Information Technology Reference
In-Depth Information
8
:
9
;
N
0
= fFB
0
6
then FB
0
else
2
−
=
?
v
m.ZN
0
= fN
0
6
then N
0
else m.ZN
^
=
?
a
=
ZN
0
=ifN
0
6
^
=
?
then m.ZN else
?
FB
0
2
^ v
,
=
?
After adding the functionality constraints, we obtain:
(ZN
c
=ZN
0
^
1
2
1
−
2
−
'
:(
e
^
1=1
!
(
v
=
v
^ v
=
v
))
!
(
c
!
a
))
where
e
stands for the conjunction
8
:
9
;
m.ZN = ZN
c
FB
0
=
if
h2
0
c
then
FB
0
c
else
^
?
N
0
=N
c
^
m.ZN
0
=ZN
c
^
ZN
0
=ZN
c
^
as presented in the verication condition U2a. We can use the substitution
e
to replace all occurrences of abstract variables in
by their corresponding con-
crete expressions. After some simplications, this yields the following implication
referring only to the concrete variables and the newly added
'
v
's:
8
:
9
;
(h1
0
c
= T)
(h2
0
c
=(
^
v
1
))
8
:
9
;
^
1
2
v
=
v
(h2
0
c
)
N
0
c
=FB
c
)
'
:
^
!
1
−
2
−
^ v
=
v
h2
0
c
)
(FB
0
c
=FB
c
^
N
c
=
1
−
^
(
:
v
))
(ZN
0
c
=N
c
)
^
N
c
=
if
h2
0
c
then
FB
0
c
else
ZN
0
c
=N
c
h2
0
c
2
−
2
v
^
^ v
,
A
, the one related to ZN
0
, has been simplied
away. The reason is that this conjunct was used to dene the
Note that the third conjunct of
mapping for ZN
0
,
so it would be trivially satied after the substituition.
The resulting equality formula belongs to a fragment of rst order logic which
has a
small model
property [4]. This means that the validity of these formulas
can be established by solely inspecting models up to a certain nite cardinality.
In order to make these nite domains as small as possible we apply another
technique called
range allocation
.
The domain that can always be taken when using these kind of abstractions is
simply a nite set of integers whose size is the number of (originally) integer/float
Search WWH ::
Custom Search