Highest Voted 'dafny' Questions

0

votes

1 answer

writing inductive lemmas in dafny

I'd like to prove the following in dafny: function append(xs: seq) : seq { if |xs| == 0 then [] else [xs[0]] + append(xs[1..]) } method test(o:seq, xs: seq, i:int) requires 0 <= i < |xs| { if o == append(xs[..i]) …

z3 dafny

asked Feb 05 '19 at 03:18

JRR

6,014
6
39
59

0

votes

1 answer

missing invariant in dafny code involving sequences

I am wondering if there is a reason why dafny is unable to verify my program? https://rise4fun.com/Dafny/Ip1s Am I missing some additional invariant?

dafny

asked Jan 19 '19 at 07:22

JRR

6,014
6
39
59

0

votes

1 answer

Dafny program can't prove this binary search implementation?

We are trying to write a binary search algorithm using Dafny and it seems that Dafny doesn't prove the correctness of the program. can someone please assist? These are the errors we are getting: On INV: This loop invariant might not be maintained by…

dafny

asked Dec 17 '18 at 14:54

Orr Levy

11
2

0

votes

1 answer

How can I cast a value into two bytes in Dafny?

I want to convert an integer from 0 to 65355 and for that I need a two byte representation. I'm trying to divide it by 2, 8 times, and sum the powers of 2 when the rest is one, and then cast that integer as a byte but I'm having problems meeting the…

dafny

asked Dec 12 '18 at 13:49

user6057404

1

0

votes

2 answers

Missing assembly reference when using class

I have the following code class clazz { constructor {:axiom} () requires true method su(x: int, y:int) returns (r: int) { r := x + y; } } method {:main} Main() { var c := new clazz(); var s := c.su(2,3); …

dafny

asked Dec 03 '18 at 19:07

Rui Maranhao

23
3

0

votes

1 answer

How do I make a fuel annotation for a templated function?

I would like to write Dafny some code with fuel annotations, like the following: predicate {:fuel 0,0} eq(x: A, y: A) { x == y } lemma {:fuel eq,1,2} reflexive (x: A) ensures eq(x, x) { } Unfortunately, I get an error…

dafny

asked Nov 21 '18 at 01:14

tjhance

961
1
7
14

0

votes

0 answers

Induction hypothesis and the operator %

In the program https://rise4fun.com/Dafny/tlpls Dafny is not able to infer the induction hypothesis from the recursive call to the lemma. Moreover, what is more surprising is in MVS, if you change assert by assume, and again by assert, then the…

operator-keyword induction dafny

asked Sep 13 '18 at 15:28

jiplucap

155
7

0

votes

0 answers

Dafny installation on openSUSE leap 15.0

I am trying to install dafny on my laptop, which runs openSUSE leap 15.0 as OS. Since there is no openSUSE version on https://github.com/Microsoft/dafny/releases I hoped that dafny-2.1.1.10209-x64-ubuntu-14.04.zip might do the trick. But, it did…

dafny

asked Aug 28 '18 at 21:12

PHS

1
1

0

votes

2 answers

Polymorphism in Dafny

I am trying to do polymorphism in Dafny but I can't make it work. I didn't find any documentation to help me with this. Here is the code: https://rise4fun.com/Dafny/uQ1w trait Atom { var Leaf? : bool; } class Leaf extends Atom { constructor()…

polymorphism dafny

asked Jul 17 '18 at 11:06

Andrici Cezar

603
1
9
15

0

votes

1 answer

In Dafny, how can a method of one object modify another object?

This Dafny code fails to compile: class Inner { method m1() modifies this {} } class Outer { var inner: Inner constructor(rvec: Inner) { inner := rvec; } method m2() modifies this, this.inner { var i := 0; while i < 3 { …

dafny

asked Jul 16 '18 at 15:18

Jason Orendorff

42,793
6
62
96

0

votes

1 answer

Modifying method parameters

Is it possible to annotate Dafny method parameters as mutable, without them being objects? My goal is to be able to verify method testMethod(a:int, b:int) returns (res :int) { res :=0; a := (a - b); assert a < (a-b); } Ignoring the fact this…

dafny

asked Jul 04 '18 at 11:01

Daniel Goldberg

19,908
4
21
29

0

votes

0 answers

Unstable long calculations

Trying to use Dafny as a CAS to check that some algebraic calculations are correct. Dafny does a good job, except that it gets unstable for longer ones, failing to verify some very easy steps even when spoon-fed. calc == { // a dozen lines... k…

dafny

asked Jun 24 '18 at 07:06

Valéry

4,574
1
14
25

0

votes

1 answer

Dafny export clause in a module

module A { export S reveals f export M provides g function f (x:int):int {x+1} function g (x:int):int {x-1} } module B { import opened A`{S,M} //export K reveals k //export K provides k function k…

module export dafny

asked Jun 20 '18 at 18:05

jiplucap

155
7

0

votes

1 answer

Dafny selection sort descending

I have the following method for performing selection sort in descending order. However, the very first invariant in the while loop is said to be not maintained by the loop, why is that the case? method sortDesc (a : array) modifies…

arrays selection-sort dafny

asked May 24 '18 at 10:07

Sreten Jocić

165
1
14

0

votes

1 answer

Using :| in functional code -- recursion on sets

How might one recurse over a set, S, in Dafny when writing pure functional code? I can use :| in imperative code, having checked for non-emptiness, to select an element, s, then recurse on S - {s}. Not quite sure how to make :| deterministic and use…

dafny

asked May 07 '18 at 01:34

Kevin S

497
2
10

Questions tagged [dafny]