Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Framing problem with recursive reads-clause #4056

Closed
jorge-jbs opened this issue May 22, 2023 · 1 comment · Fixed by #4060
Closed

Framing problem with recursive reads-clause #4056

jorge-jbs opened this issue May 22, 2023 · 1 comment · Fixed by #4060
Labels
incompleteness Things that Dafny should be able to prove, but can't kind: bug Crashes, unsoundness, incorrect output, etc. If possible, add a `part:` label part: verifier Translation from Dafny to Boogie (translator)

Comments

@jorge-jbs
Copy link

Dafny version

4.1.0

Code to produce this issue

trait ADT {
  ghost function ReprFamily(n: nat): set<object>
    decreases n
    ensures n > 0 ==> ReprFamily(n) >= ReprFamily(n-1)
    reads this, if n == 0 then {} else ReprFamily(n-1)
}

class P extends ADT {
  ghost function ReprFamily(n: nat): set<object>
    decreases n
    ensures n > 0 ==> ReprFamily(n) >= ReprFamily(n-1)
    reads this, if n == 0 then {} else ReprFamily(n-1)
}

Command to run and resulting output

Error: function might read an object not in the parent trait context's reads clause

What happened?

In versions prior to 3.13.0 this code was verified by Dafny, but since that version Dafny complains on the P class that implements the trait. It is not straightforward code but it should work. Each call to ReprFamily(n) reads ReprFamily(n-1), until ReprFamily(0) where it reads {}, so it is well-founded recursion. In fact, Dafny accepts the code of the trait, but not the code of the class that implements that trait with exactly the same specification.

I've noticed that in version 3.13.0 a pull request was accepted that changes the checking of traits: #3479. Maybe it has something to do with this problem.

What type of operating system are you experiencing the problem on?

Linux
@jorge-jbs jorge-jbs added the kind: bug Crashes, unsoundness, incorrect output, etc. If possible, add a `part:` label label May 22, 2023
@fabiomadge fabiomadge added part: verifier Translation from Dafny to Boogie (translator) incompleteness Things that Dafny should be able to prove, but can't labels May 22, 2023
@fabiomadge
Copy link
Collaborator

Thanks for the report. We did indeed slightly change the function encoding to strengthen the override check, but missed this while testing.

@fabiomadge fabiomadge mentioned this issue May 22, 2023
Merged
fabiomadge added a commit that referenced this issue Jun 12, 2023
@fabiomadge
fix: Missing substitution in the subset check of the function overrid…
0c31206 
…e check (#4060)

Fixes #4056.
@jorge-jbs jorge-jbs mentioned this issue Jun 21, 2023
Open
@ZhongRuoyu ZhongRuoyu mentioned this issue Jul 20, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
incompleteness Things that Dafny should be able to prove, but can't kind: bug Crashes, unsoundness, incorrect output, etc. If possible, add a `part:` label part: verifier Translation from Dafny to Boogie (translator)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Missing substitution in the subset check of the function override check fabiomadge/dafny
2 participants
@fabiomadge @jorge-jbs