new example (to be completed): finger trees

13bbd6e2 · Martin Clochard · ee84cff8 · 13bbd6e2 · 13bbd6e2 · 13bbd6e2
Commit 13bbd6e2 authored May 04, 2015 by Martin Clochard
--- a/examples/finger_trees.mlw
+++ b/examples/finger_trees.mlw
+
+module FingerTrees
+  
+  use import int.Int
+  use import list.List
+  use import list.Length
+  use import list.Append
+  
+  type digit 'a =
+   | One 'a
+   | Two 'a 'a
+   | Three 'a 'a 'a
+   | Four 'a 'a 'a 'a
+  
+  function d_m (b:digit 'a) : list 'a = match b with
+    | One x -> Cons x Nil
+    | Two y x -> Cons y (Cons x Nil)
+    | Three z y x -> Cons z (Cons y (Cons x Nil))
+    | Four u z y x -> Cons u (Cons z (Cons y (Cons x Nil)))
+    end
+  
+  type node 'a =
+    | Node2 'a 'a
+    | Node3 'a 'a 'a
+  
+  function node_cons (nd:node 'a) (l:list 'a) : list 'a = match nd with
+    | Node2 x y -> Cons x (Cons y l)
+    | Node3 x y z -> Cons x (Cons y (Cons z l))
+    end
+  
+  let lemma node_cons_app (nd:node 'a) (p q:list 'a)
+    ensures { node_cons nd (p++q) = node_cons nd p ++ q }
+  = match nd with Node2 _ _ -> "keep_on_simp" () | _ -> () end
+  
+  function flatten (l:list (node 'a)) : list 'a = match l with
+    | Nil -> Nil
+    | Cons nd q -> node_cons nd (flatten q)
+    end
+  
+  type t 'a =
+    | Empty
+    | Single (digit 'a)
+    | Deep (digit 'a) (t (node 'a)) (digit 'a)
+  
+  function t_m (t:t 'a) : list 'a = match t with
+    | Empty -> Nil
+    | Single x -> d_m x
+    | Deep l m r -> d_m l ++ flatten (t_m m) ++ d_m r
+    end
+  
+  let d_cons (x:'a) (d:digit 'a) : (digit 'a,list (node 'a))
+    returns { (b,o) -> Cons x (d_m d) = d_m b ++ flatten o /\ length o <= 1 }
+  = match d with
+    | One y -> (Two x y , Nil)
+    | Two y z -> (Three x y z , Nil)
+    | Three y z t -> (Four x y z t , Nil)
+    | Four y z t u -> (Two x y , Cons (Node3 z t u) Nil)
+    end
+  
+  let rec cons (x:'a) (t:t 'a) : t 'a
+    ensures { t_m result = Cons x (t_m t) }
+    variant { t }
+  = match t with
+    | Empty -> Single (One x)
+    | Single d -> Deep (One x) Empty d
+    | Deep lf md rg -> let (lf2 , rem) = d_cons x lf in
+      match rem with
+      | Nil -> Deep lf2 md rg
+      | Cons x q -> assert { q = Nil };
+        Deep lf2 (cons x md) rg
+      end
+    end
+  
+end
+
--- a/examples/finger_trees/why3session.xml
+++ b/examples/finger_trees/why3session.xml
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
+"http://why3.lri.fr/why3session.dtd">
+<why3session shape_version="4">
+<prover id="0" name="Alt-Ergo" version="0.99.1" timelimit="5" memlimit="1000"/>
+<prover id="1" name="CVC3" version="2.4.1" timelimit="5" memlimit="1000"/>
+<prover id="2" name="CVC4" version="1.4" timelimit="5" memlimit="1000"/>
+<file name="../finger_trees.mlw" expanded="true">
+<theory name="FingerTrees" sum="c53ab3527c4f3a9462387424b3a2842d" expanded="true">
+ <goal name="WP_parameter node_cons_app" expl="VC for node_cons_app">
+ <transf name="split_goal_wp">
+  <goal name="WP_parameter node_cons_app.1" expl="1. postcondition">
+  <proof prover="0"><result status="valid" time="0.04" steps="74"/></proof>
+  </goal>
+  <goal name="WP_parameter node_cons_app.2" expl="2. postcondition">
+  <proof prover="0"><result status="valid" time="0.04" steps="80"/></proof>
+  </goal>
+ </transf>
+ </goal>
+ <goal name="WP_parameter d_cons" expl="VC for d_cons">
+ <transf name="split_goal_wp">
+  <goal name="WP_parameter d_cons.1" expl="1. postcondition">
+  <proof prover="0"><result status="valid" time="0.03" steps="70"/></proof>
+  </goal>
+  <goal name="WP_parameter d_cons.2" expl="2. postcondition">
+  <proof prover="0"><result status="valid" time="0.04" steps="75"/></proof>
+  </goal>
+  <goal name="WP_parameter d_cons.3" expl="3. postcondition">
+  <proof prover="0"><result status="valid" time="0.03" steps="80"/></proof>
+  </goal>
+  <goal name="WP_parameter d_cons.4" expl="4. postcondition">
+  <proof prover="1"><result status="valid" time="0.03"/></proof>
+  <proof prover="2"><result status="valid" time="0.31"/></proof>
+  </goal>
+ </transf>
+ </goal>
+ <goal name="WP_parameter cons" expl="VC for cons" expanded="true">
+ <transf name="split_goal_wp" expanded="true">
+  <goal name="WP_parameter cons.1" expl="1. postcondition">
+  <proof prover="0"><result status="valid" time="0.02" steps="29"/></proof>
+  </goal>
+  <goal name="WP_parameter cons.2" expl="2. postcondition">
+  <proof prover="0"><result status="valid" time="0.07" steps="151"/></proof>
+  </goal>
+  <goal name="WP_parameter cons.3" expl="3. postcondition">
+  <proof prover="0"><result status="valid" time="0.18" steps="184"/></proof>
+  </goal>
+  <goal name="WP_parameter cons.4" expl="4. assertion">
+  <proof prover="0"><result status="valid" time="0.11" steps="140"/></proof>
+  </goal>
+  <goal name="WP_parameter cons.5" expl="5. variant decrease">
+  <proof prover="0"><result status="valid" time="0.02" steps="28"/></proof>
+  </goal>
+  <goal name="WP_parameter cons.6" expl="6. postcondition" expanded="true">
+  <metas
+   expanded="true">
+   <ts_pos name="real" arity="0" id="2"
+    ip_theory="BuiltIn">
+    <ip_library name="why3"/>
+    <ip_library name="BuiltIn"/>
+    <ip_qualid name="real"/>
+   </ts_pos>
+   <ts_pos name="bool" arity="0" id="3"
+    ip_theory="Bool">
+    <ip_library name="why3"/>
+    <ip_library name="Bool"/>
+    <ip_qualid name="bool"/>
+   </ts_pos>
+   <ts_pos name="tuple0" arity="0" id="20"
+    ip_theory="Tuple0">
+    <ip_library name="why3"/>
+    <ip_library name="Tuple0"/>
+    <ip_qualid name="tuple0"/>
+   </ts_pos>
+   <ts_pos name="unit" arity="0" id="21"
+    ip_theory="Unit">
+    <ip_library name="why3"/>
+    <ip_library name="Unit"/>
+    <ip_qualid name="unit"/>
+   </ts_pos>
+   <ts_pos name="&apos;mark" arity="0" id="61"
+    ip_theory="Mark">
+    <ip_library name="why3"/>
+    <ip_library name="Mark"/>
+    <ip_qualid name="&apos;mark"/>
+   </ts_pos>
+   <ts_pos name="tuple2" arity="2" id="863"
+    ip_theory="Tuple2">
+    <ip_library name="why3"/>
+    <ip_library name="Tuple2"/>
+    <ip_qualid name="tuple2"/>
+   </ts_pos>
+   <ls_pos name="infix =" id="10"
+    ip_theory="BuiltIn">
+    <ip_library name="why3"/>
+    <ip_library name="BuiltIn"/>
+    <ip_qualid name="infix ="/>
+   </ls_pos>
+   <ls_pos name="zero" id="147"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="zero"/>
+   </ls_pos>
+   <ls_pos name="one" id="148"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="one"/>
+   </ls_pos>
+   <ls_pos name="infix &lt;" id="149"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="infix &lt;"/>
+   </ls_pos>
+   <ls_pos name="infix &gt;" id="152"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="infix &gt;"/>
+   </ls_pos>
+   <ls_pos name="infix +" id="1318"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="infix +"/>
+   </ls_pos>
+   <ls_pos name="prefix -" id="1319"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="prefix -"/>
+   </ls_pos>
+   <ls_pos name="infix *" id="1320"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="infix *"/>
+   </ls_pos>
+   <ls_pos name="infix -" id="1368"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="infix -"/>
+   </ls_pos>
+   <ls_pos name="infix &gt;=" id="1388"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="infix &gt;="/>
+   </ls_pos>
+   <ls_pos name="mem" id="2121"
+    ip_theory="Mem">
+    <ip_library name="list"/>
+    <ip_qualid name="mem"/>
+   </ls_pos>
+   <pr_pos name="Assoc" id="1321"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="CommutativeGroup"/>
+    <ip_qualid name="Assoc"/>
+   </pr_pos>
+   <pr_pos name="Unit_def_l" id="1328"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="CommutativeGroup"/>
+    <ip_qualid name="Unit_def_l"/>
+   </pr_pos>
+   <pr_pos name="Unit_def_r" id="1331"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="CommutativeGroup"/>
+    <ip_qualid name="Unit_def_r"/>
+   </pr_pos>
+   <pr_pos name="Inv_def_l" id="1334"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="CommutativeGroup"/>
+    <ip_qualid name="Inv_def_l"/>
+   </pr_pos>
+   <pr_pos name="Inv_def_r" id="1337"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="CommutativeGroup"/>
+    <ip_qualid name="Inv_def_r"/>
+   </pr_pos>
+   <pr_pos name="Comm" id="1340"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="CommutativeGroup"/>
+    <ip_qualid name="Comm"/>
+    <ip_qualid name="Comm"/>
+   </pr_pos>
+   <pr_pos name="Assoc" id="1345"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="Assoc"/>
+    <ip_qualid name="Assoc"/>
+   </pr_pos>
+   <pr_pos name="Mul_distr_l" id="1352"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="Mul_distr_l"/>
+   </pr_pos>
+   <pr_pos name="Mul_distr_r" id="1359"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="Mul_distr_r"/>
+   </pr_pos>
+   <pr_pos name="Comm" id="1377"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="Comm"/>
+    <ip_qualid name="Comm"/>
+   </pr_pos>
+   <pr_pos name="Unitary" id="1382"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="Unitary"/>
+   </pr_pos>
+   <pr_pos name="NonTrivialRing" id="1385"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="NonTrivialRing"/>
+   </pr_pos>
+   <pr_pos name="Refl" id="1397"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="Refl"/>
+   </pr_pos>
+   <pr_pos name="Trans" id="1400"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="Trans"/>
+   </pr_pos>
+   <pr_pos name="Antisymm" id="1407"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="Antisymm"/>
+   </pr_pos>
+   <pr_pos name="Total" id="1412"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="Total"/>
+   </pr_pos>
+   <pr_pos name="ZeroLessOne" id="1417"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="ZeroLessOne"/>
+   </pr_pos>
+   <pr_pos name="CompatOrderAdd" id="1418"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="CompatOrderAdd"/>
+   </pr_pos>
+   <pr_pos name="CompatOrderMult" id="1425"
+    ip_theory="Int">
+    <ip_library name="int"/>
+    <ip_qualid name="CompatOrderMult"/>
+   </pr_pos>
+   <pr_pos name="Length_nonnegative" id="2114"
+    ip_theory="Length">
+    <ip_library name="list"/>
+    <ip_qualid name="Length_nonnegative"/>
+   </pr_pos>
+   <pr_pos name="Length_nil" id="2117"
+    ip_theory="Length">
+    <ip_library name="list"/>
+    <ip_qualid name="Length_nil"/>
+   </pr_pos>
+   <pr_pos name="Append_l_nil" id="3506"
+    ip_theory="Append">
+    <ip_library name="list"/>
+    <ip_qualid name="Append_l_nil"/>
+   </pr_pos>
+   <pr_pos name="Append_length" id="3509"
+    ip_theory="Append">
+    <ip_library name="list"/>
+    <ip_qualid name="Append_length"/>
+   </pr_pos>
+   <pr_pos name="mem_append" id="3514"
+    ip_theory="Append">
+    <ip_library name="list"/>
+    <ip_qualid name="mem_append"/>
+   </pr_pos>
+   <pr_pos name="mem_decomp" id="3521"
+    ip_theory="Append">
+    <ip_library name="list"/>
+    <ip_qualid name="mem_decomp"/>
+   </pr_pos>
+   <meta name="remove_logic">
+    <meta_arg_ls id="10"/>
+   </meta>
+   <meta name="remove_logic">
+    <meta_arg_ls id="147"/>
+   </meta>
+   <meta name="remove_logic">
+    <meta_arg_ls id="148"/>
+   </meta>
+   <meta name="remove_logic">
+    <meta_arg_ls id="149"/>
+   </meta>
+   <meta name="remove_logic">
+    <meta_arg_ls id="152"/>
+   </meta>
+   <meta name="remove_logic">
+    <meta_arg_ls id="1318"/>
+   </meta>
+   <meta name="remove_logic">
+    <meta_arg_ls id="1319"/>
+   </meta>
+   <meta name="remove_logic">
+    <meta_arg_ls id="1320"/>
+   </meta>
+   <meta name="remove_logic">
+    <meta_arg_ls id="1368"/>
+   </meta>
+   <meta name="remove_logic">
+    <meta_arg_ls id="1388"/>
+   </meta>
+   <meta name="remove_logic">
+    <meta_arg_ls id="2121"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="1321"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="1328"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="1331"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="1334"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="1337"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="1340"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="1345"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="1352"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="1359"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="1377"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="1382"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="1385"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="1397"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="1400"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="1407"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="1412"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="1417"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="1418"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="1425"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="2114"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="2117"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="3506"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="3509"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="3514"/>
+   </meta>
+   <meta name="remove_prop">
+    <meta_arg_pr id="3521"/>
+   </meta>
+   <meta name="remove_type">
+    <meta_arg_ts id="2"/>
+   </meta>
+   <meta name="remove_type">
+    <meta_arg_ts id="3"/>
+   </meta>
+   <meta name="remove_type">
+    <meta_arg_ts id="20"/>
+   </meta>
+   <meta name="remove_type">
+    <meta_arg_ts id="21"/>
+   </meta>
+   <meta name="remove_type">
+    <meta_arg_ts id="61"/>
+   </meta>
+   <meta name="remove_type">
+    <meta_arg_ts id="863"/>
+   </meta>
+   <goal name="WP_parameter cons.6" expl="6. postcondition" expanded="true">
+   <transf name="eliminate_builtin" expanded="true">
+    <goal name="WP_parameter cons.6.1" expl="1. postcondition" expanded="true">
+    <proof prover="0"><result status="valid" time="0.10" steps="271"/></proof>
+    </goal>
+   </transf>
+   </goal>
+  </metas>
+  </goal>
+ </transf>
+ </goal>
+</theory>
+</file>
+</why3session>
--- a/examples/finger_trees/why3shapes.gz
+++ b/examples/finger_trees/why3shapes.gz
--- a/examples/random_access_list.mlw
+++ b/examples/random_access_list.mlw
@@ -38,9 +38,6 @@ module RandomAccessList
    | Nil -> ()
    end

-  (*lemma length_flatten:
-    forall l: list ('a, 'a). length (flatten l) = 2 * length l*)
-
  function elements (l: ral 'a) : list 'a
    = match l with
      | Empty    -> Nil