How to read dafny counterexamples

╄→尐↘猪︶ㄣ 提交于 2019-12-11 04:13:56

问题


I'd like to understand counterexamples produced by Dafny. I'm using the following code as an example:

function update_map<K(!new), V>(m1: map<K, V>, m2: map<K, V>): map<K, V>
ensures
  (forall k :: k in m1 || k in m2 ==> k in update_map(m1, m2)) &&
  (forall k :: k in m2 ==> update_map(m1, m2)[k] == m2[k]) &&
  (forall k :: !(k in m2) && k in m1 ==> update_map(m1, m2)[k] == m1[k]) &&
  (forall k :: !(k in m2) && !(k in m1) ==> !(k in update_map(m1, m2)))
{
  map k | k in (m1.Keys + m2.Keys) :: if k in m2 then m2[k] else m1[k]
}

predicate map_extends<K, V>(m1: map<K, V>, m2: map<K, V>) {
  forall k :: k in m2 ==> k in m1 && m1[k] == m2[k]
}

lemma update_map_extends<K, V>
  (m1: map<K, V>, m2: map<K, V>, m3: map<K, V>, m4: map<K, V>)
 requires map_extends(m1, m3)
 requires map_extends(m2, m4)
 requires m1.Keys !! m2.Keys
 ensures map_extends(update_map(m1, m2), update_map(m3, m4))
{}

lemma wrong_update_map_extends<K, V>
  (m1: map<K, V>, m2: map<K, V>, m3: map<K, V>, m4: map<K, V>)
 requires map_extends(m1, m3)
 requires map_extends(m2, m4)
 ensures map_extends(update_map(m1, m2), update_map(m3, m4))
{}

My first try to get a counterexample was by using Visual Studio Code with the plugin functionalcorrectness.dafny-vscode, and then enabling the option dafny.automaticShowCounterModel. After that, I sometimes manage to get an inline counterexample by pressing F7, or from the right-click menu, but sometimes it doesn't work. I don't yet understand when this feature works and when it doesn't, there seems to be a UI bug, but that's not the subject of this question. The counterexample it displays looks as follows:

_module._default.wrong_update_map_extends$K -> T@U!val!58, _module._default.wrong_update_map_extends$V -> T@U!val!59, m1#0 -> T@U!val!60, m2#0 -> T@U!val!61, m3#0 -> T@U!val!62, m4#0 -> T@U!val!63

So my first question is:

How can I interpret this counterexample?

Another thing I tried was running

dafny -mv:updmodel.bvd update_map.dfy

and then inspecting the file updmodel.bvd, which reads as follows:

*** MODEL
##_System._tuple#0._#Make0 -> T@U!val!39
##_System._tuple#2._#Make2 -> T@U!val!42
#_System._tuple#0._#Make0 -> T@U!val!55
$$Language$Dafny -> true
$_Frame -> **$_Frame
$_Frame@0 -> T@U!val!65
$_reverifyPost -> **$_reverifyPost
$FunctionContextHeight -> 3
$Heap@@5 -> T@U!val!57
$mv_state_const -> 13
$OneHeap -> T@U!val!50
$Tick -> **$Tick
%lbl%@1 -> false
%lbl%+0 -> true
%lbl%+2 -> true
_module._default.wrong_update_map_extends$K -> T@U!val!58
_module._default.wrong_update_map_extends$V -> T@U!val!59
alloc -> T@U!val!0
allocName -> T@U!val!24
boolType -> T@T!val!2
BoxType -> T@T!val!9
charType -> T@T!val!10
class._module.__default -> T@U!val!47
class._System.__tuple_h0 -> T@U!val!38
class._System.__tuple_h2 -> T@U!val!41
class._System.array? -> T@U!val!29
class._System.bool -> T@U!val!20
class._System.int -> T@U!val!19
class._System.multiset -> T@U!val!23
class._System.object? -> T@U!val!26
class._System.seq -> T@U!val!22
class._System.set -> T@U!val!21
ClassNameType -> T@T!val!6
DatatypeTypeType -> T@T!val!12
DtCtorIdType -> T@T!val!8
HandleTypeType -> T@T!val!14
intType -> T@T!val!0
k#5!867!125 -> T@U!val!66
LayerTypeType -> T@T!val!13
m1#0@@11 -> T@U!val!60
m2#0@@11 -> T@U!val!61
m3#0 -> T@U!val!62
m4#0 -> T@U!val!63
NameFamilyType -> T@T!val!7
NoTraitAtAll -> T@U!val!18
null -> T@U!val!52
realType -> T@T!val!1
refType -> T@T!val!11
rmodeType -> T@T!val!3
TagBool -> T@U!val!6
TagChar -> T@U!val!7
TagClass -> T@U!val!17
Tagclass._module.__default -> T@U!val!48
Tagclass._System.___hFunc0 -> T@U!val!32
Tagclass._System.___hFunc1 -> T@U!val!44
Tagclass._System.___hFunc2 -> T@U!val!35
Tagclass._System.___hPartialFunc0 -> T@U!val!33
Tagclass._System.___hPartialFunc1 -> T@U!val!45
Tagclass._System.___hPartialFunc2 -> T@U!val!36
Tagclass._System.___hTotalFunc0 -> T@U!val!34
Tagclass._System.___hTotalFunc1 -> T@U!val!46
Tagclass._System.___hTotalFunc2 -> T@U!val!37
Tagclass._System.__tuple_h0 -> T@U!val!40
Tagclass._System.__tuple_h2 -> T@U!val!43
Tagclass._System.array -> T@U!val!31
Tagclass._System.array? -> T@U!val!30
Tagclass._System.nat -> T@U!val!25
Tagclass._System.object -> T@U!val!28
Tagclass._System.object? -> T@U!val!27
TagIMap -> T@U!val!16
TagInt -> T@U!val!8
TagISet -> T@U!val!12
TagMap -> T@U!val!15
TagMultiSet -> T@U!val!13
TagORDINAL -> T@U!val!10
TagReal -> T@U!val!9
TagSeq -> T@U!val!14
TagSet -> T@U!val!11
TBool -> T@U!val!1
TChar -> T@U!val!2
Tclass._module.__default -> T@U!val!56
Tclass._System.__tuple_h0 -> T@U!val!54
Tclass._System.nat -> T@U!val!51
Tclass._System.object -> T@U!val!53
Tclass._System.object? -> T@U!val!49
TInt -> T@U!val!3
TORDINAL -> T@U!val!5
TReal -> T@U!val!4
TyTagType -> T@T!val!5
TyType -> T@T!val!4
unique-value!100 -> distinct-elems!74!val!24
unique-value!101 -> distinct-elems!74!val!25
unique-value!102 -> distinct-elems!74!val!26
unique-value!103 -> distinct-elems!74!val!27
unique-value!104 -> distinct-elems!74!val!28
unique-value!105 -> distinct-elems!74!val!29
unique-value!106 -> distinct-elems!74!val!30
unique-value!107 -> distinct-elems!74!val!31
unique-value!108 -> distinct-elems!74!val!32
unique-value!109 -> distinct-elems!74!val!33
unique-value!110 -> distinct-elems!74!val!34
unique-value!111 -> distinct-elems!74!val!35
unique-value!112 -> distinct-elems!74!val!36
unique-value!113 -> distinct-elems!74!val!37
unique-value!114 -> distinct-elems!74!val!38
unique-value!115 -> distinct-elems!74!val!39
unique-value!116 -> distinct-elems!74!val!40
unique-value!117 -> distinct-elems!74!val!41
unique-value!118 -> distinct-elems!74!val!42
unique-value!119 -> distinct-elems!74!val!43
unique-value!120 -> distinct-elems!74!val!44
unique-value!121 -> distinct-elems!74!val!45
unique-value!122 -> distinct-elems!74!val!46
unique-value!123 -> distinct-elems!74!val!47
unique-value!124 -> distinct-elems!74!val!48
unique-value!76 -> distinct-elems!74!val!0
unique-value!77 -> distinct-elems!74!val!1
unique-value!78 -> distinct-elems!74!val!2
unique-value!79 -> distinct-elems!74!val!3
unique-value!80 -> distinct-elems!74!val!4
unique-value!81 -> distinct-elems!74!val!5
unique-value!82 -> distinct-elems!74!val!6
unique-value!83 -> distinct-elems!74!val!7
unique-value!84 -> distinct-elems!74!val!8
unique-value!85 -> distinct-elems!74!val!9
unique-value!86 -> distinct-elems!74!val!10
unique-value!87 -> distinct-elems!74!val!11
unique-value!88 -> distinct-elems!74!val!12
unique-value!89 -> distinct-elems!74!val!13
unique-value!90 -> distinct-elems!74!val!14
unique-value!91 -> distinct-elems!74!val!15
unique-value!92 -> distinct-elems!74!val!16
unique-value!93 -> distinct-elems!74!val!17
unique-value!94 -> distinct-elems!74!val!18
unique-value!95 -> distinct-elems!74!val!19
unique-value!96 -> distinct-elems!74!val!20
unique-value!97 -> distinct-elems!74!val!21
unique-value!98 -> distinct-elems!74!val!22
unique-value!99 -> distinct-elems!74!val!23
$Is -> {
  T@U!val!55 T@U!val!54 -> true
  T@U!val!60 T@U!val!64 -> true
  T@U!val!61 T@U!val!64 -> true
  T@U!val!62 T@U!val!64 -> true
  T@U!val!63 T@U!val!64 -> true
  T@U!val!84 T@U!val!64 -> true
  T@U!val!85 T@U!val!64 -> true
  else -> true
}
$IsAlloc -> {
  T@U!val!60 T@U!val!64 T@U!val!57 -> true
  T@U!val!61 T@U!val!64 T@U!val!57 -> true
  T@U!val!62 T@U!val!64 T@U!val!57 -> true
  T@U!val!63 T@U!val!64 T@U!val!57 -> true
  else -> true
}
$IsAllocBox -> {
  T@U!val!66 T@U!val!58 T@U!val!57 -> true
  T@U!val!71 T@U!val!59 T@U!val!57 -> true
  T@U!val!73 T@U!val!59 T@U!val!57 -> true
  T@U!val!81 T@U!val!58 T@U!val!57 -> true
  T@U!val!82 T@U!val!59 T@U!val!57 -> true
  T@U!val!83 T@U!val!59 T@U!val!57 -> true
  else -> true
}
$IsBox -> {
  T@U!val!66 T@U!val!58 -> true
  T@U!val!71 T@U!val!59 -> true
  T@U!val!73 T@U!val!59 -> true
  T@U!val!81 T@U!val!58 -> true
  T@U!val!82 T@U!val!59 -> true
  T@U!val!83 T@U!val!59 -> true
  else -> true
}
$IsGhostField -> {
  T@U!val!0 -> false
  else -> false
}
$IsGoodHeap -> {
  T@U!val!50 -> true
  T@U!val!57 -> true
  else -> true
}
$IsHeapAnchor -> {
  T@U!val!57 -> true
  else -> true
}
$mv_state -> {
  13 0 -> true
  else -> true
}
[2] -> {
  T@U!val!67 T@U!val!66 -> true
  T@U!val!67 T@U!val!81 -> true
  T@U!val!69 T@U!val!66 -> true
  T@U!val!69 T@U!val!81 -> true
  T@U!val!70 T@U!val!66 -> T@U!val!71
  T@U!val!70 T@U!val!81 -> T@U!val!82
  T@U!val!72 T@U!val!66 -> T@U!val!73
  T@U!val!72 T@U!val!81 -> T@U!val!83
  T@U!val!74 T@U!val!66 -> T@U!val!73
  T@U!val!74 T@U!val!81 -> T@U!val!83
  T@U!val!75 T@U!val!66 -> T@U!val!73
  T@U!val!75 T@U!val!81 -> T@U!val!83
  T@U!val!76 T@U!val!66 -> true
  T@U!val!76 T@U!val!81 -> true
  T@U!val!77 T@U!val!66 -> true
  T@U!val!77 T@U!val!81 -> true
  T@U!val!78 T@U!val!66 -> T@U!val!71
  T@U!val!78 T@U!val!81 -> T@U!val!82
  T@U!val!79 T@U!val!66 -> true
  T@U!val!79 T@U!val!81 -> true
  T@U!val!80 T@U!val!66 -> false
  T@U!val!80 T@U!val!81 -> false
  else -> true
}
_module.__default.map__extends -> {
  T@U!val!58 T@U!val!59 T@U!val!60 T@U!val!62 -> true
  T@U!val!58 T@U!val!59 T@U!val!61 T@U!val!63 -> true
  T@U!val!58 T@U!val!59 T@U!val!84 T@U!val!85 -> false
  else -> true
}
_module.__default.map__extends#canCall -> {
  T@U!val!58 T@U!val!59 T@U!val!60 T@U!val!62 -> true
  T@U!val!58 T@U!val!59 T@U!val!61 T@U!val!63 -> true
  T@U!val!58 T@U!val!59 T@U!val!84 T@U!val!85 -> true
  else -> true
}
_module.__default.update__map -> {
  T@U!val!58 T@U!val!59 T@U!val!60 T@U!val!61 -> T@U!val!84
  T@U!val!58 T@U!val!59 T@U!val!62 T@U!val!63 -> T@U!val!85
  else -> T@U!val!84
}
bool_2_U -> {
  false -> false
  true -> true
  else -> true
}
Ctor -> {
  T@T!val!0 -> 0
  T@T!val!1 -> 1
  T@T!val!10 -> 11
  T@T!val!11 -> 17
  T@T!val!12 -> 18
  T@T!val!13 -> 19
  T@T!val!14 -> 20
  T@T!val!15 -> 7
  T@T!val!16 -> 16
  T@T!val!17 -> 23
  T@T!val!18 -> 14
  T@T!val!19 -> 12
  T@T!val!2 -> 2
  T@T!val!20 -> 12
  T@T!val!3 -> 3
  T@T!val!4 -> 4
  T@T!val!5 -> 5
  T@T!val!6 -> 6
  T@T!val!7 -> 8
  T@T!val!8 -> 9
  T@T!val!9 -> 10
  else -> 12
}
DatatypeCtorId -> {
  T@U!val!55 -> T@U!val!39
  else -> T@U!val!39
}
DeclName -> {
  T@U!val!0 -> T@U!val!24
  else -> T@U!val!24
}
distinct-aux-f!!75 -> {
  T@U!val!0 -> distinct-elems!74!val!23
  T@U!val!1 -> distinct-elems!74!val!0
  T@U!val!10 -> distinct-elems!74!val!9
  T@U!val!11 -> distinct-elems!74!val!10
  T@U!val!12 -> distinct-elems!74!val!11
  T@U!val!13 -> distinct-elems!74!val!12
  T@U!val!14 -> distinct-elems!74!val!13
  T@U!val!15 -> distinct-elems!74!val!14
  T@U!val!16 -> distinct-elems!74!val!15
  T@U!val!17 -> distinct-elems!74!val!16
  T@U!val!18 -> distinct-elems!74!val!17
  T@U!val!19 -> distinct-elems!74!val!18
  T@U!val!2 -> distinct-elems!74!val!1
  T@U!val!20 -> distinct-elems!74!val!19
  T@U!val!21 -> distinct-elems!74!val!20
  T@U!val!22 -> distinct-elems!74!val!21
  T@U!val!23 -> distinct-elems!74!val!22
  T@U!val!24 -> distinct-elems!74!val!24
  T@U!val!25 -> distinct-elems!74!val!25
  T@U!val!26 -> distinct-elems!74!val!26
  T@U!val!27 -> distinct-elems!74!val!27
  T@U!val!28 -> distinct-elems!74!val!28
  T@U!val!29 -> distinct-elems!74!val!29
  T@U!val!3 -> distinct-elems!74!val!2
  T@U!val!30 -> distinct-elems!74!val!30
  T@U!val!31 -> distinct-elems!74!val!31
  T@U!val!32 -> distinct-elems!74!val!32
  T@U!val!33 -> distinct-elems!74!val!33
  T@U!val!34 -> distinct-elems!74!val!34
  T@U!val!35 -> distinct-elems!74!val!35
  T@U!val!36 -> distinct-elems!74!val!36
  T@U!val!37 -> distinct-elems!74!val!37
  T@U!val!38 -> distinct-elems!74!val!38
  T@U!val!39 -> distinct-elems!74!val!39
  T@U!val!4 -> distinct-elems!74!val!3
  T@U!val!40 -> distinct-elems!74!val!40
  T@U!val!41 -> distinct-elems!74!val!41
  T@U!val!42 -> distinct-elems!74!val!42
  T@U!val!43 -> distinct-elems!74!val!43
  T@U!val!44 -> distinct-elems!74!val!44
  T@U!val!45 -> distinct-elems!74!val!45
  T@U!val!46 -> distinct-elems!74!val!46
  T@U!val!47 -> distinct-elems!74!val!47
  T@U!val!48 -> distinct-elems!74!val!48
  T@U!val!5 -> distinct-elems!74!val!4
  T@U!val!6 -> distinct-elems!74!val!5
  T@U!val!7 -> distinct-elems!74!val!6
  T@U!val!8 -> distinct-elems!74!val!7
  T@U!val!9 -> distinct-elems!74!val!8
  else -> distinct-elems!74!val!0
}
FDim -> {
  T@U!val!0 -> 0
  else -> 0
}
FieldType -> {
  T@T!val!2 -> T@T!val!15
  else -> T@T!val!15
}
FieldTypeInv0 -> {
  T@T!val!15 -> T@T!val!2
  else -> T@T!val!2
}
Inv0_TMap -> {
  T@U!val!64 -> T@U!val!58
  else -> T@U!val!58
}
Inv1_TMap -> {
  T@U!val!64 -> T@U!val!59
  else -> T@U!val!59
}
k#0@@1!838!72 -> {
  T@U!val!85 T@U!val!84 T@U!val!58 -> T@U!val!81
  else -> T@U!val!81
}
lambda#0 -> {
  T@U!val!61 T@U!val!58 T@U!val!60 -> T@U!val!69
  T@U!val!63 T@U!val!58 T@U!val!62 -> T@U!val!67
  else -> T@U!val!69
}
lambda#1 -> {
  T@U!val!61 T@U!val!60 -> T@U!val!70
  T@U!val!63 T@U!val!62 -> T@U!val!72
  else -> T@U!val!70
}
lambda#9 -> {
  T@U!val!0 T@U!val!52 T@U!val!57 -> T@U!val!65
  else -> T@U!val!65
}
Lit -> {
  T@U!val!55 -> T@U!val!55
  else -> T@U!val!55
}
Map#Domain -> {
  T@U!val!60 -> T@U!val!76
  T@U!val!61 -> T@U!val!79
  T@U!val!62 -> T@U!val!77
  T@U!val!63 -> T@U!val!80
  T@U!val!84 -> T@U!val!69
  T@U!val!85 -> T@U!val!67
  else -> T@U!val!67
}
Map#Elements -> {
  T@U!val!60 -> T@U!val!75
  T@U!val!61 -> T@U!val!78
  T@U!val!62 -> T@U!val!74
  T@U!val!84 -> T@U!val!70
  T@U!val!85 -> T@U!val!72
  else -> T@U!val!70
}
Map#Glue -> {
  T@U!val!67 T@U!val!72 T@U!val!64 -> T@U!val!85
  T@U!val!69 T@U!val!70 T@U!val!64 -> T@U!val!84
  else -> T@U!val!84
}
MapType -> {
  T@T!val!9 T@T!val!9 -> T@T!val!18
  else -> T@T!val!18
}
MapType0Type -> {
  T@T!val!9 T@T!val!2 -> T@T!val!20
  T@T!val!9 T@T!val!9 -> T@T!val!19
  else -> T@T!val!19
}
MapType0TypeInv0 -> {
  T@T!val!19 -> T@T!val!9
  T@T!val!20 -> T@T!val!9
  else -> T@T!val!9
}
MapType0TypeInv1 -> {
  T@T!val!19 -> T@T!val!9
  T@T!val!20 -> T@T!val!2
  else -> T@T!val!9
}
MapType1Type -> {
  T@T!val!11 -> T@T!val!16
  else -> T@T!val!16
}
MapType1TypeInv0 -> {
  T@T!val!16 -> T@T!val!11
  else -> T@T!val!11
}
MapType4Type -> {
  T@T!val!11 T@T!val!2 -> T@T!val!17
  else -> T@T!val!17
}
MapType4TypeInv0 -> {
  T@T!val!17 -> T@T!val!11
  else -> T@T!val!11
}
MapType4TypeInv1 -> {
  T@T!val!17 -> T@T!val!2
  else -> T@T!val!2
}
MapTypeInv0 -> {
  T@T!val!18 -> T@T!val!9
  else -> T@T!val!9
}
MapTypeInv1 -> {
  T@T!val!18 -> T@T!val!9
  else -> T@T!val!9
}
Tag -> {
  T@U!val!1 -> T@U!val!6
  T@U!val!2 -> T@U!val!7
  T@U!val!3 -> T@U!val!8
  T@U!val!4 -> T@U!val!9
  T@U!val!49 -> T@U!val!27
  T@U!val!5 -> T@U!val!10
  T@U!val!51 -> T@U!val!25
  T@U!val!53 -> T@U!val!28
  T@U!val!54 -> T@U!val!40
  T@U!val!56 -> T@U!val!48
  T@U!val!64 -> T@U!val!15
  else -> T@U!val!6
}
tickleBool -> {
  false -> true
  true -> true
  else -> true
}
TMap -> {
  T@U!val!58 T@U!val!59 -> T@U!val!64
  else -> T@U!val!64
}
type -> {
  false -> T@T!val!2
  T@U!val!0 -> T@T!val!15
  T@U!val!1 -> T@T!val!4
  T@U!val!10 -> T@T!val!5
  T@U!val!11 -> T@T!val!5
  T@U!val!12 -> T@T!val!5
  T@U!val!13 -> T@T!val!5
  T@U!val!14 -> T@T!val!5
  T@U!val!15 -> T@T!val!5
  T@U!val!16 -> T@T!val!5
  T@U!val!17 -> T@T!val!5
  T@U!val!18 -> T@T!val!6
  T@U!val!19 -> T@T!val!6
  T@U!val!2 -> T@T!val!4
  T@U!val!20 -> T@T!val!6
  T@U!val!21 -> T@T!val!6
  T@U!val!22 -> T@T!val!6
  T@U!val!23 -> T@T!val!6
  T@U!val!24 -> T@T!val!7
  T@U!val!25 -> T@T!val!5
  T@U!val!26 -> T@T!val!6
  T@U!val!27 -> T@T!val!5
  T@U!val!28 -> T@T!val!5
  T@U!val!29 -> T@T!val!6
  T@U!val!3 -> T@T!val!4
  T@U!val!30 -> T@T!val!5
  T@U!val!31 -> T@T!val!5
  T@U!val!32 -> T@T!val!5
  T@U!val!33 -> T@T!val!5
  T@U!val!34 -> T@T!val!5
  T@U!val!35 -> T@T!val!5
  T@U!val!36 -> T@T!val!5
  T@U!val!37 -> T@T!val!5
  T@U!val!38 -> T@T!val!6
  T@U!val!39 -> T@T!val!8
  T@U!val!4 -> T@T!val!4
  T@U!val!40 -> T@T!val!5
  T@U!val!41 -> T@T!val!6
  T@U!val!42 -> T@T!val!8
  T@U!val!43 -> T@T!val!5
  T@U!val!44 -> T@T!val!5
  T@U!val!45 -> T@T!val!5
  T@U!val!46 -> T@T!val!5
  T@U!val!47 -> T@T!val!6
  T@U!val!48 -> T@T!val!5
  T@U!val!49 -> T@T!val!4
  T@U!val!5 -> T@T!val!4
  T@U!val!50 -> T@T!val!16
  T@U!val!51 -> T@T!val!4
  T@U!val!52 -> T@T!val!11
  T@U!val!53 -> T@T!val!4
  T@U!val!54 -> T@T!val!4
  T@U!val!55 -> T@T!val!12
  T@U!val!56 -> T@T!val!4
  T@U!val!57 -> T@T!val!16
  T@U!val!58 -> T@T!val!4
  T@U!val!59 -> T@T!val!4
  T@U!val!6 -> T@T!val!5
  T@U!val!60 -> T@T!val!18
  T@U!val!61 -> T@T!val!18
  T@U!val!62 -> T@T!val!18
  T@U!val!63 -> T@T!val!18
  T@U!val!64 -> T@T!val!4
  T@U!val!65 -> T@T!val!17
  T@U!val!66 -> T@T!val!9
  T@U!val!67 -> T@T!val!20
  T@U!val!69 -> T@T!val!20
  T@U!val!7 -> T@T!val!5
  T@U!val!70 -> T@T!val!19
  T@U!val!71 -> T@T!val!9
  T@U!val!72 -> T@T!val!19
  T@U!val!73 -> T@T!val!9
  T@U!val!74 -> T@T!val!19
  T@U!val!75 -> T@T!val!19
  T@U!val!76 -> T@T!val!20
  T@U!val!77 -> T@T!val!20
  T@U!val!78 -> T@T!val!19
  T@U!val!79 -> T@T!val!20
  T@U!val!8 -> T@T!val!5
  T@U!val!80 -> T@T!val!20
  T@U!val!81 -> T@T!val!9
  T@U!val!82 -> T@T!val!9
  T@U!val!83 -> T@T!val!9
  T@U!val!84 -> T@T!val!18
  T@U!val!85 -> T@T!val!18
  T@U!val!9 -> T@T!val!5
  true -> T@T!val!2
  else -> T@T!val!5
}
U_2_bool -> {
  false -> false
  true -> true
  else -> true
}
*** STATE <initial>
  $_Frame -> **$_Frame
  $_reverifyPost -> **$_reverifyPost
  $Heap -> T@U!val!57
  $Tick -> **$Tick
  _module._default.wrong_update_map_extends$K -> T@U!val!58
  _module._default.wrong_update_map_extends$V -> T@U!val!59
  m1#0 -> T@U!val!60
  m2#0 -> T@U!val!61
  m3#0 -> T@U!val!62
  m4#0 -> T@U!val!63
*** END_STATE
*** STATE update_map.dfy(28,0): initial state
  $_Frame -> T@U!val!65
*** END_STATE
*** END_MODEL

This seems to be more detailed, but I still don't understand how to interpret this, so my second question is:

How can I interpret such bvd files?

Then I read about the Boogie Verification Debugger, so I cloned and built https://github.com/boogie-org/boogie/tree/cd0609f660a5f063b10eacdae142c915115ec162, and ran BVD with the model file created above, and it produced the following:

My third question is:

Does this look as expected? If yes, how to interpret it?


回答1:


This is not a good answer, but I am posting it as an answer anyway instead of a comment because I believe it is the state of the art.

As far as I know, nobody who uses Dafny looks at the counterexamples. (There may be some people who use Boogie via other front-ends who do look at the counterexamples though.) Personally, I have never even tried to look at a counterexample. Instead, when I get a verification error, I try to add assertions to my program to figure out what the problem is. You can think of assert P as asking the verifier the question "do you know that P is true?". Then you can use this to narrow down your problem.



来源:https://stackoverflow.com/questions/52618673/how-to-read-dafny-counterexamples

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!