diff options
| author |  Rustan Leino <unknown> | 2013-01-23 16:24:54 -0800 |
|---|---|---|
| committer | Rustan Leino <unknown> | 2013-01-23 16:24:54 -0800 |
| commit | a5ba9b840d5fa93fb1841edfe74cddf2d259087d (patch) | |
| tree | 759691bdd6b07c6a2e021b9eaa5de50c4af03d47 /Test/dafny0/SplitExpr.dfy | |
| parent | 75dc25ca53d1be853555064ae010e80ef7dd54b7 (diff) | |
Split verification of quantifier expressions into #2 for checked and #1 for assumed.
Fixed cases where token was not being updated for refinement.
Diffstat (limited to 'Test/dafny0/SplitExpr.dfy')
| -rw-r--r-- | Test/dafny0/SplitExpr.dfy | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/Test/dafny0/SplitExpr.dfy b/Test/dafny0/SplitExpr.dfy index 80b67c10..3e67db58 100644 --- a/Test/dafny0/SplitExpr.dfy +++ b/Test/dafny0/SplitExpr.dfy @@ -54,3 +54,22 @@ class Node<T> { next.Valid())
}
}
+
+// ---------------------------------------------------------------------------------------
+// The following examples requires that quantifiers are boosted (that is, #2) when checked
+// versus not boosted (#1) when assumed.
+
+function F(x: nat): int
+{
+ if x == 0 then 0 else 1 + F(x-1)
+}
+
+method M(N: nat)
+{
+ var i := 0;
+ while (i < N)
+ invariant forall x {:induction false} :: 0 <= x <= i ==> F(x) == x;
+ {
+ i := i + 1;
+ }
+}
|