Output from Example Program Correctness Proof


This is the output from OBJ3 code for a simple program correctness proof.
awk% obj
                     \|||||||||||||||||/
                   --- Welcome to OBJ3 ---
                     /|||||||||||||||||\
         OBJ3 version 2.04oxford built: 1994 Feb 28 Mon 15:07:40
            Copyright 1988,1989,1991 SRI International
                   1999 Feb 15 Mon 9:39:12
OBJ> in eg1
==========================================
obj NAT
Warning: redefining module NAT
==========================================
obj NATOPS
==========================================
th STORE
==========================================
obj EXP
==========================================
obj PGM
==========================================
***> the program:
==========================================
obj POW
==========================================
reduce in POW : pow
rewrites: 7
result Pgm: 'A := a0 ; 'B := b0 ; 'C := s 0 ; while pos 'B do while 
    even 'B do 'A := ('A * 'A) ; 'B := ('B %2) od ; 'B := ('B - s 0) ; 
    'C := ('C * 'A) od
==========================================
***> example:
==========================================
open POW
==========================================
eq a0 = s s 0 .
==========================================
eq b0 = s s s 0 .
==========================================
reduce in POW : (initial ; pow)[['C]]
rewrites: 209
result Nat: s (s (s (s (s (s (s (s 0)))))))
==========================================
***> should be: 8
==========================================
close
==========================================
***> the verification:
==========================================
openr POW
==========================================
***> the invariant:
==========================================
op inv : Store -> Bool .
==========================================
var S : Store .
==========================================
eq inv ( S ) = ( ( S [ [ 'A ] ] ) ** ( S [ [ 'B ] ] ) ) * ( S [ [ 'C 
    ] ] ) == a0 ** b0 .
==========================================
***> init
==========================================
op s : -> Store .
==========================================
reduce in POW : inv(s ; init)
rewrites: 27
result Bool: true
==========================================
***> should be: true
==========================================
ops a b c : -> Nat .
==========================================
eq s [ [ 'A ] ] = a .
==========================================
eq s [ [ 'B ] ] = b .
==========================================
eq s [ [ 'C ] ] = c .
==========================================
close
==========================================
open POW
==========================================
eq ( a ** b ) * c = a0 ** b0 .
==========================================
eq pos b = true .
==========================================
eq even b = true .
==========================================
reduce in POW : inv(s ; inner)
rewrites: 27
result Bool: true
==========================================
***> should be: true
==========================================
close
==========================================
open POW
==========================================
eq ( a ** b ) * c = a0 ** b0 .
==========================================
eq even b = false .
==========================================
***> therefore [lemma3]:
==========================================
eq pos b = true .
==========================================
reduce in POW : inv(s ; step)
rewrites: 31
result Bool: true
==========================================
***> should be: true
==========================================
close
OBJ> q
Bye.
awk% 

Back to the OBJ3 source code for this simple program correctness proof.
Back to CSE 230 homepage
Maintained by Joseph Goguen
Last modified 14 February 1999