Wiki Agenda Contact Version française

Amortized Queue, in Why3

Queue with good amortized complexity using linked lists, Why3 version


Authors: Jean-Christophe Filliâtre

Topics: List Data Structure / Data Structures

Tools: Why3

References: The 1st Verified Software Competition / The VerifyThis Benchmarks

see also the index (by topic, by tool, by reference, by year)


(*
   VSTTE'10 competition http://www.macs.hw.ac.uk/vstte10/Competition.html
   Problem 5: amortized queue

   Author: Jean-Christophe Filliatre (CNRS)
   Tool:   Why3 (see http://why3.lri.fr/)
*)

module AmortizedQueue

  use int.Int
  use option.Option
  use list.ListRich

  type queue 'a = { front: list 'a; lenf: int;
                    rear : list 'a; lenr: int; }
    invariant { length front = lenf >= length rear = lenr }
    by { front = Nil; lenf = 0; rear = Nil; lenr = 0 }

  function sequence (q: queue 'a) : list 'a =
    q.front ++ reverse q.rear

  let constant empty : queue 'a =
    { front = Nil; lenf = 0; rear = Nil; lenr = 0 }
    ensures { sequence result = Nil }

  let head (q: queue 'a) : 'a
    requires { sequence q <> Nil }
    ensures  { hd (sequence q) = Some result }
  = let Cons x _ = q.front in x

  let create (f: list 'a) (lf: int) (r: list 'a) (lr: int) : queue 'a
    requires { lf = length f /\ lr = length r }
    ensures  { sequence result = f ++ reverse r }
  = if lf >= lr then
      { front = f; lenf = lf; rear = r; lenr = lr }
    else
      let f = f ++ reverse r in
      { front = f; lenf = lf + lr; rear = Nil; lenr = 0 }

  let tail (q: queue 'a) : queue 'a
    requires { sequence q <> Nil }
    ensures  { tl (sequence q) = Some (sequence result) }
  = let Cons _ r = q.front in
    create r (q.lenf - 1) q.rear q.lenr

  let enqueue (x: 'a) (q: queue 'a) : queue 'a
    ensures { sequence result = sequence q ++ Cons x Nil }
  = create q.front q.lenf (Cons x q.rear) (q.lenr + 1)

end

download ZIP archive

Why3 Proof Results for Project "vstte10_aqueue"

Theory "vstte10_aqueue.AmortizedQueue": fully verified

ObligationsAlt-Ergo 2.1.0Alt-Ergo 2.3.3
VC for queue0.00---
VC for empty0.00---
VC for head---0.02
VC for create---0.02
VC for tail---0.03
VC for enqueue---0.01