| 1 | #include <stdio.h>
|
|---|
| 2 | #include <string.h>
|
|---|
| 3 | #ifdef _CIVL
|
|---|
| 4 | #include <civlc.cvh>
|
|---|
| 5 | #pragma CIVL ACSL
|
|---|
| 6 | #endif
|
|---|
| 7 |
|
|---|
| 8 | #ifdef _CIVL
|
|---|
| 9 | $input int ni,nj;
|
|---|
| 10 | $assume(ni > 1);
|
|---|
| 11 | $assume(nj > 1);
|
|---|
| 12 | $input double uin[ni][nj];
|
|---|
| 13 | #endif
|
|---|
| 14 |
|
|---|
| 15 | int main(int argc, char** argv) {
|
|---|
| 16 | int i,j,ir,jr;
|
|---|
| 17 | double u1[ni][nj];
|
|---|
| 18 | double u2[ni][nj];
|
|---|
| 19 |
|
|---|
| 20 | $havoc(&i); $havoc(&j);
|
|---|
| 21 | $assume($forall (int i : 0 .. ni-1)
|
|---|
| 22 | ($forall (int j : 0 .. nj-1) u1[i][j] == 0 && u2[i][j] == 0)
|
|---|
| 23 | );
|
|---|
| 24 |
|
|---|
| 25 | double tmp1[ni][nj];
|
|---|
| 26 |
|
|---|
| 27 | $assume($forall (int i : 1 .. ni-2)
|
|---|
| 28 | ($forall (int j : 1 .. nj-2) tmp1[i][j] == uin[i][j] * uin[i][j])
|
|---|
| 29 | );
|
|---|
| 30 | $assume($forall (int i, j | i == 0 || i == ni-1 || j == 0 || j == nj-1) tmp1[i][j] == 0);
|
|---|
| 31 | memcpy(u1, tmp1, sizeof(double) * ni * nj);
|
|---|
| 32 |
|
|---|
| 33 | double tmp2[ni][nj];
|
|---|
| 34 |
|
|---|
| 35 | $assume($forall (int i | 1 <= i && i < ni - 2 && i % 2 != 0)
|
|---|
| 36 | ($forall (int j | 1 <= j && j < nj - 2 && j % 2 != 0)
|
|---|
| 37 | tmp2[i][j] == uin[i][j]*uin[i][j] &&
|
|---|
| 38 | tmp2[i+1][j] == uin[i+1][j]*uin[i+1][j] &&
|
|---|
| 39 | tmp2[i][j+1] == uin[i][j+1]*uin[i][j+1] &&
|
|---|
| 40 | tmp2[i+1][j+1] == uin[i+1][j+1]*uin[i+1][j+1])
|
|---|
| 41 | );
|
|---|
| 42 | $assume($forall (int i, j | i == 0 || i == ni-1 || j == 0 || j == nj-1) tmp2[i][j] == 0);
|
|---|
| 43 | memcpy(u2, tmp2, sizeof(double) * ni * nj);
|
|---|
| 44 | // remainder
|
|---|
| 45 | if(i==ni-2) {
|
|---|
| 46 | /*@ loop invariant 1 <= jr && jr <= nj-1;
|
|---|
| 47 | @ loop invariant \forall int t; 1 <= t && t < jr ==>
|
|---|
| 48 | @ u2[i][t] == uin[i][t]*uin[i][t];
|
|---|
| 49 | @ loop assigns jr, u2[i][1 .. nj-2];
|
|---|
| 50 | @*/
|
|---|
| 51 | for(jr=1;jr<nj-1;jr++) {
|
|---|
| 52 | u2[i][jr] = uin[i][jr]*uin[i][jr];
|
|---|
| 53 | }
|
|---|
| 54 | }
|
|---|
| 55 | if(j==nj-2) {
|
|---|
| 56 | /*@ loop invariant 1 <= ir && ir <= ni-1;
|
|---|
| 57 | @ loop invariant \forall int t; 1 <= t && t < ir ==>
|
|---|
| 58 | @ u2[t][j] == uin[t][j]*uin[t][j];
|
|---|
| 59 | @ loop assigns ir, u2[1 .. ni-2][j];
|
|---|
| 60 | @*/
|
|---|
| 61 | for(ir=1;ir<ni-1;ir++) {
|
|---|
| 62 | u2[ir][j] = uin[ir][j]*uin[ir][j];
|
|---|
| 63 | }
|
|---|
| 64 | }
|
|---|
| 65 | if(i==ni-2 && j==nj-2) u2[i][j] = uin[i][j]*uin[i][j];
|
|---|
| 66 |
|
|---|
| 67 | $assert($forall (int i: 0 .. ni-1)
|
|---|
| 68 | ($forall (int j: 0 .. nj-1) u1[i][j] == u2[i][j])
|
|---|
| 69 | );
|
|---|
| 70 | }
|
|---|
