Open
Description
Created by @alexanderjsummers on 2017-05-15 17:02
Last updated on 2018-10-15 15:36
When running the following:
#!scala
domain Array {
function loc(a: Array, i: Int): Ref
function len(a: Array): Int
function first(r: Ref): Array
function second(r: Ref): Int
axiom all_diff {
forall a: Array, i: Int :: {loc(a, i)}
first(loc(a, i)) == a && second(loc(a, i)) == i
}
axiom length_nonneg {
forall a: Array :: len(a) >= 0
}
}
field val : Int
method setToArrayTwo(vals:Set[Ref]) returns (a:Array, n:Int)
ensures forall i:Int :: 0 <= i && i< len(a) ==> acc(loc(a,i).val)
ensures forall i:Int :: {i in vals} i in vals ==> let k == (n[i]) in 0 <= k && k < len(a) && loc(a,k).val == i