% ================================================================= :- pred constr(bool). :- mode constr(in). :- ignore constr/1. % ================================================================= % Program :- pred quicksort(list(int),list(int)). :- mode quicksort(in,out). quicksort([], []). quicksort([X | Xs], ResL) :- partition(X, Xs, Smalls, Bigs), % partition of the tail Xs quicksort(Smalls, Ls), % with respect to the pivot X. quicksort(Bigs, Bs), % X is NOT in Xs. concat(Ls,X,Bs,ResL). :- pred partition(int,list(int),list(int),list(int)). :- mode partition(in,in,out,out). partition(X, [], [], []). partition(X, [Y | Ys], [Y | Ls], Bs) :- constr( (X>Y) ), partition(X, Ys, Ls, Bs). partition(X, [Y | Xs], Ls, [Y | Bs]) :- constr( (X= length(L,LL), length(S,LS) => constr((LL=LS)). % Contract on partition: :- spec partition(P,Ls,Smalls,Bigs) ==> length(Smalls,LSmalls), length(Bigs,LBigs), length(Ls,LLs) => constr( (LLs = (LSmalls+LBigs)) ). % Contract on concat: :- spec concat(Xs,Y,Ys,Zs) ==> length(Xs,LXs), length(Ys,LYs), length(Zs,LZs) => constr( (LZs = (LXs+1+LYs)) ). % ================================================================= % Verification. % Property: :- pred ff1. ff1 :- constr(~(LL=LS)), length(L,LL), length(S,LS), quicksort(L,S). :- pred ff2. ff2 :- constr( ~(LLs = (LSmalls+LBigs)) ), length(Smalls,LSmalls), length(Bigs,LBigs), length(Ls,LLs), partition(X,Ls,Smalls,Bigs). :- pred ff3. ff3 :- constr( ~(LZs = (LXs+1+LYs)) ), length(Xs,LXs), length(Ys,LYs), length(Zs,LZs), concat(Xs,Y,Ys,Zs). % =================================================================% NON-CATA predicates: concat constr partition quicksort