feat: add a shorthand for while-loop invariants#14102
Merged
Merged
Conversation
Rob23oba
suggested changes
Jun 18, 2026
Comment on lines
+2484
to
+2488
| A way to construct `forIn`/`whileM` invarinat by specifying a condition `inv` which should hold | ||
| at the end of each loop itreation (even the breaking one), and a condition `onDone` which should | ||
| hold in the end of the loop *in addition to `inv`*. | ||
| In the case of a normal `while` loop the latter one could always be taken as negation of the loop | ||
| condition |
Contributor
There was a problem hiding this comment.
Suggested change
| A way to construct `forIn`/`whileM` invarinat by specifying a condition `inv` which should hold | |
| at the end of each loop itreation (even the breaking one), and a condition `onDone` which should | |
| hold in the end of the loop *in addition to `inv`*. | |
| In the case of a normal `while` loop the latter one could always be taken as negation of the loop | |
| condition | |
| A way to construct `forIn`/`whileM` invariant by specifying a condition `inv` which should hold | |
| at the end of each loop iteration (even the breaking one), and a condition `onDone` which should | |
| hold in the end of the loop *in addition to `inv`*. | |
| In the case of a normal `while` loop the latter one could always be taken as negation of the loop | |
| condition. |
| -/ | ||
| @[simp] | ||
| noncomputable abbrev RepeatInvariant.withOnDone {α : Type u} {Pred : Type u} [Assertion Pred] | ||
| (inv : α → Pred) (onDone : α → Pred) : RepeatInvariant α α Pred |
Contributor
There was a problem hiding this comment.
Suggested change
| (inv : α → Pred) (onDone : α → Pred) : RepeatInvariant α α Pred | |
| (inv : α → Pred) (onDone : α → Pred) : RepeatInvariant α α Pred |
sgraf812
reviewed
Jun 18, 2026
Comment on lines
+2483
to
+2494
| /-- | ||
| A way to construct `forIn`/`whileM` invarinat by specifying a condition `inv` which should hold | ||
| at the end of each loop itreation (even the breaking one), and a condition `onDone` which should | ||
| hold in the end of the loop *in addition to `inv`*. | ||
| In the case of a normal `while` loop the latter one could always be taken as negation of the loop | ||
| condition | ||
| -/ | ||
| @[simp] | ||
| noncomputable abbrev RepeatInvariant.withOnDone {α : Type u} {Pred : Type u} [Assertion Pred] | ||
| (inv : α → Pred) (onDone : α → Pred) : RepeatInvariant α α Pred | ||
| | .inl a => inv a | ||
| | .inr a => inv a ⊓ onDone a |
Contributor
There was a problem hiding this comment.
Suggested change
| /-- | |
| A way to construct `forIn`/`whileM` invarinat by specifying a condition `inv` which should hold | |
| at the end of each loop itreation (even the breaking one), and a condition `onDone` which should | |
| hold in the end of the loop *in addition to `inv`*. | |
| In the case of a normal `while` loop the latter one could always be taken as negation of the loop | |
| condition | |
| -/ | |
| @[simp] | |
| noncomputable abbrev RepeatInvariant.withOnDone {α : Type u} {Pred : Type u} [Assertion Pred] | |
| (inv : α → Pred) (onDone : α → Pred) : RepeatInvariant α α Pred | |
| | .inl a => inv a | |
| | .inr a => inv a ⊓ onDone a | |
| /-- | |
| Construct an invariant for a `while` loop from a loop invariant `inv` and the | |
| break condition `onBreak`. | |
| The `break` may appear anywhere in the loop, even in positions where `inv` does | |
| not hold. If there is no `break` in the while loop, | |
| `RepeatInvariant.ofWhileNoBreak` can be more convenient to use. | |
| -/ | |
| noncomputable abbrev RepeatInvariant.ofWhile {α : Type u} {Pred : Type u} [Assertion Pred] | |
| (inv : α → Pred) (onBreak : α → Pred) : RepeatInvariant α α Pred | |
| | .inl a => inv a | |
| | .inr a => onBreak a | |
| /-- | |
| Construct an invariant for a break-less `while` loop from a loop invariant | |
| `inv` and the negation of the loop condition `onBreak`. | |
| The resulting `RepeatInvariant` asserts that `inv` holds after the loop in | |
| addition to `onBreak`. | |
| -/ | |
| noncomputable abbrev RepeatInvariant.ofWhileNoBreak {α : Type u} {Pred : Type u} [Assertion Pred] | |
| (inv : α → Pred) (onBreak : α → Pred) : RepeatInvariant α α Pred := | |
| .ofWhile inv (inv ⊓ onBreak) |
github-actions
Bot
added
the
toolchain-available
|
Mathlib CI status (docs):
|
Collaborator
|
Reference manual CI status:
|
…to RepeatInvariant.ofInvariantAndreak
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
volodeyka
force-pushed
the
vova/repeat-inv
branch
from
4599e9f to
9dbd567
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR changes the name
WhileInvariantfromStd/Internal/SpecLemmastoRepeatInvariant, since in most of the cases it will be called when verifyingforIn-repeat loops. Also, we add a new abbreviation to constructRepeatInvarinats. This abbreviation specifies a conditioninvwhich should hold at the end of each loop itreation (even the breaking one), and a conditiononDonewhich should hold in the end of the loop in addition toinv.In the case of a normal
whileloop the latter one could always be taken as negation of the loop condition.