ADT Plugin should auto-generate well-foundedness axioms for the generated types

viperproject / silver

Definition of the Viper intermediate verification language.

Mozilla Public License 2.0

78 stars 40 forks source link

Closed marcoeilers closed 11 months ago

marcoeilers commented 1 year ago

Possibly conditionally when the termination plugin is active as well.

Currently, the user has to manually write such axioms; otherwise, there is no way to e.g. prove the following function on lists well-founded:

function len(l: List[Val]): Int
  ensures result >= 0
  // decreases l
{
  l.isNil ? 0 : 1 + len(l.tail)
}