Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
sav08:assume_guarantee_reasoning_with_procedures [2008/04/09 10:39] vkuncak |
sav08:assume_guarantee_reasoning_with_procedures [2008/04/10 13:38] vkuncak |
||
---|---|---|---|
Line 4: | Line 4: | ||
Given | Given | ||
+ | |||
+ | var x, y; | ||
proc P() | proc P() | ||
- | requires Pre(x) | + | requires Pre(x,y) |
- | ensures Post(x) | + | ensures Post(x,y) |
{ c } | { c } | ||
Line 22: | Line 24: | ||
proc Q() { | proc Q() { | ||
c1; | c1; | ||
- | assert Pre(x); | + | assert Pre(x,y); |
- | ++|havoc x;++ | + | ++|havoc x,y;++ |
- | assume Post(x); | + | assume Post(x,y); |
c2; | c2; | ||
} | } | ||
++++ | ++++ | ||
+ | ===== Postconditions that refer to pre state ===== | ||
+ | |||
+ | <code> | ||
+ | var x : int; | ||
+ | |||
+ | proc dec() | ||
+ | requires x > 0 | ||
+ | ensures x <= (old x) | ||
+ | { x = x - 2; } | ||
+ | </code> | ||
+ | |||
+ | <code> | ||
+ | proc Q() | ||
+ | { | ||
+ | c1; | ||
+ | dec(); | ||
+ | c2; | ||
+ | } | ||
+ | </code> | ||
- | ===== Handling Parameters ===== | + | ===== Procedures with Parameters ===== |