File: types.why

package info (click to toggle)
frama-c 20100401%2Bboron%2Bdfsg-5
links: PTS, VCS
area: main
in suites: squeeze
size: 12,908 kB
ctags: 19,772
sloc: ml: 117,445; ansic: 10,764; makefile: 1,706; lisp: 176; sh: 27
file content (192 lines) | stat: -rw-r--r-- 6,690 bytes
(**************************************************************************)
(*                                                                        *)
(*  This file is part of Frama-C.                                         *)
(*                                                                        *)
(*  Copyright (C) 2007-2010                                               *)
(*    CEA   (Commissariat  l'nergie atomique et aux nergies            *)
(*           alternatives)                                                *)
(*    INRIA (Institut National de Recherche en Informatique et en         *)
(*           Automatique)                                                 *)
(*                                                                        *)
(*  you can redistribute it and/or modify it under the terms of the GNU   *)
(*  Lesser General Public License as published by the Free Software       *)
(*  Foundation, version 2.1.                                              *)
(*                                                                        *)
(*  It is distributed in the hope that it will be useful,                 *)
(*  but WITHOUT ANY WARRANTY; without even the implied warranty of        *)
(*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *)
(*  GNU Lesser General Public License for more details.                   *)
(*                                                                        *)
(*  See the GNU Lesser General Public License version v2.1                *)
(*  for more details (enclosed in the file licenses/LGPLv2.1).            *)
(*                                                                        *)
(**************************************************************************)

(** Defines some types : they are not all used in each model,
but try to have different names when things are different 
(eg. pointer vr address) 
*)

include "bool.why"
include "integer.why"
include "real.why" 
include "arrays.why"

(*----------------------------------------------------------------------------*)

type 'a option
logic None : 'a option
logic Some : 'a -> 'a option
axiom None_neq_Some : forall v:'a. None <> Some(v)
axiom Some_inj : forall x, y:'a. Some(x) = Some(y) -> x=y

(*----------------------------------------------------------------------------*)
(** Integer types :
*)

type 'a gint

type c_bool
type char 
type uchar 
type schar 
type cint 
type uint 
type short 
type ushort 
type long 
type ulong 
type longlong 
type ulonglong 

type size_t 
(*
logic c_bool : int_type
logic char : int_type
logic uchar : int_type
logic schar : int_type
logic cint : int_type
logic uint : int_type
logic short : int_type
logic ushort : int_type
logic long : int_type
logic ulong : int_type
logic longlong : int_type
logic ulonglong : int_type

logic size_t : int_type
*)

(*-------------------------------------*)
(** Integer conversion : *)

logic int_of_gint : 'a gint -> int

logic char_of_int : int -> char gint
logic cint_of_int : int -> cint gint

(*-------------------------------------*)
(** Integer operations : *)

logic neg_gint : 'a gint -> 'a gint
logic add_gint : 'a gint, 'a gint -> 'a gint
logic sub_gint : 'a gint, 'a gint -> 'a gint
logic mul_gint : 'a gint, 'a gint -> 'a gint
logic div_gint : 'a gint, 'a gint -> 'a gint
logic mod_gint : 'a gint, 'a gint -> 'a gint

(*-------------------------------------*)
(** Integer comparison : *)

logic lt_gint_bool : 'a gint, 'a gint -> bool
logic gt_gint_bool : 'a gint, 'a gint -> bool
logic le_gint_bool : 'a gint, 'a gint -> bool
logic ge_gint_bool : 'a gint, 'a gint -> bool
logic eq_gint_bool : 'a gint, 'a gint -> bool
logic neq_gint_bool : 'a gint, 'a gint -> bool

logic lt_gint : 'a gint, 'a gint -> prop
logic gt_gint : 'a gint, 'a gint -> prop
logic le_gint : 'a gint, 'a gint -> prop
logic ge_gint : 'a gint, 'a gint -> prop

(*-------------------------------------*)
(** Integer operations axioms : 
here mapped to why integer operations, but we can have a more specific
axiomatic.
*)

axiom ax_neg_gint : 
  forall x : 'a gint. int_of_gint(neg_gint(x)) = neg_int(int_of_gint(x))
axiom ax_add_gint : forall x, y : 'a gint. 
  int_of_gint(add_gint(x,y)) = add_int(int_of_gint(x),int_of_gint(y))
axiom ax_sub_gint : 
  forall x, y : 'a gint. int_of_gint(sub_gint(x,y)) =
sub_int(int_of_gint(x),int_of_gint(y))
axiom ax_mul_gint : 
  forall x, y : 'a gint. int_of_gint(mul_gint(x,y)) =
mul_int(int_of_gint(x),int_of_gint(y))
axiom ax_div_gint : 
  forall x, y : 'a gint. int_of_gint(div_gint(x,y)) =
div_int(int_of_gint(x),int_of_gint(y))
axiom ax_mod_gint : 
  forall x, y : 'a gint. int_of_gint(mod_gint(x,y)) =
mod_int(int_of_gint(x),int_of_gint(y))

axiom ax_lt_gint_bool : 
  forall x, y : 'a gint. lt_gint_bool(x,y) =
lt_int_bool(int_of_gint(x),int_of_gint(y))
axiom ax_gt_gint_bool : 
  forall x, y : 'a gint. gt_gint_bool(x,y) =
gt_int_bool(int_of_gint(x),int_of_gint(y))
axiom ax_le_gint_bool : 
  forall x, y : 'a gint. le_gint_bool(x,y) =
le_int_bool(int_of_gint(x),int_of_gint(y))
axiom ax_ge_gint_bool : 
  forall x, y : 'a gint. ge_gint_bool(x,y) =
ge_int_bool(int_of_gint(x),int_of_gint(y))
axiom ax_eq_gint_bool : 
  forall x, y : 'a gint. eq_gint_bool(x,y) =
eq_int_bool(int_of_gint(x),int_of_gint(y))
axiom ax_neq_gint_bool : 
  forall x, y : 'a gint. neq_gint_bool(x,y) =
neq_int_bool(int_of_gint(x),int_of_gint(y))

axiom ax_le_gint : 
  forall x, y : 'a gint. le_gint(x,y) <-> le_int(int_of_gint(x),int_of_gint(y))
axiom ax_ge_gint : 
  forall x, y : 'a gint. ge_gint(x,y) <-> ge_int(int_of_gint(x),int_of_gint(y))
axiom ax_lt_gint : 
  forall x, y : 'a gint. lt_gint(x,y) <-> lt_int(int_of_gint(x),int_of_gint(y))
axiom ax_gt_gint : 
  forall x, y : 'a gint. gt_gint(x,y) <-> gt_int(int_of_gint(x),int_of_gint(y))

(*-------------------------------------*)
(** Booleans *)

(*
logic bool_of_cbool : c_bool gint -> bool

logic _true : c_bool gint
axiom acsl_true_is_bool_true : bool_of_cbool (_true) = true
logic _false : c_bool gint
axiom acsl_false_is_bool_false : bool_of_cbool (_false) = false
*)
logic _true : bool
axiom acsl_true_is_bool_true : (_true) = true
logic _false : bool
axiom acsl_false_is_bool_false : (_false) = false

(* boolean expressions used as integers have to be injected,
but we only know that it is 0 iff the bool is false.
We cannot give any value to a true bool. *)
logic int_of_bool : bool -> int
axiom int_of_bool_false : int_of_bool (false) = 0
axiom int_of_bool_true : int_of_bool (true) <> 0

(*----------------------------------------------------------------------------*)

type 'a pointer 

(*----------------------------------------------------------------------------*)