-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathslf_length_acc.c
47 lines (44 loc) · 1001 Bytes
/
slf_length_acc.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#include "list/headers.h"
#include "ref.h"
#include "free.h"
/*@
function [rec] (u32) length(datatype List xs) {
match xs {
Nil {} => {
0u32
}
Cons {Head: h, Tail: zs} => {
1u32 + length(zs)
}
}
}
@*/
void IntList_length_acc_aux (struct sllist *xs, unsigned int *p)
/*@ requires take L1 = SLList_At(xs);
take P = Owned<unsigned int>(p);
ensures take L1_post = SLList_At(xs);
take P_post = Owned<unsigned int>(p);
L1 == L1_post;
P_post == P + length(L1);
@*/
{
/*@ unfold length(L1); @*/
if (xs == 0) {
} else {
*p = *p + 1;
IntList_length_acc_aux (xs->tail, p);
}
}
unsigned int IntList_length_acc (struct sllist *xs)
/*@ requires take Xs = SLList_At(xs);
ensures take Xs_post = SLList_At(xs);
Xs == Xs_post;
return == length(Xs);
@*/
{
unsigned int *p = refUnsignedInt(0);
IntList_length_acc_aux(xs, p);
unsigned int x = *p;
freeUnsignedInt(p);
return x;
}