diff options
| author |  Rustan Leino <leino@microsoft.com> | 2012-01-16 14:36:39 -0800 |
|---|---|---|
| committer | Rustan Leino <leino@microsoft.com> | 2012-01-16 14:36:39 -0800 |
| commit | 5224ae38f6cbcfc586df27909376b53064dcfaea (patch) | |
| tree | c1768a08d0882a7655b6634c1527ea0427864f24 /Test/dafny0/Predicates.dfy | |
| parent | 26d9a05b985859f3a0d089367b35f493cbff090b (diff) | |
Dafny: Recheck specifications that contain refined (extended) predicates, even if they are contained inside a split expression. Superposition is thought to be sound.
Diffstat (limited to 'Test/dafny0/Predicates.dfy')
| -rw-r--r-- | Test/dafny0/Predicates.dfy | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/Test/dafny0/Predicates.dfy b/Test/dafny0/Predicates.dfy index f7b6e07f..f8569b3a 100644 --- a/Test/dafny0/Predicates.dfy +++ b/Test/dafny0/Predicates.dfy @@ -132,3 +132,49 @@ module Tricky_Full refines Tricky_Base { }
}
}
+
+// -------- Quantifiers ----------------------------------------
+
+module Q0 {
+ class C {
+ var x: int;
+ predicate P
+ reads this;
+ {
+ true
+ }
+ method M()
+ modifies this;
+ ensures forall c: C :: c != null ==> c.P;
+ {
+ }
+ predicate Q
+ reads this;
+ {
+ x < 100
+ }
+ method N()
+ modifies this;
+ ensures forall c :: c == this ==> c.Q;
+ {
+ x := 102; // error: fails to establish postcondition (but this error should not be repeated in Q1 below)
+ }
+ predicate R reads this; // a body-less predicate
+ }
+}
+
+module Q1 refines Q0 {
+ class C {
+ predicate P
+ {
+ x == 18
+ }
+ predicate R // no body yet
+ }
+}
+
+module Q2 refines Q1 {
+ class C {
+ predicate R { x % 3 == 2 } // finally, give it a body
+ }
+}
|