stdlib/stack.mlw


(** {1 Stacks} *)

(** {2 Polymorphic mutable stacks} *)

module Stack

  use mach.peano.Peano
  use list.List
  use list.Length as L

  type t 'a = abstract { mutable elts: list 'a }

  val create () : t 'a ensures { result.elts = Nil }

  val push (x: 'a) (s: t 'a) : unit writes {s}
    ensures { s.elts = Cons x (old s.elts) }

  exception Empty

  val pop (s: t 'a) : 'a writes {s}
    ensures { match old s.elts with Nil -> false
      | Cons x t -> result = x /\ s.elts = t end }
    raises  { Empty -> s.elts = old s.elts = Nil }

  val top (s: t 'a) : 'a
    ensures { match s.elts with Nil -> false
      | Cons x _ -> result = x end }
    raises  { Empty -> s.elts = Nil }

  val safe_pop (s: t 'a) : 'a writes {s}
    requires { s.elts <> Nil }
    ensures { match old s.elts with Nil -> false
      | Cons x t -> result = x /\ s.elts = t end }

  val safe_top (s: t 'a) : 'a
    requires { s.elts <> Nil }
    ensures { match s.elts with Nil -> false
      | Cons x _ -> result = x end }

  val clear (s: t 'a) : unit writes {s} ensures { s.elts = Nil }

  val copy (s: t 'a) : t 'a ensures { result = s }

  val is_empty (s: t 'a) : bool
    ensures { result = True <-> s.elts = Nil }

  function length (s: t 'a) : int = L.length s.elts

  val length (s: t 'a) : Peano.t
    ensures { result = L.length s.elts }

end
new library module Stack 2011-02-18 11:20:16 +01:00
Why3doc for modules 2012-05-07 15:12:08 +02:00			`(** {1 Stacks} *)`

			`(** {2 Polymorphic mutable stacks} *)`
new library module Stack 2011-02-18 11:20:16 +01:00
			`module Stack`

library: {Stack,Queue}.length now return a Peano.t this way, the extraction maps them to OCaml's {Stack,Queue}.length without using ZArith anymore 2018-10-26 15:47:03 +02:00			`use mach.peano.Peano`
stdlib, examples: remove redundant "import" 2018-06-15 16:45:31 +02:00			`use list.List`
			`use list.Length as L`
new library module Stack 2011-02-18 11:20:16 +01:00
adapt the standard library except for modules/impset.mlw (because of Fset) and modules/mach/* (because of program cloning), the standard library now typechecks. This is still very much the work in progress. Many functions and predicates have still to be converted to "let function" and "let predicate". Here are some TODOs: - do not require the return type for "val predicate", "val lemma", etc. - do not require explicit variant for "let rec" if the code passes the termination check in Decl (see list.why) - what should become "val ghost function" and what should stay just "function" (see array.mlw, matrix.mlw, string.mlw, etc)? - some defined functions in algebra.why and relations.why had to be removed, so that they can be implemented with "let function" in int.mlw (since they are defined, they cannot be instantiated with let-functions). This seems too restrictive. One way out would be to authorise instantiation of defined functions (with a VC). - should we keep the keyword "model"? reuse of "abstract" in types breaks syntax coloring ("abstract" requires closing "end" in programs but not in types; maybe we can drop that "end" again?). 2015-08-20 13:25:30 +02:00			`type t 'a = abstract { mutable elts: list 'a }`
new library module Stack 2011-02-18 11:20:16 +01:00
whyml: new specification syntax 2012-10-13 00:23:29 +02:00			`val create () : t 'a ensures { result.elts = Nil }`
new library module Stack 2011-02-18 11:20:16 +01:00
whyml: new specification syntax 2012-10-13 00:23:29 +02:00			`val push (x: 'a) (s: t 'a) : unit writes {s}`
			`ensures { s.elts = Cons x (old s.elts) }`
new library module Stack 2011-02-18 11:20:16 +01:00
			`exception Empty`

whyml: new specification syntax 2012-10-13 00:23:29 +02:00			`val pop (s: t 'a) : 'a writes {s}`
			`ensures { match old s.elts with Nil -> false`
			`\| Cons x t -> result = x /\ s.elts = t end }`
			`raises { Empty -> s.elts = old s.elts = Nil }`
new library module Stack 2011-02-18 11:20:16 +01:00
whyml: drop read effects Now that ghost writes are checked via e_syms.syms_pv, there is no use for read effects anymore. 2013-04-07 17:59:24 +02:00			`val top (s: t 'a) : 'a`
whyml: new specification syntax 2012-10-13 00:23:29 +02:00			`ensures { match s.elts with Nil -> false`
			`\| Cons x _ -> result = x end }`
			`raises { Empty -> s.elts = Nil }`
new library module Stack 2011-02-18 11:20:16 +01:00
new example: tower of Hanoi (in progress) 2012-12-21 17:13:40 +01:00			`val safe_pop (s: t 'a) : 'a writes {s}`
			`requires { s.elts <> Nil }`
			`ensures { match old s.elts with Nil -> false`
			`\| Cons x t -> result = x /\ s.elts = t end }`

whyml: drop read effects Now that ghost writes are checked via e_syms.syms_pv, there is no use for read effects anymore. 2013-04-07 17:59:24 +02:00			`val safe_top (s: t 'a) : 'a`
new example: tower of Hanoi (in progress) 2012-12-21 17:13:40 +01:00			`requires { s.elts <> Nil }`
			`ensures { match s.elts with Nil -> false`
			`\| Cons x _ -> result = x end }`

whyml: new specification syntax 2012-10-13 00:23:29 +02:00			`val clear (s: t 'a) : unit writes {s} ensures { s.elts = Nil }`
new library module Stack 2011-02-18 11:20:16 +01:00
whyml: drop read effects Now that ghost writes are checked via e_syms.syms_pv, there is no use for read effects anymore. 2013-04-07 17:59:24 +02:00			`val copy (s: t 'a) : t 'a ensures { result = s }`
new library module Stack 2011-02-18 11:20:16 +01:00
whyml: drop read effects Now that ghost writes are checked via e_syms.syms_pv, there is no use for read effects anymore. 2013-04-07 17:59:24 +02:00			`val is_empty (s: t 'a) : bool`
whyml: new specification syntax 2012-10-13 00:23:29 +02:00			`ensures { result = True <-> s.elts = Nil }`
new library module Stack 2011-02-18 11:20:16 +01:00
new example from unraveling a card trick'' (in progress) 2011-12-17 21:32:59 +01:00			`function length (s: t 'a) : int = L.length s.elts`
new library module Stack 2011-02-18 11:20:16 +01:00
library: {Stack,Queue}.length now return a Peano.t this way, the extraction maps them to OCaml's {Stack,Queue}.length without using ZArith anymore 2018-10-26 15:47:03 +02:00			`val length (s: t 'a) : Peano.t`
whyml: new specification syntax 2012-10-13 00:23:29 +02:00			`ensures { result = L.length s.elts }`
make standard library modules compatible with whyml 2012-07-14 14:50:39 +02:00
new library module Stack 2011-02-18 11:20:16 +01:00			`end`