Edited Unassigned: forall statement without bound variables causes trigger...
A degenerate form of the `forall` statement is to have an `ensures` clause but no bound variables. For example:```forall ensures P{// proof of P}```Such a statement can be useful as an inline lemma...
View ArticleCommented Unassigned: Error reporting in if-else blocks [119]
The error reporting in if-else blocks is quite confusing. The following snippet is an example of a method were errors are reported "gradually", and in a seemingly arbitrary order.```method...
View ArticleNew Post: Dafny: Verify using invariant and decreases
I am trying to get the below program verified. I mean only to change invariant and decreases statements. How can i do this?? I have tried several possibilities with no success. method Main() { var...
View ArticleNew Post: Dafny: Verify using invariant and decreases
It would be interesting to know some of the other things you tried. It seems that Dafny can't work out that (b==a <==> c==i), so you have to tell it.method Main() { var a:int := 0; var b:int :=...
View ArticleCommented Unassigned: Lit works differently with /noNLarith [120]
Dafny's translation into Boogie performs "lit wrapping": it wraps a function `Lit` (actually, three functions: `Lit`, `LitInt`, and `LitReal`, depending on the type of the argument) around certain...
View ArticleCreated Unassigned: Auto triggers do not consider math operators as...
When the /noNLarith switch is used, Dafny wraps each mathematical operator in a Boogie-level function (e.g.,```INTERmul_boogie()```). Unfortunately, the auto trigger functionality doesn't know this,...
View ArticleEdited Unassigned: Auto triggers do not consider math operators as candidates...
When the /noNLarith switch is used, Dafny wraps each mathematical operator in a Boogie-level function (e.g.,```INTERmul_boogie()```). Unfortunately, the auto trigger functionality doesn't know this,...
View ArticleCommented Unassigned: Error reporting in if-else blocks [119]
The error reporting in if-else blocks is quite confusing. The following snippet is an example of a method were errors are reported "gradually", and in a seemingly arbitrary order.```method...
View ArticleNew Post: Dafny: Verify using invariant and decreases
What about the following then:class Lock { var state:bool; constructor init() modifies this; ensures state == false; { state := false; } method acquireLock() modifies this; ensures state == true; {...
View ArticleNew Post: Dafny: Verify using invariant and decreases
Your Lock class has a strange definition, and the method postconditions do not verify. I guessed a definition which does verify... Roughly, the thing about loop invariants is that the loop invariant of...
View ArticleCommented Unassigned: Auto triggers do not consider math operators as...
When the /noNLarith switch is used, Dafny wraps each mathematical operator in a Boogie-level function (e.g.,```INTERmul_boogie()```). Unfortunately, the auto trigger functionality doesn't know this,...
View ArticleCommented Unassigned: Lit works differently with /noNLarith [120]
Dafny's translation into Boogie performs "lit wrapping": it wraps a function `Lit` (actually, three functions: `Lit`, `LitInt`, and `LitReal`, depending on the type of the argument) around certain...
View ArticleCommented Unassigned: Auto triggers do not consider math operators as...
When the /noNLarith switch is used, Dafny wraps each mathematical operator in a Boogie-level function (e.g.,```INTERmul_boogie()```). Unfortunately, the auto trigger functionality doesn't know this,...
View ArticleEdited Unassigned: Auto-triggers tries to find trigger for empty forall [122]
The following code causes Dafny to issue a spurious warning:method Try (a:int){ forall ensures a == a;{}}The warning is:Warning: /!\ No terms found to trigger on.This warning is spurious because an...
View ArticleClosed Unassigned: Auto-triggers tries to find trigger for empty forall [122]
The following code causes Dafny to issue a spurious warning:method Try (a:int){ forall ensures a == a;{}}The warning is:Warning: /!\ No terms found to trigger on.This warning is spurious because an...
View ArticleEdited Unassigned: Two ensures in an empty forall crashes Dafny due to...
The following code causes Dafny to crash if /autoTriggers:1 is set on the command line:method Try (a:int, b:int, c:int){ forall ensures a * c == a * c; ensures b * c == b * c;{}}Here's the crash...
View ArticleClosed Unassigned: Two ensures in an empty forall crashes Dafny due to...
The following code causes Dafny to crash if /autoTriggers:1 is set on the command line:method Try (a:int, b:int, c:int){ forall ensures a * c == a * c; ensures b * c == b * c;{}}Here's the crash...
View ArticleCreated Unassigned: Dafny crash when same module is imported with two...
The following code causes Dafny to crash:abstract module AbstractModuleA{ type T}abstract module AbstractModuleB{ import opened AMA as AbstractModuleA method Foo(t:T)}abstract module AbstractModuleC...
View ArticleCreated Unassigned: Manually supplied invalid trigger causes crash [126]
Dafny crashes on the following program (and ugly error from the command line, and a "Verification process error" inside Visual Studio). Note that the explicit trigger, `P(0)`, should not be allowed,...
View ArticleCreated Unassigned: Auto-triggers do not consider such-that constructs [127]
The assign-such-that statement and let-such-that expression (alternatively known as the bored-smiley constructs) involve a proof obligation that has an existential quantifier in it. Auto-triggers (that...
View Article