Questions tagged [dafny]

Dafny is a programming language with built-in specification constructs.

Dafny is a compiled language used for functional testing of functional correctness of programs.

485 questions

votes

1 answer

In Dafny can I define a method that maps over sets?

Hi I can define a function: class Node { var next:set ; var name:string; constructor(n:string) { next := {}; name :=n; } } function stringfunSet(nds:set) :set decreases nds reads nds {…

set dafny

asked Aug 20 '20 at 06:28

david streader

votes

1 answer

What are the sources of non-robustness in Dafny proofs?

I occasionally (not frequently, but often enough) see it happen that a proof will be working in Dafny, and then something that appears irrelevant will change (e.g., variable names, function definition that aren't relevant to the proof, and so on)…

z3 dafny boogie

asked Aug 20 '20 at 01:23

tjhance

votes

2 answers

What does the dafny error "type error mismatch (function expects H, got H)" mean?

I am using Dafny 17.2 in VS code type H predicate Pfo(k:H) lemma fo (h:H) ensures forall k:H :: Pfo(k) I cannot understand the error message type mismatch for argument (function expects H, got H) Any help appreciated david Added…

types dafny

asked Aug 09 '20 at 01:01

david streader

votes

1 answer

dafny pre-condition failure

I'm trying to run a dafny verified version of BFS (from here) My input graph is perfectly fine, but for some reason it fails the pre-condition check. Here is the permalink And for self completeness here is the graph definition + validity…

dafny preconditions

asked Aug 05 '20 at 12:22

OrenIshShalom

5,974
9
37
87

votes

1 answer

Proving termination of BFS with Dafny

I'm trying to prove some properties of BFS with dafny, but so far I can't even prove termination. The progression of the algorithm is guaranteed by the fact that once a node is colored false (visited) it will not be colored true again. Still, I am…

breadth-first-search dafny

asked Aug 01 '20 at 07:18

OrenIshShalom

5,974
9
37
87

votes

1 answer

how to prove that turning a set into a sequence and back is an identity in dafny

Hi Relatively new to Dafny and have defined methods set2Seq and seq2Set for conversion between sets and seqs. But can only find how to write a function fseq2Set from sets to sequences. I can not find how to define fseq2Set. As Lemmas can not…

dafny

asked Jul 17 '20 at 21:42

david streader

votes

1 answer

How to define the specification to avoid array's value change with others

method cube_0(c:array?,n:array?,k:array?,m:array?,N:nat) requires c!=null && c.Length>0 requires n!=null && n.Length>0 requires m!=null && m.Length>0 requires k!=null && k.Length>0 requires n[0]

dafny

asked Jul 07 '20 at 16:40

Hongjian Jiang

votes

2 answers

Convert numbers to strings

I am trying to write a function which takes in val:nat, votes: set, N: nat where N is the maximum size of the set, votes, and returns a string which concatenates the val and votes. Example: H(val: 23, votes:{1,3}, N: 3) will return…

dafny

asked Jul 03 '20 at 21:21

Shravan

2,553
2
16
19

votes

1 answer

Dafny: no terms found to trigger on and a consequent assertion error

This is the code that I wrote for a method that returns the maximum of two integers: predicate greater(x: int, a: int, b: int){ (x >= a) && (x >= b) } method Max(a: int, b: int) returns (max: int) ensures max >= a ensures max >= b …

dafny

asked Mar 19 '20 at 07:02

Gaurang Tandon

6,504
11
47
84

votes

1 answer

How to use 'exists' quantifier?

The Dafny documentation doesn't go through using 'exists' quantifiers. method Main() { assert (exists n: int :: n > 1); } This comes up with an AssertionError

dafny

asked Oct 10 '19 at 04:41

Michael Cunanan

votes

1 answer

Dafny - Checking if array value is unique, but forall nested in exists not maintained by loop

I'm checking if some key shows up only once in an array (where b is the the return value), however the following invariant says it isn't maintained by the loop: invariant b <==> exists j | 0 <= j < i :: a[j] == key && forall k | 0 <= k < i && j != k…

dafny

asked Oct 02 '19 at 00:53

Foxx

votes

2 answers

Proving gcd algorithm with Dafny

I'm trying to prove the gcd algorithm with Dafny and it's apparently not that simple. What I have so far (not much indeed) is a functional specification, and Dafny manages to prove that compute_gcd behaves like it. However, when I remove the…

greatest-common-divisor dafny

asked Jun 25 '19 at 09:12

OrenIshShalom

5,974
9
37
87

votes

1 answer

Dafny fails to prove max element in integer array

I'm trying to prove a simple program in Dafny that finds the maximum element of an integer array. Dafny succeeds in a few seconds proving the program below. When I remove the comments from the last two ensures specifications, Dafny fires error…

specifications dafny loop-invariant

asked Jun 02 '19 at 08:04

OrenIshShalom

5,974
9
37
87

votes

1 answer

Dafny loop invariant not mantained by th loop

i have to create the pre and pos conditions for the method insert of a heap class, the heap as to be a minHeap and has to be completed, my invariant has an error that says: "this loop invariant might not be maintained by the loop." class Heap…

dafny

asked Nov 25 '18 at 14:33

Yes it's me

votes

1 answer

How to read dafny counterexamples

I'd like to understand counterexamples produced by Dafny. I'm using the following code as an example: function update_map(m1: map, m2: map): map ensures (forall k :: k in m1 || k in m2 ==> k in update_map(m1, m2)) && …

dafny boogie

asked Oct 03 '18 at 01:54

Samuel Gruetter

1,713
12
11

Prev 1 2 3

…

32 33 Next