/* * strpbrk */typedef unsigned long size_t;#define UCHAR_MAX 255

1. /*
2.  * strpbrk
3.  */
4.  
5. typedef unsigned long size_t;
6.  
7. #define UCHAR_MAX 255
8.  
9.  
10. /*@
11.   predicate Length_of_str_is{L}(char *s, integer n) =
12.       n >= 0 && \valid(s+(0..n)) && s[n] == 0 &&
13.       \forall integer k ; (0 <= k < n) ==> (s[k] != 0) ;
14.  
15.   axiomatic Length
16.   {
17.     logic integer Length{L}(char *s) reads s[..];
18.  
19.     axiom string_length{L}:
20.        \forall integer n, char *s ; Length_of_str_is(s, n) ==> Length(s) == n ;
21.   }
22.  
23. @*/
24.  
25.  
26. /*@
27.   requires n >= 0;
28.   requires \valid(((char*)dst)+(0..n-1));
29.   requires -128 <= c <= 127;
30.   assigns ((char*)dst)[0..n-1];
31.   ensures \forall integer i; 0 <= i < n ==> ((char*)dst)[i] == c;
32.   ensures \result == dst;
33. @*/
34. void *memset(void* dst, int c, size_t n);
35.  
36.  
37. /*@
38.     requires parity == 0 || parity == 1;
39.     requires \exists integer i; Length_of_str_is(s,i);
40.     requires \exists integer i; Length_of_str_is(map,i);
41.     requires \separated(s+(0..Length(s)), map+(0..Length(map)));
42.     assigns \nothing;
43.     ensures 0 <= \result <= Length(s);
44. @*/
45. size_t __strxspn(const char *s, const char *map, int parity)
46. {
47.     char matchmap[UCHAR_MAX + 1];
48.     size_t n = 0;
49.  
50.     /* Create bitmap */
51.     memset(matchmap, 0, sizeof matchmap);
52.     //@ assert \forall integer k; 0 <= k < UCHAR_MAX + 1 ==> matchmap[k] == 0;
53.  
54.  
55.     //@ ghost int k = 0;
56.     /*@
57.         loop invariant \base_addr(map) == \base_addr(\at(map, Pre));
58.         loop invariant \at(map, Pre) <= map <= \at(map, Pre) + Length(\at(map, Pre));
59.         loop invariant k == map - \at(map,Pre);
60.         loop invariant 0 <= k <= Length(\at(map, Pre));
61.         loop invariant map == \at(map, Pre) + k;
62.         loop invariant \forall integer i; 0 <= i <= 255 ==> (matchmap[i] == 0 || matchmap[i] == 1);
63.         loop invariant \forall integer i; 0 <= i < k ==> \at(map[i], Pre) != 0;
64.         //loop invariant \forall integer i; 0 <= i < k ==> matchmap[(unsigned char)(\at(map[i], Pre))] == 1;
65.         loop assigns map, matchmap[0..255], k;
66.         loop variant Length(\at(map,Pre)) - k;
67.     @*/
68.     while (*map){
69.         matchmap[(unsigned char)*map++] = 1;
70.         //@ ghost k++;
71.     }
72.  
73.     /* Make sure the null character never matches */
74.     matchmap[0] = parity;
75.     // assert BUG: matchmap[0] == parity;
76.  
77.     /* Calculate span length */
78.  
79.     /*@
80.         loop invariant \base_addr(s) == \base_addr(\at(s, Pre));
81.         loop invariant \at(s, Pre) <= s <= \at(s, Pre) + Length(\at(s, Pre));
82.         loop invariant 0 <= n <= Length(\at(s, Pre));
83.         loop invariant s == \at(s, Pre) + n;
84.         loop invariant \forall integer i; 0 <= i < n ==> \at(s[i], Pre) != 0;
85.         //loop invariant \forall integer i; 0 <= i < n ==> matchmap[(unsigned char)(\at(s[i], Pre))] == 1;
86.         loop assigns n, s;
87.         loop variant Length(\at(s, Pre)) - n;
88.     @*/
89.     while (matchmap[(unsigned char)*s++] ^ parity)
90.         n++;
91.  
92.     return n;
93. }