1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
const a : [int] bool;
const b : [int, bool] int;
function f<a>(a) returns (int);
axiom (forall x : [int] bool :: f(x) == 7);
axiom (forall y : [int, bool] int :: f(y) == 7);
procedure P() returns () {
var x : [int] bool;
assert f(a) > 0;
assert f(b) > 0;
x := a;
x[17] := false;
x[16] := true;
assert x[15] == a[15] && !x[17];
assert f(x) == 7;
assert f(x) == 8; // should not be provable
}
type Field a;
const heap : <a>[ref, Field a] a;
procedure Q() returns () {
assert f(heap) > 0; // should not be provable
}
procedure R() returns () {
var o : ref;
var e : Field int, g : Field bool, h : Field (Field int), i : Field int;
var heap2 : <a>[ref, Field a] a;
heap2 := heap;
heap2[o, e] := 17;
assert heap2 == heap[o, e := 17];
heap2[o, g] := true;
assert heap2[o, e] == 17 && heap2[o, g];
heap2[o, h] := e;
assert heap2[o, heap2[o, h]] == 17;
heap2[o, i] := 16;
assert heap2[o, g];
assert heap2[o, heap2[o, h]] == 17; // should no longer be provable
}
type ref;
|