Fatal编程技术网

Automated tests 如何避免减少和修改违规?

automated-tests

Automated tests 如何避免减少和修改违规?,automated-tests,solidity,dafny,Automated Tests,Solidity,Dafny,如果每次迭代后我的索引不会减少,我如何避免减少错误? 为什么我对一个对象和一个数组使用modify子句,而对它们使用modify子句呢 class ownerIndexs{ var oi : map<int, int>; constructor(){ new; } } class multiowned{ var m_numOwners : int; var m_owners : array<int>; var m_ownerIndex :

如果每次迭代后我的索引不会减少,我如何避免减少错误? 为什么我对一个对象和一个数组使用modify子句,而对它们使用modify子句呢

class ownerIndexs{
  var oi : map<int, int>;

  constructor(){
  new;
  }
}

class multiowned{

  var m_numOwners : int;
  var m_owners : array<int>;
  var m_ownerIndex : ownerIndexs;

method reorganizeOwners() returns (boo : bool)
  requires m_owners != null && m_ownerIndex != null
  requires  m_owners.Length >= 2
  requires 0 <= m_numOwners < m_owners.Length


  modifies this
  modifies this.m_owners 
  modifies this.m_ownerIndex;
 {
    var frees : int := 1;
    while (frees < m_numOwners)
    decreases m_numOwners - frees      //error 1
    invariant m_owners != null && m_numOwners < m_owners.Length
    invariant m_ownerIndex != null


    {
        while (frees < m_numOwners && m_owners[frees] != 0)
        decreases m_numOwners - frees
        invariant frees <= m_numOwners
        invariant m_owners != null && m_numOwners < m_owners.Length
        invariant m_ownerIndex != null
        {
          frees := frees +1;
        }

       while (m_numOwners > 1 && m_owners[m_numOwners] == 0)
       invariant m_owners != null && m_numOwners < m_owners.Length
       invariant m_ownerIndex != null
        {
          m_numOwners := m_numOwners-1;
       }
 if (frees < m_numOwners && m_owners[m_numOwners] != 0 && m_owners[frees] == 0)
        {
            m_owners[frees] := m_owners[m_numOwners]; //error 2
            m_ownerIndex.oi := m_ownerIndex.oi[m_owners[frees] := frees]; //error 3
            m_owners[m_numOwners] := 0;
        }
    }
    boo := true;
  }

}

类所有者索引{
var-oi:map;
构造函数(){
新的;
}
}
集体所有{
var m_numOwners:int;
var m_所有者:数组;
var m_ownerIndex:ownerIndex;
方法reorganizeOwners()返回(boo:bool)
需要m_owners!=null&&m_ownerIndex!=null
需要m_。长度>=2

需要0您编写
修改此.m_owners
但当您转到修改
此.m_owners
时,Dafny不知道
此.m_owners
仍然引用与方法开始时相同的对象

尝试将这些不变量添加到while循环中


    invariant this.m_owners == old(this.m_owners)
    invariant this.m_ownerIndex == old(this.m_ownerIndex)


对于reduces子句,您需要向Dafny证明
m_numOwners-frees
实际上是减少的,这对我来说似乎不是真的-在我看来,两个内部while循环条件都可能是假的,在这种情况下
m_numOwners
frees
都不会改变。这可能是一个错误你的代码,或者你需要更多的前置条件和不变量,我不确定你的意图