Skip to content

Releases: dafny-lang/dafny

Dafny nightly-2025-01-24-16afdc8

07 Jul 07:22
76a7caa
Compare
Choose a tag to compare
Pre-release

This is an automatically published nightly release. This release may not be as stable as versioned releases and does not contain release notes.

Dafny 4.9.1

23 Dec 11:38
Compare
Choose a tag to compare

New features

  • Attribute {:isolate} and {:isolate "paths"} simplify the verification of an assertion by introducing additional verification jobs. {:isolate} can be applied to assert, return and continue statements. When using {:isolate_assertions} or --isolate-assertions, each return statement now creates a separate verification job for each ensures clause. Previously all ensures clauses where verified in a single job, for all return statements. (#5832)

  • Verification performance improvement: Fill in matching patterns for the quantifiers introduced by automatic induction to represent the induction hypothesis (IH). Suppress the generation of the induction hypothesis if no such matching patterns are found. Enhance tooltips accordingly. This feature is added to stabilize verification, but by sometimes not generating induction hypotheses, some automatic proofs may no longer go through. For backward compatibility, use an explicit {:induction ...} where ... is the list of variables to use for the induction-hypothesis quantifier. Additionally, use a {:nowarn} attribute to suppress any warning about lack of matching patterns.

    • Improve the selection of induction variables.

    • Allow codatatype equality in matching patterns and as a focal predicate for extreme predicates. More specifically:

      • If a lemma bears {:induction x, y, z}, where x, y, z is a subset of the lemma's parameters (in the same order
        that the lemma gives them), then an induction hypothesis (IH) is generated. The IH quantifies over the
        given variables.

        For an instance-member lemma, the variables may include the implicit this parameter.

        For an extreme lemma, the IH generated is the for corresponding prefix lemma, and the given variables may
        include the implicit parameter _k.

        If good matching patterns are found for the quantifier, then these are indicated in tooltips.
        If no patterns are found, then a warning is generated; except, if the lemma bears {:nowarn}, then only
        an informational message is given.

      • If a lemma bears {:induction} or {:induction true}, then a list of induction variables is determined heuristically.

        If the list is empty, then a warning message is generated and no IH is generated. If the list is nonempty,
        an IH is generated and the list of variables is indicated in a tooltip.

        If good matching patterns are found for the quantifier, then these are indicated in tooltips.
        If no patterns are found, then a warning is generated; except, if the lemma bears {:nowarn}, then only
        an informational message is given.

      • If a lemma bears {:induction false}, then no IH is generated.

      • If a lemma bears an :induction attribute other than those listed above, then an error is generated.

      • If a lemma bears no :induction attribute, and the --manual-lemma-induction flag is present, then no IH is generated.

      • Otherwise, a list of induction variables is determined heuristically.

        If this list is empty, then no IH is generated and no warning/info is given.

        If the list is nonempty, then the machinery looks for matching patterns for the IH quantifier. If none are
        found, then no IH is generated. An informational message is generated, saying which candidate variables were
        used and saying that no matching patterns were found.

        If patterns are found, then an IH is generated, the list of variables and the patterns are indicated in tooltips,
        and the patterns are used with the IH quantifier.

        The pattern search can be overriden by providing patterns explicitly using the {:inductionTrigger} attribute.
        This attribute has the same syntax as the {:trigger} attribute. Using an empty list of triggers restores
        Dafny's legacy behavior (no triggers for lemma induction hypotheses). (#5835)

  • Accept decreases to and nonincreases to expressions with 0 LHSs and/or 0 RHSs, and allow parentheses to be omitted when there is 1 LHS and 1 RHS. (#5891)

  • Allow forall statements in statement expressions (#5894)

  • When using --isolate-assertions or {:isolate_assertions}, a separate assertion batch will be generated per pair of return statement and ensures clause. (#5917)

Bug fixes

  • Soundness: {:only} on members only affects verification on the current file. (#5730)

  • Soundness: The verifier had assumed properties of this already during the first phase of a constructor (#5876)

  • Soundness: Map range requires equality for enclosing type to support equality (#5972)

  • Soundness: Newtype now support partial equality correctly (#5980)

  • Verification performance: Fixed a bug that would cause the symbol verification tasks to be done multiple times when using module refinement (#5967)

  • Fixed a bug that caused hide * and reveal * not to work when used in statement expressions,
    after a variable assignment occurred in the same expression.
    (#5781)

  • Fix malformed Boogie in function override checks (#5875)

  • Don't assume type information before binding variables (for let expressions and named function results) (#5877)

  • Enable using reveal statement expression inside witness expressions (#5882)

  • Fix formatting of var by statements (#5927)

  • Fix bugs that occur when using {:extern} to export members (#5939)

  • Improved code navigation for datatype update expressions (#5986)

Dafny 4.9.0

31 Oct 03:02
Compare
Choose a tag to compare

New features

  • Added opaque blocks to the language. Opaque blocks enable improving verification performance. See the documentation for more details. (#5761)

  • By blocks (... by { ... }) are now available for assert statements, call statements, and the three types of assignments (:=, :-, :|). Also, by blocks should now be more intuitive since they enable proving any assertions on the left-hand side of the 'by', not just the 'outermost' one. For example, previously assert 3 / x == 1 by { assume x == 3; } used to give a possible division by zero error, but now it won't. (#5779)

  • Use --suggest-proof-refactoring to be alerted of function definitions, which have no contribution to a method's proof, and facts, which are only used once in a proof. (#5812)

  • Support for top-level @-attributes (#5825)

Bug fixes

  • Enable abstract imports to work well with match expression that occur in specifications (#5808)

  • Fix a bug that prevented using reveal statement expressions in the body of a constant. (#5823)

  • Improve performance of dafny verify for large applications, by removing memory leaks (#5827)

  • Green gutter icons cover constants without RHS (#5841)

Dafny 4.8.1

16 Sep 19:11
Compare
Choose a tag to compare

New features

  • feat: allow type parameters of newtype declarations
    feat: support optional witness clause of constraint-less newtype declarations
    feat: show tool tips for auto-completed type parameters
    feat: show tool tips for inferred (==) characteristics
    fix: Don't let newtype well-formedness checking affect witness checking (fixes ##5520)
    fix: Check the emptiness status of constraint-less newtype declarations (fixes #5521)
    (#5495)

  • New feature: model extractor

    CLI option

    The dafny verify command now has an option --extract:<file>, where (just like for the various print options) <file> is allowed to be - to denote standard output.

    Extract mechanism

    Upon successful verification, the new extract mechanism visits the AST of the given program. For any module marked with {:extract}, the extract-worthy material from the module is output. The output declarations will be in the same order as they appear textually in the module (in particular, the fact that module-level Dafny declarations are collected in an internal class _default has no bearing on the output order).

    Three kinds of declarations are extract-worthy:

    • A type declaration A<X, Y, Z> that bears an attribute {:extract_name B} is extracted into a Boogie type declaration type B _ _ _;.

      The definition of the type is ignored. (The intended usage for an extracted type is that the Dafny program give a definition for the type, which goes to show the existence of such a type.)

    • A function declaration F(x: X, y: Y): Z that bears an attribute {:extract_name G} is extracted into a Boogie function declaration function G(x: X, y: Y): Z;.

      The body of the Dafny function is ignored. (The intended usage for an extracted function is that the Dafny program give a definition for the function, which goes to show the existence of such a function.)

    • A lemma declaration L(x: X, y: Y) requires P ensures Q that bears an attribute {:extract_pattern ...} or an attribute {:extract_used_by ...} is extracted into a Boogie axiom. The axiom has the basic form axiom (forall x: X, y: Y :: P ==> Q);.

      If the lemma has an attribute {:extract_used_by F}, then the axiom will be emitted into the uses clause of the Boogie function generated for Dafny function F.

      If the lemma has no in-parameters, the axiom is just P ==> Q.

      If the lemma has in-parameters, then any attribute {:extract_pattern E, F, G} adds a matching pattern { E, F, G } to the emitted quantifier. Also, any attribute {:extract_attribute "name", E, F, G} adds an attribute {:name E, F, G} to the quantifier.

    Expressions

    The pre- and postconditions of extracted lemmas turn into analogous Boogie expressions, and the types of function/lemma parameters and bound variables are extracted into analogous Boogie types. The intended usage of the extract mechanism is that these expressions and types do indeed have analogous Boogie types.

    At this time, only a limited set of expressions and types are supported, but more can be added in the future.

    Any forall and exists quantifiers in expressions are allowed to use :extract_pattern and :extract_attribute attributes, as described above for lemmas.

    Some extracted expressions are simplified. For example, true && !!P is simplified to P.

    Soundness

    The Dafny program that is used as input for the extraction is treated like any other Dafny program. The intended usage of the extraction mechanism is to prove parts of the axiomatization in DafnyPrelude.bpl to be logically consistent. Whether or not the extracted Boogie declarations meet this goal depends on the given Dafny program. For example, if the given Dafny program formalizes sequences in terms of maps and formalizes maps in terms of sequences, then the extraction probably does not provide guarantees of consistency.
    (#5621)

  • Dafny-to-Rust: {:test} methods generate #[test] wrappers in Rust that can be invoked using cargo test.
    Similarly, {:rust_cfg_test} on modules generates a #[cfg(test)] in the resulting rust module.
    (#5676)

Bug fixes

  • Allow hiding instance members using a static reference

  • Enable using "hide *" in the context of a recursive function

  • Support for double constant initialization in Dafny-to-Rust (#5642)

  • Support for enumerating datatypes in the Rust backend (#5643)

  • Tail-Recursion for the Dafny-to-Rust compiler (#5647)

  • The new resolver (accessible using --type-system-refresh) can now handle revealing instance functions using a static receiver, as it is the case for the current resolver (#5760)

Dafny 4.8.0

29 Aug 14:10
Compare
Choose a tag to compare

New features

  • Introduce hide statements that enable hiding the body of a function at a particular proof location, which allows simplifying the verification of that proof in case the body of the function is not needed for the proof. Hide statements make the opaque keyword on functions obsolete. Requires --type-system-refresh (#5562)

  • Let the command measure-complexity output which verification tasks performed the worst in terms of resource count. Output looks like:

    Verification task on line 8 in file measure-complexity.dfy consumed 9984 resources
    Verification task on line 7 in file measure-complexity.dfy consumed 9065 resources
    

    (#5631)

  • Enable the option --enforce-determinism for the commands resolve and verify (#5632)

  • Method calls get an optional by-proof that hides the precondtion and its proof (#5662)

Bug fixes

  • Clarify error location of inlined is predicates. (#5587)

  • Optimize the compilation of single-LHS assignment statements to allow the RHS to be a deeply nested expression. This solves a problem in compiling to Java, since javac does not deal gracefully with nested lambda expressions. (#5589)

  • Crash when compiling an empty source file while including testing code (#5638)

  • Let the options --print-mode=NoGhostOrIncludes and --print-mode=NoIncludes work (#5645)

  • Verification in the IDE now works correctly when declaring nested module in a different file than their parent. (#5650)

  • Fix NRE that would occur when using --legacy-data-constructors (#5655)

Dafny 4.7.0

26 Jun 22:16
Compare
Choose a tag to compare

New features

  • Add the option --find-project that given a Dafny file traverses up the file tree until it finds a Dafny project that includes that path. This is useful when developing a particular file and doing CLI invocations as part of your development workflow.

  • Improved error reporting when verification times out or runs out of resources, so that when using --isolate-assertions, the error message points to the problematic assertion. (#5281)

  • Support newtypes based on map and imap (#5175)

  • To enable smoothly working with multiple projects inside a single repository, Dafny now allows using a Dafny project file as an argument to --library. When using dafny verify, Dafny ensures that any dependencies specified through a project are verified as well, unless using the flag --dont-verify-dependencies. (#5297)

  • Experimental Dafny-to-Rust compiler development

    • Supports emitting code even if malformed with option --emit-uncompilable-code.
    • Supports for immutable collections and operators
      (#5081)
  • Allow for plugins to add custom request handlers to the language server. (#5161)

  • Deprecated the unicode-char option (#5302)

  • Warn when passing a Dafny source file to --library (#5313)

  • Add support for "translation records", which record the options used when translating library code.

    • --translation-record - Provides a .dtr file from a previous translation of library code. Can be specified multiple times.
    • --translation-record-output - Customizes where to write the translation record for the current translation. Defaults to the output directory.
      Providing translation records is necessary to handle options such as --outer-module that affect how code is translated.
      (#5346)
  • The new decreases to expression makes it possible to write an explicit assertion equivalent to the internal check Dafny does to prove that a loop or recursive call terminates. (#5367)

  • The new assigned expression makes it possible to explicitly assert that a variable, constant, out-parameter, or object field is definitely assigned. (#5501)

  • Greatly reduced the size of generated code for the backends: C#, Python, GoLang and JavaScript.

  • Introduce additional warnings that previously only appeared when running the dafny audit command. Two warnings are as follows:

    • Emit a warning when exporting a declaration that has requires clauses or subset type inputs
    • Emit a warning when importing a declaration that has ensures clauses or subset type outputs
      Those two can be silenced with the flag --allow-external-contracts. A third new warning occurs when using bodyless functions marked with {:extern}, and can be silenced using the option --allow-external-function.
  • Enable project files to specify another project file as a base, which copies all configuration from that base file. More information can be found in the reference manual.

Bug fixes

  • Fix a common memory leak that occurred when doing verification in the IDE that could easily consume gigabytes of memory.

  • Fix bugs that could cause the IDE to become unresponsive

  • Improve the performance of the Dafny IDE by fixing bugs in its caching code

  • No longer reuse SMT solver processes between different document version when using the IDE, making the IDE verification behavior more inline to that of the CLI

  • Fix bugs that caused Dafny IDE internal errors (#5355, #5543, #5548)

  • Fix bugs in the Dafny IDEs code navigation and renaming features when working with definition that are not referred to.

  • Fix a code navigation bug that could occur when navigating to and from module imports

  • Fix a code navigation bug that could occur when navigating to and from explicit types of variables
    (#5419)

  • Let the IDE no longer show diagnostics for projects for which all files have been closed (#5437)

  • Fix bug that could lead to an unresponsive IDE when working with project files (#5444)

  • Fix bugs in Dafny library files that could cause them not to work with certain option values, such as --function-syntax=3

  • Fix a bug that prevented building Dafny libraries for Dafny projects that could verify without errors.

  • Reserved module identifiers correctly escaped in GoLang (#4181)

  • Fix a soundness issue that could be triggered by calling ensures fresh in the post-condition of a constructor (#4700)

  • Ability to cast a datatype to its trait when overriding functions (#4823)

  • Fix crash that could occur when using a constructor in a match pattern where a tuple was expected (#4860)

  • No longer emit an incorrect internal error while waiting for verification message (#5209)

  • More helpful error messages when read fields not mentioned in reads clauses (#5262)

  • Check datatype constructors for bad type-parameter instantiations (#5278)

  • Avoid name clashes with Go built-in modules (#5283)

  • Invalid Python code for nested set and map comprehensions (#5287)

  • Stop incorrectly emitting the error message "Dafny encountered an internal error while waiting for this symbol to verify" (#5295)

  • Rename the dafny generate-tests option --coverage-report to --expected-coverage-report (#5301)

  • Stop giving an incorrect warning about a missing {:axiom} clause on an opaque constant. (#5306)

  • No new resolver crash when datatype update expressions are partially resolved (#5331)

  • Optional pre-type won't cause a crash anymore (#5369)

  • Unguarded enumeration of bound variables in set and map comprehensions (#5402)

  • Reference the correct this after removing the tail call of a function or method (#5474)

  • Apply name mangling to datatype names in Python more often (#5476)

  • Only guard this when eliminating tail calls, if possible (#5524)

  • Compiled disjunctive nested pattern matching no longer crashing (#5572)

Dafny 4.6.0

28 Mar 17:49
Compare
Choose a tag to compare

New features

  • Add a check to dafny run that notifies the user when a value that was parsed as a user program argument, and which occurs before a -- token, starts with --, since this indicates they probably mistyped a Dafny option name. (#5097)

  • Add an option --progress that can be used to track the progress of verification. (#5150)

  • Add the attribute {:isolate_assertions}, which does the same as {:vcs_split_on_every_assert}. Deprecated {:vcs_split_on_every_assert} (#5247)

Bug fixes

  • (soundness issue) Twostate predicate now check if their not new arguments are allocated in the previous heap (#4844)

  • Add uniform checking of type characteristics in refinement modules (#5146)

  • Fixed links associated with the standard libraries. (#5176)

  • fix: Disable the "erase datatype wrappers" optimization if the datatype implements any traits.
    feat: Allow the "erase datatype wrappers" optimization if the only fields in the datatype are ghost fields.
    (#5234)

  • Fix the default string value emitted for JavaScript (#5239)

Dafny 4.5.0

16 Mar 01:33
Compare
Choose a tag to compare

New features

  • Add the option --include-test-runner to dafny translate, to enable getting the same result as dafny test when doing manual compilation. (#3818)

    • Fix: verification in the IDE no longer fails for iterators
    • Fix: the IDE now provides feedback when verification fails to run, for example due to a bad solver path
    • Fix: let the IDE correctly use the solver-path option when it's specified in a project file
    • Feat: improve the order of verification diagnostics emitted by the Dafny CLI, so that they now always follow the line order of the program.
      (#4798)
    • Add an option --filter-position to the dafny verify command. The option filters what gets verified based on a source location. The location is specified as a file path suffix, optionally followed by a colon and a line number. For example, dafny verify dfyconfig.toml --filter-position=source1.dfy:5 will only verify things that range over line 5 in the file source1.dfy. In combination with ``--isolate-assertions, individual assertions can be verified by filtering on the line that contains them. When processing a single file, the filename can be skipped, for example: dafny verify MyFile.dfy --filter-position=:23`
    • Add an option --filter-symbol to the dafny verify command, that only verifies symbols whose fully qualified name contains the given argument. For example, dafny verify dfyconfig.toml --filter-symbol=MyModule will verify everything inside MyModule.
    • The option --boogie-filter has been removed in favor of --filter-symbol
      (#4816)
  • Add a json format to those supported by --log-format and /verificationLogger, for producing thorough, machine readable logs of verification results. (#4951)

    • Flip the behavior of --warn-deprecation and change the name to --allow-deprecation, so the default is now false, which is standard for boolean options.
    • When using --allow-deprecation, deprecated code is shown using tooltips in the IDE, and on the CLI when using --show-tooltips.
    • Replace the option --warn-as-error with the option --allow-warnings. The new option, when false, the default value, causes Dafny to stop generating executable output and return a failure exit code, when warnings occur in the program. Contrary to the previous --warn-as-error option, warnings are always reported as warnings.
      • During development, users must use dafny run --allow-warnings if they want to run their Dafny code when it contains warnings.
      • If users have builds that were passing with warnings, they have to add --allow-warnings to allow them to still pass.
      • If users upgrade to a new Dafny version, and are not using --allow-warnings, and do not want to migrate off of deprecated features, they will have to use --allow-deprecation.
    • When using the legacy CLI, the option /warningsAsErrors now has the behavior of --allow-warnings=false
    • A doo file that was created using --allow-warnings causes a warning if used by a consumer that does not use it.
      (#4971)
  • The new {:contradiction} attribute can be placed on an assert statement to indicate that it forms part of an intentional proof by contradiction and therefore shouldn't be warned about when --warn-contradictory-assumptions is turned on. (#5001)

  • Function and method parameters and return types, and datatype constructor arguments, can now have attributes. By default, there are no attributes that Dafny recognizes in these positions, but custom back-ends can use this feature to get extra information from the source files. (#5032)

  • Under the CLI option --general-newtypes, the base type of a newtype declaration can now be (int or real, as before, or) bool, char, or a bitvector type.

    as and is expressions now support more types than before. In addition, run-time type tests are supported for is expressions, provided type parameters are injective (as was already required) and provided the constraints of any subset type or newtype is compilable. Note, although both as and is allow many more useful cases than before, using --general-newtypes will also forbid some unusual cases that were previously allowed. Any such case that is now forbidden can still be done by doing the as/is via int.
    (#5061)

  • Allow newtype declarations to be based on set/iset/multiset/seq. (#5133)

Bug fixes

  • Fixed crash caused by cycle in type declaration (#4471)

  • Fix resolution of unary minus in new resolver (#4737)

  • The command line and the language server now use the same counterexample-related Z3 options. (#4792)

  • Dafny no longer crashes when required parameters occur after optional ones. (#4809)

  • Use defensive coding to prevent a crash in the IDE that could occur in the context of code actions. (#4818)

  • Fix null-pointer problem in new resolver (#4875)

  • Fixed a crash that could occur when a case body of a match that was inside a loop, had a continue or break statement. (#4894)

  • Compile run-time constraint checks for newtypes in comprehensions (#4919)

  • Fix null dereference in constant-folding invalid string-indexing expressions (#4921)

  • Check for correct usage of type characteristics in specifications and other places where they were missing.

    This fix will cause build breaks for programs with missing type characteristics (like (!new) and (0)). Any such error message is accompanied with a hint about what type characterics need to be added where.
    (#4928)

  • Initialize additional fields in the AST (#4930)

  • Fix crash when a function/method with a specification is overridden in an abstract type. (#4954)

  • Fix crash for lookup of non-existing member in new resolver (#4955)

  • Fix: check that subset-type variable's type is determined (resolver refresh).
    Fix crash in verifier when there was a previous error in determining subset-type/newtype base type.
    Fix crash in verifier when a subset type has no explicit witness clause and has a non-reference trait as its base type.
    (#4956)

  • The {:rlimit N} attribute, which multiplied N by 1000 before sending it to Z3, is deprecated in favor of the {:resource_limit N} attribute, which can accept string arguments with exponential notation for brevity. The --resource-limit and /rlimit flags also now omit the multiplication, and the former allows exponential notation. (#4975)

  • Allow a datatype to depend on traits without being told "datatype has no instances" (#4997)

  • Don't consider := * to be a definite assignment for non-ghost variables of a (00) type (#5024)

  • Detect the same ghost usage in initializing assignments as in other expressions. The effect of this fix is to allow more iset/imap comprehensions to be compiled.

    Also, report errors if the LHS of := in compiled map/imap comprehensions contains ghosts.
    (#5041)

  • Escape names of nested modules in C# and Java (#5049)

  • A parent trait that is a reference type can now be named via import opened.

    Implicit conversions between a datatype and its parent traits no longer crashes the verifier.

    (Dis)equality expressions of a (co)datatype and its parent traits no longer crashes the verifier.
    (#5058)

  • Fixed support for newtypes as sequence comprehension lengths in Java (#5065)

  • Don't emit an error message for a function-by-method with unused type parameters. (#5068)

  • The syntax of a predicate definition must always include parentheses. (#5069)

  • Termination override check for certain non-reference trait implementations (#5087)

  • Malformed Python code for some functions involving lambdas (#5093)

  • Let verifier understand opaque function overrides, supporting both when the overridden function is opaque and non-opaque. Revealing such a function for one overriding type has the effect of revealing it for all overriding types.

    Also, forbid the case where a function is opaque in a parent trait and the function override is not opaque. (Previously, this had caused a crash.)
    (#5111)

Dafny 4.4.0

12 Dec 19:41
Compare
Choose a tag to compare

New features

  • Reads clauses on method declarations are now supported when the --reads-clauses-on-methods option is provided.
    The {:concurrent} attribute now verifies that the reads and modifies clauses are empty instead of generating an auditor warning.
    (#4440)

  • Added two new options, --warn-contradictory-assumptions and --warn-redundant-assumptions, to detect potential problems with specifications that indicate that successful verification may be misleading. These options are currently hidden because they may occasionally produce false positives in cases where proofs are so trivial that the solver never does work on them. (#4542)

  • Verification of the {:concurrent} attribute on methods now allows non-empty reads and modifies clauses with the {:assume_concurrent} attribute. (#4563)

  • Implemented support for workspace/symbol request to allow IDE navigation by symbol. (#4619)

  • The new --verification-coverage-report flag to dafny verify creates an HTML report highlighting which portions of the program were and were not necessary for verification. The format is the same as for dafny generate-tests --coverage-report and files from the two commands can be merged. (#4625)

  • Built-in types such as the nat subset type, tuples, arrows, and arrays are now pre-compiled into each backend's runtime library,
    instead of emitted on every call to dafny translate, to avoid potential duplicate definitions when translating components separately.
    (#4658)

  • The new --only-label option to merge-coverage-reports includes only one category of highlighting in the output. For example, merging coverage reports from test generation and verification using the option --only-label NotCovered will highlight only the regions not covered by either testing or verification. (#4673)

  • The Dafny distribution now includes standard libraries, available with the --standard-libraries option.
    See https://github.com/dafny-lang/dafny/blob/master/Source/DafnyStandardLibraries/README.md for details.
    (#4678)

  • Introduce replaceable modules, which can be used to help define Dafny applications that translate to multiple target languages. (#4681)

  • The new --coverage-report flag to dafny run and dafny test creates an HTML report highlighting which portions of the program were executed at runtime. (#4755)

  • Enable turning nonlinear arithmetic on or off on a per-module basis, using the attribute {:disable-nonlinear-arithmetic},
    which optionally takes the value false to enable nonlinear arithmetic.
    (#4773)

  • Let the IDE provide code navigation in situations where the program parses but has resolution errors. Note that this only works for modules whose dependency tree does not have errors, or modules who contain errors themselves, but not for modules whose dependencies contain errors. (#4855)

Bug fixes

  • Ensures that computing the set of values or items of map can only be done if the type of the range supports equality. (#1373)

  • Subset type decl's witness correctly taken into account (#3792)

  • Added a comprehensive test for test generation and fixed a bug that prevented test generation to process function-by-method declarations (#4406)

  • Optimized memory consumption of test generation by reusing the Boogie AST of the target Dafny program. (#4530)

  • Fix a bug that prevented certain types of lemma to be verified in the IDE (#4607)

  • Dot completion now works on values the type of which is a type synonym. (#4635)

  • Fix a case where the document symbol API would return incorrect data when working on a file with parse errors (#4675)

  • Emit less nested target code in match-case expressions (nice for readability, and necessary for Java) (#4683)

  • Ghost diagnostics are now correctly updated when they become empty (#4693)

  • Enable verification options that are configured in a Dafny project file, to be picked up by the Dafny language server (#4703)

  • Prevent double-counting of covered/uncovered lines in test coverage reports (#4710)

  • fix: correction of type inference for default expressions (#4724)

  • The new type checker now also supports static reveals for instance functions (#4733)

  • Resolve :- expressions with void outcomes in new resolver (#4734)

  • Crash in the resolver on type parameters of opaque functions in refined modules (#4768)

  • Fix error messages being printed after their context snippets (#4787)

  • Override checks no longer crashing when substituting type parameters and equality (#4812)

  • Removed one cause of need for restarting the IDE. (#4833)

  • The Python compiler emits reserved names for datatypes (#4843)

Dafny 4.3.0

28 Sep 22:30
Compare
Choose a tag to compare

New features

  • Add support for the Find References LSP request

    • Returned references may be incomplete when not using project mode
      (#2320)
  • Improve scalability of inlining for test generation and generate coverage information with respect to the original Dafny source (#4255)

  • Support generating of tests targeting path-coverage of the entire program and tests targeting call-graph-sensitive block coverage (referred to as Branch coverage) (#4326)

  • Add support for Rename LSP request

    • Support requires enabling project mode and defining a Dafny project file
      (#4365)
  • Make verification in the IDE more responsive by starting verification after translating the required module to Boogie, instead of first translating all modules that could be verified. (#4378)

  • The Dafny IDE now has improved behavior when working with a Dafny file that's part of a Dafny project. A Dafny file is part of a project if a dfyconfig.toml can be found somewhere in the file's path hierarchy, such as in the same folder or in the parent folder. A dfyconfig.toml can specify which Dafny options to use for that project, and can specify which Dafny files are part of the project. By default, the project will include all .dfy files reachable from the folder in which the dfyconfig.toml resides. Project related features of the IDE are:

    • Whenever one file in the project is opened, diagnostics for all files in the Dafny project are shown. When including a file with errors that's part of the same project, the message "the included file contains errors" is no longer shown. Instead, the included file's errors are shown directly.
    • If any file in the project is changed, diagnostics for all files in the project are updated. Without a project, changing an included file will not update diagnostics for the including file until the including file is also changed.
    • The find references feature (also added in this release), works better in files that are part of a project, since only then can it find references that are inside files that include the current file.
    • The assisted rename feature (also added in this release), only works for files that are part of a project.
    • When using a project file, it is no longer necessary to use include directives. In the previous version of Dafny, it was already the case that the Dafny CLI, when passed a Dafny project file, does not require include directives to process the Dafny program. The same now holds for the Dafny IDE when working with Dafny files for which a project file can be found.
    • If any file in the project is resolved, all files in the project are resolved. Opening a file in a project that's already resolved means the opened file is resolved instantly.
    • The IDE's memory consumption stays the same regardless of how many files in a project are opened. Without a project, the IDE increases it's memory usage for each open file.

    Try out the IDE's project support now by creating an empty dfyconfig.toml file in the root of your project repository.
    (#4435)

  • Prior to generating tests, Dafny now checks the targeted program for any features that test generation does not support or any misuse of test generation specific attributes.
    Any such issues are reported to the user.
    (#4444)

  • Added documentation of the generate-tests command to the reference manual (#4445)

  • When two modules in the same scope have the same name, Dafny now reports an error that contains the location of both modules. (#4499)

    • The Dafny IDE will now report errors that occur in project files.
    • The Dafny IDE will now shown a hint diagnostic at the top of Dafny project files, that says which files are referenced by the project.
      (#4539)

Bug fixes

  • Triggers warnings correclty converted into errors with --warn-as-errors (#3358)

  • Allow JavaScript keywords as names of Dafny modules (#4243)

  • Support odd characters in pathnames for Go (#4257)

  • Allow Dafny filenames compiled to Java to start with a digit (#4258)

  • Parser now supports files with a lot of consecutive single-line comments (#4261)

  • Gutter icons more robust (#4287)

  • Unresolved abstract imports no longer crash the resolver (#4298)

  • Make capitalization of target Go code consistent (#4310)

  • Refining an abstract module with a class with an opaque function no longer crashes (#4315)

  • Dafny can now produce coverage reports indicating which parts of the program are expected to be covered by automatically generated tests.
    The same functionality can be used to report other forms of coverage.
    (#4325)

  • Fix issue that would prevent the IDE from correctly handling default export sets (#4328)

  • Allow function-syntax and other options with a custom default to be overridden in dfyconfig.toml (#4357)

  • There were two differences between verification in the IDE and the CLI, one small and one tiny, which would only become apparent for proofs that Z3 had trouble verifying. The small difference has been resolved, while the tiny one still persists, so the IDE and CLI should behave almost equivalently now, including resource counts, on most code. (#4374)

  • Old command line interface for test generation is no longer supported, all calls should use dafny generate-tests (#4385)

  • Fixed a bug leading to stack overflow during counterexample extraction on some programs. (#4392)

  • Ability to use .Key as a constant name in datatypes and classes (#4394)

  • Existential assertions are now printed correctly (#4401)

  • When a symbol such as a method is not given a name, the error given by Dafny now shows where this problem occurs. (#4411)

  • Fix flickering and incorrect results in the verification status bar, and improve responsiveness of verification diagnostics (#4413)

  • Significantly improve IDE responsiveness for large projects, preventing it from appearing unresponsive or incorrect. Previously, for projects of a certain size, the IDE would not be able to keep up with incoming changes made by the user, possibly causing it to never catch up and appearing frozen or showing outdated results. (#4419)

  • Declarations with {:only} ensure that other declarations aren't displayed as verified in the gutter icons (#4432)

  • Fix issues that could cause the IDE status bar to show incorrect information (#4454)

  • When verification times out, only show a red underline on the name of the verifiable for which verification timed out, instead of under its whole definition. (#4477)

  • Prevent the IDE from becoming completely unresponsive after certain kinds of parse errors would occur. (#4495)

  • Support all types of options in the Dafny project file (dfyconfig.toml) (#4506)

  • Fix an issue that would cause some types of errors and other diagnostics not to appear in the IDE, if they appeared in files other than the active one. (#4513)

  • Fix an IDE issue that would lead to exceptions when using module export declarations and making edits in imported modules that were re-exported (#4556)

  • Fix a leak in the IDE that would cause it to become less responsive over time. (#4570)