Dafny: implemented the wellformedness check that datatype destructors are only applied to values created by the corresponding constructor

Dafny: implement ghost destructors properly
author: Rustan Leino <leino@microsoft.com> 2011-11-11 17:40:39 -0800
committer: Rustan Leino <leino@microsoft.com> 2011-11-11 17:40:39 -0800
commit: ac1188ff59098c4dd33d23022a0c324487eb8d86 (patch)
tree: a1590a1d814016e372108e26c629910715c17fc7 /Test/dafny0/Datatypes.dfy
parent: 2eca0d1d73d1f2681fbbd6596e4175b13bd7c67b (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/Test/dafny0/Datatypes.dfy b/Test/dafny0/Datatypes.dfy
index eb527e0d..aff12fda 100644
--- a/Test/dafny0/Datatypes.dfy
+++ b/Test/dafny0/Datatypes.dfy
@@ -194,6 +194,17 @@ method InjectivityTests(d: XList)
   }
 }
 
+method MatchingDestructor(d: XList) returns (r: XList)
+  ensures r.Car == 5;  // error: specification is not well-formed (since r might not be an XCons)
+{
+  if (*) {
+    var x0 := d.Car;  // error: d might not be an XCons
+  } else if (d.XCons?) {
+    var x1 := d.Car;
+  }
+  r := XCons(5, XNil);
+}
+
 // -------------
 
 method FwdBug(f: Fwd, initialized: bool)
author	Rustan Leino <leino@microsoft.com>	2011-11-11 17:40:39 -0800
committer	Rustan Leino <leino@microsoft.com>	2011-11-11 17:40:39 -0800
commit	ac1188ff59098c4dd33d23022a0c324487eb8d86 (patch)
tree	a1590a1d814016e372108e26c629910715c17fc7 /Test/dafny0/Datatypes.dfy
parent	2eca0d1d73d1f2681fbbd6596e4175b13bd7c67b (diff)