Triggers 多集触发Dafny
此引理验证,但它会引发警告Triggers 多集触发Dafny,triggers,z3,theorem-proving,dafny,multiset,Triggers,Z3,Theorem Proving,Dafny,Multiset,此引理验证,但它会引发警告Not触发器found: lemma multisetPreservesGreater (a:seq<int>, b:seq<int>, c:int, f:int, x:int) requires |a|==|b| && 0 <= c <= f + 1 <= |b| requires (forall j :: c <= j <= f ==> a[j] >= x
Not触发器foundlemma multisetPreservesGreater (a:seq<int>, b:seq<int>, c:int, f:int, x:int)
requires |a|==|b| && 0 <= c <= f + 1 <= |b|
requires (forall j :: c <= j <= f ==> a[j] >= x)
requires multiset(a[c..f+1]) == multiset(b[c..f+1])
ensures (forall j :: c <= j <= f ==> b[j] >= x)
{
assert (forall j :: j in multiset(a[c..f+1]) ==> j in multiset(b[c..f+1]));
}
需要| a |=| b |&&0这里有一种转换程序的方法,这样就不会出现触发警告
function SeqRangeToMultiSet(a: seq<int>, c: int, f: int): multiset<int>
requires 0 <= c <= f + 1 <= |a|
{
multiset(a[c..f+1])
}
lemma multisetPreservesGreater (a:seq<int>, b:seq<int>, c:int, f:int, x:int)
requires |a|==|b| && 0 <= c <= f + 1 <= |b|
requires (forall j :: c <= j <= f ==> a[j] >= x)
requires multiset(a[c..f+1]) == multiset(b[c..f+1])
ensures (forall j :: c <= j <= f ==> b[j] >= x)
{
assert forall j :: j in SeqRangeToMultiSet(a, c, f) ==> j in SeqRangeToMultiSet(b, c, f);
forall j | c <= j <= f
ensures b[j] >= x
{
assert b[j] in SeqRangeToMultiSet(b, c, f);
}
}
函数SeqRangeToMultiSet(a:seq,c:int,f:int):多集
需要0如果程序验证,则可以安全地忽略此警告。请看。完全地说,我在本例中所关心的是,我想知道如何为本例手动选择触发器。哇,非常感谢,这就是我在编辑中提出的想法。然而,最后的forall
和确保了对我来说是一次精神打击,我从来没有见过它。不知道:
也可以替换为|
。Dafny总是有一些新的东西需要了解,也许我应该读一本完整的手册。和往常一样,非常感谢,伙计:)是的,有很多功能:)forall声明绝对是一个好消息