# include "repexpose.h"
abst abst_create (/*@dependent@*/ abst p, /*@only@*/ char *x, int i)
{
abst a = (abst) malloc (sizeof (struct _abst));
abst b = p;
a->name = x; /* 1. Arrow access from possibly null pointer a */
a->val = i;
a->parent = p; /* [3. exposes rep] */
a->parent = b; /* [4. exposes rep through alias] */
a->parent = p->parent; /* [5, 6. exposes rep] */
a->parent = b->parent; /* 2. Suspect modification of p->parent through alias a->parent */
/* [7, 8. exposes rep through alias] 3. modifies p */
b = a;
a->name = *globstring; /* [9, 10.] exposes rep through global */
b->name = *globstring; /* ??? NO? 3. Suspect modification of *globstring through alias a->name */
/* [11, 12.] exposes rep through global and alias */
return a; /* 4. Storage a->name reachable from return value is kept */
/* 5. Returned storage *a contains 1 undefined field: im */
/* 6. Storage *globstring reachable from global is kept */
}
/*@only@*/ char *abst_name (abst a)
{
return a->name; /* 7. Released storage a->name reachable from parameter */
/* [15, 16.] reference to parameter, exposes rep */
}
int abst_val (abst a)
{
return a->val;
}
int *abst_aval(abst a)
{
return (&(a->val)); /* 9. [17, 18] reference to parameter, exposes rep */
}
abst abst_parent (abst a)
{
abst b = a;
if (TRUE) return b; /* [19] reference to parameter a */
else return b->parent; /* 8. Dependent storage b->parent returned as only */
/* 9. Only storage a not released before return */
}
/*@dependent@*/ char *immut_name (immut im)
{
return (im->name); /* 10. Only storage im->name returned as dependent: (im->name) */
/* [23, 24] exposes rep, reference to parameter */
}
void abst_setIm (abst a, immut im)
{
a->im = im; /* 11. Suspect modification of a->im: a->im = im */
/* 13. [25] modifies a, NO rep exposure since it is immutable! */
}
immut abst_getIm (abst a)
{
return (a->im); /* NO rep exposure since it is immutable */
}
syntax highlighted by Code2HTML, v. 0.9.1