proof of algo64

.gitignore

@@ -177,7 +177,6 @@ pvsbin/
 /examples/programs/vacid_0_red_black_trees_harness/
 /examples/programs/next_digit_sum/
 /examples/programs/algo63/
-/examples/programs/algo64/
 /examples/programs/algo65/
 /examples/programs/binary_search_c/
 /examples/programs/dijkstra/

examples/programs/algo64.mlw

@@ -18,12 +18,7 @@ module Algo64
   use import module ref.Ref
   use import module array.Array
   use import module array.ArrayPermut
-
-  predicate sorted_sub (a: array int) (l u: int)
-(*
-  clone import module array.ArraySorted with
-    type elt = int, predicate le = (<=)
-*)
+  use import module array.ArraySorted
 
   (* Algorithm 63 *)
 
@@ -31,7 +26,7 @@ module Algo64
     a:array int -> m:int -> n:int -> i:ref int -> j:ref int ->
     { 0 <= m < n < length a }
     unit writes a i j
-    { m <= !j < !i <= n /\ permut_sub (old a) a m n /\
+    { m <= !j < !i <= n /\ permut_sub (old a) a m (n+1) /\
       exists x:int.
         (forall r:int. m <= r <= !j -> a[r] <= x) /\
         (forall r:int. !j < r < !i -> a[r] = x) /\
@@ -47,11 +42,11 @@ module Algo64
       let j = ref 0 in
       partition a m n i j;
 'L1:  quicksort a m !j;
-      assert { permut_sub (at a 'L1) a m n };
+      assert { permut_sub (at a 'L1) a m (n+1) };
 'L2:  quicksort a !i n;
-      assert { permut_sub (at a 'L2) a m n }
+      assert { permut_sub (at a 'L2) a m (n+1) }
     end
-    { permut_sub (old a) a m n /\ sorted_sub a m n }
+    { permut_sub (old a) a m (n+1) /\ sorted_sub a m (n+1) }
 
 end
 

examples/programs/algo64/why3session.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE why3session SYSTEM "/home/jc/why3/share/why3session.dtd">
+<why3session
+ name="examples/programs/algo64/why3session.xml" shape_version="2">
+ <prover
+  id="0"
+  name="Alt-Ergo"
+  version="0.94"/>
+ <prover
+  id="1"
+  name="Z3"
+  version="3.2"/>
+ <file
+  name="../algo64.mlw"
+  verified="true"
+  expanded="true">
+  <theory
+   name="Algo64"
+   locfile="examples/programs/algo64/../algo64.mlw"
+   loclnum="15" loccnumb="7" loccnume="13"
+   verified="true"
+   expanded="true">
+   <goal
+    name="WP_parameter quicksort"
+    locfile="examples/programs/algo64/../algo64.mlw"
+    loclnum="37" loccnumb="10" loccnume="19"
+    expl="parameter quicksort"
+    sum="3533c0ea980cde0949f11d81f0039f7d"
+    proved="true"
+    expanded="true"
+    shape="iainfix &lt;V1V2asorted_subV8V1ainfix +V2c1Aapermut_subV3V8V1ainfix +V2c1Aapermut_subV7V8V1ainfix +V2c1Iasorted_subV8V5ainfix +V2c1Aapermut_subV7V8V5ainfix +V2c1FAainfix &lt;V2V0Aainfix &lt;=V5V2Aainfix &lt;=c0V5Aainfix &lt;ainfix -V2V5ainfix -V2V1Aainfix &lt;=c0ainfix -V2V1Aapermut_subV6V7V1ainfix +V2c1Iasorted_subV7V1ainfix +V4c1Aapermut_subV6V7V1ainfix +V4c1FAainfix &lt;V4V0Aainfix &lt;=V1V4Aainfix &lt;=c0V1Aainfix &lt;ainfix -V4V1ainfix -V2V1Aainfix &lt;=c0ainfix -V2V1Iainfix &gt;=agetV6V10V9Iainfix &lt;=V10V2Aainfix &lt;=V5V10FAainfix =agetV6V11V9Iainfix &lt;V11V5Aainfix &lt;V4V11FAainfix &lt;=agetV6V12V9Iainfix &lt;=V12V4Aainfix &lt;=V1V12FEAapermut_subV3V6V1ainfix +V2c1Aainfix &lt;=V5V2Aainfix &lt;V4V5Aainfix &lt;=V1V4FAainfix &lt;V2V0Aainfix &lt;V1V2Aainfix &lt;=c0V1asorted_subV3V1ainfix +V2c1Aapermut_subV3V3V1ainfix +V2c1Iainfix &lt;V2V0Aainfix &lt;=V1V2Aainfix &lt;=c0V1FF">
+    <label
+     name="expl:parameter quicksort"/>
+    <transf
+     name="split_goal"
+     proved="true"
+     expanded="true">
+     <goal
+      name="WP_parameter quicksort.1"
+      locfile="examples/programs/algo64/../algo64.mlw"
+      loclnum="37" loccnumb="10" loccnume="19"
+      expl="precondition"
+      sum="1937b51a248d0b81e263cfda90830a31"
+      proved="true"
+      expanded="false"
+      shape="ainfix &lt;V2V0Aainfix &lt;V1V2Aainfix &lt;=c0V1Iainfix &lt;V1V2Iainfix &lt;V2V0Aainfix &lt;=V1V2Aainfix &lt;=c0V1FF">
+      <label
+       name="expl:parameter quicksort"/>
+      <proof
+       prover="0"
+       timelimit="5"
+       memlimit="1000"
+       obsolete="false"
+       archived="false">
+       <result status="valid" time="0.02"/>
+      </proof>
+     </goal>
+     <goal
+      name="WP_parameter quicksort.2"
+      locfile="examples/programs/algo64/../algo64.mlw"
+      loclnum="37" loccnumb="10" loccnume="19"
+      expl="variant decreases"
+      sum="194b5831756da65b29d0a1aea48225f1"
+      proved="true"
+      expanded="false"
+      shape="ainfix &lt;ainfix -V4V1ainfix -V2V1Aainfix &lt;=c0ainfix -V2V1Iainfix &gt;=agetV6V8V7Iainfix &lt;=V8V2Aainfix &lt;=V5V8FAainfix =agetV6V9V7Iainfix &lt;V9V5Aainfix &lt;V4V9FAainfix &lt;=agetV6V10V7Iainfix &lt;=V10V4Aainfix &lt;=V1V10FEAapermut_subV3V6V1ainfix +V2c1Aainfix &lt;=V5V2Aainfix &lt;V4V5Aainfix &lt;=V1V4FIainfix &lt;V2V0Aainfix &lt;V1V2Aainfix &lt;=c0V1Iainfix &lt;V1V2Iainfix &lt;V2V0Aainfix &lt;=V1V2Aainfix &lt;=c0V1FF">
+      <label
+       name="expl:parameter quicksort"/>
+      <proof
+       prover="0"
+       timelimit="5"
+       memlimit="1000"
+       obsolete="false"
+       archived="false">
+       <result status="valid" time="0.03"/>
+      </proof>
+     </goal>
+     <goal
+      name="WP_parameter quicksort.3"
+      locfile="examples/programs/algo64/../algo64.mlw"
+      loclnum="37" loccnumb="10" loccnume="19"
+      expl="precondition"
+      sum="034928eff8a6ffb4a2a09d9cef39ca33"
+      proved="true"
+      expanded="false"
+      shape="ainfix &lt;V4V0Aainfix &lt;=V1V4Aainfix &lt;=c0V1Iainfix &gt;=agetV6V8V7Iainfix &lt;=V8V2Aainfix &lt;=V5V8FAainfix =agetV6V9V7Iainfix &lt;V9V5Aainfix &lt;V4V9FAainfix &lt;=agetV6V10V7Iainfix &lt;=V10V4Aainfix &lt;=V1V10FEAapermut_subV3V6V1ainfix +V2c1Aainfix &lt;=V5V2Aainfix &lt;V4V5Aainfix &lt;=V1V4FIainfix &lt;V2V0Aainfix &lt;V1V2Aainfix &lt;=c0V1Iainfix &lt;V1V2Iainfix &lt;V2V0Aainfix &lt;=V1V2Aainfix &lt;=c0V1FF">
+      <label
+       name="expl:parameter quicksort"/>
+      <proof
+       prover="0"
+       timelimit="5"
+       memlimit="1000"
+       obsolete="false"
+       archived="false">
+       <result status="valid" time="0.03"/>
+      </proof>
+     </goal>
+     <goal
+      name="WP_parameter quicksort.4"
+      locfile="examples/programs/algo64/../algo64.mlw"
+      loclnum="37" loccnumb="10" loccnume="19"
+      expl="assertion"
+      sum="c02cf84424f0d3f80a18bbd62f4f9d7f"
+      proved="true"
+      expanded="false"
+      shape="apermut_subV6V7V1ainfix +V2c1Iasorted_subV7V1ainfix +V4c1Aapermut_subV6V7V1ainfix +V4c1FIainfix &lt;V4V0Aainfix &lt;=V1V4Aainfix &lt;=c0V1Aainfix &lt;ainfix -V4V1ainfix -V2V1Aainfix &lt;=c0ainfix -V2V1Iainfix &gt;=agetV6V9V8Iainfix &lt;=V9V2Aainfix &lt;=V5V9FAainfix =agetV6V10V8Iainfix &lt;V10V5Aainfix &lt;V4V10FAainfix &lt;=agetV6V11V8Iainfix &lt;=V11V4Aainfix &lt;=V1V11FEAapermut_subV3V6V1ainfix +V2c1Aainfix &lt;=V5V2Aainfix &lt;V4V5Aainfix &lt;=V1V4FIainfix &lt;V2V0Aainfix &lt;V1V2Aainfix &lt;=c0V1Iainfix &lt;V1V2Iainfix &lt;V2V0Aainfix &lt;=V1V2Aainfix &lt;=c0V1FF">
+      <label
+       name="expl:parameter quicksort"/>
+      <proof
+       prover="0"
+       timelimit="5"
+       memlimit="1000"
+       obsolete="false"
+       archived="false">
+       <result status="valid" time="0.04"/>
+      </proof>
+     </goal>
+     <goal
+      name="WP_parameter quicksort.5"
+      locfile="examples/programs/algo64/../algo64.mlw"
+      loclnum="37" loccnumb="10" loccnume="19"
+      expl="variant decreases"
+      sum="2acdc20b13b77e830b11f6b0ff7915bc"
+      proved="true"
+      expanded="false"
+      shape="ainfix &lt;ainfix -V2V5ainfix -V2V1Aainfix &lt;=c0ainfix -V2V1Iapermut_subV6V7V1ainfix +V2c1Iasorted_subV7V1ainfix +V4c1Aapermut_subV6V7V1ainfix +V4c1FIainfix &lt;V4V0Aainfix &lt;=V1V4Aainfix &lt;=c0V1Aainfix &lt;ainfix -V4V1ainfix -V2V1Aainfix &lt;=c0ainfix -V2V1Iainfix &gt;=agetV6V9V8Iainfix &lt;=V9V2Aainfix &lt;=V5V9FAainfix =agetV6V10V8Iainfix &lt;V10V5Aainfix &lt;V4V10FAainfix &lt;=agetV6V11V8Iainfix &lt;=V11V4Aainfix &lt;=V1V11FEAapermut_subV3V6V1ainfix +V2c1Aainfix &lt;=V5V2Aainfix &lt;V4V5Aainfix &lt;=V1V4FIainfix &lt;V2V0Aainfix &lt;V1V2Aainfix &lt;=c0V1Iainfix &lt;V1V2Iainfix &lt;V2V0Aainfix &lt;=V1V2Aainfix &lt;=c0V1FF">
+      <label
+       name="expl:parameter quicksort"/>
+      <proof
+       prover="0"
+       timelimit="5"
+       memlimit="1000"
+       obsolete="false"
+       archived="false">
+       <result status="valid" time="0.03"/>
+      </proof>
+     </goal>
+     <goal
+      name="WP_parameter quicksort.6"
+      locfile="examples/programs/algo64/../algo64.mlw"
+      loclnum="37" loccnumb="10" loccnume="19"
+      expl="precondition"
+      sum="2e6be7b6dba972c3888cf2d815f92588"
+      proved="true"
+      expanded="false"
+      shape="ainfix &lt;V2V0Aainfix &lt;=V5V2Aainfix &lt;=c0V5Iapermut_subV6V7V1ainfix +V2c1Iasorted_subV7V1ainfix +V4c1Aapermut_subV6V7V1ainfix +V4c1FIainfix &lt;V4V0Aainfix &lt;=V1V4Aainfix &lt;=c0V1Aainfix &lt;ainfix -V4V1ainfix -V2V1Aainfix &lt;=c0ainfix -V2V1Iainfix &gt;=agetV6V9V8Iainfix &lt;=V9V2Aainfix &lt;=V5V9FAainfix =agetV6V10V8Iainfix &lt;V10V5Aainfix &lt;V4V10FAainfix &lt;=agetV6V11V8Iainfix &lt;=V11V4Aainfix &lt;=V1V11FEAapermut_subV3V6V1ainfix +V2c1Aainfix &lt;=V5V2Aainfix &lt;V4V5Aainfix &lt;=V1V4FIainfix &lt;V2V0Aainfix &lt;V1V2Aainfix &lt;=c0V1Iainfix &lt;V1V2Iainfix &lt;V2V0Aainfix &lt;=V1V2Aainfix &lt;=c0V1FF">
+      <label
+       name="expl:parameter quicksort"/>
+      <proof
+       prover="0"
+       timelimit="5"
+       memlimit="1000"
+       obsolete="false"
+       archived="false">
+       <result status="valid" time="0.03"/>
+      </proof>
+     </goal>
+     <goal
+      name="WP_parameter quicksort.7"
+      locfile="examples/programs/algo64/../algo64.mlw"
+      loclnum="37" loccnumb="10" loccnume="19"
+      expl="assertion"
+      sum="4cb0e10c07f7d1266dcbca3b21e61000"
+      proved="true"
+      expanded="false"
+      shape="apermut_subV7V8V1ainfix +V2c1Iasorted_subV8V5ainfix +V2c1Aapermut_subV7V8V5ainfix +V2c1FIainfix &lt;V2V0Aainfix &lt;=V5V2Aainfix &lt;=c0V5Aainfix &lt;ainfix -V2V5ainfix -V2V1Aainfix &lt;=c0ainfix -V2V1Iapermut_subV6V7V1ainfix +V2c1Iasorted_subV7V1ainfix +V4c1Aapermut_subV6V7V1ainfix +V4c1FIainfix &lt;V4V0Aainfix &lt;=V1V4Aainfix &lt;=c0V1Aainfix &lt;ainfix -V4V1ainfix -V2V1Aainfix &lt;=c0ainfix -V2V1Iainfix &gt;=agetV6V10V9Iainfix &lt;=V10V2Aainfix &lt;=V5V10FAainfix =agetV6V11V9Iainfix &lt;V11V5Aainfix &lt;V4V11FAainfix &lt;=agetV6V12V9Iainfix &lt;=V12V4Aainfix &lt;=V1V12FEAapermut_subV3V6V1ainfix +V2c1Aainfix &lt;=V5V2Aainfix &lt;V4V5Aainfix &lt;=V1V4FIainfix &lt;V2V0Aainfix &lt;V1V2Aainfix &lt;=c0V1Iainfix &lt;V1V2Iainfix &lt;V2V0Aainfix &lt;=V1V2Aainfix &lt;=c0V1FF">
+      <label
+       name="expl:parameter quicksort"/>
+      <proof
+       prover="0"
+       timelimit="5"
+       memlimit="1000"
+       obsolete="false"
+       archived="false">
+       <result status="valid" time="0.04"/>
+      </proof>
+     </goal>
+     <goal
+      name="WP_parameter quicksort.8"
+      locfile="examples/programs/algo64/../algo64.mlw"
+      loclnum="37" loccnumb="10" loccnume="19"
+      expl="normal postcondition"
+      sum="73b08ee7a978f24b740f747e96186b06"
+      proved="true"
+      expanded="true"
+      shape="asorted_subV8V1ainfix +V2c1Aapermut_subV3V8V1ainfix +V2c1Iapermut_subV7V8V1ainfix +V2c1Iasorted_subV8V5ainfix +V2c1Aapermut_subV7V8V5ainfix +V2c1FIainfix &lt;V2V0Aainfix &lt;=V5V2Aainfix &lt;=c0V5Aainfix &lt;ainfix -V2V5ainfix -V2V1Aainfix &lt;=c0ainfix -V2V1Iapermut_subV6V7V1ainfix +V2c1Iasorted_subV7V1ainfix +V4c1Aapermut_subV6V7V1ainfix +V4c1FIainfix &lt;V4V0Aainfix &lt;=V1V4Aainfix &lt;=c0V1Aainfix &lt;ainfix -V4V1ainfix -V2V1Aainfix &lt;=c0ainfix -V2V1Iainfix &gt;=agetV6V10V9Iainfix &lt;=V10V2Aainfix &lt;=V5V10FAainfix =agetV6V11V9Iainfix &lt;V11V5Aainfix &lt;V4V11FAainfix &lt;=agetV6V12V9Iainfix &lt;=V12V4Aainfix &lt;=V1V12FEAapermut_subV3V6V1ainfix +V2c1Aainfix &lt;=V5V2Aainfix &lt;V4V5Aainfix &lt;=V1V4FIainfix &lt;V2V0Aainfix &lt;V1V2Aainfix &lt;=c0V1Iainfix &lt;V1V2Iainfix &lt;V2V0Aainfix &lt;=V1V2Aainfix &lt;=c0V1FF">
+      <label
+       name="expl:parameter quicksort"/>
+      <transf
+       name="split_goal"
+       proved="true"
+       expanded="true">
+       <goal
+        name="WP_parameter quicksort.8.1"
+        locfile="examples/programs/algo64/../algo64.mlw"
+        loclnum="37" loccnumb="10" loccnume="19"
+        expl="parameter quicksort"
+        sum="ad5ce69bb20a3c62372c864f4a9a6cdc"
+        proved="true"
+        expanded="false"
+        shape="apermut_subV3V8V1ainfix +V2c1Iapermut_subV7V8V1ainfix +V2c1Iasorted_subV8V5ainfix +V2c1Aapermut_subV7V8V5ainfix +V2c1FIainfix &lt;V2V0Aainfix &lt;=V5V2Aainfix &lt;=c0V5Aainfix &lt;ainfix -V2V5ainfix -V2V1Aainfix &lt;=c0ainfix -V2V1Iapermut_subV6V7V1ainfix +V2c1Iasorted_subV7V1ainfix +V4c1Aapermut_subV6V7V1ainfix +V4c1FIainfix &lt;V4V0Aainfix &lt;=V1V4Aainfix &lt;=c0V1Aainfix &lt;ainfix -V4V1ainfix -V2V1Aainfix &lt;=c0ainfix -V2V1Iainfix &gt;=agetV6V10V9Iainfix &lt;=V10V2Aainfix &lt;=V5V10FAainfix =agetV6V11V9Iainfix &lt;V11V5Aainfix &lt;V4V11FAainfix &lt;=agetV6V12V9Iainfix &lt;=V12V4Aainfix &lt;=V1V12FEAapermut_subV3V6V1ainfix +V2c1Aainfix &lt;=V5V2Aainfix &lt;V4V5Aainfix &lt;=V1V4FIainfix &lt;V2V0Aainfix &lt;V1V2Aainfix &lt;=c0V1Iainfix &lt;V1V2Iainfix &lt;V2V0Aainfix &lt;=V1V2Aainfix &lt;=c0V1FF">
+        <label
+         name="expl:parameter quicksort"/>
+        <proof
+         prover="0"
+         timelimit="5"
+         memlimit="1000"
+         obsolete="false"
+         archived="false">
+         <result status="valid" time="0.10"/>
+        </proof>
+       </goal>
+       <goal
+        name="WP_parameter quicksort.8.2"
+        locfile="examples/programs/algo64/../algo64.mlw"
+        loclnum="37" loccnumb="10" loccnume="19"
+        expl="parameter quicksort"
+        sum="af0bb134c03b7b81b0ec6db2673c6e7c"
+        proved="true"
+        expanded="true"
+        shape="asorted_subV8V1ainfix +V2c1Iapermut_subV7V8V1ainfix +V2c1Iasorted_subV8V5ainfix +V2c1Aapermut_subV7V8V5ainfix +V2c1FIainfix &lt;V2V0Aainfix &lt;=V5V2Aainfix &lt;=c0V5Aainfix &lt;ainfix -V2V5ainfix -V2V1Aainfix &lt;=c0ainfix -V2V1Iapermut_subV6V7V1ainfix +V2c1Iasorted_subV7V1ainfix +V4c1Aapermut_subV6V7V1ainfix +V4c1FIainfix &lt;V4V0Aainfix &lt;=V1V4Aainfix &lt;=c0V1Aainfix &lt;ainfix -V4V1ainfix -V2V1Aainfix &lt;=c0ainfix -V2V1Iainfix &gt;=agetV6V10V9Iainfix &lt;=V10V2Aainfix &lt;=V5V10FAainfix =agetV6V11V9Iainfix &lt;V11V5Aainfix &lt;V4V11FAainfix &lt;=agetV6V12V9Iainfix &lt;=V12V4Aainfix &lt;=V1V12FEAapermut_subV3V6V1ainfix +V2c1Aainfix &lt;=V5V2Aainfix &lt;V4V5Aainfix &lt;=V1V4FIainfix &lt;V2V0Aainfix &lt;V1V2Aainfix &lt;=c0V1Iainfix &lt;V1V2Iainfix &lt;V2V0Aainfix &lt;=V1V2Aainfix &lt;=c0V1FF">
+        <label
+         name="expl:parameter quicksort"/>
+        <proof
+         prover="1"
+         timelimit="19"
+         memlimit="1000"
+         obsolete="false"
+         archived="false">
+         <result status="valid" time="14.69"/>
+        </proof>
+       </goal>
+      </transf>
+     </goal>
+     <goal
+      name="WP_parameter quicksort.9"
+      locfile="examples/programs/algo64/../algo64.mlw"
+      loclnum="37" loccnumb="10" loccnume="19"
+      expl="normal postcondition"
+      sum="07812c408c2ef8ba959a4c34a2b3e06e"
+      proved="true"
+      expanded="false"
+      shape="asorted_subV3V1ainfix +V2c1Aapermut_subV3V3V1ainfix +V2c1Iainfix &lt;V1V2NIainfix &lt;V2V0Aainfix &lt;=V1V2Aainfix &lt;=c0V1FF">
+      <label
+       name="expl:parameter quicksort"/>
+      <proof
+       prover="0"
+       timelimit="5"
+       memlimit="1000"
+       obsolete="false"
+       archived="false">
+       <result status="valid" time="0.04"/>
+      </proof>
+     </goal>
+    </transf>
+   </goal>
+  </theory>
+ </file>
+</why3session>