Commit e1ff66bb by Jean-Christophe Filliâtre

### cleaning up

parent 437ed722
 (* A small verification challenge proposed by Peter Müller. Given an array of integers, we first count how many non-zero values it contains. Then we allocate a new array with exactly this size and we fill it with the non-zero values. *) module Muller module Muller use import int.Int use import int.Int ... @@ -6,10 +12,10 @@ module Muller ... @@ -6,10 +12,10 @@ module Muller use import module array.Array use import module array.Array type param = M.map int int type param = M.map int int predicate pr (a : param) (n : int) = M.([]) a n <> 0 predicate pr (a: param) (n: int) = M.([]) a n <> 0 clone import int.NumOfParam with type param = param, predicate pr = pr clone import int.NumOfParam with type param = param, predicate pr = pr let compact (a : array int) = let compact (a: array int) = let count = ref 0 in let count = ref 0 in for i = 0 to length a - 1 do for i = 0 to length a - 1 do invariant { 0 <= !count = num_of a.elts 0 i <= i} invariant { 0 <= !count = num_of a.elts 0 i <= i} ... @@ -18,8 +24,7 @@ module Muller ... @@ -18,8 +24,7 @@ module Muller let u = make !count 0 in let u = make !count 0 in count := 0; count := 0; for i = 0 to length a - 1 do for i = 0 to length a - 1 do invariant { 0 <= !count = num_of a.elts 0 i <= i /\ invariant { 0 <= !count = num_of a.elts 0 i <= i } length u = num_of a.elts 0 (length a) } if a[i] <> 0 then begin u[!count] <- a[i]; incr count end if a[i] <> 0 then begin u[!count] <- a[i]; incr count end done done ... ...
 ... ...
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!