Commit 588edddb authored by MARCHE Claude's avatar MARCHE Claude

example isqrt: additional lemmas and assert to ease the proofs

parent da34dca3
......@@ -7,9 +7,14 @@ module Square
function sqr (x:int) : int = x * x
lemma sqr_non_neg: forall x:int. sqr x >= 0
lemma sqr_increasing:
forall x y:int. 0 <= x <= y -> sqr x <= sqr y
lemma sqr_sum :
forall x y : int. sqr(x+y) = sqr x + 2*x*y + sqr y
predicate isqrt_spec (x res:int) =
res >= 0 /\ sqr res <= x < sqr (res + 1)
end
......@@ -56,7 +61,7 @@ module NewtonMethod
= if x = 0 then 0 else
if x <= 3 then 1 else
let y = ref x in
let z = ref (div (x+1) 2) in
let z = ref (div (1 + x) 2) in
while !z < !y do
variant { !y }
invariant { !z > 0 }
......@@ -79,6 +84,7 @@ module NewtonMethod
= sqr (a + 1 - !y)
>= 0 }
done;
assert { !y * !y <= div x !y * !y by !y <= div x !y };
!y
end
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment