What does forall v :: v in vals ==> false evaluate to if vals is non-empty?

Question

What does forall v :: v in vals ==> false evaluate to if vals is non-empty? Should it be false? I’m having some problem proving the last assertion in Dafny.

assert vals != [];
assert MatchingResult() == (forall v :: v in vals ==> false);
assert !MatchingResult();

Answer

The problem here is the trigger on the quantification expression. Dafny sees the forall quantifier but uses it only when there is a v in vals fact in the context for some v (this is what the annotation on the forall in the VSCode IDE means: Selected triggers: {v in vals}). So until you give it a concrete fact to “trigger” on, it doesn’t use your quantifier.

It is not recommended that users insert triggers in their Dafny code. Rather, it is better to reorganize the quantification expressions to make the desired trigger more obvious to the Dafny tool. Here are two references that explain triggers in more detail:

A wiki page on triggers
Pages 2–4 of this paper