GitLab

Clone "with axiom ." or "with goal ." to change the default
("with lemma ." is also accepted, just in case).

"\`\`" could have been used too, but it is a bit unreadable.

exhibits, constructively, a nonnegative integer n such that p n
whenever we can prove the existence of such an integer

now this is exactly TAOCP, vol 2, exercise 6 page 7
with a second loop finding out mu and lambda in time O(mu)

These names are only visible under "ensures" but not under "returns".
If the result is named, the special variable "result" is not used.
In a tuple, either each component should be named, or none at all.
Underscores are allowed. Parentheses around the return type are required.
Each name must be given its own type: "f () : (x y: int)" is rejected.
Identifiers without cast are treated as types, not as names.
To name the result without giving its type, use "returns".

this is much closer now to TAOCP, vol 2, exercise 6 page 7

As a side effect, this also modifies reflection.ml accordingly.

Conflicts:
	src/transform/reflection.ml

As a side effect, this also modifies reflection.ml accordingly.

fixes issue #57

a new theory relations.WellFounded is introduced for this purpose
(and must be imported whenever one wants to make use of a custom
relation for a variant)

it defines, inductively, a notion of accessibility for a given
predicate R (x is accessible whenever all elements smaller than x for R
are alreay accessible)

whenever one has to prove that a variant decreases, a new VC is also
generated, to show that the old value of the variant is accessible
for the order relation

note: accessibility being defined inductively, proving well-foundedness
is out of reach of SMT solvers; but at least this is sound now