diff options
| author |  mikebarnett <unknown> | 2009-07-15 21:03:41 +0000 |
|---|---|---|
| committer | mikebarnett <unknown> | 2009-07-15 21:03:41 +0000 |
| commit | ce1c2de044c91624370411e23acab13b0381949b (patch) | |
| tree | 592539996fe08050ead5ee210c973801611dde40 /Test/test2/AssumeEnsures.bpl | |
Initial set of files.
Diffstat (limited to 'Test/test2/AssumeEnsures.bpl')
| -rw-r--r-- | Test/test2/AssumeEnsures.bpl | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/Test/test2/AssumeEnsures.bpl b/Test/test2/AssumeEnsures.bpl new file mode 100644 index 00000000..901c06c8 --- /dev/null +++ b/Test/test2/AssumeEnsures.bpl @@ -0,0 +1,69 @@ +var g: int;
+
+procedure Foo() returns ();
+ modifies g;
+ free ensures 0 <= g;
+
+implementation Foo() returns ()
+{
+ entry:
+ g := g + 1;
+ return;
+}
+
+procedure BarGood() returns ()
+ modifies g;
+{
+ entry:
+ call Foo();
+ assert 0 <= g;
+ return;
+}
+
+procedure BarBad() returns ()
+ modifies g;
+{
+ entry:
+ call Foo();
+ assert 0 < g;
+ return;
+}
+
+// ----- Free preconditions
+
+procedure Proc() returns ();
+ free requires g == 15;
+
+implementation Proc() returns ()
+{
+ entry:
+ assert g > 10; // yes, this condition can be used here
+ return;
+}
+
+implementation Proc() returns ()
+{
+ entry:
+ assert g < 10; // error
+ return;
+}
+
+procedure Caller0() returns ()
+{
+ entry:
+ call Proc(); // yes, legal, since the precondition is not checked
+ return;
+}
+
+procedure Caller1() returns ()
+{
+ entry:
+ call Proc();
+ assert g > 10; // error, because:
+ // Free preconditions are ignored (that is, treated as "skip") for the caller.
+ // This is a BoogiePL design choice. Another alternative would be to treat free
+ // preconditions as assume commands also on the caller side, either in the order
+ // that all preconditions are given, or before or after all the checked preconditions
+ // have been checked.
+ return;
+}
|