Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integer multiplication errors #488

Open
echuber2 opened this issue Jan 10, 2020 · 2 comments
Open

Integer multiplication errors #488

echuber2 opened this issue Jan 10, 2020 · 2 comments
Labels
kind: bug Crashes, unsoundness, incorrect output, etc. If possible, add a `part:` label part: verifier Translation from Dafny to Boogie (translator)

Comments

@echuber2
Copy link

echuber2 commented Jan 10, 2020
edited
Loading

Edit: The anomalous assertion below was found by @nishantjr. I would not have poked around at it had he not mentioned it first.

This assertion highlights strange behavior that may be due to the issues with non-linear arithmetic in general, and I can't tell if it's expected behavior, or a bug in Dafny, or a bug in Boogie.

Input program test2.dfy:

method foo(n:int)
{
 assert(((n*(n+1))/2) + ((n*(n+1))/2) == (n*(n+1)));
}

Going to try it with Dafny 2.2.0.10923, which is just what I was able to run conveniently using this docker on Docker Hub: ssaavedra/dafny However, it also fails (without showing a counterexample) if I run it with a more recent version of Dafny.

I get an assertion failure and no matter what options I use, it seems like the counterexample is always due to a simple mistake in multiplication. Let me show some invocations and excerpted output.

dafny test2.dfy /traceverify /pretty:1 /printModel:4 /arith:2

This shows this:

Mul -> {
  513 514 -> 262657
  else -> 262657
}

Now note that 513*514 should be 263682. Instead, this seems to match this expression:

((513-1)*(514-1)) + 1

which is 262657. And that's what seems to be implied by Boogie, here:

https://github.com/boogie-org/boogie/blob/044e533713346840b55e53c33082911fd077d299/Source/AbsInt/IntervalDomain.cs#L898

(I'm not even sure what Boogie is trying to achieve with that bounding interval, to be honest.) So, is this a bug in Boogie, or is Dafny translating it to Boogie incorrectly?

If I run it like this instead:

dafny test2.dfy /traceverify /pretty:1 /printModel:4 /arith:4

Then I get this:

Mul -> {
  (- 3) (- 2) -> (- 25)
  else -> (- 25)
}

Another run:

dafny test2.dfy /traceverify /pretty:1 /printModel:4 /noNLarith

Output:

INTERNAL_mul_boogie -> {
  (- 25) (- 24) -> 1451
  else -> 1451
}

You can generate other weird examples by adding non-failing assertions before the one I included, which seems to change the numbers seeded a bit.

So, is this a bug in Dafny or in Boogie, or am I overlooking something simple? Or must one define a replacement function for multiplication that unrolls into addition?
@echuber2 echuber2 mentioned this issue Jan 10, 2020
Closed
@robin-aws robin-aws mentioned this issue Feb 12, 2020
Closed
@robin-aws robin-aws added kind: bug Crashes, unsoundness, incorrect output, etc. If possible, add a `part:` label part: verifier Translation from Dafny to Boogie (translator) labels Jun 23, 2020
@davidcok
Copy link
Collaborator

Confirmed this problem.

@acioc acioc added this to the Post 3.0 milestone Aug 20, 2020
@acioc
Copy link
Collaborator

acioc commented Aug 20, 2020

We will revisit this after we've updated Dafny to the latest version of boogie and z3.

@robin-aws robin-aws removed this from the Post 3.1 milestone Sep 22, 2021
@cdstanford cdstanford mentioned this issue May 25, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind: bug Crashes, unsoundness, incorrect output, etc. If possible, add a `part:` label part: verifier Translation from Dafny to Boogie (translator)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@acioc @davidcok @echuber2 @robin-aws