| 1 | #include <stdio.h>
|
|---|
| 2 | #include <string.h>
|
|---|
| 3 | #ifdef _CIVL
|
|---|
| 4 | #include <civlc.cvh>
|
|---|
| 5 | #pragma CIVL ACSL
|
|---|
| 6 | #endif
|
|---|
| 7 |
|
|---|
| 8 | #ifdef _CIVL
|
|---|
| 9 | $input int ni,nj;
|
|---|
| 10 | $assume(ni > 1);
|
|---|
| 11 | $assume(nj > 1);
|
|---|
| 12 | $input double uin[ni][nj];
|
|---|
| 13 | #endif
|
|---|
| 14 |
|
|---|
| 15 | int main(int argc, char** argv) {
|
|---|
| 16 | int i,j,ir,jr;
|
|---|
| 17 | double u1[ni][nj];
|
|---|
| 18 | double u2[ni][nj];
|
|---|
| 19 |
|
|---|
| 20 | $assume($forall (int i : 0 .. ni-1)
|
|---|
| 21 | ($forall (int j : 0 .. nj-1) u1[i][j] == 0 && u2[i][j] == 0)
|
|---|
| 22 | );
|
|---|
| 23 |
|
|---|
| 24 | double tmp1[ni][nj];
|
|---|
| 25 |
|
|---|
| 26 | $assume($forall (int i : 1 .. ni-2)
|
|---|
| 27 | ($forall (int j : 1 .. nj-2) tmp1[i][j] == uin[i][j] * uin[i][j])
|
|---|
| 28 | );
|
|---|
| 29 | $assume($forall (int j : 0 .. nj-1) tmp1[0][j] == 0 && tmp1[ni-1][j] == 0);
|
|---|
| 30 | $assume($forall (int i : 0 .. ni - 1) tmp1[i][0] == 0 && tmp1[i][nj-1] == 0);
|
|---|
| 31 | memcpy(u1, tmp1, sizeof(double) * ni * nj);
|
|---|
| 32 |
|
|---|
| 33 | if (ni > 2) {
|
|---|
| 34 | i = ni - 1;
|
|---|
| 35 | if (nj > 2)
|
|---|
| 36 | j = nj - 1;
|
|---|
| 37 | else
|
|---|
| 38 | j = 1;
|
|---|
| 39 | } else {
|
|---|
| 40 | i = 1;
|
|---|
| 41 | j = nj;
|
|---|
| 42 | }
|
|---|
| 43 |
|
|---|
| 44 | /*@ loop invariant 1 <= i && i <= ni-1;
|
|---|
| 45 | @ loop invariant 1 < i ==> (nj - 2 <= j && j <= nj - 1 && j % 2 != 0); // needed for the rest of the code
|
|---|
| 46 | @ loop invariant \forall int t, k; 1 <= t && t < i && 1 <= k && k < nj - 2 && k % 2 != 0
|
|---|
| 47 | @ ==> u2[t][k] == uin[t][k]*uin[t][k] && u2[t][k+1] == uin[t][k+1]*uin[t][k+1];
|
|---|
| 48 | @ loop invariant i % 2 != 0;
|
|---|
| 49 | @ loop assigns u2[1 .. ni-2][1 .. nj-2], i, j;
|
|---|
| 50 | @*/
|
|---|
| 51 | for(i=1;i<ni-2;i=i+2) {
|
|---|
| 52 | /*@ loop invariant 1 <= i && i < ni-2;
|
|---|
| 53 | @ loop invariant 1 <= j && j <= nj-1;
|
|---|
| 54 | @ loop invariant \forall int k; 1 <= k && k < j
|
|---|
| 55 | @ ==> u2[i][k] == uin[i][k]*uin[i][k] && u2[i+1][k] == uin[i+1][k]*uin[i+1][k] ;
|
|---|
| 56 | @ loop invariant i % 2 != 0 && j % 2 != 0;
|
|---|
| 57 | @ loop assigns u2[i][1 .. nj-2], u2[i+1][1 .. nj-2], j;
|
|---|
| 58 | @*/
|
|---|
| 59 | for(j=1;j<nj-2;j=j+2) {
|
|---|
| 60 | u2[i][j] = uin[i][j]*uin[i][j];
|
|---|
| 61 | u2[i+1][j] = uin[i+1][j]*uin[i+1][j];
|
|---|
| 62 | u2[i][j+1] = uin[i][j+1]*uin[i][j+1];
|
|---|
| 63 | u2[i+1][j+1] = uin[i+1][j+1]*uin[i+1][j+1];
|
|---|
| 64 | }
|
|---|
| 65 | }
|
|---|
| 66 | // remainder
|
|---|
| 67 | if(i==ni-2) {
|
|---|
| 68 | /*@ loop invariant 1 <= jr && jr <= nj-1;
|
|---|
| 69 | @ loop invariant \forall int t; 1 <= t && t < jr ==>
|
|---|
| 70 | @ u2[i][t] == uin[i][t]*uin[i][t];
|
|---|
| 71 | @ loop assigns jr, u2[i][1 .. nj-2];
|
|---|
| 72 | @*/
|
|---|
| 73 | for(jr=1;jr<nj-1;jr++) {
|
|---|
| 74 | u2[i][jr] = uin[i][jr]*uin[i][jr];
|
|---|
| 75 | }
|
|---|
| 76 | }
|
|---|
| 77 | if(j==nj-2) {
|
|---|
| 78 | /*@ loop invariant 1 <= ir && ir <= ni-1;
|
|---|
| 79 | @ loop invariant \forall int t; 1 <= t && t < ir ==>
|
|---|
| 80 | @ u2[t][j] == uin[t][j]*uin[t][j];
|
|---|
| 81 | @ loop assigns ir, u2[1 .. ni-2][j];
|
|---|
| 82 | @*/
|
|---|
| 83 | for(ir=1;ir<ni-1;ir++) {
|
|---|
| 84 | u2[ir][j] = uin[ir][j]*uin[ir][j];
|
|---|
| 85 | }
|
|---|
| 86 | }
|
|---|
| 87 | if(i==ni-2 && j==nj-2) u2[i][j] = uin[i][j]*uin[i][j];
|
|---|
| 88 |
|
|---|
| 89 | $assert($forall (int i: 0 .. ni-1)
|
|---|
| 90 | ($forall (int j: 0 .. nj-1) u1[i][j] == u2[i][j])
|
|---|
| 91 | );
|
|---|
| 92 | }
|
|---|
