Commit 1b644c8e by Mário Pereira

### Code extraction (wip)

parent 3172196f
 ... @@ -141,8 +141,8 @@ module LeftistHeap ... @@ -141,8 +141,8 @@ module LeftistHeap = match h with = match h with | E -> absurd | E -> absurd | N _ l _ r -> | N _ l _ r -> match l with E -> root_is_miminum l | _ -> () end; match l with E -> () | _ -> root_is_miminum l end; match r with E -> root_is_miminum r | _ -> () end match r with E -> () | _ -> root_is_miminum r end end end function rank (h: t) : int = match h with function rank (h: t) : int = match h with ... ...
 ... @@ -3,140 +3,107 @@ ... @@ -3,140 +3,107 @@ "http://why3.lri.fr/why3session.dtd"> "http://why3.lri.fr/why3session.dtd"> ... ...
No preview for this file type
 ... @@ -49,30 +49,30 @@ module Bounded_int ... @@ -49,30 +49,30 @@ module Bounded_int predicate in_bounds (n:int) = min <= n <= max predicate in_bounds (n:int) = min <= n <= max axiom to_int_in_bounds: forall n:t. in_bounds (to_int n) axiom to_int_in_bounds: forall n:t. in_bounds n val of_int (n:int) : t val of_int (n:int) : t requires { "expl:integer overflow" in_bounds n } requires { "expl:integer overflow" in_bounds n } ensures { to_int result = n } ensures { result = n } val (+) (a:t) (b:t) : t val (+) (a:t) (b:t) : t requires { "expl:integer overflow" in_bounds (to_int a + to_int b) } requires { "expl:integer overflow" in_bounds (a + b) } ensures { to_int result = to_int a + to_int b } ensures { result = a + b } val (-) (a:t) (b:t) : t val (-) (a:t) (b:t) : t requires { "expl:integer overflow" in_bounds (to_int a - to_int b) } requires { "expl:integer overflow" in_bounds (a - b) } ensures { to_int result = to_int a - to_int b } ensures { result = a - b } val (*) (a:t) (b:t) : t val ( * ) (a:t) (b:t) : t requires { "expl:integer overflow" in_bounds (to_int a * to_int b) } requires { "expl:integer overflow" in_bounds (a * b) } ensures { to_int result = to_int a * to_int b } ensures { result = a * b } val (-_) (a:t) : t val (-_) (a:t) : t requires { "expl:integer overflow" in_bounds (- to_int a) } requires { "expl:integer overflow" in_bounds (- a) } ensures { to_int result = - to_int a } ensures { result = - a } val eq (a:t) (b:t) : bool val eq (a:t) (b:t) : bool ensures { to_int a = to_int b -> result } ensures { to_int a = to_int b -> result } (* leave this to_int ? *) ensures { result -> a = b } ensures { result -> a = b } val ne (a:t) (b:t) : bool val ne (a:t) (b:t) : bool ... ...
 (* module OCaml *) module OCaml (* use export int.Int *) use export int.Int (* use export int.MinMax *) use export int.MinMax (* use export option.Option *) use export option.Option (* use export list.List *) use export list.List (* use export seq.Seq *) use export seq.Seq (* scope Sys *) scope Sys (* constant max_array_length : int *) constant max_array_length : int (* end *) end (* use array.Array *) use array.Array (* type array 'a = Array.array 'a *) type array 'a = Array.array 'a (* end *) end module Sys module Sys ... ...
 module M module M use import mach.int.Int31 use import mach.int.Int63 let f (x: int31) : int let f (x: int63) : int = min_int31 = min_int63 (* use import seq.Seq *) use import seq.Seq use import int.Int (* let function f (y: int) (x: int) : int *) let function f_function (y: int) (x: int) : int (* requires { x >= 0 } *) requires { x >= 0 } (* ensures { result >= 0 } *) ensures { result >= 0 } (* = x *) = x (* let g (ghost z: int) (x: int) : int *) let g (ghost z: int) (x: int) : int (* requires { x > 0 } *) requires { x > 0 } (* ensures { result > 0 } *) ensures { result > 0 } (* = let y = x in *) = let y = x in (* y *) y (* type t 'a 'b 'c 'd *) type t 'a 'b 'c 'd (* type list 'a = Nil | Cons 'a (list 'a) *) type list 'a = Nil | Cons 'a (list 'a) (* type btree 'a = E | N (btree 'a) 'a (btree 'a) *) type btree 'a = E | N (btree 'a) 'a (btree 'a) (* type ntree 'a = Empty | Node 'a (list 'a) *) type ntree 'a = Empty | Node 'a (list 'a) (* type list_int = list int *) type list_int = list int (* type cursor 'a = { *) type cursor 'a = { (* collection : list 'a; *) collection : list 'a; (* index : int; *) index : int; (* mutable index2 : int; *) mutable index2 : int; (* ghost mutable v : seq 'a; *) ghost mutable v : seq 'a; (* } *) } (* type r 'a = { *) type r 'a = { (* aa: 'a; *) aa: 'a; (* ghost i: int; *) ghost i: int; (* } *) } (* (\* let create_cursor (l: list int) (i i2: int) : cursor int = *\) *) (* let create_cursor (l: list int) (i i2: int) : cursor int = *) (* (\* { collection = l; index = i; index2 = i2; v = empty } *\) *) (* { collection = l; index = i; index2 = i2; v = empty } *) (* let create_r (x: int) (y: int) : r int = *) let create_r (x: int) (y: int) : r int = (* { aa = x; i = y } *) { aa = x; i = y } (* use import ref.Ref *) use import ref.Ref (* let update (c: cursor int) : int *) let update (c: cursor int) : int (* = c.index *) = c.index (* exception Empty (list int, int) *) exception Empty (list int, int) (* exception Out_of_bounds int *) exception Out_of_bounds int (* (\* exception are unary constructors *\) *) (* exception are unary constructors *) (* (\* *) (* (* let raise1 () = *) let raise1 () = (* raises { Empty -> true } *) raises { Empty -> true } (* raise (Empty (Nil, 0)) *) raise (Empty (Nil, 0)) (* let raise2 () = *) let raise2 () = (* raises { Empty -> true } *) raises { Empty -> true } (* let p = (Nil, 0) in *) let p = (Nil, 0) in (* raise (Empty p) *) raise (Empty p) (* *\) *) *) (* let rec length (l: list 'a) : int *) let rec length (l: list 'a) : int (* variant { l } *) variant { l } (* = match l with *) = match l with (* | Nil -> 0 *) | Nil -> 0 (* | Cons _ r -> 1 + length r *) | Cons _ r -> 1 + length r (* end *) end (* let t (x:int) : int *) let t (x:int) : int (* requires { false } *) requires { false } (* = absurd *) = absurd (* let a () : unit *) let a () : unit (* = assert { true } *) = assert { true } (* let singleton (x: int) (l: list int) : list int = *) let singleton (x: int) (l: list int) : list int = (* let x = Nil in x *) let x = Nil in x (* (\* FIXME constructors in Why3 can be partially applied *) (* FIXME constructors in Why3 can be partially applied (* => an eta-expansion is needed *) => an eta-expansion is needed (* be careful with side-effects *) be careful with side-effects (* "let c = Cons e in" should be translated to *) "let c = Cons e in" should be translated to (* "let c = let o = e in fun x -> Cons (o, x) in ..." in OCaml *) "let c = let o = e in fun x -> Cons (o, x) in ..." in OCaml (* Mário: I think A-normal form takes care of the side-effects problem *) Mário: I think A-normal form takes care of the side-effects problem (* *\) *) *) (* let constructor1 () = *) let constructor1 () = (* let x = Cons in *) let x = Cons in (* x 42 *) x 42 (* let foofoo (x: int) : int = *) let foofoo (x: int) : int = (* let ghost y = x + 1 in *) let ghost y = x + 1 in (* x *) x (* let test (x: int) : int = *) let test (x: int) : int = (* let y = *) let y = (* let z = x in *) let z = x in (* (ghost z) + 1 *) (ghost z) + 1 (* in 42 *) in 42 (* type list_ghost = Nil2 | Cons2 int list_ghost (ghost int) *) type list_ghost = Nil2 | Cons2 int list_ghost (ghost int) (* let add_list_ghost (x: int) (l: list_ghost) : list_ghost = *) let add_list_ghost (x: int) (l: list_ghost) : list_ghost = (* match l with *) match l with (* | Cons2 _ Nil2 _ | Nil2 -> Cons2 x Nil2 (1+2) *) | Cons2 _ Nil2 _ | Nil2 -> Cons2 x Nil2 (1+2) (* | Cons2 _ _ n -> Cons2 x l (n+1) *) | Cons2 _ _ n -> Cons2 x l (n+1) (* end *) end (* let ggg () : int = 42 *) let ggg () : int = 42 (* let call (x:int) : int = *) let call (x:int) : int = (* ggg () + 42 *) ggg () + 42 (* let test_filter_ghost_args (x: int) (ghost y: int) : int = *) let test_filter_ghost_args (x: int) (ghost y: int) : int = (* x + 42 *) x + 42 (* let test_filter_ghost_args2 (x: int) (ghost y: int) (z: int) : int = *) let test_filter_ghost_args2 (x: int) (ghost y: int) (z: int) : int = (* x + z *) x + z (* let test_filter_ghost_args3 (ghost y: int) : int = *) let test_filter_ghost_args3 (ghost y: int) : int = (* 42 *) 42 (* let test_call (x: int) : int = *) let test_call (x: int) : int = (* test_filter_ghost_args x 0 *) test_filter_ghost_args x 0 (* let many_args (a b c d e f g h i j k l m: int) : int = 42 *) let many_args (a b c d e f g h i j k l m: int) : int = 42 (* let foo (x: int) : int = *) let foo (x: int) : int = (* let _ = 42 in (\* FIXME? print _ in OCaml *\) *) let _ = 42 in (* FIXME? print _ in OCaml *) (* x *) x (* let test_fun (x: int) : int -> int = *) let test_fun (x: int) : int -> int = (* fun (y: int) -> x + y *) fun (y: int) -> x + y (* let test_partial (x: int) : int = *) let test_partial (x: int) : int = (* let partial = test_filter_ghost_args x in *) let partial = test_filter_ghost_args x in (* partial 42 *) partial 42 (* let test_local (x: int) : int = *) let test_local (x: int) : int = (* let fact (x: int) (y: int): int = x + y in *) let fact (x: int) (y: int): int = x + y in (* fact x 42 *) fact x 42 (* let test_lets (x: int) : int = *) let test_lets (x: int) : int = (* let y = x in *) let y = x in (* let z = y + 1 in *) let z = y + 1 in (* let yxz = y * x * z in *) let yxz = y * x * z in (* let xzy = x + z + y in *) let xzy = x + z + y in (* let res = yxz - xzy in *) let res = yxz - xzy in (* res *) res (* let test_partial2 (x: int) : int = *) let test_partial2 (x: int) : int = (* let sum : int -> int -> int = fun x y -> x + y in *) let sum : int -> int -> int = fun x y -> x + y in (* let incr_a (a: int) = sum a in *) let incr_a (a: int) = sum a in (* incr_a x x *) incr_a x x (* let constr_partial (x: int) : list int = *) let constr_partial (x: int) : list int = (* let x = Cons 42 in *) let x = Cons 42 in (* x Nil *) x Nil (* let filter_record (c: cursor 'a) : int = *) let filter_record (c: cursor 'a) : int = (* match c with *) match c with (* | { collection = l; index = i; index2 = i2; v = v} -> i *) | { collection = l; index = i; index2 = i2; v = v} -> i (* end *) end end end ... ...
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!