diff options
author | Rustan Leino <unknown> | 2015-07-02 11:46:48 -0700 |
---|---|---|
committer | Rustan Leino <unknown> | 2015-07-02 11:46:48 -0700 |
commit | c7f6887e452cbb91a8297bb64db39a8066750351 (patch) | |
tree | 14325a022310d62b62017c8cededbb5981bd30cd /Test/dafny4 | |
parent | cddd9c198b112902977d4e93ff34404fe1df210c (diff) |
Added another lemma to a test file
Diffstat (limited to 'Test/dafny4')
-rw-r--r-- | Test/dafny4/NipkowKlein-chapter3.dfy | 6 | ||||
-rw-r--r-- | Test/dafny4/NipkowKlein-chapter3.dfy.expect | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/Test/dafny4/NipkowKlein-chapter3.dfy b/Test/dafny4/NipkowKlein-chapter3.dfy index ab45f536..725d68f6 100644 --- a/Test/dafny4/NipkowKlein-chapter3.dfy +++ b/Test/dafny4/NipkowKlein-chapter3.dfy @@ -131,6 +131,12 @@ lemma AsimpCorrect(a: aexp, s: state) forall a' | a' < a { AsimpCorrect(a', s); }
}
+// The following lemma is not in the Nipkow and Klein book, but it's a fun one to prove.
+lemma ASimplInvolutive(a: aexp)
+ ensures asimp(asimp(a)) == asimp(a)
+{
+}
+
// ----- boolean expressions -----
datatype bexp = Bc(v: bool) | Not(bexp) | And(bexp, bexp) | Less(aexp, aexp)
diff --git a/Test/dafny4/NipkowKlein-chapter3.dfy.expect b/Test/dafny4/NipkowKlein-chapter3.dfy.expect index ab18d98e..bb45fee9 100644 --- a/Test/dafny4/NipkowKlein-chapter3.dfy.expect +++ b/Test/dafny4/NipkowKlein-chapter3.dfy.expect @@ -1,2 +1,2 @@ -Dafny program verifier finished with 28 verified, 0 errors
+Dafny program verifier finished with 30 verified, 0 errors
|