diff options
author | leino <unknown> | 2014-12-12 20:46:48 -0800 |
---|---|---|
committer | leino <unknown> | 2014-12-12 20:46:48 -0800 |
commit | 91c4d57eb84d5d15e011902a1da1b70131e5a222 (patch) | |
tree | 6794bafdc71f6bc31c8d09496c3435658bbfc144 /Test/dafny2/Intervals.dfy | |
parent | 62a3e97eb61cbee0d523297ccad1f2d3bcf871c3 (diff) |
Language change: All functions and methods declared lexically outside any class are now
automatically static, and fields are no longer allowed to be declared there. Stated
differently, all heap state must now be declared inside an explicitly declared class,
and functions and methods declared outside any class can be viewed as belonging to
the module. The motivating benefit of this change is to no longer need the 'static'
keyword when declaring a module of functions and methods.
Diffstat (limited to 'Test/dafny2/Intervals.dfy')
-rw-r--r-- | Test/dafny2/Intervals.dfy | 102 |
1 files changed, 52 insertions, 50 deletions
diff --git a/Test/dafny2/Intervals.dfy b/Test/dafny2/Intervals.dfy index df14c1e9..ef40910e 100644 --- a/Test/dafny2/Intervals.dfy +++ b/Test/dafny2/Intervals.dfy @@ -4,63 +4,65 @@ // The RoundDown and RoundUp methods in this file are the ones in the Boogie
// implementation Source/AbsInt/IntervalDomain.cs.
-var thresholds: array<int>;
+class Rounding {
+ var thresholds: array<int>;
-function Valid(): bool
- reads this, thresholds;
-{
- thresholds != null &&
- forall m,n :: 0 <= m < n < thresholds.Length ==> thresholds[m] <= thresholds[n]
-}
-
-method RoundDown(k: int) returns (r: int)
- requires Valid();
- ensures -1 <= r < thresholds.Length;
- ensures forall m :: r < m < thresholds.Length ==> k < thresholds[m];
- ensures 0 <= r ==> thresholds[r] <= k;
-{
- if (thresholds.Length == 0 || k < thresholds[0]) {
- return -1;
+ function Valid(): bool
+ reads this, thresholds;
+ {
+ thresholds != null &&
+ forall m,n :: 0 <= m < n < thresholds.Length ==> thresholds[m] <= thresholds[n]
}
- var i, j := 0, thresholds.Length - 1;
- while (i < j)
- invariant 0 <= i <= j < thresholds.Length;
- invariant thresholds[i] <= k;
- invariant forall m :: j < m < thresholds.Length ==> k < thresholds[m];
+
+ method RoundDown(k: int) returns (r: int)
+ requires Valid();
+ ensures -1 <= r < thresholds.Length;
+ ensures forall m :: r < m < thresholds.Length ==> k < thresholds[m];
+ ensures 0 <= r ==> thresholds[r] <= k;
{
- var mid := i + (j - i + 1) / 2;
- assert i < mid <= j;
- if (thresholds[mid] <= k) {
- i := mid;
- } else {
- j := mid - 1;
+ if (thresholds.Length == 0 || k < thresholds[0]) {
+ return -1;
}
+ var i, j := 0, thresholds.Length - 1;
+ while (i < j)
+ invariant 0 <= i <= j < thresholds.Length;
+ invariant thresholds[i] <= k;
+ invariant forall m :: j < m < thresholds.Length ==> k < thresholds[m];
+ {
+ var mid := i + (j - i + 1) / 2;
+ assert i < mid <= j;
+ if (thresholds[mid] <= k) {
+ i := mid;
+ } else {
+ j := mid - 1;
+ }
+ }
+ return i;
}
- return i;
-}
-method RoundUp(k: int) returns (r: int)
- requires Valid();
- ensures 0 <= r <= thresholds.Length;
- ensures forall m :: 0 <= m < r ==> thresholds[m] < k;
- ensures r < thresholds.Length ==> k <= thresholds[r];
-{
- if (thresholds.Length == 0 || thresholds[thresholds.Length-1] < k) {
- return thresholds.Length;
- }
- var i, j := 0, thresholds.Length - 1;
- while (i < j)
- invariant 0 <= i <= j < thresholds.Length;
- invariant k <= thresholds[j];
- invariant forall m :: 0 <= m < i ==> thresholds[m] < k;
+ method RoundUp(k: int) returns (r: int)
+ requires Valid();
+ ensures 0 <= r <= thresholds.Length;
+ ensures forall m :: 0 <= m < r ==> thresholds[m] < k;
+ ensures r < thresholds.Length ==> k <= thresholds[r];
{
- var mid := i + (j - i) / 2;
- assert i <= mid < j;
- if (thresholds[mid] < k) {
- i := mid + 1;
- } else {
- j := mid;
+ if (thresholds.Length == 0 || thresholds[thresholds.Length-1] < k) {
+ return thresholds.Length;
+ }
+ var i, j := 0, thresholds.Length - 1;
+ while (i < j)
+ invariant 0 <= i <= j < thresholds.Length;
+ invariant k <= thresholds[j];
+ invariant forall m :: 0 <= m < i ==> thresholds[m] < k;
+ {
+ var mid := i + (j - i) / 2;
+ assert i <= mid < j;
+ if (thresholds[mid] < k) {
+ i := mid + 1;
+ } else {
+ j := mid;
+ }
}
+ return i;
}
- return i;
}
|