1.23
2.0
main
test-branch
| Line | |
|---|
| 1 | #include <assert.h>
|
|---|
| 2 | #pragma CIVL ACSL
|
|---|
| 3 | $input int N;
|
|---|
| 4 | $assume(N > 0);
|
|---|
| 5 | int a[N];
|
|---|
| 6 |
|
|---|
| 7 | int main() {
|
|---|
| 8 | int i, j;
|
|---|
| 9 | int minIdx = 0;
|
|---|
| 10 |
|
|---|
| 11 | $havoc(&a);
|
|---|
| 12 | /* Following loop invariants is incorrect, one either needs to
|
|---|
| 13 | specify minIdx in loop invariants or put the minIdx inside the
|
|---|
| 14 | loop. The previous prototype relies upon the correct
|
|---|
| 15 | specification of loop assigns, it cannot detect this. */
|
|---|
| 16 |
|
|---|
| 17 | /*@ loop invariant 0 <= i && i <= N;
|
|---|
| 18 | @ loop invariant \forall int t; N-i+1<=t && t <N ==>
|
|---|
| 19 | @ a[t] <= a[t-1];
|
|---|
| 20 | @ loop invariant \forall int t; 0 <= t && t < N-i && i > 0 ==>
|
|---|
| 21 | @ a[t] >= a[N-i];
|
|---|
| 22 | @ loop assigns i, j, a[0 .. N-1];
|
|---|
| 23 | @*/
|
|---|
| 24 | for (i = 0; i < N; i++) {
|
|---|
| 25 | /*@ loop invariant 0<=j && j <=N-i && 0<=minIdx &&
|
|---|
| 26 | @ minIdx<N-i;
|
|---|
| 27 | @ loop invariant \forall int t; 0<=t && t <j ==>
|
|---|
| 28 | @ a[t] >= a[minIdx];
|
|---|
| 29 | @ loop assigns j, minIdx;
|
|---|
| 30 | @*/
|
|---|
| 31 | for (j = 0; j < N-i; j++)
|
|---|
| 32 | if (a[j] < a[minIdx])
|
|---|
| 33 | minIdx = j;
|
|---|
| 34 |
|
|---|
| 35 | int tmp = a[minIdx];
|
|---|
| 36 |
|
|---|
| 37 | a[minIdx] = a[N-i-1];
|
|---|
| 38 | a[N-i-1] = tmp;
|
|---|
| 39 | minIdx = 0;
|
|---|
| 40 | }
|
|---|
| 41 | assert($forall (int i : 1 .. N-1) a[i] <= a[i-1]);
|
|---|
| 42 | return 0;
|
|---|
| 43 | }
|
|---|
Note:
See
TracBrowser
for help on using the repository browser.
