New Post: Traits and class invariants
I have a question about how to declare class invariants in traits. I'd like to have trait T declare a method M. When class C extends trait T, class C must implement method M. C's implementation of M...
View ArticleNew Post: Input/Output
I'm appalled that I can't find anything written or discussed about this subject. How on earth is a program supposed to do anything useful without any other interaction with the os than "print"? All...
View ArticleNew Post: Input/Output
The main useful thing I have done with Dafny is prove that particular Programs have particular properties. i.e. create Dafny models of other systems and then prove things about them. So I have never...
View ArticleNew Post: Reads for Function Composition and Map
This is the simplest reads that I have been able to achieve for a function which composes two functions. Because of the ordering beween the reads and requires I have to guard one of the reads clauses...
View ArticleCreated Unassigned: newtype vs sequences [50]
It appears there are some issues with the new numeric types and sequences. As shown in this example:http://rise4fun.com/Dafny/aULtDafny can’t see that an element of a byte sequence should be within a...
View ArticleCreated Unassigned: reads clause fails to recognize previous requires clause....
The following code [fails to compile](http://rise4fun.com/Dafny/Gplys):```class Foo{ var bar:object;}predicate MyPredicate(foo:Foo) requires foo != null; reads foo; requires foo.bar != null; reads...
View ArticleCommented Unassigned: reads clause fails to recognize previous requires...
The following code [fails to compile](http://rise4fun.com/Dafny/Gplys):```class Foo{ var bar:object;}predicate MyPredicate(foo:Foo) requires foo != null; reads foo; requires foo.bar != null; reads...
View ArticleSource code checked in, #4f69df3e3abb
Switched use of List(IToken) in UserDefinedType to NameSegment/ExprDotName, so use the new name resolution machinery that handles modules and type parameters Included some inadvertently left-out test...
View ArticleSource code checked in, #e8649278d36e
Make sure to check that subrange types are not used as type parameters
View ArticleSource code checked in, #486c794f8397
DafnyExtension: Made it use the more advanced on-demand re-verification by default.
View ArticleCommented Unassigned: newtype vs sequences [50]
It appears there are some issues with the new numeric types and sequences. As shown in this example:http://rise4fun.com/Dafny/aULtDafny can’t see that an element of a byte sequence should be within a...
View ArticleCreated Unassigned: Assign-such-that doesn't ensure typedness [52]
The ":|" declaration, when used to declare multiple variables simultaneously, doesn't ensure the typedness ("$Is(...)") of the variables. var path:seq<int>,other:int :| true; assume f(path);...
View ArticleCommented Unassigned: newtype vs sequences [50]
It appears there are some issues with the new numeric types and sequences. As shown in this example:http://rise4fun.com/Dafny/aULtDafny can’t see that an element of a byte sequence should be within a...
View ArticleCommented Unassigned: newtype vs sequences [50]
It appears there are some issues with the new numeric types and sequences. As shown in this example:http://rise4fun.com/Dafny/aULtDafny can’t see that an element of a byte sequence should be within a...
View Article