diff options
author | rustanleino <unknown> | 2009-11-05 22:56:10 +0000 |
---|---|---|
committer | rustanleino <unknown> | 2009-11-05 22:56:10 +0000 |
commit | 43004594801ab135fde6dbd69a38521a95a30f70 (patch) | |
tree | e9b54d648011a9628ec1d724c45142fe6c78e180 /Chalice/src | |
parent | 3e050d0273c88db1b00c2d157ac1b970f2a5b4d7 (diff) |
Applied patch 4316, which fixes an unsoundness in the axiomatization of sequences (for both Dafny and Chalice). This in turn fixes issue 5876.
Diffstat (limited to 'Chalice/src')
-rw-r--r-- | Chalice/src/Prelude.scala | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/Chalice/src/Prelude.scala b/Chalice/src/Prelude.scala index 44080daa..28442308 100644 --- a/Chalice/src/Prelude.scala +++ b/Chalice/src/Prelude.scala @@ -118,7 +118,7 @@ axiom (forall<T> t: T :: { Seq#Length(Seq#Singleton(t)) } Seq#Length(Seq#Singlet function Seq#Build<T>(s: Seq T, index: int, val: T, newLength: int) returns (Seq T);
axiom (forall<T> s: Seq T, i: int, v: T, len: int :: { Seq#Length(Seq#Build(s,i,v,len)) }
- Seq#Length(Seq#Build(s,i,v,len)) == len);
+ 0 <= len ==> Seq#Length(Seq#Build(s,i,v,len)) == len);
function Seq#Append<T>(Seq T, Seq T) returns (Seq T);
axiom (forall<T> s0: Seq T, s1: Seq T :: { Seq#Length(Seq#Append(s0,s1)) }
@@ -130,8 +130,9 @@ axiom (forall<T> s0: Seq T, s1: Seq T, n: int :: { Seq#Index(Seq#Append(s0,s1), (n < Seq#Length(s0) ==> Seq#Index(Seq#Append(s0,s1), n) == Seq#Index(s0, n)) &&
(Seq#Length(s0) <= n ==> Seq#Index(Seq#Append(s0,s1), n) == Seq#Index(s1, n - Seq#Length(s0))));
axiom (forall<T> s: Seq T, i: int, v: T, len: int, n: int :: { Seq#Index(Seq#Build(s,i,v,len),n) }
- (i == n ==> Seq#Index(Seq#Build(s,i,v,len),n) == v) &&
- (i != n ==> Seq#Index(Seq#Build(s,i,v,len),n) == Seq#Index(s,n)));
+ 0 <= n && n < len ==>
+ (i == n ==> Seq#Index(Seq#Build(s,i,v,len),n) == v) &&
+ (i != n ==> Seq#Index(Seq#Build(s,i,v,len),n) == Seq#Index(s,n)));
function Seq#Contains<T>(Seq T, T) returns (bool);
axiom (forall<T> s: Seq T, x: T :: { Seq#Contains(s,x) }
@@ -147,12 +148,13 @@ axiom (forall<T> s0: Seq T, s1: Seq T, x: T :: axiom (forall<T> s: Seq T, i: int, v: T, len: int, x: T ::
{ Seq#Contains(Seq#Build(s, i, v, len), x) }
Seq#Contains(Seq#Build(s, i, v, len), x) <==>
- x == v || Seq#Contains(s, x));
+ (0 <= i && i < len && x == v) ||
+ (exists j: int :: { Seq#Index(s,j) } 0 <= j && j < Seq#Length(s) && j < len && j!=i && Seq#Index(s,j) == x));
axiom (forall<T> s: Seq T, n: int, x: T ::
{ Seq#Contains(Seq#Take(s, n), x) }
Seq#Contains(Seq#Take(s, n), x) <==>
(exists i: int :: { Seq#Index(s, i) }
- 0 <= i && i < n && n <= Seq#Length(s) && Seq#Index(s, i) == x));
+ 0 <= i && i < n && i < Seq#Length(s) && Seq#Index(s, i) == x));
axiom (forall<T> s: Seq T, n: int, x: T ::
{ Seq#Contains(Seq#Drop(s, n), x) }
Seq#Contains(Seq#Drop(s, n), x) <==>
|