Mentions légales du service

Skip to content
Snippets Groups Projects
Commit 4c0b7fc9 authored by Jean-Christophe Filliâtre's avatar Jean-Christophe Filliâtre
Browse files

ring buffer example: cleaning up

parent 56754c0c
No related branches found
No related tags found
No related merge requests found
Expand all Hide whitespace changes
Inline Side-by-side
examples/vstte12_ring_buffer.mlw
+ 20
15
View file @ 4c0b7fc9
...@@ -39,41 +39,46 @@ module RingBuffer ...@@ -39,41 +39,46 @@ module RingBuffer
(* code *) (* code *)
let create (n: int) (dummy: 'a) let create (n: int) (dummy: 'a) : buffer 'a
requires { n > 0 } requires { n > 0 }
ensures { size result = n /\ result.sequence = Nil } ensures { size result = n }
ensures { result.sequence = Nil }
= { first = 0; len = 0; data = make n dummy; sequence = Nil } = { first = 0; len = 0; data = make n dummy; sequence = Nil }
let length (b: buffer 'a) let length (b: buffer 'a) : int
ensures { result = length b } ensures { result = length b }
= b.len = b.len
let clear (b: buffer 'a) let clear (b: buffer 'a) : unit
ensures { length b = 0 /\ b.sequence = Nil } writes { b.len, b.sequence }
ensures { length b = 0 }
ensures { b.sequence = Nil }
= ghost b.sequence <- Nil; = ghost b.sequence <- Nil;
b.len <- 0 b.len <- 0
let push (b: buffer 'a) (x: 'a) let push (b: buffer 'a) (x: 'a) : unit
requires { length b < size b } requires { length b < size b }
ensures { length b = (old (length b)) + 1 /\ writes { b.data.elts, b.len, b.sequence }
b.sequence = (old b.sequence) ++ Cons x Nil } ensures { length b = (old (length b)) + 1 }
ensures { b.sequence = (old b.sequence) ++ Cons x Nil }
= ghost b.sequence <- b.sequence ++ Cons x Nil; = ghost b.sequence <- b.sequence ++ Cons x Nil;
let i = b.first + b.len in let i = b.first + b.len in
let n = Array.length b.data in let n = Array.length b.data in
b.data[if i >= n then i - n else i] <- x; b.data[if i >= n then i - n else i] <- x;
b.len <- b.len + 1 b.len <- b.len + 1
let head (b: buffer 'a) let head (b: buffer 'a) : 'a
requires { length b > 0 } requires { length b > 0 }
ensures { match b.sequence with Nil -> false | Cons x _ -> result = x end } ensures { match b.sequence with Nil -> false | Cons x _ -> result = x end }
= b.data[b.first] = b.data[b.first]
let pop (b: buffer 'a) let pop (b: buffer 'a) : 'a
requires { length b > 0 } requires { length b > 0 }
ensures { length b = (old (length b)) - 1 /\ writes { b.first, b.len, b.sequence }
match old b.sequence with ensures { length b = (old (length b)) - 1 }
| Nil -> false ensures { match old b.sequence with
| Cons x l -> result = x /\ b.sequence = l end } | Nil -> false
| Cons x l -> result = x /\ b.sequence = l end }
= ghost match b.sequence with Nil -> absurd | Cons _ s -> b.sequence <- s end; = ghost match b.sequence with Nil -> absurd | Cons _ s -> b.sequence <- s end;
let r = b.data[b.first] in let r = b.data[b.first] in
b.len <- b.len - 1; b.len <- b.len - 1;
......
examples/vstte12_ring_buffer/why3session.xml
+ 282
286
View file @ 4c0b7fc9
This diff is collapsed.
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment