new example string_search.BadShiftTable

parent ecebeb73
......@@ -87,7 +87,6 @@ module Naive
end
(*
module BadShiftTable
use int.Int
......@@ -106,7 +105,8 @@ module BadShiftTable
-----+-----+---+--------+---+----------------
| ... | C | ..!C.. |
+-----+---+--------+
0 i m
0 m
<----sht c--->
*)
type bad_shift_table = {
pat: string;
......@@ -125,14 +125,45 @@ module BadShiftTable
for i = 0 to m - 1 do
invariant { forall j c. 0 <= j < i -> c = pat[j] -> M.mem c sht }
invariant { forall c. M.mem c sht -> 1 <= sht c <= m + 1 }
invariant { forall c. M.mem c sht -> forall j. 1 <= j < sht c + i - m ->
pat[i - j] <> c }
invariant { forall c. M.mem c sht -> forall j. m - sht c < j < i ->
pat[j] <> c }
M.add pat[i] (m - i) sht;
done;
{ pat = pat; sht = sht }
let lemma shift (bst: bad_shift_table) (text: string) (i: int63)
requires { 0 <= i <= length text - length bst.pat }
requires { M.mem text[i + length bst.pat] bst.sht }
ensures { forall j. i < j < i + M.find text[i + length bst.pat] bst.sht ->
j <= length text - length bst.pat ->
substring text j (length bst.pat) <> bst.pat }
= let m = String.length bst.pat in
let c = Char.get text (to_int i + m) in
let lemma aux (j: int)
requires { i < j < i + M.find c bst.sht }
requires { j <= length text - m }
ensures { substring text j m <> bst.pat }
= assert { (substring text j m)[i + m - j] = c };
assert { bst.pat[m - (j - i)] <> c } in
()
let lemma no_shift (bst: bad_shift_table) (text: string) (i: int63)
requires { 0 <= i < length text - length bst.pat }
requires { not (M.mem text[i + length bst.pat] bst.sht) }
ensures { forall j. i < j <= i + length bst.pat ->
j <= length text - length bst.pat ->
substring text j (length bst.pat) <> bst.pat }
= let m = String.length bst.pat in
let c = Char.get text (to_int i + m) in
assert { forall j. 0 <= j < m -> bst.pat[j] <> c };
let lemma aux (j: int)
requires { i < j <= i + m }
requires { j <= length text - m }
ensures { substring text j m <> bst.pat }
= assert { (substring text j m)[i + m - j] = c } in
()
let search (bst: bad_shift_table) (text: string) : int63
(* requires { length pat < max_int } *)
requires { length bst.pat <= length text }
ensures { -1 <= result <= length text - length bst.pat }
ensures { if result = -1 then
......@@ -145,14 +176,16 @@ module BadShiftTable
let ref i = 0 in
while i <= n - m do
invariant { 0 <= i <= n }
invariant { forall j. 0 <= j < i -> substring text j m <> pat }
invariant { forall j. 0 <= j < i -> j <= n - m ->
substring text j m <> pat }
variant { n - m - i }
if occurs pat text i then return i;
if i = n - m then break;
let c = text[i + m] in
i <- i + if M.mem c bst.sht then M.find c bst.sht else m + 1
i <- i + if M.mem c bst.sht then (shift bst text i; M.find c bst.sht)
else (no_shift bst text i; m + 1)
done;
-1
end
*)
......@@ -3,6 +3,7 @@
"http://why3.lri.fr/why3session.dtd">
<why3session shape_version="6">
<prover id="0" name="Z3" version="4.8.4" timelimit="1" steplimit="0" memlimit="1000"/>
<prover id="1" name="Z3" version="4.8.6" timelimit="1" steplimit="0" memlimit="1000"/>
<prover id="2" name="Alt-Ergo" version="2.3.0" timelimit="1" steplimit="0" memlimit="1000"/>
<prover id="3" name="CVC4" version="1.7" alternative="strings" timelimit="5" steplimit="0" memlimit="1000"/>
<file format="whyml" proved="true">
......@@ -151,5 +152,157 @@
</transf>
</goal>
</theory>
<theory name="BadShiftTable" proved="true">
<goal name="bad_shift_table&#39;vc" expl="VC for bad_shift_table" proved="true">
<proof prover="2"><result status="valid" time="0.03" steps="181"/></proof>
</goal>
<goal name="make_table&#39;vc" expl="VC for make_table" proved="true">
<transf name="split_vc" proved="true" >
<goal name="make_table&#39;vc.0" expl="integer overflow" proved="true">
<proof prover="2"><result status="valid" time="0.15" steps="622"/></proof>
</goal>
<goal name="make_table&#39;vc.1" expl="loop invariant init" proved="true">
<proof prover="2"><result status="valid" time="0.01" steps="20"/></proof>
</goal>
<goal name="make_table&#39;vc.2" expl="loop invariant init" proved="true">
<proof prover="2"><result status="valid" time="0.02" steps="115"/></proof>
</goal>
<goal name="make_table&#39;vc.3" expl="loop invariant init" proved="true">
<proof prover="2"><result status="valid" time="0.02" steps="26"/></proof>
</goal>
<goal name="make_table&#39;vc.4" expl="integer overflow" proved="true">
<proof prover="2"><result status="valid" time="0.02" steps="24"/></proof>
</goal>
<goal name="make_table&#39;vc.5" expl="loop invariant preservation" proved="true">
<proof prover="2"><result status="valid" time="0.08" steps="142"/></proof>
</goal>
<goal name="make_table&#39;vc.6" expl="loop invariant preservation" proved="true">
<proof prover="2"><result status="valid" time="0.06" steps="375"/></proof>
</goal>
<goal name="make_table&#39;vc.7" expl="loop invariant preservation" proved="true">
<proof prover="2"><result status="valid" time="0.02" steps="321"/></proof>
</goal>
<goal name="make_table&#39;vc.8" expl="precondition" proved="true">
<proof prover="2"><result status="valid" time="0.01" steps="26"/></proof>
</goal>
<goal name="make_table&#39;vc.9" expl="precondition" proved="true">
<proof prover="2"><result status="valid" time="0.02" steps="48"/></proof>
</goal>
<goal name="make_table&#39;vc.10" expl="precondition" proved="true">
<proof prover="2"><result status="valid" time="0.03" steps="82"/></proof>
</goal>
<goal name="make_table&#39;vc.11" expl="out of loop bounds" proved="true">
<proof prover="2"><result status="valid" time="0.03" steps="232"/></proof>
</goal>
</transf>
</goal>
<goal name="shift&#39;vc" expl="VC for shift" proved="true">
<transf name="split_vc" proved="true" >
<goal name="shift&#39;vc.0" expl="assertion" proved="true">
<proof prover="2"><result status="valid" time="0.04" steps="91"/></proof>
</goal>
<goal name="shift&#39;vc.1" expl="assertion" proved="true">
<proof prover="2"><result status="valid" time="0.07" steps="205"/></proof>
</goal>
<goal name="shift&#39;vc.2" expl="postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.01" steps="30"/></proof>
</goal>
<goal name="shift&#39;vc.3" expl="postcondition" proved="true">
<transf name="split_vc" proved="true" >
<goal name="shift&#39;vc.3.0" expl="postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.01" steps="24"/></proof>
</goal>
</transf>
</goal>
</transf>
</goal>
<goal name="no_shift&#39;vc" expl="VC for no_shift" proved="true">
<proof prover="2"><result status="valid" time="0.40" steps="1056"/></proof>
</goal>
<goal name="search&#39;vc" expl="VC for search" proved="true">
<transf name="split_vc" proved="true" >
<goal name="search&#39;vc.0" expl="loop invariant init" proved="true">
<proof prover="2"><result status="valid" time="0.65" steps="1219"/></proof>
</goal>
<goal name="search&#39;vc.1" expl="loop invariant init" proved="true">
<proof prover="1"><result status="valid" time="0.03" steps="5812"/></proof>
</goal>
<goal name="search&#39;vc.2" expl="integer overflow" proved="true">
<proof prover="1"><result status="valid" time="0.03" steps="89426"/></proof>
</goal>
<goal name="search&#39;vc.3" expl="precondition" proved="true">
<proof prover="1"><result status="valid" time="0.04" steps="82920"/></proof>
</goal>
<goal name="search&#39;vc.4" expl="postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.02" steps="30"/></proof>
</goal>
<goal name="search&#39;vc.5" expl="postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.01" steps="32"/></proof>
</goal>
<goal name="search&#39;vc.6" expl="integer overflow" proved="true">
<proof prover="1"><result status="valid" time="0.04" steps="95592"/></proof>
</goal>
<goal name="search&#39;vc.7" expl="postcondition" proved="true">
<proof prover="2" timelimit="5"><result status="valid" time="0.01" steps="34"/></proof>
</goal>
<goal name="search&#39;vc.8" expl="postcondition" proved="true">
<transf name="split_vc" proved="true" >
<goal name="search&#39;vc.8.0" expl="postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.01" steps="133"/></proof>
</goal>
<goal name="search&#39;vc.8.1" expl="postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.01" steps="32"/></proof>
</goal>
</transf>
</goal>
<goal name="search&#39;vc.9" expl="integer overflow" proved="true">
<proof prover="1"><result status="valid" time="0.04" steps="104517"/></proof>
</goal>
<goal name="search&#39;vc.10" expl="precondition" proved="true">
<proof prover="1"><result status="valid" time="0.06" steps="89612"/></proof>
</goal>
<goal name="search&#39;vc.11" expl="precondition" proved="true">
<proof prover="2"><result status="valid" time="0.02" steps="41"/></proof>
</goal>
<goal name="search&#39;vc.12" expl="precondition" proved="true">
<proof prover="1"><result status="valid" time="0.03" steps="6355"/></proof>
</goal>
<goal name="search&#39;vc.13" expl="precondition" proved="true">
<proof prover="1"><result status="valid" time="0.03" steps="137284"/></proof>
</goal>
<goal name="search&#39;vc.14" expl="precondition" proved="true">
<proof prover="1"><result status="valid" time="0.03" steps="167091"/></proof>
</goal>
<goal name="search&#39;vc.15" expl="integer overflow" proved="true">
<proof prover="2"><result status="valid" time="0.01" steps="180"/></proof>
</goal>
<goal name="search&#39;vc.16" expl="integer overflow" proved="true">
<transf name="split_vc" proved="true" >
<goal name="search&#39;vc.16.0" expl="integer overflow" proved="true">
<proof prover="1"><result status="valid" time="0.03" steps="135241"/></proof>
</goal>
<goal name="search&#39;vc.16.1" expl="integer overflow" proved="true">
<proof prover="2"><result status="valid" time="0.01" steps="165"/></proof>
</goal>
</transf>
</goal>
<goal name="search&#39;vc.17" expl="loop variant decrease" proved="true">
<proof prover="1"><result status="valid" time="0.03" steps="128142"/></proof>
</goal>
<goal name="search&#39;vc.18" expl="loop invariant preservation" proved="true">
<proof prover="1"><result status="valid" time="0.09" steps="308288"/></proof>
</goal>
<goal name="search&#39;vc.19" expl="loop invariant preservation" proved="true">
<proof prover="2"><result status="valid" time="0.31" steps="861"/></proof>
</goal>
<goal name="search&#39;vc.20" expl="postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.02" steps="28"/></proof>
</goal>
<goal name="search&#39;vc.21" expl="postcondition" proved="true">
<proof prover="2"><result status="valid" time="0.02" steps="106"/></proof>
</goal>
</transf>
</goal>
</theory>
</file>
</why3session>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment