dafny

问题 I'm trying to run a dafny verified version of BFS (from here) My input graph is perfectly fine, but for some reason it fails the pre-condition check. Here is the permalink And for self completeness here is the graph definition + validity conditions class Graph { var adjList : seq<seq<int>>; constructor (adjListInput : seq<seq<int>>) { adjList := adjListInput; } } function ValidGraph(G : Graph) : bool reads G { (forall u :: 0 <= u < |G.adjList| ==> forall v :: 0 <= v < |G.adjList[u]| ==> 0 <=

问题 The Dafny documentation doesn't go through using 'exists' quantifiers. method Main() { assert (exists n: int :: n > 1); } This comes up with an AssertionError 回答1: The following works: predicate dummy(n: int) {true} method Main() { assert dummy(2); assert (exists n : int {:trigger dummy(n)} :: n > 1); } You can replace dummy(2) with dummy(m) for any integer m > 1 . This answer isn't great, since I can't tell you exactly why the above works. However, for more information on triggers you can

问题 I've been looking at some dafny tutorials and couldn't find how to read from (or write to) simple text files. Surely, this has to be possible right? 回答1: I have cooked up a very basic file IO library for Dafny based on code from the Ironfleet project. The library consists of two files: a Dafny file fileio.dfy declaring signatures for various file operations, and a C# file fileionative.cs that implements them. As an example, here is a simple Dafny program that writes the string hello world! to

问题 I've been looking at some dafny tutorials and couldn't find how to read from (or write to) simple text files. Surely, this has to be possible right? 回答1: I have cooked up a very basic file IO library for Dafny based on code from the Ironfleet project. The library consists of two files: a Dafny file fileio.dfy declaring signatures for various file operations, and a C# file fileionative.cs that implements them. As an example, here is a simple Dafny program that writes the string hello world! to

问题 I have the following snippet Dafny code for a tic tac toe game to check if player 1 has a winning row on the board: predicate isWinRowForPlayer1(board: array2<int>) reads board requires board.Length0 == board.Length1 == 3 && isValidBoard(board) { exists i :: 0 <= i < board.Length0 ==> (forall j :: 0 <= j < board.Length1 ==> board[i, j] == 1) } Currently I am getting a /!\ No terms found to trigger on. error on the body of this predicate and all other predicates I have in my program (for

问题 I successfully wrote a verified Dafny program that given an integer array, returns the length of the longest monotone prefix. The permalink is here. I want to be able to examine the SMT file Dafny used, even though there were no errors. I tried various flag options like: $ dafny example_longest_monotone.dfy /useSmtOutputFormat /printModelToFile:smt_file.smt But none seem to work? Am I wrong thinking that there must be some underlying SMT query that returned unsat in the case where Dafny

问题 I'm having a problem with creating an array of objects of a class type I created in dafny. The problem is when initialising a new array of that type I'm getting this error in vscode: unless an initializer is provided for the array elements, a new array of 'Cup' must have empty size This is the code (actually a stripped back version that still illustrates the problem): datatype Drink = WATER | LEMONADE | COFFEE | TEA class Cup { var volume: int var drink_type: Drink var dirty: bool predicate

问题 The question is rather simple: why does the assertion bellow return "assertion violation". method test() { var a := new int[5]; a[0] := 1; a[1] := 1; a[2] := 2; a[3] := 3; a[4] := 3; var b := new int[3]; b[0] := 1; b[1] := 2; b[2] := 3; assert(forall i :: exists j :: ((0 <= i < 5) && (0 <= j < 3)) ==> (a[i] == b[j])); } 回答1: Here's one way to fix it. Add the following assertions before your assertion. assert b[0] == 1; assert b[1] == 2; It seems that under a quantifier can only remember the

问题 Dafny has no problem with this definition of a set intersection function. function method intersection(A: set<int>, B: set<int>): (r: set<int>) { set x | x in A && x in B } But when it comes to union, Dafny complains, "a set comprehension must produce a finite set, but Dafny's heuristics can't figure out how to produce a bounded set of values for 'x'". A and B are finite, and so, clearly the union is, too. function method union(A: set<int>, B: set<int>): (r: set<int>) { set x | x in A || x in

问题 This question was migrated from Software Engineering Stack Exchange because it can be answered on Stack Overflow. Migrated 3 years ago . A very simple multiplication code: method Product1 (m: nat, n: nat) returns (res:nat) ensures res == m * n; { var m1: nat := 0; var n1: nat := 0; res := 0; while (m1 < m) { n1 := 0; while (n1 < n) { res := res + 1; n1 := n1 + 1; } m1 := m1 + 1; } } When I verify it with dafny, it says: Description Line Column 1 A postcondition might not hold on this return