Changes between Version 25 and Version 26 of ContractReduction
- Timestamp:
- 12/07/15 11:52:43 (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
ContractReduction
v25 v26 1 1 == Contract Reduction Language == 2 2 3 == ACSL function contract grammar with CIVL-C extension ( in bold) ==3 == ACSL function contract grammar with CIVL-C extension (starting with `$`) == 4 4 {{{ 5 5 function-contract ::= requires-clause∗ terminates-clause? decreases-clause? 6 simple-clause∗ named-behavior∗ completeness-clause∗6 simple-clause∗ named-behavior∗ completeness-clause∗ 7 7 requires-clause ::= requires pred ; 8 8 terminates-clause ::= terminates pred ; … … 10 10 simple-clause ::= assigns-clause | ensures-clause 11 11 | allocation-clause | abrupt-clause-fn 12 | depends-clause 12 13 assigns-clause ::= assigns locations ; 13 locations ::= location (, location) ∗ | \nothing | `$everything14 locations ::= location (, location) ∗ | \nothing | $everything 14 15 location ::= tset 15 16 ensures-clause ::= ensures pred ; 17 depends-clause := $depends event (, event)*; 16 18 named-behavior ::= behavior id : behavior-body 17 19 behavior-body ::= assumes-clause∗ requires-clause∗ simple-clause∗ … … 70 72 where `event` is a memory event represented as a boolean expression. For each process `p`, the `event ` can be evaluated in the context of `p`. If `event ` evaluates to `true`, then `p` must be included in an ample set containing a call to this function. 71 73 72 The expression `e ` hence defines a predicate d(s,p), where s ranges over states, and p over procs. The requirement is the following:74 The expression `event ` hence defines a predicate d(s,p), where s ranges over states, and p over procs. The requirement is the following: 73 75 74 76 Let s be any state and p a proc such that a function call for this function is enabled in p. Then in any execution departing from s, no transition dependent on the execution of this function call can occur without a transition from p or a proc q satisfying d(s,q) occurring first.
