diff options
author | Rustan Leino <unknown> | 2015-07-28 14:27:29 -0700 |
---|---|---|
committer | Rustan Leino <unknown> | 2015-07-28 14:27:29 -0700 |
commit | 3cfa0049262a9d547f061937d5c452afb2033401 (patch) | |
tree | 485bd499a7c0594ebec294e5e8a566f16898d1d0 /Test/dafny4/NipkowKlein-chapter3.dfy | |
parent | d5eb6e9e4c8e4f71e3bb48e0a40fc412e9a5e65e (diff) |
Renamed "ghost method" to "lemma" whenever appropriate (which is most of the time) in the test suite.
Removed some assertions that have been rendered unnecessary because of the computations that Dafny instructs the SMT solver to do.
Diffstat (limited to 'Test/dafny4/NipkowKlein-chapter3.dfy')
-rw-r--r-- | Test/dafny4/NipkowKlein-chapter3.dfy | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/Test/dafny4/NipkowKlein-chapter3.dfy b/Test/dafny4/NipkowKlein-chapter3.dfy index 725d68f6..3de6a5fc 100644 --- a/Test/dafny4/NipkowKlein-chapter3.dfy +++ b/Test/dafny4/NipkowKlein-chapter3.dfy @@ -195,9 +195,12 @@ lemma BsimpCorrect(b: bexp, s: state) ensures bval(bsimp(b), s) == bval(b, s)
{
/* Here is one proof, which uses the induction hypothesis any anything smaller than b and also invokes
- the lemma AsimpCorrect on anything smaller than b.
+ the lemma AsimpCorrect on every arithmetic expression.
forall b' | b' < b { BsimpCorrect(b', s); }
- forall a' | a' < b { AsimpCorrect(a', s); }
+ forall a { AsimpCorrect(a, s); }
+ Yet another possibility is to mark the lemma with {:induction b} and to use the following line in
+ the body:
+ forall a { AsimpCorrect(a, s); }
*/
// Here is another proof, which makes explicit the uses of the induction hypothesis and the other lemma.
match b
|