jiplucap
Reputation: 164
Trick to check a forall with no triggers
In the first example the trick for checking a forall with no triggers works, but in the second the same idea does not work.
Example 1: This program is intentionally complicated to prevent Dafny generates triggers.
predicate Q (x:int,y:int)
{
x == y
}
function F (j:int,s:seq<int>):int
requires 0 <= j < |s|-1
{
s[j+1]
}
predicate P (s:seq<int>)
{
forall i :: 1 <= i < |s| ==> Q(s[i-1],F(i-1,s))
}
method checkforall (s:seq<int>) returns (b:bool)
requires |s| > 1
ensures b <==> P(s)
{
var j := 1;
b := true;
while j < |s| && Q(s[j-1],F(j-1,s))
invariant 0 <= j <= |s|
invariant b <==> forall i :: 1 <= i < j ==> Q(s[i-1],F(i-1,s))
{
j := j+1;
}
if j < |s| {b := false;}
}
method Main()
{
var s := [0,0,0,0,0];
var b := checkforall(s);
assert b; //Verified
}
´´´
The second example will be in a second post-
Upvotes: 1
Views: 20
Answers (0)
Related Questions
- Understanding Verification Steps in Dafny when Using Recursive Functions
- The same return but one function can not assert values properly, but other don't in Dafny
- why do we use implication instead of conjugation in dafny when describing forall?
- Assertion, forall, and maps: Universal quantifiers does not work with maps
- Dafny - Checking if array value is unique, but forall nested in exists not maintained by loop
- Dafny, triggers in forall assignment
- Dafny check map contains value
- Dafny: Using "forall" quantifiers with the "reads" or "modifies" clauses
- A forall that is invariant but can not be proved
- What does the warning message "Selected triggers ..." mean?