diff options
author | leino <unknown> | 2015-05-01 19:39:16 -0700 |
---|---|---|
committer | leino <unknown> | 2015-05-01 19:39:16 -0700 |
commit | 20f97304dda7dca7259514ca472c3c1b76262013 (patch) | |
tree | 4c4427896542eed2cb9684403702365cc7608111 /Test/hofs/ReadsReads.dfy | |
parent | e105e36050283163c3d07a3aa3c3f522093c7c7a (diff) |
Improved generation of .reads axioms (correcting an incorrect answer and corresponding incorrectly recorded desired answer)
Diffstat (limited to 'Test/hofs/ReadsReads.dfy')
-rw-r--r-- | Test/hofs/ReadsReads.dfy | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/Test/hofs/ReadsReads.dfy b/Test/hofs/ReadsReads.dfy index 3fb03fda..e11473bd 100644 --- a/Test/hofs/ReadsReads.dfy +++ b/Test/hofs/ReadsReads.dfy @@ -28,12 +28,12 @@ module ReadsRequiresReads { function MyReadsBad(f : A -> B, a : A) : set<object> { - f.reads(a) + f.reads(a) // error: MyReadsBad does not have permission to read what f.reads(a) reads } function MyReadsBad2(f : A -> B, a : A) : set<object> { - (f.reads)(a) + (f.reads)(a) // error: MyReadsBad2 does not have permission to read what f.reads(a) reads } function MyReadsOk'(f : A -> B, a : A, o : object) : bool @@ -44,7 +44,7 @@ module ReadsRequiresReads { function MyReadsBad'(f : A -> B, a : A, o : object) : bool { - o in f.reads(a) + o in f.reads(a) // error: MyReadsBad' does not have permission to read what f.reads(a) reads } function MyRequiresOk(f : A -> B, a : A) : bool @@ -55,7 +55,7 @@ module ReadsRequiresReads { function MyRequiresBad(f : A -> B, a : A) : bool { - f.requires(a) + f.requires(a) // error: MyRequiresBad does not have permission to read what f.requires(a) reads } } @@ -64,6 +64,7 @@ module WhatWeKnowAboutReads { lemma IndeedNothing() { assert ReadsNothing.reads() == {}; + assert ((ReadsNothing).reads)() == {}; } method NothingHere() { @@ -83,9 +84,9 @@ module WhatWeKnowAboutReads { var s' := new S; if * { assert s in ReadsSomething.reads(s) || ReadsSomething.reads(s) == {}; } else if * { assert s in ReadsSomething.reads(s); - } else if * { assert ReadsSomething.reads(s) == {}; + } else if * { assert ReadsSomething.reads(s) == {}; // error } else if * { assert s' !in ReadsSomething.reads(s); - } else if * { assert s' in ReadsSomething.reads(s); + } else if * { assert s' in ReadsSomething.reads(s); // error } } @@ -95,9 +96,9 @@ module WhatWeKnowAboutReads { var f := (u) reads u => (); if * { assert s in f.reads(s) || f.reads(s) == {}; } else if * { assert s in f.reads(s); - } else if * { assert f.reads(s) == {}; + } else if * { assert f.reads(s) == {}; // error } else if * { assert s' !in f.reads(s); - } else if * { assert s' in f.reads(s); + } else if * { assert s' in f.reads(s); // error } } } @@ -133,12 +134,9 @@ module ReadsAll { } module ReadsOnFunctions { - lemma M0(f: int -> int) + lemma Requires_Reads_What_Function_Reads(f: int -> int) { var g := f.requires; assert g.reads(10) == f.reads(10); } -// function F(f: int -> int): int -// requires forall x :: f.reads(x) == {} // should always be allowed to invoke .reads, even if F has an empty reads clause -// { 0 } } |