Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove preconditions from axioms [not yet ready for review] #1400

Open
wants to merge 39 commits into
base: master
Choose a base branch
from
Open

Remove preconditions from axioms [not yet ready for review] #1400

wants to merge 39 commits into from

Conversation

typerSniper
Copy link
Contributor

@typerSniper typerSniper commented Aug 27, 2021
edited
Loading

This is the PR for removing the preconditions from consequence and definition axioms. Its a work in progress with several more bugs still to fix. Please see the commit messages at from Aug 26-27 for each detail.

  1. By adding can calls to the post-condition of the function, we are able to perform induction : because we assume the canCall (and thus the consequence axiom) for every input != actual input. This with the decreases check for termination makes sure that this is sound (See FibWithExtraPost in dafny0/FunctionSpecifications.dfy)

  2. Cascading requires requires obligations can be avoided by canCall: performance + pruning (elaborate). Performance-wise it saves the solver from having to prove pre-conditions (in order to use consequence/definition axioms) repeatedly. Technically speaking, in order to prove a method/lemma/function, only the following functions are necessary:

      1. the functions mentioned (spec + implementation) in the method/lemma/function -- level 1
  2. the pre-conditions of level 1 functions -- level 2
  3. function-ensures-body*(level 1 + level 2)

    That is, everything reachable from the preconditions of level 2 can be safely pruned away. Once this PR works, this should happen automatically!

  3. The isA for case BinaryExpr.ResolvedOpcode.NeqCommon: only needs to be added when exactly one of e.E1 and e.E2 is both: a DatatypeValue and Nullary.

  4. This is a bit lazy but I didn't get time to check the following line in Translator.cs:
    var canCallImp = BplImp(canCallFunc, canCallOverridingFunc);
    Specifically, I am unsure of the order of arguments. This corresponds to giving can calls in the override axiom. The best way is to generate code and check it, which I should soon. But I'm semi-confident, this is correct as it is. A test for this seems important.

typerSniper and others added 30 commits June 8, 2021 18:14
@typerSniper
script for using a local boogie install, assumes that boogie sits at …
3a7dbdd 
…Source/boogie
@typerSniper
add all boogie-dependent dlls explicitly
83376f3
@typerSniper
Merge branch 'master' of https://github.com/typerSniper/dafny
87cb924
@typerSniper
use relative path instead
776a387
@RustanLeino
Merge branch 'master' into master
1e8a0de
@typerSniper
usecancall only
0e11b10
@typerSniper
Merge branch 'can-call' of https://github.com/typerSniper/dafny
3b56a16
@typerSniper
add canCall for lambdas
9b08cc2
@typerSniper
add can call to the requires clauses of functions
2d2bd6b
@typerSniper
Merge branch 'master' of https://github.com/dafny-lang/dafny into rem…
a04e7b0 
…ove-cancall-disjuncts
@typerSniper
canCalls at procedure boundaries
2d00dda
@typerSniper
add can calls to consequence axiom
a0105c7
@typerSniper
ante cancalls to ensures
eab0c5f
@typerSniper
removed unsound cancall
07ffea4
@typerSniper
typo
2450cbb
@typerSniper
allowance for cancall assumptions
8acd9ae
@typerSniper
add always_assume
0a0d235
@typerSniper
Merge branch 'master' of https://github.com/dafny-lang/dafny into rem…
54d26a9 
…ove-cancall-disjuncts
@typerSniper
reads clauses for over ride is pending
1815a27
@typerSniper
fix file
1ffc33e
@typerSniper
#requires ==> #canCall
ed214ce
@typerSniper
remove disjunct from defn axiom
e16635a
@typerSniper
change trigger of the override function axiom + add overridingFunctio…
ef5802e 
…n#canCall ==> f#canCall to the axiom
@typerSniper
add can calls to expressions mentioned in the decreases exp
7fe1c15
@typerSniper
can call options
21e50ab
@typerSniper
can calls for override specs
ba07152
@typerSniper
checkframesubset cancalls
c504211
@typerSniper
CanCall(ApplyExpr) should return the #requires of the function being …
eb7b2b5 
…applied
@typerSniper
skip isA code in cancallassumption
d376545
@typerSniper
add can calls before checking preconditions of a function call
4ea2364
This was referenced Oct 28, 2021
Closed
Closed
@RustanLeino RustanLeino marked this pull request as ready for review October 28, 2021 23:20
@RustanLeino
Copy link
Collaborator

Oh, no! I clicked the "marked this pull request as ready for review now" button by mistake. I will revert to the old-fashioned way of writing "[not yet ready for review]" in the title.

@RustanLeino RustanLeino changed the title Remove preconditions from axioms Remove preconditions from axioms [not yet ready for review] Oct 28, 2021
@MikaelMayer
Copy link
Member

Oh, no! I clicked the "marked this pull request as ready for review now" button by mistake. I will revert to the old-fashioned way of writing "[not yet ready for review]" in the title.

I think you can still revert it to draft, see below:
image

@RustanLeino RustanLeino mentioned this pull request Feb 7, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@typerSniper @RustanLeino @MikaelMayer