-
Notifications
You must be signed in to change notification settings - Fork 0
/
ArrayListSpec.dfy
120 lines (100 loc) · 3.65 KB
/
ArrayListSpec.dfy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
include "../List/ListSpec.dfy"
module ArrayListSpec{
import opened ListSpec
trait {:termination false} ArrayList<A> extends List<A> {
method PushFront(x: A)
modifies this, Repr()
requires allocated(Repr())
ensures fresh(Repr() - old(Repr()))
ensures allocated(Repr())
requires Valid()
ensures Valid()
ensures Model() == [x] + old(Model())
ensures Iterators() >= old(Iterators())
ensures forall it | it in old(Iterators()) && old(it.Valid()) ::
&& it.Valid()
&& it.Parent() == old(it.Parent())
&& it.Index() == old(it.Index())
method PopFront() returns (x: A)
modifies this, Repr()
requires allocated(Repr())
ensures fresh(Repr() - old(Repr()))
ensures allocated(Repr())
requires Valid()
requires !Empty?()
ensures Valid()
ensures [x] + Model() == old(Model())
ensures Iterators() >= old(Iterators())
ensures forall it | it in old(Iterators()) && old(it.Valid()) && old(it.HasPeek?()) ::
&& it.Valid()
&& it.Parent() == old(it.Parent())
&& it.Index() == old(it.Index())
method PushBack(x: A)
modifies this, Repr()
requires allocated(Repr())
ensures fresh(Repr() - old(Repr()))
ensures allocated(Repr())
requires Valid()
ensures Valid()
ensures Model() == old(Model()) + [x]
ensures Iterators() >= old(Iterators())
ensures forall it | it in old(Iterators()) && old(it.Valid()) ::
&& it.Valid()
&& it.Parent() == old(it.Parent())
&& it.Index() == old(it.Index())
method PopBack() returns (x: A)
modifies this, Repr()
requires allocated(Repr())
ensures fresh(Repr() - old(Repr()))
ensures allocated(Repr())
requires Valid()
requires !Empty?()
ensures Valid()
ensures Model() + [x] == old(Model())
ensures Iterators() >= old(Iterators())
ensures forall it | it in old(Iterators()) && old(it.Valid()) && old(it.HasPeek?()) ::
&& it.Valid()
&& it.Parent() == old(it.Parent())
&& it.Index() == old(it.Index())
// Insertion of x before mid, newt points to x
method Insert(mid: ListIterator<A>, x: A) returns (newt: ListIterator<A>)
modifies this, Repr()
requires allocated(Repr())
ensures fresh(Repr() - old(Repr()))
ensures allocated(Repr())
requires Valid()
requires mid.Valid()
requires mid.Parent() == this
requires mid in Iterators()
requires mid.Index() >= 0
ensures Valid()
ensures Model() == Seq.Insert(x, old(Model()), old(mid.Index()))
ensures fresh(newt)
ensures Iterators() >= {newt} + old(Iterators())
ensures newt.Valid() && newt.Parent() == this && newt.Index() == old(mid.Index())
ensures forall it | it in old(Iterators()) && old(it.Valid()) ::
&& it.Valid()
&& it.Parent() == old(it.Parent())
&& it.Index() == old(it.Index())
// Deletion of mid, next points to the next element (or past-the-end)
method Erase(mid: ListIterator<A>) returns (next: ListIterator<A>)
modifies this, Repr()
requires allocated(Repr())
ensures fresh(Repr() - old(Repr()))
ensures allocated(Repr())
requires Valid()
requires mid.Valid()
requires mid.Parent() == this
requires mid.HasPeek?()
requires mid in Iterators()
ensures Valid()
ensures Model() == Seq.Remove(old(Model()), old(mid.Index()))
ensures fresh(next)
ensures Iterators() >= {next}+old(Iterators())
ensures next.Valid() && next.Parent() == this && next.Index() == old(mid.Index())
ensures forall it | it in old(Iterators()) && old(it.Valid()) && old(it.HasPeek?()) ::
&& it.Valid()
&& it.Parent() == old(it.Parent())
&& it.Index() == old(it.Index())
}
}