = n(1) + \u0026sum;\u003csub\u003ei \u0026ge; 2\u003c/sub\u003e(n(i) div 2)\u003c/i\u003e, then \u003ci\u003eM\u003c/i\u003e is a maximum cardinality matching. \u003c/p\u003e",
"authors": [
"Christine Rizkallah"
],
"date": "2011-07-21",
- "id": 612,
+ "id": 613,
"link": "/entries/Max-Card-Matching.html",
"permalink": "/entries/Max-Card-Matching.html",
"shortname": "Max-Card-Matching",
"title": "Maximum Cardinality Matching",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 0
},
{
"abstract": "Knowledge-based programs (KBPs) are a formalism for directly relating agents' knowledge and behaviour. Here we present a general scheme for compiling KBPs to executable automata with a proof of correctness in Isabelle/HOL. We develop the algorithm top-down, using Isabelle's locale mechanism to structure these proofs, and show that two classic examples can be synthesised using Isabelle's code generator.",
"authors": [
"Peter Gammie"
],
"date": "2011-05-17",
- "id": 613,
+ "id": 614,
"link": "/entries/KBPs.html",
"permalink": "/entries/KBPs.html",
"shortname": "KBPs",
"title": "Knowledge-based programs",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 1
},
{
"abstract": "Some acute-angled triangles are special, e.g. right-angled or isoscele triangles. Some are not of this kind, but, without measuring angles, look as if they were. In that sense, there is exactly one general triangle. This well-known fact is proven here formally.",
"authors": [
"Joachim Breitner"
],
"date": "2011-04-01",
- "id": 614,
+ "id": 615,
"link": "/entries/General-Triangle.html",
"permalink": "/entries/General-Triangle.html",
"shortname": "General-Triangle",
"title": "The General Triangle Is Unique",
"topic_links": [
"mathematics/geometry"
],
"topics": [
"Mathematics/Geometry"
],
"used_by": 0
},
{
"abstract": "We provide a generic work-list algorithm to compute the transitive closure of finite relations where only successors of newly detected states are generated. This algorithm is then instantiated for lists over arbitrary carriers and red black trees (which are faster but require a linear order on the carrier), respectively. Our formalization was performed as part of the IsaFoR/CeTA project where reflexive transitive closures of large tree automata have to be computed.",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2011-03-14",
- "id": 615,
+ "id": 616,
"link": "/entries/Transitive-Closure.html",
"permalink": "/entries/Transitive-Closure.html",
"shortname": "Transitive-Closure",
"title": "Executable Transitive Closures of Finite Relations",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 3
},
{
"abstract": "We formalize the AutoFocus Semantics (a time-synchronous subset of the Focus formalism) as stream processing functions on finite and infinite message streams represented as finite/infinite lists. The formalization comprises both the conventional single-clocking semantics (uniform global clock for all components and communications channels) and its extension to multi-clocking semantics (internal execution clocking of a component may be a multiple of the external communication clocking). The semantics is defined by generic stream processing functions making it suitable for simulation/code generation in Isabelle/HOL. Furthermore, a number of AutoFocus semantics properties are formalized using definitions from the IntervalLogic theories.",
"authors": [
"David Trachtenherz"
],
"date": "2011-02-23",
- "id": 616,
+ "id": 617,
"link": "/entries/AutoFocus-Stream.html",
"permalink": "/entries/AutoFocus-Stream.html",
"shortname": "AutoFocus-Stream",
"title": "AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "We introduce a theory of infinite lists in HOL formalized as functions over naturals (folder ListInf, theories ListInf and ListInf_Prefix). It also provides additional results for finite lists (theory ListInf/List2), natural numbers (folder CommonArith, esp. division/modulo, naturals with infinity), sets (folder CommonSet, esp. cutting/truncating sets, traversing sets of naturals).",
"authors": [
"David Trachtenherz"
],
"date": "2011-02-23",
- "id": 617,
+ "id": 618,
"link": "/entries/List-Infinite.html",
"permalink": "/entries/List-Infinite.html",
"shortname": "List-Infinite",
"title": "Infinite Lists",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "We introduce a theory of temporal logic operators using sets of natural numbers as time domain, formalized in a shallow embedding manner. The theory comprises special natural intervals (theory IL_Interval: open and closed intervals, continuous and modulo intervals, interval traversing results), operators for shifting intervals to left/right on the number axis as well as expanding/contracting intervals by constant factors (theory IL_IntervalOperators.thy), and ultimately definitions and results for unary and binary temporal operators on arbitrary natural sets (theory IL_TemporalOperators).",
"authors": [
"David Trachtenherz"
],
"date": "2011-02-23",
- "id": 618,
+ "id": 619,
"link": "/entries/Nat-Interval-Logic.html",
"permalink": "/entries/Nat-Interval-Logic.html",
"shortname": "Nat-Interval-Logic",
"title": "Interval Temporal Logic on Natural Numbers",
"topic_links": [
"logic/general-logic/temporal-logic"
],
"topics": [
"Logic/General logic/Temporal logic"
],
"used_by": 1
},
{
"abstract": "A fully-formalized and extensible minimal imperative fragment of Java.",
"authors": [
"Rok Strniša",
"Matthew Parkinson"
],
"date": "2011-02-07",
- "id": 619,
+ "id": 620,
"link": "/entries/LightweightJava.html",
"permalink": "/entries/LightweightJava.html",
"shortname": "LightweightJava",
"title": "Lightweight Java",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "This work presents a verification of an implementation in SPARK/ADA of the cryptographic hash-function RIPEMD-160. A functional specification of RIPEMD-160 is given in Isabelle/HOL. Proofs for the verification conditions generated by the static-analysis toolset of SPARK certify the functional correctness of the implementation.",
"authors": [
"Fabian Immler"
],
"date": "2011-01-10",
- "id": 620,
+ "id": 621,
"link": "/entries/RIPEMD-160-SPARK.html",
"permalink": "/entries/RIPEMD-160-SPARK.html",
"shortname": "RIPEMD-160-SPARK",
"title": "RIPEMD-160",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 0
},
{
"abstract": "We define the notions of lower and upper semicontinuity for functions from a metric space to the extended real line. We prove that a function is both lower and upper semicontinuous if and only if it is continuous. We also give several equivalent characterizations of lower semicontinuity. In particular, we prove that a function is lower semicontinuous if and only if its epigraph is a closed set. Also, we introduce the notion of the lower semicontinuous hull of an arbitrary function and prove its basic properties.",
"authors": [
"Bogdan Grechuk"
],
"date": "2011-01-08",
- "id": 621,
+ "id": 622,
"link": "/entries/Lower_Semicontinuous.html",
"permalink": "/entries/Lower_Semicontinuous.html",
"shortname": "Lower_Semicontinuous",
"title": "Lower Semicontinuous Functions",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "Two proofs of Hall's Marriage Theorem: one due to Halmos and Vaughan, one due to Rado.",
"authors": [
"Dongchen Jiang",
"Tobias Nipkow"
],
"date": "2010-12-17",
- "id": 622,
+ "id": 623,
"link": "/entries/Marriage.html",
"permalink": "/entries/Marriage.html",
"shortname": "Marriage",
"title": "Hall's Marriage Theorem",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 1
},
{
"abstract": "In his dissertation, Olin Shivers introduces a concept of control flow graphs for functional languages, provides an algorithm to statically derive a safe approximation of the control flow graph and proves this algorithm correct. In this research project, Shivers' algorithms and proofs are formalized in the HOLCF extension of HOL.",
"authors": [
"Joachim Breitner"
],
"date": "2010-11-16",
- "id": 623,
+ "id": 624,
"link": "/entries/Shivers-CFA.html",
"permalink": "/entries/Shivers-CFA.html",
"shortname": "Shivers-CFA",
"title": "Shivers' Control Flow Analysis",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 0
},
{
"abstract": "We implement and prove correct binomial heaps and skew binomial heaps. Both are data-structures for priority queues. While binomial heaps have logarithmic \u003cem\u003efindMin\u003c/em\u003e, \u003cem\u003edeleteMin\u003c/em\u003e, \u003cem\u003einsert\u003c/em\u003e, and \u003cem\u003emeld\u003c/em\u003e operations, skew binomial heaps have constant time \u003cem\u003efindMin\u003c/em\u003e, \u003cem\u003einsert\u003c/em\u003e, and \u003cem\u003emeld\u003c/em\u003e operations, and only the \u003cem\u003edeleteMin\u003c/em\u003e-operation is logarithmic. This is achieved by using \u003cem\u003eskew links\u003c/em\u003e to avoid cascading linking on \u003cem\u003einsert\u003c/em\u003e-operations, and \u003cem\u003edata-structural bootstrapping\u003c/em\u003e to get constant-time \u003cem\u003efindMin\u003c/em\u003e and \u003cem\u003emeld\u003c/em\u003e operations. Our implementation follows the paper by Brodal and Okasaki.",
"authors": [
"Rene Meis",
"Finn Nielsen",
"Peter Lammich"
],
"date": "2010-10-28",
- "id": 624,
+ "id": 625,
"link": "/entries/Binomial-Heaps.html",
"permalink": "/entries/Binomial-Heaps.html",
"shortname": "Binomial-Heaps",
"title": "Binomial Heaps and Skew Binomial Heaps",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 2
},
{
"abstract": "We implement and prove correct 2-3 finger trees. Finger trees are a general purpose data structure, that can be used to efficiently implement other data structures, such as priority queues. Intuitively, a finger tree is an annotated sequence, where the annotations are elements of a monoid. Apart from operations to access the ends of the sequence, the main operation is to split the sequence at the point where a \u003cem\u003emonotone predicate\u003c/em\u003e over the sum of the left part of the sequence becomes true for the first time. The implementation follows the paper of Hinze and Paterson. The code generator can be used to get efficient, verified code.",
"authors": [
"Benedikt Nordhoff",
"Stefan Körner",
"Peter Lammich"
],
"date": "2010-10-28",
- "id": 625,
+ "id": 626,
"link": "/entries/Finger-Trees.html",
"permalink": "/entries/Finger-Trees.html",
"shortname": "Finger-Trees",
"title": "Finger Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 3
},
{
"abstract": "Priority queues are an important data structure and efficient implementations of them are crucial. We implement a functional variant of binomial queues in Isabelle/HOL and show its functional correctness. A verification against an abstract reference specification of priority queues has also been attempted, but could not be achieved to the full extent.",
"authors": [
"René Neumann"
],
"date": "2010-10-28",
- "id": 626,
+ "id": 627,
"link": "/entries/Binomial-Queues.html",
"permalink": "/entries/Binomial-Queues.html",
"shortname": "Binomial-Queues",
"title": "Functional Binomial Queues",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "Handling variable binding is one of the main difficulties in formal proofs. In this context, Moggi's computational metalanguage serves as an interesting case study. It features monadic types and a commuting conversion rule that rearranges the binding structure. Lindley and Stark have given an elegant proof of strong normalization for this calculus. The key construction in their proof is a notion of relational TT-lifting, using stacks of elimination contexts to obtain a Girard-Tait style logical relation. I give a formalization of their proof in Isabelle/HOL-Nominal with a particular emphasis on the treatment of bound variables.",
"authors": [
"Christian Doczkal"
],
"date": "2010-08-29",
- "id": 627,
+ "id": 628,
"link": "/entries/Lam-ml-Normalization.html",
"permalink": "/entries/Lam-ml-Normalization.html",
"shortname": "Lam-ml-Normalization",
"title": "Strong Normalization of Moggis's Computational Metalanguage",
"topic_links": [
"computer-science/programming-languages/lambda-calculi"
],
"topics": [
"Computer science/Programming languages/Lambda calculi"
],
"used_by": 0
},
{
"abstract": "We define multivariate polynomials over arbitrary (ordered) semirings in combination with (executable) operations like addition, multiplication, and substitution. We also define (weak) monotonicity of polynomials and comparison of polynomials where we provide standard estimations like absolute positiveness or the more recent approach of Neurauter, Zankl, and Middeldorp. Moreover, it is proven that strongly normalizing (monotone) orders can be lifted to strongly normalizing (monotone) orders over polynomials. Our formalization was performed as part of the \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eIsaFoR/CeTA-system\u003c/a\u003e which contains several termination techniques. The provided theories have been essential to formalize polynomial interpretations. \u003cp\u003e This formalization also contains an abstract representation as coefficient functions with finite support and a type of power-products. If this type is ordered by a linear (term) ordering, various additional notions, such as leading power-product, leading coefficient etc., are introduced as well. Furthermore, a lot of generic properties of, and functions on, multivariate polynomials are formalized, including the substitution and evaluation homomorphisms, embeddings of polynomial rings into larger rings (i.e. with one additional indeterminate), homogenization and dehomogenization of polynomials, and the canonical isomorphism between R[X,Y] and R[X][Y].",
"authors": [
"Christian Sternagel",
"René Thiemann",
"Alexander Maletzky",
"Fabian Immler",
"Florian Haftmann",
"Andreas Lochbihler",
"Alexander Bentkamp"
],
"date": "2010-08-10",
- "id": 628,
+ "id": 629,
"link": "/entries/Polynomials.html",
"permalink": "/entries/Polynomials.html",
"shortname": "Polynomials",
"title": "Executable Multivariate Polynomials",
"topic_links": [
"mathematics/analysis",
"mathematics/algebra",
"computer-science/algorithms/mathematical"
],
"topics": [
"Mathematics/Analysis",
"Mathematics/Algebra",
"Computer science/Algorithms/Mathematical"
],
"used_by": 7
},
{
"abstract": "We formalize in Isabelle/HOL the abtract syntax and a synchronous step semantics for the specification language Statecharts. The formalization is based on Hierarchical Automata which allow a structural decomposition of Statecharts into Sequential Automata. To support the composition of Statecharts, we introduce calculating operators to construct a Hierarchical Automaton in a stepwise manner. Furthermore, we present a complete semantics of Statecharts including a theory of data spaces, which enables the modelling of racing effects. We also adapt CTL for Statecharts to build a bridge for future combinations with model checking. However the main motivation of this work is to provide a sound and complete basis for reasoning on Statecharts. As a central meta theorem we prove that the well-formedness of a Statechart is preserved by the semantics.",
"authors": [
"Steffen Helke",
"Florian Kammüller"
],
"date": "2010-08-08",
- "id": 629,
+ "id": 630,
"link": "/entries/Statecharts.html",
"permalink": "/entries/Statecharts.html",
"shortname": "Statecharts",
"title": "Formalizing Statecharts using Hierarchical Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "Free Groups are, in a sense, the most generic kind of group. They are defined over a set of generators with no additional relations in between them. They play an important role in the definition of group presentations and in other fields. This theory provides the definition of Free Group as the set of fully canceled words in the generators. The universal property is proven, as well as some isomorphisms results about Free Groups.",
"authors": [
"Joachim Breitner"
],
"date": "2010-06-24",
- "id": 630,
+ "id": 631,
"link": "/entries/Free-Groups.html",
"permalink": "/entries/Free-Groups.html",
"shortname": "Free-Groups",
"title": "Free Groups",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "This article presents a development of Category Theory in Isabelle/HOL. A Category is defined using records and locales. Functors and Natural Transformations are also defined. The main result that has been formalized is that the Yoneda functor is a full and faithful embedding. We also formalize the completeness of many sorted monadic equational logic. Extensive use is made of the HOLZF theory in both cases. For an informal description see \u003ca href=\"http://www.srcf.ucam.org/~apk32/Isabelle/Category/Cat.pdf\"\u003ehere [pdf]\u003c/a\u003e.",
"authors": [
"Alexander Katovsky"
],
"date": "2010-06-20",
- "id": 631,
+ "id": 632,
"link": "/entries/Category2.html",
"permalink": "/entries/Category2.html",
"shortname": "Category2",
"title": "Category Theory",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 0
},
{
"abstract": "We provide the operations of matrix addition, multiplication, transposition, and matrix comparisons as executable functions over ordered semirings. Moreover, it is proven that strongly normalizing (monotone) orders can be lifted to strongly normalizing (monotone) orders over matrices. We further show that the standard semirings over the naturals, integers, and rationals, as well as the arctic semirings satisfy the axioms that are required by our matrix theory. Our formalization is part of the \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eCeTA\u003c/a\u003e system which contains several termination techniques. The provided theories have been essential to formalize matrix-interpretations and arctic interpretations.",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2010-06-17",
- "id": 632,
+ "id": 633,
"link": "/entries/Matrix.html",
"permalink": "/entries/Matrix.html",
"shortname": "Matrix",
"title": "Executable Matrix Operations on Matrices of Arbitrary Dimensions",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 5
},
{
"abstract": "We present an Isabelle formalization of abstract rewriting (see, e.g., the book by Baader and Nipkow). First, we define standard relations like \u003ci\u003ejoinability\u003c/i\u003e, \u003ci\u003emeetability\u003c/i\u003e, \u003ci\u003econversion\u003c/i\u003e, etc. Then, we formalize important properties of abstract rewrite systems, e.g., confluence and strong normalization. Our main concern is on strong normalization, since this formalization is the basis of \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eCeTA\u003c/a\u003e (which is mainly about strong normalization of term rewrite systems). Hence lemmas involving strong normalization constitute by far the biggest part of this theory. One of those is Newman's lemma.",
"authors": [
"Christian Sternagel",
"René Thiemann"
],
"date": "2010-06-14",
- "id": 633,
+ "id": 634,
"link": "/entries/Abstract-Rewriting.html",
"permalink": "/entries/Abstract-Rewriting.html",
"shortname": "Abstract-Rewriting",
"title": "Abstract Rewriting",
"topic_links": [
"logic/rewriting"
],
"topics": [
"Logic/Rewriting"
],
"used_by": 10
},
{
"abstract": "The invariant based programming is a technique of constructing correct programs by first identifying the basic situations (pre- and post-conditions and invariants) that can occur during the execution of the program, and then defining the transitions and proving that they preserve the invariants. Data refinement is a technique of building correct programs working on concrete datatypes as refinements of more abstract programs. In the theories presented here we formalize the predicate transformer semantics for invariant based programs and their data refinement.",
"authors": [
"Viorel Preoteasa",
"Ralph-Johan Back"
],
"date": "2010-05-28",
- "id": 634,
+ "id": 635,
"link": "/entries/DataRefinementIBP.html",
"permalink": "/entries/DataRefinementIBP.html",
"shortname": "DataRefinementIBP",
"title": "Semantics and Data Refinement of Invariant Based Programs",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 1
},
{
"abstract": "The verification of the Deutsch-Schorr-Waite graph marking algorithm is used as a benchmark in many formalizations of pointer programs. The main purpose of this mechanization is to show how data refinement of invariant based programs can be used in verifying practical algorithms. The verification starts with an abstract algorithm working on a graph given by a relation \u003ci\u003enext\u003c/i\u003e on nodes. Gradually the abstract program is refined into Deutsch-Schorr-Waite graph marking algorithm where only one bit per graph node of additional memory is used for marking.",
"authors": [
"Viorel Preoteasa",
"Ralph-Johan Back"
],
"date": "2010-05-28",
- "id": 635,
+ "id": 636,
"link": "/entries/GraphMarkingIBP.html",
"permalink": "/entries/GraphMarkingIBP.html",
"shortname": "GraphMarkingIBP",
"title": "Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "This document gives a formalization of the proof of the Robbins conjecture, following A. Mann, \u003ci\u003eA Complete Proof of the Robbins Conjecture\u003c/i\u003e, 2003.",
"authors": [
"Matthew Doty"
],
"date": "2010-05-22",
- "id": 636,
+ "id": 637,
"link": "/entries/Robbins-Conjecture.html",
"permalink": "/entries/Robbins-Conjecture.html",
"shortname": "Robbins-Conjecture",
"title": "A Complete Proof of the Robbins Conjecture",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "This is a library of constructions on regular expressions and languages. It provides the operations of concatenation, Kleene star and derivative on languages. Regular expressions and their meaning are defined. An executable equivalence checker for regular expressions is verified; it does not need automata but works directly on regular expressions. \u003ci\u003eBy mapping regular expressions to binary relations, an automatic and complete proof method for (in)equalities of binary relations over union, concatenation and (reflexive) transitive closure is obtained.\u003c/i\u003e \u003cP\u003e Extended regular expressions with complement and intersection are also defined and an equivalence checker is provided.",
"authors": [
"Alexander Krauss",
"Tobias Nipkow"
],
"date": "2010-05-12",
- "id": 637,
+ "id": 638,
"link": "/entries/Regular-Sets.html",
"permalink": "/entries/Regular-Sets.html",
"shortname": "Regular-Sets",
"title": "Regular Sets and Expressions",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 12
},
{
"abstract": "We present a Theory of Objects based on the original functional sigma-calculus by Abadi and Cardelli but with an additional parameter to methods. We prove confluence of the operational semantics following the outline of Nipkow's proof of confluence for the lambda-calculus reusing his theory Commutation, a generic diamond lemma reduction. We furthermore formalize a simple type system for our sigma-calculus including a proof of type safety. The entire development uses the concept of Locally Nameless representation for binders. We reuse an earlier proof of confluence for a simpler sigma-calculus based on de Bruijn indices and lists to represent objects.",
"authors": [
"Ludovic Henrio",
"Florian Kammüller",
"Bianca Lutz",
"Henry Sudhof"
],
"date": "2010-04-30",
- "id": 638,
+ "id": 639,
"link": "/entries/Locally-Nameless-Sigma.html",
"permalink": "/entries/Locally-Nameless-Sigma.html",
"shortname": "Locally-Nameless-Sigma",
"title": "Locally Nameless Sigma Calculus",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "This theory defines a type constructor representing the free Boolean algebra over a set of generators. Values of type (α)\u003ci\u003eformula\u003c/i\u003e represent propositional formulas with uninterpreted variables from type α, ordered by implication. In addition to all the standard Boolean algebra operations, the library also provides a function for building homomorphisms to any other Boolean algebra type.",
"authors": [
"Brian Huffman"
],
"date": "2010-03-29",
- "id": 639,
+ "id": 640,
"link": "/entries/Free-Boolean-Algebra.html",
"permalink": "/entries/Free-Boolean-Algebra.html",
"shortname": "Free-Boolean-Algebra",
"title": "Free Boolean Algebra",
"topic_links": [
"logic/general-logic/classical-propositional-logic"
],
"topics": [
"Logic/General logic/Classical propositional logic"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e In this contribution, we show how correctness proofs for \u003ca href=\"Slicing.html\"\u003eintra-\u003c/a\u003e and \u003ca href=\"HRB-Slicing.html\"\u003einterprocedural slicing\u003c/a\u003e can be used to prove that slicing is able to guarantee information flow noninterference. Moreover, we also illustrate how to lift the control flow graphs of the respective frameworks such that they fulfil the additional assumptions needed in the noninterference proofs. A detailed description of the intraprocedural proof and its interplay with the slicing framework can be found in the PLAS'09 paper by Wasserrab et al. \u003c/p\u003e \u003cp\u003e This entry contains the part for intra-procedural slicing. See entry \u003ca href=\"InformationFlowSlicing_Inter.html\"\u003eInformationFlowSlicing_Inter\u003c/a\u003e for the inter-procedural part. \u003c/p\u003e",
"authors": [
"Daniel Wasserrab"
],
"date": "2010-03-23",
- "id": 640,
+ "id": 641,
"link": "/entries/InformationFlowSlicing.html",
"permalink": "/entries/InformationFlowSlicing.html",
"shortname": "InformationFlowSlicing",
"title": "Information Flow Noninterference via Slicing",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "\u003cp\u003e In this contribution, we show how correctness proofs for \u003ca href=\"Slicing.html\"\u003eintra-\u003c/a\u003e and \u003ca href=\"HRB-Slicing.html\"\u003einterprocedural slicing\u003c/a\u003e can be used to prove that slicing is able to guarantee information flow noninterference. Moreover, we also illustrate how to lift the control flow graphs of the respective frameworks such that they fulfil the additional assumptions needed in the noninterference proofs. A detailed description of the intraprocedural proof and its interplay with the slicing framework can be found in the PLAS'09 paper by Wasserrab et al. \u003c/p\u003e \u003cp\u003e This entry contains the part for inter-procedural slicing. See entry \u003ca href=\"InformationFlowSlicing.html\"\u003eInformationFlowSlicing\u003c/a\u003e for the intra-procedural part. \u003c/p\u003e",
"authors": [
"Daniel Wasserrab"
],
"date": "2010-03-23",
- "id": 641,
+ "id": 642,
"link": "/entries/InformationFlowSlicing_Inter.html",
"permalink": "/entries/InformationFlowSlicing_Inter.html",
"shortname": "InformationFlowSlicing_Inter",
"title": "Inter-Procedural Information Flow Noninterference via Slicing",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This theory provides functions for finding the index of an element in a list, by predicate and by value.",
"authors": [
"Tobias Nipkow"
],
"date": "2010-02-20",
- "id": 642,
+ "id": 643,
"link": "/entries/List-Index.html",
"permalink": "/entries/List-Index.html",
"shortname": "List-Index",
"title": "List Index",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 22
},
{
"abstract": "This article collects formalisations of general-purpose coinductive data types and sets. Currently, it contains coinductive natural numbers, coinductive lists, i.e. lazy lists or streams, infinite streams, coinductive terminated lists, coinductive resumptions, a library of operations on coinductive lists, and a version of König's lemma as an application for coinductive lists.\u003cbr\u003eThe initial theory was contributed by Paulson and Wenzel. Extensions and other coinductive formalisations of general interest are welcome.",
"authors": [
"Andreas Lochbihler"
],
"date": "2010-02-12",
- "id": 643,
+ "id": 644,
"link": "/entries/Coinductive.html",
"permalink": "/entries/Coinductive.html",
"shortname": "Coinductive",
"title": "Coinductive",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 12
},
{
"abstract": "This contribution contains a fast SAT solver for Isabelle written in Standard ML. By loading the theory \u003ctt\u003eDPT_SAT_Solver\u003c/tt\u003e, the SAT solver installs itself (under the name ``dptsat'') and certain Isabelle tools like Refute will start using it automatically. This is a port of the DPT (Decision Procedure Toolkit) SAT Solver written in OCaml.",
"authors": [
"Armin Heller"
],
"date": "2009-12-09",
- "id": 644,
+ "id": 645,
"link": "/entries/DPT-SAT-Solver.html",
"permalink": "/entries/DPT-SAT-Solver.html",
"shortname": "DPT-SAT-Solver",
"title": "A Fast SAT Solver for Isabelle in Standard ML",
"topic_links": [
"tools"
],
"topics": [
"Tools"
],
"used_by": 0
},
{
"abstract": "This work presents a formalization of a library for automata on bit strings. It forms the basis of a reflection-based decision procedure for Presburger arithmetic, which is efficiently executable thanks to Isabelle's code generator. With this work, we therefore provide a mechanized proof of a well-known connection between logic and automata theory. The formalization is also described in a publication [TPHOLs 2009].",
"authors": [
"Stefan Berghofer",
"Markus Reiter"
],
"date": "2009-12-03",
- "id": 645,
+ "id": 646,
"link": "/entries/Presburger-Automata.html",
"permalink": "/entries/Presburger-Automata.html",
"shortname": "Presburger-Automata",
"title": "Formalizing the Logic-Automaton Connection",
"topic_links": [
"computer-science/automata-and-formal-languages",
"logic/general-logic/decidability-of-theories"
],
"topics": [
"Computer science/Automata and formal languages",
"Logic/General logic/Decidability of theories"
],
"used_by": 0
},
{
"abstract": "This development provides an efficient, extensible, machine checked collections framework. The library adopts the concepts of interface, implementation and generic algorithm from object-oriented programming and implements them in Isabelle/HOL. The framework features the use of data refinement techniques to refine an abstract specification (using high-level concepts like sets) to a more concrete implementation (using collection datastructures, like red-black-trees). The code-generator of Isabelle/HOL can be used to generate efficient code.",
"authors": [
"Peter Lammich"
],
"date": "2009-11-25",
- "id": 646,
+ "id": 647,
"link": "/entries/Collections.html",
"permalink": "/entries/Collections.html",
"shortname": "Collections",
"title": "Collections Framework",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 19
},
{
"abstract": "This work presents a machine-checked tree automata library for Standard-ML, OCaml and Haskell. The algorithms are efficient by using appropriate data structures like RB-trees. The available algorithms for non-deterministic automata include membership query, reduction, intersection, union, and emptiness check with computation of a witness for non-emptiness. The executable algorithms are derived from less-concrete, non-executable algorithms using data-refinement techniques. The concrete data structures are from the Isabelle Collections Framework. Moreover, this work contains a formalization of the class of tree-regular languages and its closure properties under set operations.",
"authors": [
"Peter Lammich"
],
"date": "2009-11-25",
- "id": 647,
+ "id": 648,
"link": "/entries/Tree-Automata.html",
"permalink": "/entries/Tree-Automata.html",
"shortname": "Tree-Automata",
"title": "Tree Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "These theories present the mechanised proof of the Perfect Number Theorem.",
"authors": [
"Mark Ijbema"
],
"date": "2009-11-22",
- "id": 648,
+ "id": 649,
"link": "/entries/Perfect-Number-Thm.html",
"permalink": "/entries/Perfect-Number-Thm.html",
"shortname": "Perfect-Number-Thm",
"title": "Perfect Number Theorem",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "After verifying \u003ca href=\"Slicing.html\"\u003edynamic and static interprocedural slicing\u003c/a\u003e, we present a modular framework for static interprocedural slicing. To this end, we formalized the standard two-phase slicer from Horwitz, Reps and Binkley (see their TOPLAS 12(1) 1990 paper) together with summary edges as presented by Reps et al. (see FSE 1994). The framework is again modular in the programming language by using an abstract CFG, defined via structural and well-formedness properties. Using a weak simulation between the original and sliced graph, we were able to prove the correctness of static interprocedural slicing. We also instantiate our framework with a simple While language with procedures. This shows that the chosen abstractions are indeed valid.",
"authors": [
"Daniel Wasserrab"
],
"date": "2009-11-13",
- "id": 649,
+ "id": 650,
"link": "/entries/HRB-Slicing.html",
"permalink": "/entries/HRB-Slicing.html",
"shortname": "HRB-Slicing",
"title": "Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 1
},
{
"abstract": "Gill and Hutton formalise the worker/wrapper transformation, building on the work of Launchbury and Peyton-Jones who developed it as a way of changing the type at which a recursive function operates. This development establishes the soundness of the technique and several examples of its use.",
"authors": [
"Peter Gammie"
],
"date": "2009-10-30",
- "id": 650,
+ "id": 651,
"link": "/entries/WorkerWrapper.html",
"permalink": "/entries/WorkerWrapper.html",
"shortname": "WorkerWrapper",
"title": "The Worker/Wrapper Transformation",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "We develop a basic theory of ordinals and cardinals in Isabelle/HOL, up to the point where some cardinality facts relevant for the ``working mathematician\" become available. Unlike in set theory, here we do not have at hand canonical notions of ordinal and cardinal. Therefore, here an ordinal is merely a well-order relation and a cardinal is an ordinal minim w.r.t. order embedding on its field.",
"authors": [
"Andrei Popescu"
],
"date": "2009-09-01",
- "id": 651,
+ "id": 652,
"link": "/entries/Ordinals_and_Cardinals.html",
"permalink": "/entries/Ordinals_and_Cardinals.html",
"shortname": "Ordinals_and_Cardinals",
"title": "Ordinals and Cardinals",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 0
},
{
"abstract": "The invertibility of the rules of a sequent calculus is important for guiding proof search and can be used in some formalised proofs of Cut admissibility. We present sufficient conditions for when a rule is invertible with respect to a calculus. We illustrate the conditions with examples. It must be noted we give purely syntactic criteria; no guarantees are given as to the suitability of the rules.",
"authors": [
"Peter Chapman"
],
"date": "2009-08-28",
- "id": 652,
+ "id": 653,
"link": "/entries/SequentInvertibility.html",
"permalink": "/entries/SequentInvertibility.html",
"shortname": "SequentInvertibility",
"title": "Invertibility in Sequent Calculi",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "We formalize the usual proof that the group generated by the function k -\u003e k + 1 on the integers gives rise to a cofinitary group.",
"authors": [
"Bart Kastermans"
],
"date": "2009-08-04",
- "id": 653,
+ "id": 654,
"link": "/entries/CofGroups.html",
"permalink": "/entries/CofGroups.html",
"shortname": "CofGroups",
"title": "An Example of a Cofinitary Group in Isabelle/HOL",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "FinFuns are total functions that are constant except for a finite set of points, i.e. a generalisation of finite maps. They are formalised as a new type in Isabelle/HOL such that the code generator can handle equality tests and quantification on FinFuns. On the code output level, FinFuns are explicitly represented by constant functions and pointwise updates, similarly to associative lists. Inside the logic, they behave like ordinary functions with extensionality. Via the update/constant pattern, a recursion combinator and an induction rule for FinFuns allow for defining and reasoning about operators on FinFun that are also executable.",
"authors": [
"Andreas Lochbihler"
],
"date": "2009-05-06",
- "id": 654,
+ "id": 655,
"link": "/entries/FinFun.html",
"permalink": "/entries/FinFun.html",
"shortname": "FinFun",
"title": "Code Generation for Functions as Data",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 4
},
{
"abstract": "Stream Fusion is a system for removing intermediate list structures from Haskell programs; it consists of a Haskell library along with several compiler rewrite rules. (The library is available \u003ca href=\"http://hackage.haskell.org/package/stream-fusion\"\u003eonline\u003c/a\u003e.)\u003cbr\u003e\u003cbr\u003eThese theories contain a formalization of much of the Stream Fusion library in HOLCF. Lazy list and stream types are defined, along with coercions between the two types, as well as an equivalence relation for streams that generate the same list. List and stream versions of map, filter, foldr, enumFromTo, append, zipWith, and concatMap are defined, and the stream versions are shown to respect stream equivalence.",
"authors": [
"Brian Huffman"
],
"date": "2009-04-29",
- "id": 655,
+ "id": 656,
"link": "/entries/Stream-Fusion.html",
"permalink": "/entries/Stream-Fusion.html",
"shortname": "Stream-Fusion",
"title": "Stream Fusion",
"topic_links": [
"computer-science/functional-programming"
],
"topics": [
"Computer science/Functional programming"
],
"used_by": 0
},
{
"abstract": "This document contains the Isabelle/HOL sources underlying the paper \u003ci\u003eA bytecode logic for JML and types\u003c/i\u003e by Beringer and Hofmann, updated to Isabelle 2008. We present a program logic for a subset of sequential Java bytecode that is suitable for representing both, features found in high-level specification language JML as well as interpretations of high-level type systems. To this end, we introduce a fine-grained collection of assertions, including strong invariants, local annotations and VDM-reminiscent partial-correctness specifications. Thanks to a goal-oriented structure and interpretation of judgements, verification may proceed without recourse to an additional control flow analysis. The suitability for interpreting intensional type systems is illustrated by the proof-carrying-code style encoding of a type system for a first-order functional language which guarantees a constant upper bound on the number of objects allocated throughout an execution, be the execution terminating or non-terminating. Like the published paper, the formal development is restricted to a comparatively small subset of the JVML, lacking (among other features) exceptions, arrays, virtual methods, and static fields. This shortcoming has been overcome meanwhile, as our paper has formed the basis of the Mobius base logic, a program logic for the full sequential fragment of the JVML. Indeed, the present formalisation formed the basis of a subsequent formalisation of the Mobius base logic in the proof assistant Coq, which includes a proof of soundness with respect to the Bicolano operational semantics by Pichardie.",
"authors": [
"Lennart Beringer",
"Martin Hofmann"
],
"date": "2008-12-12",
- "id": 656,
+ "id": 657,
"link": "/entries/BytecodeLogicJmlTypes.html",
"permalink": "/entries/BytecodeLogicJmlTypes.html",
"shortname": "BytecodeLogicJmlTypes",
"title": "A Bytecode Logic for JML and Types",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "We present interpretations of type systems for secure information flow in Hoare logic, complementing previous encodings in relational program logics. We first treat the imperative language IMP, extended by a simple procedure call mechanism. For this language we consider base-line non-interference in the style of Volpano et al. and the flow-sensitive type system by Hunt and Sands. In both cases, we show how typing derivations may be used to automatically generate proofs in the program logic that certify the absence of illicit flows. We then add instructions for object creation and manipulation, and derive appropriate proof rules for base-line non-interference. As a consequence of our work, standard verification technology may be used for verifying that a concrete program satisfies the non-interference property.\u003cbr\u003e\u003cbr\u003eThe present proof development represents an update of the formalisation underlying our paper [CSF 2007] and is intended to resolve any ambiguities that may be present in the paper.",
"authors": [
"Lennart Beringer",
"Martin Hofmann"
],
"date": "2008-11-10",
- "id": 657,
+ "id": 658,
"link": "/entries/SIFPL.html",
"permalink": "/entries/SIFPL.html",
"shortname": "SIFPL",
"title": "Secure information flow and program logics",
"topic_links": [
"computer-science/programming-languages/logics",
"computer-science/security"
],
"topics": [
"Computer science/Programming languages/Logics",
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "Drawing on Sen's landmark work \"Collective Choice and Social Welfare\" (1970), this development proves Arrow's General Possibility Theorem, Sen's Liberal Paradox and May's Theorem in a general setting. The goal was to make precise the classical statements and proofs of these results, and to provide a foundation for more recent results such as the Gibbard-Satterthwaite and Duggan-Schwartz theorems.",
"authors": [
"Peter Gammie"
],
"date": "2008-11-09",
- "id": 658,
+ "id": 659,
"link": "/entries/SenSocialChoice.html",
"permalink": "/entries/SenSocialChoice.html",
"shortname": "SenSocialChoice",
"title": "Some classical results in Social Choice Theory",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "Tilings are defined inductively. It is shown that one form of mutilated chess board cannot be tiled with dominoes, while another one can be tiled with L-shaped tiles. Please add further fun examples of this kind!",
"authors": [
"Tobias Nipkow",
"Lawrence C. Paulson"
],
"date": "2008-11-07",
- "id": 659,
+ "id": 660,
"link": "/entries/FunWithTilings.html",
"permalink": "/entries/FunWithTilings.html",
"shortname": "FunWithTilings",
"title": "Fun With Tilings",
"topic_links": [
"mathematics/misc"
],
"topics": [
"Mathematics/Misc"
],
"used_by": 0
},
{
"abstract": "Huffman's algorithm is a procedure for constructing a binary tree with minimum weighted path length. This report presents a formal proof of the correctness of Huffman's algorithm written using Isabelle/HOL. Our proof closely follows the sketches found in standard algorithms textbooks, uncovering a few snags in the process. Another distinguishing feature of our formalization is the use of custom induction rules to help Isabelle's automatic tactics, leading to very short proofs for most of the lemmas.",
"authors": [
"Jasmin Christian Blanchette"
],
"date": "2008-10-15",
- "id": 660,
+ "id": 661,
"link": "/entries/Huffman.html",
"permalink": "/entries/Huffman.html",
"shortname": "Huffman",
"title": "The Textbook Proof of Huffman's Algorithm",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "Slicing is a widely-used technique with applications in e.g. compiler technology and software security. Thus verification of algorithms in these areas is often based on the correctness of slicing, which should ideally be proven independent of concrete programming languages and with the help of well-known verifying techniques such as proof assistants. As a first step in this direction, this contribution presents a framework for dynamic and static intraprocedural slicing based on control flow and program dependence graphs. Abstracting from concrete syntax we base the framework on a graph representation of the program fulfilling certain structural and well-formedness properties.\u003cbr\u003e\u003cbr\u003eThe formalization consists of the basic framework (in subdirectory Basic/), the correctness proof for dynamic slicing (in subdirectory Dynamic/), the correctness proof for static intraprocedural slicing (in subdirectory StaticIntra/) and instantiations of the framework with a simple While language (in subdirectory While/) and the sophisticated object-oriented bytecode language of Jinja (in subdirectory JinjaVM/). For more information on the framework, see the TPHOLS 2008 paper by Wasserrab and Lochbihler and the PLAS 2009 paper by Wasserrab et al.",
"authors": [
"Daniel Wasserrab"
],
"date": "2008-09-16",
- "id": 661,
+ "id": 662,
"link": "/entries/Slicing.html",
"permalink": "/entries/Slicing.html",
"shortname": "Slicing",
"title": "Towards Certified Slicing",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 2
},
{
"abstract": "The Volpano/Smith/Irvine security type systems requires that variables are annotated as high (secret) or low (public), and provides typing rules which guarantee that secret values cannot leak to public output ports. This property of a program is called confidentiality. For a simple while-language without threads, our proof shows that typeability in the Volpano/Smith system guarantees noninterference. Noninterference means that if two initial states for program execution are low-equivalent, then the final states are low-equivalent as well. This indeed implies that secret values cannot leak to public ports. The proof defines an abstract syntax and operational semantics for programs, formalizes noninterference, and then proceeds by rule induction on the operational semantics. The mathematically most intricate part is the treatment of implicit flows. Note that the Volpano/Smith system is not flow-sensitive and thus quite unprecise, resulting in false alarms. However, due to the correctness property, all potential breaks of confidentiality are discovered.",
"authors": [
"Gregor Snelting",
"Daniel Wasserrab"
],
"date": "2008-09-02",
- "id": 662,
+ "id": 663,
"link": "/entries/VolpanoSmith.html",
"permalink": "/entries/VolpanoSmith.html",
"shortname": "VolpanoSmith",
"title": "A Correctness Proof for the Volpano/Smith Security Typing System",
"topic_links": [
"computer-science/programming-languages/type-systems",
"computer-science/security"
],
"topics": [
"Computer science/Programming languages/Type systems",
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "This article formalizes two proofs of Arrow's impossibility theorem due to Geanakoplos and derives the Gibbard-Satterthwaite theorem as a corollary. One formalization is based on utility functions, the other one on strict partial orders.",
"authors": [
"Tobias Nipkow"
],
"date": "2008-09-01",
- "id": 663,
+ "id": 664,
"link": "/entries/ArrowImpossibilityGS.html",
"permalink": "/entries/ArrowImpossibilityGS.html",
"shortname": "ArrowImpossibilityGS",
"title": "Arrow and Gibbard-Satterthwaite",
"topic_links": [
"mathematics/games-and-economics"
],
"topics": [
"Mathematics/Games and economics"
],
"used_by": 0
},
{
"abstract": "This is a collection of cute puzzles of the form ``Show that if a function satisfies the following constraints, it must be ...'' Please add further examples to this collection!",
"authors": [
"Tobias Nipkow"
],
"date": "2008-08-26",
- "id": 664,
+ "id": 665,
"link": "/entries/FunWithFunctions.html",
"permalink": "/entries/FunWithFunctions.html",
"shortname": "FunWithFunctions",
"title": "Fun With Functions",
"topic_links": [
"mathematics/misc"
],
"topics": [
"Mathematics/Misc"
],
"used_by": 0
},
{
"abstract": "This document contains formal correctness proofs of modern SAT solvers. Following (Krstic et al, 2007) and (Nieuwenhuis et al., 2006), solvers are described using state-transition systems. Several different SAT solver descriptions are given and their partial correctness and termination is proved. These include: \u003cul\u003e \u003cli\u003e a solver based on classical DPLL procedure (using only a backtrack-search with unit propagation),\u003c/li\u003e \u003cli\u003e a very general solver with backjumping and learning (similar to the description given in (Nieuwenhuis et al., 2006)), and\u003c/li\u003e \u003cli\u003e a solver with a specific conflict analysis algorithm (similar to the description given in (Krstic et al., 2007)).\u003c/li\u003e \u003c/ul\u003e Within the SAT solver correctness proofs, a large number of lemmas about propositional logic and CNF formulae are proved. This theory is self-contained and could be used for further exploring of properties of CNF based SAT algorithms.",
"authors": [
"Filip Marić"
],
"date": "2008-07-23",
- "id": 665,
+ "id": 666,
"link": "/entries/SATSolverVerification.html",
"permalink": "/entries/SATSolverVerification.html",
"shortname": "SATSolverVerification",
"title": "Formal Verification of Modern SAT Solvers",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "This document presents the formalization of introductory material from recursion theory --- definitions and basic properties of primitive recursive functions, Cantor pairing function and computably enumerable sets (including a proof of existence of a one-complete computably enumerable set and a proof of the Rice's theorem).",
"authors": [
"Michael Nedzelsky"
],
"date": "2008-04-05",
- "id": 666,
+ "id": 667,
"link": "/entries/Recursion-Theory-I.html",
"permalink": "/entries/Recursion-Theory-I.html",
"shortname": "Recursion-Theory-I",
"title": "Recursion Theory I",
"topic_links": [
"logic/computability"
],
"topics": [
"Logic/Computability"
],
"used_by": 1
},
{
"abstract": "We present the theory of Simpl, a sequential imperative programming language. We introduce its syntax, its semantics (big and small-step operational semantics) and Hoare logics for both partial as well as total correctness. We prove soundness and completeness of the Hoare logic. We integrate and automate the Hoare logic in Isabelle/HOL to obtain a practically usable verification environment for imperative programs. Simpl is independent of a concrete programming language but expressive enough to cover all common language features: mutually recursive procedures, abrupt termination and exceptions, runtime faults, local and global variables, pointers and heap, expressions with side effects, pointers to procedures, partial application and closures, dynamic method invocation and also unbounded nondeterminism.",
"authors": [
"Norbert Schirmer"
],
"date": "2008-02-29",
- "id": 667,
+ "id": 668,
"link": "/entries/Simpl.html",
"permalink": "/entries/Simpl.html",
"shortname": "Simpl",
"title": "A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment",
"topic_links": [
"computer-science/programming-languages/language-definitions",
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Language definitions",
"Computer science/Programming languages/Logics"
],
"used_by": 2
},
{
"abstract": "We present the verification of the normalisation of a binary decision diagram (BDD). The normalisation follows the original algorithm presented by Bryant in 1986 and transforms an ordered BDD in a reduced, ordered and shared BDD. The verification is based on Hoare logics.",
"authors": [
"Veronika Ortner",
"Norbert Schirmer"
],
"date": "2008-02-29",
- "id": 668,
+ "id": 669,
"link": "/entries/BDD.html",
"permalink": "/entries/BDD.html",
"shortname": "BDD",
"title": "BDD Normalisation",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "This article formalizes normalization by evaluation as implemented in Isabelle. Lambda calculus plus term rewriting is compiled into a functional program with pattern matching. It is proved that the result of a successful evaluation is a) correct, i.e. equivalent to the input, and b) in normal form.",
"authors": [
"Klaus Aehlig",
"Tobias Nipkow"
],
"date": "2008-02-18",
- "id": 669,
+ "id": 670,
"link": "/entries/NormByEval.html",
"permalink": "/entries/NormByEval.html",
"shortname": "NormByEval",
"title": "Normalization by Evaluation",
"topic_links": [
"computer-science/programming-languages/compiling"
],
"topics": [
"Computer science/Programming languages/Compiling"
],
"used_by": 0
},
{
"abstract": "This article formalizes quantifier elimination procedures for dense linear orders, linear real arithmetic and Presburger arithmetic. In each case both a DNF-based non-elementary algorithm and one or more (doubly) exponential NNF-based algorithms are formalized, including the well-known algorithms by Ferrante and Rackoff and by Cooper. The NNF-based algorithms for dense linear orders are new but based on Ferrante and Rackoff and on an algorithm by Loos and Weisspfenning which simulates infenitesimals. All algorithms are directly executable. In particular, they yield reflective quantifier elimination procedures for HOL itself. The formalization makes heavy use of locales and is therefore highly modular.",
"authors": [
"Tobias Nipkow"
],
"date": "2008-01-11",
- "id": 670,
+ "id": 671,
"link": "/entries/LinearQuantifierElim.html",
"permalink": "/entries/LinearQuantifierElim.html",
"shortname": "LinearQuantifierElim",
"title": "Quantifier Elimination for Linear Arithmetic",
"topic_links": [
"logic/general-logic/decidability-of-theories"
],
"topics": [
"Logic/General logic/Decidability of theories"
],
"used_by": 0
},
{
"abstract": "In this work we formally verify the soundness and precision of a static program analysis that detects conflicts (e. g. data races) in programs with procedures, thread creation and monitors with the Isabelle theorem prover. As common in static program analysis, our program model abstracts guarded branching by nondeterministic branching, but completely interprets the call-/return behavior of procedures, synchronization by monitors, and thread creation. The analysis is based on the observation that all conflicts already occur in a class of particularly restricted schedules. These restricted schedules are suited to constraint-system-based program analysis. The formalization is based upon a flowgraph-based program model with an operational semantics as reference point.",
"authors": [
"Peter Lammich",
"Markus Müller-Olm"
],
"date": "2007-12-14",
- "id": 671,
+ "id": 672,
"link": "/entries/Program-Conflict-Analysis.html",
"permalink": "/entries/Program-Conflict-Analysis.html",
"shortname": "Program-Conflict-Analysis",
"title": "Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors",
"topic_links": [
"computer-science/programming-languages/static-analysis"
],
"topics": [
"Computer science/Programming languages/Static analysis"
],
"used_by": 1
},
{
"abstract": "We extend the Jinja source code semantics by Klein and Nipkow with Java-style arrays and threads. Concurrency is captured in a generic framework semantics for adding concurrency through interleaving to a sequential semantics, which features dynamic thread creation, inter-thread communication via shared memory, lock synchronisation and joins. Also, threads can suspend themselves and be notified by others. We instantiate the framework with the adapted versions of both Jinja source and byte code and show type safety for the multithreaded case. Equally, the compiler from source to byte code is extended, for which we prove weak bisimilarity between the source code small step semantics and the defensive Jinja virtual machine. On top of this, we formalise the JMM and show the DRF guarantee and consistency. For description of the different parts, see Lochbihler's papers at FOOL 2008, ESOP 2010, ITP 2011, and ESOP 2012.",
"authors": [
"Andreas Lochbihler"
],
"date": "2007-12-03",
- "id": 672,
+ "id": 673,
"link": "/entries/JinjaThreads.html",
"permalink": "/entries/JinjaThreads.html",
"shortname": "JinjaThreads",
"title": "Jinja with Threads",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "This article is an Isabelle formalisation of a paper with the same title. In a similar way as Knuth's 0-1-principle for sorting algorithms, that paper develops a 0-1-2-principle for parallel prefix computations.",
"authors": [
"Sascha Böhme"
],
"date": "2007-11-06",
- "id": 673,
+ "id": 674,
"link": "/entries/MuchAdoAboutTwo.html",
"permalink": "/entries/MuchAdoAboutTwo.html",
"shortname": "MuchAdoAboutTwo",
"title": "Much Ado About Two",
"topic_links": [
"computer-science/algorithms"
],
"topics": [
"Computer science/Algorithms"
],
"used_by": 0
},
{
"abstract": "This document presents the mechanised proofs of\u003cul\u003e\u003cli\u003eFermat's Last Theorem for exponents 3 and 4 and\u003c/li\u003e\u003cli\u003ethe parametrisation of Pythagorean Triples.\u003c/li\u003e\u003c/ul\u003e",
"authors": [
"Roelof Oosterhuis"
],
"date": "2007-08-12",
- "id": 674,
+ "id": 675,
"link": "/entries/Fermat3_4.html",
"permalink": "/entries/Fermat3_4.html",
"shortname": "Fermat3_4",
"title": "Fermat's Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "This document presents the mechanised proofs of the following results:\u003cul\u003e\u003cli\u003eany prime number of the form 4m+1 can be written as the sum of two squares;\u003c/li\u003e\u003cli\u003eany natural number can be written as the sum of four squares\u003c/li\u003e\u003c/ul\u003e",
"authors": [
"Roelof Oosterhuis"
],
"date": "2007-08-12",
- "id": 675,
+ "id": 676,
"link": "/entries/SumSquares.html",
"permalink": "/entries/SumSquares.html",
"shortname": "SumSquares",
"title": "Sums of Two and Four Squares",
"topic_links": [
"mathematics/number-theory"
],
"topics": [
"Mathematics/Number theory"
],
"used_by": 0
},
{
"abstract": "Convergence with respect to a valuation is discussed as convergence of a Cauchy sequence. Cauchy sequences of polynomials are defined. They are used to formalize Hensel's lemma.",
"authors": [
"Hidetsune Kobayashi"
],
"date": "2007-08-08",
- "id": 676,
+ "id": 677,
"link": "/entries/Valuation.html",
"permalink": "/entries/Valuation.html",
"shortname": "Valuation",
"title": "Fundamental Properties of Valuation Theory and Hensel's Lemma",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 0
},
{
"abstract": "We present a formalization of parts of Melvin Fitting's book \"First-Order Logic and Automated Theorem Proving\". The formalization covers the syntax of first-order logic, its semantics, the model existence theorem, a natural deduction proof calculus together with a proof of correctness and completeness, as well as the Löwenheim-Skolem theorem.",
"authors": [
"Stefan Berghofer"
],
"date": "2007-08-02",
- "id": 677,
+ "id": 678,
"link": "/entries/FOL-Fitting.html",
"permalink": "/entries/FOL-Fitting.html",
"shortname": "FOL-Fitting",
"title": "First-Order Logic According to Fitting",
"topic_links": [
"logic/general-logic/classical-first-order-logic"
],
"topics": [
"Logic/General logic/Classical first-order logic"
],
"used_by": 2
},
{
"abstract": "We present a solution to the POPLmark challenge designed by Aydemir et al., which has as a goal the formalization of the meta-theory of System F\u003csub\u003e\u0026lt;:\u003c/sub\u003e. The formalization is carried out in the theorem prover Isabelle/HOL using an encoding based on de Bruijn indices. We start with a relatively simple formalization covering only the basic features of System F\u003csub\u003e\u0026lt;:\u003c/sub\u003e, and explain how it can be extended to also cover records and more advanced binding constructs.",
"authors": [
"Stefan Berghofer"
],
"date": "2007-08-02",
- "id": 678,
+ "id": 679,
"link": "/entries/POPLmark-deBruijn.html",
"permalink": "/entries/POPLmark-deBruijn.html",
"shortname": "POPLmark-deBruijn",
"title": "POPLmark Challenge Via de Bruijn Indices",
"topic_links": [
"computer-science/programming-languages/lambda-calculi"
],
"topics": [
"Computer science/Programming languages/Lambda calculi"
],
"used_by": 0
},
{
"abstract": "Two models of an electronic hotel key card system are contrasted: a state based and a trace based one. Both are defined, verified, and proved equivalent in the theorem prover Isabelle/HOL. It is shown that if a guest follows a certain safety policy regarding her key cards, she can be sure that nobody but her can enter her room.",
"authors": [
"Tobias Nipkow"
],
"date": "2006-09-09",
- "id": 679,
+ "id": 680,
"link": "/entries/HotelKeyCards.html",
"permalink": "/entries/HotelKeyCards.html",
"shortname": "HotelKeyCards",
"title": "Hotel Key Card System",
"topic_links": [
"computer-science/security"
],
"topics": [
"Computer science/Security"
],
"used_by": 0
},
{
"abstract": "These therories describe Hoare logics for a number of imperative language constructs, from while-loops to mutually recursive procedures. Both partial and total correctness are treated. In particular a proof system for total correctness of recursive procedures in the presence of unbounded nondeterminism is presented.",
"authors": [
"Tobias Nipkow"
],
"date": "2006-08-08",
- "id": 680,
+ "id": 681,
"link": "/entries/Abstract-Hoare-Logics.html",
"permalink": "/entries/Abstract-Hoare-Logics.html",
"shortname": "Abstract-Hoare-Logics",
"title": "Abstract Hoare Logics",
"topic_links": [
"computer-science/programming-languages/logics"
],
"topics": [
"Computer science/Programming languages/Logics"
],
"used_by": 0
},
{
"abstract": "These theories present the verified enumeration of \u003ci\u003etame\u003c/i\u003e plane graphs as defined by Thomas C. Hales in his proof of the Kepler Conjecture in his book \u003ci\u003eDense Sphere Packings. A Blueprint for Formal Proofs.\u003c/i\u003e [CUP 2012]. The values of the constants in the definition of tameness are identical to those in the \u003ca href=\"https://code.google.com/p/flyspeck/\"\u003eFlyspeck project\u003c/a\u003e. The \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/Flyspeck/\"\u003eIJCAR 2006 paper by Nipkow, Bauer and Schultz\u003c/a\u003e refers to the original version of Hales' proof, the \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/itp11.html\"\u003eITP 2011 paper by Nipkow\u003c/a\u003e refers to the Blueprint version of the proof.",
"authors": [
"Gertrud Bauer",
"Tobias Nipkow"
],
"date": "2006-05-22",
- "id": 681,
+ "id": 682,
"link": "/entries/Flyspeck-Tame.html",
"permalink": "/entries/Flyspeck-Tame.html",
"shortname": "Flyspeck-Tame",
"title": "Flyspeck I: Tame Graphs",
"topic_links": [
"mathematics/graph-theory"
],
"topics": [
"Mathematics/Graph theory"
],
"used_by": 1
},
{
"abstract": "We present an operational semantics and type safety proof for multiple inheritance in C++. The semantics models the behavior of method calls, field accesses, and two forms of casts in C++ class hierarchies. For explanations see the OOPSLA 2006 paper by Wasserrab, Nipkow, Snelting and Tip.",
"authors": [
"Daniel Wasserrab"
],
"date": "2006-05-15",
- "id": 682,
+ "id": 683,
"link": "/entries/CoreC++.html",
"permalink": "/entries/CoreC++.html",
"shortname": "CoreC++",
"title": "CoreC++",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "We formalize the type system, small-step operational semantics, and type soundness proof for Featherweight Java, a simple object calculus, in Isabelle/HOL.",
"authors": [
"J. Nathan Foster",
"Dimitrios Vytiniotis"
],
"date": "2006-03-31",
- "id": 683,
+ "id": 684,
"link": "/entries/FeatherweightJava.html",
"permalink": "/entries/FeatherweightJava.html",
"shortname": "FeatherweightJava",
"title": "A Theory of Featherweight Java in Isabelle/HOL",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 0
},
{
"abstract": "F. B. Schneider (\"Understanding protocols for Byzantine clock synchronization\") generalizes a number of protocols for Byzantine fault-tolerant clock synchronization and presents a uniform proof for their correctness. In Schneider's schema, each processor maintains a local clock by periodically adjusting each value to one computed by a convergence function applied to the readings of all the clocks. Then, correctness of an algorithm, i.e. that the readings of two clocks at any time are within a fixed bound of each other, is based upon some conditions on the convergence function. To prove that a particular clock synchronization algorithm is correct it suffices to show that the convergence function used by the algorithm meets Schneider's conditions. Using the theorem prover Isabelle, we formalize the proofs that the convergence functions of two algorithms, namely, the Interactive Convergence Algorithm (ICA) of Lamport and Melliar-Smith and the Fault-tolerant Midpoint algorithm of Lundelius-Lynch, meet Schneider's conditions. Furthermore, we experiment on handling some parts of the proofs with fully automatic tools like ICS and CVC-lite. These theories are part of a joint work with Alwen Tiu and Leonor P. Nieto \u003ca href=\"http://users.rsise.anu.edu.au/~tiu/clocksync.pdf\"\u003e\"Verification of Clock Synchronization Algorithms: Experiments on a combination of deductive tools\"\u003c/a\u003e in proceedings of AVOCS 2005. In this work the correctness of Schneider schema was also verified using Isabelle (entry \u003ca href=\"GenClock.html\"\u003eGenClock\u003c/a\u003e in AFP).",
"authors": [
"Damián Barsotti"
],
"date": "2006-03-15",
- "id": 684,
+ "id": 685,
"link": "/entries/ClockSynchInst.html",
"permalink": "/entries/ClockSynchInst.html",
"shortname": "ClockSynchInst",
"title": "Instances of Schneider's generalized protocol of clock synchronization",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "This document presents the mechanised proofs of two popular theorems attributed to Augustin Louis Cauchy - Cauchy's Mean Theorem and the Cauchy-Schwarz Inequality.",
"authors": [
"Benjamin Porter"
],
"date": "2006-03-14",
- "id": 685,
+ "id": 686,
"link": "/entries/Cauchy.html",
"permalink": "/entries/Cauchy.html",
"shortname": "Cauchy",
"title": "Cauchy's Mean Theorem and the Cauchy-Schwarz Inequality",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 1
},
{
"abstract": "This development defines a well-ordered type of countable ordinals. It includes notions of continuous and normal functions, recursively defined functions over ordinals, least fixed-points, and derivatives. Much of ordinal arithmetic is formalized, including exponentials and logarithms. The development concludes with formalizations of Cantor Normal Form and Veblen hierarchies over normal functions.",
"authors": [
"Brian Huffman"
],
"date": "2005-11-11",
- "id": 686,
+ "id": 687,
"link": "/entries/Ordinal.html",
"permalink": "/entries/Ordinal.html",
"shortname": "Ordinal",
"title": "Countable Ordinals",
"topic_links": [
"logic/set-theory"
],
"topics": [
"Logic/Set theory"
],
"used_by": 1
},
{
"abstract": "We formalise a functional implementation of the FFT algorithm over the complex numbers, and its inverse. Both are shown equivalent to the usual definitions of these operations through Vandermonde matrices. They are also shown to be inverse to each other, more precisely, that composition of the inverse and the transformation yield the identity up to a scalar.",
"authors": [
"Clemens Ballarin"
],
"date": "2005-10-12",
- "id": 687,
+ "id": 688,
"link": "/entries/FFT.html",
"permalink": "/entries/FFT.html",
"shortname": "FFT",
"title": "Fast Fourier Transform",
"topic_links": [
"computer-science/algorithms/mathematical"
],
"topics": [
"Computer science/Algorithms/Mathematical"
],
"used_by": 0
},
{
"abstract": "We formalize the generalized Byzantine fault-tolerant clock synchronization protocol of Schneider. This protocol abstracts from particular algorithms or implementations for clock synchronization. This abstraction includes several assumptions on the behaviors of physical clocks and on general properties of concrete algorithms/implementations. Based on these assumptions the correctness of the protocol is proved by Schneider. His proof was later verified by Shankar using the theorem prover EHDM (precursor to PVS). Our formalization in Isabelle/HOL is based on Shankar's formalization.",
"authors": [
"Alwen Tiu"
],
"date": "2005-06-24",
- "id": 688,
+ "id": 689,
"link": "/entries/GenClock.html",
"permalink": "/entries/GenClock.html",
"shortname": "GenClock",
"title": "Formalization of a Generalized Protocol for Clock Synchronization",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "Disk Paxos is an algorithm for building arbitrary fault-tolerant distributed systems. The specification of Disk Paxos has been proved correct informally and tested using the TLC model checker, but up to now, it has never been fully formally verified. In this work we have formally verified its correctness using the Isabelle theorem prover and the HOL logic system, showing that Isabelle is a practical tool for verifying properties of TLA+ specifications.",
"authors": [
"Mauro Jaskelioff",
"Stephan Merz"
],
"date": "2005-06-22",
- "id": 689,
+ "id": 690,
"link": "/entries/DiskPaxos.html",
"permalink": "/entries/DiskPaxos.html",
"shortname": "DiskPaxos",
"title": "Proving the Correctness of Disk Paxos",
"topic_links": [
"computer-science/algorithms/distributed"
],
"topics": [
"Computer science/Algorithms/Distributed"
],
"used_by": 0
},
{
"abstract": "This document presents the formalization of an object-oriented data and store model in Isabelle/HOL. This model is being used in the Java Interactive Verification Environment, Jive.",
"authors": [
"Nicole Rauch",
"Norbert Schirmer"
],
"date": "2005-06-20",
- "id": 690,
+ "id": 691,
"link": "/entries/JiveDataStoreModel.html",
"permalink": "/entries/JiveDataStoreModel.html",
"shortname": "JiveDataStoreModel",
"title": "Jive Data and Store Model",
"topic_links": [
"computer-science/programming-languages/misc"
],
"topics": [
"Computer science/Programming languages/Misc"
],
"used_by": 0
},
{
"abstract": "We introduce Jinja, a Java-like programming language with a formal semantics designed to exhibit core features of the Java language architecture. Jinja is a compromise between realism of the language and tractability and clarity of the formal semantics. The following aspects are formalised: a big and a small step operational semantics for Jinja and a proof of their equivalence; a type system and a definite initialisation analysis; a type safety proof of the small step semantics; a virtual machine (JVM), its operational semantics and its type system; a type safety proof for the JVM; a bytecode verifier, i.e. data flow analyser for the JVM; a correctness proof of the bytecode verifier w.r.t. the type system; a compiler and a proof that it preserves semantics and well-typedness. The emphasis of this work is not on particular language features but on providing a unified model of the source language, the virtual machine and the compiler. The whole development has been carried out in the theorem prover Isabelle/HOL.",
"authors": [
"Gerwin Klein",
"Tobias Nipkow"
],
"date": "2005-06-01",
- "id": 691,
+ "id": 692,
"link": "/entries/Jinja.html",
"permalink": "/entries/Jinja.html",
"shortname": "Jinja",
"title": "Jinja is not Java",
"topic_links": [
"computer-science/programming-languages/language-definitions"
],
"topics": [
"Computer science/Programming languages/Language definitions"
],
"used_by": 4
},
{
"abstract": "Formal verification is getting more and more important in computer science. However the state of the art formal verification methods in cryptography are very rudimentary. These theories are one step to provide a tool box allowing the use of formal methods in every aspect of cryptography. Moreover we present a proof of concept for the feasibility of verification techniques to a standard signature algorithm.",
"authors": [
"Christina Lindenberg",
"Kai Wirt"
],
"date": "2005-05-02",
- "id": 692,
+ "id": 693,
"link": "/entries/RSAPSS.html",
"permalink": "/entries/RSAPSS.html",
"shortname": "RSAPSS",
"title": "SHA1, RSA, PSS and more",
"topic_links": [
"computer-science/security/cryptography"
],
"topics": [
"Computer science/Security/Cryptography"
],
"used_by": 0
},
{
"abstract": "This development proves Yoneda's lemma and aims to be readable by humans. It only defines what is needed for the lemma: categories, functors and natural transformations. Limits, adjunctions and other important concepts are not included.",
"authors": [
"Greg O'Keefe"
],
"date": "2005-04-21",
- "id": 693,
+ "id": 694,
"link": "/entries/Category.html",
"permalink": "/entries/Category.html",
"shortname": "Category",
"title": "Category Theory to Yoneda's Lemma",
"topic_links": [
"mathematics/category-theory"
],
"topics": [
"Mathematics/Category theory"
],
"used_by": 0
},
{
"abstract": "These theories illustrates the verification of basic file operations (file creation, file read and file write) in the Isabelle theorem prover. We describe a file at two levels of abstraction: an abstract file represented as a resizable array, and a concrete file represented using data blocks.",
"authors": [
"Karen Zee",
"Viktor Kuncak"
],
"date": "2004-12-09",
- "id": 694,
+ "id": 695,
"link": "/entries/FileRefinement.html",
"permalink": "/entries/FileRefinement.html",
"shortname": "FileRefinement",
"title": "File Refinement",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "Lebesgue-style integration plays a major role in advanced probability. We formalize concepts of elementary measure theory, real-valued random variables as Borel-measurable functions, and a stepwise inductive definition of the integral itself. All proofs are carried out in human readable style using the Isar language.",
"authors": [
"Stefan Richter"
],
"date": "2004-11-19",
- "id": 695,
+ "id": 696,
"link": "/entries/Integration.html",
"permalink": "/entries/Integration.html",
"shortname": "Integration",
"title": "Integration theory and random variables",
"topic_links": [
"mathematics/analysis"
],
"topics": [
"Mathematics/Analysis"
],
"used_by": 0
},
{
"abstract": "Soundness and completeness for a system of first order logic are formally proved, building on James Margetson's formalization of work by Wainer and Wallen. The completeness proofs naturally suggest an algorithm to derive proofs. This algorithm, which can be implemented tail recursively, is formalized in Isabelle/HOL. The algorithm can be executed via the rewriting tactics of Isabelle. Alternatively, the definitions can be exported to OCaml, yielding a directly executable program.",
"authors": [
"Tom Ridge"
],
"date": "2004-09-28",
- "id": 696,
+ "id": 697,
"link": "/entries/Verified-Prover.html",
"permalink": "/entries/Verified-Prover.html",
"shortname": "Verified-Prover",
"title": "A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic",
"topic_links": [
"logic/general-logic/mechanization-of-proofs"
],
"topics": [
"Logic/General logic/Mechanization of proofs"
],
"used_by": 0
},
{
"abstract": "The completeness of first-order logic is proved, following the first five pages of Wainer and Wallen's chapter of the book \u003ci\u003eProof Theory\u003c/i\u003e by Aczel et al., CUP, 1992. Their presentation of formulas allows the proofs to use symmetry arguments. Margetson formalized this theorem by early 2000. The Isar conversion is thanks to Tom Ridge. A paper describing the formalization is available \u003ca href=\"Completeness-paper.pdf\"\u003e[pdf]\u003c/a\u003e.",
"authors": [
"James Margetson",
"Tom Ridge"
],
"date": "2004-09-20",
- "id": 697,
+ "id": 698,
"link": "/entries/Completeness.html",
"permalink": "/entries/Completeness.html",
"shortname": "Completeness",
"title": "Completeness theorem",
"topic_links": [
"logic/proof-theory"
],
"topics": [
"Logic/Proof theory"
],
"used_by": 0
},
{
"abstract": "This formalization of Ramsey's theorem (infinitary version) is taken from Boolos and Jeffrey, \u003ci\u003eComputability and Logic\u003c/i\u003e, 3rd edition, Chapter 26. It differs slightly from the text by assuming a slightly stronger hypothesis. In particular, the induction hypothesis is stronger, holding for any infinite subset of the naturals. This avoids the rather peculiar mapping argument between kj and aikj on p.263, which is unnecessary and slightly mars this really beautiful result.",
"authors": [
"Tom Ridge"
],
"date": "2004-09-20",
- "id": 698,
+ "id": 699,
"link": "/entries/Ramsey-Infinite.html",
"permalink": "/entries/Ramsey-Infinite.html",
"shortname": "Ramsey-Infinite",
"title": "Ramsey's theorem, infinitary version",
"topic_links": [
"mathematics/combinatorics"
],
"topics": [
"Mathematics/Combinatorics"
],
"used_by": 0
},
{
"abstract": "An exception compilation scheme that dynamically creates and removes exception handler entries on the stack. A formalization of an article of the same name by \u003ca href=\"http://www.cs.nott.ac.uk/~gmh/\"\u003eHutton\u003c/a\u003e and Wright.",
"authors": [
"Tobias Nipkow"
],
"date": "2004-07-09",
- "id": 699,
+ "id": 700,
"link": "/entries/Compiling-Exceptions-Correctly.html",
"permalink": "/entries/Compiling-Exceptions-Correctly.html",
"shortname": "Compiling-Exceptions-Correctly",
"title": "Compiling Exceptions Correctly",
"topic_links": [
"computer-science/programming-languages/compiling"
],
"topics": [
"Computer science/Programming languages/Compiling"
],
"used_by": 0
},
{
"abstract": "Depth-first search of a graph is formalized with recdef. It is shown that it visits all of the reachable nodes from a given list of nodes. Executable ML code of depth-first search is obtained using the code generation feature of Isabelle/HOL.",
"authors": [
"Toshiaki Nishihara",
"Yasuhiko Minamide"
],
"date": "2004-06-24",
- "id": 700,
+ "id": 701,
"link": "/entries/Depth-First-Search.html",
"permalink": "/entries/Depth-First-Search.html",
"shortname": "Depth-First-Search",
"title": "Depth First Search",
"topic_links": [
"computer-science/algorithms/graph"
],
"topics": [
"Computer science/Algorithms/Graph"
],
"used_by": 0
},
{
"abstract": "The theory of groups, rings and modules is developed to a great depth. Group theory results include Zassenhaus's theorem and the Jordan-Hoelder theorem. The ring theory development includes ideals, quotient rings and the Chinese remainder theorem. The module development includes the Nakayama lemma, exact sequences and Tensor products.",
"authors": [
"Hidetsune Kobayashi",
"L. Chen",
"H. Murao"
],
"date": "2004-05-18",
- "id": 701,
+ "id": 702,
"link": "/entries/Group-Ring-Module.html",
"permalink": "/entries/Group-Ring-Module.html",
"shortname": "Group-Ring-Module",
"title": "Groups, Rings and Modules",
"topic_links": [
"mathematics/algebra"
],
"topics": [
"Mathematics/Algebra"
],
"used_by": 1
},
{
"abstract": "This theory contains some useful extensions to the LList (lazy list) theory by \u003ca href=\"http://www.cl.cam.ac.uk/~lp15/\"\u003eLarry Paulson\u003c/a\u003e, including finite, infinite, and positive llists over an alphabet, as well as the new constants take and drop and the prefix order of llists. Finally, the notions of safety and liveness in the sense of Alpern and Schneider (1985) are defined.",
"authors": [
"Stefan Friedrich"
],
"date": "2004-04-26",
- "id": 702,
+ "id": 703,
"link": "/entries/Lazy-Lists-II.html",
"permalink": "/entries/Lazy-Lists-II.html",
"shortname": "Lazy-Lists-II",
"title": "Lazy Lists II",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 1
},
{
"abstract": "This entry contains two theories. The first, \u003ctt\u003eTopology\u003c/tt\u003e, develops the basic notions of general topology. The second, which can be viewed as a demonstration of the first, is called \u003ctt\u003eLList_Topology\u003c/tt\u003e. It develops the topology of lazy lists.",
"authors": [
"Stefan Friedrich"
],
"date": "2004-04-26",
- "id": 703,
+ "id": 704,
"link": "/entries/Topology.html",
"permalink": "/entries/Topology.html",
"shortname": "Topology",
"title": "Topology",
"topic_links": [
"mathematics/topology"
],
"topics": [
"Mathematics/Topology"
],
"used_by": 0
},
{
"abstract": "The correctness is shown of binary search tree operations (lookup, insert and remove) implementing a set. Two versions are given, for both structured and linear (tactic-style) proofs. An implementation of integer-indexed maps is also verified.",
"authors": [
"Viktor Kuncak"
],
"date": "2004-04-05",
- "id": 704,
+ "id": 705,
"link": "/entries/BinarySearchTree.html",
"permalink": "/entries/BinarySearchTree.html",
"shortname": "BinarySearchTree",
"title": "Binary Search Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "This theory defines deterministic and nondeterministic automata in a functional representation: the transition function/relation and the finality predicate are just functions. Hence the state space may be infinite. It is shown how to convert regular expressions into such automata. A scanner (generator) is implemented with the help of functional automata: the scanner chops the input up into longest recognized substrings. Finally we also show how to convert a certain subclass of functional automata (essentially the finite deterministic ones) into regular sets.",
"authors": [
"Tobias Nipkow"
],
"date": "2004-03-30",
- "id": 705,
+ "id": 706,
"link": "/entries/Functional-Automata.html",
"permalink": "/entries/Functional-Automata.html",
"shortname": "Functional-Automata",
"title": "Functional Automata",
"topic_links": [
"computer-science/automata-and-formal-languages"
],
"topics": [
"Computer science/Automata and formal languages"
],
"used_by": 0
},
{
"abstract": "Two formalizations of AVL trees with room for extensions. The first formalization is monolithic and shorter, the second one in two stages, longer and a bit simpler. The final implementation is the same. If you are interested in developing this further, please contact \u003ctt\u003egerwin.klein@nicta.com.au\u003c/tt\u003e.",
"authors": [
"Tobias Nipkow",
"Cornelia Pusch"
],
"date": "2004-03-19",
- "id": 706,
+ "id": 707,
"link": "/entries/AVL-Trees.html",
"permalink": "/entries/AVL-Trees.html",
"shortname": "AVL-Trees",
"title": "AVL Trees",
"topic_links": [
"computer-science/data-structures"
],
"topics": [
"Computer science/Data structures"
],
"used_by": 0
},
{
"abstract": "This theory defines the type inference rules and the type inference algorithm \u003ci\u003eW\u003c/i\u003e for MiniML (simply-typed lambda terms with \u003ctt\u003elet\u003c/tt\u003e) due to Milner. It proves the soundness and completeness of \u003ci\u003eW\u003c/i\u003e w.r.t. the rules.",
"authors": [
"Wolfgang Naraschewski",
"Tobias Nipkow"
],
"date": "2004-03-19",
- "id": 707,
+ "id": 708,
"link": "/entries/MiniML.html",
"permalink": "/entries/MiniML.html",
"shortname": "MiniML",
"title": "Mini ML",
"topic_links": [
"computer-science/programming-languages/type-systems"
],
"topics": [
"Computer science/Programming languages/Type systems"
],
"used_by": 0
}
]
\ No newline at end of file
diff --git a/web/index.xml b/web/index.xml
--- a/web/index.xml
+++ b/web/index.xml
@@ -1,13022 +1,13040 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Archive of Formal Proofs</title>
<link>/</link>
<description>Recent content on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language>
- <lastBuildDate>Thu, 29 Sep 2022 00:00:00 +0000</lastBuildDate><atom:link href="/index.xml" rel="self" type="application/rss+xml" />
+ <lastBuildDate>Tue, 04 Oct 2022 00:00:00 +0000</lastBuildDate><atom:link href="/index.xml" rel="self" type="application/rss+xml" />
+ <item>
+ <title>Verification of Query Optimization Algorithms</title>
+ <link>/entries/Query_Optimization.html</link>
+ <pubDate>Tue, 04 Oct 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Query_Optimization.html</guid>
+ <description></description>
+ </item>
+
<item>
<title>Maximum Segment Sum</title>
<link>/entries/Maximum_Segment_Sum.html</link>
<pubDate>Thu, 29 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Maximum_Segment_Sum.html</guid>
<description></description>
</item>
<item>
<title>Undirected Graph Theory</title>
<link>/entries/Undirected_Graph_Theory.html</link>
<pubDate>Thu, 29 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Undirected_Graph_Theory.html</guid>
<description></description>
</item>
<item>
<title>Making Arbitrary Relational Calculus Queries Safe-Range</title>
<link>/entries/Safe_Range_RC.html</link>
<pubDate>Wed, 28 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Safe_Range_RC.html</guid>
<description></description>
</item>
<item>
<title>Stalnaker&#39;s Epistemic Logic</title>
<link>/entries/Stalnaker_Logic.html</link>
<pubDate>Fri, 23 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Stalnaker_Logic.html</guid>
<description></description>
</item>
<item>
<title>p-adic Fields and p-adic Semialgebraic Sets</title>
<link>/entries/Padic_Field.html</link>
<pubDate>Thu, 22 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Padic_Field.html</guid>
<description></description>
</item>
<item>
<title>Risk-Free Lending</title>
<link>/entries/Risk_Free_Lending.html</link>
<pubDate>Sun, 18 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Risk_Free_Lending.html</guid>
<description></description>
</item>
<item>
<title>Soundness and Completeness of Implicational Logic</title>
<link>/entries/Implicational_Logic.html</link>
<pubDate>Tue, 13 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Implicational_Logic.html</guid>
<description></description>
</item>
<item>
<title>CRYSTALS-Kyber</title>
<link>/entries/CRYSTALS-Kyber.html</link>
<pubDate>Thu, 08 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/CRYSTALS-Kyber.html</guid>
<description></description>
</item>
<item>
<title>Unbounded Separation Logic</title>
<link>/entries/Separation_Logic_Unbounded.html</link>
<pubDate>Mon, 05 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Logic_Unbounded.html</guid>
<description></description>
</item>
<item>
<title>Khovanskii&amp;#x27;s Theorem</title>
<link>/entries/Khovanskii_Theorem.html</link>
<pubDate>Fri, 02 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Khovanskii_Theorem.html</guid>
<description></description>
</item>
<item>
<title>The Hales–Jewett Theorem</title>
<link>/entries/Hales_Jewett.html</link>
<pubDate>Fri, 02 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Hales_Jewett.html</guid>
<description></description>
</item>
<item>
<title>Number Theoretic Transform</title>
<link>/entries/Number_Theoretic_Transform.html</link>
<pubDate>Thu, 18 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/Number_Theoretic_Transform.html</guid>
<description></description>
</item>
<item>
<title>Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph</title>
<link>/entries/SCC_Bloemen_Sequential.html</link>
<pubDate>Wed, 17 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/SCC_Bloemen_Sequential.html</guid>
<description></description>
</item>
<item>
<title>From THE BOOK: Two Squares via Involutions</title>
<link>/entries/Involutions2Squares.html</link>
<pubDate>Mon, 15 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/Involutions2Squares.html</guid>
<description></description>
</item>
<item>
<title>Verified Complete Test Strategies for Finite State Machines</title>
<link>/entries/FSM_Tests.html</link>
<pubDate>Tue, 09 Aug 2022 00:00:00 +0000</pubDate>
<guid>/entries/FSM_Tests.html</guid>
<description></description>
</item>
<item>
<title>Nano JSON: Working with JSON formatted data in Isabelle/HOL and Isabelle/ML</title>
<link>/entries/Nano_JSON.html</link>
<pubDate>Fri, 29 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Nano_JSON.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL</title>
<link>/entries/Solidity.html</link>
<pubDate>Mon, 18 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Solidity.html</guid>
<description></description>
</item>
<item>
<title>Simultaneous diagonalization of pairwise commuting Hermitian matrices</title>
<link>/entries/Commuting_Hermitian.html</link>
<pubDate>Mon, 18 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Commuting_Hermitian.html</guid>
<description></description>
</item>
<item>
<title>Pólya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality</title>
<link>/entries/Weighted_Arithmetic_Geometric_Mean.html</link>
<pubDate>Mon, 11 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/Weighted_Arithmetic_Geometric_Mean.html</guid>
<description></description>
</item>
<item>
<title>A Reuse-Based Multi-Stage Compiler Verification for Language IMP</title>
<link>/entries/IMP_Compiler_Reuse.html</link>
<pubDate>Sun, 10 Jul 2022 00:00:00 +0000</pubDate>
<guid>/entries/IMP_Compiler_Reuse.html</guid>
<description></description>
</item>
<item>
<title>Real-Time Double-Ended Queue</title>
<link>/entries/Real_Time_Deque.html</link>
<pubDate>Thu, 23 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Real_Time_Deque.html</guid>
<description></description>
</item>
<item>
<title>Boolos&#39;s Curious Inference in Isabelle/HOL</title>
<link>/entries/Boolos_Curious_Inference.html</link>
<pubDate>Mon, 20 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Boolos_Curious_Inference.html</guid>
<description></description>
</item>
<item>
<title>Finite Fields</title>
<link>/entries/Finite_Fields.html</link>
<pubDate>Wed, 08 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Finite_Fields.html</guid>
<description></description>
</item>
<item>
<title>IsaNet: Formalization of a Verification Framework for Secure Data Plane Protocols</title>
<link>/entries/IsaNet.html</link>
<pubDate>Wed, 08 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/IsaNet.html</guid>
<description></description>
</item>
<item>
<title>Diophantine Equations and the DPRM Theorem</title>
<link>/entries/DPRM_Theorem.html</link>
<pubDate>Mon, 06 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/DPRM_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Reducing Rewrite Properties to Properties on Ground Terms</title>
<link>/entries/Rewrite_Properties_Reduction.html</link>
<pubDate>Thu, 02 Jun 2022 00:00:00 +0000</pubDate>
<guid>/entries/Rewrite_Properties_Reduction.html</guid>
<description></description>
</item>
<item>
<title>A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand</title>
<link>/entries/Combinable_Wands.html</link>
<pubDate>Mon, 30 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Combinable_Wands.html</guid>
<description></description>
</item>
<item>
<title>The Plünnecke-Ruzsa Inequality</title>
<link>/entries/Pluennecke_Ruzsa_Inequality.html</link>
<pubDate>Thu, 26 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Pluennecke_Ruzsa_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Framework for the Sound Automation of Magic Wands</title>
<link>/entries/Package_logic.html</link>
<pubDate>Wed, 18 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Package_logic.html</guid>
<description></description>
</item>
<item>
<title>Clique is not solvable by monotone circuits of polynomial size</title>
<link>/entries/Clique_and_Monotone_Circuits.html</link>
<pubDate>Sun, 08 May 2022 00:00:00 +0000</pubDate>
<guid>/entries/Clique_and_Monotone_Circuits.html</guid>
<description></description>
</item>
<item>
<title>Fisher&#39;s Inequality: Linear Algebraic Proof Techniques for Combinatorics</title>
<link>/entries/Fishers_Inequality.html</link>
<pubDate>Thu, 21 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Fishers_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Digit Expansions</title>
<link>/entries/Digit_Expansions.html</link>
<pubDate>Wed, 20 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Digit_Expansions.html</guid>
<description></description>
</item>
<item>
<title>The Generalized Multiset Ordering is NP-Complete</title>
<link>/entries/Multiset_Ordering_NPC.html</link>
<pubDate>Wed, 20 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Multiset_Ordering_NPC.html</guid>
<description></description>
</item>
<item>
<title>The Sophomore&#39;s Dream</title>
<link>/entries/Sophomores_Dream.html</link>
<pubDate>Sun, 10 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Sophomores_Dream.html</guid>
<description></description>
</item>
<item>
<title>A Combinator Library for Prefix-Free Codes</title>
<link>/entries/Prefix_Free_Code_Combinators.html</link>
<pubDate>Fri, 08 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Prefix_Free_Code_Combinators.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Randomized Approximation Algorithms for Frequency Moments</title>
<link>/entries/Frequency_Moments.html</link>
<pubDate>Fri, 08 Apr 2022 00:00:00 +0000</pubDate>
<guid>/entries/Frequency_Moments.html</guid>
<description></description>
</item>
<item>
<title>Constructing the Reals as Dedekind Cuts of Rationals</title>
<link>/entries/Dedekind_Real.html</link>
<pubDate>Thu, 24 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Dedekind_Real.html</guid>
<description></description>
</item>
<item>
<title>Ackermann&#39;s Function Is Not Primitive Recursive</title>
<link>/entries/Ackermanns_not_PR.html</link>
<pubDate>Wed, 23 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Ackermanns_not_PR.html</guid>
<description></description>
</item>
<item>
<title>A Naive Prover for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc3.html</link>
<pubDate>Tue, 22 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc3.html</guid>
<description></description>
</item>
<item>
<title>A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent</title>
<link>/entries/Cotangent_PFD_Formula.html</link>
<pubDate>Tue, 15 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Cotangent_PFD_Formula.html</guid>
<description></description>
</item>
<item>
<title>The Independence of the Continuum Hypothesis in Isabelle/ZF</title>
<link>/entries/Independence_CH.html</link>
<pubDate>Sun, 06 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Independence_CH.html</guid>
<description></description>
</item>
<item>
<title>Transitive Models of Fragments of ZFC</title>
<link>/entries/Transitive_Models.html</link>
<pubDate>Thu, 03 Mar 2022 00:00:00 +0000</pubDate>
<guid>/entries/Transitive_Models.html</guid>
<description></description>
</item>
<item>
<title>Residuated Transition Systems</title>
<link>/entries/ResiduatedTransitionSystem.html</link>
<pubDate>Mon, 28 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/ResiduatedTransitionSystem.html</guid>
<description></description>
</item>
<item>
<title>Universal Hash Families</title>
<link>/entries/Universal_Hash_Families.html</link>
<pubDate>Sun, 20 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Universal_Hash_Families.html</guid>
<description></description>
</item>
<item>
<title>Wetzel&#39;s Problem and the Continuum Hypothesis</title>
<link>/entries/Wetzels_Problem.html</link>
<pubDate>Fri, 18 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Wetzels_Problem.html</guid>
<description></description>
</item>
<item>
<title>First-Order Query Evaluation</title>
<link>/entries/Eval_FO.html</link>
<pubDate>Tue, 15 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Eval_FO.html</guid>
<description></description>
</item>
<item>
<title>Multi-Head Monitoring of Metric Dynamic Logic</title>
<link>/entries/VYDRA_MDL.html</link>
<pubDate>Sun, 13 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/VYDRA_MDL.html</guid>
<description></description>
</item>
<item>
<title>Enumeration of Equivalence Relations</title>
<link>/entries/Equivalence_Relation_Enumeration.html</link>
<pubDate>Fri, 04 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Equivalence_Relation_Enumeration.html</guid>
<description></description>
</item>
<item>
<title>Duality of Linear Programming</title>
<link>/entries/LP_Duality.html</link>
<pubDate>Thu, 03 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/LP_Duality.html</guid>
<description></description>
</item>
<item>
<title>Quasi-Borel Spaces</title>
<link>/entries/Quasi_Borel_Spaces.html</link>
<pubDate>Thu, 03 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Quasi_Borel_Spaces.html</guid>
<description></description>
</item>
<item>
<title>First-Order Theory of Rewriting</title>
<link>/entries/FO_Theory_Rewriting.html</link>
<pubDate>Wed, 02 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/FO_Theory_Rewriting.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus Prover for First-Order Logic with Functions</title>
<link>/entries/FOL_Seq_Calc2.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc2.html</guid>
<description></description>
</item>
<item>
<title>Young&#39;s Inequality for Increasing Functions</title>
<link>/entries/Youngs_Inequality.html</link>
<pubDate>Mon, 31 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Youngs_Inequality.html</guid>
<description></description>
</item>
<item>
<title>Interpolation Polynomials (in HOL-Algebra)</title>
<link>/entries/Interpolation_Polynomials_HOL_Algebra.html</link>
<pubDate>Sat, 29 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Interpolation_Polynomials_HOL_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Median Method</title>
<link>/entries/Median_Method.html</link>
<pubDate>Tue, 25 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Median_Method.html</guid>
<description></description>
</item>
<item>
<title>Actuarial Mathematics</title>
<link>/entries/Actuarial_Mathematics.html</link>
<pubDate>Sun, 23 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Actuarial_Mathematics.html</guid>
<description></description>
</item>
<item>
<title>Irrational numbers from THE BOOK</title>
<link>/entries/Irrationals_From_THEBOOK.html</link>
<pubDate>Sat, 08 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Irrationals_From_THEBOOK.html</guid>
<description></description>
</item>
<item>
<title>Knight&#39;s Tour Revisited Revisited</title>
<link>/entries/Knights_Tour.html</link>
<pubDate>Tue, 04 Jan 2022 00:00:00 +0000</pubDate>
<guid>/entries/Knights_Tour.html</guid>
<description></description>
</item>
<item>
<title>Hyperdual Numbers and Forward Differentiation</title>
<link>/entries/Hyperdual.html</link>
<pubDate>Fri, 31 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hyperdual.html</guid>
<description></description>
</item>
<item>
<title>Gale-Shapley Algorithm</title>
<link>/entries/Gale_Shapley.html</link>
<pubDate>Wed, 29 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Gale_Shapley.html</guid>
<description></description>
</item>
<item>
<title>Roth&#39;s Theorem on Arithmetic Progressions</title>
<link>/entries/Roth_Arithmetic_Progressions.html</link>
<pubDate>Tue, 28 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Roth_Arithmetic_Progressions.html</guid>
<description></description>
</item>
<item>
<title>Markov Decision Processes with Rewards</title>
<link>/entries/MDP-Rewards.html</link>
<pubDate>Thu, 16 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/MDP-Rewards.html</guid>
<description></description>
</item>
<item>
<title>Verified Algorithms for Solving Markov Decision Processes</title>
<link>/entries/MDP-Algorithms.html</link>
<pubDate>Thu, 16 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/MDP-Algorithms.html</guid>
<description></description>
</item>
<item>
<title>Regular Tree Relations</title>
<link>/entries/Regular_Tree_Relations.html</link>
<pubDate>Wed, 15 Dec 2021 00:00:00 +0000</pubDate>
<guid>/entries/Regular_Tree_Relations.html</guid>
<description></description>
</item>
<item>
<title>Simplicial Complexes and Boolean functions</title>
<link>/entries/Simplicial_complexes_and_boolean_functions.html</link>
<pubDate>Mon, 29 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Simplicial_complexes_and_boolean_functions.html</guid>
<description></description>
</item>
<item>
<title>van Emde Boas Trees</title>
<link>/entries/Van_Emde_Boas_Trees.html</link>
<pubDate>Tue, 23 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Van_Emde_Boas_Trees.html</guid>
<description></description>
</item>
<item>
<title>Foundation of geometry in planes, and some complements: Excluding the parallel axioms</title>
<link>/entries/Foundation_of_geometry.html</link>
<pubDate>Mon, 22 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Foundation_of_geometry.html</guid>
<description></description>
</item>
<item>
<title>The Hahn and Jordan Decomposition Theorems</title>
<link>/entries/Hahn_Jordan_Decomposition.html</link>
<pubDate>Fri, 19 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hahn_Jordan_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL</title>
<link>/entries/PAL.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/PAL.html</guid>
<description></description>
</item>
<item>
<title>Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL</title>
<link>/entries/SimplifiedOntologicalArgument.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/SimplifiedOntologicalArgument.html</guid>
<description></description>
</item>
<item>
<title>Factorization of Polynomials with Algebraic Coefficients</title>
<link>/entries/Factor_Algebraic_Polynomial.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Factor_Algebraic_Polynomial.html</guid>
<description></description>
</item>
<item>
<title>Real Exponents as the Limits of Sequences of Rational Exponents</title>
<link>/entries/Real_Power.html</link>
<pubDate>Mon, 08 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Real_Power.html</guid>
<description></description>
</item>
<item>
<title>Szemerédi&#39;s Regularity Lemma</title>
<link>/entries/Szemeredi_Regularity.html</link>
<pubDate>Fri, 05 Nov 2021 00:00:00 +0000</pubDate>
<guid>/entries/Szemeredi_Regularity.html</guid>
<description></description>
</item>
<item>
<title>Quantum and Classical Registers</title>
<link>/entries/Registers.html</link>
<pubDate>Thu, 28 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Registers.html</guid>
<description></description>
</item>
<item>
<title>Belief Revision Theory</title>
<link>/entries/Belief_Revision.html</link>
<pubDate>Tue, 19 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Belief_Revision.html</guid>
<description></description>
</item>
<item>
<title>X86 instruction semantics and basic block symbolic execution</title>
<link>/entries/X86_Semantics.html</link>
<pubDate>Wed, 13 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/X86_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations</title>
<link>/entries/Correctness_Algebras.html</link>
<pubDate>Tue, 12 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Correctness_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Verified Quadratic Virtual Substitution for Real Arithmetic</title>
<link>/entries/Virtual_Substitution.html</link>
<pubDate>Sat, 02 Oct 2021 00:00:00 +0000</pubDate>
<guid>/entries/Virtual_Substitution.html</guid>
<description></description>
</item>
<item>
<title>Soundness and Completeness of an Axiomatic System for First-Order Logic</title>
<link>/entries/FOL_Axiomatic.html</link>
<pubDate>Fri, 24 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Axiomatic.html</guid>
<description></description>
</item>
<item>
<title>Complex Bounded Operators</title>
<link>/entries/Complex_Bounded_Operators.html</link>
<pubDate>Sat, 18 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Complex_Bounded_Operators.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Weighted Path Orders and Recursive Path Orders</title>
<link>/entries/Weighted_Path_Order.html</link>
<pubDate>Thu, 16 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Weighted_Path_Order.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories</title>
<link>/entries/CZH_Foundations.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Foundations.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL II: Elementary Theory of 1-Categories</title>
<link>/entries/CZH_Elementary_Categories.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Elementary_Categories.html</guid>
<description></description>
</item>
<item>
<title>Category Theory for ZFC in HOL III: Universal Constructions</title>
<link>/entries/CZH_Universal_Constructions.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/CZH_Universal_Constructions.html</guid>
<description></description>
</item>
<item>
<title>Conditional Simplification</title>
<link>/entries/Conditional_Simplification.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Conditional_Simplification.html</guid>
<description></description>
</item>
<item>
<title>Conditional Transfer Rule</title>
<link>/entries/Conditional_Transfer_Rule.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Conditional_Transfer_Rule.html</guid>
<description></description>
</item>
<item>
<title>Extension of Types-To-Sets</title>
<link>/entries/Types_To_Sets_Extension.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Types_To_Sets_Extension.html</guid>
<description></description>
</item>
<item>
<title>IDE: Introduction, Destruction, Elimination</title>
<link>/entries/Intro_Dest_Elim.html</link>
<pubDate>Mon, 06 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Intro_Dest_Elim.html</guid>
<description></description>
</item>
<item>
<title>A data flow analysis algorithm for computing dominators</title>
<link>/entries/Dominance_CHK.html</link>
<pubDate>Sun, 05 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Dominance_CHK.html</guid>
<description></description>
</item>
<item>
<title>Solving Cubic and Quartic Equations</title>
<link>/entries/Cubic_Quartic_Equations.html</link>
<pubDate>Fri, 03 Sep 2021 00:00:00 +0000</pubDate>
<guid>/entries/Cubic_Quartic_Equations.html</guid>
<description></description>
</item>
<item>
<title>Logging-independent Message Anonymity in the Relational Method</title>
<link>/entries/Logging_Independent_Anonymity.html</link>
<pubDate>Thu, 26 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Logging_Independent_Anonymity.html</guid>
<description></description>
</item>
<item>
<title>The Theorem of Three Circles</title>
<link>/entries/Three_Circles.html</link>
<pubDate>Sat, 21 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Three_Circles.html</guid>
<description></description>
</item>
<item>
<title>CoCon: A Confidentiality-Verified Conference Management System</title>
<link>/entries/CoCon.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/CoCon.html</guid>
<description></description>
</item>
<item>
<title>Compositional BD Security</title>
<link>/entries/BD_Security_Compositional.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/BD_Security_Compositional.html</guid>
<description></description>
</item>
<item>
<title>CoSMed: A confidentiality-verified social media platform</title>
<link>/entries/CoSMed.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/CoSMed.html</guid>
<description></description>
</item>
<item>
<title>CoSMeDis: A confidentiality-verified distributed social media platform</title>
<link>/entries/CoSMeDis.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/CoSMeDis.html</guid>
<description></description>
</item>
<item>
<title>Fresh identifiers</title>
<link>/entries/Fresh_Identifiers.html</link>
<pubDate>Mon, 16 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Fresh_Identifiers.html</guid>
<description></description>
</item>
<item>
<title>Combinatorial Design Theory</title>
<link>/entries/Design_Theory.html</link>
<pubDate>Fri, 13 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Design_Theory.html</guid>
<description></description>
</item>
<item>
<title>Relational Forests</title>
<link>/entries/Relational_Forests.html</link>
<pubDate>Tue, 03 Aug 2021 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Forests.html</guid>
<description></description>
</item>
<item>
<title>Schutz&#39; Independent Axioms for Minkowski Spacetime</title>
<link>/entries/Schutz_Spacetime.html</link>
<pubDate>Tue, 27 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/Schutz_Spacetime.html</guid>
<description></description>
</item>
<item>
<title>Finitely Generated Abelian Groups</title>
<link>/entries/Finitely_Generated_Abelian_Groups.html</link>
<pubDate>Wed, 07 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/Finitely_Generated_Abelian_Groups.html</guid>
<description></description>
</item>
<item>
<title>SpecCheck - Specification-Based Testing for Isabelle/ML</title>
<link>/entries/SpecCheck.html</link>
<pubDate>Thu, 01 Jul 2021 00:00:00 +0000</pubDate>
<guid>/entries/SpecCheck.html</guid>
<description></description>
</item>
<item>
<title>Van der Waerden&#39;s Theorem</title>
<link>/entries/Van_der_Waerden.html</link>
<pubDate>Tue, 22 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/Van_der_Waerden.html</guid>
<description></description>
</item>
<item>
<title>MiniSail - A kernel language for the ISA specification language SAIL</title>
<link>/entries/MiniSail.html</link>
<pubDate>Fri, 18 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/MiniSail.html</guid>
<description></description>
</item>
<item>
<title>Public Announcement Logic</title>
<link>/entries/Public_Announcement_Logic.html</link>
<pubDate>Thu, 17 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/Public_Announcement_Logic.html</guid>
<description></description>
</item>
<item>
<title>A Shorter Compiler Correctness Proof for Language IMP</title>
<link>/entries/IMP_Compiler.html</link>
<pubDate>Fri, 04 Jun 2021 00:00:00 +0000</pubDate>
<guid>/entries/IMP_Compiler.html</guid>
<description></description>
</item>
<item>
<title>Combinatorics on Words Basics</title>
<link>/entries/Combinatorics_Words.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words.html</guid>
<description></description>
</item>
<item>
<title>Graph Lemma</title>
<link>/entries/Combinatorics_Words_Graph_Lemma.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words_Graph_Lemma.html</guid>
<description></description>
</item>
<item>
<title>Lyndon words</title>
<link>/entries/Combinatorics_Words_Lyndon.html</link>
<pubDate>Mon, 24 May 2021 00:00:00 +0000</pubDate>
<guid>/entries/Combinatorics_Words_Lyndon.html</guid>
<description></description>
</item>
<item>
<title>Regression Test Selection</title>
<link>/entries/Regression_Test_Selection.html</link>
<pubDate>Fri, 30 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Regression_Test_Selection.html</guid>
<description></description>
</item>
<item>
<title>Isabelle&#39;s Metalogic: Formalization and Proof Checker</title>
<link>/entries/Metalogic_ProofChecker.html</link>
<pubDate>Tue, 27 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Metalogic_ProofChecker.html</guid>
<description></description>
</item>
<item>
<title>Lifting the Exponent</title>
<link>/entries/Lifting_the_Exponent.html</link>
<pubDate>Tue, 27 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Lifting_the_Exponent.html</guid>
<description></description>
</item>
<item>
<title>The BKR Decision Procedure for Univariate Real Arithmetic</title>
<link>/entries/BenOr_Kozen_Reif.html</link>
<pubDate>Sat, 24 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/BenOr_Kozen_Reif.html</guid>
<description></description>
</item>
<item>
<title>Gale-Stewart Games</title>
<link>/entries/GaleStewart_Games.html</link>
<pubDate>Fri, 23 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/GaleStewart_Games.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Timely Dataflow&#39;s Progress Tracking Protocol</title>
<link>/entries/Progress_Tracking.html</link>
<pubDate>Tue, 13 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/Progress_Tracking.html</guid>
<description></description>
</item>
<item>
<title>Information Flow Control via Dependency Tracking</title>
<link>/entries/IFC_Tracking.html</link>
<pubDate>Thu, 01 Apr 2021 00:00:00 +0000</pubDate>
<guid>/entries/IFC_Tracking.html</guid>
<description></description>
</item>
<item>
<title>Grothendieck&#39;s Schemes in Algebraic Geometry</title>
<link>/entries/Grothendieck_Schemes.html</link>
<pubDate>Mon, 29 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Grothendieck_Schemes.html</guid>
<description></description>
</item>
<item>
<title>Hensel&#39;s Lemma for the p-adic Integers</title>
<link>/entries/Padic_Ints.html</link>
<pubDate>Tue, 23 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Padic_Ints.html</guid>
<description></description>
</item>
<item>
<title>Constructive Cryptography in HOL: the Communication Modeling Aspect</title>
<link>/entries/Constructive_Cryptography_CM.html</link>
<pubDate>Wed, 17 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Constructive_Cryptography_CM.html</guid>
<description></description>
</item>
<item>
<title>Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation</title>
<link>/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html</link>
<pubDate>Fri, 12 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html</guid>
<description></description>
</item>
<item>
<title>Quantum projective measurements and the CHSH inequality</title>
<link>/entries/Projective_Measurements.html</link>
<pubDate>Wed, 03 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Projective_Measurements.html</guid>
<description></description>
</item>
<item>
<title>The Hermite–Lindemann–Weierstraß Transcendence Theorem</title>
<link>/entries/Hermite_Lindemann.html</link>
<pubDate>Wed, 03 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hermite_Lindemann.html</guid>
<description></description>
</item>
<item>
<title>Mereology</title>
<link>/entries/Mereology.html</link>
<pubDate>Mon, 01 Mar 2021 00:00:00 +0000</pubDate>
<guid>/entries/Mereology.html</guid>
<description></description>
</item>
<item>
<title>The Sunflower Lemma of Erdős and Rado</title>
<link>/entries/Sunflowers.html</link>
<pubDate>Thu, 25 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Sunflowers.html</guid>
<description></description>
</item>
<item>
<title>A Verified Imperative Implementation of B-Trees</title>
<link>/entries/BTree.html</link>
<pubDate>Wed, 24 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/BTree.html</guid>
<description></description>
</item>
<item>
<title>Formal Puiseux Series</title>
<link>/entries/Formal_Puiseux_Series.html</link>
<pubDate>Wed, 17 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Formal_Puiseux_Series.html</guid>
<description></description>
</item>
<item>
<title>The Laws of Large Numbers</title>
<link>/entries/Laws_of_Large_Numbers.html</link>
<pubDate>Wed, 10 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/Laws_of_Large_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Tarski&#39;s Parallel Postulate implies the 5th Postulate of Euclid, the Postulate of Playfair and the original Parallel Postulate of Euclid</title>
<link>/entries/IsaGeoCoq.html</link>
<pubDate>Sun, 31 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/IsaGeoCoq.html</guid>
<description></description>
</item>
<item>
<title>Solution to the xkcd Blue Eyes puzzle</title>
<link>/entries/Blue_Eyes.html</link>
<pubDate>Sat, 30 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/Blue_Eyes.html</guid>
<description></description>
</item>
<item>
<title>Hood-Melville Queue</title>
<link>/entries/Hood_Melville_Queue.html</link>
<pubDate>Mon, 18 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/Hood_Melville_Queue.html</guid>
<description></description>
</item>
<item>
<title>JinjaDCI: a Java semantics with dynamic class initialization</title>
<link>/entries/JinjaDCI.html</link>
<pubDate>Mon, 11 Jan 2021 00:00:00 +0000</pubDate>
<guid>/entries/JinjaDCI.html</guid>
<description></description>
</item>
<item>
<title>Cofinality and the Delta System Lemma</title>
<link>/entries/Delta_System_Lemma.html</link>
<pubDate>Sun, 27 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Delta_System_Lemma.html</guid>
<description></description>
</item>
<item>
<title>Topological semantics for paraconsistent and paracomplete logics</title>
<link>/entries/Topological_Semantics.html</link>
<pubDate>Thu, 17 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Topological_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Relational Minimum Spanning Tree Algorithms</title>
<link>/entries/Relational_Minimum_Spanning_Trees.html</link>
<pubDate>Tue, 08 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Minimum_Spanning_Trees.html</guid>
<description></description>
</item>
<item>
<title>Inline Caching and Unboxing Optimization for Interpreters</title>
<link>/entries/Interpreter_Optimizations.html</link>
<pubDate>Mon, 07 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Interpreter_Optimizations.html</guid>
<description></description>
</item>
<item>
<title>The Relational Method with Message Anonymity for the Verification of Cryptographic Protocols</title>
<link>/entries/Relational_Method.html</link>
<pubDate>Sat, 05 Dec 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Method.html</guid>
<description></description>
</item>
<item>
<title>Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information</title>
<link>/entries/Isabelle_Marries_Dirac.html</link>
<pubDate>Sun, 22 Nov 2020 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_Marries_Dirac.html</guid>
<description></description>
</item>
<item>
<title>The HOL-CSP Refinement Toolkit</title>
<link>/entries/CSP_RefTK.html</link>
<pubDate>Thu, 19 Nov 2020 00:00:00 +0000</pubDate>
<guid>/entries/CSP_RefTK.html</guid>
<description></description>
</item>
<item>
<title>AI Planning Languages Semantics</title>
<link>/entries/AI_Planning_Languages_Semantics.html</link>
<pubDate>Thu, 29 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/AI_Planning_Languages_Semantics.html</guid>
<description></description>
</item>
<item>
<title>Verified SAT-Based AI Planning</title>
<link>/entries/Verified_SAT_Based_AI_Planning.html</link>
<pubDate>Thu, 29 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Verified_SAT_Based_AI_Planning.html</guid>
<description></description>
</item>
<item>
<title>A Sound Type System for Physical Quantities, Units, and Measurements</title>
<link>/entries/Physical_Quantities.html</link>
<pubDate>Tue, 20 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Physical_Quantities.html</guid>
<description></description>
</item>
<item>
<title>Finite Map Extras</title>
<link>/entries/Finite-Map-Extras.html</link>
<pubDate>Mon, 12 Oct 2020 00:00:00 +0000</pubDate>
<guid>/entries/Finite-Map-Extras.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of the Document Object Model with Shadow Roots</title>
<link>/entries/Shadow_DOM.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Shadow_DOM.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of the Safely Composable Document Object Model with Shadow Roots</title>
<link>/entries/Shadow_SC_DOM.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Shadow_SC_DOM.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Safely Composable Web Components</title>
<link>/entries/SC_DOM_Components.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/SC_DOM_Components.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Web Components</title>
<link>/entries/DOM_Components.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/DOM_Components.html</guid>
<description></description>
</item>
<item>
<title>The Safely Composable DOM</title>
<link>/entries/Core_SC_DOM.html</link>
<pubDate>Mon, 28 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Core_SC_DOM.html</guid>
<description></description>
</item>
<item>
<title>An Abstract Formalization of G&amp;ouml;del&#39;s Incompleteness Theorems</title>
<link>/entries/Goedel_Incompleteness.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_Incompleteness.html</guid>
<description></description>
</item>
<item>
<title>From Abstract to Concrete G&amp;ouml;del&#39;s Incompleteness Theorems&amp;mdash;Part I</title>
<link>/entries/Goedel_HFSet_Semantic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_HFSet_Semantic.html</guid>
<description></description>
</item>
<item>
<title>From Abstract to Concrete G&amp;ouml;del&#39;s Incompleteness Theorems&amp;mdash;Part II</title>
<link>/entries/Goedel_HFSet_Semanticless.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goedel_HFSet_Semanticless.html</guid>
<description></description>
</item>
<item>
<title>Robinson Arithmetic</title>
<link>/entries/Robinson_Arithmetic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Robinson_Arithmetic.html</guid>
<description></description>
</item>
<item>
<title>Syntax-Independent Logic Infrastructure</title>
<link>/entries/Syntax_Independent_Logic.html</link>
<pubDate>Wed, 16 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Syntax_Independent_Logic.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of Extended Finite State Machines</title>
<link>/entries/Extended_Finite_State_Machines.html</link>
<pubDate>Mon, 07 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Extended_Finite_State_Machines.html</guid>
<description></description>
</item>
<item>
<title>Inference of Extended Finite State Machines</title>
<link>/entries/Extended_Finite_State_Machine_Inference.html</link>
<pubDate>Mon, 07 Sep 2020 00:00:00 +0000</pubDate>
<guid>/entries/Extended_Finite_State_Machine_Inference.html</guid>
<description></description>
</item>
<item>
<title>Practical Algebraic Calculus Checker</title>
<link>/entries/PAC_Checker.html</link>
<pubDate>Mon, 31 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/PAC_Checker.html</guid>
<description></description>
</item>
<item>
<title>Some classical results in inductive inference of recursive functions</title>
<link>/entries/Inductive_Inference.html</link>
<pubDate>Mon, 31 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Inductive_Inference.html</guid>
<description></description>
</item>
<item>
<title>Relational Disjoint-Set Forests</title>
<link>/entries/Relational_Disjoint_Set_Forests.html</link>
<pubDate>Wed, 26 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Disjoint_Set_Forests.html</guid>
<description></description>
</item>
<item>
<title>Extensions to the Comprehensive Framework for Saturation Theorem Proving</title>
<link>/entries/Saturation_Framework_Extensions.html</link>
<pubDate>Tue, 25 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Saturation_Framework_Extensions.html</guid>
<description></description>
</item>
<item>
<title>Putting the `K&#39; into Bird&#39;s derivation of Knuth-Morris-Pratt string matching</title>
<link>/entries/BirdKMP.html</link>
<pubDate>Tue, 25 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/BirdKMP.html</guid>
<description></description>
</item>
<item>
<title>Amicable Numbers</title>
<link>/entries/Amicable_Numbers.html</link>
<pubDate>Tue, 04 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Amicable_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Ordinal Partitions</title>
<link>/entries/Ordinal_Partitions.html</link>
<pubDate>Mon, 03 Aug 2020 00:00:00 +0000</pubDate>
<guid>/entries/Ordinal_Partitions.html</guid>
<description></description>
</item>
<item>
<title>A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm</title>
<link>/entries/Chandy_Lamport.html</link>
<pubDate>Tue, 21 Jul 2020 00:00:00 +0000</pubDate>
<guid>/entries/Chandy_Lamport.html</guid>
<description></description>
</item>
<item>
<title>Relational Characterisations of Paths</title>
<link>/entries/Relational_Paths.html</link>
<pubDate>Mon, 13 Jul 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational_Paths.html</guid>
<description></description>
</item>
<item>
<title>A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles</title>
<link>/entries/Safe_Distance.html</link>
<pubDate>Mon, 01 Jun 2020 00:00:00 +0000</pubDate>
<guid>/entries/Safe_Distance.html</guid>
<description></description>
</item>
<item>
<title>A verified algorithm for computing the Smith normal form of a matrix</title>
<link>/entries/Smith_Normal_Form.html</link>
<pubDate>Sat, 23 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Smith_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>The Nash-Williams Partition Theorem</title>
<link>/entries/Nash_Williams.html</link>
<pubDate>Sat, 16 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Nash_Williams.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Knuth–Bendix Orders</title>
<link>/entries/Knuth_Bendix_Order.html</link>
<pubDate>Wed, 13 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Knuth_Bendix_Order.html</guid>
<description></description>
</item>
<item>
<title>Irrationality Criteria for Series by Erdős and Straus</title>
<link>/entries/Irrational_Series_Erdos_Straus.html</link>
<pubDate>Tue, 12 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Irrational_Series_Erdos_Straus.html</guid>
<description></description>
</item>
<item>
<title>Recursion Theorem in ZF</title>
<link>/entries/Recursion-Addition.html</link>
<pubDate>Mon, 11 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Recursion-Addition.html</guid>
<description></description>
</item>
<item>
<title>An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation</title>
<link>/entries/LTL_Normal_Form.html</link>
<pubDate>Fri, 08 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/LTL_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Forcing in Isabelle/ZF</title>
<link>/entries/Forcing.html</link>
<pubDate>Wed, 06 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Forcing.html</guid>
<description></description>
</item>
<item>
<title>Banach-Steinhaus Theorem</title>
<link>/entries/Banach_Steinhaus.html</link>
<pubDate>Sat, 02 May 2020 00:00:00 +0000</pubDate>
<guid>/entries/Banach_Steinhaus.html</guid>
<description></description>
</item>
<item>
<title>Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems</title>
<link>/entries/Attack_Trees.html</link>
<pubDate>Mon, 27 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Attack_Trees.html</guid>
<description></description>
</item>
<item>
<title>Gaussian Integers</title>
<link>/entries/Gaussian_Integers.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Gaussian_Integers.html</guid>
<description></description>
</item>
<item>
<title>Power Sum Polynomials</title>
<link>/entries/Power_Sum_Polynomials.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Power_Sum_Polynomials.html</guid>
<description></description>
</item>
<item>
<title>The Lambert W Function on the Reals</title>
<link>/entries/Lambert_W.html</link>
<pubDate>Fri, 24 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Lambert_W.html</guid>
<description></description>
</item>
<item>
<title>Matrices for ODEs</title>
<link>/entries/Matrices_for_ODEs.html</link>
<pubDate>Sun, 19 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Matrices_for_ODEs.html</guid>
<description></description>
</item>
<item>
<title>Authenticated Data Structures As Functors</title>
<link>/entries/ADS_Functor.html</link>
<pubDate>Thu, 16 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/ADS_Functor.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows</title>
<link>/entries/Sliding_Window_Algorithm.html</link>
<pubDate>Fri, 10 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Sliding_Window_Algorithm.html</guid>
<description></description>
</item>
<item>
<title>A Comprehensive Framework for Saturation Theorem Proving</title>
<link>/entries/Saturation_Framework.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Saturation_Framework.html</guid>
<description></description>
</item>
<item>
<title>Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations</title>
<link>/entries/MFODL_Monitor_Optimized.html</link>
<pubDate>Thu, 09 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/MFODL_Monitor_Optimized.html</guid>
<description></description>
</item>
<item>
<title>Automated Stateful Protocol Verification</title>
<link>/entries/Automated_Stateful_Protocol_Verification.html</link>
<pubDate>Wed, 08 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Automated_Stateful_Protocol_Verification.html</guid>
<description></description>
</item>
<item>
<title>Stateful Protocol Composition and Typing</title>
<link>/entries/Stateful_Protocol_Composition_and_Typing.html</link>
<pubDate>Wed, 08 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Stateful_Protocol_Composition_and_Typing.html</guid>
<description></description>
</item>
<item>
<title>Lucas&#39;s Theorem</title>
<link>/entries/Lucas_Theorem.html</link>
<pubDate>Tue, 07 Apr 2020 00:00:00 +0000</pubDate>
<guid>/entries/Lucas_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Strong Eventual Consistency of the Collaborative Editing Framework WOOT</title>
<link>/entries/WOOT_Strong_Eventual_Consistency.html</link>
<pubDate>Wed, 25 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/WOOT_Strong_Eventual_Consistency.html</guid>
<description></description>
</item>
<item>
<title>Furstenberg&#39;s topology and his proof of the infinitude of primes</title>
<link>/entries/Furstenberg_Topology.html</link>
<pubDate>Sun, 22 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Furstenberg_Topology.html</guid>
<description></description>
</item>
<item>
<title>An Under-Approximate Relational Logic</title>
<link>/entries/Relational-Incorrectness-Logic.html</link>
<pubDate>Thu, 12 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Relational-Incorrectness-Logic.html</guid>
<description></description>
</item>
<item>
<title>Hello World</title>
<link>/entries/Hello_World.html</link>
<pubDate>Sat, 07 Mar 2020 00:00:00 +0000</pubDate>
<guid>/entries/Hello_World.html</guid>
<description></description>
</item>
<item>
<title>Implementing the Goodstein Function in &amp;lambda;-Calculus</title>
<link>/entries/Goodstein_Lambda.html</link>
<pubDate>Fri, 21 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/Goodstein_Lambda.html</guid>
<description></description>
</item>
<item>
<title>A Generic Framework for Verified Compilers</title>
<link>/entries/VeriComp.html</link>
<pubDate>Mon, 10 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/VeriComp.html</guid>
<description></description>
</item>
<item>
<title>Arithmetic progressions and relative primes</title>
<link>/entries/Arith_Prog_Rel_Primes.html</link>
<pubDate>Sat, 01 Feb 2020 00:00:00 +0000</pubDate>
<guid>/entries/Arith_Prog_Rel_Primes.html</guid>
<description></description>
</item>
<item>
<title>A Hierarchy of Algebras for Boolean Subsets</title>
<link>/entries/Subset_Boolean_Algebras.html</link>
<pubDate>Fri, 31 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Subset_Boolean_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Mersenne primes and the Lucas–Lehmer test</title>
<link>/entries/Mersenne_Primes.html</link>
<pubDate>Fri, 17 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Mersenne_Primes.html</guid>
<description></description>
</item>
<item>
<title>Verified Approximation Algorithms</title>
<link>/entries/Approximation_Algorithms.html</link>
<pubDate>Thu, 16 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Approximation_Algorithms.html</guid>
<description></description>
</item>
<item>
<title>Closest Pair of Points Algorithms</title>
<link>/entries/Closest_Pair_Points.html</link>
<pubDate>Mon, 13 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Closest_Pair_Points.html</guid>
<description></description>
</item>
<item>
<title>Skip Lists</title>
<link>/entries/Skip_Lists.html</link>
<pubDate>Thu, 09 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Skip_Lists.html</guid>
<description></description>
</item>
<item>
<title>Bicategories</title>
<link>/entries/Bicategory.html</link>
<pubDate>Mon, 06 Jan 2020 00:00:00 +0000</pubDate>
<guid>/entries/Bicategory.html</guid>
<description></description>
</item>
<item>
<title>The Irrationality of ζ(3)</title>
<link>/entries/Zeta_3_Irrational.html</link>
<pubDate>Fri, 27 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Zeta_3_Irrational.html</guid>
<description></description>
</item>
<item>
<title>Formalizing a Seligman-Style Tableau System for Hybrid Logic</title>
<link>/entries/Hybrid_Logic.html</link>
<pubDate>Fri, 20 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Logic.html</guid>
<description></description>
</item>
<item>
<title>The Poincaré-Bendixson Theorem</title>
<link>/entries/Poincare_Bendixson.html</link>
<pubDate>Wed, 18 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Poincare_Bendixson.html</guid>
<description></description>
</item>
<item>
<title>Complex Geometry</title>
<link>/entries/Complex_Geometry.html</link>
<pubDate>Mon, 16 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Complex_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Poincaré Disc Model</title>
<link>/entries/Poincare_Disc.html</link>
<pubDate>Mon, 16 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Poincare_Disc.html</guid>
<description></description>
</item>
<item>
<title>Gauss Sums and the Pólya–Vinogradov Inequality</title>
<link>/entries/Gauss_Sums.html</link>
<pubDate>Tue, 10 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Gauss_Sums.html</guid>
<description></description>
</item>
<item>
<title>An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges</title>
<link>/entries/Generalized_Counting_Sort.html</link>
<pubDate>Wed, 04 Dec 2019 00:00:00 +0000</pubDate>
<guid>/entries/Generalized_Counting_Sort.html</guid>
<description></description>
</item>
<item>
<title>Interval Arithmetic on 32-bit Words</title>
<link>/entries/Interval_Arithmetic_Word32.html</link>
<pubDate>Wed, 27 Nov 2019 00:00:00 +0000</pubDate>
<guid>/entries/Interval_Arithmetic_Word32.html</guid>
<description></description>
</item>
<item>
<title>Zermelo Fraenkel Set Theory in Higher-Order Logic</title>
<link>/entries/ZFC_in_HOL.html</link>
<pubDate>Thu, 24 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/ZFC_in_HOL.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/C</title>
<link>/entries/Isabelle_C.html</link>
<pubDate>Tue, 22 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_C.html</guid>
<description></description>
</item>
<item>
<title>VerifyThis 2019 -- Polished Isabelle Solutions</title>
<link>/entries/VerifyThis2019.html</link>
<pubDate>Wed, 16 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/VerifyThis2019.html</guid>
<description></description>
</item>
<item>
<title>Aristotle&#39;s Assertoric Syllogistic</title>
<link>/entries/Aristotles_Assertoric_Syllogistic.html</link>
<pubDate>Tue, 08 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Aristotles_Assertoric_Syllogistic.html</guid>
<description></description>
</item>
<item>
<title>Sigma Protocols and Commitment Schemes</title>
<link>/entries/Sigma_Commit_Crypto.html</link>
<pubDate>Mon, 07 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Sigma_Commit_Crypto.html</guid>
<description></description>
</item>
<item>
<title>Clean - An Abstract Imperative Programming Language and its Theory</title>
<link>/entries/Clean.html</link>
<pubDate>Fri, 04 Oct 2019 00:00:00 +0000</pubDate>
<guid>/entries/Clean.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Multiway-Join Algorithms</title>
<link>/entries/Generic_Join.html</link>
<pubDate>Mon, 16 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Generic_Join.html</guid>
<description></description>
</item>
<item>
<title>Verification Components for Hybrid Systems</title>
<link>/entries/Hybrid_Systems_VCs.html</link>
<pubDate>Tue, 10 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Systems_VCs.html</guid>
<description></description>
</item>
<item>
<title>Fourier Series</title>
<link>/entries/Fourier.html</link>
<pubDate>Fri, 06 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Fourier.html</guid>
<description></description>
</item>
<item>
<title>A Case Study in Basic Algebra</title>
<link>/entries/Jacobson_Basic_Algebra.html</link>
<pubDate>Fri, 30 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Jacobson_Basic_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Formalisation of an Adaptive State Counting Algorithm</title>
<link>/entries/Adaptive_State_Counting.html</link>
<pubDate>Fri, 16 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Adaptive_State_Counting.html</guid>
<description></description>
</item>
<item>
<title>Laplace Transform</title>
<link>/entries/Laplace_Transform.html</link>
<pubDate>Wed, 14 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Laplace_Transform.html</guid>
<description></description>
</item>
<item>
<title>Communicating Concurrent Kleene Algebra for Distributed Systems Specification</title>
<link>/entries/C2KA_DistributedSystems.html</link>
<pubDate>Tue, 06 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/C2KA_DistributedSystems.html</guid>
<description></description>
</item>
<item>
<title>Linear Programming</title>
<link>/entries/Linear_Programming.html</link>
<pubDate>Tue, 06 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Programming.html</guid>
<description></description>
</item>
<item>
<title>Selected Problems from the International Mathematical Olympiad 2019</title>
<link>/entries/IMO2019.html</link>
<pubDate>Mon, 05 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMO2019.html</guid>
<description></description>
</item>
<item>
<title>Stellar Quorum Systems</title>
<link>/entries/Stellar_Quorums.html</link>
<pubDate>Thu, 01 Aug 2019 00:00:00 +0000</pubDate>
<guid>/entries/Stellar_Quorums.html</guid>
<description></description>
</item>
<item>
<title>A Formal Development of a Polychronous Polytimed Coordination Language</title>
<link>/entries/TESL_Language.html</link>
<pubDate>Tue, 30 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/TESL_Language.html</guid>
<description></description>
</item>
<item>
<title>Order Extension and Szpilrajn&#39;s Extension Theorem</title>
<link>/entries/Szpilrajn.html</link>
<pubDate>Sat, 27 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/Szpilrajn.html</guid>
<description></description>
</item>
<item>
<title>A Sequent Calculus for First-Order Logic</title>
<link>/entries/FOL_Seq_Calc1.html</link>
<pubDate>Thu, 18 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Seq_Calc1.html</guid>
<description></description>
</item>
<item>
<title>A Verified Code Generator from Isabelle/HOL to CakeML</title>
<link>/entries/CakeML_Codegen.html</link>
<pubDate>Mon, 08 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/CakeML_Codegen.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic</title>
<link>/entries/MFOTL_Monitor.html</link>
<pubDate>Thu, 04 Jul 2019 00:00:00 +0000</pubDate>
<guid>/entries/MFOTL_Monitor.html</guid>
<description></description>
</item>
<item>
<title>Complete Non-Orders and Fixed Points</title>
<link>/entries/Complete_Non_Orders.html</link>
<pubDate>Thu, 27 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Complete_Non_Orders.html</guid>
<description></description>
</item>
<item>
<title>Priority Search Trees</title>
<link>/entries/Priority_Search_Trees.html</link>
<pubDate>Tue, 25 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Priority_Search_Trees.html</guid>
<description></description>
</item>
<item>
<title>Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra</title>
<link>/entries/Prim_Dijkstra_Simple.html</link>
<pubDate>Tue, 25 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Prim_Dijkstra_Simple.html</guid>
<description></description>
</item>
<item>
<title>Linear Inequalities</title>
<link>/entries/Linear_Inequalities.html</link>
<pubDate>Fri, 21 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Inequalities.html</guid>
<description></description>
</item>
<item>
<title>Hilbert&#39;s Nullstellensatz</title>
<link>/entries/Nullstellensatz.html</link>
<pubDate>Sun, 16 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Nullstellensatz.html</guid>
<description></description>
</item>
<item>
<title>Gröbner Bases, Macaulay Matrices and Dubé&#39;s Degree Bounds</title>
<link>/entries/Groebner_Macaulay.html</link>
<pubDate>Sat, 15 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Groebner_Macaulay.html</guid>
<description></description>
</item>
<item>
<title>Binary Heaps for IMP2</title>
<link>/entries/IMP2_Binary_Heap.html</link>
<pubDate>Thu, 13 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMP2_Binary_Heap.html</guid>
<description></description>
</item>
<item>
<title>Differential Game Logic</title>
<link>/entries/Differential_Game_Logic.html</link>
<pubDate>Mon, 03 Jun 2019 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Game_Logic.html</guid>
<description></description>
</item>
<item>
<title>Multidimensional Binary Search Trees</title>
<link>/entries/KD_Tree.html</link>
<pubDate>Thu, 30 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/KD_Tree.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Generic Authenticated Data Structures</title>
<link>/entries/LambdaAuth.html</link>
<pubDate>Tue, 14 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/LambdaAuth.html</guid>
<description></description>
</item>
<item>
<title>Multi-Party Computation</title>
<link>/entries/Multi_Party_Computation.html</link>
<pubDate>Thu, 09 May 2019 00:00:00 +0000</pubDate>
<guid>/entries/Multi_Party_Computation.html</guid>
<description></description>
</item>
<item>
<title>HOL-CSP Version 2.0</title>
<link>/entries/HOL-CSP.html</link>
<pubDate>Fri, 26 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/HOL-CSP.html</guid>
<description></description>
</item>
<item>
<title>A Compositional and Unified Translation of LTL into ω-Automata</title>
<link>/entries/LTL_Master_Theorem.html</link>
<pubDate>Tue, 16 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/LTL_Master_Theorem.html</guid>
<description></description>
</item>
<item>
<title>A General Theory of Syntax with Bindings</title>
<link>/entries/Binding_Syntax_Theory.html</link>
<pubDate>Sat, 06 Apr 2019 00:00:00 +0000</pubDate>
<guid>/entries/Binding_Syntax_Theory.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of Certain Infinite Series</title>
<link>/entries/Transcendence_Series_Hancl_Rucki.html</link>
<pubDate>Wed, 27 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/Transcendence_Series_Hancl_Rucki.html</guid>
<description></description>
</item>
<item>
<title>Quantum Hoare Logic</title>
<link>/entries/QHLProver.html</link>
<pubDate>Sun, 24 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/QHLProver.html</guid>
<description></description>
</item>
<item>
<title>Safe OCL</title>
<link>/entries/Safe_OCL.html</link>
<pubDate>Sat, 09 Mar 2019 00:00:00 +0000</pubDate>
<guid>/entries/Safe_OCL.html</guid>
<description></description>
</item>
<item>
<title>Elementary Facts About the Distribution of Primes</title>
<link>/entries/Prime_Distribution_Elementary.html</link>
<pubDate>Thu, 21 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Distribution_Elementary.html</guid>
<description></description>
</item>
<item>
<title>Kruskal&#39;s Algorithm for Minimum Spanning Forest</title>
<link>/entries/Kruskal.html</link>
<pubDate>Thu, 14 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Kruskal.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Primality Testing</title>
<link>/entries/Probabilistic_Prime_Tests.html</link>
<pubDate>Mon, 11 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Prime_Tests.html</guid>
<description></description>
</item>
<item>
<title>Universal Turing Machine</title>
<link>/entries/Universal_Turing_Machine.html</link>
<pubDate>Fri, 08 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/Universal_Turing_Machine.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming</title>
<link>/entries/UTP.html</link>
<pubDate>Fri, 01 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/UTP.html</guid>
<description></description>
</item>
<item>
<title>The Inversions of a List</title>
<link>/entries/List_Inversions.html</link>
<pubDate>Fri, 01 Feb 2019 00:00:00 +0000</pubDate>
<guid>/entries/List_Inversions.html</guid>
<description></description>
</item>
<item>
<title>Farkas&#39; Lemma and Motzkin&#39;s Transposition Theorem</title>
<link>/entries/Farkas.html</link>
<pubDate>Thu, 17 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Farkas.html</guid>
<description></description>
</item>
<item>
<title>An Algebra for Higher-Order Terms</title>
<link>/entries/Higher_Order_Terms.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Higher_Order_Terms.html</guid>
<description></description>
</item>
<item>
<title>IMP2 – Simple Program Verification in Isabelle/HOL</title>
<link>/entries/IMP2.html</link>
<pubDate>Tue, 15 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/IMP2.html</guid>
<description></description>
</item>
<item>
<title>A Reduction Theorem for Store Buffers</title>
<link>/entries/Store_Buffer_Reduction.html</link>
<pubDate>Mon, 07 Jan 2019 00:00:00 +0000</pubDate>
<guid>/entries/Store_Buffer_Reduction.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of the Document Object Model</title>
<link>/entries/Core_DOM.html</link>
<pubDate>Wed, 26 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Core_DOM.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Concurrent Revisions</title>
<link>/entries/Concurrent_Revisions.html</link>
<pubDate>Tue, 25 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Concurrent_Revisions.html</guid>
<description></description>
</item>
<item>
<title>Verifying Imperative Programs using Auto2</title>
<link>/entries/Auto2_Imperative_HOL.html</link>
<pubDate>Fri, 21 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Auto2_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Constructive Cryptography in HOL</title>
<link>/entries/Constructive_Cryptography.html</link>
<pubDate>Mon, 17 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Constructive_Cryptography.html</guid>
<description></description>
</item>
<item>
<title>Properties of Orderings and Lattices</title>
<link>/entries/Order_Lattice_Props.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Order_Lattice_Props.html</guid>
<description></description>
</item>
<item>
<title>Quantales</title>
<link>/entries/Quantales.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Quantales.html</guid>
<description></description>
</item>
<item>
<title>Transformer Semantics</title>
<link>/entries/Transformer_Semantics.html</link>
<pubDate>Tue, 11 Dec 2018 00:00:00 +0000</pubDate>
<guid>/entries/Transformer_Semantics.html</guid>
<description></description>
</item>
<item>
<title>A Verified Functional Implementation of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</title>
<link>/entries/Functional_Ordered_Resolution_Prover.html</link>
<pubDate>Fri, 23 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Functional_Ordered_Resolution_Prover.html</guid>
<description></description>
</item>
<item>
<title>Graph Saturation</title>
<link>/entries/Graph_Saturation.html</link>
<pubDate>Fri, 23 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Graph_Saturation.html</guid>
<description></description>
</item>
<item>
<title>Auto2 Prover</title>
<link>/entries/Auto2_HOL.html</link>
<pubDate>Tue, 20 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Auto2_HOL.html</guid>
<description></description>
</item>
<item>
<title>Matroids</title>
<link>/entries/Matroids.html</link>
<pubDate>Fri, 16 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Matroids.html</guid>
<description></description>
</item>
<item>
<title>Deriving generic class instances for datatypes</title>
<link>/entries/Generic_Deriving.html</link>
<pubDate>Tue, 06 Nov 2018 00:00:00 +0000</pubDate>
<guid>/entries/Generic_Deriving.html</guid>
<description></description>
</item>
<item>
<title>Formalisation and Evaluation of Alan Gewirth&#39;s Proof for the Principle of Generic Consistency in Isabelle/HOL</title>
<link>/entries/GewirthPGCProof.html</link>
<pubDate>Tue, 30 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/GewirthPGCProof.html</guid>
<description></description>
</item>
<item>
<title>Epistemic Logic: Completeness of Modal Logics</title>
<link>/entries/Epistemic_Logic.html</link>
<pubDate>Mon, 29 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Epistemic_Logic.html</guid>
<description></description>
</item>
<item>
<title>Smooth Manifolds</title>
<link>/entries/Smooth_Manifolds.html</link>
<pubDate>Mon, 22 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Smooth_Manifolds.html</guid>
<description></description>
</item>
<item>
<title>Formalization of the Embedding Path Order for Lambda-Free Higher-Order Terms</title>
<link>/entries/Lambda_Free_EPO.html</link>
<pubDate>Fri, 19 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Lambda_Free_EPO.html</guid>
<description></description>
</item>
<item>
<title>Randomised Binary Search Trees</title>
<link>/entries/Randomised_BSTs.html</link>
<pubDate>Fri, 19 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Randomised_BSTs.html</guid>
<description></description>
</item>
<item>
<title>Upper Bounding Diameters of State Spaces of Factored Transition Systems</title>
<link>/entries/Factored_Transition_System_Bounding.html</link>
<pubDate>Fri, 12 Oct 2018 00:00:00 +0000</pubDate>
<guid>/entries/Factored_Transition_System_Bounding.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of π</title>
<link>/entries/Pi_Transcendental.html</link>
<pubDate>Fri, 28 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Pi_Transcendental.html</guid>
<description></description>
</item>
<item>
<title>Symmetric Polynomials</title>
<link>/entries/Symmetric_Polynomials.html</link>
<pubDate>Tue, 25 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Symmetric_Polynomials.html</guid>
<description></description>
</item>
<item>
<title>Signature-Based Gröbner Basis Algorithms</title>
<link>/entries/Signature_Groebner.html</link>
<pubDate>Thu, 20 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Signature_Groebner.html</guid>
<description></description>
</item>
<item>
<title>The Prime Number Theorem</title>
<link>/entries/Prime_Number_Theorem.html</link>
<pubDate>Wed, 19 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Number_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Aggregation Algebras</title>
<link>/entries/Aggregation_Algebras.html</link>
<pubDate>Sat, 15 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Aggregation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Octonions</title>
<link>/entries/Octonions.html</link>
<pubDate>Fri, 14 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Octonions.html</guid>
<description></description>
</item>
<item>
<title>Quaternions</title>
<link>/entries/Quaternions.html</link>
<pubDate>Wed, 05 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Quaternions.html</guid>
<description></description>
</item>
<item>
<title>The Budan-Fourier Theorem and Counting Real Roots with Multiplicity</title>
<link>/entries/Budan_Fourier.html</link>
<pubDate>Sun, 02 Sep 2018 00:00:00 +0000</pubDate>
<guid>/entries/Budan_Fourier.html</guid>
<description></description>
</item>
<item>
<title>An Incremental Simplex Algorithm with Unsatisfiable Core Generation</title>
<link>/entries/Simplex.html</link>
<pubDate>Fri, 24 Aug 2018 00:00:00 +0000</pubDate>
<guid>/entries/Simplex.html</guid>
<description></description>
</item>
<item>
<title>Minsky Machines</title>
<link>/entries/Minsky_Machines.html</link>
<pubDate>Tue, 14 Aug 2018 00:00:00 +0000</pubDate>
<guid>/entries/Minsky_Machines.html</guid>
<description></description>
</item>
<item>
<title>Pricing in discrete financial models</title>
<link>/entries/DiscretePricing.html</link>
<pubDate>Mon, 16 Jul 2018 00:00:00 +0000</pubDate>
<guid>/entries/DiscretePricing.html</guid>
<description></description>
</item>
<item>
<title>Von-Neumann-Morgenstern Utility Theorem</title>
<link>/entries/Neumann_Morgenstern_Utility.html</link>
<pubDate>Wed, 04 Jul 2018 00:00:00 +0000</pubDate>
<guid>/entries/Neumann_Morgenstern_Utility.html</guid>
<description></description>
</item>
<item>
<title>Pell&#39;s Equation</title>
<link>/entries/Pell.html</link>
<pubDate>Sat, 23 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Pell.html</guid>
<description></description>
</item>
<item>
<title>Projective Geometry</title>
<link>/entries/Projective_Geometry.html</link>
<pubDate>Thu, 14 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Projective_Geometry.html</guid>
<description></description>
</item>
<item>
<title>The Localization of a Commutative Ring</title>
<link>/entries/Localization_Ring.html</link>
<pubDate>Thu, 14 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Localization_Ring.html</guid>
<description></description>
</item>
<item>
<title>Partial Order Reduction</title>
<link>/entries/Partial_Order_Reduction.html</link>
<pubDate>Tue, 05 Jun 2018 00:00:00 +0000</pubDate>
<guid>/entries/Partial_Order_Reduction.html</guid>
<description></description>
</item>
<item>
<title>Optimal Binary Search Trees</title>
<link>/entries/Optimal_BST.html</link>
<pubDate>Sun, 27 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Optimal_BST.html</guid>
<description></description>
</item>
<item>
<title>Hidden Markov Models</title>
<link>/entries/Hidden_Markov_Models.html</link>
<pubDate>Fri, 25 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Hidden_Markov_Models.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Timed Automata</title>
<link>/entries/Probabilistic_Timed_Automata.html</link>
<pubDate>Thu, 24 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Timed_Automata.html</guid>
<description></description>
</item>
<item>
<title>Axiom Systems for Category Theory in Free Logic</title>
<link>/entries/AxiomaticCategoryTheory.html</link>
<pubDate>Wed, 23 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/AxiomaticCategoryTheory.html</guid>
<description></description>
</item>
<item>
<title>Irrational Rapidly Convergent Series</title>
<link>/entries/Irrationality_J_Hancl.html</link>
<pubDate>Wed, 23 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Irrationality_J_Hancl.html</guid>
<description></description>
</item>
<item>
<title>Monadification, Memoization and Dynamic Programming</title>
<link>/entries/Monad_Memo_DP.html</link>
<pubDate>Tue, 22 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Monad_Memo_DP.html</guid>
<description></description>
</item>
<item>
<title>OpSets: Sequential Specifications for Replicated Datatypes</title>
<link>/entries/OpSets.html</link>
<pubDate>Thu, 10 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/OpSets.html</guid>
<description></description>
</item>
<item>
<title>An Isabelle/HOL Formalization of the Modular Assembly Kit for Security Properties</title>
<link>/entries/Modular_Assembly_Kit_Security.html</link>
<pubDate>Mon, 07 May 2018 00:00:00 +0000</pubDate>
<guid>/entries/Modular_Assembly_Kit_Security.html</guid>
<description></description>
</item>
<item>
<title>WebAssembly</title>
<link>/entries/WebAssembly.html</link>
<pubDate>Sun, 29 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/WebAssembly.html</guid>
<description></description>
</item>
<item>
<title>VerifyThis 2018 - Polished Isabelle Solutions</title>
<link>/entries/VerifyThis2018.html</link>
<pubDate>Fri, 27 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/VerifyThis2018.html</guid>
<description></description>
</item>
<item>
<title>Bounded Natural Functors with Covariance and Contravariance</title>
<link>/entries/BNF_CC.html</link>
<pubDate>Tue, 24 Apr 2018 00:00:00 +0000</pubDate>
<guid>/entries/BNF_CC.html</guid>
<description></description>
</item>
<item>
<title>The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency</title>
<link>/entries/Fishburn_Impossibility.html</link>
<pubDate>Thu, 22 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Fishburn_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>Weight-Balanced Trees</title>
<link>/entries/Weight_Balanced_Trees.html</link>
<pubDate>Tue, 13 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Weight_Balanced_Trees.html</guid>
<description></description>
</item>
<item>
<title>CakeML</title>
<link>/entries/CakeML.html</link>
<pubDate>Mon, 12 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/CakeML.html</guid>
<description></description>
</item>
<item>
<title>A Theory of Architectural Design Patterns</title>
<link>/entries/Architectural_Design_Patterns.html</link>
<pubDate>Thu, 01 Mar 2018 00:00:00 +0000</pubDate>
<guid>/entries/Architectural_Design_Patterns.html</guid>
<description></description>
</item>
<item>
<title>Hoare Logics for Time Bounds</title>
<link>/entries/Hoare_Time.html</link>
<pubDate>Mon, 26 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Hoare_Time.html</guid>
<description></description>
</item>
<item>
<title>A verified factorization algorithm for integer polynomials with polynomial complexity</title>
<link>/entries/LLL_Factorization.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/LLL_Factorization.html</guid>
<description></description>
</item>
<item>
<title>First-Order Terms</title>
<link>/entries/First_Order_Terms.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/First_Order_Terms.html</guid>
<description></description>
</item>
<item>
<title>The Error Function</title>
<link>/entries/Error_Function.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Error_Function.html</guid>
<description></description>
</item>
<item>
<title>Treaps</title>
<link>/entries/Treaps.html</link>
<pubDate>Tue, 06 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/Treaps.html</guid>
<description></description>
</item>
<item>
<title>A verified LLL algorithm</title>
<link>/entries/LLL_Basis_Reduction.html</link>
<pubDate>Fri, 02 Feb 2018 00:00:00 +0000</pubDate>
<guid>/entries/LLL_Basis_Reduction.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Bachmair and Ganzinger&#39;s Ordered Resolution Prover</title>
<link>/entries/Ordered_Resolution_Prover.html</link>
<pubDate>Thu, 18 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Ordered_Resolution_Prover.html</guid>
<description></description>
</item>
<item>
<title>Gromov Hyperbolicity</title>
<link>/entries/Gromov_Hyperbolicity.html</link>
<pubDate>Tue, 16 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Gromov_Hyperbolicity.html</guid>
<description></description>
</item>
<item>
<title>An Isabelle/HOL formalisation of Green&#39;s Theorem</title>
<link>/entries/Green.html</link>
<pubDate>Thu, 11 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Green.html</guid>
<description></description>
</item>
<item>
<title>Taylor Models</title>
<link>/entries/Taylor_Models.html</link>
<pubDate>Mon, 08 Jan 2018 00:00:00 +0000</pubDate>
<guid>/entries/Taylor_Models.html</guid>
<description></description>
</item>
<item>
<title>The Falling Factorial of a Sum</title>
<link>/entries/Falling_Factorial_Sum.html</link>
<pubDate>Fri, 22 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Falling_Factorial_Sum.html</guid>
<description></description>
</item>
<item>
<title>Dirichlet L-Functions and Dirichlet&#39;s Theorem</title>
<link>/entries/Dirichlet_L.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dirichlet_L.html</guid>
<description></description>
</item>
<item>
<title>The Mason–Stothers Theorem</title>
<link>/entries/Mason_Stothers.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Mason_Stothers.html</guid>
<description></description>
</item>
<item>
<title>The Median-of-Medians Selection Algorithm</title>
<link>/entries/Median_Of_Medians_Selection.html</link>
<pubDate>Thu, 21 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Median_Of_Medians_Selection.html</guid>
<description></description>
</item>
<item>
<title>Operations on Bounded Natural Functors</title>
<link>/entries/BNF_Operations.html</link>
<pubDate>Tue, 19 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/BNF_Operations.html</guid>
<description></description>
</item>
<item>
<title>The string search algorithm by Knuth, Morris and Pratt</title>
<link>/entries/Knuth_Morris_Pratt.html</link>
<pubDate>Mon, 18 Dec 2017 00:00:00 +0000</pubDate>
<guid>/entries/Knuth_Morris_Pratt.html</guid>
<description></description>
</item>
<item>
<title>Stochastic Matrices and the Perron-Frobenius Theorem</title>
<link>/entries/Stochastic_Matrices.html</link>
<pubDate>Wed, 22 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stochastic_Matrices.html</guid>
<description></description>
</item>
<item>
<title>The IMAP CmRDT</title>
<link>/entries/IMAP-CRDT.html</link>
<pubDate>Thu, 09 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/IMAP-CRDT.html</guid>
<description></description>
</item>
<item>
<title>Hybrid Multi-Lane Spatial Logic</title>
<link>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</link>
<pubDate>Mon, 06 Nov 2017 00:00:00 +0000</pubDate>
<guid>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</guid>
<description></description>
</item>
<item>
<title>The Kuratowski Closure-Complement Theorem</title>
<link>/entries/Kuratowski_Closure_Complement.html</link>
<pubDate>Thu, 26 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Kuratowski_Closure_Complement.html</guid>
<description></description>
</item>
<item>
<title>Büchi Complementation</title>
<link>/entries/Buchi_Complementation.html</link>
<pubDate>Thu, 19 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Buchi_Complementation.html</guid>
<description></description>
</item>
<item>
<title>Transition Systems and Automata</title>
<link>/entries/Transition_Systems_and_Automata.html</link>
<pubDate>Thu, 19 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Transition_Systems_and_Automata.html</guid>
<description></description>
</item>
<item>
<title>Count the Number of Complex Roots</title>
<link>/entries/Count_Complex_Roots.html</link>
<pubDate>Tue, 17 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Count_Complex_Roots.html</guid>
<description></description>
</item>
<item>
<title>Evaluate Winding Numbers through Cauchy Indices</title>
<link>/entries/Winding_Number_Eval.html</link>
<pubDate>Tue, 17 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Winding_Number_Eval.html</guid>
<description></description>
</item>
<item>
<title>Homogeneous Linear Diophantine Equations</title>
<link>/entries/Diophantine_Eqns_Lin_Hom.html</link>
<pubDate>Sat, 14 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Diophantine_Eqns_Lin_Hom.html</guid>
<description></description>
</item>
<item>
<title>Dirichlet Series</title>
<link>/entries/Dirichlet_Series.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dirichlet_Series.html</guid>
<description></description>
</item>
<item>
<title>Linear Recurrences</title>
<link>/entries/Linear_Recurrences.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Linear_Recurrences.html</guid>
<description></description>
</item>
<item>
<title>The Hurwitz and Riemann ζ Functions</title>
<link>/entries/Zeta_Function.html</link>
<pubDate>Thu, 12 Oct 2017 00:00:00 +0000</pubDate>
<guid>/entries/Zeta_Function.html</guid>
<description></description>
</item>
<item>
<title>Computer-assisted Reconstruction and Assessment of E. J. Lowe&#39;s Modal Ontological Argument</title>
<link>/entries/Lowe_Ontological_Argument.html</link>
<pubDate>Thu, 21 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/Lowe_Ontological_Argument.html</guid>
<description></description>
</item>
<item>
<title>Representation and Partial Automation of the Principia Logico-Metaphysica in Isabelle/HOL</title>
<link>/entries/PLM.html</link>
<pubDate>Sun, 17 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/PLM.html</guid>
<description></description>
</item>
<item>
<title>Anselm&#39;s God in Isabelle/HOL</title>
<link>/entries/AnselmGod.html</link>
<pubDate>Wed, 06 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/AnselmGod.html</guid>
<description></description>
</item>
<item>
<title>Microeconomics and the First Welfare Theorem</title>
<link>/entries/First_Welfare_Theorem.html</link>
<pubDate>Fri, 01 Sep 2017 00:00:00 +0000</pubDate>
<guid>/entries/First_Welfare_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Orbit-Stabiliser Theorem with Application to Rotational Symmetries</title>
<link>/entries/Orbit_Stabiliser.html</link>
<pubDate>Sun, 20 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/Orbit_Stabiliser.html</guid>
<description></description>
</item>
<item>
<title>Root-Balanced Tree</title>
<link>/entries/Root_Balanced_Tree.html</link>
<pubDate>Sun, 20 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/Root_Balanced_Tree.html</guid>
<description></description>
</item>
<item>
<title>The LambdaMu-calculus</title>
<link>/entries/LambdaMu.html</link>
<pubDate>Wed, 16 Aug 2017 00:00:00 +0000</pubDate>
<guid>/entries/LambdaMu.html</guid>
<description></description>
</item>
<item>
<title>Stewart&#39;s Theorem and Apollonius&#39; Theorem</title>
<link>/entries/Stewart_Apollonius.html</link>
<pubDate>Mon, 31 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stewart_Apollonius.html</guid>
<description></description>
</item>
<item>
<title>Dynamic Architectures</title>
<link>/entries/DynamicArchitectures.html</link>
<pubDate>Fri, 28 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/DynamicArchitectures.html</guid>
<description></description>
</item>
<item>
<title>Declarative Semantics for Functional Languages</title>
<link>/entries/Decl_Sem_Fun_PL.html</link>
<pubDate>Fri, 21 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Decl_Sem_Fun_PL.html</guid>
<description></description>
</item>
<item>
<title>HOLCF-Prelude</title>
<link>/entries/HOLCF-Prelude.html</link>
<pubDate>Sat, 15 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/HOLCF-Prelude.html</guid>
<description></description>
</item>
<item>
<title>Minkowski&#39;s Theorem</title>
<link>/entries/Minkowskis_Theorem.html</link>
<pubDate>Thu, 13 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Minkowskis_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus</title>
<link>/entries/Name_Carrying_Type_Inference.html</link>
<pubDate>Sun, 09 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Name_Carrying_Type_Inference.html</guid>
<description></description>
</item>
<item>
<title>A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes</title>
<link>/entries/CRDT.html</link>
<pubDate>Fri, 07 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/CRDT.html</guid>
<description></description>
</item>
<item>
<title>Stone-Kleene Relation Algebras</title>
<link>/entries/Stone_Kleene_Relation_Algebras.html</link>
<pubDate>Thu, 06 Jul 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Kleene_Relation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Propositional Proof Systems</title>
<link>/entries/Propositional_Proof_Systems.html</link>
<pubDate>Wed, 21 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Propositional_Proof_Systems.html</guid>
<description></description>
</item>
<item>
<title>Partial Semigroups and Convolution Algebras</title>
<link>/entries/PSemigroupsConvolution.html</link>
<pubDate>Tue, 13 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/PSemigroupsConvolution.html</guid>
<description></description>
</item>
<item>
<title>Buffon&#39;s Needle Problem</title>
<link>/entries/Buffons_Needle.html</link>
<pubDate>Tue, 06 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Buffons_Needle.html</guid>
<description></description>
</item>
<item>
<title>Flow Networks and the Min-Cut-Max-Flow Theorem</title>
<link>/entries/Flow_Networks.html</link>
<pubDate>Thu, 01 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Flow_Networks.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Push-Relabel Algorithms</title>
<link>/entries/Prpu_Maxflow.html</link>
<pubDate>Thu, 01 Jun 2017 00:00:00 +0000</pubDate>
<guid>/entries/Prpu_Maxflow.html</guid>
<description></description>
</item>
<item>
<title>Optics</title>
<link>/entries/Optics.html</link>
<pubDate>Thu, 25 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Optics.html</guid>
<description></description>
</item>
<item>
<title>Developing Security Protocols by Refinement</title>
<link>/entries/Security_Protocol_Refinement.html</link>
<pubDate>Wed, 24 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Security_Protocol_Refinement.html</guid>
<description></description>
</item>
<item>
<title>Dictionary Construction</title>
<link>/entries/Dict_Construction.html</link>
<pubDate>Wed, 24 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Dict_Construction.html</guid>
<description></description>
</item>
<item>
<title>The Floyd-Warshall Algorithm for Shortest Paths</title>
<link>/entries/Floyd_Warshall.html</link>
<pubDate>Mon, 08 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Floyd_Warshall.html</guid>
<description></description>
</item>
<item>
<title>CryptHOL</title>
<link>/entries/CryptHOL.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/CryptHOL.html</guid>
<description></description>
</item>
<item>
<title>Effect polymorphism in higher-order logic</title>
<link>/entries/Monomorphic_Monad.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Monomorphic_Monad.html</guid>
<description></description>
</item>
<item>
<title>Game-based cryptography in HOL</title>
<link>/entries/Game_Based_Crypto.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Game_Based_Crypto.html</guid>
<description></description>
</item>
<item>
<title>Monad normalisation</title>
<link>/entries/Monad_Normalisation.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Monad_Normalisation.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic while loop</title>
<link>/entries/Probabilistic_While.html</link>
<pubDate>Fri, 05 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_While.html</guid>
<description></description>
</item>
<item>
<title>Monoidal Categories</title>
<link>/entries/MonoidalCategory.html</link>
<pubDate>Thu, 04 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/MonoidalCategory.html</guid>
<description></description>
</item>
<item>
<title>Types, Tableaus and Gödel’s God in Isabelle/HOL</title>
<link>/entries/Types_Tableaus_and_Goedels_God.html</link>
<pubDate>Mon, 01 May 2017 00:00:00 +0000</pubDate>
<guid>/entries/Types_Tableaus_and_Goedels_God.html</guid>
<description></description>
</item>
<item>
<title>Local Lexing</title>
<link>/entries/LocalLexing.html</link>
<pubDate>Fri, 28 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/LocalLexing.html</guid>
<description></description>
</item>
<item>
<title>Constructor Functions</title>
<link>/entries/Constructor_Funs.html</link>
<pubDate>Wed, 19 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Constructor_Funs.html</guid>
<description></description>
</item>
<item>
<title>Lazifying case constants</title>
<link>/entries/Lazy_Case.html</link>
<pubDate>Tue, 18 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Lazy_Case.html</guid>
<description></description>
</item>
<item>
<title>Subresultants</title>
<link>/entries/Subresultants.html</link>
<pubDate>Thu, 06 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Subresultants.html</guid>
<description></description>
</item>
<item>
<title>Expected Shape of Random Binary Search Trees</title>
<link>/entries/Random_BSTs.html</link>
<pubDate>Tue, 04 Apr 2017 00:00:00 +0000</pubDate>
<guid>/entries/Random_BSTs.html</guid>
<description></description>
</item>
<item>
<title>Lower bound on comparison-based sorting algorithms</title>
<link>/entries/Comparison_Sort_Lower_Bound.html</link>
<pubDate>Wed, 15 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Comparison_Sort_Lower_Bound.html</guid>
<description></description>
</item>
<item>
<title>The number of comparisons in QuickSort</title>
<link>/entries/Quick_Sort_Cost.html</link>
<pubDate>Wed, 15 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Quick_Sort_Cost.html</guid>
<description></description>
</item>
<item>
<title>The Euler–MacLaurin Formula</title>
<link>/entries/Euler_MacLaurin.html</link>
<pubDate>Fri, 10 Mar 2017 00:00:00 +0000</pubDate>
<guid>/entries/Euler_MacLaurin.html</guid>
<description></description>
</item>
<item>
<title>The Group Law for Elliptic Curves</title>
<link>/entries/Elliptic_Curves_Group_Law.html</link>
<pubDate>Tue, 28 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Elliptic_Curves_Group_Law.html</guid>
<description></description>
</item>
<item>
<title>Menger&#39;s Theorem</title>
<link>/entries/Menger.html</link>
<pubDate>Sun, 26 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Menger.html</guid>
<description></description>
</item>
<item>
<title>Differential Dynamic Logic</title>
<link>/entries/Differential_Dynamic_Logic.html</link>
<pubDate>Mon, 13 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Differential_Dynamic_Logic.html</guid>
<description></description>
</item>
<item>
<title>Abstract Soundness</title>
<link>/entries/Abstract_Soundness.html</link>
<pubDate>Fri, 10 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Abstract_Soundness.html</guid>
<description></description>
</item>
<item>
<title>Stone Relation Algebras</title>
<link>/entries/Stone_Relation_Algebras.html</link>
<pubDate>Tue, 07 Feb 2017 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Relation_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Refining Authenticated Key Agreement with Strong Adversaries</title>
<link>/entries/Key_Agreement_Strong_Adversaries.html</link>
<pubDate>Tue, 31 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Key_Agreement_Strong_Adversaries.html</guid>
<description></description>
</item>
<item>
<title>Bernoulli Numbers</title>
<link>/entries/Bernoulli.html</link>
<pubDate>Tue, 24 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Bernoulli.html</guid>
<description></description>
</item>
<item>
<title>Bertrand&#39;s postulate</title>
<link>/entries/Bertrands_Postulate.html</link>
<pubDate>Tue, 17 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Bertrands_Postulate.html</guid>
<description></description>
</item>
<item>
<title>Minimal Static Single Assignment Form</title>
<link>/entries/Minimal_SSA.html</link>
<pubDate>Tue, 17 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Minimal_SSA.html</guid>
<description></description>
</item>
<item>
<title>The Transcendence of e</title>
<link>/entries/E_Transcendental.html</link>
<pubDate>Thu, 12 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/E_Transcendental.html</guid>
<description></description>
</item>
<item>
<title>Formal Network Models and Their Application to Firewall Policies</title>
<link>/entries/UPF_Firewall.html</link>
<pubDate>Sun, 08 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/UPF_Firewall.html</guid>
<description></description>
</item>
<item>
<title>Verification of a Diffie-Hellman Password-based Authentication Protocol by Extending the Inductive Method</title>
<link>/entries/Password_Authentication_Protocol.html</link>
<pubDate>Tue, 03 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/Password_Authentication_Protocol.html</guid>
<description></description>
</item>
<item>
<title>First-Order Logic According to Harrison</title>
<link>/entries/FOL_Harrison.html</link>
<pubDate>Sun, 01 Jan 2017 00:00:00 +0000</pubDate>
<guid>/entries/FOL_Harrison.html</guid>
<description></description>
</item>
<item>
<title>Concurrent Refinement Algebra and Rely Quotients</title>
<link>/entries/Concurrent_Ref_Alg.html</link>
<pubDate>Fri, 30 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Concurrent_Ref_Alg.html</guid>
<description></description>
</item>
<item>
<title>The Twelvefold Way</title>
<link>/entries/Twelvefold_Way.html</link>
<pubDate>Thu, 29 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Twelvefold_Way.html</guid>
<description></description>
</item>
<item>
<title>Proof Strategy Language</title>
<link>/entries/Proof_Strategy_Language.html</link>
<pubDate>Tue, 20 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Proof_Strategy_Language.html</guid>
<description></description>
</item>
<item>
<title>Paraconsistency</title>
<link>/entries/Paraconsistency.html</link>
<pubDate>Wed, 07 Dec 2016 00:00:00 +0000</pubDate>
<guid>/entries/Paraconsistency.html</guid>
<description></description>
</item>
<item>
<title>COMPLX: A Verification Framework for Concurrent Imperative Programs</title>
<link>/entries/Complx.html</link>
<pubDate>Tue, 29 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Complx.html</guid>
<description></description>
</item>
<item>
<title>Abstract Interpretation of Annotated Commands</title>
<link>/entries/Abs_Int_ITP2012.html</link>
<pubDate>Wed, 23 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Abs_Int_ITP2012.html</guid>
<description></description>
</item>
<item>
<title>Separata: Isabelle tactics for Separation Algebra</title>
<link>/entries/Separata.html</link>
<pubDate>Wed, 16 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Separata.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Knuth–Bendix Orders for Lambda-Free Higher-Order Terms</title>
<link>/entries/Lambda_Free_KBOs.html</link>
<pubDate>Sat, 12 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lambda_Free_KBOs.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals</title>
<link>/entries/Nested_Multisets_Ordinals.html</link>
<pubDate>Sat, 12 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Nested_Multisets_Ordinals.html</guid>
<description></description>
</item>
<item>
<title>Expressiveness of Deep Learning</title>
<link>/entries/Deep_Learning.html</link>
<pubDate>Thu, 10 Nov 2016 00:00:00 +0000</pubDate>
<guid>/entries/Deep_Learning.html</guid>
<description></description>
</item>
<item>
<title>Modal Logics for Nominal Transition Systems</title>
<link>/entries/Modal_Logics_for_NTS.html</link>
<pubDate>Tue, 25 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Modal_Logics_for_NTS.html</guid>
<description></description>
</item>
<item>
<title>Stable Matching</title>
<link>/entries/Stable_Matching.html</link>
<pubDate>Mon, 24 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stable_Matching.html</guid>
<description></description>
</item>
<item>
<title>LOFT — Verified Migration of Linux Firewalls to SDN</title>
<link>/entries/LOFT.html</link>
<pubDate>Fri, 21 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/LOFT.html</guid>
<description></description>
</item>
<item>
<title>A formal model for the SPARCv8 ISA and a proof of non-interference for the LEON3 processor</title>
<link>/entries/SPARCv8.html</link>
<pubDate>Wed, 19 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/SPARCv8.html</guid>
<description></description>
</item>
<item>
<title>Source Coding Theorem</title>
<link>/entries/Source_Coding_Theorem.html</link>
<pubDate>Wed, 19 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Source_Coding_Theorem.html</guid>
<description></description>
</item>
<item>
<title>The Factorization Algorithm of Berlekamp and Zassenhaus</title>
<link>/entries/Berlekamp_Zassenhaus.html</link>
<pubDate>Fri, 14 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Berlekamp_Zassenhaus.html</guid>
<description></description>
</item>
<item>
<title>Intersecting Chords Theorem</title>
<link>/entries/Chord_Segments.html</link>
<pubDate>Tue, 11 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Chord_Segments.html</guid>
<description></description>
</item>
<item>
<title>Lp spaces</title>
<link>/entries/Lp.html</link>
<pubDate>Wed, 05 Oct 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lp.html</guid>
<description></description>
</item>
<item>
<title>Fisher–Yates shuffle</title>
<link>/entries/Fisher_Yates.html</link>
<pubDate>Fri, 30 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Fisher_Yates.html</guid>
<description></description>
</item>
<item>
<title>Allen&#39;s Interval Calculus</title>
<link>/entries/Allen_Calculus.html</link>
<pubDate>Thu, 29 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Allen_Calculus.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Recursive Path Orders for Lambda-Free Higher-Order Terms</title>
<link>/entries/Lambda_Free_RPOs.html</link>
<pubDate>Fri, 23 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Lambda_Free_RPOs.html</guid>
<description></description>
</item>
<item>
<title>Iptables Semantics</title>
<link>/entries/Iptables_Semantics.html</link>
<pubDate>Fri, 09 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Iptables_Semantics.html</guid>
<description></description>
</item>
<item>
<title>A Variant of the Superposition Calculus</title>
<link>/entries/SuperCalc.html</link>
<pubDate>Tue, 06 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/SuperCalc.html</guid>
<description></description>
</item>
<item>
<title>Stone Algebras</title>
<link>/entries/Stone_Algebras.html</link>
<pubDate>Tue, 06 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stone_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Stirling&#39;s formula</title>
<link>/entries/Stirling_Formula.html</link>
<pubDate>Thu, 01 Sep 2016 00:00:00 +0000</pubDate>
<guid>/entries/Stirling_Formula.html</guid>
<description></description>
</item>
<item>
<title>Routing</title>
<link>/entries/Routing.html</link>
<pubDate>Wed, 31 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Routing.html</guid>
<description></description>
</item>
<item>
<title>Simple Firewall</title>
<link>/entries/Simple_Firewall.html</link>
<pubDate>Wed, 24 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Simple_Firewall.html</guid>
<description></description>
</item>
<item>
<title>Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths</title>
<link>/entries/InfPathElimination.html</link>
<pubDate>Thu, 18 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/InfPathElimination.html</guid>
<description></description>
</item>
<item>
<title>Formalizing the Edmonds-Karp Algorithm</title>
<link>/entries/EdmondsKarp_Maxflow.html</link>
<pubDate>Fri, 12 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/EdmondsKarp_Maxflow.html</guid>
<description></description>
</item>
<item>
<title>The Imperative Refinement Framework</title>
<link>/entries/Refine_Imperative_HOL.html</link>
<pubDate>Mon, 08 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Refine_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Ptolemy&#39;s Theorem</title>
<link>/entries/Ptolemys_Theorem.html</link>
<pubDate>Sun, 07 Aug 2016 00:00:00 +0000</pubDate>
<guid>/entries/Ptolemys_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Surprise Paradox</title>
<link>/entries/Surprise_Paradox.html</link>
<pubDate>Sun, 17 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Surprise_Paradox.html</guid>
<description></description>
</item>
<item>
<title>Pairing Heap</title>
<link>/entries/Pairing_Heap.html</link>
<pubDate>Thu, 14 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Pairing_Heap.html</guid>
<description></description>
</item>
<item>
<title>A Framework for Verifying Depth-First Search Algorithms</title>
<link>/entries/DFS_Framework.html</link>
<pubDate>Tue, 05 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/DFS_Framework.html</guid>
<description></description>
</item>
<item>
<title>Chamber Complexes, Coxeter Systems, and Buildings</title>
<link>/entries/Buildings.html</link>
<pubDate>Fri, 01 Jul 2016 00:00:00 +0000</pubDate>
<guid>/entries/Buildings.html</guid>
<description></description>
</item>
<item>
<title>The Resolution Calculus for First-Order Logic</title>
<link>/entries/Resolution_FOL.html</link>
<pubDate>Thu, 30 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Resolution_FOL.html</guid>
<description></description>
</item>
<item>
<title>The Z Property</title>
<link>/entries/Rewriting_Z.html</link>
<pubDate>Thu, 30 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Rewriting_Z.html</guid>
<description></description>
</item>
<item>
<title>Compositional Security-Preserving Refinement for Concurrent Imperative Programs</title>
<link>/entries/Dependent_SIFUM_Refinement.html</link>
<pubDate>Tue, 28 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Dependent_SIFUM_Refinement.html</guid>
<description></description>
</item>
<item>
<title>IP Addresses</title>
<link>/entries/IP_Addresses.html</link>
<pubDate>Tue, 28 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/IP_Addresses.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Multisets</title>
<link>/entries/Card_Multisets.html</link>
<pubDate>Sun, 26 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Card_Multisets.html</guid>
<description></description>
</item>
<item>
<title>Category Theory with Adjunctions and Limits</title>
<link>/entries/Category3.html</link>
<pubDate>Sun, 26 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Category3.html</guid>
<description></description>
</item>
<item>
<title>A Dependent Security Type System for Concurrent Imperative Programs</title>
<link>/entries/Dependent_SIFUM_Type_Systems.html</link>
<pubDate>Sat, 25 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Dependent_SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>Catalan Numbers</title>
<link>/entries/Catalan_Numbers.html</link>
<pubDate>Tue, 21 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Catalan_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Program Construction and Verification Components Based on Kleene Algebra</title>
<link>/entries/Algebraic_VCs.html</link>
<pubDate>Sat, 18 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Algebraic_VCs.html</guid>
<description></description>
</item>
<item>
<title>Conservation of CSP Noninterference Security under Concurrent Composition</title>
<link>/entries/Noninterference_Concurrent_Composition.html</link>
<pubDate>Mon, 13 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Concurrent_Composition.html</guid>
<description></description>
</item>
<item>
<title>Finite Machine Word Library</title>
<link>/entries/Word_Lib.html</link>
<pubDate>Thu, 09 Jun 2016 00:00:00 +0000</pubDate>
<guid>/entries/Word_Lib.html</guid>
<description></description>
</item>
<item>
<title>Tree Decomposition</title>
<link>/entries/Tree_Decomposition.html</link>
<pubDate>Tue, 31 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Tree_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Equivalence Relations</title>
<link>/entries/Card_Equiv_Relations.html</link>
<pubDate>Tue, 24 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Card_Equiv_Relations.html</guid>
<description></description>
</item>
<item>
<title>POSIX Lexing with Derivatives of Regular Expressions</title>
<link>/entries/Posix-Lexing.html</link>
<pubDate>Tue, 24 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Posix-Lexing.html</guid>
<description></description>
</item>
<item>
<title>Perron-Frobenius Theorem for Spectral Radius Analysis</title>
<link>/entries/Perron_Frobenius.html</link>
<pubDate>Fri, 20 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Perron_Frobenius.html</guid>
<description></description>
</item>
<item>
<title>The meta theory of the Incredible Proof Machine</title>
<link>/entries/Incredible_Proof_Machine.html</link>
<pubDate>Fri, 20 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Incredible_Proof_Machine.html</guid>
<description></description>
</item>
<item>
<title>A Constructive Proof for FLP</title>
<link>/entries/FLP.html</link>
<pubDate>Wed, 18 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/FLP.html</guid>
<description></description>
</item>
<item>
<title>A Formal Proof of the Max-Flow Min-Cut Theorem for Countable Networks</title>
<link>/entries/MFMC_Countable.html</link>
<pubDate>Mon, 09 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/MFMC_Countable.html</guid>
<description></description>
</item>
<item>
<title>Randomised Social Choice Theory</title>
<link>/entries/Randomised_Social_Choice.html</link>
<pubDate>Thu, 05 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Randomised_Social_Choice.html</guid>
<description></description>
</item>
<item>
<title>Spivey&#39;s Generalized Recurrence for Bell Numbers</title>
<link>/entries/Bell_Numbers_Spivey.html</link>
<pubDate>Wed, 04 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Bell_Numbers_Spivey.html</guid>
<description></description>
</item>
<item>
<title>The Incompatibility of SD-Efficiency and SD-Strategy-Proofness</title>
<link>/entries/SDS_Impossibility.html</link>
<pubDate>Wed, 04 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/SDS_Impossibility.html</guid>
<description></description>
</item>
<item>
<title>Gröbner Bases Theory</title>
<link>/entries/Groebner_Bases.html</link>
<pubDate>Mon, 02 May 2016 00:00:00 +0000</pubDate>
<guid>/entries/Groebner_Bases.html</guid>
<description></description>
</item>
<item>
<title>No Faster-Than-Light Observers</title>
<link>/entries/No_FTL_observers.html</link>
<pubDate>Thu, 28 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/No_FTL_observers.html</guid>
<description></description>
</item>
<item>
<title>A formalisation of the Cocke-Younger-Kasami algorithm</title>
<link>/entries/CYK.html</link>
<pubDate>Wed, 27 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/CYK.html</guid>
<description></description>
</item>
<item>
<title>Algorithms for Reduced Ordered Binary Decision Diagrams</title>
<link>/entries/ROBDD.html</link>
<pubDate>Wed, 27 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/ROBDD.html</guid>
<description></description>
</item>
<item>
<title>Conservation of CSP Noninterference Security under Sequential Composition</title>
<link>/entries/Noninterference_Sequential_Composition.html</link>
<pubDate>Tue, 26 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Sequential_Composition.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebras with Domain</title>
<link>/entries/KAD.html</link>
<pubDate>Tue, 12 Apr 2016 00:00:00 +0000</pubDate>
<guid>/entries/KAD.html</guid>
<description></description>
</item>
<item>
<title>Propositional Resolution and Prime Implicates Generation</title>
<link>/entries/PropResPI.html</link>
<pubDate>Fri, 11 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/PropResPI.html</guid>
<description></description>
</item>
<item>
<title>The Cartan Fixed Point Theorems</title>
<link>/entries/Cartan_FP.html</link>
<pubDate>Tue, 08 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/Cartan_FP.html</guid>
<description></description>
</item>
<item>
<title>Timed Automata</title>
<link>/entries/Timed_Automata.html</link>
<pubDate>Tue, 08 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/Timed_Automata.html</guid>
<description></description>
</item>
<item>
<title>Linear Temporal Logic</title>
<link>/entries/LTL.html</link>
<pubDate>Tue, 01 Mar 2016 00:00:00 +0000</pubDate>
<guid>/entries/LTL.html</guid>
<description></description>
</item>
<item>
<title>Analysis of List Update Algorithms</title>
<link>/entries/List_Update.html</link>
<pubDate>Wed, 17 Feb 2016 00:00:00 +0000</pubDate>
<guid>/entries/List_Update.html</guid>
<description></description>
</item>
<item>
<title>Verified Construction of Static Single Assignment Form</title>
<link>/entries/Formal_SSA.html</link>
<pubDate>Fri, 05 Feb 2016 00:00:00 +0000</pubDate>
<guid>/entries/Formal_SSA.html</guid>
<description></description>
</item>
<item>
<title>Polynomial Factorization</title>
<link>/entries/Polynomial_Factorization.html</link>
<pubDate>Fri, 29 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Polynomial_Factorization.html</guid>
<description></description>
</item>
<item>
<title>Polynomial Interpolation</title>
<link>/entries/Polynomial_Interpolation.html</link>
<pubDate>Fri, 29 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Polynomial_Interpolation.html</guid>
<description></description>
</item>
<item>
<title>Knot Theory</title>
<link>/entries/Knot_Theory.html</link>
<pubDate>Wed, 20 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Knot_Theory.html</guid>
<description></description>
</item>
<item>
<title>Tensor Product of Matrices</title>
<link>/entries/Matrix_Tensor.html</link>
<pubDate>Mon, 18 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Matrix_Tensor.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Number Partitions</title>
<link>/entries/Card_Number_Partitions.html</link>
<pubDate>Thu, 14 Jan 2016 00:00:00 +0000</pubDate>
<guid>/entries/Card_Number_Partitions.html</guid>
<description></description>
</item>
<item>
<title>Basic Geometric Properties of Triangles</title>
<link>/entries/Triangle.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Triangle.html</guid>
<description></description>
</item>
<item>
<title>Descartes&#39; Rule of Signs</title>
<link>/entries/Descartes_Sign_Rule.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Descartes_Sign_Rule.html</guid>
<description></description>
</item>
<item>
<title>Liouville numbers</title>
<link>/entries/Liouville_Numbers.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Liouville_Numbers.html</guid>
<description></description>
</item>
<item>
<title>The Divergence of the Prime Harmonic Series</title>
<link>/entries/Prime_Harmonic_Series.html</link>
<pubDate>Mon, 28 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Prime_Harmonic_Series.html</guid>
<description></description>
</item>
<item>
<title>Algebraic Numbers in Isabelle/HOL</title>
<link>/entries/Algebraic_Numbers.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Algebraic_Numbers.html</guid>
<description></description>
</item>
<item>
<title>Applicative Lifting</title>
<link>/entries/Applicative_Lifting.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Applicative_Lifting.html</guid>
<description></description>
</item>
<item>
<title>The Stern-Brocot Tree</title>
<link>/entries/Stern_Brocot.html</link>
<pubDate>Tue, 22 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Stern_Brocot.html</guid>
<description></description>
</item>
<item>
<title>Cardinality of Set Partitions</title>
<link>/entries/Card_Partitions.html</link>
<pubDate>Sat, 12 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Card_Partitions.html</guid>
<description></description>
</item>
<item>
<title>Latin Square</title>
<link>/entries/Latin_Square.html</link>
<pubDate>Wed, 02 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Latin_Square.html</guid>
<description></description>
</item>
<item>
<title>Ergodic Theory</title>
<link>/entries/Ergodic_Theory.html</link>
<pubDate>Tue, 01 Dec 2015 00:00:00 +0000</pubDate>
<guid>/entries/Ergodic_Theory.html</guid>
<description></description>
</item>
<item>
<title>Euler&#39;s Partition Theorem</title>
<link>/entries/Euler_Partition.html</link>
<pubDate>Thu, 19 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Euler_Partition.html</guid>
<description></description>
</item>
<item>
<title>The Tortoise and Hare Algorithm</title>
<link>/entries/TortoiseHare.html</link>
<pubDate>Wed, 18 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/TortoiseHare.html</guid>
<description></description>
</item>
<item>
<title>Planarity Certificates</title>
<link>/entries/Planarity_Certificates.html</link>
<pubDate>Wed, 11 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Planarity_Certificates.html</guid>
<description></description>
</item>
<item>
<title>Positional Determinacy of Parity Games</title>
<link>/entries/Parity_Game.html</link>
<pubDate>Mon, 02 Nov 2015 00:00:00 +0000</pubDate>
<guid>/entries/Parity_Game.html</guid>
<description></description>
</item>
<item>
<title>A Meta-Model for the Isabelle API</title>
<link>/entries/Isabelle_Meta_Model.html</link>
<pubDate>Wed, 16 Sep 2015 00:00:00 +0000</pubDate>
<guid>/entries/Isabelle_Meta_Model.html</guid>
<description></description>
</item>
<item>
<title>Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata</title>
<link>/entries/LTL_to_DRA.html</link>
<pubDate>Fri, 04 Sep 2015 00:00:00 +0000</pubDate>
<guid>/entries/LTL_to_DRA.html</guid>
<description></description>
</item>
<item>
<title>Matrices, Jordan Normal Forms, and Spectral Radius Theory</title>
<link>/entries/Jordan_Normal_Form.html</link>
<pubDate>Fri, 21 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Jordan_Normal_Form.html</guid>
<description></description>
</item>
<item>
<title>Decreasing Diagrams II</title>
<link>/entries/Decreasing-Diagrams-II.html</link>
<pubDate>Thu, 20 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Decreasing-Diagrams-II.html</guid>
<description></description>
</item>
<item>
<title>The Inductive Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Inductive_Unwinding.html</link>
<pubDate>Tue, 18 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Inductive_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>Representations of Finite Groups</title>
<link>/entries/Rep_Fin_Groups.html</link>
<pubDate>Wed, 12 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Rep_Fin_Groups.html</guid>
<description></description>
</item>
<item>
<title>Analysing and Comparing Encodability Criteria for Process Calculi</title>
<link>/entries/Encodability_Process_Calculi.html</link>
<pubDate>Mon, 10 Aug 2015 00:00:00 +0000</pubDate>
<guid>/entries/Encodability_Process_Calculi.html</guid>
<description></description>
</item>
<item>
<title>Generating Cases from Labeled Subgoals</title>
<link>/entries/Case_Labeling.html</link>
<pubDate>Tue, 21 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Case_Labeling.html</guid>
<description></description>
</item>
<item>
<title>Landau Symbols</title>
<link>/entries/Landau_Symbols.html</link>
<pubDate>Tue, 14 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Landau_Symbols.html</guid>
<description></description>
</item>
<item>
<title>The Akra-Bazzi theorem and the Master theorem</title>
<link>/entries/Akra_Bazzi.html</link>
<pubDate>Tue, 14 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Akra_Bazzi.html</guid>
<description></description>
</item>
<item>
<title>Hermite Normal Form</title>
<link>/entries/Hermite.html</link>
<pubDate>Tue, 07 Jul 2015 00:00:00 +0000</pubDate>
<guid>/entries/Hermite.html</guid>
<description></description>
</item>
<item>
<title>Derangements Formula</title>
<link>/entries/Derangements.html</link>
<pubDate>Sat, 27 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Derangements.html</guid>
<description></description>
</item>
<item>
<title>Binary Multirelations</title>
<link>/entries/Multirelations.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Multirelations.html</guid>
<description></description>
</item>
<item>
<title>Reasoning about Lists via List Interleaving</title>
<link>/entries/List_Interleaving.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/List_Interleaving.html</guid>
<description></description>
</item>
<item>
<title>The Generic Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Generic_Unwinding.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Generic_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>The Ipurge Unwinding Theorem for CSP Noninterference Security</title>
<link>/entries/Noninterference_Ipurge_Unwinding.html</link>
<pubDate>Thu, 11 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_Ipurge_Unwinding.html</guid>
<description></description>
</item>
<item>
<title>Parameterized Dynamic Tables</title>
<link>/entries/Dynamic_Tables.html</link>
<pubDate>Sun, 07 Jun 2015 00:00:00 +0000</pubDate>
<guid>/entries/Dynamic_Tables.html</guid>
<description></description>
</item>
<item>
<title>Derivatives of Logical Formulas</title>
<link>/entries/Formula_Derivatives.html</link>
<pubDate>Thu, 28 May 2015 00:00:00 +0000</pubDate>
<guid>/entries/Formula_Derivatives.html</guid>
<description></description>
</item>
<item>
<title>A Zoo of Probabilistic Systems</title>
<link>/entries/Probabilistic_System_Zoo.html</link>
<pubDate>Wed, 27 May 2015 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_System_Zoo.html</guid>
<description></description>
</item>
<item>
<title>VCG - Combinatorial Vickrey-Clarke-Groves Auctions</title>
<link>/entries/Vickrey_Clarke_Groves.html</link>
<pubDate>Thu, 30 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/Vickrey_Clarke_Groves.html</guid>
<description></description>
</item>
<item>
<title>Residuated Lattices</title>
<link>/entries/Residuated_Lattices.html</link>
<pubDate>Wed, 15 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/Residuated_Lattices.html</guid>
<description></description>
</item>
<item>
<title>Concurrent IMP</title>
<link>/entries/ConcurrentIMP.html</link>
<pubDate>Mon, 13 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/ConcurrentIMP.html</guid>
<description></description>
</item>
<item>
<title>Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO</title>
<link>/entries/ConcurrentGC.html</link>
<pubDate>Mon, 13 Apr 2015 00:00:00 +0000</pubDate>
<guid>/entries/ConcurrentGC.html</guid>
<description></description>
</item>
<item>
<title>Trie</title>
<link>/entries/Trie.html</link>
<pubDate>Mon, 30 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Trie.html</guid>
<description></description>
</item>
<item>
<title>Consensus Refined</title>
<link>/entries/Consensus_Refined.html</link>
<pubDate>Wed, 18 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Consensus_Refined.html</guid>
<description></description>
</item>
<item>
<title>Deriving class instances for datatypes</title>
<link>/entries/Deriving.html</link>
<pubDate>Wed, 11 Mar 2015 00:00:00 +0000</pubDate>
<guid>/entries/Deriving.html</guid>
<description></description>
</item>
<item>
<title>The Safety of Call Arity</title>
<link>/entries/Call_Arity.html</link>
<pubDate>Fri, 20 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Call_Arity.html</guid>
<description></description>
</item>
<item>
<title>Echelon Form</title>
<link>/entries/Echelon_Form.html</link>
<pubDate>Thu, 12 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Echelon_Form.html</guid>
<description></description>
</item>
<item>
<title>QR Decomposition</title>
<link>/entries/QR_Decomposition.html</link>
<pubDate>Thu, 12 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/QR_Decomposition.html</guid>
<description></description>
</item>
<item>
<title>Finite Automata in Hereditarily Finite Set Theory</title>
<link>/entries/Finite_Automata_HF.html</link>
<pubDate>Thu, 05 Feb 2015 00:00:00 +0000</pubDate>
<guid>/entries/Finite_Automata_HF.html</guid>
<description></description>
</item>
<item>
<title>Verification of the UpDown Scheme</title>
<link>/entries/UpDown_Scheme.html</link>
<pubDate>Wed, 28 Jan 2015 00:00:00 +0000</pubDate>
<guid>/entries/UpDown_Scheme.html</guid>
<description></description>
</item>
<item>
<title>The Unified Policy Framework (UPF)</title>
<link>/entries/UPF.html</link>
<pubDate>Fri, 28 Nov 2014 00:00:00 +0000</pubDate>
<guid>/entries/UPF.html</guid>
<description></description>
</item>
<item>
<title>Loop freedom of the (untimed) AODV routing protocol</title>
<link>/entries/AODV.html</link>
<pubDate>Thu, 23 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/AODV.html</guid>
<description></description>
</item>
<item>
<title>Lifting Definition Option</title>
<link>/entries/Lifting_Definition_Option.html</link>
<pubDate>Mon, 13 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Lifting_Definition_Option.html</guid>
<description></description>
</item>
<item>
<title>Stream Fusion in HOL with Code Generation</title>
<link>/entries/Stream_Fusion_Code.html</link>
<pubDate>Fri, 10 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Stream_Fusion_Code.html</guid>
<description></description>
</item>
<item>
<title>A Verified Compiler for Probability Density Functions</title>
<link>/entries/Density_Compiler.html</link>
<pubDate>Thu, 09 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Density_Compiler.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Refinement Calculus for Reactive Systems</title>
<link>/entries/RefinementReactive.html</link>
<pubDate>Wed, 08 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/RefinementReactive.html</guid>
<description></description>
</item>
<item>
<title>Certification Monads</title>
<link>/entries/Certification_Monads.html</link>
<pubDate>Fri, 03 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/Certification_Monads.html</guid>
<description></description>
</item>
<item>
<title>XML</title>
<link>/entries/XML.html</link>
<pubDate>Fri, 03 Oct 2014 00:00:00 +0000</pubDate>
<guid>/entries/XML.html</guid>
<description></description>
</item>
<item>
<title>Imperative Insertion Sort</title>
<link>/entries/Imperative_Insertion_Sort.html</link>
<pubDate>Thu, 25 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Imperative_Insertion_Sort.html</guid>
<description></description>
</item>
<item>
<title>The Sturm-Tarski Theorem</title>
<link>/entries/Sturm_Tarski.html</link>
<pubDate>Fri, 19 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Sturm_Tarski.html</guid>
<description></description>
</item>
<item>
<title>The Cayley-Hamilton Theorem</title>
<link>/entries/Cayley_Hamilton.html</link>
<pubDate>Mon, 15 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Cayley_Hamilton.html</guid>
<description></description>
</item>
<item>
<title>The Jordan-Hölder Theorem</title>
<link>/entries/Jordan_Hoelder.html</link>
<pubDate>Tue, 09 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Jordan_Hoelder.html</guid>
<description></description>
</item>
<item>
<title>Priority Queues Based on Braun Trees</title>
<link>/entries/Priority_Queue_Braun.html</link>
<pubDate>Thu, 04 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Priority_Queue_Braun.html</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan Algorithm and Its Applications</title>
<link>/entries/Gauss_Jordan.html</link>
<pubDate>Wed, 03 Sep 2014 00:00:00 +0000</pubDate>
<guid>/entries/Gauss_Jordan.html</guid>
<description></description>
</item>
<item>
<title>Real-Valued Special Functions: Upper and Lower Bounds</title>
<link>/entries/Special_Function_Bounds.html</link>
<pubDate>Fri, 29 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Special_Function_Bounds.html</guid>
<description></description>
</item>
<item>
<title>Vector Spaces</title>
<link>/entries/VectorSpace.html</link>
<pubDate>Fri, 29 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/VectorSpace.html</guid>
<description></description>
</item>
<item>
<title>Skew Heap</title>
<link>/entries/Skew_Heap.html</link>
<pubDate>Wed, 13 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Skew_Heap.html</guid>
<description></description>
</item>
<item>
<title>Splay Tree</title>
<link>/entries/Splay_Tree.html</link>
<pubDate>Tue, 12 Aug 2014 00:00:00 +0000</pubDate>
<guid>/entries/Splay_Tree.html</guid>
<description></description>
</item>
<item>
<title>Haskell&#39;s Show Class in Isabelle/HOL</title>
<link>/entries/Show.html</link>
<pubDate>Tue, 29 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Show.html</guid>
<description></description>
</item>
<item>
<title>Formal Specification of a Generic Separation Kernel</title>
<link>/entries/CISC-Kernel.html</link>
<pubDate>Fri, 18 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/CISC-Kernel.html</guid>
<description></description>
</item>
<item>
<title>pGCL for Isabelle</title>
<link>/entries/pGCL.html</link>
<pubDate>Sun, 13 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/pGCL.html</guid>
<description></description>
</item>
<item>
<title>Amortized Complexity Verified</title>
<link>/entries/Amortized_Complexity.html</link>
<pubDate>Mon, 07 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Amortized_Complexity.html</guid>
<description></description>
</item>
<item>
<title>Network Security Policy Verification</title>
<link>/entries/Network_Security_Policy_Verification.html</link>
<pubDate>Fri, 04 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Network_Security_Policy_Verification.html</guid>
<description></description>
</item>
<item>
<title>Pop-Refinement</title>
<link>/entries/Pop_Refinement.html</link>
<pubDate>Thu, 03 Jul 2014 00:00:00 +0000</pubDate>
<guid>/entries/Pop_Refinement.html</guid>
<description></description>
</item>
<item>
<title>Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions</title>
<link>/entries/MSO_Regex_Equivalence.html</link>
<pubDate>Thu, 12 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/MSO_Regex_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Boolean Expression Checkers</title>
<link>/entries/Boolean_Expression_Checkers.html</link>
<pubDate>Sun, 08 Jun 2014 00:00:00 +0000</pubDate>
<guid>/entries/Boolean_Expression_Checkers.html</guid>
<description></description>
</item>
<item>
<title>A Fully Verified Executable LTL Model Checker</title>
<link>/entries/CAVA_LTL_Modelchecker.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/CAVA_LTL_Modelchecker.html</guid>
<description></description>
</item>
<item>
<title>Converting Linear-Time Temporal Logic to Generalized Büchi Automata</title>
<link>/entries/LTL_to_GBA.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/LTL_to_GBA.html</guid>
<description></description>
</item>
<item>
<title>Promela Formalization</title>
<link>/entries/Promela.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Promela.html</guid>
<description></description>
</item>
<item>
<title>The CAVA Automata Library</title>
<link>/entries/CAVA_Automata.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/CAVA_Automata.html</guid>
<description></description>
</item>
<item>
<title>Verified Efficient Implementation of Gabow&#39;s Strongly Connected Components Algorithm</title>
<link>/entries/Gabow_SCC.html</link>
<pubDate>Wed, 28 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Gabow_SCC.html</guid>
<description></description>
</item>
<item>
<title>Noninterference Security in Communicating Sequential Processes</title>
<link>/entries/Noninterference_CSP.html</link>
<pubDate>Fri, 23 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Noninterference_CSP.html</guid>
<description></description>
</item>
<item>
<title>Transitive closure according to Roy-Floyd-Warshall</title>
<link>/entries/Roy_Floyd_Warshall.html</link>
<pubDate>Fri, 23 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Roy_Floyd_Warshall.html</guid>
<description></description>
</item>
<item>
<title>Regular Algebras</title>
<link>/entries/Regular_Algebras.html</link>
<pubDate>Wed, 21 May 2014 00:00:00 +0000</pubDate>
<guid>/entries/Regular_Algebras.html</guid>
<description></description>
</item>
<item>
<title>Formalisation and Analysis of Component Dependencies</title>
<link>/entries/ComponentDependencies.html</link>
<pubDate>Mon, 28 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/ComponentDependencies.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Assumptions and Guarantees for Compositional Noninterference</title>
<link>/entries/SIFUM_Type_Systems.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/SIFUM_Type_Systems.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Declassification with WHAT-and-WHERE-Security</title>
<link>/entries/WHATandWHERE_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/WHATandWHERE_Security.html</guid>
<description></description>
</item>
<item>
<title>A Formalization of Strong Security</title>
<link>/entries/Strong_Security.html</link>
<pubDate>Wed, 23 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Strong_Security.html</guid>
<description></description>
</item>
<item>
<title>Bounded-Deducibility Security</title>
<link>/entries/Bounded_Deducibility_Security.html</link>
<pubDate>Tue, 22 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Bounded_Deducibility_Security.html</guid>
<description></description>
</item>
<item>
<title>A shallow embedding of HyperCTL*</title>
<link>/entries/HyperCTL.html</link>
<pubDate>Wed, 16 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/HyperCTL.html</guid>
<description></description>
</item>
<item>
<title>Abstract Completeness</title>
<link>/entries/Abstract_Completeness.html</link>
<pubDate>Wed, 16 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Abstract_Completeness.html</guid>
<description></description>
</item>
<item>
<title>Discrete Summation</title>
<link>/entries/Discrete_Summation.html</link>
<pubDate>Sun, 13 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/Discrete_Summation.html</guid>
<description></description>
</item>
<item>
<title>Syntax and semantics of a GPU kernel programming language</title>
<link>/entries/GPU_Kernel_PL.html</link>
<pubDate>Thu, 03 Apr 2014 00:00:00 +0000</pubDate>
<guid>/entries/GPU_Kernel_PL.html</guid>
<description></description>
</item>
<item>
<title>Probabilistic Noninterference</title>
<link>/entries/Probabilistic_Noninterference.html</link>
<pubDate>Tue, 11 Mar 2014 00:00:00 +0000</pubDate>
<guid>/entries/Probabilistic_Noninterference.html</guid>
<description></description>
</item>
<item>
<title>Mechanization of the Algebra for Wireless Networks (AWN)</title>
<link>/entries/AWN.html</link>
<pubDate>Sat, 08 Mar 2014 00:00:00 +0000</pubDate>
<guid>/entries/AWN.html</guid>
<description></description>
</item>
<item>
<title>Mutually Recursive Partial Functions</title>
<link>/entries/Partial_Function_MR.html</link>
<pubDate>Tue, 18 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Partial_Function_MR.html</guid>
<description></description>
</item>
<item>
<title>Properties of Random Graphs -- Subgraph Containment</title>
<link>/entries/Random_Graph_Subgraph_Threshold.html</link>
<pubDate>Thu, 13 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Random_Graph_Subgraph_Threshold.html</guid>
<description></description>
</item>
<item>
<title>Verification of Selection and Heap Sort Using Locales</title>
<link>/entries/Selection_Heap_Sort.html</link>
<pubDate>Tue, 11 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Selection_Heap_Sort.html</guid>
<description></description>
</item>
<item>
<title>Affine Arithmetic</title>
<link>/entries/Affine_Arithmetic.html</link>
<pubDate>Fri, 07 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Affine_Arithmetic.html</guid>
<description></description>
</item>
<item>
<title>Implementing field extensions of the form Q[sqrt(b)]</title>
<link>/entries/Real_Impl.html</link>
<pubDate>Thu, 06 Feb 2014 00:00:00 +0000</pubDate>
<guid>/entries/Real_Impl.html</guid>
<description></description>
</item>
<item>
<title>Unified Decision Procedures for Regular Expression Equivalence</title>
<link>/entries/Regex_Equivalence.html</link>
<pubDate>Thu, 30 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Regex_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Secondary Sylow Theorems</title>
<link>/entries/Secondary_Sylow.html</link>
<pubDate>Tue, 28 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Secondary_Sylow.html</guid>
<description></description>
</item>
<item>
<title>Relation Algebra</title>
<link>/entries/Relation_Algebra.html</link>
<pubDate>Sat, 25 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Relation_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra with Tests and Demonic Refinement Algebras</title>
<link>/entries/KAT_and_DRA.html</link>
<pubDate>Thu, 23 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/KAT_and_DRA.html</guid>
<description></description>
</item>
<item>
<title>Featherweight OCL: A Proposal for a Machine-Checked Formal Semantics for OCL 2.5</title>
<link>/entries/Featherweight_OCL.html</link>
<pubDate>Thu, 16 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Featherweight_OCL.html</guid>
<description></description>
</item>
<item>
<title>Compositional Properties of Crypto-Based Components</title>
<link>/entries/CryptoBasedCompositionalProperties.html</link>
<pubDate>Sat, 11 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/CryptoBasedCompositionalProperties.html</guid>
<description></description>
</item>
<item>
<title>Sturm&#39;s Theorem</title>
<link>/entries/Sturm_Sequences.html</link>
<pubDate>Sat, 11 Jan 2014 00:00:00 +0000</pubDate>
<guid>/entries/Sturm_Sequences.html</guid>
<description></description>
</item>
<item>
<title>A General Method for the Proof of Theorems on Tail-recursive Functions</title>
<link>/entries/Tail_Recursive_Functions.html</link>
<pubDate>Sun, 01 Dec 2013 00:00:00 +0000</pubDate>
<guid>/entries/Tail_Recursive_Functions.html</guid>
<description></description>
</item>
<item>
<title>Gödel&#39;s Incompleteness Theorems</title>
<link>/entries/Incompleteness.html</link>
<pubDate>Sun, 17 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Incompleteness.html</guid>
<description></description>
</item>
<item>
<title>The Hereditarily Finite Sets</title>
<link>/entries/HereditarilyFinite.html</link>
<pubDate>Sun, 17 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/HereditarilyFinite.html</guid>
<description></description>
</item>
<item>
<title>A Codatatype of Formal Languages</title>
<link>/entries/Coinductive_Languages.html</link>
<pubDate>Fri, 15 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Coinductive_Languages.html</guid>
<description></description>
</item>
<item>
<title>Stream Processing Components: Isabelle/HOL Formalisation and Case Studies</title>
<link>/entries/FocusStreamsCaseStudies.html</link>
<pubDate>Thu, 14 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/FocusStreamsCaseStudies.html</guid>
<description></description>
</item>
<item>
<title>Gödel&#39;s God in Isabelle/HOL</title>
<link>/entries/GoedelGod.html</link>
<pubDate>Tue, 12 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/GoedelGod.html</guid>
<description></description>
</item>
<item>
<title>Decreasing Diagrams</title>
<link>/entries/Decreasing-Diagrams.html</link>
<pubDate>Fri, 01 Nov 2013 00:00:00 +0000</pubDate>
<guid>/entries/Decreasing-Diagrams.html</guid>
<description></description>
</item>
<item>
<title>Automatic Data Refinement</title>
<link>/entries/Automatic_Refinement.html</link>
<pubDate>Wed, 02 Oct 2013 00:00:00 +0000</pubDate>
<guid>/entries/Automatic_Refinement.html</guid>
<description></description>
</item>
<item>
<title>Native Word</title>
<link>/entries/Native_Word.html</link>
<pubDate>Tue, 17 Sep 2013 00:00:00 +0000</pubDate>
<guid>/entries/Native_Word.html</guid>
<description></description>
</item>
<item>
<title>A Formal Model of IEEE Floating Point Arithmetic</title>
<link>/entries/IEEE_Floating_Point.html</link>
<pubDate>Sat, 27 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/IEEE_Floating_Point.html</guid>
<description></description>
</item>
<item>
<title>Lehmer&#39;s Theorem</title>
<link>/entries/Lehmer.html</link>
<pubDate>Mon, 22 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Lehmer.html</guid>
<description></description>
</item>
<item>
<title>Pratt&#39;s Primality Certificates</title>
<link>/entries/Pratt_Certificate.html</link>
<pubDate>Mon, 22 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Pratt_Certificate.html</guid>
<description></description>
</item>
<item>
<title>The Königsberg Bridge Problem and the Friendship Theorem</title>
<link>/entries/Koenigsberg_Friendship.html</link>
<pubDate>Fri, 19 Jul 2013 00:00:00 +0000</pubDate>
<guid>/entries/Koenigsberg_Friendship.html</guid>
<description></description>
</item>
<item>
<title>Sound and Complete Sort Encodings for First-Order Logic</title>
<link>/entries/Sort_Encodings.html</link>
<pubDate>Thu, 27 Jun 2013 00:00:00 +0000</pubDate>
<guid>/entries/Sort_Encodings.html</guid>
<description></description>
</item>
<item>
<title>An Axiomatic Characterization of the Single-Source Shortest Path Problem</title>
<link>/entries/ShortestPath.html</link>
<pubDate>Wed, 22 May 2013 00:00:00 +0000</pubDate>
<guid>/entries/ShortestPath.html</guid>
<description></description>
</item>
<item>
<title>Graph Theory</title>
<link>/entries/Graph_Theory.html</link>
<pubDate>Sun, 28 Apr 2013 00:00:00 +0000</pubDate>
<guid>/entries/Graph_Theory.html</guid>
<description></description>
</item>
<item>
<title>Light-weight Containers</title>
<link>/entries/Containers.html</link>
<pubDate>Mon, 15 Apr 2013 00:00:00 +0000</pubDate>
<guid>/entries/Containers.html</guid>
<description></description>
</item>
<item>
<title>Nominal 2</title>
<link>/entries/Nominal2.html</link>
<pubDate>Thu, 21 Feb 2013 00:00:00 +0000</pubDate>
<guid>/entries/Nominal2.html</guid>
<description></description>
</item>
<item>
<title>The Correctness of Launchbury&#39;s Natural Semantics for Lazy Evaluation</title>
<link>/entries/Launchbury.html</link>
<pubDate>Thu, 31 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Launchbury.html</guid>
<description></description>
</item>
<item>
<title>Ribbon Proofs</title>
<link>/entries/Ribbon_Proofs.html</link>
<pubDate>Sat, 19 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Ribbon_Proofs.html</guid>
<description></description>
</item>
<item>
<title>Rank-Nullity Theorem in Linear Algebra</title>
<link>/entries/Rank_Nullity_Theorem.html</link>
<pubDate>Wed, 16 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Rank_Nullity_Theorem.html</guid>
<description></description>
</item>
<item>
<title>Kleene Algebra</title>
<link>/entries/Kleene_Algebra.html</link>
<pubDate>Tue, 15 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Kleene_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Computing N-th Roots using the Babylonian Method</title>
<link>/entries/Sqrt_Babylonian.html</link>
<pubDate>Thu, 03 Jan 2013 00:00:00 +0000</pubDate>
<guid>/entries/Sqrt_Babylonian.html</guid>
<description></description>
</item>
<item>
<title>A Separation Logic Framework for Imperative HOL</title>
<link>/entries/Separation_Logic_Imperative_HOL.html</link>
<pubDate>Wed, 14 Nov 2012 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Logic_Imperative_HOL.html</guid>
<description></description>
</item>
<item>
<title>Open Induction</title>
<link>/entries/Open_Induction.html</link>
<pubDate>Fri, 02 Nov 2012 00:00:00 +0000</pubDate>
<guid>/entries/Open_Induction.html</guid>
<description></description>
</item>
<item>
<title>The independence of Tarski&#39;s Euclidean axiom</title>
<link>/entries/Tarskis_Geometry.html</link>
<pubDate>Tue, 30 Oct 2012 00:00:00 +0000</pubDate>
<guid>/entries/Tarskis_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Bondy&#39;s Theorem</title>
<link>/entries/Bondy.html</link>
<pubDate>Sat, 27 Oct 2012 00:00:00 +0000</pubDate>
<guid>/entries/Bondy.html</guid>
<description></description>
</item>
<item>
<title>Possibilistic Noninterference</title>
<link>/entries/Possibilistic_Noninterference.html</link>
<pubDate>Mon, 10 Sep 2012 00:00:00 +0000</pubDate>
<guid>/entries/Possibilistic_Noninterference.html</guid>
<description></description>
</item>
<item>
<title>Generating linear orders for datatypes</title>
<link>/entries/Datatype_Order_Generator.html</link>
<pubDate>Tue, 07 Aug 2012 00:00:00 +0000</pubDate>
<guid>/entries/Datatype_Order_Generator.html</guid>
<description></description>
</item>
<item>
<title>Proving the Impossibility of Trisecting an Angle and Doubling the Cube</title>
<link>/entries/Impossible_Geometry.html</link>
<pubDate>Sun, 05 Aug 2012 00:00:00 +0000</pubDate>
<guid>/entries/Impossible_Geometry.html</guid>
<description></description>
</item>
<item>
<title>Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model</title>
<link>/entries/Heard_Of.html</link>
<pubDate>Fri, 27 Jul 2012 00:00:00 +0000</pubDate>
<guid>/entries/Heard_Of.html</guid>
<description></description>
</item>
<item>
<title>Logical Relations for PCF</title>
<link>/entries/PCF.html</link>
<pubDate>Sun, 01 Jul 2012 00:00:00 +0000</pubDate>
<guid>/entries/PCF.html</guid>
<description></description>
</item>
<item>
<title>Type Constructor Classes and Monad Transformers</title>
<link>/entries/Tycon.html</link>
<pubDate>Tue, 26 Jun 2012 00:00:00 +0000</pubDate>
<guid>/entries/Tycon.html</guid>
<description></description>
</item>
<item>
<title>CCS in nominal logic</title>
<link>/entries/CCS.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/CCS.html</guid>
<description></description>
</item>
<item>
<title>Psi-calculi in Isabelle</title>
<link>/entries/Psi_Calculi.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Psi_Calculi.html</guid>
<description></description>
</item>
<item>
<title>The pi-calculus in nominal logic</title>
<link>/entries/Pi_Calculus.html</link>
<pubDate>Tue, 29 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Pi_Calculus.html</guid>
<description></description>
</item>
<item>
<title>Isabelle/Circus</title>
<link>/entries/Circus.html</link>
<pubDate>Sun, 27 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Circus.html</guid>
<description></description>
</item>
<item>
<title>Separation Algebra</title>
<link>/entries/Separation_Algebra.html</link>
<pubDate>Fri, 11 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Separation_Algebra.html</guid>
<description></description>
</item>
<item>
<title>Stuttering Equivalence</title>
<link>/entries/Stuttering_Equivalence.html</link>
<pubDate>Mon, 07 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Stuttering_Equivalence.html</guid>
<description></description>
</item>
<item>
<title>Inductive Study of Confidentiality</title>
<link>/entries/Inductive_Confidentiality.html</link>
<pubDate>Wed, 02 May 2012 00:00:00 +0000</pubDate>
<guid>/entries/Inductive_Confidentiality.html</guid>
<description></description>
</item>
<item>
<title>Ordinary Differential Equations</title>
<link>/entries/Ordinary_Differential_Equations.html</link>
<pubDate>Thu, 26 Apr 2012 00:00:00 +0000</pubDate>
<guid>/entries/Ordinary_Differential_Equations.html</guid>
<description></description>
</item>
<item>
<title>Well-Quasi-Orders</title>
<link>/entries/Well_Quasi_Orders.html</link>
<pubDate>Fri, 13 Apr 2012 00:00:00 +0000</pubDate>
<guid>/entries/Well_Quasi_Orders.html</guid>
<description></description>
</item>
<item>
<title>Abortable Linearizable Modules</title>
<link>/entries/Abortable_Linearizable_Modules.html</link>
<pubDate>Thu, 01 Mar 2012 00:00:00 +0000</pubDate>
<guid>/entries/Abortable_Linearizable_Modules.html</guid>
<description></description>
</item>
<item>
<title>Executable Transitive Closures</title>
<link>/entries/Transitive-Closure-II.html</link>
<pubDate>Wed, 29 Feb 2012 00:00:00 +0000</pubDate>
<guid>/entries/Transitive-Closure-II.html</guid>
<description></description>
</item>
<item>
<title>A Probabilistic Proof of the Girth-Chromatic Number Theorem</title>
<link>/entries/Girth_Chromatic.html</link>
<pubDate>Mon, 06 Feb 2012 00:00:00 +0000</pubDate>
<guid>/entries/Girth_Chromatic.html</guid>
<description></description>
</item>
<item>
<title>Dijkstra&#39;s Shortest Path Algorithm</title>
<link>/entries/Dijkstra_Shortest_Path.html</link>
<pubDate>Mon, 30 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Dijkstra_Shortest_Path.html</guid>
<description></description>
</item>
<item>
<title>Refinement for Monadic Programs</title>
<link>/entries/Refine_Monadic.html</link>
<pubDate>Mon, 30 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Refine_Monadic.html</guid>
<description></description>
</item>
<item>
<title>Markov Models</title>
<link>/entries/Markov_Models.html</link>
<pubDate>Tue, 03 Jan 2012 00:00:00 +0000</pubDate>
<guid>/entries/Markov_Models.html</guid>
<description></description>
</item>
<item>
<title>A Definitional Encoding of TLA* in Isabelle/HOL</title>
<link>/entries/TLA.html</link>
<pubDate>Sat, 19 Nov 2011 00:00:00 +0000</pubDate>
<guid>/entries/TLA.html</guid>
<description></description>
</item>
<item>
<title>Efficient Mergesort</title>
<link>/entries/Efficient-Mergesort.html</link>
<pubDate>Wed, 09 Nov 2011 00:00:00 +0000</pubDate>
<guid>/entries/Efficient-Mergesort.html</guid>
<description></description>
</item>
<item>
<title>Algebra of Monotonic Boolean Transformers</title>
<link>/entries/MonoBoolTranAlgebra.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/MonoBoolTranAlgebra.html</guid>
<description></description>
</item>
<item>
<title>Lattice Properties</title>
<link>/entries/LatticeProperties.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/LatticeProperties.html</guid>
<description></description>
</item>
<item>
<title>Pseudo Hoops</title>
<link>/entries/PseudoHoops.html</link>
<pubDate>Thu, 22 Sep 2011 00:00:00 +0000</pubDate>
<guid>/entries/PseudoHoops.html</guid>
<description></description>
</item>
<item>
<title>The Myhill-Nerode Theorem Based on Regular Expressions</title>
<link>/entries/Myhill-Nerode.html</link>
<pubDate>Fri, 26 Aug 2011 00:00:00 +0000</pubDate>
<guid>/entries/Myhill-Nerode.html</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan Elimination for Matrices Represented as Functions</title>
<link>/entries/Gauss-Jordan-Elim-Fun.html</link>
<pubDate>Fri, 19 Aug 2011 00:00:00 +0000</pubDate>
<guid>/entries/Gauss-Jordan-Elim-Fun.html</guid>
<description></description>
</item>
<item>
<title>Maximum Cardinality Matching</title>
<link>/entries/Max-Card-Matching.html</link>
<pubDate>Thu, 21 Jul 2011 00:00:00 +0000</pubDate>
<guid>/entries/Max-Card-Matching.html</guid>
<description></description>
</item>
<item>
<title>Knowledge-based programs</title>
<link>/entries/KBPs.html</link>
<pubDate>Tue, 17 May 2011 00:00:00 +0000</pubDate>
<guid>/entries/KBPs.html</guid>
<description></description>
</item>
<item>
<title>The General Triangle Is Unique</title>
<link>/entries/General-Triangle.html</link>
<pubDate>Fri, 01 Apr 2011 00:00:00 +0000</pubDate>
<guid>/entries/General-Triangle.html</guid>
<description></description>
</item>
<item>
<title>Executable Transitive Closures of Finite Relations</title>
<link>/entries/Transitive-Closure.html</link>
<pubDate>Mon, 14 Mar 2011 00:00:00 +0000</pubDate>
<guid>/entries/Transitive-Closure.html</guid>
<description></description>
</item>
<item>
<title>AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics</title>
<link>/entries/AutoFocus-Stream.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/AutoFocus-Stream.html</guid>
<description></description>
</item>
<item>
<title>Infinite Lists</title>
<link>/entries/List-Infinite.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/List-Infinite.html</guid>
<description></description>
</item>
<item>
<title>Interval Temporal Logic on Natural Numbers</title>
<link>/entries/Nat-Interval-Logic.html</link>
<pubDate>Wed, 23 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/Nat-Interval-Logic.html</guid>
<description></description>
</item>
<item>
<title>Lightweight Java</title>
<link>/entries/LightweightJava.html</link>
<pubDate>Mon, 07 Feb 2011 00:00:00 +0000</pubDate>
<guid>/entries/LightweightJava.html</guid>
<description></description>
</item>
<item>
<title>RIPEMD-160</title>
<link>/entries/RIPEMD-160-SPARK.html</link>
<pubDate>Mon, 10 Jan 2011 00:00:00 +0000</pubDate>
<guid>/entries/RIPEMD-160-SPARK.html</guid>
<description></description>
</item>
<item>
<title>Lower Semicontinuous Functions</title>
<link>/entries/Lower_Semicontinuous.html</link>
<pubDate>Sat, 08 Jan 2011 00:00:00 +0000</pubDate>
<guid>/entries/Lower_Semicontinuous.html</guid>
<description></description>
</item>
<item>
<title>Hall&#39;s Marriage Theorem</title>
<link>/entries/Marriage.html</link>
<pubDate>Fri, 17 Dec 2010 00:00:00 +0000</pubDate>
<guid>/entries/Marriage.html</guid>
<description></description>
</item>
<item>
<title>Shivers&#39; Control Flow Analysis</title>
<link>/entries/Shivers-CFA.html</link>
<pubDate>Tue, 16 Nov 2010 00:00:00 +0000</pubDate>
<guid>/entries/Shivers-CFA.html</guid>
<description></description>
</item>
<item>
<title>Binomial Heaps and Skew Binomial Heaps</title>
<link>/entries/Binomial-Heaps.html</link>
<pubDate>Thu, 28 Oct 2010 00:00:00 +0000</pubDate>
<guid>/entries/Binomial-Heaps.html</guid>
<description></description>
</item>
<item>
<title>Finger Trees</title>
<link>/entries/Finger-Trees.html</link>
<pubDate>Thu, 28 Oct 2010 00:00:00 +0000</pubDate>
<guid>/entries/Finger-Trees.html</guid>
<description></description>
</item>
<item>
<title>Functional Binomial Queues</title>
<link>/entries/Binomial-Queues.html</link>
<pubDate>Thu, 28 Oct 2010 00:00:00 +0000</pubDate>
<guid>/entries/Binomial-Queues.html</guid>
<description></description>
</item>
<item>
<title>Strong Normalization of Moggis&#39;s Computational Metalanguage</title>
<link>/entries/Lam-ml-Normalization.html</link>
<pubDate>Sun, 29 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Lam-ml-Normalization.html</guid>
<description></description>
</item>
<item>
<title>Executable Multivariate Polynomials</title>
<link>/entries/Polynomials.html</link>
<pubDate>Tue, 10 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Polynomials.html</guid>
<description></description>
</item>
<item>
<title>Formalizing Statecharts using Hierarchical Automata</title>
<link>/entries/Statecharts.html</link>
<pubDate>Sun, 08 Aug 2010 00:00:00 +0000</pubDate>
<guid>/entries/Statecharts.html</guid>
<description></description>
</item>
<item>
<title>Free Groups</title>
<link>/entries/Free-Groups.html</link>
<pubDate>Thu, 24 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Free-Groups.html</guid>
<description></description>
</item>
<item>
<title>Category Theory</title>
<link>/entries/Category2.html</link>
<pubDate>Sun, 20 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Category2.html</guid>
<description></description>
</item>
<item>
<title>Executable Matrix Operations on Matrices of Arbitrary Dimensions</title>
<link>/entries/Matrix.html</link>
<pubDate>Thu, 17 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Matrix.html</guid>
<description></description>
</item>
<item>
<title>Abstract Rewriting</title>
<link>/entries/Abstract-Rewriting.html</link>
<pubDate>Mon, 14 Jun 2010 00:00:00 +0000</pubDate>
<guid>/entries/Abstract-Rewriting.html</guid>
<description></description>
</item>
<item>
<title>Semantics and Data Refinement of Invariant Based Programs</title>
<link>/entries/DataRefinementIBP.html</link>
<pubDate>Fri, 28 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/DataRefinementIBP.html</guid>
<description></description>
</item>
<item>
<title>Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement</title>
<link>/entries/GraphMarkingIBP.html</link>
<pubDate>Fri, 28 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/GraphMarkingIBP.html</guid>
<description></description>
</item>
<item>
<title>A Complete Proof of the Robbins Conjecture</title>
<link>/entries/Robbins-Conjecture.html</link>
<pubDate>Sat, 22 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/Robbins-Conjecture.html</guid>
<description></description>
</item>
<item>
<title>Regular Sets and Expressions</title>
<link>/entries/Regular-Sets.html</link>
<pubDate>Wed, 12 May 2010 00:00:00 +0000</pubDate>
<guid>/entries/Regular-Sets.html</guid>
<description></description>
</item>
<item>
<title>Locally Nameless Sigma Calculus</title>
<link>/entries/Locally-Nameless-Sigma.html</link>
<pubDate>Fri, 30 Apr 2010 00:00:00 +0000</pubDate>
<guid>/entries/Locally-Nameless-Sigma.html</guid>
<description></description>
</item>
<item>
<title>Free Boolean Algebra</title>
<link>/entries/Free-Boolean-Algebra.html</link>
<pubDate>Mon, 29 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/Free-Boolean-Algebra.html</guid>
<description></description>
</item>
<item>
<title>Information Flow Noninterference via Slicing</title>
<link>/entries/InformationFlowSlicing.html</link>
<pubDate>Tue, 23 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/InformationFlowSlicing.html</guid>
<description></description>
</item>
<item>
<title>Inter-Procedural Information Flow Noninterference via Slicing</title>
<link>/entries/InformationFlowSlicing_Inter.html</link>
<pubDate>Tue, 23 Mar 2010 00:00:00 +0000</pubDate>
<guid>/entries/InformationFlowSlicing_Inter.html</guid>
<description></description>
</item>
<item>
<title>List Index</title>
<link>/entries/List-Index.html</link>
<pubDate>Sat, 20 Feb 2010 00:00:00 +0000</pubDate>
<guid>/entries/List-Index.html</guid>
<description></description>
</item>
<item>
<title>Coinductive</title>
<link>/entries/Coinductive.html</link>
<pubDate>Fri, 12 Feb 2010 00:00:00 +0000</pubDate>
<guid>/entries/Coinductive.html</guid>
<description></description>
</item>
<item>
<title>A Fast SAT Solver for Isabelle in Standard ML</title>
<link>/entries/DPT-SAT-Solver.html</link>
<pubDate>Wed, 09 Dec 2009 00:00:00 +0000</pubDate>
<guid>/entries/DPT-SAT-Solver.html</guid>
<description></description>
</item>
<item>
<title>Formalizing the Logic-Automaton Connection</title>
<link>/entries/Presburger-Automata.html</link>
<pubDate>Thu, 03 Dec 2009 00:00:00 +0000</pubDate>
<guid>/entries/Presburger-Automata.html</guid>
<description></description>
</item>
<item>
<title>Collections Framework</title>
<link>/entries/Collections.html</link>
<pubDate>Wed, 25 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Collections.html</guid>
<description></description>
</item>
<item>
<title>Tree Automata</title>
<link>/entries/Tree-Automata.html</link>
<pubDate>Wed, 25 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Tree-Automata.html</guid>
<description></description>
</item>
<item>
<title>Perfect Number Theorem</title>
<link>/entries/Perfect-Number-Thm.html</link>
<pubDate>Sun, 22 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/Perfect-Number-Thm.html</guid>
<description></description>
</item>
<item>
<title>Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer</title>
<link>/entries/HRB-Slicing.html</link>
<pubDate>Fri, 13 Nov 2009 00:00:00 +0000</pubDate>
<guid>/entries/HRB-Slicing.html</guid>
<description></description>
</item>
<item>
<title>The Worker/Wrapper Transformation</title>
<link>/entries/WorkerWrapper.html</link>
<pubDate>Fri, 30 Oct 2009 00:00:00 +0000</pubDate>
<guid>/entries/WorkerWrapper.html</guid>
<description></description>
</item>
<item>
<title>Ordinals and Cardinals</title>
<link>/entries/Ordinals_and_Cardinals.html</link>
<pubDate>Tue, 01 Sep 2009 00:00:00 +0000</pubDate>
<guid>/entries/Ordinals_and_Cardinals.html</guid>
<description></description>
</item>
<item>
<title>Invertibility in Sequent Calculi</title>
<link>/entries/SequentInvertibility.html</link>
<pubDate>Fri, 28 Aug 2009 00:00:00 +0000</pubDate>
<guid>/entries/SequentInvertibility.html</guid>
<description></description>
</item>
<item>
<title>An Example of a Cofinitary Group in Isabelle/HOL</title>
<link>/entries/CofGroups.html</link>
<pubDate>Tue, 04 Aug 2009 00:00:00 +0000</pubDate>
<guid>/entries/CofGroups.html</guid>
<description></description>
</item>
<item>
<title>Code Generation for Functions as Data</title>
<link>/entries/FinFun.html</link>
<pubDate>Wed, 06 May 2009 00:00:00 +0000</pubDate>
<guid>/entries/FinFun.html</guid>
<description></description>
</item>
<item>
<title>Stream Fusion</title>
<link>/entries/Stream-Fusion.html</link>
<pubDate>Wed, 29 Apr 2009 00:00:00 +0000</pubDate>
<guid>/entries/Stream-Fusion.html</guid>
<description></description>
</item>
<item>
<title>A Bytecode Logic for JML and Types</title>
<link>/entries/BytecodeLogicJmlTypes.html</link>
<pubDate>Fri, 12 Dec 2008 00:00:00 +0000</pubDate>
<guid>/entries/BytecodeLogicJmlTypes.html</guid>
<description></description>
</item>
<item>
<title>Secure information flow and program logics</title>
<link>/entries/SIFPL.html</link>
<pubDate>Mon, 10 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/SIFPL.html</guid>
<description></description>
</item>
<item>
<title>Some classical results in Social Choice Theory</title>
<link>/entries/SenSocialChoice.html</link>
<pubDate>Sun, 09 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/SenSocialChoice.html</guid>
<description></description>
</item>
<item>
<title>Fun With Tilings</title>
<link>/entries/FunWithTilings.html</link>
<pubDate>Fri, 07 Nov 2008 00:00:00 +0000</pubDate>
<guid>/entries/FunWithTilings.html</guid>
<description></description>
</item>
<item>
<title>The Textbook Proof of Huffman&#39;s Algorithm</title>
<link>/entries/Huffman.html</link>
<pubDate>Wed, 15 Oct 2008 00:00:00 +0000</pubDate>
<guid>/entries/Huffman.html</guid>
<description></description>
</item>
<item>
<title>Towards Certified Slicing</title>
<link>/entries/Slicing.html</link>
<pubDate>Tue, 16 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/Slicing.html</guid>
<description></description>
</item>
<item>
<title>A Correctness Proof for the Volpano/Smith Security Typing System</title>
<link>/entries/VolpanoSmith.html</link>
<pubDate>Tue, 02 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/VolpanoSmith.html</guid>
<description></description>
</item>
<item>
<title>Arrow and Gibbard-Satterthwaite</title>
<link>/entries/ArrowImpossibilityGS.html</link>
<pubDate>Mon, 01 Sep 2008 00:00:00 +0000</pubDate>
<guid>/entries/ArrowImpossibilityGS.html</guid>
<description></description>
</item>
<item>
<title>Fun With Functions</title>
<link>/entries/FunWithFunctions.html</link>
<pubDate>Tue, 26 Aug 2008 00:00:00 +0000</pubDate>
<guid>/entries/FunWithFunctions.html</guid>
<description></description>
</item>
<item>
<title>Formal Verification of Modern SAT Solvers</title>
<link>/entries/SATSolverVerification.html</link>
<pubDate>Wed, 23 Jul 2008 00:00:00 +0000</pubDate>
<guid>/entries/SATSolverVerification.html</guid>
<description></description>
</item>
<item>
<title>Recursion Theory I</title>
<link>/entries/Recursion-Theory-I.html</link>
<pubDate>Sat, 05 Apr 2008 00:00:00 +0000</pubDate>
<guid>/entries/Recursion-Theory-I.html</guid>
<description></description>
</item>
<item>
<title>A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment</title>
<link>/entries/Simpl.html</link>
<pubDate>Fri, 29 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/Simpl.html</guid>
<description></description>
</item>
<item>
<title>BDD Normalisation</title>
<link>/entries/BDD.html</link>
<pubDate>Fri, 29 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/BDD.html</guid>
<description></description>
</item>
<item>
<title>Normalization by Evaluation</title>
<link>/entries/NormByEval.html</link>
<pubDate>Mon, 18 Feb 2008 00:00:00 +0000</pubDate>
<guid>/entries/NormByEval.html</guid>
<description></description>
</item>
<item>
<title>Quantifier Elimination for Linear Arithmetic</title>
<link>/entries/LinearQuantifierElim.html</link>
<pubDate>Fri, 11 Jan 2008 00:00:00 +0000</pubDate>
<guid>/entries/LinearQuantifierElim.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors</title>
<link>/entries/Program-Conflict-Analysis.html</link>
<pubDate>Fri, 14 Dec 2007 00:00:00 +0000</pubDate>
<guid>/entries/Program-Conflict-Analysis.html</guid>
<description></description>
</item>
<item>
<title>Jinja with Threads</title>
<link>/entries/JinjaThreads.html</link>
<pubDate>Mon, 03 Dec 2007 00:00:00 +0000</pubDate>
<guid>/entries/JinjaThreads.html</guid>
<description></description>
</item>
<item>
<title>Much Ado About Two</title>
<link>/entries/MuchAdoAboutTwo.html</link>
<pubDate>Tue, 06 Nov 2007 00:00:00 +0000</pubDate>
<guid>/entries/MuchAdoAboutTwo.html</guid>
<description></description>
</item>
<item>
<title>Fermat&#39;s Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples</title>
<link>/entries/Fermat3_4.html</link>
<pubDate>Sun, 12 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/Fermat3_4.html</guid>
<description></description>
</item>
<item>
<title>Sums of Two and Four Squares</title>
<link>/entries/SumSquares.html</link>
<pubDate>Sun, 12 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/SumSquares.html</guid>
<description></description>
</item>
<item>
<title>Fundamental Properties of Valuation Theory and Hensel&#39;s Lemma</title>
<link>/entries/Valuation.html</link>
<pubDate>Wed, 08 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/Valuation.html</guid>
<description></description>
</item>
<item>
<title>First-Order Logic According to Fitting</title>
<link>/entries/FOL-Fitting.html</link>
<pubDate>Thu, 02 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/FOL-Fitting.html</guid>
<description></description>
</item>
<item>
<title>POPLmark Challenge Via de Bruijn Indices</title>
<link>/entries/POPLmark-deBruijn.html</link>
<pubDate>Thu, 02 Aug 2007 00:00:00 +0000</pubDate>
<guid>/entries/POPLmark-deBruijn.html</guid>
<description></description>
</item>
<item>
<title>Hotel Key Card System</title>
<link>/entries/HotelKeyCards.html</link>
<pubDate>Sat, 09 Sep 2006 00:00:00 +0000</pubDate>
<guid>/entries/HotelKeyCards.html</guid>
<description></description>
</item>
<item>
<title>Abstract Hoare Logics</title>
<link>/entries/Abstract-Hoare-Logics.html</link>
<pubDate>Tue, 08 Aug 2006 00:00:00 +0000</pubDate>
<guid>/entries/Abstract-Hoare-Logics.html</guid>
<description></description>
</item>
<item>
<title>Flyspeck I: Tame Graphs</title>
<link>/entries/Flyspeck-Tame.html</link>
<pubDate>Mon, 22 May 2006 00:00:00 +0000</pubDate>
<guid>/entries/Flyspeck-Tame.html</guid>
<description></description>
</item>
<item>
<title>CoreC&#43;&#43;</title>
<link>/entries/CoreC&#43;&#43;.html</link>
<pubDate>Mon, 15 May 2006 00:00:00 +0000</pubDate>
<guid>/entries/CoreC&#43;&#43;.html</guid>
<description></description>
</item>
<item>
<title>A Theory of Featherweight Java in Isabelle/HOL</title>
<link>/entries/FeatherweightJava.html</link>
<pubDate>Fri, 31 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/FeatherweightJava.html</guid>
<description></description>
</item>
<item>
<title>Instances of Schneider&#39;s generalized protocol of clock synchronization</title>
<link>/entries/ClockSynchInst.html</link>
<pubDate>Wed, 15 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/ClockSynchInst.html</guid>
<description></description>
</item>
<item>
<title>Cauchy&#39;s Mean Theorem and the Cauchy-Schwarz Inequality</title>
<link>/entries/Cauchy.html</link>
<pubDate>Tue, 14 Mar 2006 00:00:00 +0000</pubDate>
<guid>/entries/Cauchy.html</guid>
<description></description>
</item>
<item>
<title>Countable Ordinals</title>
<link>/entries/Ordinal.html</link>
<pubDate>Fri, 11 Nov 2005 00:00:00 +0000</pubDate>
<guid>/entries/Ordinal.html</guid>
<description></description>
</item>
<item>
<title>Fast Fourier Transform</title>
<link>/entries/FFT.html</link>
<pubDate>Wed, 12 Oct 2005 00:00:00 +0000</pubDate>
<guid>/entries/FFT.html</guid>
<description></description>
</item>
<item>
<title>Formalization of a Generalized Protocol for Clock Synchronization</title>
<link>/entries/GenClock.html</link>
<pubDate>Fri, 24 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/GenClock.html</guid>
<description></description>
</item>
<item>
<title>Proving the Correctness of Disk Paxos</title>
<link>/entries/DiskPaxos.html</link>
<pubDate>Wed, 22 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/DiskPaxos.html</guid>
<description></description>
</item>
<item>
<title>Jive Data and Store Model</title>
<link>/entries/JiveDataStoreModel.html</link>
<pubDate>Mon, 20 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/JiveDataStoreModel.html</guid>
<description></description>
</item>
<item>
<title>Jinja is not Java</title>
<link>/entries/Jinja.html</link>
<pubDate>Wed, 01 Jun 2005 00:00:00 +0000</pubDate>
<guid>/entries/Jinja.html</guid>
<description></description>
</item>
<item>
<title>SHA1, RSA, PSS and more</title>
<link>/entries/RSAPSS.html</link>
<pubDate>Mon, 02 May 2005 00:00:00 +0000</pubDate>
<guid>/entries/RSAPSS.html</guid>
<description></description>
</item>
<item>
<title>Category Theory to Yoneda&#39;s Lemma</title>
<link>/entries/Category.html</link>
<pubDate>Thu, 21 Apr 2005 00:00:00 +0000</pubDate>
<guid>/entries/Category.html</guid>
<description></description>
</item>
<item>
<title>File Refinement</title>
<link>/entries/FileRefinement.html</link>
<pubDate>Thu, 09 Dec 2004 00:00:00 +0000</pubDate>
<guid>/entries/FileRefinement.html</guid>
<description></description>
</item>
<item>
<title>Integration theory and random variables</title>
<link>/entries/Integration.html</link>
<pubDate>Fri, 19 Nov 2004 00:00:00 +0000</pubDate>
<guid>/entries/Integration.html</guid>
<description></description>
</item>
<item>
<title>A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic</title>
<link>/entries/Verified-Prover.html</link>
<pubDate>Tue, 28 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Verified-Prover.html</guid>
<description></description>
</item>
<item>
<title>Completeness theorem</title>
<link>/entries/Completeness.html</link>
<pubDate>Mon, 20 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Completeness.html</guid>
<description></description>
</item>
<item>
<title>Ramsey&#39;s theorem, infinitary version</title>
<link>/entries/Ramsey-Infinite.html</link>
<pubDate>Mon, 20 Sep 2004 00:00:00 +0000</pubDate>
<guid>/entries/Ramsey-Infinite.html</guid>
<description></description>
</item>
<item>
<title>Compiling Exceptions Correctly</title>
<link>/entries/Compiling-Exceptions-Correctly.html</link>
<pubDate>Fri, 09 Jul 2004 00:00:00 +0000</pubDate>
<guid>/entries/Compiling-Exceptions-Correctly.html</guid>
<description></description>
</item>
<item>
<title>Depth First Search</title>
<link>/entries/Depth-First-Search.html</link>
<pubDate>Thu, 24 Jun 2004 00:00:00 +0000</pubDate>
<guid>/entries/Depth-First-Search.html</guid>
<description></description>
</item>
<item>
<title>Groups, Rings and Modules</title>
<link>/entries/Group-Ring-Module.html</link>
<pubDate>Tue, 18 May 2004 00:00:00 +0000</pubDate>
<guid>/entries/Group-Ring-Module.html</guid>
<description></description>
</item>
<item>
<title>Lazy Lists II</title>
<link>/entries/Lazy-Lists-II.html</link>
<pubDate>Mon, 26 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/Lazy-Lists-II.html</guid>
<description></description>
</item>
<item>
<title>Topology</title>
<link>/entries/Topology.html</link>
<pubDate>Mon, 26 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/Topology.html</guid>
<description></description>
</item>
<item>
<title>Binary Search Trees</title>
<link>/entries/BinarySearchTree.html</link>
<pubDate>Mon, 05 Apr 2004 00:00:00 +0000</pubDate>
<guid>/entries/BinarySearchTree.html</guid>
<description></description>
</item>
<item>
<title>Functional Automata</title>
<link>/entries/Functional-Automata.html</link>
<pubDate>Tue, 30 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/Functional-Automata.html</guid>
<description></description>
</item>
<item>
<title>AVL Trees</title>
<link>/entries/AVL-Trees.html</link>
<pubDate>Fri, 19 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/AVL-Trees.html</guid>
<description></description>
</item>
<item>
<title>Mini ML</title>
<link>/entries/MiniML.html</link>
<pubDate>Fri, 19 Mar 2004 00:00:00 +0000</pubDate>
<guid>/entries/MiniML.html</guid>
<description></description>
</item>
<item>
<title>Abortable_Linearizable_Modules</title>
<link>/theories/abortable_linearizable_modules/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abortable_linearizable_modules/</guid>
<description></description>
</item>
<item>
<title>About</title>
<link>/about/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/about/</guid>
<description>The Archive of Formal Proofs is a collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle. It is organized in the way of a scientific journal. Submissions are refereed.
The archive repository is hosted on Heptapod to provide easy free access to archive entries. The entries are tested and maintained continuously against the current stable release of Isabelle. Older versions of archive entries will remain available.</description>
</item>
<item>
<title>Abs_Int_ITP2012</title>
<link>/theories/abs_int_itp2012/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abs_int_itp2012/</guid>
<description></description>
</item>
<item>
<title>Abstract-Hoare-Logics</title>
<link>/theories/abstract-hoare-logics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abstract-hoare-logics/</guid>
<description></description>
</item>
<item>
<title>Abstract-Rewriting</title>
<link>/theories/abstract-rewriting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abstract-rewriting/</guid>
<description></description>
</item>
<item>
<title>Abstract_Completeness</title>
<link>/theories/abstract_completeness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abstract_completeness/</guid>
<description></description>
</item>
<item>
<title>Abstract_Soundness</title>
<link>/theories/abstract_soundness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abstract_soundness/</guid>
<description></description>
</item>
<item>
<title>Ackermanns_not_PR</title>
<link>/theories/ackermanns_not_pr/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ackermanns_not_pr/</guid>
<description></description>
</item>
<item>
<title>Actuarial_Mathematics</title>
<link>/theories/actuarial_mathematics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/actuarial_mathematics/</guid>
<description></description>
</item>
<item>
<title>Adaptive_State_Counting</title>
<link>/theories/adaptive_state_counting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/adaptive_state_counting/</guid>
<description></description>
</item>
<item>
<title>ADS_Functor</title>
<link>/theories/ads_functor/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ads_functor/</guid>
<description></description>
</item>
<item>
<title>Affine_Arithmetic</title>
<link>/theories/affine_arithmetic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/affine_arithmetic/</guid>
<description></description>
</item>
<item>
<title>Aggregation_Algebras</title>
<link>/theories/aggregation_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/aggregation_algebras/</guid>
<description></description>
</item>
<item>
<title>AI_Planning_Languages_Semantics</title>
<link>/theories/ai_planning_languages_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ai_planning_languages_semantics/</guid>
<description></description>
</item>
<item>
<title>Akra_Bazzi</title>
<link>/theories/akra_bazzi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/akra_bazzi/</guid>
<description></description>
</item>
<item>
<title>Algebraic_Numbers</title>
<link>/theories/algebraic_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/algebraic_numbers/</guid>
<description></description>
</item>
<item>
<title>Algebraic_VCs</title>
<link>/theories/algebraic_vcs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/algebraic_vcs/</guid>
<description></description>
</item>
<item>
<title>Allen_Calculus</title>
<link>/theories/allen_calculus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/allen_calculus/</guid>
<description></description>
</item>
<item>
<title>Amicable_Numbers</title>
<link>/theories/amicable_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/amicable_numbers/</guid>
<description></description>
</item>
<item>
<title>Amortized_Complexity</title>
<link>/theories/amortized_complexity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/amortized_complexity/</guid>
<description></description>
</item>
<item>
<title>AnselmGod</title>
<link>/theories/anselmgod/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/anselmgod/</guid>
<description></description>
</item>
<item>
<title>AODV</title>
<link>/theories/aodv/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/aodv/</guid>
<description></description>
</item>
<item>
<title>Applicative_Lifting</title>
<link>/theories/applicative_lifting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/applicative_lifting/</guid>
<description></description>
</item>
<item>
<title>Approximation_Algorithms</title>
<link>/theories/approximation_algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/approximation_algorithms/</guid>
<description></description>
</item>
<item>
<title>Architectural_Design_Patterns</title>
<link>/theories/architectural_design_patterns/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/architectural_design_patterns/</guid>
<description></description>
</item>
<item>
<title>Aristotles_Assertoric_Syllogistic</title>
<link>/theories/aristotles_assertoric_syllogistic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/aristotles_assertoric_syllogistic/</guid>
<description></description>
</item>
<item>
<title>Arith_Prog_Rel_Primes</title>
<link>/theories/arith_prog_rel_primes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/arith_prog_rel_primes/</guid>
<description></description>
</item>
<item>
<title>ArrowImpossibilityGS</title>
<link>/theories/arrowimpossibilitygs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/arrowimpossibilitygs/</guid>
<description></description>
</item>
<item>
<title>Attack_Trees</title>
<link>/theories/attack_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/attack_trees/</guid>
<description></description>
</item>
<item>
<title>Auto2_HOL</title>
<link>/theories/auto2_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/auto2_hol/</guid>
<description></description>
</item>
<item>
<title>Auto2_Imperative_HOL</title>
<link>/theories/auto2_imperative_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/auto2_imperative_hol/</guid>
<description></description>
</item>
<item>
<title>AutoFocus-Stream</title>
<link>/theories/autofocus-stream/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/autofocus-stream/</guid>
<description></description>
</item>
<item>
<title>Automated_Stateful_Protocol_Verification</title>
<link>/theories/automated_stateful_protocol_verification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/automated_stateful_protocol_verification/</guid>
<description></description>
</item>
<item>
<title>Automatic_Refinement</title>
<link>/theories/automatic_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/automatic_refinement/</guid>
<description></description>
</item>
<item>
<title>AVL-Trees</title>
<link>/theories/avl-trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/avl-trees/</guid>
<description></description>
</item>
<item>
<title>AWN</title>
<link>/theories/awn/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/awn/</guid>
<description></description>
</item>
<item>
<title>AxiomaticCategoryTheory</title>
<link>/theories/axiomaticcategorytheory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/axiomaticcategorytheory/</guid>
<description></description>
</item>
<item>
<title>Banach_Steinhaus</title>
<link>/theories/banach_steinhaus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/banach_steinhaus/</guid>
<description></description>
</item>
<item>
<title>BD_Security_Compositional</title>
<link>/theories/bd_security_compositional/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bd_security_compositional/</guid>
<description></description>
</item>
<item>
<title>BDD</title>
<link>/theories/bdd/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bdd/</guid>
<description></description>
</item>
<item>
<title>Belief_Revision</title>
<link>/theories/belief_revision/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/belief_revision/</guid>
<description></description>
</item>
<item>
<title>Bell_Numbers_Spivey</title>
<link>/theories/bell_numbers_spivey/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bell_numbers_spivey/</guid>
<description></description>
</item>
<item>
<title>BenOr_Kozen_Reif</title>
<link>/theories/benor_kozen_reif/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/benor_kozen_reif/</guid>
<description></description>
</item>
<item>
<title>Berlekamp_Zassenhaus</title>
<link>/theories/berlekamp_zassenhaus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/berlekamp_zassenhaus/</guid>
<description></description>
</item>
<item>
<title>Bernoulli</title>
<link>/theories/bernoulli/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bernoulli/</guid>
<description></description>
</item>
<item>
<title>Bertrands_Postulate</title>
<link>/theories/bertrands_postulate/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bertrands_postulate/</guid>
<description></description>
</item>
<item>
<title>Bicategory</title>
<link>/theories/bicategory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bicategory/</guid>
<description></description>
</item>
<item>
<title>BinarySearchTree</title>
<link>/theories/binarysearchtree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/binarysearchtree/</guid>
<description></description>
</item>
<item>
<title>Binding_Syntax_Theory</title>
<link>/theories/binding_syntax_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/binding_syntax_theory/</guid>
<description></description>
</item>
<item>
<title>Binomial-Heaps</title>
<link>/theories/binomial-heaps/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/binomial-heaps/</guid>
<description></description>
</item>
<item>
<title>Binomial-Queues</title>
<link>/theories/binomial-queues/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/binomial-queues/</guid>
<description></description>
</item>
<item>
<title>BirdKMP</title>
<link>/theories/birdkmp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/birdkmp/</guid>
<description></description>
</item>
<item>
<title>Blue_Eyes</title>
<link>/theories/blue_eyes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/blue_eyes/</guid>
<description></description>
</item>
<item>
<title>BNF_CC</title>
<link>/theories/bnf_cc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bnf_cc/</guid>
<description></description>
</item>
<item>
<title>BNF_Operations</title>
<link>/theories/bnf_operations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bnf_operations/</guid>
<description></description>
</item>
<item>
<title>Bondy</title>
<link>/theories/bondy/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bondy/</guid>
<description></description>
</item>
<item>
<title>Boolean_Expression_Checkers</title>
<link>/theories/boolean_expression_checkers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/boolean_expression_checkers/</guid>
<description></description>
</item>
<item>
<title>Boolos_Curious_Inference</title>
<link>/theories/boolos_curious_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/boolos_curious_inference/</guid>
<description></description>
</item>
<item>
<title>Bounded_Deducibility_Security</title>
<link>/theories/bounded_deducibility_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bounded_deducibility_security/</guid>
<description></description>
</item>
<item>
<title>BTree</title>
<link>/theories/btree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/btree/</guid>
<description></description>
</item>
<item>
<title>Buchi_Complementation</title>
<link>/theories/buchi_complementation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/buchi_complementation/</guid>
<description></description>
</item>
<item>
<title>Budan_Fourier</title>
<link>/theories/budan_fourier/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/budan_fourier/</guid>
<description></description>
</item>
<item>
<title>Buffons_Needle</title>
<link>/theories/buffons_needle/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/buffons_needle/</guid>
<description></description>
</item>
<item>
<title>Buildings</title>
<link>/theories/buildings/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/buildings/</guid>
<description></description>
</item>
<item>
<title>BytecodeLogicJmlTypes</title>
<link>/theories/bytecodelogicjmltypes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bytecodelogicjmltypes/</guid>
<description></description>
</item>
<item>
<title>C2KA_DistributedSystems</title>
<link>/theories/c2ka_distributedsystems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/c2ka_distributedsystems/</guid>
<description></description>
</item>
<item>
<title>CakeML</title>
<link>/theories/cakeml/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cakeml/</guid>
<description></description>
</item>
<item>
<title>CakeML_Codegen</title>
<link>/theories/cakeml_codegen/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cakeml_codegen/</guid>
<description></description>
</item>
<item>
<title>Call_Arity</title>
<link>/theories/call_arity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/call_arity/</guid>
<description></description>
</item>
<item>
<title>Card_Equiv_Relations</title>
<link>/theories/card_equiv_relations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/card_equiv_relations/</guid>
<description></description>
</item>
<item>
<title>Card_Multisets</title>
<link>/theories/card_multisets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/card_multisets/</guid>
<description></description>
</item>
<item>
<title>Card_Number_Partitions</title>
<link>/theories/card_number_partitions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/card_number_partitions/</guid>
<description></description>
</item>
<item>
<title>Card_Partitions</title>
<link>/theories/card_partitions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/card_partitions/</guid>
<description></description>
</item>
<item>
<title>Cartan_FP</title>
<link>/theories/cartan_fp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cartan_fp/</guid>
<description></description>
</item>
<item>
<title>Case_Labeling</title>
<link>/theories/case_labeling/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/case_labeling/</guid>
<description></description>
</item>
<item>
<title>Catalan_Numbers</title>
<link>/theories/catalan_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/catalan_numbers/</guid>
<description></description>
</item>
<item>
<title>Category</title>
<link>/theories/category/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/category/</guid>
<description></description>
</item>
<item>
<title>Category2</title>
<link>/theories/category2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/category2/</guid>
<description></description>
</item>
<item>
<title>Category3</title>
<link>/theories/category3/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/category3/</guid>
<description></description>
</item>
<item>
<title>Cauchy</title>
<link>/theories/cauchy/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cauchy/</guid>
<description></description>
</item>
<item>
<title>CAVA_Automata</title>
<link>/theories/cava_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cava_automata/</guid>
<description></description>
</item>
<item>
<title>CAVA_Base</title>
<link>/theories/cava_base/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cava_base/</guid>
<description></description>
</item>
<item>
<title>CAVA_LTL_Modelchecker</title>
<link>/theories/cava_ltl_modelchecker/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cava_ltl_modelchecker/</guid>
<description></description>
</item>
<item>
<title>CAVA_Setup</title>
<link>/theories/cava_setup/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cava_setup/</guid>
<description></description>
</item>
<item>
<title>Cayley_Hamilton</title>
<link>/theories/cayley_hamilton/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cayley_hamilton/</guid>
<description></description>
</item>
<item>
<title>CCS</title>
<link>/theories/ccs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ccs/</guid>
<description></description>
</item>
<item>
<title>Certification_Monads</title>
<link>/theories/certification_monads/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/certification_monads/</guid>
<description></description>
</item>
<item>
<title>Chandy_Lamport</title>
<link>/theories/chandy_lamport/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/chandy_lamport/</guid>
<description></description>
</item>
<item>
<title>Chord_Segments</title>
<link>/theories/chord_segments/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/chord_segments/</guid>
<description></description>
</item>
<item>
<title>Circus</title>
<link>/theories/circus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/circus/</guid>
<description></description>
</item>
<item>
<title>CISC-Kernel</title>
<link>/theories/cisc-kernel/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cisc-kernel/</guid>
<description></description>
</item>
<item>
<title>Clean</title>
<link>/theories/clean/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/clean/</guid>
<description></description>
</item>
<item>
<title>Clique_and_Monotone_Circuits</title>
<link>/theories/clique_and_monotone_circuits/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/clique_and_monotone_circuits/</guid>
<description></description>
</item>
<item>
<title>ClockSynchInst</title>
<link>/theories/clocksynchinst/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/clocksynchinst/</guid>
<description></description>
</item>
<item>
<title>Closest_Pair_Points</title>
<link>/theories/closest_pair_points/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/closest_pair_points/</guid>
<description></description>
</item>
<item>
<title>CoCon</title>
<link>/theories/cocon/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cocon/</guid>
<description></description>
</item>
<item>
<title>CofGroups</title>
<link>/theories/cofgroups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cofgroups/</guid>
<description></description>
</item>
<item>
<title>Coinductive</title>
<link>/theories/coinductive/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/coinductive/</guid>
<description></description>
</item>
<item>
<title>Coinductive_Languages</title>
<link>/theories/coinductive_languages/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/coinductive_languages/</guid>
<description></description>
</item>
<item>
<title>Collections</title>
<link>/theories/collections/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/collections/</guid>
<description></description>
</item>
<item>
<title>Collections_Examples</title>
<link>/theories/collections_examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/collections_examples/</guid>
<description></description>
</item>
<item>
<title>Combinable_Wands</title>
<link>/theories/combinable_wands/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/combinable_wands/</guid>
<description></description>
</item>
<item>
<title>Combinatorics_Words</title>
<link>/theories/combinatorics_words/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/combinatorics_words/</guid>
<description></description>
</item>
<item>
<title>Combinatorics_Words_Graph_Lemma</title>
<link>/theories/combinatorics_words_graph_lemma/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/combinatorics_words_graph_lemma/</guid>
<description></description>
</item>
<item>
<title>Combinatorics_Words_Lyndon</title>
<link>/theories/combinatorics_words_lyndon/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/combinatorics_words_lyndon/</guid>
<description></description>
</item>
<item>
<title>Commuting_Hermitian</title>
<link>/theories/commuting_hermitian/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/commuting_hermitian/</guid>
<description></description>
</item>
<item>
<title>Comparison_Sort_Lower_Bound</title>
<link>/theories/comparison_sort_lower_bound/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/comparison_sort_lower_bound/</guid>
<description></description>
</item>
<item>
<title>Compiling-Exceptions-Correctly</title>
<link>/theories/compiling-exceptions-correctly/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/compiling-exceptions-correctly/</guid>
<description></description>
</item>
<item>
<title>Complete_Non_Orders</title>
<link>/theories/complete_non_orders/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/complete_non_orders/</guid>
<description></description>
</item>
<item>
<title>Completeness</title>
<link>/theories/completeness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/completeness/</guid>
<description></description>
</item>
<item>
<title>Complex_Bounded_Operators</title>
<link>/theories/complex_bounded_operators/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/complex_bounded_operators/</guid>
<description></description>
</item>
<item>
<title>Complex_Geometry</title>
<link>/theories/complex_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/complex_geometry/</guid>
<description></description>
</item>
<item>
<title>Complx</title>
<link>/theories/complx/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/complx/</guid>
<description></description>
</item>
<item>
<title>ComponentDependencies</title>
<link>/theories/componentdependencies/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/componentdependencies/</guid>
<description></description>
</item>
<item>
<title>Concurrent_Ref_Alg</title>
<link>/theories/concurrent_ref_alg/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/concurrent_ref_alg/</guid>
<description></description>
</item>
<item>
<title>Concurrent_Revisions</title>
<link>/theories/concurrent_revisions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/concurrent_revisions/</guid>
<description></description>
</item>
<item>
<title>ConcurrentGC</title>
<link>/theories/concurrentgc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/concurrentgc/</guid>
<description></description>
</item>
<item>
<title>ConcurrentIMP</title>
<link>/theories/concurrentimp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/concurrentimp/</guid>
<description></description>
</item>
<item>
<title>Conditional_Simplification</title>
<link>/theories/conditional_simplification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/conditional_simplification/</guid>
<description></description>
</item>
<item>
<title>Conditional_Transfer_Rule</title>
<link>/theories/conditional_transfer_rule/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/conditional_transfer_rule/</guid>
<description></description>
</item>
<item>
<title>Consensus_Refined</title>
<link>/theories/consensus_refined/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/consensus_refined/</guid>
<description></description>
</item>
<item>
<title>Constructive_Cryptography</title>
<link>/theories/constructive_cryptography/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/constructive_cryptography/</guid>
<description></description>
</item>
<item>
<title>Constructive_Cryptography_CM</title>
<link>/theories/constructive_cryptography_cm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/constructive_cryptography_cm/</guid>
<description></description>
</item>
<item>
<title>Constructor_Funs</title>
<link>/theories/constructor_funs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/constructor_funs/</guid>
<description></description>
</item>
<item>
<title>Containers</title>
<link>/theories/containers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/containers/</guid>
<description></description>
</item>
<item>
<title>Containers-Benchmarks</title>
<link>/theories/containers-benchmarks/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/containers-benchmarks/</guid>
<description></description>
</item>
<item>
<title>Core_DOM</title>
<link>/theories/core_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/core_dom/</guid>
<description></description>
</item>
<item>
<title>Core_SC_DOM</title>
<link>/theories/core_sc_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/core_sc_dom/</guid>
<description></description>
</item>
<item>
<title>CoreC&#43;&#43;</title>
<link>/theories/corec&#43;&#43;/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/corec&#43;&#43;/</guid>
<description></description>
</item>
<item>
<title>Correctness_Algebras</title>
<link>/theories/correctness_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/correctness_algebras/</guid>
<description></description>
</item>
<item>
<title>CoSMed</title>
<link>/theories/cosmed/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cosmed/</guid>
<description></description>
</item>
<item>
<title>CoSMeDis</title>
<link>/theories/cosmedis/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cosmedis/</guid>
<description></description>
</item>
<item>
<title>Cotangent_PFD_Formula</title>
<link>/theories/cotangent_pfd_formula/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cotangent_pfd_formula/</guid>
<description></description>
</item>
<item>
<title>Count_Complex_Roots</title>
<link>/theories/count_complex_roots/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/count_complex_roots/</guid>
<description></description>
</item>
<item>
<title>CRDT</title>
<link>/theories/crdt/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/crdt/</guid>
<description></description>
</item>
<item>
<title>CryptHOL</title>
<link>/theories/crypthol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/crypthol/</guid>
<description></description>
</item>
<item>
<title>CryptoBasedCompositionalProperties</title>
<link>/theories/cryptobasedcompositionalproperties/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cryptobasedcompositionalproperties/</guid>
<description></description>
</item>
<item>
<title>CRYSTALS-Kyber</title>
<link>/theories/crystals-kyber/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/crystals-kyber/</guid>
<description></description>
</item>
<item>
<title>CSP_RefTK</title>
<link>/theories/csp_reftk/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/csp_reftk/</guid>
<description></description>
</item>
<item>
<title>Cubic_Quartic_Equations</title>
<link>/theories/cubic_quartic_equations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cubic_quartic_equations/</guid>
<description></description>
</item>
<item>
<title>CYK</title>
<link>/theories/cyk/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cyk/</guid>
<description></description>
</item>
<item>
<title>CZH_Elementary_Categories</title>
<link>/theories/czh_elementary_categories/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/czh_elementary_categories/</guid>
<description></description>
</item>
<item>
<title>CZH_Foundations</title>
<link>/theories/czh_foundations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/czh_foundations/</guid>
<description></description>
</item>
<item>
<title>CZH_Universal_Constructions</title>
<link>/theories/czh_universal_constructions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/czh_universal_constructions/</guid>
<description></description>
</item>
<item>
<title>DataRefinementIBP</title>
<link>/theories/datarefinementibp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/datarefinementibp/</guid>
<description></description>
</item>
<item>
<title>Datatype_Order_Generator</title>
<link>/theories/datatype_order_generator/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/datatype_order_generator/</guid>
<description></description>
</item>
<item>
<title>Decl_Sem_Fun_PL</title>
<link>/theories/decl_sem_fun_pl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/decl_sem_fun_pl/</guid>
<description></description>
</item>
<item>
<title>Decreasing-Diagrams</title>
<link>/theories/decreasing-diagrams/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/decreasing-diagrams/</guid>
<description></description>
</item>
<item>
<title>Decreasing-Diagrams-II</title>
<link>/theories/decreasing-diagrams-ii/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/decreasing-diagrams-ii/</guid>
<description></description>
</item>
<item>
<title>Dedekind_Real</title>
<link>/theories/dedekind_real/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dedekind_real/</guid>
<description></description>
</item>
<item>
<title>Deep_Learning</title>
<link>/theories/deep_learning/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/deep_learning/</guid>
<description></description>
</item>
<item>
<title>Delta_System_Lemma</title>
<link>/theories/delta_system_lemma/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/delta_system_lemma/</guid>
<description></description>
</item>
<item>
<title>Density_Compiler</title>
<link>/theories/density_compiler/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/density_compiler/</guid>
<description></description>
</item>
<item>
<title>Dependent_SIFUM_Refinement</title>
<link>/theories/dependent_sifum_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dependent_sifum_refinement/</guid>
<description></description>
</item>
<item>
<title>Dependent_SIFUM_Type_Systems</title>
<link>/theories/dependent_sifum_type_systems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dependent_sifum_type_systems/</guid>
<description></description>
</item>
<item>
<title>Depth-First-Search</title>
<link>/theories/depth-first-search/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/depth-first-search/</guid>
<description></description>
</item>
<item>
<title>Derangements</title>
<link>/theories/derangements/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/derangements/</guid>
<description></description>
</item>
<item>
<title>Deriving</title>
<link>/theories/deriving/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/deriving/</guid>
<description></description>
</item>
<item>
<title>Descartes_Sign_Rule</title>
<link>/theories/descartes_sign_rule/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/descartes_sign_rule/</guid>
<description></description>
</item>
<item>
<title>Design_Theory</title>
<link>/theories/design_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/design_theory/</guid>
<description></description>
</item>
<item>
<title>DFS_Framework</title>
<link>/theories/dfs_framework/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dfs_framework/</guid>
<description></description>
</item>
<item>
<title>Dict_Construction</title>
<link>/theories/dict_construction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dict_construction/</guid>
<description></description>
</item>
<item>
<title>Differential_Dynamic_Logic</title>
<link>/theories/differential_dynamic_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/differential_dynamic_logic/</guid>
<description></description>
</item>
<item>
<title>Differential_Game_Logic</title>
<link>/theories/differential_game_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/differential_game_logic/</guid>
<description></description>
</item>
<item>
<title>Digit_Expansions</title>
<link>/theories/digit_expansions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/digit_expansions/</guid>
<description></description>
</item>
<item>
<title>Dijkstra_Shortest_Path</title>
<link>/theories/dijkstra_shortest_path/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dijkstra_shortest_path/</guid>
<description></description>
</item>
<item>
<title>Diophantine_Eqns_Lin_Hom</title>
<link>/theories/diophantine_eqns_lin_hom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/diophantine_eqns_lin_hom/</guid>
<description></description>
</item>
<item>
<title>Dirichlet_L</title>
<link>/theories/dirichlet_l/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dirichlet_l/</guid>
<description></description>
</item>
<item>
<title>Dirichlet_Series</title>
<link>/theories/dirichlet_series/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dirichlet_series/</guid>
<description></description>
</item>
<item>
<title>Discrete_Summation</title>
<link>/theories/discrete_summation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/discrete_summation/</guid>
<description></description>
</item>
<item>
<title>DiscretePricing</title>
<link>/theories/discretepricing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/discretepricing/</guid>
<description></description>
</item>
<item>
<title>DiskPaxos</title>
<link>/theories/diskpaxos/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/diskpaxos/</guid>
<description></description>
</item>
<item>
<title>DOM_Components</title>
<link>/theories/dom_components/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dom_components/</guid>
<description></description>
</item>
<item>
<title>Dominance_CHK</title>
<link>/theories/dominance_chk/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dominance_chk/</guid>
<description></description>
</item>
<item>
<title>Download the Archive</title>
<link>/download/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/download/</guid>
<description>Current stable version (for most recent Isabelle release): Download all sessions: afp-current.tar.gz (~70 MB)
Older stable versions: Please use the sourceforge download system to access older versions of the archive.
Mercurial access: The AFP repositories with tooling and metadata can be found at Heptapod. In particular, the development version of the Archive (for the development version of Isabelle) is available there.
How to refer to AFP entries: You can refer to AFP entries by using the AFP as an Isabelle component.</description>
</item>
<item>
<title>DPRM_Theorem</title>
<link>/theories/dprm_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dprm_theorem/</guid>
<description></description>
</item>
<item>
<title>DPT-SAT-Solver</title>
<link>/theories/dpt-sat-solver/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dpt-sat-solver/</guid>
<description></description>
</item>
<item>
<title>Dynamic_Tables</title>
<link>/theories/dynamic_tables/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dynamic_tables/</guid>
<description></description>
</item>
<item>
<title>DynamicArchitectures</title>
<link>/theories/dynamicarchitectures/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dynamicarchitectures/</guid>
<description></description>
</item>
<item>
<title>E_Transcendental</title>
<link>/theories/e_transcendental/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/e_transcendental/</guid>
<description></description>
</item>
<item>
<title>Echelon_Form</title>
<link>/theories/echelon_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/echelon_form/</guid>
<description></description>
</item>
<item>
<title>EdmondsKarp_Maxflow</title>
<link>/theories/edmondskarp_maxflow/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/edmondskarp_maxflow/</guid>
<description></description>
</item>
<item>
<title>Efficient-Mergesort</title>
<link>/theories/efficient-mergesort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/efficient-mergesort/</guid>
<description></description>
</item>
<item>
<title>Elliptic_Curves_Group_Law</title>
<link>/theories/elliptic_curves_group_law/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/elliptic_curves_group_law/</guid>
<description></description>
</item>
<item>
<title>Encodability_Process_Calculi</title>
<link>/theories/encodability_process_calculi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/encodability_process_calculi/</guid>
<description></description>
</item>
<item>
<title>Entry Submission</title>
<link>/submission/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/submission/</guid>
<description>Submission Guidelines The submission must follow the following Isabelle style rules. For additional guidelines on Isabelle proofs, also see the this guide (feel free to follow all of these; only the below are mandatory). Technical details about the submission process and the format of the submission are explained on the submission site.
No use of the commands sorry or back. Instantiations must not use Isabelle-generated names such as xa — use Isar, the subgoal command or rename_tac to avoid such names.</description>
</item>
<item>
<title>Epistemic_Logic</title>
<link>/theories/epistemic_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/epistemic_logic/</guid>
<description></description>
</item>
<item>
<title>Equivalence_Relation_Enumeration</title>
<link>/theories/equivalence_relation_enumeration/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/equivalence_relation_enumeration/</guid>
<description></description>
</item>
<item>
<title>Ergodic_Theory</title>
<link>/theories/ergodic_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ergodic_theory/</guid>
<description></description>
</item>
<item>
<title>Error_Function</title>
<link>/theories/error_function/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/error_function/</guid>
<description></description>
</item>
<item>
<title>Euler_MacLaurin</title>
<link>/theories/euler_maclaurin/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/euler_maclaurin/</guid>
<description></description>
</item>
<item>
<title>Euler_Partition</title>
<link>/theories/euler_partition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/euler_partition/</guid>
<description></description>
</item>
<item>
<title>Eval_FO</title>
<link>/theories/eval_fo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/eval_fo/</guid>
<description></description>
</item>
<item>
<title>Extended_Finite_State_Machine_Inference</title>
<link>/theories/extended_finite_state_machine_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/extended_finite_state_machine_inference/</guid>
<description></description>
</item>
<item>
<title>Extended_Finite_State_Machines</title>
<link>/theories/extended_finite_state_machines/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/extended_finite_state_machines/</guid>
<description></description>
</item>
<item>
<title>Factor_Algebraic_Polynomial</title>
<link>/theories/factor_algebraic_polynomial/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/factor_algebraic_polynomial/</guid>
<description></description>
</item>
<item>
<title>Factored_Transition_System_Bounding</title>
<link>/theories/factored_transition_system_bounding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/factored_transition_system_bounding/</guid>
<description></description>
</item>
<item>
<title>Falling_Factorial_Sum</title>
<link>/theories/falling_factorial_sum/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/falling_factorial_sum/</guid>
<description></description>
</item>
<item>
<title>Farkas</title>
<link>/theories/farkas/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/farkas/</guid>
<description></description>
</item>
<item>
<title>Featherweight_OCL</title>
<link>/theories/featherweight_ocl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/featherweight_ocl/</guid>
<description></description>
</item>
<item>
<title>FeatherweightJava</title>
<link>/theories/featherweightjava/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/featherweightjava/</guid>
<description></description>
</item>
<item>
<title>Fermat3_4</title>
<link>/theories/fermat3_4/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fermat3_4/</guid>
<description></description>
</item>
<item>
<title>FFT</title>
<link>/theories/fft/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fft/</guid>
<description></description>
</item>
<item>
<title>FileRefinement</title>
<link>/theories/filerefinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/filerefinement/</guid>
<description></description>
</item>
<item>
<title>FinFun</title>
<link>/theories/finfun/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finfun/</guid>
<description></description>
</item>
<item>
<title>Finger-Trees</title>
<link>/theories/finger-trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finger-trees/</guid>
<description></description>
</item>
<item>
<title>Finite-Map-Extras</title>
<link>/theories/finite-map-extras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finite-map-extras/</guid>
<description></description>
</item>
<item>
<title>Finite_Automata_HF</title>
<link>/theories/finite_automata_hf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finite_automata_hf/</guid>
<description></description>
</item>
<item>
<title>Finite_Fields</title>
<link>/theories/finite_fields/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finite_fields/</guid>
<description></description>
</item>
<item>
<title>Finitely_Generated_Abelian_Groups</title>
<link>/theories/finitely_generated_abelian_groups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finitely_generated_abelian_groups/</guid>
<description></description>
</item>
<item>
<title>First_Order_Terms</title>
<link>/theories/first_order_terms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/first_order_terms/</guid>
<description></description>
</item>
<item>
<title>First_Welfare_Theorem</title>
<link>/theories/first_welfare_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/first_welfare_theorem/</guid>
<description></description>
</item>
<item>
<title>Fishburn_Impossibility</title>
<link>/theories/fishburn_impossibility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fishburn_impossibility/</guid>
<description></description>
</item>
<item>
<title>Fisher_Yates</title>
<link>/theories/fisher_yates/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fisher_yates/</guid>
<description></description>
</item>
<item>
<title>Fishers_Inequality</title>
<link>/theories/fishers_inequality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fishers_inequality/</guid>
<description></description>
</item>
<item>
<title>Flow_Networks</title>
<link>/theories/flow_networks/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/flow_networks/</guid>
<description></description>
</item>
<item>
<title>Floyd_Warshall</title>
<link>/theories/floyd_warshall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/floyd_warshall/</guid>
<description></description>
</item>
<item>
<title>FLP</title>
<link>/theories/flp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/flp/</guid>
<description></description>
</item>
<item>
<title>Flyspeck-Tame</title>
<link>/theories/flyspeck-tame/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/flyspeck-tame/</guid>
<description></description>
</item>
<item>
<title>Flyspeck-Tame-Computation</title>
<link>/theories/flyspeck-tame-computation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/flyspeck-tame-computation/</guid>
<description></description>
</item>
<item>
<title>FO_Theory_Rewriting</title>
<link>/theories/fo_theory_rewriting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fo_theory_rewriting/</guid>
<description></description>
</item>
<item>
<title>FocusStreamsCaseStudies</title>
<link>/theories/focusstreamscasestudies/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/focusstreamscasestudies/</guid>
<description></description>
</item>
<item>
<title>FOL-Fitting</title>
<link>/theories/fol-fitting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol-fitting/</guid>
<description></description>
</item>
<item>
<title>FOL_Axiomatic</title>
<link>/theories/fol_axiomatic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol_axiomatic/</guid>
<description></description>
</item>
<item>
<title>FOL_Harrison</title>
<link>/theories/fol_harrison/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol_harrison/</guid>
<description></description>
</item>
<item>
<title>FOL_Seq_Calc1</title>
<link>/theories/fol_seq_calc1/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol_seq_calc1/</guid>
<description></description>
</item>
<item>
<title>FOL_Seq_Calc2</title>
<link>/theories/fol_seq_calc2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol_seq_calc2/</guid>
<description></description>
</item>
<item>
<title>FOL_Seq_Calc3</title>
<link>/theories/fol_seq_calc3/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol_seq_calc3/</guid>
<description></description>
</item>
<item>
<title>Forcing</title>
<link>/theories/forcing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/forcing/</guid>
<description></description>
</item>
<item>
<title>Formal_Puiseux_Series</title>
<link>/theories/formal_puiseux_series/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/formal_puiseux_series/</guid>
<description></description>
</item>
<item>
<title>Formal_SSA</title>
<link>/theories/formal_ssa/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/formal_ssa/</guid>
<description></description>
</item>
<item>
<title>Formula_Derivatives</title>
<link>/theories/formula_derivatives/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/formula_derivatives/</guid>
<description></description>
</item>
<item>
<title>Formula_Derivatives-Examples</title>
<link>/theories/formula_derivatives-examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/formula_derivatives-examples/</guid>
<description></description>
</item>
<item>
<title>Foundation_of_geometry</title>
<link>/theories/foundation_of_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/foundation_of_geometry/</guid>
<description></description>
</item>
<item>
<title>Fourier</title>
<link>/theories/fourier/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fourier/</guid>
<description></description>
</item>
<item>
<title>Free-Boolean-Algebra</title>
<link>/theories/free-boolean-algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/free-boolean-algebra/</guid>
<description></description>
</item>
<item>
<title>Free-Groups</title>
<link>/theories/free-groups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/free-groups/</guid>
<description></description>
</item>
<item>
<title>Frequency_Moments</title>
<link>/theories/frequency_moments/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/frequency_moments/</guid>
<description></description>
</item>
<item>
<title>Fresh_Identifiers</title>
<link>/theories/fresh_identifiers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fresh_identifiers/</guid>
<description></description>
</item>
<item>
<title>FSM_Tests</title>
<link>/theories/fsm_tests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fsm_tests/</guid>
<description></description>
</item>
<item>
<title>Functional-Automata</title>
<link>/theories/functional-automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/functional-automata/</guid>
<description></description>
</item>
<item>
<title>Functional_Ordered_Resolution_Prover</title>
<link>/theories/functional_ordered_resolution_prover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/functional_ordered_resolution_prover/</guid>
<description></description>
</item>
<item>
<title>FunWithFunctions</title>
<link>/theories/funwithfunctions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/funwithfunctions/</guid>
<description></description>
</item>
<item>
<title>FunWithTilings</title>
<link>/theories/funwithtilings/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/funwithtilings/</guid>
<description></description>
</item>
<item>
<title>Furstenberg_Topology</title>
<link>/theories/furstenberg_topology/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/furstenberg_topology/</guid>
<description></description>
</item>
<item>
<title>Gabow_SCC</title>
<link>/theories/gabow_scc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gabow_scc/</guid>
<description></description>
</item>
<item>
<title>Gale_Shapley</title>
<link>/theories/gale_shapley/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gale_shapley/</guid>
<description></description>
</item>
<item>
<title>GaleStewart_Games</title>
<link>/theories/galestewart_games/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/galestewart_games/</guid>
<description></description>
</item>
<item>
<title>Game_Based_Crypto</title>
<link>/theories/game_based_crypto/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/game_based_crypto/</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan-Elim-Fun</title>
<link>/theories/gauss-jordan-elim-fun/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gauss-jordan-elim-fun/</guid>
<description></description>
</item>
<item>
<title>Gauss_Jordan</title>
<link>/theories/gauss_jordan/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gauss_jordan/</guid>
<description></description>
</item>
<item>
<title>Gauss_Sums</title>
<link>/theories/gauss_sums/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gauss_sums/</guid>
<description></description>
</item>
<item>
<title>Gaussian_Integers</title>
<link>/theories/gaussian_integers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gaussian_integers/</guid>
<description></description>
</item>
<item>
<title>GenClock</title>
<link>/theories/genclock/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/genclock/</guid>
<description></description>
</item>
<item>
<title>General-Triangle</title>
<link>/theories/general-triangle/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/general-triangle/</guid>
<description></description>
</item>
<item>
<title>Generalized_Counting_Sort</title>
<link>/theories/generalized_counting_sort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/generalized_counting_sort/</guid>
<description></description>
</item>
<item>
<title>Generic_Deriving</title>
<link>/theories/generic_deriving/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/generic_deriving/</guid>
<description></description>
</item>
<item>
<title>Generic_Join</title>
<link>/theories/generic_join/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/generic_join/</guid>
<description></description>
</item>
<item>
<title>GewirthPGCProof</title>
<link>/theories/gewirthpgcproof/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gewirthpgcproof/</guid>
<description></description>
</item>
<item>
<title>Girth_Chromatic</title>
<link>/theories/girth_chromatic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/girth_chromatic/</guid>
<description></description>
</item>
<item>
<title>Goedel_HFSet_Semantic</title>
<link>/theories/goedel_hfset_semantic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/goedel_hfset_semantic/</guid>
<description></description>
</item>
<item>
<title>Goedel_HFSet_Semanticless</title>
<link>/theories/goedel_hfset_semanticless/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/goedel_hfset_semanticless/</guid>
<description></description>
</item>
<item>
<title>Goedel_Incompleteness</title>
<link>/theories/goedel_incompleteness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/goedel_incompleteness/</guid>
<description></description>
</item>
<item>
<title>GoedelGod</title>
<link>/theories/goedelgod/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/goedelgod/</guid>
<description></description>
</item>
<item>
<title>Goodstein_Lambda</title>
<link>/theories/goodstein_lambda/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/goodstein_lambda/</guid>
<description></description>
</item>
<item>
<title>GPU_Kernel_PL</title>
<link>/theories/gpu_kernel_pl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gpu_kernel_pl/</guid>
<description></description>
</item>
<item>
<title>Graph_Saturation</title>
<link>/theories/graph_saturation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/graph_saturation/</guid>
<description></description>
</item>
<item>
<title>Graph_Theory</title>
<link>/theories/graph_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/graph_theory/</guid>
<description></description>
</item>
<item>
<title>GraphMarkingIBP</title>
<link>/theories/graphmarkingibp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/graphmarkingibp/</guid>
<description></description>
</item>
<item>
<title>Green</title>
<link>/theories/green/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/green/</guid>
<description></description>
</item>
<item>
<title>Groebner_Bases</title>
<link>/theories/groebner_bases/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/groebner_bases/</guid>
<description></description>
</item>
<item>
<title>Groebner_Macaulay</title>
<link>/theories/groebner_macaulay/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/groebner_macaulay/</guid>
<description></description>
</item>
<item>
<title>Gromov_Hyperbolicity</title>
<link>/theories/gromov_hyperbolicity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gromov_hyperbolicity/</guid>
<description></description>
</item>
<item>
<title>Grothendieck_Schemes</title>
<link>/theories/grothendieck_schemes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/grothendieck_schemes/</guid>
<description></description>
</item>
<item>
<title>Group-Ring-Module</title>
<link>/theories/group-ring-module/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/group-ring-module/</guid>
<description></description>
</item>
<item>
<title>Hahn_Jordan_Decomposition</title>
<link>/theories/hahn_jordan_decomposition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hahn_jordan_decomposition/</guid>
<description></description>
</item>
<item>
<title>Hales_Jewett</title>
<link>/theories/hales_jewett/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hales_jewett/</guid>
<description></description>
</item>
<item>
<title>Heard_Of</title>
<link>/theories/heard_of/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/heard_of/</guid>
<description></description>
</item>
<item>
<title>Hello_World</title>
<link>/theories/hello_world/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hello_world/</guid>
<description></description>
</item>
<item>
<title>Help</title>
<link>/help/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/help/</guid>
<description>This section focuses on the Archive of Formal Proofs. For help with Isabelle, see the Isabelle Documentation. More resources are listed in the Isabelle Quick Access Links.
Referring to AFP Entries in Isabelle/JEdit Once you have downloaded the AFP, you can include its articles and theories in your own developments. If you would like to make your work available to others without having to include the AFP articles you depend on, here is how to do it.</description>
</item>
<item>
<title>HereditarilyFinite</title>
<link>/theories/hereditarilyfinite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hereditarilyfinite/</guid>
<description></description>
</item>
<item>
<title>Hermite</title>
<link>/theories/hermite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hermite/</guid>
<description></description>
</item>
<item>
<title>Hermite_Lindemann</title>
<link>/theories/hermite_lindemann/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hermite_lindemann/</guid>
<description></description>
</item>
<item>
<title>Hidden_Markov_Models</title>
<link>/theories/hidden_markov_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hidden_markov_models/</guid>
<description></description>
</item>
<item>
<title>Higher_Order_Terms</title>
<link>/theories/higher_order_terms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/higher_order_terms/</guid>
<description></description>
</item>
<item>
<title>Hoare_Time</title>
<link>/theories/hoare_time/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hoare_time/</guid>
<description></description>
</item>
<item>
<title>HOL-CSP</title>
<link>/theories/hol-csp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hol-csp/</guid>
<description></description>
</item>
<item>
<title>HOL-ODE-ARCH-COMP</title>
<link>/theories/hol-ode-arch-comp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hol-ode-arch-comp/</guid>
<description></description>
</item>
<item>
<title>HOL-ODE-Examples</title>
<link>/theories/hol-ode-examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hol-ode-examples/</guid>
<description></description>
</item>
<item>
<title>HOL-ODE-Numerics</title>
<link>/theories/hol-ode-numerics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hol-ode-numerics/</guid>
<description></description>
</item>
<item>
<title>HOLCF-Prelude</title>
<link>/theories/holcf-prelude/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/holcf-prelude/</guid>
<description></description>
</item>
<item>
<title>Hood_Melville_Queue</title>
<link>/theories/hood_melville_queue/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hood_melville_queue/</guid>
<description></description>
</item>
<item>
<title>HotelKeyCards</title>
<link>/theories/hotelkeycards/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hotelkeycards/</guid>
<description></description>
</item>
<item>
<title>HRB-Slicing</title>
<link>/theories/hrb-slicing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hrb-slicing/</guid>
<description></description>
</item>
<item>
<title>Huffman</title>
<link>/theories/huffman/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/huffman/</guid>
<description></description>
</item>
<item>
<title>Hybrid_Logic</title>
<link>/theories/hybrid_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hybrid_logic/</guid>
<description></description>
</item>
<item>
<title>Hybrid_Multi_Lane_Spatial_Logic</title>
<link>/theories/hybrid_multi_lane_spatial_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hybrid_multi_lane_spatial_logic/</guid>
<description></description>
</item>
<item>
<title>Hybrid_Systems_VCs</title>
<link>/theories/hybrid_systems_vcs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hybrid_systems_vcs/</guid>
<description></description>
</item>
<item>
<title>HyperCTL</title>
<link>/theories/hyperctl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hyperctl/</guid>
<description></description>
</item>
<item>
<title>Hyperdual</title>
<link>/theories/hyperdual/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hyperdual/</guid>
<description></description>
</item>
<item>
<title>IEEE_Floating_Point</title>
<link>/theories/ieee_floating_point/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ieee_floating_point/</guid>
<description></description>
</item>
<item>
<title>IFC_Tracking</title>
<link>/theories/ifc_tracking/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ifc_tracking/</guid>
<description></description>
</item>
<item>
<title>IMAP-CRDT</title>
<link>/theories/imap-crdt/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imap-crdt/</guid>
<description></description>
</item>
<item>
<title>IMO2019</title>
<link>/theories/imo2019/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imo2019/</guid>
<description></description>
</item>
<item>
<title>IMP2</title>
<link>/theories/imp2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imp2/</guid>
<description></description>
</item>
<item>
<title>IMP2_Binary_Heap</title>
<link>/theories/imp2_binary_heap/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imp2_binary_heap/</guid>
<description></description>
</item>
<item>
<title>IMP_Compiler</title>
<link>/theories/imp_compiler/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imp_compiler/</guid>
<description></description>
</item>
<item>
<title>IMP_Compiler_Reuse</title>
<link>/theories/imp_compiler_reuse/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imp_compiler_reuse/</guid>
<description></description>
</item>
<item>
<title>Imperative_Insertion_Sort</title>
<link>/theories/imperative_insertion_sort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imperative_insertion_sort/</guid>
<description></description>
</item>
<item>
<title>Implicational_Logic</title>
<link>/theories/implicational_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/implicational_logic/</guid>
<description></description>
</item>
<item>
<title>Impossible_Geometry</title>
<link>/theories/impossible_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/impossible_geometry/</guid>
<description></description>
</item>
<item>
<title>Incompleteness</title>
<link>/theories/incompleteness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/incompleteness/</guid>
<description></description>
</item>
<item>
<title>Incredible_Proof_Machine</title>
<link>/theories/incredible_proof_machine/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/incredible_proof_machine/</guid>
<description></description>
</item>
<item>
<title>Independence_CH</title>
<link>/theories/independence_ch/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/independence_ch/</guid>
<description></description>
</item>
<item>
<title>Inductive_Confidentiality</title>
<link>/theories/inductive_confidentiality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/inductive_confidentiality/</guid>
<description></description>
</item>
<item>
<title>Inductive_Inference</title>
<link>/theories/inductive_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/inductive_inference/</guid>
<description></description>
</item>
<item>
<title>InformationFlowSlicing</title>
<link>/theories/informationflowslicing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/informationflowslicing/</guid>
<description></description>
</item>
<item>
<title>InformationFlowSlicing_Inter</title>
<link>/theories/informationflowslicing_inter/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/informationflowslicing_inter/</guid>
<description></description>
</item>
<item>
<title>InfPathElimination</title>
<link>/theories/infpathelimination/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/infpathelimination/</guid>
<description></description>
</item>
<item>
<title>Integration</title>
<link>/theories/integration/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/integration/</guid>
<description></description>
</item>
<item>
<title>Interpolation_Polynomials_HOL_Algebra</title>
<link>/theories/interpolation_polynomials_hol_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/interpolation_polynomials_hol_algebra/</guid>
<description></description>
</item>
<item>
<title>Interpreter_Optimizations</title>
<link>/theories/interpreter_optimizations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/interpreter_optimizations/</guid>
<description></description>
</item>
<item>
<title>Interval_Arithmetic_Word32</title>
<link>/theories/interval_arithmetic_word32/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/interval_arithmetic_word32/</guid>
<description></description>
</item>
<item>
<title>Intro_Dest_Elim</title>
<link>/theories/intro_dest_elim/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/intro_dest_elim/</guid>
<description></description>
</item>
<item>
<title>Involutions2Squares</title>
<link>/theories/involutions2squares/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/involutions2squares/</guid>
<description></description>
</item>
<item>
<title>IP_Addresses</title>
<link>/theories/ip_addresses/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ip_addresses/</guid>
<description></description>
</item>
<item>
<title>Iptables_Semantics</title>
<link>/theories/iptables_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/iptables_semantics/</guid>
<description></description>
</item>
<item>
<title>Iptables_Semantics_Examples</title>
<link>/theories/iptables_semantics_examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/iptables_semantics_examples/</guid>
<description></description>
</item>
<item>
<title>Iptables_Semantics_Examples_Big</title>
<link>/theories/iptables_semantics_examples_big/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/iptables_semantics_examples_big/</guid>
<description></description>
</item>
<item>
<title>Irrational_Series_Erdos_Straus</title>
<link>/theories/irrational_series_erdos_straus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/irrational_series_erdos_straus/</guid>
<description></description>
</item>
<item>
<title>Irrationality_J_Hancl</title>
<link>/theories/irrationality_j_hancl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/irrationality_j_hancl/</guid>
<description></description>
</item>
<item>
<title>Irrationals_From_THEBOOK</title>
<link>/theories/irrationals_from_thebook/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/irrationals_from_thebook/</guid>
<description></description>
</item>
<item>
<title>Isabelle_C</title>
<link>/theories/isabelle_c/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/isabelle_c/</guid>
<description></description>
</item>
<item>
<title>Isabelle_Marries_Dirac</title>
<link>/theories/isabelle_marries_dirac/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/isabelle_marries_dirac/</guid>
<description></description>
</item>
<item>
<title>Isabelle_Meta_Model</title>
<link>/theories/isabelle_meta_model/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/isabelle_meta_model/</guid>
<description></description>
</item>
<item>
<title>IsaGeoCoq</title>
<link>/theories/isageocoq/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/isageocoq/</guid>
<description></description>
</item>
<item>
<title>IsaNet</title>
<link>/theories/isanet/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/isanet/</guid>
<description></description>
</item>
<item>
<title>Jacobson_Basic_Algebra</title>
<link>/theories/jacobson_basic_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jacobson_basic_algebra/</guid>
<description></description>
</item>
<item>
<title>Jinja</title>
<link>/theories/jinja/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jinja/</guid>
<description></description>
</item>
<item>
<title>JinjaDCI</title>
<link>/theories/jinjadci/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jinjadci/</guid>
<description></description>
</item>
<item>
<title>JinjaThreads</title>
<link>/theories/jinjathreads/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jinjathreads/</guid>
<description></description>
</item>
<item>
<title>JiveDataStoreModel</title>
<link>/theories/jivedatastoremodel/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jivedatastoremodel/</guid>
<description></description>
</item>
<item>
<title>Jordan_Hoelder</title>
<link>/theories/jordan_hoelder/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jordan_hoelder/</guid>
<description></description>
</item>
<item>
<title>Jordan_Normal_Form</title>
<link>/theories/jordan_normal_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jordan_normal_form/</guid>
<description></description>
</item>
<item>
<title>KAD</title>
<link>/theories/kad/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kad/</guid>
<description></description>
</item>
<item>
<title>KAT_and_DRA</title>
<link>/theories/kat_and_dra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kat_and_dra/</guid>
<description></description>
</item>
<item>
<title>KBPs</title>
<link>/theories/kbps/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kbps/</guid>
<description></description>
</item>
<item>
<title>KD_Tree</title>
<link>/theories/kd_tree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kd_tree/</guid>
<description></description>
</item>
<item>
<title>Key_Agreement_Strong_Adversaries</title>
<link>/theories/key_agreement_strong_adversaries/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/key_agreement_strong_adversaries/</guid>
<description></description>
</item>
<item>
<title>Khovanskii_Theorem</title>
<link>/theories/khovanskii_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/khovanskii_theorem/</guid>
<description></description>
</item>
<item>
<title>Kleene_Algebra</title>
<link>/theories/kleene_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kleene_algebra/</guid>
<description></description>
</item>
<item>
<title>Knights_Tour</title>
<link>/theories/knights_tour/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/knights_tour/</guid>
<description></description>
</item>
<item>
<title>Knot_Theory</title>
<link>/theories/knot_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/knot_theory/</guid>
<description></description>
</item>
<item>
<title>Knuth_Bendix_Order</title>
<link>/theories/knuth_bendix_order/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/knuth_bendix_order/</guid>
<description></description>
</item>
<item>
<title>Knuth_Morris_Pratt</title>
<link>/theories/knuth_morris_pratt/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/knuth_morris_pratt/</guid>
<description></description>
</item>
<item>
<title>Koenigsberg_Friendship</title>
<link>/theories/koenigsberg_friendship/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/koenigsberg_friendship/</guid>
<description></description>
</item>
<item>
<title>Kruskal</title>
<link>/theories/kruskal/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kruskal/</guid>
<description></description>
</item>
<item>
<title>Kuratowski_Closure_Complement</title>
<link>/theories/kuratowski_closure_complement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kuratowski_closure_complement/</guid>
<description></description>
</item>
<item>
<title>Lam-ml-Normalization</title>
<link>/theories/lam-ml-normalization/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lam-ml-normalization/</guid>
<description></description>
</item>
<item>
<title>Lambda_Free_EPO</title>
<link>/theories/lambda_free_epo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambda_free_epo/</guid>
<description></description>
</item>
<item>
<title>Lambda_Free_KBOs</title>
<link>/theories/lambda_free_kbos/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambda_free_kbos/</guid>
<description></description>
</item>
<item>
<title>Lambda_Free_RPOs</title>
<link>/theories/lambda_free_rpos/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambda_free_rpos/</guid>
<description></description>
</item>
<item>
<title>LambdaAuth</title>
<link>/theories/lambdaauth/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambdaauth/</guid>
<description></description>
</item>
<item>
<title>LambdaMu</title>
<link>/theories/lambdamu/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambdamu/</guid>
<description></description>
</item>
<item>
<title>Lambert_W</title>
<link>/theories/lambert_w/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambert_w/</guid>
<description></description>
</item>
<item>
<title>Landau_Symbols</title>
<link>/theories/landau_symbols/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/landau_symbols/</guid>
<description></description>
</item>
<item>
<title>Laplace_Transform</title>
<link>/theories/laplace_transform/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/laplace_transform/</guid>
<description></description>
</item>
<item>
<title>Latin_Square</title>
<link>/theories/latin_square/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/latin_square/</guid>
<description></description>
</item>
<item>
<title>LatticeProperties</title>
<link>/theories/latticeproperties/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/latticeproperties/</guid>
<description></description>
</item>
<item>
<title>Launchbury</title>
<link>/theories/launchbury/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/launchbury/</guid>
<description></description>
</item>
<item>
<title>Laws_of_Large_Numbers</title>
<link>/theories/laws_of_large_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/laws_of_large_numbers/</guid>
<description></description>
</item>
<item>
<title>Lazy-Lists-II</title>
<link>/theories/lazy-lists-ii/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lazy-lists-ii/</guid>
<description></description>
</item>
<item>
<title>Lazy_Case</title>
<link>/theories/lazy_case/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lazy_case/</guid>
<description></description>
</item>
<item>
<title>Lehmer</title>
<link>/theories/lehmer/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lehmer/</guid>
<description></description>
</item>
<item>
<title>LEM</title>
<link>/theories/lem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lem/</guid>
<description></description>
</item>
<item>
<title>Lifting_Definition_Option</title>
<link>/theories/lifting_definition_option/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lifting_definition_option/</guid>
<description></description>
</item>
<item>
<title>Lifting_the_Exponent</title>
<link>/theories/lifting_the_exponent/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lifting_the_exponent/</guid>
<description></description>
</item>
<item>
<title>LightweightJava</title>
<link>/theories/lightweightjava/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lightweightjava/</guid>
<description></description>
</item>
<item>
<title>Linear_Inequalities</title>
<link>/theories/linear_inequalities/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/linear_inequalities/</guid>
<description></description>
</item>
<item>
<title>Linear_Programming</title>
<link>/theories/linear_programming/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/linear_programming/</guid>
<description></description>
</item>
<item>
<title>Linear_Recurrences</title>
<link>/theories/linear_recurrences/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/linear_recurrences/</guid>
<description></description>
</item>
<item>
<title>Linear_Recurrences_Solver</title>
<link>/theories/linear_recurrences_solver/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/linear_recurrences_solver/</guid>
<description></description>
</item>
<item>
<title>LinearQuantifierElim</title>
<link>/theories/linearquantifierelim/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/linearquantifierelim/</guid>
<description></description>
</item>
<item>
<title>Liouville_Numbers</title>
<link>/theories/liouville_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/liouville_numbers/</guid>
<description></description>
</item>
<item>
<title>List-Index</title>
<link>/theories/list-index/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/list-index/</guid>
<description></description>
</item>
<item>
<title>List-Infinite</title>
<link>/theories/list-infinite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/list-infinite/</guid>
<description></description>
</item>
<item>
<title>List_Interleaving</title>
<link>/theories/list_interleaving/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/list_interleaving/</guid>
<description></description>
</item>
<item>
<title>List_Inversions</title>
<link>/theories/list_inversions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/list_inversions/</guid>
<description></description>
</item>
<item>
<title>List_Update</title>
<link>/theories/list_update/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/list_update/</guid>
<description></description>
</item>
<item>
<title>LLL_Basis_Reduction</title>
<link>/theories/lll_basis_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lll_basis_reduction/</guid>
<description></description>
</item>
<item>
<title>LLL_Factorization</title>
<link>/theories/lll_factorization/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lll_factorization/</guid>
<description></description>
</item>
<item>
<title>Localization_Ring</title>
<link>/theories/localization_ring/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/localization_ring/</guid>
<description></description>
</item>
<item>
<title>LocalLexing</title>
<link>/theories/locallexing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/locallexing/</guid>
<description></description>
</item>
<item>
<title>Locally-Nameless-Sigma</title>
<link>/theories/locally-nameless-sigma/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/locally-nameless-sigma/</guid>
<description></description>
</item>
<item>
<title>LOFT</title>
<link>/theories/loft/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/loft/</guid>
<description></description>
</item>
<item>
<title>Logging_Independent_Anonymity</title>
<link>/theories/logging_independent_anonymity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/logging_independent_anonymity/</guid>
<description></description>
</item>
<item>
<title>Lorenz_Approximation</title>
<link>/theories/lorenz_approximation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lorenz_approximation/</guid>
<description></description>
</item>
<item>
<title>Lorenz_C0</title>
<link>/theories/lorenz_c0/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lorenz_c0/</guid>
<description></description>
</item>
<item>
<title>Lorenz_C1</title>
<link>/theories/lorenz_c1/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lorenz_c1/</guid>
<description></description>
</item>
<item>
<title>Lowe_Ontological_Argument</title>
<link>/theories/lowe_ontological_argument/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lowe_ontological_argument/</guid>
<description></description>
</item>
<item>
<title>Lower_Semicontinuous</title>
<link>/theories/lower_semicontinuous/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lower_semicontinuous/</guid>
<description></description>
</item>
<item>
<title>Lp</title>
<link>/theories/lp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lp/</guid>
<description></description>
</item>
<item>
<title>LP_Duality</title>
<link>/theories/lp_duality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lp_duality/</guid>
<description></description>
</item>
<item>
<title>LTL</title>
<link>/theories/ltl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ltl/</guid>
<description></description>
</item>
<item>
<title>LTL_Master_Theorem</title>
<link>/theories/ltl_master_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ltl_master_theorem/</guid>
<description></description>
</item>
<item>
<title>LTL_Normal_Form</title>
<link>/theories/ltl_normal_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ltl_normal_form/</guid>
<description></description>
</item>
<item>
<title>LTL_to_DRA</title>
<link>/theories/ltl_to_dra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ltl_to_dra/</guid>
<description></description>
</item>
<item>
<title>LTL_to_GBA</title>
<link>/theories/ltl_to_gba/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ltl_to_gba/</guid>
<description></description>
</item>
<item>
<title>Lucas_Theorem</title>
<link>/theories/lucas_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lucas_theorem/</guid>
<description></description>
</item>
<item>
<title>Markov_Models</title>
<link>/theories/markov_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/markov_models/</guid>
<description></description>
</item>
<item>
<title>Marriage</title>
<link>/theories/marriage/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/marriage/</guid>
<description></description>
</item>
<item>
<title>Mason_Stothers</title>
<link>/theories/mason_stothers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mason_stothers/</guid>
<description></description>
</item>
<item>
<title>Matrices_for_ODEs</title>
<link>/theories/matrices_for_odes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/matrices_for_odes/</guid>
<description></description>
</item>
<item>
<title>Matrix</title>
<link>/theories/matrix/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/matrix/</guid>
<description></description>
</item>
<item>
<title>Matrix_Tensor</title>
<link>/theories/matrix_tensor/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/matrix_tensor/</guid>
<description></description>
</item>
<item>
<title>Matroids</title>
<link>/theories/matroids/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/matroids/</guid>
<description></description>
</item>
<item>
<title>Max-Card-Matching</title>
<link>/theories/max-card-matching/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/max-card-matching/</guid>
<description></description>
</item>
<item>
<title>Maximum_Segment_Sum</title>
<link>/theories/maximum_segment_sum/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/maximum_segment_sum/</guid>
<description></description>
</item>
<item>
<title>MDP-Algorithms</title>
<link>/theories/mdp-algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mdp-algorithms/</guid>
<description></description>
</item>
<item>
<title>MDP-Rewards</title>
<link>/theories/mdp-rewards/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mdp-rewards/</guid>
<description></description>
</item>
<item>
<title>Median_Method</title>
<link>/theories/median_method/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/median_method/</guid>
<description></description>
</item>
<item>
<title>Median_Of_Medians_Selection</title>
<link>/theories/median_of_medians_selection/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/median_of_medians_selection/</guid>
<description></description>
</item>
<item>
<title>Menger</title>
<link>/theories/menger/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/menger/</guid>
<description></description>
</item>
<item>
<title>Mereology</title>
<link>/theories/mereology/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mereology/</guid>
<description></description>
</item>
<item>
<title>Mersenne_Primes</title>
<link>/theories/mersenne_primes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mersenne_primes/</guid>
<description></description>
</item>
<item>
<title>Metalogic_ProofChecker</title>
<link>/theories/metalogic_proofchecker/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/metalogic_proofchecker/</guid>
<description></description>
</item>
<item>
<title>MFMC_Countable</title>
<link>/theories/mfmc_countable/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mfmc_countable/</guid>
<description></description>
</item>
<item>
<title>MFODL_Monitor_Optimized</title>
<link>/theories/mfodl_monitor_optimized/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mfodl_monitor_optimized/</guid>
<description></description>
</item>
<item>
<title>MFOTL_Monitor</title>
<link>/theories/mfotl_monitor/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mfotl_monitor/</guid>
<description></description>
</item>
<item>
<title>Minimal_SSA</title>
<link>/theories/minimal_ssa/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/minimal_ssa/</guid>
<description></description>
</item>
<item>
<title>MiniML</title>
<link>/theories/miniml/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/miniml/</guid>
<description></description>
</item>
<item>
<title>MiniSail</title>
<link>/theories/minisail/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/minisail/</guid>
<description></description>
</item>
<item>
<title>Minkowskis_Theorem</title>
<link>/theories/minkowskis_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/minkowskis_theorem/</guid>
<description></description>
</item>
<item>
<title>Minsky_Machines</title>
<link>/theories/minsky_machines/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/minsky_machines/</guid>
<description></description>
</item>
<item>
<title>Modal_Logics_for_NTS</title>
<link>/theories/modal_logics_for_nts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/modal_logics_for_nts/</guid>
<description></description>
</item>
<item>
<title>Modular_arithmetic_LLL_and_HNF_algorithms</title>
<link>/theories/modular_arithmetic_lll_and_hnf_algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/modular_arithmetic_lll_and_hnf_algorithms/</guid>
<description></description>
</item>
<item>
<title>Modular_Assembly_Kit_Security</title>
<link>/theories/modular_assembly_kit_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/modular_assembly_kit_security/</guid>
<description></description>
</item>
<item>
<title>Monad_Memo_DP</title>
<link>/theories/monad_memo_dp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/monad_memo_dp/</guid>
<description></description>
</item>
<item>
<title>Monad_Normalisation</title>
<link>/theories/monad_normalisation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/monad_normalisation/</guid>
<description></description>
</item>
<item>
<title>MonoBoolTranAlgebra</title>
<link>/theories/monobooltranalgebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/monobooltranalgebra/</guid>
<description></description>
</item>
<item>
<title>MonoidalCategory</title>
<link>/theories/monoidalcategory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/monoidalcategory/</guid>
<description></description>
</item>
<item>
<title>Monomorphic_Monad</title>
<link>/theories/monomorphic_monad/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/monomorphic_monad/</guid>
<description></description>
</item>
<item>
<title>MSO_Regex_Equivalence</title>
<link>/theories/mso_regex_equivalence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mso_regex_equivalence/</guid>
<description></description>
</item>
<item>
<title>MuchAdoAboutTwo</title>
<link>/theories/muchadoabouttwo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/muchadoabouttwo/</guid>
<description></description>
</item>
<item>
<title>Multi_Party_Computation</title>
<link>/theories/multi_party_computation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/multi_party_computation/</guid>
<description></description>
</item>
<item>
<title>Multirelations</title>
<link>/theories/multirelations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/multirelations/</guid>
<description></description>
</item>
<item>
<title>Multiset_Ordering_NPC</title>
<link>/theories/multiset_ordering_npc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/multiset_ordering_npc/</guid>
<description></description>
</item>
<item>
<title>Myhill-Nerode</title>
<link>/theories/myhill-nerode/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/myhill-nerode/</guid>
<description></description>
</item>
<item>
<title>Name_Carrying_Type_Inference</title>
<link>/theories/name_carrying_type_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/name_carrying_type_inference/</guid>
<description></description>
</item>
<item>
<title>Nano_JSON</title>
<link>/theories/nano_json/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nano_json/</guid>
<description></description>
</item>
<item>
<title>Nash_Williams</title>
<link>/theories/nash_williams/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nash_williams/</guid>
<description></description>
</item>
<item>
<title>Nat-Interval-Logic</title>
<link>/theories/nat-interval-logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nat-interval-logic/</guid>
<description></description>
</item>
<item>
<title>Native_Word</title>
<link>/theories/native_word/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/native_word/</guid>
<description></description>
</item>
<item>
<title>Nested_Multisets_Ordinals</title>
<link>/theories/nested_multisets_ordinals/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nested_multisets_ordinals/</guid>
<description></description>
</item>
<item>
<title>Network_Security_Policy_Verification</title>
<link>/theories/network_security_policy_verification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/network_security_policy_verification/</guid>
<description></description>
</item>
<item>
<title>Neumann_Morgenstern_Utility</title>
<link>/theories/neumann_morgenstern_utility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/neumann_morgenstern_utility/</guid>
<description></description>
</item>
<item>
<title>No_FTL_observers</title>
<link>/theories/no_ftl_observers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/no_ftl_observers/</guid>
<description></description>
</item>
<item>
<title>Nominal2</title>
<link>/theories/nominal2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nominal2/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Concurrent_Composition</title>
<link>/theories/noninterference_concurrent_composition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_concurrent_composition/</guid>
<description></description>
</item>
<item>
<title>Noninterference_CSP</title>
<link>/theories/noninterference_csp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_csp/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Generic_Unwinding</title>
<link>/theories/noninterference_generic_unwinding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_generic_unwinding/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Inductive_Unwinding</title>
<link>/theories/noninterference_inductive_unwinding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_inductive_unwinding/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Ipurge_Unwinding</title>
<link>/theories/noninterference_ipurge_unwinding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_ipurge_unwinding/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Sequential_Composition</title>
<link>/theories/noninterference_sequential_composition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_sequential_composition/</guid>
<description></description>
</item>
<item>
<title>NormByEval</title>
<link>/theories/normbyeval/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/normbyeval/</guid>
<description></description>
</item>
<item>
<title>Nullstellensatz</title>
<link>/theories/nullstellensatz/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nullstellensatz/</guid>
<description></description>
</item>
<item>
<title>Number_Theoretic_Transform</title>
<link>/theories/number_theoretic_transform/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/number_theoretic_transform/</guid>
<description></description>
</item>
<item>
<title>Octonions</title>
<link>/theories/octonions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/octonions/</guid>
<description></description>
</item>
<item>
<title>Old_Datatype_Show</title>
<link>/theories/old_datatype_show/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/old_datatype_show/</guid>
<description></description>
</item>
<item>
<title>Open_Induction</title>
<link>/theories/open_induction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/open_induction/</guid>
<description></description>
</item>
<item>
<title>OpSets</title>
<link>/theories/opsets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/opsets/</guid>
<description></description>
</item>
<item>
<title>Optics</title>
<link>/theories/optics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/optics/</guid>
<description></description>
</item>
<item>
<title>Optimal_BST</title>
<link>/theories/optimal_bst/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/optimal_bst/</guid>
<description></description>
</item>
<item>
<title>Orbit_Stabiliser</title>
<link>/theories/orbit_stabiliser/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/orbit_stabiliser/</guid>
<description></description>
</item>
<item>
<title>Order_Lattice_Props</title>
<link>/theories/order_lattice_props/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/order_lattice_props/</guid>
<description></description>
</item>
<item>
<title>Ordered_Resolution_Prover</title>
<link>/theories/ordered_resolution_prover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ordered_resolution_prover/</guid>
<description></description>
</item>
<item>
<title>Ordinal</title>
<link>/theories/ordinal/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ordinal/</guid>
<description></description>
</item>
<item>
<title>Ordinal_Partitions</title>
<link>/theories/ordinal_partitions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ordinal_partitions/</guid>
<description></description>
</item>
<item>
<title>Ordinals_and_Cardinals</title>
<link>/theories/ordinals_and_cardinals/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ordinals_and_cardinals/</guid>
<description></description>
</item>
<item>
<title>Ordinary_Differential_Equations</title>
<link>/theories/ordinary_differential_equations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ordinary_differential_equations/</guid>
<description></description>
</item>
<item>
<title>PAC_Checker</title>
<link>/theories/pac_checker/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pac_checker/</guid>
<description></description>
</item>
<item>
<title>Package_logic</title>
<link>/theories/package_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/package_logic/</guid>
<description></description>
</item>
<item>
<title>Padic_Field</title>
<link>/theories/padic_field/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/padic_field/</guid>
<description></description>
</item>
<item>
<title>Padic_Ints</title>
<link>/theories/padic_ints/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/padic_ints/</guid>
<description></description>
</item>
<item>
<title>Pairing_Heap</title>
<link>/theories/pairing_heap/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pairing_heap/</guid>
<description></description>
</item>
<item>
<title>PAL</title>
<link>/theories/pal/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pal/</guid>
<description></description>
</item>
<item>
<title>Paraconsistency</title>
<link>/theories/paraconsistency/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/paraconsistency/</guid>
<description></description>
</item>
<item>
<title>Parity_Game</title>
<link>/theories/parity_game/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/parity_game/</guid>
<description></description>
</item>
<item>
<title>Partial_Function_MR</title>
<link>/theories/partial_function_mr/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/partial_function_mr/</guid>
<description></description>
</item>
<item>
<title>Partial_Order_Reduction</title>
<link>/theories/partial_order_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/partial_order_reduction/</guid>
<description></description>
</item>
<item>
<title>Password_Authentication_Protocol</title>
<link>/theories/password_authentication_protocol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/password_authentication_protocol/</guid>
<description></description>
</item>
<item>
<title>PCF</title>
<link>/theories/pcf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pcf/</guid>
<description></description>
</item>
<item>
<title>Pell</title>
<link>/theories/pell/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pell/</guid>
<description></description>
</item>
<item>
<title>Perfect-Number-Thm</title>
<link>/theories/perfect-number-thm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/perfect-number-thm/</guid>
<description></description>
</item>
<item>
<title>Perron_Frobenius</title>
<link>/theories/perron_frobenius/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/perron_frobenius/</guid>
<description></description>
</item>
<item>
<title>pGCL</title>
<link>/theories/pgcl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pgcl/</guid>
<description></description>
</item>
<item>
<title>Physical_Quantities</title>
<link>/theories/physical_quantities/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/physical_quantities/</guid>
<description></description>
</item>
<item>
<title>Pi_Calculus</title>
<link>/theories/pi_calculus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pi_calculus/</guid>
<description></description>
</item>
<item>
<title>Pi_Transcendental</title>
<link>/theories/pi_transcendental/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pi_transcendental/</guid>
<description></description>
</item>
<item>
<title>Planarity_Certificates</title>
<link>/theories/planarity_certificates/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/planarity_certificates/</guid>
<description></description>
</item>
<item>
<title>PLM</title>
<link>/theories/plm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/plm/</guid>
<description></description>
</item>
<item>
<title>Pluennecke_Ruzsa_Inequality</title>
<link>/theories/pluennecke_ruzsa_inequality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pluennecke_ruzsa_inequality/</guid>
<description></description>
</item>
<item>
<title>Poincare_Bendixson</title>
<link>/theories/poincare_bendixson/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/poincare_bendixson/</guid>
<description></description>
</item>
<item>
<title>Poincare_Disc</title>
<link>/theories/poincare_disc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/poincare_disc/</guid>
<description></description>
</item>
<item>
<title>Polynomial_Factorization</title>
<link>/theories/polynomial_factorization/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/polynomial_factorization/</guid>
<description></description>
</item>
<item>
<title>Polynomial_Interpolation</title>
<link>/theories/polynomial_interpolation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/polynomial_interpolation/</guid>
<description></description>
</item>
<item>
<title>Polynomials</title>
<link>/theories/polynomials/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/polynomials/</guid>
<description></description>
</item>
<item>
<title>Pop_Refinement</title>
<link>/theories/pop_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pop_refinement/</guid>
<description></description>
</item>
<item>
<title>POPLmark-deBruijn</title>
<link>/theories/poplmark-debruijn/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/poplmark-debruijn/</guid>
<description></description>
</item>
<item>
<title>Posix-Lexing</title>
<link>/theories/posix-lexing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/posix-lexing/</guid>
<description></description>
</item>
<item>
<title>Possibilistic_Noninterference</title>
<link>/theories/possibilistic_noninterference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/possibilistic_noninterference/</guid>
<description></description>
</item>
<item>
<title>Power_Sum_Polynomials</title>
<link>/theories/power_sum_polynomials/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/power_sum_polynomials/</guid>
<description></description>
</item>
<item>
<title>Pratt_Certificate</title>
<link>/theories/pratt_certificate/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pratt_certificate/</guid>
<description></description>
</item>
<item>
<title>Prefix_Free_Code_Combinators</title>
<link>/theories/prefix_free_code_combinators/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prefix_free_code_combinators/</guid>
<description></description>
</item>
<item>
<title>Presburger-Automata</title>
<link>/theories/presburger-automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/presburger-automata/</guid>
<description></description>
</item>
<item>
<title>Prim_Dijkstra_Simple</title>
<link>/theories/prim_dijkstra_simple/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prim_dijkstra_simple/</guid>
<description></description>
</item>
<item>
<title>Prime_Distribution_Elementary</title>
<link>/theories/prime_distribution_elementary/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prime_distribution_elementary/</guid>
<description></description>
</item>
<item>
<title>Prime_Harmonic_Series</title>
<link>/theories/prime_harmonic_series/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prime_harmonic_series/</guid>
<description></description>
</item>
<item>
<title>Prime_Number_Theorem</title>
<link>/theories/prime_number_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prime_number_theorem/</guid>
<description></description>
</item>
<item>
<title>Priority_Queue_Braun</title>
<link>/theories/priority_queue_braun/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/priority_queue_braun/</guid>
<description></description>
</item>
<item>
<title>Priority_Search_Trees</title>
<link>/theories/priority_search_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/priority_search_trees/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_Noninterference</title>
<link>/theories/probabilistic_noninterference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/probabilistic_noninterference/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_Prime_Tests</title>
<link>/theories/probabilistic_prime_tests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/probabilistic_prime_tests/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_System_Zoo</title>
<link>/theories/probabilistic_system_zoo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/probabilistic_system_zoo/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_Timed_Automata</title>
<link>/theories/probabilistic_timed_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/probabilistic_timed_automata/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_While</title>
<link>/theories/probabilistic_while/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/probabilistic_while/</guid>
<description></description>
</item>
<item>
<title>Program-Conflict-Analysis</title>
<link>/theories/program-conflict-analysis/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/program-conflict-analysis/</guid>
<description></description>
</item>
<item>
<title>Progress_Tracking</title>
<link>/theories/progress_tracking/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/progress_tracking/</guid>
<description></description>
</item>
<item>
<title>Projective_Geometry</title>
<link>/theories/projective_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/projective_geometry/</guid>
<description></description>
</item>
<item>
<title>Projective_Measurements</title>
<link>/theories/projective_measurements/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/projective_measurements/</guid>
<description></description>
</item>
<item>
<title>Promela</title>
<link>/theories/promela/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/promela/</guid>
<description></description>
</item>
<item>
<title>Proof_Strategy_Language</title>
<link>/theories/proof_strategy_language/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/proof_strategy_language/</guid>
<description></description>
</item>
<item>
<title>Propositional_Proof_Systems</title>
<link>/theories/propositional_proof_systems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/propositional_proof_systems/</guid>
<description></description>
</item>
<item>
<title>PropResPI</title>
<link>/theories/proprespi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/proprespi/</guid>
<description></description>
</item>
<item>
<title>Prpu_Maxflow</title>
<link>/theories/prpu_maxflow/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prpu_maxflow/</guid>
<description></description>
</item>
<item>
<title>PSemigroupsConvolution</title>
<link>/theories/psemigroupsconvolution/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/psemigroupsconvolution/</guid>
<description></description>
</item>
<item>
<title>PseudoHoops</title>
<link>/theories/pseudohoops/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pseudohoops/</guid>
<description></description>
</item>
<item>
<title>Psi_Calculi</title>
<link>/theories/psi_calculi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/psi_calculi/</guid>
<description></description>
</item>
<item>
<title>Ptolemys_Theorem</title>
<link>/theories/ptolemys_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ptolemys_theorem/</guid>
<description></description>
</item>
<item>
<title>Public_Announcement_Logic</title>
<link>/theories/public_announcement_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/public_announcement_logic/</guid>
<description></description>
</item>
<item>
<title>QHLProver</title>
<link>/theories/qhlprover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/qhlprover/</guid>
<description></description>
</item>
<item>
<title>QR_Decomposition</title>
<link>/theories/qr_decomposition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/qr_decomposition/</guid>
<description></description>
</item>
<item>
<title>Quantales</title>
<link>/theories/quantales/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/quantales/</guid>
<description></description>
</item>
<item>
<title>Quasi_Borel_Spaces</title>
<link>/theories/quasi_borel_spaces/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/quasi_borel_spaces/</guid>
<description></description>
</item>
<item>
<title>Quaternions</title>
<link>/theories/quaternions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/quaternions/</guid>
<description></description>
</item>
<item>
+ <title>Query_Optimization</title>
+ <link>/theories/query_optimization/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+
+ <guid>/theories/query_optimization/</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>Quick_Sort_Cost</title>
<link>/theories/quick_sort_cost/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/quick_sort_cost/</guid>
<description></description>
</item>
<item>
<title>Ramsey-Infinite</title>
<link>/theories/ramsey-infinite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ramsey-infinite/</guid>
<description></description>
</item>
<item>
<title>Random_BSTs</title>
<link>/theories/random_bsts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/random_bsts/</guid>
<description></description>
</item>
<item>
<title>Random_Graph_Subgraph_Threshold</title>
<link>/theories/random_graph_subgraph_threshold/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/random_graph_subgraph_threshold/</guid>
<description></description>
</item>
<item>
<title>Randomised_BSTs</title>
<link>/theories/randomised_bsts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/randomised_bsts/</guid>
<description></description>
</item>
<item>
<title>Randomised_Social_Choice</title>
<link>/theories/randomised_social_choice/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/randomised_social_choice/</guid>
<description></description>
</item>
<item>
<title>Rank_Nullity_Theorem</title>
<link>/theories/rank_nullity_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/rank_nullity_theorem/</guid>
<description></description>
</item>
<item>
<title>Real_Impl</title>
<link>/theories/real_impl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/real_impl/</guid>
<description></description>
</item>
<item>
<title>Real_Power</title>
<link>/theories/real_power/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/real_power/</guid>
<description></description>
</item>
<item>
<title>Real_Time_Deque</title>
<link>/theories/real_time_deque/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/real_time_deque/</guid>
<description></description>
</item>
<item>
<title>Recursion-Addition</title>
<link>/theories/recursion-addition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/recursion-addition/</guid>
<description></description>
</item>
<item>
<title>Recursion-Theory-I</title>
<link>/theories/recursion-theory-i/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/recursion-theory-i/</guid>
<description></description>
</item>
<item>
<title>Refine_Imperative_HOL</title>
<link>/theories/refine_imperative_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/refine_imperative_hol/</guid>
<description></description>
</item>
<item>
<title>Refine_Monadic</title>
<link>/theories/refine_monadic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/refine_monadic/</guid>
<description></description>
</item>
<item>
<title>RefinementReactive</title>
<link>/theories/refinementreactive/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/refinementreactive/</guid>
<description></description>
</item>
<item>
<title>Regex_Equivalence</title>
<link>/theories/regex_equivalence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/regex_equivalence/</guid>
<description></description>
</item>
<item>
<title>Registers</title>
<link>/theories/registers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/registers/</guid>
<description></description>
</item>
<item>
<title>Regression_Test_Selection</title>
<link>/theories/regression_test_selection/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/regression_test_selection/</guid>
<description></description>
</item>
<item>
<title>Regular-Sets</title>
<link>/theories/regular-sets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/regular-sets/</guid>
<description></description>
</item>
<item>
<title>Regular_Algebras</title>
<link>/theories/regular_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/regular_algebras/</guid>
<description></description>
</item>
<item>
<title>Regular_Tree_Relations</title>
<link>/theories/regular_tree_relations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/regular_tree_relations/</guid>
<description></description>
</item>
<item>
<title>Relation_Algebra</title>
<link>/theories/relation_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relation_algebra/</guid>
<description></description>
</item>
<item>
<title>Relational-Incorrectness-Logic</title>
<link>/theories/relational-incorrectness-logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational-incorrectness-logic/</guid>
<description></description>
</item>
<item>
<title>Relational_Disjoint_Set_Forests</title>
<link>/theories/relational_disjoint_set_forests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational_disjoint_set_forests/</guid>
<description></description>
</item>
<item>
<title>Relational_Forests</title>
<link>/theories/relational_forests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational_forests/</guid>
<description></description>
</item>
<item>
<title>Relational_Method</title>
<link>/theories/relational_method/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational_method/</guid>
<description></description>
</item>
<item>
<title>Relational_Minimum_Spanning_Trees</title>
<link>/theories/relational_minimum_spanning_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational_minimum_spanning_trees/</guid>
<description></description>
</item>
<item>
<title>Relational_Paths</title>
<link>/theories/relational_paths/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational_paths/</guid>
<description></description>
</item>
<item>
<title>Rep_Fin_Groups</title>
<link>/theories/rep_fin_groups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/rep_fin_groups/</guid>
<description></description>
</item>
<item>
<title>Residuated_Lattices</title>
<link>/theories/residuated_lattices/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/residuated_lattices/</guid>
<description></description>
</item>
<item>
<title>ResiduatedTransitionSystem</title>
<link>/theories/residuatedtransitionsystem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/residuatedtransitionsystem/</guid>
<description></description>
</item>
<item>
<title>Resolution_FOL</title>
<link>/theories/resolution_fol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/resolution_fol/</guid>
<description></description>
</item>
<item>
<title>Rewrite_Properties_Reduction</title>
<link>/theories/rewrite_properties_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/rewrite_properties_reduction/</guid>
<description></description>
</item>
<item>
<title>Rewriting_Z</title>
<link>/theories/rewriting_z/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/rewriting_z/</guid>
<description></description>
</item>
<item>
<title>Ribbon_Proofs</title>
<link>/theories/ribbon_proofs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ribbon_proofs/</guid>
<description></description>
</item>
<item>
<title>RIPEMD-160-SPARK</title>
<link>/theories/ripemd-160-spark/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ripemd-160-spark/</guid>
<description></description>
</item>
<item>
<title>Risk_Free_Lending</title>
<link>/theories/risk_free_lending/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/risk_free_lending/</guid>
<description></description>
</item>
<item>
<title>Robbins-Conjecture</title>
<link>/theories/robbins-conjecture/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/robbins-conjecture/</guid>
<description></description>
</item>
<item>
<title>ROBDD</title>
<link>/theories/robdd/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/robdd/</guid>
<description></description>
</item>
<item>
<title>Robinson_Arithmetic</title>
<link>/theories/robinson_arithmetic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/robinson_arithmetic/</guid>
<description></description>
</item>
<item>
<title>Root_Balanced_Tree</title>
<link>/theories/root_balanced_tree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/root_balanced_tree/</guid>
<description></description>
</item>
<item>
<title>Roth_Arithmetic_Progressions</title>
<link>/theories/roth_arithmetic_progressions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/roth_arithmetic_progressions/</guid>
<description></description>
</item>
<item>
<title>Routing</title>
<link>/theories/routing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/routing/</guid>
<description></description>
</item>
<item>
<title>Roy_Floyd_Warshall</title>
<link>/theories/roy_floyd_warshall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/roy_floyd_warshall/</guid>
<description></description>
</item>
<item>
<title>RSAPSS</title>
<link>/theories/rsapss/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/rsapss/</guid>
<description></description>
</item>
<item>
<title>Safe_Distance</title>
<link>/theories/safe_distance/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/safe_distance/</guid>
<description></description>
</item>
<item>
<title>Safe_OCL</title>
<link>/theories/safe_ocl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/safe_ocl/</guid>
<description></description>
</item>
<item>
<title>Safe_Range_RC</title>
<link>/theories/safe_range_rc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/safe_range_rc/</guid>
<description></description>
</item>
<item>
<title>SATSolverVerification</title>
<link>/theories/satsolververification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/satsolververification/</guid>
<description></description>
</item>
<item>
<title>Saturation_Framework</title>
<link>/theories/saturation_framework/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/saturation_framework/</guid>
<description></description>
</item>
<item>
<title>Saturation_Framework_Extensions</title>
<link>/theories/saturation_framework_extensions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/saturation_framework_extensions/</guid>
<description></description>
</item>
<item>
<title>SC_DOM_Components</title>
<link>/theories/sc_dom_components/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sc_dom_components/</guid>
<description></description>
</item>
<item>
<title>SCC_Bloemen_Sequential</title>
<link>/theories/scc_bloemen_sequential/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/scc_bloemen_sequential/</guid>
<description></description>
</item>
<item>
<title>Schutz_Spacetime</title>
<link>/theories/schutz_spacetime/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/schutz_spacetime/</guid>
<description></description>
</item>
<item>
<title>SDS_Impossibility</title>
<link>/theories/sds_impossibility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sds_impossibility/</guid>
<description></description>
</item>
<item>
<title>Search the Archive</title>
<link>/search/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/search/</guid>
<description></description>
</item>
<item>
<title>Secondary_Sylow</title>
<link>/theories/secondary_sylow/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/secondary_sylow/</guid>
<description></description>
</item>
<item>
<title>Security_Protocol_Refinement</title>
<link>/theories/security_protocol_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/security_protocol_refinement/</guid>
<description></description>
</item>
<item>
<title>Selection_Heap_Sort</title>
<link>/theories/selection_heap_sort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/selection_heap_sort/</guid>
<description></description>
</item>
<item>
<title>SenSocialChoice</title>
<link>/theories/sensocialchoice/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sensocialchoice/</guid>
<description></description>
</item>
<item>
<title>Separata</title>
<link>/theories/separata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/separata/</guid>
<description></description>
</item>
<item>
<title>Separation_Algebra</title>
<link>/theories/separation_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/separation_algebra/</guid>
<description></description>
</item>
<item>
<title>Separation_Logic_Imperative_HOL</title>
<link>/theories/separation_logic_imperative_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/separation_logic_imperative_hol/</guid>
<description></description>
</item>
<item>
<title>Separation_Logic_Unbounded</title>
<link>/theories/separation_logic_unbounded/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/separation_logic_unbounded/</guid>
<description></description>
</item>
<item>
<title>Sepref_Basic</title>
<link>/theories/sepref_basic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sepref_basic/</guid>
<description></description>
</item>
<item>
<title>Sepref_IICF</title>
<link>/theories/sepref_iicf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sepref_iicf/</guid>
<description></description>
</item>
<item>
<title>Sepref_Prereq</title>
<link>/theories/sepref_prereq/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sepref_prereq/</guid>
<description></description>
</item>
<item>
<title>SequentInvertibility</title>
<link>/theories/sequentinvertibility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sequentinvertibility/</guid>
<description></description>
</item>
<item>
<title>Shadow_DOM</title>
<link>/theories/shadow_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/shadow_dom/</guid>
<description></description>
</item>
<item>
<title>Shadow_SC_DOM</title>
<link>/theories/shadow_sc_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/shadow_sc_dom/</guid>
<description></description>
</item>
<item>
<title>Shivers-CFA</title>
<link>/theories/shivers-cfa/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/shivers-cfa/</guid>
<description></description>
</item>
<item>
<title>ShortestPath</title>
<link>/theories/shortestpath/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/shortestpath/</guid>
<description></description>
</item>
<item>
<title>Show</title>
<link>/theories/show/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/show/</guid>
<description></description>
</item>
<item>
<title>SIFPL</title>
<link>/theories/sifpl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sifpl/</guid>
<description></description>
</item>
<item>
<title>SIFUM_Type_Systems</title>
<link>/theories/sifum_type_systems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sifum_type_systems/</guid>
<description></description>
</item>
<item>
<title>Sigma_Commit_Crypto</title>
<link>/theories/sigma_commit_crypto/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sigma_commit_crypto/</guid>
<description></description>
</item>
<item>
<title>Signature_Groebner</title>
<link>/theories/signature_groebner/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/signature_groebner/</guid>
<description></description>
</item>
<item>
<title>Simpl</title>
<link>/theories/simpl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/simpl/</guid>
<description></description>
</item>
<item>
<title>Simple_Firewall</title>
<link>/theories/simple_firewall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/simple_firewall/</guid>
<description></description>
</item>
<item>
<title>Simplex</title>
<link>/theories/simplex/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/simplex/</guid>
<description></description>
</item>
<item>
<title>Simplicial_complexes_and_boolean_functions</title>
<link>/theories/simplicial_complexes_and_boolean_functions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/simplicial_complexes_and_boolean_functions/</guid>
<description></description>
</item>
<item>
<title>SimplifiedOntologicalArgument</title>
<link>/theories/simplifiedontologicalargument/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/simplifiedontologicalargument/</guid>
<description></description>
</item>
<item>
<title>Skew_Heap</title>
<link>/theories/skew_heap/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/skew_heap/</guid>
<description></description>
</item>
<item>
<title>Skip_Lists</title>
<link>/theories/skip_lists/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/skip_lists/</guid>
<description></description>
</item>
<item>
<title>Slicing</title>
<link>/theories/slicing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/slicing/</guid>
<description></description>
</item>
<item>
<title>Sliding_Window_Algorithm</title>
<link>/theories/sliding_window_algorithm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sliding_window_algorithm/</guid>
<description></description>
</item>
<item>
<title>SM</title>
<link>/theories/sm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sm/</guid>
<description></description>
</item>
<item>
<title>SM_Base</title>
<link>/theories/sm_base/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sm_base/</guid>
<description></description>
</item>
<item>
<title>Smith_Normal_Form</title>
<link>/theories/smith_normal_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/smith_normal_form/</guid>
<description></description>
</item>
<item>
<title>Smooth_Manifolds</title>
<link>/theories/smooth_manifolds/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/smooth_manifolds/</guid>
<description></description>
</item>
<item>
<title>Solidity</title>
<link>/theories/solidity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/solidity/</guid>
<description></description>
</item>
<item>
<title>Sophomores_Dream</title>
<link>/theories/sophomores_dream/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sophomores_dream/</guid>
<description></description>
</item>
<item>
<title>Sort_Encodings</title>
<link>/theories/sort_encodings/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sort_encodings/</guid>
<description></description>
</item>
<item>
<title>Source_Coding_Theorem</title>
<link>/theories/source_coding_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/source_coding_theorem/</guid>
<description></description>
</item>
<item>
<title>SPARCv8</title>
<link>/theories/sparcv8/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sparcv8/</guid>
<description></description>
</item>
<item>
<title>SpecCheck</title>
<link>/theories/speccheck/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/speccheck/</guid>
<description></description>
</item>
<item>
<title>Special_Function_Bounds</title>
<link>/theories/special_function_bounds/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/special_function_bounds/</guid>
<description></description>
</item>
<item>
<title>Splay_Tree</title>
<link>/theories/splay_tree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/splay_tree/</guid>
<description></description>
</item>
<item>
<title>Sqrt_Babylonian</title>
<link>/theories/sqrt_babylonian/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sqrt_babylonian/</guid>
<description></description>
</item>
<item>
<title>Stable_Matching</title>
<link>/theories/stable_matching/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stable_matching/</guid>
<description></description>
</item>
<item>
<title>Stalnaker_Logic</title>
<link>/theories/stalnaker_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stalnaker_logic/</guid>
<description></description>
</item>
<item>
<title>Statecharts</title>
<link>/theories/statecharts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/statecharts/</guid>
<description></description>
</item>
<item>
<title>Stateful_Protocol_Composition_and_Typing</title>
<link>/theories/stateful_protocol_composition_and_typing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stateful_protocol_composition_and_typing/</guid>
<description></description>
</item>
<item>
<title>Statistics</title>
<link>/statistics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/statistics/</guid>
- <description>708 Entries 428 Authors ~223,600 Lemmas ~3,636,700 Lines of Code Most used AFP entries: Name Used by ? entries 1. List-Index 22 2. Collections 19 3. Show 16 4. Deriving 13 5. Coinductive 12 6. Jordan_Normal_Form 12 7. Polynomial_Factorization 12 8. Regular-Sets 12 9.</description>
+ <description>709 Entries 429 Authors ~225,700 Lemmas ~3,655,600 Lines of Code Most used AFP entries: Name Used by ? entries 1. List-Index 22 2. Collections 19 3. Show 16 4. Deriving 13 5. Coinductive 12 6. Jordan_Normal_Form 12 7. Polynomial_Factorization 12 8. Regular-Sets 12 9.</description>
</item>
<item>
<title>Stellar_Quorums</title>
<link>/theories/stellar_quorums/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stellar_quorums/</guid>
<description></description>
</item>
<item>
<title>Stern_Brocot</title>
<link>/theories/stern_brocot/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stern_brocot/</guid>
<description></description>
</item>
<item>
<title>Stewart_Apollonius</title>
<link>/theories/stewart_apollonius/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stewart_apollonius/</guid>
<description></description>
</item>
<item>
<title>Stirling_Formula</title>
<link>/theories/stirling_formula/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stirling_formula/</guid>
<description></description>
</item>
<item>
<title>Stochastic_Matrices</title>
<link>/theories/stochastic_matrices/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stochastic_matrices/</guid>
<description></description>
</item>
<item>
<title>Stone_Algebras</title>
<link>/theories/stone_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stone_algebras/</guid>
<description></description>
</item>
<item>
<title>Stone_Kleene_Relation_Algebras</title>
<link>/theories/stone_kleene_relation_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stone_kleene_relation_algebras/</guid>
<description></description>
</item>
<item>
<title>Stone_Relation_Algebras</title>
<link>/theories/stone_relation_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stone_relation_algebras/</guid>
<description></description>
</item>
<item>
<title>Store_Buffer_Reduction</title>
<link>/theories/store_buffer_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/store_buffer_reduction/</guid>
<description></description>
</item>
<item>
<title>Stream-Fusion</title>
<link>/theories/stream-fusion/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stream-fusion/</guid>
<description></description>
</item>
<item>
<title>Stream_Fusion_Code</title>
<link>/theories/stream_fusion_code/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stream_fusion_code/</guid>
<description></description>
</item>
<item>
<title>Strong_Security</title>
<link>/theories/strong_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/strong_security/</guid>
<description></description>
</item>
<item>
<title>Sturm_Sequences</title>
<link>/theories/sturm_sequences/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sturm_sequences/</guid>
<description></description>
</item>
<item>
<title>Sturm_Tarski</title>
<link>/theories/sturm_tarski/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sturm_tarski/</guid>
<description></description>
</item>
<item>
<title>Stuttering_Equivalence</title>
<link>/theories/stuttering_equivalence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stuttering_equivalence/</guid>
<description></description>
</item>
<item>
<title>Subresultants</title>
<link>/theories/subresultants/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/subresultants/</guid>
<description></description>
</item>
<item>
<title>Subset_Boolean_Algebras</title>
<link>/theories/subset_boolean_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/subset_boolean_algebras/</guid>
<description></description>
</item>
<item>
<title>SumSquares</title>
<link>/theories/sumsquares/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sumsquares/</guid>
<description></description>
</item>
<item>
<title>Sunflowers</title>
<link>/theories/sunflowers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sunflowers/</guid>
<description></description>
</item>
<item>
<title>SuperCalc</title>
<link>/theories/supercalc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/supercalc/</guid>
<description></description>
</item>
<item>
<title>Surprise_Paradox</title>
<link>/theories/surprise_paradox/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/surprise_paradox/</guid>
<description></description>
</item>
<item>
<title>Symmetric_Polynomials</title>
<link>/theories/symmetric_polynomials/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/symmetric_polynomials/</guid>
<description></description>
</item>
<item>
<title>Syntax_Independent_Logic</title>
<link>/theories/syntax_independent_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/syntax_independent_logic/</guid>
<description></description>
</item>
<item>
<title>Szemeredi_Regularity</title>
<link>/theories/szemeredi_regularity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/szemeredi_regularity/</guid>
<description></description>
</item>
<item>
<title>Szpilrajn</title>
<link>/theories/szpilrajn/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/szpilrajn/</guid>
<description></description>
</item>
<item>
<title>Tail_Recursive_Functions</title>
<link>/theories/tail_recursive_functions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tail_recursive_functions/</guid>
<description></description>
</item>
<item>
<title>Tarskis_Geometry</title>
<link>/theories/tarskis_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tarskis_geometry/</guid>
<description></description>
</item>
<item>
<title>Taylor_Models</title>
<link>/theories/taylor_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/taylor_models/</guid>
<description></description>
</item>
<item>
<title>TESL_Language</title>
<link>/theories/tesl_language/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tesl_language/</guid>
<description></description>
</item>
<item>
<title>Three_Circles</title>
<link>/theories/three_circles/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/three_circles/</guid>
<description></description>
</item>
<item>
<title>Timed_Automata</title>
<link>/theories/timed_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/timed_automata/</guid>
<description></description>
</item>
<item>
<title>TLA</title>
<link>/theories/tla/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tla/</guid>
<description></description>
</item>
<item>
<title>Topological_Semantics</title>
<link>/theories/topological_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/topological_semantics/</guid>
<description></description>
</item>
<item>
<title>Topology</title>
<link>/theories/topology/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/topology/</guid>
<description></description>
</item>
<item>
<title>TortoiseHare</title>
<link>/theories/tortoisehare/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tortoisehare/</guid>
<description></description>
</item>
<item>
<title>Transcendence_Series_Hancl_Rucki</title>
<link>/theories/transcendence_series_hancl_rucki/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transcendence_series_hancl_rucki/</guid>
<description></description>
</item>
<item>
<title>Transformer_Semantics</title>
<link>/theories/transformer_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transformer_semantics/</guid>
<description></description>
</item>
<item>
<title>Transition_Systems_and_Automata</title>
<link>/theories/transition_systems_and_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transition_systems_and_automata/</guid>
<description></description>
</item>
<item>
<title>Transitive-Closure</title>
<link>/theories/transitive-closure/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transitive-closure/</guid>
<description></description>
</item>
<item>
<title>Transitive-Closure-II</title>
<link>/theories/transitive-closure-ii/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transitive-closure-ii/</guid>
<description></description>
</item>
<item>
<title>Transitive_Models</title>
<link>/theories/transitive_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transitive_models/</guid>
<description></description>
</item>
<item>
<title>Treaps</title>
<link>/theories/treaps/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/treaps/</guid>
<description></description>
</item>
<item>
<title>Tree-Automata</title>
<link>/theories/tree-automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tree-automata/</guid>
<description></description>
</item>
<item>
<title>Tree_Decomposition</title>
<link>/theories/tree_decomposition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tree_decomposition/</guid>
<description></description>
</item>
<item>
<title>Triangle</title>
<link>/theories/triangle/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/triangle/</guid>
<description></description>
</item>
<item>
<title>Trie</title>
<link>/theories/trie/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/trie/</guid>
<description></description>
</item>
<item>
<title>Twelvefold_Way</title>
<link>/theories/twelvefold_way/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/twelvefold_way/</guid>
<description></description>
</item>
<item>
<title>Tycon</title>
<link>/theories/tycon/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tycon/</guid>
<description></description>
</item>
<item>
<title>Types_Tableaus_and_Goedels_God</title>
<link>/theories/types_tableaus_and_goedels_god/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/types_tableaus_and_goedels_god/</guid>
<description></description>
</item>
<item>
<title>Types_To_Sets_Extension</title>
<link>/theories/types_to_sets_extension/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/types_to_sets_extension/</guid>
<description></description>
</item>
<item>
<title>Undirected_Graph_Theory</title>
<link>/theories/undirected_graph_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/undirected_graph_theory/</guid>
<description></description>
</item>
<item>
<title>Universal_Hash_Families</title>
<link>/theories/universal_hash_families/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/universal_hash_families/</guid>
<description></description>
</item>
<item>
<title>Universal_Turing_Machine</title>
<link>/theories/universal_turing_machine/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/universal_turing_machine/</guid>
<description></description>
</item>
<item>
<title>UpDown_Scheme</title>
<link>/theories/updown_scheme/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/updown_scheme/</guid>
<description></description>
</item>
<item>
<title>UPF</title>
<link>/theories/upf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/upf/</guid>
<description></description>
</item>
<item>
<title>UPF_Firewall</title>
<link>/theories/upf_firewall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/upf_firewall/</guid>
<description></description>
</item>
<item>
<title>UTP</title>
<link>/theories/utp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/utp/</guid>
<description></description>
</item>
<item>
<title>UTP-Toolkit</title>
<link>/theories/utp-toolkit/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/utp-toolkit/</guid>
<description></description>
</item>
<item>
<title>Valuation</title>
<link>/theories/valuation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/valuation/</guid>
<description></description>
</item>
<item>
<title>Van_der_Waerden</title>
<link>/theories/van_der_waerden/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/van_der_waerden/</guid>
<description></description>
</item>
<item>
<title>Van_Emde_Boas_Trees</title>
<link>/theories/van_emde_boas_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/van_emde_boas_trees/</guid>
<description></description>
</item>
<item>
<title>VectorSpace</title>
<link>/theories/vectorspace/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/vectorspace/</guid>
<description></description>
</item>
<item>
<title>VeriComp</title>
<link>/theories/vericomp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/vericomp/</guid>
<description></description>
</item>
<item>
<title>Verified-Prover</title>
<link>/theories/verified-prover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/verified-prover/</guid>
<description></description>
</item>
<item>
<title>Verified_SAT_Based_AI_Planning</title>
<link>/theories/verified_sat_based_ai_planning/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/verified_sat_based_ai_planning/</guid>
<description></description>
</item>
<item>
<title>VerifyThis2018</title>
<link>/theories/verifythis2018/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/verifythis2018/</guid>
<description></description>
</item>
<item>
<title>VerifyThis2019</title>
<link>/theories/verifythis2019/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/verifythis2019/</guid>
<description></description>
</item>
<item>
<title>Vickrey_Clarke_Groves</title>
<link>/theories/vickrey_clarke_groves/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/vickrey_clarke_groves/</guid>
<description></description>
</item>
<item>
<title>Virtual_Substitution</title>
<link>/theories/virtual_substitution/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/virtual_substitution/</guid>
<description></description>
</item>
<item>
<title>VolpanoSmith</title>
<link>/theories/volpanosmith/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/volpanosmith/</guid>
<description></description>
</item>
<item>
<title>VYDRA_MDL</title>
<link>/theories/vydra_mdl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/vydra_mdl/</guid>
<description></description>
</item>
<item>
<title>WebAssembly</title>
<link>/theories/webassembly/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/webassembly/</guid>
<description></description>
</item>
<item>
<title>Weight_Balanced_Trees</title>
<link>/theories/weight_balanced_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/weight_balanced_trees/</guid>
<description></description>
</item>
<item>
<title>Weighted_Arithmetic_Geometric_Mean</title>
<link>/theories/weighted_arithmetic_geometric_mean/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/weighted_arithmetic_geometric_mean/</guid>
<description></description>
</item>
<item>
<title>Weighted_Path_Order</title>
<link>/theories/weighted_path_order/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/weighted_path_order/</guid>
<description></description>
</item>
<item>
<title>Well_Quasi_Orders</title>
<link>/theories/well_quasi_orders/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/well_quasi_orders/</guid>
<description></description>
</item>
<item>
<title>Wetzels_Problem</title>
<link>/theories/wetzels_problem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/wetzels_problem/</guid>
<description></description>
</item>
<item>
<title>WHATandWHERE_Security</title>
<link>/theories/whatandwhere_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/whatandwhere_security/</guid>
<description></description>
</item>
<item>
<title>Winding_Number_Eval</title>
<link>/theories/winding_number_eval/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/winding_number_eval/</guid>
<description></description>
</item>
<item>
<title>WOOT_Strong_Eventual_Consistency</title>
<link>/theories/woot_strong_eventual_consistency/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/woot_strong_eventual_consistency/</guid>
<description></description>
</item>
<item>
<title>Word_Lib</title>
<link>/theories/word_lib/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/word_lib/</guid>
<description></description>
</item>
<item>
<title>WorkerWrapper</title>
<link>/theories/workerwrapper/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/workerwrapper/</guid>
<description></description>
</item>
<item>
<title>X86_Semantics</title>
<link>/theories/x86_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/x86_semantics/</guid>
<description></description>
</item>
<item>
<title>XML</title>
<link>/theories/xml/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/xml/</guid>
<description></description>
</item>
<item>
<title>Youngs_Inequality</title>
<link>/theories/youngs_inequality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/youngs_inequality/</guid>
<description></description>
</item>
<item>
<title>Zeta_3_Irrational</title>
<link>/theories/zeta_3_irrational/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/zeta_3_irrational/</guid>
<description></description>
</item>
<item>
<title>Zeta_Function</title>
<link>/theories/zeta_function/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/zeta_function/</guid>
<description></description>
</item>
<item>
<title>ZFC_in_HOL</title>
<link>/theories/zfc_in_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/zfc_in_hol/</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/sitemap.xml b/web/sitemap.xml
--- a/web/sitemap.xml
+++ b/web/sitemap.xml
@@ -1,5888 +1,5896 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
xmlns:xhtml="http://www.w3.org/1999/xhtml">
<url>
<loc>/</loc>
- <lastmod>2022-09-29T00:00:00+00:00</lastmod>
+ <lastmod>2022-10-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/</loc>
- <lastmod>2022-09-29T00:00:00+00:00</lastmod>
+ <lastmod>2022-10-04T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/dependencies/</loc>
+ <lastmod>2022-10-04T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/entries/</loc>
+ <lastmod>2022-10-04T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/dependencies/graph_theory/</loc>
+ <lastmod>2022-10-04T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/authors/stevens/</loc>
+ <lastmod>2022-10-04T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/authors/stoeckl/</loc>
+ <lastmod>2022-10-04T00:00:00+00:00</lastmod>
+ </url><url>
+ <loc>/entries/Query_Optimization.html</loc>
+ <lastmod>2022-10-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/cremer/</loc>
<lastmod>2022-09-29T00:00:00+00:00</lastmod>
</url><url>
- <loc>/dependencies/</loc>
- <lastmod>2022-09-29T00:00:00+00:00</lastmod>
- </url><url>
<loc>/dependencies/design_theory/</loc>
<lastmod>2022-09-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/edmonds/</loc>
<lastmod>2022-09-29T00:00:00+00:00</lastmod>
</url><url>
- <loc>/entries/</loc>
- <lastmod>2022-09-29T00:00:00+00:00</lastmod>
- </url><url>
<loc>/dependencies/girth_chromatic/</loc>
<lastmod>2022-09-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Maximum_Segment_Sum.html</loc>
<lastmod>2022-09-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Undirected_Graph_Theory.html</loc>
<lastmod>2022-09-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/collections/</loc>
<lastmod>2022-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/deriving/</loc>
<lastmod>2022-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/list-index/</loc>
<lastmod>2022-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Safe_Range_RC.html</loc>
<lastmod>2022-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/raszyk/</loc>
<lastmod>2022-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/traytel/</loc>
<lastmod>2022-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/epistemic_logic/</loc>
<lastmod>2022-09-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/guzman/</loc>
<lastmod>2022-09-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stalnaker_Logic.html</loc>
<lastmod>2022-09-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/crighton/</loc>
<lastmod>2022-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/localization_ring/</loc>
<lastmod>2022-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Padic_Field.html</loc>
<lastmod>2022-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/padic_ints/</loc>
<lastmod>2022-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/doty/</loc>
<lastmod>2022-09-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Risk_Free_Lending.html</loc>
<lastmod>2022-09-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/from/</loc>
<lastmod>2022-09-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Implicational_Logic.html</loc>
<lastmod>2022-09-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/villadsen/</loc>
<lastmod>2022-09-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/berlekamp_zassenhaus/</loc>
<lastmod>2022-09-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CRYSTALS-Kyber.html</loc>
<lastmod>2022-09-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kreuzer/</loc>
<lastmod>2022-09-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/number_theoretic_transform/</loc>
<lastmod>2022-09-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/dardinier/</loc>
<lastmod>2022-09-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Separation_Logic_Unbounded.html</loc>
<lastmod>2022-09-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/argyraki/</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/bernoulli/</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/eberl/</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/jacobson_basic_algebra/</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Khovanskii_Theorem.html</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/paulson/</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/pluennecke_ruzsa_inequality/</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sulejmani/</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hales_Jewett.html</loc>
<lastmod>2022-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ammer/</loc>
<lastmod>2022-08-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Number_Theoretic_Transform.html</loc>
<lastmod>2022-08-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SCC_Bloemen_Sequential.html</loc>
<lastmod>2022-08-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/merz/</loc>
<lastmod>2022-08-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/trelat/</loc>
<lastmod>2022-08-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bortin/</loc>
<lastmod>2022-08-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Involutions2Squares.html</loc>
<lastmod>2022-08-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/containers/</loc>
<lastmod>2022-08-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/datatype_order_generator/</loc>
<lastmod>2022-08-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/native_word/</loc>
<lastmod>2022-08-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sachtleben/</loc>
<lastmod>2022-08-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FSM_Tests.html</loc>
<lastmod>2022-08-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/brucker/</loc>
<lastmod>2022-07-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Nano_JSON.html</loc>
<lastmod>2022-07-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/topics/tools/</loc>
<lastmod>2022-07-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/topics/</loc>
<lastmod>2022-07-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/echenim/</loc>
<lastmod>2022-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Solidity.html</loc>
<lastmod>2022-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/marmsoler/</loc>
<lastmod>2022-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/projective_measurements/</loc>
<lastmod>2022-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Commuting_Hermitian.html</loc>
<lastmod>2022-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Weighted_Arithmetic_Geometric_Mean.html</loc>
<lastmod>2022-07-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IMP_Compiler_Reuse.html</loc>
<lastmod>2022-07-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/noce/</loc>
<lastmod>2022-07-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nipkow/</loc>
<lastmod>2022-06-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Real_Time_Deque.html</loc>
<lastmod>2022-06-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/toth/</loc>
<lastmod>2022-06-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Boolos_Curious_Inference.html</loc>
<lastmod>2022-06-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ketland/</loc>
<lastmod>2022-06-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/dirichlet_series/</loc>
<lastmod>2022-06-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Finite_Fields.html</loc>
<lastmod>2022-06-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IsaNet.html</loc>
<lastmod>2022-06-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/karayel/</loc>
<lastmod>2022-06-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/klenze/</loc>
<lastmod>2022-06-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sprenger/</loc>
<lastmod>2022-06-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bayer/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/david/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/digit_expansions/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DPRM_Theorem.html</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lucas_theorem/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/matiyasevich/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/pal/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schleicher/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stock/</loc>
<lastmod>2022-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lochmann/</loc>
<lastmod>2022-06-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Rewrite_Properties_Reduction.html</loc>
<lastmod>2022-06-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/regular_tree_relations/</loc>
<lastmod>2022-06-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Combinable_Wands.html</loc>
<lastmod>2022-05-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/package_logic/</loc>
<lastmod>2022-05-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Pluennecke_Ruzsa_Inequality.html</loc>
<lastmod>2022-05-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Package_logic.html</loc>
<lastmod>2022-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Clique_and_Monotone_Circuits.html</loc>
<lastmod>2022-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/stirling_formula/</loc>
<lastmod>2022-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sunflowers/</loc>
<lastmod>2022-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/thiemann/</loc>
<lastmod>2022-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/benor_kozen_reif/</loc>
<lastmod>2022-04-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Fishers_Inequality.html</loc>
<lastmod>2022-04-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/groebner_bases/</loc>
<lastmod>2022-04-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/polynomial_factorization/</loc>
<lastmod>2022-04-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Digit_Expansions.html</loc>
<lastmod>2022-04-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schmidinger/</loc>
<lastmod>2022-04-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Multiset_Ordering_NPC.html</loc>
<lastmod>2022-04-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/weighted_path_order/</loc>
<lastmod>2022-04-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sophomores_Dream.html</loc>
<lastmod>2022-04-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Prefix_Free_Code_Combinators.html</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/bertrands_postulate/</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/equivalence_relation_enumeration/</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Frequency_Moments.html</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/interpolation_polynomials_hol_algebra/</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lp/</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/median_method/</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/prefix_free_code_combinators/</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/universal_hash_families/</loc>
<lastmod>2022-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dedekind_Real.html</loc>
<lastmod>2022-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fleuriot/</loc>
<lastmod>2022-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ackermanns_not_PR.html</loc>
<lastmod>2022-03-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FOL_Seq_Calc3.html</loc>
<lastmod>2022-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/abstract_completeness/</loc>
<lastmod>2022-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/abstract_soundness/</loc>
<lastmod>2022-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Cotangent_PFD_Formula.html</loc>
<lastmod>2022-03-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gunther/</loc>
<lastmod>2022-03-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/pagano/</loc>
<lastmod>2022-03-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/steinberg/</loc>
<lastmod>2022-03-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/terraf/</loc>
<lastmod>2022-03-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Independence_CH.html</loc>
<lastmod>2022-03-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/transitive_models/</loc>
<lastmod>2022-03-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/delta_system_lemma/</loc>
<lastmod>2022-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Transitive_Models.html</loc>
<lastmod>2022-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ResiduatedTransitionSystem.html</loc>
<lastmod>2022-02-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stark/</loc>
<lastmod>2022-02-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/finite_fields/</loc>
<lastmod>2022-02-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Universal_Hash_Families.html</loc>
<lastmod>2022-02-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Wetzels_Problem.html</loc>
<lastmod>2022-02-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/zfc_in_hol/</loc>
<lastmod>2022-02-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Eval_FO.html</loc>
<lastmod>2022-02-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/VYDRA_MDL.html</loc>
<lastmod>2022-02-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/card_equiv_relations/</loc>
<lastmod>2022-02-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Equivalence_Relation_Enumeration.html</loc>
<lastmod>2022-02-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LP_Duality.html</loc>
<lastmod>2022-02-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hirata/</loc>
<lastmod>2022-02-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/linear_inequalities/</loc>
<lastmod>2022-02-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/minamide/</loc>
<lastmod>2022-02-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Quasi_Borel_Spaces.html</loc>
<lastmod>2022-02-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sato/</loc>
<lastmod>2022-02-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/felgenhauer/</loc>
<lastmod>2022-02-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FO_Theory_Rewriting.html</loc>
<lastmod>2022-02-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/fol-fitting/</loc>
<lastmod>2022-02-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FOL_Seq_Calc2.html</loc>
<lastmod>2022-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/fol_seq_calc1/</loc>
<lastmod>2022-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/jacobsen/</loc>
<lastmod>2022-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Youngs_Inequality.html</loc>
<lastmod>2022-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Interpolation_Polynomials_HOL_Algebra.html</loc>
<lastmod>2022-01-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Median_Method.html</loc>
<lastmod>2022-01-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Actuarial_Mathematics.html</loc>
<lastmod>2022-01-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ito/</loc>
<lastmod>2022-01-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Irrationals_From_THEBOOK.html</loc>
<lastmod>2022-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Knights_Tour.html</loc>
<lastmod>2022-01-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/koller/</loc>
<lastmod>2022-01-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hyperdual.html</loc>
<lastmod>2021-12-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/smola/</loc>
<lastmod>2021-12-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gale_Shapley.html</loc>
<lastmod>2021-12-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ergodic_theory/</loc>
<lastmod>2021-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/random_graph_subgraph_threshold/</loc>
<lastmod>2021-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Roth_Arithmetic_Progressions.html</loc>
<lastmod>2021-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/szemeredi_regularity/</loc>
<lastmod>2021-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/abdulaziz/</loc>
<lastmod>2021-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/gauss_jordan/</loc>
<lastmod>2021-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MDP-Rewards.html</loc>
<lastmod>2021-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/mdp-rewards/</loc>
<lastmod>2021-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schaeffeler/</loc>
<lastmod>2021-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MDP-Algorithms.html</loc>
<lastmod>2021-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/knuth_bendix_order/</loc>
<lastmod>2021-12-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Regular_Tree_Relations.html</loc>
<lastmod>2021-12-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sternagel/</loc>
<lastmod>2021-12-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sternagelt/</loc>
<lastmod>2021-12-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/aransay/</loc>
<lastmod>2021-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/campo/</loc>
<lastmod>2021-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/jordan_normal_form/</loc>
<lastmod>2021-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/michaelis/</loc>
<lastmod>2021-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/robdd/</loc>
<lastmod>2021-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sepref_prereq/</loc>
<lastmod>2021-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Simplicial_complexes_and_boolean_functions.html</loc>
<lastmod>2021-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/automatic_refinement/</loc>
<lastmod>2021-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lammich/</loc>
<lastmod>2021-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Van_Emde_Boas_Trees.html</loc>
<lastmod>2021-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Foundation_of_geometry.html</loc>
<lastmod>2021-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/iwama/</loc>
<lastmod>2021-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/cousin/</loc>
<lastmod>2021-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/guiol/</loc>
<lastmod>2021-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hahn_Jordan_Decomposition.html</loc>
<lastmod>2021-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/algebraic_numbers/</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PAL.html</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/benzmueller/</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SimplifiedOntologicalArgument.html</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Factor_Algebraic_Polynomial.html</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/hermite_lindemann/</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/polynomials/</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Real_Power.html</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/reiche/</loc>
<lastmod>2021-11-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Szemeredi_Regularity.html</loc>
<lastmod>2021-11-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/complex_bounded_operators/</loc>
<lastmod>2021-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Registers.html</loc>
<lastmod>2021-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/unruh/</loc>
<lastmod>2021-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Belief_Revision.html</loc>
<lastmod>2021-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/boulanger/</loc>
<lastmod>2021-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fouillard/</loc>
<lastmod>2021-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sabouret/</loc>
<lastmod>2021-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/taha/</loc>
<lastmod>2021-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bharadwaj/</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bockenek/</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ravindran/</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/roessle/</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/verbeek/</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/weerwag/</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/word_lib/</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/X86_Semantics.html</loc>
<lastmod>2021-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Correctness_Algebras.html</loc>
<lastmod>2021-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/guttmann/</loc>
<lastmod>2021-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/monobooltranalgebra/</loc>
<lastmod>2021-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/stone_kleene_relation_algebras/</loc>
<lastmod>2021-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/subset_boolean_algebras/</loc>
<lastmod>2021-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/cordwell/</loc>
<lastmod>2021-10-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/mitsch/</loc>
<lastmod>2021-10-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/platzer/</loc>
<lastmod>2021-10-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/scharager/</loc>
<lastmod>2021-10-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Virtual_Substitution.html</loc>
<lastmod>2021-10-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FOL_Axiomatic.html</loc>
<lastmod>2021-09-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/banach_steinhaus/</loc>
<lastmod>2021-09-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/caballero/</loc>
<lastmod>2021-09-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Complex_Bounded_Operators.html</loc>
<lastmod>2021-09-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/real_impl/</loc>
<lastmod>2021-09-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Weighted_Path_Order.html</loc>
<lastmod>2021-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/yamada/</loc>
<lastmod>2021-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CZH_Foundations.html</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CZH_Elementary_Categories.html</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CZH_Universal_Constructions.html</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Conditional_Simplification.html</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Conditional_Transfer_Rule.html</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/conditional_simplification/</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/conditional_transfer_rule/</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/czh_elementary_categories/</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/czh_foundations/</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Types_To_Sets_Extension.html</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Intro_Dest_Elim.html</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/intro_dest_elim/</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/milehins/</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/speccheck/</loc>
<lastmod>2021-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dominance_CHK.html</loc>
<lastmod>2021-09-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/jiang/</loc>
<lastmod>2021-09-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/jinja/</loc>
<lastmod>2021-09-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/complex_geometry/</loc>
<lastmod>2021-09-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/factor_algebraic_polynomial/</loc>
<lastmod>2021-09-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Cubic_Quartic_Equations.html</loc>
<lastmod>2021-09-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Logging_Independent_Anonymity.html</loc>
<lastmod>2021-08-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/budan_fourier/</loc>
<lastmod>2021-08-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/li/</loc>
<lastmod>2021-08-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/polynomial_interpolation/</loc>
<lastmod>2021-08-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Three_Circles.html</loc>
<lastmod>2021-08-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/thomson/</loc>
<lastmod>2021-08-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bauereiss/</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/bd_security_compositional/</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/bounded_deducibility_security/</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CoCon.html</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BD_Security_Compositional.html</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CoSMed.html</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CoSMeDis.html</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Fresh_Identifiers.html</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/fresh_identifiers/</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/popescu/</loc>
<lastmod>2021-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/card_partitions/</loc>
<lastmod>2021-08-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Design_Theory.html</loc>
<lastmod>2021-08-13T00:00:00+00:00</lastmod>
</url><url>
- <loc>/dependencies/graph_theory/</loc>
- <lastmod>2021-08-13T00:00:00+00:00</lastmod>
- </url><url>
<loc>/dependencies/nested_multisets_ordinals/</loc>
<lastmod>2021-08-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relational_Forests.html</loc>
<lastmod>2021-08-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/palmer/</loc>
<lastmod>2021-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schmoetten/</loc>
<lastmod>2021-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Schutz_Spacetime.html</loc>
<lastmod>2021-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Finitely_Generated_Abelian_Groups.html</loc>
<lastmod>2021-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/thommes/</loc>
<lastmod>2021-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bulwahn/</loc>
<lastmod>2021-07-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kappelmann/</loc>
<lastmod>2021-07-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SpecCheck.html</loc>
<lastmod>2021-07-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/willenbrink/</loc>
<lastmod>2021-07-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Van_der_Waerden.html</loc>
<lastmod>2021-06-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MiniSail.html</loc>
<lastmod>2021-06-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/nominal2/</loc>
<lastmod>2021-06-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/show/</loc>
<lastmod>2021-06-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wassell/</loc>
<lastmod>2021-06-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Public_Announcement_Logic.html</loc>
<lastmod>2021-06-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IMP_Compiler.html</loc>
<lastmod>2021-06-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Combinatorics_Words.html</loc>
<lastmod>2021-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/combinatorics_words/</loc>
<lastmod>2021-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Combinatorics_Words_Graph_Lemma.html</loc>
<lastmod>2021-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/holub/</loc>
<lastmod>2021-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Combinatorics_Words_Lyndon.html</loc>
<lastmod>2021-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/raska/</loc>
<lastmod>2021-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/starosta/</loc>
<lastmod>2021-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/szpilrajn/</loc>
<lastmod>2021-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/jinjadci/</loc>
<lastmod>2021-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/mansky/</loc>
<lastmod>2021-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Regression_Test_Selection.html</loc>
<lastmod>2021-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Metalogic_ProofChecker.html</loc>
<lastmod>2021-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kadzioka/</loc>
<lastmod>2021-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lifting_the_Exponent.html</loc>
<lastmod>2021-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rosskopf/</loc>
<lastmod>2021-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sturm_tarski/</loc>
<lastmod>2021-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tan/</loc>
<lastmod>2021-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BenOr_Kozen_Reif.html</loc>
<lastmod>2021-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/GaleStewart_Games.html</loc>
<lastmod>2021-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/joosten/</loc>
<lastmod>2021-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/parity_game/</loc>
<lastmod>2021-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/brun/</loc>
<lastmod>2021-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/decova/</loc>
<lastmod>2021-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Progress_Tracking.html</loc>
<lastmod>2021-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lattuada/</loc>
<lastmod>2021-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IFC_Tracking.html</loc>
<lastmod>2021-04-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nordhoff/</loc>
<lastmod>2021-04-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bordg/</loc>
<lastmod>2021-03-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Grothendieck_Schemes.html</loc>
<lastmod>2021-03-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Padic_Ints.html</loc>
<lastmod>2021-03-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Constructive_Cryptography_CM.html</loc>
<lastmod>2021-03-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/constructive_cryptography/</loc>
<lastmod>2021-03-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/game_based_crypto/</loc>
<lastmod>2021-03-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lochbihler/</loc>
<lastmod>2021-03-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sefidgar/</loc>
<lastmod>2021-03-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sigma_commit_crypto/</loc>
<lastmod>2021-03-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bottesch/</loc>
<lastmod>2021-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/divason/</loc>
<lastmod>2021-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/hermite/</loc>
<lastmod>2021-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lll_basis_reduction/</loc>
<lastmod>2021-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/smith_normal_form/</loc>
<lastmod>2021-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html</loc>
<lastmod>2021-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/isabelle_marries_dirac/</loc>
<lastmod>2021-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/pi_transcendental/</loc>
<lastmod>2021-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/power_sum_polynomials/</loc>
<lastmod>2021-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/qhlprover/</loc>
<lastmod>2021-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Projective_Measurements.html</loc>
<lastmod>2021-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hermite_Lindemann.html</loc>
<lastmod>2021-03-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/blumson/</loc>
<lastmod>2021-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Mereology.html</loc>
<lastmod>2021-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sunflowers.html</loc>
<lastmod>2021-02-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BTree.html</loc>
<lastmod>2021-02-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/muendler/</loc>
<lastmod>2021-02-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/refine_imperative_hol/</loc>
<lastmod>2021-02-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Formal_Puiseux_Series.html</loc>
<lastmod>2021-02-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Laws_of_Large_Numbers.html</loc>
<lastmod>2021-02-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/coghetto/</loc>
<lastmod>2021-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IsaGeoCoq.html</loc>
<lastmod>2021-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Blue_Eyes.html</loc>
<lastmod>2021-01-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hood_Melville_Queue.html</loc>
<lastmod>2021-01-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/londono/</loc>
<lastmod>2021-01-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/JinjaDCI.html</loc>
<lastmod>2021-01-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Delta_System_Lemma.html</loc>
<lastmod>2020-12-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fuenmayor/</loc>
<lastmod>2020-12-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Topological_Semantics.html</loc>
<lastmod>2020-12-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/aggregation_algebras/</loc>
<lastmod>2020-12-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/brien/</loc>
<lastmod>2020-12-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relational_Minimum_Spanning_Trees.html</loc>
<lastmod>2020-12-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/relational_disjoint_set_forests/</loc>
<lastmod>2020-12-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/desharnais/</loc>
<lastmod>2020-12-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Interpreter_Optimizations.html</loc>
<lastmod>2020-12-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/vericomp/</loc>
<lastmod>2020-12-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relational_Method.html</loc>
<lastmod>2020-12-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/he/</loc>
<lastmod>2020-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Isabelle_Marries_Dirac.html</loc>
<lastmod>2020-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lachnitt/</loc>
<lastmod>2020-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/matrix_tensor/</loc>
<lastmod>2020-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/vectorspace/</loc>
<lastmod>2020-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/hol-csp/</loc>
<lastmod>2020-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CSP_RefTK.html</loc>
<lastmod>2020-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wolff/</loc>
<lastmod>2020-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ye/</loc>
<lastmod>2020-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AI_Planning_Languages_Semantics.html</loc>
<lastmod>2020-10-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ai_planning_languages_semantics/</loc>
<lastmod>2020-10-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/certification_monads/</loc>
<lastmod>2020-10-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kurz/</loc>
<lastmod>2020-10-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/propositional_proof_systems/</loc>
<lastmod>2020-10-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Verified_SAT_Based_AI_Planning.html</loc>
<lastmod>2020-10-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Physical_Quantities.html</loc>
<lastmod>2020-10-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fosters/</loc>
<lastmod>2020-10-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/diaz/</loc>
<lastmod>2020-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Finite-Map-Extras.html</loc>
<lastmod>2020-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Shadow_DOM.html</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Shadow_SC_DOM.html</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SC_DOM_Components.html</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DOM_Components.html</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/core_dom/</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/core_sc_dom/</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/herzberg/</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/shadow_dom/</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/shadow_sc_dom/</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Core_SC_DOM.html</loc>
<lastmod>2020-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Goedel_Incompleteness.html</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Goedel_HFSet_Semantic.html</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Goedel_HFSet_Semanticless.html</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/goedel_incompleteness/</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/hereditarilyfinite/</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/incompleteness/</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Robinson_Arithmetic.html</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Syntax_Independent_Logic.html</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/syntax_independent_logic/</loc>
<lastmod>2020-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Extended_Finite_State_Machines.html</loc>
<lastmod>2020-09-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/derrick/</loc>
<lastmod>2020-09-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/extended_finite_state_machines/</loc>
<lastmod>2020-09-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/finfun/</loc>
<lastmod>2020-09-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/foster/</loc>
<lastmod>2020-09-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Extended_Finite_State_Machine_Inference.html</loc>
<lastmod>2020-09-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/taylor/</loc>
<lastmod>2020-09-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/balbach/</loc>
<lastmod>2020-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fleury/</loc>
<lastmod>2020-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kaufmann/</loc>
<lastmod>2020-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PAC_Checker.html</loc>
<lastmod>2020-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sepref_iicf/</loc>
<lastmod>2020-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Inductive_Inference.html</loc>
<lastmod>2020-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relational_Disjoint_Set_Forests.html</loc>
<lastmod>2020-08-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/blanchette/</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Saturation_Framework_Extensions.html</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/first_order_terms/</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gammie/</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/holcf-prelude/</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ordered_resolution_prover/</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BirdKMP.html</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/saturation_framework/</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tourret/</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/well_quasi_orders/</loc>
<lastmod>2020-08-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Amicable_Numbers.html</loc>
<lastmod>2020-08-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/pratt_certificate/</loc>
<lastmod>2020-08-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/nash_williams/</loc>
<lastmod>2020-08-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ordinal_Partitions.html</loc>
<lastmod>2020-08-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Chandy_Lamport.html</loc>
<lastmod>2020-07-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fiedler/</loc>
<lastmod>2020-07-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hoefner/</loc>
<lastmod>2020-07-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/relation_algebra/</loc>
<lastmod>2020-07-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relational_Paths.html</loc>
<lastmod>2020-07-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Safe_Distance.html</loc>
<lastmod>2020-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/immler/</loc>
<lastmod>2020-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rizaldi/</loc>
<lastmod>2020-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sturm_sequences/</loc>
<lastmod>2020-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Smith_Normal_Form.html</loc>
<lastmod>2020-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/perron_frobenius/</loc>
<lastmod>2020-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Nash_Williams.html</loc>
<lastmod>2020-05-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Knuth_Bendix_Order.html</loc>
<lastmod>2020-05-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/matrix/</loc>
<lastmod>2020-05-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Irrational_Series_Erdos_Straus.html</loc>
<lastmod>2020-05-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/prime_distribution_elementary/</loc>
<lastmod>2020-05-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/prime_number_theorem/</loc>
<lastmod>2020-05-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/dunaev/</loc>
<lastmod>2020-05-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Recursion-Addition.html</loc>
<lastmod>2020-05-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LTL_Normal_Form.html</loc>
<lastmod>2020-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ltl/</loc>
<lastmod>2020-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ltl_master_theorem/</loc>
<lastmod>2020-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sickert/</loc>
<lastmod>2020-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Forcing.html</loc>
<lastmod>2020-05-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Banach_Steinhaus.html</loc>
<lastmod>2020-05-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Attack_Trees.html</loc>
<lastmod>2020-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kammueller/</loc>
<lastmod>2020-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gaussian_Integers.html</loc>
<lastmod>2020-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Power_Sum_Polynomials.html</loc>
<lastmod>2020-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/symmetric_polynomials/</loc>
<lastmod>2020-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lambert_W.html</loc>
<lastmod>2020-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/hybrid_systems_vcs/</loc>
<lastmod>2020-04-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Matrices_for_ODEs.html</loc>
<lastmod>2020-04-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/munive/</loc>
<lastmod>2020-04-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ADS_Functor.html</loc>
<lastmod>2020-04-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/maric/</loc>
<lastmod>2020-04-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sliding_Window_Algorithm.html</loc>
<lastmod>2020-04-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/heimes/</loc>
<lastmod>2020-04-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schneider/</loc>
<lastmod>2020-04-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Saturation_Framework.html</loc>
<lastmod>2020-04-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MFODL_Monitor_Optimized.html</loc>
<lastmod>2020-04-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/generic_join/</loc>
<lastmod>2020-04-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ieee_floating_point/</loc>
<lastmod>2020-04-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lambda_free_rpos/</loc>
<lastmod>2020-04-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/mfotl_monitor/</loc>
<lastmod>2020-04-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Automated_Stateful_Protocol_Verification.html</loc>
<lastmod>2020-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hess/</loc>
<lastmod>2020-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/moedersheim/</loc>
<lastmod>2020-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schlichtkrull/</loc>
<lastmod>2020-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stateful_Protocol_Composition_and_Typing.html</loc>
<lastmod>2020-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/stateful_protocol_composition_and_typing/</loc>
<lastmod>2020-04-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lucas_Theorem.html</loc>
<lastmod>2020-04-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gonzalez/</loc>
<lastmod>2020-03-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/WOOT_Strong_Eventual_Consistency.html</loc>
<lastmod>2020-03-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Furstenberg_Topology.html</loc>
<lastmod>2020-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relational-Incorrectness-Logic.html</loc>
<lastmod>2020-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/murray/</loc>
<lastmod>2020-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/diekmann/</loc>
<lastmod>2020-03-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hello_World.html</loc>
<lastmod>2020-03-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hupel/</loc>
<lastmod>2020-03-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Goodstein_Lambda.html</loc>
<lastmod>2020-02-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/VeriComp.html</loc>
<lastmod>2020-02-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Arith_Prog_Rel_Primes.html</loc>
<lastmod>2020-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Subset_Boolean_Algebras.html</loc>
<lastmod>2020-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/moeller/</loc>
<lastmod>2020-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/stone_algebras/</loc>
<lastmod>2020-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Mersenne_Primes.html</loc>
<lastmod>2020-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/pell/</loc>
<lastmod>2020-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/probabilistic_prime_tests/</loc>
<lastmod>2020-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/essmann/</loc>
<lastmod>2020-01-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/robillard/</loc>
<lastmod>2020-01-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Approximation_Algorithms.html</loc>
<lastmod>2020-01-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/akra_bazzi/</loc>
<lastmod>2020-01-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Closest_Pair_Points.html</loc>
<lastmod>2020-01-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rau/</loc>
<lastmod>2020-01-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/root_balanced_tree/</loc>
<lastmod>2020-01-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/haslbeck/</loc>
<lastmod>2020-01-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/monad_normalisation/</loc>
<lastmod>2020-01-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Skip_Lists.html</loc>
<lastmod>2020-01-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Bicategory.html</loc>
<lastmod>2020-01-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/monoidalcategory/</loc>
<lastmod>2020-01-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/e_transcendental/</loc>
<lastmod>2019-12-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Zeta_3_Irrational.html</loc>
<lastmod>2019-12-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hybrid_Logic.html</loc>
<lastmod>2019-12-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/hol-ode-numerics/</loc>
<lastmod>2019-12-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Poincare_Bendixson.html</loc>
<lastmod>2019-12-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/boutry/</loc>
<lastmod>2019-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Complex_Geometry.html</loc>
<lastmod>2019-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/maricf/</loc>
<lastmod>2019-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Poincare_Disc.html</loc>
<lastmod>2019-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/simic/</loc>
<lastmod>2019-12-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/dirichlet_l/</loc>
<lastmod>2019-12-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gauss_Sums.html</loc>
<lastmod>2019-12-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/raya/</loc>
<lastmod>2019-12-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Generalized_Counting_Sort.html</loc>
<lastmod>2019-12-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bohrer/</loc>
<lastmod>2019-11-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Interval_Arithmetic_Word32.html</loc>
<lastmod>2019-11-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ZFC_in_HOL.html</loc>
<lastmod>2019-10-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Isabelle_C.html</loc>
<lastmod>2019-10-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tuong/</loc>
<lastmod>2019-10-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/VerifyThis2019.html</loc>
<lastmod>2019-10-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wimmer/</loc>
<lastmod>2019-10-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Aristotles_Assertoric_Syllogistic.html</loc>
<lastmod>2019-10-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/butler/</loc>
<lastmod>2019-10-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/crypthol/</loc>
<lastmod>2019-10-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sigma_Commit_Crypto.html</loc>
<lastmod>2019-10-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Clean.html</loc>
<lastmod>2019-10-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Generic_Join.html</loc>
<lastmod>2019-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/kad/</loc>
<lastmod>2019-09-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/kat_and_dra/</loc>
<lastmod>2019-09-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ordinary_differential_equations/</loc>
<lastmod>2019-09-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/transformer_semantics/</loc>
<lastmod>2019-09-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hybrid_Systems_VCs.html</loc>
<lastmod>2019-09-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Fourier.html</loc>
<lastmod>2019-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Jacobson_Basic_Algebra.html</loc>
<lastmod>2019-08-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ballarin/</loc>
<lastmod>2019-08-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Adaptive_State_Counting.html</loc>
<lastmod>2019-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/transition_systems_and_automata/</loc>
<lastmod>2019-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Laplace_Transform.html</loc>
<lastmod>2019-08-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/buyse/</loc>
<lastmod>2019-08-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/C2KA_DistributedSystems.html</loc>
<lastmod>2019-08-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/farkas/</loc>
<lastmod>2019-08-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/jaskolka/</loc>
<lastmod>2019-08-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kaliszyk/</loc>
<lastmod>2019-08-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Linear_Programming.html</loc>
<lastmod>2019-08-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/parsert/</loc>
<lastmod>2019-08-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IMO2019.html</loc>
<lastmod>2019-08-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/losa/</loc>
<lastmod>2019-08-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stellar_Quorums.html</loc>
<lastmod>2019-08-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/TESL_Language.html</loc>
<lastmod>2019-07-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/van/</loc>
<lastmod>2019-07-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Szpilrajn.html</loc>
<lastmod>2019-07-27T00:00:00+00:00</lastmod>
</url><url>
- <loc>/authors/stevens/</loc>
- <lastmod>2019-07-27T00:00:00+00:00</lastmod>
- </url><url>
<loc>/authors/zeller/</loc>
<lastmod>2019-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FOL_Seq_Calc1.html</loc>
<lastmod>2019-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CakeML_Codegen.html</loc>
<lastmod>2019-07-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/cakeml/</loc>
<lastmod>2019-07-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/constructor_funs/</loc>
<lastmod>2019-07-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/dict_construction/</loc>
<lastmod>2019-07-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/higher_order_terms/</loc>
<lastmod>2019-07-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/huffman/</loc>
<lastmod>2019-07-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/pairing_heap/</loc>
<lastmod>2019-07-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MFOTL_Monitor.html</loc>
<lastmod>2019-07-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Complete_Non_Orders.html</loc>
<lastmod>2019-06-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/dubut/</loc>
<lastmod>2019-06-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Priority_Search_Trees.html</loc>
<lastmod>2019-06-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/priority_search_trees/</loc>
<lastmod>2019-06-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Prim_Dijkstra_Simple.html</loc>
<lastmod>2019-06-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Linear_Inequalities.html</loc>
<lastmod>2019-06-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/reynaud/</loc>
<lastmod>2019-06-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Nullstellensatz.html</loc>
<lastmod>2019-06-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/maletzky/</loc>
<lastmod>2019-06-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Groebner_Macaulay.html</loc>
<lastmod>2019-06-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IMP2_Binary_Heap.html</loc>
<lastmod>2019-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/griebel/</loc>
<lastmod>2019-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/imp2/</loc>
<lastmod>2019-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Differential_Game_Logic.html</loc>
<lastmod>2019-06-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/median_of_medians_selection/</loc>
<lastmod>2019-05-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/KD_Tree.html</loc>
<lastmod>2019-05-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LambdaAuth.html</loc>
<lastmod>2019-05-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/aspinall/</loc>
<lastmod>2019-05-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Multi_Party_Computation.html</loc>
<lastmod>2019-05-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/HOL-CSP.html</loc>
<lastmod>2019-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LTL_Master_Theorem.html</loc>
<lastmod>2019-04-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/seidl/</loc>
<lastmod>2019-04-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Binding_Syntax_Theory.html</loc>
<lastmod>2019-04-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gheri/</loc>
<lastmod>2019-04-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Transcendence_Series_Hancl_Rucki.html</loc>
<lastmod>2019-03-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/deep_learning/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/liu/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/liut/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/liy/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/QHLProver.html</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wang/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ying/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/yingm/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zhan/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zhann/</loc>
<lastmod>2019-03-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nikiforov/</loc>
<lastmod>2019-03-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Safe_OCL.html</loc>
<lastmod>2019-03-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Prime_Distribution_Elementary.html</loc>
<lastmod>2019-02-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/zeta_function/</loc>
<lastmod>2019-02-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/biendarra/</loc>
<lastmod>2019-02-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/haslbeckm/</loc>
<lastmod>2019-02-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Kruskal.html</loc>
<lastmod>2019-02-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/matroids/</loc>
<lastmod>2019-02-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/refine_monadic/</loc>
<lastmod>2019-02-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Probabilistic_Prime_Tests.html</loc>
<lastmod>2019-02-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stuewe/</loc>
<lastmod>2019-02-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/regensburger/</loc>
<lastmod>2019-02-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Universal_Turing_Machine.html</loc>
<lastmod>2019-02-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/urban/</loc>
<lastmod>2019-02-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/xu/</loc>
<lastmod>2019-02-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zhangx/</loc>
<lastmod>2019-02-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/UTP.html</loc>
<lastmod>2019-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nemouchi/</loc>
<lastmod>2019-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/optics/</loc>
<lastmod>2019-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ribeiro/</loc>
<lastmod>2019-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/List_Inversions.html</loc>
<lastmod>2019-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/utp-toolkit/</loc>
<lastmod>2019-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zeyda/</loc>
<lastmod>2019-02-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Farkas.html</loc>
<lastmod>2019-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/simplex/</loc>
<lastmod>2019-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Higher_Order_Terms.html</loc>
<lastmod>2019-01-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IMP2.html</loc>
<lastmod>2019-01-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Store_Buffer_Reduction.html</loc>
<lastmod>2019-01-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/cohen/</loc>
<lastmod>2019-01-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schirmer/</loc>
<lastmod>2019-01-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Core_DOM.html</loc>
<lastmod>2018-12-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Concurrent_Revisions.html</loc>
<lastmod>2018-12-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/overbeek/</loc>
<lastmod>2018-12-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/auto2_hol/</loc>
<lastmod>2018-12-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Auto2_Imperative_HOL.html</loc>
<lastmod>2018-12-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Constructive_Cryptography.html</loc>
<lastmod>2018-12-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/kleene_algebra/</loc>
<lastmod>2018-12-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/order_lattice_props/</loc>
<lastmod>2018-12-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Order_Lattice_Props.html</loc>
<lastmod>2018-12-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/quantales/</loc>
<lastmod>2018-12-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Quantales.html</loc>
<lastmod>2018-12-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/struth/</loc>
<lastmod>2018-12-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Transformer_Semantics.html</loc>
<lastmod>2018-12-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Functional_Ordered_Resolution_Prover.html</loc>
<lastmod>2018-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Graph_Saturation.html</loc>
<lastmod>2018-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/open_induction/</loc>
<lastmod>2018-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Auto2_HOL.html</loc>
<lastmod>2018-11-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/keinholz/</loc>
<lastmod>2018-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Matroids.html</loc>
<lastmod>2018-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Generic_Deriving.html</loc>
<lastmod>2018-11-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/raedle/</loc>
<lastmod>2018-11-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/GewirthPGCProof.html</loc>
<lastmod>2018-10-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Epistemic_Logic.html</loc>
<lastmod>2018-10-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Smooth_Manifolds.html</loc>
<lastmod>2018-10-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bentkamp/</loc>
<lastmod>2018-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lambda_Free_EPO.html</loc>
<lastmod>2018-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/random_bsts/</loc>
<lastmod>2018-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Randomised_BSTs.html</loc>
<lastmod>2018-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Factored_Transition_System_Bounding.html</loc>
<lastmod>2018-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Pi_Transcendental.html</loc>
<lastmod>2018-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Symmetric_Polynomials.html</loc>
<lastmod>2018-09-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Signature_Groebner.html</loc>
<lastmod>2018-09-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Prime_Number_Theorem.html</loc>
<lastmod>2018-09-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Aggregation_Algebras.html</loc>
<lastmod>2018-09-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Octonions.html</loc>
<lastmod>2018-09-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Quaternions.html</loc>
<lastmod>2018-09-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Budan_Fourier.html</loc>
<lastmod>2018-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Simplex.html</loc>
<lastmod>2018-08-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/spasic/</loc>
<lastmod>2018-08-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/abstract-rewriting/</loc>
<lastmod>2018-08-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Minsky_Machines.html</loc>
<lastmod>2018-08-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/recursion-theory-i/</loc>
<lastmod>2018-08-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DiscretePricing.html</loc>
<lastmod>2018-07-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/first_welfare_theorem/</loc>
<lastmod>2018-07-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Neumann_Morgenstern_Utility.html</loc>
<lastmod>2018-07-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Pell.html</loc>
<lastmod>2018-06-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Projective_Geometry.html</loc>
<lastmod>2018-06-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Localization_Ring.html</loc>
<lastmod>2018-06-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/brunner/</loc>
<lastmod>2018-06-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/coinductive/</loc>
<lastmod>2018-06-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Partial_Order_Reduction.html</loc>
<lastmod>2018-06-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/stuttering_equivalence/</loc>
<lastmod>2018-06-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/monad_memo_dp/</loc>
<lastmod>2018-05-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Optimal_BST.html</loc>
<lastmod>2018-05-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/somogyi/</loc>
<lastmod>2018-05-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hidden_Markov_Models.html</loc>
<lastmod>2018-05-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/markov_models/</loc>
<lastmod>2018-05-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hoelzl/</loc>
<lastmod>2018-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Probabilistic_Timed_Automata.html</loc>
<lastmod>2018-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/timed_automata/</loc>
<lastmod>2018-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AxiomaticCategoryTheory.html</loc>
<lastmod>2018-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Irrationality_J_Hancl.html</loc>
<lastmod>2018-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/scott/</loc>
<lastmod>2018-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hu/</loc>
<lastmod>2018-05-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Monad_Memo_DP.html</loc>
<lastmod>2018-05-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/beresford/</loc>
<lastmod>2018-05-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gomes/</loc>
<lastmod>2018-05-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kleppmann/</loc>
<lastmod>2018-05-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/mulligan/</loc>
<lastmod>2018-05-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/OpSets.html</loc>
<lastmod>2018-05-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Modular_Assembly_Kit_Security.html</loc>
<lastmod>2018-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bracevac/</loc>
<lastmod>2018-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gay/</loc>
<lastmod>2018-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/grewe/</loc>
<lastmod>2018-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/mantel/</loc>
<lastmod>2018-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sudbrock/</loc>
<lastmod>2018-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tasch/</loc>
<lastmod>2018-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/watt/</loc>
<lastmod>2018-04-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/WebAssembly.html</loc>
<lastmod>2018-04-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/VerifyThis2018.html</loc>
<lastmod>2018-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BNF_CC.html</loc>
<lastmod>2018-04-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/brandt/</loc>
<lastmod>2018-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/randomised_social_choice/</loc>
<lastmod>2018-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/saile/</loc>
<lastmod>2018-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stricker/</loc>
<lastmod>2018-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Fishburn_Impossibility.html</loc>
<lastmod>2018-03-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/dirix/</loc>
<lastmod>2018-03-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Weight_Balanced_Trees.html</loc>
<lastmod>2018-03-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CakeML.html</loc>
<lastmod>2018-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lem/</loc>
<lastmod>2018-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zhang/</loc>
<lastmod>2018-03-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Architectural_Design_Patterns.html</loc>
<lastmod>2018-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/dynamicarchitectures/</loc>
<lastmod>2018-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hoare_Time.html</loc>
<lastmod>2018-02-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/separation_algebra/</loc>
<lastmod>2018-02-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LLL_Factorization.html</loc>
<lastmod>2018-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/comparison_sort_lower_bound/</loc>
<lastmod>2018-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/First_Order_Terms.html</loc>
<lastmod>2018-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/landau_symbols/</loc>
<lastmod>2018-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Error_Function.html</loc>
<lastmod>2018-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Treaps.html</loc>
<lastmod>2018-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LLL_Basis_Reduction.html</loc>
<lastmod>2018-02-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ordered_Resolution_Prover.html</loc>
<lastmod>2018-01-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/waldmann/</loc>
<lastmod>2018-01-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gouezel/</loc>
<lastmod>2018-01-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gromov_Hyperbolicity.html</loc>
<lastmod>2018-01-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Green.html</loc>
<lastmod>2018-01-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/affine_arithmetic/</loc>
<lastmod>2018-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Taylor_Models.html</loc>
<lastmod>2018-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/traut/</loc>
<lastmod>2018-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/discrete_summation/</loc>
<lastmod>2017-12-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Falling_Factorial_Sum.html</loc>
<lastmod>2017-12-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dirichlet_L.html</loc>
<lastmod>2017-12-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/finitely_generated_abelian_groups/</loc>
<lastmod>2017-12-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Mason_Stothers.html</loc>
<lastmod>2017-12-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Median_Of_Medians_Selection.html</loc>
<lastmod>2017-12-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BNF_Operations.html</loc>
<lastmod>2017-12-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hellauer/</loc>
<lastmod>2017-12-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Knuth_Morris_Pratt.html</loc>
<lastmod>2017-12-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stochastic_Matrices.html</loc>
<lastmod>2017-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/crdt/</loc>
<lastmod>2017-11-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/jungnickel/</loc>
<lastmod>2017-11-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/loibl/</loc>
<lastmod>2017-11-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/oldenburg/</loc>
<lastmod>2017-11-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IMAP-CRDT.html</loc>
<lastmod>2017-11-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hybrid_Multi_Lane_Spatial_Logic.html</loc>
<lastmod>2017-11-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/linker/</loc>
<lastmod>2017-11-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gioiosa/</loc>
<lastmod>2017-10-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Kuratowski_Closure_Complement.html</loc>
<lastmod>2017-10-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Buchi_Complementation.html</loc>
<lastmod>2017-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/dfs_framework/</loc>
<lastmod>2017-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/gabow_scc/</loc>
<lastmod>2017-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Transition_Systems_and_Automata.html</loc>
<lastmod>2017-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Count_Complex_Roots.html</loc>
<lastmod>2017-10-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Winding_Number_Eval.html</loc>
<lastmod>2017-10-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/winding_number_eval/</loc>
<lastmod>2017-10-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Diophantine_Eqns_Lin_Hom.html</loc>
<lastmod>2017-10-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/messner/</loc>
<lastmod>2017-10-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schoepf/</loc>
<lastmod>2017-10-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/count_complex_roots/</loc>
<lastmod>2017-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dirichlet_Series.html</loc>
<lastmod>2017-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/euler_maclaurin/</loc>
<lastmod>2017-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Linear_Recurrences.html</loc>
<lastmod>2017-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/linear_recurrences/</loc>
<lastmod>2017-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Zeta_Function.html</loc>
<lastmod>2017-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lowe_Ontological_Argument.html</loc>
<lastmod>2017-09-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kirchner/</loc>
<lastmod>2017-09-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PLM.html</loc>
<lastmod>2017-09-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AnselmGod.html</loc>
<lastmod>2017-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/First_Welfare_Theorem.html</loc>
<lastmod>2017-09-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/amortized_complexity/</loc>
<lastmod>2017-08-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Orbit_Stabiliser.html</loc>
<lastmod>2017-08-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Root_Balanced_Tree.html</loc>
<lastmod>2017-08-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/matache/</loc>
<lastmod>2017-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LambdaMu.html</loc>
<lastmod>2017-08-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stewart_Apollonius.html</loc>
<lastmod>2017-07-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/triangle/</loc>
<lastmod>2017-07-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DynamicArchitectures.html</loc>
<lastmod>2017-07-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Decl_Sem_Fun_PL.html</loc>
<lastmod>2017-07-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/siek/</loc>
<lastmod>2017-07-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/breitner/</loc>
<lastmod>2017-07-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/HOLCF-Prelude.html</loc>
<lastmod>2017-07-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/huffman/</loc>
<lastmod>2017-07-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/mitchell/</loc>
<lastmod>2017-07-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Minkowskis_Theorem.html</loc>
<lastmod>2017-07-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rawson/</loc>
<lastmod>2017-07-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Name_Carrying_Type_Inference.html</loc>
<lastmod>2017-07-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CRDT.html</loc>
<lastmod>2017-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stone_Kleene_Relation_Algebras.html</loc>
<lastmod>2017-07-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/stone_relation_algebras/</loc>
<lastmod>2017-07-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Propositional_Proof_Systems.html</loc>
<lastmod>2017-06-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/dongol/</loc>
<lastmod>2017-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hayes/</loc>
<lastmod>2017-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PSemigroupsConvolution.html</loc>
<lastmod>2017-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Buffons_Needle.html</loc>
<lastmod>2017-06-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/cava_automata/</loc>
<lastmod>2017-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Flow_Networks.html</loc>
<lastmod>2017-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/flow_networks/</loc>
<lastmod>2017-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Prpu_Maxflow.html</loc>
<lastmod>2017-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/program-conflict-analysis/</loc>
<lastmod>2017-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Optics.html</loc>
<lastmod>2017-05-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Security_Protocol_Refinement.html</loc>
<lastmod>2017-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dict_Construction.html</loc>
<lastmod>2017-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lazy_case/</loc>
<lastmod>2017-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/somaini/</loc>
<lastmod>2017-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Floyd_Warshall.html</loc>
<lastmod>2017-05-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/applicative_lifting/</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bhatt/</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CryptHOL.html</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Monomorphic_Monad.html</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Game_Based_Crypto.html</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/mfmc_countable/</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Monad_Normalisation.html</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/monomorphic_monad/</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Probabilistic_While.html</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/probabilistic_while/</loc>
<lastmod>2017-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/category3/</loc>
<lastmod>2017-05-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MonoidalCategory.html</loc>
<lastmod>2017-05-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Types_Tableaus_and_Goedels_God.html</loc>
<lastmod>2017-05-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LocalLexing.html</loc>
<lastmod>2017-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/obua/</loc>
<lastmod>2017-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Constructor_Funs.html</loc>
<lastmod>2017-04-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lazy_Case.html</loc>
<lastmod>2017-04-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Subresultants.html</loc>
<lastmod>2017-04-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Random_BSTs.html</loc>
<lastmod>2017-04-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/quick_sort_cost/</loc>
<lastmod>2017-04-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Comparison_Sort_Lower_Bound.html</loc>
<lastmod>2017-03-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/regular-sets/</loc>
<lastmod>2017-03-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Quick_Sort_Cost.html</loc>
<lastmod>2017-03-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Euler_MacLaurin.html</loc>
<lastmod>2017-03-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/berghofer/</loc>
<lastmod>2017-02-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Elliptic_Curves_Group_Law.html</loc>
<lastmod>2017-02-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/dittmann/</loc>
<lastmod>2017-02-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Menger.html</loc>
<lastmod>2017-02-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Differential_Dynamic_Logic.html</loc>
<lastmod>2017-02-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Abstract_Soundness.html</loc>
<lastmod>2017-02-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stone_Relation_Algebras.html</loc>
<lastmod>2017-02-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lallemand/</loc>
<lastmod>2017-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Key_Agreement_Strong_Adversaries.html</loc>
<lastmod>2017-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Bernoulli.html</loc>
<lastmod>2017-01-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Bertrands_Postulate.html</loc>
<lastmod>2017-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/formal_ssa/</loc>
<lastmod>2017-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lohner/</loc>
<lastmod>2017-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Minimal_SSA.html</loc>
<lastmod>2017-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wagner/</loc>
<lastmod>2017-01-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/E_Transcendental.html</loc>
<lastmod>2017-01-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bruegger/</loc>
<lastmod>2017-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/UPF_Firewall.html</loc>
<lastmod>2017-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/upf/</loc>
<lastmod>2017-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Password_Authentication_Protocol.html</loc>
<lastmod>2017-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FOL_Harrison.html</loc>
<lastmod>2017-01-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/jensen/</loc>
<lastmod>2017-01-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Concurrent_Ref_Alg.html</loc>
<lastmod>2016-12-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fell/</loc>
<lastmod>2016-12-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/velykis/</loc>
<lastmod>2016-12-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/bell_numbers_spivey/</loc>
<lastmod>2016-12-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/card_multisets/</loc>
<lastmod>2016-12-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/card_number_partitions/</loc>
<lastmod>2016-12-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Twelvefold_Way.html</loc>
<lastmod>2016-12-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nagashima/</loc>
<lastmod>2016-12-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Proof_Strategy_Language.html</loc>
<lastmod>2016-12-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Paraconsistency.html</loc>
<lastmod>2016-12-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/amani/</loc>
<lastmod>2016-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/andronick/</loc>
<lastmod>2016-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Complx.html</loc>
<lastmod>2016-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lewis/</loc>
<lastmod>2016-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rizkallah/</loc>
<lastmod>2016-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tuongj/</loc>
<lastmod>2016-11-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Abs_Int_ITP2012.html</loc>
<lastmod>2016-11-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/clouston/</loc>
<lastmod>2016-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gore/</loc>
<lastmod>2016-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hou/</loc>
<lastmod>2016-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sanan/</loc>
<lastmod>2016-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Separata.html</loc>
<lastmod>2016-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tiu/</loc>
<lastmod>2016-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/becker/</loc>
<lastmod>2016-11-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lambda_Free_KBOs.html</loc>
<lastmod>2016-11-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Nested_Multisets_Ordinals.html</loc>
<lastmod>2016-11-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ordinal/</loc>
<lastmod>2016-11-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wand/</loc>
<lastmod>2016-11-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Deep_Learning.html</loc>
<lastmod>2016-11-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/borgstroem/</loc>
<lastmod>2016-10-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/eriksson/</loc>
<lastmod>2016-10-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gutkovas/</loc>
<lastmod>2016-10-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Modal_Logics_for_NTS.html</loc>
<lastmod>2016-10-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/parrow/</loc>
<lastmod>2016-10-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/weber/</loc>
<lastmod>2016-10-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stable_Matching.html</loc>
<lastmod>2016-10-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/iptables_semantics/</loc>
<lastmod>2016-10-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LOFT.html</loc>
<lastmod>2016-10-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SPARCv8.html</loc>
<lastmod>2016-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hibon/</loc>
<lastmod>2016-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/liuy/</loc>
<lastmod>2016-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Source_Coding_Theorem.html</loc>
<lastmod>2016-10-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/efficient-mergesort/</loc>
<lastmod>2016-10-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/subresultants/</loc>
<lastmod>2016-10-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Berlekamp_Zassenhaus.html</loc>
<lastmod>2016-10-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Chord_Segments.html</loc>
<lastmod>2016-10-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lp.html</loc>
<lastmod>2016-10-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Fisher_Yates.html</loc>
<lastmod>2016-09-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Allen_Calculus.html</loc>
<lastmod>2016-09-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ghourabi/</loc>
<lastmod>2016-09-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lambda_Free_RPOs.html</loc>
<lastmod>2016-09-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Iptables_Semantics.html</loc>
<lastmod>2016-09-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/iptables_semantics_examples/</loc>
<lastmod>2016-09-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/routing/</loc>
<lastmod>2016-09-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SuperCalc.html</loc>
<lastmod>2016-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/peltier/</loc>
<lastmod>2016-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stone_Algebras.html</loc>
<lastmod>2016-09-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stirling_Formula.html</loc>
<lastmod>2016-09-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Routing.html</loc>
<lastmod>2016-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/simple_firewall/</loc>
<lastmod>2016-08-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ip_addresses/</loc>
<lastmod>2016-08-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Simple_Firewall.html</loc>
<lastmod>2016-08-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/aissat/</loc>
<lastmod>2016-08-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/InfPathElimination.html</loc>
<lastmod>2016-08-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/voisin/</loc>
<lastmod>2016-08-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/EdmondsKarp_Maxflow.html</loc>
<lastmod>2016-08-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/collections_examples/</loc>
<lastmod>2016-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/dijkstra_shortest_path/</loc>
<lastmod>2016-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/separation_logic_imperative_hol/</loc>
<lastmod>2016-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sepref_basic/</loc>
<lastmod>2016-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Refine_Imperative_HOL.html</loc>
<lastmod>2016-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ptolemys_Theorem.html</loc>
<lastmod>2016-08-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Surprise_Paradox.html</loc>
<lastmod>2016-07-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/brinkop/</loc>
<lastmod>2016-07-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Pairing_Heap.html</loc>
<lastmod>2016-07-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DFS_Framework.html</loc>
<lastmod>2016-07-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/neumann/</loc>
<lastmod>2016-07-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Buildings.html</loc>
<lastmod>2016-07-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sylvestre/</loc>
<lastmod>2016-07-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nagele/</loc>
<lastmod>2016-06-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/oostrom/</loc>
<lastmod>2016-06-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Resolution_FOL.html</loc>
<lastmod>2016-06-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Rewriting_Z.html</loc>
<lastmod>2016-06-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dependent_SIFUM_Refinement.html</loc>
<lastmod>2016-06-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/dependent_sifum_type_systems/</loc>
<lastmod>2016-06-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IP_Addresses.html</loc>
<lastmod>2016-06-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/pierzchalski/</loc>
<lastmod>2016-06-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sison/</loc>
<lastmod>2016-06-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Card_Multisets.html</loc>
<lastmod>2016-06-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Category3.html</loc>
<lastmod>2016-06-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dependent_SIFUM_Type_Systems.html</loc>
<lastmod>2016-06-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Catalan_Numbers.html</loc>
<lastmod>2016-06-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Algebraic_VCs.html</loc>
<lastmod>2016-06-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Noninterference_Concurrent_Composition.html</loc>
<lastmod>2016-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/noninterference_sequential_composition/</loc>
<lastmod>2016-06-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/beeren/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fernandez/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Word_Lib.html</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gao/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/klein/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kolanski/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lim/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/matichuk/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sewell/</loc>
<lastmod>2016-06-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Tree_Decomposition.html</loc>
<lastmod>2016-05-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ausaf/</loc>
<lastmod>2016-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Card_Equiv_Relations.html</loc>
<lastmod>2016-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/dyckhoff/</loc>
<lastmod>2016-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Posix-Lexing.html</loc>
<lastmod>2016-05-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kuncar/</loc>
<lastmod>2016-05-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Perron_Frobenius.html</loc>
<lastmod>2016-05-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/rank_nullity_theorem/</loc>
<lastmod>2016-05-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Incredible_Proof_Machine.html</loc>
<lastmod>2016-05-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FLP.html</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bisping/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/brodmann/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nestmann/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/peters/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rickmann/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/seidler/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stueber/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/weidner/</loc>
<lastmod>2016-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MFMC_Countable.html</loc>
<lastmod>2016-05-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/edmondskarp_maxflow/</loc>
<lastmod>2016-05-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Randomised_Social_Choice.html</loc>
<lastmod>2016-05-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Bell_Numbers_Spivey.html</loc>
<lastmod>2016-05-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SDS_Impossibility.html</loc>
<lastmod>2016-05-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Groebner_Bases.html</loc>
<lastmod>2016-05-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nemeti/</loc>
<lastmod>2016-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/No_FTL_observers.html</loc>
<lastmod>2016-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stannett/</loc>
<lastmod>2016-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CYK.html</loc>
<lastmod>2016-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ROBDD.html</loc>
<lastmod>2016-04-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Noninterference_Sequential_Composition.html</loc>
<lastmod>2016-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/noninterference_ipurge_unwinding/</loc>
<lastmod>2016-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/KAD.html</loc>
<lastmod>2016-04-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PropResPI.html</loc>
<lastmod>2016-03-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Cartan_FP.html</loc>
<lastmod>2016-03-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Timed_Automata.html</loc>
<lastmod>2016-03-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/boolean_expression_checkers/</loc>
<lastmod>2016-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LTL.html</loc>
<lastmod>2016-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/List_Update.html</loc>
<lastmod>2016-02-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/slicing/</loc>
<lastmod>2016-02-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ullrich/</loc>
<lastmod>2016-02-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Formal_SSA.html</loc>
<lastmod>2016-02-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/partial_function_mr/</loc>
<lastmod>2016-01-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Polynomial_Factorization.html</loc>
<lastmod>2016-01-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Polynomial_Interpolation.html</loc>
<lastmod>2016-01-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sqrt_babylonian/</loc>
<lastmod>2016-01-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Knot_Theory.html</loc>
<lastmod>2016-01-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/prathamesh/</loc>
<lastmod>2016-01-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Matrix_Tensor.html</loc>
<lastmod>2016-01-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Card_Number_Partitions.html</loc>
<lastmod>2016-01-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Triangle.html</loc>
<lastmod>2015-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Descartes_Sign_Rule.html</loc>
<lastmod>2015-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Liouville_Numbers.html</loc>
<lastmod>2015-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Prime_Harmonic_Series.html</loc>
<lastmod>2015-12-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Algebraic_Numbers.html</loc>
<lastmod>2015-12-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Applicative_Lifting.html</loc>
<lastmod>2015-12-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stern_Brocot.html</loc>
<lastmod>2015-12-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Card_Partitions.html</loc>
<lastmod>2015-12-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Latin_Square.html</loc>
<lastmod>2015-12-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/marriage/</loc>
<lastmod>2015-12-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ergodic_Theory.html</loc>
<lastmod>2015-12-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Euler_Partition.html</loc>
<lastmod>2015-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/TortoiseHare.html</loc>
<lastmod>2015-11-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/case_labeling/</loc>
<lastmod>2015-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/noschinski/</loc>
<lastmod>2015-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Planarity_Certificates.html</loc>
<lastmod>2015-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/simpl/</loc>
<lastmod>2015-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/transitive-closure/</loc>
<lastmod>2015-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Parity_Game.html</loc>
<lastmod>2015-11-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Isabelle_Meta_Model.html</loc>
<lastmod>2015-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LTL_to_DRA.html</loc>
<lastmod>2015-09-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/kbps/</loc>
<lastmod>2015-09-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Jordan_Normal_Form.html</loc>
<lastmod>2015-08-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Decreasing-Diagrams-II.html</loc>
<lastmod>2015-08-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Noninterference_Inductive_Unwinding.html</loc>
<lastmod>2015-08-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Rep_Fin_Groups.html</loc>
<lastmod>2015-08-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Encodability_Process_Calculi.html</loc>
<lastmod>2015-08-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/glabbeek/</loc>
<lastmod>2015-08-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Case_Labeling.html</loc>
<lastmod>2015-07-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Landau_Symbols.html</loc>
<lastmod>2015-07-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Akra_Bazzi.html</loc>
<lastmod>2015-07-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/echelon_form/</loc>
<lastmod>2015-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Hermite.html</loc>
<lastmod>2015-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Derangements.html</loc>
<lastmod>2015-06-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Multirelations.html</loc>
<lastmod>2015-06-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/furusawa/</loc>
<lastmod>2015-06-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/list_interleaving/</loc>
<lastmod>2015-06-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/noninterference_csp/</loc>
<lastmod>2015-06-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/List_Interleaving.html</loc>
<lastmod>2015-06-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Noninterference_Generic_Unwinding.html</loc>
<lastmod>2015-06-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Noninterference_Ipurge_Unwinding.html</loc>
<lastmod>2015-06-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dynamic_Tables.html</loc>
<lastmod>2015-06-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/coinductive_languages/</loc>
<lastmod>2015-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Formula_Derivatives.html</loc>
<lastmod>2015-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/formula_derivatives/</loc>
<lastmod>2015-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Probabilistic_System_Zoo.html</loc>
<lastmod>2015-05-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/caminati/</loc>
<lastmod>2015-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kerber/</loc>
<lastmod>2015-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lange/</loc>
<lastmod>2015-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rowat/</loc>
<lastmod>2015-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Vickrey_Clarke_Groves.html</loc>
<lastmod>2015-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Residuated_Lattices.html</loc>
<lastmod>2015-04-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ConcurrentIMP.html</loc>
<lastmod>2015-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/concurrentimp/</loc>
<lastmod>2015-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/engelhardt/</loc>
<lastmod>2015-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hosking/</loc>
<lastmod>2015-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ConcurrentGC.html</loc>
<lastmod>2015-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Trie.html</loc>
<lastmod>2015-03-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Consensus_Refined.html</loc>
<lastmod>2015-03-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/heard_of/</loc>
<lastmod>2015-03-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Deriving.html</loc>
<lastmod>2015-03-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/launchbury/</loc>
<lastmod>2015-02-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Call_Arity.html</loc>
<lastmod>2015-02-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/cayley_hamilton/</loc>
<lastmod>2015-02-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Echelon_Form.html</loc>
<lastmod>2015-02-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/QR_Decomposition.html</loc>
<lastmod>2015-02-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Finite_Automata_HF.html</loc>
<lastmod>2015-02-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/UpDown_Scheme.html</loc>
<lastmod>2015-01-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/UPF.html</loc>
<lastmod>2014-11-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/awn/</loc>
<lastmod>2014-10-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bourke/</loc>
<lastmod>2014-10-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AODV.html</loc>
<lastmod>2014-10-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lifting_Definition_Option.html</loc>
<lastmod>2014-10-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/maximova/</loc>
<lastmod>2014-10-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stream_Fusion_Code.html</loc>
<lastmod>2014-10-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Density_Compiler.html</loc>
<lastmod>2014-10-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/RefinementReactive.html</loc>
<lastmod>2014-10-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/preoteasa/</loc>
<lastmod>2014-10-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Certification_Monads.html</loc>
<lastmod>2014-10-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/XML.html</loc>
<lastmod>2014-10-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Imperative_Insertion_Sort.html</loc>
<lastmod>2014-09-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sturm_Tarski.html</loc>
<lastmod>2014-09-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/adelsberger/</loc>
<lastmod>2014-09-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hetzl/</loc>
<lastmod>2014-09-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/pollak/</loc>
<lastmod>2014-09-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Cayley_Hamilton.html</loc>
<lastmod>2014-09-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/raumer/</loc>
<lastmod>2014-09-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/secondary_sylow/</loc>
<lastmod>2014-09-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Jordan_Hoelder.html</loc>
<lastmod>2014-09-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Priority_Queue_Braun.html</loc>
<lastmod>2014-09-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gauss_Jordan.html</loc>
<lastmod>2014-09-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lee/</loc>
<lastmod>2014-08-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Special_Function_Bounds.html</loc>
<lastmod>2014-08-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/VectorSpace.html</loc>
<lastmod>2014-08-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Skew_Heap.html</loc>
<lastmod>2014-08-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Splay_Tree.html</loc>
<lastmod>2014-08-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Show.html</loc>
<lastmod>2014-07-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/blasum/</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/feliachi/</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CISC-Kernel.html</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/havle/</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/langenstein/</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schmaltz/</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/stephan/</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/tverdyshev/</loc>
<lastmod>2014-07-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/cock/</loc>
<lastmod>2014-07-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/pGCL.html</loc>
<lastmod>2014-07-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Amortized_Complexity.html</loc>
<lastmod>2014-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/skew_heap/</loc>
<lastmod>2014-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/splay_tree/</loc>
<lastmod>2014-07-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Network_Security_Policy_Verification.html</loc>
<lastmod>2014-07-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/coglio/</loc>
<lastmod>2014-07-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Pop_Refinement.html</loc>
<lastmod>2014-07-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MSO_Regex_Equivalence.html</loc>
<lastmod>2014-06-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Boolean_Expression_Checkers.html</loc>
<lastmod>2014-06-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CAVA_LTL_Modelchecker.html</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/cava_base/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/cava_setup/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LTL_to_GBA.html</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/esparza/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/ltl_to_gba/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/partial_order_reduction/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/promela/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Promela.html</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schimpf/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sm/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/sm_base/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/smaus/</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CAVA_Automata.html</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gabow_SCC.html</loc>
<lastmod>2014-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Noninterference_CSP.html</loc>
<lastmod>2014-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Roy_Floyd_Warshall.html</loc>
<lastmod>2014-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wenzel/</loc>
<lastmod>2014-05-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Regular_Algebras.html</loc>
<lastmod>2014-05-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ComponentDependencies.html</loc>
<lastmod>2014-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/spichkova/</loc>
<lastmod>2014-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SIFUM_Type_Systems.html</loc>
<lastmod>2014-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/WHATandWHERE_Security.html</loc>
<lastmod>2014-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Strong_Security.html</loc>
<lastmod>2014-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lux/</loc>
<lastmod>2014-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sauer/</loc>
<lastmod>2014-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/schoepe/</loc>
<lastmod>2014-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/strong_security/</loc>
<lastmod>2014-04-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Bounded_Deducibility_Security.html</loc>
<lastmod>2014-04-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/HyperCTL.html</loc>
<lastmod>2014-04-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Abstract_Completeness.html</loc>
<lastmod>2014-04-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rabe/</loc>
<lastmod>2014-04-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Discrete_Summation.html</loc>
<lastmod>2014-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/haftmann/</loc>
<lastmod>2014-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/GPU_Kernel_PL.html</loc>
<lastmod>2014-04-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wickerson/</loc>
<lastmod>2014-04-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Probabilistic_Noninterference.html</loc>
<lastmod>2014-03-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AWN.html</loc>
<lastmod>2014-03-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Partial_Function_MR.html</loc>
<lastmod>2014-02-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Random_Graph_Subgraph_Threshold.html</loc>
<lastmod>2014-02-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/petrovic/</loc>
<lastmod>2014-02-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Selection_Heap_Sort.html</loc>
<lastmod>2014-02-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Affine_Arithmetic.html</loc>
<lastmod>2014-02-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Real_Impl.html</loc>
<lastmod>2014-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Regex_Equivalence.html</loc>
<lastmod>2014-01-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Secondary_Sylow.html</loc>
<lastmod>2014-01-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/armstrong/</loc>
<lastmod>2014-01-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Relation_Algebra.html</loc>
<lastmod>2014-01-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/KAT_and_DRA.html</loc>
<lastmod>2014-01-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Featherweight_OCL.html</loc>
<lastmod>2014-01-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CryptoBasedCompositionalProperties.html</loc>
<lastmod>2014-01-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sturm_Sequences.html</loc>
<lastmod>2014-01-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Tail_Recursive_Functions.html</loc>
<lastmod>2013-12-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Incompleteness.html</loc>
<lastmod>2013-11-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/HereditarilyFinite.html</loc>
<lastmod>2013-11-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Coinductive_Languages.html</loc>
<lastmod>2013-11-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FocusStreamsCaseStudies.html</loc>
<lastmod>2013-11-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/GoedelGod.html</loc>
<lastmod>2013-11-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/paleo/</loc>
<lastmod>2013-11-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Decreasing-Diagrams.html</loc>
<lastmod>2013-11-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zankl/</loc>
<lastmod>2013-11-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Automatic_Refinement.html</loc>
<lastmod>2013-10-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Native_Word.html</loc>
<lastmod>2013-09-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/IEEE_Floating_Point.html</loc>
<lastmod>2013-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/yu/</loc>
<lastmod>2013-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lehmer/</loc>
<lastmod>2013-07-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lehmer.html</loc>
<lastmod>2013-07-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Pratt_Certificate.html</loc>
<lastmod>2013-07-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Koenigsberg_Friendship.html</loc>
<lastmod>2013-07-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sort_Encodings.html</loc>
<lastmod>2013-06-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ShortestPath.html</loc>
<lastmod>2013-05-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Graph_Theory.html</loc>
<lastmod>2013-04-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/finger-trees/</loc>
<lastmod>2013-04-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Containers.html</loc>
<lastmod>2013-04-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/trie/</loc>
<lastmod>2013-04-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Nominal2.html</loc>
<lastmod>2013-02-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Launchbury.html</loc>
<lastmod>2013-01-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ribbon_Proofs.html</loc>
<lastmod>2013-01-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Rank_Nullity_Theorem.html</loc>
<lastmod>2013-01-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Kleene_Algebra.html</loc>
<lastmod>2013-01-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/cauchy/</loc>
<lastmod>2013-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Sqrt_Babylonian.html</loc>
<lastmod>2013-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Separation_Logic_Imperative_HOL.html</loc>
<lastmod>2012-11-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/meis/</loc>
<lastmod>2012-11-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ogawa/</loc>
<lastmod>2012-11-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Open_Induction.html</loc>
<lastmod>2012-11-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/makarios/</loc>
<lastmod>2012-10-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Tarskis_Geometry.html</loc>
<lastmod>2012-10-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/avigad/</loc>
<lastmod>2012-10-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Bondy.html</loc>
<lastmod>2012-10-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Possibilistic_Noninterference.html</loc>
<lastmod>2012-09-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Datatype_Order_Generator.html</loc>
<lastmod>2012-08-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Impossible_Geometry.html</loc>
<lastmod>2012-08-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/romanos/</loc>
<lastmod>2012-08-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/debrat/</loc>
<lastmod>2012-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Heard_Of.html</loc>
<lastmod>2012-07-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PCF.html</loc>
<lastmod>2012-07-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Tycon.html</loc>
<lastmod>2012-06-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bengtson/</loc>
<lastmod>2012-05-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CCS.html</loc>
<lastmod>2012-05-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Psi_Calculi.html</loc>
<lastmod>2012-05-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Pi_Calculus.html</loc>
<lastmod>2012-05-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/gaudel/</loc>
<lastmod>2012-05-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Circus.html</loc>
<lastmod>2012-05-27T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/boyton/</loc>
<lastmod>2012-05-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Separation_Algebra.html</loc>
<lastmod>2012-05-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stuttering_Equivalence.html</loc>
<lastmod>2012-05-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bella/</loc>
<lastmod>2012-05-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Inductive_Confidentiality.html</loc>
<lastmod>2012-05-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lorenz_approximation/</loc>
<lastmod>2012-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ordinary_Differential_Equations.html</loc>
<lastmod>2012-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Well_Quasi_Orders.html</loc>
<lastmod>2012-04-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Abortable_Linearizable_Modules.html</loc>
<lastmod>2012-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/guerraoui/</loc>
<lastmod>2012-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kuncak/</loc>
<lastmod>2012-03-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Transitive-Closure-II.html</loc>
<lastmod>2012-02-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Girth_Chromatic.html</loc>
<lastmod>2012-02-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Dijkstra_Shortest_Path.html</loc>
<lastmod>2012-01-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Refine_Monadic.html</loc>
<lastmod>2012-01-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/gauss-jordan-elim-fun/</loc>
<lastmod>2012-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Markov_Models.html</loc>
<lastmod>2012-01-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/TLA.html</loc>
<lastmod>2011-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/grov/</loc>
<lastmod>2011-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Efficient-Mergesort.html</loc>
<lastmod>2011-11-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MonoBoolTranAlgebra.html</loc>
<lastmod>2011-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/georgescu/</loc>
<lastmod>2011-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LatticeProperties.html</loc>
<lastmod>2011-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/latticeproperties/</loc>
<lastmod>2011-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/leustean/</loc>
<lastmod>2011-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/PseudoHoops.html</loc>
<lastmod>2011-09-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Myhill-Nerode.html</loc>
<lastmod>2011-08-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wu/</loc>
<lastmod>2011-08-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Gauss-Jordan-Elim-Fun.html</loc>
<lastmod>2011-08-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Max-Card-Matching.html</loc>
<lastmod>2011-07-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/KBPs.html</loc>
<lastmod>2011-05-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/General-Triangle.html</loc>
<lastmod>2011-04-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Transitive-Closure.html</loc>
<lastmod>2011-03-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AutoFocus-Stream.html</loc>
<lastmod>2011-02-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/List-Infinite.html</loc>
<lastmod>2011-02-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Nat-Interval-Logic.html</loc>
<lastmod>2011-02-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/list-infinite/</loc>
<lastmod>2011-02-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/nat-interval-logic/</loc>
<lastmod>2011-02-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/trachtenherz/</loc>
<lastmod>2011-02-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LightweightJava.html</loc>
<lastmod>2011-02-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/parkinson/</loc>
<lastmod>2011-02-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/strnisa/</loc>
<lastmod>2011-02-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/RIPEMD-160-SPARK.html</loc>
<lastmod>2011-01-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/grechuk/</loc>
<lastmod>2011-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lower_Semicontinuous.html</loc>
<lastmod>2011-01-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Marriage.html</loc>
<lastmod>2010-12-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/jiangd/</loc>
<lastmod>2010-12-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Shivers-CFA.html</loc>
<lastmod>2010-11-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Binomial-Heaps.html</loc>
<lastmod>2010-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Finger-Trees.html</loc>
<lastmod>2010-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Binomial-Queues.html</loc>
<lastmod>2010-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/koerner/</loc>
<lastmod>2010-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nielsen/</loc>
<lastmod>2010-10-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/doczkal/</loc>
<lastmod>2010-08-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lam-ml-Normalization.html</loc>
<lastmod>2010-08-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Polynomials.html</loc>
<lastmod>2010-08-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Statecharts.html</loc>
<lastmod>2010-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/helke/</loc>
<lastmod>2010-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Free-Groups.html</loc>
<lastmod>2010-06-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Category2.html</loc>
<lastmod>2010-06-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/katovsky/</loc>
<lastmod>2010-06-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Matrix.html</loc>
<lastmod>2010-06-17T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Abstract-Rewriting.html</loc>
<lastmod>2010-06-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/back/</loc>
<lastmod>2010-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/datarefinementibp/</loc>
<lastmod>2010-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DataRefinementIBP.html</loc>
<lastmod>2010-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/GraphMarkingIBP.html</loc>
<lastmod>2010-05-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Robbins-Conjecture.html</loc>
<lastmod>2010-05-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/krauss/</loc>
<lastmod>2010-05-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Regular-Sets.html</loc>
<lastmod>2010-05-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/henrio/</loc>
<lastmod>2010-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Locally-Nameless-Sigma.html</loc>
<lastmod>2010-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lutz/</loc>
<lastmod>2010-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/sudhof/</loc>
<lastmod>2010-04-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Free-Boolean-Algebra.html</loc>
<lastmod>2010-03-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/hrb-slicing/</loc>
<lastmod>2010-03-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/InformationFlowSlicing.html</loc>
<lastmod>2010-03-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/InformationFlowSlicing_Inter.html</loc>
<lastmod>2010-03-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wasserrab/</loc>
<lastmod>2010-03-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/List-Index.html</loc>
<lastmod>2010-02-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Coinductive.html</loc>
<lastmod>2010-02-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DPT-SAT-Solver.html</loc>
<lastmod>2009-12-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/heller/</loc>
<lastmod>2009-12-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Presburger-Automata.html</loc>
<lastmod>2009-12-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/reiter/</loc>
<lastmod>2009-12-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/binomial-heaps/</loc>
<lastmod>2009-11-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Collections.html</loc>
<lastmod>2009-11-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Tree-Automata.html</loc>
<lastmod>2009-11-25T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ijbema/</loc>
<lastmod>2009-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Perfect-Number-Thm.html</loc>
<lastmod>2009-11-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/HRB-Slicing.html</loc>
<lastmod>2009-11-13T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/WorkerWrapper.html</loc>
<lastmod>2009-10-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ordinals_and_Cardinals.html</loc>
<lastmod>2009-09-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/chapman/</loc>
<lastmod>2009-08-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SequentInvertibility.html</loc>
<lastmod>2009-08-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CofGroups.html</loc>
<lastmod>2009-08-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kastermans/</loc>
<lastmod>2009-08-04T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FinFun.html</loc>
<lastmod>2009-05-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Stream-Fusion.html</loc>
<lastmod>2009-04-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BytecodeLogicJmlTypes.html</loc>
<lastmod>2008-12-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/beringer/</loc>
<lastmod>2008-12-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/hofmann/</loc>
<lastmod>2008-12-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SIFPL.html</loc>
<lastmod>2008-11-10T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SenSocialChoice.html</loc>
<lastmod>2008-11-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FunWithTilings.html</loc>
<lastmod>2008-11-07T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Huffman.html</loc>
<lastmod>2008-10-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Slicing.html</loc>
<lastmod>2008-09-16T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/VolpanoSmith.html</loc>
<lastmod>2008-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/snelting/</loc>
<lastmod>2008-09-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ArrowImpossibilityGS.html</loc>
<lastmod>2008-09-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FunWithFunctions.html</loc>
<lastmod>2008-08-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SATSolverVerification.html</loc>
<lastmod>2008-07-23T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nedzelsky/</loc>
<lastmod>2008-04-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Recursion-Theory-I.html</loc>
<lastmod>2008-04-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Simpl.html</loc>
<lastmod>2008-02-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BDD.html</loc>
<lastmod>2008-02-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ortner/</loc>
<lastmod>2008-02-29T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/aehlig/</loc>
<lastmod>2008-02-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/NormByEval.html</loc>
<lastmod>2008-02-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/LinearQuantifierElim.html</loc>
<lastmod>2008-01-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Program-Conflict-Analysis.html</loc>
<lastmod>2007-12-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/olm/</loc>
<lastmod>2007-12-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/JinjaThreads.html</loc>
<lastmod>2007-12-03T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/boehme/</loc>
<lastmod>2007-11-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MuchAdoAboutTwo.html</loc>
<lastmod>2007-11-06T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Fermat3_4.html</loc>
<lastmod>2007-08-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/oosterhuis/</loc>
<lastmod>2007-08-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/SumSquares.html</loc>
<lastmod>2007-08-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Valuation.html</loc>
<lastmod>2007-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/group-ring-module/</loc>
<lastmod>2007-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/kobayashi/</loc>
<lastmod>2007-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FOL-Fitting.html</loc>
<lastmod>2007-08-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/POPLmark-deBruijn.html</loc>
<lastmod>2007-08-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/HotelKeyCards.html</loc>
<lastmod>2006-09-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Abstract-Hoare-Logics.html</loc>
<lastmod>2006-08-08T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/bauer/</loc>
<lastmod>2006-05-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Flyspeck-Tame.html</loc>
<lastmod>2006-05-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/flyspeck-tame/</loc>
<lastmod>2006-05-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/CoreC&#43;&#43;.html</loc>
<lastmod>2006-05-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FeatherweightJava.html</loc>
<lastmod>2006-03-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/fosterj/</loc>
<lastmod>2006-03-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/vytiniotis/</loc>
<lastmod>2006-03-31T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/barsotti/</loc>
<lastmod>2006-03-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/ClockSynchInst.html</loc>
<lastmod>2006-03-15T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Cauchy.html</loc>
<lastmod>2006-03-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/porter/</loc>
<lastmod>2006-03-14T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ordinal.html</loc>
<lastmod>2005-11-11T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FFT.html</loc>
<lastmod>2005-10-12T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/GenClock.html</loc>
<lastmod>2005-06-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/jaskelioff/</loc>
<lastmod>2005-06-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/DiskPaxos.html</loc>
<lastmod>2005-06-22T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/JiveDataStoreModel.html</loc>
<lastmod>2005-06-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/rauch/</loc>
<lastmod>2005-06-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Jinja.html</loc>
<lastmod>2005-06-01T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/lindenberg/</loc>
<lastmod>2005-05-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/RSAPSS.html</loc>
<lastmod>2005-05-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/wirt/</loc>
<lastmod>2005-05-02T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Category.html</loc>
<lastmod>2005-04-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/keefe/</loc>
<lastmod>2005-04-21T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/FileRefinement.html</loc>
<lastmod>2004-12-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/zee/</loc>
<lastmod>2004-12-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Integration.html</loc>
<lastmod>2004-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/richter/</loc>
<lastmod>2004-11-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Verified-Prover.html</loc>
<lastmod>2004-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/ridge/</loc>
<lastmod>2004-09-28T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Completeness.html</loc>
<lastmod>2004-09-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/margetson/</loc>
<lastmod>2004-09-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Ramsey-Infinite.html</loc>
<lastmod>2004-09-20T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Compiling-Exceptions-Correctly.html</loc>
<lastmod>2004-07-09T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Depth-First-Search.html</loc>
<lastmod>2004-06-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/nishihara/</loc>
<lastmod>2004-06-24T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/chen/</loc>
<lastmod>2004-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Group-Ring-Module.html</loc>
<lastmod>2004-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/murao/</loc>
<lastmod>2004-05-18T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/friedrich/</loc>
<lastmod>2004-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Lazy-Lists-II.html</loc>
<lastmod>2004-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/dependencies/lazy-lists-ii/</loc>
<lastmod>2004-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Topology.html</loc>
<lastmod>2004-04-26T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/BinarySearchTree.html</loc>
<lastmod>2004-04-05T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/Functional-Automata.html</loc>
<lastmod>2004-03-30T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/AVL-Trees.html</loc>
<lastmod>2004-03-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/entries/MiniML.html</loc>
<lastmod>2004-03-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/naraschewski/</loc>
<lastmod>2004-03-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/authors/pusch/</loc>
<lastmod>2004-03-19T00:00:00+00:00</lastmod>
</url><url>
<loc>/theories/abortable_linearizable_modules/</loc>
</url><url>
<loc>/about/</loc>
</url><url>
<loc>/theories/abs_int_itp2012/</loc>
</url><url>
<loc>/theories/abstract-hoare-logics/</loc>
</url><url>
<loc>/theories/abstract-rewriting/</loc>
</url><url>
<loc>/theories/abstract_completeness/</loc>
</url><url>
<loc>/theories/abstract_soundness/</loc>
</url><url>
<loc>/theories/ackermanns_not_pr/</loc>
</url><url>
<loc>/theories/actuarial_mathematics/</loc>
</url><url>
<loc>/theories/adaptive_state_counting/</loc>
</url><url>
<loc>/theories/ads_functor/</loc>
</url><url>
<loc>/theories/affine_arithmetic/</loc>
</url><url>
<loc>/theories/aggregation_algebras/</loc>
</url><url>
<loc>/theories/ai_planning_languages_semantics/</loc>
</url><url>
<loc>/theories/akra_bazzi/</loc>
</url><url>
<loc>/theories/algebraic_numbers/</loc>
</url><url>
<loc>/theories/algebraic_vcs/</loc>
</url><url>
<loc>/theories/allen_calculus/</loc>
</url><url>
<loc>/theories/amicable_numbers/</loc>
</url><url>
<loc>/theories/amortized_complexity/</loc>
</url><url>
<loc>/theories/anselmgod/</loc>
</url><url>
<loc>/theories/aodv/</loc>
</url><url>
<loc>/theories/applicative_lifting/</loc>
</url><url>
<loc>/theories/approximation_algorithms/</loc>
</url><url>
<loc>/theories/architectural_design_patterns/</loc>
</url><url>
<loc>/theories/aristotles_assertoric_syllogistic/</loc>
</url><url>
<loc>/theories/arith_prog_rel_primes/</loc>
</url><url>
<loc>/theories/arrowimpossibilitygs/</loc>
</url><url>
<loc>/theories/attack_trees/</loc>
</url><url>
<loc>/theories/auto2_hol/</loc>
</url><url>
<loc>/theories/auto2_imperative_hol/</loc>
</url><url>
<loc>/theories/autofocus-stream/</loc>
</url><url>
<loc>/theories/automated_stateful_protocol_verification/</loc>
</url><url>
<loc>/theories/automatic_refinement/</loc>
</url><url>
<loc>/theories/avl-trees/</loc>
</url><url>
<loc>/theories/awn/</loc>
</url><url>
<loc>/theories/axiomaticcategorytheory/</loc>
</url><url>
<loc>/theories/banach_steinhaus/</loc>
</url><url>
<loc>/theories/bd_security_compositional/</loc>
</url><url>
<loc>/theories/bdd/</loc>
</url><url>
<loc>/theories/belief_revision/</loc>
</url><url>
<loc>/theories/bell_numbers_spivey/</loc>
</url><url>
<loc>/theories/benor_kozen_reif/</loc>
</url><url>
<loc>/theories/berlekamp_zassenhaus/</loc>
</url><url>
<loc>/theories/bernoulli/</loc>
</url><url>
<loc>/theories/bertrands_postulate/</loc>
</url><url>
<loc>/theories/bicategory/</loc>
</url><url>
<loc>/theories/binarysearchtree/</loc>
</url><url>
<loc>/theories/binding_syntax_theory/</loc>
</url><url>
<loc>/theories/binomial-heaps/</loc>
</url><url>
<loc>/theories/binomial-queues/</loc>
</url><url>
<loc>/theories/birdkmp/</loc>
</url><url>
<loc>/theories/blue_eyes/</loc>
</url><url>
<loc>/theories/bnf_cc/</loc>
</url><url>
<loc>/theories/bnf_operations/</loc>
</url><url>
<loc>/theories/bondy/</loc>
</url><url>
<loc>/theories/boolean_expression_checkers/</loc>
</url><url>
<loc>/theories/boolos_curious_inference/</loc>
</url><url>
<loc>/theories/bounded_deducibility_security/</loc>
</url><url>
<loc>/theories/btree/</loc>
</url><url>
<loc>/theories/buchi_complementation/</loc>
</url><url>
<loc>/theories/budan_fourier/</loc>
</url><url>
<loc>/theories/buffons_needle/</loc>
</url><url>
<loc>/theories/buildings/</loc>
</url><url>
<loc>/theories/bytecodelogicjmltypes/</loc>
</url><url>
<loc>/theories/c2ka_distributedsystems/</loc>
</url><url>
<loc>/theories/cakeml/</loc>
</url><url>
<loc>/theories/cakeml_codegen/</loc>
</url><url>
<loc>/theories/call_arity/</loc>
</url><url>
<loc>/theories/card_equiv_relations/</loc>
</url><url>
<loc>/theories/card_multisets/</loc>
</url><url>
<loc>/theories/card_number_partitions/</loc>
</url><url>
<loc>/theories/card_partitions/</loc>
</url><url>
<loc>/theories/cartan_fp/</loc>
</url><url>
<loc>/theories/case_labeling/</loc>
</url><url>
<loc>/theories/catalan_numbers/</loc>
</url><url>
<loc>/theories/category/</loc>
</url><url>
<loc>/theories/category2/</loc>
</url><url>
<loc>/theories/category3/</loc>
</url><url>
<loc>/theories/cauchy/</loc>
</url><url>
<loc>/theories/cava_automata/</loc>
</url><url>
<loc>/theories/cava_base/</loc>
</url><url>
<loc>/theories/cava_ltl_modelchecker/</loc>
</url><url>
<loc>/theories/cava_setup/</loc>
</url><url>
<loc>/theories/cayley_hamilton/</loc>
</url><url>
<loc>/theories/ccs/</loc>
</url><url>
<loc>/theories/certification_monads/</loc>
</url><url>
<loc>/theories/chandy_lamport/</loc>
</url><url>
<loc>/theories/chord_segments/</loc>
</url><url>
<loc>/theories/circus/</loc>
</url><url>
<loc>/theories/cisc-kernel/</loc>
</url><url>
<loc>/theories/clean/</loc>
</url><url>
<loc>/theories/clique_and_monotone_circuits/</loc>
</url><url>
<loc>/theories/clocksynchinst/</loc>
</url><url>
<loc>/theories/closest_pair_points/</loc>
</url><url>
<loc>/theories/cocon/</loc>
</url><url>
<loc>/theories/cofgroups/</loc>
</url><url>
<loc>/theories/coinductive/</loc>
</url><url>
<loc>/theories/coinductive_languages/</loc>
</url><url>
<loc>/theories/collections/</loc>
</url><url>
<loc>/theories/collections_examples/</loc>
</url><url>
<loc>/theories/combinable_wands/</loc>
</url><url>
<loc>/theories/combinatorics_words/</loc>
</url><url>
<loc>/theories/combinatorics_words_graph_lemma/</loc>
</url><url>
<loc>/theories/combinatorics_words_lyndon/</loc>
</url><url>
<loc>/theories/commuting_hermitian/</loc>
</url><url>
<loc>/theories/comparison_sort_lower_bound/</loc>
</url><url>
<loc>/theories/compiling-exceptions-correctly/</loc>
</url><url>
<loc>/theories/complete_non_orders/</loc>
</url><url>
<loc>/theories/completeness/</loc>
</url><url>
<loc>/theories/complex_bounded_operators/</loc>
</url><url>
<loc>/theories/complex_geometry/</loc>
</url><url>
<loc>/theories/complx/</loc>
</url><url>
<loc>/theories/componentdependencies/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/approximation/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/concurrent/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/distributed/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/geometry/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/graph/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/mathematical/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/online/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/optimization/</loc>
</url><url>
<loc>/topics/computer-science/algorithms/quantum-computing/</loc>
</url><url>
<loc>/topics/computer-science/artificial-intelligence/</loc>
</url><url>
<loc>/topics/computer-science/automata-and-formal-languages/</loc>
</url><url>
<loc>/topics/computer-science/concurrency/</loc>
</url><url>
<loc>/topics/computer-science/concurrency/process-calculi/</loc>
</url><url>
<loc>/topics/computer-science/data-management-systems/</loc>
</url><url>
<loc>/topics/computer-science/data-structures/</loc>
</url><url>
<loc>/topics/computer-science/functional-programming/</loc>
</url><url>
<loc>/topics/computer-science/hardware/</loc>
</url><url>
<loc>/topics/computer-science/machine-learning/</loc>
</url><url>
<loc>/topics/computer-science/networks/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/compiling/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/lambda-calculi/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/language-definitions/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/logics/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/misc/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/static-analysis/</loc>
</url><url>
<loc>/topics/computer-science/programming-languages/type-systems/</loc>
</url><url>
<loc>/topics/computer-science/security/</loc>
</url><url>
<loc>/topics/computer-science/security/cryptography/</loc>
</url><url>
<loc>/topics/computer-science/semantics-and-reasoning/</loc>
</url><url>
<loc>/topics/computer-science/system-description-languages/</loc>
</url><url>
<loc>/theories/concurrent_ref_alg/</loc>
</url><url>
<loc>/theories/concurrent_revisions/</loc>
</url><url>
<loc>/theories/concurrentgc/</loc>
</url><url>
<loc>/theories/concurrentimp/</loc>
</url><url>
<loc>/theories/conditional_simplification/</loc>
</url><url>
<loc>/theories/conditional_transfer_rule/</loc>
</url><url>
<loc>/theories/consensus_refined/</loc>
</url><url>
<loc>/theories/constructive_cryptography/</loc>
</url><url>
<loc>/theories/constructive_cryptography_cm/</loc>
</url><url>
<loc>/theories/constructor_funs/</loc>
</url><url>
<loc>/theories/containers/</loc>
</url><url>
<loc>/theories/containers-benchmarks/</loc>
</url><url>
<loc>/theories/core_dom/</loc>
</url><url>
<loc>/theories/core_sc_dom/</loc>
</url><url>
<loc>/theories/corec&#43;&#43;/</loc>
</url><url>
<loc>/theories/correctness_algebras/</loc>
</url><url>
<loc>/theories/cosmed/</loc>
</url><url>
<loc>/theories/cosmedis/</loc>
</url><url>
<loc>/theories/cotangent_pfd_formula/</loc>
</url><url>
<loc>/theories/count_complex_roots/</loc>
</url><url>
<loc>/theories/crdt/</loc>
</url><url>
<loc>/theories/crypthol/</loc>
</url><url>
<loc>/theories/cryptobasedcompositionalproperties/</loc>
</url><url>
<loc>/theories/crystals-kyber/</loc>
</url><url>
<loc>/theories/csp_reftk/</loc>
</url><url>
<loc>/theories/cubic_quartic_equations/</loc>
</url><url>
<loc>/theories/cyk/</loc>
</url><url>
<loc>/theories/czh_elementary_categories/</loc>
</url><url>
<loc>/theories/czh_foundations/</loc>
</url><url>
<loc>/theories/czh_universal_constructions/</loc>
</url><url>
<loc>/theories/datarefinementibp/</loc>
</url><url>
<loc>/theories/datatype_order_generator/</loc>
</url><url>
<loc>/theories/decl_sem_fun_pl/</loc>
</url><url>
<loc>/theories/decreasing-diagrams/</loc>
</url><url>
<loc>/theories/decreasing-diagrams-ii/</loc>
</url><url>
<loc>/theories/dedekind_real/</loc>
</url><url>
<loc>/theories/deep_learning/</loc>
</url><url>
<loc>/theories/delta_system_lemma/</loc>
</url><url>
<loc>/theories/density_compiler/</loc>
</url><url>
<loc>/theories/dependent_sifum_refinement/</loc>
</url><url>
<loc>/theories/dependent_sifum_type_systems/</loc>
</url><url>
<loc>/theories/depth-first-search/</loc>
</url><url>
<loc>/theories/derangements/</loc>
</url><url>
<loc>/theories/deriving/</loc>
</url><url>
<loc>/theories/descartes_sign_rule/</loc>
</url><url>
<loc>/theories/design_theory/</loc>
</url><url>
<loc>/theories/dfs_framework/</loc>
</url><url>
<loc>/theories/dict_construction/</loc>
</url><url>
<loc>/theories/differential_dynamic_logic/</loc>
</url><url>
<loc>/theories/differential_game_logic/</loc>
</url><url>
<loc>/theories/digit_expansions/</loc>
</url><url>
<loc>/theories/dijkstra_shortest_path/</loc>
</url><url>
<loc>/theories/diophantine_eqns_lin_hom/</loc>
</url><url>
<loc>/theories/dirichlet_l/</loc>
</url><url>
<loc>/theories/dirichlet_series/</loc>
</url><url>
<loc>/theories/discrete_summation/</loc>
</url><url>
<loc>/theories/discretepricing/</loc>
</url><url>
<loc>/theories/diskpaxos/</loc>
</url><url>
<loc>/theories/dom_components/</loc>
</url><url>
<loc>/theories/dominance_chk/</loc>
</url><url>
<loc>/download/</loc>
</url><url>
<loc>/theories/dprm_theorem/</loc>
</url><url>
<loc>/theories/dpt-sat-solver/</loc>
</url><url>
<loc>/theories/dynamic_tables/</loc>
</url><url>
<loc>/theories/dynamicarchitectures/</loc>
</url><url>
<loc>/theories/e_transcendental/</loc>
</url><url>
<loc>/theories/echelon_form/</loc>
</url><url>
<loc>/theories/edmondskarp_maxflow/</loc>
</url><url>
<loc>/theories/efficient-mergesort/</loc>
</url><url>
<loc>/theories/elliptic_curves_group_law/</loc>
</url><url>
<loc>/theories/encodability_process_calculi/</loc>
</url><url>
<loc>/submission/</loc>
</url><url>
<loc>/theories/epistemic_logic/</loc>
</url><url>
<loc>/theories/equivalence_relation_enumeration/</loc>
</url><url>
<loc>/theories/ergodic_theory/</loc>
</url><url>
<loc>/theories/error_function/</loc>
</url><url>
<loc>/theories/euler_maclaurin/</loc>
</url><url>
<loc>/theories/euler_partition/</loc>
</url><url>
<loc>/theories/eval_fo/</loc>
</url><url>
<loc>/theories/extended_finite_state_machine_inference/</loc>
</url><url>
<loc>/theories/extended_finite_state_machines/</loc>
</url><url>
<loc>/theories/factor_algebraic_polynomial/</loc>
</url><url>
<loc>/theories/factored_transition_system_bounding/</loc>
</url><url>
<loc>/theories/falling_factorial_sum/</loc>
</url><url>
<loc>/theories/farkas/</loc>
</url><url>
<loc>/theories/featherweight_ocl/</loc>
</url><url>
<loc>/theories/featherweightjava/</loc>
</url><url>
<loc>/theories/fermat3_4/</loc>
</url><url>
<loc>/theories/fft/</loc>
</url><url>
<loc>/theories/filerefinement/</loc>
</url><url>
<loc>/theories/finfun/</loc>
</url><url>
<loc>/theories/finger-trees/</loc>
</url><url>
<loc>/theories/finite-map-extras/</loc>
</url><url>
<loc>/theories/finite_automata_hf/</loc>
</url><url>
<loc>/theories/finite_fields/</loc>
</url><url>
<loc>/theories/finitely_generated_abelian_groups/</loc>
</url><url>
<loc>/theories/first_order_terms/</loc>
</url><url>
<loc>/theories/first_welfare_theorem/</loc>
</url><url>
<loc>/theories/fishburn_impossibility/</loc>
</url><url>
<loc>/theories/fisher_yates/</loc>
</url><url>
<loc>/theories/fishers_inequality/</loc>
</url><url>
<loc>/theories/flow_networks/</loc>
</url><url>
<loc>/theories/floyd_warshall/</loc>
</url><url>
<loc>/theories/flp/</loc>
</url><url>
<loc>/theories/flyspeck-tame/</loc>
</url><url>
<loc>/theories/flyspeck-tame-computation/</loc>
</url><url>
<loc>/theories/fo_theory_rewriting/</loc>
</url><url>
<loc>/theories/focusstreamscasestudies/</loc>
</url><url>
<loc>/theories/fol-fitting/</loc>
</url><url>
<loc>/theories/fol_axiomatic/</loc>
</url><url>
<loc>/theories/fol_harrison/</loc>
</url><url>
<loc>/theories/fol_seq_calc1/</loc>
</url><url>
<loc>/theories/fol_seq_calc2/</loc>
</url><url>
<loc>/theories/fol_seq_calc3/</loc>
</url><url>
<loc>/theories/forcing/</loc>
</url><url>
<loc>/theories/formal_puiseux_series/</loc>
</url><url>
<loc>/theories/formal_ssa/</loc>
</url><url>
<loc>/theories/formula_derivatives/</loc>
</url><url>
<loc>/theories/formula_derivatives-examples/</loc>
</url><url>
<loc>/theories/foundation_of_geometry/</loc>
</url><url>
<loc>/theories/fourier/</loc>
</url><url>
<loc>/theories/free-boolean-algebra/</loc>
</url><url>
<loc>/theories/free-groups/</loc>
</url><url>
<loc>/theories/frequency_moments/</loc>
</url><url>
<loc>/theories/fresh_identifiers/</loc>
</url><url>
<loc>/theories/fsm_tests/</loc>
</url><url>
<loc>/theories/functional-automata/</loc>
</url><url>
<loc>/theories/functional_ordered_resolution_prover/</loc>
</url><url>
<loc>/theories/funwithfunctions/</loc>
</url><url>
<loc>/theories/funwithtilings/</loc>
</url><url>
<loc>/theories/furstenberg_topology/</loc>
</url><url>
<loc>/theories/gabow_scc/</loc>
</url><url>
<loc>/theories/gale_shapley/</loc>
</url><url>
<loc>/theories/galestewart_games/</loc>
</url><url>
<loc>/theories/game_based_crypto/</loc>
</url><url>
<loc>/theories/gauss-jordan-elim-fun/</loc>
</url><url>
<loc>/theories/gauss_jordan/</loc>
</url><url>
<loc>/theories/gauss_sums/</loc>
</url><url>
<loc>/theories/gaussian_integers/</loc>
</url><url>
<loc>/theories/genclock/</loc>
</url><url>
<loc>/theories/general-triangle/</loc>
</url><url>
<loc>/theories/generalized_counting_sort/</loc>
</url><url>
<loc>/theories/generic_deriving/</loc>
</url><url>
<loc>/theories/generic_join/</loc>
</url><url>
<loc>/theories/gewirthpgcproof/</loc>
</url><url>
<loc>/theories/girth_chromatic/</loc>
</url><url>
<loc>/theories/goedel_hfset_semantic/</loc>
</url><url>
<loc>/theories/goedel_hfset_semanticless/</loc>
</url><url>
<loc>/theories/goedel_incompleteness/</loc>
</url><url>
<loc>/theories/goedelgod/</loc>
</url><url>
<loc>/theories/goodstein_lambda/</loc>
</url><url>
<loc>/theories/gpu_kernel_pl/</loc>
</url><url>
<loc>/theories/graph_saturation/</loc>
</url><url>
<loc>/theories/graph_theory/</loc>
</url><url>
<loc>/theories/graphmarkingibp/</loc>
</url><url>
<loc>/theories/green/</loc>
</url><url>
<loc>/theories/groebner_bases/</loc>
</url><url>
<loc>/theories/groebner_macaulay/</loc>
</url><url>
<loc>/theories/gromov_hyperbolicity/</loc>
</url><url>
<loc>/theories/grothendieck_schemes/</loc>
</url><url>
<loc>/theories/group-ring-module/</loc>
</url><url>
<loc>/theories/hahn_jordan_decomposition/</loc>
</url><url>
<loc>/theories/hales_jewett/</loc>
</url><url>
<loc>/theories/heard_of/</loc>
</url><url>
<loc>/theories/hello_world/</loc>
</url><url>
<loc>/help/</loc>
</url><url>
<loc>/theories/hereditarilyfinite/</loc>
</url><url>
<loc>/theories/hermite/</loc>
</url><url>
<loc>/theories/hermite_lindemann/</loc>
</url><url>
<loc>/theories/hidden_markov_models/</loc>
</url><url>
<loc>/theories/higher_order_terms/</loc>
</url><url>
<loc>/theories/hoare_time/</loc>
</url><url>
<loc>/theories/hol-csp/</loc>
</url><url>
<loc>/theories/hol-ode-arch-comp/</loc>
</url><url>
<loc>/theories/hol-ode-examples/</loc>
</url><url>
<loc>/theories/hol-ode-numerics/</loc>
</url><url>
<loc>/theories/holcf-prelude/</loc>
</url><url>
<loc>/theories/hood_melville_queue/</loc>
</url><url>
<loc>/theories/hotelkeycards/</loc>
</url><url>
<loc>/theories/hrb-slicing/</loc>
</url><url>
<loc>/theories/huffman/</loc>
</url><url>
<loc>/theories/hybrid_logic/</loc>
</url><url>
<loc>/theories/hybrid_multi_lane_spatial_logic/</loc>
</url><url>
<loc>/theories/hybrid_systems_vcs/</loc>
</url><url>
<loc>/theories/hyperctl/</loc>
</url><url>
<loc>/theories/hyperdual/</loc>
</url><url>
<loc>/theories/ieee_floating_point/</loc>
</url><url>
<loc>/theories/ifc_tracking/</loc>
</url><url>
<loc>/theories/imap-crdt/</loc>
</url><url>
<loc>/theories/imo2019/</loc>
</url><url>
<loc>/theories/imp2/</loc>
</url><url>
<loc>/theories/imp2_binary_heap/</loc>
</url><url>
<loc>/theories/imp_compiler/</loc>
</url><url>
<loc>/theories/imp_compiler_reuse/</loc>
</url><url>
<loc>/theories/imperative_insertion_sort/</loc>
</url><url>
<loc>/theories/implicational_logic/</loc>
</url><url>
<loc>/theories/impossible_geometry/</loc>
</url><url>
<loc>/theories/incompleteness/</loc>
</url><url>
<loc>/theories/incredible_proof_machine/</loc>
</url><url>
<loc>/theories/independence_ch/</loc>
</url><url>
<loc>/theories/inductive_confidentiality/</loc>
</url><url>
<loc>/theories/inductive_inference/</loc>
</url><url>
<loc>/theories/informationflowslicing/</loc>
</url><url>
<loc>/theories/informationflowslicing_inter/</loc>
</url><url>
<loc>/theories/infpathelimination/</loc>
</url><url>
<loc>/theories/integration/</loc>
</url><url>
<loc>/theories/interpolation_polynomials_hol_algebra/</loc>
</url><url>
<loc>/theories/interpreter_optimizations/</loc>
</url><url>
<loc>/theories/interval_arithmetic_word32/</loc>
</url><url>
<loc>/theories/intro_dest_elim/</loc>
</url><url>
<loc>/theories/involutions2squares/</loc>
</url><url>
<loc>/theories/ip_addresses/</loc>
</url><url>
<loc>/theories/iptables_semantics/</loc>
</url><url>
<loc>/theories/iptables_semantics_examples/</loc>
</url><url>
<loc>/theories/iptables_semantics_examples_big/</loc>
</url><url>
<loc>/theories/irrational_series_erdos_straus/</loc>
</url><url>
<loc>/theories/irrationality_j_hancl/</loc>
</url><url>
<loc>/theories/irrationals_from_thebook/</loc>
</url><url>
<loc>/theories/isabelle_c/</loc>
</url><url>
<loc>/theories/isabelle_marries_dirac/</loc>
</url><url>
<loc>/theories/isabelle_meta_model/</loc>
</url><url>
<loc>/theories/isageocoq/</loc>
</url><url>
<loc>/theories/isanet/</loc>
</url><url>
<loc>/theories/jacobson_basic_algebra/</loc>
</url><url>
<loc>/theories/jinja/</loc>
</url><url>
<loc>/theories/jinjadci/</loc>
</url><url>
<loc>/theories/jinjathreads/</loc>
</url><url>
<loc>/theories/jivedatastoremodel/</loc>
</url><url>
<loc>/theories/jordan_hoelder/</loc>
</url><url>
<loc>/theories/jordan_normal_form/</loc>
</url><url>
<loc>/theories/kad/</loc>
</url><url>
<loc>/theories/kat_and_dra/</loc>
</url><url>
<loc>/theories/kbps/</loc>
</url><url>
<loc>/theories/kd_tree/</loc>
</url><url>
<loc>/theories/key_agreement_strong_adversaries/</loc>
</url><url>
<loc>/theories/khovanskii_theorem/</loc>
</url><url>
<loc>/theories/kleene_algebra/</loc>
</url><url>
<loc>/theories/knights_tour/</loc>
</url><url>
<loc>/theories/knot_theory/</loc>
</url><url>
<loc>/theories/knuth_bendix_order/</loc>
</url><url>
<loc>/theories/knuth_morris_pratt/</loc>
</url><url>
<loc>/theories/koenigsberg_friendship/</loc>
</url><url>
<loc>/theories/kruskal/</loc>
</url><url>
<loc>/theories/kuratowski_closure_complement/</loc>
</url><url>
<loc>/theories/lam-ml-normalization/</loc>
</url><url>
<loc>/theories/lambda_free_epo/</loc>
</url><url>
<loc>/theories/lambda_free_kbos/</loc>
</url><url>
<loc>/theories/lambda_free_rpos/</loc>
</url><url>
<loc>/theories/lambdaauth/</loc>
</url><url>
<loc>/theories/lambdamu/</loc>
</url><url>
<loc>/theories/lambert_w/</loc>
</url><url>
<loc>/theories/landau_symbols/</loc>
</url><url>
<loc>/theories/laplace_transform/</loc>
</url><url>
<loc>/theories/latin_square/</loc>
</url><url>
<loc>/theories/latticeproperties/</loc>
</url><url>
<loc>/theories/launchbury/</loc>
</url><url>
<loc>/theories/laws_of_large_numbers/</loc>
</url><url>
<loc>/theories/lazy-lists-ii/</loc>
</url><url>
<loc>/theories/lazy_case/</loc>
</url><url>
<loc>/theories/lehmer/</loc>
</url><url>
<loc>/theories/lem/</loc>
</url><url>
<loc>/theories/lifting_definition_option/</loc>
</url><url>
<loc>/theories/lifting_the_exponent/</loc>
</url><url>
<loc>/theories/lightweightjava/</loc>
</url><url>
<loc>/theories/linear_inequalities/</loc>
</url><url>
<loc>/theories/linear_programming/</loc>
</url><url>
<loc>/theories/linear_recurrences/</loc>
</url><url>
<loc>/theories/linear_recurrences_solver/</loc>
</url><url>
<loc>/theories/linearquantifierelim/</loc>
</url><url>
<loc>/theories/liouville_numbers/</loc>
</url><url>
<loc>/theories/list-index/</loc>
</url><url>
<loc>/theories/list-infinite/</loc>
</url><url>
<loc>/theories/list_interleaving/</loc>
</url><url>
<loc>/theories/list_inversions/</loc>
</url><url>
<loc>/theories/list_update/</loc>
</url><url>
<loc>/theories/lll_basis_reduction/</loc>
</url><url>
<loc>/theories/lll_factorization/</loc>
</url><url>
<loc>/theories/localization_ring/</loc>
</url><url>
<loc>/theories/locallexing/</loc>
</url><url>
<loc>/theories/locally-nameless-sigma/</loc>
</url><url>
<loc>/theories/loft/</loc>
</url><url>
<loc>/theories/logging_independent_anonymity/</loc>
</url><url>
<loc>/topics/logic/computability/</loc>
</url><url>
<loc>/topics/logic/general-logic/</loc>
</url><url>
<loc>/topics/logic/general-logic/classical-first-order-logic/</loc>
</url><url>
<loc>/topics/logic/general-logic/classical-propositional-logic/</loc>
</url><url>
<loc>/topics/logic/general-logic/decidability-of-theories/</loc>
</url><url>
<loc>/topics/logic/general-logic/logics-of-knowledge-and-belief/</loc>
</url><url>
<loc>/topics/logic/general-logic/mechanization-of-proofs/</loc>
</url><url>
<loc>/topics/logic/general-logic/modal-logic/</loc>
</url><url>
<loc>/topics/logic/general-logic/paraconsistent-logics/</loc>
</url><url>
<loc>/topics/logic/general-logic/temporal-logic/</loc>
</url><url>
<loc>/topics/logic/philosophical-aspects/</loc>
</url><url>
<loc>/topics/logic/proof-theory/</loc>
</url><url>
<loc>/topics/logic/rewriting/</loc>
</url><url>
<loc>/topics/logic/set-theory/</loc>
</url><url>
<loc>/theories/lorenz_approximation/</loc>
</url><url>
<loc>/theories/lorenz_c0/</loc>
</url><url>
<loc>/theories/lorenz_c1/</loc>
</url><url>
<loc>/theories/lowe_ontological_argument/</loc>
</url><url>
<loc>/theories/lower_semicontinuous/</loc>
</url><url>
<loc>/theories/lp/</loc>
</url><url>
<loc>/theories/lp_duality/</loc>
</url><url>
<loc>/theories/ltl/</loc>
</url><url>
<loc>/theories/ltl_master_theorem/</loc>
</url><url>
<loc>/theories/ltl_normal_form/</loc>
</url><url>
<loc>/theories/ltl_to_dra/</loc>
</url><url>
<loc>/theories/ltl_to_gba/</loc>
</url><url>
<loc>/theories/lucas_theorem/</loc>
</url><url>
<loc>/theories/markov_models/</loc>
</url><url>
<loc>/theories/marriage/</loc>
</url><url>
<loc>/theories/mason_stothers/</loc>
</url><url>
<loc>/topics/mathematics/algebra/</loc>
</url><url>
<loc>/topics/mathematics/analysis/</loc>
</url><url>
<loc>/topics/mathematics/category-theory/</loc>
</url><url>
<loc>/topics/mathematics/combinatorics/</loc>
</url><url>
<loc>/topics/mathematics/games-and-economics/</loc>
</url><url>
<loc>/topics/mathematics/geometry/</loc>
</url><url>
<loc>/topics/mathematics/graph-theory/</loc>
</url><url>
<loc>/topics/mathematics/measure-and-integration/</loc>
</url><url>
<loc>/topics/mathematics/misc/</loc>
</url><url>
<loc>/topics/mathematics/number-theory/</loc>
</url><url>
<loc>/topics/mathematics/order/</loc>
</url><url>
<loc>/topics/mathematics/physics/</loc>
</url><url>
<loc>/topics/mathematics/physics/quantum-information/</loc>
</url><url>
<loc>/topics/mathematics/probability-theory/</loc>
</url><url>
<loc>/topics/mathematics/topology/</loc>
</url><url>
<loc>/theories/matrices_for_odes/</loc>
</url><url>
<loc>/theories/matrix/</loc>
</url><url>
<loc>/theories/matrix_tensor/</loc>
</url><url>
<loc>/theories/matroids/</loc>
</url><url>
<loc>/theories/max-card-matching/</loc>
</url><url>
<loc>/theories/maximum_segment_sum/</loc>
</url><url>
<loc>/theories/mdp-algorithms/</loc>
</url><url>
<loc>/theories/mdp-rewards/</loc>
</url><url>
<loc>/theories/median_method/</loc>
</url><url>
<loc>/theories/median_of_medians_selection/</loc>
</url><url>
<loc>/theories/menger/</loc>
</url><url>
<loc>/theories/mereology/</loc>
</url><url>
<loc>/theories/mersenne_primes/</loc>
</url><url>
<loc>/theories/metalogic_proofchecker/</loc>
</url><url>
<loc>/theories/mfmc_countable/</loc>
</url><url>
<loc>/theories/mfodl_monitor_optimized/</loc>
</url><url>
<loc>/theories/mfotl_monitor/</loc>
</url><url>
<loc>/theories/minimal_ssa/</loc>
</url><url>
<loc>/theories/miniml/</loc>
</url><url>
<loc>/theories/minisail/</loc>
</url><url>
<loc>/theories/minkowskis_theorem/</loc>
</url><url>
<loc>/theories/minsky_machines/</loc>
</url><url>
<loc>/theories/modal_logics_for_nts/</loc>
</url><url>
<loc>/theories/modular_arithmetic_lll_and_hnf_algorithms/</loc>
</url><url>
<loc>/theories/modular_assembly_kit_security/</loc>
</url><url>
<loc>/theories/monad_memo_dp/</loc>
</url><url>
<loc>/theories/monad_normalisation/</loc>
</url><url>
<loc>/theories/monobooltranalgebra/</loc>
</url><url>
<loc>/theories/monoidalcategory/</loc>
</url><url>
<loc>/theories/monomorphic_monad/</loc>
</url><url>
<loc>/theories/mso_regex_equivalence/</loc>
</url><url>
<loc>/theories/muchadoabouttwo/</loc>
</url><url>
<loc>/theories/multi_party_computation/</loc>
</url><url>
<loc>/theories/multirelations/</loc>
</url><url>
<loc>/theories/multiset_ordering_npc/</loc>
</url><url>
<loc>/theories/myhill-nerode/</loc>
</url><url>
<loc>/theories/name_carrying_type_inference/</loc>
</url><url>
<loc>/theories/nano_json/</loc>
</url><url>
<loc>/theories/nash_williams/</loc>
</url><url>
<loc>/theories/nat-interval-logic/</loc>
</url><url>
<loc>/theories/native_word/</loc>
</url><url>
<loc>/theories/nested_multisets_ordinals/</loc>
</url><url>
<loc>/theories/network_security_policy_verification/</loc>
</url><url>
<loc>/theories/neumann_morgenstern_utility/</loc>
</url><url>
<loc>/theories/no_ftl_observers/</loc>
</url><url>
<loc>/theories/nominal2/</loc>
</url><url>
<loc>/theories/noninterference_concurrent_composition/</loc>
</url><url>
<loc>/theories/noninterference_csp/</loc>
</url><url>
<loc>/theories/noninterference_generic_unwinding/</loc>
</url><url>
<loc>/theories/noninterference_inductive_unwinding/</loc>
</url><url>
<loc>/theories/noninterference_ipurge_unwinding/</loc>
</url><url>
<loc>/theories/noninterference_sequential_composition/</loc>
</url><url>
<loc>/theories/normbyeval/</loc>
</url><url>
<loc>/theories/nullstellensatz/</loc>
</url><url>
<loc>/theories/number_theoretic_transform/</loc>
</url><url>
<loc>/theories/octonions/</loc>
</url><url>
<loc>/theories/old_datatype_show/</loc>
</url><url>
<loc>/theories/open_induction/</loc>
</url><url>
<loc>/theories/opsets/</loc>
</url><url>
<loc>/theories/optics/</loc>
</url><url>
<loc>/theories/optimal_bst/</loc>
</url><url>
<loc>/theories/orbit_stabiliser/</loc>
</url><url>
<loc>/theories/order_lattice_props/</loc>
</url><url>
<loc>/theories/ordered_resolution_prover/</loc>
</url><url>
<loc>/theories/ordinal/</loc>
</url><url>
<loc>/theories/ordinal_partitions/</loc>
</url><url>
<loc>/theories/ordinals_and_cardinals/</loc>
</url><url>
<loc>/theories/ordinary_differential_equations/</loc>
</url><url>
<loc>/theories/pac_checker/</loc>
</url><url>
<loc>/theories/package_logic/</loc>
</url><url>
<loc>/theories/padic_field/</loc>
</url><url>
<loc>/theories/padic_ints/</loc>
</url><url>
<loc>/theories/pairing_heap/</loc>
</url><url>
<loc>/theories/pal/</loc>
</url><url>
<loc>/theories/paraconsistency/</loc>
</url><url>
<loc>/theories/parity_game/</loc>
</url><url>
<loc>/theories/partial_function_mr/</loc>
</url><url>
<loc>/theories/partial_order_reduction/</loc>
</url><url>
<loc>/theories/password_authentication_protocol/</loc>
</url><url>
<loc>/theories/pcf/</loc>
</url><url>
<loc>/theories/pell/</loc>
</url><url>
<loc>/theories/perfect-number-thm/</loc>
</url><url>
<loc>/theories/perron_frobenius/</loc>
</url><url>
<loc>/theories/pgcl/</loc>
</url><url>
<loc>/theories/physical_quantities/</loc>
</url><url>
<loc>/theories/pi_calculus/</loc>
</url><url>
<loc>/theories/pi_transcendental/</loc>
</url><url>
<loc>/theories/planarity_certificates/</loc>
</url><url>
<loc>/theories/plm/</loc>
</url><url>
<loc>/theories/pluennecke_ruzsa_inequality/</loc>
</url><url>
<loc>/theories/poincare_bendixson/</loc>
</url><url>
<loc>/theories/poincare_disc/</loc>
</url><url>
<loc>/theories/polynomial_factorization/</loc>
</url><url>
<loc>/theories/polynomial_interpolation/</loc>
</url><url>
<loc>/theories/polynomials/</loc>
</url><url>
<loc>/theories/pop_refinement/</loc>
</url><url>
<loc>/theories/poplmark-debruijn/</loc>
</url><url>
<loc>/theories/posix-lexing/</loc>
</url><url>
<loc>/theories/possibilistic_noninterference/</loc>
</url><url>
<loc>/theories/power_sum_polynomials/</loc>
</url><url>
<loc>/theories/pratt_certificate/</loc>
</url><url>
<loc>/theories/prefix_free_code_combinators/</loc>
</url><url>
<loc>/theories/presburger-automata/</loc>
</url><url>
<loc>/theories/prim_dijkstra_simple/</loc>
</url><url>
<loc>/theories/prime_distribution_elementary/</loc>
</url><url>
<loc>/theories/prime_harmonic_series/</loc>
</url><url>
<loc>/theories/prime_number_theorem/</loc>
</url><url>
<loc>/theories/priority_queue_braun/</loc>
</url><url>
<loc>/theories/priority_search_trees/</loc>
</url><url>
<loc>/theories/probabilistic_noninterference/</loc>
</url><url>
<loc>/theories/probabilistic_prime_tests/</loc>
</url><url>
<loc>/theories/probabilistic_system_zoo/</loc>
</url><url>
<loc>/theories/probabilistic_timed_automata/</loc>
</url><url>
<loc>/theories/probabilistic_while/</loc>
</url><url>
<loc>/theories/program-conflict-analysis/</loc>
</url><url>
<loc>/theories/progress_tracking/</loc>
</url><url>
<loc>/theories/projective_geometry/</loc>
</url><url>
<loc>/theories/projective_measurements/</loc>
</url><url>
<loc>/theories/promela/</loc>
</url><url>
<loc>/theories/proof_strategy_language/</loc>
</url><url>
<loc>/theories/propositional_proof_systems/</loc>
</url><url>
<loc>/theories/proprespi/</loc>
</url><url>
<loc>/theories/prpu_maxflow/</loc>
</url><url>
<loc>/theories/psemigroupsconvolution/</loc>
</url><url>
<loc>/theories/pseudohoops/</loc>
</url><url>
<loc>/theories/psi_calculi/</loc>
</url><url>
<loc>/theories/ptolemys_theorem/</loc>
</url><url>
<loc>/theories/public_announcement_logic/</loc>
</url><url>
<loc>/theories/qhlprover/</loc>
</url><url>
<loc>/theories/qr_decomposition/</loc>
</url><url>
<loc>/theories/quantales/</loc>
</url><url>
<loc>/theories/quasi_borel_spaces/</loc>
</url><url>
<loc>/theories/quaternions/</loc>
</url><url>
+ <loc>/theories/query_optimization/</loc>
+ </url><url>
<loc>/theories/quick_sort_cost/</loc>
</url><url>
<loc>/theories/ramsey-infinite/</loc>
</url><url>
<loc>/theories/random_bsts/</loc>
</url><url>
<loc>/theories/random_graph_subgraph_threshold/</loc>
</url><url>
<loc>/theories/randomised_bsts/</loc>
</url><url>
<loc>/theories/randomised_social_choice/</loc>
</url><url>
<loc>/theories/rank_nullity_theorem/</loc>
</url><url>
<loc>/theories/real_impl/</loc>
</url><url>
<loc>/theories/real_power/</loc>
</url><url>
<loc>/theories/real_time_deque/</loc>
</url><url>
<loc>/theories/recursion-addition/</loc>
</url><url>
<loc>/theories/recursion-theory-i/</loc>
</url><url>
<loc>/theories/refine_imperative_hol/</loc>
</url><url>
<loc>/theories/refine_monadic/</loc>
</url><url>
<loc>/theories/refinementreactive/</loc>
</url><url>
<loc>/theories/regex_equivalence/</loc>
</url><url>
<loc>/theories/registers/</loc>
</url><url>
<loc>/theories/regression_test_selection/</loc>
</url><url>
<loc>/theories/regular-sets/</loc>
</url><url>
<loc>/theories/regular_algebras/</loc>
</url><url>
<loc>/theories/regular_tree_relations/</loc>
</url><url>
<loc>/theories/relation_algebra/</loc>
</url><url>
<loc>/theories/relational-incorrectness-logic/</loc>
</url><url>
<loc>/theories/relational_disjoint_set_forests/</loc>
</url><url>
<loc>/theories/relational_forests/</loc>
</url><url>
<loc>/theories/relational_method/</loc>
</url><url>
<loc>/theories/relational_minimum_spanning_trees/</loc>
</url><url>
<loc>/theories/relational_paths/</loc>
</url><url>
<loc>/theories/rep_fin_groups/</loc>
</url><url>
<loc>/theories/residuated_lattices/</loc>
</url><url>
<loc>/theories/residuatedtransitionsystem/</loc>
</url><url>
<loc>/theories/resolution_fol/</loc>
</url><url>
<loc>/theories/rewrite_properties_reduction/</loc>
</url><url>
<loc>/theories/rewriting_z/</loc>
</url><url>
<loc>/theories/ribbon_proofs/</loc>
</url><url>
<loc>/theories/ripemd-160-spark/</loc>
</url><url>
<loc>/theories/risk_free_lending/</loc>
</url><url>
<loc>/theories/robbins-conjecture/</loc>
</url><url>
<loc>/theories/robdd/</loc>
</url><url>
<loc>/theories/robinson_arithmetic/</loc>
</url><url>
<loc>/theories/root_balanced_tree/</loc>
</url><url>
<loc>/theories/roth_arithmetic_progressions/</loc>
</url><url>
<loc>/theories/routing/</loc>
</url><url>
<loc>/theories/roy_floyd_warshall/</loc>
</url><url>
<loc>/theories/rsapss/</loc>
</url><url>
<loc>/theories/safe_distance/</loc>
</url><url>
<loc>/theories/safe_ocl/</loc>
</url><url>
<loc>/theories/safe_range_rc/</loc>
</url><url>
<loc>/theories/satsolververification/</loc>
</url><url>
<loc>/theories/saturation_framework/</loc>
</url><url>
<loc>/theories/saturation_framework_extensions/</loc>
</url><url>
<loc>/theories/sc_dom_components/</loc>
</url><url>
<loc>/theories/scc_bloemen_sequential/</loc>
</url><url>
<loc>/theories/schutz_spacetime/</loc>
</url><url>
<loc>/theories/sds_impossibility/</loc>
</url><url>
<loc>/search/</loc>
<priority>0.1</priority>
</url><url>
<loc>/theories/secondary_sylow/</loc>
</url><url>
<loc>/theories/security_protocol_refinement/</loc>
</url><url>
<loc>/theories/selection_heap_sort/</loc>
</url><url>
<loc>/theories/sensocialchoice/</loc>
</url><url>
<loc>/theories/separata/</loc>
</url><url>
<loc>/theories/separation_algebra/</loc>
</url><url>
<loc>/theories/separation_logic_imperative_hol/</loc>
</url><url>
<loc>/theories/separation_logic_unbounded/</loc>
</url><url>
<loc>/theories/sepref_basic/</loc>
</url><url>
<loc>/theories/sepref_iicf/</loc>
</url><url>
<loc>/theories/sepref_prereq/</loc>
</url><url>
<loc>/theories/sequentinvertibility/</loc>
</url><url>
<loc>/theories/shadow_dom/</loc>
</url><url>
<loc>/theories/shadow_sc_dom/</loc>
</url><url>
<loc>/theories/shivers-cfa/</loc>
</url><url>
<loc>/theories/shortestpath/</loc>
</url><url>
<loc>/theories/show/</loc>
</url><url>
<loc>/theories/sifpl/</loc>
</url><url>
<loc>/theories/sifum_type_systems/</loc>
</url><url>
<loc>/theories/sigma_commit_crypto/</loc>
</url><url>
<loc>/theories/signature_groebner/</loc>
</url><url>
<loc>/theories/simpl/</loc>
</url><url>
<loc>/theories/simple_firewall/</loc>
</url><url>
<loc>/theories/simplex/</loc>
</url><url>
<loc>/theories/simplicial_complexes_and_boolean_functions/</loc>
</url><url>
<loc>/theories/simplifiedontologicalargument/</loc>
</url><url>
<loc>/theories/skew_heap/</loc>
</url><url>
<loc>/theories/skip_lists/</loc>
</url><url>
<loc>/theories/slicing/</loc>
</url><url>
<loc>/theories/sliding_window_algorithm/</loc>
</url><url>
<loc>/theories/sm/</loc>
</url><url>
<loc>/theories/sm_base/</loc>
</url><url>
<loc>/theories/smith_normal_form/</loc>
</url><url>
<loc>/theories/smooth_manifolds/</loc>
</url><url>
<loc>/theories/solidity/</loc>
</url><url>
<loc>/theories/sophomores_dream/</loc>
</url><url>
<loc>/theories/sort_encodings/</loc>
</url><url>
<loc>/theories/source_coding_theorem/</loc>
</url><url>
<loc>/theories/sparcv8/</loc>
</url><url>
<loc>/theories/speccheck/</loc>
</url><url>
<loc>/theories/special_function_bounds/</loc>
</url><url>
<loc>/theories/splay_tree/</loc>
</url><url>
<loc>/theories/sqrt_babylonian/</loc>
</url><url>
<loc>/theories/stable_matching/</loc>
</url><url>
<loc>/theories/stalnaker_logic/</loc>
</url><url>
<loc>/theories/statecharts/</loc>
</url><url>
<loc>/theories/stateful_protocol_composition_and_typing/</loc>
</url><url>
<loc>/statistics/</loc>
</url><url>
<loc>/theories/stellar_quorums/</loc>
</url><url>
<loc>/theories/stern_brocot/</loc>
</url><url>
<loc>/theories/stewart_apollonius/</loc>
</url><url>
<loc>/theories/stirling_formula/</loc>
</url><url>
<loc>/theories/stochastic_matrices/</loc>
</url><url>
<loc>/theories/stone_algebras/</loc>
</url><url>
<loc>/theories/stone_kleene_relation_algebras/</loc>
</url><url>
<loc>/theories/stone_relation_algebras/</loc>
</url><url>
<loc>/theories/store_buffer_reduction/</loc>
</url><url>
<loc>/theories/stream-fusion/</loc>
</url><url>
<loc>/theories/stream_fusion_code/</loc>
</url><url>
<loc>/theories/strong_security/</loc>
</url><url>
<loc>/theories/sturm_sequences/</loc>
</url><url>
<loc>/theories/sturm_tarski/</loc>
</url><url>
<loc>/theories/stuttering_equivalence/</loc>
</url><url>
<loc>/theories/subresultants/</loc>
</url><url>
<loc>/theories/subset_boolean_algebras/</loc>
</url><url>
<loc>/theories/sumsquares/</loc>
</url><url>
<loc>/theories/sunflowers/</loc>
</url><url>
<loc>/theories/supercalc/</loc>
</url><url>
<loc>/theories/surprise_paradox/</loc>
</url><url>
<loc>/theories/symmetric_polynomials/</loc>
</url><url>
<loc>/theories/syntax_independent_logic/</loc>
</url><url>
<loc>/theories/szemeredi_regularity/</loc>
</url><url>
<loc>/theories/szpilrajn/</loc>
</url><url>
<loc>/theories/tail_recursive_functions/</loc>
</url><url>
<loc>/theories/tarskis_geometry/</loc>
</url><url>
<loc>/theories/taylor_models/</loc>
</url><url>
<loc>/theories/tesl_language/</loc>
</url><url>
<loc>/theories/</loc>
</url><url>
<loc>/theories/three_circles/</loc>
</url><url>
<loc>/theories/timed_automata/</loc>
</url><url>
<loc>/theories/tla/</loc>
</url><url>
<loc>/theories/topological_semantics/</loc>
</url><url>
<loc>/theories/topology/</loc>
</url><url>
<loc>/theories/tortoisehare/</loc>
</url><url>
<loc>/theories/transcendence_series_hancl_rucki/</loc>
</url><url>
<loc>/theories/transformer_semantics/</loc>
</url><url>
<loc>/theories/transition_systems_and_automata/</loc>
</url><url>
<loc>/theories/transitive-closure/</loc>
</url><url>
<loc>/theories/transitive-closure-ii/</loc>
</url><url>
<loc>/theories/transitive_models/</loc>
</url><url>
<loc>/theories/treaps/</loc>
</url><url>
<loc>/theories/tree-automata/</loc>
</url><url>
<loc>/theories/tree_decomposition/</loc>
</url><url>
<loc>/theories/triangle/</loc>
</url><url>
<loc>/theories/trie/</loc>
</url><url>
<loc>/theories/twelvefold_way/</loc>
</url><url>
<loc>/theories/tycon/</loc>
</url><url>
<loc>/theories/types_tableaus_and_goedels_god/</loc>
</url><url>
<loc>/theories/types_to_sets_extension/</loc>
</url><url>
<loc>/theories/undirected_graph_theory/</loc>
</url><url>
<loc>/theories/universal_hash_families/</loc>
</url><url>
<loc>/theories/universal_turing_machine/</loc>
</url><url>
<loc>/theories/updown_scheme/</loc>
</url><url>
<loc>/theories/upf/</loc>
</url><url>
<loc>/theories/upf_firewall/</loc>
</url><url>
<loc>/theories/utp/</loc>
</url><url>
<loc>/theories/utp-toolkit/</loc>
</url><url>
<loc>/theories/valuation/</loc>
</url><url>
<loc>/theories/van_der_waerden/</loc>
</url><url>
<loc>/theories/van_emde_boas_trees/</loc>
</url><url>
<loc>/theories/vectorspace/</loc>
</url><url>
<loc>/theories/vericomp/</loc>
</url><url>
<loc>/theories/verified-prover/</loc>
</url><url>
<loc>/theories/verified_sat_based_ai_planning/</loc>
</url><url>
<loc>/theories/verifythis2018/</loc>
</url><url>
<loc>/theories/verifythis2019/</loc>
</url><url>
<loc>/theories/vickrey_clarke_groves/</loc>
</url><url>
<loc>/theories/virtual_substitution/</loc>
</url><url>
<loc>/theories/volpanosmith/</loc>
</url><url>
<loc>/theories/vydra_mdl/</loc>
</url><url>
<loc>/theories/webassembly/</loc>
</url><url>
<loc>/theories/weight_balanced_trees/</loc>
</url><url>
<loc>/theories/weighted_arithmetic_geometric_mean/</loc>
</url><url>
<loc>/theories/weighted_path_order/</loc>
</url><url>
<loc>/theories/well_quasi_orders/</loc>
</url><url>
<loc>/theories/wetzels_problem/</loc>
</url><url>
<loc>/theories/whatandwhere_security/</loc>
</url><url>
<loc>/theories/winding_number_eval/</loc>
</url><url>
<loc>/theories/woot_strong_eventual_consistency/</loc>
</url><url>
<loc>/theories/word_lib/</loc>
</url><url>
<loc>/theories/workerwrapper/</loc>
</url><url>
<loc>/theories/x86_semantics/</loc>
</url><url>
<loc>/theories/xml/</loc>
</url><url>
<loc>/theories/youngs_inequality/</loc>
</url><url>
<loc>/theories/zeta_3_irrational/</loc>
</url><url>
<loc>/theories/zeta_function/</loc>
</url><url>
<loc>/theories/zfc_in_hol/</loc>
</url>
</urlset>
diff --git a/web/statistics/index.html b/web/statistics/index.html
--- a/web/statistics/index.html
+++ b/web/statistics/index.html
@@ -1,337 +1,337 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Statistics - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><meta property="og:title" content="Statistics" />
-<meta property="og:description" content="708 Entries 428 Authors ~223,600 Lemmas ~3,636,700 Lines of Code Most used AFP entries: Name Used by ? entries 1. List-Index 22 2. Collections 19 3. Show 16 4. Deriving 13 5. Coinductive 12 6. Jordan_Normal_Form 12 7. Polynomial_Factorization 12 8. Regular-Sets 12 9." />
+<meta property="og:description" content="709 Entries 429 Authors ~225,700 Lemmas ~3,655,600 Lines of Code Most used AFP entries: Name Used by ? entries 1. List-Index 22 2. Collections 19 3. Show 16 4. Deriving 13 5. Coinductive 12 6. Jordan_Normal_Form 12 7. Polynomial_Factorization 12 8. Regular-Sets 12 9." />
<meta property="og:type" content="article" />
<meta property="og:url" content="/statistics/" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="" />
<meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Statistics"/>
-<meta name="twitter:description" content="708 Entries 428 Authors ~223,600 Lemmas ~3,636,700 Lines of Code Most used AFP entries: Name Used by ? entries 1. List-Index 22 2. Collections 19 3. Show 16 4. Deriving 13 5. Coinductive 12 6. Jordan_Normal_Form 12 7. Polynomial_Factorization 12 8. Regular-Sets 12 9."/>
+<meta name="twitter:description" content="709 Entries 429 Authors ~225,700 Lemmas ~3,655,600 Lines of Code Most used AFP entries: Name Used by ? entries 1. List-Index 22 2. Collections 19 3. Show 16 4. Deriving 13 5. Coinductive 12 6. Jordan_Normal_Form 12 7. Polynomial_Factorization 12 8. Regular-Sets 12 9."/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon"><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li class="active" >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>S</span>tatistics</h1>
<div>
</div>
</header><div><div>
<table>
<tr>
- <td class="statsnumber">708</td>
+ <td class="statsnumber">709</td>
<td><a href="../">Entries</a></td>
</tr>
<tr>
- <td class="statsnumber">428</td>
+ <td class="statsnumber">429</td>
<td><a href="../authors/">Authors</a></td>
</tr>
<tr>
- <td class="statsnumber">~223,600</td>
+ <td class="statsnumber">~225,700</td>
<td>Lemmas</td>
</tr>
<tr>
- <td class="statsnumber">~3,636,700</td>
+ <td class="statsnumber">~3,655,600</td>
<td>Lines of Code</td>
</tr>
</table>
<h4>Most used AFP entries:</h4>
<table id="most_used">
<tr>
<th></th>
<th>Name</th>
<th>Used by ? entries</th>
</tr>
<tr>
<td>1.</td>
<td><a href="../entries/List-Index.html">List-Index</a></td>
<td><a href="../dependencies/list-index/">22</a></td>
</tr>
<tr>
<td>2.</td>
<td><a href="../entries/Collections.html">Collections</a></td>
<td><a href="../dependencies/collections/">19</a></td>
</tr>
<tr>
<td>3.</td>
<td><a href="../entries/Show.html">Show</a></td>
<td><a href="../dependencies/show/">16</a></td>
</tr>
<tr>
<td>4.</td>
<td><a href="../entries/Deriving.html">Deriving</a></td>
<td><a href="../dependencies/deriving/">13</a></td>
</tr>
<tr>
<td>5.</td>
<td><a href="../entries/Coinductive.html">Coinductive</a></td>
<td><a href="../dependencies/coinductive/">12</a></td>
</tr>
<tr>
<td>6.</td>
<td><a href="../entries/Jordan_Normal_Form.html">Jordan_Normal_Form</a></td>
<td><a href="../dependencies/jordan_normal_form/">12</a></td>
</tr>
<tr>
<td>7.</td>
<td><a href="../entries/Polynomial_Factorization.html">Polynomial_Factorization</a></td>
<td><a href="../dependencies/polynomial_factorization/">12</a></td>
</tr>
<tr>
<td>8.</td>
<td><a href="../entries/Regular-Sets.html">Regular-Sets</a></td>
<td><a href="../dependencies/regular-sets/">12</a></td>
</tr>
<tr>
<td>9.</td>
<td><a href="../entries/Landau_Symbols.html">Landau_Symbols</a></td>
<td><a href="../dependencies/landau_symbols/">11</a></td>
</tr>
<tr>
<td>10.</td>
<td><a href="../entries/Abstract-Rewriting.html">Abstract-Rewriting</a></td>
<td><a href="../dependencies/abstract-rewriting/">10</a></td>
</tr>
<tr>
<td>11.</td>
<td><a href="../entries/Automatic_Refinement.html">Automatic_Refinement</a></td>
<td><a href="../dependencies/automatic_refinement/">10</a></td>
</tr>
<tr>
<td>12.</td>
<td><a href="../entries/Native_Word.html">Native_Word</a></td>
<td><a href="../dependencies/native_word/">10</a></td>
</tr>
</table>
<script>
const years = [2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020,2021,2022]
- const no_articles = [14,22,29,37,52,64,86,103,128,151,208,253,326,396,455,511,577,650,708]
- const no_loc = [60600,96800,131300,238700,353500,435700,516800,567900,737800,824900,1036500,1216900,1600400,1856200,2127400,2443600,2838500,3350100,3636700]
- const no_authors = [14,11,6,6,10,6,24,11,17,16,37,20,63,31,26,38,30,43,19]
- const no_authors_series = [14,25,31,37,47,53,77,88,105,121,158,178,241,272,298,336,366,409,428]
- const all_articles = ['AVL-Trees','MiniML','Functional-Automata','BinarySearchTree','Lazy-Lists-II','Topology','Group-Ring-Module','Depth-First-Search','Compiling-Exceptions-Correctly','Completeness','Ramsey-Infinite','Verified-Prover','Integration','FileRefinement','Category','RSAPSS','Jinja','JiveDataStoreModel','DiskPaxos','GenClock','FFT','Ordinal','Cauchy','ClockSynchInst','FeatherweightJava','CoreC++','Flyspeck-Tame','Abstract-Hoare-Logics','HotelKeyCards','FOL-Fitting','POPLmark-deBruijn','Valuation','Fermat3_4','SumSquares','MuchAdoAboutTwo','JinjaThreads','Program-Conflict-Analysis','LinearQuantifierElim','NormByEval','BDD','Simpl','Recursion-Theory-I','SATSolverVerification','FunWithFunctions','ArrowImpossibilityGS','VolpanoSmith','Slicing','Huffman','FunWithTilings','SenSocialChoice','SIFPL','BytecodeLogicJmlTypes','Stream-Fusion','FinFun','CofGroups','SequentInvertibility','Ordinals_and_Cardinals','WorkerWrapper','HRB-Slicing','Perfect-Number-Thm','Collections','Tree-Automata','Presburger-Automata','DPT-SAT-Solver','Coinductive','List-Index','InformationFlowSlicing','InformationFlowSlicing_Inter','Free-Boolean-Algebra','Locally-Nameless-Sigma','Regular-Sets','Robbins-Conjecture','DataRefinementIBP','GraphMarkingIBP','Abstract-Rewriting','Matrix','Category2','Free-Groups','Statecharts','Polynomials','Lam-ml-Normalization','Binomial-Heaps','Binomial-Queues','Finger-Trees','Shivers-CFA','Marriage','Lower_Semicontinuous','RIPEMD-160-SPARK','LightweightJava','AutoFocus-Stream','List-Infinite','Nat-Interval-Logic','Transitive-Closure','General-Triangle','KBPs','Max-Card-Matching','Gauss-Jordan-Elim-Fun','Myhill-Nerode','LatticeProperties','MonoBoolTranAlgebra','PseudoHoops','Efficient-Mergesort','TLA','Markov_Models','Dijkstra_Shortest_Path','Refine_Monadic','Girth_Chromatic','Transitive-Closure-II','Abortable_Linearizable_Modules','Well_Quasi_Orders','Ordinary_Differential_Equations','Inductive_Confidentiality','Stuttering_Equivalence','Separation_Algebra','Circus','CCS','Pi_Calculus','Psi_Calculi','Tycon','PCF','Heard_Of','Impossible_Geometry','Datatype_Order_Generator','Possibilistic_Noninterference','Bondy','Tarskis_Geometry','Open_Induction','Separation_Logic_Imperative_HOL','Sqrt_Babylonian','Kleene_Algebra','Rank_Nullity_Theorem','Ribbon_Proofs','Launchbury','Nominal2','Containers','Graph_Theory','ShortestPath','Sort_Encodings','Koenigsberg_Friendship','Lehmer','Pratt_Certificate','IEEE_Floating_Point','Native_Word','Automatic_Refinement','Decreasing-Diagrams','GoedelGod','FocusStreamsCaseStudies','Coinductive_Languages','HereditarilyFinite','Incompleteness','Tail_Recursive_Functions','CryptoBasedCompositionalProperties','Sturm_Sequences','Featherweight_OCL','KAT_and_DRA','Relation_Algebra','Secondary_Sylow','Regex_Equivalence','Real_Impl','Affine_Arithmetic','Selection_Heap_Sort','Random_Graph_Subgraph_Threshold','Partial_Function_MR','AWN','Probabilistic_Noninterference','GPU_Kernel_PL','Discrete_Summation','Abstract_Completeness','HyperCTL','Bounded_Deducibility_Security','SIFUM_Type_Systems','Strong_Security','WHATandWHERE_Security','ComponentDependencies','Regular_Algebras','Noninterference_CSP','Roy_Floyd_Warshall','CAVA_Automata','CAVA_LTL_Modelchecker','Gabow_SCC','LTL_to_GBA','Promela','Boolean_Expression_Checkers','MSO_Regex_Equivalence','Pop_Refinement','Network_Security_Policy_Verification','Amortized_Complexity','pGCL','CISC-Kernel','Show','Splay_Tree','Skew_Heap','Special_Function_Bounds','VectorSpace','Gauss_Jordan','Priority_Queue_Braun','Jordan_Hoelder','Cayley_Hamilton','Sturm_Tarski','Imperative_Insertion_Sort','Certification_Monads','XML','RefinementReactive','Density_Compiler','Stream_Fusion_Code','Lifting_Definition_Option','AODV','UPF','UpDown_Scheme','Finite_Automata_HF','Echelon_Form','QR_Decomposition','Call_Arity','Deriving','Consensus_Refined','Trie','ConcurrentGC','ConcurrentIMP','Residuated_Lattices','Vickrey_Clarke_Groves','Probabilistic_System_Zoo','Formula_Derivatives','Dynamic_Tables','List_Interleaving','Multirelations','Noninterference_Generic_Unwinding','Noninterference_Ipurge_Unwinding','Derangements','Hermite','Akra_Bazzi','Landau_Symbols','Case_Labeling','Encodability_Process_Calculi','Rep_Fin_Groups','Noninterference_Inductive_Unwinding','Decreasing-Diagrams-II','Jordan_Normal_Form','LTL_to_DRA','Isabelle_Meta_Model','Parity_Game','Planarity_Certificates','TortoiseHare','Euler_Partition','Ergodic_Theory','Latin_Square','Card_Partitions','Algebraic_Numbers','Applicative_Lifting','Stern_Brocot','Descartes_Sign_Rule','Liouville_Numbers','Prime_Harmonic_Series','Triangle','Card_Number_Partitions','Matrix_Tensor','Knot_Theory','Polynomial_Factorization','Polynomial_Interpolation','Formal_SSA','List_Update','LTL','Cartan_FP','Timed_Automata','PropResPI','KAD','Noninterference_Sequential_Composition','CYK','ROBDD','No_FTL_observers','Groebner_Bases','Bell_Numbers_Spivey','SDS_Impossibility','Randomised_Social_Choice','MFMC_Countable','FLP','Incredible_Proof_Machine','Perron_Frobenius','Card_Equiv_Relations','Posix-Lexing','Tree_Decomposition','Word_Lib','Noninterference_Concurrent_Composition','Algebraic_VCs','Catalan_Numbers','Dependent_SIFUM_Type_Systems','Card_Multisets','Category3','Dependent_SIFUM_Refinement','IP_Addresses','Resolution_FOL','Rewriting_Z','Buildings','DFS_Framework','Pairing_Heap','Surprise_Paradox','Ptolemys_Theorem','Refine_Imperative_HOL','EdmondsKarp_Maxflow','InfPathElimination','Simple_Firewall','Routing','Stirling_Formula','Stone_Algebras','SuperCalc','Iptables_Semantics','Lambda_Free_RPOs','Allen_Calculus','Fisher_Yates','Lp','Chord_Segments','Berlekamp_Zassenhaus','SPARCv8','Source_Coding_Theorem','LOFT','Stable_Matching','Modal_Logics_for_NTS','Deep_Learning','Lambda_Free_KBOs','Nested_Multisets_Ordinals','Separata','Abs_Int_ITP2012','Complx','Paraconsistency','Proof_Strategy_Language','Twelvefold_Way','Concurrent_Ref_Alg','FOL_Harrison','Password_Authentication_Protocol','UPF_Firewall','E_Transcendental','Bertrands_Postulate','Minimal_SSA','Bernoulli','Key_Agreement_Strong_Adversaries','Stone_Relation_Algebras','Abstract_Soundness','Differential_Dynamic_Logic','Menger','Elliptic_Curves_Group_Law','Euler_MacLaurin','Comparison_Sort_Lower_Bound','Quick_Sort_Cost','Random_BSTs','Subresultants','Lazy_Case','Constructor_Funs','LocalLexing','Types_Tableaus_and_Goedels_God','MonoidalCategory','CryptHOL','Game_Based_Crypto','Monad_Normalisation','Monomorphic_Monad','Probabilistic_While','Floyd_Warshall','Dict_Construction','Security_Protocol_Refinement','Optics','Flow_Networks','Prpu_Maxflow','Buffons_Needle','PSemigroupsConvolution','Propositional_Proof_Systems','Stone_Kleene_Relation_Algebras','CRDT','Name_Carrying_Type_Inference','Minkowskis_Theorem','HOLCF-Prelude','Decl_Sem_Fun_PL','DynamicArchitectures','Stewart_Apollonius','LambdaMu','Orbit_Stabiliser','Root_Balanced_Tree','First_Welfare_Theorem','AnselmGod','PLM','Lowe_Ontological_Argument','Dirichlet_Series','Linear_Recurrences','Zeta_Function','Diophantine_Eqns_Lin_Hom','Count_Complex_Roots','Winding_Number_Eval','Buchi_Complementation','Transition_Systems_and_Automata','Kuratowski_Closure_Complement','Hybrid_Multi_Lane_Spatial_Logic','IMAP-CRDT','Stochastic_Matrices','Knuth_Morris_Pratt','BNF_Operations','Dirichlet_L','Mason_Stothers','Median_Of_Medians_Selection','Falling_Factorial_Sum','Taylor_Models','Green','Gromov_Hyperbolicity','Ordered_Resolution_Prover','LLL_Basis_Reduction','Error_Function','First_Order_Terms','LLL_Factorization','Treaps','Hoare_Time','Architectural_Design_Patterns','CakeML','Weight_Balanced_Trees','Fishburn_Impossibility','BNF_CC','VerifyThis2018','WebAssembly','Modular_Assembly_Kit_Security','OpSets','Monad_Memo_DP','AxiomaticCategoryTheory','Irrationality_J_Hancl','Probabilistic_Timed_Automata','Hidden_Markov_Models','Optimal_BST','Partial_Order_Reduction','Localization_Ring','Projective_Geometry','Pell','Neumann_Morgenstern_Utility','DiscretePricing','Minsky_Machines','Simplex','Budan_Fourier','Quaternions','Octonions','Aggregation_Algebras','Prime_Number_Theorem','Signature_Groebner','Symmetric_Polynomials','Pi_Transcendental','Factored_Transition_System_Bounding','Lambda_Free_EPO','Randomised_BSTs','Smooth_Manifolds','Epistemic_Logic','GewirthPGCProof','Generic_Deriving','Matroids','Auto2_HOL','Functional_Ordered_Resolution_Prover','Graph_Saturation','Order_Lattice_Props','Quantales','Transformer_Semantics','Constructive_Cryptography','Auto2_Imperative_HOL','Concurrent_Revisions','Core_DOM','Store_Buffer_Reduction','Higher_Order_Terms','IMP2','Farkas','List_Inversions','UTP','Universal_Turing_Machine','Probabilistic_Prime_Tests','Kruskal','Prime_Distribution_Elementary','Safe_OCL','QHLProver','Transcendence_Series_Hancl_Rucki','Binding_Syntax_Theory','LTL_Master_Theorem','HOL-CSP','Multi_Party_Computation','LambdaAuth','KD_Tree','Differential_Game_Logic','IMP2_Binary_Heap','Groebner_Macaulay','Nullstellensatz','Linear_Inequalities','Prim_Dijkstra_Simple','Priority_Search_Trees','Complete_Non_Orders','MFOTL_Monitor','CakeML_Codegen','FOL_Seq_Calc1','Szpilrajn','TESL_Language','Stellar_Quorums','IMO2019','C2KA_DistributedSystems','Linear_Programming','Laplace_Transform','Adaptive_State_Counting','Jacobson_Basic_Algebra','Fourier','Hybrid_Systems_VCs','Generic_Join','Clean','Sigma_Commit_Crypto','Aristotles_Assertoric_Syllogistic','VerifyThis2019','Isabelle_C','ZFC_in_HOL','Interval_Arithmetic_Word32','Generalized_Counting_Sort','Gauss_Sums','Complex_Geometry','Poincare_Disc','Poincare_Bendixson','Hybrid_Logic','Zeta_3_Irrational','Bicategory','Skip_Lists','Closest_Pair_Points','Approximation_Algorithms','Mersenne_Primes','Subset_Boolean_Algebras','Arith_Prog_Rel_Primes','VeriComp','Goodstein_Lambda','Hello_World','Relational-Incorrectness-Logic','Furstenberg_Topology','WOOT_Strong_Eventual_Consistency','Lucas_Theorem','Automated_Stateful_Protocol_Verification','Stateful_Protocol_Composition_and_Typing','MFODL_Monitor_Optimized','Saturation_Framework','Sliding_Window_Algorithm','ADS_Functor','Matrices_for_ODEs','Gaussian_Integers','Lambert_W','Power_Sum_Polynomials','Attack_Trees','Banach_Steinhaus','Forcing','LTL_Normal_Form','Recursion-Addition','Irrational_Series_Erdos_Straus','Knuth_Bendix_Order','Nash_Williams','Smith_Normal_Form','Safe_Distance','Relational_Paths','Chandy_Lamport','Ordinal_Partitions','Amicable_Numbers','BirdKMP','Saturation_Framework_Extensions','Relational_Disjoint_Set_Forests','Inductive_Inference','PAC_Checker','Extended_Finite_State_Machine_Inference','Extended_Finite_State_Machines','Goedel_HFSet_Semantic','Goedel_HFSet_Semanticless','Goedel_Incompleteness','Robinson_Arithmetic','Syntax_Independent_Logic','Core_SC_DOM','DOM_Components','SC_DOM_Components','Shadow_DOM','Shadow_SC_DOM','Finite-Map-Extras','Physical_Quantities','AI_Planning_Languages_Semantics','Verified_SAT_Based_AI_Planning','CSP_RefTK','Isabelle_Marries_Dirac','Relational_Method','Interpreter_Optimizations','Relational_Minimum_Spanning_Trees','Topological_Semantics','Delta_System_Lemma','JinjaDCI','Hood_Melville_Queue','Blue_Eyes','IsaGeoCoq','Laws_of_Large_Numbers','Formal_Puiseux_Series','BTree','Sunflowers','Mereology','Hermite_Lindemann','Projective_Measurements','Modular_arithmetic_LLL_and_HNF_algorithms','Constructive_Cryptography_CM','Padic_Ints','Grothendieck_Schemes','IFC_Tracking','Progress_Tracking','GaleStewart_Games','BenOr_Kozen_Reif','Lifting_the_Exponent','Metalogic_ProofChecker','Regression_Test_Selection','Combinatorics_Words','Combinatorics_Words_Graph_Lemma','Combinatorics_Words_Lyndon','IMP_Compiler','Public_Announcement_Logic','MiniSail','Van_der_Waerden','SpecCheck','Finitely_Generated_Abelian_Groups','Schutz_Spacetime','Relational_Forests','Design_Theory','BD_Security_Compositional','CoCon','CoSMeDis','CoSMed','Fresh_Identifiers','Three_Circles','Logging_Independent_Anonymity','Cubic_Quartic_Equations','Dominance_CHK','CZH_Elementary_Categories','CZH_Foundations','CZH_Universal_Constructions','Conditional_Simplification','Conditional_Transfer_Rule','Intro_Dest_Elim','Types_To_Sets_Extension','Weighted_Path_Order','Complex_Bounded_Operators','FOL_Axiomatic','Virtual_Substitution','Correctness_Algebras','X86_Semantics','Belief_Revision','Registers','Szemeredi_Regularity','Factor_Algebraic_Polynomial','PAL','Real_Power','SimplifiedOntologicalArgument','Hahn_Jordan_Decomposition','Foundation_of_geometry','Van_Emde_Boas_Trees','Simplicial_complexes_and_boolean_functions','Regular_Tree_Relations','MDP-Algorithms','MDP-Rewards','Roth_Arithmetic_Progressions','Gale_Shapley','Hyperdual','Knights_Tour','Irrationals_From_THEBOOK','Actuarial_Mathematics','Median_Method','Interpolation_Polynomials_HOL_Algebra','FOL_Seq_Calc2','Youngs_Inequality','FO_Theory_Rewriting','LP_Duality','Quasi_Borel_Spaces','Equivalence_Relation_Enumeration','VYDRA_MDL','Eval_FO','Wetzels_Problem','Universal_Hash_Families','ResiduatedTransitionSystem','Transitive_Models','Independence_CH','Cotangent_PFD_Formula','FOL_Seq_Calc3','Ackermanns_not_PR','Dedekind_Real','Frequency_Moments','Prefix_Free_Code_Combinators','Sophomores_Dream','Digit_Expansions','Multiset_Ordering_NPC','Fishers_Inequality','Clique_and_Monotone_Circuits','Package_logic','Pluennecke_Ruzsa_Inequality','Combinable_Wands','Rewrite_Properties_Reduction','DPRM_Theorem','Finite_Fields','IsaNet','Boolos_Curious_Inference','Real_Time_Deque','IMP_Compiler_Reuse','Weighted_Arithmetic_Geometric_Mean','Commuting_Hermitian','Solidity','Nano_JSON','FSM_Tests','Involutions2Squares','SCC_Bloemen_Sequential','Number_Theoretic_Transform','Hales_Jewett','Khovanskii_Theorem','Separation_Logic_Unbounded','CRYSTALS-Kyber','Implicational_Logic','Risk_Free_Lending','Padic_Field','Stalnaker_Logic','Safe_Range_RC','Maximum_Segment_Sum','Undirected_Graph_Theory']
- const article_years_unique = ['2004','','','','','','','','','','','','','','2005','','','','','','','','2006','','','','','','','2007','','','','','','','','2008','','','','','','','','','','','','','','','2009','','','','','','','','','','','','2010','','','','','','','','','','','','','','','','','','','','','','2011','','','','','','','','','','','','','','','','','2012','','','','','','','','','','','','','','','','','','','','','','','','','2013','','','','','','','','','','','','','','','','','','','','','','','2014','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2015','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2016','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2017','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2018','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2019','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2020','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2021','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2022','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','']
- const loc_articles = [839,1507,1542,1096,1058,2419,44195,205,142,1974,209,1110,3792,506,1141,3766,17615,3119,6430,1145,447,2537,1275,1583,1838,12832,13047,2685,1228,3556,4238,9647,2847,970,1740,79712,4738,3396,2185,10664,31022,6726,30332,180,793,1047,14413,2080,254,2221,5959,3463,799,1540,684,6654,8,2627,27490,264,32555,5025,4380,208,9533,447,2380,3399,606,6305,2060,840,713,1024,5632,1427,4078,2230,6003,22604,1602,3370,1587,2451,2591,260,1617,16,2937,6557,7804,6381,992,125,10130,332,239,1831,999,1756,4420,434,4461,11864,2835,8575,1045,408,2940,2613,37935,3243,1480,2612,3141,2580,23005,27588,2266,4107,7701,1249,260,5309,73,9729,719,6674,1512,4355,1249,1908,6214,4977,10086,7261,538,3830,4591,202,853,1784,5274,10304,1524,150,5292,706,2248,10737,1463,1958,3067,11487,1860,1190,1219,2174,1144,14863,2212,1957,166,10685,6419,572,590,465,1698,1909,4134,1403,2138,2280,1959,2467,220,4432,9396,5430,3999,4472,406,5935,1829,12828,3234,9486,4560,926,659,63,1653,2338,9085,753,2113,875,1836,627,945,1405,1296,7880,1922,90,28055,2879,2796,1116,5259,4863,8842,1356,5997,527,6658,2606,1772,5327,1092,4112,952,1064,2362,1089,2446,477,2074,3763,1954,710,16080,8267,908,1063,21228,9679,8661,3142,9156,695,435,13995,478,898,10416,2724,1162,741,405,495,498,838,3622,4616,6264,4106,8166,12091,3178,518,17581,2876,2418,5496,885,2453,1162,17387,509,703,5047,10687,4287,3811,5337,329,3985,1057,15083,3257,2582,553,8478,206,26817,8773,3324,2960,398,12811,9483,370,173,384,18990,2545,6119,3774,645,2415,4344,9370,20053,3963,3419,319,3174,169,19414,14667,541,2652,7059,7590,3898,3243,4507,855,2289,5027,1349,276,4339,1475,3482,7119,9662,601,1728,852,2194,12204,4212,590,13558,1695,4484,1644,694,835,737,3394,105,68,10492,1127,8501,11278,4135,378,4711,1200,2078,639,14059,2229,3930,4869,468,1531,5570,5683,1993,4205,478,4121,3146,3472,88,480,1261,1877,2193,250,10669,822,7466,3105,5302,2783,8208,8809,2324,6164,945,6514,992,489,810,8949,3434,338,854,493,4593,9457,15962,6402,10342,787,2288,3259,1820,8442,3278,12945,672,843,3402,3638,11570,13548,3734,6261,528,965,7711,1042,1221,5017,1390,2755,1622,2173,13357,805,10042,2667,541,1271,2668,5319,9770,2765,934,11918,2205,1743,7917,1209,449,685,1812,1227,3559,3578,2951,2218,1644,5182,4968,2767,17368,34354,3204,6019,1900,373,9969,30917,3018,3298,5306,4576,10509,986,15793,4437,9487,5543,3301,1264,2973,805,10229,2606,5735,3365,472,3604,3199,13289,987,787,4455,527,713,782,2335,2134,9936,2090,3736,5801,2350,4124,3809,176,1726,9701,7027,5069,5729,4561,14098,10292,6402,4470,1907,68336,2355,3937,3485,1706,3154,944,1033,597,370,691,764,2564,332,21109,23314,10943,3061,744,2353,1560,2537,1609,1239,1939,1338,12002,1034,1444,1902,2670,755,13319,3036,5074,9793,6287,1261,2908,2101,5117,12873,9018,4265,4731,426,11477,3546,1295,8100,16384,3523,7793,12668,15385,648,1761,2352,16434,2359,7700,3995,6542,4731,2826,3304,24539,745,365,26525,290,2582,15792,615,4039,3766,4959,17068,8442,15847,6578,4131,7218,1015,10328,384,9264,4094,13798,488,837,666,840,19737,1088,233,4433,7684,1962,4940,3003,11165,14638,5913,303,3758,817,1329,3157,40867,29106,22137,225,1053,176,17526,4239,18014,1306,21771,13533,2621,1324,5953,909,2961,133,2203,455,2619,6076,20665,1882,9541,4288,4298,1384,2007,2946,3108,269,948,566,757,2594,807,9208,624,8738,502,7222,5937,342,828,18280,18383,14310,730,719,200,1411,4182,816,401,1312,1820,5168,2337,2169,654,2031,3338,8759,4623,7346,95,3711,1527,414,5785,15325,1041,53757,351,3175,1958,2144,1388,2325,3584,431,1923,39759,534,3097,144,2696]
+ const no_articles = [14,22,29,37,52,64,86,103,128,151,208,253,326,396,455,511,577,650,709]
+ const no_loc = [60600,96800,131300,238700,353500,435700,516800,567900,737800,824900,1036500,1216900,1600400,1856200,2127400,2443600,2838500,3349800,3655600]
+ const no_authors = [14,11,6,6,10,6,24,11,17,16,37,20,63,31,26,38,30,43,20]
+ const no_authors_series = [14,25,31,37,47,53,77,88,105,121,158,178,241,272,298,336,366,409,429]
+ const all_articles = ['AVL-Trees','MiniML','Functional-Automata','BinarySearchTree','Lazy-Lists-II','Topology','Group-Ring-Module','Depth-First-Search','Compiling-Exceptions-Correctly','Completeness','Ramsey-Infinite','Verified-Prover','Integration','FileRefinement','Category','RSAPSS','Jinja','JiveDataStoreModel','DiskPaxos','GenClock','FFT','Ordinal','Cauchy','ClockSynchInst','FeatherweightJava','CoreC++','Flyspeck-Tame','Abstract-Hoare-Logics','HotelKeyCards','FOL-Fitting','POPLmark-deBruijn','Valuation','Fermat3_4','SumSquares','MuchAdoAboutTwo','JinjaThreads','Program-Conflict-Analysis','LinearQuantifierElim','NormByEval','BDD','Simpl','Recursion-Theory-I','SATSolverVerification','FunWithFunctions','ArrowImpossibilityGS','VolpanoSmith','Slicing','Huffman','FunWithTilings','SenSocialChoice','SIFPL','BytecodeLogicJmlTypes','Stream-Fusion','FinFun','CofGroups','SequentInvertibility','Ordinals_and_Cardinals','WorkerWrapper','HRB-Slicing','Perfect-Number-Thm','Collections','Tree-Automata','Presburger-Automata','DPT-SAT-Solver','Coinductive','List-Index','InformationFlowSlicing','InformationFlowSlicing_Inter','Free-Boolean-Algebra','Locally-Nameless-Sigma','Regular-Sets','Robbins-Conjecture','DataRefinementIBP','GraphMarkingIBP','Abstract-Rewriting','Matrix','Category2','Free-Groups','Statecharts','Polynomials','Lam-ml-Normalization','Binomial-Heaps','Binomial-Queues','Finger-Trees','Shivers-CFA','Marriage','Lower_Semicontinuous','RIPEMD-160-SPARK','LightweightJava','AutoFocus-Stream','List-Infinite','Nat-Interval-Logic','Transitive-Closure','General-Triangle','KBPs','Max-Card-Matching','Gauss-Jordan-Elim-Fun','Myhill-Nerode','LatticeProperties','MonoBoolTranAlgebra','PseudoHoops','Efficient-Mergesort','TLA','Markov_Models','Dijkstra_Shortest_Path','Refine_Monadic','Girth_Chromatic','Transitive-Closure-II','Abortable_Linearizable_Modules','Well_Quasi_Orders','Ordinary_Differential_Equations','Inductive_Confidentiality','Stuttering_Equivalence','Separation_Algebra','Circus','CCS','Pi_Calculus','Psi_Calculi','Tycon','PCF','Heard_Of','Impossible_Geometry','Datatype_Order_Generator','Possibilistic_Noninterference','Bondy','Tarskis_Geometry','Open_Induction','Separation_Logic_Imperative_HOL','Sqrt_Babylonian','Kleene_Algebra','Rank_Nullity_Theorem','Ribbon_Proofs','Launchbury','Nominal2','Containers','Graph_Theory','ShortestPath','Sort_Encodings','Koenigsberg_Friendship','Lehmer','Pratt_Certificate','IEEE_Floating_Point','Native_Word','Automatic_Refinement','Decreasing-Diagrams','GoedelGod','FocusStreamsCaseStudies','Coinductive_Languages','HereditarilyFinite','Incompleteness','Tail_Recursive_Functions','CryptoBasedCompositionalProperties','Sturm_Sequences','Featherweight_OCL','KAT_and_DRA','Relation_Algebra','Secondary_Sylow','Regex_Equivalence','Real_Impl','Affine_Arithmetic','Selection_Heap_Sort','Random_Graph_Subgraph_Threshold','Partial_Function_MR','AWN','Probabilistic_Noninterference','GPU_Kernel_PL','Discrete_Summation','Abstract_Completeness','HyperCTL','Bounded_Deducibility_Security','SIFUM_Type_Systems','Strong_Security','WHATandWHERE_Security','ComponentDependencies','Regular_Algebras','Noninterference_CSP','Roy_Floyd_Warshall','CAVA_Automata','CAVA_LTL_Modelchecker','Gabow_SCC','LTL_to_GBA','Promela','Boolean_Expression_Checkers','MSO_Regex_Equivalence','Pop_Refinement','Network_Security_Policy_Verification','Amortized_Complexity','pGCL','CISC-Kernel','Show','Splay_Tree','Skew_Heap','Special_Function_Bounds','VectorSpace','Gauss_Jordan','Priority_Queue_Braun','Jordan_Hoelder','Cayley_Hamilton','Sturm_Tarski','Imperative_Insertion_Sort','Certification_Monads','XML','RefinementReactive','Density_Compiler','Stream_Fusion_Code','Lifting_Definition_Option','AODV','UPF','UpDown_Scheme','Finite_Automata_HF','Echelon_Form','QR_Decomposition','Call_Arity','Deriving','Consensus_Refined','Trie','ConcurrentGC','ConcurrentIMP','Residuated_Lattices','Vickrey_Clarke_Groves','Probabilistic_System_Zoo','Formula_Derivatives','Dynamic_Tables','List_Interleaving','Multirelations','Noninterference_Generic_Unwinding','Noninterference_Ipurge_Unwinding','Derangements','Hermite','Akra_Bazzi','Landau_Symbols','Case_Labeling','Encodability_Process_Calculi','Rep_Fin_Groups','Noninterference_Inductive_Unwinding','Decreasing-Diagrams-II','Jordan_Normal_Form','LTL_to_DRA','Isabelle_Meta_Model','Parity_Game','Planarity_Certificates','TortoiseHare','Euler_Partition','Ergodic_Theory','Latin_Square','Card_Partitions','Algebraic_Numbers','Applicative_Lifting','Stern_Brocot','Descartes_Sign_Rule','Liouville_Numbers','Prime_Harmonic_Series','Triangle','Card_Number_Partitions','Matrix_Tensor','Knot_Theory','Polynomial_Factorization','Polynomial_Interpolation','Formal_SSA','List_Update','LTL','Cartan_FP','Timed_Automata','PropResPI','KAD','Noninterference_Sequential_Composition','CYK','ROBDD','No_FTL_observers','Groebner_Bases','Bell_Numbers_Spivey','SDS_Impossibility','Randomised_Social_Choice','MFMC_Countable','FLP','Incredible_Proof_Machine','Perron_Frobenius','Card_Equiv_Relations','Posix-Lexing','Tree_Decomposition','Word_Lib','Noninterference_Concurrent_Composition','Algebraic_VCs','Catalan_Numbers','Dependent_SIFUM_Type_Systems','Card_Multisets','Category3','Dependent_SIFUM_Refinement','IP_Addresses','Resolution_FOL','Rewriting_Z','Buildings','DFS_Framework','Pairing_Heap','Surprise_Paradox','Ptolemys_Theorem','Refine_Imperative_HOL','EdmondsKarp_Maxflow','InfPathElimination','Simple_Firewall','Routing','Stirling_Formula','Stone_Algebras','SuperCalc','Iptables_Semantics','Lambda_Free_RPOs','Allen_Calculus','Fisher_Yates','Lp','Chord_Segments','Berlekamp_Zassenhaus','SPARCv8','Source_Coding_Theorem','LOFT','Stable_Matching','Modal_Logics_for_NTS','Deep_Learning','Lambda_Free_KBOs','Nested_Multisets_Ordinals','Separata','Abs_Int_ITP2012','Complx','Paraconsistency','Proof_Strategy_Language','Twelvefold_Way','Concurrent_Ref_Alg','FOL_Harrison','Password_Authentication_Protocol','UPF_Firewall','E_Transcendental','Bertrands_Postulate','Minimal_SSA','Bernoulli','Key_Agreement_Strong_Adversaries','Stone_Relation_Algebras','Abstract_Soundness','Differential_Dynamic_Logic','Menger','Elliptic_Curves_Group_Law','Euler_MacLaurin','Comparison_Sort_Lower_Bound','Quick_Sort_Cost','Random_BSTs','Subresultants','Lazy_Case','Constructor_Funs','LocalLexing','Types_Tableaus_and_Goedels_God','MonoidalCategory','CryptHOL','Game_Based_Crypto','Monad_Normalisation','Monomorphic_Monad','Probabilistic_While','Floyd_Warshall','Dict_Construction','Security_Protocol_Refinement','Optics','Flow_Networks','Prpu_Maxflow','Buffons_Needle','PSemigroupsConvolution','Propositional_Proof_Systems','Stone_Kleene_Relation_Algebras','CRDT','Name_Carrying_Type_Inference','Minkowskis_Theorem','HOLCF-Prelude','Decl_Sem_Fun_PL','DynamicArchitectures','Stewart_Apollonius','LambdaMu','Orbit_Stabiliser','Root_Balanced_Tree','First_Welfare_Theorem','AnselmGod','PLM','Lowe_Ontological_Argument','Dirichlet_Series','Linear_Recurrences','Zeta_Function','Diophantine_Eqns_Lin_Hom','Count_Complex_Roots','Winding_Number_Eval','Buchi_Complementation','Transition_Systems_and_Automata','Kuratowski_Closure_Complement','Hybrid_Multi_Lane_Spatial_Logic','IMAP-CRDT','Stochastic_Matrices','Knuth_Morris_Pratt','BNF_Operations','Dirichlet_L','Mason_Stothers','Median_Of_Medians_Selection','Falling_Factorial_Sum','Taylor_Models','Green','Gromov_Hyperbolicity','Ordered_Resolution_Prover','LLL_Basis_Reduction','Error_Function','First_Order_Terms','LLL_Factorization','Treaps','Hoare_Time','Architectural_Design_Patterns','CakeML','Weight_Balanced_Trees','Fishburn_Impossibility','BNF_CC','VerifyThis2018','WebAssembly','Modular_Assembly_Kit_Security','OpSets','Monad_Memo_DP','AxiomaticCategoryTheory','Irrationality_J_Hancl','Probabilistic_Timed_Automata','Hidden_Markov_Models','Optimal_BST','Partial_Order_Reduction','Localization_Ring','Projective_Geometry','Pell','Neumann_Morgenstern_Utility','DiscretePricing','Minsky_Machines','Simplex','Budan_Fourier','Quaternions','Octonions','Aggregation_Algebras','Prime_Number_Theorem','Signature_Groebner','Symmetric_Polynomials','Pi_Transcendental','Factored_Transition_System_Bounding','Lambda_Free_EPO','Randomised_BSTs','Smooth_Manifolds','Epistemic_Logic','GewirthPGCProof','Generic_Deriving','Matroids','Auto2_HOL','Functional_Ordered_Resolution_Prover','Graph_Saturation','Order_Lattice_Props','Quantales','Transformer_Semantics','Constructive_Cryptography','Auto2_Imperative_HOL','Concurrent_Revisions','Core_DOM','Store_Buffer_Reduction','Higher_Order_Terms','IMP2','Farkas','List_Inversions','UTP','Universal_Turing_Machine','Probabilistic_Prime_Tests','Kruskal','Prime_Distribution_Elementary','Safe_OCL','QHLProver','Transcendence_Series_Hancl_Rucki','Binding_Syntax_Theory','LTL_Master_Theorem','HOL-CSP','Multi_Party_Computation','LambdaAuth','KD_Tree','Differential_Game_Logic','IMP2_Binary_Heap','Groebner_Macaulay','Nullstellensatz','Linear_Inequalities','Prim_Dijkstra_Simple','Priority_Search_Trees','Complete_Non_Orders','MFOTL_Monitor','CakeML_Codegen','FOL_Seq_Calc1','Szpilrajn','TESL_Language','Stellar_Quorums','IMO2019','C2KA_DistributedSystems','Linear_Programming','Laplace_Transform','Adaptive_State_Counting','Jacobson_Basic_Algebra','Fourier','Hybrid_Systems_VCs','Generic_Join','Clean','Sigma_Commit_Crypto','Aristotles_Assertoric_Syllogistic','VerifyThis2019','Isabelle_C','ZFC_in_HOL','Interval_Arithmetic_Word32','Generalized_Counting_Sort','Gauss_Sums','Complex_Geometry','Poincare_Disc','Poincare_Bendixson','Hybrid_Logic','Zeta_3_Irrational','Bicategory','Skip_Lists','Closest_Pair_Points','Approximation_Algorithms','Mersenne_Primes','Subset_Boolean_Algebras','Arith_Prog_Rel_Primes','VeriComp','Goodstein_Lambda','Hello_World','Relational-Incorrectness-Logic','Furstenberg_Topology','WOOT_Strong_Eventual_Consistency','Lucas_Theorem','Automated_Stateful_Protocol_Verification','Stateful_Protocol_Composition_and_Typing','MFODL_Monitor_Optimized','Saturation_Framework','Sliding_Window_Algorithm','ADS_Functor','Matrices_for_ODEs','Gaussian_Integers','Lambert_W','Power_Sum_Polynomials','Attack_Trees','Banach_Steinhaus','Forcing','LTL_Normal_Form','Recursion-Addition','Irrational_Series_Erdos_Straus','Knuth_Bendix_Order','Nash_Williams','Smith_Normal_Form','Safe_Distance','Relational_Paths','Chandy_Lamport','Ordinal_Partitions','Amicable_Numbers','BirdKMP','Saturation_Framework_Extensions','Relational_Disjoint_Set_Forests','Inductive_Inference','PAC_Checker','Extended_Finite_State_Machine_Inference','Extended_Finite_State_Machines','Goedel_HFSet_Semantic','Goedel_HFSet_Semanticless','Goedel_Incompleteness','Robinson_Arithmetic','Syntax_Independent_Logic','Core_SC_DOM','DOM_Components','SC_DOM_Components','Shadow_DOM','Shadow_SC_DOM','Finite-Map-Extras','Physical_Quantities','AI_Planning_Languages_Semantics','Verified_SAT_Based_AI_Planning','CSP_RefTK','Isabelle_Marries_Dirac','Relational_Method','Interpreter_Optimizations','Relational_Minimum_Spanning_Trees','Topological_Semantics','Delta_System_Lemma','JinjaDCI','Hood_Melville_Queue','Blue_Eyes','IsaGeoCoq','Laws_of_Large_Numbers','Formal_Puiseux_Series','BTree','Sunflowers','Mereology','Hermite_Lindemann','Projective_Measurements','Modular_arithmetic_LLL_and_HNF_algorithms','Constructive_Cryptography_CM','Padic_Ints','Grothendieck_Schemes','IFC_Tracking','Progress_Tracking','GaleStewart_Games','BenOr_Kozen_Reif','Lifting_the_Exponent','Metalogic_ProofChecker','Regression_Test_Selection','Combinatorics_Words','Combinatorics_Words_Graph_Lemma','Combinatorics_Words_Lyndon','IMP_Compiler','Public_Announcement_Logic','MiniSail','Van_der_Waerden','SpecCheck','Finitely_Generated_Abelian_Groups','Schutz_Spacetime','Relational_Forests','Design_Theory','BD_Security_Compositional','CoCon','CoSMeDis','CoSMed','Fresh_Identifiers','Three_Circles','Logging_Independent_Anonymity','Cubic_Quartic_Equations','Dominance_CHK','CZH_Elementary_Categories','CZH_Foundations','CZH_Universal_Constructions','Conditional_Simplification','Conditional_Transfer_Rule','Intro_Dest_Elim','Types_To_Sets_Extension','Weighted_Path_Order','Complex_Bounded_Operators','FOL_Axiomatic','Virtual_Substitution','Correctness_Algebras','X86_Semantics','Belief_Revision','Registers','Szemeredi_Regularity','Factor_Algebraic_Polynomial','PAL','Real_Power','SimplifiedOntologicalArgument','Hahn_Jordan_Decomposition','Foundation_of_geometry','Van_Emde_Boas_Trees','Simplicial_complexes_and_boolean_functions','Regular_Tree_Relations','MDP-Algorithms','MDP-Rewards','Roth_Arithmetic_Progressions','Gale_Shapley','Hyperdual','Knights_Tour','Irrationals_From_THEBOOK','Actuarial_Mathematics','Median_Method','Interpolation_Polynomials_HOL_Algebra','FOL_Seq_Calc2','Youngs_Inequality','FO_Theory_Rewriting','LP_Duality','Quasi_Borel_Spaces','Equivalence_Relation_Enumeration','VYDRA_MDL','Eval_FO','Wetzels_Problem','Universal_Hash_Families','ResiduatedTransitionSystem','Transitive_Models','Independence_CH','Cotangent_PFD_Formula','FOL_Seq_Calc3','Ackermanns_not_PR','Dedekind_Real','Frequency_Moments','Prefix_Free_Code_Combinators','Sophomores_Dream','Digit_Expansions','Multiset_Ordering_NPC','Fishers_Inequality','Clique_and_Monotone_Circuits','Package_logic','Pluennecke_Ruzsa_Inequality','Combinable_Wands','Rewrite_Properties_Reduction','DPRM_Theorem','Finite_Fields','IsaNet','Boolos_Curious_Inference','Real_Time_Deque','IMP_Compiler_Reuse','Weighted_Arithmetic_Geometric_Mean','Commuting_Hermitian','Solidity','Nano_JSON','FSM_Tests','Involutions2Squares','SCC_Bloemen_Sequential','Number_Theoretic_Transform','Hales_Jewett','Khovanskii_Theorem','Separation_Logic_Unbounded','CRYSTALS-Kyber','Implicational_Logic','Risk_Free_Lending','Padic_Field','Stalnaker_Logic','Safe_Range_RC','Maximum_Segment_Sum','Undirected_Graph_Theory','Query_Optimization']
+ const article_years_unique = ['2004','','','','','','','','','','','','','','2005','','','','','','','','2006','','','','','','','2007','','','','','','','','2008','','','','','','','','','','','','','','','2009','','','','','','','','','','','','2010','','','','','','','','','','','','','','','','','','','','','','2011','','','','','','','','','','','','','','','','','2012','','','','','','','','','','','','','','','','','','','','','','','','','2013','','','','','','','','','','','','','','','','','','','','','','','2014','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2015','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2016','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2017','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2018','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2019','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2020','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2021','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','2022','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','','']
+ const loc_articles = [839,1507,1542,1096,1058,2419,44195,205,142,1974,209,1110,3792,506,1141,3766,17615,3119,6430,1145,447,2537,1275,1583,1838,12832,13047,2685,1228,3556,4238,9647,2847,970,1740,79712,4738,3396,2185,10664,31022,6726,30332,180,793,1047,14413,2080,254,2221,5959,3463,799,1540,684,6654,8,2627,27490,264,32555,5025,4380,208,9533,447,2380,3399,606,6305,2060,840,713,1024,5632,1427,4078,2230,6003,22604,1602,3370,1587,2451,2591,260,1617,16,2937,6557,7804,6381,992,125,10130,332,239,1831,999,1756,4420,434,4461,11864,2835,8575,1045,408,2940,2613,37935,3243,1480,2612,3141,2580,23005,27588,2266,4107,7701,1249,260,5309,73,9729,719,6674,1512,4355,1249,1908,6214,4977,10086,7261,538,3830,4591,202,853,1784,5274,10304,1524,150,5292,706,2248,10737,1463,1958,3067,11487,1860,1190,1219,2174,1144,14860,2212,1957,166,10685,6419,572,590,465,1698,1909,4134,1403,2138,2280,1959,2467,220,4432,9396,5430,3999,4472,406,5935,1829,12828,3234,9486,4560,926,659,63,1653,2338,9085,753,2113,875,1836,627,945,1405,1296,7880,1922,90,28055,2879,2796,1116,5259,4863,8842,1356,5986,527,6658,2606,1772,5327,1092,4112,952,1064,2362,1089,2446,477,2074,3763,1954,710,16080,8267,908,1063,21228,9679,8661,3142,9156,695,435,13995,478,898,10416,2724,1162,741,405,495,498,838,3622,4616,6264,4106,8166,12091,3178,518,17581,2876,2418,5496,885,2453,1162,17387,509,703,5047,10687,4287,3811,5337,329,3985,1057,15080,3257,2582,553,8478,206,26817,8773,3324,2960,398,12811,9483,370,173,384,18990,2545,6119,3774,645,2415,4344,9370,20053,3963,3419,319,3174,169,19414,14667,541,2652,7059,7590,3898,3243,4507,855,2289,5027,1349,276,4339,1475,3482,7119,9662,601,1728,852,2194,12204,4212,590,13558,1695,4484,1644,694,835,737,3394,105,68,10492,1127,8501,11278,4135,378,4711,1200,2078,639,14059,2229,3930,4869,468,1531,5570,5683,1993,4205,478,4121,3146,3472,88,480,1261,1877,2193,250,10669,822,7466,3105,5302,2782,8208,8809,2324,6164,945,6514,992,489,810,8949,3434,338,854,493,4593,9457,15962,6402,10342,787,2288,3259,1820,8442,3278,12945,672,843,3402,3638,11570,13548,3734,6261,528,965,7711,1042,1221,5017,1390,2755,1622,2173,13357,805,10042,2667,541,1271,2668,5319,9770,2765,934,11918,2205,1743,7917,1209,449,685,1812,1227,3559,3578,2951,2218,1644,5182,4968,2767,17368,34354,3204,6019,1900,373,9969,30917,3018,3298,5306,4576,10509,986,15793,4437,9487,5543,3301,1264,2973,805,10229,2606,5735,3365,472,3604,3199,13289,987,787,4455,527,713,782,2335,2134,9936,2090,3736,5801,2350,4124,3809,176,1726,9701,7027,5069,5729,4562,14098,10292,6402,4470,1907,68336,2355,3937,3485,1706,3154,944,1033,597,370,691,764,2564,332,21109,23314,10943,3061,744,2353,1560,2537,1609,1239,1939,1338,12002,1034,1444,1902,2670,755,13319,3036,5074,9793,6287,1261,2908,2101,5117,12873,9018,4265,4731,426,11477,3546,1295,8100,16384,3523,7793,12668,15385,648,1761,2352,16434,2359,7700,3995,6542,4731,2826,3304,24539,745,365,26525,290,2582,15792,615,4039,3766,4959,17068,8442,15847,6578,4131,7218,1015,10329,384,9264,4094,13798,488,837,666,840,19737,1088,233,4433,7684,1962,4940,3003,11165,14638,5913,303,3758,817,1329,3157,40867,29106,22137,225,1053,176,17526,4239,17781,1306,21773,13533,2621,1324,5953,909,2961,133,2203,455,2619,6076,20665,1882,9541,4288,4298,1384,2007,2946,3108,269,948,566,757,2594,807,9208,624,8738,502,7222,5937,342,828,18280,18383,14310,730,719,200,1411,4182,816,401,1312,1820,5168,2337,2169,654,2031,3338,8759,4623,7346,95,3711,1527,414,5785,15325,1041,53757,351,3175,1958,2144,1388,2325,3584,431,1923,39761,534,3097,144,2696,19120]
</script>
<h4>Growth in number of entries:</h4>
<script src="../js/Chart.js"></script>
<div class="chart">
<canvas id="num-articles-canvas"></canvas>
</div>
<script>
new Chart(document.getElementById("num-articles-canvas"), {
type: 'bar',
data: {
labels: years,
datasets: [{
label: 'Size of the AFP in # of entries',
data: no_articles,
backgroundColor: "rgba(46, 45, 78, 1)"
}],
},
options: {
responsive: true,
maintainAspectRatio: false,
scales: {
yAxes: [{
ticks: {
beginAtZero: true
}
}]
},
}
})
</script>
<h4>Growth in lines of code:</h4>
<div class="chart">
<canvas id="loc-years-canvas"></canvas>
</div>
<script>
new Chart(document.getElementById("loc-years-canvas"), {
type: 'bar',
data: {
labels: years,
datasets: [{
label: 'size of the AFP in lines of code',
data: no_loc,
backgroundColor: "rgba(101, 99, 136, 1)"
}],
},
options: {
responsive: true,
maintainAspectRatio: false,
scales: {
yAxes: [{
ticks: {
beginAtZero: true
}
}]
},
}
})
</script>
<h4>Growth in number of authors:</h4>
<div class="chart">
<canvas id="author-years-canvas"></canvas>
</div>
<script>
new Chart(document.getElementById("author-years-canvas"), {
type: 'bar',
data: {
labels: years,
datasets: [{
label: 'new authors per year',
data: no_authors,
backgroundColor: "rgba(101, 99, 136, 1)"
},
{
label: 'number of authors contributing (cumulative)',
data: no_authors_series,
backgroundColor: "rgba(0, 15, 48, 1)"
}],
},
options: {
responsive: true,
maintainAspectRatio: false,
scales: {
yAxes: [{
ticks: {
beginAtZero: true
}
}]
},
}
})
</script>
<h4>Size of entries:</h4>
<div class="chart">
<canvas id="loc-articles-canvas"></canvas>
</div>
<script>
new Chart(document.getElementById("loc-articles-canvas"), {
type: 'bar',
data: {
labels: article_years_unique,
datasets: [{
label: 'loc per article',
data: loc_articles,
backgroundColor: 'rgba(101, 99, 136, 1)'
}]
},
options: {
responsive: true,
maintainAspectRatio: false,
scales: {
xAxes: [{
categoryPercentage: 1,
barPercentage: 0.9,
ticks: {
autoSkip: false
}
}],
yAxes: [{
ticks: {
beginAtZero: true
}
}]
},
tooltips: {
callbacks: {
title: tooltipItem => all_articles[tooltipItem[0].index]
}
}
}
})
</script>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/theories/index.xml b/web/theories/index.xml
--- a/web/theories/index.xml
+++ b/web/theories/index.xml
@@ -1,6589 +1,6598 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Theories on Archive of Formal Proofs</title>
<link>/theories/</link>
<description>Recent content in Theories on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language><atom:link href="/theories/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Abortable_Linearizable_Modules</title>
<link>/theories/abortable_linearizable_modules/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abortable_linearizable_modules/</guid>
<description></description>
</item>
<item>
<title>Abs_Int_ITP2012</title>
<link>/theories/abs_int_itp2012/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abs_int_itp2012/</guid>
<description></description>
</item>
<item>
<title>Abstract-Hoare-Logics</title>
<link>/theories/abstract-hoare-logics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abstract-hoare-logics/</guid>
<description></description>
</item>
<item>
<title>Abstract-Rewriting</title>
<link>/theories/abstract-rewriting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abstract-rewriting/</guid>
<description></description>
</item>
<item>
<title>Abstract_Completeness</title>
<link>/theories/abstract_completeness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abstract_completeness/</guid>
<description></description>
</item>
<item>
<title>Abstract_Soundness</title>
<link>/theories/abstract_soundness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/abstract_soundness/</guid>
<description></description>
</item>
<item>
<title>Ackermanns_not_PR</title>
<link>/theories/ackermanns_not_pr/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ackermanns_not_pr/</guid>
<description></description>
</item>
<item>
<title>Actuarial_Mathematics</title>
<link>/theories/actuarial_mathematics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/actuarial_mathematics/</guid>
<description></description>
</item>
<item>
<title>Adaptive_State_Counting</title>
<link>/theories/adaptive_state_counting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/adaptive_state_counting/</guid>
<description></description>
</item>
<item>
<title>ADS_Functor</title>
<link>/theories/ads_functor/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ads_functor/</guid>
<description></description>
</item>
<item>
<title>Affine_Arithmetic</title>
<link>/theories/affine_arithmetic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/affine_arithmetic/</guid>
<description></description>
</item>
<item>
<title>Aggregation_Algebras</title>
<link>/theories/aggregation_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/aggregation_algebras/</guid>
<description></description>
</item>
<item>
<title>AI_Planning_Languages_Semantics</title>
<link>/theories/ai_planning_languages_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ai_planning_languages_semantics/</guid>
<description></description>
</item>
<item>
<title>Akra_Bazzi</title>
<link>/theories/akra_bazzi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/akra_bazzi/</guid>
<description></description>
</item>
<item>
<title>Algebraic_Numbers</title>
<link>/theories/algebraic_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/algebraic_numbers/</guid>
<description></description>
</item>
<item>
<title>Algebraic_VCs</title>
<link>/theories/algebraic_vcs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/algebraic_vcs/</guid>
<description></description>
</item>
<item>
<title>Allen_Calculus</title>
<link>/theories/allen_calculus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/allen_calculus/</guid>
<description></description>
</item>
<item>
<title>Amicable_Numbers</title>
<link>/theories/amicable_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/amicable_numbers/</guid>
<description></description>
</item>
<item>
<title>Amortized_Complexity</title>
<link>/theories/amortized_complexity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/amortized_complexity/</guid>
<description></description>
</item>
<item>
<title>AnselmGod</title>
<link>/theories/anselmgod/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/anselmgod/</guid>
<description></description>
</item>
<item>
<title>AODV</title>
<link>/theories/aodv/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/aodv/</guid>
<description></description>
</item>
<item>
<title>Applicative_Lifting</title>
<link>/theories/applicative_lifting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/applicative_lifting/</guid>
<description></description>
</item>
<item>
<title>Approximation_Algorithms</title>
<link>/theories/approximation_algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/approximation_algorithms/</guid>
<description></description>
</item>
<item>
<title>Architectural_Design_Patterns</title>
<link>/theories/architectural_design_patterns/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/architectural_design_patterns/</guid>
<description></description>
</item>
<item>
<title>Aristotles_Assertoric_Syllogistic</title>
<link>/theories/aristotles_assertoric_syllogistic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/aristotles_assertoric_syllogistic/</guid>
<description></description>
</item>
<item>
<title>Arith_Prog_Rel_Primes</title>
<link>/theories/arith_prog_rel_primes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/arith_prog_rel_primes/</guid>
<description></description>
</item>
<item>
<title>ArrowImpossibilityGS</title>
<link>/theories/arrowimpossibilitygs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/arrowimpossibilitygs/</guid>
<description></description>
</item>
<item>
<title>Attack_Trees</title>
<link>/theories/attack_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/attack_trees/</guid>
<description></description>
</item>
<item>
<title>Auto2_HOL</title>
<link>/theories/auto2_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/auto2_hol/</guid>
<description></description>
</item>
<item>
<title>Auto2_Imperative_HOL</title>
<link>/theories/auto2_imperative_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/auto2_imperative_hol/</guid>
<description></description>
</item>
<item>
<title>AutoFocus-Stream</title>
<link>/theories/autofocus-stream/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/autofocus-stream/</guid>
<description></description>
</item>
<item>
<title>Automated_Stateful_Protocol_Verification</title>
<link>/theories/automated_stateful_protocol_verification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/automated_stateful_protocol_verification/</guid>
<description></description>
</item>
<item>
<title>Automatic_Refinement</title>
<link>/theories/automatic_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/automatic_refinement/</guid>
<description></description>
</item>
<item>
<title>AVL-Trees</title>
<link>/theories/avl-trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/avl-trees/</guid>
<description></description>
</item>
<item>
<title>AWN</title>
<link>/theories/awn/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/awn/</guid>
<description></description>
</item>
<item>
<title>AxiomaticCategoryTheory</title>
<link>/theories/axiomaticcategorytheory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/axiomaticcategorytheory/</guid>
<description></description>
</item>
<item>
<title>Banach_Steinhaus</title>
<link>/theories/banach_steinhaus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/banach_steinhaus/</guid>
<description></description>
</item>
<item>
<title>BD_Security_Compositional</title>
<link>/theories/bd_security_compositional/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bd_security_compositional/</guid>
<description></description>
</item>
<item>
<title>BDD</title>
<link>/theories/bdd/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bdd/</guid>
<description></description>
</item>
<item>
<title>Belief_Revision</title>
<link>/theories/belief_revision/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/belief_revision/</guid>
<description></description>
</item>
<item>
<title>Bell_Numbers_Spivey</title>
<link>/theories/bell_numbers_spivey/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bell_numbers_spivey/</guid>
<description></description>
</item>
<item>
<title>BenOr_Kozen_Reif</title>
<link>/theories/benor_kozen_reif/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/benor_kozen_reif/</guid>
<description></description>
</item>
<item>
<title>Berlekamp_Zassenhaus</title>
<link>/theories/berlekamp_zassenhaus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/berlekamp_zassenhaus/</guid>
<description></description>
</item>
<item>
<title>Bernoulli</title>
<link>/theories/bernoulli/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bernoulli/</guid>
<description></description>
</item>
<item>
<title>Bertrands_Postulate</title>
<link>/theories/bertrands_postulate/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bertrands_postulate/</guid>
<description></description>
</item>
<item>
<title>Bicategory</title>
<link>/theories/bicategory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bicategory/</guid>
<description></description>
</item>
<item>
<title>BinarySearchTree</title>
<link>/theories/binarysearchtree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/binarysearchtree/</guid>
<description></description>
</item>
<item>
<title>Binding_Syntax_Theory</title>
<link>/theories/binding_syntax_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/binding_syntax_theory/</guid>
<description></description>
</item>
<item>
<title>Binomial-Heaps</title>
<link>/theories/binomial-heaps/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/binomial-heaps/</guid>
<description></description>
</item>
<item>
<title>Binomial-Queues</title>
<link>/theories/binomial-queues/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/binomial-queues/</guid>
<description></description>
</item>
<item>
<title>BirdKMP</title>
<link>/theories/birdkmp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/birdkmp/</guid>
<description></description>
</item>
<item>
<title>Blue_Eyes</title>
<link>/theories/blue_eyes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/blue_eyes/</guid>
<description></description>
</item>
<item>
<title>BNF_CC</title>
<link>/theories/bnf_cc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bnf_cc/</guid>
<description></description>
</item>
<item>
<title>BNF_Operations</title>
<link>/theories/bnf_operations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bnf_operations/</guid>
<description></description>
</item>
<item>
<title>Bondy</title>
<link>/theories/bondy/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bondy/</guid>
<description></description>
</item>
<item>
<title>Boolean_Expression_Checkers</title>
<link>/theories/boolean_expression_checkers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/boolean_expression_checkers/</guid>
<description></description>
</item>
<item>
<title>Boolos_Curious_Inference</title>
<link>/theories/boolos_curious_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/boolos_curious_inference/</guid>
<description></description>
</item>
<item>
<title>Bounded_Deducibility_Security</title>
<link>/theories/bounded_deducibility_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bounded_deducibility_security/</guid>
<description></description>
</item>
<item>
<title>BTree</title>
<link>/theories/btree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/btree/</guid>
<description></description>
</item>
<item>
<title>Buchi_Complementation</title>
<link>/theories/buchi_complementation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/buchi_complementation/</guid>
<description></description>
</item>
<item>
<title>Budan_Fourier</title>
<link>/theories/budan_fourier/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/budan_fourier/</guid>
<description></description>
</item>
<item>
<title>Buffons_Needle</title>
<link>/theories/buffons_needle/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/buffons_needle/</guid>
<description></description>
</item>
<item>
<title>Buildings</title>
<link>/theories/buildings/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/buildings/</guid>
<description></description>
</item>
<item>
<title>BytecodeLogicJmlTypes</title>
<link>/theories/bytecodelogicjmltypes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/bytecodelogicjmltypes/</guid>
<description></description>
</item>
<item>
<title>C2KA_DistributedSystems</title>
<link>/theories/c2ka_distributedsystems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/c2ka_distributedsystems/</guid>
<description></description>
</item>
<item>
<title>CakeML</title>
<link>/theories/cakeml/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cakeml/</guid>
<description></description>
</item>
<item>
<title>CakeML_Codegen</title>
<link>/theories/cakeml_codegen/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cakeml_codegen/</guid>
<description></description>
</item>
<item>
<title>Call_Arity</title>
<link>/theories/call_arity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/call_arity/</guid>
<description></description>
</item>
<item>
<title>Card_Equiv_Relations</title>
<link>/theories/card_equiv_relations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/card_equiv_relations/</guid>
<description></description>
</item>
<item>
<title>Card_Multisets</title>
<link>/theories/card_multisets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/card_multisets/</guid>
<description></description>
</item>
<item>
<title>Card_Number_Partitions</title>
<link>/theories/card_number_partitions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/card_number_partitions/</guid>
<description></description>
</item>
<item>
<title>Card_Partitions</title>
<link>/theories/card_partitions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/card_partitions/</guid>
<description></description>
</item>
<item>
<title>Cartan_FP</title>
<link>/theories/cartan_fp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cartan_fp/</guid>
<description></description>
</item>
<item>
<title>Case_Labeling</title>
<link>/theories/case_labeling/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/case_labeling/</guid>
<description></description>
</item>
<item>
<title>Catalan_Numbers</title>
<link>/theories/catalan_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/catalan_numbers/</guid>
<description></description>
</item>
<item>
<title>Category</title>
<link>/theories/category/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/category/</guid>
<description></description>
</item>
<item>
<title>Category2</title>
<link>/theories/category2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/category2/</guid>
<description></description>
</item>
<item>
<title>Category3</title>
<link>/theories/category3/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/category3/</guid>
<description></description>
</item>
<item>
<title>Cauchy</title>
<link>/theories/cauchy/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cauchy/</guid>
<description></description>
</item>
<item>
<title>CAVA_Automata</title>
<link>/theories/cava_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cava_automata/</guid>
<description></description>
</item>
<item>
<title>CAVA_Base</title>
<link>/theories/cava_base/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cava_base/</guid>
<description></description>
</item>
<item>
<title>CAVA_LTL_Modelchecker</title>
<link>/theories/cava_ltl_modelchecker/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cava_ltl_modelchecker/</guid>
<description></description>
</item>
<item>
<title>CAVA_Setup</title>
<link>/theories/cava_setup/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cava_setup/</guid>
<description></description>
</item>
<item>
<title>Cayley_Hamilton</title>
<link>/theories/cayley_hamilton/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cayley_hamilton/</guid>
<description></description>
</item>
<item>
<title>CCS</title>
<link>/theories/ccs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ccs/</guid>
<description></description>
</item>
<item>
<title>Certification_Monads</title>
<link>/theories/certification_monads/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/certification_monads/</guid>
<description></description>
</item>
<item>
<title>Chandy_Lamport</title>
<link>/theories/chandy_lamport/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/chandy_lamport/</guid>
<description></description>
</item>
<item>
<title>Chord_Segments</title>
<link>/theories/chord_segments/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/chord_segments/</guid>
<description></description>
</item>
<item>
<title>Circus</title>
<link>/theories/circus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/circus/</guid>
<description></description>
</item>
<item>
<title>CISC-Kernel</title>
<link>/theories/cisc-kernel/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cisc-kernel/</guid>
<description></description>
</item>
<item>
<title>Clean</title>
<link>/theories/clean/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/clean/</guid>
<description></description>
</item>
<item>
<title>Clique_and_Monotone_Circuits</title>
<link>/theories/clique_and_monotone_circuits/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/clique_and_monotone_circuits/</guid>
<description></description>
</item>
<item>
<title>ClockSynchInst</title>
<link>/theories/clocksynchinst/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/clocksynchinst/</guid>
<description></description>
</item>
<item>
<title>Closest_Pair_Points</title>
<link>/theories/closest_pair_points/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/closest_pair_points/</guid>
<description></description>
</item>
<item>
<title>CoCon</title>
<link>/theories/cocon/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cocon/</guid>
<description></description>
</item>
<item>
<title>CofGroups</title>
<link>/theories/cofgroups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cofgroups/</guid>
<description></description>
</item>
<item>
<title>Coinductive</title>
<link>/theories/coinductive/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/coinductive/</guid>
<description></description>
</item>
<item>
<title>Coinductive_Languages</title>
<link>/theories/coinductive_languages/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/coinductive_languages/</guid>
<description></description>
</item>
<item>
<title>Collections</title>
<link>/theories/collections/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/collections/</guid>
<description></description>
</item>
<item>
<title>Collections_Examples</title>
<link>/theories/collections_examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/collections_examples/</guid>
<description></description>
</item>
<item>
<title>Combinable_Wands</title>
<link>/theories/combinable_wands/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/combinable_wands/</guid>
<description></description>
</item>
<item>
<title>Combinatorics_Words</title>
<link>/theories/combinatorics_words/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/combinatorics_words/</guid>
<description></description>
</item>
<item>
<title>Combinatorics_Words_Graph_Lemma</title>
<link>/theories/combinatorics_words_graph_lemma/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/combinatorics_words_graph_lemma/</guid>
<description></description>
</item>
<item>
<title>Combinatorics_Words_Lyndon</title>
<link>/theories/combinatorics_words_lyndon/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/combinatorics_words_lyndon/</guid>
<description></description>
</item>
<item>
<title>Commuting_Hermitian</title>
<link>/theories/commuting_hermitian/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/commuting_hermitian/</guid>
<description></description>
</item>
<item>
<title>Comparison_Sort_Lower_Bound</title>
<link>/theories/comparison_sort_lower_bound/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/comparison_sort_lower_bound/</guid>
<description></description>
</item>
<item>
<title>Compiling-Exceptions-Correctly</title>
<link>/theories/compiling-exceptions-correctly/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/compiling-exceptions-correctly/</guid>
<description></description>
</item>
<item>
<title>Complete_Non_Orders</title>
<link>/theories/complete_non_orders/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/complete_non_orders/</guid>
<description></description>
</item>
<item>
<title>Completeness</title>
<link>/theories/completeness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/completeness/</guid>
<description></description>
</item>
<item>
<title>Complex_Bounded_Operators</title>
<link>/theories/complex_bounded_operators/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/complex_bounded_operators/</guid>
<description></description>
</item>
<item>
<title>Complex_Geometry</title>
<link>/theories/complex_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/complex_geometry/</guid>
<description></description>
</item>
<item>
<title>Complx</title>
<link>/theories/complx/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/complx/</guid>
<description></description>
</item>
<item>
<title>ComponentDependencies</title>
<link>/theories/componentdependencies/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/componentdependencies/</guid>
<description></description>
</item>
<item>
<title>Concurrent_Ref_Alg</title>
<link>/theories/concurrent_ref_alg/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/concurrent_ref_alg/</guid>
<description></description>
</item>
<item>
<title>Concurrent_Revisions</title>
<link>/theories/concurrent_revisions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/concurrent_revisions/</guid>
<description></description>
</item>
<item>
<title>ConcurrentGC</title>
<link>/theories/concurrentgc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/concurrentgc/</guid>
<description></description>
</item>
<item>
<title>ConcurrentIMP</title>
<link>/theories/concurrentimp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/concurrentimp/</guid>
<description></description>
</item>
<item>
<title>Conditional_Simplification</title>
<link>/theories/conditional_simplification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/conditional_simplification/</guid>
<description></description>
</item>
<item>
<title>Conditional_Transfer_Rule</title>
<link>/theories/conditional_transfer_rule/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/conditional_transfer_rule/</guid>
<description></description>
</item>
<item>
<title>Consensus_Refined</title>
<link>/theories/consensus_refined/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/consensus_refined/</guid>
<description></description>
</item>
<item>
<title>Constructive_Cryptography</title>
<link>/theories/constructive_cryptography/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/constructive_cryptography/</guid>
<description></description>
</item>
<item>
<title>Constructive_Cryptography_CM</title>
<link>/theories/constructive_cryptography_cm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/constructive_cryptography_cm/</guid>
<description></description>
</item>
<item>
<title>Constructor_Funs</title>
<link>/theories/constructor_funs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/constructor_funs/</guid>
<description></description>
</item>
<item>
<title>Containers</title>
<link>/theories/containers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/containers/</guid>
<description></description>
</item>
<item>
<title>Containers-Benchmarks</title>
<link>/theories/containers-benchmarks/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/containers-benchmarks/</guid>
<description></description>
</item>
<item>
<title>Core_DOM</title>
<link>/theories/core_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/core_dom/</guid>
<description></description>
</item>
<item>
<title>Core_SC_DOM</title>
<link>/theories/core_sc_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/core_sc_dom/</guid>
<description></description>
</item>
<item>
<title>CoreC&#43;&#43;</title>
<link>/theories/corec&#43;&#43;/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/corec&#43;&#43;/</guid>
<description></description>
</item>
<item>
<title>Correctness_Algebras</title>
<link>/theories/correctness_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/correctness_algebras/</guid>
<description></description>
</item>
<item>
<title>CoSMed</title>
<link>/theories/cosmed/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cosmed/</guid>
<description></description>
</item>
<item>
<title>CoSMeDis</title>
<link>/theories/cosmedis/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cosmedis/</guid>
<description></description>
</item>
<item>
<title>Cotangent_PFD_Formula</title>
<link>/theories/cotangent_pfd_formula/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cotangent_pfd_formula/</guid>
<description></description>
</item>
<item>
<title>Count_Complex_Roots</title>
<link>/theories/count_complex_roots/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/count_complex_roots/</guid>
<description></description>
</item>
<item>
<title>CRDT</title>
<link>/theories/crdt/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/crdt/</guid>
<description></description>
</item>
<item>
<title>CryptHOL</title>
<link>/theories/crypthol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/crypthol/</guid>
<description></description>
</item>
<item>
<title>CryptoBasedCompositionalProperties</title>
<link>/theories/cryptobasedcompositionalproperties/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cryptobasedcompositionalproperties/</guid>
<description></description>
</item>
<item>
<title>CRYSTALS-Kyber</title>
<link>/theories/crystals-kyber/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/crystals-kyber/</guid>
<description></description>
</item>
<item>
<title>CSP_RefTK</title>
<link>/theories/csp_reftk/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/csp_reftk/</guid>
<description></description>
</item>
<item>
<title>Cubic_Quartic_Equations</title>
<link>/theories/cubic_quartic_equations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cubic_quartic_equations/</guid>
<description></description>
</item>
<item>
<title>CYK</title>
<link>/theories/cyk/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/cyk/</guid>
<description></description>
</item>
<item>
<title>CZH_Elementary_Categories</title>
<link>/theories/czh_elementary_categories/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/czh_elementary_categories/</guid>
<description></description>
</item>
<item>
<title>CZH_Foundations</title>
<link>/theories/czh_foundations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/czh_foundations/</guid>
<description></description>
</item>
<item>
<title>CZH_Universal_Constructions</title>
<link>/theories/czh_universal_constructions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/czh_universal_constructions/</guid>
<description></description>
</item>
<item>
<title>DataRefinementIBP</title>
<link>/theories/datarefinementibp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/datarefinementibp/</guid>
<description></description>
</item>
<item>
<title>Datatype_Order_Generator</title>
<link>/theories/datatype_order_generator/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/datatype_order_generator/</guid>
<description></description>
</item>
<item>
<title>Decl_Sem_Fun_PL</title>
<link>/theories/decl_sem_fun_pl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/decl_sem_fun_pl/</guid>
<description></description>
</item>
<item>
<title>Decreasing-Diagrams</title>
<link>/theories/decreasing-diagrams/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/decreasing-diagrams/</guid>
<description></description>
</item>
<item>
<title>Decreasing-Diagrams-II</title>
<link>/theories/decreasing-diagrams-ii/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/decreasing-diagrams-ii/</guid>
<description></description>
</item>
<item>
<title>Dedekind_Real</title>
<link>/theories/dedekind_real/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dedekind_real/</guid>
<description></description>
</item>
<item>
<title>Deep_Learning</title>
<link>/theories/deep_learning/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/deep_learning/</guid>
<description></description>
</item>
<item>
<title>Delta_System_Lemma</title>
<link>/theories/delta_system_lemma/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/delta_system_lemma/</guid>
<description></description>
</item>
<item>
<title>Density_Compiler</title>
<link>/theories/density_compiler/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/density_compiler/</guid>
<description></description>
</item>
<item>
<title>Dependent_SIFUM_Refinement</title>
<link>/theories/dependent_sifum_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dependent_sifum_refinement/</guid>
<description></description>
</item>
<item>
<title>Dependent_SIFUM_Type_Systems</title>
<link>/theories/dependent_sifum_type_systems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dependent_sifum_type_systems/</guid>
<description></description>
</item>
<item>
<title>Depth-First-Search</title>
<link>/theories/depth-first-search/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/depth-first-search/</guid>
<description></description>
</item>
<item>
<title>Derangements</title>
<link>/theories/derangements/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/derangements/</guid>
<description></description>
</item>
<item>
<title>Deriving</title>
<link>/theories/deriving/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/deriving/</guid>
<description></description>
</item>
<item>
<title>Descartes_Sign_Rule</title>
<link>/theories/descartes_sign_rule/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/descartes_sign_rule/</guid>
<description></description>
</item>
<item>
<title>Design_Theory</title>
<link>/theories/design_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/design_theory/</guid>
<description></description>
</item>
<item>
<title>DFS_Framework</title>
<link>/theories/dfs_framework/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dfs_framework/</guid>
<description></description>
</item>
<item>
<title>Dict_Construction</title>
<link>/theories/dict_construction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dict_construction/</guid>
<description></description>
</item>
<item>
<title>Differential_Dynamic_Logic</title>
<link>/theories/differential_dynamic_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/differential_dynamic_logic/</guid>
<description></description>
</item>
<item>
<title>Differential_Game_Logic</title>
<link>/theories/differential_game_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/differential_game_logic/</guid>
<description></description>
</item>
<item>
<title>Digit_Expansions</title>
<link>/theories/digit_expansions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/digit_expansions/</guid>
<description></description>
</item>
<item>
<title>Dijkstra_Shortest_Path</title>
<link>/theories/dijkstra_shortest_path/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dijkstra_shortest_path/</guid>
<description></description>
</item>
<item>
<title>Diophantine_Eqns_Lin_Hom</title>
<link>/theories/diophantine_eqns_lin_hom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/diophantine_eqns_lin_hom/</guid>
<description></description>
</item>
<item>
<title>Dirichlet_L</title>
<link>/theories/dirichlet_l/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dirichlet_l/</guid>
<description></description>
</item>
<item>
<title>Dirichlet_Series</title>
<link>/theories/dirichlet_series/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dirichlet_series/</guid>
<description></description>
</item>
<item>
<title>Discrete_Summation</title>
<link>/theories/discrete_summation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/discrete_summation/</guid>
<description></description>
</item>
<item>
<title>DiscretePricing</title>
<link>/theories/discretepricing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/discretepricing/</guid>
<description></description>
</item>
<item>
<title>DiskPaxos</title>
<link>/theories/diskpaxos/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/diskpaxos/</guid>
<description></description>
</item>
<item>
<title>DOM_Components</title>
<link>/theories/dom_components/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dom_components/</guid>
<description></description>
</item>
<item>
<title>Dominance_CHK</title>
<link>/theories/dominance_chk/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dominance_chk/</guid>
<description></description>
</item>
<item>
<title>DPRM_Theorem</title>
<link>/theories/dprm_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dprm_theorem/</guid>
<description></description>
</item>
<item>
<title>DPT-SAT-Solver</title>
<link>/theories/dpt-sat-solver/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dpt-sat-solver/</guid>
<description></description>
</item>
<item>
<title>Dynamic_Tables</title>
<link>/theories/dynamic_tables/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dynamic_tables/</guid>
<description></description>
</item>
<item>
<title>DynamicArchitectures</title>
<link>/theories/dynamicarchitectures/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/dynamicarchitectures/</guid>
<description></description>
</item>
<item>
<title>E_Transcendental</title>
<link>/theories/e_transcendental/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/e_transcendental/</guid>
<description></description>
</item>
<item>
<title>Echelon_Form</title>
<link>/theories/echelon_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/echelon_form/</guid>
<description></description>
</item>
<item>
<title>EdmondsKarp_Maxflow</title>
<link>/theories/edmondskarp_maxflow/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/edmondskarp_maxflow/</guid>
<description></description>
</item>
<item>
<title>Efficient-Mergesort</title>
<link>/theories/efficient-mergesort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/efficient-mergesort/</guid>
<description></description>
</item>
<item>
<title>Elliptic_Curves_Group_Law</title>
<link>/theories/elliptic_curves_group_law/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/elliptic_curves_group_law/</guid>
<description></description>
</item>
<item>
<title>Encodability_Process_Calculi</title>
<link>/theories/encodability_process_calculi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/encodability_process_calculi/</guid>
<description></description>
</item>
<item>
<title>Epistemic_Logic</title>
<link>/theories/epistemic_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/epistemic_logic/</guid>
<description></description>
</item>
<item>
<title>Equivalence_Relation_Enumeration</title>
<link>/theories/equivalence_relation_enumeration/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/equivalence_relation_enumeration/</guid>
<description></description>
</item>
<item>
<title>Ergodic_Theory</title>
<link>/theories/ergodic_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ergodic_theory/</guid>
<description></description>
</item>
<item>
<title>Error_Function</title>
<link>/theories/error_function/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/error_function/</guid>
<description></description>
</item>
<item>
<title>Euler_MacLaurin</title>
<link>/theories/euler_maclaurin/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/euler_maclaurin/</guid>
<description></description>
</item>
<item>
<title>Euler_Partition</title>
<link>/theories/euler_partition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/euler_partition/</guid>
<description></description>
</item>
<item>
<title>Eval_FO</title>
<link>/theories/eval_fo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/eval_fo/</guid>
<description></description>
</item>
<item>
<title>Extended_Finite_State_Machine_Inference</title>
<link>/theories/extended_finite_state_machine_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/extended_finite_state_machine_inference/</guid>
<description></description>
</item>
<item>
<title>Extended_Finite_State_Machines</title>
<link>/theories/extended_finite_state_machines/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/extended_finite_state_machines/</guid>
<description></description>
</item>
<item>
<title>Factor_Algebraic_Polynomial</title>
<link>/theories/factor_algebraic_polynomial/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/factor_algebraic_polynomial/</guid>
<description></description>
</item>
<item>
<title>Factored_Transition_System_Bounding</title>
<link>/theories/factored_transition_system_bounding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/factored_transition_system_bounding/</guid>
<description></description>
</item>
<item>
<title>Falling_Factorial_Sum</title>
<link>/theories/falling_factorial_sum/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/falling_factorial_sum/</guid>
<description></description>
</item>
<item>
<title>Farkas</title>
<link>/theories/farkas/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/farkas/</guid>
<description></description>
</item>
<item>
<title>Featherweight_OCL</title>
<link>/theories/featherweight_ocl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/featherweight_ocl/</guid>
<description></description>
</item>
<item>
<title>FeatherweightJava</title>
<link>/theories/featherweightjava/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/featherweightjava/</guid>
<description></description>
</item>
<item>
<title>Fermat3_4</title>
<link>/theories/fermat3_4/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fermat3_4/</guid>
<description></description>
</item>
<item>
<title>FFT</title>
<link>/theories/fft/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fft/</guid>
<description></description>
</item>
<item>
<title>FileRefinement</title>
<link>/theories/filerefinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/filerefinement/</guid>
<description></description>
</item>
<item>
<title>FinFun</title>
<link>/theories/finfun/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finfun/</guid>
<description></description>
</item>
<item>
<title>Finger-Trees</title>
<link>/theories/finger-trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finger-trees/</guid>
<description></description>
</item>
<item>
<title>Finite-Map-Extras</title>
<link>/theories/finite-map-extras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finite-map-extras/</guid>
<description></description>
</item>
<item>
<title>Finite_Automata_HF</title>
<link>/theories/finite_automata_hf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finite_automata_hf/</guid>
<description></description>
</item>
<item>
<title>Finite_Fields</title>
<link>/theories/finite_fields/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finite_fields/</guid>
<description></description>
</item>
<item>
<title>Finitely_Generated_Abelian_Groups</title>
<link>/theories/finitely_generated_abelian_groups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/finitely_generated_abelian_groups/</guid>
<description></description>
</item>
<item>
<title>First_Order_Terms</title>
<link>/theories/first_order_terms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/first_order_terms/</guid>
<description></description>
</item>
<item>
<title>First_Welfare_Theorem</title>
<link>/theories/first_welfare_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/first_welfare_theorem/</guid>
<description></description>
</item>
<item>
<title>Fishburn_Impossibility</title>
<link>/theories/fishburn_impossibility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fishburn_impossibility/</guid>
<description></description>
</item>
<item>
<title>Fisher_Yates</title>
<link>/theories/fisher_yates/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fisher_yates/</guid>
<description></description>
</item>
<item>
<title>Fishers_Inequality</title>
<link>/theories/fishers_inequality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fishers_inequality/</guid>
<description></description>
</item>
<item>
<title>Flow_Networks</title>
<link>/theories/flow_networks/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/flow_networks/</guid>
<description></description>
</item>
<item>
<title>Floyd_Warshall</title>
<link>/theories/floyd_warshall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/floyd_warshall/</guid>
<description></description>
</item>
<item>
<title>FLP</title>
<link>/theories/flp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/flp/</guid>
<description></description>
</item>
<item>
<title>Flyspeck-Tame</title>
<link>/theories/flyspeck-tame/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/flyspeck-tame/</guid>
<description></description>
</item>
<item>
<title>Flyspeck-Tame-Computation</title>
<link>/theories/flyspeck-tame-computation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/flyspeck-tame-computation/</guid>
<description></description>
</item>
<item>
<title>FO_Theory_Rewriting</title>
<link>/theories/fo_theory_rewriting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fo_theory_rewriting/</guid>
<description></description>
</item>
<item>
<title>FocusStreamsCaseStudies</title>
<link>/theories/focusstreamscasestudies/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/focusstreamscasestudies/</guid>
<description></description>
</item>
<item>
<title>FOL-Fitting</title>
<link>/theories/fol-fitting/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol-fitting/</guid>
<description></description>
</item>
<item>
<title>FOL_Axiomatic</title>
<link>/theories/fol_axiomatic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol_axiomatic/</guid>
<description></description>
</item>
<item>
<title>FOL_Harrison</title>
<link>/theories/fol_harrison/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol_harrison/</guid>
<description></description>
</item>
<item>
<title>FOL_Seq_Calc1</title>
<link>/theories/fol_seq_calc1/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol_seq_calc1/</guid>
<description></description>
</item>
<item>
<title>FOL_Seq_Calc2</title>
<link>/theories/fol_seq_calc2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol_seq_calc2/</guid>
<description></description>
</item>
<item>
<title>FOL_Seq_Calc3</title>
<link>/theories/fol_seq_calc3/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fol_seq_calc3/</guid>
<description></description>
</item>
<item>
<title>Forcing</title>
<link>/theories/forcing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/forcing/</guid>
<description></description>
</item>
<item>
<title>Formal_Puiseux_Series</title>
<link>/theories/formal_puiseux_series/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/formal_puiseux_series/</guid>
<description></description>
</item>
<item>
<title>Formal_SSA</title>
<link>/theories/formal_ssa/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/formal_ssa/</guid>
<description></description>
</item>
<item>
<title>Formula_Derivatives</title>
<link>/theories/formula_derivatives/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/formula_derivatives/</guid>
<description></description>
</item>
<item>
<title>Formula_Derivatives-Examples</title>
<link>/theories/formula_derivatives-examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/formula_derivatives-examples/</guid>
<description></description>
</item>
<item>
<title>Foundation_of_geometry</title>
<link>/theories/foundation_of_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/foundation_of_geometry/</guid>
<description></description>
</item>
<item>
<title>Fourier</title>
<link>/theories/fourier/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fourier/</guid>
<description></description>
</item>
<item>
<title>Free-Boolean-Algebra</title>
<link>/theories/free-boolean-algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/free-boolean-algebra/</guid>
<description></description>
</item>
<item>
<title>Free-Groups</title>
<link>/theories/free-groups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/free-groups/</guid>
<description></description>
</item>
<item>
<title>Frequency_Moments</title>
<link>/theories/frequency_moments/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/frequency_moments/</guid>
<description></description>
</item>
<item>
<title>Fresh_Identifiers</title>
<link>/theories/fresh_identifiers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fresh_identifiers/</guid>
<description></description>
</item>
<item>
<title>FSM_Tests</title>
<link>/theories/fsm_tests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/fsm_tests/</guid>
<description></description>
</item>
<item>
<title>Functional-Automata</title>
<link>/theories/functional-automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/functional-automata/</guid>
<description></description>
</item>
<item>
<title>Functional_Ordered_Resolution_Prover</title>
<link>/theories/functional_ordered_resolution_prover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/functional_ordered_resolution_prover/</guid>
<description></description>
</item>
<item>
<title>FunWithFunctions</title>
<link>/theories/funwithfunctions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/funwithfunctions/</guid>
<description></description>
</item>
<item>
<title>FunWithTilings</title>
<link>/theories/funwithtilings/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/funwithtilings/</guid>
<description></description>
</item>
<item>
<title>Furstenberg_Topology</title>
<link>/theories/furstenberg_topology/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/furstenberg_topology/</guid>
<description></description>
</item>
<item>
<title>Gabow_SCC</title>
<link>/theories/gabow_scc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gabow_scc/</guid>
<description></description>
</item>
<item>
<title>Gale_Shapley</title>
<link>/theories/gale_shapley/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gale_shapley/</guid>
<description></description>
</item>
<item>
<title>GaleStewart_Games</title>
<link>/theories/galestewart_games/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/galestewart_games/</guid>
<description></description>
</item>
<item>
<title>Game_Based_Crypto</title>
<link>/theories/game_based_crypto/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/game_based_crypto/</guid>
<description></description>
</item>
<item>
<title>Gauss-Jordan-Elim-Fun</title>
<link>/theories/gauss-jordan-elim-fun/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gauss-jordan-elim-fun/</guid>
<description></description>
</item>
<item>
<title>Gauss_Jordan</title>
<link>/theories/gauss_jordan/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gauss_jordan/</guid>
<description></description>
</item>
<item>
<title>Gauss_Sums</title>
<link>/theories/gauss_sums/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gauss_sums/</guid>
<description></description>
</item>
<item>
<title>Gaussian_Integers</title>
<link>/theories/gaussian_integers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gaussian_integers/</guid>
<description></description>
</item>
<item>
<title>GenClock</title>
<link>/theories/genclock/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/genclock/</guid>
<description></description>
</item>
<item>
<title>General-Triangle</title>
<link>/theories/general-triangle/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/general-triangle/</guid>
<description></description>
</item>
<item>
<title>Generalized_Counting_Sort</title>
<link>/theories/generalized_counting_sort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/generalized_counting_sort/</guid>
<description></description>
</item>
<item>
<title>Generic_Deriving</title>
<link>/theories/generic_deriving/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/generic_deriving/</guid>
<description></description>
</item>
<item>
<title>Generic_Join</title>
<link>/theories/generic_join/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/generic_join/</guid>
<description></description>
</item>
<item>
<title>GewirthPGCProof</title>
<link>/theories/gewirthpgcproof/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gewirthpgcproof/</guid>
<description></description>
</item>
<item>
<title>Girth_Chromatic</title>
<link>/theories/girth_chromatic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/girth_chromatic/</guid>
<description></description>
</item>
<item>
<title>Goedel_HFSet_Semantic</title>
<link>/theories/goedel_hfset_semantic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/goedel_hfset_semantic/</guid>
<description></description>
</item>
<item>
<title>Goedel_HFSet_Semanticless</title>
<link>/theories/goedel_hfset_semanticless/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/goedel_hfset_semanticless/</guid>
<description></description>
</item>
<item>
<title>Goedel_Incompleteness</title>
<link>/theories/goedel_incompleteness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/goedel_incompleteness/</guid>
<description></description>
</item>
<item>
<title>GoedelGod</title>
<link>/theories/goedelgod/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/goedelgod/</guid>
<description></description>
</item>
<item>
<title>Goodstein_Lambda</title>
<link>/theories/goodstein_lambda/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/goodstein_lambda/</guid>
<description></description>
</item>
<item>
<title>GPU_Kernel_PL</title>
<link>/theories/gpu_kernel_pl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gpu_kernel_pl/</guid>
<description></description>
</item>
<item>
<title>Graph_Saturation</title>
<link>/theories/graph_saturation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/graph_saturation/</guid>
<description></description>
</item>
<item>
<title>Graph_Theory</title>
<link>/theories/graph_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/graph_theory/</guid>
<description></description>
</item>
<item>
<title>GraphMarkingIBP</title>
<link>/theories/graphmarkingibp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/graphmarkingibp/</guid>
<description></description>
</item>
<item>
<title>Green</title>
<link>/theories/green/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/green/</guid>
<description></description>
</item>
<item>
<title>Groebner_Bases</title>
<link>/theories/groebner_bases/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/groebner_bases/</guid>
<description></description>
</item>
<item>
<title>Groebner_Macaulay</title>
<link>/theories/groebner_macaulay/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/groebner_macaulay/</guid>
<description></description>
</item>
<item>
<title>Gromov_Hyperbolicity</title>
<link>/theories/gromov_hyperbolicity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/gromov_hyperbolicity/</guid>
<description></description>
</item>
<item>
<title>Grothendieck_Schemes</title>
<link>/theories/grothendieck_schemes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/grothendieck_schemes/</guid>
<description></description>
</item>
<item>
<title>Group-Ring-Module</title>
<link>/theories/group-ring-module/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/group-ring-module/</guid>
<description></description>
</item>
<item>
<title>Hahn_Jordan_Decomposition</title>
<link>/theories/hahn_jordan_decomposition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hahn_jordan_decomposition/</guid>
<description></description>
</item>
<item>
<title>Hales_Jewett</title>
<link>/theories/hales_jewett/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hales_jewett/</guid>
<description></description>
</item>
<item>
<title>Heard_Of</title>
<link>/theories/heard_of/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/heard_of/</guid>
<description></description>
</item>
<item>
<title>Hello_World</title>
<link>/theories/hello_world/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hello_world/</guid>
<description></description>
</item>
<item>
<title>HereditarilyFinite</title>
<link>/theories/hereditarilyfinite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hereditarilyfinite/</guid>
<description></description>
</item>
<item>
<title>Hermite</title>
<link>/theories/hermite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hermite/</guid>
<description></description>
</item>
<item>
<title>Hermite_Lindemann</title>
<link>/theories/hermite_lindemann/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hermite_lindemann/</guid>
<description></description>
</item>
<item>
<title>Hidden_Markov_Models</title>
<link>/theories/hidden_markov_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hidden_markov_models/</guid>
<description></description>
</item>
<item>
<title>Higher_Order_Terms</title>
<link>/theories/higher_order_terms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/higher_order_terms/</guid>
<description></description>
</item>
<item>
<title>Hoare_Time</title>
<link>/theories/hoare_time/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hoare_time/</guid>
<description></description>
</item>
<item>
<title>HOL-CSP</title>
<link>/theories/hol-csp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hol-csp/</guid>
<description></description>
</item>
<item>
<title>HOL-ODE-ARCH-COMP</title>
<link>/theories/hol-ode-arch-comp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hol-ode-arch-comp/</guid>
<description></description>
</item>
<item>
<title>HOL-ODE-Examples</title>
<link>/theories/hol-ode-examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hol-ode-examples/</guid>
<description></description>
</item>
<item>
<title>HOL-ODE-Numerics</title>
<link>/theories/hol-ode-numerics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hol-ode-numerics/</guid>
<description></description>
</item>
<item>
<title>HOLCF-Prelude</title>
<link>/theories/holcf-prelude/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/holcf-prelude/</guid>
<description></description>
</item>
<item>
<title>Hood_Melville_Queue</title>
<link>/theories/hood_melville_queue/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hood_melville_queue/</guid>
<description></description>
</item>
<item>
<title>HotelKeyCards</title>
<link>/theories/hotelkeycards/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hotelkeycards/</guid>
<description></description>
</item>
<item>
<title>HRB-Slicing</title>
<link>/theories/hrb-slicing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hrb-slicing/</guid>
<description></description>
</item>
<item>
<title>Huffman</title>
<link>/theories/huffman/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/huffman/</guid>
<description></description>
</item>
<item>
<title>Hybrid_Logic</title>
<link>/theories/hybrid_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hybrid_logic/</guid>
<description></description>
</item>
<item>
<title>Hybrid_Multi_Lane_Spatial_Logic</title>
<link>/theories/hybrid_multi_lane_spatial_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hybrid_multi_lane_spatial_logic/</guid>
<description></description>
</item>
<item>
<title>Hybrid_Systems_VCs</title>
<link>/theories/hybrid_systems_vcs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hybrid_systems_vcs/</guid>
<description></description>
</item>
<item>
<title>HyperCTL</title>
<link>/theories/hyperctl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hyperctl/</guid>
<description></description>
</item>
<item>
<title>Hyperdual</title>
<link>/theories/hyperdual/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/hyperdual/</guid>
<description></description>
</item>
<item>
<title>IEEE_Floating_Point</title>
<link>/theories/ieee_floating_point/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ieee_floating_point/</guid>
<description></description>
</item>
<item>
<title>IFC_Tracking</title>
<link>/theories/ifc_tracking/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ifc_tracking/</guid>
<description></description>
</item>
<item>
<title>IMAP-CRDT</title>
<link>/theories/imap-crdt/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imap-crdt/</guid>
<description></description>
</item>
<item>
<title>IMO2019</title>
<link>/theories/imo2019/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imo2019/</guid>
<description></description>
</item>
<item>
<title>IMP2</title>
<link>/theories/imp2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imp2/</guid>
<description></description>
</item>
<item>
<title>IMP2_Binary_Heap</title>
<link>/theories/imp2_binary_heap/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imp2_binary_heap/</guid>
<description></description>
</item>
<item>
<title>IMP_Compiler</title>
<link>/theories/imp_compiler/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imp_compiler/</guid>
<description></description>
</item>
<item>
<title>IMP_Compiler_Reuse</title>
<link>/theories/imp_compiler_reuse/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imp_compiler_reuse/</guid>
<description></description>
</item>
<item>
<title>Imperative_Insertion_Sort</title>
<link>/theories/imperative_insertion_sort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/imperative_insertion_sort/</guid>
<description></description>
</item>
<item>
<title>Implicational_Logic</title>
<link>/theories/implicational_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/implicational_logic/</guid>
<description></description>
</item>
<item>
<title>Impossible_Geometry</title>
<link>/theories/impossible_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/impossible_geometry/</guid>
<description></description>
</item>
<item>
<title>Incompleteness</title>
<link>/theories/incompleteness/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/incompleteness/</guid>
<description></description>
</item>
<item>
<title>Incredible_Proof_Machine</title>
<link>/theories/incredible_proof_machine/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/incredible_proof_machine/</guid>
<description></description>
</item>
<item>
<title>Independence_CH</title>
<link>/theories/independence_ch/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/independence_ch/</guid>
<description></description>
</item>
<item>
<title>Inductive_Confidentiality</title>
<link>/theories/inductive_confidentiality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/inductive_confidentiality/</guid>
<description></description>
</item>
<item>
<title>Inductive_Inference</title>
<link>/theories/inductive_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/inductive_inference/</guid>
<description></description>
</item>
<item>
<title>InformationFlowSlicing</title>
<link>/theories/informationflowslicing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/informationflowslicing/</guid>
<description></description>
</item>
<item>
<title>InformationFlowSlicing_Inter</title>
<link>/theories/informationflowslicing_inter/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/informationflowslicing_inter/</guid>
<description></description>
</item>
<item>
<title>InfPathElimination</title>
<link>/theories/infpathelimination/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/infpathelimination/</guid>
<description></description>
</item>
<item>
<title>Integration</title>
<link>/theories/integration/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/integration/</guid>
<description></description>
</item>
<item>
<title>Interpolation_Polynomials_HOL_Algebra</title>
<link>/theories/interpolation_polynomials_hol_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/interpolation_polynomials_hol_algebra/</guid>
<description></description>
</item>
<item>
<title>Interpreter_Optimizations</title>
<link>/theories/interpreter_optimizations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/interpreter_optimizations/</guid>
<description></description>
</item>
<item>
<title>Interval_Arithmetic_Word32</title>
<link>/theories/interval_arithmetic_word32/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/interval_arithmetic_word32/</guid>
<description></description>
</item>
<item>
<title>Intro_Dest_Elim</title>
<link>/theories/intro_dest_elim/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/intro_dest_elim/</guid>
<description></description>
</item>
<item>
<title>Involutions2Squares</title>
<link>/theories/involutions2squares/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/involutions2squares/</guid>
<description></description>
</item>
<item>
<title>IP_Addresses</title>
<link>/theories/ip_addresses/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ip_addresses/</guid>
<description></description>
</item>
<item>
<title>Iptables_Semantics</title>
<link>/theories/iptables_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/iptables_semantics/</guid>
<description></description>
</item>
<item>
<title>Iptables_Semantics_Examples</title>
<link>/theories/iptables_semantics_examples/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/iptables_semantics_examples/</guid>
<description></description>
</item>
<item>
<title>Iptables_Semantics_Examples_Big</title>
<link>/theories/iptables_semantics_examples_big/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/iptables_semantics_examples_big/</guid>
<description></description>
</item>
<item>
<title>Irrational_Series_Erdos_Straus</title>
<link>/theories/irrational_series_erdos_straus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/irrational_series_erdos_straus/</guid>
<description></description>
</item>
<item>
<title>Irrationality_J_Hancl</title>
<link>/theories/irrationality_j_hancl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/irrationality_j_hancl/</guid>
<description></description>
</item>
<item>
<title>Irrationals_From_THEBOOK</title>
<link>/theories/irrationals_from_thebook/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/irrationals_from_thebook/</guid>
<description></description>
</item>
<item>
<title>Isabelle_C</title>
<link>/theories/isabelle_c/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/isabelle_c/</guid>
<description></description>
</item>
<item>
<title>Isabelle_Marries_Dirac</title>
<link>/theories/isabelle_marries_dirac/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/isabelle_marries_dirac/</guid>
<description></description>
</item>
<item>
<title>Isabelle_Meta_Model</title>
<link>/theories/isabelle_meta_model/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/isabelle_meta_model/</guid>
<description></description>
</item>
<item>
<title>IsaGeoCoq</title>
<link>/theories/isageocoq/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/isageocoq/</guid>
<description></description>
</item>
<item>
<title>IsaNet</title>
<link>/theories/isanet/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/isanet/</guid>
<description></description>
</item>
<item>
<title>Jacobson_Basic_Algebra</title>
<link>/theories/jacobson_basic_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jacobson_basic_algebra/</guid>
<description></description>
</item>
<item>
<title>Jinja</title>
<link>/theories/jinja/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jinja/</guid>
<description></description>
</item>
<item>
<title>JinjaDCI</title>
<link>/theories/jinjadci/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jinjadci/</guid>
<description></description>
</item>
<item>
<title>JinjaThreads</title>
<link>/theories/jinjathreads/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jinjathreads/</guid>
<description></description>
</item>
<item>
<title>JiveDataStoreModel</title>
<link>/theories/jivedatastoremodel/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jivedatastoremodel/</guid>
<description></description>
</item>
<item>
<title>Jordan_Hoelder</title>
<link>/theories/jordan_hoelder/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jordan_hoelder/</guid>
<description></description>
</item>
<item>
<title>Jordan_Normal_Form</title>
<link>/theories/jordan_normal_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/jordan_normal_form/</guid>
<description></description>
</item>
<item>
<title>KAD</title>
<link>/theories/kad/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kad/</guid>
<description></description>
</item>
<item>
<title>KAT_and_DRA</title>
<link>/theories/kat_and_dra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kat_and_dra/</guid>
<description></description>
</item>
<item>
<title>KBPs</title>
<link>/theories/kbps/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kbps/</guid>
<description></description>
</item>
<item>
<title>KD_Tree</title>
<link>/theories/kd_tree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kd_tree/</guid>
<description></description>
</item>
<item>
<title>Key_Agreement_Strong_Adversaries</title>
<link>/theories/key_agreement_strong_adversaries/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/key_agreement_strong_adversaries/</guid>
<description></description>
</item>
<item>
<title>Khovanskii_Theorem</title>
<link>/theories/khovanskii_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/khovanskii_theorem/</guid>
<description></description>
</item>
<item>
<title>Kleene_Algebra</title>
<link>/theories/kleene_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kleene_algebra/</guid>
<description></description>
</item>
<item>
<title>Knights_Tour</title>
<link>/theories/knights_tour/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/knights_tour/</guid>
<description></description>
</item>
<item>
<title>Knot_Theory</title>
<link>/theories/knot_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/knot_theory/</guid>
<description></description>
</item>
<item>
<title>Knuth_Bendix_Order</title>
<link>/theories/knuth_bendix_order/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/knuth_bendix_order/</guid>
<description></description>
</item>
<item>
<title>Knuth_Morris_Pratt</title>
<link>/theories/knuth_morris_pratt/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/knuth_morris_pratt/</guid>
<description></description>
</item>
<item>
<title>Koenigsberg_Friendship</title>
<link>/theories/koenigsberg_friendship/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/koenigsberg_friendship/</guid>
<description></description>
</item>
<item>
<title>Kruskal</title>
<link>/theories/kruskal/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kruskal/</guid>
<description></description>
</item>
<item>
<title>Kuratowski_Closure_Complement</title>
<link>/theories/kuratowski_closure_complement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/kuratowski_closure_complement/</guid>
<description></description>
</item>
<item>
<title>Lam-ml-Normalization</title>
<link>/theories/lam-ml-normalization/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lam-ml-normalization/</guid>
<description></description>
</item>
<item>
<title>Lambda_Free_EPO</title>
<link>/theories/lambda_free_epo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambda_free_epo/</guid>
<description></description>
</item>
<item>
<title>Lambda_Free_KBOs</title>
<link>/theories/lambda_free_kbos/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambda_free_kbos/</guid>
<description></description>
</item>
<item>
<title>Lambda_Free_RPOs</title>
<link>/theories/lambda_free_rpos/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambda_free_rpos/</guid>
<description></description>
</item>
<item>
<title>LambdaAuth</title>
<link>/theories/lambdaauth/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambdaauth/</guid>
<description></description>
</item>
<item>
<title>LambdaMu</title>
<link>/theories/lambdamu/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambdamu/</guid>
<description></description>
</item>
<item>
<title>Lambert_W</title>
<link>/theories/lambert_w/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lambert_w/</guid>
<description></description>
</item>
<item>
<title>Landau_Symbols</title>
<link>/theories/landau_symbols/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/landau_symbols/</guid>
<description></description>
</item>
<item>
<title>Laplace_Transform</title>
<link>/theories/laplace_transform/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/laplace_transform/</guid>
<description></description>
</item>
<item>
<title>Latin_Square</title>
<link>/theories/latin_square/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/latin_square/</guid>
<description></description>
</item>
<item>
<title>LatticeProperties</title>
<link>/theories/latticeproperties/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/latticeproperties/</guid>
<description></description>
</item>
<item>
<title>Launchbury</title>
<link>/theories/launchbury/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/launchbury/</guid>
<description></description>
</item>
<item>
<title>Laws_of_Large_Numbers</title>
<link>/theories/laws_of_large_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/laws_of_large_numbers/</guid>
<description></description>
</item>
<item>
<title>Lazy-Lists-II</title>
<link>/theories/lazy-lists-ii/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lazy-lists-ii/</guid>
<description></description>
</item>
<item>
<title>Lazy_Case</title>
<link>/theories/lazy_case/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lazy_case/</guid>
<description></description>
</item>
<item>
<title>Lehmer</title>
<link>/theories/lehmer/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lehmer/</guid>
<description></description>
</item>
<item>
<title>LEM</title>
<link>/theories/lem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lem/</guid>
<description></description>
</item>
<item>
<title>Lifting_Definition_Option</title>
<link>/theories/lifting_definition_option/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lifting_definition_option/</guid>
<description></description>
</item>
<item>
<title>Lifting_the_Exponent</title>
<link>/theories/lifting_the_exponent/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lifting_the_exponent/</guid>
<description></description>
</item>
<item>
<title>LightweightJava</title>
<link>/theories/lightweightjava/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lightweightjava/</guid>
<description></description>
</item>
<item>
<title>Linear_Inequalities</title>
<link>/theories/linear_inequalities/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/linear_inequalities/</guid>
<description></description>
</item>
<item>
<title>Linear_Programming</title>
<link>/theories/linear_programming/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/linear_programming/</guid>
<description></description>
</item>
<item>
<title>Linear_Recurrences</title>
<link>/theories/linear_recurrences/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/linear_recurrences/</guid>
<description></description>
</item>
<item>
<title>Linear_Recurrences_Solver</title>
<link>/theories/linear_recurrences_solver/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/linear_recurrences_solver/</guid>
<description></description>
</item>
<item>
<title>LinearQuantifierElim</title>
<link>/theories/linearquantifierelim/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/linearquantifierelim/</guid>
<description></description>
</item>
<item>
<title>Liouville_Numbers</title>
<link>/theories/liouville_numbers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/liouville_numbers/</guid>
<description></description>
</item>
<item>
<title>List-Index</title>
<link>/theories/list-index/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/list-index/</guid>
<description></description>
</item>
<item>
<title>List-Infinite</title>
<link>/theories/list-infinite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/list-infinite/</guid>
<description></description>
</item>
<item>
<title>List_Interleaving</title>
<link>/theories/list_interleaving/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/list_interleaving/</guid>
<description></description>
</item>
<item>
<title>List_Inversions</title>
<link>/theories/list_inversions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/list_inversions/</guid>
<description></description>
</item>
<item>
<title>List_Update</title>
<link>/theories/list_update/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/list_update/</guid>
<description></description>
</item>
<item>
<title>LLL_Basis_Reduction</title>
<link>/theories/lll_basis_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lll_basis_reduction/</guid>
<description></description>
</item>
<item>
<title>LLL_Factorization</title>
<link>/theories/lll_factorization/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lll_factorization/</guid>
<description></description>
</item>
<item>
<title>Localization_Ring</title>
<link>/theories/localization_ring/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/localization_ring/</guid>
<description></description>
</item>
<item>
<title>LocalLexing</title>
<link>/theories/locallexing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/locallexing/</guid>
<description></description>
</item>
<item>
<title>Locally-Nameless-Sigma</title>
<link>/theories/locally-nameless-sigma/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/locally-nameless-sigma/</guid>
<description></description>
</item>
<item>
<title>LOFT</title>
<link>/theories/loft/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/loft/</guid>
<description></description>
</item>
<item>
<title>Logging_Independent_Anonymity</title>
<link>/theories/logging_independent_anonymity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/logging_independent_anonymity/</guid>
<description></description>
</item>
<item>
<title>Lorenz_Approximation</title>
<link>/theories/lorenz_approximation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lorenz_approximation/</guid>
<description></description>
</item>
<item>
<title>Lorenz_C0</title>
<link>/theories/lorenz_c0/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lorenz_c0/</guid>
<description></description>
</item>
<item>
<title>Lorenz_C1</title>
<link>/theories/lorenz_c1/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lorenz_c1/</guid>
<description></description>
</item>
<item>
<title>Lowe_Ontological_Argument</title>
<link>/theories/lowe_ontological_argument/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lowe_ontological_argument/</guid>
<description></description>
</item>
<item>
<title>Lower_Semicontinuous</title>
<link>/theories/lower_semicontinuous/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lower_semicontinuous/</guid>
<description></description>
</item>
<item>
<title>Lp</title>
<link>/theories/lp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lp/</guid>
<description></description>
</item>
<item>
<title>LP_Duality</title>
<link>/theories/lp_duality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lp_duality/</guid>
<description></description>
</item>
<item>
<title>LTL</title>
<link>/theories/ltl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ltl/</guid>
<description></description>
</item>
<item>
<title>LTL_Master_Theorem</title>
<link>/theories/ltl_master_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ltl_master_theorem/</guid>
<description></description>
</item>
<item>
<title>LTL_Normal_Form</title>
<link>/theories/ltl_normal_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ltl_normal_form/</guid>
<description></description>
</item>
<item>
<title>LTL_to_DRA</title>
<link>/theories/ltl_to_dra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ltl_to_dra/</guid>
<description></description>
</item>
<item>
<title>LTL_to_GBA</title>
<link>/theories/ltl_to_gba/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ltl_to_gba/</guid>
<description></description>
</item>
<item>
<title>Lucas_Theorem</title>
<link>/theories/lucas_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/lucas_theorem/</guid>
<description></description>
</item>
<item>
<title>Markov_Models</title>
<link>/theories/markov_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/markov_models/</guid>
<description></description>
</item>
<item>
<title>Marriage</title>
<link>/theories/marriage/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/marriage/</guid>
<description></description>
</item>
<item>
<title>Mason_Stothers</title>
<link>/theories/mason_stothers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mason_stothers/</guid>
<description></description>
</item>
<item>
<title>Matrices_for_ODEs</title>
<link>/theories/matrices_for_odes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/matrices_for_odes/</guid>
<description></description>
</item>
<item>
<title>Matrix</title>
<link>/theories/matrix/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/matrix/</guid>
<description></description>
</item>
<item>
<title>Matrix_Tensor</title>
<link>/theories/matrix_tensor/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/matrix_tensor/</guid>
<description></description>
</item>
<item>
<title>Matroids</title>
<link>/theories/matroids/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/matroids/</guid>
<description></description>
</item>
<item>
<title>Max-Card-Matching</title>
<link>/theories/max-card-matching/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/max-card-matching/</guid>
<description></description>
</item>
<item>
<title>Maximum_Segment_Sum</title>
<link>/theories/maximum_segment_sum/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/maximum_segment_sum/</guid>
<description></description>
</item>
<item>
<title>MDP-Algorithms</title>
<link>/theories/mdp-algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mdp-algorithms/</guid>
<description></description>
</item>
<item>
<title>MDP-Rewards</title>
<link>/theories/mdp-rewards/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mdp-rewards/</guid>
<description></description>
</item>
<item>
<title>Median_Method</title>
<link>/theories/median_method/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/median_method/</guid>
<description></description>
</item>
<item>
<title>Median_Of_Medians_Selection</title>
<link>/theories/median_of_medians_selection/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/median_of_medians_selection/</guid>
<description></description>
</item>
<item>
<title>Menger</title>
<link>/theories/menger/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/menger/</guid>
<description></description>
</item>
<item>
<title>Mereology</title>
<link>/theories/mereology/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mereology/</guid>
<description></description>
</item>
<item>
<title>Mersenne_Primes</title>
<link>/theories/mersenne_primes/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mersenne_primes/</guid>
<description></description>
</item>
<item>
<title>Metalogic_ProofChecker</title>
<link>/theories/metalogic_proofchecker/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/metalogic_proofchecker/</guid>
<description></description>
</item>
<item>
<title>MFMC_Countable</title>
<link>/theories/mfmc_countable/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mfmc_countable/</guid>
<description></description>
</item>
<item>
<title>MFODL_Monitor_Optimized</title>
<link>/theories/mfodl_monitor_optimized/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mfodl_monitor_optimized/</guid>
<description></description>
</item>
<item>
<title>MFOTL_Monitor</title>
<link>/theories/mfotl_monitor/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mfotl_monitor/</guid>
<description></description>
</item>
<item>
<title>Minimal_SSA</title>
<link>/theories/minimal_ssa/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/minimal_ssa/</guid>
<description></description>
</item>
<item>
<title>MiniML</title>
<link>/theories/miniml/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/miniml/</guid>
<description></description>
</item>
<item>
<title>MiniSail</title>
<link>/theories/minisail/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/minisail/</guid>
<description></description>
</item>
<item>
<title>Minkowskis_Theorem</title>
<link>/theories/minkowskis_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/minkowskis_theorem/</guid>
<description></description>
</item>
<item>
<title>Minsky_Machines</title>
<link>/theories/minsky_machines/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/minsky_machines/</guid>
<description></description>
</item>
<item>
<title>Modal_Logics_for_NTS</title>
<link>/theories/modal_logics_for_nts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/modal_logics_for_nts/</guid>
<description></description>
</item>
<item>
<title>Modular_arithmetic_LLL_and_HNF_algorithms</title>
<link>/theories/modular_arithmetic_lll_and_hnf_algorithms/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/modular_arithmetic_lll_and_hnf_algorithms/</guid>
<description></description>
</item>
<item>
<title>Modular_Assembly_Kit_Security</title>
<link>/theories/modular_assembly_kit_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/modular_assembly_kit_security/</guid>
<description></description>
</item>
<item>
<title>Monad_Memo_DP</title>
<link>/theories/monad_memo_dp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/monad_memo_dp/</guid>
<description></description>
</item>
<item>
<title>Monad_Normalisation</title>
<link>/theories/monad_normalisation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/monad_normalisation/</guid>
<description></description>
</item>
<item>
<title>MonoBoolTranAlgebra</title>
<link>/theories/monobooltranalgebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/monobooltranalgebra/</guid>
<description></description>
</item>
<item>
<title>MonoidalCategory</title>
<link>/theories/monoidalcategory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/monoidalcategory/</guid>
<description></description>
</item>
<item>
<title>Monomorphic_Monad</title>
<link>/theories/monomorphic_monad/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/monomorphic_monad/</guid>
<description></description>
</item>
<item>
<title>MSO_Regex_Equivalence</title>
<link>/theories/mso_regex_equivalence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/mso_regex_equivalence/</guid>
<description></description>
</item>
<item>
<title>MuchAdoAboutTwo</title>
<link>/theories/muchadoabouttwo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/muchadoabouttwo/</guid>
<description></description>
</item>
<item>
<title>Multi_Party_Computation</title>
<link>/theories/multi_party_computation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/multi_party_computation/</guid>
<description></description>
</item>
<item>
<title>Multirelations</title>
<link>/theories/multirelations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/multirelations/</guid>
<description></description>
</item>
<item>
<title>Multiset_Ordering_NPC</title>
<link>/theories/multiset_ordering_npc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/multiset_ordering_npc/</guid>
<description></description>
</item>
<item>
<title>Myhill-Nerode</title>
<link>/theories/myhill-nerode/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/myhill-nerode/</guid>
<description></description>
</item>
<item>
<title>Name_Carrying_Type_Inference</title>
<link>/theories/name_carrying_type_inference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/name_carrying_type_inference/</guid>
<description></description>
</item>
<item>
<title>Nano_JSON</title>
<link>/theories/nano_json/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nano_json/</guid>
<description></description>
</item>
<item>
<title>Nash_Williams</title>
<link>/theories/nash_williams/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nash_williams/</guid>
<description></description>
</item>
<item>
<title>Nat-Interval-Logic</title>
<link>/theories/nat-interval-logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nat-interval-logic/</guid>
<description></description>
</item>
<item>
<title>Native_Word</title>
<link>/theories/native_word/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/native_word/</guid>
<description></description>
</item>
<item>
<title>Nested_Multisets_Ordinals</title>
<link>/theories/nested_multisets_ordinals/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nested_multisets_ordinals/</guid>
<description></description>
</item>
<item>
<title>Network_Security_Policy_Verification</title>
<link>/theories/network_security_policy_verification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/network_security_policy_verification/</guid>
<description></description>
</item>
<item>
<title>Neumann_Morgenstern_Utility</title>
<link>/theories/neumann_morgenstern_utility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/neumann_morgenstern_utility/</guid>
<description></description>
</item>
<item>
<title>No_FTL_observers</title>
<link>/theories/no_ftl_observers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/no_ftl_observers/</guid>
<description></description>
</item>
<item>
<title>Nominal2</title>
<link>/theories/nominal2/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nominal2/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Concurrent_Composition</title>
<link>/theories/noninterference_concurrent_composition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_concurrent_composition/</guid>
<description></description>
</item>
<item>
<title>Noninterference_CSP</title>
<link>/theories/noninterference_csp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_csp/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Generic_Unwinding</title>
<link>/theories/noninterference_generic_unwinding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_generic_unwinding/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Inductive_Unwinding</title>
<link>/theories/noninterference_inductive_unwinding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_inductive_unwinding/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Ipurge_Unwinding</title>
<link>/theories/noninterference_ipurge_unwinding/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_ipurge_unwinding/</guid>
<description></description>
</item>
<item>
<title>Noninterference_Sequential_Composition</title>
<link>/theories/noninterference_sequential_composition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/noninterference_sequential_composition/</guid>
<description></description>
</item>
<item>
<title>NormByEval</title>
<link>/theories/normbyeval/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/normbyeval/</guid>
<description></description>
</item>
<item>
<title>Nullstellensatz</title>
<link>/theories/nullstellensatz/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/nullstellensatz/</guid>
<description></description>
</item>
<item>
<title>Number_Theoretic_Transform</title>
<link>/theories/number_theoretic_transform/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/number_theoretic_transform/</guid>
<description></description>
</item>
<item>
<title>Octonions</title>
<link>/theories/octonions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/octonions/</guid>
<description></description>
</item>
<item>
<title>Old_Datatype_Show</title>
<link>/theories/old_datatype_show/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/old_datatype_show/</guid>
<description></description>
</item>
<item>
<title>Open_Induction</title>
<link>/theories/open_induction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/open_induction/</guid>
<description></description>
</item>
<item>
<title>OpSets</title>
<link>/theories/opsets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/opsets/</guid>
<description></description>
</item>
<item>
<title>Optics</title>
<link>/theories/optics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/optics/</guid>
<description></description>
</item>
<item>
<title>Optimal_BST</title>
<link>/theories/optimal_bst/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/optimal_bst/</guid>
<description></description>
</item>
<item>
<title>Orbit_Stabiliser</title>
<link>/theories/orbit_stabiliser/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/orbit_stabiliser/</guid>
<description></description>
</item>
<item>
<title>Order_Lattice_Props</title>
<link>/theories/order_lattice_props/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/order_lattice_props/</guid>
<description></description>
</item>
<item>
<title>Ordered_Resolution_Prover</title>
<link>/theories/ordered_resolution_prover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ordered_resolution_prover/</guid>
<description></description>
</item>
<item>
<title>Ordinal</title>
<link>/theories/ordinal/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ordinal/</guid>
<description></description>
</item>
<item>
<title>Ordinal_Partitions</title>
<link>/theories/ordinal_partitions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ordinal_partitions/</guid>
<description></description>
</item>
<item>
<title>Ordinals_and_Cardinals</title>
<link>/theories/ordinals_and_cardinals/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ordinals_and_cardinals/</guid>
<description></description>
</item>
<item>
<title>Ordinary_Differential_Equations</title>
<link>/theories/ordinary_differential_equations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ordinary_differential_equations/</guid>
<description></description>
</item>
<item>
<title>PAC_Checker</title>
<link>/theories/pac_checker/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pac_checker/</guid>
<description></description>
</item>
<item>
<title>Package_logic</title>
<link>/theories/package_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/package_logic/</guid>
<description></description>
</item>
<item>
<title>Padic_Field</title>
<link>/theories/padic_field/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/padic_field/</guid>
<description></description>
</item>
<item>
<title>Padic_Ints</title>
<link>/theories/padic_ints/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/padic_ints/</guid>
<description></description>
</item>
<item>
<title>Pairing_Heap</title>
<link>/theories/pairing_heap/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pairing_heap/</guid>
<description></description>
</item>
<item>
<title>PAL</title>
<link>/theories/pal/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pal/</guid>
<description></description>
</item>
<item>
<title>Paraconsistency</title>
<link>/theories/paraconsistency/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/paraconsistency/</guid>
<description></description>
</item>
<item>
<title>Parity_Game</title>
<link>/theories/parity_game/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/parity_game/</guid>
<description></description>
</item>
<item>
<title>Partial_Function_MR</title>
<link>/theories/partial_function_mr/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/partial_function_mr/</guid>
<description></description>
</item>
<item>
<title>Partial_Order_Reduction</title>
<link>/theories/partial_order_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/partial_order_reduction/</guid>
<description></description>
</item>
<item>
<title>Password_Authentication_Protocol</title>
<link>/theories/password_authentication_protocol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/password_authentication_protocol/</guid>
<description></description>
</item>
<item>
<title>PCF</title>
<link>/theories/pcf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pcf/</guid>
<description></description>
</item>
<item>
<title>Pell</title>
<link>/theories/pell/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pell/</guid>
<description></description>
</item>
<item>
<title>Perfect-Number-Thm</title>
<link>/theories/perfect-number-thm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/perfect-number-thm/</guid>
<description></description>
</item>
<item>
<title>Perron_Frobenius</title>
<link>/theories/perron_frobenius/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/perron_frobenius/</guid>
<description></description>
</item>
<item>
<title>pGCL</title>
<link>/theories/pgcl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pgcl/</guid>
<description></description>
</item>
<item>
<title>Physical_Quantities</title>
<link>/theories/physical_quantities/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/physical_quantities/</guid>
<description></description>
</item>
<item>
<title>Pi_Calculus</title>
<link>/theories/pi_calculus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pi_calculus/</guid>
<description></description>
</item>
<item>
<title>Pi_Transcendental</title>
<link>/theories/pi_transcendental/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pi_transcendental/</guid>
<description></description>
</item>
<item>
<title>Planarity_Certificates</title>
<link>/theories/planarity_certificates/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/planarity_certificates/</guid>
<description></description>
</item>
<item>
<title>PLM</title>
<link>/theories/plm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/plm/</guid>
<description></description>
</item>
<item>
<title>Pluennecke_Ruzsa_Inequality</title>
<link>/theories/pluennecke_ruzsa_inequality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pluennecke_ruzsa_inequality/</guid>
<description></description>
</item>
<item>
<title>Poincare_Bendixson</title>
<link>/theories/poincare_bendixson/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/poincare_bendixson/</guid>
<description></description>
</item>
<item>
<title>Poincare_Disc</title>
<link>/theories/poincare_disc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/poincare_disc/</guid>
<description></description>
</item>
<item>
<title>Polynomial_Factorization</title>
<link>/theories/polynomial_factorization/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/polynomial_factorization/</guid>
<description></description>
</item>
<item>
<title>Polynomial_Interpolation</title>
<link>/theories/polynomial_interpolation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/polynomial_interpolation/</guid>
<description></description>
</item>
<item>
<title>Polynomials</title>
<link>/theories/polynomials/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/polynomials/</guid>
<description></description>
</item>
<item>
<title>Pop_Refinement</title>
<link>/theories/pop_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pop_refinement/</guid>
<description></description>
</item>
<item>
<title>POPLmark-deBruijn</title>
<link>/theories/poplmark-debruijn/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/poplmark-debruijn/</guid>
<description></description>
</item>
<item>
<title>Posix-Lexing</title>
<link>/theories/posix-lexing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/posix-lexing/</guid>
<description></description>
</item>
<item>
<title>Possibilistic_Noninterference</title>
<link>/theories/possibilistic_noninterference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/possibilistic_noninterference/</guid>
<description></description>
</item>
<item>
<title>Power_Sum_Polynomials</title>
<link>/theories/power_sum_polynomials/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/power_sum_polynomials/</guid>
<description></description>
</item>
<item>
<title>Pratt_Certificate</title>
<link>/theories/pratt_certificate/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pratt_certificate/</guid>
<description></description>
</item>
<item>
<title>Prefix_Free_Code_Combinators</title>
<link>/theories/prefix_free_code_combinators/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prefix_free_code_combinators/</guid>
<description></description>
</item>
<item>
<title>Presburger-Automata</title>
<link>/theories/presburger-automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/presburger-automata/</guid>
<description></description>
</item>
<item>
<title>Prim_Dijkstra_Simple</title>
<link>/theories/prim_dijkstra_simple/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prim_dijkstra_simple/</guid>
<description></description>
</item>
<item>
<title>Prime_Distribution_Elementary</title>
<link>/theories/prime_distribution_elementary/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prime_distribution_elementary/</guid>
<description></description>
</item>
<item>
<title>Prime_Harmonic_Series</title>
<link>/theories/prime_harmonic_series/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prime_harmonic_series/</guid>
<description></description>
</item>
<item>
<title>Prime_Number_Theorem</title>
<link>/theories/prime_number_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prime_number_theorem/</guid>
<description></description>
</item>
<item>
<title>Priority_Queue_Braun</title>
<link>/theories/priority_queue_braun/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/priority_queue_braun/</guid>
<description></description>
</item>
<item>
<title>Priority_Search_Trees</title>
<link>/theories/priority_search_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/priority_search_trees/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_Noninterference</title>
<link>/theories/probabilistic_noninterference/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/probabilistic_noninterference/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_Prime_Tests</title>
<link>/theories/probabilistic_prime_tests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/probabilistic_prime_tests/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_System_Zoo</title>
<link>/theories/probabilistic_system_zoo/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/probabilistic_system_zoo/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_Timed_Automata</title>
<link>/theories/probabilistic_timed_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/probabilistic_timed_automata/</guid>
<description></description>
</item>
<item>
<title>Probabilistic_While</title>
<link>/theories/probabilistic_while/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/probabilistic_while/</guid>
<description></description>
</item>
<item>
<title>Program-Conflict-Analysis</title>
<link>/theories/program-conflict-analysis/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/program-conflict-analysis/</guid>
<description></description>
</item>
<item>
<title>Progress_Tracking</title>
<link>/theories/progress_tracking/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/progress_tracking/</guid>
<description></description>
</item>
<item>
<title>Projective_Geometry</title>
<link>/theories/projective_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/projective_geometry/</guid>
<description></description>
</item>
<item>
<title>Projective_Measurements</title>
<link>/theories/projective_measurements/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/projective_measurements/</guid>
<description></description>
</item>
<item>
<title>Promela</title>
<link>/theories/promela/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/promela/</guid>
<description></description>
</item>
<item>
<title>Proof_Strategy_Language</title>
<link>/theories/proof_strategy_language/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/proof_strategy_language/</guid>
<description></description>
</item>
<item>
<title>Propositional_Proof_Systems</title>
<link>/theories/propositional_proof_systems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/propositional_proof_systems/</guid>
<description></description>
</item>
<item>
<title>PropResPI</title>
<link>/theories/proprespi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/proprespi/</guid>
<description></description>
</item>
<item>
<title>Prpu_Maxflow</title>
<link>/theories/prpu_maxflow/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/prpu_maxflow/</guid>
<description></description>
</item>
<item>
<title>PSemigroupsConvolution</title>
<link>/theories/psemigroupsconvolution/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/psemigroupsconvolution/</guid>
<description></description>
</item>
<item>
<title>PseudoHoops</title>
<link>/theories/pseudohoops/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/pseudohoops/</guid>
<description></description>
</item>
<item>
<title>Psi_Calculi</title>
<link>/theories/psi_calculi/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/psi_calculi/</guid>
<description></description>
</item>
<item>
<title>Ptolemys_Theorem</title>
<link>/theories/ptolemys_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ptolemys_theorem/</guid>
<description></description>
</item>
<item>
<title>Public_Announcement_Logic</title>
<link>/theories/public_announcement_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/public_announcement_logic/</guid>
<description></description>
</item>
<item>
<title>QHLProver</title>
<link>/theories/qhlprover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/qhlprover/</guid>
<description></description>
</item>
<item>
<title>QR_Decomposition</title>
<link>/theories/qr_decomposition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/qr_decomposition/</guid>
<description></description>
</item>
<item>
<title>Quantales</title>
<link>/theories/quantales/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/quantales/</guid>
<description></description>
</item>
<item>
<title>Quasi_Borel_Spaces</title>
<link>/theories/quasi_borel_spaces/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/quasi_borel_spaces/</guid>
<description></description>
</item>
<item>
<title>Quaternions</title>
<link>/theories/quaternions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/quaternions/</guid>
<description></description>
</item>
<item>
+ <title>Query_Optimization</title>
+ <link>/theories/query_optimization/</link>
+ <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
+
+ <guid>/theories/query_optimization/</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>Quick_Sort_Cost</title>
<link>/theories/quick_sort_cost/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/quick_sort_cost/</guid>
<description></description>
</item>
<item>
<title>Ramsey-Infinite</title>
<link>/theories/ramsey-infinite/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ramsey-infinite/</guid>
<description></description>
</item>
<item>
<title>Random_BSTs</title>
<link>/theories/random_bsts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/random_bsts/</guid>
<description></description>
</item>
<item>
<title>Random_Graph_Subgraph_Threshold</title>
<link>/theories/random_graph_subgraph_threshold/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/random_graph_subgraph_threshold/</guid>
<description></description>
</item>
<item>
<title>Randomised_BSTs</title>
<link>/theories/randomised_bsts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/randomised_bsts/</guid>
<description></description>
</item>
<item>
<title>Randomised_Social_Choice</title>
<link>/theories/randomised_social_choice/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/randomised_social_choice/</guid>
<description></description>
</item>
<item>
<title>Rank_Nullity_Theorem</title>
<link>/theories/rank_nullity_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/rank_nullity_theorem/</guid>
<description></description>
</item>
<item>
<title>Real_Impl</title>
<link>/theories/real_impl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/real_impl/</guid>
<description></description>
</item>
<item>
<title>Real_Power</title>
<link>/theories/real_power/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/real_power/</guid>
<description></description>
</item>
<item>
<title>Real_Time_Deque</title>
<link>/theories/real_time_deque/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/real_time_deque/</guid>
<description></description>
</item>
<item>
<title>Recursion-Addition</title>
<link>/theories/recursion-addition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/recursion-addition/</guid>
<description></description>
</item>
<item>
<title>Recursion-Theory-I</title>
<link>/theories/recursion-theory-i/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/recursion-theory-i/</guid>
<description></description>
</item>
<item>
<title>Refine_Imperative_HOL</title>
<link>/theories/refine_imperative_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/refine_imperative_hol/</guid>
<description></description>
</item>
<item>
<title>Refine_Monadic</title>
<link>/theories/refine_monadic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/refine_monadic/</guid>
<description></description>
</item>
<item>
<title>RefinementReactive</title>
<link>/theories/refinementreactive/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/refinementreactive/</guid>
<description></description>
</item>
<item>
<title>Regex_Equivalence</title>
<link>/theories/regex_equivalence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/regex_equivalence/</guid>
<description></description>
</item>
<item>
<title>Registers</title>
<link>/theories/registers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/registers/</guid>
<description></description>
</item>
<item>
<title>Regression_Test_Selection</title>
<link>/theories/regression_test_selection/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/regression_test_selection/</guid>
<description></description>
</item>
<item>
<title>Regular-Sets</title>
<link>/theories/regular-sets/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/regular-sets/</guid>
<description></description>
</item>
<item>
<title>Regular_Algebras</title>
<link>/theories/regular_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/regular_algebras/</guid>
<description></description>
</item>
<item>
<title>Regular_Tree_Relations</title>
<link>/theories/regular_tree_relations/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/regular_tree_relations/</guid>
<description></description>
</item>
<item>
<title>Relation_Algebra</title>
<link>/theories/relation_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relation_algebra/</guid>
<description></description>
</item>
<item>
<title>Relational-Incorrectness-Logic</title>
<link>/theories/relational-incorrectness-logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational-incorrectness-logic/</guid>
<description></description>
</item>
<item>
<title>Relational_Disjoint_Set_Forests</title>
<link>/theories/relational_disjoint_set_forests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational_disjoint_set_forests/</guid>
<description></description>
</item>
<item>
<title>Relational_Forests</title>
<link>/theories/relational_forests/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational_forests/</guid>
<description></description>
</item>
<item>
<title>Relational_Method</title>
<link>/theories/relational_method/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational_method/</guid>
<description></description>
</item>
<item>
<title>Relational_Minimum_Spanning_Trees</title>
<link>/theories/relational_minimum_spanning_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational_minimum_spanning_trees/</guid>
<description></description>
</item>
<item>
<title>Relational_Paths</title>
<link>/theories/relational_paths/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/relational_paths/</guid>
<description></description>
</item>
<item>
<title>Rep_Fin_Groups</title>
<link>/theories/rep_fin_groups/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/rep_fin_groups/</guid>
<description></description>
</item>
<item>
<title>Residuated_Lattices</title>
<link>/theories/residuated_lattices/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/residuated_lattices/</guid>
<description></description>
</item>
<item>
<title>ResiduatedTransitionSystem</title>
<link>/theories/residuatedtransitionsystem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/residuatedtransitionsystem/</guid>
<description></description>
</item>
<item>
<title>Resolution_FOL</title>
<link>/theories/resolution_fol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/resolution_fol/</guid>
<description></description>
</item>
<item>
<title>Rewrite_Properties_Reduction</title>
<link>/theories/rewrite_properties_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/rewrite_properties_reduction/</guid>
<description></description>
</item>
<item>
<title>Rewriting_Z</title>
<link>/theories/rewriting_z/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/rewriting_z/</guid>
<description></description>
</item>
<item>
<title>Ribbon_Proofs</title>
<link>/theories/ribbon_proofs/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ribbon_proofs/</guid>
<description></description>
</item>
<item>
<title>RIPEMD-160-SPARK</title>
<link>/theories/ripemd-160-spark/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/ripemd-160-spark/</guid>
<description></description>
</item>
<item>
<title>Risk_Free_Lending</title>
<link>/theories/risk_free_lending/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/risk_free_lending/</guid>
<description></description>
</item>
<item>
<title>Robbins-Conjecture</title>
<link>/theories/robbins-conjecture/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/robbins-conjecture/</guid>
<description></description>
</item>
<item>
<title>ROBDD</title>
<link>/theories/robdd/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/robdd/</guid>
<description></description>
</item>
<item>
<title>Robinson_Arithmetic</title>
<link>/theories/robinson_arithmetic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/robinson_arithmetic/</guid>
<description></description>
</item>
<item>
<title>Root_Balanced_Tree</title>
<link>/theories/root_balanced_tree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/root_balanced_tree/</guid>
<description></description>
</item>
<item>
<title>Roth_Arithmetic_Progressions</title>
<link>/theories/roth_arithmetic_progressions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/roth_arithmetic_progressions/</guid>
<description></description>
</item>
<item>
<title>Routing</title>
<link>/theories/routing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/routing/</guid>
<description></description>
</item>
<item>
<title>Roy_Floyd_Warshall</title>
<link>/theories/roy_floyd_warshall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/roy_floyd_warshall/</guid>
<description></description>
</item>
<item>
<title>RSAPSS</title>
<link>/theories/rsapss/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/rsapss/</guid>
<description></description>
</item>
<item>
<title>Safe_Distance</title>
<link>/theories/safe_distance/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/safe_distance/</guid>
<description></description>
</item>
<item>
<title>Safe_OCL</title>
<link>/theories/safe_ocl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/safe_ocl/</guid>
<description></description>
</item>
<item>
<title>Safe_Range_RC</title>
<link>/theories/safe_range_rc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/safe_range_rc/</guid>
<description></description>
</item>
<item>
<title>SATSolverVerification</title>
<link>/theories/satsolververification/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/satsolververification/</guid>
<description></description>
</item>
<item>
<title>Saturation_Framework</title>
<link>/theories/saturation_framework/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/saturation_framework/</guid>
<description></description>
</item>
<item>
<title>Saturation_Framework_Extensions</title>
<link>/theories/saturation_framework_extensions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/saturation_framework_extensions/</guid>
<description></description>
</item>
<item>
<title>SC_DOM_Components</title>
<link>/theories/sc_dom_components/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sc_dom_components/</guid>
<description></description>
</item>
<item>
<title>SCC_Bloemen_Sequential</title>
<link>/theories/scc_bloemen_sequential/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/scc_bloemen_sequential/</guid>
<description></description>
</item>
<item>
<title>Schutz_Spacetime</title>
<link>/theories/schutz_spacetime/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/schutz_spacetime/</guid>
<description></description>
</item>
<item>
<title>SDS_Impossibility</title>
<link>/theories/sds_impossibility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sds_impossibility/</guid>
<description></description>
</item>
<item>
<title>Secondary_Sylow</title>
<link>/theories/secondary_sylow/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/secondary_sylow/</guid>
<description></description>
</item>
<item>
<title>Security_Protocol_Refinement</title>
<link>/theories/security_protocol_refinement/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/security_protocol_refinement/</guid>
<description></description>
</item>
<item>
<title>Selection_Heap_Sort</title>
<link>/theories/selection_heap_sort/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/selection_heap_sort/</guid>
<description></description>
</item>
<item>
<title>SenSocialChoice</title>
<link>/theories/sensocialchoice/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sensocialchoice/</guid>
<description></description>
</item>
<item>
<title>Separata</title>
<link>/theories/separata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/separata/</guid>
<description></description>
</item>
<item>
<title>Separation_Algebra</title>
<link>/theories/separation_algebra/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/separation_algebra/</guid>
<description></description>
</item>
<item>
<title>Separation_Logic_Imperative_HOL</title>
<link>/theories/separation_logic_imperative_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/separation_logic_imperative_hol/</guid>
<description></description>
</item>
<item>
<title>Separation_Logic_Unbounded</title>
<link>/theories/separation_logic_unbounded/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/separation_logic_unbounded/</guid>
<description></description>
</item>
<item>
<title>Sepref_Basic</title>
<link>/theories/sepref_basic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sepref_basic/</guid>
<description></description>
</item>
<item>
<title>Sepref_IICF</title>
<link>/theories/sepref_iicf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sepref_iicf/</guid>
<description></description>
</item>
<item>
<title>Sepref_Prereq</title>
<link>/theories/sepref_prereq/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sepref_prereq/</guid>
<description></description>
</item>
<item>
<title>SequentInvertibility</title>
<link>/theories/sequentinvertibility/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sequentinvertibility/</guid>
<description></description>
</item>
<item>
<title>Shadow_DOM</title>
<link>/theories/shadow_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/shadow_dom/</guid>
<description></description>
</item>
<item>
<title>Shadow_SC_DOM</title>
<link>/theories/shadow_sc_dom/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/shadow_sc_dom/</guid>
<description></description>
</item>
<item>
<title>Shivers-CFA</title>
<link>/theories/shivers-cfa/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/shivers-cfa/</guid>
<description></description>
</item>
<item>
<title>ShortestPath</title>
<link>/theories/shortestpath/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/shortestpath/</guid>
<description></description>
</item>
<item>
<title>Show</title>
<link>/theories/show/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/show/</guid>
<description></description>
</item>
<item>
<title>SIFPL</title>
<link>/theories/sifpl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sifpl/</guid>
<description></description>
</item>
<item>
<title>SIFUM_Type_Systems</title>
<link>/theories/sifum_type_systems/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sifum_type_systems/</guid>
<description></description>
</item>
<item>
<title>Sigma_Commit_Crypto</title>
<link>/theories/sigma_commit_crypto/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sigma_commit_crypto/</guid>
<description></description>
</item>
<item>
<title>Signature_Groebner</title>
<link>/theories/signature_groebner/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/signature_groebner/</guid>
<description></description>
</item>
<item>
<title>Simpl</title>
<link>/theories/simpl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/simpl/</guid>
<description></description>
</item>
<item>
<title>Simple_Firewall</title>
<link>/theories/simple_firewall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/simple_firewall/</guid>
<description></description>
</item>
<item>
<title>Simplex</title>
<link>/theories/simplex/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/simplex/</guid>
<description></description>
</item>
<item>
<title>Simplicial_complexes_and_boolean_functions</title>
<link>/theories/simplicial_complexes_and_boolean_functions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/simplicial_complexes_and_boolean_functions/</guid>
<description></description>
</item>
<item>
<title>SimplifiedOntologicalArgument</title>
<link>/theories/simplifiedontologicalargument/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/simplifiedontologicalargument/</guid>
<description></description>
</item>
<item>
<title>Skew_Heap</title>
<link>/theories/skew_heap/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/skew_heap/</guid>
<description></description>
</item>
<item>
<title>Skip_Lists</title>
<link>/theories/skip_lists/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/skip_lists/</guid>
<description></description>
</item>
<item>
<title>Slicing</title>
<link>/theories/slicing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/slicing/</guid>
<description></description>
</item>
<item>
<title>Sliding_Window_Algorithm</title>
<link>/theories/sliding_window_algorithm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sliding_window_algorithm/</guid>
<description></description>
</item>
<item>
<title>SM</title>
<link>/theories/sm/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sm/</guid>
<description></description>
</item>
<item>
<title>SM_Base</title>
<link>/theories/sm_base/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sm_base/</guid>
<description></description>
</item>
<item>
<title>Smith_Normal_Form</title>
<link>/theories/smith_normal_form/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/smith_normal_form/</guid>
<description></description>
</item>
<item>
<title>Smooth_Manifolds</title>
<link>/theories/smooth_manifolds/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/smooth_manifolds/</guid>
<description></description>
</item>
<item>
<title>Solidity</title>
<link>/theories/solidity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/solidity/</guid>
<description></description>
</item>
<item>
<title>Sophomores_Dream</title>
<link>/theories/sophomores_dream/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sophomores_dream/</guid>
<description></description>
</item>
<item>
<title>Sort_Encodings</title>
<link>/theories/sort_encodings/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sort_encodings/</guid>
<description></description>
</item>
<item>
<title>Source_Coding_Theorem</title>
<link>/theories/source_coding_theorem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/source_coding_theorem/</guid>
<description></description>
</item>
<item>
<title>SPARCv8</title>
<link>/theories/sparcv8/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sparcv8/</guid>
<description></description>
</item>
<item>
<title>SpecCheck</title>
<link>/theories/speccheck/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/speccheck/</guid>
<description></description>
</item>
<item>
<title>Special_Function_Bounds</title>
<link>/theories/special_function_bounds/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/special_function_bounds/</guid>
<description></description>
</item>
<item>
<title>Splay_Tree</title>
<link>/theories/splay_tree/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/splay_tree/</guid>
<description></description>
</item>
<item>
<title>Sqrt_Babylonian</title>
<link>/theories/sqrt_babylonian/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sqrt_babylonian/</guid>
<description></description>
</item>
<item>
<title>Stable_Matching</title>
<link>/theories/stable_matching/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stable_matching/</guid>
<description></description>
</item>
<item>
<title>Stalnaker_Logic</title>
<link>/theories/stalnaker_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stalnaker_logic/</guid>
<description></description>
</item>
<item>
<title>Statecharts</title>
<link>/theories/statecharts/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/statecharts/</guid>
<description></description>
</item>
<item>
<title>Stateful_Protocol_Composition_and_Typing</title>
<link>/theories/stateful_protocol_composition_and_typing/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stateful_protocol_composition_and_typing/</guid>
<description></description>
</item>
<item>
<title>Stellar_Quorums</title>
<link>/theories/stellar_quorums/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stellar_quorums/</guid>
<description></description>
</item>
<item>
<title>Stern_Brocot</title>
<link>/theories/stern_brocot/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stern_brocot/</guid>
<description></description>
</item>
<item>
<title>Stewart_Apollonius</title>
<link>/theories/stewart_apollonius/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stewart_apollonius/</guid>
<description></description>
</item>
<item>
<title>Stirling_Formula</title>
<link>/theories/stirling_formula/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stirling_formula/</guid>
<description></description>
</item>
<item>
<title>Stochastic_Matrices</title>
<link>/theories/stochastic_matrices/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stochastic_matrices/</guid>
<description></description>
</item>
<item>
<title>Stone_Algebras</title>
<link>/theories/stone_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stone_algebras/</guid>
<description></description>
</item>
<item>
<title>Stone_Kleene_Relation_Algebras</title>
<link>/theories/stone_kleene_relation_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stone_kleene_relation_algebras/</guid>
<description></description>
</item>
<item>
<title>Stone_Relation_Algebras</title>
<link>/theories/stone_relation_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stone_relation_algebras/</guid>
<description></description>
</item>
<item>
<title>Store_Buffer_Reduction</title>
<link>/theories/store_buffer_reduction/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/store_buffer_reduction/</guid>
<description></description>
</item>
<item>
<title>Stream-Fusion</title>
<link>/theories/stream-fusion/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stream-fusion/</guid>
<description></description>
</item>
<item>
<title>Stream_Fusion_Code</title>
<link>/theories/stream_fusion_code/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stream_fusion_code/</guid>
<description></description>
</item>
<item>
<title>Strong_Security</title>
<link>/theories/strong_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/strong_security/</guid>
<description></description>
</item>
<item>
<title>Sturm_Sequences</title>
<link>/theories/sturm_sequences/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sturm_sequences/</guid>
<description></description>
</item>
<item>
<title>Sturm_Tarski</title>
<link>/theories/sturm_tarski/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sturm_tarski/</guid>
<description></description>
</item>
<item>
<title>Stuttering_Equivalence</title>
<link>/theories/stuttering_equivalence/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/stuttering_equivalence/</guid>
<description></description>
</item>
<item>
<title>Subresultants</title>
<link>/theories/subresultants/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/subresultants/</guid>
<description></description>
</item>
<item>
<title>Subset_Boolean_Algebras</title>
<link>/theories/subset_boolean_algebras/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/subset_boolean_algebras/</guid>
<description></description>
</item>
<item>
<title>SumSquares</title>
<link>/theories/sumsquares/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sumsquares/</guid>
<description></description>
</item>
<item>
<title>Sunflowers</title>
<link>/theories/sunflowers/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/sunflowers/</guid>
<description></description>
</item>
<item>
<title>SuperCalc</title>
<link>/theories/supercalc/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/supercalc/</guid>
<description></description>
</item>
<item>
<title>Surprise_Paradox</title>
<link>/theories/surprise_paradox/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/surprise_paradox/</guid>
<description></description>
</item>
<item>
<title>Symmetric_Polynomials</title>
<link>/theories/symmetric_polynomials/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/symmetric_polynomials/</guid>
<description></description>
</item>
<item>
<title>Syntax_Independent_Logic</title>
<link>/theories/syntax_independent_logic/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/syntax_independent_logic/</guid>
<description></description>
</item>
<item>
<title>Szemeredi_Regularity</title>
<link>/theories/szemeredi_regularity/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/szemeredi_regularity/</guid>
<description></description>
</item>
<item>
<title>Szpilrajn</title>
<link>/theories/szpilrajn/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/szpilrajn/</guid>
<description></description>
</item>
<item>
<title>Tail_Recursive_Functions</title>
<link>/theories/tail_recursive_functions/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tail_recursive_functions/</guid>
<description></description>
</item>
<item>
<title>Tarskis_Geometry</title>
<link>/theories/tarskis_geometry/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tarskis_geometry/</guid>
<description></description>
</item>
<item>
<title>Taylor_Models</title>
<link>/theories/taylor_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/taylor_models/</guid>
<description></description>
</item>
<item>
<title>TESL_Language</title>
<link>/theories/tesl_language/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tesl_language/</guid>
<description></description>
</item>
<item>
<title>Three_Circles</title>
<link>/theories/three_circles/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/three_circles/</guid>
<description></description>
</item>
<item>
<title>Timed_Automata</title>
<link>/theories/timed_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/timed_automata/</guid>
<description></description>
</item>
<item>
<title>TLA</title>
<link>/theories/tla/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tla/</guid>
<description></description>
</item>
<item>
<title>Topological_Semantics</title>
<link>/theories/topological_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/topological_semantics/</guid>
<description></description>
</item>
<item>
<title>Topology</title>
<link>/theories/topology/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/topology/</guid>
<description></description>
</item>
<item>
<title>TortoiseHare</title>
<link>/theories/tortoisehare/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tortoisehare/</guid>
<description></description>
</item>
<item>
<title>Transcendence_Series_Hancl_Rucki</title>
<link>/theories/transcendence_series_hancl_rucki/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transcendence_series_hancl_rucki/</guid>
<description></description>
</item>
<item>
<title>Transformer_Semantics</title>
<link>/theories/transformer_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transformer_semantics/</guid>
<description></description>
</item>
<item>
<title>Transition_Systems_and_Automata</title>
<link>/theories/transition_systems_and_automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transition_systems_and_automata/</guid>
<description></description>
</item>
<item>
<title>Transitive-Closure</title>
<link>/theories/transitive-closure/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transitive-closure/</guid>
<description></description>
</item>
<item>
<title>Transitive-Closure-II</title>
<link>/theories/transitive-closure-ii/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transitive-closure-ii/</guid>
<description></description>
</item>
<item>
<title>Transitive_Models</title>
<link>/theories/transitive_models/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/transitive_models/</guid>
<description></description>
</item>
<item>
<title>Treaps</title>
<link>/theories/treaps/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/treaps/</guid>
<description></description>
</item>
<item>
<title>Tree-Automata</title>
<link>/theories/tree-automata/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tree-automata/</guid>
<description></description>
</item>
<item>
<title>Tree_Decomposition</title>
<link>/theories/tree_decomposition/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tree_decomposition/</guid>
<description></description>
</item>
<item>
<title>Triangle</title>
<link>/theories/triangle/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/triangle/</guid>
<description></description>
</item>
<item>
<title>Trie</title>
<link>/theories/trie/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/trie/</guid>
<description></description>
</item>
<item>
<title>Twelvefold_Way</title>
<link>/theories/twelvefold_way/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/twelvefold_way/</guid>
<description></description>
</item>
<item>
<title>Tycon</title>
<link>/theories/tycon/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/tycon/</guid>
<description></description>
</item>
<item>
<title>Types_Tableaus_and_Goedels_God</title>
<link>/theories/types_tableaus_and_goedels_god/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/types_tableaus_and_goedels_god/</guid>
<description></description>
</item>
<item>
<title>Types_To_Sets_Extension</title>
<link>/theories/types_to_sets_extension/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/types_to_sets_extension/</guid>
<description></description>
</item>
<item>
<title>Undirected_Graph_Theory</title>
<link>/theories/undirected_graph_theory/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/undirected_graph_theory/</guid>
<description></description>
</item>
<item>
<title>Universal_Hash_Families</title>
<link>/theories/universal_hash_families/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/universal_hash_families/</guid>
<description></description>
</item>
<item>
<title>Universal_Turing_Machine</title>
<link>/theories/universal_turing_machine/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/universal_turing_machine/</guid>
<description></description>
</item>
<item>
<title>UpDown_Scheme</title>
<link>/theories/updown_scheme/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/updown_scheme/</guid>
<description></description>
</item>
<item>
<title>UPF</title>
<link>/theories/upf/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/upf/</guid>
<description></description>
</item>
<item>
<title>UPF_Firewall</title>
<link>/theories/upf_firewall/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/upf_firewall/</guid>
<description></description>
</item>
<item>
<title>UTP</title>
<link>/theories/utp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/utp/</guid>
<description></description>
</item>
<item>
<title>UTP-Toolkit</title>
<link>/theories/utp-toolkit/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/utp-toolkit/</guid>
<description></description>
</item>
<item>
<title>Valuation</title>
<link>/theories/valuation/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/valuation/</guid>
<description></description>
</item>
<item>
<title>Van_der_Waerden</title>
<link>/theories/van_der_waerden/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/van_der_waerden/</guid>
<description></description>
</item>
<item>
<title>Van_Emde_Boas_Trees</title>
<link>/theories/van_emde_boas_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/van_emde_boas_trees/</guid>
<description></description>
</item>
<item>
<title>VectorSpace</title>
<link>/theories/vectorspace/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/vectorspace/</guid>
<description></description>
</item>
<item>
<title>VeriComp</title>
<link>/theories/vericomp/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/vericomp/</guid>
<description></description>
</item>
<item>
<title>Verified-Prover</title>
<link>/theories/verified-prover/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/verified-prover/</guid>
<description></description>
</item>
<item>
<title>Verified_SAT_Based_AI_Planning</title>
<link>/theories/verified_sat_based_ai_planning/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/verified_sat_based_ai_planning/</guid>
<description></description>
</item>
<item>
<title>VerifyThis2018</title>
<link>/theories/verifythis2018/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/verifythis2018/</guid>
<description></description>
</item>
<item>
<title>VerifyThis2019</title>
<link>/theories/verifythis2019/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/verifythis2019/</guid>
<description></description>
</item>
<item>
<title>Vickrey_Clarke_Groves</title>
<link>/theories/vickrey_clarke_groves/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/vickrey_clarke_groves/</guid>
<description></description>
</item>
<item>
<title>Virtual_Substitution</title>
<link>/theories/virtual_substitution/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/virtual_substitution/</guid>
<description></description>
</item>
<item>
<title>VolpanoSmith</title>
<link>/theories/volpanosmith/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/volpanosmith/</guid>
<description></description>
</item>
<item>
<title>VYDRA_MDL</title>
<link>/theories/vydra_mdl/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/vydra_mdl/</guid>
<description></description>
</item>
<item>
<title>WebAssembly</title>
<link>/theories/webassembly/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/webassembly/</guid>
<description></description>
</item>
<item>
<title>Weight_Balanced_Trees</title>
<link>/theories/weight_balanced_trees/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/weight_balanced_trees/</guid>
<description></description>
</item>
<item>
<title>Weighted_Arithmetic_Geometric_Mean</title>
<link>/theories/weighted_arithmetic_geometric_mean/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/weighted_arithmetic_geometric_mean/</guid>
<description></description>
</item>
<item>
<title>Weighted_Path_Order</title>
<link>/theories/weighted_path_order/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/weighted_path_order/</guid>
<description></description>
</item>
<item>
<title>Well_Quasi_Orders</title>
<link>/theories/well_quasi_orders/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/well_quasi_orders/</guid>
<description></description>
</item>
<item>
<title>Wetzels_Problem</title>
<link>/theories/wetzels_problem/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/wetzels_problem/</guid>
<description></description>
</item>
<item>
<title>WHATandWHERE_Security</title>
<link>/theories/whatandwhere_security/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/whatandwhere_security/</guid>
<description></description>
</item>
<item>
<title>Winding_Number_Eval</title>
<link>/theories/winding_number_eval/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/winding_number_eval/</guid>
<description></description>
</item>
<item>
<title>WOOT_Strong_Eventual_Consistency</title>
<link>/theories/woot_strong_eventual_consistency/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/woot_strong_eventual_consistency/</guid>
<description></description>
</item>
<item>
<title>Word_Lib</title>
<link>/theories/word_lib/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/word_lib/</guid>
<description></description>
</item>
<item>
<title>WorkerWrapper</title>
<link>/theories/workerwrapper/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/workerwrapper/</guid>
<description></description>
</item>
<item>
<title>X86_Semantics</title>
<link>/theories/x86_semantics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/x86_semantics/</guid>
<description></description>
</item>
<item>
<title>XML</title>
<link>/theories/xml/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/xml/</guid>
<description></description>
</item>
<item>
<title>Youngs_Inequality</title>
<link>/theories/youngs_inequality/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/youngs_inequality/</guid>
<description></description>
</item>
<item>
<title>Zeta_3_Irrational</title>
<link>/theories/zeta_3_irrational/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/zeta_3_irrational/</guid>
<description></description>
</item>
<item>
<title>Zeta_Function</title>
<link>/theories/zeta_function/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/zeta_function/</guid>
<description></description>
</item>
<item>
<title>ZFC_in_HOL</title>
<link>/theories/zfc_in_hol/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>/theories/zfc_in_hol/</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/theories/query_optimization/index.html b/web/theories/query_optimization/index.html
new file mode 100644
--- /dev/null
+++ b/web/theories/query_optimization/index.html
@@ -0,0 +1,97 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+ <meta charset="utf-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
+ <meta name="viewport" content="width=device-width, initial-scale=1"><title>Query_Optimization - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><meta property="og:title" content="Query_Optimization" />
+<meta property="og:description" content="" />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="/theories/query_optimization/" /><meta property="og:image" content="/images/afp.png"/><meta property="article:section" content="theories" />
+
+<meta property="og:site_name" content="Archive of Formal Proofs" />
+
+<meta name="twitter:card" content="summary_large_image"/>
+<meta name="twitter:image" content="/images/afp.png"/>
+
+<meta name="twitter:title" content="Query_Optimization"/>
+<meta name="twitter:description" content=""/>
+
+
+ <link rel="stylesheet" type="text/css" href="../../css/front.min.css"><link rel="stylesheet" type="text/css" href="../../css/isabelle.css">
+
+
+ <link rel="icon" href="../../images/favicon.ico" type="image/icon"><script src="../../js/obfuscate.js"></script>
+ <script src="../../js/flexsearch.bundle.js"></script>
+ <script src="../../js/scroll-spy.js"></script>
+ <script src="../../js/theory.js"></script>
+ <script src="../../js/util.js"></script><script src="../../js/header-search.js"></script><script src="../../js/search-autocomplete.js"></script>
+</head>
+
+
+<body class='mathjax_ignore theories'>
+ <aside>
+ <div id="menu-toggle">
+ <input id="toggle" type="checkbox" />
+ <label for="toggle">
+ <span>menu</span>
+ <img src="../../images/menu.svg" alt="Menu" />
+ </label>
+
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
+ </a>
+
+ <nav id="menu">
+ <div>
+ <a href="../../" class='logo-link'>
+ <img src="../../images/afp.png" alt='Logo of the Archive of Formal Proofs'
+ class="logo">
+ </a>
+ <ul id="return">
+ <li><a href="../../entries/Query_Optimization.html">Return to entry</a></li>
+ </ul>
+ <hr>
+ <ul id="theory-navbar" class="list-group"></ul>
+ </div>
+ </nav>
+</div>
+
+ </aside>
+
+ <div
+ class='content '><header>
+ <form autocomplete="off" action="../../search">
+ <div class='form-container'>
+ <input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
+ id="search-button" type="button"><img src="../../images/search.svg" alt="Search" /></button>
+ <datalist id="autocomplete">
+ </datalist>
+ </div>
+ </form>
+ <h1 >
+ <span class='first'>Q</span>uery_<span class='first'>O</span>ptimization</h1>
+ <div>
+
+
+ </div>
+</header><div><main id="theories">
+ <a id="Misc" href="https://www.isa-afp.org/browser_info/current/AFP/Query_Optimization/Misc.html"><h2>Misc</h2></a>
+ <a id="Graph_Theory_Batteries" href="https://www.isa-afp.org/browser_info/current/AFP/Query_Optimization/Graph_Theory_Batteries.html"><h2>Graph_Theory_Batteries</h2></a>
+ <a id="Graph_Definitions" href="https://www.isa-afp.org/browser_info/current/AFP/Query_Optimization/Graph_Definitions.html"><h2>Graph_Definitions</h2></a>
+ <a id="Shortest_Path_Tree" href="https://www.isa-afp.org/browser_info/current/AFP/Query_Optimization/Shortest_Path_Tree.html"><h2>Shortest_Path_Tree</h2></a>
+ <a id="Selectivities" href="https://www.isa-afp.org/browser_info/current/AFP/Query_Optimization/Selectivities.html"><h2>Selectivities</h2></a>
+ <a id="JoinTree" href="https://www.isa-afp.org/browser_info/current/AFP/Query_Optimization/JoinTree.html"><h2>JoinTree</h2></a>
+ <a id="CostFunctions" href="https://www.isa-afp.org/browser_info/current/AFP/Query_Optimization/CostFunctions.html"><h2>CostFunctions</h2></a>
+ <a id="Graph_Additions" href="https://www.isa-afp.org/browser_info/current/AFP/Query_Optimization/Graph_Additions.html"><h2>Graph_Additions</h2></a>
+ <a id="QueryGraph" href="https://www.isa-afp.org/browser_info/current/AFP/Query_Optimization/QueryGraph.html"><h2>QueryGraph</h2></a>
+ <a id="Directed_Tree_Additions" href="https://www.isa-afp.org/browser_info/current/AFP/Query_Optimization/Directed_Tree_Additions.html"><h2>Directed_Tree_Additions</h2></a>
+ <a id="Dtree" href="https://www.isa-afp.org/browser_info/current/AFP/Query_Optimization/Dtree.html"><h2>Dtree</h2></a>
+ <a id="List_Dtree" href="https://www.isa-afp.org/browser_info/current/AFP/Query_Optimization/List_Dtree.html"><h2>List_Dtree</h2></a>
+ <a id="IKKBZ" href="https://www.isa-afp.org/browser_info/current/AFP/Query_Optimization/IKKBZ.html"><h2>IKKBZ</h2></a>
+ <a id="IKKBZ_Optimality" href="https://www.isa-afp.org/browser_info/current/AFP/Query_Optimization/IKKBZ_Optimality.html"><h2>IKKBZ_Optimality</h2></a>
+ <a id="IKKBZ_Examples" href="https://www.isa-afp.org/browser_info/current/AFP/Query_Optimization/IKKBZ_Examples.html"><h2>IKKBZ_Examples</h2></a></main>
+ </div>
+ </div>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/web/topics/computer-science/data-management-systems/index.html b/web/topics/computer-science/data-management-systems/index.html
--- a/web/topics/computer-science/data-management-systems/index.html
+++ b/web/topics/computer-science/data-management-systems/index.html
@@ -1,117 +1,124 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Computer science/Data management systems - Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><link rel="alternate" type="application/rss+xml" href="../../../topics/computer-science/data-management-systems/index.xml" title="Archive of Formal Proofs" /><meta property="og:title" content="Computer science/Data management systems" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/computer-science/data-management-systems/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Computer science/Data management systems"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../../../css/front.min.css">
<link rel="icon" href="../../../images/favicon.ico" type="image/icon"><script src="../../../js/obfuscate.js"></script>
<script src="../../../js/flexsearch.bundle.js"></script>
<script src="../../../js/scroll-spy.js"></script>
<script src="../../../js/theory.js"></script>
<script src="../../../js/util.js"></script><script src="../../../js/header-search.js"></script><script src="../../../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../../../images/menu.svg" alt="Menu" />
</label>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../../../search"><img src="../../../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../../../" class='logo-link'>
<img src="../../../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../../../"><li >Home</li></a>
<a href="../../../topics/"><li >Topics</li></a>
<a href="../../../download/"><li >Download</li></a>
<a href="../../../help/"><li >Help</li></a>
<a href="../../../submission/"><li >Submission</li></a>
<a href="../../../statistics/"><li >Statistics</li></a>
<a href="../../../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../../../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../../../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>C</span>omputer <span class='first'>S</span>cience/<span class='first'>D</span>ata <span class='first'>M</span>anagement <span class='first'>S</span>ystems</h1>
<div>
</div>
</header><div><h2>Subject Classification</h2><p>ACM: <a href="https://dl.acm.org/topic/ccs2012/10002951.10002952">Information systems~Data management systems</a></p><p>AMS: <a href="https://mathscinet.ams.org/mathscinet/msc/msc2020.html?t=68P15">Computer science / Theory of data / Database theory</a></p><h2 class="head">2022</h2><article class="entry">
<div class="item-text">
+ <h5><a class="title" href="../../../entries/Query_Optimization.html">Verification of Query Optimization Algorithms</a></h5> <br>by <a href="../../../authors/stevens">Lukas Stevens</a> and <a href="../../../authors/stoeckl">Bernhard Stöckl</a></div>
+ <span class="date">
+ Oct 04
+ </span>
+</article>
+<article class="entry">
+ <div class="item-text">
<h5><a class="title" href="../../../entries/Safe_Range_RC.html">Making Arbitrary Relational Calculus Queries Safe-Range</a></h5> <br>by <a href="../../../authors/raszyk">Martin Raszyk</a> and <a href="../../../authors/traytel">Dmitriy Traytel</a></div>
<span class="date">
Sep 28
</span>
</article>
<article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Eval_FO.html">First-Order Query Evaluation</a></h5> <br>by <a href="../../../authors/raszyk">Martin Raszyk</a></div>
<span class="date">
Feb 15
</span>
</article>
<h2 class="head">2021</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/BTree.html">A Verified Imperative Implementation of B-Trees</a></h5> <br>by <a href="../../../authors/muendler">Niels Mündler</a></div>
<span class="date">
Feb 24
</span>
</article>
<h2 class="head">2019</h2><article class="entry">
<div class="item-text">
<h5><a class="title" href="../../../entries/Generic_Join.html">Formalization of Multiway-Join Algorithms</a></h5> <br>by <a href="../../../authors/dardinier">Thibault Dardinier</a></div>
<span class="date">
Sep 16
</span>
</article>
</div>
</div>
</body>
</html>
\ No newline at end of file
diff --git a/web/topics/computer-science/data-management-systems/index.xml b/web/topics/computer-science/data-management-systems/index.xml
--- a/web/topics/computer-science/data-management-systems/index.xml
+++ b/web/topics/computer-science/data-management-systems/index.xml
@@ -1,46 +1,55 @@
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>Computer science/Data management systems on Archive of Formal Proofs</title>
<link>/topics/computer-science/data-management-systems/</link>
<description>Recent content in Computer science/Data management systems on Archive of Formal Proofs</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-gb</language><atom:link href="/topics/computer-science/data-management-systems/index.xml" rel="self" type="application/rss+xml" />
<item>
+ <title>Verification of Query Optimization Algorithms</title>
+ <link>/entries/Query_Optimization.html</link>
+ <pubDate>Tue, 04 Oct 2022 00:00:00 +0000</pubDate>
+
+ <guid>/entries/Query_Optimization.html</guid>
+ <description></description>
+ </item>
+
+ <item>
<title>Making Arbitrary Relational Calculus Queries Safe-Range</title>
<link>/entries/Safe_Range_RC.html</link>
<pubDate>Wed, 28 Sep 2022 00:00:00 +0000</pubDate>
<guid>/entries/Safe_Range_RC.html</guid>
<description></description>
</item>
<item>
<title>First-Order Query Evaluation</title>
<link>/entries/Eval_FO.html</link>
<pubDate>Tue, 15 Feb 2022 00:00:00 +0000</pubDate>
<guid>/entries/Eval_FO.html</guid>
<description></description>
</item>
<item>
<title>A Verified Imperative Implementation of B-Trees</title>
<link>/entries/BTree.html</link>
<pubDate>Wed, 24 Feb 2021 00:00:00 +0000</pubDate>
<guid>/entries/BTree.html</guid>
<description></description>
</item>
<item>
<title>Formalization of Multiway-Join Algorithms</title>
<link>/entries/Generic_Join.html</link>
<pubDate>Mon, 16 Sep 2019 00:00:00 +0000</pubDate>
<guid>/entries/Generic_Join.html</guid>
<description></description>
</item>
</channel>
</rss>
diff --git a/web/topics/index.html b/web/topics/index.html
--- a/web/topics/index.html
+++ b/web/topics/index.html
@@ -1,121 +1,121 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1"><title>Archive of Formal Proofs</title><meta name="description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."><meta property="og:title" content="Topics" />
<meta property="og:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle." />
<meta property="og:type" content="website" />
<meta property="og:url" content="/topics/" /><meta property="og:image" content="/images/afp.png"/><meta property="og:site_name" content="Archive of Formal Proofs" />
<meta name="twitter:card" content="summary_large_image"/>
<meta name="twitter:image" content="/images/afp.png"/>
<meta name="twitter:title" content="Topics"/>
<meta name="twitter:description" content="A collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle."/>
<link rel="stylesheet" type="text/css" href="../css/front.min.css">
<link rel="icon" href="../images/favicon.ico" type="image/icon"><script src="../js/obfuscate.js"></script>
<script src="../js/flexsearch.bundle.js"></script>
<script src="../js/scroll-spy.js"></script>
<script src="../js/theory.js"></script>
<script src="../js/util.js"></script><script src="../js/header-search.js"></script><script src="../js/search-autocomplete.js"></script>
</head>
<body class='mathjax_ignore '>
<aside>
<div id="menu-toggle">
<input id="toggle" type="checkbox" />
<label for="toggle">
<span>menu</span>
<img src="../images/menu.svg" alt="Menu" />
</label>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<a href="../search"><img src="../images/search.svg" alt="Search" /></a>
<nav id="menu">
<div>
<a href="../" class='logo-link'>
<img src="../images/afp.png" alt='Logo of the Archive of Formal Proofs' class="logo">
</a>
<ul>
<a href="../"><li >Home</li></a>
<a href="../topics/"><li >Topics</li></a>
<a href="../download/"><li >Download</li></a>
<a href="../help/"><li >Help</li></a>
<a href="../submission/"><li >Submission</li></a>
<a href="../statistics/"><li >Statistics</li></a>
<a href="../about/"><li >About</li></a>
</ul>
</div>
</nav>
</div>
</aside>
<div
class='content '><header>
<form autocomplete="off" action="../search">
<div class='form-container'>
<input id="search-input" type="search" size="31" maxlength="255" value="" aria-label="Search the AFP" list="autocomplete"><button
id="search-button" type="button"><img src="../images/search.svg" alt="Search" /></button>
<datalist id="autocomplete">
</datalist>
</div>
</form>
<h1 >
<span class='first'>T</span>opics</h1>
<div>
</div>
</header><div>
<h2>Computer science</h2>
<ul><li><h3><a href="../topics/computer-science/algorithms">Algorithms (40)</a></h3></li>
<ul><li><a href="../topics/computer-science/algorithms/approximation">Approximation (2)</a></li><li><a href="../topics/computer-science/algorithms/concurrent">Concurrent (1)</a></li><li><a href="../topics/computer-science/algorithms/distributed">Distributed (13)</a></li><li><a href="../topics/computer-science/algorithms/geometry">Geometry (1)</a></li><li><a href="../topics/computer-science/algorithms/graph">Graph (15)</a></li><li><a href="../topics/computer-science/algorithms/mathematical">Mathematical (20)</a></li><li><a href="../topics/computer-science/algorithms/online">Online (1)</a></li><li><a href="../topics/computer-science/algorithms/optimization">Optimization (1)</a></li><li><a href="../topics/computer-science/algorithms/quantum-computing">Quantum computing (3)</a></li></ul><li><h3><a href="../topics/computer-science/artificial-intelligence">Artificial intelligence (2)</a></h3></li>
<ul></ul><li><h3><a href="../topics/computer-science/automata-and-formal-languages">Automata and formal languages (50)</a></h3></li>
<ul></ul><li><h3><a href="../topics/computer-science/concurrency">Concurrency (6)</a></h3></li>
- <ul><li><a href="../topics/computer-science/concurrency/process-calculi">Process calculi (13)</a></li></ul><li><h3><a href="../topics/computer-science/data-management-systems">Data management systems (4)</a></h3></li>
+ <ul><li><a href="../topics/computer-science/concurrency/process-calculi">Process calculi (13)</a></li></ul><li><h3><a href="../topics/computer-science/data-management-systems">Data management systems (5)</a></h3></li>
<ul></ul><li><h3><a href="../topics/computer-science/data-structures">Data structures (65)</a></h3></li>
<ul></ul><li><h3><a href="../topics/computer-science/functional-programming">Functional programming (24)</a></h3></li>
<ul></ul><li><h3><a href="../topics/computer-science/hardware">Hardware (2)</a></h3></li>
<ul></ul><li><h3><a href="../topics/computer-science/machine-learning">Machine learning (2)</a></h3></li>
<ul></ul><li><h3><a href="../topics/computer-science/networks">Networks (7)</a></h3></li>
<ul></ul><li><h3><a href="../topics/computer-science/programming-languages">Programming languages (3)</a></h3></li>
<ul><li><a href="../topics/computer-science/programming-languages/compiling">Compiling (9)</a></li><li><a href="../topics/computer-science/programming-languages/lambda-calculi">Lambda calculi (9)</a></li><li><a href="../topics/computer-science/programming-languages/language-definitions">Language definitions (18)</a></li><li><a href="../topics/computer-science/programming-languages/logics">Logics (30)</a></li><li><a href="../topics/computer-science/programming-languages/misc">Misc (4)</a></li><li><a href="../topics/computer-science/programming-languages/static-analysis">Static analysis (9)</a></li><li><a href="../topics/computer-science/programming-languages/type-systems">Type systems (10)</a></li></ul><li><h3><a href="../topics/computer-science/security">Security (46)</a></h3></li>
<ul><li><a href="../topics/computer-science/security/cryptography">Cryptography (7)</a></li></ul><li><h3><a href="../topics/computer-science/semantics-and-reasoning">Semantics and reasoning (14)</a></h3></li>
<ul></ul><li><h3><a href="../topics/computer-science/system-description-languages">System description languages (7)</a></h3></li>
<ul></ul></ul><h2>Logic</h2>
<ul><li><h3><a href="../topics/logic/computability">Computability (6)</a></h3></li>
<ul></ul><li><h3><a href="../topics/logic/general-logic">General logic (2)</a></h3></li>
<ul><li><a href="../topics/logic/general-logic/classical-first-order-logic">Classical first-order logic (6)</a></li><li><a href="../topics/logic/general-logic/classical-propositional-logic">Classical propositional logic (2)</a></li><li><a href="../topics/logic/general-logic/decidability-of-theories">Decidability of theories (4)</a></li><li><a href="../topics/logic/general-logic/logics-of-knowledge-and-belief">Logics of knowledge and belief (6)</a></li><li><a href="../topics/logic/general-logic/mechanization-of-proofs">Mechanization of proofs (13)</a></li><li><a href="../topics/logic/general-logic/modal-logic">Modal logic (6)</a></li><li><a href="../topics/logic/general-logic/paraconsistent-logics">Paraconsistent logics (1)</a></li><li><a href="../topics/logic/general-logic/temporal-logic">Temporal logic (6)</a></li></ul><li><h3><a href="../topics/logic/philosophical-aspects">Philosophical aspects (10)</a></h3></li>
<ul></ul><li><h3><a href="../topics/logic/proof-theory">Proof theory (20)</a></h3></li>
<ul></ul><li><h3><a href="../topics/logic/rewriting">Rewriting (18)</a></h3></li>
<ul></ul><li><h3><a href="../topics/logic/set-theory">Set theory (12)</a></h3></li>
<ul></ul></ul><h2>Mathematics</h2>
<ul><li><h3><a href="../topics/mathematics/algebra">Algebra (78)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/analysis">Analysis (52)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/category-theory">Category theory (9)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/combinatorics">Combinatorics (32)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/games-and-economics">Games and economics (15)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/geometry">Geometry (21)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/graph-theory">Graph theory (23)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/measure-and-integration">Measure and integration (1)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/misc">Misc (3)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/number-theory">Number theory (40)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/order">Order (6)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/physics">Physics (4)</a></h3></li>
<ul><li><a href="../topics/mathematics/physics/quantum-information">Quantum information (2)</a></li></ul><li><h3><a href="../topics/mathematics/probability-theory">Probability theory (19)</a></h3></li>
<ul></ul><li><h3><a href="../topics/mathematics/topology">Topology (5)</a></h3></li>
<ul></ul></ul><h2><a href="../topics/tools">Tools (21)</a></h2>
<ul></ul>
</div>
</div>
</body>
</html>
\ No newline at end of file

File Metadata

Mime Type
application/octet-stream
Expires
Sun, May 5, 4:51 PM (1 d, 23 h)
Storage Engine
chunks
Storage Format
Chunks
Storage Handle
vIyT9x7H6DmE
Default Alt Text
(4 MB)

Event Timeline