bresenham: simplified spec and proof

parent d7473542
......@@ -17,39 +17,40 @@ module M
constant y2: int
axiom first_octant: 0 <= y2 <= x2
(* The code.
[(best x y)] expresses that the point [(x,y)] is the best
possible point i.e. the closest to the real line (see the Coq file).
The invariant relates [x], [y], and [e] and
gives lower and upper bound for [e] (see the Coq file). *)
(* [best x y] expresses that the point [(x,y)] is the best
possible point i.e. the closest to the real line
i.e. for all y', we have |y - x*y2/x2| <= |y' - x*y2/x2|
We stay in type [int] by multiplying everything by [x2]. *)
use import int.Abs
predicate best (x y: int) =
forall y': int. abs (x2 * y - x * y2) <= abs (x2 * y' - x * y2)
predicate invariant_ (x y e: int) =
e = 2 * (x + 1) * y2 - (2 * y + 1) * x2 /\
2 * (y2 - x2) <= e <= 2 * y2
(** Key lemma for Bresenham's proof: if [b] is at distance less or equal
than [1/2] from the rational [c/a], then it is the closest such integer.
We express this property using integers by multiplying everything by [2a]. *)
lemma invariant_is_ok: forall x y e: int. invariant_ x y e -> best x y
lemma closest :
forall a b c: int. 0 < a ->
abs (2 * a * b - 2 * c) <= a ->
forall b': int. abs (a * b - c) <= abs (a * b' - c)
let bresenham () =
let x = ref 0 in
let y = ref 0 in
let e = ref (2 * y2 - x2) in
while !x <= x2 do
invariant { 0 <= !x <= x2 + 1 /\ invariant_ !x !y !e }
variant { x2 + 1 - !x }
(* here we would plot (x, y) *)
assert { best !x !y };
for x = 0 to x2 do
invariant { !e = 2 * (x + 1) * y2 - (2 * !y + 1) * x2 }
invariant { 2 * (y2 - x2) <= !e <= 2 * y2 }
(* here we would plot (x, y),
so we assert this is the best possible row y for column x *)
assert { best x !y };
if !e < 0 then
e := !e + 2 * y2
else begin
y := !y + 1;
e := !e + 2 * (y2 - x2)
end;
x := !x + 1
end
done
end
(* This file is generated by Why3's Coq driver *)
(* This file is generated by Why3's Coq 8.4 driver *)
(* Beware! Only edit allowed sections below *)
Require Import ZArith.
Require Import Rbase.
Definition unit := unit.
Require Import BuiltIn.
Require BuiltIn.
Require int.Int.
Require int.Abs.
Parameter mark : Type.
(* Why3 assumption *)
Definition unit := unit.
Parameter at1: forall (a:Type), a -> mark -> a.
Implicit Arguments at1.
Parameter old: forall (a:Type), a -> a.
Implicit Arguments old.
Inductive ref (a:Type) :=
(* Why3 assumption *)
Inductive ref (a:Type) {a_WT:WhyType a} :=
| mk_ref : a -> ref a.
Implicit Arguments mk_ref.
Definition contents (a:Type)(u:(ref a)): a :=
match u with
| mk_ref contents1 => contents1
Axiom ref_WhyType : forall (a:Type) {a_WT:WhyType a}, WhyType (ref a).
Existing Instance ref_WhyType.
Implicit Arguments mk_ref [[a] [a_WT]].
(* Why3 assumption *)
Definition contents {a:Type} {a_WT:WhyType a} (v:(@ref a a_WT)): a :=
match v with
| (mk_ref x) => x
end.
Implicit Arguments contents.
Parameter x2: Z.
Parameter y2: Z.
Axiom first_octant : (0%Z <= (y2 ))%Z /\ ((y2 ) <= (x2 ))%Z.
Parameter x2: Z.
Axiom Abs_pos : forall (x:Z), (0%Z <= (Zabs x))%Z.
Parameter y2: Z.
Definition best(x:Z) (y:Z): Prop := forall (yqt:Z),
((Zabs (((x2 ) * y)%Z - (x * (y2 ))%Z)%Z) <= (Zabs (((x2 ) * yqt)%Z - (x * (y2 ))%Z)%Z))%Z.
Axiom first_octant : (0%Z <= y2)%Z /\ (y2 <= x2)%Z.
Definition invariant_(x:Z) (y:Z) (e:Z): Prop :=
(e = (((2%Z * (x + 1%Z)%Z)%Z * (y2 ))%Z - (((2%Z * y)%Z + 1%Z)%Z * (x2 ))%Z)%Z) /\
(((2%Z * ((y2 ) - (x2 ))%Z)%Z <= e)%Z /\ (e <= (2%Z * (y2 ))%Z)%Z).
(* Why3 assumption *)
Definition best (x:Z) (y:Z): Prop := forall (y':Z),
((Zabs ((x2 * y)%Z - (x * y2)%Z)%Z) <= (Zabs ((x2 * y')%Z - (x * y2)%Z)%Z))%Z.
(* YOU MAY EDIT THE CONTEXT BELOW *)
(*s First a tactic [Case_Zabs] to do case split over [(Zabs x)]:
introduces two subgoals, one where [x] is assumed to be non negative
and thus where [Zabs x] is replaced by [x]; and another where
......@@ -86,18 +75,17 @@ Ltac ZCompare x y H :=
Ltac RingSimpl x y := replace x with y; [ idtac | ring ].
(*s Key lemma for Bresenham's proof: if [b] is at distance less or equal
than [1/2] from the rational [c/a], then it is the closest such integer.
We express this property in [Z], thus multiplying everything by [2a]. *)
Require Import Why3.
Ltac ae := why3 "Alt-Ergo,0.95.1," timelimit 3.
Lemma closest :
forall a b c:Z,
(0 <= a)%Z ->
(Zabs (2 * a * b - 2 * c) <= a)%Z ->
forall b':Z, (Zabs (a * b - c) <= Zabs (a * b' - c))%Z.
Proof.
(* Why3 goal *)
Theorem closest : forall (a:Z) (b:Z) (c:Z), (0%Z < a)%Z ->
(((Zabs (((2%Z * a)%Z * b)%Z - (2%Z * c)%Z)%Z) <= a)%Z -> forall (b':Z),
((Zabs ((a * b)%Z - c)%Z) <= (Zabs ((a * b')%Z - c)%Z))%Z).
(* Why3 intros a b c h1 h2 b'. *)
intros a b c Ha Hmin.
generalize (proj2 (Zabs_le (2 * a * b - 2 * c) a Ha) Hmin).
assert (Ha': (0 <= a)%Z) by omega.
generalize (proj2 (Zabs_le (2 * a * b - 2 * c) a Ha') Hmin).
intros Hmin' b'.
elim (Z_le_gt_dec (2 * a * b) (2 * c)); intro Habc.
(* 2ab <= 2c *)
......@@ -105,22 +93,8 @@ rewrite (Zabs_non_eq (a * b - c)).
ZCompare b b' Hbb'.
(* b > b' *)
rewrite (Zabs_non_eq (a * b' - c)).
apply Zle_left_rev.
RingSimpl (Zopp (a * b' - c) + Zopp (Zopp (a * b - c)))%Z
(a * (b - b'))%Z.
apply Zmult_le_0_compat; omega.
apply Zge_le.
apply Zge_trans with (m := (a * b - c)%Z).
apply Zmult_ge_reg_r with (p := 2%Z).
omega.
RingSimpl (0 * 2)%Z 0%Z.
RingSimpl ((a * b - c) * 2)%Z (2 * a * b - 2 * c)%Z.
omega.
RingSimpl (a * b' - c)%Z (a * b' + Zopp c)%Z.
RingSimpl (a * b - c)%Z (a * b + Zopp c)%Z.
apply Zle_ge.
apply Zplus_le_compat_r.
apply Zmult_le_compat_l; omega.
ae.
ae.
(* b < b' *)
rewrite (Zabs_eq (a * b' - c)).
apply Zmult_le_reg_r with (p := 2%Z).
......@@ -135,7 +109,7 @@ ZCompare b b' Hbb'.
apply Zplus_le_compat.
RingSimpl (2 * a)%Z (2 * a * 1)%Z.
RingSimpl (2 * (a * b' - a * b))%Z (2 * a * (b' - b))%Z.
apply Zmult_le_compat_l; omega.
ae.
RingSimpl (2 * (a * b - c))%Z (2 * a * b - 2 * c)%Z.
omega.
(* 0 <= ab'-c *)
......@@ -144,29 +118,14 @@ ZCompare b b' Hbb'.
apply Zplus_le_compat.
RingSimpl a (a * 1)%Z.
RingSimpl (a * 1 * b' - a * 1 * b)%Z (a * (b' - b))%Z.
apply Zmult_le_compat_l; omega.
apply Zmult_le_reg_r with (p := 2%Z).
omega.
ae.
apply Zle_trans with (Zopp a).
omega.
RingSimpl ((a * b - c) * 2)%Z (2 * a * b - 2 * c)%Z.
omega.
ae.
(* b = b' *)
rewrite <- Hbb'.
rewrite (Zabs_non_eq (a * b - c)).
omega.
apply Zge_le.
apply Zmult_ge_reg_r with (p := 2%Z).
omega.
RingSimpl (0 * 2)%Z 0%Z.
RingSimpl ((a * b - c) * 2)%Z (2 * a * b - 2 * c)%Z.
omega.
apply Zge_le.
apply Zmult_ge_reg_r with (p := 2%Z).
omega.
RingSimpl (0 * 2)%Z 0%Z.
RingSimpl ((a * b - c) * 2)%Z (2 * a * b - 2 * c)%Z.
omega.
ae.
ae.
(* 2ab > 2c *)
rewrite (Zabs_eq (a * b - c)).
......@@ -178,89 +137,32 @@ ZCompare b b' Hbb'.
RingSimpl (Zopp (a * b' - c) * 2)%Z
(2 * (c - a * b) + 2 * (a * b - a * b'))%Z.
apply Zle_trans with a.
RingSimpl ((a * b - c) * 2)%Z (2 * a * b - 2 * c)%Z.
omega.
ae.
apply Zle_trans with (Zopp a + 2 * a)%Z.
omega.
apply Zplus_le_compat.
RingSimpl (2 * (c - a * b))%Z (2 * c - 2 * a * b)%Z.
omega.
ae.
RingSimpl (2 * a)%Z (2 * a * 1)%Z.
RingSimpl (2 * (a * b - a * b'))%Z (2 * a * (b - b'))%Z.
apply Zmult_le_compat_l; omega.
ae.
(* 0 >= ab'-c *)
RingSimpl (a * b' - c)%Z (a * b' - a * b + (a * b - c))%Z.
RingSimpl 0%Z (Zopp a + a)%Z.
apply Zplus_le_compat.
RingSimpl (Zopp a) (a * (-1))%Z.
RingSimpl (a * b' - a * b)%Z (a * (b' - b))%Z.
apply Zmult_le_compat_l; omega.
apply Zmult_le_reg_r with (p := 2%Z).
omega.
apply Zle_trans with a.
RingSimpl ((a * b - c) * 2)%Z (2 * a * b - 2 * c)%Z.
omega.
omega.
ae.
ae.
(* b < b' *)
rewrite (Zabs_eq (a * b' - c)).
apply Zle_left_rev.
RingSimpl (a * b' - c + Zopp (a * b - c))%Z (a * (b' - b))%Z.
apply Zmult_le_0_compat; omega.
ae.
apply Zle_trans with (m := (a * b - c)%Z).
apply Zmult_le_reg_r with (p := 2%Z).
omega.
RingSimpl (0 * 2)%Z 0%Z.
RingSimpl ((a * b - c) * 2)%Z (2 * a * b - 2 * c)%Z.
omega.
RingSimpl (a * b' - c)%Z (a * b' + Zopp c)%Z.
RingSimpl (a * b - c)%Z (a * b + Zopp c)%Z.
apply Zplus_le_compat_r.
apply Zmult_le_compat_l; omega.
(* b = b' *)
rewrite <- Hbb'.
rewrite (Zabs_eq (a * b - c)).
omega.
apply Zmult_le_reg_r with (p := 2%Z).
omega.
RingSimpl (0 * 2)%Z 0%Z.
RingSimpl ((a * b - c) * 2)%Z (2 * a * b - 2 * c)%Z.
omega.
apply Zmult_le_reg_r with (p := 2%Z).
omega.
RingSimpl (0 * 2)%Z 0%Z.
RingSimpl ((a * b - c) * 2)%Z (2 * a * b - 2 * c)%Z.
omega.
Qed.
(* DO NOT EDIT BELOW *)
Theorem invariant_is_ok : forall (x:Z) (y:Z) (e:Z), (invariant_ x y e) ->
(best x y).
(* YOU MAY EDIT THE PROOF BELOW *)
Proof.
intros x y e.
unfold invariant_; unfold best; intros [E I'] y'.
cut (0 <= x2)%Z; [ intro Hx2 | idtac ].
apply closest.
assumption.
apply (proj1 (Zabs_le (2 * x2 * y - 2 * (x * y2)) x2 Hx2)).
rewrite E in I'.
split.
(* 0 <= x2 *)
generalize (proj2 I').
RingSimpl (2 * (x + 1) * y2 - (2 * y + 1) * x2)%Z
(2 * x * y2 - 2 * x2 * y + 2 * y2 - x2)%Z.
intro.
RingSimpl (2 * (x * y2))%Z (2 * x * y2)%Z.
omega.
(* 0 <= x2 *)
generalize (proj1 I').
RingSimpl (2 * (x + 1) * y2 - (2 * y + 1) * x2)%Z
(2 * x * y2 - 2 * x2 * y + 2 * y2 - x2)%Z.
RingSimpl (2 * (y2 - x2))%Z (2 * y2 - 2 * x2)%Z.
RingSimpl (2 * (x * y2))%Z (2 * x * y2)%Z.
omega.
omega.
ae.
ae.
ae.
ae.
Qed.
(* DO NOT EDIT BELOW *)
......@@ -12,7 +12,7 @@
<prover
id="2"
name="Coq"
version="8.3pl4"/>
version="8.4pl1"/>
<prover
id="3"
name="Z3"
......@@ -20,7 +20,7 @@
<file
name="../bresenham.mlw"
verified="true"
expanded="false">
expanded="true">
<theory
name="M"
locfile="../bresenham.mlw"
......@@ -28,32 +28,32 @@
verified="true"
expanded="true">
<goal
name="invariant_is_ok"
name="closest"
locfile="../bresenham.mlw"
loclnum="35" loccnumb="8" loccnume="23"
sum="1d2cd1394d937b46fca73b74259f4130"
loclnum="34" loccnumb="8" loccnume="15"
sum="bb460d9dca0b399cc918f78a18bc21ce"
proved="true"
expanded="true"
shape="abestV0V1Iainvariant_V0V1V2F">
shape="ainfix &lt;=aabsainfix -ainfix *V0V1V2aabsainfix -ainfix *V0V3V2FIainfix &lt;=aabsainfix -ainfix *ainfix *c2V0V1ainfix *c2V2V0Iainfix &lt;c0V0F">
<proof
prover="2"
timelimit="10"
memlimit="0"
edited="bresenham_WP_M_invariant_is_ok_1.v"
timelimit="5"
memlimit="1000"
edited="bresenham_M_closest_1.v"
obsolete="false"
archived="false">
<result status="valid" time="1.17"/>
<result status="valid" time="3.38"/>
</proof>
</goal>
<goal
name="WP_parameter bresenham"
locfile="../bresenham.mlw"
loclnum="37" loccnumb="6" loccnume="15"
loclnum="39" loccnumb="6" loccnume="15"
expl="VC for bresenham"
sum="736302fef90c12f3a196a9e494b6371c"
sum="7ed105fe95f3a273baf3ac6b02334162"
proved="true"
expanded="true"
shape="iainfix &lt;V0c0ainfix &lt;ainfix -ainfix +ax2c1V4ainfix -ainfix +ax2c1V2Aainfix &lt;=c0ainfix -ainfix +ax2c1V2Aainvariant_V4V1V3Aainfix &lt;=V4ainfix +ax2c1Aainfix &lt;=c0V4Iainfix =V4ainfix +V2c1FIainfix =V3ainfix +V0ainfix *c2ay2Fainfix &lt;ainfix -ainfix +ax2c1V7ainfix -ainfix +ax2c1V2Aainfix &lt;=c0ainfix -ainfix +ax2c1V2Aainvariant_V7V5V6Aainfix &lt;=V7ainfix +ax2c1Aainfix &lt;=c0V7Iainfix =V7ainfix +V2c1FIainfix =V6ainfix +V0ainfix *c2ainfix -ay2ax2FIainfix =V5ainfix +V1c1FAabestV2V1Iainfix &lt;=V2ax2Iainvariant_V2V1V0Aainfix &lt;=V2ainfix +ax2c1Aainfix &lt;=c0V2FAainvariant_c0c0ainfix -ainfix *c2ay2ax2Aainfix &lt;=c0ainfix +ax2c1Aainfix &lt;=c0c0">
shape="iainfix &lt;=V5ainfix *c2ay2Aainfix &lt;=ainfix *c2ainfix -ay2ax2V5Aainfix =V5ainfix -ainfix *ainfix *c2ainfix +ainfix +V3c1c1ay2ainfix *ainfix +ainfix *c2V4c1ax2Iainfix =V5ainfix +V1ainfix *c2ainfix -ay2ax2FIainfix =V4ainfix +V2c1Fainfix &lt;=V6ainfix *c2ay2Aainfix &lt;=ainfix *c2ainfix -ay2ax2V6Aainfix =V6ainfix -ainfix *ainfix *c2ainfix +ainfix +V3c1c1ay2ainfix *ainfix +ainfix *c2V2c1ax2Iainfix =V6ainfix +V1ainfix *c2ay2Fainfix &lt;V1c0AabestV3V2Iainfix &lt;=V1ainfix *c2ay2Aainfix &lt;=ainfix *c2ainfix -ay2ax2V1Aainfix =V1ainfix -ainfix *ainfix *c2ainfix +V3c1ay2ainfix *ainfix +ainfix *c2V2c1ax2Iainfix &lt;=V3V0Aainfix &lt;=c0V3FFAainfix &lt;=ainfix -ainfix *c2ay2ax2ainfix *c2ay2Aainfix &lt;=ainfix *c2ainfix -ay2ax2ainfix -ainfix *c2ay2ax2Aainfix =ainfix -ainfix *c2ay2ax2ainfix -ainfix *ainfix *c2ainfix +c0c1ay2ainfix *ainfix +ainfix *c2c0c1ax2Iainfix &lt;=c0V0Lax2">
<label
name="expl:VC for bresenham"/>
<transf
......@@ -63,18 +63,18 @@
<goal
name="WP_parameter bresenham.1"
locfile="../bresenham.mlw"
loclnum="37" loccnumb="6" loccnume="15"
loclnum="39" loccnumb="6" loccnume="15"
expl="1. loop invariant init"
sum="e4caaafdcfd3fbf6a6f8e26a5a2f738c"
sum="be037f888028707b27d86d253b2f1923"
proved="true"
expanded="true"
shape="ainvariant_c0c0ainfix -ainfix *c2ay2ax2Aainfix &lt;=c0ainfix +ax2c1Aainfix &lt;=c0c0">
shape="loop invariant initainfix =ainfix -ainfix *c2ay2ax2ainfix -ainfix *ainfix *c2ainfix +c0c1ay2ainfix *ainfix +ainfix *c2c0c1ax2Iainfix &lt;=c0V0Lax2">
<label
name="expl:VC for bresenham"/>
<proof
prover="0"
timelimit="10"
memlimit="0"
timelimit="5"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.01"/>
......@@ -99,77 +99,61 @@
<goal
name="WP_parameter bresenham.2"
locfile="../bresenham.mlw"
loclnum="37" loccnumb="6" loccnume="15"
expl="2. assertion"
sum="2d47ce5f0b792d072f91e114587cab0c"
loclnum="39" loccnumb="6" loccnume="15"
expl="2. loop invariant init"
sum="44c197cf9d9fbe481a1ec175f27341e5"
proved="true"
expanded="true"
shape="abestV2V1Iainfix &lt;=V2ax2Iainvariant_V2V1V0Aainfix &lt;=V2ainfix +ax2c1Aainfix &lt;=c0V2F">
shape="loop invariant initainfix &lt;=ainfix -ainfix *c2ay2ax2ainfix *c2ay2Aainfix &lt;=ainfix *c2ainfix -ay2ax2ainfix -ainfix *c2ay2ax2Iainfix &lt;=c0V0Lax2">
<label
name="expl:VC for bresenham"/>
<proof
prover="0"
timelimit="10"
memlimit="0"
obsolete="false"
archived="false">
<result status="valid" time="0.33"/>
</proof>
<proof
prover="1"
timelimit="10"
memlimit="0"
timelimit="5"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.00"/>
<result status="valid" time="0.01"/>
</proof>
</goal>
<goal
name="WP_parameter bresenham.3"
locfile="../bresenham.mlw"
loclnum="37" loccnumb="6" loccnume="15"
expl="3. loop invariant preservation"
sum="168f0b247960a9dfb57a7096bd2efd23"
loclnum="39" loccnumb="6" loccnume="15"
expl="3. assertion"
sum="128f2d66529f7db175f12f89ed59c0db"
proved="true"
expanded="true"
shape="ainvariant_V4V1V3Aainfix &lt;=V4ainfix +ax2c1Aainfix &lt;=c0V4Iainfix =V4ainfix +V2c1FIainfix =V3ainfix +V0ainfix *c2ay2FIainfix &lt;V0c0IabestV2V1Iainfix &lt;=V2ax2Iainvariant_V2V1V0Aainfix &lt;=V2ainfix +ax2c1Aainfix &lt;=c0V2F">
shape="assertionabestV3V2Iainfix &lt;=V1ainfix *c2ay2Aainfix &lt;=ainfix *c2ainfix -ay2ax2V1Aainfix =V1ainfix -ainfix *ainfix *c2ainfix +V3c1ay2ainfix *ainfix +ainfix *c2V2c1ax2Iainfix &lt;=V3V0Aainfix &lt;=c0V3FFIainfix &lt;=c0V0Lax2">
<label
name="expl:VC for bresenham"/>
<proof
prover="1"
timelimit="10"
memlimit="0"
obsolete="false"
archived="false">
<result status="valid" time="0.02"/>
</proof>
<proof
prover="3"
timelimit="10"
memlimit="0"
prover="0"
timelimit="5"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.01"/>
<result status="valid" time="1.77"/>
</proof>
</goal>
<goal
name="WP_parameter bresenham.4"
locfile="../bresenham.mlw"
loclnum="37" loccnumb="6" loccnume="15"
expl="4. loop variant decrease"
sum="a83d16777345a751f88200e197c81fcb"
loclnum="39" loccnumb="6" loccnume="15"
expl="4. loop invariant preservation"
sum="16e18c250f88f955bb5f4833d27ff43b"
proved="true"
expanded="true"
shape="ainfix &lt;ainfix -ainfix +ax2c1V4ainfix -ainfix +ax2c1V2Aainfix &lt;=c0ainfix -ainfix +ax2c1V2Iainfix =V4ainfix +V2c1FIainfix =V3ainfix +V0ainfix *c2ay2FIainfix &lt;V0c0IabestV2V1Iainfix &lt;=V2ax2Iainvariant_V2V1V0Aainfix &lt;=V2ainfix +ax2c1Aainfix &lt;=c0V2F">
shape="loop invariant preservationainfix =V4ainfix -ainfix *ainfix *c2ainfix +ainfix +V3c1c1ay2ainfix *ainfix +ainfix *c2V2c1ax2Iainfix =V4ainfix +V1ainfix *c2ay2FIainfix &lt;V1c0IabestV3V2Iainfix &lt;=V1ainfix *c2ay2Aainfix &lt;=ainfix *c2ainfix -ay2ax2V1Aainfix =V1ainfix -ainfix *ainfix *c2ainfix +V3c1ay2ainfix *ainfix +ainfix *c2V2c1ax2Iainfix &lt;=V3V0Aainfix &lt;=c0V3FFIainfix &lt;=c0V0Lax2">
<label
name="expl:VC for bresenham"/>
<proof
prover="0"
timelimit="10"
memlimit="0"
timelimit="5"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.01"/>
<result status="valid" time="0.02"/>
</proof>
<proof
prover="1"
......@@ -177,7 +161,7 @@
memlimit="0"
obsolete="false"
archived="false">
<result status="valid" time="0.01"/>
<result status="valid" time="0.02"/>
</proof>
<proof
prover="3"
......@@ -185,32 +169,24 @@
memlimit="0"
obsolete="false"
archived="false">
<result status="valid" time="0.02"/>
<result status="valid" time="0.01"/>
</proof>
</goal>
<goal
name="WP_parameter bresenham.5"
locfile="../bresenham.mlw"
loclnum="37" loccnumb="6" loccnume="15"
loclnum="39" loccnumb="6" loccnume="15"
expl="5. loop invariant preservation"
sum="cedcc39ff09d00d69cff5e7168358c03"
sum="c8e48723104c720ccfc854998b665b84"
proved="true"
expanded="true"
shape="ainvariant_V5V3V4Aainfix &lt;=V5ainfix +ax2c1Aainfix &lt;=c0V5Iainfix =V5ainfix +V2c1FIainfix =V4ainfix +V0ainfix *c2ainfix -ay2ax2FIainfix =V3ainfix +V1c1FIainfix &lt;V0c0NIabestV2V1Iainfix &lt;=V2ax2Iainvariant_V2V1V0Aainfix &lt;=V2ainfix +ax2c1Aainfix &lt;=c0V2F">
shape="loop invariant preservationainfix &lt;=V4ainfix *c2ay2Aainfix &lt;=ainfix *c2ainfix -ay2ax2V4Iainfix =V4ainfix +V1ainfix *c2ay2FIainfix &lt;V1c0IabestV3V2Iainfix &lt;=V1ainfix *c2ay2Aainfix &lt;=ainfix *c2ainfix -ay2ax2V1Aainfix =V1ainfix -ainfix *ainfix *c2ainfix +V3c1ay2ainfix *ainfix +ainfix *c2V2c1ax2Iainfix &lt;=V3V0Aainfix &lt;=c0V3FFIainfix &lt;=c0V0Lax2">
<label
name="expl:VC for bresenham"/>
<proof
prover="1"
timelimit="10"
memlimit="0"
obsolete="false"
archived="false">
<result status="valid" time="0.02"/>
</proof>
<proof
prover="3"
timelimit="10"
memlimit="0"
prover="0"
timelimit="5"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.02"/>
......@@ -219,16 +195,16 @@
<goal
name="WP_parameter bresenham.6"
locfile="../bresenham.mlw"
loclnum="37" loccnumb="6" loccnume="15"
expl="6. loop variant decrease"
sum="1ca0b146fd9f3bd8b0837a3d6037871e"
loclnum="39" loccnumb="6" loccnume="15"
expl="6. loop invariant preservation"
sum="f7429b170bf9a7dfc076824327b89d40"
proved="true"
expanded="true"
shape="ainfix &lt;ainfix -ainfix +ax2c1V5ainfix -ainfix +ax2c1V2Aainfix &lt;=c0ainfix -ainfix +ax2c1V2Iainfix =V5ainfix +V2c1FIainfix =V4ainfix +V0ainfix *c2ainfix -ay2ax2FIainfix =V3ainfix +V1c1FIainfix &lt;V0c0NIabestV2V1Iainfix &lt;=V2ax2Iainvariant_V2V1V0Aainfix &lt;=V2ainfix +ax2c1Aainfix &lt;=c0V2F">
shape="loop invariant preservationainfix =V5ainfix -ainfix *ainfix *c2ainfix +ainfix +V3c1c1ay2ainfix *ainfix +ainfix *c2V4c1ax2Iainfix =V5ainfix +V1ainfix *c2ainfix -ay2ax2FIainfix =V4ainfix +V2c1FINainfix &lt;V1c0IabestV3V2Iainfix &lt;=V1ainfix *c2ay2Aainfix &lt;=ainfix *c2ainfix -ay2ax2V1Aainfix =V1ainfix -ainfix *ainfix *c2ainfix +V3c1ay2ainfix *ainfix +ainfix *c2V2c1ax2Iainfix &lt;=V3V0Aainfix &lt;=c0V3FFIainfix &lt;=c0V0Lax2">
<label
name="expl:VC for bresenham"/>
<proof
prover="0"
prover="1"
timelimit="10"
memlimit="0"
obsolete="false"
......@@ -236,17 +212,29 @@
<result status="valid" time="0.02"/>
</proof>
<proof
prover="1"
prover="3"
timelimit="10"
memlimit="0"
obsolete="false"
archived="false">
<result status="valid" time="0.01"/>
<result status="valid" time="0.24"/>
</proof>
</goal>
<goal
name="WP_parameter bresenham.7"
locfile="../bresenham.mlw"
loclnum="39" loccnumb="6" loccnume="15"
expl="7. loop invariant preservation"
sum="bb312ddf367562b2f5c346f07cc87a81"
proved="true"
expanded="true"
shape="loop invariant preservationainfix &lt;=V5ainfix *c2ay2Aainfix &lt;=ainfix *c2ainfix -ay2ax2V5Iainfix =V5ainfix +V1ainfix *c2ainfix -ay2ax2FIainfix =V4ainfix +V2c1FINainfix &lt;V1c0IabestV3V2Iainfix &lt;=V1ainfix *c2ay2Aainfix &lt;=ainfix *c2ainfix -ay2ax2V1Aainfix =V1ainfix -ainfix *ainfix *c2ainfix +V3c1ay2ainfix *ainfix +ainfix *c2V2c1ax2Iainfix &lt;=V3V0Aainfix &lt;=c0V3FFIainfix &lt;=c0V0Lax2">
<label
name="expl:VC for bresenham"/>
<proof
prover="3"
timelimit="10"
memlimit="0"
prover="0"
timelimit="5"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.02"/>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please