Skip to content

GitLab

Commit 9ebc9463 authored by Jean-Christophe Filliâtre's avatar Jean-Christophe Filliâtre
Browse files
Options

fibonacci: fixed proof (using Coq)

parent ecd13186
Hide whitespace changes
Inline Side-by-side
Showing with 289 additions and 148 deletions
examples/programs/fibonacci/fibonacci_WP_FibonacciLogarithmic_WP_parameter_logfib_1.v 0 → 100644
View file @ 9ebc9463
(* This file is generated by Why3's Coq driver *)
(* Beware! Only edit allowed sections below *)
Require Import ZArith.
Require Import Rbase.
Definition unit := unit.
Parameter qtmark : Type.
Parameter at1: forall (a:Type), a -> qtmark -> a.
Implicit Arguments at1.
Parameter old: forall (a:Type), a -> a.
Implicit Arguments old.
Parameter fib: Z -> Z.
Axiom fib0 : ((fib 0%Z) = 0%Z).
Axiom fib1 : ((fib 1%Z) = 1%Z).
Axiom fibn : forall (n:Z), (2%Z <= n)%Z ->
((fib n) = ((fib (n - 1%Z)%Z) + (fib (n - 2%Z)%Z))%Z).
Axiom Abs_le : forall (x:Z) (y:Z), ((Zabs x) <= y)%Z <-> (((-y)%Z <= x)%Z /\
(x <= y)%Z).
Parameter div: Z -> Z -> Z.
Parameter mod1: Z -> Z -> Z.
Axiom Div_mod : forall (x:Z) (y:Z), (~ (y = 0%Z)) -> (x = ((y * (div x
y))%Z + (mod1 x y))%Z).
Axiom Div_bound : forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (0%Z < y)%Z) ->
((0%Z <= (div x y))%Z /\ ((div x y) <= x)%Z).
Axiom Mod_bound : forall (x:Z) (y:Z), (~ (y = 0%Z)) -> ((0%Z <= (mod1 x
y))%Z /\ ((mod1 x y) < (Zabs y))%Z).
Axiom Mod_1 : forall (x:Z), ((mod1 x 1%Z) = 0%Z).
Axiom Div_1 : forall (x:Z), ((div x 1%Z) = x).
Inductive t :=
| mk_t : Z -> Z -> Z -> Z -> t .
Definition a11(u:t): Z := match u with
| (mk_t a111 _ _ _) => a111
end.
Definition a12(u:t): Z := match u with
| (mk_t _ a121 _ _) => a121
end.
Definition a21(u:t): Z := match u with
| (mk_t _ _ a211 _) => a211
end.
Definition a22(u:t): Z := match u with
| (mk_t _ _ _ a221) => a221
end.
Definition mult(x:t) (y:t): t :=
(mk_t (((a11 x) * (a11 y))%Z + ((a12 x) * (a21 y))%Z)%Z
(((a11 x) * (a12 y))%Z + ((a12 x) * (a22 y))%Z)%Z
(((a21 x) * (a11 y))%Z + ((a22 x) * (a21 y))%Z)%Z
(((a21 x) * (a12 y))%Z + ((a22 x) * (a22 y))%Z)%Z).
Parameter power: t -> Z -> t.
Axiom Power_0 : forall (x:t), ((power x 0%Z) = (mk_t 1%Z 0%Z 0%Z 1%Z)).
Axiom Power_s : forall (x:t) (n:Z), (0%Z <= n)%Z -> ((power x
(n + 1%Z)%Z) = (mult x (power x n))).
Axiom Power_1 : forall (x:t), ((power x 1%Z) = x).
Axiom Power_sum : forall (x:t) (n:Z) (m:Z), ((0%Z <= n)%Z /\ (0%Z <= m)%Z) ->
((power x (n + m)%Z) = (mult (power x n) (power x m))).
Axiom Power_mult : forall (x:t) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z ->
((power x (n * m)%Z) = (power (power x n) m))).
(* YOU MAY EDIT THE CONTEXT BELOW *)
(* DO NOT EDIT BELOW *)
Theorem WP_parameter_logfib : forall (n:Z), (0%Z <= n)%Z -> ((~ (n = 0%Z)) ->
((((0%Z <= n)%Z /\ ((div n 2%Z) < n)%Z) /\ (0%Z <= (div n 2%Z))%Z) ->
forall (result:Z) (result1:Z), ((power (mk_t 1%Z 1%Z 1%Z 0%Z) (div n
2%Z)) = (mk_t (result + result1)%Z result1 result1 result)) -> ((((mod1 n
2%Z) = 0%Z) -> match (((result * result)%Z + (result1 * result1)%Z)%Z,
(result1 * (result + (result + result1)%Z)%Z)%Z) with
| (a, b) => ((power (mk_t 1%Z 1%Z 1%Z 0%Z) n) = (mk_t (a + b)%Z b b a))
end) /\ ((~ ((mod1 n 2%Z) = 0%Z)) -> match (
(result1 * (result + (result + result1)%Z)%Z)%Z,
(((result + result1)%Z * (result + result1)%Z)%Z + (result1 * result1)%Z)%Z) with
| (a, b) => ((power (mk_t 1%Z 1%Z 1%Z 0%Z) n) = (mk_t (a + b)%Z b b a))
end)))).
(* YOU MAY EDIT THE PROOF BELOW *)
intros.
assert (h: (2 <> 0)%Z) by omega.
generalize (Div_mod n 2 h)%Z.
intuition.
rewrite H4 in H3.
rewrite H3.
replace (2 * div n 2 + 0)%Z with (div n 2 + div n 2)%Z by omega.
rewrite Power_sum.
rewrite H2; simpl.
unfold mult; simpl.
apply f_equal4; ring.
intuition.
generalize (Mod_bound n 2 h)%Z.
simpl.
intro.
assert (h': (mod1 n 2 = 1)%Z) by omega.
rewrite h' in H3.
rewrite H3.
replace (2 * div n 2 + 1)%Z with ((div n 2 + div n 2) + 1)%Z by omega.
rewrite Power_s.
rewrite Power_sum.
rewrite H2; simpl.
unfold mult at 2; simpl.
unfold mult.
apply f_equal4; unfold a11, a12, a21, a22; try ring.
intuition.
omega.
Qed.
(* DO NOT EDIT BELOW *)
examples/programs/fibonacci/fibonacci_WP_FibonacciLogarithmic_fib_m_1.v 0 → 100644
View file @ 9ebc9463
(* This file is generated by Why3's Coq driver *)
(* Beware! Only edit allowed sections below *)
Require Import ZArith.
Require Import Rbase.
Definition unit := unit.
Parameter qtmark : Type.
Parameter at1: forall (a:Type), a -> qtmark -> a.
Implicit Arguments at1.
Parameter old: forall (a:Type), a -> a.
Implicit Arguments old.
Parameter fib: Z -> Z.
Axiom fib0 : ((fib 0%Z) = 0%Z).
Axiom fib1 : ((fib 1%Z) = 1%Z).
Axiom fibn : forall (n:Z), (2%Z <= n)%Z ->
((fib n) = ((fib (n - 1%Z)%Z) + (fib (n - 2%Z)%Z))%Z).
Axiom Abs_le : forall (x:Z) (y:Z), ((Zabs x) <= y)%Z <-> (((-y)%Z <= x)%Z /\
(x <= y)%Z).
Parameter div: Z -> Z -> Z.
Parameter mod1: Z -> Z -> Z.
Axiom Div_mod : forall (x:Z) (y:Z), (~ (y = 0%Z)) -> (x = ((y * (div x
y))%Z + (mod1 x y))%Z).
Axiom Div_bound : forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (0%Z < y)%Z) ->
((0%Z <= (div x y))%Z /\ ((div x y) <= x)%Z).
Axiom Mod_bound : forall (x:Z) (y:Z), (~ (y = 0%Z)) -> ((0%Z <= (mod1 x
y))%Z /\ ((mod1 x y) < (Zabs y))%Z).
Axiom Mod_1 : forall (x:Z), ((mod1 x 1%Z) = 0%Z).
Axiom Div_1 : forall (x:Z), ((div x 1%Z) = x).
Inductive t :=
| mk_t : Z -> Z -> Z -> Z -> t .
Definition a11(u:t): Z := match u with
| (mk_t a111 _ _ _) => a111
end.
Definition a12(u:t): Z := match u with
| (mk_t _ a121 _ _) => a121
end.
Definition a21(u:t): Z := match u with
| (mk_t _ _ a211 _) => a211
end.
Definition a22(u:t): Z := match u with
| (mk_t _ _ _ a221) => a221
end.
Definition mult(x:t) (y:t): t :=
(mk_t (((a11 x) * (a11 y))%Z + ((a12 x) * (a21 y))%Z)%Z
(((a11 x) * (a12 y))%Z + ((a12 x) * (a22 y))%Z)%Z
(((a21 x) * (a11 y))%Z + ((a22 x) * (a21 y))%Z)%Z
(((a21 x) * (a12 y))%Z + ((a22 x) * (a22 y))%Z)%Z).
Parameter power: t -> Z -> t.
Axiom Power_0 : forall (x:t), ((power x 0%Z) = (mk_t 1%Z 0%Z 0%Z 1%Z)).
Axiom Power_s : forall (x:t) (n:Z), (0%Z <= n)%Z -> ((power x
(n + 1%Z)%Z) = (mult x (power x n))).
Axiom Power_1 : forall (x:t), ((power x 1%Z) = x).
Axiom Power_sum : forall (x:t) (n:Z) (m:Z), ((0%Z <= n)%Z /\ (0%Z <= m)%Z) ->
((power x (n + m)%Z) = (mult (power x n) (power x m))).
Axiom Power_mult : forall (x:t) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z ->
((power x (n * m)%Z) = (power (power x n) m))).
(* YOU MAY EDIT THE CONTEXT BELOW *)
Hint Resolve fib0 fib1.
(* DO NOT EDIT BELOW *)
Theorem fib_m : forall (n:Z), (0%Z <= n)%Z -> let p := (power (mk_t 1%Z 1%Z
1%Z 0%Z) n) in (((fib (n + 1%Z)%Z) = (a11 p)) /\ ((fib n) = (a21 p))).
(* YOU MAY EDIT THE PROOF BELOW *)
intros n hn.
pattern n; apply natlike_ind; intuition.
rewrite Power_0.
unfold a11, a21; simpl; auto.
replace (Zsucc x) with (x+1)%Z by omega.
rewrite Power_s; auto.
destruct H0 as (h1,h2).
split.
rewrite fibn; try omega.
ring_simplify (x+1+1-1)%Z.
ring_simplify (x+1+1-2)%Z.
unfold a11, mult.
rewrite <- h1. rewrite <- h2.
unfold a11, a12. ring.
unfold a21, mult.
rewrite <- h1. rewrite <- h2.
unfold a21, a22. ring.
Qed.
(* DO NOT EDIT BELOW *)
examples/programs/fibonacci/why3session.xml
View file @ 9ebc9463
......@@ -5,7 +5,7 @@
<prover
id="alt-ergo"
name="Alt-Ergo"
version="0.93"/>
version="0.93.1"/>
<prover
id="coq"
name="Coq"
......@@ -17,11 +17,11 @@
<prover
id="eprover"
name="Eprover"
version="1.4 Namring"/>
version="0.8 Steinthal"/>
<prover
id="gappa"
name="Gappa"
version="0.15.1"/>
version="0.15.0"/>
<prover
id="simplify"
name="Simplify"
......@@ -34,21 +34,17 @@
id="vampire"
name="Vampire"
version="0.6"/>
<prover
id="verit"
name="veriT"
version="dev"/>
<prover
id="yices"
name="Yices"
version="1.0.25"/>
version="1.0.27"/>
<prover
id="z3"
name="Z3"
version="2.19"/>
<file
name="../fibonacci.mlw"
verified="false"
verified="true"
expanded="true">
<theory
name="Fibonacci"
......@@ -58,12 +54,12 @@
<theory
name="FibonacciTest"
verified="true"
expanded="true">
expanded="false">
<goal
name="isfib_2_1"
sum="94f544153b551bfc1648c9451a1f66dd"
proved="true"
expanded="true"
expanded="false"
shape="ainfix =afibc2c1">
<proof
prover="cvc3"
......@@ -77,7 +73,7 @@
name="isfib_6_8"
sum="b684c14a9915d623d32b9339ae110d94"
proved="true"
expanded="true"
expanded="false"
shape="ainfix =afibc6c8">
<proof
prover="cvc3"
......@@ -91,7 +87,7 @@
name="not_isfib_2_2"
sum="1eabfb3d0f770ce04a4dfa55f318bda3"
proved="true"
expanded="true"
expanded="false"
shape="ainfix =afibc2c2N">
<proof
prover="cvc3"
......@@ -133,13 +129,13 @@
<theory
name="WP FibonacciLinear"
verified="true"
expanded="true">
expanded="false">
<goal
name="WP_parameter fib"
expl="parameter fib"
sum="124b5d5590957581d602b9d1b81cc12e"
proved="true"
expanded="true"
expanded="false"
shape="ainfix =afibV0V2Iainfix =afibainfix +ainfix -V0c1c1V2Aainfix =afibainfix +ainfix +ainfix -V0c1c1c1V1Aainfix <=ainfix +ainfix -V0c1c1V0Aainfix <=c0ainfix +ainfix -V0c1c1Aainfix =afibainfix +V3c1V4Aainfix =afibainfix +ainfix +V3c1c1V5Aainfix <=ainfix +V3c1V0Aainfix <=c0ainfix +V3c1Iainfix =V5ainfix +V1V2FIainfix =V4V1FIainfix =afibV3V2Aainfix =afibainfix +V3c1V1Aainfix <=V3V0Aainfix <=c0V3Iainfix <=V3ainfix -V0c1Aainfix <=c0V3FFFAainfix =afibc0c0Aainfix =afibainfix +c0c1c1Aainfix <=c0V0Aainfix <=c0c0Iainfix <=c0ainfix -V0c1Aainfix =afibV0c0Iainfix >c0ainfix -V0c1Iainfix >=V0c0F">
<proof
prover="cvc3"
......@@ -157,25 +153,25 @@
</theory>
<theory
name="WP FibonacciLogarithmic"
verified="false"
verified="true"
expanded="true">
<goal
name="WP_parameter logfib"
expl="parameter logfib"
sum="fe911abf17f3353090572ac6fa13f505"
proved="false"
expanded="true"
proved="true"
expanded="false"
shape="iainfix =V0c0ainfix =apoweramk tc1c1c1c0V0amk tainfix +c1c0c0c0c1Ciainfix =amodV0c2c0aTuple2ainfix +ainfix *V1V1ainfix *V2V2ainfix *V2ainfix +V1ainfix +V1V2aTuple2ainfix *V2ainfix +V1ainfix +V1V2ainfix +ainfix *ainfix +V1V2ainfix +V1V2ainfix *V2V2aTuple2VVainfix =apoweramk tc1c1c1c0V0amk tainfix +V3V4V4V4V3Iainfix =apoweramk tc1c1c1c0adivV0c2amk tainfix +V1V2V2V2V1FAainfix >=adivV0c2c0Aainfix <adivV0c2V0Aainfix <=c0V0Iainfix >=V0c0F">
<transf
name="split_goal"
proved="false"
expanded="true">
proved="true"
expanded="false">
<goal
name="WP_parameter logfib.1"
expl="normal postcondition"
sum="97a33180db2d5fd938a5be052ce9455b"
proved="true"
expanded="true"
expanded="false"
shape="ainfix =apoweramk tc1c1c1c0V0amk tainfix +c1c0c0c0c1Iainfix =V0c0Iainfix >=V0c0F">
<proof
prover="cvc3"
......@@ -211,15 +207,8 @@
expl="precondition"
sum="4d8a4a68e7db8bd86a6cc356c477d12c"
proved="true"
expanded="true"
expanded="false"
shape="ainfix >=adivV0c2c0Aainfix <adivV0c2V0Aainfix <=c0V0Iainfix =V0c0NIainfix >=V0c0F">
<proof
prover="alt-ergo"
timelimit="3"
edited=""
obsolete="false">
<result status="unknown" time="0.02"/>
</proof>
<proof
prover="cvc3"
timelimit="5"
......@@ -234,48 +223,20 @@
obsolete="false">
<result status="valid" time="0.01"/>
</proof>
<proof
prover="vampire"
timelimit="3"
edited=""
obsolete="false">
<result status="timeout" time="2.99"/>
</proof>
</goal>
<goal
name="WP_parameter logfib.3"
expl="normal postcondition"
sum="f94510de22468298510f134ac259cb4e"
proved="false"
expanded="true"
proved="true"
expanded="false"
shape="Ciainfix =amodV0c2c0aTuple2ainfix +ainfix *V1V1ainfix *V2V2ainfix *V2ainfix +V1ainfix +V1V2aTuple2ainfix *V2ainfix +V1ainfix +V1V2ainfix +ainfix *ainfix +V1V2ainfix +V1V2ainfix *V2V2aTuple2VVainfix =apoweramk tc1c1c1c0V0amk tainfix +V3V4V4V4V3Iainfix =apoweramk tc1c1c1c0adivV0c2amk tainfix +V1V2V2V2V1FIainfix >=adivV0c2c0Aainfix <adivV0c2V0Aainfix <=c0V0Iainfix =V0c0NIainfix >=V0c0F">
<proof
prover="cvc3"
timelimit="5"
edited=""
obsolete="false">
<result status="timeout" time="5.02"/>
</proof>
<proof
prover="alt-ergo"
timelimit="5"
edited=""
obsolete="false">
<result status="timeout" time="3.02"/>
</proof>
<proof
prover="z3"
timelimit="5"
edited=""
obsolete="false">
<result status="timeout" time="5.03"/>
</proof>
<proof
prover="vampire"
timelimit="3"
edited=""
prover="coq"
timelimit="10"
edited="fibonacci_WP_FibonacciLogarithmic_WP_parameter_logfib_1.v"
obsolete="false">
<result status="timeout" time="2.99"/>
<result status="valid" time="0.69"/>
</proof>
</goal>
</transf>
......@@ -283,91 +244,23 @@
<goal
name="fib_m"
sum="ebf63c237f713cc9fd86defe979892af"
proved="false"
proved="true"
expanded="true"
shape="Lapoweram1110V0ainfix =afibV0aa21V1Aainfix =afibainfix +V0c1aa11V1Iainfix >=V0c0F">
<transf
name="split_goal"
proved="false"
expanded="true">
<goal
name="fib_m.1"
sum="db01e70460edcdd6ffcb21494335a666"
proved="false"
expanded="true"
shape="Lapoweram1110V0ainfix =afibainfix +V0c1aa11V1Iainfix >=V0c0F">
<proof
prover="cvc3"
timelimit="5"
edited=""
obsolete="false">
<result status="timeout" time="5.05"/>
</proof>
<proof
prover="alt-ergo"
timelimit="5"
edited=""
obsolete="false">
<result status="timeout" time="5.03"/>
</proof>
<proof
prover="z3"
timelimit="5"
edited=""
obsolete="false">
<result status="timeout" time="5.03"/>
</proof>
<proof
prover="vampire"
timelimit="3"
edited=""
obsolete="false">
<result status="timeout" time="2.99"/>
</proof>
</goal>
<goal
name="fib_m.2"
sum="bafc463e470a81f635d7d28f18788abb"
proved="false"
expanded="true"
shape="Lapoweram1110V0ainfix =afibV0aa21V1Iainfix >=V0c0F">
<proof
prover="cvc3"
timelimit="5"
edited=""
obsolete="false">
<result status="timeout" time="5.04"/>
</proof>
<proof
prover="alt-ergo"
timelimit="5"
edited=""
obsolete="false">
<result status="timeout" time="5.03"/>
</proof>
<proof
prover="z3"
timelimit="5"
edited=""
obsolete="false">
<result status="timeout" time="5.03"/>
</proof>
<proof
prover="vampire"
timelimit="3"
edited=""
obsolete="false">
<result status="timeout" time="2.98"/>
</proof>
</goal>
</transf>
<proof
prover="coq"
timelimit="10"
edited="fibonacci_WP_FibonacciLogarithmic_fib_m_1.v"
obsolete="false">
<result status="valid" time="0.53"/>
</proof>
</goal>
<goal
name="WP_parameter fibo"
expl="parameter fibo"
sum="ca4814a90b164bca8a0fb53063fc4b8b"
proved="true"
expanded="true"
expanded="false"
shape="ainfix =V2afibV0Iainfix =apoweramk tc1c1c1c0V0amk tainfix +V1V2V2V2V1FAainfix >=V0c0Iainfix >=V0c0F">
<proof
prover="cvc3"
......@@ -381,14 +274,7 @@
timelimit="5"
edited=""
obsolete="false">
<result status="valid" time="0.02"/>
</proof>
<proof
prover="vampire"
timelimit="3"
edited=""
obsolete="false">
<result status="timeout" time="2.99"/>
<result status="valid" time="0.01"/>
</proof>
</goal>
</theory>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment