library: {Stack,Queue}.length now return a Peano.t

this way, the extraction maps them to OCaml's {Stack,Queue}.length
without using ZArith anymore
parent 2627b74e
......@@ -144,7 +144,7 @@ module stack.Stack
syntax val clear "Stack.clear"
syntax val copy "Stack.copy"
syntax val is_empty "Stack.is_empty"
syntax val length "Z.of_int (Stack.length %1)"
syntax val length "Stack.length %1"
end
module queue.Queue
......@@ -159,7 +159,7 @@ module queue.Queue
syntax val clear "Queue.clear"
syntax val copy "Queue.copy"
syntax val is_empty "Queue.is_empty"
syntax val length "(Z.of_int (Queue.length %1))"
syntax val length "Queue.length %1"
syntax val transfer "Queue.transfer"
end
......
......@@ -24,16 +24,16 @@ module MergesortQueue
requires { q.elts = Nil /\ sorted q1.elts /\ sorted q2.elts }
ensures { sorted q.elts }
ensures { permut q.elts (old q1.elts ++ old q2.elts) }
= while length q1 > 0 || length q2 > 0 do
= while not (is_empty q1 && is_empty q2) do
invariant { sorted q1.elts /\ sorted q2.elts /\ sorted q.elts }
invariant { forall x y: elt. mem x q.elts -> mem y q1.elts -> le x y }
invariant { forall x y: elt. mem x q.elts -> mem y q2.elts -> le x y }
invariant { permut (q.elts ++ q1.elts ++ q2.elts)
(old (q1.elts ++ q2.elts)) }
variant { length q1 + length q2 }
if length q1 = 0 then
if is_empty q1 then
push (safe_pop q2) q
else if length q2 = 0 then
else if is_empty q2 then
push (safe_pop q1) q
else
let x1 = safe_peek q1 in
......@@ -47,7 +47,7 @@ module MergesortQueue
let rec mergesort (q: t elt) : unit
ensures { sorted q.elts /\ permut q.elts (old q.elts) }
variant { length q }
= if length q > 1 then begin
= if Peano.gt (length q) Peano.one then begin
let q1 = create () : t elt in
let q2 = create () : t elt in
while not (is_empty q) do
......
......@@ -3,62 +3,62 @@
"http://why3.lri.fr/why3session.dtd">
<why3session shape_version="5">
<prover id="0" name="Alt-Ergo" version="2.0.0" timelimit="11" steplimit="0" memlimit="1000"/>
<prover id="1" name="Eprover" version="1.9.1-001" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="2" name="CVC4" version="1.4" timelimit="11" steplimit="0" memlimit="1000"/>
<prover id="5" name="Z3" version="4.5.0" timelimit="11" steplimit="0" memlimit="1000"/>
<file name="../mergesort_queue.mlw" proved="true">
<theory name="MergesortQueue" proved="true">
<goal name="Transitive.Trans" proved="true">
<proof prover="0"><result status="valid" time="0.00" steps="5"/></proof>
<proof prover="0"><result status="valid" time="0.00" steps="7"/></proof>
</goal>
<goal name="VC merge" expl="VC for merge" proved="true">
<transf name="split_goal_right" proved="true" >
<goal name="VC merge.0" expl="loop invariant init" proved="true">
<proof prover="0"><result status="valid" time="0.00" steps="5"/></proof>
<proof prover="0"><result status="valid" time="0.00" steps="7"/></proof>
</goal>
<goal name="VC merge.1" expl="loop invariant init" proved="true">
<proof prover="0"><result status="valid" time="0.00" steps="10"/></proof>
<proof prover="0"><result status="valid" time="0.00" steps="12"/></proof>
</goal>
<goal name="VC merge.2" expl="loop invariant init" proved="true">
<proof prover="0"><result status="valid" time="0.01" steps="17"/></proof>
<proof prover="0"><result status="valid" time="0.01" steps="19"/></proof>
</goal>
<goal name="VC merge.3" expl="loop invariant init" proved="true">
<proof prover="0"><result status="valid" time="0.00" steps="10"/></proof>
<proof prover="0"><result status="valid" time="0.00" steps="12"/></proof>
</goal>
<goal name="VC merge.4" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.01" steps="12"/></proof>
<proof prover="0"><result status="valid" time="0.01" steps="13"/></proof>
</goal>
<goal name="VC merge.5" expl="loop variant decrease" proved="true">
<proof prover="0"><result status="valid" time="0.01" steps="19"/></proof>
<proof prover="0"><result status="valid" time="0.01" steps="56"/></proof>
</goal>
<goal name="VC merge.6" expl="loop invariant preservation" proved="true">
<proof prover="0"><result status="valid" time="0.82" steps="2319"/></proof>
<proof prover="0"><result status="valid" time="0.82" steps="2594"/></proof>
</goal>
<goal name="VC merge.7" expl="loop invariant preservation" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="82"/></proof>
<proof prover="0"><result status="valid" time="0.02" steps="24"/></proof>
</goal>
<goal name="VC merge.8" expl="loop invariant preservation" proved="true">
<proof prover="0"><result status="valid" time="0.12" steps="504"/></proof>
<proof prover="0"><result status="valid" time="0.12" steps="524"/></proof>
</goal>
<goal name="VC merge.9" expl="loop invariant preservation" proved="true">
<proof prover="0"><result status="valid" time="0.20" steps="437"/></proof>
<proof prover="0"><result status="valid" time="0.33" steps="596"/></proof>
</goal>
<goal name="VC merge.10" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.00" steps="13"/></proof>
</goal>
<goal name="VC merge.11" expl="loop variant decrease" proved="true">
<proof prover="0"><result status="valid" time="0.01" steps="20"/></proof>
<proof prover="0"><result status="valid" time="0.01" steps="56"/></proof>
</goal>
<goal name="VC merge.12" expl="loop invariant preservation" proved="true">
<proof prover="0"><result status="valid" time="0.85" steps="2263"/></proof>
<proof prover="0"><result status="valid" time="1.15" steps="2402"/></proof>
</goal>
<goal name="VC merge.13" expl="loop invariant preservation" proved="true">
<proof prover="0"><result status="valid" time="0.08" steps="486"/></proof>
<proof prover="0"><result status="valid" time="0.08" steps="628"/></proof>
</goal>
<goal name="VC merge.14" expl="loop invariant preservation" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="95"/></proof>
<proof prover="0"><result status="valid" time="0.02" steps="31"/></proof>
</goal>
<goal name="VC merge.15" expl="loop invariant preservation" proved="true">
<proof prover="0"><result status="valid" time="0.18" steps="427"/></proof>
<proof prover="0"><result status="valid" time="0.46" steps="496"/></proof>
</goal>
<goal name="VC merge.16" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.01" steps="13"/></proof>
......@@ -73,16 +73,16 @@
<proof prover="0"><result status="valid" time="0.02" steps="72"/></proof>
</goal>
<goal name="VC merge.20" expl="loop invariant preservation" proved="true">
<proof prover="0"><result status="valid" time="0.94" steps="2584"/></proof>
<proof prover="0"><result status="valid" time="0.94" steps="2739"/></proof>
</goal>
<goal name="VC merge.21" expl="loop invariant preservation" proved="true">
<proof prover="0"><result status="valid" time="0.16" steps="740"/></proof>
<proof prover="0"><result status="valid" time="0.16" steps="711"/></proof>
</goal>
<goal name="VC merge.22" expl="loop invariant preservation" proved="true">
<proof prover="0"><result status="valid" time="15.06" steps="26072"/></proof>
<proof prover="0"><result status="valid" time="15.06" steps="26326"/></proof>
</goal>
<goal name="VC merge.23" expl="loop invariant preservation" proved="true">
<proof prover="0"><result status="valid" time="0.52" steps="476"/></proof>
<proof prover="0"><result status="valid" time="0.52" steps="468"/></proof>
</goal>
<goal name="VC merge.24" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.00" steps="18"/></proof>
......@@ -91,80 +91,80 @@
<proof prover="0"><result status="valid" time="0.02" steps="73"/></proof>
</goal>
<goal name="VC merge.26" expl="loop invariant preservation" proved="true">
<proof prover="0"><result status="valid" time="0.79" steps="2426"/></proof>
<proof prover="0"><result status="valid" time="0.79" steps="2588"/></proof>
</goal>
<goal name="VC merge.27" expl="loop invariant preservation" proved="true">
<proof prover="0"><result status="valid" time="5.02" steps="11189"/></proof>
<proof prover="0"><result status="valid" time="4.33" steps="11062"/></proof>
</goal>
<goal name="VC merge.28" expl="loop invariant preservation" proved="true">
<proof prover="0"><result status="valid" time="0.34" steps="1174"/></proof>
<proof prover="0"><result status="valid" time="0.34" steps="1555"/></proof>
</goal>
<goal name="VC merge.29" expl="loop invariant preservation" proved="true">
<proof prover="2"><result status="valid" time="3.10"/></proof>
</goal>
<goal name="VC merge.30" expl="postcondition" proved="true">
<proof prover="0"><result status="valid" time="0.00" steps="11"/></proof>
<proof prover="0"><result status="valid" time="0.00" steps="13"/></proof>
</goal>
<goal name="VC merge.31" expl="postcondition" proved="true">
<proof prover="0"><result status="valid" time="0.03" steps="90"/></proof>
<proof prover="0"><result status="valid" time="0.03" steps="29"/></proof>
</goal>
</transf>
</goal>
<goal name="VC mergesort" expl="VC for mergesort" proved="true">
<transf name="split_goal_right" proved="true" >
<goal name="VC mergesort.0" expl="loop invariant init" proved="true">
<proof prover="0"><result status="valid" time="0.01" steps="27"/></proof>
<proof prover="0"><result status="valid" time="0.01" steps="30"/></proof>
</goal>
<goal name="VC mergesort.1" expl="loop invariant init" proved="true">
<proof prover="0"><result status="valid" time="0.00" steps="7"/></proof>
<proof prover="0"><result status="valid" time="0.00" steps="10"/></proof>
</goal>
<goal name="VC mergesort.2" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.00" steps="7"/></proof>
<proof prover="0"><result status="valid" time="0.00" steps="10"/></proof>
</goal>
<goal name="VC mergesort.3" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.00" steps="12"/></proof>
<proof prover="0"><result status="valid" time="0.00" steps="15"/></proof>
</goal>
<goal name="VC mergesort.4" expl="loop variant decrease" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="67"/></proof>
<proof prover="0"><result status="valid" time="0.02" steps="70"/></proof>
</goal>
<goal name="VC mergesort.5" expl="loop invariant preservation" proved="true">
<proof prover="2"><result status="valid" time="3.05"/></proof>
<proof prover="1"><result status="valid" time="0.06"/></proof>
</goal>
<goal name="VC mergesort.6" expl="loop invariant preservation" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="81"/></proof>
<proof prover="0"><result status="valid" time="0.02" steps="84"/></proof>
</goal>
<goal name="VC mergesort.7" expl="loop variant decrease" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="52"/></proof>
<proof prover="0"><result status="valid" time="0.02" steps="55"/></proof>
</goal>
<goal name="VC mergesort.8" expl="loop invariant preservation" proved="true">
<proof prover="0"><result status="valid" time="0.16" steps="246"/></proof>
<proof prover="2"><result status="valid" time="0.73"/></proof>
</goal>
<goal name="VC mergesort.9" expl="loop invariant preservation" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="115"/></proof>
<proof prover="0"><result status="valid" time="0.02" steps="118"/></proof>
</goal>
<goal name="VC mergesort.10" expl="assertion" proved="true">
<proof prover="0"><result status="valid" time="0.00" steps="7"/></proof>
<proof prover="0"><result status="valid" time="0.00" steps="10"/></proof>
</goal>
<goal name="VC mergesort.11" expl="assertion" proved="true">
<proof prover="0"><result status="valid" time="0.01" steps="24"/></proof>
<proof prover="0"><result status="valid" time="0.01" steps="27"/></proof>
</goal>
<goal name="VC mergesort.12" expl="variant decrease" proved="true">
<proof prover="0"><result status="valid" time="0.01" steps="59"/></proof>
<proof prover="0"><result status="valid" time="0.02" steps="62"/></proof>
</goal>
<goal name="VC mergesort.13" expl="variant decrease" proved="true">
<proof prover="0"><result status="valid" time="0.02" steps="63"/></proof>
<proof prover="0"><result status="valid" time="0.01" steps="66"/></proof>
</goal>
<goal name="VC mergesort.14" expl="precondition" proved="true">
<proof prover="0"><result status="valid" time="0.00" steps="12"/></proof>
<proof prover="0"><result status="valid" time="0.00" steps="15"/></proof>
</goal>
<goal name="VC mergesort.15" expl="postcondition" proved="true">
<proof prover="0"><result status="valid" time="0.03" steps="117"/></proof>
</goal>
<goal name="VC mergesort.16" expl="assertion" proved="true">
<proof prover="5"><result status="valid" time="0.20"/></proof>
<proof prover="1"><result status="valid" time="0.06"/></proof>
</goal>
<goal name="VC mergesort.17" expl="postcondition" proved="true">
<proof prover="0"><result status="valid" time="0.01" steps="9"/></proof>
<proof prover="0"><result status="valid" time="0.01" steps="12"/></proof>
</goal>
</transf>
</goal>
......
......@@ -44,10 +44,10 @@
</theory>
<theory name="GilbreathCardTrick" proved="true">
<goal name="VC shuffle" expl="VC for shuffle" proved="true">
<proof prover="2"><result status="valid" time="1.16" steps="3279"/></proof>
<proof prover="2"><result status="valid" time="0.84" steps="3281"/></proof>
</goal>
<goal name="VC card_trick" expl="VC for card_trick" proved="true">
<proof prover="2"><result status="valid" time="0.16" steps="614"/></proof>
<proof prover="2"><result status="valid" time="0.16" steps="616"/></proof>
</goal>
</theory>
</file>
......
......@@ -98,26 +98,26 @@
<proof prover="5"><result status="valid" time="0.00" steps="6"/></proof>
</goal>
<goal name="VC process_queue" expl="VC for process_queue" proved="true">
<proof prover="5"><result status="valid" time="0.01" steps="4"/></proof>
<proof prover="5"><result status="valid" time="0.01" steps="6"/></proof>
</goal>
<goal name="VC rt_empty" expl="VC for rt_empty" proved="true">
<proof prover="5"><result status="valid" time="0.01" steps="7"/></proof>
<proof prover="5"><result status="valid" time="0.01" steps="9"/></proof>
</goal>
<goal name="VC rt_get" expl="VC for rt_get" proved="true">
<proof prover="5"><result status="valid" time="0.01" steps="8"/></proof>
<proof prover="5"><result status="valid" time="0.01" steps="10"/></proof>
</goal>
<goal name="VC rt_add" expl="VC for rt_add" proved="true">
<transf name="split_goal_right" proved="true" >
<goal name="VC rt_add.0" expl="precondition" proved="true">
<transf name="split_goal_right" proved="true" >
<goal name="VC rt_add.0.0" expl="VC for rt_add" proved="true">
<proof prover="5"><result status="valid" time="0.00" steps="4"/></proof>
<proof prover="5"><result status="valid" time="0.00" steps="6"/></proof>
</goal>
<goal name="VC rt_add.0.1" expl="VC for rt_add" proved="true">
<proof prover="5"><result status="valid" time="0.01" steps="4"/></proof>
<proof prover="5"><result status="valid" time="0.01" steps="6"/></proof>
</goal>
<goal name="VC rt_add.0.2" expl="VC for rt_add" proved="true">
<proof prover="5"><result status="valid" time="0.01" steps="17"/></proof>
<proof prover="5"><result status="valid" time="0.01" steps="19"/></proof>
</goal>
<goal name="VC rt_add.0.3" expl="VC for rt_add" proved="true">
<proof prover="0"><result status="valid" time="0.82"/></proof>
......@@ -125,13 +125,13 @@
</transf>
</goal>
<goal name="VC rt_add.1" expl="postcondition" proved="true">
<proof prover="5"><result status="valid" time="0.01" steps="8"/></proof>
<proof prover="5"><result status="valid" time="0.01" steps="10"/></proof>
</goal>
<goal name="VC rt_add.2" expl="precondition" proved="true">
<proof prover="5"><result status="valid" time="0.03" steps="57"/></proof>
<proof prover="5"><result status="valid" time="0.03" steps="59"/></proof>
</goal>
<goal name="VC rt_add.3" expl="postcondition" proved="true">
<proof prover="5"><result status="valid" time="0.01" steps="7"/></proof>
<proof prover="5"><result status="valid" time="0.01" steps="9"/></proof>
</goal>
</transf>
</goal>
......
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -3,6 +3,7 @@
module Queue
use mach.peano.Peano
use list.List
use list.Append
use list.Length as L
......@@ -45,7 +46,7 @@ module Queue
function length (q: t 'a) : int = L.length q.elts
val length (q: t 'a) : int
val length (q: t 'a) : Peano.t
ensures { result = L.length q.elts }
val transfer (q1 q2: t 'a) : unit
......
......@@ -5,6 +5,7 @@
module Stack
use mach.peano.Peano
use list.List
use list.Length as L
......@@ -46,7 +47,7 @@ module Stack
function length (s: t 'a) : int = L.length s.elts
val length (s: t 'a) : int
val length (s: t 'a) : Peano.t
ensures { result = L.length s.elts }
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment