formal-verification

问题 I have an array line that has a string contained in it of length l , pat is another array that has a string contained in it of length p . Note: p and l are not the length of the arrays The objective is to see if the string contained in pat exists in line . If so, this method should return the index in line of the first letter of the word, if not it should return -1 . The invariants that are giving us the "no terms found to trigger on" errors are ensures exists j :: ( 0<= j < l) && j == pos;

问题 I have an array line that has a string contained in it of length l , pat is another array that has a string contained in it of length p . Note: p and l are not the length of the arrays The objective is to see if the string contained in pat exists in line . If so, this method should return the index in line of the first letter of the word, if not it should return -1 . The invariants that are giving us the "no terms found to trigger on" errors are ensures exists j :: ( 0<= j < l) && j == pos;

问题 run into a problem with VST(Verified Software Toolchain) 2.5v library for Coq 8.10.1: Got an error with the latest working commit of VST namely " Internal structure copying is not supported ". Minimal example: struct foo {unsigned int a;}; struct foo f() { struct foo q; return q; } On starting proof got an error: Error: Tactic failure: The expression (_q)%expr contains internal structure-copying, a feature of C not currently supported in Verifiable C (level 97). This is due to the check

问题 run into a problem with VST(Verified Software Toolchain) 2.5v library for Coq 8.10.1: Got an error with the latest working commit of VST namely " Internal structure copying is not supported ". Minimal example: struct foo {unsigned int a;}; struct foo f() { struct foo q; return q; } On starting proof got an error: Error: Tactic failure: The expression (_q)%expr contains internal structure-copying, a feature of C not currently supported in Verifiable C (level 97). This is due to the check

问题 As the title asks, I wish for an example where: Section Question: Definition A: Prop := <whatever you like>. Definition B:Prop := <whatever you like>. Definition/Inductive/Fixpoint P: Prop -> Type := <whatever you like>. Theorem AEquivB: A <-> B. Proof. <supply proof here>. Qed. (* Question 1. can we pick a P, A, B to prove this? *) Theorem PA_not_equals_Pb: P A <> P B. Proof. <supply proof here>. Qed. (* Question 1.5. can we pick a P, A, B to prove this? *) Theorem PA_not_equiv_PB: ~(P A <->

问题 As the title asks, I wish for an example where: Section Question: Definition A: Prop := <whatever you like>. Definition B:Prop := <whatever you like>. Definition/Inductive/Fixpoint P: Prop -> Type := <whatever you like>. Theorem AEquivB: A <-> B. Proof. <supply proof here>. Qed. (* Question 1. can we pick a P, A, B to prove this? *) Theorem PA_not_equals_Pb: P A <> P B. Proof. <supply proof here>. Qed. (* Question 1.5. can we pick a P, A, B to prove this? *) Theorem PA_not_equiv_PB: ~(P A <->

问题 As the title asks, I wish for an example where: Section Question: Definition A: Prop := <whatever you like>. Definition B:Prop := <whatever you like>. Definition/Inductive/Fixpoint P: Prop -> Type := <whatever you like>. Theorem AEquivB: A <-> B. Proof. <supply proof here>. Qed. (* Question 1. can we pick a P, A, B to prove this? *) Theorem PA_not_equals_Pb: P A <> P B. Proof. <supply proof here>. Qed. (* Question 1.5. can we pick a P, A, B to prove this? *) Theorem PA_not_equiv_PB: ~(P A <->

问题 I was wondering if the following algorithm to check if a point is inside a rectangle is valid. I've developed it using my own intuition (no strong trig/math basis to support it), so I'd love to hear from someone with more experience in the matter. Context: The rectangle is defined with 4 points. It could be rotated. Coordinates are always positive. By definition, the point is considered inside the rectangle if intersects it. Hypothesis: Use the distance between the point and the rectangle

问题 I'm working with Stainless, a software verifier for Scala programs. I would like to debug the verification process of a sample programme on Intellij Idea. On a previous post, I solved this integration problem for an interactive theorem prover. But now, I'm facing two problems: Apparently, the verification software runs at compile time. That is, I enter in the sbt console and run the compile command and then the verification process seems to be done. You may try this with this verified example

问题 I am a newbie user of Frama-C and have a few questions regarding assertions over pointers. Consider the C fragment below involving: two related data structures Data and Handle, s.t. Handle has a pointer to Data; a 'state' field in Data indicating whether some hypothetical operation has completed three functions: init(), start_operation() and wait(); a main() function using the above, and containing 6 assertions (A1-A6) Now, why is it that A5 and A6 cannot be asserted with the WP verifier (