new examples: tree_of_array and binary_sort

parent 7d8d2baf
(** Binary sort
Binary sort is a variant of insertion sort where binary search is used
to find the insertion point. This lowers the number of comparisons
(from N^2 to N log(N)) and thus is useful when comparisons are costly.
For instance, Binary sort is used as an ingredient in Java 8's
TimSort implementation (which is the library sort for Object[]).
Author: Jean-Christophe Filliâtre (CNRS)
*)
module BinarySort
use import int.Int
use import int.ComputerDivision
use import ref.Ref
use import array.Array
use import array.ArrayPermut
let lemma occ_shift (m1 m2: M.map int 'a) (mid k: int) (x: 'a) : unit
requires { 0 <= mid <= k }
requires { forall i. mid < i <= k -> M.get m2 i = M.get m1 (i - 1) }
requires { M.get m2 mid = M.get m1 k }
ensures { M.Occ.occ x m1 mid (k+1) = M.Occ.occ x m2 mid (k+1) }
= for i = mid to Int.(-) k 1 do
invariant { M.Occ.occ x m1 mid i = M.Occ.occ x m2 (mid+1) (i+1) }
()
done;
assert { M.Occ.occ (M.get m1 k) m1 mid (k+1) =
1 + M.Occ.occ (M.get m1 k) m1 mid k };
assert { M.Occ.occ (M.get m1 k) m2 mid (k+1) =
1 + M.Occ.occ (M.get m1 k) m2 (mid+1) (k+1) };
assert { M.Occ.occ x m1 mid (k+1) = M.Occ.occ x m2 mid (k+1)
by x = M.get m1 k \/ x <> M.get m1 k }
let binary_sort (a: array int) : unit
ensures { forall i j. 0 <= i <= j < length a -> a[i] <= a[j] }
ensures { permut_sub (old a) a 0 (length a) }
=
'Init:
for k = 1 to length a - 1 do
(* a[0..k-1) is sorted; insert a[k] *)
invariant { forall i j. 0 <= i <= j < k -> a[i] <= a[j] }
invariant { permut_sub (at a 'Init) a 0 (length a) }
let v = a[k] in
let left = ref 0 in
let right = ref k in
while !left < !right do
invariant { 0 <= !left <= !right <= k }
invariant { forall i. 0 <= i < !left -> a[i] <= v }
invariant { forall i. !right <= i < k -> v < a[i] }
variant { !right - !left }
let mid = !left + div (!right - !left) 2 in
if v < a[mid] then right := mid else left := mid + 1
done;
(* !left is the place where to insert value v
so we move a[!left..k) one position to the right *)
'L:
for l = k downto !left + 1 do
invariant { forall i. l < i <= k -> a[i] = (at a 'L)[i - 1] }
invariant { forall i. 0 <= i <= l -> a[i] = (at a 'L)[i] }
invariant { forall i. k < i < length a -> a[i] = (at a 'L)[i] }
a[l] <- a[l - 1]
done;
a[!left] <- v;
assert { permut_sub (at a 'L) a !left (k + 1) };
assert { permut_sub (at a 'L) a 0 (length a) };
done
end
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
"http://why3.lri.fr/why3session.dtd">
<why3session shape_version="4">
<prover id="0" name="CVC4" version="1.4" timelimit="6" steplimit="0" memlimit="1000"/>
<prover id="1" name="Alt-Ergo" version="1.30" timelimit="6" steplimit="0" memlimit="1000"/>
<file name="../binary_sort.mlw" expanded="true">
<theory name="BinarySort" sum="33d84656fa3e7f9d3142595581a9acee" expanded="true">
<goal name="WP_parameter occ_shift" expl="VC for occ_shift" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter occ_shift.1" expl="1. assertion">
<proof prover="1"><result status="valid" time="0.01" steps="11"/></proof>
</goal>
<goal name="WP_parameter occ_shift.2" expl="2. assertion">
<proof prover="1"><result status="valid" time="0.02" steps="14"/></proof>
</goal>
<goal name="WP_parameter occ_shift.3" expl="3. assertion">
<proof prover="1"><result status="valid" time="0.00" steps="8"/></proof>
</goal>
<goal name="WP_parameter occ_shift.4" expl="4. postcondition" expanded="true">
<proof prover="1"><result status="valid" time="0.01" steps="8"/></proof>
</goal>
<goal name="WP_parameter occ_shift.5" expl="5. loop invariant init">
<proof prover="1"><result status="valid" time="0.01" steps="6"/></proof>
</goal>
<goal name="WP_parameter occ_shift.6" expl="6. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.06" steps="83"/></proof>
</goal>
<goal name="WP_parameter occ_shift.7" expl="7. assertion">
<proof prover="1"><result status="valid" time="0.01" steps="11"/></proof>
</goal>
<goal name="WP_parameter occ_shift.8" expl="8. assertion">
<proof prover="0"><result status="valid" time="0.24"/></proof>
</goal>
<goal name="WP_parameter occ_shift.9" expl="9. assertion" expanded="true">
<proof prover="0"><result status="valid" time="0.50"/></proof>
</goal>
<goal name="WP_parameter occ_shift.10" expl="10. postcondition">
<proof prover="1"><result status="valid" time="0.01" steps="9"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter binary_sort" expl="VC for binary_sort">
<transf name="split_goal_wp">
<goal name="WP_parameter binary_sort.1" expl="1. postcondition">
<proof prover="1"><result status="valid" time="0.01" steps="6"/></proof>
</goal>
<goal name="WP_parameter binary_sort.2" expl="2. postcondition">
<proof prover="1"><result status="valid" time="0.01" steps="14"/></proof>
</goal>
<goal name="WP_parameter binary_sort.3" expl="3. loop invariant init">
<proof prover="1"><result status="valid" time="0.00" steps="6"/></proof>
</goal>
<goal name="WP_parameter binary_sort.4" expl="4. loop invariant init">
<proof prover="1"><result status="valid" time="0.01" steps="14"/></proof>
</goal>
<goal name="WP_parameter binary_sort.5" expl="5. type invariant">
<proof prover="1"><result status="valid" time="0.00" steps="6"/></proof>
</goal>
<goal name="WP_parameter binary_sort.6" expl="6. index in array bounds">
<proof prover="1"><result status="valid" time="0.00" steps="6"/></proof>
</goal>
<goal name="WP_parameter binary_sort.7" expl="7. loop invariant init">
<proof prover="1"><result status="valid" time="0.01" steps="7"/></proof>
</goal>
<goal name="WP_parameter binary_sort.8" expl="8. loop invariant init">
<proof prover="1"><result status="valid" time="0.00" steps="7"/></proof>
</goal>
<goal name="WP_parameter binary_sort.9" expl="9. loop invariant init">
<proof prover="1"><result status="valid" time="0.00" steps="7"/></proof>
</goal>
<goal name="WP_parameter binary_sort.10" expl="10. index in array bounds">
<proof prover="1"><result status="valid" time="0.01" steps="20"/></proof>
</goal>
<goal name="WP_parameter binary_sort.11" expl="11. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.01" steps="50"/></proof>
</goal>
<goal name="WP_parameter binary_sort.12" expl="12. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.04" steps="22"/></proof>
</goal>
<goal name="WP_parameter binary_sort.13" expl="13. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.01" steps="23"/></proof>
</goal>
<goal name="WP_parameter binary_sort.14" expl="14. loop variant decrease">
<proof prover="1"><result status="valid" time="0.04" steps="35"/></proof>
</goal>
<goal name="WP_parameter binary_sort.15" expl="15. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.02" steps="36"/></proof>
</goal>
<goal name="WP_parameter binary_sort.16" expl="16. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.02" steps="69"/></proof>
</goal>
<goal name="WP_parameter binary_sort.17" expl="17. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.01" steps="22"/></proof>
</goal>
<goal name="WP_parameter binary_sort.18" expl="18. loop variant decrease">
<proof prover="1"><result status="valid" time="0.02" steps="28"/></proof>
</goal>
<goal name="WP_parameter binary_sort.19" expl="19. index in array bounds">
<proof prover="1"><result status="valid" time="0.00" steps="12"/></proof>
</goal>
<goal name="WP_parameter binary_sort.20" expl="20. assertion">
<proof prover="1"><result status="valid" time="0.02" steps="76"/></proof>
</goal>
<goal name="WP_parameter binary_sort.21" expl="21. assertion">
<proof prover="1"><result status="valid" time="0.01" steps="23"/></proof>
</goal>
<goal name="WP_parameter binary_sort.22" expl="22. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.07" steps="43"/></proof>
</goal>
<goal name="WP_parameter binary_sort.23" expl="23. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.02" steps="66"/></proof>
</goal>
<goal name="WP_parameter binary_sort.24" expl="24. loop invariant init">
<proof prover="1"><result status="valid" time="0.01" steps="12"/></proof>
</goal>
<goal name="WP_parameter binary_sort.25" expl="25. type invariant">
<proof prover="1"><result status="valid" time="0.01" steps="14"/></proof>
</goal>
<goal name="WP_parameter binary_sort.26" expl="26. index in array bounds">
<proof prover="1"><result status="valid" time="0.00" steps="14"/></proof>
</goal>
<goal name="WP_parameter binary_sort.27" expl="27. index in array bounds">
<proof prover="1"><result status="valid" time="0.01" steps="16"/></proof>
</goal>
<goal name="WP_parameter binary_sort.28" expl="28. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.01" steps="40"/></proof>
</goal>
<goal name="WP_parameter binary_sort.29" expl="29. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.02" steps="28"/></proof>
</goal>
<goal name="WP_parameter binary_sort.30" expl="30. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.01" steps="27"/></proof>
</goal>
<goal name="WP_parameter binary_sort.31" expl="31. type invariant">
<proof prover="1"><result status="valid" time="0.00" steps="12"/></proof>
</goal>
<goal name="WP_parameter binary_sort.32" expl="32. index in array bounds">
<proof prover="1"><result status="valid" time="0.02" steps="12"/></proof>
</goal>
<goal name="WP_parameter binary_sort.33" expl="33. assertion">
<proof prover="1"><result status="valid" time="1.84" steps="186"/></proof>
</goal>
<goal name="WP_parameter binary_sort.34" expl="34. assertion">
<proof prover="1"><result status="valid" time="0.01" steps="23"/></proof>
</goal>
<goal name="WP_parameter binary_sort.35" expl="35. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.12" steps="198"/></proof>
</goal>
<goal name="WP_parameter binary_sort.36" expl="36. loop invariant preservation">
<proof prover="1"><result status="valid" time="0.02" steps="62"/></proof>
</goal>
<goal name="WP_parameter binary_sort.37" expl="37. type invariant">
<proof prover="1"><result status="valid" time="0.00" steps="4"/></proof>
</goal>
<goal name="WP_parameter binary_sort.38" expl="38. postcondition">
<proof prover="1"><result status="valid" time="0.00" steps="13"/></proof>
</goal>
<goal name="WP_parameter binary_sort.39" expl="39. postcondition">
<proof prover="1"><result status="valid" time="0.01" steps="4"/></proof>
</goal>
</transf>
</goal>
</theory>
</file>
</why3session>
......@@ -13,20 +13,20 @@ module BubbleSort
let bubble_sort (a: array int)
ensures { permut_all (old a) a }
ensures { permut_all (old a) a }
ensures { sorted a }
= 'Init:
for i = length a - 1 downto 1 do
invariant { permut_all (at a 'Init) a }
invariant { sorted_sub a i (length a) }
invariant { forall k1 k2: int.
0 <= k1 <= i < k2 < length a -> a[k1] <= a[k2]
invariant { forall k1 k2: int.
0 <= k1 <= i < k2 < length a -> a[k1] <= a[k2]
}
for j = 0 to i - 1 do
invariant { permut_all (at a 'Init) a }
invariant { sorted_sub a i (length a) }
invariant { forall k1 k2: int.
0 <= k1 <= i < k2 < length a -> a[k1] <= a[k2]
invariant { forall k1 k2: int.
0 <= k1 <= i < k2 < length a -> a[k1] <= a[k2]
}
invariant { forall k. 0 <= k <= j -> a[k] <= a[j] }
if a[j] > a[j+1] then swap a j (j+1);
......@@ -35,7 +35,7 @@ module BubbleSort
let test1 () =
let a = make 3 0 in
a[0] <- 7; a[1] <- 3; a[2] <- 1;
a[0] <- 7; a[1] <- 3; a[2] <- 1;
bubble_sort a;
a
......
......@@ -4,14 +4,16 @@
<why3session shape_version="4">
<prover id="0" name="Alt-Ergo" version="0.99.1" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="1" name="CVC3" version="2.4.1" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="2" name="CVC4" version="1.4" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="2" name="CVC4" version="1.4" timelimit="6" steplimit="0" memlimit="1000"/>
<prover id="3" name="Alt-Ergo" version="1.30" timelimit="6" steplimit="0" memlimit="1000"/>
<prover id="4" name="Coq" version="8.6" timelimit="20" steplimit="0" memlimit="1000"/>
<prover id="5" name="Z3" version="4.4.0" timelimit="6" steplimit="0" memlimit="1000"/>
<file name="../there_and_back_again.mlw" expanded="true">
<theory name="Convolution" sum="c04f401f3346b5c81c2c50964a553449" expanded="true">
<goal name="WP_parameter convolution_rec" expl="VC for convolution_rec">
<transf name="split_goal_wp">
<goal name="WP_parameter convolution_rec.1" expl="1. postcondition">
<proof prover="2"><result status="valid" time="0.03"/></proof>
<proof prover="2" timelimit="5"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter convolution_rec.2" expl="2. variant decrease">
<proof prover="0"><result status="valid" time="0.02" steps="30"/></proof>
......@@ -20,7 +22,7 @@
<proof prover="0"><result status="valid" time="0.01" steps="11"/></proof>
</goal>
<goal name="WP_parameter convolution_rec.4" expl="4. postcondition">
<proof prover="2"><result status="valid" time="0.10"/></proof>
<proof prover="2" timelimit="5"><result status="valid" time="0.10"/></proof>
</goal>
<goal name="WP_parameter convolution_rec.5" expl="5. unreachable point">
<proof prover="0"><result status="valid" time="0.01" steps="22"/></proof>
......@@ -51,7 +53,7 @@
<proof prover="0"><result status="valid" time="0.25" steps="189"/></proof>
</goal>
<goal name="WP_parameter palindrome_rec.4" expl="4. postcondition">
<proof prover="2"><result status="valid" time="0.02"/></proof>
<proof prover="2" timelimit="5"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="WP_parameter palindrome_rec.5" expl="5. unreachable point">
<proof prover="0"><result status="valid" time="0.01" steps="6"/></proof>
......@@ -64,10 +66,10 @@
<proof prover="1"><result status="valid" time="0.03"/></proof>
</goal>
<goal name="WP_parameter palindrome_rec.8" expl="8. assertion">
<proof prover="2"><result status="valid" time="0.04"/></proof>
<proof prover="2" timelimit="5"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter palindrome_rec.9" expl="9. postcondition">
<proof prover="2"><result status="valid" time="0.16"/></proof>
<proof prover="2" timelimit="5"><result status="valid" time="0.16"/></proof>
</goal>
<goal name="WP_parameter palindrome_rec.10" expl="10. postcondition">
<proof prover="0"><result status="valid" time="0.04" steps="58"/></proof>
......@@ -102,5 +104,73 @@
</transf>
</goal>
</theory>
<theory name="Palindrome2" sum="c43a0140871b1226a02698aa120c1bbe" expanded="true">
<goal name="WP_parameter palindrome_rec" expl="VC for palindrome_rec" expanded="true">
<proof prover="3" obsolete="true"><result status="timeout" time="5.99"/></proof>
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter palindrome_rec.1" expl="1. postcondition">
<proof prover="3"><result status="valid" time="0.01" steps="21"/></proof>
</goal>
<goal name="WP_parameter palindrome_rec.2" expl="2. postcondition">
<proof prover="3"><result status="valid" time="0.00" steps="25"/></proof>
</goal>
<goal name="WP_parameter palindrome_rec.3" expl="3. postcondition">
<proof prover="3"><result status="valid" time="0.02" steps="94"/></proof>
</goal>
<goal name="WP_parameter palindrome_rec.4" expl="4. postcondition">
<proof prover="3"><result status="valid" time="0.01" steps="97"/></proof>
</goal>
<goal name="WP_parameter palindrome_rec.5" expl="5. unreachable point">
<proof prover="3"><result status="valid" time="0.01" steps="5"/></proof>
</goal>
<goal name="WP_parameter palindrome_rec.6" expl="6. variant decrease">
<proof prover="3"><result status="valid" time="0.01" steps="35"/></proof>
</goal>
<goal name="WP_parameter palindrome_rec.7" expl="7. precondition">
<proof prover="3"><result status="valid" time="0.01" steps="14"/></proof>
</goal>
<goal name="WP_parameter palindrome_rec.8" expl="8. postcondition" expanded="true">
<proof prover="2" obsolete="true"><result status="unknown" time="5.94"/></proof>
<proof prover="3"><result status="timeout" time="5.97"/></proof>
<proof prover="5" obsolete="true"><result status="timeout" time="6.00"/></proof>
</goal>
<goal name="WP_parameter palindrome_rec.9" expl="9. postcondition">
<proof prover="2" obsolete="true"><result status="unknown" time="5.93"/></proof>
<proof prover="3"><result status="timeout" time="5.97"/></proof>
<proof prover="5" obsolete="true"><result status="timeout" time="6.00"/></proof>
</goal>
<goal name="WP_parameter palindrome_rec.10" expl="10. exceptional postcondition">
<proof prover="2" obsolete="true"><result status="timeout" time="6.00"/></proof>
<proof prover="3"><result status="timeout" time="5.99"/></proof>
<proof prover="5" obsolete="true"><result status="timeout" time="6.00"/></proof>
</goal>
<goal name="WP_parameter palindrome_rec.11" expl="11. unreachable point">
<proof prover="2"><result status="valid" time="0.03"/></proof>
<proof prover="3"><result status="valid" time="0.03" steps="188"/></proof>
</goal>
<goal name="WP_parameter palindrome_rec.12" expl="12. exceptional postcondition">
<proof prover="2" obsolete="true"><result status="timeout" time="6.00"/></proof>
<proof prover="3"><result status="timeout" time="5.98"/></proof>
<proof prover="5" obsolete="true"><result status="timeout" time="6.00"/></proof>
</goal>
<goal name="WP_parameter palindrome_rec.13" expl="13. unreachable point">
<proof prover="3"><result status="valid" time="0.01" steps="26"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter palindrome" expl="VC for palindrome" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter palindrome.1" expl="1. precondition">
<proof prover="3"><result status="valid" time="0.00" steps="1"/></proof>
</goal>
<goal name="WP_parameter palindrome.2" expl="2. postcondition" expanded="true">
<proof prover="3"><result status="valid" time="0.01" steps="9"/></proof>
</goal>
<goal name="WP_parameter palindrome.3" expl="3. postcondition" expanded="true">
<proof prover="3"><result status="valid" time="0.01" steps="8"/></proof>
</goal>
</transf>
</goal>
</theory>
</file>
</why3session>
(** Build a tree of logarithmic height from an array, in linear time,
while preserving the order of elements
Author: Jean-Christophe Filliâtre (CNRS)
*)
module TreeOfArray
use import int.Int
use import int.ComputerDivision
use import int.Power
use import array.Array
use import array.ToList
use import bintree.Tree
use import bintree.Size
use import bintree.Inorder
use import bintree.Height
let rec tree_of_array_aux (a: array 'a) (lo hi: int) : tree 'a
requires { 0 <= lo <= hi <= length a }
variant { hi - lo }
ensures { let n = hi - lo in
size result = n && inorder result = to_list a lo hi &&
(n > 0 ->
let h = height result in power 2 (h-1) <= n < power 2 h) }
=
if hi = lo then
Empty
else
let mid = lo + div (hi - lo) 2 in
let left = tree_of_array_aux a lo mid in
let right = tree_of_array_aux a (mid + 1) hi in
Node left a[mid] right
let tree_of_array (a: array 'a) : tree 'a
ensures { inorder result = to_list a 0 (length a) }
ensures { size result > 0 -> let h = height result in
power 2 (h-1) <= size result < power 2 h }
=
tree_of_array_aux a 0 (length a)
end
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
"http://why3.lri.fr/why3session.dtd">
<why3session shape_version="4">
<prover id="0" name="Alt-Ergo" version="1.30" timelimit="6" steplimit="0" memlimit="1000"/>
<prover id="1" name="CVC4" version="1.4" timelimit="6" steplimit="0" memlimit="1000"/>
<file name="../tree_of_array.mlw" expanded="true">
<theory name="TreeOfArray" sum="f4eb13eac333d6adcb558cc7ee2bab1b" expanded="true">
<goal name="WP_parameter tree_of_array_aux" expl="VC for tree_of_array_aux" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter tree_of_array_aux.1" expl="1. postcondition">
<proof prover="0"><result status="valid" time="0.02" steps="14"/></proof>
</goal>
<goal name="WP_parameter tree_of_array_aux.2" expl="2. variant decrease">
<proof prover="0"><result status="valid" time="0.02" steps="10"/></proof>
</goal>
<goal name="WP_parameter tree_of_array_aux.3" expl="3. precondition">
<proof prover="0"><result status="valid" time="0.02" steps="12"/></proof>
</goal>
<goal name="WP_parameter tree_of_array_aux.4" expl="4. variant decrease">
<proof prover="0"><result status="valid" time="0.01" steps="10"/></proof>
</goal>
<goal name="WP_parameter tree_of_array_aux.5" expl="5. precondition">
<proof prover="0"><result status="valid" time="0.03" steps="25"/></proof>
</goal>
<goal name="WP_parameter tree_of_array_aux.6" expl="6. index in array bounds">
<proof prover="0"><result status="valid" time="0.01" steps="14"/></proof>
</goal>
<goal name="WP_parameter tree_of_array_aux.7" expl="7. postcondition" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter tree_of_array_aux.7.1" expl="1. postcondition">
<proof prover="0"><result status="valid" time="0.01" steps="17"/></proof>
</goal>
<goal name="WP_parameter tree_of_array_aux.7.2" expl="2. postcondition">
<proof prover="0"><result status="valid" time="0.17" steps="274"/></proof>
</goal>
<goal name="WP_parameter tree_of_array_aux.7.3" expl="3. postcondition">
<proof prover="0"><result status="valid" time="2.41" steps="1183"/></proof>
</goal>
<goal name="WP_parameter tree_of_array_aux.7.4" expl="4. postcondition">
<proof prover="1"><result status="valid" time="0.13"/></proof>
</goal>
</transf>
</goal>
</transf>
</goal>
<goal name="WP_parameter tree_of_array" expl="VC for tree_of_array" expanded="true">
<proof prover="0"><result status="valid" time="0.01" steps="7"/></proof>
</goal>
</theory>
</file>
</why3session>
......@@ -295,6 +295,12 @@ module ToList
forall a: array 'a, l u: int. l < u ->
to_list a l u = Cons a[l] (to_list a (l+1) u)
use import list.Append
lemma to_list_append:
forall a: array 'a, l m u: int. l <= m <= u ->
to_list a l m ++ to_list a m u = to_list a l u
val to_list (a: array 'a) (l u: int) : list 'a
requires { 0 <= l && u <= length a }
ensures { result = to_list a l u }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment