diff options
| author |  Benjamin Barenblat <bbaren@mit.edu> | 2016-05-30 17:58:02 -0400 |
|---|---|---|
| committer | Benjamin Barenblat <bbaren@mit.edu> | 2016-05-30 17:58:02 -0400 |
| commit | e67c951ad9c5c637e36a6f025ba3d6e3ad945416 (patch) | |
| tree | 0cfb5c339602e4bdebf4bf97f3f0ccc3923c14d1 /Test/wishlist/sequences-s0-in-s.dfy | |
| parent | 000aa762e1fee4b9bd83ec3d7c8b61fd203e2c9d (diff) | |
| parent | df5c5f547990c1f80ab7594a1f9287ee03a61754 (diff) | |
Merge commit 'df5c5f5'
Diffstat (limited to 'Test/wishlist/sequences-s0-in-s.dfy')
| -rw-r--r-- | Test/wishlist/sequences-s0-in-s.dfy | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/Test/wishlist/sequences-s0-in-s.dfy b/Test/wishlist/sequences-s0-in-s.dfy new file mode 100644 index 00000000..c221dbb2 --- /dev/null +++ b/Test/wishlist/sequences-s0-in-s.dfy @@ -0,0 +1,25 @@ +// RUN: %dafny /compile:0 /autoTriggers:1 /print:"%t.print" /dprint:"%t.dprint" "%s" > "%t"
+// RUN: %diff "%s.expect" "%t"
+
+// The following is also due to a weakness in the axiomatization: namely, it is
+// not easy to learn, using Dafny's axioms, that s[0] in s. One can of course
+// prove it, but it doesn't come for free.
+
+method InSeqTriggers(s: seq<int>, i: nat)
+ requires forall x :: x in s ==> x > 0;
+ requires |s| > 0 {
+ if * {
+ // Fails
+ assert s[0] > 0; // WISH
+ } else if * {
+ // Works
+ assert s[0] in s;
+ assert s[0] > 0;
+ }
+}
+
+method InSeqNoAutoTriggers(s: seq<int>, i: nat)
+ requires forall x {:autotriggers false} :: x in s ==> x > 0;
+ requires |s| > 0 {
+ assert s[0] > 0; // Works (Z3 matches on $Box above)
+}
|