Highest Voted 'dafny' Questions

3

votes

3 answers

Dafny: Verification of the most simple array summation does not work. Can somebody explain me why?

When I have three arrays and c[j] := b[h] + a[i]. The verification c[j] == b[h] + a[i] does not work. Can somebody please explain me why? It is assured that all indices are in range and all three arrays are int arrays. Here is my code: method…

arrays addition dafny

asked Dec 04 '22 at 13:49

DaveGlob

33
2

3

votes

1 answer

Why is Dafny thinking that this incorrect algorithm is correct?

The following array reversing code is "proven correct" with Dafny but it clearly isn't correct. What am I doing wrong? A counter example is the array: var a = new int[4] {1,3,5,7}; with the expected result {7,5,3,1} and the actual result…

dafny

asked Aug 27 '22 at 09:49

mbrodersen

787
4
17

3

votes

1 answer

Showing equivalence of two bitvectors

I've been trying to show that two bitvectors are equivalent when all its individual bits are equivalent. In other words, the following statement where a and b are bv64 and BitIsSet is a function extracting the ith bit from the bitvector, and…

dafny

asked Jul 28 '22 at 00:14

Reto Achermann

61
5

3

votes

2 answers

Verifying Account Transfer in Dafny

I'm trying to verify a simple account transfer in Dafny, and this is what I came up with: function sum(items: seq): int decreases |items| { if items == [] then 0 else items[0] + sum(items[1..]) } method transfer(accounts:…

dafny formal-verification

asked May 26 '22 at 21:44

JimW

57
4

3

votes

1 answer

Can I allow preconditions on the argument to a higher-order function in Dafny?

Is there a way to say that a higher-order function permits preconditions on the function it takes as an argument? Here's the concrete situation I'm trying to solve. I wrote this function for filtering items in a seq based on a predicate: function…

dafny

asked Dec 23 '21 at 23:09

josephjnk

338
1
10

3

votes

1 answer

How can I write a Dafny axiom about a function that reads the heap?

Is there a way to encode a function that reads the heap and returns a heap-independent snapshot? This would be very useful for an experiemental encoding I would like to develop. For example, I tried writing a Dafny function called edges that I plan…

dafny

asked Oct 04 '19 at 10:30

Arshavir Ter-Gabrielyan

41
3

3

votes

1 answer

Asserting about the return value of a method involving sequences

I'm a beginner with Dafny, and I'm wondering why the assertion just before the print in the Main method is violated. I'm trying to find the rightmost index where an item should be inserted in order to preserve the order in the sequence, which in…

seq formal-verification dafny

asked May 23 '19 at 18:08

lilezek

6,976
1
27
45

3

votes

1 answer

What are triggers in Dafny/Boogie?

I have been limping along in Dafny without understanding triggers. Perhaps as a result, the programs I write seem to give the verifier a hard time. Sometimes I spend tons of time fiddling with my proof, trying to convince Dafny/Boogie that it's…

quantifiers dafny boogie

asked Jun 03 '18 at 16:44

Jason Orendorff

42,793
6
62
96

3

votes

1 answer

Dafny, triggers in forall assignment

in my method that converts a sequence to an array, I get a recommendation by debugger of dafny for VSCode that I can not understand what it is. method toArrayConvert(s:seq) returns(res:array) requires |s|>0; ensures |s| ==…

dafny

asked May 22 '18 at 12:10

Amir-Mousavi

4,273
12
70
123

3

votes

1 answer

Specifying modification of part of an array in Dafny

I am writing a partition method in Dafny as part of a quicksort implementation, and I want to specify that this method only modifies part of the backing array. Here is the header for my method: method partitionSegment (a : array, first : int,…

dafny

asked Mar 31 '18 at 16:18

Rance Cleaveland

33
3

3

votes

1 answer

Show loopy eveness in Dafny

This is the code I’m trying to prove: function rec_even(a: nat) : bool requires a >= 0; { if a == 0 then true else if a == 1 then false else rec_even(a - 2) } method Even(key: int) returns (res: bool) requires key >=…

formal-verification dafny

asked Mar 17 '18 at 02:59

rausted

951
5
21

3

votes

1 answer

What are real numbers in Dafny?

What are real numbers in Dafny. Are they represented as IEEE 754-2008 floating point numbers? If not, then what are they? I.e., what is the specification of the real type in Dafny?

dafny

asked Jan 29 '18 at 20:30

Kevin S

497
2
10

3

votes

1 answer

Different "sorted" predicates should be equivalent in Dafny

According to Automating Induction with an SMT Solver the following should work on Dafny: ghost method AdjacentImpliesTransitive(s: seq) requires ∀ i • 1 ≤ i < |s| ==> s[i-1] ≤ s[i]; ensures ∀ i,j {:induction j} • 0 ≤ i < j < |s| ==> s[i] ≤…

theorem-proving induction dafny

asked Jan 18 '18 at 22:37

fulem

43
6

3

votes

1 answer

Modifies clause error on a changed object

How can I state (in Dafny) an "ensures" guarantee that the object returned by a method will be "new", i.e., will not be the same as an object used anywhere else (yet)? The following code shows a minimal example: method newArray(a:array) returns…

automated-tests verification solidity dafny

asked Dec 01 '17 at 09:57

Jaroxa

75
6

3

votes

1 answer

Dafny - Substring implementation

Im trying to write a simple verified implementation of the substring method. My method accepts 2 strings and checks whether str2 is in str1. Im trying to figure out firstly why my invairant doesnt hold - Dafny marks that the invariant might not hold…

substring verification proof dafny

asked Dec 30 '16 at 13:57

vito

323
1
10

Questions tagged [dafny]