array/matrix: no more get/set_unsafe operations

parent a1e22351
......@@ -104,10 +104,9 @@ theory array.Array
syntax type array "(array %1)"
syntax function get_unsafe "(get %1 %2)"
syntax function ([]) "(get %1 %2)"
syntax function length "(size %1 : int)"
syntax function elts "(get %1)"
syntax function set_unsafe "(set %1 %2 %3)"
(* does not exist anymore
syntax function make "(make %1 %2)"
*)
......@@ -118,11 +117,9 @@ theory matrix.Matrix
syntax type matrix "(matrix %1)"
syntax function get_unsafe "(matrix_get %1 %2 %3)"
syntax function rows "(nrows %1 : int)"
syntax function columns "(ncols %1 : int)"
syntax function elts "(matrix_get_curry %1)"
syntax function set_unsafe "(matrix_set %1 %2 %3)"
(* does not exist anymore
syntax function make "(matrix_make %1 %2)"
*)
......
......@@ -2,11 +2,11 @@
<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
"http://why3.lri.fr/why3session.dtd">
<why3session shape_version="4">
<prover id="4" name="Alt-Ergo" version="0.99.1" timelimit="5" memlimit="1000"/>
<prover id="5" name="CVC4" version="1.4" timelimit="5" memlimit="1000"/>
<prover id="6" name="Z3" version="4.3.2" timelimit="5" memlimit="1000"/>
<prover id="4" name="Alt-Ergo" version="0.99.1" timelimit="5" steplimit="1" memlimit="1000"/>
<prover id="5" name="CVC4" version="1.4" timelimit="5" steplimit="1" memlimit="1000"/>
<prover id="6" name="Z3" version="4.3.2" timelimit="5" steplimit="1" memlimit="1000"/>
<file name="../algo63.mlw" expanded="true">
<theory name="Algo63" sum="11f00ad4a912fe3ea4346c638f71a0ef" expanded="true">
<theory name="Algo63" sum="0cef588c003de6fc6479fa321d82c36a" expanded="true">
<goal name="VC exchange" expl="VC for exchange">
<transf name="split_goal_wp">
<goal name="VC exchange.1" expl="1. index in array bounds">
......@@ -22,7 +22,7 @@
<proof prover="4"><result status="valid" time="0.01" steps="8"/></proof>
</goal>
<goal name="VC exchange.5" expl="5. assertion">
<proof prover="4"><result status="valid" time="0.02" steps="30"/></proof>
<proof prover="4"><result status="valid" time="0.02" steps="28"/></proof>
<proof prover="5"><result status="valid" time="0.04"/></proof>
<proof prover="6"><result status="valid" time="0.01"/></proof>
</goal>
......@@ -88,12 +88,12 @@
<proof prover="4"><result status="valid" time="0.05" steps="128"/></proof>
</goal>
<goal name="VC partition_.18" expl="18. precondition">
<proof prover="4"><result status="valid" time="1.69" steps="666"/></proof>
<proof prover="4"><result status="valid" time="1.37" steps="666"/></proof>
</goal>
<goal name="VC partition_.19" expl="19. precondition">
<proof prover="4"><result status="timeout" time="5.01"/></proof>
<proof prover="5"><result status="timeout" time="5.04"/></proof>
<proof prover="6"><result status="valid" time="0.41"/></proof>
<proof prover="4" obsolete="true"><result status="timeout" time="5.01"/></proof>
<proof prover="5" obsolete="true"><result status="timeout" time="5.04"/></proof>
<proof prover="6"><result status="valid" time="0.06"/></proof>
</goal>
<goal name="VC partition_.20" expl="20. precondition">
<proof prover="4"><result status="valid" time="0.08" steps="129"/></proof>
......@@ -168,15 +168,15 @@
<proof prover="4"><result status="valid" time="0.08" steps="127"/></proof>
</goal>
<goal name="VC partition_.44" expl="44. postcondition">
<proof prover="4"><result status="timeout" time="5.00"/></proof>
<proof prover="6"><result status="valid" time="0.25"/></proof>
<proof prover="4" obsolete="true"><result status="timeout" time="5.00"/></proof>
<proof prover="6"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="VC partition_.45" expl="45. postcondition">
<proof prover="4"><result status="timeout" time="5.00"/></proof>
<proof prover="6"><result status="valid" time="0.42"/></proof>
<proof prover="4" obsolete="true"><result status="timeout" time="5.00"/></proof>
<proof prover="6"><result status="valid" time="0.06"/></proof>
</goal>
<goal name="VC partition_.46" expl="46. postcondition">
<proof prover="4"><result status="valid" time="4.52" steps="1916"/></proof>
<proof prover="4"><result status="valid" time="4.52" steps="1968"/></proof>
</goal>
<goal name="VC partition_.47" expl="47. precondition">
<proof prover="4"><result status="valid" time="0.02" steps="19"/></proof>
......@@ -191,11 +191,11 @@
<proof prover="4"><result status="valid" time="2.03" steps="1129"/></proof>
</goal>
<goal name="VC partition_.51" expl="51. postcondition">
<proof prover="4"><result status="timeout" time="5.00"/></proof>
<proof prover="6"><result status="valid" time="0.31"/></proof>
<proof prover="4" obsolete="true"><result status="timeout" time="5.00"/></proof>
<proof prover="6"><result status="valid" time="0.06"/></proof>
</goal>
<goal name="VC partition_.52" expl="52. postcondition">
<proof prover="4"><result status="valid" time="0.49" steps="329"/></proof>
<proof prover="4"><result status="valid" time="0.49" steps="328"/></proof>
</goal>
<goal name="VC partition_.53" expl="53. postcondition">
<proof prover="4"><result status="valid" time="0.02" steps="18"/></proof>
......@@ -214,7 +214,7 @@
</goal>
</transf>
</goal>
<goal name="VC partition" expl="VC for partition">
<goal name="VC partition" expl="VC for partition" expanded="true">
<transf name="split_goal_wp">
<goal name="VC partition.1" expl="1. precondition">
<proof prover="4"><result status="valid" time="0.01" steps="3"/></proof>
......@@ -226,7 +226,7 @@
<proof prover="4"><result status="valid" time="0.02" steps="8"/></proof>
</goal>
<goal name="VC partition.4" expl="4. postcondition">
<proof prover="4" timelimit="30"><result status="valid" time="19.47" steps="455"/></proof>
<proof prover="4" timelimit="30"><result status="valid" time="14.43" steps="455"/></proof>
</goal>
</transf>
</goal>
......
......@@ -2,64 +2,48 @@
<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
"http://why3.lri.fr/why3session.dtd">
<why3session shape_version="4">
<prover id="1" name="Alt-Ergo" version="0.99.1" timelimit="5" steplimit="1" memlimit="1000"/>
<file name="../algo64.mlw" expanded="true">
<theory name="Algo64" sum="8ab02ef07be464ccc7c31dda9dd33adb" expanded="true">
<goal name="WP_parameter quicksort" expl="VC for quicksort" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter quicksort.1" expl="1. precondition">
<proof prover="1"><result status="valid" time="0.02" steps="5"/></proof>
<prover id="0" name="Alt-Ergo" version="1.01" timelimit="6" memlimit="1000"/>
<file name="../algo64.mlw">
<theory name="Algo64" sum="21130e5024a2be148a1c22eaa59415a8">
<goal name="VC quicksort" expl="VC for quicksort">
<transf name="split_goal_wp">
<goal name="VC quicksort.1" expl="1. precondition">
<proof prover="0"><result status="valid" time="0.00" steps="4"/></proof>
</goal>
<goal name="WP_parameter quicksort.2" expl="2. variant decrease">
<proof prover="1"><result status="valid" time="0.01" steps="9"/></proof>
<goal name="VC quicksort.2" expl="2. variant decrease">
<proof prover="0"><result status="valid" time="0.01" steps="9"/></proof>
</goal>
<goal name="WP_parameter quicksort.3" expl="3. precondition">
<proof prover="1"><result status="valid" time="0.01" steps="9"/></proof>
<goal name="VC quicksort.3" expl="3. precondition">
<proof prover="0"><result status="valid" time="0.01" steps="9"/></proof>
</goal>
<goal name="WP_parameter quicksort.4" expl="4. assertion">
<proof prover="1"><result status="valid" time="0.14" steps="131"/></proof>
<goal name="VC quicksort.4" expl="4. assertion">
<proof prover="0"><result status="valid" time="0.06" steps="217"/></proof>
</goal>
<goal name="WP_parameter quicksort.5" expl="5. variant decrease">
<proof prover="1"><result status="valid" time="0.02" steps="13"/></proof>
<goal name="VC quicksort.5" expl="5. variant decrease">
<proof prover="0"><result status="valid" time="0.01" steps="13"/></proof>
</goal>
<goal name="WP_parameter quicksort.6" expl="6. precondition">
<proof prover="1"><result status="valid" time="0.02" steps="13"/></proof>
<goal name="VC quicksort.6" expl="6. precondition">
<proof prover="0"><result status="valid" time="0.01" steps="13"/></proof>
</goal>
<goal name="WP_parameter quicksort.7" expl="7. assertion">
<proof prover="1"><result status="valid" time="2.95" steps="657"/></proof>
<goal name="VC quicksort.7" expl="7. assertion">
<proof prover="0"><result status="valid" time="0.11" steps="285"/></proof>
</goal>
<goal name="WP_parameter quicksort.8" expl="8. postcondition">
<proof prover="1"><result status="valid" time="0.53" steps="315"/></proof>
<goal name="VC quicksort.8" expl="8. postcondition">
<proof prover="0"><result status="valid" time="0.11" steps="244"/></proof>
</goal>
<goal name="WP_parameter quicksort.9" expl="9. postcondition">
<proof prover="1"><result status="valid" time="0.16" steps="95"/></proof>
<goal name="VC quicksort.9" expl="9. postcondition">
<proof prover="0"><result status="valid" time="0.06" steps="116"/></proof>
</goal>
<goal name="WP_parameter quicksort.10" expl="10. postcondition">
<proof prover="1"><result status="valid" time="0.01" steps="13"/></proof>
<goal name="VC quicksort.10" expl="10. postcondition">
<proof prover="0"><result status="valid" time="0.01" steps="13"/></proof>
</goal>
<goal name="WP_parameter quicksort.11" expl="11. postcondition">
<proof prover="1"><result status="valid" time="0.02" steps="9"/></proof>
<goal name="VC quicksort.11" expl="11. postcondition">
<proof prover="0"><result status="valid" time="0.00" steps="6"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter qs" expl="VC for qs">
<transf name="split_goal_wp">
<goal name="WP_parameter qs.1" expl="1. precondition">
<proof prover="1"><result status="valid" time="0.02" steps="2"/></proof>
</goal>
<goal name="WP_parameter qs.2" expl="2. postcondition">
<proof prover="1"><result status="valid" time="0.02" steps="17"/></proof>
</goal>
<goal name="WP_parameter qs.3" expl="3. postcondition">
<proof prover="1"><result status="valid" time="0.02" steps="6"/></proof>
</goal>
<goal name="WP_parameter qs.4" expl="4. postcondition">
<proof prover="1"><result status="valid" time="0.01" steps="5"/></proof>
</goal>
<goal name="WP_parameter qs.5" expl="5. postcondition">
<proof prover="1"><result status="valid" time="0.01" steps="6"/></proof>
</goal>
</transf>
<goal name="VC qs" expl="VC for qs">
<proof prover="0"><result status="valid" time="0.01" steps="28"/></proof>
</goal>
</theory>
</file>
......
......@@ -20,7 +20,7 @@ module Algo65
(* algorithm 63 *)
val partition (a:array int) (m n: int) (i j: ref int) (ghost x: ref int) :
val partition (a: array int) (m n: int) (i j: ref int) (ghost x: ref int) :
unit
requires { 0 <= m < n < length a }
writes { a, i, j }
......@@ -32,7 +32,7 @@ module Algo65
(* Algorithm 65 (fixed version) *)
let rec find (a:array int) (m n:int) (k:int) : unit
let rec find (a: array int) (m n: int) (k: int) : unit
requires { 0 <= m <= k <= n < length a }
variant { n - m }
ensures { permut_sub (old a) a m (n+1) }
......
......@@ -2,137 +2,11 @@
<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
"http://why3.lri.fr/why3session.dtd">
<why3session shape_version="4">
<prover id="1" name="Alt-Ergo" version="0.99.1" timelimit="5" steplimit="1" memlimit="1000"/>
<prover id="0" name="Alt-Ergo" version="1.01" timelimit="6" steplimit="1" memlimit="1000"/>
<file name="../algo65.mlw" expanded="true">
<theory name="Algo65" sum="83b400a3fbe590385036b24b91ab4989" expanded="true">
<goal name="WP_parameter find" expl="VC for find" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter find.1" expl="1. precondition">
<proof prover="1"><result status="valid" time="0.00" steps="6"/></proof>
</goal>
<goal name="WP_parameter find.2" expl="2. variant decrease">
<proof prover="1"><result status="valid" time="0.00" steps="11"/></proof>
</goal>
<goal name="WP_parameter find.3" expl="3. precondition">
<proof prover="1"><result status="valid" time="0.01" steps="11"/></proof>
</goal>
<goal name="WP_parameter find.4" expl="4. assertion">
<proof prover="1"><result status="valid" time="0.01" steps="20"/></proof>
</goal>
<goal name="WP_parameter find.5" expl="5. assertion">
<proof prover="1"><result status="valid" time="0.02" steps="96"/></proof>
</goal>
<goal name="WP_parameter find.6" expl="6. assertion" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter find.6.1" expl="1. assertion" expanded="true">
<proof prover="1" timelimit="6"><result status="valid" time="0.57" steps="248"/></proof>
</goal>
<goal name="WP_parameter find.6.2" expl="2. assertion">
<proof prover="1"><result status="valid" time="0.35" steps="143"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter find.7" expl="7. variant decrease">
<proof prover="1"><result status="valid" time="0.02" steps="14"/></proof>
</goal>
<goal name="WP_parameter find.8" expl="8. precondition">
<proof prover="1"><result status="valid" time="0.01" steps="14"/></proof>
</goal>
<goal name="WP_parameter find.9" expl="9. assertion">
<proof prover="1"><result status="valid" time="0.01" steps="16"/></proof>
</goal>
<goal name="WP_parameter find.10" expl="10. assertion">
<proof prover="1"><result status="valid" time="0.02" steps="19"/></proof>
</goal>
<goal name="WP_parameter find.11" expl="11. assertion">
<proof prover="1"><result status="valid" time="0.02" steps="19"/></proof>
</goal>
<goal name="WP_parameter find.12" expl="12. postcondition">
<proof prover="1"><result status="valid" time="0.02" steps="17"/></proof>
</goal>
<goal name="WP_parameter find.13" expl="13. postcondition">
<proof prover="1"><result status="valid" time="0.03" steps="19"/></proof>
</goal>
<goal name="WP_parameter find.14" expl="14. postcondition">
<proof prover="1"><result status="valid" time="0.03" steps="19"/></proof>
</goal>
<goal name="WP_parameter find.15" expl="15. assertion">
<proof prover="1"><result status="valid" time="0.02" steps="45"/></proof>
</goal>
<goal name="WP_parameter find.16" expl="16. assertion">
<proof prover="1"><result status="valid" time="0.38" steps="320"/></proof>
</goal>
<goal name="WP_parameter find.17" expl="17. postcondition">
<proof prover="1"><result status="valid" time="0.02" steps="96"/></proof>
</goal>
<goal name="WP_parameter find.18" expl="18. postcondition">
<proof prover="1"><result status="valid" time="0.02" steps="32"/></proof>
</goal>
<goal name="WP_parameter find.19" expl="19. postcondition">
<proof prover="1"><result status="valid" time="0.31" steps="170"/></proof>
</goal>
<goal name="WP_parameter find.20" expl="20. assertion">
<proof prover="1"><result status="valid" time="0.02" steps="29"/></proof>
</goal>
<goal name="WP_parameter find.21" expl="21. assertion">
<proof prover="1"><result status="valid" time="0.05" steps="38"/></proof>
</goal>
<goal name="WP_parameter find.22" expl="22. variant decrease">
<proof prover="1"><result status="valid" time="0.02" steps="13"/></proof>
</goal>
<goal name="WP_parameter find.23" expl="23. precondition">
<proof prover="1"><result status="valid" time="0.02" steps="13"/></proof>
</goal>
<goal name="WP_parameter find.24" expl="24. assertion">
<proof prover="1"><result status="valid" time="0.02" steps="25"/></proof>
</goal>
<goal name="WP_parameter find.25" expl="25. assertion">
<proof prover="1"><result status="valid" time="0.04" steps="163"/></proof>
</goal>
<goal name="WP_parameter find.26" expl="26. assertion" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter find.26.1" expl="1. assertion" expanded="true">
<proof prover="1" timelimit="6"><result status="valid" time="0.67" steps="380"/></proof>
</goal>
<goal name="WP_parameter find.26.2" expl="2. assertion">
<proof prover="1"><result status="valid" time="0.25" steps="113"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter find.27" expl="27. postcondition">
<proof prover="1"><result status="valid" time="0.01" steps="87"/></proof>
</goal>
<goal name="WP_parameter find.28" expl="28. postcondition">
<proof prover="1"><result status="valid" time="0.19" steps="110"/></proof>
</goal>
<goal name="WP_parameter find.29" expl="29. postcondition">
<proof prover="1"><result status="valid" time="0.02" steps="32"/></proof>
</goal>
<goal name="WP_parameter find.30" expl="30. assertion">
<proof prover="1"><result status="valid" time="0.02" steps="13"/></proof>
</goal>
<goal name="WP_parameter find.31" expl="31. assertion">
<proof prover="1"><result status="valid" time="0.04" steps="38"/></proof>
</goal>
<goal name="WP_parameter find.32" expl="32. postcondition">
<proof prover="1"><result status="valid" time="0.02" steps="13"/></proof>
</goal>
<goal name="WP_parameter find.33" expl="33. postcondition">
<proof prover="1"><result status="valid" time="0.01" steps="35"/></proof>
</goal>
<goal name="WP_parameter find.34" expl="34. postcondition">
<proof prover="1" timelimit="15"><result status="valid" time="0.03" steps="33"/></proof>
</goal>
<goal name="WP_parameter find.35" expl="35. postcondition">
<proof prover="1"><result status="valid" time="0.02" steps="14"/></proof>
</goal>
<goal name="WP_parameter find.36" expl="36. postcondition">
<proof prover="1"><result status="valid" time="0.02" steps="8"/></proof>
</goal>
<goal name="WP_parameter find.37" expl="37. postcondition">
<proof prover="1"><result status="valid" time="0.01" steps="8"/></proof>
</goal>
</transf>
<theory name="Algo65" sum="9534961d2656c4644acd5f2173995f2a" expanded="true">
<goal name="VC find" expl="VC for find" expanded="true">
<proof prover="0"><result status="valid" time="4.01" steps="6656"/></proof>
</goal>
</theory>
</file>
......
......@@ -14,7 +14,7 @@ module AllDistinct
exception Duplicate
let all_distinct (a: array int) (m:int) : bool
let all_distinct (a: array int) (m: int) : bool
requires { 0 <= m }
requires { forall i: int. 0 <= i < length a -> 0 <= a[i] < m }
ensures { result <-> forall i j: int. 0 <= i < length a ->
......
......@@ -2,46 +2,38 @@
<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
"http://why3.lri.fr/why3session.dtd">
<why3session shape_version="4">
<prover id="1" name="Alt-Ergo" version="0.99.1" timelimit="6" steplimit="1" memlimit="1000"/>
<prover id="0" name="Alt-Ergo" version="1.01" timelimit="6" steplimit="1" memlimit="1000"/>
<file name="../all_distinct.mlw" expanded="true">
<theory name="AllDistinct" sum="3b44ec37df3232d188580bcf31db876f" expanded="true">
<goal name="WP_parameter all_distinct" expl="VC for all_distinct" expanded="true">
<theory name="AllDistinct" sum="a41b03c7310badbe67937c261148930c" expanded="true">
<goal name="VC all_distinct" expl="VC for all_distinct" expanded="true">
<proof prover="0"><result status="valid" time="0.09" steps="244"/></proof>
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter all_distinct.1" expl="1. array creation size" expanded="true">
<proof prover="1"><result status="valid" time="0.02" steps="2"/></proof>
<goal name="VC all_distinct.1" expl="1. array creation size">
<proof prover="0"><result status="valid" time="0.00" steps="1"/></proof>
</goal>
<goal name="WP_parameter all_distinct.2" expl="2. postcondition" expanded="true">
<proof prover="1"><result status="valid" time="0.01" steps="8"/></proof>
<goal name="VC all_distinct.2" expl="2. loop invariant init">
<proof prover="0"><result status="valid" time="0.00" steps="3"/></proof>
</goal>
<goal name="WP_parameter all_distinct.3" expl="3. loop invariant init" expanded="true">
<proof prover="1"><result status="valid" time="0.02" steps="8"/></proof>
<goal name="VC all_distinct.3" expl="3. loop invariant init">
<proof prover="0"><result status="valid" time="0.00" steps="8"/></proof>
</goal>
<goal name="WP_parameter all_distinct.4" expl="4. loop invariant init" expanded="true">
<proof prover="1"><result status="valid" time="0.02" steps="10"/></proof>
<goal name="VC all_distinct.4" expl="4. index in array bounds">
<proof prover="0"><result status="valid" time="0.00" steps="5"/></proof>
</goal>
<goal name="WP_parameter all_distinct.5" expl="5. index in array bounds" expanded="true">
<proof prover="1"><result status="valid" time="0.02" steps="7"/></proof>
<goal name="VC all_distinct.5" expl="5. index in array bounds">
<proof prover="0"><result status="valid" time="0.00" steps="18"/></proof>
</goal>
<goal name="WP_parameter all_distinct.6" expl="6. type invariant" expanded="true">
<proof prover="1"><result status="valid" time="0.02" steps="7"/></proof>
<goal name="VC all_distinct.6" expl="6. index in array bounds">
<proof prover="0"><result status="valid" time="0.01" steps="19"/></proof>
</goal>
<goal name="WP_parameter all_distinct.7" expl="7. index in array bounds" expanded="true">
<proof prover="1"><result status="valid" time="0.01" steps="10"/></proof>
<goal name="VC all_distinct.7" expl="7. loop invariant preservation">
<proof prover="0"><result status="valid" time="0.01" steps="53"/></proof>
</goal>
<goal name="WP_parameter all_distinct.8" expl="8. postcondition" expanded="true">
<proof prover="1"><result status="valid" time="0.01" steps="15"/></proof>
<goal name="VC all_distinct.8" expl="8. loop invariant preservation">
<proof prover="0"><result status="valid" time="0.01" steps="55"/></proof>
</goal>
<goal name="WP_parameter all_distinct.9" expl="9. index in array bounds" expanded="true">
<proof prover="1"><result status="valid" time="0.02" steps="10"/></proof>
</goal>
<goal name="WP_parameter all_distinct.10" expl="10. loop invariant preservation" expanded="true">
<proof prover="1"><result status="valid" time="0.02" steps="36"/></proof>
</goal>
<goal name="WP_parameter all_distinct.11" expl="11. loop invariant preservation" expanded="true">
<proof prover="1"><result status="valid" time="0.02" steps="34"/></proof>
</goal>
<goal name="WP_parameter all_distinct.12" expl="12. postcondition" expanded="true">
<proof prover="1"><result status="valid" time="0.02" steps="17"/></proof>
<goal name="VC all_distinct.9" expl="9. postcondition">
<proof prover="0"><result status="valid" time="0.01" steps="42"/></proof>
</goal>
</transf>
</goal>
......
......@@ -5,11 +5,11 @@ module TestMatrix
let test1 () =
let m1 = make 3 3 2 in
assert { get_unsafe m1 0 0 = 2 };
assert { m1.elts 0 0 = 2 };
set m1 0 0 4;
assert { get_unsafe m1 0 0 = 4 };
assert { get_unsafe m1 0 1 = 2 };
assert { get_unsafe m1 1 0 = 2 };
assert { m1.elts 0 0 = 4 };
assert { m1.elts 0 1 = 2 };
assert { m1.elts 1 0 = 2 };
()
end
......
......@@ -17,15 +17,7 @@ module Array
length : int
} invariant { 0 <= length }
val ghost function get_unsafe (a: array 'a) (i: int) : 'a
ensures { result = M.get a.elts i }
val ghost function set_unsafe (a: array 'a) (i: int) (v: 'a) : array 'a
ensures { result.elts = M.set a.elts i v /\ result.length = a.length }
(** syntactic sugar *)
function ([]) (a: array 'a) (i: int) : 'a = get_unsafe a i
function ([<-]) (a: array 'a) (i: int) (v: 'a) : array 'a = set_unsafe a i v
function ([]) (a: array 'a) (i: int) : 'a = M.get a.elts i
val ([]) (a: array 'a) (i: int) : 'a
requires { "expl:index in array bounds" 0 <= i < length a }
......@@ -33,7 +25,7 @@ module Array
val ([]<-) (a: array 'a) (i: int) (v: 'a) : unit writes {a}
requires { "expl:index in array bounds" 0 <= i < length a }
ensures { a.elts = M.set (old a.elts) i v }
ensures { a.elts = (old a.elts)[i <- v] }
(** unsafe get/set operations with no precondition *)
exception OutOfBounds
......@@ -45,7 +37,7 @@ module Array
a[i]
let defensive_set (a: array 'a) (i: int) (v: 'a)
ensures { 0 <= i < length a /\ a = old a[i <- v] }
ensures { 0 <= i < length a /\ a.elts = (old a.elts)[i <- v] }
raises { OutOfBounds -> i < 0 \/ i >= length a /\ a = old a }
= if i < 0 || i >= length a then raise OutOfBounds;
a[i] <- v
......
......@@ -6,44 +6,36 @@ module Matrix
use import map.Map as M
type matrix 'a = private {
ghost mutable elts: map int (map int 'a);
ghost mutable elts: int -> int -> 'a;
rows: int;
columns: int
} invariant { 0 <= rows /\ 0 <= columns }
val ghost function get_unsafe (a: matrix 'a) (r c: int) : 'a
ensures { result = M.get (M.get a.elts r) c }
val ghost function set_unsafe (a: matrix 'a) (r c: int) (v: 'a) : matrix 'a
ensures {
result.rows = a.rows /\ result.columns = a.columns /\
result.elts = M.set a.elts r (M.set (M.get a.elts r) c v) }
predicate valid_index (a: matrix 'a) (r c: int) =
0 <= r < a.rows /\ 0 <= c < a.columns
val get (a: matrix 'a) (r c: int) : 'a
requires { "expl:index in array bounds" valid_index a r c }
ensures { result = get_unsafe a r c }
ensures { result = a.elts r c }
val set (a: matrix 'a) (r c: int) (v: 'a) : unit
requires { "expl:index in array bounds" valid_index a r c }
writes { a }
ensures { a.elts = M.set (old a.elts) r (M.set (M.get (old a.elts) r) c v)}
ensures { a.elts = (old a.elts)[r <- (old a.elts r)[c <- v]] }
(** unsafe get/set operations with no precondition *)
exception OutOfBounds
let defensive_get (a: matrix 'a) (r c: int) : 'a
ensures { "expl:index in array bounds" valid_index a r c }
ensures { result = get_unsafe a r c }
ensures { result = a.elts r c }
raises { OutOfBounds -> not (valid_index a r c) }
= if r < 0 || r >= a.rows || c < 0 || c >= a.columns then raise OutOfBounds;
get a r c
let defensive_set (a: matrix 'a) (r c: int) (v: 'a) : unit
ensures { "expl:index in array bounds" valid_index a r c }
ensures { a.elts = M.set (old a.elts) r (M.set (M.get (old a.elts) r) c v)}
ensures { a.elts = (old a.elts)[r <- (old a.elts r)[c <- v]] }
raises { OutOfBounds -> not (valid_index a r c) /\ a = old a }
= if r < 0 || r >= a.rows || c < 0 || c >= a.columns then raise OutOfBounds;
set a r c v
......@@ -53,12 +45,12 @@ module Matrix
ensures { result.rows = r }
ensures { result.columns = c }
ensures {
forall i j. 0 <= i < r /\ 0 <= j < c -> get_unsafe result i j = v }
forall i j. 0 <= i < r /\ 0 <= j < c -> result.elts i j = v }
val copy (a: matrix 'a) : matrix 'a
ensures { result.rows = a.rows /\ result.columns = a.columns }
ensures { forall r:int. 0 <= r < result.rows ->
forall c:int. 0 <= c < result.columns ->
get_unsafe result r c = get_unsafe a r c }
result.elts r c = a.elts r c }
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment