blob: c221dbb2d811b6e97059b3f9a88ef237aa0c0a66 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
// RUN: %dafny /compile:0 /autoTriggers:1 /print:"%t.print" /dprint:"%t.dprint" "%s" > "%t"
// RUN: %diff "%s.expect" "%t"
// The following is also due to a weakness in the axiomatization: namely, it is
// not easy to learn, using Dafny's axioms, that s[0] in s. One can of course
// prove it, but it doesn't come for free.
method InSeqTriggers(s: seq<int>, i: nat)
requires forall x :: x in s ==> x > 0;
requires |s| > 0 {
if * {
// Fails
assert s[0] > 0; // WISH
} else if * {
// Works
assert s[0] in s;
assert s[0] > 0;
}
}
method InSeqNoAutoTriggers(s: seq<int>, i: nat)
requires forall x {:autotriggers false} :: x in s ==> x > 0;
requires |s| > 0 {
assert s[0] > 0; // Works (Z3 matches on $Box above)
}
|