Dafny rejects a simple postcondition -


below first attempt prove various simple theorems, in case parity. dafny /v. 1.9.9.40414/ verifies adding 2 number yields number not accept either of commented out conditions.

function iseven(a : int) : bool requires >= 0 {     if == 0      true      else if == 1 false      else                iseven(a - 2) }  method check1(a : int) requires >= 0 ensures iseven(a) ==> iseven(a + 2) //ensures iseven(a) ==> iseven(a + a) //ensures iseven(a) ==> iseven(a * a) { }

as have started study wonderful tool, approach or implementation might incorrect. advice appreciated.

there few different things going on here. discuss each of 3 postconditions in turn.

the first , second postconditions

since iseven recursively defined predicate, in general, facts require proofs induction. first post condition simple enough not require induction, why goes through.

your second postcondition require induction proved. dafny has heuristics automatically performing induction, these heuristics invoked in contexts. in particular, dafny attempt induction on "ghost methods" (also called "lemmas").

if add keyword ghost in front of method in check1 (or change method lemma, equivalent), see second postcondition goes through. because dafny's induction heuristic gets invoked , manages complete proof.

the third postcondition

the third postcondition more complex, because involves nonlinear arithmetic. (in other words, involves nontrivial reasoning multiplying 2 variables together.) dafny's underlying solver has trouble reasoning such things, , heuristic proof induction doesn't go through.

a proof a * a if a even

one way prove here. have factored out iseven(a) ==> iseven(a * a) own lemma, called evensquare. have changed require iseven(a) precondition, rather put implication in postcondition. (a similar proof goes through implication instead, using preconditions on lemmas instead of implications idiomatic dafny.)

the proof of evensquare (manual) induction on a. base case handled automatically. in inductive case (the body of if statement), invoke induction hypothesis (ie, make recursive method call evensquare establish (a - 2) * (a - 2) even). assert a * a can written sum of (a - 2) * (a - 2) , offset. assertion dispatched automatically. proof done if can show right hand side of equality even.

to this, know (a - 2) * (a - 2) even, first invoke lemma show offset even, because twice else. finally, invoke 1 last lemma show sum of 2 numbers even.

this completes proof, assuming 2 lemmas.

proofs of 2 lemmas

it remains show twice even, , sum of 2 numbers even. while not trivial, neither complex evensquare.

the lemma evendouble proves twice even. (this in fact stronger version of second postcondition. second postcondition says doubling even number even. in fact, doubling (non-negative, under definition of evenness) number @ even.) proof of evendouble proceeds (manual) induction on a. base case handled automatically. inductive case requires explicitly invoking induction hypothesis.

the lemma evenplus proved automatically dafny's induction heuristic, except trips on bug or other problem causes loop in solver. after little debugging, determined annotation {:induction x} (or {:induction y}, matter) makes proof not loop. these annotations tell dafny's heuristics variable(s) try induct on. default in case, dafny tries induct on both x , y, reason causes solver loop. inducting on either variable alone works. i'm investigating problem further, current solution works.


Comments

Post a Comment

Popular posts from this blog

node.js - Node js - Trying to send POST request, but it is not loading javascript content -

i have been trying send post request website, , has not been loading full site. i guessing problem node js not loading javascript content, executing it. can see javascript in response, though never loads content javascript files producing in html. what mean is, doesn't execute javascript. how make node js code overcome this, , wait the full website load? have tried native code, , "request' module, both producing same errors. if helps, don't need native javascript. modules fine. some code have tried (request module): var options = { method: 'post', uri: 'https://url', formdata: { 'email': 'email', 'prize': '0', 'transactional': 'on' }, headers: { /* 'content-type': 'application/x-www-form-urlencoded' */ // set automatically } }; rp(options) .then(function (body) { console.log(body) }) .catch(function (err) { console.log(err) }); when fetch content...
Read more

javascript - Replicate keyboard event with html button -

i have tried few ways make happen. have javascript pinball game uses keyboard keys controls. converting application touch screen display. workaround, hoping overlay buttons when clicked simulate keyboard strokes. have done research , sounds should work. using jquery v3.2.1 here things have tried far... html element: <input type="button" class="coil"></input> $('.coil').trigger({type: 'keydown', which: 40, keycode: 40}); with this, not errors, nothing happens. var coilkey = $('body').keydown(function(e) { switch (e.keycode) { case 40: break;} }) $('.coil').click(coilkey); this 1 returns error in console... ((jquery.event.special[handleobj.origtype] || (intermediate value)).handle || handleobj.handler).apply not function below javascript game engine handles key listeners... addkeylistener: function (keyandlistener) { this.keylisteners.push(keyandlistener); }, // gi...
Read more

javascript - Web audio api 5.1 surround example not working in firefox -

i've been playing lott lately web audio api on both firefox , chrome. few days ago started experiment surround set. when trying surround audio in web audio api came notice example works fine in chrome v59 not in firefox v54. // create web audio api context var audioctx = new (window.audiocontext || window.webkitaudiocontext)(); audioctx.destination.channelinterpretation = 'discrete'; audioctx.destination.channelcountmode = 'explicit'; audioctx.destination.channelcount = 6; var oscillators = []; var merger = audioctx.createchannelmerger(6); console.log(audioctx.destination, merger); //merger.channelinterpretation = 'discrete'; //merger.channelcountmode = 'explicit'; //merger.channelcount = 6; var addoscilator = function(channel, frequency) { var oscillator = audioctx.createoscillator(); oscillator.frequency.value = frequency; // value in hertz oscillator.connect(merger,0,channel); oscillator.start(); oscillators.push(o...
Read more