Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

assert(multiset(arr[..]) == multiset(arr[..arr.Length])) fails! #4184

Open
btwael opened this issue Jun 15, 2023 · 2 comments · Fixed by #4194 · May be fixed by #4195
Open

assert(multiset(arr[..]) == multiset(arr[..arr.Length])) fails! #4184

btwael opened this issue Jun 15, 2023 · 2 comments · Fixed by #4194 · May be fixed by #4195
Labels
has-workaround: yes There is a known workaround incompleteness Things that Dafny should be able to prove, but can't kind: bug Crashes, unsoundness, incorrect output, etc. If possible, add a `part:` label

Comments

@btwael
Copy link

btwael commented Jun 15, 2023

Dafny version

4.1.0

Code to produce this issue

method main() {
  var arr: array<int>;
  assert(multiset(arr[..]) == multiset(arr[..arr.Length]));
}

Command to run and resulting output

No response

What happened?

The assertion cannot be proven correct which make it more difficult to specify and verify certain type of programs (e.g. array merge).

What type of operating system are you experiencing the problem on?

Mac
@btwael btwael added the kind: bug Crashes, unsoundness, incorrect output, etc. If possible, add a `part:` label label Jun 15, 2023
@MikaelMayer
Copy link
Member

Add assert arr[..] == arr[..arr.Length]; before and verification will pass.
I don't have a good answer why it does not pass. I just know that

arr[..] is translated into Seq#FromArray(arr)
whereas
arr[..arr.Length] is translated into Seq#Take(Seq#FromArray(arr), _System.array.Length(arr))
and there is no axiom that can be automatically instantiated that says
Seq#Take(x, Seq#Length(x)) == x
although there might be other mechanisms that can help prove this.

@MikaelMayer MikaelMayer added incompleteness Things that Dafny should be able to prove, but can't has-workaround: yes There is a known workaround labels Jun 16, 2023
btwael added a commit to btwael/dafny that referenced this issue Jun 16, 2023
@btwael
Add the axiom stating that Seq#Take(s, Seq#Length(s)) == s) for all…
56b615b 
… `s`

A trivial axiom that will help to deduce  that "multiset(arr[..]) == multiset(arr[..arr.Length])" for any array `arr`. (fix dafny-lang#4184 )

<small>By submitting this pull request, I confirm that my contribution
is made under the terms of the [MIT
license](https://github.com/dafny-lang/dafny/blob/master/LICENSE.txt).</small>
@btwael btwael mentioned this issue Jun 16, 2023
Merged
@btwael
Copy link
Author

btwael commented Jun 16, 2023

Hey @MikaelMayer, I'm aware of the workaround and thank you for explaining how things work in the background. With a small search, I added the axiom to the prelude and it helped in more sophisticated example.

MikaelMayer pushed a commit that referenced this issue Jun 19, 2023
@btwael
Add the axiom stating that Seq#Take(s, Seq#Length(s)) == s) for all…
862e5f7 
… sequence `s` (#4194)

A trivial axiom stating `Seq#Take(s, Seq#Length(s)) == s)` for all
sequence `s`. This will help deducing automatically and without using
any workaround that "multiset(arr[..]) == multiset(arr[..arr.Length])"
for any array `arr`.

Fixes #4184

<small>By submitting this pull request, I confirm that my contribution
is made under the terms of the [MIT
license](https://github.com/dafny-lang/dafny/blob/master/LICENSE.txt).</small>
@MikaelMayer MikaelMayer linked a pull request Jun 19, 2023 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
has-workaround: yes There is a known workaround incompleteness Things that Dafny should be able to prove, but can't kind: bug Crashes, unsoundness, incorrect output, etc. If possible, add a `part:` label
Projects
None yet
Milestone
No milestone
2 participants
@btwael @MikaelMayer