-
Notifications
You must be signed in to change notification settings - Fork 55
/
Copy pathheapsort_generic.rs
126 lines (113 loc) · 3.85 KB
/
heapsort_generic.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
#![feature(type_ascription)]
extern crate creusot_contracts;
use creusot_contracts::{
logic::{Int, OrdLogic, Seq},
*,
};
#[logic]
fn parent(i: Int) -> Int {
(i + 1) / 2 - 1
}
#[predicate]
fn heap_frag<T: OrdLogic>(s: Seq<T>, start: Int, end: Int) -> bool {
pearlite! { forall<i: Int> start <= parent(i) && i < end ==>
s[i] <= s[parent(i)] }
}
#[logic]
#[requires(heap_frag(s, 0, end))]
#[requires(0 <= i && i < end)]
#[ensures(s[i] <= s[0])]
#[variant(i)]
fn heap_frag_max<T: OrdLogic>(s: Seq<T>, i: Int, end: Int) {
if i > 0 {
heap_frag_max(s, parent(i), end)
}
}
#[requires(heap_frag(v.deep_model(), start@ + 1, end@))]
#[requires(start@ < end@)]
#[requires(end@ <= [email protected]())]
#[ensures(heap_frag((^v).deep_model(), start@, end@))]
#[ensures((^v)@.permutation_of(v@))]
#[ensures(forall<i: Int> 0 <= i && i < start@ || end@ <= i && i < [email protected]()
==> v[i] == (^v)[i])]
#[ensures(forall<m: T::DeepModelTy>
(forall<j: Int> start@ <= j && j < end@ ==> v.deep_model()[j] <= m) ==>
forall<j: Int> start@ <= j && j < end@ ==> (^v).deep_model()[j] <= m)]
fn sift_down<T: Ord + DeepModel>(v: &mut Vec<T>, start: usize, end: usize)
where
T::DeepModelTy: OrdLogic,
{
let old_v = snapshot! { v };
let mut i = start;
#[invariant(inv(v))]
#[invariant([email protected]_of(old_v@))]
#[invariant(start@ <= i@ && i@ < end@)]
#[invariant(forall<j: Int> 0 <= j && j < start@ || end@ <= j && j < [email protected]()
==> old_v[j] == v[j])]
#[invariant(forall<m: T::DeepModelTy>
(forall<j: Int> start@ <= j && j < end@ ==> old_v.deep_model()[j] <= m) ==>
forall<j: Int> start@ <= j && j < end@ ==> v.deep_model()[j] <= m)]
#[invariant(forall<j: Int> start@ <= parent(j) && j < end@ && i@ != parent(j) ==>
v.deep_model()[j] <= v.deep_model()[parent(j)])]
#[invariant({let c = 2*i@+1; c < end@ && start@ <= parent(i@) ==> v.deep_model()[c] <= v.deep_model()[parent(parent(c))]})]
#[invariant({let c = 2*i@+2; c < end@ && start@ <= parent(i@) ==> v.deep_model()[c] <= v.deep_model()[parent(parent(c))]})]
loop {
if i >= end / 2 {
return;
}
let mut child = 2 * i + 1;
if child + 1 < end && v[child] < v[child + 1] {
child += 1
}
if v[child] <= v[i] {
return;
}
v.swap(i, child);
i = child
}
}
#[predicate]
fn sorted_range<T: OrdLogic>(s: Seq<T>, l: Int, u: Int) -> bool {
pearlite! {
forall<i: Int, j :Int> l <= i && i < j && j < u ==> s[i] <= s[j]
}
}
#[predicate]
fn sorted<T: OrdLogic>(s: Seq<T>) -> bool {
pearlite! {
sorted_range(s, 0, s.len())
}
}
#[ensures(sorted((^v).deep_model()))]
#[ensures((^v)@.permutation_of(v@))]
pub fn heap_sort<T: Ord + DeepModel>(v: &mut Vec<T>)
where
T::DeepModelTy: OrdLogic,
{
let old_v = snapshot! { v };
let mut start = v.len() / 2;
#[invariant([email protected]_of(old_v@))]
#[invariant(heap_frag(v.deep_model(), start@, [email protected]()))]
#[invariant(start@ <= [email protected]()/2)]
while start > 0 {
start -= 1;
sift_down(v, start, v.len());
}
let mut end = v.len();
#[invariant(end@ <= [email protected]())]
#[invariant([email protected]_of(old_v@))]
#[invariant(heap_frag(v.deep_model(), 0, end@))]
#[invariant(sorted_range(v.deep_model(), end@, [email protected]()))]
#[invariant(forall<i: Int, j: Int> 0 <= i && i < end@ && end@ <= j && j < [email protected]() ==>
v.deep_model()[i] <= v.deep_model()[j])]
while end > 1 {
end -= 1;
v.swap(0, end);
proof_assert! {
heap_frag_max(v.deep_model(), 0/*dummy*/, end@);
forall<i : Int, j : Int> 0 <= i && i < end@ && end@ <= j && j < [email protected]() ==>
v.deep_model()[i] <= v.deep_model()[j]
};
sift_down(v, 0, end);
}
}