diff options
author | Rustan Leino <unknown> | 2015-06-15 15:12:34 -0700 |
---|---|---|
committer | Rustan Leino <unknown> | 2015-06-15 15:12:34 -0700 |
commit | 8e6ed9af8dc779f4468d9ccc5ababcdd91f45672 (patch) | |
tree | dd74e87789ef85987b2dfcb727cb1fd6e8ffa458 | |
parent | 2edb5e1ba0f8c9c79364d0f0415713f0ddfdeadd (diff) |
More reads tests
-rw-r--r-- | Test/dafny0/Reads.dfy | 21 | ||||
-rw-r--r-- | Test/dafny0/Reads.dfy.expect | 2 |
2 files changed, 22 insertions, 1 deletions
diff --git a/Test/dafny0/Reads.dfy b/Test/dafny0/Reads.dfy index 545c9a18..23064f54 100644 --- a/Test/dafny0/Reads.dfy +++ b/Test/dafny0/Reads.dfy @@ -91,3 +91,24 @@ class CircularChecking { } class Cell { var data: int } + +// Test the benefits of the new reads checking for function checking + +function ApplyToSet<X>(S: set<X>, f: X -> X): set<X> + requires forall x :: x in S ==> f.reads(x) == {} && f.requires(x) +{ + if S == {} then {} else + var x :| x in S; + ApplyToSet(S - {x}, f) + {f(x)} +} + +function ApplyToSet_AltSignature0<X>(S: set<X>, f: X -> X): set<X> + requires forall x :: x in S ==> f.requires(x) && f.reads(x) == {} + +function ApplyToSet_AltSignature1<X>(S: set<X>, f: X -> X): set<X> + requires forall x :: x in S ==> f.reads(x) == {} + requires forall x :: x in S ==> f.requires(x) + +function ApplyToSet_AltSignature2<X>(S: set<X>, f: X -> X): set<X> + requires (forall x :: x in S ==> f.reads(x) == {}) ==> forall x :: x in S ==> f.requires(x) + // (this precondition would not be good enough to check the body above) diff --git a/Test/dafny0/Reads.dfy.expect b/Test/dafny0/Reads.dfy.expect index 9873f811..4dd1e947 100644 --- a/Test/dafny0/Reads.dfy.expect +++ b/Test/dafny0/Reads.dfy.expect @@ -23,4 +23,4 @@ Execution trace: (0,0): anon10_Then
(0,0): anon4
-Dafny program verifier finished with 11 verified, 6 errors
+Dafny program verifier finished with 15 verified, 6 errors
|