New Post: Funciton calculating sum of modified array
Thank you for your quick and helpful answer. It makes sense. I had considered using ghost variables, but I couldn't think of how. I also had written the Sum function for sequences as you did, but that...
View ArticleCreated Unassigned: Assertion violation - induction hypothesis [173]
Please, some help with the following assertion violationhttp://rise4fun.com/Dafny/cLnNL
View ArticleCommented Unassigned: Assertion violation - induction hypothesis [173]
Please, some help with the following assertion violationhttp://rise4fun.com/Dafny/cLnNLComments: Non-linear arithmetic is not decidable by the underlying SMT solver. So you probably need to give Dafny...
View ArticleNew Post: VS extension crashes
When I create a text file in Visual Studio and then rename it with a .dfy suffix, the Dafny extension throws an exception and stops working as soon as I edit the file. Shutting down and restarting VS...
View ArticleNew Post: do-while loops
Is there a good way to deal with loops that will execute at least once? For example, in the following, the verifier complains that m might not decrease in the outer loop. method divideWithRemainder(x :...
View ArticleNew Post: do-while loops
The answer is embarrassingly simple: label lp: while( true ) invariant 0 <= m invariant p*y + m == x decreases m { p := p + q ; m := m - q*y ; q := 2*q ; if( m >= q*y ) break lp ; } I still like...
View ArticleNew Post: do-while loops
You can use implication in loop invariants as a way to distinguish the behaviour of different loop iterations. In this case we need to distinguish that the first loop iteration is always executed but...
View ArticleNew Post: do-while loops
Thanks, that works nicely. It also works without the two assert commands. I still prefer the use of break, since it didn't require any new variables or invariants.
View ArticleCommented Unassigned: Assertion violation - induction hypothesis [173]
Please, some help with the following assertion violationhttp://rise4fun.com/Dafny/cLnNLComments: http://rise4fun.com/Dafny/jsv2 In this case the induction hypothesis does not should be applied, but...
View ArticleCommented Unassigned: Assertion violation - induction hypothesis [173]
Please, some help with the following assertion violationhttp://rise4fun.com/Dafny/cLnNLComments: You can disable automatic induction using an anotation ``` lemma {:induction false}...
View ArticleCommented Unassigned: Assertion violation - induction hypothesis [173]
Please, some help with the following assertion violationhttp://rise4fun.com/Dafny/cLnNLComments: My guess is that the proof being constructed goes something like this: http://rise4fun.com/Dafny/0FG7...
View ArticleCommented Unassigned: Assertion violation - induction hypothesis [173]
Please, some help with the following assertion violationhttp://rise4fun.com/Dafny/cLnNLComments: Thanks a lot.
View ArticleClik here to view.
New Post: Can the verifier find a model even when the method is correct?
I was under the impression that when Z3 finds a model, it's a model that satisfies the negation of a (the?) verification condition, and that means the negation of the VC is satisfiable, and therefore...
View ArticleCreated Unassigned: termination metric [174]
http://rise4fun.com/Dafny/yLslsWhy the hover text in MVS says only "decreases" for the outermost while?
View ArticleCommented Unassigned: termination metric [174]
http://rise4fun.com/Dafny/yLslsWhy the hover text in MVS says only "decreases" for the outermost while?Comments: I'm sorry I realized now that it is not only the decreases expression, but Dafny is not...
View ArticleCommented Unassigned: Lemmas tutorial: typo and "How Dafny Works" [149]
The [Lemmas tutorial](http://rise4fun.com/Dafny/tutorial/Lemmas) states and proves a "distributive lemma" of the `count` function. However, the lemmas statement is not type correct, because `count`...
View ArticleClosed Unassigned: Lemmas tutorial: typo and "How Dafny Works" [149]
The [Lemmas tutorial](http://rise4fun.com/Dafny/tutorial/Lemmas) states and proves a "distributive lemma" of the `count` function. However, the lemmas statement is not type correct, because `count`...
View ArticleNew Post: Can the verifier find a model even when the method is correct?
Good answers to this question can be found at Stack Exchange http://stackoverflow.com/questions/39937508/z3-model-for-correct-dafny-method . My misundertanding was in thinking that Z3 only produces...
View ArticleNew Post: Dafny's result on VS, Rise4fun and CMD does not match
I have ran into a problem. Some programs get verified when running Dafny version on CMD but then get failed when using Dafny on Rise4fun and Visual Studio (failure reasons are different). Has anyone...
View ArticleNew Post: do-while loops
Just as in Java, you can use break; (without a label name) if you want to break out of the closest enclosing loop. Unlike in Java, you can also repeat the break keyword in order to break out of some...
View Article