Cab Dafny use an imported ADT in a match command

Question

Hi I am running into time out problems and am trying to decompose my file into different modules on the hope that a verified module will not have to be reverified, in VS code, when working on a module that imports it. If any one knows if this is a reasonable way to avoid time out problems I would like to hear.

But the more basic problem I found is that once I import an ADT I can make use of in in if statements but not in match statements. See code below for an example. Any ideas on what I am doing wrong?

module inner {
    datatype Twee = Node(value : int, left : Twee, right : Twee) | Leaf
    function rot(t:Twee) :Twee
  {
    match t 
       case Leaf => t 
       case Node(v,l,r) => Node(v,r,l)
  }
}
module outer {
import TL = inner 
function workingIf(t:TL.Twee) :TL.Twee
  { if (t == TL.Leaf) then TL.Leaf else t }  
function failingMatch(t:TL.Twee) :TL.Twee
  {
    match t 
       case TL.Leaf => t  // error "darrow expected"
       case TL.Node(v,l,r) => TL.Node(v,r,l)
 }  
}

david streader · Answer 1 · 2020-09-22T03:21:31.957

0

Sorry for asking the question - the following worked.

function failingMatch(t:TL.Twee) :TL.Twee
  {
    match t 
       case Leaf => t  
       case Node(v,l,r) => TL.Node(v,r,l)
 }

Well that worked but the following failed

function rotateLeft(t:TL.Twee) :TL.Twee
  {
    match t 
       case Leaf => t 
       case Node(v,Leaf,r) => TL.Node(v,TL.Leaf,r)
       case Node(v,Node(vl,ll,rl),r) => TL.Node(vl,ll,TL.Node(v,rl,r))       
  }

edited Sep 22 '20 at 03:21

answered Sep 22 '20 at 02:59

david streader

589
2
7

Both of these work for me. What's the problem with the second? – Rustan Leino Sep 23 '20 at 17:40

score 0 · Answer 2 · answered Sep 22 '20 at 23:14

The answer to the first question was given by James Wilcox and can be found in What are the relationships among imports, includes, and verification in Dafny? but for convienience I repeat below:

"import has no direct influence on whether the imported module is verified or not. Modules in other files will not be verified unless their file is listed on the command line. Modules in the current file are always verified (whether or not they are imported by anyone)."

The main question I have raised in https://github.com/dafny-lang/dafny/issues/870

Many thanks to everyone - teaching how to use Dafny with out stack overflow would be so much harder.

score 0 · Answer 3 · answered Sep 23 '20 at 17:45

Somewhat oddly, the constructor names that follow each case keyword are expected to be unqualified. They are looked up in the type of the expression that follows the match. It's quirky that qualified names are not allowed, and this is likely something that will be corrected in the future (I thought there was a Dafny issue on github about this, but I can't find it).

Cab Dafny use an imported ADT in a match command

3 Answers3