enrich natlist, olist with functions leftneighbors : list → natlist; first-lower : natlist × list × elem → nat; predicates bounded : natlist × nat × nat; ordered> : natlist; valid-stack : natlist × list; procedures LEFTNEIGHBORS list : : natlist ; variables x : list; y : list; left : natlist; lneighbors : natlist; stack : natlist; xpos : nat; a : elem; partial functions leftneighbor : list × nat → nat with λ x, n. n < # x; leftneighbor : list × nat × elem → nat with λ x, n, a. n < # x; leftneighbors : list × nat → natlist with λ x, n. n ≤ # x; . [ . ]! : list × nat → elem with λ x, n. 0 < n ∧ n ≤ # x; comment: 1-based lookup; axioms one-based-lookup : ⊦ x[n]! = x[n -1]; used for: ls; first-lower-base : ⊦ first-lower([], x, a) = 0; used for: s, ls; first-lower-rec : ⊦ first-lower(xpos ' + stack, x, a) = (x[xpos]! < a ⊃ xpos;first-lower(stack, x, a)); used for: s, ls; leftneighbors : ⊦ leftneighbors(x) = leftneighbors(x, # x); used for: s, ls; leftneighbors-base : ⊦ leftneighbors(x, 0) = []; used for: s, ls; leftneighbors-rec : ⊦ leftneighbors(x, n + 1) = leftneighbors(x, n) + leftneighbor(x, n); used for: s, ls; leftneighbor : ⊦ leftneighbor(x, n) = leftneighbor(x, n, x[n]); leftneighbor-base : ⊦ leftneighbor(x, 0, a) = 0; used for: s, ls; leftneighbor-rec : ⊦ leftneighbor(x, n + 1, a) = (x[n] < a ⊃ n + 1;leftneighbor(x, n, a)); used for: s, ls; bounded-base : ⊦ bounded([], n0, n1); used for: s, ls; bounded-rec : ⊦ bounded(m ' + stack, n0, n1) ↔ n0 ≤ m ∧ m < n1 ∧ bounded(stack, n0, n1); used for: s, ls; ordered-base : ⊦ ordered>([]); used for: s, ls; ordered-one : ⊦ ordered>(n '); used for: s, ls; ordered-rec : ⊦ ordered>(n0 ' + n1 ' + stack) ↔ n1 < n0 ∧ ordered>(n1 ' + stack); used for: s, ls; valid-stack-base : ⊦ valid-stack([], x); used for: s, ls; valid-stack-one : ⊦ valid-stack(xpos ', x) ↔ 0 < xpos ∧ xpos ≤ # x ∧ leftneighbor(x, xpos - 1) = 0; used for: s, ls; valid-stack-rec : ⊦ valid-stack(xpos1 ' + xpos0 ' + stack, x) ↔ 0 < xpos1 ∧ xpos1 ≤ # x ∧ leftneighbor(x, xpos1 - 1) = xpos0 ∧ valid-stack(xpos0 ' + stack, x); used for: s, ls; theorems LEFTNEIGHBORS-correct : ⊦ ⟨LEFTNEIGHBORS(x; ; lneighbors)⟩ (lneighbors = leftneighbors(x)); declarations LEFTNEIGHBORS-decl : LEFTNEIGHBORS(x; ; lneighbors) {lneighbors := []; let xpos = 1, stack = [] in while xpos ≤ # x do {/* _: invariant xpos ≠ 0 ∧ xpos ≤ # x + 1 ∧ (stack = [] ↔ xpos = 1) ∧ ordered>(stack) ∧ bounded(stack, 1, xpos) ∧ lneighbors = leftneighbors(x, xpos - 1) ∧ valid-stack(stack, x) ∧ (stack ≠ [] → stack.head = xpos - 1) wfbound # x + 1 - xpos; */; while stack ≠ [] ∧ ¬ x[stack.head]! < x[xpos]! do {/* _: invariant xpos ≠ 0 ∧ xpos ≤ # x ∧ ordered>(stack) ∧ bounded(stack, 1, xpos) ∧ valid-stack(stack, x) ∧ leftneighbor(x, xpos - 1) = first-lower(stack, x, x[xpos]!) wfbound # stack; */; stack := stack.tail}; if stack = [] then lneighbors := lneighbors + 0 else lneighbors := lneighbors + stack.head; stack := xpos + stack; xpos := xpos + 1} } ; end enrich