1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
/**************************************************************************/
/* */
/* The Why platform for program certification */
/* Copyright (C) 2002-2008 */
/* Romain BARDOU */
/* Jean-Franois COUCHOT */
/* Mehdi DOGGUY */
/* Jean-Christophe FILLITRE */
/* Thierry HUBERT */
/* Claude MARCH */
/* Yannick MOY */
/* Christine PAULIN */
/* Yann RGIS-GIANAS */
/* Nicolas ROUSSET */
/* Xavier URBAIN */
/* */
/* This software is free software; you can redistribute it and/or */
/* modify it under the terms of the GNU General Public */
/* License version 2, as published by the Free Software Foundation. */
/* */
/* This software is distributed in the hope that it will be useful, */
/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */
/* */
/* See the GNU General Public License version 2 for more details */
/* (enclosed in the file GPL). */
/* */
/**************************************************************************/
class NoCreditException0 extends Exception {
static final long serialVersionUID = 0;
NoCreditException0();
}
public class Purse0 {
public int balance;
//@ invariant balance_non_negative: balance >= 0;
/*@ behavior created:
@ ensures balance == 0;
@*/
public Purse0() {
balance = 0;
}
/*@ requires s >= 0;
@ behavior done:
@ assigns balance;
@ ensures balance == \old(balance)+s;
@*/
public void credit(int s) {
balance += s;
}
/*@ requires s >= 0;
@ behavior done:
@ assigns balance;
@ ensures s <= \old(balance) && balance == \old(balance) - s;
@ behavior amount_too_large:
@ assigns \nothing;
@ signals (NoCreditException0) s > \old(balance) ;
@*/
public void withdraw(int s) throws NoCreditException0 {
if (balance >= s) {
balance = balance - s;
}
else {
throw new NoCreditException0();
}
}
/*@ // requires p1 != null && p2 != null && p1 != p2;
@ behavior ok:
@ assigns p1.balance,p2.balance;
@ ensures \result == 0;
@*/
public static int test(Purse0 p1, Purse0 p2) {
p1.balance = 0;
p2.credit(100);
return p1.balance;
}
/*@ requires p != null;
@ behavior ok:
@ assigns p.balance ;
@ ensures \result <==> (\old(p.balance) >= 1000);
@*/
public static boolean test2(Purse0 p) {
try {
p.withdraw(1000);
return true;
}
catch (NoCreditException0 e) {
return false;
}
}
}
/*
Local Variables:
compile-command: "make Purse0.io"
End:
*/
|
