NameComparator_false

NameComparator, incorrect version

function Name(self: Ref) : Int function strNames(): Seq[Int] define return(x) { assert !returned returned := true res := x } function sgn(i: Int) : Int ensures i > 0 ==> result == 1 ensures i == 0 ==> result == 0 ensures i < 0 ==> result == -1 method Int_compare(o1: Int, o2: Int) returns (res: Int) ensures (rel(o1, 0) == rel(o2, 1) && rel(o2, 0) == rel(o1, 1)) ==> (sgn(rel(res, 0)) == -sgn(rel(res, 1))) // P1 ensures (rel(o1, 0) == rel(o2, 2) && rel(o2, 0) == rel(o1, 2)) ==> (sgn(rel(res, 0)) == -sgn(rel(res, 2))) // P1 ensures (rel(o1, 2) == rel(o2, 1) && rel(o2, 2) == rel(o1, 1)) ==> (sgn(rel(res, 2)) == -sgn(rel(res, 1))) // P1 ensures (rel(o1, 0) == rel(o1, 1) && rel(o2, 0) == rel(o2, 1)) ==> (rel(res, 0) == rel(res, 1)) // deterministic ensures (rel(o1, 0) == rel(o1, 2) && rel(o2, 0) == rel(o2, 2)) ==> (rel(res, 0) == rel(res, 2)) // deterministic ensures (rel(o1, 2) == rel(o1, 1) && rel(o2, 2) == rel(o2, 1)) ==> (rel(res, 2) == rel(res, 1)) // deterministic ensures ((rel(res, 0) > 0) && rel(res, 1) > 0 && rel(o2, 0) == rel(o1, 1) && rel(o1, 2) == rel(o1, 0) && rel(o2, 2) == rel(o2, 1)) ==> (rel(res, 2) > 0) // P2 ensures (rel(o2, 0) == rel(o1, 1) && rel(o1, 2) == rel(o1, 0) && rel(o2, 2) == rel(o2, 1) && rel(res, 0) == 0) ==> (sgn(rel(res, 1)) == sgn(rel(res, 2))) ensures (rel(o2, 0) == rel(o1, 1) && rel(o1, 2) == rel(o1, 0) && rel(o2, 2) == rel(o2, 1) && rel(res, 1) == 0) ==> (sgn(rel(res, 0)) == sgn(rel(res, 2))) ensures (rel(o2, 0) == rel(o1, 1) && rel(o1, 2) == rel(o1, 0) && rel(o2, 2) == rel(o2, 1) && rel(res, 2) == 0) ==> (sgn(rel(res, 1)) == sgn(rel(res, 0))) method compare(o1: Ref, o2: Ref) returns (res: Int) requires rel(o2, 0) == rel(o1, 1) && rel(o1, 2) == rel(o1, 0) && rel(o2, 2) == rel(o2, 1) ensures ((rel(res, 0) > 0) && rel(res, 1) > 0) ==> (rel(res, 2) > 0) // P2 { var returned : Bool returned := false var x : Int x := Name(o1) var y: Int y := Name(o2) var i : Int i :=0 var currentName : Int while(i < |strNames()| && !returned) invariant i >= 0 && i <= |strNames()| invariant returned ==> res != 0 invariant (forall j : Int :: j >= 0 && j < i ==> (strNames()[j] != x && strNames()[j] != y)) invariant returned && res > 0 ==> i < |strNames()| && strNames()[i] == x invariant returned && res < 0 ==> i < |strNames()| && strNames()[i] == y && strNames()[i] != x { currentName := strNames()[i] if(currentName == x) { return(1) }else{ if(currentName == y) { return(-1) }else{ i := i + 1 } } } if (!returned) { var tmp : Int tmp := Int_compare(x,y) return(tmp) } assert returned }