diff options
| author |  Rustan Leino <unknown> | 2014-06-24 10:45:53 -0700 |
|---|---|---|
| committer | Rustan Leino <unknown> | 2014-06-24 10:45:53 -0700 |
| commit | 2e01ab9670a91ab7b6b22a9cff676f45b629755e (patch) | |
| tree | 58089e77f6a32462971aec82c91f4d2c09af89c6 /Test/dafny0/MultiSets.dfy | |
| parent | 19895aaed833d16bad36a07e9459abc882ccd6b6 (diff) | |
Added some axioms about seq-to-multiset conversions
Diffstat (limited to 'Test/dafny0/MultiSets.dfy')
| -rw-r--r-- | Test/dafny0/MultiSets.dfy | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/Test/dafny0/MultiSets.dfy b/Test/dafny0/MultiSets.dfy index e01e9898..7478719e 100644 --- a/Test/dafny0/MultiSets.dfy +++ b/Test/dafny0/MultiSets.dfy @@ -269,3 +269,29 @@ method MultiSetProperty0(s: multiset<object>, t: multiset<object>, p: object) assert s + (t - s) == t; // error
}
}
+
+// ---------- additional properties
+
+lemma UpperBoundOnOccurrenceCount(s: multiset<int>, x: int)
+ ensures 0 <= s[x] <= |s|;
+{
+}
+
+lemma MultisetCardinalityFromSequenceLength(s: seq<int>)
+ ensures |multiset(s)| == |s|;
+{
+}
+
+lemma Set_and_Multiset_Cardinalities(x: int, y: int)
+{
+ if * {
+ assert 1 <= |{x,y}| <= 2;
+ if x != y {
+ assert 2 <= |{x,y}|;
+ } else {
+ assert 2 <= |{x,y}|; // error
+ }
+ } else {
+ assert |multiset{x,y}| == 2;
+ }
+}
|