-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCtr_Com_Boogie.bpl
98 lines (88 loc) · 2.37 KB
/
Ctr_Com_Boogie.bpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
//We use two implementation states (sigma1 and sigma2) for the commutatitivity proofs
//Each sigmai is an integer ctri
var ctr1:int;
var ctr2:int;
//Commutativity check between two add methods.
//We assume that sigma1 == sigma2 initially.
//We apply inc() and inc() (in that order) to sigma1 and obtain the new sigma1
//We apply inc() and inc() (in that order) to sigma2 and obtain the new sigma2
//We show that still sigma1 == sigma2
procedure comIncInc()
requires ctr1 == ctr2;
modifies ctr1, ctr2;
ensures ctr1 == ctr2;
{
//inc();inc()
//eff inc()
ctr1 := ctr1+1;
//eff inc()
ctr1 := ctr1+1;
//inc();inc()
//eff inc()
ctr2 := ctr2 + 1;
//eff inc()
ctr2 := ctr2 + 1;
}
//Commutativity check between an inc and a dec method.
//We assume that sigma1 == sigma2 initially.
//We apply inc() and dec() (in that order) to sigma1 and obtain the new sigma1
//We apply dec() and inc() (in that order) to sigma2 and obtain the new sigma2
//We show that still sigma1 == sigma2
procedure comIncDec()
requires ctr1 == ctr2;
modifies ctr1, ctr2;
ensures ctr1 == ctr2;
{
//inc();dec()
//eff inc()
ctr1 := ctr1+1;
//eff dec()
ctr1 := ctr1-1;
//dec();inc()
//eff dec()
ctr2 := ctr2 - 1;
//eff inc()
ctr2 := ctr2 + 1;
}
//Commutativity check between a dec and an inc() method.
//We assume that sigma1 == sigma2 initially.
//We apply dec() and inc() (in that order) to sigma1 and obtain the new sigma1
//We apply inc() and dec() (in that order) to sigma2 and obtain the new sigma2
//We show that still sigma1 == sigma2
procedure comDecInc()
requires ctr1 == ctr2;
modifies ctr1, ctr2;
ensures ctr1 == ctr2;
{
//dec();inc()
//eff dec()
ctr1 := ctr1-1;
//eff inc()
ctr1 := ctr1+1;
//inc();dec()
//eff inc()
ctr2 := ctr2 + 1;
//eff dec()
ctr2 := ctr2 - 1;
}
//Commutativity check between two add dec.
//We assume that sigma1 == sigma2 initially.
//We apply dec() and dec() (in that order) to sigma1 and obtain the new sigma1
//We apply dec() and dec() (in that order) to sigma2 and obtain the new sigma2
//We show that still sigma1 == sigma2
procedure comDecDec()
requires ctr1 == ctr2;
modifies ctr1, ctr2;
ensures ctr1 == ctr2;
{
//dec();dec()
//eff dec()
ctr1 := ctr1-1;
//eff dec()
ctr1 := ctr1-1;
//dec();dec()
//eff dec()
ctr2 := ctr2 - 1;
//eff dec()
ctr2 := ctr2 - 1;
}