Add higher-order-functions and some other goodies

  * The reads clause now needs to be self framing.

  * The requires clause now needs to be framed by the reads clause.

  * There are one-shot lambdas, with a single arrow, but they will probably be
    removed.

  * There is a {:heapQuantifier} attribute to quantifiers, but they will
    probably be removed.

  * Add smart handling of type variables

  * Add < and > for datatype & type parameter

1 files changed, 50 insertions, 0 deletions

diff --git a/Test/hofs/WhileLoop.dfy b/Test/hofs/WhileLoop.dfy
new file mode 100644
index 00000000..dd95cc76
--- /dev/null
+++ b/Test/hofs/WhileLoop.dfy
@@ -0,0 +1,50 @@
+// RUN: %dafny /compile:0 /print:"%t.print" "%s" > "%t"
+// RUN: %diff "%s.expect" "%t"
+
+class Ref<A> {
+  var val: A;
+}
+
+method Nice(n: int) {
+  var f : int -> int := x => x;
+  var i := new Ref<int>;
+  i.val := 0;
+  while (i.val < n)
+    invariant forall u :: f.requires(u);
+    invariant forall u :: f.reads(u) == {};
+    invariant forall u :: f(u) == u + i.val;
+  {
+    i.val := i.val + 1;
+    f := x => f(x) + 1;
+  }
+}
+
+
+method OneShot(n: int) {
+  var f : int -> int := x => x;
+  var i := 0;
+  while (i < n)
+    invariant forall u :: f.requires(u);
+    invariant forall u :: f(u) == u + i;
+  {
+    i := i + 1;
+    f := x reads f.reads(x) -> f(x) + 1;
+  }
+}
+
+method HeapQuant(n: int) {
+  var f : int -> int := x => x;
+  var i := new Ref<int>;
+  ghost var r := 0;
+  i.val := 0;
+  while (i.val < n)
+    invariant forall u {:heapQuantifier} :: f.requires(u);
+    invariant forall u {:heapQuantifier} :: f.reads(u) == {};
+    invariant r == i.val;
+    invariant forall u {:heapQuantifier} :: f(u) == u + r;
+  {
+    i.val, r := i.val + 1, r + 1;
+    f := x => f(x) + 1;
+  }
+}
+