anthem-rs/examples/example-2.spec

42 lines
1.9 KiB
RPMSpec
Raw Normal View History

2020-05-12 06:10:59 +02:00
# Perform the proofs under the assumption that n is a nonnegative integer input constant
2020-05-07 17:19:42 +02:00
input: n -> integer.
2020-05-12 06:10:59 +02:00
assume: n >= 0.
2020-05-28 07:06:19 +02:00
# p/1 is an auxiliary predicate
output: q/1.
2020-05-06 21:39:04 +02:00
2020-05-28 07:06:19 +02:00
# Multiplication with positive numbers preserves the order of integers
2020-05-07 17:19:42 +02:00
axiom: forall N1, N2, N3 (N1 > N2 and N3 > 0 -> N1 * N3 > N2 * N3).
2020-05-28 07:06:19 +02:00
2020-05-12 06:10:59 +02:00
# Induction principle instantiated for p.
# This axiom is necessary because we use Vampire without higher-order reasoning
2020-05-28 07:06:19 +02:00
axiom: p(0) and forall N (N >= 0 and p(N) -> p(N + 1)) -> forall N p(N).
2020-05-06 21:39:04 +02:00
2020-05-28 07:06:19 +02:00
# Verify that q computes the floor of the square root of n
spec: exists N (forall X (q(X) <-> X = N) and N >= 0 and N * N <= n and (N + 1) * (N + 1) > n).
2020-05-06 21:39:04 +02:00
2020-05-11 04:14:17 +02:00
2020-05-28 07:06:19 +02:00
#lemma(forward): forall N N * N >= N.
#lemma(forward): forall X (q(X) -> exists N X = N).
#lemma(forward): forall X (q(X) <-> exists N (X = N and N >= 0 and N * N <= n and not p(N + 1))).
#lemma(forward): exists N (q(N) <-> N >= 0 and N * N <= n and (N + 1) * (N + 1) > n).
#lemma(forward): exists N p(N).
lemma(forward): forall X (p(X) <-> exists N (X = N and N >= 0 and N * N <= n)).
lemma(forward): forall N (N >= 0 and not p(N + 1) -> (N + 1) * (N + 1) > n).
2020-05-06 21:39:04 +02:00
lemma(forward): forall X (q(X) <-> exists N2 (X = N2 and N2 >= 0 and N2 * N2 <= n and (N2 + 1) * (N2 + 1) > n)).
lemma(forward): forall N1, N2 (N1 >= 0 and N2 >= 0 and N1 < N2 -> N1 * N1 < N2 * N2).
lemma(forward): forall N (N >= 0 and p(N + 1) -> p(N)).
lemma(forward): not p(n + 1).
lemma(forward): forall N1, N2 (N2 > N1 and N1 >= 0 and p(N2) -> p(N1)).
2020-05-28 07:06:19 +02:00
lemma(forward): forall N1, N2 (q(N1) and N2 > N1 -> not q(N2)).
#lemma(backward): forall N (q(N) -> p(N) and not p(N + 1)).
lemma(backward): forall X1 (q(X1) -> p(X1) and exists X2 (exists N (X2 = N + 1 and N = X1) and not p(X2))).
lemma(backward): forall N (q(N) <- p(N) and not p(N + 1)).
lemma(backward): forall N (q(N) <- p(N) and not p(N + 1)).
lemma(backward): forall X1 (q(X1) <- p(X1) and exists X2 (exists N (X2 = N + 1 and N = X1) and not p(X2))).