diff options
| author |  leino <unknown> | 2014-12-12 20:46:48 -0800 |
|---|---|---|
| committer | leino <unknown> | 2014-12-12 20:46:48 -0800 |
| commit | 91c4d57eb84d5d15e011902a1da1b70131e5a222 (patch) | |
| tree | 6794bafdc71f6bc31c8d09496c3435658bbfc144 /Test/dafny1/Substitution.dfy | |
| parent | 62a3e97eb61cbee0d523297ccad1f2d3bcf871c3 (diff) | |
Language change: All functions and methods declared lexically outside any class are now
automatically static, and fields are no longer allowed to be declared there. Stated
differently, all heap state must now be declared inside an explicitly declared class,
and functions and methods declared outside any class can be viewed as belonging to
the module. The motivating benefit of this change is to no longer need the 'static'
keyword when declaring a module of functions and methods.
Diffstat (limited to 'Test/dafny1/Substitution.dfy')
| -rw-r--r-- | Test/dafny1/Substitution.dfy | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/Test/dafny1/Substitution.dfy b/Test/dafny1/Substitution.dfy index 10b70e09..174e71c8 100644 --- a/Test/dafny1/Substitution.dfy +++ b/Test/dafny1/Substitution.dfy @@ -8,7 +8,7 @@ datatype Expr = Var(int) |
Nary(int, List);
-static function Subst(e: Expr, v: int, val: int): Expr
+function Subst(e: Expr, v: int, val: int): Expr
{
match e
case Const(c) => e
@@ -16,14 +16,14 @@ static function Subst(e: Expr, v: int, val: int): Expr case Nary(op, args) => Expr.Nary(op, SubstList(args, v, val))
}
-static function SubstList(l: List, v: int, val: int): List
+function SubstList(l: List, v: int, val: int): List
{
match l
case Nil => l
case Cons(e, tail) => Cons(Subst(e, v, val), SubstList(tail, v, val))
}
-static ghost method Theorem(e: Expr, v: int, val: int)
+lemma Theorem(e: Expr, v: int, val: int)
ensures Subst(Subst(e, v, val), v, val) == Subst(e, v, val);
{
match e {
@@ -34,7 +34,7 @@ static ghost method Theorem(e: Expr, v: int, val: int) }
}
-static ghost method Lemma(l: List, v: int, val: int)
+lemma Lemma(l: List, v: int, val: int)
ensures SubstList(SubstList(l, v, val), v, val) == SubstList(l, v, val);
{
match l {
@@ -52,7 +52,7 @@ datatype Expression = Var(int) |
Nary(int, seq<Expression>);
-static function Substitute(e: Expression, v: int, val: int): Expression
+function Substitute(e: Expression, v: int, val: int): Expression
decreases e;
{
match e
@@ -61,7 +61,7 @@ static function Substitute(e: Expression, v: int, val: int): Expression case Nary(op, args) => Expression.Nary(op, SubstSeq(e, args, v, val))
}
-static function SubstSeq(/*ghost*/ parent: Expression,
+function SubstSeq(/*ghost*/ parent: Expression,
q: seq<Expression>, v: int, val: int): seq<Expression>
requires (forall a :: a in q ==> a < parent);
decreases parent, q;
@@ -70,7 +70,7 @@ static function SubstSeq(/*ghost*/ parent: Expression, SubstSeq(parent, q[..|q|-1], v, val) + [Substitute(q[|q|-1], v, val)]
}
-static ghost method TheoremSeq(e: Expression, v: int, val: int)
+lemma TheoremSeq(e: Expression, v: int, val: int)
ensures Substitute(Substitute(e, v, val), v, val) == Substitute(e, v, val);
{
match e {
@@ -97,7 +97,7 @@ static ghost method TheoremSeq(e: Expression, v: int, val: int) }
}
-static ghost method LemmaSeq(parent: Expression, q: seq<Expression>, v: int, val: int)
+lemma LemmaSeq(parent: Expression, q: seq<Expression>, v: int, val: int)
requires (forall a :: a in q ==> a < parent);
ensures |SubstSeq(parent, q, v, val)| == |q|;
ensures (forall k :: 0 <= k && k < |q| ==>
|