def absValue(x) : """{ pre x != 0 post ans > 0 and (ans == x or ans == 0 - x) return ans }""" #PREMISES FOR NEXT LINE: # (x != 0) if x < 0 : #PREMISES FOR THEN-ARM: # (x < 0) # (x != 0) ans = 0 - x #PREMISES FOR ATTACHED PROOF, IF ANY: # (ans == (0 - x)) # (x < 0) # (x != 0) """{ 1.OK x < 0 premise 2.OK ans == 0 - x premise 3.OK ans > 0 algebra 1 2 4.OK ans == x or ans == 0 - x algebra 2 5.OK return 3 4 # lets us collect two facts }""" #PREMISES FOR NEXT LINE: # (ans > 0) # ((ans == x) or (ans == (0 - x))) else : #PREMISES FOR ELSE-ARM: # not (x < 0) # (x != 0) """{ 1.OK x != 0 premise 2.OK not(x < 0) premise 3.OK x > 0 algebra 1 2 }""" #PREMISES FOR NEXT LINE: # (x > 0) ans = x #PREMISES FOR ATTACHED PROOF, IF ANY: # (ans == x) # (x > 0) """{ 1.OK ans == x premise 2.OK x > 0 premise 3.OK ans > 0 subst 1 2 4.OK ans == x or ans == 0 - x algebra 1 5.OK return 3 4 }""" #PREMISES FOR NEXT LINE: # (ans > 0) # ((ans == x) or (ans == (0 - x))) #PREMISES FOR NEXT LINE: # (ans > 0) # ((ans == x) or (ans == (0 - x))) # (x != 0) # in each arm, we proved ans == x or ans == 0 - x and also ans > 0 # the checker uses these facts to prove the postcondition.OK # We can write the proof if we wish: """{ 1. ans == x or ans == 0 - x premise 2.OK ans > 0 premise 3.OK ans > 0 and (ans == x or ans == 0 - x) andi 2 1 }""" #PREMISES FOR NEXT LINE: # ((ans > 0) and ((ans == x) or (ans == (0 - x)))) # POSTCONDITION AND ALL GLOBAL INVARIANTS VERIFIED AT POINT OF RETURN return ans #PREMISES FOR NEXT LINE: # ((ans > 0) and ((ans == x) or (ans == (0 - x)))) # POSTCONDITION AND ALL GLOBAL INVARIANTS VERIFIED AT END OF FUNCTION #PREMISES FOR NEXT LINE: