Pigeonhole principle
Pigeonhole principle (aka Dirichlet's drawer principle) proved using a lemma function.
Auteurs: Jean-Christophe Filliâtre
Catégories: Mathematics / Ghost code
Outils: Why3
see also the index (by topic, by tool, by reference, by year)
Pigeonhole principle (also know as Dirichlet's drawer principle)
Proved using a lemma function.
module Pigeonhole use int.Int, set.Fset, ref.Ref let rec ghost below (n: int) : fset int requires { 0 <= n } ensures { forall i. mem i result <-> 0 <= i < n } ensures { cardinal result = n } variant { n } = if n = 0 then empty else add (n-1) (below (n-1)) let lemma pigeonhole (n m: int) (f: int -> int) requires { 0 <= m < n } requires { forall i. 0 <= i < n -> 0 <= f i < m } ensures { exists i1, i2. 0 <= i1 < i2 < n /\ f i1 = f i2 } = let s = ref empty in for i = 0 to n-1 do invariant { cardinal !s = i } invariant { forall x. mem x !s <-> (exists j. 0 <= j < i /\ x = f j) } if mem (f i) !s then return; s := add (f i) !s done; let b = below m in assert { subset !s b }; absurd end
download ZIP archive
Why3 Proof Results for Project "pigeonhole"
Theory "pigeonhole.Pigeonhole": fully verified
Obligations | Alt-Ergo 2.1.0 | |
VC for below | 0.02 | |
VC for pigeonhole | --- | |
split_goal_right | ||
loop invariant init | 0.01 | |
loop invariant init | 0.00 | |
postcondition | 0.00 | |
loop invariant preservation | 0.00 | |
loop invariant preservation | 0.01 | |
precondition | 0.00 | |
assertion | 0.00 | |
unreachable point | 0.00 | |
out of loop bounds | 0.00 |