I'd like to be able assert things about the results of Dafny methods
that have side-effects, for example that two methods return the same
thing (see predicate p() in the simple example below). When I try to
do this, Dafny complains that expressions can't invoke methods. I
imagine I could work around this by using only the functional sub-set
of Dafny, but that would be a pain. Is there a more straightforward
way to assert things about methods?
class C {
that have side-effects, for example that two methods return the same
thing (see predicate p() in the simple example below). When I try to
do this, Dafny complains that expressions can't invoke methods. I
imagine I could work around this by using only the functional sub-set
of Dafny, but that would be a pain. Is there a more straightforward
way to assert things about methods?
class C {
var x : int;
ghost method m1(y : int) returns (z : int)
modifies this;
{
x := 0;
return x;
}
ghost method m2(y : int) returns (z : int)
modifies this;
{
x := 0;
return x;
}
predicate p()
{
forall w :: m1(w) == m2(w)
}