I'm working on how to use dafny to verify an insertion sort using "swap" adjacent elements but I can't find a reasonable invariant for the while loop, can anyone help me fix it? Here is the link: http://rise4fun.com/Dafny/wmYME
Asked
Active
Viewed 712 times
0
-
problem invariant is in line 19 – Lilac Liu May 19 '17 at 02:04
1 Answers
0
There are a few problems here.
First, your inner loop is not correct, because the temp variable is never updated. I recommend removing temp and using the loop condition down >= 0 && a[down+1] < a[down] instead.
Second, you have several issues with the inner loop invariant being ill formed (index out of range, violating precondition of sorted). However, instead of fixing these, I recommend throwing out both inner loop invariants and trying again.
My preferred invariant for the inner loop of insertion sort is "a[0..up+1] is sorted except possibly at down + 1". You can state this as
invariant forall j,k | 0 <= j < k < up+1 && k != down+1 :: a[j]<=a[k]
The resulting file verifies.
James Wilcox
- 5,307
- 16
- 25