| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
| |
outside the module that declares it. The body is now visible across the module boundary. To contain the knowledge of the body inside the module, mark the function/predicate as 'protected'.
Semantics of 'protected':
* The definition (i.e., body) of a 'protected' function is not visible outside the defining module
* The idea is that inside the defining module, a 'protected' function may or may not be opaque. However, this will be easier to support once opaque/reveal are language primitives. Therefore, for the time being, {:opaque} is not allowed to be applied to 'protected' functions.
* In order to extend the definition of a predicate in a refinement module, the predicate must be 'protected'
* The 'protected' status of a function must be preserved in refinement modules
|
| |
|
|
|
|
|
|
|
|
|
|
| |
class are now
automatically static, and fields are no longer allowed to be declared there. Stated
differently, all heap state must now be declared inside an explicitly declared class,
and functions and methods declared outside any class can be viewed as belonging to
the module. The motivating benefit of this change is to no longer need the 'static'
keyword when declaring a module of functions and methods.
|
| |
|
|
|
|
| |
their specifications (e.g., ensures clauses) are exported.
|
| |
|
| |
|
| |
|
|
|
|
| |
implementation of refinement transformations thereof
|
| |
|
| |
|
|
|
|
| |
function/method being refined didn't have one
|
| |
|
|
|
|
| |
the default module); these go into the (new) default class of each module
|
| |
|
| |
|
|
|
|
| |
return values of concrete and abstract executions are equal. Refactored a test to simulate "static" function call.
|
|
|
|
| |
regression test -- a sequence refined by a singly linked list.
|
|
|