Commit eecfc98c by Jean-Christophe Filliâtre

### syntax for assignment

parent 26c19ce1
 ... ... @@ -30,8 +30,8 @@ module M variant { j } (* ghost *) incr loop2; let temp = a[!j] in set a !j a[!j - 1]; set a (!j - 1) temp; a[!j] <- a[!j - 1]; a[!j - 1] <- temp; decr j done; incr i ... ...
 ... ... @@ -83,14 +83,14 @@ module Distance for i = 0 to n2 do invariant { length t = n2+1 and forall j:int. 0 <= j < i -> t[j] = n2-j } set t i (n2 - i) t[i] <- n2 - i done; (* loop over w1 *) for i = n1-1 downto 0 do invariant { length t = n2+1 and forall j:int. 0 <= j <= n2 -> min_suffix w1 w2 (i+1) j t[j] } o := t[n2]; set t n2 (t[n2] + 1); t[n2] <- t[n2] + 1; (* loop over w2 *) for j = n2-1 downto 0 do invariant { length t = n2+1 ... ... @@ -101,9 +101,9 @@ module Distance let temp = !o in o := t[j]; if w1[i] = w2[j] then set t j temp t[j] <- temp else set t j ((min t[j] t[j+1]) + 1) t[j] <- (min t[j] t[j+1]) + 1 end done done; ... ...
 ... ... @@ -16,8 +16,8 @@ module Flag { 0 <= i < length a and 0 <= j < length a } let v = a[i] in begin set a i a[j]; set a j v a[i] <- a[j]; a[j] <- v end { exchange a (old a) i j } ... ...
 ... ... @@ -20,7 +20,7 @@ module Muller for i = 0 to length a - 1 do invariant { 0 <= count = num_of a.elts 0 i <= i and length u = num_of a.elts 0 (length a) } if a[i] <> 0 then begin set u !count a[i]; incr count end if a[i] <> 0 then begin u[!count] <- a[i]; incr count end done end ... ...
 ... ... @@ -92,13 +92,13 @@ let search_safety () = invariant { length x = m } let delta = y - !s - c + x[d] in if 0 <= delta && delta <= 9 * d then begin set x d c; x[d] <- c; let k = div delta 9 in for i = 0 to d - 1 do invariant { length x = m } if i < k then set x i 9 else if i = k then set x i (mod delta 9) else set x i 0 if i < k then x[i] <- 9 else if i = k then x[i] <- mod delta 9 else x[i] <- 0 done; raise Success end ... ... @@ -132,7 +132,7 @@ let search () = invariant { x = at x Init } let delta = y - !s - c + x[d] in if 0 <= delta && delta <= 9 * d then begin set x d c; x[d] <- c; assert { sum x.elts d m = y - delta }; let k = div delta 9 in assert { k <= d }; ... ... @@ -140,9 +140,9 @@ let search () = invariant { length x = m and is_integer x.elts and sum x.elts d m = y - delta and sum x.elts 0 i = if i <= k then 9*i else delta } if i < k then set x i 9 else if i = k then set x i (mod delta 9) else set x i 0 if i < k then x[i] <- 9 else if i = k then x[i] <- (mod delta 9) else x[i] <- 0 done; (* assume { sum !x 0 d = delta }; *) assert { sum x.elts 0 d = delta }; ... ... @@ -264,7 +264,7 @@ let search_smallest () = let delta = y - !s - c + x[d] in if 0 <= delta && delta <= 9 * d then begin assert { smallest_size delta <= d }; set x d c; x[d] <- c; assert { sum x.elts d m = y - delta }; assert { gt_digit x.elts (at x.elts Init) d }; let k = div delta 9 in ... ... @@ -278,9 +278,9 @@ let search_smallest () = (j < smallest_size delta -> x[j] = M.get (smallest delta) j) and (j >= smallest_size delta -> x[j] = 0)) and gt_digit x.elts (at x.elts Init) d } if i < k then set x i 9 else if i = k then set x i (mod delta 9) else set x i 0; if i < k then x[i] <- 9 else if i = k then x[i] <- mod delta 9 else x[i] <- 0; assert { is_integer x.elts } done; assert { sum x.elts 0 d = delta }; ... ...
 ... ... @@ -17,10 +17,8 @@ module Quicksort let swap (t:array int) (i:int) (j:int) = { 0 <= i < length t and 0 <= j < length t } let v = t[i] in begin set t i t[j]; set t j v end t[i] <- t[j]; t[j] <- v { exchange t (old t) i j } let rec quick_rec (t:array int) (l:int) (r:int) : unit variant { 1+r-l } = ... ...
 ... ... @@ -82,16 +82,6 @@ back +-+-+-+-------------------+ forall i : int. 0 <= i < a.card -> a.idx[i] = dirichlet a.card a.back i && is_elt a i (* parameter create : sz:int -> { 0 <= sz <= maxlen } sparse_array { invariant_ result and result.card = 0 and length result = sz and forall i:int. model result i = default } *) parameter malloc : n:int -> {} array 'a { A.length result = n } let create sz = ... ... @@ -124,11 +114,11 @@ back +-+-+-+-------------------+ let idx = idx a in let back = back a in let n = card a in set val i v; val[i] <- v; if not (test a i) then begin assert { n < length a }; set idx i n; set back n i; idx[i] <- n; back[n] <- i; () (*TODO a.card <- n+1 *) end { invariant_ a and ... ...
 ... ... @@ -25,7 +25,7 @@ module M for i = 0 to n-1 do invariant { length b = n and forall j: int. 0 <= j < i -> b[a[j]] = j } set b a[i] i b[a[i]] <- i done { injective b n } ... ...
 ... ... @@ -84,7 +84,7 @@ module M length board = n and eq_board board (at board Init) pos and forall b:array int. length b = n -> is_board b n -> eq_board board b pos -> 0 <= b[pos] < i -> not (solution b n) } set board pos i; board[pos] <- i; assert { eq_board board (at board Init) pos }; if check_is_consistent board pos then bt_queens board n (pos+1) done ... ...
 ... ... @@ -24,7 +24,7 @@ module M j := !j - 1; t := !t + 1 done; set b !j a[i]; b[!j] <- a[i]; j := !j + 1 done; assert { 0 <= t <= n } ... ...
 ... ... @@ -15,7 +15,7 @@ module Array parameter ([]) : a:array 'a -> i:int -> { 0 <= i < length a } 'a reads a { result = a[i] } parameter set : a:array 'a -> i:int -> v:'a -> parameter ([]<-) : a:array 'a -> i:int -> v:'a -> { 0 <= i < length a } unit writes a { a = (old a)[i <- v] } (* unsafe get/set operations with no precondition *) ... ...
 ... ... @@ -1029,7 +1029,19 @@ expr: { let t = mk_infix \$1 "=" \$3 in mk_expr (mk_apply_id { id = "notb"; id_lab = []; id_loc = floc () } [t]) } | expr LARROW expr { mk_infix \$1 "<-" \$3 } { match \$1.expr_desc with | Eapply (e11, e12) -> begin match e11.expr_desc with | Eident x -> mk_expr (Eassign (e12, x, \$3)) | Eapply ({ expr_desc = Eident (Qident x) }, e11) when x.id = mixfix "[]" -> mk_mixfix3 "[]<-" e11 e12 \$3 | _ -> raise Parsing.Parse_error end | _ -> raise Parsing.Parse_error } | expr OP1 expr { mk_infix \$1 \$2 \$3 } | expr OP2 expr ... ...
 ... ... @@ -211,6 +211,7 @@ and expr_desc = | Eletrec of (ident * binder list * variant option * triple) list * expr | Etuple of expr list | Erecord of (qualid * expr) list | Eassign of expr * qualid * expr (* control *) | Esequence of expr * expr | Eif of expr * expr * expr ... ...
 o e <- e o {| e with x1 = e1; ...; xn = en |} o WP: update o syntactic sugar for postcondition: { pat | q } stands for { let pat = result in q } ... ... @@ -13,8 +19,6 @@ o what about pervasives old, at, label, unit = () in particular, how to prevent old and at from being used in programs? can we get rid of theories/programs.why? o fmla_effect o program alias, e.g. let f = String.create ... ...
 ... ... @@ -473,6 +473,8 @@ and dexpr_desc ~ghost env loc = function in let d = List.fold_left2 constructor d fl tyl in d.dexpr_desc, ty | Ptree.Eassign _ -> assert false (*TODO*) | Ptree.Esequence (e1, e2) -> let e1 = dexpr ~ghost env e1 in ... ...
 ... ... @@ -9,7 +9,8 @@ module M let foo () = {} let x = {| N.a = 1; N.b = 2 |} in x.N.a 1; 2 { result=1 } end ... ...
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!