Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consolidation of expect/assume/ensures/assert #836

Open
davidcok opened this issue Aug 27, 2020 · 0 comments
Open

Consolidation of expect/assume/ensures/assert #836

davidcok opened this issue Aug 27, 2020 · 0 comments
Labels
area: ffi The {:extern} attribute and otherwise interfacing with code in other languages kind: enhancement Enhancements, feature requests, etc. These are NOT bugs, but ways we can improve Dafny misc: cleanup Cleanups in the implementation or in corners of the language

Comments

@davidcok
Copy link
Collaborator

A use case for expect is to insert runtime checks for extern functions that have no verifiable implementation.

Instead of this boilerplate:

method {:extern} Random(limit: nat) returns (n: int)

method Random’(limit: nat) returns (n: int)
  ensures 0 <= n < limit
{
  n := Random(n);
  expect 0 <= n < limit;
}

just allow writing

method {:extern} Random(limit: nat) returns (n: int)
   expect 0 <= n < limit

or

method {:extern} Random(limit: nat) returns (n: int)
   ensures {:check} 0 <= n < limit

Similarly, expect could be just assume {:check}, which gives a visual reminder that statically,
an expect is an assume and has soundness implications. As it is I think that expect is a dangerous way to insert run-time checks -- I prefer that it not have the static semantics of assume. It would be better to have a halt P statement which halts if P is true, with the static semantics of an assert: the verifier attempts to prove that the halt can never happen.

Note that the compiler warns about any assume statements that are being compiled. So it should correspondingly warn about expect statements that are being compiled -- but that is the point of an expect statement -- so... it should not have assume semantics.
@davidcok davidcok added this to the Post 3.0 milestone Sep 10, 2020
@keyboardDrummer keyboardDrummer added misc: cleanup Cleanups in the implementation or in corners of the language area: ffi The {:extern} attribute and otherwise interfacing with code in other languages labels Jul 19, 2021
@robin-aws robin-aws added the kind: enhancement Enhancements, feature requests, etc. These are NOT bugs, but ways we can improve Dafny label Sep 22, 2021
@robin-aws robin-aws removed this from the Post 3.1 milestone Sep 22, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area: ffi The {:extern} attribute and otherwise interfacing with code in other languages kind: enhancement Enhancements, feature requests, etc. These are NOT bugs, but ways we can improve Dafny misc: cleanup Cleanups in the implementation or in corners of the language
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@keyboardDrummer @davidcok @robin-aws