diff options
Diffstat (limited to 'Test/wishlist')
| -rw-r--r-- | Test/wishlist/calc.dfy | 17 | ||||
| -rw-r--r-- | Test/wishlist/calc.dfy.expect | 11 | ||||
| -rw-r--r-- | Test/wishlist/exists-b-exists-not-b.dfy | 10 | ||||
| -rw-r--r-- | Test/wishlist/exists-b-exists-not-b.dfy.expect | 8 | ||||
| -rw-r--r-- | Test/wishlist/granted/useless-casts-in-decreases-clauses.dfy | 9 | ||||
| -rw-r--r-- | Test/wishlist/granted/useless-casts-in-decreases-clauses.dfy.expect | 3 | ||||
| -rw-r--r-- | Test/wishlist/naked-function-in-recursive-setting.dfy | 13 | ||||
| -rw-r--r-- | Test/wishlist/naked-function-in-recursive-setting.dfy.expect | 8 | ||||
| -rw-r--r-- | Test/wishlist/sequences-literals.dfy | 58 | ||||
| -rw-r--r-- | Test/wishlist/sequences-literals.dfy.expect | 20 | ||||
| -rw-r--r-- | Test/wishlist/sequences-s0-in-s.dfy | 25 | ||||
| -rw-r--r-- | Test/wishlist/sequences-s0-in-s.dfy.expect | 6 | ||||
| -rw-r--r-- | Test/wishlist/strings.dfy | 6 | ||||
| -rw-r--r-- | Test/wishlist/strings.dfy.expect | 5 | ||||
| -rw-r--r-- | Test/wishlist/we-should-always-print-tooltips.dfy | 4 | ||||
| -rw-r--r-- | Test/wishlist/we-should-always-print-tooltips.dfy.expect | 2 |
16 files changed, 205 insertions, 0 deletions
diff --git a/Test/wishlist/calc.dfy b/Test/wishlist/calc.dfy new file mode 100644 index 00000000..308fbb9a --- /dev/null +++ b/Test/wishlist/calc.dfy @@ -0,0 +1,17 @@ +// RUN: %dafny /compile:0 /print:"%t.print" /dprint:"%t.dprint" "%s" > "%t"
+// RUN: %diff "%s.expect" "%t"
+
+// There is a bug in Dafny that causes the error from `L` to be reported at
+// position 0 in this file, instead of on a curly brace.
+
+lemma L()
+ ensures false {
+ calc { true; }
+}
+
+// Empty calc statements work fine, though:
+
+lemma L'()
+ ensures false {
+ calc { }
+}
diff --git a/Test/wishlist/calc.dfy.expect b/Test/wishlist/calc.dfy.expect new file mode 100644 index 00000000..9e4e7b44 --- /dev/null +++ b/Test/wishlist/calc.dfy.expect @@ -0,0 +1,11 @@ +calc.dfy(8,16): Error BP5003: A postcondition might not hold on this return path.
+calc.dfy(8,10): Related location: This is the postcondition that might not hold.
+Execution trace:
+ (0,0): anon0
+ calc.dfy(9,5): anon2_Else
+calc.dfy(15,16): Error BP5003: A postcondition might not hold on this return path.
+calc.dfy(15,10): Related location: This is the postcondition that might not hold.
+Execution trace:
+ (0,0): anon0
+
+Dafny program verifier finished with 2 verified, 2 errors
diff --git a/Test/wishlist/exists-b-exists-not-b.dfy b/Test/wishlist/exists-b-exists-not-b.dfy new file mode 100644 index 00000000..2573b2f2 --- /dev/null +++ b/Test/wishlist/exists-b-exists-not-b.dfy @@ -0,0 +1,10 @@ +// RUN: %dafny /compile:0 /print:"%t.print" /dprint:"%t.dprint" "%s" > "%t"
+// RUN: %diff "%s.expect" "%t"
+
+// It would be great if Dafny was able to verify the following statements;
+// otherwise, trigger splitting prevents `exists b :: b || not b` from verifying
+
+method M() {
+ assert exists b : bool {:nowarn} :: b; // WISH
+ assert exists b : bool {:nowarn} :: !b; // WISH
+}
diff --git a/Test/wishlist/exists-b-exists-not-b.dfy.expect b/Test/wishlist/exists-b-exists-not-b.dfy.expect new file mode 100644 index 00000000..c785ee97 --- /dev/null +++ b/Test/wishlist/exists-b-exists-not-b.dfy.expect @@ -0,0 +1,8 @@ +exists-b-exists-not-b.dfy(8,9): Error: assertion violation
+Execution trace:
+ (0,0): anon0
+exists-b-exists-not-b.dfy(9,9): Error: assertion violation
+Execution trace:
+ (0,0): anon0
+
+Dafny program verifier finished with 1 verified, 2 errors
diff --git a/Test/wishlist/granted/useless-casts-in-decreases-clauses.dfy b/Test/wishlist/granted/useless-casts-in-decreases-clauses.dfy new file mode 100644 index 00000000..9b002d47 --- /dev/null +++ b/Test/wishlist/granted/useless-casts-in-decreases-clauses.dfy @@ -0,0 +1,9 @@ +// RUN: %dafny /compile:0 /print:"%t.print" /dprint:"%t.dprint" /printTooltips "%s" > "%t"
+// RUN: %diff "%s.expect" "%t"
+
+method M() {
+ var pos := 10;
+ while (pos > 0) { // This shouldn't print int(pos) - int(0); pos - 0 would be better
+ pos := pos - 1;
+ }
+}
diff --git a/Test/wishlist/granted/useless-casts-in-decreases-clauses.dfy.expect b/Test/wishlist/granted/useless-casts-in-decreases-clauses.dfy.expect new file mode 100644 index 00000000..36d7e6b8 --- /dev/null +++ b/Test/wishlist/granted/useless-casts-in-decreases-clauses.dfy.expect @@ -0,0 +1,3 @@ +useless-casts-in-decreases-clauses.dfy(6,2): Info: decreases pos - 0
+
+Dafny program verifier finished with 2 verified, 0 errors
diff --git a/Test/wishlist/naked-function-in-recursive-setting.dfy b/Test/wishlist/naked-function-in-recursive-setting.dfy new file mode 100644 index 00000000..650fc4c3 --- /dev/null +++ b/Test/wishlist/naked-function-in-recursive-setting.dfy @@ -0,0 +1,13 @@ +// RUN: %dafny /compile:0 /print:"%t.print" /dprint:"%t.dprint" /printTooltips "%s" > "%t"
+// RUN: %diff "%s.expect" "%t"
+
+function fact(n: int): int
+ requires n >= 0
+{
+ if n == 0 then
+ 1
+ else (
+ assert fact.requires(n-1); //WISH
+ n * fact(n-1)
+ )
+}
diff --git a/Test/wishlist/naked-function-in-recursive-setting.dfy.expect b/Test/wishlist/naked-function-in-recursive-setting.dfy.expect new file mode 100644 index 00000000..4b1691b4 --- /dev/null +++ b/Test/wishlist/naked-function-in-recursive-setting.dfy.expect @@ -0,0 +1,8 @@ +naked-function-in-recursive-setting.dfy(4,9): Info: decreases n
+naked-function-in-recursive-setting.dfy(10,11): Error: cannot use naked function in recursive setting. Possible solution: eta expansion.
+Execution trace:
+ (0,0): anon0
+ (0,0): anon7_Else
+ (0,0): anon8_Else
+
+Dafny program verifier finished with 0 verified, 1 error
diff --git a/Test/wishlist/sequences-literals.dfy b/Test/wishlist/sequences-literals.dfy new file mode 100644 index 00000000..382349a4 --- /dev/null +++ b/Test/wishlist/sequences-literals.dfy @@ -0,0 +1,58 @@ +// RUN: %dafny /compile:0 /autoTriggers:1 /print:"%t.print" /dprint:"%t.dprint" "%s" > "%t"
+// RUN: %diff "%s.expect" "%t"
+
+// Note: in the tests below, it could be useful to experiment with the
+// following triggers for some of the library axioms:
+//
+// axiom (forall<T> s0: Seq T, s1: Seq T, x: T ::
+// { Seq#Contains(s0, x), Seq#Append(s0, s1) }
+// { Seq#Contains(s1, x), Seq#Append(s0, s1) }
+// Seq#Contains(Seq#Append(s0, s1), x)
+// <==> Seq#Contains(s0, x) || Seq#Contains(s1, x));
+//
+// axiom (forall<T> s: Seq T, v: T, x: T ::
+// { Seq#Contains(s, x), Seq#Build(s, v) }
+// Seq#Contains(Seq#Build(s, v), x) <==> v == x || Seq#Contains(s, x));
+//
+// Another, not necessarily incompatible approach would be to explicitly add
+// `assume k in s` for each element k of constant lists.
+
+method SmallList() {
+ var s := [0, 1, 5, 6];
+ if * {
+ // This fails: Dafny needs a hint here, because the triggers on the library axioms are pretty strict:
+ assert exists n :: n in s; // WISH
+ } else if * {
+ // This works
+ assert 0 in s;
+ assert exists n :: n in s;
+ } else if * {
+ // This also works, thanks to the magic of triggering on `$Box`.
+ assert exists n {:autotriggers false} :: n in s;
+ }
+}
+
+method LargeList() {
+ var s := [0, 1, 2, 3, 4, 5, 6, 7, 8, /* 9, 10, 11, */ 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, /* 119, 120, 121, */ 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136];
+ if * {
+ // The hint fails here. Maybe because z3 gets into a loop trying to unwrap
+ // this large list? This is also very slow.
+ assert 0 in s; // WISH
+ assert exists n :: n in s;
+ } else if * {
+ // Strangely, the hint works here. Why?
+ assert 122 in s;
+ assert exists n :: n in s;
+ } else if * {
+ // This also fails; since z3 only goes to a depth of 100, this probably
+ // wouldn't work with relaxed triggers eithers
+ assert exists n :: n in s && n >= 120;
+ } else if * {
+ // This works: this is certainly more `triggering-on-$Box` magic, but I'm
+ // not sure exactly how it works
+ assert exists n {:autotriggers false} :: n in s && n >= 120;
+ } else if * {
+ // `$Box` only offers limited solace, though
+ assert exists n {:autotriggers false} :: n in s && n < 3;
+ }
+}
diff --git a/Test/wishlist/sequences-literals.dfy.expect b/Test/wishlist/sequences-literals.dfy.expect new file mode 100644 index 00000000..18e3f98a --- /dev/null +++ b/Test/wishlist/sequences-literals.dfy.expect @@ -0,0 +1,20 @@ +sequences-literals.dfy(24,11): Error: assertion violation
+Execution trace:
+ (0,0): anon0
+ (0,0): anon7_Then
+sequences-literals.dfy(40,13): Error: assertion violation
+Execution trace:
+ (0,0): anon0
+ (0,0): anon17_Then
+sequences-literals.dfy(49,11): Error: assertion violation
+Execution trace:
+ (0,0): anon0
+ (0,0): anon20_Then
+ (0,0): anon7
+sequences-literals.dfy(56,11): Error: assertion violation
+Execution trace:
+ (0,0): anon0
+ (0,0): anon24_Then
+ (0,0): anon15
+
+Dafny program verifier finished with 2 verified, 4 errors
diff --git a/Test/wishlist/sequences-s0-in-s.dfy b/Test/wishlist/sequences-s0-in-s.dfy new file mode 100644 index 00000000..c221dbb2 --- /dev/null +++ b/Test/wishlist/sequences-s0-in-s.dfy @@ -0,0 +1,25 @@ +// RUN: %dafny /compile:0 /autoTriggers:1 /print:"%t.print" /dprint:"%t.dprint" "%s" > "%t"
+// RUN: %diff "%s.expect" "%t"
+
+// The following is also due to a weakness in the axiomatization: namely, it is
+// not easy to learn, using Dafny's axioms, that s[0] in s. One can of course
+// prove it, but it doesn't come for free.
+
+method InSeqTriggers(s: seq<int>, i: nat)
+ requires forall x :: x in s ==> x > 0;
+ requires |s| > 0 {
+ if * {
+ // Fails
+ assert s[0] > 0; // WISH
+ } else if * {
+ // Works
+ assert s[0] in s;
+ assert s[0] > 0;
+ }
+}
+
+method InSeqNoAutoTriggers(s: seq<int>, i: nat)
+ requires forall x {:autotriggers false} :: x in s ==> x > 0;
+ requires |s| > 0 {
+ assert s[0] > 0; // Works (Z3 matches on $Box above)
+}
diff --git a/Test/wishlist/sequences-s0-in-s.dfy.expect b/Test/wishlist/sequences-s0-in-s.dfy.expect new file mode 100644 index 00000000..4633e5f6 --- /dev/null +++ b/Test/wishlist/sequences-s0-in-s.dfy.expect @@ -0,0 +1,6 @@ +sequences-s0-in-s.dfy(13,18): Error: assertion violation
+Execution trace:
+ (0,0): anon0
+ (0,0): anon5_Then
+
+Dafny program verifier finished with 3 verified, 1 error
diff --git a/Test/wishlist/strings.dfy b/Test/wishlist/strings.dfy new file mode 100644 index 00000000..372711b0 --- /dev/null +++ b/Test/wishlist/strings.dfy @@ -0,0 +1,6 @@ +// RUN: %dafny /compile:0 /print:"%t.print" /dprint:"%t.dprint" "%s" > "%t"
+// RUN: %diff "%s.expect" "%t"
+
+method EqualityOfStrings() {
+ assert "a" != "b"; // WISH
+}
diff --git a/Test/wishlist/strings.dfy.expect b/Test/wishlist/strings.dfy.expect new file mode 100644 index 00000000..2817a66e --- /dev/null +++ b/Test/wishlist/strings.dfy.expect @@ -0,0 +1,5 @@ +strings.dfy(5,13): Error: assertion violation
+Execution trace:
+ (0,0): anon0
+
+Dafny program verifier finished with 1 verified, 1 error
diff --git a/Test/wishlist/we-should-always-print-tooltips.dfy b/Test/wishlist/we-should-always-print-tooltips.dfy new file mode 100644 index 00000000..d7a55845 --- /dev/null +++ b/Test/wishlist/we-should-always-print-tooltips.dfy @@ -0,0 +1,4 @@ +// RUN: %dafny /compile:0 /print:"%t.print" /dprint:"%t.dprint" /autoTriggers:1 /printTooltips "%s" > "%t"
+// RUN: %diff "%s.expect" "%t"
+
+// WISH it would be great to add /printTooltips to all tests
diff --git a/Test/wishlist/we-should-always-print-tooltips.dfy.expect b/Test/wishlist/we-should-always-print-tooltips.dfy.expect new file mode 100644 index 00000000..a1c1f7b9 --- /dev/null +++ b/Test/wishlist/we-should-always-print-tooltips.dfy.expect @@ -0,0 +1,2 @@ +
+Dafny program verifier finished with 0 verified, 0 errors
|