Merge commit 'df5c5f5'

author: Benjamin Barenblat <bbaren@mit.edu> 2016-05-30 17:58:02 -0400
committer: Benjamin Barenblat <bbaren@mit.edu> 2016-05-30 17:58:02 -0400
commit: e67c951ad9c5c637e36a6f025ba3d6e3ad945416 (patch)
tree: 0cfb5c339602e4bdebf4bf97f3f0ccc3923c14d1 /Test/dafny2/COST-verif-comp-2011-2-MaxTree-class.dfy
parent: 000aa762e1fee4b9bd83ec3d7c8b61fd203e2c9d (diff)
parent: df5c5f547990c1f80ab7594a1f9287ee03a61754 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/Test/dafny2/COST-verif-comp-2011-2-MaxTree-class.dfy b/Test/dafny2/COST-verif-comp-2011-2-MaxTree-class.dfy
index c752bd38..f691384c 100644
--- a/Test/dafny2/COST-verif-comp-2011-2-MaxTree-class.dfy
+++ b/Test/dafny2/COST-verif-comp-2011-2-MaxTree-class.dfy
@@ -117,6 +117,11 @@ class Tree {
     Repr := lft.Repr + {this} + rgt.Repr;
   }
 
+  lemma exists_intro<T>(P: T -> bool, x: T)
+    requires P.requires(x)
+    requires P(x)
+    ensures exists y :: P.requires(y) && P(y) { }
+
   method ComputeMax() returns (mx: int)
     requires Valid() && !IsEmpty();
     ensures forall x :: x in Contents ==> x <= mx;
@@ -124,13 +129,17 @@ class Tree {
     decreases Repr;
   {
     mx := value;
+
     if (!left.IsEmpty()) {
       var m := left.ComputeMax();
       mx := if mx < m  then m else mx;
     }
+
     if (!right.IsEmpty()) {
       var m := right.ComputeMax();
       mx := if mx < m then m else mx;
     }
+
+    exists_intro(x reads this => x in Contents && x == mx, mx);
   }
 }
author	Benjamin Barenblat <bbaren@mit.edu>	2016-05-30 17:58:02 -0400
committer	Benjamin Barenblat <bbaren@mit.edu>	2016-05-30 17:58:02 -0400
commit	e67c951ad9c5c637e36a6f025ba3d6e3ad945416 (patch)
tree	0cfb5c339602e4bdebf4bf97f3f0ccc3923c14d1 /Test/dafny2/COST-verif-comp-2011-2-MaxTree-class.dfy
parent	000aa762e1fee4b9bd83ec3d7c8b61fd203e2c9d (diff)
parent	df5c5f547990c1f80ab7594a1f9287ee03a61754 (diff)