/*
   CS:5810 Formal Methods in Software Engineering
   Fall 2015
   The University of Iowa
   
   Instructor: Cesare Tinelli

   Credits: Example from Dafny tutorial
*/


method Find(a: array<int>, key: int) returns (index: int)
   requires a != null;
   // if index is non-negative then 
   ensures 0 <= index ==> ( // it is smaller than the length of a
                            index < a.Length && 
                            // the key is at that position in a
                            a[index] == key && 
                            // index is the smallest position where key appears
                            forall k :: 0 <= k < index ==> a[k] != key
                          );
   // if index is negative then
   ensures index < 0 ==> 
           // a does not contain key
           forall k :: 0 <= k < a.Length ==> a[k] != key;
{
   index := 0;
   while (index < a.Length)
     invariant 0 <= index <= a.Length;
     // key is at none of the positions seen so far
     invariant forall k:int :: 0 <= k < index ==> a[k] != key;
   {
      if (a[index] == key) { return; }
      index := index + 1;
   }
   index := -1;
}