class C { method M(x: T, u: U) returns (y: T) ensures x == y && u == u; { y := x; } function method F(x: X, u: U): bool { x == x && u == u } method Main(u: U) { var t := F(3,u) && F(this,u); call kz := M(t,u); assert kz && (G() || !G()); } function G(): Y; } class SetTest { method Add(s: set, x: T) returns (t: set) ensures t == s + {x}; { t := s + {x}; } method Good() { var s := {2, 5, 3}; call t := Add(s, 7); assert {5,7,2,3} == t; } method Bad() { var s := {2, 50, 3}; call t := Add(s, 7); assert {5,7,2,3} == t; // error } } class SequenceTest { method Add(s: seq, x: T) returns (t: seq) ensures t == s + [x]; { t := s + [x]; } method Good() { var s := [2, 5, 3]; call t := Add(s, 7); assert [2,5,3,7] == t; } method Bad() { var s := [2, 5, 3]; call t := Add(s, 7); assert [2,5,7,3] == t || [2,5,3] == t; // error } } // ------------------------- class CC { var x: T; method M(c: CC, z: T) returns (y: T) requires c != null; modifies this; ensures y == c.x && x == z; { x := c.x; x := z; y := c.x; } } class CClient { method Main() { var c := new CC; var k := c.x + 3; if (c.x == c.x) { k := k + 1; } var m := c.x; if (m == c.x) { k := k + 1; } c.x := 5; c.x := c.x; call z := c.M(c, 17); assert z == c.x; } } // ------------------------- static function IsCelebrity(c: Person, people: set): bool; requires c == c || c in people; method FindCelebrity3(people: set, ghost c: int) requires IsCelebrity(c, people); // once upon a time, this caused the translator to produce bad Boogie { ghost var b: bool; b := IsCelebrity(c, people); b := F(c, people); } static function F(c: int, people: set): bool; requires IsCelebrity(c, people); function RogerThat(g: G): G { g } function Cool(b: bool): bool { b } method IsRogerCool(n: int) requires RogerThat(true); // once upon a time, this caused the translator to produce bad Boogie { if (*) { assert Cool(2 < 3 && n < n && n < n+1); // the error message here will peek into the argument of Cool } else if (*) { assert RogerThat(2 < 3 && n < n && n < n+1); // same here; cool, huh? } }