% ================================================================= :- pred constr(bool). :- mode constr(in). :- ignore constr/1. % ================================================================= % Program :- pred quicksort(list(int),list(int)). :- mode quicksort(in,out). quicksort([], []). quicksort([X | Xs], ResL) :- partition(X, Xs, Smalls, Bigs), % partition of the tail Xs quicksort(Smalls, Ls), % with respect to the pivot X. quicksort(Bigs, Bs), % X is NOT in Xs. cons(X,Bs,XBs), append(Ls, XBs, ResL). :- pred partition(int,list(int),list(int),list(int)). :- mode partition(in,in,out,out). partition(X, [], [], []). partition(X, [Y | Ys], [Y | Ls], Bs) :- constr( (X>Y) ), partition(X, Ys, Ls, Bs). partition(X, [Y | Xs], Ls, [Y | Bs]) :- constr( (X= (X, Xs, Ls, Bs) :- pred append(list(int),list(int),list(int)). :- mode append(in,in,out). append([],Ys,Ys). append([X|Xs],Ys,[X|Zs]) :- append(Xs,Ys,Zs). :- pred cons(int,list(int),list(int)). :- mode cons(in,in,out). cons(H,T,[H|T]). % ================================================================= % catamorphisms :- pred listcount(int,list(int),int). :- mode listcount(in,in,out). :- cata listcount/3-2. listcount(X,[],Res) :- constr( (Res=0) ). listcount(X,[Y|Ys],Res) :- constr( Res=ite(X=Y,ResT+1,ResT) ), listcount(X,Ys,ResT). % ================================================================= % Verification. % Property: :- pred ff1. ff1 :- constr(~(SL=SS)), listcount(X,L,SL), listcount(X,S,SS), quicksort(L,S). % contracts (postcondition: true) :- spec partition(X,Ls,Smalls,Bigs) ==> listcount(Y,Ls,SLs), listcount(Y,Smalls,SSmalls), listcount(Y,Bigs,SBigs) => constr(true). :- spec append(Xs,Ys,Zs) ==> listcount(X,Xs,SXs), listcount(X,Ys,SYs), listcount(X,Zs,SZs) => constr(true). :- spec cons(C,A,D) ==> listcount(X,A,SA), listcount(X,D,SD) => constr(true). % ================================================================= :- query ff1/0. % =================================================================