-
Notifications
You must be signed in to change notification settings - Fork 1
/
ClassesVersusTraits.dfy
52 lines (47 loc) · 1.5 KB
/
ClassesVersusTraits.dfy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
class ArrayElementInitializer {
predicate Valid(i: int, a: object)
reads this
method Init(i: int) returns (a: object)
modifies this
ensures Valid(i, a)
ensures forall x, y :: old(allocated(y)) && old(Valid(x, y)) ==> Valid(x, y)
}
method InitializeArray(aei: ArrayElementInitializer, a: array<object>)
requires aei != null && a != null
modifies a, aei
ensures forall x :: 0 <= x < a.Length ==> aei.Valid(x, a[x])
{
var i := 0;
while i < a.Length
modifies a, aei
invariant 0 <= i <= a.Length
invariant forall x :: 0 <= x < i ==> aei.Valid(x, a[x])
{
a[i] := aei.Init(i);
i := i + 1;
}
}
////////////////////////////////////////////////////////////////////////////////
trait TraitArrayElementInitializer {
predicate Valid(i: int, a: object)
reads this
method Init(i: int) returns (a: object)
modifies this
ensures Valid(i, a)
ensures forall x, y :: old(allocated(y)) && old(Valid(x, y)) ==> Valid(x, y)
}
method TraitInitializeArray(aei: TraitArrayElementInitializer, a: array<object>)
requires aei != null && a != null
modifies a, aei
ensures forall x :: 0 <= x < a.Length ==> aei.Valid(x, a[x])
{
var i := 0;
while i < a.Length
modifies a, aei
invariant 0 <= i <= a.Length
invariant forall x :: 0 <= x < i ==> aei.Valid(x, a[x])
{
a[i] := aei.Init(i);
i := i + 1;
}
}