Developing verified programs with Dafny

Reasoning about programs is a fundamental skill that every software engineer needs. This tutorial provides participants an opportunity to get hands-on experience with Dafny, a tool that can help develop this skill. Dafny is a programming language and state-of-the-art program verifier. The language is type-safe and sequential, and it includes common imperative features, dynamic object allocation, and inductive datatypes. It also includes specification constructs like pre- and postconditions, which let a programmer record the intended behavior of the program along with the executable code that is supposed to cause that behavior. Because the Dafny verifier runs continuously in the background, the consistency of a program and its specifications is always enforced. In this tutorial, I give a taste of how to use Dafny in program development. This includes an overview of Dafny, basics of writing specifications, how to debug verification attempts, and how to formulate and prove lemmas. Dafny has been used to verify a number of challenging algorithms, including Schorr-Waite graph marking, Floyd's ``tortoise and hare'' cycle-detection algorithm, and snapshotable trees with iterators. Dafny is also being used in teaching, with over 100,000 program-verification attempts submitted to the online version of the tool. Dafny was a popular choice in the VSTTE 2012 program verification competition, where two of the Dafny teams were among the competition's 6 medalists. Its open-source implementation has also been used as a foundation for other verification tools. More information is found from the Dafny project page, http://research.microsoft.com/dafny and in the references below. Binary downloads and sources are available from http://dafny.codeplex.com. The tool can also be run on the web at http://rise4fun.com/dafny, where there is an online version of the tutorial.