### FoVeOOS 2011: JC's solutions

 (* FoVeOOS 2011 verification competition http://foveoos2011.cost-ic0701.org/verification-competition Challenge 1 *) module Max use import module ref.Refint use import module array.Array let max (a: array int) = { length a > 0 } let x = ref 0 in let y = ref (length a - 1) in while !x <> !y do invariant { 0 <= !x <= !y < length a /\ forall i: int. (0 <= i < !x \/ !y < i < length a) -> (a[i] <= a[!y] \/ a[i] <= a[!x]) } variant { !y - !x } if a[!x] <= a[!y] then incr x else decr y done; !x { 0 <= result < length a /\ forall i: int. 0 <= i < length a -> a[i] <= a[result] } end (* Local Variables: compile-command: "unset LANG; make -C ../.. examples/programs/foveoos11_challenge1.gui" End: *)

 (* FoVeOOS 2011 verification competition http://foveoos2011.cost-ic0701.org/verification-competition Challenge 2 *) module MaximumTree use import int.Int use import int.MinMax type tree = Empty | Node tree int tree predicate mem (x: int) (t: tree) = match t with | Empty -> false | Node l v r -> mem x l \/ x = v \/ mem x r end let rec maximum (t: tree) : int = { t <> Empty } match t with | Empty -> absurd | Node Empty v Empty -> v | Node Empty v r -> max v (maximum r) | Node l v Empty -> max (maximum l) v | Node l v r -> max (maximum l) (max v (maximum r)) end { mem result t /\ forall x: int. mem x t -> x <= result } end (* Local Variables: compile-command: "unset LANG; make -C ../.. examples/programs/foveoos11_challenge2.gui" End: *)

 (* FoVeOOS 2011 verification competition http://foveoos2011.cost-ic0701.org/verification-competition Challenge 3 *) module TwoEqualElements use import module ref.Refint use import module array.Array predicate appear_twice (a: array int) (v: int) (u: int) = exists i: int. 0 <= i < u /\ a[i] = v /\ exists j: int. 0 <= j < u /\ j <> i /\ a[j] = v let two_equal_elements (a: array int) (n: int) = { length a = n+2 /\ n >= 2 /\ (forall i: int. 0 <= i < length a -> 0 <= a[i] < n) /\ exists v1: int. appear_twice a v1 (n+2) /\ exists v2: int. appear_twice a v2 (n+2) /\ v2 <> v1 } let deja_vu = make n False in let v1 = ref (-1) in let v2 = ref (-1) in for i = 0 to n+1 do invariant { (!v1 = -1 -> !v2 = -1) /\ (!v1 <> -1 -> appear_twice a !v1 i) /\ (!v2 <> -1 -> appear_twice a !v2 i /\ !v2 <> !v1) /\ (forall v: int. 0 <= v < n -> if deja_vu[v]=True then exists j: int. 0 <= j < i /\ a[j] = v else forall j: int. 0 <= j < i -> a[j] <> v) /\ (!v1 = -1 -> forall v: int. 0 <= v < n -> not (appear_twice a v i)) /\ (!v2 = -1 -> forall v: int. 0 <= v < n -> v <> !v1 -> not (appear_twice a v i)) } let v = a[i] in if deja_vu[v] then begin if !v1 = -1 then v1 := v else if !v2 = -1 && v <> !v1 then v2 := v end else deja_vu[v] <- True done; (!v1, !v2) { let (v1, v2) = result in appear_twice a v1 (n+2) /\ appear_twice a v2 (n+2) /\ v1 <> v2 } end (* Local Variables: compile-command: "unset LANG; make -C ../.. examples/programs/foveoos11_challenge3.gui" End: *)
