diff options
| author |  leino <unknown> | 2015-03-09 10:12:44 -0700 |
|---|---|---|
| committer | leino <unknown> | 2015-03-09 10:12:44 -0700 |
| commit | efeb1c5ddde488b4923d87339b8ebbf75d910e16 (patch) | |
| tree | dc44c9b431f1f24889047b736d8720c2a89d794e /Test/dafny4 | |
| parent | 1157b689cbc7c65cde1f20192e8b3b49046d6fc4 (diff) | |
This changeset changes the default visibility of a function/predicate body outside the module that declares it. The body is now visible across the module boundary. To contain the knowledge of the body inside the module, mark the function/predicate as 'protected'.
Semantics of 'protected':
* The definition (i.e., body) of a 'protected' function is not visible outside the defining module
* The idea is that inside the defining module, a 'protected' function may or may not be opaque. However, this will be easier to support once opaque/reveal are language primitives. Therefore, for the time being, {:opaque} is not allowed to be applied to 'protected' functions.
* In order to extend the definition of a predicate in a refinement module, the predicate must be 'protected'
* The 'protected' status of a function must be preserved in refinement modules
Diffstat (limited to 'Test/dafny4')
| -rw-r--r-- | Test/dafny4/ClassRefinement.dfy | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/Test/dafny4/ClassRefinement.dfy b/Test/dafny4/ClassRefinement.dfy index cff6d98f..b5ecfbfa 100644 --- a/Test/dafny4/ClassRefinement.dfy +++ b/Test/dafny4/ClassRefinement.dfy @@ -12,7 +12,7 @@ abstract module M0 { class Counter {
ghost var N: int;
ghost var Repr: set<object>;
- predicate Valid()
+ protected predicate Valid()
reads this, Repr;
{
this in Repr
@@ -51,7 +51,7 @@ module M1 refines M0 { class Counter {
var c: Cell;
var d: Cell;
- predicate Valid...
+ protected predicate Valid...
{
c != null && c in Repr &&
d != null && d in Repr &&
|