pure in assert_ does not work (Pulse) #30

tdardinier · 2023-06-30T20:10:42Z

Pulse treats pure (...) in asserts in an opaque way. As an example, Pulse is not able to verify a statement like assert_ (pure (5 = 5));. It fails with the following error message:

(Error) Failed to prove the following goals:
... Steel.ST.Util.pure (Prims.op_Equality 5 5)
The remaining conjuncts in the separation logic context available for use are:...

This behavior also happens with with ... assert ..., as shown by the following example (that Pulse fails to verify for the same reason):

fn test_with_assert_pure(r: R.ref nat)
    requires R.pts_to r full_perm 5 
    ensures R.pts_to r full_perm 5
{
    with v. assert (R.pts_to r full_perm v ** pure (v = 5));
    ()
}

The text was updated successfully, but these errors were encountered:

nikswamy · 2023-07-04T00:10:23Z

This fails with "Impossible: instantiated abstraction is not an F* term"

fn trivial (x:unit)
requires emp
ensures emp
{
  assert (pure (5 == 5));
  ()
}

Whereas this succeeds:

fn trivial (x:unit)
requires emp
ensures emp
{
  assert_ (pure (5 == 5));
  ()
}

and so does this:

fn test_with_assert_pure(r: R.ref nat)
    requires R.pts_to r full_perm 5 
    ensures R.pts_to r full_perm 5
{
    with v. assert (R.pts_to r full_perm v ** pure (v = 5));
    ()
}

nikswamy added a commit that referenced this issue Jul 4, 2023

issue #30 and spin lock example

58ec76c

nikswamy added a commit that referenced this issue Jul 4, 2023

issue #30, fix a case of asserts without binders

ceb355a

nikswamy closed this as completed Jul 4, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

pure in assert_ does not work (Pulse) #30

pure in assert_ does not work (Pulse) #30

tdardinier commented Jun 30, 2023

nikswamy commented Jul 4, 2023

pure in assert_ does not work (Pulse) #30

pure in assert_ does not work (Pulse) #30

Comments

tdardinier commented Jun 30, 2023

nikswamy commented Jul 4, 2023