Comments (3)
This is now substantially improved using the with ... assert
construct. See https://github.com/FStarLang/steel/blob/main/share/steel/examples/pulse/bug-reports/ExistsWitness.fst
A short description:
Assert with binders
fn sample6 (x0:R.ref int) (x1:R.ref bool)
requires exists p0 p1 v0 v1. R.pts_to x0 p0 v0 ** R.pts_to x1 p1 v1
ensures emp
{
with p0 p1 v0 v1.
assert R.pts_to x0 p0 v0 ** R.pts_to x1 p1 v1;
drop (R.pts_to x0 p0 v0);
drop (R.pts_to x1 p1 v1);
()
}
with bs. assert p allows you to write an assertion while binding the variables in the continuation. The checker finds instantiations in the context for these binders. It gives you a way to "get your hands" on existentially bound variables.
from steel.
I'm keeping the issue open since there is still an example that fails related to the handling of reveal/hide and the perm type.
from steel.
This is now fixed with f888fc8
The problem was the Pulse was now respecting the smt_fallback attribute. So, it would refuse to equate R.pts_to x p v
and R.pts_to x q v
even if p
and q
are provably equal.
From the code comment:
When comparing t0 =?= t1, if they are not syntactically equal, we
have to decide whether or not we should fire an SMT query to compare
them for provable equality.
The criterion is as follows:
- We allow an SMT query if either t0 or t1 is "equational". For now, that means
that either is a match expression. - Otherwise, if they are both applications of
f v0...vn
andf u0...un
of the same head symbolf
, a top-level constant, then we check if the
type off
decorates any of its binders with thesmt_fallback
attribute.- If none of them are marked as such,
then we check iff v0...
is syntactically equal tof u0...
and allow an SMT query to check if vn = vm. That is, the default behavior
for predicates is that they last argument is eligible for SMT equality. - Otherwise, for each binder that is NOT marked as
smt_fallback
, we check
if the corresponding argument is syntactically equal. If so, we allow
t0 and t1 to be compared for SMT equality.
For example, Steel.ST.Reference.pts_to is defined like so:
/// For instance, [pts_to r (sum_perm (half_perm p) (half_perm p)) (v + 1)]
/// is unifiable with [pts_to r p (1 + v)]
val pts_to (#a:Type0)
(r:ref a)
([@@@smt_fallback] p:perm)
([@@@smt_fallback] v:a)
: vprop
- If none of them are marked as such,
from steel.
Related Issues (20)
- Unresolved uvar error on just using an unresolved identifier HOT 1
- Bad error localization on simple typing error HOT 1
- Inferring implicits arguments in return position (and error localization)
- Allow F* type abbreviations for Pulse function types (feature request) HOT 1
- Interpret `**` on both sides of `@==>` to allow inferring implicit arguments to stick lemmas HOT 1
- Inferred reveal is incorrectly accepted HOT 1
- "Unary transform" raises some typechecker problems HOT 4
- Eliminating pure underneath an exists* HOT 1
- Meta issue for syntax improvements in Pulse HOT 1
- Recursive calls fail to infer HOT 1
- Ghost, Unobservable, Atomic
- Stack references are freeable
- Bad error messages HOT 2
- admit seems to affect code before it HOT 1
- Calling lemmas in ghost code
- Make `inv` complete on its domain?
- Imprecise logical context in the match branch (cannot prove that the scrutinee is not a data constructor that is matched before this branch) HOT 1
- Incorrect joining of match branches allows masking invariant openings
- 'could not prove uvar' when there is existential in post HOT 1
- Crash when last two implicit arguments have dependency
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from steel.