Commit fafae04a authored by Jean-Christophe Filliâtre's avatar Jean-Christophe Filliâtre
Browse files

new example bag in progress

parent 2e4c760f
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
"http://why3.lri.fr/why3session.dtd">
<why3session shape_version="4">
<prover id="0" name="Alt-Ergo" version="0.95.2" timelimit="6" memlimit="1000"/>
<file name="../bag.mlw" expanded="true">
<theory name="ResizableArraySpec" sum="d41d8cd98f00b204e9800998ecf8427e" expanded="true">
</theory>
<theory name="Bag" sum="5c0db4b16692e236c9afd85d3c5f688d" expanded="true">
<goal name="WP_parameter create" expl="VC for create" expanded="true">
<proof prover="0"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter add" expl="VC for add" expanded="true">
<proof prover="0"><result status="valid" time="0.01"/></proof>
</goal>
<goal name="WP_parameter get" expl="VC for get" expanded="true">
<proof prover="0"><result status="valid" time="0.01"/></proof>
</goal>
</theory>
</file>
</why3session>
module Bag
use import HighOrd
use import int.Int
type bag 'a = 'a -> int
predicate (==) (b1 b2: bag 'a) =
forall x: 'a. b1 x = b2 x
constant empty : bag 'a =
\ _. 0
function add (e: 'a) (b: bag 'a) : bag 'a =
\ x. if x = e then b x + 1 else b x
function remove (e: 'a) (b: bag 'a) : bag 'a =
\ x. if x = e then b x - 1 else b x
end
module BagSpec
use import int.Int
use import Bag
type t 'a model {
mutable size: int;
mutable contents: bag 'a;
}
val create () : t 'a
ensures { result.size = 0 }
ensures { result.contents == Bag.empty }
val clear (t: t 'a) : unit
writes { t.size, t.contents }
ensures { t.size = 0 }
ensures { t.contents == Bag.empty }
val add (t: t 'a) (x: 'a) : unit
writes { t.size, t.contents }
ensures { t.size = old t.size + 1 }
ensures { t.contents == Bag.add x (old t.contents) }
end
module ResizableArraySpec
use import int.Int
......@@ -19,59 +66,69 @@ module ResizableArraySpec
ensures { result.data = Map.const dummy }
val ([]) (r: rarray ~'a) (i: int) : 'a
requires { 0 <= i < r.length } ensures { result = r[i] }
requires { 0 <= i < r.length }
ensures { result = r[i] }
val ([]<-) (r: rarray ~'a) (i: int) (v: 'a) : unit
requires { 0 <= i < r.length } ensures { r = (old r)[i <- v] }
requires { 0 <= i < r.length }
writes { r.data }
ensures { r = (old r)[i <- v] }
val resize (r: rarray ~'a) (len: int) : unit
requires { 0 <= len }
writes { r.length, r.data }
ensures { r.length = len }
ensures { forall i: int.
0 <= i < old r.length -> i < len -> r[i] = (old r)[i] }
val append (r1: rarray 'a) (r2: rarray 'a) : unit
ensures { r1.length = old r1.length + r2.length }
ensures { forall i: int. 0 <= i < r1.length ->
(i < old r1.length -> r1[i] = (old r1)[i]) /\
(old r1.length <= i -> r1[i] = r2[i - old r1.length]) }
end
module Bag
module BagImpl
use import int.Int
use import map.Map
use import map.Occ
use import Bag
use import ResizableArraySpec as R
use map.Map
use int.NumOf
use null.Null
(* clone import int.NumOfParam *)
function numof (r: rarray (Null.t 'a)) (x: 'a) (l u: int) : int =
NumOf.numof (\i. (Map.get r.R.data i).Null.v = Null.Value x) l u
type t 'a = {
mutable size: int;
data: rarray (Null.t 'a);
(* mutable ghost model_: map 'a int; *)
mutable size: int;
data: rarray (Null.t 'a);
mutable ghost contents: bag 'a;
}
invariant { 0 <= self.size = self.data.length }
invariant { forall i: int. 0 <= i < self.size ->
not (Null.is_null self.data[i]) }
(* invariant { forall x: 'a. *)
(* numof (\y -> x = y) self.data.R.data 0 self.size = *)
(* Map.get self.model_ x } *)
not (Null.is_null self.data[i]) }
invariant { forall x: 'a. self.contents x = numof self.data x 0 self.size }
let create () : t 'a
ensures { result.size = 0 }
ensures { result.contents == Bag.empty }
=
let null = Null.create_null () : Null.t 'a in
{ size = 0; data = make 0 null }
{ size = 0; data = make 0 null; contents = Bag.empty }
let clear (t: t 'a) : unit
ensures { t.size = 0 }
ensures { t.contents == Bag.empty }
=
resize t.data 0;
t.size <- 0;
t.contents <- Bag.empty
let add (t: t 'a) (x: 'a) : unit
ensures { t.size = old t.size + 1 }
ensures { t.contents == Bag.add x (old t.contents) }
=
let n = t.size in
resize t.data (n + 1);
t.data[n] <- (Null.create x);
t.size <- n+1
t.size <- n + 1;
t.contents <- Bag.add x t.contents
let get (t: t 'a) (i: int) : 'a
requires { 0 <= i < t.size }
......@@ -79,4 +136,43 @@ module Bag
=
Null.get t.data[i]
let remove (t: t 'a) (i: int) : unit
requires { 0 <= i < t.size }
ensures { t.size = old t.size - 1 }
ensures { forall x: 'a. Null.Value x = old t.data[i].Null.v ->
t.contents == Bag.remove x (old t.contents) }
=
'L:
let n = t.size - 1 in
let ghost x = Null.get t.data[i] in
if i < n then t.data[i] <- t.data[n];
resize t.data n;
t.size <- n;
t.contents <- Bag.remove x t.contents;
assert { forall v: 'a. numof t.data v 0 i = numof (at t.data 'L) v 0 i };
assert { numof t.data x i n = numof (at t.data 'L) x i (n+1) - 1 };
assert { forall v: 'a. v <> x ->
numof t.data v i n = numof (at t.data 'L) v i (n+1) };
assert { i < n -> forall v: 'a.
numof t.data v i n = numof (at t.data 'L) v (i+1) (n+1) }
end
module Harness
use import int.Int
use import Bag
use import BagImpl
let test1 () =
let b = create () in
add b 17;
add b 42;
assert { b.contents 42 = 1 };
add b 55;
add b 89;
add b 42;
assert { b.contents 42 = 2 };
()
end
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
"http://why3.lri.fr/why3session.dtd">
<why3session shape_version="4">
<prover id="0" name="CVC4" version="1.2" timelimit="6" memlimit="1000"/>
<prover id="1" name="Z3" version="4.2" timelimit="6" memlimit="1000"/>
<prover id="2" name="CVC3" version="2.4.1" timelimit="6" memlimit="1000"/>
<prover id="3" name="Z3" version="2.19" timelimit="6" memlimit="1000"/>
<prover id="4" name="CVC4" version="1.4" timelimit="6" memlimit="1000"/>
<prover id="5" name="CVC3" version="2.2" timelimit="6" memlimit="1000"/>
<prover id="6" name="Z3" version="4.3.1" timelimit="6" memlimit="1000"/>
<prover id="7" name="Z3" version="3.2" timelimit="6" memlimit="1000"/>
<prover id="8" name="Alt-Ergo" version="0.95.2" timelimit="6" memlimit="1000"/>
<prover id="9" name="CVC4" version="1.3" timelimit="6" memlimit="1000"/>
<file name="../bag.mlw" expanded="true">
<theory name="Bag" sum="d41d8cd98f00b204e9800998ecf8427e" expanded="true">
</theory>
<theory name="BagSpec" sum="d41d8cd98f00b204e9800998ecf8427e" expanded="true">
</theory>
<theory name="ResizableArraySpec" sum="d41d8cd98f00b204e9800998ecf8427e" expanded="true">
</theory>
<theory name="BagImpl" sum="525c146e375e369af83629a9511d6988" expanded="true">
<goal name="WP_parameter create" expl="VC for create">
<proof prover="8"><result status="valid" time="0.01" steps="14"/></proof>
</goal>
<goal name="WP_parameter clear" expl="VC for clear">
<proof prover="8"><result status="valid" time="0.01" steps="15"/></proof>
</goal>
<goal name="WP_parameter add" expl="VC for add">
<proof prover="6"><result status="valid" time="2.76"/></proof>
</goal>
<goal name="WP_parameter get" expl="VC for get">
<proof prover="8"><result status="valid" time="0.00" steps="11"/></proof>
</goal>
<goal name="WP_parameter remove" expl="VC for remove" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter remove.1" expl="1. precondition">
<proof prover="8"><result status="valid" time="0.04" steps="4"/></proof>
</goal>
<goal name="WP_parameter remove.2" expl="2. precondition">
<proof prover="8"><result status="valid" time="0.02" steps="10"/></proof>
</goal>
<goal name="WP_parameter remove.3" expl="3. precondition">
<proof prover="8"><result status="valid" time="0.01" steps="8"/></proof>
</goal>
<goal name="WP_parameter remove.4" expl="4. precondition">
<proof prover="8"><result status="valid" time="0.02" steps="10"/></proof>
</goal>
<goal name="WP_parameter remove.5" expl="5. precondition">
<proof prover="8"><result status="valid" time="0.02" steps="11"/></proof>
</goal>
<goal name="WP_parameter remove.6" expl="6. assertion">
<proof prover="4"><result status="valid" time="1.97"/></proof>
<proof prover="6"><result status="valid" time="1.03"/></proof>
</goal>
<goal name="WP_parameter remove.7" expl="7. assertion" expanded="true">
<proof prover="0"><result status="highfailure" time="0.02"/></proof>
<proof prover="1"><result status="timeout" time="5.98"/></proof>
<proof prover="2"><undone/></proof>
<proof prover="3"><result status="timeout" time="5.98"/></proof>
<proof prover="4" timelimit="21"><result status="timeout" time="20.95"/></proof>
<proof prover="5"><result status="timeout" time="5.97"/></proof>
<proof prover="6" timelimit="21"><result status="timeout" time="20.96"/></proof>
<proof prover="7" obsolete="true"><result status="timeout" time="5.97"/></proof>
<proof prover="8" timelimit="21"><result status="timeout" time="20.93"/></proof>
<proof prover="9"><result status="timeout" time="5.97"/></proof>
</goal>
<goal name="WP_parameter remove.8" expl="8. assertion" expanded="true">
<proof prover="0"><result status="highfailure" time="0.02"/></proof>
<proof prover="1"><result status="timeout" time="5.98"/></proof>
<proof prover="3"><result status="timeout" time="5.97"/></proof>
<proof prover="4" timelimit="21"><result status="timeout" time="20.93"/></proof>
<proof prover="5"><result status="timeout" time="5.96"/></proof>
<proof prover="6" timelimit="21"><result status="timeout" time="20.94"/></proof>
<proof prover="8" timelimit="21"><result status="timeout" time="20.93"/></proof>
<proof prover="9"><result status="timeout" time="5.97"/></proof>
</goal>
<goal name="WP_parameter remove.9" expl="9. assertion">
<proof prover="0"><result status="highfailure" time="0.02"/></proof>
<proof prover="1"><result status="valid" time="0.79"/></proof>
<proof prover="3"><result status="valid" time="0.05"/></proof>
<proof prover="4"><result status="timeout" time="5.97"/></proof>
<proof prover="5"><result status="valid" time="0.57"/></proof>
<proof prover="6"><result status="valid" time="0.80"/></proof>
<proof prover="8"><result status="timeout" time="5.97"/></proof>
</goal>
<goal name="WP_parameter remove.10" expl="10. type invariant">
<proof prover="8"><result status="valid" time="0.02" steps="15"/></proof>
</goal>
<goal name="WP_parameter remove.11" expl="11. type invariant">
<proof prover="8"><result status="valid" time="0.02" steps="48"/></proof>
</goal>
<goal name="WP_parameter remove.12" expl="12. type invariant">
<proof prover="6"><result status="valid" time="0.06"/></proof>
</goal>
<goal name="WP_parameter remove.13" expl="13. postcondition">
<proof prover="8"><result status="valid" time="0.01" steps="17"/></proof>
</goal>
<goal name="WP_parameter remove.14" expl="14. postcondition">
<proof prover="6"><result status="valid" time="0.01"/></proof>
</goal>
<goal name="WP_parameter remove.15" expl="15. precondition">
<proof prover="8"><result status="valid" time="0.01" steps="8"/></proof>
</goal>
<goal name="WP_parameter remove.16" expl="16. assertion">
<proof prover="4"><result status="valid" time="0.64"/></proof>
</goal>
<goal name="WP_parameter remove.17" expl="17. assertion">
<proof prover="4"><result status="valid" time="0.23"/></proof>
<proof prover="6"><result status="valid" time="0.02"/></proof>
<proof prover="8"><result status="valid" time="0.12" steps="44"/></proof>
</goal>
<goal name="WP_parameter remove.18" expl="18. assertion">
<proof prover="1"><result status="valid" time="0.06"/></proof>
<proof prover="3"><result status="valid" time="0.04"/></proof>
<proof prover="4"><result status="valid" time="0.15"/></proof>
<proof prover="6"><result status="valid" time="0.03"/></proof>
<proof prover="7"><result status="valid" time="0.05"/></proof>
</goal>
<goal name="WP_parameter remove.19" expl="19. assertion">
<proof prover="8"><result status="valid" time="0.01" steps="13"/></proof>
</goal>
<goal name="WP_parameter remove.20" expl="20. type invariant">
<proof prover="8"><result status="valid" time="0.01" steps="13"/></proof>
</goal>
<goal name="WP_parameter remove.21" expl="21. type invariant">
<proof prover="8"><result status="valid" time="0.03" steps="39"/></proof>
</goal>
<goal name="WP_parameter remove.22" expl="22. type invariant">
<proof prover="6"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter remove.23" expl="23. postcondition">
<proof prover="4"><result status="valid" time="0.03"/></proof>
<proof prover="8"><result status="valid" time="0.02" steps="15"/></proof>
</goal>
<goal name="WP_parameter remove.24" expl="24. postcondition">
<proof prover="6"><result status="valid" time="0.00"/></proof>
</goal>
</transf>
</goal>
</theory>
<theory name="Harness" sum="528e93ede1770450354a9703428c111b">
<goal name="WP_parameter test1" expl="VC for test1">
<transf name="split_goal_wp">
<goal name="WP_parameter test1.1" expl="1. assertion">
<proof prover="8"><result status="valid" time="1.30" steps="249"/></proof>
</goal>
<goal name="WP_parameter test1.2" expl="2. assertion">
<proof prover="4"><result status="valid" time="5.10"/></proof>
</goal>
</transf>
</goal>
</theory>
</file>
</why3session>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment