well you are absolutely right! i tried to say something about the division ofthe array but maybe it is unnecessary ,
after thinking again i got this :
http://rise4fun.com/Dafny/JmTK
after thinking again i got this :
method product(a: array<int>, key: int) returns (p: int)
requires a != null
ensures p == RecursivePositiveProduct(a, 0)
{
// Introduce local variable (6.1)
var i : nat;
assert RecursivePositiveProduct(a,a.Length)==1 ;
p, i := 1,a.Length;
assert p == RecursivePositiveProduct(a,i) ;
// iteration (5.5)
while (i > 0)
invariant i <= a.Length && p == RecursivePositiveProduct(a,i)
invariant p>=0;
decreases i;
{
p, i := Product1(p, a, i);
}
// Strengthen post condition (1.1)
assert i ==0 && p == RecursivePositiveProduct(a,i) ;
}
method Product1(p0 : nat, a: array<int>, i0 : nat) returns (p : nat, i : nat)
requires a!=null;
requires 0 <i0 <=a.Length && p0 == RecursivePositiveProduct(a,i0) ;
ensures i ==i0-1 && p == RecursivePositiveProduct(a,i) ;
{
p, i := p0, i0;
assert a[i] <= 0 ==> p0 == RecursivePositiveProduct(a,i) ;
assert a[i] > 0 ==> a[i]*p0 == RecursivePositiveProduct(a,i) ;
if {
case(a[i] > 0) =>
p := p0 * a[i];
case (a[i] <= 0) =>
// Skip command (3.2)
}
i := i0 - 1;
}
http://rise4fun.com/Dafny/JmTK