我得到了一项任务,我必须删除 JML 产生的每个警告。
如果我在构造函数 my 中调用一个方法requires并且ensures不再验证,尽管为被调用函数添加了相同的约束。
我被要求仅使用requires,ensures和。
这是代码:invariantloop_invariant
/*@ non_null @*/ int[] elements;
int n;
//@ invariant n >= 0;
//@ requires input != null;
//@ requires input.length >= 0;
//@ ensures elements != null;
Class(int[] input) {
n = input.length;
elements = new int[n];
arraycopy(input, 0, elements, 0, n);
//@ assert n >= 0;
}
//@ requires srcOff >= 0;
//@ requires destOff >= 0;
//@ requires length >= 0;
//@ requires dest.length >= destOff + length;
//@ requires src.length >= srcOff + length;
//@ ensures dest.length == \old(dest.length);
//@ ensures length == \old(length) ==> length >= 0;
//@ ensures dest != null;
private static void arraycopy(/*@ non_null @*/ int[] src,
int srcOff,
/*@ non_null @*/ int[] dest,
int destOff,
int length) {
//@ loop_invariant destOff+i >= 0;
//@ loop_invariant srcOff+i >= 0;
//@ loop_invariant length >= 0;
for(int i=0 ; i<length; i=i+1) {
dest[destOff+i] = src[srcOff+i];
}
}
和产生的输出:
Class.java:25: warning: The prover cannot establish an assertion (NullField) in method Class
/*@ non_null @*/ int[] elements;
^
Class.java:32: warning: The prover cannot establish an assertion (InvariantExit: MultiSet.java:27: ) in method Class
Class(int[] input) {
^
Class.java:27: warning: Associated declaration: Class.java:32:
//@ invariant n >= 0;
^
3 warnings
一种解决方案是使函数arraycopy非静态,但我不明白为什么。