Program Verification Using Dafny

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/15

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 5:24 PM on 4/3/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

16 Terms

1
New cards

Compositional Verification Principle

  • Verification of methods individually

  • Postcondition checked after call

  • Precondition checked at each call

  • Supports modular reasoning.

2
New cards

Method Call Verification

  • For call inc(x), checks preconditions

  • Caller precondition implies callee's precondition

  • Postcondition assumed about return values.

3
New cards

Example 1 Verification Result

  • Method inc requires x > 2
  • In Main: x=3 satisfies precondition
  • Postcondition guarantees y > 3
  • Assert y > 3 holds.
4
New cards

Example 2 Verification Result

  • Method inc requires x > 2
  • In Main: x=4 satisfies precondition
  • Postcondition guarantees y > 3, not y > 4
  • Assert y > 4 cannot be verified.
5
New cards

Max Method Specification

  • Method max(a: array) returns (m: int)
  • Requires a.Length > 1
  • Ensures m >= a[i] for all valid i.
  • Postconditions only ensure upper bound.
6
New cards

Max Method Assertion Failure

  • In Main: a = [0,1,3]
  • Postcondition y >= each element
  • y could be 5, 10; cannot assert y == 3.
7
New cards

Max Method Loop Invariant Needed

  • Track maximum: invariant m >= a[j]
  • Ensure m is actual maximum, not just upper bound.
8
New cards

Square Method by Sum of Odds

  • Method square(x: nat) returns (y: int)
  • Ensures y == x * x
  • Uses sum of first x odd numbers.
9
New cards

Square Method Loop Invariant

  • Invariant: a == i * i, b == 2*i + 1
  • Initially: i=0, a=0, b=1
  • Each iteration updates a and b.
10
New cards

Loop Invariant for Max

  • Invariant m >= a[j] for all j < i
  • Also need invariant m == a[j] to ensure m is maximum.
11
New cards

Dafny Assertion Verification

  • Uses weakest precondition for assertions
  • Assert must be provable from context.
12
New cards

Array Element Assignment

  • a[0] := 0 updates element
  • Tracks array contents for verification.
13
New cards

New Array Creation

  • var a: array := new nat[3];
  • Creates new array of length 3
  • Elements must be assigned before reading.
14
New cards

Method Parameter Immutability

  • Parameters are immutable in Dafny
  • Use returns clause for new values.
15
New cards

Loop Invariant Necessity

  • Invariants required for proving properties
  • Must hold before and be preserved by loop body.
16
New cards

Termination Proof via Decrease

  • Requires decrease clause for termination proof
  • Simple loops can infer decrease automatically.