|
|
||
|
This article belongs to the series documenting the reasoning behind and development of new features in the Formal Methods Toolkit.
The previous article was a sketch of ideas for proper support of quantified statements in FMT. The basic building blocks, which are the means to state quantified statements as well as their propagation across array modifications, do not require any new syntax in the model, only the internal data structures needed extensions to store and process quantified statements.
The following is an already working example of assumption about array using the universally quantified statement, followed by modification of some element in the middle and assignment of the whole to another array:
There is a bit of cheating in the above model, as the assumption is made about a local array a. None of the target programming languages can support it without additional tweaking, as local arrays are by default uninitialized, but this simplified example is still sufficient to demonstrate the underlying mechanics of how quantified statements integrate with the existing structures.
The proof statements reveal how the above translates into the evolving set of knowns in each step:
In the above list each index (except start and finish) corresponds to a single line in the body of operation foo and it can be seen that:
The proper handling of such knowledge is essential for further processing of both arrays.
Further articles will demonstrate the remaining building blocks, which are deduction, induction and verification.