isabelle: src/HOL/Boogie/Examples/Boogie_Max.thy@fe711df09fd9 (annotated)

34068 a78307d72e58 make assertion labels unique already when loading a verification condition, boehmes parents: 33663 diff changeset	1	(* Title: HOL/Boogie/Examples/Boogie_Max.thy
33419 8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	2	Author: Sascha Boehme, TU Muenchen
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	3	*)
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	4
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	5	header {* Boogie example: get the greatest element of a list *}
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	6
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	7	theory Boogie_Max
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	8	imports Boogie
40540 293f9f211be0 formal dependency on b2i files boehmes parents: 40514 diff changeset	9	uses ("Boogie_Max.b2i")
33419 8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	10	begin
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	11
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	12	text {*
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	13	We prove correct the verification condition generated from the following
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	14	Boogie code:
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	15
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	16	\begin{verbatim}
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	17	procedure max(array : [int]int, length : int)
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	18	returns (max : int);
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	19	requires (0 < length);
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	20	ensures (forall i: int :: 0 <= i && i < length ==> array[i] <= max);
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	21	ensures (exists i: int :: 0 <= i && i < length ==> array[i] == max);
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	22
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	23	implementation max(array : [int]int, length : int) returns (max : int)
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	24	{
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	25	var p : int, k : int;
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	26	max := array[0];
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	27	k := 0;
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	28	p := 1;
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	29	while (p < length)
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	30	invariant (forall i: int :: 0 <= i && i < p ==> array[i] <= max);
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	31	invariant (array[k] == max);
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	32	{
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	33	if (array[p] > max) { max := array[p]; k := p; }
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	34	p := p + 1;
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	35	}
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	36	}
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	37	\end{verbatim}
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	38	*}
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	39
40580 0592d3a39c08 require the b2i file ending in the boogie_open command (for consistency with the theory header) boehmes parents: 40540 diff changeset	40	boogie_open "Boogie_Max.b2i"
33419 8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	41
40513 1204d268464f look for certificates relative to the theory boehmes parents: 40163 diff changeset	42	declare [[smt_certificates="Boogie_Max.certs"]]
36081 70deefb6c093 renamed "smt_record" to "smt_fixed" (somewhat more expressive) and inverted its semantics boehmes parents: 34993 diff changeset	43	declare [[smt_fixed=true]]
41601 fda8511006f9 made Z3 the default SMT solver again boehmes parents: 41432 diff changeset	44	declare [[smt_oracle=false]]
34993 bf3b8462732b updated examples due to changes in the way SMT certificates are stored boehmes parents: 34068 diff changeset	45
33445 f0c78a28e18e shorter names for variables and verification conditions, boehmes parents: 33424 diff changeset	46	boogie_vc max
34068 a78307d72e58 make assertion labels unique already when loading a verification condition, boehmes parents: 33663 diff changeset	47	by boogie
33424 a3b002e2cd55 proper and unique case names for the split_vc method, boehmes parents: 33419 diff changeset	48
33419 8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	49	boogie_end
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	50
8ae45e87b992 added HOL-Boogie boehmes parents: diff changeset	51	end

author	wenzelm
	Sat, 10 Sep 2011 13:43:09 +0200
changeset 44862	fe711df09fd9
parent 41601	fda8511006f9
child 47152	446cfc760ccf
permissions	-rw-r--r--