Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
sav08:assume_guarantee_reasoning_with_procedures [2008/04/09 10:43] vkuncak |
sav08:assume_guarantee_reasoning_with_procedures [2008/04/10 13:44] (current) vkuncak |
||
|---|---|---|---|
| Line 5: | Line 5: | ||
| Given | Given | ||
| - | var x : int; | + | var x, y; |
| proc P() | proc P() | ||
| - | requires Pre(x) | + | requires Pre(x,y) |
| - | ensures Post(x) | + | ensures Post(x,y) |
| { c } | { c } | ||
| Line 24: | Line 24: | ||
| proc Q() { | proc Q() { | ||
| c1; | c1; | ||
| - | assert Pre(x); | + | assert Pre(x,y); |
| - | ++|havoc x;++ | + | ++|havoc x,y;++ |
| - | assume Post(x); | + | assume Post(x,y); |
| c2; | c2; | ||
| } | } | ||
| Line 52: | Line 52: | ||
| ===== Procedures with Parameters ===== | ===== Procedures with Parameters ===== | ||
| + | |||
| + | One way to derive rules: use assignments to reduce parameters to changes to global state. | ||