dafny

Updating a map with another map in Dafny

有些话、适合烂在心里 提交于 2019-12-14 02:41:49
问题 I'd like to write the following function in Dafny, which updates a map m1 with all mappings from m2 , such that m2 overrides m1 : function update_map<K, V>(m1: map<K, V>, m2: map<K, V>): map<K, V> ensures (forall k :: k in m2 ==> update_map(m1, m2)[k] == m2[k]) && (forall k :: !(k in m2) && k in m1 ==> update_map(m1, m2)[k] == m1[k]) && (forall k :: !(k in m2) && !(k in m1) ==> !(k in update_map(m1, m2))) { map k | (k in m1 || k in m2) :: if k in m2 then m2[k] else m1[k] } I got the following

Loop invariant not strong enough when manipulating (array) fields of this

两盒软妹~` 提交于 2019-12-13 01:54:19
问题 UPDATED Problems on solving some dafny problems, described below with the given class and respective methods. If you need something else please tell me, thank you in advance. Also the link is updated with all this code in rise4fun. class TextEdit { var text:array<char>; //conteúdo var scrap: array<char>; //conteúdo temporariamente guardado para copy/paste var tlen:int; //length di text var slen:int; //length di scrap var at:int; //current position var sellen:int; //length of the selection

Dafny: copy array region method validation

醉酒当歌 提交于 2019-12-12 14:10:01
问题 I am working on a language comparison of several languages created with verification in mind (Whiley, Dafny and Frama-C etc.) I was given this example of a function which copied a region of one array to another array with different placement within the destination array. The specification I came up with looks like this in Dafny: method copy( src: array<int>, sStart: nat, dest: array<int>, dStart: nat, len: nat) returns (r: array<int>) // both arrays cannot be null requires dest != null && src

Invariant set may vary

会有一股神秘感。 提交于 2019-12-11 07:06:38
问题 A method that copies the negative elements of an array of integers into another array has the property that the set of elements in the result is a subset of the elements in the original array, which stays the same during the copy. The problem in the code below is that, as soon as we write something in the result array, Dafny somehow forgets that the original set is unchanged. How to fix this? method copy_neg (a: array<int>, b: array<int>) requires a != null && b != null && a != b requires a

Dafny function, invalid logical expression on while loop

孤街浪徒 提交于 2019-12-11 06:05:33
问题 I am new in Dafny and getting some errors that I can not figure it out. in my Dafny program for insertionSort (the code is here), I do not understand why I get an invalid logical expression on While loop over variable i . while (i < |input|) in the same code at the swapping part ( input[j := b]; input[j-1 := a]; ) also I get expected method call, found expression . According to the tutorial input[j:=b] is replacing index j of seq input with the value of b 回答1: The first error is because you

Dafny reverse lookup map

断了今生、忘了曾经 提交于 2019-12-11 05:26:01
问题 Hi I have a map like map<char,int> and I wish to do a reverse lookup i.e. find a key from a value. Is there any way to do this in Dafny (e.g. map.getKey(value) ) which has not been documented yet? I am thinking that one solution could be to inverse the map so that I could inverse a map<char,int> to map<int,char and then use the normal lookup on the inversed map. I am not sure how to do this but have tried using map table[i] | i in table :: i by map comprehension but this does not work. Please

How to read dafny counterexamples

╄→尐↘猪︶ㄣ 提交于 2019-12-11 04:13:56
问题 I'd like to understand counterexamples produced by Dafny. I'm using the following code as an example: function update_map<K(!new), V>(m1: map<K, V>, m2: map<K, V>): map<K, V> ensures (forall k :: k in m1 || k in m2 ==> k in update_map(m1, m2)) && (forall k :: k in m2 ==> update_map(m1, m2)[k] == m2[k]) && (forall k :: !(k in m2) && k in m1 ==> update_map(m1, m2)[k] == m1[k]) && (forall k :: !(k in m2) && !(k in m1) ==> !(k in update_map(m1, m2))) { map k | k in (m1.Keys + m2.Keys) :: if k in

Modifies clause error on a changed object

别等时光非礼了梦想. 提交于 2019-12-01 22:37:45
问题 How can I state (in Dafny) an " ensures " guarantee that the object returned by a method will be "new", i.e., will not be the same as an object used anywhere else (yet)? The following code shows a minimal example: method newArray(a:array<int>) returns (b:array<int>) requires a != null ensures b != null ensures a != b ensures b.Length == a.Length+1 { b := new int[a.Length+1]; } class Testing { var test : array<int>; method doesnotwork() requires this.test!=null requires this.test.Length > 10;

Modifies clause error on a changed object

为君一笑 提交于 2019-12-01 21:03:19
How can I state (in Dafny) an " ensures " guarantee that the object returned by a method will be "new", i.e., will not be the same as an object used anywhere else (yet)? The following code shows a minimal example: method newArray(a:array<int>) returns (b:array<int>) requires a != null ensures b != null ensures a != b ensures b.Length == a.Length+1 { b := new int[a.Length+1]; } class Testing { var test : array<int>; method doesnotwork() requires this.test!=null requires this.test.Length > 10; modifies this { this.test := newArray(this.test); //change array a with b this.test[3] := 9; //error

Dafny: What does no terms found to trigger on mean?

大憨熊 提交于 2019-11-29 11:56:27
I am getting a warning in Dafny which says that my quantifiers have No terms found to trigger on. What I am trying to do for my code is to find the largest number that has a square value that is less than or equal to the given natural number 'n'. Here is the code I came up with so far: method sqrt(n : nat) returns (r: int) // square less than or equal to n ensures (r * r) <= n // largest number ensures forall i :: 0 <= i < r ==> (i * i) < (r * r) { var i := 0; // increasing number r := 0; while ((i*i) <= n) invariant (r*r) <= n invariant forall k :: 0 <= k < r ==> (k*k) < (r*r) decreases n - i
订阅 dafny