summaryrefslogtreecommitdiff
path: root/Test/test21/EmptyList.bpl
blob: a6b90638147b8cf215a044ccd58f20dfc6ecc2f4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47


type List _;

function NIL<a>() returns (List a);
function Cons<a>(a, List a) returns (List a);

function car<a>(List a) returns (a);
function cdr<a>(List a) returns (List a);

axiom (forall<a> x:a, l:List a :: car(Cons(x, l)) == x);
axiom (forall<a> x:a, l:List a :: cdr(Cons(x, l)) == l);

axiom (forall<a> x:a, l:List a :: Cons(x, l) != NIL());

var l:List bool;

var m:List int;
var mar:[int](List int);

procedure P() returns ()
      requires m != NIL();
      requires mar[0] == m && (forall i:int :: i > 0 ==> mar[i] == cdr(mar[i-1]));
      modifies l, m, mar; {

  l := Cons(true, NIL());

  assert l != NIL();
  l := cdr(l);

  assert l == NIL();
  l := Cons(true, l);
  l := Cons(false, l);

  assert car(mar[1]) == car(cdr(m));
  mar[0] := NIL();
  assert mar[0] != m;

  assert !car(l) && car(cdr(l));
  l := cdr(cdr(l));

  assert (forall i:int :: i > 0 ==> mar[i] == cdr(mar[i-1]));    // error
}

procedure Q() returns () {
  assert Cons(NIL(), NIL()) != NIL();  // warning, but provable
}