Commit 1349b793 authored by Mário's avatar Mário

mlcfg: new example arith.Fact

Factorial computation following the *Program Graphs* presentation
by Nielson and Nielson in their book "Formal Methods -- An Appetizer".
parent a658e2d0
......@@ -26,3 +26,31 @@ module Fib
}
end
module Fact
(* Factorial computation, following Nielson and Nielson's implementation
in their book "Formal Methods -- An Appetizer" (Section 1.1, page 1) *)
use int.Int, int.Fact
let cfg fact (x0: int) : int
requires { x0 >= 0 }
ensures { result = fact x0 }
= var y: int;
var x: int;
{
y <- 1;
x <- x0;
goto L1
}
L1 {
invariant I1 { 0 <= x <= x0 };
invariant I2 { fact x * y = fact x0 };
switch (x <= 0)
| True -> y
| False -> y <- x * y; x <- x - 1; goto L1
end
}
end
\ No newline at end of file
......@@ -2,12 +2,42 @@
<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
"http://why3.lri.fr/why3session.dtd">
<why3session shape_version="6">
<prover id="2" name="Alt-Ergo" version="2.3.0" timelimit="1" steplimit="0" memlimit="1000"/>
<prover id="2" name="Alt-Ergo" version="2.3.0" timelimit="5" steplimit="0" memlimit="1000"/>
<file format="mlcfg" proved="true">
<path name=".."/><path name="arith.mlcfg"/>
<theory name="Fib" proved="true">
<goal name="fib&#39;vc" expl="VC for fib" proved="true">
<proof prover="2"><result status="valid" time="0.02" steps="31"/></proof>
<proof prover="2" timelimit="1"><result status="valid" time="0.02" steps="31"/></proof>
</goal>
</theory>
<theory name="Fact" proved="true">
<goal name="fact&#39;vc" expl="VC for fact" proved="true">
<transf name="split_vc" proved="true" >
<goal name="fact&#39;vc.0" expl="check" proved="true">
<proof prover="2"><result status="valid" time="0.00" steps="8"/></proof>
</goal>
<goal name="fact&#39;vc.1" expl="check" proved="true">
<proof prover="2"><result status="valid" time="0.00" steps="8"/></proof>
</goal>
<goal name="fact&#39;vc.2" expl="postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.00" steps="8"/></proof>
</goal>
<goal name="fact&#39;vc.3" expl="postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.01" steps="12"/></proof>
</goal>
<goal name="fact&#39;vc.4" expl="check" proved="true">
<proof prover="2"><result status="valid" time="0.01" steps="16"/></proof>
</goal>
<goal name="fact&#39;vc.5" expl="check" proved="true">
<proof prover="2"><result status="valid" time="0.03" steps="18"/></proof>
</goal>
<goal name="fact&#39;vc.6" expl="postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.01" steps="16"/></proof>
</goal>
<goal name="fact&#39;vc.7" expl="postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.00" steps="4"/></proof>
</goal>
</transf>
</goal>
</theory>
</file>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment