isabelle: src/HOL/Boogie/Examples/Boogie_Max.thy@b1f4291eb916 (annotated)

34068 a78307d72e58 make assertion labels unique already when loading a verification condition, boehmes parents: 33663 diff changeset	1	(* Title: HOL/Boogie/Examples/Boogie_Max.thy
33419 8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	2	Author: Sascha Boehme, TU Muenchen
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	3	*)
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	4
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	5	header {* Boogie example: get the greatest element of a list *}
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	6
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	7	theory Boogie_Max
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	8	imports Boogie
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	9	begin
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	10
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	11	text {*
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	12	We prove correct the verification condition generated from the following
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	13	Boogie code:
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	14
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	15	\begin{verbatim}
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	16	procedure max(array : [int]int, length : int)
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	17	returns (max : int);
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	18	requires (0 < length);
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	19	ensures (forall i: int :: 0 <= i && i < length ==> array[i] <= max);
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	20	ensures (exists i: int :: 0 <= i && i < length ==> array[i] == max);
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	21
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	22	implementation max(array : [int]int, length : int) returns (max : int)
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	23	{
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	24	var p : int, k : int;
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	25	max := array[0];
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	26	k := 0;
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	27	p := 1;
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	28	while (p < length)
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	29	invariant (forall i: int :: 0 <= i && i < p ==> array[i] <= max);
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	30	invariant (array[k] == max);
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	31	{
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	32	if (array[p] > max) { max := array[p]; k := p; }
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	33	p := p + 1;
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	34	}
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	35	}
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	36	\end{verbatim}
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	37	*}
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	38
40580 0592d3a39c08 require the b2i file ending in the boogie_open command (for consistency with the theory header) boehmes parents: 40540 diff changeset	39	boogie_open "Boogie_Max.b2i"
33419 8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	40
50662 b1f4291eb916 regenerate certificates -- and use oracle in a few cases where the Z3 proof parser can't deal with Z3 3.2 proofs blanchet parents: 48907 diff changeset	41	declare [[smt_oracle = false]]
47152 446cfc760ccf renamed "smt_fixed" to "smt_read_only_certificates" blanchet parents: 41601 diff changeset	42	declare [[smt_certificates = "Boogie_Max.certs"]]
446cfc760ccf renamed "smt_fixed" to "smt_read_only_certificates" blanchet parents: 41601 diff changeset	43	declare [[smt_read_only_certificates = true]]
34993 bf3b8462732b updated examples due to changes in the way SMT certificates are stored boehmes parents: 34068 diff changeset	44
33445 f0c78a28e18e shorter names for variables and verification conditions, boehmes parents: 33424 diff changeset	45	boogie_vc max
34068 a78307d72e58 make assertion labels unique already when loading a verification condition, boehmes parents: 33663 diff changeset	46	by boogie
33424 a3b002e2cd55 proper and unique case names for the split_vc method, boehmes parents: 33419 diff changeset	47
33419 8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	48	boogie_end
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	49
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	50	end

author	blanchet
	Tue, 01 Jan 2013 11:36:30 +0100
changeset 50662	b1f4291eb916
parent 48907	5c4275c3b5b8
permissions	-rw-r--r--