diff options
| author |  Rustan Leino <unknown> | 2015-07-02 11:46:48 -0700 |
|---|---|---|
| committer | Rustan Leino <unknown> | 2015-07-02 11:46:48 -0700 |
| commit | c7f6887e452cbb91a8297bb64db39a8066750351 (patch) | |
| tree | 14325a022310d62b62017c8cededbb5981bd30cd /Test/dafny4/NipkowKlein-chapter3.dfy | |
| parent | cddd9c198b112902977d4e93ff34404fe1df210c (diff) | |
Added another lemma to a test file
Diffstat (limited to 'Test/dafny4/NipkowKlein-chapter3.dfy')
| -rw-r--r-- | Test/dafny4/NipkowKlein-chapter3.dfy | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/Test/dafny4/NipkowKlein-chapter3.dfy b/Test/dafny4/NipkowKlein-chapter3.dfy index ab45f536..725d68f6 100644 --- a/Test/dafny4/NipkowKlein-chapter3.dfy +++ b/Test/dafny4/NipkowKlein-chapter3.dfy @@ -131,6 +131,12 @@ lemma AsimpCorrect(a: aexp, s: state) forall a' | a' < a { AsimpCorrect(a', s); }
}
+// The following lemma is not in the Nipkow and Klein book, but it's a fun one to prove.
+lemma ASimplInvolutive(a: aexp)
+ ensures asimp(asimp(a)) == asimp(a)
+{
+}
+
// ----- boolean expressions -----
datatype bexp = Bc(v: bool) | Not(bexp) | And(bexp, bexp) | Less(aexp, aexp)
|