Lecture 004

-1 only when dividing int_min()/-1 Other division by -1 is fine

[any_number]/0 [any_number]%0

Memory

frame: Local Memory. (stack)

when calling function, frame created
when function return, frame disappear
global variable can be accessed in deeper frame

active frame: the local memory in a function that is currently running.

Local Memory:

store int, bool, char, (string, but special), address
When passing array to a function, we created a new address copy in local memory that points to the same allocated memory.
You cannot change entire array
You can change individual element

Allocated Memory

store array themselves created using alloc_array
Array Memory

Creating Array

int[] A = alloc_array(int, 5);

Hex number is memory address (pointing to a array in allocated memory)
array lives in allocated memory (not local memory)
array has fixed size
int[] a = {1}; is not allowed
you cannot set null to array because it is not an array type
to create array of array, you have to do multiple aloc_array()
The largest array you can create alloc_array(int, int_max()/16); with 134217727 elements
There is no way to know the size of an array

Modifying Array

re-assign variable

shallow copy: create aliasing in local memory, and pointing toward allocated memory.

Comparing Array

Comparing array only compares its address, never compare

alloc_array(int, 3) == alloc_array(int 3) gives False
int[] A=alloc_array(int, 3);int[] B=A; A==B gives True

Garbage Collecting

When no address point to array, array gets garbage collected. (we don't de-allocate array)

Copying Array

Bad code for passing requires

int[] array_copy(int[] A, int n)
@//requires n>=0
{
  int[] B = alloc_array(int, n);
  return B;
}

int[] array_copy(int[] A, int n)
//@requries n == \length(A);
{
  int[] B = alloc_array(int, n);
  B = A;
  return B;
}

A Working Solution TODO

int[] array_copy(int[] A, int n)
//@requires n == \length(A)
{
  int[] B = alloc_array(int, n);
  for (int i=0; i<n; i++) {
    B[i] = A[i];
  }
  return B;
}

int main() {
  int[] I = ...[5, 6, 7]...;
  int[] J = array_copy(I, 3);
  return 0;
}

Proving Safety

Contracts of Array Operations

alloc_array(type, n)
//@requires n >= 0;
//@ensures \length(\result) == n;

A[i]
//@requires 0 <= i
//@requires i < \length(A);

\length(A)
//@ensures \result >=0;

Safety

Precondition

alloc_array is safe
A[i] operational reasoning
Adding loop invariant //@loop_invariant 0 <= i;
Proving the loop invariant
- INIT: int i = 0; 0 <= 0;
- PRES: 0<=i; i'=i+1; 0<=i+1;
- :warning: (above is true when i!=int_max())
- i<n; i!=int_max(); 0<=i'
Proving safety of call to array_copy (adding postconditions //@ensures n==\length(\result);)
- well, in order to prove this @ensure, we need to prove correctness

Good Code

int[] array_copy(int[] A, int n)
//@requires n == \length(A);
//@ensures \length(\result)==n;
{
  int[] B = alloc_array(int, n);
  for (int i=0; i<0; i++) {
    //@loop_invariant 0<=i;
    B[i]=A[i];
  }
  return B;
}

Proving Correctness

length correct
write testing code
ensure you don't modify given array
making ensure as complicated as the function itself (not suggested)

(x/y)*y + (x%y) = y 0 <= |x%y| < |y| x/y rounds towards 0.

writing 2 due Monday programming 2 due Thursday bit patterns interfaces

TODO re-watch Q&A section

Table of Content