New Post: do-while loops
You can use implication in loop invariants as a way to distinguish the behaviour of different loop iterations. In this case we need to distinguish that the first loop iteration is always executed but...
View ArticleNew Post: do-while loops
Thanks, that works nicely. It also works without the two assert commands. I still prefer the use of break, since it didn't require any new variables or invariants.
View ArticleCommented Unassigned: Assertion violation - induction hypothesis [173]
Please, some help with the following assertion violationhttp://rise4fun.com/Dafny/cLnNLComments: http://rise4fun.com/Dafny/jsv2 In this case the induction hypothesis does not should be applied, but...
View ArticleCommented Unassigned: Assertion violation - induction hypothesis [173]
Please, some help with the following assertion violationhttp://rise4fun.com/Dafny/cLnNLComments: You can disable automatic induction using an anotation ``` lemma {:induction false}...
View ArticleCommented Unassigned: Assertion violation - induction hypothesis [173]
Please, some help with the following assertion violationhttp://rise4fun.com/Dafny/cLnNLComments: My guess is that the proof being constructed goes something like this: http://rise4fun.com/Dafny/0FG7...
View ArticleCommented Unassigned: Assertion violation - induction hypothesis [173]
Please, some help with the following assertion violationhttp://rise4fun.com/Dafny/cLnNLComments: Thanks a lot.
View ArticleClik here to view.
New Post: Can the verifier find a model even when the method is correct?
I was under the impression that when Z3 finds a model, it's a model that satisfies the negation of a (the?) verification condition, and that means the negation of the VC is satisfiable, and therefore...
View ArticleCreated Unassigned: termination metric [174]
http://rise4fun.com/Dafny/yLslsWhy the hover text in MVS says only "decreases" for the outermost while?
View ArticleCommented Unassigned: termination metric [174]
http://rise4fun.com/Dafny/yLslsWhy the hover text in MVS says only "decreases" for the outermost while?Comments: I'm sorry I realized now that it is not only the decreases expression, but Dafny is not...
View ArticleCommented Unassigned: Lemmas tutorial: typo and "How Dafny Works" [149]
The [Lemmas tutorial](http://rise4fun.com/Dafny/tutorial/Lemmas) states and proves a "distributive lemma" of the `count` function. However, the lemmas statement is not type correct, because `count`...
View ArticleClosed Unassigned: Lemmas tutorial: typo and "How Dafny Works" [149]
The [Lemmas tutorial](http://rise4fun.com/Dafny/tutorial/Lemmas) states and proves a "distributive lemma" of the `count` function. However, the lemmas statement is not type correct, because `count`...
View ArticleNew Post: Can the verifier find a model even when the method is correct?
Good answers to this question can be found at Stack Exchange http://stackoverflow.com/questions/39937508/z3-model-for-correct-dafny-method . My misundertanding was in thinking that Z3 only produces...
View ArticleNew Post: Dafny's result on VS, Rise4fun and CMD does not match
I have ran into a problem. Some programs get verified when running Dafny version on CMD but then get failed when using Dafny on Rise4fun and Visual Studio (failure reasons are different). Has anyone...
View ArticleNew Post: do-while loops
Just as in Java, you can use break; (without a label name) if you want to break out of the closest enclosing loop. Unlike in Java, you can also repeat the break keyword in order to break out of some...
View ArticleNew Post: VS extension crashes
I have not heard of this bug before. Can you please file it on https://github.com/Microsoft/dafny? You asked if there's a better way to create a .dfy file from within VS. I don't know of a simple way...
View ArticleNew Post: filter_distributes_over_append
Dafny beginner here, and I'm struggling with what I assume is a simple proof. If I define a sequence filtering function as follows: function method filter<T>(xs: seq<T>, pred: T ->...
View ArticleNew Post: filter_distributes_over_append
Had a flash of insight and came up with the following, but to be honest, it feels a bit like write-only code. Any suggestions for making this proof clearer? lemma append_associative<T>(xs:...
View ArticleNew Post: inductive predicates
I guess that Dafny syntax doesn't allow to declare auxiliary variables in the body of inductive predicates, does it? why?
View ArticleNew Post: Comparing strings by (in)equality doesn't work
Fixed (GitHub Issue #76). Thanks for the bug report. Rustan
View Article