Commit 540a7533 by Jean-Christophe Filliatre

### foveoos11_challenge2: added proof of termination

parent 0d3d2818
 ... ... @@ -12,12 +12,19 @@ module MaximumTree type tree = Empty | Node tree int tree function size (t: tree) : int = match t with | Empty -> 0 | Node l _ r -> 1 + size l + size r end lemma size_nonneg: forall t: tree. size t >= 0 predicate mem (x: int) (t: tree) = match t with | Empty -> false | Node l v r -> mem x l \/ x = v \/ mem x r end let rec maximum (t: tree) : int = let rec maximum (t: tree) : int variant { size t } = { t <> Empty } match t with | Empty -> absurd ... ...
 (* This file is generated by Why3's Coq driver *) (* Beware! Only edit allowed sections below *) Require Import ZArith. Require Import Rbase. Definition unit := unit. Parameter qtmark : Type. Parameter at1: forall (a:Type), a -> qtmark -> a. Implicit Arguments at1. Parameter old: forall (a:Type), a -> a. Implicit Arguments old. Axiom Max_is_ge : forall (x:Z) (y:Z), (x <= (Zmax x y))%Z /\ (y <= (Zmax x y))%Z. Axiom Max_is_some : forall (x:Z) (y:Z), ((Zmax x y) = x) \/ ((Zmax x y) = y). Axiom Min_is_le : forall (x:Z) (y:Z), ((Zmin x y) <= x)%Z /\ ((Zmin x y) <= y)%Z. Axiom Min_is_some : forall (x:Z) (y:Z), ((Zmin x y) = x) \/ ((Zmin x y) = y). Axiom Max_x : forall (x:Z) (y:Z), (y <= x)%Z -> ((Zmax x y) = x). Axiom Max_y : forall (x:Z) (y:Z), (x <= y)%Z -> ((Zmax x y) = y). Axiom Min_x : forall (x:Z) (y:Z), (x <= y)%Z -> ((Zmin x y) = x). Axiom Min_y : forall (x:Z) (y:Z), (y <= x)%Z -> ((Zmin x y) = y). Axiom Max_sym : forall (x:Z) (y:Z), (y <= x)%Z -> ((Zmax x y) = (Zmax y x)). Axiom Min_sym : forall (x:Z) (y:Z), (y <= x)%Z -> ((Zmin x y) = (Zmin y x)). Inductive tree := | Empty : tree | Node : tree -> Z -> tree -> tree . Set Implicit Arguments. Fixpoint size(t:tree) {struct t}: Z := match t with | Empty => 0%Z | (Node l _ r) => ((1%Z + (size l))%Z + (size r))%Z end. Unset Implicit Arguments. (* YOU MAY EDIT THE CONTEXT BELOW *) (* DO NOT EDIT BELOW *) Theorem size_nonneg : forall (t:tree), (0%Z <= (size t))%Z. (* YOU MAY EDIT THE PROOF BELOW *) induction t; intuition. unfold size; fold size; omega. Qed. (* DO NOT EDIT BELOW *)
 ... ... @@ -9,19 +9,11 @@ version="8.3pl2"/> version="1.0.27"/> version="2.19"/> shape="CV0aEmptyfaNodeaEmptyVaEmptyainfix <=V2V1IamemV2V0FAamemV1V0aNodeVVaEmptyOaNodeaEmptyVVainfix <=V6amaxV5V3IamemV6V0FAamemamaxV5V3V0Iainfix <=V7V5IamemV7V4FAamemV5V4FAainfix =V4aEmptyNAainfix ... ...
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!