1

I'm writing up a method "Clean" which finds out whether the supplied array is "clean" of a supplied key or has no occurrences of the element in the array. So if there are no occurrences, then it returns true and if there are one of more occurrences, it returns false. Here is my code:

method Clean(a: array<int>, key: int) returns(clean: bool)
ensures clean == false ==> exists k :: 0 <= k < a.Length && a[k]==key
ensures clean == true ==> forall k :: 0<=k<a.Length ==> a[k]!=key
{
    clean:=true;
    var i : int := 0;
    while i < a.Length
    invariant 0 <= i <= a.Length
    invariant forall k:: 0 <= k < i ==> a[k] != key
    {
        if a[i] == key 
        { 
            assert(exists k :: 0 <= k < a.Length && a[k]==key);
            clean := false;
            return; 
        }
        i:=i+1;
    }
    return;
}

method Test()
{
  var find: bool := false;
  var arr1 := new int[5];
  var key : int := 1;

  arr1[0],arr1[1],arr1[2],arr1[3],arr1[4] := 1,2,2,2,3;
  find := Clean(arr1, key);
  assert (find == false);
}

The Clean method produces no errors by itself. But when I create a test function to call Clean, the assert statements for all cases when Clean returns true, but it never holds in the case where Clean returns false and I don't know where it's coming from.

I'm quite new to Dafny so any tips/pointers are greatly appreciated!

Dafneloper
  • 19
  • 2
  • 1
    Similar issue as in https://stackoverflow.com/questions/58315561/how-to-use-exists-quantifier It verifies if you add `assert arr1[0] == key;` after the call to `Clean`. – Matthias Schlaipfer Oct 24 '19 at 16:10
  • You can also strengthen the post-conditions to use `<==>` rather than `==>`, but that doesn't help. Seems to be a problem with handling of existentials and concrete arrays. – redjamjar Oct 30 '19 at 20:28

0 Answers0