Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: subset type for maps fails to verify overriden key/value pairs #3059

Closed
MikaelMayer opened this issue Nov 15, 2022 · 3 comments · Fixed by #3060
Closed

[Bug]: subset type for maps fails to verify overriden key/value pairs #3059

MikaelMayer opened this issue Nov 15, 2022 · 3 comments · Fixed by #3060
Assignees
@MikaelMayer
Labels
during 3: execution of incorrect program An bug in the verifier that allows Dafny to run a program that does not correctly implement its spec kind: bug Crashes, unsoundness, incorrect output, etc. If possible, add a `part:` label part: verifier Translation from Dafny to Boogie (translator)

Comments

@MikaelMayer
Copy link
Member

Dafny version

3.9.1

Code to produce this issue

type foo = m: map<int, int> | forall n <- m.Keys :: m[n] < 5

function addToFoo(m: foo): foo
  ensures false
{
  m[1 := 7]
}

Command to run and results

dafny verify problem

Dafny produces 1 verified and 0 error.

What happened?

It should have verified that m[1 := 7] does not have necessarily the same type as m itself.

What type of Operating System are you seeing the problem on?

Linux, Windows, Mac, WSL
@MikaelMayer MikaelMayer added during 3: execution of incorrect program An bug in the verifier that allows Dafny to run a program that does not correctly implement its spec kind: bug Crashes, unsoundness, incorrect output, etc. If possible, add a `part:` label part: verifier Translation from Dafny to Boogie (translator) labels Nov 15, 2022
@cpitclaudel
Copy link
Member

Two checks to add:

type seq0 = s: seq<int> | forall n <- s :: n == 0

function ReplaceInSeq0(s: seq0): seq0
  requires |s| > 0
  ensures false
{
  s[0 := 1]
}

type map0 = m: map<int, int> | forall k <- m :: m[k] == 0

function ReplaceInMap0(m: map0): map0
  requires 0 in m
  ensures false
{
  m[0 := 1]
}

The first one is already correctly rejected.

MikaelMayer added a commit that referenced this issue Nov 15, 2022
@MikaelMayer
Add test for issue #3059
25bb285
@MikaelMayer MikaelMayer mentioned this issue Nov 15, 2022
Merged
@robin-aws
Copy link
Member

Fix should be similar to #2059

@robin-aws robin-aws assigned MikaelMayer and unassigned fabiomadge Nov 15, 2022
@MikaelMayer
Copy link
Member Author

Two checks to add:

type seq0 = s: seq<int> | forall n <- s :: n == 0

function ReplaceInSeq0(s: seq0): seq0
  requires |s| > 0
  ensures false
{
  s[0 := 1]
}

type map0 = m: map<int, int> | forall k <- m :: m[k] == 0

function ReplaceInMap0(m: map0): map0
  requires 0 in m
  ensures false
{
  m[0 := 1]
}

The first one is already correctly rejected.

I added these two examples to the PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MikaelMayer MikaelMayer

Labels
during 3: execution of incorrect program An bug in the verifier that allows Dafny to run a program that does not correctly implement its spec kind: bug Crashes, unsoundness, incorrect output, etc. If possible, add a `part:` label part: verifier Translation from Dafny to Boogie (translator)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix: Use correct type for map update expression dafny-lang/dafny
4 participants
@fabiomadge @MikaelMayer @cpitclaudel @robin-aws