(* A small puzzle from
The Correctness Problem in Computer Science
Robert S. Boyer, J. Strother Moore
Academic Prees, 1982
(suggested by Shankar at the Sixth Summer School on Formal Techniques)
Given a bag containing white and black balls, repeatedly
- remove a pair from the bag
- if they are of the same color, insert a white ball
- if they are of difference colors, insert a black ball
What is the color of the last ball?
*)
module WhiteAndBlackBalls
use int.Int
use ref.Ref
use number.Parity
(* answer: the color of the last ball depends on the parity of the
number of black balls, which is an invariant of the process *)
let last_is_black (b0 w0: int) : bool
requires { b0 >= 0 && w0 >= 0 && b0 + w0 >= 1 }
ensures { result <-> odd b0 }
=
let b = ref b0 in
let w = ref w0 in
while !b + !w >= 2 do
invariant { !b >= 0 && !w >= 0 && !b + !w >= 1 }
invariant { odd !b <-> odd b0 }
variant { !b + !w }
let x, y = any (x: int, y: int) ensures {
0 <= x && 0 <= y && x + y = 2 && x <= !b && y <= !w } in
if x = 0 || y = 0 then begin (* same color -> insert a white *)
b := !b - x;
w := !w - y + 1
end else begin (* different color -> insert a black *)
b := !b - x + 1;
w := !w - y
end
done;
!b > 0
end