Dafny: beefed up allocation axioms for boxes stored in fields

author: Unknown <leino@LEINO6.redmond.corp.microsoft.com> 2012-06-12 13:53:03 -0700
committer: Unknown <leino@LEINO6.redmond.corp.microsoft.com> 2012-06-12 13:53:03 -0700
commit: f2eb93519ffd02b775d427d2909cebd0690dc090 (patch)
tree: 732a829e9b3d3bd5cd4a7ca303bc06163aedc639 /Test/dafny2/TreeFill.dfy
parent: a63e68b3fe5d2245ad86767fde5f12717fb57f79 (diff)
1 files changed, 27 insertions, 0 deletions
diff --git a/Test/dafny2/TreeFill.dfy b/Test/dafny2/TreeFill.dfy
new file mode 100644
index 00000000..f7e2cc89
--- /dev/null
+++ b/Test/dafny2/TreeFill.dfy
@@ -0,0 +1,27 @@
+datatype Tree<T> = Null | Node(Tree, T, Tree);
+
+function Contains<T>(t: Tree, v: T): bool
+{
+  match t
+  case Null => false
+  case Node(left, x, right) => x == v || Contains(left, v) || Contains(right, v)
+}
+
+method Fill<T>(t: Tree, a: array<T>, start: int) returns (end: int)
+  requires a != null && 0 <= start <= a.Length;
+  modifies a;
+  ensures start <= end <= a.Length;
+  ensures forall i :: 0 <= i < start ==> a[i] == old(a[i]);
+  ensures forall i :: start <= i < end ==> Contains(t, a[i]);
+{
+  match (t) {
+    case Null =>
+      end := start;
+    case Node(left, x, right) =>
+      end := Fill(left, a, start);
+      if (end < a.Length) {
+        a[end] := x;
+        end := Fill(right, a, end + 1);
+      }
+  }
+}
author	Unknown <leino@LEINO6.redmond.corp.microsoft.com>	2012-06-12 13:53:03 -0700
committer	Unknown <leino@LEINO6.redmond.corp.microsoft.com>	2012-06-12 13:53:03 -0700
commit	f2eb93519ffd02b775d427d2909cebd0690dc090 (patch)
tree	732a829e9b3d3bd5cd4a7ca303bc06163aedc639 /Test/dafny2/TreeFill.dfy
parent	a63e68b3fe5d2245ad86767fde5f12717fb57f79 (diff)