typedef struct stack { int capacity; int size; int *elems;} Stack;/*

1. typedef struct stack {
2. int capacity;
3. int size;
4. int *elems;
5. } Stack;
6.  
7. /*@
8. requires \valid(st);
9. requires \separated(st, (st->elems)+(0..st->capacity-1));
10. requires \valid(st->elems+(0..st->capacity-1)); // eg: stack of size 50 is defined form 0 to 49
11. requires 0 <= st->size < st->capacity; // cant push if stack is full
12. assigns st->elems[st->size], st->size;
13. ensures \at(st->size, Here) == \at(st->size, Old) + 1;
14. ensures st->elems[\old(st->size)] == x;
15. ensures st->elems[\at(st->size, Here) - 1] == x;
16. //ensures substack{Old,Here}(st);
17. @*/
18. void push (Stack *st, int x){
19.  
20. //@ assert 0 <= st->size < st->capacity;
21. //@ assert 0 <= st->capacity;
22. //@ assert \at(st->size, Here) == \at(st->size, Pre);
23. st->elems[st->size] = x;
24. //@ assert HELPER: \at(st->size,Here) == \at(st->size, Pre);
25. //@ assert HELPER2: st->elems[\at(st->size, Pre)] == x;
26. //@ assert BOUND: 0 <= st->size < st->capacity;
27. //@ assert 0 <= st->capacity;
28. //@ assert \at(st->size, Here) == \at(st->size, Pre);
29. st->size++;
30. //@ assert 0 <= st->size <= st->capacity;
31. //@ assert 0 <= st->capacity;
32. //@ assert \at(st->size, Here) == \at(st->size, Pre) + 1;
33.  
34. }