Complete this form and hit the "Save Changes" button!
No ratings
Are you sure you want to delete this code? Please type DELETE in the box below to confirm.
Are you sure you want to verify this code?
Are you sure you want to publish this code?
Are you sure you want to unpublish this code?
Are you sure you want to autogenerate the summary + description for this code?
xxxxxxxxxx
// RUN: %dafny /compile:3 /print:"%t.print" /dprint:"%t.dprint" "%s" > "%t"
// RUN: %diff "%s.expect" "%t"
method Main()
{
test0(10);
test5(11);
test6(12);
test1();
test2();
}
predicate valid(x:int)
x > 0
function ref1(y:int) : int
requires valid(y);
y - 1
lemma assumption1()
ensures forall a, b :: valid(a) && valid(b) && ref1(a) == ref1(b) ==> a == b;
method test0(a: int)
if ref1.requires(a) {
// the precondition should suffice to let us call the method
ghost var b := ref1(a);
method test5(a: int)
if valid(a) {
// valid(a) is the precondition of ref1
assert ref1.requires(a);
method test6(a: int)
// the precondition of ref1 is valid(a)
assert valid(a);
method test1()
if * {
assert forall a, b :: valid(a) && valid(b) && ref1(a) == ref1(b) ==> a == b;
} else {
assert forall a, b :: ref1.requires(a) && ref1.requires(b) && ref1(a) == ref1(b)
==> a == b;
function {:opaque} ref2(y:int) : int // Now with an opaque attribute
lemma assumption2()
ensures forall a, b :: valid(a) && valid(b) && ref2(a) == ref2(b) ==> a == b;
reveal ref2();
method test2()
assumption2();
assert forall a, b :: valid(a) && valid(b) && ref2(a) == ref2(b) ==> a == b;
assert forall a, b :: ref2.requires(a) && ref2.requires(b) && ref2(a) == ref2(b)
