diff options
author | rustanleino <unknown> | 2011-03-26 08:54:54 +0000 |
---|---|---|
committer | rustanleino <unknown> | 2011-03-26 08:54:54 +0000 |
commit | 53281904797b0d78e18a79cc2d140df7ba4b9086 (patch) | |
tree | 6f1b098b301fc8e6594c22199fb94a257164b7d5 /Test/dafny1 | |
parent | cd3946b053478afdf7258ce23e34b9ccf51189b5 (diff) |
Dafny: added "choose" operator on sets
Diffstat (limited to 'Test/dafny1')
-rw-r--r-- | Test/dafny1/Answer | 2 | ||||
-rw-r--r-- | Test/dafny1/Celebrity.dfy | 14 |
2 files changed, 6 insertions, 10 deletions
diff --git a/Test/dafny1/Answer b/Test/dafny1/Answer index d9b32305..f54c87fd 100644 --- a/Test/dafny1/Answer +++ b/Test/dafny1/Answer @@ -81,7 +81,7 @@ Dafny program verifier finished with 132 verified, 0 errors -------------------- Celebrity.dfy --------------------
-Dafny program verifier finished with 11 verified, 0 errors
+Dafny program verifier finished with 10 verified, 0 errors
-------------------- UltraFilter.dfy --------------------
diff --git a/Test/dafny1/Celebrity.dfy b/Test/dafny1/Celebrity.dfy index 77af9327..25e6cc5c 100644 --- a/Test/dafny1/Celebrity.dfy +++ b/Test/dafny1/Celebrity.dfy @@ -1,9 +1,5 @@ // Celebrity example, inspired by the Rodin tutorial
-method Pick<T>(S: set<T>) returns (t: T);
- requires S != {};
- ensures t in S;
-
static function method Knows<Person>(a: Person, b: Person): bool;
requires a != b; // forbid asking about the reflexive case
@@ -26,20 +22,20 @@ method FindCelebrity1<Person>(people: set<Person>, ghost c: Person) returns (r: ensures r == c;
{
var Q := people;
- call x := Pick(Q);
+ var x := choose(Q);
while (Q != {x})
//invariant Q <= people; // inv1 in Rodin's Celebrity_1, but it's not needed here
invariant IsCelebrity(c, Q); // inv2
invariant x in Q;
decreases Q;
{
- call y := Pick(Q - {x});
+ var y := choose(Q - {x});
if (Knows(x, y)) {
Q := Q - {x}; // remove_1
} else {
Q := Q - {y}; assert x in Q; // remove_2
}
- call x := Pick(Q);
+ x := choose(Q);
}
r := x;
}
@@ -48,7 +44,7 @@ method FindCelebrity2<Person>(people: set<Person>, ghost c: Person) returns (r: requires IsCelebrity(c, people);
ensures r == c;
{
- call b := Pick(people);
+ var b := choose(people);
var R := people - {b};
while (R != {})
invariant R <= people; // inv1
@@ -58,7 +54,7 @@ method FindCelebrity2<Person>(people: set<Person>, ghost c: Person) returns (r: decreases R;
{
- call x := Pick(R);
+ var x := choose(R);
if (Knows(x, b)) {
R := R - {x};
} else {
|