gallery: simple verification exercises

parent 2036ffd2
module Swap
use import int.Int
use import ref.Ref
let swap (a b: ref int) : unit
writes { a, b }
ensures { !a = old !b /\ !b = old !a }
=
a := !a + !b;
b := !a - !b;
a := !a - !b
end
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
"http://why3.lri.fr/why3session.dtd">
<why3session shape_version="4">
<prover id="0" name="Alt-Ergo" version="0.99.1" timelimit="6" memlimit="1000"/>
<file name="../swap.mlw" expanded="true">
<theory name="Swap" sum="5488140ff7d3e24ad9f42a3b571a28a3" expanded="true">
<goal name="WP_parameter swap" expl="VC for swap" expanded="true">
<proof prover="0"><result status="valid" time="0.01" steps="3"/></proof>
</goal>
</theory>
</file>
</why3session>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment