-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
list.forall and proofs #64
Comments
import stainless.collection._
import stainless.lang._
import scala.Any
import stainless.annotation._
import stainless.proof._
import stainless.util.Random
object Scheduler {
case class SharedState(val ready:List[BigInt], val procs:BigInt => BigInt);
def updateProc(s:SharedState, u:BigInt, p:BigInt)(id:BigInt):BigInt = {
if (id == u) p else s.procs(id)
}
def updateProcLemma(s:SharedState, l:List[BigInt], u:BigInt, p:BigInt):Boolean = {
l.forall(t => if(t != u) s.procs(t) == updateProc(s, u, p)(t) else true)
}
def test(s:SharedState, u:BigInt, p:BigInt):Boolean = {
require(updateProcLemma(s, s.ready, u, p))
var res = new SharedState(
s.ready,
updateProc(s, u, p)
);
//s.ready.forall(t => if(t != u) s.procs(t) == updateProc(s, u, p)(t) else true) // ok
s.ready.forall(t => if(t != u) s.procs(t) == res.procs(t) else true) // ko
}.holds;
} Simple example. Is there a way to prove the last line? :) |
I think this is related to the way equality of lambdas is treated in Stainless. I've simplified the example to highlight the issue, and give a possible workaround. About List.forall, I don't think it gets a particular treatment. Forall is a construct defined outside the This workaround is not very pretty, but it works! import stainless.collection._
import stainless.lang._
import stainless.annotation._
object Scheduler {
case class SharedState(val procs: BigInt => BigInt)
@induct
def lemma(l: List[BigInt], f: BigInt => BigInt) = {
require(l.forall(t => t == 0) && forall((x: BigInt) => f(x) == 0))
l.forall(t => t == f(t))
} holds
def test(s:SharedState, ready: List[BigInt]) = {
require(ready.forall(t => t == 0))
val res = new SharedState(_ => 0)
assert(((t: BigInt) => t == 0) != ((t: BigInt) => t == res.procs(t))) // ok
assert(ready.forall(t => t == 0)) // ok
assert(lemma(ready, res.procs)) // ok
assert(ready.forall(t => t == res.procs(t))) // ko without the lemma at the previous line
}
} |
val res = new SharedState(_ => 0)
assert(((t: BigInt) => t == 0) != ((t: BigInt) => t == res.procs(t))) // ok That is a bit strange :) Is there any reason why this is the desirable behaviour? It seems to me that the assert should return false here? Thanks for the explanations! |
Yes I agree; I think this is related to the discussion #62, |
The initial example is now proved equal given some new normalizations in epfl-lara/inox@bc386af |
Stainless is not able to prove the last line. It seems to me that this is a direct search & replace of the content of updateProcLemma. Is there any reason for that?
Sorry if this has been mentioned somewhere else. I remember having read somewhere that the forall() quantifier was treated as a black box, but is list.forall the same?
The text was updated successfully, but these errors were encountered: