Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
sav08:assume_guarantee_reasoning_with_procedures [2008/04/09 10:42] vkuncak |
sav08:assume_guarantee_reasoning_with_procedures [2008/04/10 13:44] (current) vkuncak |
||
|---|---|---|---|
| Line 5: | Line 5: | ||
| Given | Given | ||
| - | var x; | + | var x, y; |
| proc P() | proc P() | ||
| - | requires Pre(x) | + | requires Pre(x,y) |
| - | ensures Post(x) | + | ensures Post(x,y) |
| { c } | { c } | ||
| Line 24: | Line 24: | ||
| proc Q() { | proc Q() { | ||
| c1; | c1; | ||
| - | assert Pre(x); | + | assert Pre(x,y); |
| - | ++|havoc x;++ | + | ++|havoc x,y;++ |
| - | assume Post(x); | + | assume Post(x,y); |
| c2; | c2; | ||
| } | } | ||
| Line 33: | Line 33: | ||
| ===== Postconditions that refer to pre state ===== | ===== Postconditions that refer to pre state ===== | ||
| - | proc dec(x) | + | <code> |
| + | var x : int; | ||
| + | |||
| + | proc dec() | ||
| requires x > 0 | requires x > 0 | ||
| ensures x <= (old x) | ensures x <= (old x) | ||
| { x = x - 2; } | { x = x - 2; } | ||
| + | </code> | ||
| + | <code> | ||
| proc Q() | proc Q() | ||
| { | { | ||
| Line 44: | Line 49: | ||
| c2; | c2; | ||
| } | } | ||
| + | </code> | ||
| + | |||
| + | ===== Procedures with Parameters ===== | ||
| - | ===== Handling Parameters ===== | + | One way to derive rules: use assignments to reduce parameters to changes to global state. |