(*
//
// This file is for Assignment 2, BU CAS CS 520, Fall, 2009
//
// Instructor: Hongwei Xi (hwxi AT cs DOT bu DOT edu)
//
*)

(* ****** ****** *)

(*

f91 (x) = 91               if x = 91
f91 (x) = f91 (f91 (x+11)) if x <= 100 & x <> 91
f91 (x) = f91 (x - 10)     if x >= 101

*)

dataprop F91 (int, int) =
  | F91def1 (91, 91)
  | {i:int | i <= 100; i <> 91} {r1,r2:int}
    F91def2 (i, r2) of (F91 (i+11, r1), F91 (r1, r2))
  | {i:int | 101 <= i} {r:int}
    F91def3 (i, r) of F91 (i-10, r) // F91 (i-10, r) -> F91 (i, r)
// end of [F91]

(* ****** ****** *)

extern prfun f91_lemma {i,r:int} (pf: F91 (i, r)): [r==91] void

// as an example, [f91_lemma1] proves that F91 (i, r) implies r = 91
// if 92 <= i and i <= 101 holds; you may use this lemma in your proof

prfun f91_lemma1 {i:int | 92 <= i; i <= 101} {r:int} .<101-i>.
  (pf:  F91 (i, r)): [r==91] void =
  sif i == 101 then let
    prval F91def3 (pf1) = pf // pf1: F91 (101-10, r)
    prval F91def1 () = pf1
  in
    // empty
  end else let // 92 <= i <= 100
    prval F91def2 (pf1, pf2) = pf // pf1: F91 (i+11, r1); pf2: F91 (r1, r2)
    prval F91def3 (pf11) = pf1 // pf11: F91 (i+11-10, r1)
    prval () = f91_lemma1 {i+1} (pf11) // r1 == 91
    prval F91def1 () = pf2 // r2 == 91
  in
    // empty
  end // end of [f91_lemma1]

(* ****** ****** *)

(*

// this is an example showing that F91 is a total relation with respect to
// its first argument; you do not need the following code in this exercise

prfun f91_istot_lemma1
  {i:int | 91 < i; i <= 101} .<101-i>. (): [r:int] F91 (i, r) =
  sif i == 101 then
    F91def3 (F91def1 ())
  else let
    prval pf1 = f91_istot_lemma1 {i+1} () // pf1: F91 (i+1, r1)
    prval pf2 = F91def3 pf1               // pf2: F91 (i+11, r1)
    prval () = f91_lemma (pf2)            // r1 = 91
  in
    F91def2 (pf2, F91def1 ()) // : F91 (i, 91)
  end // end of [sif]
// end of [f91_istot_lemma1]

prfun f91_istot_lemma2
  {i:int | i <= 101} .<101-i>. (): [r:int] F91 (i, r) =
  sif i == 91 then F91def1 ()
  else sif i < 91 then let
    val pf1 = f91_istot_lemma2 {i+11} () // pf1: F91 (i+11, r1)
    prval () = f91_lemma (pf1)           // r1 = 91
  in
    F91def2 (pf1, F91def1 ()) // : F91 (i, 91)
  end else begin // i > 91
    f91_istot_lemma1 {i} ()
  end // end of [sif]
// end of [f91_istot_lemma2]

prfun f91_istot {i:int} .<max(0,i)>. (): [r:int] F91 (i, r) =
  sif i <= 101 then f91_istot_lemma2 {i} () else F91def3 (f91_istot {i-10} ())
// end of [f91_istot]

*)

(* ****** ****** *)

(* end of [f91.dats] *)