updated proof sessions

parent 5307d60a
......@@ -5,7 +5,7 @@
<theory name="Fact" verified="true" expanded="true">
</theory>
<theory name="WP FactRecursive" verified="true" expanded="true">
<goal name="WP_parameter fact_rec" expl="correctness of parameter fact_rec" sum="1117c3559da060f6ec9ac783d99c0d1b" proved="true" expanded="true">
<goal name="WP_parameter fact_rec" expl="correctness of parameter fact_rec" sum="1bff2d72d2a37c866be6a82c2fda007e" proved="true" expanded="true">
<proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
<result status="valid" time="0.02"/>
</proof>
......@@ -19,39 +19,39 @@
</goal>
</theory>
<theory name="WP CheckingALargeRoutine" verified="true" expanded="true">
<goal name="WP_parameter routine" expl="correctness of parameter routine" sum="8ff7c5f56f6c843793a6ab7586cce14c" proved="true" expanded="true">
<goal name="WP_parameter routine" expl="correctness of parameter routine" sum="037dcf30692294fab4727f024ea94e46" proved="true" expanded="true">
<transf name="split_goal" proved="true" expanded="true">
<goal name="WP_parameter routine.1" expl="loop invariant init" sum="9a5b92f18bf024980c5dd8bdcfdfba50" proved="true" expanded="true">
<proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
<result status="valid" time="0.02"/>
</proof>
</goal>
<goal name="WP_parameter routine.2" expl="loop invariant init" sum="bfd2f3a1175c534766c7ba4c01aa2919" proved="true" expanded="true">
<goal name="WP_parameter routine.2" expl="loop invariant init" sum="1a76deb02167a0eebac08097f4ce6236" proved="true" expanded="true">
<proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
<result status="valid" time="0.02"/>
<result status="valid" time="0.01"/>
</proof>
</goal>
<goal name="WP_parameter routine.3" expl="loop invariant preservation" sum="3bf213f943a40012815223222d443f8f" proved="true" expanded="true">
<goal name="WP_parameter routine.3" expl="loop invariant preservation" sum="28796e0502fc673a5466eb318ef0d40a" proved="true" expanded="true">
<proof prover="cvc3" timelimit="10" edited="" obsolete="false">
<result status="valid" time="0.02"/>
<result status="valid" time="0.00"/>
</proof>
</goal>
<goal name="WP_parameter routine.4" expl="loop variant decreases" sum="21d06667ca405a1992ceaf9811355605" proved="true" expanded="true">
<goal name="WP_parameter routine.4" expl="loop variant decreases" sum="97cfc3343b8c5a9b18f67172c73d9498" proved="true" expanded="true">
<proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
<result status="valid" time="0.03"/>
<result status="valid" time="0.01"/>
</proof>
</goal>
<goal name="WP_parameter routine.5" expl="loop invariant preservation" sum="f4a1cca6ef604333a9bfcf1ba0302fce" proved="true" expanded="true">
<goal name="WP_parameter routine.5" expl="loop invariant preservation" sum="11e0ddb1cbd4de5dc5ebf78b1a6b9f17" proved="true" expanded="true">
<proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
<result status="valid" time="0.02"/>
</proof>
</goal>
<goal name="WP_parameter routine.6" expl="loop variant decreases" sum="ea43f13390128bda3ea16a832c1fd6f4" proved="true" expanded="true">
<goal name="WP_parameter routine.6" expl="loop variant decreases" sum="cbef992a4fc1e57d0560fddcf4f18ed2" proved="true" expanded="true">
<proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
<result status="valid" time="0.02"/>
<result status="valid" time="0.01"/>
</proof>
</goal>
<goal name="WP_parameter routine.7" expl="normal postcondition" sum="6625bdd4dd9086efed66e19ea54c2b59" proved="true" expanded="true">
<goal name="WP_parameter routine.7" expl="normal postcondition" sum="f4ab075ae1ee0bb8205be10749ecdc78" proved="true" expanded="true">
<proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
<result status="valid" time="0.01"/>
</proof>
......
(* This file is generated by Why3's Coq driver *)
(* Beware! Only edit allowed sections below *)
Require Import ZArith.
Require Import Rbase.
Require Import ZOdiv.
Require Import Zdiv.
Definition unit := unit.
Parameter mark : Type.
Parameter at1: forall (a:Type), a -> mark -> a.
Implicit Arguments at1.
Parameter old: forall (a:Type), a -> a.
Implicit Arguments old.
Axiom Abs_pos : forall (x:Z), (0%Z <= (Zabs x))%Z.
Axiom Div_mod : forall (x:Z) (y:Z), (~ (y = 0%Z)) ->
(x = ((y * (ZOdiv x y))%Z + (ZOmod x y))%Z).
Axiom Div_bound : forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (0%Z < y)%Z) ->
((0%Z <= (ZOdiv x y))%Z /\ ((ZOdiv x y) <= x)%Z).
Axiom Mod_bound : forall (x:Z) (y:Z), (~ (y = 0%Z)) ->
(((-(Zabs y))%Z < (ZOmod x y))%Z /\ ((ZOmod x y) < (Zabs y))%Z).
Axiom Div_sign_pos : forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (0%Z < y)%Z) ->
(0%Z <= (ZOdiv x y))%Z.
Axiom Div_sign_neg : forall (x:Z) (y:Z), ((x <= 0%Z)%Z /\ (0%Z < y)%Z) ->
((ZOdiv x y) <= 0%Z)%Z.
Axiom Mod_sign_pos : forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ ~ (y = 0%Z)) ->
(0%Z <= (ZOmod x y))%Z.
Axiom Mod_sign_neg : forall (x:Z) (y:Z), ((x <= 0%Z)%Z /\ ~ (y = 0%Z)) ->
((ZOmod x y) <= 0%Z)%Z.
Axiom Rounds_toward_zero : forall (x:Z) (y:Z), (~ (y = 0%Z)) ->
((Zabs ((ZOdiv x y) * y)%Z) <= (Zabs x))%Z.
Axiom Div_1 : forall (x:Z), ((ZOdiv x 1%Z) = x).
Axiom Mod_1 : forall (x:Z), ((ZOmod x 1%Z) = 0%Z).
Axiom Div_inf : forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (x < y)%Z) ->
((ZOdiv x y) = 0%Z).
Axiom Mod_inf : forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (x < y)%Z) ->
((ZOmod x y) = x).
Axiom Div_mult : forall (x:Z) (y:Z) (z:Z), ((0%Z < x)%Z /\ ((0%Z <= y)%Z /\
(0%Z <= z)%Z)) -> ((ZOdiv ((x * y)%Z + z)%Z x) = (y + (ZOdiv z x))%Z).
Axiom Mod_mult : forall (x:Z) (y:Z) (z:Z), ((0%Z < x)%Z /\ ((0%Z <= y)%Z /\
(0%Z <= z)%Z)) -> ((ZOmod ((x * y)%Z + z)%Z x) = (ZOmod z x)).
Definition divides(a:Z) (b:Z): Prop := exists q:Z, (b = (q * a)%Z).
Axiom Divides_x_zero : forall (x:Z), (divides x 0%Z).
Axiom Divides_one_x : forall (x:Z), (divides 1%Z x).
Definition gcd(a:Z) (b:Z) (g:Z): Prop := (divides g a) /\ ((divides g b) /\
forall (x:Z), (divides x a) -> ((divides x b) -> (divides x g))).
Axiom Gcd_sym : forall (a:Z) (b:Z) (g:Z), (gcd a b g) -> (gcd b a g).
Axiom Gcd_0 : forall (a:Z), (gcd a 0%Z a).
Axiom Gcd_euclid : forall (a:Z) (b:Z) (q:Z) (g:Z), (gcd a (b - (q * a)%Z)%Z
g) -> (gcd a b g).
Axiom Gcd_computer_mod : forall (a:Z) (b:Z) (g:Z), (~ (b = 0%Z)) -> ((gcd a
(ZOmod a b) g) -> (gcd a b g)).
Axiom Div_mod1 : forall (x:Z) (y:Z), (~ (y = 0%Z)) ->
(x = ((y * (Zdiv x y))%Z + (Zmod x y))%Z).
Axiom Div_bound1 : forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (0%Z < y)%Z) ->
((0%Z <= (Zdiv x y))%Z /\ ((Zdiv x y) <= x)%Z).
Axiom Mod_bound1 : forall (x:Z) (y:Z), (~ (y = 0%Z)) ->
((0%Z <= (Zmod x y))%Z /\ ((Zmod x y) < (Zabs y))%Z).
Axiom Mod_11 : forall (x:Z), ((Zmod x 1%Z) = 0%Z).
Axiom Div_11 : forall (x:Z), ((Zdiv x 1%Z) = x).
Axiom Gcd_euclidean_mod : forall (a:Z) (b:Z) (g:Z), (~ (b = 0%Z)) -> ((gcd a
(Zmod a b) g) -> (gcd a b g)).
Inductive ref (a:Type) :=
| mk_ref : a -> ref a.
Implicit Arguments mk_ref.
Definition contents (a:Type)(u:(ref a)): a :=
match u with
| mk_ref contents1 => contents1
end.
Implicit Arguments contents.
Theorem WP_parameter_gcd : forall (x:Z), forall (y:Z), ((0%Z <= x)%Z /\
(0%Z <= y)%Z) -> forall (d:Z), forall (c:Z), forall (b:Z), forall (a:Z),
forall (y1:Z), forall (x1:Z), ((0%Z <= x1)%Z /\ ((0%Z <= y1)%Z /\
((forall (d1:Z), (gcd x1 y1 d1) -> (gcd x y d1)) /\
((((a * x)%Z + (b * y)%Z)%Z = x1) /\
(((c * x)%Z + (d * y)%Z)%Z = y1))))) -> ((0%Z < y1)%Z -> forall (x2:Z),
(x2 = y1) -> forall (y2:Z), (y2 = (ZOmod x1 y1)) -> forall (a1:Z),
(a1 = c) -> forall (b1:Z), (b1 = d) -> forall (c1:Z),
(c1 = (a - (c * (ZOdiv x1 y1))%Z)%Z) -> forall (d1:Z),
(d1 = (b - (d * (ZOdiv x1 y1))%Z)%Z) -> forall (d2:Z), (gcd x2 y2 d2) ->
(gcd x y d2)).
(* YOU MAY EDIT THE PROOF BELOW *)
intuition.
apply H4.
subst x2 y2.
apply Gcd_sym.
apply Gcd_euclid with (q:=(ZOdiv x1 y1)).
assert (x1 - (ZOdiv x1 y1) * y1 = ZOmod x1 y1)%Z.
generalize (Div_mod x1 y1); intuition.
replace ((ZOdiv x1 y1) * y1) with (y1 * (ZOdiv x1 y1)) by ring.
omega.
rewrite H6; assumption.
Qed.
(* DO NOT EDIT BELOW *)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE why3session SYSTEM "why3session.dtd">
<why3session name="examples/programs/gcd_bezout/why3session.xml">
<file name="../gcd_bezout.mlw" verified="false" expanded="true">
<theory name="WP M" verified="false" expanded="true">
<goal name="WP_parameter gcd" expl="correctness of parameter gcd" sum="66a8795f899d84ac0583a005fe89ce0a" proved="false" expanded="true">
<transf name="split_goal" proved="false" expanded="true">
<goal name="WP_parameter gcd.1" expl="loop invariant init" sum="131bc5920f4ba44c45ffaa828fa737f7" proved="true" expanded="true">
<file name="../gcd_bezout.mlw" verified="true" expanded="true">
<theory name="WP M" verified="true" expanded="true">
<goal name="WP_parameter gcd" expl="correctness of parameter gcd" sum="24b81661726d80251f271d9638c0fba4" proved="true" expanded="true">
<transf name="split_goal" proved="true" expanded="true">
<goal name="WP_parameter gcd.1" expl="loop invariant init" sum="f091ff5ed7f20de51efc707bf3edb472" proved="true" expanded="false">
<proof prover="cvc3" timelimit="2" edited="" obsolete="false">
<result status="valid" time="0.00"/>
</proof>
<proof prover="alt-ergo" timelimit="2" edited="" obsolete="false">
<result status="valid" time="0.02"/>
<result status="valid" time="0.00"/>
</proof>
<proof prover="z3" timelimit="2" edited="" obsolete="false">
<result status="valid" time="0.00"/>
</proof>
</goal>
<goal name="WP_parameter gcd.2" expl="loop invariant preservation" sum="40aa1567edcd01c99aa5393619f44a10" proved="false" expanded="true">
<transf name="split_goal" proved="false" expanded="true">
<goal name="WP_parameter gcd.2.1" expl="correctness of parameter gcd" sum="387342c4c6c376ec84db024d590eb931" proved="true" expanded="true">
<goal name="WP_parameter gcd.2" expl="loop invariant preservation" sum="194d6679b8d1936227e26e71d84cc1eb" proved="true" expanded="true">
<transf name="split_goal" proved="true" expanded="true">
<goal name="WP_parameter gcd.2.1" expl="correctness of parameter gcd" sum="7b31292c9cd3255805cf747c01cb6160" proved="true" expanded="false">
<proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
<result status="valid" time="0.02"/>
</proof>
</goal>
<goal name="WP_parameter gcd.2.2" expl="correctness of parameter gcd" sum="e481d13a9bd5964ad8928b356e7918b2" proved="true" expanded="true">
<goal name="WP_parameter gcd.2.2" expl="correctness of parameter gcd" sum="6942a8f0fce1d6ee7a462c74d6b6df76" proved="true" expanded="false">
<proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
<result status="valid" time="0.02"/>
<result status="valid" time="0.04"/>
</proof>
</goal>
<goal name="WP_parameter gcd.2.3" expl="correctness of parameter gcd" sum="6e74075706d766eaefd70566ef1c7992" proved="false" expanded="true">
<proof prover="simplify" timelimit="3" edited="" obsolete="false">
<result status="timeout" time="3.08"/>
</proof>
<proof prover="cvc3" timelimit="3" edited="" obsolete="false">
<result status="unknown" time="0.11"/>
</proof>
<proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
<result status="timeout" time="10.03"/>
</proof>
<proof prover="z3" timelimit="3" edited="" obsolete="false">
<result status="timeout" time="3.08"/>
<goal name="WP_parameter gcd.2.3" expl="correctness of parameter gcd" sum="2f1a146ca229cb1bf05611a79b59797a" proved="true" expanded="true">
<proof prover="coq" timelimit="10" edited="gcd_bezout_WP_M_WP_parameter_gcd_1.v" obsolete="false">
<result status="valid" time="0.62"/>
</proof>
</goal>
<goal name="WP_parameter gcd.2.4" expl="correctness of parameter gcd" sum="dd3ce062113c8bf7e99d5842826cbef3" proved="true" expanded="true">
<goal name="WP_parameter gcd.2.4" expl="correctness of parameter gcd" sum="90165147f8d016875a7c618a23eac063" proved="true" expanded="false">
<proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
<result status="valid" time="0.03"/>
<result status="valid" time="0.02"/>
</proof>
</goal>
<goal name="WP_parameter gcd.2.5" expl="correctness of parameter gcd" sum="393a23c2dbe93d5227c05add6207598a" proved="true" expanded="true">
<goal name="WP_parameter gcd.2.5" expl="correctness of parameter gcd" sum="afa8d8802b85f4e6c8fc652fbeb1890c" proved="true" expanded="false">
<proof prover="cvc3" timelimit="3" edited="" obsolete="false">
<result status="valid" time="0.02"/>
</proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter gcd.3" expl="loop variant decreases" sum="365b0eb4709478b597d2122a5c3c67c1" proved="true" expanded="true">
<goal name="WP_parameter gcd.3" expl="loop variant decreases" sum="753ad46886883bd93e9cdf0278094b34" proved="true" expanded="false">
<proof prover="cvc3" timelimit="2" edited="" obsolete="false">
<result status="valid" time="0.06"/>
</proof>
......@@ -62,9 +53,9 @@
<result status="valid" time="0.02"/>
</proof>
</goal>
<goal name="WP_parameter gcd.4" expl="normal postcondition" sum="b99571221c54c860bd5407d585fc8cdd" proved="true" expanded="true">
<goal name="WP_parameter gcd.4" expl="normal postcondition" sum="4d87a14f4a17e9cbd282f6b5c5dc83c0" proved="true" expanded="false">
<proof prover="alt-ergo" timelimit="2" edited="" obsolete="false">
<result status="valid" time="0.49"/>
<result status="valid" time="0.07"/>
</proof>
</goal>
</transf>
......
......@@ -3,19 +3,19 @@
<why3session name="examples/programs/sf/why3session.xml">
<file name="../sf.mlw" verified="true" expanded="true">
<theory name="WP HoareLogic" verified="true" expanded="true">
<goal name="WP_parameter slow_subtraction" expl="correctness of parameter slow_subtraction" sum="458f2e6c9d1bbc6a9d6cdddba40fd1d5" proved="true" expanded="true">
<goal name="WP_parameter slow_subtraction" expl="correctness of parameter slow_subtraction" sum="288ad662c765e2d3c56a99fa4d87f871" proved="true" expanded="true">
<proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
<result status="valid" time="0.02"/>
<result status="valid" time="0.01"/>
</proof>
</goal>
<goal name="WP_parameter reduce_to_zero" expl="correctness of parameter reduce_to_zero" sum="45e7a1303fcca8e459e15eca9d92bccd" proved="true" expanded="true">
<goal name="WP_parameter reduce_to_zero" expl="correctness of parameter reduce_to_zero" sum="5ca87e0d1fdb822085f8a0210833be1a" proved="true" expanded="true">
<proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
<result status="valid" time="0.02"/>
<result status="valid" time="0.01"/>
</proof>
</goal>
<goal name="WP_parameter slow_addition" expl="correctness of parameter slow_addition" sum="f19498eb4d9626d1453e5ecf3f3f0abc" proved="true" expanded="true">
<goal name="WP_parameter slow_addition" expl="correctness of parameter slow_addition" sum="7f602af25e96c67d6b15347d4355664e" proved="true" expanded="true">
<proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
<result status="valid" time="0.02"/>
<result status="valid" time="0.01"/>
</proof>
</goal>
<goal name="even_not_odd" sum="53e6bf87df0a78f77396dc37febf9ad4" proved="true" expanded="true">
......@@ -23,31 +23,31 @@
<result status="valid" time="0.65"/>
</proof>
</goal>
<goal name="WP_parameter parity" expl="correctness of parameter parity" sum="f6d9f277eb9aef02765d7c85c0442161" proved="true" expanded="true">
<goal name="WP_parameter parity" expl="correctness of parameter parity" sum="f0ebcfc44576c91bca3ab0d6fc1ea8de" proved="true" expanded="true">
<proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
<result status="valid" time="0.13"/>
<result status="valid" time="0.08"/>
</proof>
</goal>
<goal name="WP_parameter sqrt" expl="correctness of parameter sqrt" sum="cf2cff74151b7962afd722bedeef6915" proved="true" expanded="true">
<goal name="WP_parameter sqrt" expl="correctness of parameter sqrt" sum="eb4b310f0397ccae6a160b54653eaf2f" proved="true" expanded="true">
<proof prover="z3" timelimit="10" edited="" obsolete="false">
<result status="valid" time="0.03"/>
<result status="valid" time="0.01"/>
</proof>
</goal>
<goal name="WP_parameter factorial" expl="correctness of parameter factorial" sum="9ea847303a87e605060c175e0d0e09e4" proved="true" expanded="true">
<goal name="WP_parameter factorial" expl="correctness of parameter factorial" sum="7ebb1ed9137fae7295d1caafbeb5b94b" proved="true" expanded="true">
<proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
<result status="valid" time="0.04"/>
<result status="valid" time="0.02"/>
</proof>
</goal>
</theory>
<theory name="WP MoreHoareLogic" verified="true" expanded="true">
<goal name="WP_parameter list_sum" expl="correctness of parameter list_sum" sum="3e6044f1b8cf49c626655c2cd6cc12a0" proved="true" expanded="true">
<goal name="WP_parameter list_sum" expl="correctness of parameter list_sum" sum="d65a1e27a7b93a05a70d2a613eeba2be" proved="true" expanded="true">
<proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
<result status="valid" time="0.08"/>
<result status="valid" time="0.05"/>
</proof>
</goal>
<goal name="WP_parameter list_member" expl="correctness of parameter list_member" sum="5f5617227f186b821f84ef28ca6c0dbd" proved="true" expanded="true">
<goal name="WP_parameter list_member" expl="correctness of parameter list_member" sum="b4187b983e65459b73a851378ae0705f" proved="true" expanded="true">
<proof prover="yices" timelimit="10" edited="" obsolete="false">
<result status="valid" time="0.09"/>
<result status="valid" time="0.04"/>
</proof>
</goal>
</theory>
......
......@@ -3,43 +3,43 @@
<why3session name="examples/programs/vstte10_aqueue/why3session.xml">
<file name="../vstte10_aqueue.mlw" verified="true" expanded="true">
<theory name="WP AmortizedQueue" verified="true" expanded="true">
<goal name="WP_parameter create" expl="correctness of parameter create" sum="94603ee07e585f398458946ecc7a0f0b" proved="true" expanded="true">
<goal name="WP_parameter empty" expl="normal postcondition" sum="909ab0d6f233b4d2efe8d20c0f817588" proved="true" expanded="true">
<proof prover="alt-ergo" timelimit="20" edited="" obsolete="false">
<result status="valid" time="0.50"/>
<result status="valid" time="0.03"/>
</proof>
</goal>
<goal name="WP_parameter empty" expl="normal postcondition" sum="3612f3c6fbb172a8f7bb557de13fd5b0" proved="true" expanded="true">
<goal name="WP_parameter head" expl="correctness of parameter head" sum="df279e0806f4697dfb52c16a7712fd6c" proved="true" expanded="true">
<proof prover="alt-ergo" timelimit="20" edited="" obsolete="false">
<result status="valid" time="0.06"/>
<result status="valid" time="0.04"/>
</proof>
</goal>
<goal name="WP_parameter head" expl="correctness of parameter head" sum="9cf1d7ca07c9a4889ad2822b0d4f8851" proved="true" expanded="true">
<goal name="WP_parameter create" expl="correctness of parameter create" sum="5c6dc68135163c32716581f63366d671" proved="true" expanded="true">
<proof prover="alt-ergo" timelimit="20" edited="" obsolete="false">
<result status="valid" time="0.07"/>
<result status="valid" time="0.36"/>
</proof>
</goal>
<goal name="WP_parameter tail" expl="correctness of parameter tail" sum="7b2a5c6b28da9c887812b2ba52dd88bc" proved="true" expanded="true">
<goal name="WP_parameter tail" expl="correctness of parameter tail" sum="e064c80f5f1ee95e0e494e4c080b5029" proved="true" expanded="true">
<transf name="split_goal" proved="true" expanded="true">
<goal name="WP_parameter tail.1" expl="correctness of parameter tail" sum="cb15b2861f2bd1dc0448b73df780ef7d" proved="true" expanded="true">
<goal name="WP_parameter tail.1" expl="correctness of parameter tail" sum="8b9ca2a529eaada80a407300a55e20d0" proved="true" expanded="true">
<proof prover="alt-ergo" timelimit="20" edited="" obsolete="false">
<result status="valid" time="0.04"/>
<result status="valid" time="0.02"/>
</proof>
</goal>
<goal name="WP_parameter tail.2" expl="correctness of parameter tail" sum="bc0304b50128f3903bde1f29727f0e10" proved="true" expanded="true">
<goal name="WP_parameter tail.2" expl="correctness of parameter tail" sum="a83fd8e5c78ad764dc9652839a39c57b" proved="true" expanded="true">
<proof prover="alt-ergo" timelimit="20" edited="" obsolete="false">
<result status="valid" time="0.06"/>
<result status="valid" time="0.02"/>
</proof>
</goal>
<goal name="WP_parameter tail.3" expl="correctness of parameter tail" sum="5fa5c35fd62cc45245331750d880c0c9" proved="true" expanded="true">
<goal name="WP_parameter tail.3" expl="correctness of parameter tail" sum="f7542b33f71df9da29bb7e21b8e1311d" proved="true" expanded="true">
<proof prover="alt-ergo" timelimit="20" edited="" obsolete="false">
<result status="valid" time="0.17"/>
<result status="valid" time="0.12"/>
</proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter enqueue" expl="correctness of parameter enqueue" sum="942866fdebad37c06e3ffcf86fc15a92" proved="true" expanded="true">
<goal name="WP_parameter enqueue" expl="correctness of parameter enqueue" sum="940fa98f53cd4fbeb614fd48b2922378" proved="true" expanded="true">
<proof prover="alt-ergo" timelimit="20" edited="" obsolete="false">
<result status="valid" time="0.14"/>
<result status="valid" time="0.09"/>
</proof>
</goal>
</theory>
......
(* This file is generated by Why3's Coq driver *)
(* Beware! Only edit allowed sections below *)
Require Import ZArith.
Require Import Rbase.
Definition unit := unit.
Parameter mark : Type.
Parameter at1: forall (a:Type), a -> mark -> a.
Implicit Arguments at1.
Parameter old: forall (a:Type), a -> a.
Implicit Arguments old.
Inductive list (a:Type) :=
| Nil : list a
| Cons : a -> (list a) -> list a.
Set Contextual Implicit.
Implicit Arguments Nil.
Unset Contextual Implicit.
Implicit Arguments Cons.
Parameter length: forall (a:Type), (list a) -> Z.
Implicit Arguments length.
Axiom length_def : forall (a:Type), forall (l:(list a)),
match l with
| Nil => ((length l) = 0%Z)
| Cons _ r => ((length l) = (1%Z + (length r))%Z)
end.
Axiom Length_nonnegative : forall (a:Type), forall (l:(list a)),
(0%Z <= (length l))%Z.
Axiom Length_nil : forall (a:Type), forall (l:(list a)),
((length l) = 0%Z) <-> (l = (Nil:(list a))).
Inductive option (a:Type) :=
| None : option a
| Some : a -> option a.
Set Contextual Implicit.
Implicit Arguments None.
Unset Contextual Implicit.
Implicit Arguments Some.
Parameter nth: forall (a:Type), Z -> (list a) -> (option a).
Implicit Arguments nth.
Axiom nth_def : forall (a:Type), forall (n:Z) (l:(list a)),
match l with
| Nil => ((nth n l) = (None:(option a)))
| Cons x r => ((n = 0%Z) -> ((nth n l) = (Some x))) /\ ((~ (n = 0%Z)) ->
((nth n l) = (nth (n - 1%Z)%Z r)))
end.
Definition zero_at(l:(list Z)) (i:Z): Prop := ((nth i l) = (Some 0%Z)) /\
forall (j:Z), ((0%Z <= j)%Z /\ (j < i)%Z) -> ~ ((nth j l) = (Some 0%Z)).
Definition no_zero(l:(list Z)): Prop := forall (j:Z), ((0%Z <= j)%Z /\
(j < (length l))%Z) -> ~ ((nth j l) = (Some 0%Z)).
Inductive ref (a:Type) :=
| mk_ref : a -> ref a.
Implicit Arguments mk_ref.
Definition contents (a:Type)(u:(ref a)): a :=
match u with
| mk_ref contents1 => contents1
end.
Implicit Arguments contents.
Definition hd (a:Type)(l:(list a)): (option a) :=
match l with
| Nil => (None:(option a))
| Cons h _ => (Some h)
end.
Implicit Arguments hd.
Definition tl (a:Type)(l:(list a)): (option (list a)) :=
match l with
| Nil => (None:(option (list a)))
| Cons _ t => (Some t)
end.
Implicit Arguments tl.
Theorem WP_parameter_search_loop : forall (l:(list Z)), forall (s:(list Z)),
forall (i:Z), ((0%Z <= i)%Z /\ (((i + (length s))%Z = (length l)) /\
((forall (j:Z), (0%Z <= j)%Z -> ((nth j s) = (nth (i + j)%Z l))) /\
forall (j:Z), ((0%Z <= j)%Z /\ (j < i)%Z) -> ~ ((nth j
l) = (Some 0%Z))))) -> ((~ (s = (Nil:(list Z)))) -> ((~ (s = (Nil:(list
Z)))) -> forall (result:Z),
(match s with
| Nil => (None:(option Z))
| Cons h _ => (Some h)
end = (Some result)) -> ((result = 0%Z) -> ((((0%Z <= i)%Z /\
(i < (length l))%Z) /\ (zero_at l i)) \/ ((i = (length l)) /\
(no_zero l)))))).
(* YOU MAY EDIT THE PROOF BELOW *)
intuition.
destruct s.
discriminate H4.
injection H4; intros; subst; clear H4.
clear H0 H1.
left.
split.
rewrite (length_def _ (Cons 0%Z s)) in H.
generalize (Length_nonnegative _ s).
omega.
red; intuition.
assert (H0: (0 <= 0)%Z) by omega.
generalize (H3 0%Z H0).
generalize (nth_def _ 0%Z (Cons 0%Z s)).
ring_simplify (i+0)%Z.
intuition.
rewrite H4 in H1.
auto.
Qed.
(* DO NOT EDIT BELOW *)
(* This file is generated by Why3's Coq driver *)
(* Beware! Only edit allowed sections below *)
Require Import ZArith.
Require Import Rbase.
Definition unit := unit.
Parameter mark : Type.
Parameter at1: forall (a:Type), a -> mark -> a.
Implicit Arguments at1.
Parameter old: forall (a:Type), a -> a.
Implicit Arguments old.
Inductive list (a:Type) :=
| Nil : list a
| Cons : a -> (list a) -> list a.
Set Contextual Implicit.
Implicit Arguments Nil.
Unset Contextual Implicit.
Implicit Arguments Cons.
Parameter length: forall (a:Type), (list a) -> Z.
Implicit Arguments length.
Axiom length_def : forall (a:Type), forall (l:(list a)),
match l with
| Nil => ((length l) = 0%Z)
| Cons _ r => ((length l) = (1%Z + (length r))%Z)
end.
Axiom Length_nonnegative : forall (a:Type), forall (l:(list a)),
(0%Z <= (length l))%Z.
Axiom Length_nil : forall (a:Type), forall (l:(list a)),
((length l) = 0%Z) <-> (l = (Nil:(list a))).
Inductive option (a:Type) :=
| None : option a
| Some : a -> option a.
Set Contextual Implicit.
Implicit Arguments None.
Unset Contextual Implicit.
Implicit Arguments Some.
Parameter nth: forall (a:Type), Z -> (list a) -> (option a).
Implicit Arguments nth.
Axiom nth_def : forall (a:Type), forall (n:Z) (l:(list a)),
match l with
| Nil => ((nth n l) = (None:(option a)))
| Cons x r => ((n = 0%Z) -> ((nth n l) = (Some x))) /\ ((~ (n = 0%Z)) ->
((nth n l) = (nth (n - 1%Z)%Z r)))
end.
Definition zero_at(l:(list Z)) (i:Z): Prop := ((nth i l) = (Some 0%Z)) /\