Commit adf731d8 authored by Guillaume Melquiond's avatar Guillaume Melquiond

Fix some syntax errors in examples.

parent 57d1a4be
......@@ -13,8 +13,8 @@ module BigNum
use import int.Int
use import list.List
constant base: int
axiom base_gt1: base > 1
val constant base: int
ensures { result > 1 }
type digit = int
type num = list digit
......
......@@ -19,7 +19,7 @@ module BinomialHeap
type elt
predicate le elt elt
val predicate le elt elt
clone relations.TotalPreOrder with type t = elt, predicate rel = le
(** Trees.
......@@ -168,8 +168,7 @@ module BinomialHeap
let is_empty (h: heap) : bool
ensures { result <-> h = Nil }
=
h = Nil
= match h with Nil -> true | _ -> false end
let get_min (h: heap) : elt
requires { heaps h }
......@@ -193,7 +192,7 @@ module BinomialHeap
aux t.elem l
end
function link (t1 t2: tree) : tree =
let function link (t1 t2: tree) : tree =
if le t1.elem t2.elem then
{ elem = t1.elem; rank = t1.rank + 1; children = Cons t2 t1.children }
else
......
......@@ -54,7 +54,13 @@ module CoincidenceCountAnyType
use list.Mem as L
use import int.Int
clone import relations.TotalStrictOrder
type t
val predicate eq (x y : t)
ensures { result <-> x = y }
val predicate rel (x y : t)
clone import relations.TotalStrictOrder with type t, predicate rel
clone export list.Sorted
with type t = t, predicate le = rel, goal Transitive.Trans
......@@ -67,7 +73,7 @@ module CoincidenceCountAnyType
=
match a, b with
| Cons ha ta, Cons hb tb ->
if ha = hb then
if eq ha hb then
add ha (coincidence_count ta tb)
else if rel ha hb then
coincidence_count ta b
......
......@@ -33,7 +33,7 @@ module Esterel
ghost mdl: set int; (* its interpretation as a set *)
}
invariant {
forall i: int. (0 <= i < size /\ nth self.bv i) <-> mem i self.mdl
forall i: int. (0 <= i < size /\ nth bv i) <-> mem i mdl
}
......
......@@ -441,42 +441,47 @@ module KodaRuskey
assert { not (mem_stack i st') };
let ghost visited1 = !visited in
if bits[i] = White then begin
'A: enum bits f0 (Cons f2 st');
label A in
enum bits f0 (Cons f2 st');
assert { sub st f0 bits.elts };
let ghost bits1 = map_of_array bits in
let ghost visited2 = !visited in
'B: bits[i] <- Black;
label B in
bits[i] <- Black;
assert { sub st f0 bits.elts };
assert { white_forest f1 bits.elts };
assert { unchanged (Cons f2 st') (at bits 'B).elts bits.elts};
assert { inverse (Cons f2 st') (at bits 'A).elts bits.elts };
'C: enum bits f0 (Cons f1 (Cons f2 st'));
assert { unchanged (Cons f2 st') (bits at B).elts bits.elts};
assert { inverse (Cons f2 st') (bits at A).elts bits.elts };
label C in
enum bits f0 (Cons f1 (Cons f2 st'));
assert { bits[i] = Black };
assert { final_forest f1 bits.elts };
assert { if not (even_forest f1)
then inverse (Cons f2 st') (at bits 'C).elts bits.elts &&
then inverse (Cons f2 st') (bits at C).elts bits.elts &&
white_forest f2 bits.elts
else unchanged (Cons f2 st') (at bits 'C).elts bits.elts &&
else unchanged (Cons f2 st') (bits at C).elts bits.elts &&
final_forest f2 bits.elts };
ghost stored_trans1 f0 bits1 (map_of_array bits)
i f1 f2 st' visited1 visited2 !visited
end else begin
assert { if not (even_forest f1) then white_forest f2 bits.elts
else final_forest f2 bits.elts };
'A: enum bits f0 (Cons f1 (Cons f2 st'));
label A in
enum bits f0 (Cons f1 (Cons f2 st'));
assert { sub st f0 bits.elts };
let ghost bits1 = map_of_array bits in
let ghost visited2 = !visited in
'B: bits[i] <- White;
label B in
bits[i] <- White;
assert { unchanged (Cons f1 (Cons f2 st'))
(at bits 'B).elts bits.elts };
(bits at B).elts bits.elts };
assert { inverse (Cons f1 (Cons f2 st'))
(at bits 'A).elts bits.elts };
(bits at A).elts bits.elts };
assert { sub st f0 bits.elts };
assert { if even_forest f1 || even_forest f2
then unchanged st' (at bits 'A).elts bits.elts
else inverse st' (at bits 'A).elts bits.elts };
'C: enum bits f0 (Cons f2 st');
then unchanged st' (bits at A).elts bits.elts
else inverse st' (bits at A).elts bits.elts };
enum bits f0 (Cons f2 st');
assert { bits[i] = White };
assert { white_forest f bits.elts };
ghost stored_trans2 f0 bits1 (map_of_array bits)
......
......@@ -32,12 +32,12 @@ module FastExponentiation
while !e > 0 do
invariant { 0 <= !e /\ !r * power !p !e = power x n }
variant { !e }
'L:
label L in
if mod !e 2 = 1 then r := !r * !p;
p := !p * !p;
e := div !e 2;
assert { power !p !e =
let x = power (at !p 'L) !e in x * x }
let x = power (!p at L) !e in x * x }
done;
!r
......
......@@ -42,7 +42,7 @@ module Memory
(** Memory blocks have two parts: a marking part containing in particular
Schorr-Waite internal management data, and a sequence of pointers
to other memory blocks. *)
type memory model {
type memory = abstract {
(** Associate block size to location. *)
block_size : map loc int;
(** Pointers to other memory blocks. *)
......
......@@ -64,11 +64,12 @@ module Memory
use import map.Map
(** [loc] is the type of memory locations (e.g pointers) *)
type loc
val predicate eq (x y:loc) ensures { result <-> x = y }
(** Kinds of pointer fields. *)
type kind = Parent | Left | Right
(** Convenience alias for a pointer field table. *)
type pmem = map kind (map loc loc)
type memory model {
type memory = abstract {
mutable accessor : pmem;
mutable mark : map loc bool;
}
......@@ -109,7 +110,7 @@ module Memory
(** Non-deterministic initialization. In the original alorithm,
the variable y starts uninitialized. *)
type non_det_magic
type non_det model { mutable non_det_field : non_det_magic }
type non_det = abstract { mutable non_det_field : non_det_magic }
val non_det : non_det
val anyloc () : loc writes { non_det }
......@@ -214,7 +215,7 @@ module TreeShape
= match t with
| Empty -> ()
| Node l _ r ->
if c2 = c then (unicity memo t t0 c p2 p;absurd);
if eq c2 c then (unicity memo t t0 c p2 p;absurd);
aux l (memo[Left][c2]) c2; aux r (memo[Right][c2]) c2
end in
aux lf (memo[Left][c]) c; aux rg (memo[Right][c]) c
......@@ -374,13 +375,13 @@ module Recursive
let ghost _c = !x in
let _lf = get_acc Left !x in
let _rg = get_acc Right !x in
let ghost (lf, rg) = match t with
let (lf, rg) = ghost match t with
| Empty -> absurd
| Node l _ r -> (l, r)
end in
(ghost not_below mem0 lf rg _c !z);
bloc mem0 GoLeft;
let b = abstract ensures { result <-> _lf = null /\ _rg = null }
let b = begin ensures { result <-> _lf = null /\ _rg = null }
ensures { result -> lf = Empty /\ rg = Empty }
is_null _lf && is_null _rg end in
if not b then begin
......@@ -394,13 +395,13 @@ module Recursive
in
let ghost mem0 = get_all_accs () in
try aux t;
'I:
loop
invariant { memo = at memo 'I }
label I in
while true do
invariant { memo = (memo at I) }
invariant { rotated mem0 memo.accessor Finish !x /\ !entered }
variant { 0 }
bloc mem0 Finish
end
done
with Stop -> (ghost ext_cur mem0 t root (null ())); () end
end
......@@ -645,7 +646,7 @@ module Iterative
let ghost st = ref Bottom in
ghost opening t t stop stop st;
let entered = ref false in (* encode do-while loop. *)
while not(abstract ensures { result <-> !x = null }
while not (begin ensures { result <-> !x = null }
!entered && is_null !x end)
do (* ==> do { BODY } while(x != null); *)
invariant { !x = null -> !entered }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment