2011-02-18 11:24:59 +01:00
|
|
|
|
2019-06-06 17:45:36 +02:00
|
|
|
(** {1 Polymorphic mutable queues}
|
|
|
|
|
|
|
|
|
|
The module `Queue` below is mapped to OCaml's standard library
|
|
|
|
|
module `Queue` by Why3's extraction.
|
|
|
|
|
|
|
|
|
|
Independently, a Why3 implementation of this module is also
|
2021-09-21 18:00:14 +02:00
|
|
|
provided in `examples/queue_two_lists.mlw`.
|
2019-06-06 17:45:36 +02:00
|
|
|
*)
|
2011-02-18 11:24:59 +01:00
|
|
|
|
|
|
|
|
module Queue
|
|
|
|
|
|
2019-06-05 14:43:53 +02:00
|
|
|
use seq.Seq
|
2018-10-26 15:47:03 +02:00
|
|
|
use mach.peano.Peano
|
2019-06-05 14:43:53 +02:00
|
|
|
use int.Int
|
2011-02-18 11:24:59 +01:00
|
|
|
|
2019-06-05 14:43:53 +02:00
|
|
|
type t 'a = abstract {
|
|
|
|
|
mutable seq: Seq.seq 'a;
|
|
|
|
|
}
|
2011-02-18 11:24:59 +01:00
|
|
|
|
2019-06-05 14:43:53 +02:00
|
|
|
meta coercion function seq
|
2011-02-18 11:24:59 +01:00
|
|
|
|
2019-06-05 14:43:53 +02:00
|
|
|
val create () : t 'a
|
|
|
|
|
ensures { result = empty }
|
|
|
|
|
|
|
|
|
|
val push (x: 'a) (q: t 'a) : unit
|
|
|
|
|
writes { q }
|
|
|
|
|
ensures { q = snoc (old q) x }
|
2011-02-18 11:24:59 +01:00
|
|
|
|
|
|
|
|
exception Empty
|
|
|
|
|
|
2019-06-05 14:43:53 +02:00
|
|
|
val pop (q: t 'a) : 'a
|
|
|
|
|
writes { q }
|
2019-06-05 17:34:13 +02:00
|
|
|
ensures { old q <> empty }
|
2019-06-05 14:43:53 +02:00
|
|
|
ensures { result = (old q)[0] }
|
|
|
|
|
ensures { q = (old q)[1 ..] }
|
|
|
|
|
raises { Empty -> q = old q = empty }
|
2011-02-18 11:24:59 +01:00
|
|
|
|
2013-04-07 17:59:24 +02:00
|
|
|
val peek (q: t 'a) : 'a
|
2019-06-05 14:43:53 +02:00
|
|
|
ensures { q <> empty }
|
|
|
|
|
ensures { result = q[0] }
|
|
|
|
|
raises { Empty -> q = empty }
|
2011-02-18 11:24:59 +01:00
|
|
|
|
2019-06-05 14:43:53 +02:00
|
|
|
val safe_pop (q: t 'a) : 'a
|
|
|
|
|
requires { q <> empty }
|
|
|
|
|
writes { q }
|
|
|
|
|
ensures { result = (old q)[0] }
|
|
|
|
|
ensures { q = (old q)[1 ..] }
|
2013-03-23 20:49:09 +01:00
|
|
|
|
2013-04-07 17:59:24 +02:00
|
|
|
val safe_peek (q: t 'a) : 'a
|
2019-06-05 14:43:53 +02:00
|
|
|
requires { q <> empty }
|
|
|
|
|
ensures { result = q[0] }
|
2013-03-23 20:49:09 +01:00
|
|
|
|
2019-06-05 14:43:53 +02:00
|
|
|
val clear (q: t 'a) : unit
|
2019-06-05 17:34:13 +02:00
|
|
|
writes { q }
|
2019-06-05 14:43:53 +02:00
|
|
|
ensures { q = empty }
|
2011-02-18 11:24:59 +01:00
|
|
|
|
2019-06-05 14:43:53 +02:00
|
|
|
val copy (q: t 'a) : t 'a
|
|
|
|
|
ensures { result == q }
|
2011-02-18 11:24:59 +01:00
|
|
|
|
2013-04-07 17:59:24 +02:00
|
|
|
val is_empty (q: t 'a) : bool
|
2019-06-05 14:43:53 +02:00
|
|
|
ensures { result <-> (q = empty) }
|
2013-03-23 20:49:09 +01:00
|
|
|
|
2018-10-26 15:47:03 +02:00
|
|
|
val length (q: t 'a) : Peano.t
|
2019-06-05 14:43:53 +02:00
|
|
|
ensures { result = length q }
|
2011-02-18 11:24:59 +01:00
|
|
|
|
2014-04-02 09:39:51 +02:00
|
|
|
val transfer (q1 q2: t 'a) : unit
|
|
|
|
|
writes { q1, q2 }
|
2019-06-05 14:43:53 +02:00
|
|
|
ensures { q1 = empty }
|
|
|
|
|
ensures { q2 = (old q2) ++ (old q1) }
|
2014-04-02 09:39:51 +02:00
|
|
|
|
2011-02-18 11:24:59 +01:00
|
|
|
end
|
|
|
|
|
|
