CristalCaveGem » LustreC

#include <assert.h>

#include "oversampling0.h"

typedef enum _bool { false = 0, true = 1 } bool ;

/* C code generated by lustrec

   SVN version number 0.1-382M

   Code is C99 compliant */

/* Import dependencies */

/* Global constants (definitions) */

/* Struct definitions */

struct g_mem {struct g_reg {int __g_2; } _reg; struct _arrow_mem *ni_1; struct f_mem *ni_0; };

struct f_mem {struct f_reg {int __f_2; } _reg; struct _arrow_mem *ni_2; };

/* Scheduling:   y ; __f_1 ; __f_3 ; cpt ; __f_2

               A   B       C       D     E       F

   Death table: __f_3 |-> __f_1, cpt |-> __f_3

   Reuse table: {}

*/

/*@ predicate init_f(struct _arrow_mem ni_2_in) =

    (ni_2_in._reg._first == true);

 */

/*@ predicate trans_fA(int x_in, int __f_2_in, struct _arrow_mem ni_2_in) =

    \true;

*/

/*@ predicate trans_fy(int x_in, int __f_2_in, struct _arrow_mem ni_2_in,

                      int y_out) =

    (y_out == x_in + 1);

*/

/*@ predicate clock_fy(int x_in, int __f_2, struct _arrow_mem ni_2_in) =

    \true;

*/

/*@ predicate trans_fB(int x_in, int __f_2_in, struct _arrow_mem ni_2_in, int y_out) =

       trans_fA(x_in, __f_2_in, ni_2_in)

    && (clock_fy(x_in, __f_2_in, ni_2_in) ==> trans_fy(x_in, __f_2_in, ni_2_in, y_out));

*/

/*@ predicate trans_f__f_1(int x_in, int __f_2_in, struct _arrow_mem ni_2_in, int y_out, _Bool __f_1, struct _arrow_mem ni_2_out) =

    (ni_2_in._reg._first)?((ni_2_out == { ni_2_in \with ._reg._first = false }) && (__f_1 == true)):((ni_2_out == ni_2_in) && (__f_1 == false));

*/

/*@ predicate clock_f__f_1(int x_in, int __f_2_in, struct _arrow_mem ni_2_in, int y_out) =

    \true;

*/

/*@ predicate trans_fC(int x_in, int __f_2_in, struct _arrow_mem ni_2_in, int y_out, _Bool __f_1, struct _arrow_mem ni_2_out) =

       trans_fB(x_in, __f_2_in, ni_2_in, y_out)

    && (clock_f__f_1(x_in, __f_2_in, ni_2_in, y_out) ==> trans_f__f_1(x_in, __f_2_in, ni_2_in, y_out, __f_1, ni_2_out));

*/

/*@ predicate trans_f__f_3(int x_in, int __f_2_in, struct _arrow_mem ni_2_in, int y_out, _Bool __f_1, struct _arrow_mem ni_2_out, int __f_3) =

    (__f_1)?(__f_3 == 0):(__f_3 == __f_2_in);

*/

/*@ predicate clock_f__f_3(int x_in, int __f_2_in, struct _arrow_mem ni_2_in, int y_out, _Bool __f_1, struct _arrow_mem ni_2_out) =

    \true;

*/

/*@ predicate trans_fD(int x_in, int __f_2_in, struct _arrow_mem ni_2_in, int y_out, struct _arrow_mem ni_2_out, int __f_3) =

    \exists _Bool __f_1;

       trans_fC(x_in, __f_2_in, ni_2_in, y_out, __f_1, ni_2_out)

    && (clock_f__f_3(x_in, __f_2_in, ni_2_in, y_out, __f_1, ni_2_out) ==> trans_f__f_3(x_in, __f_2_in, ni_2_in, y_out, __f_1, ni_2_out, __f_3));

*/

/*@ predicate trans_fd(int x_in, int __f_2_in, struct _arrow_mem ni_2_in, int y_out, struct _arrow_mem ni_2_out, int __f_3, int cpt_out) =

    (cpt_out == __f_3 + 1);

*/

/*@ predicate clock_fd(int x_in, int __f_2_in, struct _arrow_mem ni_2_in, int y_out, struct _arrow_mem ni_2_out, int __f_3) =

    \true;

*/

/*@ predicate trans_fE(int x_in, int __f_2_in, struct _arrow_mem ni_2_in, int y_out, struct _arrow_mem ni_2_out, int cpt_out) =

    \exists int __f_3;

       trans_fD(x_in, __f_2_in, ni_2_in, y_out, ni_2_out, __f_3)

    && (clock_fd(x_in, __f_2_in, ni_2_in, y_out, ni_2_out, __f_3) ==> trans_fd(x_in, __f_2_in, ni_2_in, y_out, ni_2_out, __f_3, cpt_out));

*/

/*@ predicate trans_f__f_2(int x_in, int __f_2_in, struct _arrow_mem ni_2_in, int y_out, struct _arrow_mem ni_2_out, int cpt_out, int __f_2_out) =

    (__f_2_out == cpt_out);

*/

/*@ predicate clock_f__f_2(int x_in, int __f_2_in, struct _arrow_mem ni_2_in, int y_out, struct _arrow_mem ni_2_out, int cpt_out) =

    \true;

*/

/*@ predicate trans_fF(int x_in, int __f_2_in, struct _arrow_mem ni_2_in, int y_out, struct _arrow_mem ni_2_out, int cpt_out, int __f_2_out) =

       trans_fE(x_in, __f_2_in, ni_2_in, y_out, ni_2_out, cpt_out)

    && (clock_f__f_2(x_in, __f_2_in, ni_2_in, y_out, ni_2_out, cpt_out) ==> trans_f__f_2(x_in, __f_2_in, ni_2_in, y_out, ni_2_out, cpt_out, __f_2_out));

*/

/*@ predicate valid_f(struct f_mem *self) =

       \valid(self)

    && \valid(self->ni_2);

 */

void f_reset (struct f_mem *self) {

  _arrow_reset(self->ni_2);

  return;

}

/*@

    requires valid_f(self);

    requires \valid(cpt);

    requires \valid(y);

    requires \separated(self, cpt, y, (self->ni_2));

    ensures trans_fF(x, \at(self->_reg.__f_2, Pre), \at(*(self->ni_2), Pre), *y, *(self->ni_2), *cpt, self->_reg.__f_2);

    assigns *cpt, *y, self->_reg.__f_2, (self->ni_2)->_reg._first;

*/

void f_step (int x, 

             int (*cpt), int (*y),

             struct f_mem *self) {

  _Bool __f_1;

  int __f_3;

  //@ assert trans_fA(x, \at(self->_reg.__f_2, Pre), \at(*(self->ni_2), Pre));

  *y = (x + 1);

  //@ assert trans_fB(x, \at(self->_reg.__f_2, Pre), \at(*(self->ni_2), Pre), *y);

  _arrow_step (1, 0, &__f_1, self->ni_2);

  //@ assert trans_fC(x, \at(self->_reg.__f_2, Pre), \at(*(self->ni_2), Pre), *y, __f_1, *(self->ni_2));

  if (__f_1) {

    __f_3 = 0;

  } else {

    __f_3 = self->_reg.__f_2;

  }

  //@ assert trans_fD(x, \at(self->_reg.__f_2, Pre), \at(*(self->ni_2), Pre), *y, *(self->ni_2), __f_3);

  *cpt = (__f_3 + 1);

  //@ assert trans_fE(x, \at(self->_reg.__f_2, Pre), \at(*(self->ni_2), Pre), *y, *(self->ni_2), *cpt);

  self->_reg.__f_2 = *cpt;

  //@ assert trans_fF(x, \at(self->_reg.__f_2, Pre), \at(*(self->ni_2), Pre), *y, *(self->ni_2), *cpt, self->_reg.__f_2);

  return;

}

/* Scheduling:   __g_1 ; last_y ; t ; y ; out ; cpt ; __g_2

   Real sched:   __g_1 ; last_y ; t ; (y, cpt) ; out ; __g_2

               A       B        C   D          E     F       G

   Death table: last_y |-> __g_1, t |-> last_y, (y, cpt) |-> {t, cpt}, __g_2 |-> y

   Reuse table: t |-> last_y, y |-> last_y

*/

/*@ predicate init_g(struct f_mem ni_0_in, struct _arrow_mem ni_1_in) =

       (ni_1_in._reg._first == true)

    && \valid(ni_0_in.ni_2)

    && init_f(*(ni_0_in.ni_2));

*/

/*@ predicate trans_gA(_Bool c, int x_in, int __g_2_in, struct f_mem ni_0_in, struct _arrow_mem ni_1_in) =

      \true;

*/

/*@ predicate clock_g__g_1(_Bool c, int x_in, int __g_2_in, struct f_mem ni_0_in, struct _arrow_mem ni_1_in) =

      \true;

 */

/*@ predicate trans_g__g_1(_Bool c, int x_in, int __g_2_in, struct f_mem ni_0_in, struct _arrow_mem ni_1_in, _Bool __g_1, struct _arrow_mem ni_1_out) =

  (ni_1_in._reg._first)?((ni_1_out == { ni_1_in \with ._reg._first = false }) && (__g_1 == true)):((ni_1_out == ni_1_in) && (__g_1 == false));

 */

/*@ predicate trans_gB(_Bool c, int x_in, int __g_2_in, struct f_mem ni_0_in, struct _arrow_mem ni_1_in, _Bool __g_1, struct _arrow_mem ni_1_out) =

       trans_gA(c, x_in, __g_2_in, ni_0_in, ni_1_in)

    && (clock_g__g_1(c, x_in, __g_2_in, ni_0_in, ni_1_in) ==> trans_g__g_1(c, x_in, __g_2_in, ni_0_in, ni_1_in, __g_1, ni_1_out));

*/

/*@ predicate clock_glast_y(_Bool c, int x_in, int __g_2_in, struct f_mem ni_0_in, struct _arrow_mem ni_1_in, _Bool __g_1, struct _arrow_mem ni_1_out) =

      \true;

 */

/*@ predicate trans_glast_y(_Bool c, int x_in, int __g_2_in, struct f_mem ni_0_in, struct _arrow_mem ni_1_in, _Bool __g_1, struct _arrow_mem ni_1_out, int last_y) =

      (__g_1)?(last_y == 0):(last_y == __g_2_in);

 */

/*@ predicate trans_gC(_Bool c, int x_in, int __g_2_in, struct f_mem ni_0_in, struct _arrow_mem ni_1_in, struct _arrow_mem ni_1_out, int last_y) =

    \exists  _Bool __g_1;

       trans_gB(c, x_in, __g_2_in, ni_0_in, ni_1_in, __g_1, ni_1_out)

    && (clock_glast_y(c, x_in, __g_2_in, ni_0_in, ni_1_in, __g_1, ni_1_out) ==> trans_glast_y(c, x_in, __g_2_in, ni_0_in, ni_1_in, __g_1, ni_1_out, last_y));

*/

/*@ predicate clock_gt(_Bool c, int x_in, int __g_2_in, struct f_mem ni_0_in, struct _arrow_mem ni_1_in, struct _arrow_mem ni_1_out, int last_y) =

      \true;

 */

/*@ predicate trans_gt(_Bool c, int x_in, int __g_2_in, struct f_mem ni_0_in, struct _arrow_mem ni_1_in, struct _arrow_mem ni_1_out, int last_y, int t) =

      (c)?(t == x_in):(t == last_y);

 */

/*@ predicate trans_gD(_Bool c, int x_in, int __g_2_in, struct f_mem ni_0_in, struct _arrow_mem ni_1_in, struct _arrow_mem ni_1_out, int t) =

    \exists int last_y;

       trans_gC(c, x_in, __g_2_in, ni_0_in, ni_1_in, ni_1_out, last_y)

    && (clock_gt(c, x_in, __g_2_in, ni_0_in, ni_1_in, ni_1_out, last_y) ==> trans_gt(c, x_in, __g_2_in, ni_0_in, ni_1_in, ni_1_out, last_y, t));

*/

/*@ predicate clock_gy(_Bool c, int x_in, int __g_2_in, struct f_mem ni_0_in, struct _arrow_mem ni_1_in, struct _arrow_mem ni_1_out, int t) =

      \true;

 */

/*@ predicate trans_gy(_Bool c, int x_in, int __g_2_in, struct f_mem ni_0_in, struct _arrow_mem ni_1_in, struct _arrow_mem ni_1_out, int t, int y, int cpt, struct f_mem ni_0_out) =

      trans_fF(t, ni_0_in._reg.__f_2, *ni_0_in.ni_2, y, *ni_0_out.ni_2, cpt, ni_0_out._reg.__f_2);

 */

/*@ predicate trans_gE(_Bool c, int x_in, int __g_2_in, struct f_mem ni_0_in, struct _arrow_mem ni_1_in, struct _arrow_mem ni_1_out, int y, struct f_mem ni_0_out) =

    \exists int t, int cpt;

       trans_gD(c, x_in, __g_2_in, ni_0_in, ni_1_in, ni_1_out, t)

    && (clock_gy(c, x_in, __g_2_in, ni_0_in, ni_1_in, ni_1_out, t) ==> trans_gy(c, x_in, __g_2_in, ni_0_in, ni_1_in, ni_1_out, t, y, cpt, ni_0_out));

*/

/*@ predicate clock_gout(_Bool c, int x_in, int __g_2_in, struct f_mem ni_0_in, struct _arrow_mem ni_1_in, struct _arrow_mem ni_1_out, int y, struct f_mem ni_0_out) =

      (c == false);

 */

/*@ predicate trans_gout(_Bool c, int x_in, int __g_2_in, struct f_mem ni_0_in, struct _arrow_mem ni_1_in, struct _arrow_mem ni_1_out, int y, struct f_mem ni_0_out, int out_out) =

      (out_out == y);

 */

/*@ predicate trans_gF(_Bool c, int x_in, int __g_2_in, struct f_mem ni_0_in, struct _arrow_mem ni_1_in, struct _arrow_mem ni_1_out, int y, struct f_mem ni_0_out, int out_out) =

       trans_gE(c, x_in, __g_2_in, ni_0_in, ni_1_in, ni_1_out, y, ni_0_out)

    && (clock_gout(c, x_in, __g_2_in, ni_0_in, ni_1_in, ni_1_out, y, ni_0_out) ==> trans_gout(c, x_in, __g_2_in, ni_0_in, ni_1_in, ni_1_out, y, ni_0_out, out_out));

*/

/*@ predicate clock_g__g_2(_Bool c, int x_in, int __g_2_in, struct f_mem ni_0_in, struct _arrow_mem ni_1_in, struct _arrow_mem ni_1_out, int y, struct f_mem ni_0_out, int out_out) =

      \true;

 */

/*@ predicate trans_g__g_2(_Bool c, int x_in, int __g_2_in, struct f_mem ni_0_in, struct _arrow_mem ni_1_in, struct _arrow_mem ni_1_out, int y, struct f_mem ni_0_out, int out_out, int __g_2_out) =

      (__g_2_out == y);

 */

/*@ predicate trans_gG(_Bool c, int x_in, int __g_2_in, struct f_mem ni_0_in, struct _arrow_mem ni_1_in, struct _arrow_mem ni_1_out, struct f_mem ni_0_out, int out_out, int __g_2_out) =

    \exists int y;

       trans_gF(c, x_in, __g_2_in, ni_0_in, ni_1_in, ni_1_out, y, ni_0_out, out_out)

    && (clock_g__g_2(c, x_in, __g_2_in, ni_0_in, ni_1_in, ni_1_out, y, ni_0_out, out_out) ==> trans_g__g_2(c, x_in, __g_2_in, ni_0_in, ni_1_in, ni_1_out, y, ni_0_out, out_out, __g_2_out));

*/

/*@ predicate valid_g(struct g_mem *self) =

       \valid(self)

    && \valid(self->ni_0)

    && \valid(self->ni_1)

    && valid_f(self->ni_0);

 */

void g_reset (struct g_mem *self) {

  _arrow_reset(self->ni_1);

  f_reset(self->ni_0);

  return;

}

/*@

    requires \valid(out);

    requires valid_g(self);

    requires \separated(self, out, (self->ni_0), (self->ni_1), (self->ni_0)->ni_2);

    assigns *out, self->_reg.__g_2, (self->ni_1)->_reg._first, (self-> ni_0)->_reg.__f_2, ((self->ni_0)->ni_2)->_reg._first;

*/

void g_step (_Bool c, int x, 

             int (*out),

             struct g_mem *self) {

  _Bool __g_1;

  int cpt;

  int last_y;

  int t;

  int y;

  //@ assert valid_g(self);

  //@ assert \separated(self, out, (self->ni_0), (self->ni_1), (self->ni_0)->ni_2);

  //@ assert trans_gA(c, x, \at(self->_reg.__g_2, Pre), \at(*(self->ni_0),Pre), \at(*(self->ni_1), Pre));

  _arrow_step (1, 0, &__g_1, self->ni_1);

  //@ assert valid_g(self);

  //@ assert \separated(self, out, (self->ni_0), (self->ni_1), (self->ni_0)->ni_2);

  //@ assert trans_gB(c, x, \at(self->_reg.__g_2, Pre), \at(*(self->ni_0),Pre), \at(*(self->ni_1), Pre), __g_1, *(self->ni_1));

  if (__g_1) {

    last_y = 0;

  } else {

    last_y = self->_reg.__g_2;

  }

  //@ assert valid_g(self);

  //@ assert \separated(self, out, (self->ni_0), (self->ni_1), (self->ni_0)->ni_2);

  //@ assert trans_gC(c, x, \at(self->_reg.__g_2, Pre), \at(*(self->ni_0),Pre), \at(*(self->ni_1), Pre), *(self->ni_1), last_y);

  if (c) {

    t = x;

  } else {

    t = last_y;

  }

  //@ assert valid_g(self);

  //@ assert \separated(self, out, (self->ni_0), (self->ni_1), (self->ni_0)->ni_2);

  //@ assert trans_gD(c, x, \at(self->_reg.__g_2, Pre), \at(*(self->ni_0),Pre), \at(*(self->ni_1), Pre), *(self->ni_1), t);

  f_step (t, &cpt, &y, self->ni_0);

  //@ assert valid_g(self);

  //@ assert \separated(self, out, (self->ni_0), (self->ni_1), (self->ni_0)->ni_2);

  //@ assert \forall struct f_mem ni_0; (ni_0._reg == \at((self->ni_0)->_reg, Pre)) ==> \forall struct _arrow_mem ni_2; (ni_0.ni_2 == \at(*(self->ni_0->ni_2), Pre)) ==> trans_gE(c, x, \at(self->_reg.__g_2, Pre), ni_0, \at(*(self->ni_1), Pre), *(self->ni_1), y, *(self->ni_0));

  if (c) {

  } else {

    *out = y;

  }

  //@ assert valid_g(self);

  //@ assert \separated(self, out, (self->ni_0), (self->ni_1), (self->ni_0)->ni_2);

  //@ assert trans_gF(c, x, \at(self->_reg.__g_2, Pre), \at(*(self->ni_0), Pre_ni_0), \at(*(self->ni_1), Pre), *(self->ni_1), y, *(self->ni_0), *out);

  self->_reg.__g_2 = y;

  //@ assert valid_g(self);

  //@ assert \separated(self, out, (self->ni_0), (self->ni_1), (self->ni_0)->ni_2);

  //@ assert trans_gG(c, x, \at(self->_reg.__g_2, Pre), \at(*(self->ni_0), Pre_ni_0), \at(*(self->ni_1), Pre), *(self->ni_1), *(self->ni_0), *out, self->_reg.__g_2);

  return;

}