-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathFrontierTree.dfy
114 lines (97 loc) · 2.59 KB
/
FrontierTree.dfy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
// RUN: /compile:0 /nologo /noNLarith /noCheating:1 /rlimit:1000000
datatype BT<A> = Tip(data: A) | Node(left: BT<A>, right: BT<A>)
class IO<T> {
var alpha: seq<T>, omega: seq<T>;
method Input() returns (x: T)
requires !EOF() //alpha != []
modifies this
ensures omega == old(omega)
ensures old(alpha) == [x] + alpha
{
x, alpha := alpha[0], alpha[1..];
}
method Output(x: T)
modifies this
ensures alpha == old(alpha)
ensures omega == old(omega) + [x]
{
omega := omega + [x];
}
method Rewrite()
modifies this
ensures omega == []
ensures alpha == old(alpha)
{
omega := [];
}
predicate method EOF() reads this { alpha == [] }
}
method Main()
{
var tree: BT<int>;
tree := Tip(1);
var io: IO<int>;
io := new IO<int>;
FrontierIter(tree, io);
print io.omega;
io.Rewrite();
tree := Node(tree, Tip(2));
FrontierIter(tree, io);
print io.omega;
}
function Frontier<T>(tree: BT<T>): seq<T>
{
match tree {
case Tip(n) => [n]
case Node(left, right) => Frontier(left) + Frontier(right)
}
}
function Size<T>(tree: BT<T>): nat
{
match tree
case Tip(_) => 1
case Node(l, r) => Size(l) + Size(r) + 1
}
function TotalSize<T>(stack: seq<BT<T>>): nat
{
if stack == [] then
0
else
Size(stack[0]) + TotalSize(stack[1..])
}
function StackFrontier<T>(stack: seq<BT<T>>): seq<T>
{
if stack == [] then
[]
else
Frontier(stack[0]) + StackFrontier(stack[1..])
}
method FrontierIter<T>(tree: BT<T>, io: IO<T>)
requires io != null
modifies io
ensures io.omega == old(io.omega) + Frontier(tree)
{
var stack: seq<BT<T>>;
var current: BT<T>;
stack := [tree];
while stack != []
invariant io.omega + StackFrontier(stack) == old(io.omega) + Frontier(tree)
decreases TotalSize(stack)
{
ghost var previous_stack := stack;
assert io.omega + StackFrontier(previous_stack) == old(io.omega) + Frontier(tree);
current, stack := stack[0], stack[1..];
match current {
case Tip(x) => io.Output(x);
case Node(l, r) => {
stack := [l, r] + stack;
assert TotalSize(stack) == Size(l) + (Size(r) + TotalSize(stack[2..]));
calc {
StackFrontier(stack);
== Frontier(l) + (Frontier(r) + StackFrontier(stack[2..]));
== StackFrontier(previous_stack);
}
}
}
}
}