-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathList.java
More file actions
70 lines (48 loc) · 1.75 KB
/
List.java
File metadata and controls
70 lines (48 loc) · 1.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
/*
Contract-Lib:
NOT CHECKED AT ALL!
(declare-abstractions
((List 0))
((List (content (Seq Int)))) )
;; META: name of return value is result
(declare-contract List.get
((this (in List)) (idx (in Int)) (result (out Int))
( (and (<= 0 idx) (< idx (len (content this))))
(= result (select (content this) idx))))
(declare-contract List.get
((this (inout List)) (idx (in Int)) (value (in Int))
( (and (<= 0 idx) (< idx (len (content this))))
(= (content this) (store (old (content this)) idx value)) ))
// ...
*/
interface List {
//@ predicate valid(list<int> content);
int get(int idx);
//@ requires valid(?content) &*& 0 <= idx &*& idx < length(content);
//@ ensures valid(content) &*& result == nth(idx, content);
void set(int idx, int value);
//@ requires valid(?content) &*& 0 <= idx &*& idx < length(content);
//@ ensures valid(?content2) &*& content2 == update(idx, value, content);
}
// ------------------------------------
class ArrayList implements List {
int[] data;
/*@ predicate valid(list<int> content) = this.data |-> ?d &*& array_slice(d, 0, d.length, content); @*/
int get(int idx)
//@ requires valid(?content) &*& 0 <= idx &*& idx < length(content);
//@ ensures valid(content) &*& result == nth(idx, content);
{
//@ open valid(content);
//@ assert 0 <= idx && idx < length(content);
//@ close valid(content);
return data[idx];
}
void set(int idx, int value)
//@ requires valid(?content) &*& 0 <= idx &*& idx < length(content);
//@ ensures valid(?content2) &*& content2 == update(idx, value, content);
{
//@ open valid(content);
data[idx] = value;
//@ close valid(update(idx, value, content));
}
}