Questions tagged [dafny]

Dafny is a programming language with built-in specification constructs.

Dafny is a compiled language used for functional testing of functional correctness of programs.

485 questions

votes

1 answer

Updating a map with another map in Dafny

I'd like to write the following function in Dafny, which updates a map m1 with all mappings from m2, such that m2 overrides m1: function update_map(m1: map, m2: map): map ensures (forall k :: k in m2 ==> update_map(m1,…

dafny

asked Oct 02 '18 at 14:23

Samuel Gruetter

1,713
12
11

votes

2 answers

In Dafny, can the relationship between integer/natural division and real division be proved?

I would like to prove this: lemma NatDivision(a: nat, b: nat) requires b != 0 ensures a / b == (a as real / b as real).Floor I don't know where to start—this seems almost axiomatic. If I knew what the axioms were, I could work from there, but I…

integer-division dafny

asked May 31 '18 at 14:50

Jason Orendorff

42,793
6
62
96

votes

1 answer

Dafny, no duplicates in an array

in my program I have a sorted predicate. forall i,j :: 0<=i a[i]

z3 verification dafny

asked May 24 '18 at 11:11

Amir-Mousavi

4,273
12
70
123

votes

1 answer

Dafny, post condition does not hold after loop

In the following method, Dafny reports that the postcondition might not hold, even though I am quite sure that it does. method toArrayConvert(s:seq) returns (a:array) requires |s| > 0 ensures |s| == a.Length ensures forall i ::…

verification dafny

asked May 22 '18 at 13:56

Amir-Mousavi

4,273
12
70
123

votes

2 answers

In Dafny, how can I fix the "value does not satisfy the subset constraints of 'nat'" error on division?

This Dafny code: method Div(n: nat, d: nat) returns (q: nat) requires d > 1 { q := n / (d - 1); } produces this error: Dafny 2.1.1.10209 stdin.dfy(4,9): Error: value does not satisfy the subset constraints of 'nat' Dafny program verifier…

integer-division formal-verification dafny

asked May 17 '18 at 15:19

Jason Orendorff

42,793
6
62
96

votes

1 answer

Dafny check map contains value

I have a map like map in dafny and I want to see if it contains some value. Assuming there is not already syntax for this in dafny I have started to create a method for it but am stuck. My code so far is below: method containsValue(m:…

dafny

asked May 11 '18 at 06:01

Jofbr

votes

1 answer

How do I write a clean function in Dafny to get the minimum of a set?

I am trying to write a function to get the minimum of a non-empty set. Here is what I came up with: method minimum(s: set) returns (out: int) requires |s| >= 1 ensures forall t : int :: t in s ==> out <= t { var y :| y in s; if (|s| > 1) { …

dafny

asked May 06 '18 at 03:02

tjhance

votes

1 answer

What is the wrong with my code in dafny?

I try to use dafny to verify the correctness with my qsort function, but idk why there are verified failures about my code. Here is my code: method Testing (a: array) requires a.Length > 0 modifies a { …

dafny

asked Apr 11 '18 at 00:54

Deja vu

votes

1 answer

dafny - puzzling postcondition violation

so I have a class Vertex and class Edge in an implementation of Dijkstra's algorithm that I am trying to complete. it looks like this: class Vertex{ var id : int ; var wfs : int ; var pred: int ; constructor Init() modifies this …

graph-algorithm formal-verification dafny

asked Mar 05 '18 at 04:01

NTDY

votes

1 answer

Why can't Dafny verify certain easy set cardinality and relational propositions?

Here's a simple Dafny program: two line of code and three assertions. method Main() { var S := set s: int | 0 <= s < 50 :: 2 * s; var T := set t | t in S && t < 25; assert |S| == 50; // does not verify assert T…

verification dafny

asked Feb 24 '18 at 14:36

Kevin S

votes

1 answer

Dafny: Using "forall" quantifiers with the "reads" or "modifies" clauses

So I am trying to implement Dijkstra's single source shortest paths algorithm in Dafny based directly on the description of the algorithm in the CLRS algorithms book as part of an undergraduate project. As part of the implementation, I have defined…

arrays algorithm formal-verification dafny

asked Jan 24 '18 at 18:55

NTDY

votes

1 answer

How to avoid decreases and modify violation?

How I can avoid a decreases error, if my index will be not decreases after every iteration? And why I am getting a modify clause on an object and an array, while I am using modify clause on them? class ownerIndexs{ var oi : map; …

automated-tests solidity dafny

asked Dec 30 '17 at 09:40

Jaroxa

votes

1 answer

Simple method to multiply two ints in Dafny with invariant

This Q3 method commutes n0 * m0 by adding m0 to res |n0| times. If n0 is negative, we invert both n0 and m0 as n0*m0 = -n0* -m0 holds. The problem I have is that I don't exactly know what my invariant should look like because invariants need to be…

methods dafny

asked Dec 14 '17 at 14:12

NewbieJava

votes

1 answer

simple method postcondition might not hold

I'm having problems with this simple method in Dafny and I don't know why it doesn't work. Since there are no debugger and I'm new to this language I hope somebody can help. I think the specification is incomplete.. method Q2(x : int, y : int)…

methods dafny

asked Dec 04 '17 at 03:27

NewbieJava

votes

1 answer

Dafny "Call may violate context's modifies clause"

I'm attempting to verify a hashset but I've run into a problem with my insert method. I don't understand why I'm getting the "call may violate context's modifies clause" error when I uncomment the inserts in main. I believe it to be something to do…

dafny

asked Nov 22 '17 at 17:34

DeirdreCleary

Prev 1 2 3

…

32 33 Next