diff options
| author |  Rustan Leino <leino@microsoft.com> | 2011-11-09 00:00:04 -0800 |
|---|---|---|
| committer | Rustan Leino <leino@microsoft.com> | 2011-11-09 00:00:04 -0800 |
| commit | 2e3d19b794d10ad1b915f0423004c5980cfe7f51 (patch) | |
| tree | 66da56a6860be9b025bdef13f4045a3c9b47111b /Test/dafny0/NatTypes.dfy | |
| parent | 80f21a81df3b05bb14e2ff9fef85189a708015c8 (diff) | |
Dafny: fixed part of a type-inference issue with datatypes and the < operator on datatypes
Dafny: allow the well-formedness check of a function's specification to know that the function, on the current arguments, returns a value of the declared result type
Diffstat (limited to 'Test/dafny0/NatTypes.dfy')
| -rw-r--r-- | Test/dafny0/NatTypes.dfy | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/Test/dafny0/NatTypes.dfy b/Test/dafny0/NatTypes.dfy index 47bc22e1..0513591c 100644 --- a/Test/dafny0/NatTypes.dfy +++ b/Test/dafny0/NatTypes.dfy @@ -108,3 +108,30 @@ function Abs(x: int): nat {
if 0 <= x then x else -x
}
+
+// ----- Here are tests that the type of the result value of a function is known by the
+// ----- time the well-formedness of the function's specification is checked.
+
+function TakesANat(n: nat): bool
+{
+ n < 29
+}
+
+function Naturally(): nat
+ ensures TakesANat(Naturally()); // the wellformedness of this check requires
+{
+ 17
+}
+
+function Integrally_Bad(): int
+ ensures TakesANat(Integrally_Bad()); // error: well-formedness check fails
+{
+ 17
+}
+
+function Integrally_Good(): int
+ ensures 0 <= Integrally_Good();
+ ensures TakesANat(Integrally_Good()); // here, the needed information follows from the preceding ensures clause
+{
+ 17
+}
|