-------------------- Simple.dfy -------------------- // Simple.dfy class MyClass { var x: int; method M(s: bool, lotsaObjects: set) returns (t: object, u: set, v: seq>) requires s; modifies this, lotsaObjects; ensures t == t; ensures old(null) != this; { x := 12; while (x < 100) invariant x <= 100; { x := x + 17; if (x % 20 == 3) { x := this.x + 1; } else { this.x := x + 0; } call t, u, v := M(true, lotsaObjects); var to: MyClass; call to, u, v := M(true, lotsaObjects); call to, u, v := to.M(true, lotsaObjects); assert v[x] != null ==> null !in v[2 .. x][1..][5 := v[this.x]][..10]; } } function F(x: int, y: int, h: WildData, k: WildData): WildData { if x < 0 then h else if x == 0 then if if h == k then true else false then h else if y == 0 then k else h else k } } datatype List { Nil; Cons(T, List); } datatype WildData { Something; JustAboutAnything(G, myName: set, int, WildData); More(List); } class C { var w: WildData; var list: List; } Dafny program verifier finished with 0 verified, 0 errors -------------------- BQueue.bpl -------------------- Boogie program verifier finished with 8 verified, 0 errors -------------------- TypeTests.dfy -------------------- TypeTests.dfy(4,13): Error: incorrect type of function argument 0 (expected C, got D) TypeTests.dfy(4,13): Error: incorrect type of function argument 1 (expected D, got C) TypeTests.dfy(5,13): Error: incorrect type of function argument 0 (expected C, got int) TypeTests.dfy(5,13): Error: incorrect type of function argument 1 (expected D, got int) TypeTests.dfy(11,4): Error: incorrect type of method in-parameter 0 (expected int, got bool) TypeTests.dfy(12,4): Error: incorrect type of method out-parameter 0 (expected int, got C) TypeTests.dfy(12,4): Error: incorrect type of method out-parameter 1 (expected C, got int) TypeTests.dfy(20,9): Error: because of cyclic dependencies among constructor argument types, no instances of datatype 'Nothing' can be constructed TypeTests.dfy(23,9): Error: because of cyclic dependencies among constructor argument types, no instances of datatype 'NeverendingList' can be constructed 9 resolution/type errors detected in TypeTests.dfy -------------------- SmallTests.dfy -------------------- SmallTests.dfy(30,7): Error: RHS expression must be well defined Execution trace: (0,0): anon0 SmallTests.dfy(61,36): Error: possible division by zero Execution trace: (0,0): anon10_Then SmallTests.dfy(62,51): Error: possible division by zero Execution trace: (0,0): anon10_Else (0,0): anon3 (0,0): anon11_Else SmallTests.dfy(63,22): Error: target object may be null Execution trace: (0,0): anon10_Then (0,0): anon3 (0,0): anon11_Then (0,0): anon6 SmallTests.dfy(82,20): Error: decreases expression must be well defined at top of each loop iteration Execution trace: (0,0): anon0 SmallTests.dfy(81,5): anon7_LoopHead (0,0): anon7_LoopBody (0,0): anon8_Then SmallTests.dfy(95,5): Error: call may violate caller's modifies clause Execution trace: (0,0): anon0 (0,0): anon4_Else (0,0): anon3 SmallTests.dfy(108,7): Error: call may violate caller's modifies clause Execution trace: (0,0): anon0 (0,0): anon3_Then SmallTests.dfy(110,7): Error: call may violate caller's modifies clause Execution trace: (0,0): anon0 (0,0): anon3_Else SmallTests.dfy(150,11): Error: foreach assignment may update an object not in the enclosing method's modifies clause Execution trace: (0,0): anon0 (0,0): anon4_Else (0,0): anon3 Dafny program verifier finished with 22 verified, 9 errors -------------------- Definedness.dfy -------------------- Definedness.dfy(8,7): Error: possible division by zero Execution trace: (0,0): anon0 Definedness.dfy(15,16): Error: possible division by zero Execution trace: (0,0): anon0 Definedness.dfy(24,16): Error: target object may be null Execution trace: (0,0): anon0 Definedness.dfy(25,21): Error: target object may be null Execution trace: (0,0): anon0 (0,0): anon3_Then Definedness.dfy(26,17): Error: possible division by zero Execution trace: (0,0): anon0 Definedness.dfy(33,16): Error: target object may be null Execution trace: (0,0): anon0 Definedness.dfy(50,18): Error: target object may be null Execution trace: (0,0): anon0 Definedness.dfy(55,18): Error: target object may be null Execution trace: (0,0): anon0 Definedness.dfy(77,9): Error: LHS expression must be well defined Execution trace: (0,0): anon0 Definedness.dfy(78,12): Error: LHS expression must be well defined Execution trace: (0,0): anon0 Definedness.dfy(79,7): Error: RHS expression must be well defined Execution trace: (0,0): anon0 Definedness.dfy(84,18): Error: assert condition must be well defined Execution trace: (0,0): anon0 Definedness.dfy(85,5): Error: assume condition must be well defined Execution trace: (0,0): anon0 Definedness.dfy(90,16): Error: if guard must be well defined Execution trace: (0,0): anon0 Definedness.dfy(97,19): Error: loop guard must be well defined Execution trace: (0,0): anon0 Definedness.dfy(97,5): anon8_LoopHead (0,0): anon8_LoopBody Definedness.dfy(97,5): anon9_Else (0,0): anon3 Definedness.dfy(106,23): Error: decreases expression must be well defined at top of each loop iteration Execution trace: (0,0): anon0 Definedness.dfy(105,5): anon13_LoopHead (0,0): anon13_LoopBody (0,0): anon14_Then Definedness.dfy(112,17): Error: decreases expression must be well defined at top of each loop iteration Execution trace: (0,0): anon0 Definedness.dfy(105,5): anon13_LoopHead (0,0): anon13_LoopBody Definedness.dfy(105,5): anon14_Else (0,0): anon3 (0,0): anon15_Then (0,0): anon6 Definedness.dfy(111,5): anon16_LoopHead (0,0): anon16_LoopBody (0,0): anon17_Then Definedness.dfy(122,22): Error: loop invariant must be well defined Execution trace: (0,0): anon0 Definedness.dfy(121,5): anon7_LoopHead (0,0): anon7_LoopBody (0,0): anon8_Then Definedness.dfy(122,22): Error BP5004: This loop invariant might not hold on entry. Execution trace: (0,0): anon0 Definedness.dfy(123,17): Error: decreases expression must be well defined at top of each loop iteration Execution trace: (0,0): anon0 Definedness.dfy(121,5): anon7_LoopHead (0,0): anon7_LoopBody (0,0): anon8_Then Definedness.dfy(132,24): Error: loop guard must be well defined Execution trace: (0,0): anon0 Definedness.dfy(132,5): anon7_LoopHead (0,0): anon7_LoopBody Definedness.dfy(132,5): anon8_Else (0,0): anon3 Definedness.dfy(151,24): Error: loop guard must be well defined Execution trace: (0,0): anon0 Definedness.dfy(145,5): anon13_LoopHead (0,0): anon13_LoopBody Definedness.dfy(145,5): anon14_Else (0,0): anon3 (0,0): anon15_Then (0,0): anon6 Definedness.dfy(151,5): anon16_LoopHead (0,0): anon16_LoopBody Definedness.dfy(151,5): anon17_Else (0,0): anon9 Definedness.dfy(172,44): Error: loop invariant must be well defined Execution trace: (0,0): anon0 Definedness.dfy(162,5): anon16_LoopHead (0,0): anon16_LoopBody Definedness.dfy(162,5): anon17_Else (0,0): anon3 (0,0): anon18_Then (0,0): anon6 Definedness.dfy(170,5): anon19_LoopHead (0,0): anon19_LoopBody (0,0): anon20_Then Definedness.dfy(193,21): Error: collection expression must be well defined Execution trace: (0,0): anon0 Definedness.dfy(195,11): Error: foreach assignment may update an object not in the enclosing method's modifies clause Execution trace: (0,0): anon0 Definedness.dfy(197,33): Error: range expression must be well defined Execution trace: (0,0): anon0 Definedness.dfy(203,18): Error: RHS of assignment must be well defined Execution trace: (0,0): anon0 Definedness.dfy(212,23): Error: loop invariant must be well defined Execution trace: (0,0): anon0 Definedness.dfy(210,5): anon7_LoopHead (0,0): anon7_LoopBody (0,0): anon8_Then Definedness.dfy(212,23): Error BP5004: This loop invariant might not hold on entry. Execution trace: (0,0): anon0 Dafny program verifier finished with 21 verified, 29 errors -------------------- Modules0.dfy -------------------- Modules0.dfy(7,8): Error: Duplicate name of top-level declaration: T Modules0.dfy(13,7): Error: module T named among imports does not exist Modules0.dfy(24,7): Error: import graph contains a cycle: H -> I -> J -> G Modules0.dfy(51,6): Error: inter-module calls must follow the module import relation (so module X2 must transitively import YY) Modules0.dfy(62,6): Error: inter-module calls must follow the module import relation (so module X1 must transitively import X2) Modules0.dfy(72,6): Error: inter-module calls must follow the module import relation (so module X0 must transitively import X1) Modules0.dfy(91,4): Error: inter-module calls must follow the module import relation (so module _default must transitively import YY) 7 resolution/type errors detected in Modules0.dfy -------------------- Modules1.dfy -------------------- Modules1.dfy(55,3): Error: decreases expression must be bounded below by 0 Execution trace: (0,0): anon0 Modules1.dfy(61,3): Error: failure to decrease termination measure Execution trace: (0,0): anon0 Dafny program verifier finished with 16 verified, 2 errors -------------------- BadFunction.dfy -------------------- BadFunction.dfy(6,3): Error: failure to decrease termination measure Execution trace: (0,0): anon0 Dafny program verifier finished with 2 verified, 1 error -------------------- Queue.dfy -------------------- Dafny program verifier finished with 22 verified, 0 errors -------------------- ListCopy.dfy -------------------- Dafny program verifier finished with 4 verified, 0 errors -------------------- BinaryTree.dfy -------------------- Dafny program verifier finished with 24 verified, 0 errors -------------------- ListReverse.dfy -------------------- Dafny program verifier finished with 2 verified, 0 errors -------------------- ListContents.dfy -------------------- Dafny program verifier finished with 9 verified, 0 errors -------------------- SchorrWaite.dfy -------------------- Dafny program verifier finished with 10 verified, 0 errors -------------------- Termination.dfy -------------------- Dafny program verifier finished with 13 verified, 0 errors -------------------- Use.dfy -------------------- Use.dfy(14,18): Error: assertion violation Execution trace: (0,0): anon0 Use.dfy(24,18): Error: assertion violation Execution trace: (0,0): anon0 Use.dfy(33,18): Error: assertion violation Execution trace: (0,0): anon0 Use.dfy(52,12): Error: assertion violation Execution trace: (0,0): anon0 Use.dfy(82,17): Error: assertion violation Execution trace: (0,0): anon0 Use.dfy(124,23): Error: assertion violation Execution trace: (0,0): anon0 Use.dfy(136,5): Error: assertion violation Execution trace: (0,0): anon0 Use.dfy(136,5): Error: assertion violation Execution trace: (0,0): anon0 Use.dfy(207,19): Error: assertion violation Execution trace: (0,0): anon0 Dafny program verifier finished with 38 verified, 9 errors -------------------- DTypes.dfy -------------------- DTypes.dfy(15,14): Error: assertion violation Execution trace: (0,0): anon0 DTypes.dfy(28,13): Error: assertion violation Execution trace: (0,0): anon0 DTypes.dfy(54,18): Error: assertion violation Execution trace: (0,0): anon0 Dafny program verifier finished with 13 verified, 3 errors -------------------- TypeParameters.dfy -------------------- TypeParameters.dfy(41,22): Error: assertion violation Execution trace: (0,0): anon0 TypeParameters.dfy(63,27): Error: assertion violation Execution trace: (0,0): anon0 Dafny program verifier finished with 20 verified, 2 errors -------------------- Datatypes.dfy -------------------- Dafny program verifier finished with 10 verified, 0 errors -------------------- UnboundedStack.dfy -------------------- Dafny program verifier finished with 12 verified, 0 errors -------------------- SumOfCubes.dfy -------------------- Dafny program verifier finished with 17 verified, 0 errors -------------------- TerminationDemos.dfy -------------------- Dafny program verifier finished with 10 verified, 0 errors -------------------- Substitution.dfy -------------------- Dafny program verifier finished with 12 verified, 0 errors -------------------- Tree.dfy -------------------- Dafny program verifier finished with 6 verified, 0 errors