Dafny:构造函数中的后置条件错误
[英]Dafny: Postcondition error in constructor
问题描述
The following constructor does not work and fails at
以下构造函数不起作用并在
parent !in Repr parent !in 代表
Why can't Dafny proof the postcondition, that parent is not part of the Repr set?为什么 Dafny 不能证明后置条件,即父母不属于Repr 集?
constructor Init(x: HashObj, parent:Node?)
ensures Valid() && fresh(Repr - {this, data})
ensures Contents == {x.get_hash()}
ensures Repr == {this, data};
ensures left == null;
ensures right == null;
ensures data == x;
ensures parent != null ==> parent !in Repr;
ensures this in Repr;
{
data := x;
left := null;
right := null;
Contents := {x.get_hash()};
Repr := {this} + {data};
}
1 个解决方案
解决方案1
0 已采纳 2020-05-26 17:42:02
I'm guessing that HashObj is a trait ?我猜HashObj是一个trait ? (If it's a class , then your example verifies for me.) The verification fails because the verifier thinks x might equal parent . (如果它是class ,那么您的示例将为我验证。)验证失败,因为验证者认为x可能等于parent 。
The verifier ought to know that Node is not a HashObj (unless, of course, your class Node really does extend HashObj ), but it doesn't.验证者应该知道Node不是HashObj (当然,除非您的 class Node确实扩展HashObj ),但事实并非如此。 You may file this as an Issue on https://github.com/dafny-lang/dafny to get that corrected.您可以将此作为问题提交到https://github.com/dafny-lang/dafny以得到更正。
In the meantime, you can write a precondition that says x and parent are different.同时,您可以编写一个前提条件,说明x和parent不同。 Here, there's a wrinkle, too.在这里,也有皱纹。 You'd like to write你想写
requires x != parent
but (unless Node really does extend HashObj ) this does not type check.但是(除非Node确实扩展HashObj )这不会进行类型检查。 So, you would want to cast parent to object?那么,您是否希望将parent转换为object? . . There's no direct syntax for such an up-cast, but you can do it with a let expression:这种向上转换没有直接的语法,但您可以使用 let 表达式来实现:
requires x != var o: object? := parent; o
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.