Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
sav08:assume_guarantee_reasoning_with_procedures [2008/04/09 10:43] vkuncak |
sav08:assume_guarantee_reasoning_with_procedures [2008/04/10 13:44] (current) vkuncak |
||
|---|---|---|---|
| Line 5: | Line 5: | ||
| Given | Given | ||
| - | var x; | + | var x, y; |
| proc P() | proc P() | ||
| - | requires Pre(x) | + | requires Pre(x,y) |
| - | ensures Post(x) | + | ensures Post(x,y) |
| { c } | { c } | ||
| Line 24: | Line 24: | ||
| proc Q() { | proc Q() { | ||
| c1; | c1; | ||
| - | assert Pre(x); | + | assert Pre(x,y); |
| - | ++|havoc x;++ | + | ++|havoc x,y;++ |
| - | assume Post(x); | + | assume Post(x,y); |
| c2; | c2; | ||
| } | } | ||
| Line 34: | Line 34: | ||
| <code> | <code> | ||
| - | proc dec(x) | + | var x : int; |
| + | |||
| + | proc dec() | ||
| requires x > 0 | requires x > 0 | ||
| ensures x <= (old x) | ensures x <= (old x) | ||
| Line 49: | Line 51: | ||
| </code> | </code> | ||
| - | ===== Handling Parameters ===== | + | ===== Procedures with Parameters ===== |
| + | |||
| + | One way to derive rules: use assignments to reduce parameters to changes to global state. | ||