dafny | Dafny is a verification-aware programming language | Runtime Evironment library
kandi X-RAY | dafny Summary
kandi X-RAY | dafny Summary
The easiest way to try out Dafny is to install Dafny on your own machine in Visual Studio Code and follow along with the Dafny tutorial. You can also download and install the Dafny CLI if you prefer to work from the command line.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of dafny
dafny Key Features
dafny Examples and Code Snippets
Community Discussions
Trending Discussions on dafny
QUESTION
Background: I am trying to write parser combinators in Dafny. This requires working on very long lists which I do not want to fully compute unless they are needed, so I am using an IList instead of a seq in order to simulate lazy evaluation. The problem which I am having is that I cannot find a way to express an equivalent to forall x in sequence when working with ILists.
I'm defining IList in the same way as Dafny's documentation and tests:
ANSWER
Answered 2021-Dec-28 at 05:25Problem here is greatest predicate (IListForall) is not proved for function (container: Container) => Container(fn(container.value)). This is trivial to prove
QUESTION
I am going through the Dafny online tutorial (https://dafny-lang.github.io/dafny/OnlineTutorial/guide). Right after Exercise, it mentioned that functions can only appear in annotations. Thus, one cannot write:
...ANSWER
Answered 2021-Dec-14 at 07:16The tutorial is slightly out of date. Thank you for reporting it. I have filed an issue on GitHub to update the tutorial and fix this.
Here is an explanation of what's going on.
As you have learned in the tutorial, Dafny makes a strong distinction between "specification contexts" (such as requires/ensures clauses, assert statements, and other annotations) and "real code" (any method that is not declared ghost). Certain features of Dafny are only available in specification contexts.
In older versions of Dafny, the user had to explicitly declare each variable to be ghost in a method if they wanted that variable to have access to specification-context-only features.
In modern Dafny, if the right-hand side of a variable assignment requires a specification context, then the variable is automatically declared ghost.
Thus, in Exercise 5, the code works fine because c is automatically declared ghost by Dafny. Since c is only used inside an assertion, everything is fine.
In Exercise 6, you are trying to return abs from the method. This is not inside an annotation but is instead "real code". (We might want to compile and run it!) Since y is the return parameter for Abs, it is not a ghost variable, since its value must exist at run time. So when you assign y := abs(x), the right-hand side of the assignment is in a "real code" context, where it is not allowed to call functions like abs.
The fix for Exercise 6 is to declare abs a function method.
QUESTION
I'm studying for my Dafny exam and I can't think of an invariant that is strong enough to solve this problem.
...ANSWER
Answered 2021-Dec-06 at 06:57The invariants are not the problem, it's the postcondition (thanks @JamesWilcox)
QUESTION
I have never felt so woefully inadequate as I am when trying to prove to Dafny that my program is correct, so I need your help: The given program looks as follows:
...ANSWER
Answered 2021-Nov-30 at 02:11You are running afoul of the curse of nonlinear arithmetic. Any time you rely on nontrivial properties of multiplication, Dafny will have a hard time with your program.
Here is one way to fix your specific proof. Sorry that it is so messy. I'm sure it can be cleaned up, but I just hacked something together to show you the idea.
QUESTION
I am new in Dafny and I try to figure out why this doesn't work. What I want to do is to insert 2 values in my arrays, priorities, respectively values.
I have the following code:
ANSWER
Answered 2021-Nov-19 at 17:54The issue is that Dafny analyzes each method in isolation, using only the specifications of the other methods. See the Dafny FAQ for more information.
You need to add more postconditions to guarantee that certain things aren't changed by insertValues, and you need to also add more postconditions to the constructor so that callers know the initial state. Here is a version that verifies:
QUESTION
I have to write a little BST (binary search tree) class in Dafny.
I begin with Dafny then write a class and an insert method was the easiest part.
I tried multiple time to write a recursive predicate which can check if the tree passed as argument is a BST (without balancing condition, a simple binary tree following the rule left.value < node.value && right.value > node.value).
I found in another StackOverflow post a way to do it passing a function in a predicate and the main recursives check are in the function but it doesn't seem to work.
The error is basically 'A pre-condition for this call might not hold'.
Here is the code:
ANSWER
Answered 2021-Nov-19 at 05:36There are several issues with your code.
(1) What is the purpose of the TreeADT class? In Dafny, classes are usually used to represent mutable objects, but your class has no fields or mutator methods, and you use a datatype to hold the data, so you can just get rid of the class altogether.
(2) Your definition of isBST is wrong. Here is an example:
QUESTION
The following is based off of Secure Foundations's dafny implementation of a Dynamic Array.
I'm trying to create a test method that when calling push_back, invokes extend_buffer. This requires a prefix: calling push_back enough times to fill it up so the next time it's called, the buffer is extended. With a default size of 16, the prefix would consist of calling push_back 15 times. I find that if I make the call 15 times it verifies, but if I instead try to call in a for loop, I get the error call may violate context's modifies clause.
ANSWER
Answered 2021-Nov-18 at 20:14Adding
QUESTION
I am new in dafny and I encountered a problem when working with a set like this one:
var myset : set<(int, int)> := {(1, 10), (2, 20), (3, 20)};
- How can I get first pair into a variable? And then how can I access each value inside this pair?
- How can I add a pair to my myset ?
For arrays is working in this way : myarray[i].0 and myarray[i].1.
ANSWER
Answered 2021-Nov-18 at 20:11Sets are immutable, unordered collections.
There is no such thing as the "first" element of the set. You can choose an arbitrary element like this:
QUESTION
Is there a difference between the following definitions?
...ANSWER
Answered 2021-Nov-01 at 23:17There's not supposed to be any difference between the two. Please report this problem on https://github.com/dafny-lang/dafny/issues.
QUESTION
I'd like to use dafny to prove the following lemma about GCD: For all k natural numbers, if k|a and k|b, then k|gcd(a,b). I have the following code so far:
...ANSWER
Answered 2021-Oct-12 at 10:00There is problem in how divides is being called. I think
in ensures clauses you meant divides(k, a) instead of divides(a, k)
similarly for divides(b, k) and divides(gcd(a, b), k).
One way to go about this after recursive call to dividesLemma(a, b - a) is
to use postcondition of method. Here we know forall k such that k divides a and k divides b - a implies k divides gcd(a, b-a). Using this information we try to prove required postcondition (code or proof is straightforward to follow)
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install dafny
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
