updated proof sessions

parent d49323d1
...@@ -4,7 +4,6 @@ bignum.mlw ...@@ -4,7 +4,6 @@ bignum.mlw
counting_sort.mlw counting_sort.mlw
cursor.mlw cursor.mlw
dijkstra.mlw dijkstra.mlw
ewd673.mlw
fibonacci.mlw fibonacci.mlw
find.mlw find.mlw
gcd.mlw gcd.mlw
......
...@@ -2,11 +2,11 @@ ...@@ -2,11 +2,11 @@
<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN" <!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
"http://why3.lri.fr/why3session.dtd"> "http://why3.lri.fr/why3session.dtd">
<why3session shape_version="4"> <why3session shape_version="4">
<prover id="1" name="Alt-Ergo" version="0.99.1" timelimit="10" steplimit="0" memlimit="0"/> <prover id="0" name="Alt-Ergo" version="1.30" timelimit="5" steplimit="0" memlimit="1000"/>
<file name="../ewd673.mlw" expanded="true"> <file name="../ewd673.mlw" expanded="true">
<theory name="EWD673" sum="2b02e77f156f81ee6350f878ae56fdac" expanded="true"> <theory name="EWD673" sum="e7bab998fafc2d8047e6eb5f32022f78" expanded="true">
<goal name="WP_parameter s" expl="VC for s" expanded="true"> <goal name="VC s" expl="VC for s" expanded="true">
<proof prover="1"><result status="valid" time="0.02" steps="14"/></proof> <proof prover="0"><result status="valid" time="0.00" steps="17"/></proof>
</goal> </goal>
</theory> </theory>
</file> </file>
......
...@@ -4,75 +4,98 @@ ...@@ -4,75 +4,98 @@
<why3session shape_version="4"> <why3session shape_version="4">
<prover id="0" name="CVC3" version="2.4.1" timelimit="5" steplimit="0" memlimit="1000"/> <prover id="0" name="CVC3" version="2.4.1" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="1" name="CVC4" version="1.4" timelimit="5" steplimit="0" memlimit="1000"/> <prover id="1" name="CVC4" version="1.4" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="2" name="Alt-Ergo" version="1.30" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="4" name="Alt-Ergo" version="0.99.1" timelimit="5" steplimit="0" memlimit="1000"/> <prover id="4" name="Alt-Ergo" version="0.99.1" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="5" name="Z3" version="4.3.2" timelimit="5" steplimit="0" memlimit="1000"/> <prover id="5" name="Z3" version="4.3.2" timelimit="5" steplimit="0" memlimit="1000"/>
<file name="../sum_of_digits.mlw" expanded="true"> <file name="../sum_of_digits.mlw" expanded="true">
<theory name="Euler290" sum="18226cdd8c439a37143a6081d0907d85" expanded="true"> <theory name="Euler290" sum="de21b6f79c64645f04c593651846b097" expanded="true">
<goal name="Base"> <goal name="Base">
<proof prover="4" timelimit="10"><result status="valid" time="0.01" steps="10"/></proof> <proof prover="2"><result status="valid" time="0.01" steps="7"/></proof>
<proof prover="4" timelimit="10" obsolete="true"><result status="valid" time="0.01" steps="10"/></proof>
</goal> </goal>
<goal name="Empty"> <goal name="Empty">
<proof prover="4" timelimit="10"><result status="valid" time="0.07" steps="71"/></proof> <proof prover="2"><result status="valid" time="0.02" steps="58"/></proof>
<proof prover="4" timelimit="10" obsolete="true"><result status="valid" time="0.07" steps="71"/></proof>
</goal> </goal>
<goal name="Induc" expanded="true"> <goal name="Induc" expanded="true">
</goal> </goal>
<goal name="WP_parameter sd" expl="VC for sd"> <goal name="VC sd" expl="VC for sd">
<proof prover="0"><result status="valid" time="0.03"/></proof> <proof prover="0" obsolete="true"><result status="valid" time="0.03"/></proof>
<proof prover="5"><result status="valid" time="0.44"/></proof> <proof prover="2"><result status="valid" time="0.04" steps="19"/></proof>
<proof prover="5" obsolete="true"><result status="valid" time="0.44"/></proof>
</goal> </goal>
<goal name="WP_parameter f" expl="VC for f"> <goal name="VC f" expl="VC for f">
<transf name="split_goal_wp"> <transf name="split_goal_wp">
<goal name="WP_parameter f.1" expl="1. assertion"> <goal name="VC f.1" expl="1. assertion">
<proof prover="1"><result status="valid" time="0.02"/></proof> <proof prover="1" obsolete="true"><result status="valid" time="0.02"/></proof>
<proof prover="2"><result status="valid" time="0.00" steps="5"/></proof>
</goal> </goal>
<goal name="WP_parameter f.2" expl="2. assertion"> <goal name="VC f.2" expl="2. assertion">
<proof prover="1"><result status="valid" time="2.70"/></proof> <proof prover="1"><result status="valid" time="2.70"/></proof>
<proof prover="2"><result status="valid" time="2.17" steps="310"/></proof>
</goal> </goal>
<goal name="WP_parameter f.3" expl="3. precondition"> <goal name="VC f.3" expl="3. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof> <proof prover="1" obsolete="true"><result status="valid" time="0.02"/></proof>
<proof prover="2"><result status="valid" time="0.00" steps="5"/></proof>
</goal> </goal>
<goal name="WP_parameter f.4" expl="4. postcondition"> <goal name="VC f.4" expl="4. postcondition">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1" obsolete="true"><result status="valid" time="0.03"/></proof>
<proof prover="2"><result status="valid" time="0.00" steps="13"/></proof>
</goal> </goal>
<goal name="WP_parameter f.5" expl="5. postcondition"> <goal name="VC f.5" expl="5. loop bounds">
<proof prover="1"><result status="valid" time="0.02"/></proof> <proof prover="2"><result status="valid" time="0.00" steps="4"/></proof>
<proof prover="4"><result status="valid" time="0.02" steps="3"/></proof>
</goal> </goal>
<goal name="WP_parameter f.6" expl="6. loop invariant init"> <goal name="VC f.6" expl="6. loop invariant init">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1" obsolete="true"><result status="valid" time="0.03"/></proof>
<proof prover="4"><result status="valid" time="0.03" steps="6"/></proof> <proof prover="2"><result status="valid" time="0.00" steps="5"/></proof>
<proof prover="4" obsolete="true"><result status="valid" time="0.03" steps="6"/></proof>
</goal> </goal>
<goal name="WP_parameter f.7" expl="7. variant decrease"> <goal name="VC f.7" expl="7. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof> <proof prover="2"><result status="valid" time="0.00" steps="7"/></proof>
<proof prover="4"><result status="valid" time="0.02" steps="7"/></proof>
</goal> </goal>
<goal name="WP_parameter f.8" expl="8. precondition"> <goal name="VC f.8" expl="8. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1" obsolete="true"><result status="valid" time="0.02"/></proof>
<proof prover="4"><result status="valid" time="0.02" steps="10"/></proof> <proof prover="2"><result status="valid" time="0.00" steps="7"/></proof>
<proof prover="4" obsolete="true"><result status="valid" time="0.02" steps="3"/></proof>
</goal> </goal>
<goal name="WP_parameter f.9" expl="9. assertion"> <goal name="VC f.9" expl="9. variant decrease">
<proof prover="1" obsolete="true"><result status="valid" time="0.02"/></proof>
<proof prover="2"><result status="valid" time="0.01" steps="7"/></proof>
<proof prover="4" obsolete="true"><result status="valid" time="0.02" steps="7"/></proof>
</goal>
<goal name="VC f.10" expl="10. precondition">
<proof prover="1" obsolete="true"><result status="valid" time="0.03"/></proof>
<proof prover="2"><result status="valid" time="0.01" steps="10"/></proof>
<proof prover="4" obsolete="true"><result status="valid" time="0.02" steps="10"/></proof>
</goal>
<goal name="VC f.11" expl="11. assertion">
<transf name="split_goal_wp"> <transf name="split_goal_wp">
<goal name="WP_parameter f.9.1" expl="1. VC for f"> <goal name="VC f.11.1" expl="1. VC for f">
<proof prover="1"><result status="valid" time="0.04"/></proof> <proof prover="1" obsolete="true"><result status="valid" time="0.04"/></proof>
<proof prover="4"><result status="valid" time="0.16" steps="38"/></proof> <proof prover="2"><result status="valid" time="0.01" steps="9"/></proof>
<proof prover="4" obsolete="true"><result status="valid" time="0.16" steps="38"/></proof>
</goal> </goal>
<goal name="WP_parameter f.9.2" expl="2. VC for f"> <goal name="VC f.11.2" expl="2. VC for f">
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1" obsolete="true"><result status="valid" time="0.03"/></proof>
<proof prover="4"><result status="valid" time="0.07" steps="26"/></proof> <proof prover="2"><result status="valid" time="0.01" steps="11"/></proof>
<proof prover="4" obsolete="true"><result status="valid" time="0.07" steps="26"/></proof>
</goal> </goal>
<goal name="WP_parameter f.9.3" expl="3. VC for f"> <goal name="VC f.11.3" expl="3. VC for f">
<proof prover="4"><result status="valid" time="0.01" steps="14"/></proof> <proof prover="2"><result status="valid" time="0.02" steps="26"/></proof>
<proof prover="4" obsolete="true"><result status="valid" time="0.01" steps="14"/></proof>
</goal> </goal>
</transf> </transf>
</goal> </goal>
<goal name="WP_parameter f.10" expl="10. loop invariant preservation"> <goal name="VC f.12" expl="12. loop invariant preservation">
<proof prover="0"><result status="valid" time="0.02"/></proof> <proof prover="0" obsolete="true"><result status="valid" time="0.02"/></proof>
<proof prover="1"><result status="valid" time="0.03"/></proof> <proof prover="1" obsolete="true"><result status="valid" time="0.03"/></proof>
<proof prover="4"><result status="valid" time="0.02" steps="16"/></proof> <proof prover="2"><result status="valid" time="0.01" steps="13"/></proof>
<proof prover="4" obsolete="true"><result status="valid" time="0.02" steps="16"/></proof>
</goal> </goal>
<goal name="WP_parameter f.11" expl="11. postcondition"> <goal name="VC f.13" expl="13. postcondition">
<proof prover="1"><result status="valid" time="0.02"/></proof> <proof prover="1" obsolete="true"><result status="valid" time="0.02"/></proof>
<proof prover="4"><result status="valid" time="0.01" steps="6"/></proof> <proof prover="2"><result status="valid" time="0.00" steps="6"/></proof>
<proof prover="4" obsolete="true"><result status="valid" time="0.01" steps="6"/></proof>
</goal> </goal>
</transf> </transf>
</goal> </goal>
......
(* This file is generated by Why3's Coq driver *) (* This file is generated by Why3's Coq driver *)
(* Beware! Only edit allowed sections below *) (* Beware! Only edit allowed sections below *)
Require Import ZArith. Require Import BuiltIn.
Require Import Rbase. Require BuiltIn.
Require HighOrd.
Require int.Int. Require int.Int.
(* Why3 assumption *) (* Why3 assumption *)
Definition unit := unit. Definition unit := unit.
Parameter t : Type. Parameter iter: forall {a:Type} {a_WT:WhyType a}, (a -> a) -> Z -> a -> a.
Parameter f: t -> t. Axiom iter_def : forall {a:Type} {a_WT:WhyType a}, forall (f:(a -> a)) (k:Z)
(x:a), (0%Z <= k)%Z -> (((k = 0%Z) -> ((iter f k x) = x)) /\
((~ (k = 0%Z)) -> ((iter f k x) = (iter f (k - 1%Z)%Z (f x))))).
Parameter x0: t. Axiom iter_1 : forall {a:Type} {a_WT:WhyType a}, forall (f:(a -> a)) (x:a),
((iter f 1%Z x) = (f x)).
Parameter iter: Z -> t -> t. Axiom iter_s : forall {a:Type} {a_WT:WhyType a}, forall (f:(a -> a)) (k:Z)
(x:a), (0%Z < k)%Z -> ((iter f k x) = (f (iter f (k - 1%Z)%Z x))).
Axiom iter_0 : forall (x:t), ((iter 0%Z x) = x). Axiom t : Type.
Parameter t_WhyType : WhyType t.
Existing Instance t_WhyType.
Axiom iter_s : forall (k:Z) (x:t), (0%Z < k)%Z -> ((iter k Parameter eq: t -> t -> Prop.
x) = (iter (k - 1%Z)%Z (f x))).
Axiom iter_1 : forall (x:t), ((iter 1%Z x) = (f x)). Axiom eq_spec : forall (x:t) (y:t), (eq x y) <-> (x = y).
Parameter f: t -> t.
Axiom iter_s2 : forall (k:Z) (x:t), (0%Z < k)%Z -> ((iter k Parameter x0: t.
x) = (f (iter (k - 1%Z)%Z x))).
(* Why3 assumption *)
Definition x (i:Z): t := (iter (fun (y0:t) => (f y0)) i x0).
Parameter mu: Z. Parameter mu: Z.
...@@ -35,48 +45,52 @@ Axiom lambda_range : (1%Z <= lambda)%Z. ...@@ -35,48 +45,52 @@ Axiom lambda_range : (1%Z <= lambda)%Z.
Axiom distinct : forall (i:Z) (j:Z), ((0%Z <= i)%Z /\ Axiom distinct : forall (i:Z) (j:Z), ((0%Z <= i)%Z /\
(i < (mu + lambda)%Z)%Z) -> (((0%Z <= j)%Z /\ (j < (mu + lambda)%Z)%Z) -> (i < (mu + lambda)%Z)%Z) -> (((0%Z <= j)%Z /\ (j < (mu + lambda)%Z)%Z) ->
((~ (i = j)) -> ~ ((iter i x0) = (iter j x0)))). ((~ (i = j)) -> ~ ((x i) = (x j)))).
Axiom cycle : forall (n:Z), (mu <= n)%Z -> ((iter (n + lambda)%Z Axiom cycle : forall (n:Z), (mu <= n)%Z -> ((x (n + lambda)%Z) = (x n)).
x0) = (iter n x0)).
Axiom cycle_induction : forall (n:Z), (mu <= n)%Z -> forall (k:Z), Axiom cycle_induction : forall (n:Z), (mu <= n)%Z -> forall (k:Z),
(0%Z <= k)%Z -> ((iter (n + (lambda * k)%Z)%Z x0) = (iter n x0)). (0%Z <= k)%Z -> ((x (n + (lambda * k)%Z)%Z) = (x n)).
(* Why3 assumption *) (* Why3 assumption *)
Inductive ref (a:Type) := Inductive ref (a:Type) :=
| mk_ref : a -> ref a. | mk_ref : a -> ref a.
Implicit Arguments mk_ref. Axiom ref_WhyType : forall (a:Type) {a_WT:WhyType a}, WhyType (ref a).
Existing Instance ref_WhyType.
Implicit Arguments mk_ref [[a]].
(* Why3 assumption *) (* Why3 assumption *)
Definition contents (a:Type)(v:(ref a)): a := Definition contents {a:Type} {a_WT:WhyType a} (v:(ref a)): a :=
match v with match v with
| (mk_ref x) => x | (mk_ref x1) => x1
end. end.
Implicit Arguments contents.
Parameter dist: Z -> Z -> Z. Parameter dist: Z -> Z -> Z.
Axiom dist_def : forall (i:Z) (j:Z), (mu <= i)%Z -> ((mu <= j)%Z -> Axiom dist_def : forall (i:Z) (j:Z), (mu <= i)%Z -> ((mu <= j)%Z ->
((0%Z <= (dist i j))%Z /\ (((iter (i + (dist i j))%Z x0) = (iter j x0)) /\ ((0%Z <= (dist i j))%Z /\ (((x (i + (dist i j))%Z) = (x j)) /\
forall (k:Z), (0%Z <= k)%Z -> (((iter (i + k)%Z x0) = (iter j x0)) -> forall (k:Z), (0%Z <= k)%Z -> (((x (i + k)%Z) = (x j)) -> ((dist i
((dist i j) <= k)%Z)))). j) <= k)%Z)))).
(* Why3 assumption *) (* Why3 assumption *)
Definition rel(t2:t) (t1:t): Prop := exists i:Z, (t1 = (iter i x0)) /\ Definition rel (t2:t) (t1:t): Prop := exists i:Z, (t1 = (x i)) /\
((t2 = (iter (i + 1%Z)%Z x0)) /\ (((1%Z <= i)%Z /\ ((t2 = (x (i + 1%Z)%Z)) /\ (((1%Z <= i)%Z /\ (i <= (mu + lambda)%Z)%Z) /\
(i <= (mu + lambda)%Z)%Z) /\ ((mu <= i)%Z -> ((dist ((2%Z * i)%Z + 2%Z)%Z ((mu <= i)%Z -> ((dist ((2%Z * i)%Z + 2%Z)%Z
(i + 1%Z)%Z) < (dist (2%Z * i)%Z i))%Z))). (i + 1%Z)%Z) < (dist (2%Z * i)%Z i))%Z))).
(* Why3 goal *) (* Why3 goal *)
Theorem WP_parameter_tortoise_hare : forall (hare:t) (tortoise:t), Theorem VC_tortoise_hare : forall (hare:t) (tortoise:t), (exists t1:Z,
(exists t1:Z, ((1%Z <= t1)%Z /\ (t1 <= (mu + lambda)%Z)%Z) /\ ((1%Z <= t1)%Z /\ (t1 <= (mu + lambda)%Z)%Z) /\ ((tortoise = (x t1)) /\
((tortoise = (iter t1 x0)) /\ ((hare = (iter (2%Z * t1)%Z x0)) /\ ((hare = (x (2%Z * t1)%Z)) /\ forall (i:Z), ((1%Z <= i)%Z /\ (i < t1)%Z) ->
forall (i:Z), ((1%Z <= i)%Z /\ (i < t1)%Z) -> ~ ((iter i ~ ((x i) = (x (2%Z * i)%Z))))) -> (((eq tortoise hare) <->
x0) = (iter (2%Z * i)%Z x0))))) -> ((~ (tortoise = hare)) -> (tortoise = hare)) -> ((~ (eq tortoise hare)) -> forall (tortoise1:t),
forall (tortoise1:t), (tortoise1 = (f tortoise)) -> forall (hare1:t), (tortoise1 = (f tortoise)) -> forall (hare1:t), (hare1 = (f (f hare))) ->
(hare1 = (f (f hare))) -> (rel tortoise1 tortoise)). (rel tortoise1 tortoise))).
intros hare tortoise (t1,((h1,h2),(h3,(h4,h5)))) h6 h7 tortoise1 h8 hare1 h9.
Qed.
(* Unused content named WP_parameter_tortoise_hare
(* YOU MAY EDIT THE PROOF BELOW *) (* YOU MAY EDIT THE PROOF BELOW *)
intuition. intuition.
clear H2. clear H2.
...@@ -114,5 +128,4 @@ ring_simplify (2 * i + 2 + (dist (2 * i) i - 1) - 1)%Z. ...@@ -114,5 +128,4 @@ ring_simplify (2 * i + 2 + (dist (2 * i) i - 1) - 1)%Z.
auto. auto.
omega. omega.
Qed. Qed.
*)
(* This file is generated by Why3's Coq driver *) (* This file is generated by Why3's Coq driver *)
(* Beware! Only edit allowed sections below *) (* Beware! Only edit allowed sections below *)
Require Import ZArith. Require Import BuiltIn.
Require Import Rbase. Require BuiltIn.
Definition unit := unit. Require HighOrd.
Require int.Int.
Parameter mark : Type. (* Why3 assumption *)
Definition unit := unit.
Parameter at1: forall (a:Type), a -> mark -> a. Parameter iter: forall {a:Type} {a_WT:WhyType a}, (a -> a) -> Z -> a -> a.
Implicit Arguments at1. Axiom iter_def : forall {a:Type} {a_WT:WhyType a}, forall (f:(a -> a)) (k:Z)
(x:a), (0%Z <= k)%Z -> (((k = 0%Z) -> ((iter f k x) = x)) /\
((~ (k = 0%Z)) -> ((iter f k x) = (iter f (k - 1%Z)%Z (f x))))).
Parameter old: forall (a:Type), a -> a. Axiom iter_1 : forall {a:Type} {a_WT:WhyType a}, forall (f:(a -> a)) (x:a),
((iter f 1%Z x) = (f x)).
Implicit Arguments old. Axiom iter_s : forall {a:Type} {a_WT:WhyType a}, forall (f:(a -> a)) (k:Z)
(x:a), (0%Z < k)%Z -> ((iter f k x) = (f (iter f (k - 1%Z)%Z x))).
Parameter t : Type. Axiom t : Type.
Parameter t_WhyType : WhyType t.
Existing Instance t_WhyType.
Parameter f: t -> t. Parameter eq: t -> t -> Prop.
Axiom eq_spec : forall (x:t) (y:t), (eq x y) <-> (x = y).
Parameter x0: t. Parameter f: t -> t.
Parameter x0: t.
Parameter iter: Z -> t -> t. (* Why3 assumption *)
Definition x (i:Z): t := (iter (fun (y0:t) => (f y0)) i x0).
Parameter mu: Z.
Axiom iter_0 : forall (x:t), ((iter 0%Z x) = x). Parameter lambda: Z.
Axiom iter_s : forall (k:Z) (x:t), (0%Z < k)%Z -> ((iter k Axiom mu_range : (0%Z <= mu)%Z.
x) = (iter (k - 1%Z)%Z (f x))).
Axiom iter_1 : forall (x:t), ((iter 1%Z x) = (f x)). Axiom lambda_range : (1%Z <= lambda)%Z.
Axiom iter_s2 : forall (k:Z) (x:t), (0%Z < k)%Z -> ((iter k
x) = (f (iter (k - 1%Z)%Z x))).
Parameter mu: Z.
Parameter lambda: Z.
Axiom mu_range : (0%Z <= (mu ))%Z.
Axiom lambda_range : (1%Z <= (lambda ))%Z.
Axiom distinct : forall (i:Z) (j:Z), ((0%Z <= i)%Z /\ Axiom distinct : forall (i:Z) (j:Z), ((0%Z <= i)%Z /\
(i < ((mu ) + (lambda ))%Z)%Z) -> (((0%Z <= j)%Z /\ (i < (mu + lambda)%Z)%Z) -> (((0%Z <= j)%Z /\ (j < (mu + lambda)%Z)%Z) ->
(j < ((mu ) + (lambda ))%Z)%Z) -> ((~ (i = j)) -> ~ ((iter i ((~ (i = j)) -> ~ ((x i) = (x j)))).
(x0 )) = (iter j (x0 ))))).
Axiom cycle : forall (n:Z), ((mu ) <= n)%Z -> ((iter (n + (lambda ))%Z Axiom cycle : forall (n:Z), (mu <= n)%Z -> ((x (n + lambda)%Z) = (x n)).
(x0 )) = (iter n (x0 ))).
Theorem cycle_induction : forall (n:Z), ((mu ) <= n)%Z -> forall (k:Z), (* Why3 goal *)
(0%Z <= k)%Z -> ((iter (n + ((lambda ) * k)%Z)%Z (x0 )) = (iter n (x0 ))). Theorem cycle_induction : forall (n:Z), (mu <= n)%Z -> forall (k:Z),
(0%Z <= k)%Z -> ((x (n + (lambda * k)%Z)%Z) = (x n)).
(* Why3 intros n h1 k h2. *)
(* YOU MAY EDIT THE PROOF BELOW *) (* YOU MAY EDIT THE PROOF BELOW *)
intros n hn. intros n hn.
apply natlike_ind. apply natlike_ind.
ring_simplify (n + lambda * 0)%Z; auto. ring_simplify (n + lambda * 0)%Z; auto.
intros. intros.
unfold Zsucc. unfold Zsucc.
replace (n + lambda * (x + 1))%Z with ((n+lambda*x)+lambda)%Z by ring. replace (n + lambda * (x1 + 1))%Z with ((n+lambda*x1)+lambda)%Z by ring.
rewrite cycle; auto. rewrite cycle; auto.
assert (0 <= lambda * x)%Z. assert (0 <= lambda * x1)%Z.
apply Zmult_le_0_compat; (generalize lambda_range; omega). apply Zmult_le_0_compat; (generalize lambda_range; omega).
omega. omega.
Qed. Qed.
(* DO NOT EDIT BELOW *)
...@@ -2,23 +2,27 @@ ...@@ -2,23 +2,27 @@
<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN" <!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
"http://why3.lri.fr/why3session.dtd"> "http://why3.lri.fr/why3session.dtd">
<why3session shape_version="4"> <why3session shape_version="4">
<prover id="0" name="Coq" version="8.6" timelimit="10" steplimit="0" memlimit="0"/> <prover id="0" name="Coq" version="8.6" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="2" name="Alt-Ergo" version="0.99.1" timelimit="10" steplimit="0" memlimit="0"/> <prover id="2" name="Alt-Ergo" version="0.99.1" timelimit="10" steplimit="0" memlimit="0"/>
<file name="../tortoise_and_hare.mlw" expanded="true"> <file name="../tortoise_and_hare.mlw" expanded="true">
<theory name="TortoiseAndHare" sum="678b159d9bd73771a5d1163face6530f" expanded="true"> <theory name="TortoiseAndHare" sum="7cea2bafc0941407491255aaac08300b" expanded="true">
<goal name="cycle_induction" expanded="true"> <goal name="VC x0" expl="VC for x0">
<proof prover="0" edited="tortoise_and_hare_WP_TortoiseAndHare_cycle_induction_1.v"><result status="valid" time="0.35"/></proof> <transf name="split_goal_wp">
</transf>
</goal>
<goal name="cycle_induction">
<proof prover="0" edited="tortoise_and_hare_WP_TortoiseAndHare_cycle_induction_1.v"><result status="valid" time="0.36"/></proof>
</goal> </goal>
<goal name="WP_parameter tortoise_hare" expl="VC for tortoise_hare" expanded="true"> <goal name="VC tortoise_hare" expl="VC for tortoise_hare" expanded="true">
<transf name="split_goal_wp" expanded="true"> <transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter tortoise_hare.1" expl="1. loop invariant init" expanded="true"> <goal name="VC tortoise_hare.1" expl="1. loop invariant init">
<proof prover="2"><result status="valid" time="0.02" steps="24"/></proof> <proof prover="2"><result status="valid" time="0.02" steps="102"/></proof>
</goal> </goal>
<goal name="WP_parameter tortoise_hare.2" expl="2. loop invariant preservation" expanded="true"> <goal name="VC tortoise_hare.2" expl="2. loop variant decrease" expanded="true">
<proof prover="0" edited="tortoise_and_hare_WP_TortoiseAndHare_WP_parameter_tortoise_hare_2.v"><result status="valid" time="0.57"/></proof> <proof prover="0" edited="tortoise_and_hare_WP_TortoiseAndHare_WP_parameter_tortoise_hare_1.v" obsolete="true"><undone/></proof>
</goal> </goal>
<goal name="WP_parameter tortoise_hare.3" expl="3. loop variant decrease" expanded="true"> <goal name="VC tortoise_hare.3" expl="3. loop invariant preservation" expanded="true">
<proof prover="0" edited="tortoise_and_hare_WP_TortoiseAndHare_WP_parameter_tortoise_hare_1.v"><result status="valid" time="0.39"/></proof> <proof prover="0" timelimit="10" memlimit="0" edited="tortoise_and_hare_WP_TortoiseAndHare_WP_parameter_tortoise_hare_2.v"><result status="unknown" time="0.27"/></proof>
</goal> </goal>
</transf> </transf>
</goal> </goal>
......
...@@ -4,15 +4,10 @@ ...@@ -4,15 +4,10 @@
<why3session shape_version="4"> <why3session shape_version="4">
<prover id="0" name="Alt-Ergo" version="0.99.1" timelimit="6" steplimit="0" memlimit="1000"/> <prover id="0" name="Alt-Ergo" version="0.99.1" timelimit="6" steplimit="0" memlimit="1000"/>
<prover id="1" name="CVC4" version="1.4" timelimit="5" steplimit="0" memlimit="1000"/> <prover id="1" name="CVC4" version="1.4" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="2" name="CVC3" version="2.4.1" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="3" name="Eprover" version="1.8-001" timelimit="6" steplimit="0" memlimit="1000"/>
<prover id="4" name="Vampire" version="0.6" timelimit="6" steplimit="0" memlimit="1000"/> <prover id="4" name="Vampire" version="0.6" timelimit="6" steplimit="0" memlimit="1000"/>
<prover id="5" name="Z3" version="4.2" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="6" name="Alt-Ergo" version="1.30" timelimit="5" steplimit="0" memlimit="1000"/> <prover id="6" name="Alt-Ergo" version="1.30" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="7" name="Yices" version="1.0.38" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="8" name="Z3" version="4.4.0" timelimit="5" steplimit="0" memlimit="1000"/>
<file name="../tree_height.mlw" expanded="true"> <file name="../tree_height.mlw" expanded="true">
<theory name="HeightCPS" sum="56143ea961123bc30fc2b184c2952c02" expanded="true"> <theory name="HeightCPS" sum="1596efb5a30759311de415509f281b2a" expanded="true">
<goal name="VC height_cps" expl="VC for height_cps"> <goal name="VC height_cps" expl="VC for height_cps">
<proof prover="6"><result status="valid" time="0.00" steps="26"/></proof> <proof prover="6"><result status="valid" time="0.00" steps="26"/></proof>
</goal> </goal>
...@@ -20,46 +15,11 @@ ...@@ -20,46 +15,11 @@
<proof prover="6"><result status="valid" time="0.00" steps="1"/></proof> <proof prover="6"><result status="valid" time="0.00" steps="1"/></proof>
</goal> </goal>
<goal name="height_cps_correct" expanded="true"> <goal name="height_cps_correct" expanded="true">
<transf name="induction_ty_lex" expanded="true">
<goal name="height_cps_correct.1" expl="1." expanded="true">
<proof prover="0"><result status="unknown" time="0.00"/></proof>
<proof prover="1"><result status="unknown" time="0.01"/></proof>
<proof prover="2"><result status="unknown" time="0.02"/></proof>
<proof prover="3" timelimit="5"><internalfailure reason="Why3.Printer.UnknownPrinter(&quot;tptp-fof&quot;)"/></proof>
<proof prover="5"><result status="timeout" time="5.00"/></proof>
<proof prover="6"><result status="unknown" time="0.01"/></proof>
<proof prover="7"><result status="timeout" time="5.00"/></proof>
<proof prover="8"><result status="timeout" time="5.00"/></proof>
<transf name="split_goal_wp" expanded="true">
<goal name="height_cps_correct.1.1" expl="1." expanded="true">
<transf name="compute_in_goal" expanded="true">
<goal name="height_cps_correct.1.1.1" expl="1." expanded="true">
<proof prover="1"><result status="unknown" time="0.02"/></proof>
<proof prover="2"><result status="unknown" time="0.35"/></proof>
<proof prover="3" timelimit="5"><internalfailure reason="Why3.Printer.UnknownPrinter(&quot;tptp-fof&quot;)"/></proof>
<proof prover="5"><result status="timeout" time="5.00"/></proof>
<proof prover="6"><result status="timeout" time="5.01"/></proof>
<proof prover="7"><result status="unknown" time="1.91"/></proof>
<proof prover="8"><result status="timeout" time="5.00"/></proof>
</goal>
</transf>
</goal>
<goal name="height_cps_correct.1.2" expl="2." expanded="true">
<transf name="compute_in_goal" expanded="true">
<goal name="height_cps_correct.1.2.1" expl="1.">
</goal>
</transf>
</goal>
</transf>
</goal>
</transf>
</goal> </goal>
<goal name="height1_correct" expanded="true"> <goal name="height1_correct" expanded="true">
<proof prover="0"><result status="unknown" time="0.01"/></proof>
<proof prover="6"><result status="unknown" time="0.00"/></proof>
</goal> </goal>
</theory> </theory>
<theory name="Iteration" sum="d6b56da2821d62a146b19c957c33171b"> <theory name="Iteration" sum="afade23b6e0721562d822b490670f598" expanded="true">
<goal name="VC is_id" expl="VC for is_id"> <goal name="VC is_id" expl="VC for is_id">
<proof prover="6"><result status="valid" time="0.00" steps="1"/></proof> <proof prover="6"><result status="valid" time="0.00" steps="1"/></proof>
</goal> </goal>
...@@ -76,29 +36,121 @@ ...@@ -76,29 +36,121 @@
<goal name="helper1"> <goal name="helper1">
<proof prover="0"><result status="valid" time="0.01" steps="1"/></proof> <proof prover="0"><result status="valid" time="0.01" steps="1"/></proof>
</goal> </goal>
<goal name="sizew_nonneg"> <goal name="sizew_nonneg" expanded="true">
<proof prover="3"><internalfailure reason="Why3.Printer.UnknownPrinter(&quot;tptp-fof&quot;)"/></proof>
<proof prover="6"><result status="unknown" time="0.01"/></proof>
</goal> </goal>
<goal name="VC height1" expl="VC for height1"> <goal name="VC height1" expl="VC for height1">