Fix issue 91 - Change how we compute the bounds of quantified variables so that

it does not depend on the order they appeared.

2 files changed, 55 insertions, 0 deletions

diff --git a/Test/dafny4/Bug91.dfy b/Test/dafny4/Bug91.dfy
new file mode 100644
index 00000000..75f8de22
--- /dev/null
+++ b/Test/dafny4/Bug91.dfy
@@ -0,0 +1,53 @@
+// RUN: %dafny /compile:0  "%s" > "%t"

+// RUN: %diff "%s.expect" "%t"

+

+type SendState = map<int, seq<int>>

+

+function UnAckedMessages(s:SendState) : set<int>

+{

+    set m,dst | dst in s && m in s[dst] :: m

+}

+

+predicate UnAckedMessage2(s:SendState, m:int)

+{

+    exists dst :: dst in s && m in s[dst]

+}

+

+/* the following bound can't be determined since we only know what to do with binary operations

+function UnAckedMessagesA(s:SendState) : set<int>

+{

+    set m | UnAckedMessage2(s, m) :: m

+}

+*/

+

+function UnAckedMessagesForDst(s:SendState, dst:int) : set<int>

+    requires dst in s;

+{

+    set m | m in s[dst] :: m

+}

+

+function UnAckedMessages3(s:SendState) : set<int>

+{

+    set m,dst | dst in s && m in UnAckedMessagesForDst(s, dst) :: m

+}

+

+function SeqToSet<T>(s:seq<T>) : set<T>

+{

+    set i | i in s 

+}

+/* does not verify, with element may not in domain error

+function UnAckedMessages4(s:SendState) : set<int>

+{

+    set m,dst | m in SeqToSet(s[dst]) && dst in s :: m

+}

+*/

+

+function UnAckedLists(s:SendState) : set<seq<int>>

+{

+    set dst | dst in s :: s[dst]

+}

+

+function UnAckedMessages5(s:SendState) : set<int>

+{

+    set m, list | list in UnAckedLists(s) && m in list :: m

+}
\ No newline at end of file
diff --git a/Test/dafny4/Bug91.dfy.expect b/Test/dafny4/Bug91.dfy.expect
new file mode 100644
index 00000000..76f19e0d
--- /dev/null
+++ b/Test/dafny4/Bug91.dfy.expect
@@ -0,0 +1,2 @@
+

+Dafny program verifier finished with 7 verified, 0 errors