Choosing Sort by Daphne

Question

Choosing Sort by Daphne

I am trying to implement sorting in Dafny.

My function sortedand FindMinoperate, but he selectionsortcontains statements that Daphne does not prove, even if they are true.

Here is my program:

predicate sorted(a:array<int>,i:int)
  requires a != null;
  requires 0 <= i <= a.Length;
  reads a;
{
  forall k :: 0 < k < i ==> a[k-1] < a[k]
}
method FindMin(a:array<int>,i:int) returns(m:int)
  requires a != null;
  requires 0 <= i < a.Length;
  ensures i <= m < a.Length;
  ensures forall k :: i <= k < a.Length ==> a[k] >= a[m];
{
  var j := i;
  m := i;
  while(j < a.Length)
    decreases a.Length - j;
    invariant i <= j <= a.Length;
    invariant i <= m < a.Length;
    invariant forall k :: i <= k < j ==> a[k] >= a[m];
  {
    if(a[j] < a[m]){m := j;}
    j := j + 1;
  }
}
method selectionsort(a:array<int>) returns(s:array<int>)
  requires a != null;
  modifies a;
  ensures s != null;
  ensures sorted(s,s.Length);
{
  var c,m := 0,0;
  var t;
  s := a;
  assert s != null;
  assert s.Length == a.Length;
  while(c<s.Length)
    decreases s.Length-c;
    invariant 0 <= c <= s.Length;
    invariant c-1 <= m <= s.Length;
    invariant sorted(s,c);
  {
    m := FindMin(s,c);
    assert forall k :: c <= k < s.Length ==> s[k] >= s[m];
    assert forall k :: 0 <= k < c ==> s[k] <= s[m];
    assert s[c] >= s[m];
    t := s[c];
    s[m] := t;
    s[c] := s[m];
    assert s[m] >= s[c];
    assert forall k :: c <= k < s.Length ==> s[k] >= s[c];
    c := c+1;
    assert  c+1 < s.Length ==> s[c-1] <= s[c];
  }
}

Why is this wrong? What does "postcondtion can not hold" mean? Can Daphne give a counter example?

+4

sorting selection-sort assertions dafny

hacatu Jul 6 '14 at 0:24

source share

1 answer

Rustan Leino · Accepted Answer · 2014-09-09T02:14:46+0000

You seem to understand the basic idea behind the loop invariants, which is needed to test programs using Dafny.

. - Dafny IDE Visual Studio. ( c), , , , s[c] s[m]. , , .

, . , Dafny, :

s[c], s[m] := s[m], s[c];

. -, :

assert forall k :: 0 <= k < c ==> s[k] <= s[m];

s[m] - , , - . :

invariant forall k, l :: 0 <= k < c <= l < a.Length ==> s[k] <= s[l];

, , sorted(s,c) , , sorted , , . , , . , selectionsort , ,

forall k, l :: 0 <= k < l < a.Length ==> a[k] != a[l];

( ) selectionsort. , , sorted, a[k] > a[m] a[k] >= a[m].

, assert t. m , m , FindMin, , c-1 <= m <= s.Length . decreases ; Dafny . , selectionsort , a out-parameter s; out s a .

Choosing Sort by Daphne

More articles: