-
Notifications
You must be signed in to change notification settings - Fork 232
Quantifiers and patterns
Markulf Kohlweiss edited this page Feb 23, 2017
·
28 revisions
Use SMTPat and pattern for fine control over SMT proof.
Example
assume type t
assume val (+): t -> t -> t
assume val plus_associative: x:t -> y:t -> z:t -> Lemma
(requires True)
(ensures ((x + y) + z == x + (y + z)))
[SMTPat ((x + y) + z)]
irreducible let trigger (x:t) (y:t) = True
val test: x:t -> y:t -> z:t -> Lemma
(requires (forall (a:t) (b:t).{:pattern (trigger a b)} trigger a b /\ a + b == b + a))
(ensures ((x + y) + z == (z + y) + x))
let test x y z = cut (trigger z y); cut (trigger x (z + y))The SMTPat pattern in the associativity lemma results in the equality ((x + y) + z == x + (y + z)) being added to Z3's environment, whenever F* sees the pattern ((x+y)+z).
The :pattern in the forall defines an explicit trigger that adds the equality a + b == b + a whenever the trigger (a + b) appears in a cut.
The proof of the test lemma follows from the 3 equalities
(x + y) + z == x + (y + z)) SMTPat ((x + y) + z plus_associative lemma
== x + (z + y)) trigger z y z + y = y + z
== (z + y) x trigger x (z + y) x (z + y) = (z + y) x
QED