-
Notifications
You must be signed in to change notification settings - Fork 1
/
011-string_xor.dfy
42 lines (40 loc) · 1.18 KB
/
011-string_xor.dfy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
predicate represents_byte(a: char)
{
a in "01"
}
function char_xor(a: char, b: char): char
requires represents_byte(a)
requires represents_byte(b)
{
if (a == b) then
'0'
else
'1'
}
method string_xor(a: string, b: string) returns (result: string)
// pre-conditions-start
requires |a| == |b|
requires forall i :: 0 <= i < |a| ==> represents_byte(a[i])
requires forall i :: 0 <= i < |b| ==> represents_byte(b[i])
// pre-conditions-end
// post-conditions-start
ensures |result| == |a|
ensures forall i :: 0 <= i < |result| ==> represents_byte(result[i])
ensures forall i :: 0 <= i < |result| ==> result[i] == char_xor(a[i], b[i])
// post-conditions-end
{
// impl-start
result := "";
for i := 0 to |a|
// invariants-start
invariant |result| == i
invariant forall i :: 0 <= i < |a| ==> represents_byte(a[i])
invariant forall i :: 0 <= i < |b| ==> represents_byte(b[i])
invariant forall j :: 0 <= j < i ==> result[j] == char_xor(a[j], b[j])
// invariants-end
{
var bitResult := char_xor(a[i], b[i]);
result := result + [bitResult];
}
// impl-end
}