diff options
| author |  Rustan Leino <leino@microsoft.com> | 2011-08-22 12:06:50 -0700 |
|---|---|---|
| committer | Rustan Leino <leino@microsoft.com> | 2011-08-22 12:06:50 -0700 |
| commit | 5cf15fd847675ede4a727850962c7e1c685fe3fc (patch) | |
| tree | 39d10983047dabe82a1d3edcbd54d9ac08578f41 /Test/dafny1/FindZero.dfy | |
| parent | 2d0c1077957780bae932dd7d173c71309c4c7d56 (diff) | |
Dafny: updated test files (will soon update Answer files as well)
Diffstat (limited to 'Test/dafny1/FindZero.dfy')
| -rw-r--r-- | Test/dafny1/FindZero.dfy | 56 |
1 files changed, 51 insertions, 5 deletions
diff --git a/Test/dafny1/FindZero.dfy b/Test/dafny1/FindZero.dfy index 76e67205..c92dd065 100644 --- a/Test/dafny1/FindZero.dfy +++ b/Test/dafny1/FindZero.dfy @@ -1,12 +1,12 @@ method FindZero(a: array<int>) returns (r: int)
- requires a != null && forall i :: 0 <= i && i < a.Length ==> 0 <= a[i];
+ requires a != null && forall i :: 0 <= i < a.Length ==> 0 <= a[i];
requires forall i :: 0 <= i && i+1 < a.Length ==> a[i]-1 <= a[i+1];
ensures 0 <= r ==> r < a.Length && a[r] == 0;
- ensures r < 0 ==> forall i :: 0 <= i && i < a.Length ==> a[i] != 0;
+ ensures r < 0 ==> forall i :: 0 <= i < a.Length ==> a[i] != 0;
{
var n := 0;
while (n < a.Length)
- invariant forall i :: 0 <= i && i < n && i < a.Length ==> a[i] != 0;
+ invariant forall i :: 0 <= i < n && i < a.Length ==> a[i] != 0;
{
if (a[n] == 0) { r := n; return; }
Lemma(a, n, a[n]);
@@ -16,11 +16,11 @@ method FindZero(a: array<int>) returns (r: int) }
ghost method Lemma(a: array<int>, k: int, m: int)
- requires a != null && forall i :: 0 <= i && i < a.Length ==> 0 <= a[i];
+ requires a != null && forall i :: 0 <= i < a.Length ==> 0 <= a[i];
requires forall i :: 0 <= i && i+1 < a.Length ==> a[i]-1 <= a[i+1];
requires 0 <= k;
requires k < a.Length ==> m <= a[k];
- ensures forall i :: k <= i && i < k+m && i < a.Length ==> a[i] != 0;
+ ensures forall i :: k <= i < k+m && i < a.Length ==> a[i] != 0;
decreases m;
{
if (0 < m && k < a.Length) {
@@ -28,3 +28,49 @@ ghost method Lemma(a: array<int>, k: int, m: int) Lemma(a, k+1, m-1);
}
}
+
+// -----------------------------------------------------------------
+
+method FindZero_GhostLoop(a: array<int>) returns (r: int)
+ requires a != null && forall i :: 0 <= i < a.Length ==> 0 <= a[i];
+ requires forall i :: 0 <= i && i+1 < a.Length ==> a[i]-1 <= a[i+1];
+ ensures 0 <= r ==> r < a.Length && a[r] == 0;
+ ensures r < 0 ==> forall i :: 0 <= i < a.Length ==> a[i] != 0;
+{
+ var n := 0;
+ while (n < a.Length)
+ invariant forall i :: 0 <= i < n && i < a.Length ==> a[i] != 0;
+ {
+ if (a[n] == 0) { return n; }
+ ghost var m := n;
+ while (m < n + a[n])
+ invariant m <= n + a[n] && m < a.Length;
+ invariant n + a[n] - m <= a[m];
+ invariant forall i :: 0 <= i < m && i < a.Length ==> a[i] != 0;
+ {
+ m := m + 1;
+ if (m == a.Length) { break; }
+ }
+ n := n + a[n];
+ }
+ return -1;
+}
+
+// -----------------------------------------------------------------
+
+method FindZero_Assert(a: array<int>) returns (r: int)
+ requires a != null && forall i :: 0 <= i < a.Length ==> 0 <= a[i];
+ requires forall i :: 0 <= i-1 && i < a.Length ==> a[i-1]-1 <= a[i];
+ ensures 0 <= r ==> r < a.Length && a[r] == 0;
+ ensures r < 0 ==> forall i :: 0 <= i < a.Length ==> a[i] != 0;
+{
+ var n := 0;
+ while (n < a.Length)
+ invariant forall i :: 0 <= i < n && i < a.Length ==> a[i] != 0;
+ {
+ if (a[n] == 0) { return n; }
+ assert forall m {:induction} :: n <= m < n + a[n] && m < a.Length ==> n+a[n]-m <= a[m];
+ n := n + a[n];
+ }
+ return -1;
+}
|