anthem-rs/examples/example-2.spec

34 lines
1.5 KiB
RPMSpec
Raw Normal View History

2020-05-12 06:10:59 +02:00
# Perform the proofs under the assumption that n is a nonnegative integer input constant
2020-05-07 17:19:42 +02:00
input: n -> integer.
2020-05-12 06:10:59 +02:00
assume: n >= 0.
2020-05-28 07:06:19 +02:00
# p/1 is an auxiliary predicate
output: q/1.
2020-05-06 21:39:04 +02:00
2020-05-28 07:06:19 +02:00
# Verify that q computes the floor of the square root of n
spec: exists N (forall X (q(X) <-> X = N) and N >= 0 and N * N <= n and (N + 1) * (N + 1) > n).
2020-05-06 21:39:04 +02:00
2020-05-11 04:14:17 +02:00
2020-05-28 18:40:10 +02:00
# Multiplication with positive numbers preserves the order of integers
axiom: forall N1, N2, N3 (N1 > N2 and N3 > 0 -> N1 * N3 > N2 * N3).
# Induction principle instantiated for p.
# This axiom is necessary because we use Vampire without higher-order reasoning
axiom: forall N1 (p(N1) and forall N2 (N2 >= N1 and not p(N2) -> not p(N2 + 1)) -> forall N2 (N2 >= N1 -> p(N2))).
#axiom: p(0) and forall N (N >= 0 and p(N) -> p(N + 1)) -> forall N p(N).
2020-05-28 07:06:19 +02:00
lemma(forward): forall X (p(X) <-> exists N (X = N and N >= 0 and N * N <= n)).
2020-05-06 21:39:04 +02:00
lemma(forward): forall X (q(X) <-> exists N2 (X = N2 and N2 >= 0 and N2 * N2 <= n and (N2 + 1) * (N2 + 1) > n)).
lemma(forward): forall N1, N2 (N1 >= 0 and N2 >= 0 and N1 < N2 -> N1 * N1 < N2 * N2).
lemma(forward): forall N (N >= 0 and p(N + 1) -> p(N)).
lemma(forward): not p(n + 1).
2020-05-28 07:06:19 +02:00
lemma(forward): forall N1, N2 (q(N1) and N2 > N1 -> not q(N2)).
2020-05-28 18:40:10 +02:00
lemma(forward): forall N (N >= 0 and not p(N + 1) -> (N + 1) * (N + 1) > n).
2020-05-28 07:06:19 +02:00
2020-05-28 18:40:10 +02:00
lemma(backward): forall N1, N2 (q(N1) and q(N2) -> N1 = N2).
axiom: forall N1, N2 (p(N1) and not p(N1 + 1) and p(N2) and not p(N2 + 1) -> N1 = N2).
2020-05-28 07:06:19 +02:00
2020-05-28 18:40:10 +02:00
lemma(backward): forall X1 (q(X1) -> p(X1) and exists X2 (exists N (X2 = N + 1 and N = X1) and not p(X2))).