I am new to Dafny, and here is my Dafny code that finds the index of an input array such that the value in the array at that index is the maximal. However, Dafny indicates that there is an index out of range problem on line 8 (var max: int := a[0];). This is highly confusing as it seems trivially correct. Can anyone offer insights to this problem? Thank you!

I need to write the code for the sieve of Eratosthenes algorithm so that it is verifiable, that is, to verify that the method really returns only prime numbers.

I’m unable to prove the following basic property of a sequence comprehension.

I’m trying to refine an abstract module inside the refinement of an abstract module, but am having trouble working out how to do it.

A project I’m working on has a peculiar construct. I created a module like so:

I am trying to understand how Dafny handles postconditions of concrete classes. In the example below, I have two classes B and C that extend a trait A. Both have different postconditions for the method m.

The below Dafny method simply asserts that for every index i, there exists an index j such that the input array elements are equal. I am curious why the particular invariant and assertion does not hold since I am not modifying the array. Isn’t supposed to be obvious to the Dafny? Am I missing something.

I want to use a method inside a predicate. Brief explanation: