diff options
author | leino <unknown> | 2014-12-12 20:46:48 -0800 |
---|---|---|
committer | leino <unknown> | 2014-12-12 20:46:48 -0800 |
commit | 91c4d57eb84d5d15e011902a1da1b70131e5a222 (patch) | |
tree | 6794bafdc71f6bc31c8d09496c3435658bbfc144 /Test/dafny0/LetExpr.dfy | |
parent | 62a3e97eb61cbee0d523297ccad1f2d3bcf871c3 (diff) |
Language change: All functions and methods declared lexically outside any class are now
automatically static, and fields are no longer allowed to be declared there. Stated
differently, all heap state must now be declared inside an explicitly declared class,
and functions and methods declared outside any class can be viewed as belonging to
the module. The motivating benefit of this change is to no longer need the 'static'
keyword when declaring a module of functions and methods.
Diffstat (limited to 'Test/dafny0/LetExpr.dfy')
-rw-r--r-- | Test/dafny0/LetExpr.dfy | 82 |
1 files changed, 42 insertions, 40 deletions
diff --git a/Test/dafny0/LetExpr.dfy b/Test/dafny0/LetExpr.dfy index dfa09b1e..b9f6a2c5 100644 --- a/Test/dafny0/LetExpr.dfy +++ b/Test/dafny0/LetExpr.dfy @@ -65,49 +65,51 @@ method M4(a: array<int>) returns (r: int) assert forall i :: 0 <= i < a.Length ==> var j := i+1; j < a.Length ==> a[i] == a[j];
}
-var index: int;
-method P(a: array<int>) returns (b: bool, ii: int)
- requires a != null && exists k :: 0 <= k < a.Length && a[k] == 19;
- modifies this, a;
- ensures ii == index;
- // The following uses a variable with a non-old definition inside an old expression:
- ensures 0 <= index < a.Length && old(a[ii]) == 19;
- ensures 0 <= index < a.Length && var newIndex := index; old(a[newIndex]) == 19;
- // The following places both the variable and the body inside an old:
- ensures b ==> old(var oldIndex := index; 0 <= oldIndex < a.Length && a[oldIndex] == 17);
- // Here, the definition of the variable is old, and it's used both inside and
- // inside an old expression:
- ensures var oi := old(index); oi == index ==> a[oi] == 21 && old(a[oi]) == 19;
-{
- b := 0 <= index < a.Length && a[index] == 17;
- var i, j := 0, -1;
- while (i < a.Length)
- invariant 0 <= i <= a.Length;
- invariant forall k :: 0 <= k < i ==> a[k] == 21;
- invariant forall k :: i <= k < a.Length ==> a[k] == old(a[k]);
- invariant (0 <= j < i && old(a[j]) == 19) ||
- (j == -1 && exists k :: i <= k < a.Length && a[k] == 19);
+class AClass {
+ var index: int;
+ method P(a: array<int>) returns (b: bool, ii: int)
+ requires a != null && exists k :: 0 <= k < a.Length && a[k] == 19;
+ modifies this, a;
+ ensures ii == index;
+ // The following uses a variable with a non-old definition inside an old expression:
+ ensures 0 <= index < a.Length && old(a[ii]) == 19;
+ ensures 0 <= index < a.Length && var newIndex := index; old(a[newIndex]) == 19;
+ // The following places both the variable and the body inside an old:
+ ensures b ==> old(var oldIndex := index; 0 <= oldIndex < a.Length && a[oldIndex] == 17);
+ // Here, the definition of the variable is old, and it's used both inside and
+ // inside an old expression:
+ ensures var oi := old(index); oi == index ==> a[oi] == 21 && old(a[oi]) == 19;
{
- if (a[i] == 19) { j := i; }
- i, a[i] := i + 1, 21;
+ b := 0 <= index < a.Length && a[index] == 17;
+ var i, j := 0, -1;
+ while (i < a.Length)
+ invariant 0 <= i <= a.Length;
+ invariant forall k :: 0 <= k < i ==> a[k] == 21;
+ invariant forall k :: i <= k < a.Length ==> a[k] == old(a[k]);
+ invariant (0 <= j < i && old(a[j]) == 19) ||
+ (j == -1 && exists k :: i <= k < a.Length && a[k] == 19);
+ {
+ if (a[i] == 19) { j := i; }
+ i, a[i] := i + 1, 21;
+ }
+ index := j;
+ ii := index;
}
- index := j;
- ii := index;
-}
-method PMain(a: array<int>)
- requires a != null && exists k :: 0 <= k < a.Length && a[k] == 19;
- modifies this, a;
-{
- var s := a[..];
- var b17, ii := P(a);
- assert s == old(a[..]);
- assert s[index] == 19;
- if (*) {
- assert a[index] == 19; // error (a can have changed in P)
- } else {
- assert b17 ==> 0 <= old(index) < a.Length && old(a[index]) == 17;
- assert index == old(index) ==> a[index] == 21 && old(a[index]) == 19;
+ method PMain(a: array<int>)
+ requires a != null && exists k :: 0 <= k < a.Length && a[k] == 19;
+ modifies this, a;
+ {
+ var s := a[..];
+ var b17, ii := P(a);
+ assert s == old(a[..]);
+ assert s[index] == 19;
+ if (*) {
+ assert a[index] == 19; // error (a can have changed in P)
+ } else {
+ assert b17 ==> 0 <= old(index) < a.Length && old(a[index]) == 17;
+ assert index == old(index) ==> a[index] == 21 && old(a[index]) == 19;
+ }
}
}
|