2011-08-24 19:24:58 -05:00
|
|
|
use std;
|
|
|
|
|
|
|
|
|
|
import std::list::*;
|
|
|
|
|
|
2012-01-05 08:35:37 -06:00
|
|
|
pure fn pure_length_go<T: copy>(ls: list<T>, acc: uint) -> uint {
|
2011-09-02 17:34:58 -05:00
|
|
|
alt ls { nil. { acc } cons(_, tl) { pure_length_go(*tl, acc + 1u) } }
|
2011-08-24 19:24:58 -05:00
|
|
|
}
|
|
|
|
|
|
2012-01-05 08:35:37 -06:00
|
|
|
pure fn pure_length<T: copy>(ls: list<T>) -> uint { pure_length_go(ls, 0u) }
|
2011-08-24 19:24:58 -05:00
|
|
|
|
2012-01-05 08:35:37 -06:00
|
|
|
pure fn nonempty_list<T: copy>(ls: list<T>) -> bool { pure_length(ls) > 0u }
|
2011-08-24 19:24:58 -05:00
|
|
|
|
2011-09-02 17:34:58 -05:00
|
|
|
// Of course, the compiler can't take advantage of the
|
|
|
|
|
// knowledge that ls is a cons node. Future work.
|
|
|
|
|
// Also, this is pretty contrived since nonempty_list
|
|
|
|
|
// could be a "tag refinement", if we implement those.
|
2012-01-05 08:35:37 -06:00
|
|
|
fn safe_head<T: copy>(ls: list<T>) : nonempty_list(ls) -> T {
|
2011-12-29 14:24:03 -06:00
|
|
|
check is_not_empty(ls);
|
|
|
|
|
ret head(ls);
|
|
|
|
|
}
|
2011-08-24 19:24:58 -05:00
|
|
|
|
|
|
|
|
fn main() {
|
|
|
|
|
let mylist = cons(@1u, @nil);
|
|
|
|
|
// Again, a way to eliminate such "obvious" checks seems
|
|
|
|
|
// desirable. (Tags could have postconditions.)
|
2011-09-02 17:34:58 -05:00
|
|
|
check (nonempty_list(mylist));
|
|
|
|
|
assert (*safe_head(mylist) == 1u);
|
|
|
|
|
}
|
