{-# OPTIONS --allow-unsolved-metas #-}
data _⊎_ (X Y : Set) : Set where
left : X → X ⊎ Y
right : Y → X ⊎ Y
module Implementation
(A : Set)
(_≤_ : A → A → Set)
(cmp? : (x y : A) → (x ≤ y) ⊎ (y ≤ x)) where
data List : Set where
[] : List
_∷_ : A → List → List
insert : A → List → List
insert x [] = x ∷ []
insert x (y ∷ ys) with cmp? x y
... | left x≤y = x ∷ (y ∷ ys)
... | right y≤x = y ∷ insert x ys
sort : List → List
sort [] = []
sort (x ∷ xs) = insert x (sort xs)
module Verification
(A : Set)
(_≤_ : A → A → Set)
(cmp? : (x y : A) → (x ≤ y) ⊎ (y ≤ x)) where
open Implementation A _≤_ cmp?
data IsSorted : List → Set where
empty : IsSorted []
singleton : {x : A} → IsSorted (x ∷ [])
cons : {x y : A} {ys : List} → IsSorted (y ∷ ys) → x ≤ y → IsSorted (x ∷ (y ∷ ys))
lemma₀ : (x y : A) (ys : List) → y ≤ x → IsSorted (y ∷ ys) → IsSorted (y ∷ insert x ys)
lemma₀ = {!!}
lemma : (x : A) (ys : List) → IsSorted ys → IsSorted (insert x ys)
lemma x [] p = singleton
lemma x (y ∷ ys) p with cmp? x y
... | left x≤y = cons {x} {y} {ys} p x≤y
... | right y≤x = lemma₀ x y ys y≤x p
theorem : (xs : List) → IsSorted (sort xs)
theorem [] = empty
theorem (x ∷ xs) = lemma x (sort xs) (theorem xs)
cheatsort : List → List
cheatsort xs = []
cheattheorem : (xs : List) → IsSorted (cheatsort xs)
cheattheorem xs = empty
module CorrectByConstruction
(A : Set)
(_≤_ : A → A → Set)
(-∞ : A)
(is-min : {x : A} → -∞ ≤ x)
(cmp? : (x y : A) → (x ≤ y) ⊎ (y ≤ x)) where
data List : Set where
[] : List
_∷_ : A → List → List
data SList (l : A) : Set where
nil : SList l
cons : (x : A) → (xs : SList x) → l ≤ x → SList l
insert : {l : A} (x : A) (ys : SList l) → l ≤ x → SList l
insert x nil l≤x = cons x nil l≤x
insert x (cons y ys l≤y) l≤x with cmp? x y
... | left x≤y = cons x (cons y ys x≤y) l≤x
... | right y≤x = cons y (insert x ys y≤x) l≤y
sort : List → SList -∞
sort [] = nil
sort (x ∷ xs) = insert x (sort xs) is-min