Common use of prev Expression Clause in Contracts

prev Expression. Our prev expressions can be used in a change contract to refer to the value of the previous version from the context of the updated version. The value of prev(E) is decided depending on where this prev expression appears. If prev(E) appears in an ensures clause or a signals clause (i.e., the postcondition of the updated version), E should be evaluated in the post-state of the previous version (i.e., (σ1r , hr1)). Meanwhile, if it appears in a requires clause (i.e., the precondition of the updated version), E should be evaluated in the pre-state of the previous version (i.e., (σ1, h1)). Such a difference is captured in the two topmost rules in Figure 5(c) where notations “ensures ” and “requires ” designate the clause in which a prev expression appears. The cases for the signals clause are omitted because they can be treated identically to the cases for the ensures clause. Notice that a prev expression, regardless of where it appears, makes a context switch from the updated version to the previous version. Such a context switch over a program version made by a prev expression is orthogonal to the old expression’s context switch from a post-state to a pre-state. ( || ⟩ ( || ⟩ ↓ ( || ⟩▶

prev Expression. Our prev expressions can be used in a change contract to refer to the value of the previous version from the context of the updated version. The value of prev(E) is decided depending on where this prev expression appears. If prev(E) appears in an ensures clause or a signals clause (i.e., the postcondition of the updated version), E should be evaluated in the post-state of the previous version (i.e., (σ1r , hr1)). Meanwhile, if it appears in a requires clause (i.e., the precondition of the updated version), E should be evaluated in the pre-state of the previous version (i.e., (σ1, h1)). Such a difference is captured in the two topmost rules in Figure 5(c) where notations “ensures ” and “requires ” designate the clause in which a prev expression appears. The cases for the signals clause are omitted because they can be treated identically to the cases for the ensures clause. Notice that a prev expression, regardless of where it appears, makes a context switch from the updated version to the previous version. Such a context switch over a program version made by a prev expression is orthogonal to the old expression’s context switch from a post-state to a pre-state. ( || ⟩ ) ( || ⟩ ↓ ) ⇓ ( || ⟩▶)€