Closed jspam closed 12 years ago
This is a nice-to-have feature with very low priority.
Take the following example program:
function Integer double(Integer i) _ensures _return = 2 ⋅ i { return 2 ⋅ i } _assert double(2) = 4
It validates correctly, but the formula for the assertion seems overly complicated to me:
∀ Integer _double0 : _double0 = 2 ∙ 2 ⇒ _double0 = 4
In this special case, the prover could directly substitute double(2) with the return value from the postcondition, so that the formula would become:
double(2)
2 ∙ 2 = 4
In a more general way, the prover could substitute the function call with the ensured return value when
Equal
ReturnValueReference
This is especially helpful when dealing with utility functions as in heap.ww. I think this could be a nice thing to show off :)
heap.ww
This is a nice-to-have feature with very low priority.
Take the following example program:
It validates correctly, but the formula for the assertion seems overly complicated to me:
In this special case, the prover could directly substitute
double(2)with the return value from the postcondition, so that the formula would become:In a more general way, the prover could substitute the function call with the ensured return value when
EqualEqual's left or right hand side is aReturnValueReferenceEqualdoes not contain aReturnValueReferenceThis is especially helpful when dealing with utility functions as in
heap.ww. I think this could be a nice thing to show off :)